Example #1
0
def perm_role_push(request):
    """
    the role push page
    """
    # 渲染数据
    header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送"
    role_id = request.GET.get('id')
    asset_ids = request.GET.get('asset_id')
    role = get_object(PermRole, id=role_id)
    assets = Asset.objects.all()
    asset_groups = AssetGroup.objects.all()
    if asset_ids:
        need_push_asset = [get_object(Asset, id=asset_id) for asset_id in asset_ids.split(',')]

    if request.method == "POST":
        # 获取推荐角色的名称列表
        # 计算出需要推送的资产列表
        asset_ids = request.POST.getlist("assets")
        asset_group_ids = request.POST.getlist("asset_groups")
        assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
        asset_groups_obj = [AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids]
        group_assets_obj = []
        for asset_group in asset_groups_obj:
            group_assets_obj.extend(asset_group.asset_set.all())
        calc_assets = list(set(assets_obj) | set(group_assets_obj))

        push_resource = gen_resource(calc_assets)

        # 调用Ansible API 进行推送
        password_push = True if request.POST.get("use_password") else False
        key_push = True if request.POST.get("use_publicKey") else False
        task = MyTask(push_resource)
        ret = {}

        # 因为要先建立用户,而push key是在 password也完成的情况下的 可选项
        # 1. 以秘钥 方式推送角色
        if key_push:
            ret["pass_push"] = task.add_user(role.name)
            ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub'))

        # 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信, 不再提供密码方式的推送>
        # elif password_push:
        #     ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))

        # 3. 推送sudo配置文件
        if key_push:
            sudo_list = set([sudo for sudo in role.sudo.all()])  # set(sudo1, sudo2, sudo3)
            if sudo_list:
                ret['sudo'] = task.push_sudo_file([role], sudo_list)

        logger.debug('推送role结果: %s' % ret)
        success_asset = {}
        failed_asset = {}
        logger.debug(ret)
        for push_type, result in ret.items():
            if result.get('failed'):
                for hostname, info in result.get('failed').items():
                    if hostname in failed_asset.keys():
                        if info in failed_asset.get(hostname):
                            failed_asset[hostname] += info
                    else:
                        failed_asset[hostname] = info

        for push_type, result in ret.items():
            if result.get('ok'):
                for hostname, info in result.get('ok').items():
                    if hostname in failed_asset.keys():
                        continue
                    elif hostname in success_asset.keys():
                        if str(info) in success_asset.get(hostname, ''):
                            success_asset[hostname] += str(info)
                    else:
                        success_asset[hostname] = str(info)

        # 推送成功 回写push表
        for asset in calc_assets:
            push_check = PermPush.objects.filter(role=role, asset=asset)
            if push_check:
                func = push_check.update
            else:
                def func(**kwargs):
                    PermPush(**kwargs).save()

            if failed_asset.get(asset.hostname):
                func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=False,
                     result=failed_asset.get(asset.hostname))
            else:
                func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True)

        if not failed_asset:
            msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys()))
        else:
            error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ] 进入系统用户详情,查看失败原因' % (role.name,
                                                                ','.join(failed_asset.keys()),
                                                                ','.join(success_asset.keys()))
    return my_render('jperm/perm_role_push.html', locals(), request)
Example #2
0
def perm_role_push(request):
    """
    the role push page
    """
    # 渲染数据
    header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送"
    role_id = request.GET.get('id')
    asset_ids = request.GET.get('asset_id')
    role = get_object(PermRole, id=role_id)
    assets = Asset.objects.all()
    asset_groups = AssetGroup.objects.all()
    if asset_ids:
        need_push_asset = [
            get_object(Asset, id=asset_id) for asset_id in asset_ids.split(',')
        ]

    if request.method == "POST":
        # 获取推荐角色的名称列表
        # 计算出需要推送的资产列表
        asset_ids = request.POST.getlist("assets")
        asset_group_ids = request.POST.getlist("asset_groups")
        assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
        asset_groups_obj = [
            AssetGroup.objects.get(id=asset_group_id)
            for asset_group_id in asset_group_ids
        ]
        group_assets_obj = []
        for asset_group in asset_groups_obj:
            group_assets_obj.extend(asset_group.asset_set.all())
        calc_assets = list(set(assets_obj) | set(group_assets_obj))

        push_resource = gen_resource(calc_assets)

        # 调用Ansible API 进行推送
        password_push = True if request.POST.get("use_password") else False
        key_push = True if request.POST.get("use_publicKey") else False
        task = MyTask(push_resource)
        ret = {}

        # 因为要先建立用户,而push key是在 password也完成的情况下的 可选项
        # 1. 以秘钥 方式推送角色
        if key_push:
            ret["pass_push"] = task.add_user(role.name)
            ret["key_push"] = task.push_key(
                role.name, os.path.join(role.key_path, 'id_rsa.pub'))

        # 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信, 不再提供密码方式的推送>
        # elif password_push:
        #     ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))

        # 3. 推送sudo配置文件
        if key_push:
            sudo_list = set([sudo for sudo in role.sudo.all()
                             ])  # set(sudo1, sudo2, sudo3)
            if sudo_list:
                ret['sudo'] = task.push_sudo_file([role], sudo_list)

        logger.debug('推送role结果: %s' % ret)
        success_asset = {}
        failed_asset = {}
        logger.debug(ret)
        for push_type, result in ret.items():
            if result.get('failed'):
                for hostname, info in result.get('failed').items():
                    if hostname in failed_asset.keys():
                        if info in failed_asset.get(hostname):
                            failed_asset[hostname] += info
                    else:
                        failed_asset[hostname] = info

        for push_type, result in ret.items():
            if result.get('ok'):
                for hostname, info in result.get('ok').items():
                    if hostname in failed_asset.keys():
                        continue
                    elif hostname in success_asset.keys():
                        if str(info) in success_asset.get(hostname, ''):
                            success_asset[hostname] += str(info)
                    else:
                        success_asset[hostname] = str(info)

        # 推送成功 回写push表
        for asset in calc_assets:
            push_check = PermPush.objects.filter(role=role, asset=asset)
            if push_check:
                func = push_check.update
            else:

                def func(**kwargs):
                    PermPush(**kwargs).save()

            if failed_asset.get(asset.hostname):
                func(is_password=password_push,
                     is_public_key=key_push,
                     role=role,
                     asset=asset,
                     success=False,
                     result=failed_asset.get(asset.hostname))
            else:
                func(is_password=password_push,
                     is_public_key=key_push,
                     role=role,
                     asset=asset,
                     success=True)

        if not failed_asset:
            msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(
                success_asset.keys()))
        else:
            error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ] 进入系统用户详情,查看失败原因' % (
                role.name, ','.join(failed_asset.keys()), ','.join(
                    success_asset.keys()))
    return my_render('jperm/perm_role_push.html', locals(), request)
Example #3
0
def task_ansible_role_push(user, push_task, role):
    connection.close()
    asset_ids = push_task['assets']
    asset_group_ids = push_task['asset_groups']
    assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
    asset_groups_obj = [
        AssetGroup.objects.get(id=asset_group_id)
        for asset_group_id in asset_group_ids
    ]
    group_assets_obj = []
    for asset_group in asset_groups_obj:
        group_assets_obj.extend(asset_group.asset_set.all())
    calc_assets = list(set(assets_obj) | set(group_assets_obj))

    push_resource = gen_resource(calc_assets)

    # 调用Ansible API 进行推送
    password_push = True if push_task['use_password'] else False
    key_push = True if push_task['use_publicKey'] else False
    task = MyTask(push_resource)
    ret = {}

    # 因为要先建立用户,而push key是在 password也完成的情况下的 可选项
    # 1. 以秘钥 方式推送角色
    if key_push:
        ret["pass_push"] = task.add_user(role.name)
        ret["key_push"] = task.push_key(
            role.name, os.path.join(role.key_path, 'id_rsa.pub'))

    # 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信, 不再提供密码方式的推送>
    # elif password_push:
    #     ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))

    # 3. 推送sudo配置文件
    if key_push:
        sudo_list = set([sudo for sudo in role.sudo.all()
                         ])  # set(sudo1, sudo2, sudo3)
        if sudo_list:
            ret['sudo'] = task.push_sudo_file([role], sudo_list)
        else:
            ret['sudo'] = task.recyle_cmd_alias(role.name)

    logger.debug('推送role结果: %s' % ret)
    success_asset = {}
    failed_asset = {}
    logger.debug(ret)
    for push_type, result in ret.items():
        if result.get('failed'):
            for hostname, info in result.get('failed').items():
                if hostname in failed_asset.keys():
                    if info in failed_asset.get(hostname):
                        failed_asset[hostname] += info
                else:
                    failed_asset[hostname] = info

    for push_type, result in ret.items():
        if result.get('ok'):
            for hostname, info in result.get('ok').items():
                if hostname in failed_asset.keys():
                    continue
                elif hostname in success_asset.keys():
                    if str(info) in success_asset.get(hostname, ''):
                        success_asset[hostname] += str(info)
                else:
                    success_asset[hostname] = str(info)

    # 推送成功 回写push表
    for asset in calc_assets:
        push_check = PermPush.objects.filter(role=role, asset=asset)
        if push_check:
            func = push_check.update
        else:

            def func(**kwargs):
                PermPush(**kwargs).save()

        if failed_asset.get(asset.hostname):
            func(is_password=password_push,
                 is_public_key=key_push,
                 role=role,
                 asset=asset,
                 success=False,
                 result=failed_asset.get(asset.hostname))
        else:
            func(is_password=password_push,
                 is_public_key=key_push,
                 role=role,
                 asset=asset,
                 success=True)

    if not failed_asset:
        msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(
            success_asset.keys()))
    else:
        msg = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ] 请点系统用户->点对应名称->点失败,查看失败原因' % (
            role.name, ','.join(failed_asset.keys()), ','.join(
                success_asset.keys()))

    SystemLog.objects.create(user=user, log_type='ansible用户推送', info=msg)