def create_users(argvs):
'''
create little_finger access user
:param argvs:
:return:
'''
if '-f' in argvs:
user_file = argvs[argvs.index("-f") +1 ]
else:
print_err("invalid usage, should be:\ncreateusers -f <the new users file>",quit=True)
source = yaml_parser(user_file)
if source:
for key,val in source.items():
print(key,val)
obj = models.UserProfile(username=key,password=val.get('password'))
if val.get('groups'):
groups = session.query(models.Group).filter(models.Group.name.in_(val.get('groups'))).all()
if not groups:
print_err("none of [%s] exist in group table." % val.get('groups'),quit=True)
obj.groups = groups
if val.get('bind_hosts'):
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
#print(obj)
session.add(obj)
session.commit()
def create_users(argvs):
'''
create little_finger access user
:param argvs:
:return:
'''
if '-f' in argvs:
user_file = argvs[argvs.index("-f") +1 ]
else:
print_err("invalid usage, should be:\ncreateusers -f <the new users file>",quit=True)
source = yaml_parser(user_file)
if source:
for key,val in source.items():
print(key,val)
obj = models.UserProfile(username=key,password=val.get('password'))
if val.get('groups'):
groups = session.query(models.Group).filter(models.Group.name.in_(val.get('groups'))).all()
if not groups:
print_err("none of [%s] exist in group table." % val.get('groups'),quit=True)
obj.groups = groups
if val.get('bind_hosts'):
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
#print(obj)
session.add(obj)
session.commit()
def create_groups(argvs):
"""
create groups
:param argvs:
:return:
"""
if '-f' in argvs:
group_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreategroups -f <the new groups file>", logout=True)
return
source = yaml_parser(group_file)
if source:
logger.debug("source:\n%s" % source)
for key, val in source.items():
logger.debug("%s:%s" % (key, val))
obj = models.HostGroup(name=key)
logger.info(obj)
# if val.get('bind_hosts'):
# bind_hosts = common_filters.bind_hosts_filter(val)
# obj.bind_hosts = bind_hosts
#
if val.get('user_profiles'): # 用户与主机分组关系
user_profiles = common_filters.user_profiles_filter(val)
obj.user_profiles = user_profiles
session.add(obj)
session.commit()
logger.info("create groups sucess!")
def create_bindhosts(argvs):
msg = 'the new bind_hosts file'
bindhost_file = parse_argvs(argvs, msg)
source = yaml_parser(bindhost_file)
if source:
for key,val in source.items():
host_obj = session.query(models.Host).filter(models.Host.hostname==val.get('hostname')).first()
assert host_obj
for item in val['remote_users']:
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-passwd':
remoteuser_obj = session.query(models.RemoteUser).filter(models.RemoteUser.username==item.get('username'),
models.RemoteUser.password==item.get('password')).first()
else:
remoteuser_obj = session.query(models.RemoteUser).filter(models.RemoteUser.username==item.get('username'),
models.RemoteUser.auth_type==item.get('auth_type')).first()
# print('>>>>',host_obj,remoteuser_obj)
bindhost_obj = models.BindHost(host_id=host_obj.id,remote_user_id=remoteuser_obj.id)
session.add(bindhost_obj)
if source[key].get('groups'):
groups = common_filters.groups_filter(source[key])
bindhost_obj.groups = groups
if source[key].get('user_profiles'):
user_profiles = common_filters.user_profiles_filter(source[key])
bindhost_obj.user_profiles = user_profiles
session.commit()
def create_remoteusers(argvs):
'''
create remoteusers
:param argvs:
:return:
'''
# 里面加了判断是否是文件
if '-f' in argvs:
remoteusers_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_remoteusers -f <the new remoteusers file>",
quit=True)
#从yaml中 load 出来
source = yaml_parser(remoteusers_file)
if source:
for key, val in source.items():
print(key, val)
#把 yaml中load出来的值获取到,赋值给对应的 sql中表的字段
obj = models.RemoteUser(username=val.get('username'),
auth_type=val.get('auth_type'),
password=val.get('password'))
session.add(obj)
#再提交,真正的插入数据到表中
session.commit()
def create_groups(argv):
'''
create groups
:param argv:
:return:
'''
if '-f' in argv:
group_file = argv[argv.index('-f') + 1]
else:
print_err(
"Invalid usage, should be:\ncreate group -f <the new group file>",
quit=True)
source = yaml_parser(group_file)
if source:
print(source)
for key, val in source.items():
print(key, val)
obj = models.HostGroup(name=key)
if val.get('bind_host'):
bind_hosts = common_filters.bind_hosts_filter()
obj.bind_hosts = bind_hosts
if val.get('user_profiles'):
user_profiles = common_filters
obj.user_profiles = user_profiles
session.add(obj)
session.commit()
def create_users(argvs):
if '-f' in argvs:
'''首先判断输入是否存在-f选项,将-f后的文件赋予user_file'''
user_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreateusers -f <the new users file>",
quit=True)
source = yaml_parser(user_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.UserProfile(username=key,
password=val.get('password'))
if val.get('groups'):
'''如果val中含有group,且该group存在,则同时讲该用户加入对应group'''
groups = session.query(models.Group).filter(
models.Group.name.in_(val.get('groups'))).all()
if not groups:
print_err("none of [%s] exist in group table." %
val.get('groups'),
quit=True)
obj.groups = groups
if val.get('bind_hosts'):
'''如果val有bind_hosts,则同时绑定hosts'''
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
#print(obj)
session.add(obj)
session.commit()
def create_hosts(argvs):
'''
create hosts
:param argvs:
:return:
'''
if '-f' in argvs:
hosts_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_hosts -f <the new hosts file>",
quit=True)
source = yaml_parser(hosts_file)
if source:
for key, val in source.items():
print(key, val)
#models.Host 是导入进来的。是from models import models
#把参数给models.py中的Host类中的形参
obj = models.Host(hostname=key,
ip=val.get('ip'),
port=val.get('port') or 22)
session.add(obj)
#一定要提交才能真的插入进去
session.commit()
def create_groups(argvs):
'''
create 组数据
create groups
:param argvs:
:return:
'''
if '-f' in argvs:
group_file = argvs[argvs.index("-f") + 1]
host_path = os.path.join(setting.BASE_DESC, group_file)
else:
print_err(
"invalid usage, should be:\ncreategroups -f <the new groups file>",
quit=True)
source = yaml_parser(host_path)
if source:
for key, val in source.items():
print(key, val)
obj = create_table.Group(group_name=key)
if val.get('bind_hosts'):
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
if val.get('user_profiles'):
user_profiles = common_filters.user_profiles_filter(val)
obj.user_profiles = user_profiles
session.add(obj)
session.commit()
def create_hosts(argvs):
'''
create 主机
:param argvs:
:return:
'''
if '-f' in argvs:
# 指定一个文件名否则报错
hosts_file = argvs[argvs.index("-f") + 1]
host_path = os.path.join(setting.BASE_DESC, hosts_file)
#print('hosts_path:',host_path)
else:
print_err(
"invalid usage, should be:\ncreate_hosts -f <the new hosts file>",
quit=True)
source = yaml_parser(host_path) # 传文件回来
if source: # 循环字典
print(source)
for key, val in source.items():
print(key, val)
obj = create_table.Host(host_name=key,
IP=val.get('ip'),
port=val.get('port') or 22)
# 添加到表
try:
session.add(obj)
except IntegrityError as e:
print('主机名和主机IP是唯一值已在数据库创建:', e)
else:
session.commit()
def create_bindhosts(argvs):
'''
create bind hosts
:param argvs:
:return:
'''
if '-f' in argvs:
bindhosts_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_hosts -f <the new bindhosts file>",
quit=True)
source = yaml_parser(bindhosts_file)
if source:
for key, val in source.items():
print(key, val)
# 获取到了主机
host_obj = session.query(models.Host).filter(
models.Host.hostname == val.get('hostname')).first()
# 取hostname
assert host_obj # 断言,必须存在
for item in val['remote_users']: # 判断
print(item)
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-password': # 判断认证password
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.password == item.get(
'password')).first()
else:
# 获取远程用户
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.auth_type == item.get('auth_type'),
).first()
if not remoteuser_obj: # 没取到,程序退出
print_err("RemoteUser obj %s does not exist." % item,
quit=True)
bindhost_obj = models.BindHost(host_id=host_obj.id,
remoteuser_id=remoteuser_obj.id)
session.add(bindhost_obj) # 获取到关系后添加session
# for groups this host binds to
if source[key].get('groups'): # 获取组
group_objs = session.query(models.HostGroup).filter(
models.HostGroup.name.in_(
source[key].get('groups'))).all()
assert group_objs
print('groups:', group_objs)
bindhost_obj.host_groups = group_objs
# for user_profiles this host binds to
if source[key].get('user_profiles'): # 判断是否直接属于哪一台机器
userprofile_objs = session.query(
models.Userprofile).filter(
models.Userprofile.username.in_(
source[key].get('user_profiles'))).all()
assert userprofile_objs
print("userprofiles:", userprofile_objs)
bindhost_obj.user_profiles = userprofile_objs
# print(bindhost_obj)
session.commit()
def create_users(argvs):
'''
create little_finger access user
:param argvs:
:return:
'''
# 输入的命令行参数是否含有'-f'字符串
if '-f' in argvs:
# 取出文件名
user_file = argvs[argvs.index("-f") + 1]
else:
# 文件不存在时,输出错误信息
print_err(
"invalid usage, should be:\ncreateusers -f <the new users file>",
quit=True)
# 得到包含用户信息的字典.
source = yaml_parser(user_file)
if source:
# 一个一个的将用户存入数据库中.
for key, val in source.items():
print(key, val)
obj = models.UserProfile(username=key,
password=val.get('password'))
# if val.get('groups'):
# groups = session.query(models.Group).filter(models.Group.name.in_(val.get('groups'))).all()
# if not groups:
# print_err("none of [%s] exist in group table." % val.get('groups'),quit=True)
# obj.groups = groups
# if val.get('bind_hosts'):
# bind_hosts = common_filters.bind_hosts_filter(val)
# obj.bind_hosts = bind_hosts
#print(obj)
session.add(obj)
session.commit()
def create_users(argvs):
"""
create user
:param argvs:
:return:
"""
if '-f' in argvs:
user_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreateusers -f <the new users file>", logout=True)
return
source = yaml_parser(user_file)
if source:
logger.debug("source:\n%s" % source)
for key, val in source.items():
logger.debug("%s:%s" % (key, val))
obj = models.UserProfile(username=key, password=val.get('password'))
logger.info(obj)
# if val.get('groups'):
# groups = session.query(models.Group).filter(models.Group.name.in_(val.get('groups'))).all()
# if not groups:
# print_err("none of [%s] exist in group table." % val.get('groups'),quit=True)
# obj.groups = groups
# if val.get('bind_hosts'):
# bind_hosts = common_filters.bind_hosts_filter(val)
# obj.bind_hosts = bind_hosts
# print(obj)
session.add(obj)
session.commit()
logger.info("create user sucess!")
def create_groups(argvs):
'''
create groups
:param argvs:
:return:
'''
if '-f' in argvs:
group_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreategroups -f <the new groups file>",
quit=True)
source = yaml_parser(group_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.HostGroup(name=key)
# if val.get('bind_hosts'):
# bind_hosts = common_filters.bind_hosts_filter(val)
# obj.bind_hosts = bind_hosts
#
# if val.get('user_profiles'):
# user_profiles = common_filters.user_profiles_filter(val)
# obj.user_profiles = user_profiles
session.add(obj)
session.commit()
def create_bindhosts(argvs):
if '-f' in argvs:
bindhosts_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_hosts -f <the new bindhosts file>",
quit=True)
source = yaml_parser(bindhosts_file)
if source:
for key, val in source.items():
print(key, val)
host_obj = session.query(models.Host).filter(
models.Host.hostname == val.get('hostname')).first()
assert host_obj
print(host_obj)
'''注意下面的for语句,实际上val['remote_users']返回的是一个列表(yaml中如果有-,则变成列表),然后列表里面嵌套了字典,
所以for其实是对列表进行了循环,而列表里面的元素则是一个个字典'''
for item in val['remote_users']:
print('remote_users is', item)
'''assert断言,表示如果没有auth_type这个key,或取不到auth_type这个的值,则下面语句不执行。'''
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-password':
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.password == item.get('password'),
#models.RemoteUser.auth_type==item.get('auth_type'),
).first()
else:
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.auth_type == item.get('auth_type'),
).first()
if not remoteuser_obj:
print_err('user [%s] is not exist' % (item), quit=True)
bindhost_obj = models.BindHost(host_id=host_obj.id,
remoteuser_id=remoteuser_obj.id)
session.add(bindhost_obj)
'''判断是否有groups这个字段,如果有则执行下面语句'''
if source[key].get('groups'):
print(source[key].get('groups'))
group_objs = session.query(models.HostGroup).filter(
models.HostGroup.name.in_(
source[key].get('groups'))).all()
assert group_objs
'''通过下面语句将bind_host和host_group两个表的关联表bindhost_m2m_hostgroup建立起来,
将两个表相对应的主机和组的id相对应起来,实现主机和组的关联。
注意下面的语句将对关联表插入相关联的ID值'''
bindhost_obj.host_groups = group_objs
if source[key].get('user_profiles'):
user_objs = session.query(models.UserProfile).filter(
models.UserProfile.username.in_(
source[key].get('user_profiles'))).all()
assert user_objs
'''通过下面的语句,将堡垒机用户表和bind_host表相关联起来,对两者的关联表user_m2m_bindhost
插入对应的两方id,通过该表的外键实现两表关联,最终实现用户和主机关联'''
bindhost_obj.user_profiles = user_objs
session.commit()
def create_remoteusers(argvs):
msg = 'the new remote users file'
remoteuser_file = parse_argvs(argvs, msg)
source = yaml_parser(remoteuser_file)
if source:
for key,val in source.items():
obj = models.RemoteUser(username=val.get('username'),auth_type=val.get('auth_type'),password=val.get('password'))
session.add(obj)
session.commit()
def syncdb():
print("Syncing DB....")
models.Base.metadata.create_all(engine)
source = yaml_parser(wisdom_file)
if source:
for key, val in source.items():
obj = models.Wisdom(sentence=key)
session.add(obj)
session.commit()
def create_bindhosts(argvs):
"""
create bind hosts
主机及该主机上的账户信息
:param argvs:
:return:
"""
if '-f' in argvs:
bindhosts_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreate_bindhosts -f <the new bindhosts file>", logout=True)
return
source = yaml_parser(bindhosts_file)
if source:
logger.debug("source:\n%s" % source)
for key, val in source.items():
logger.debug("%s:%s" % (key, val))
# 要Bind的主机信息
host_obj = session.query(models.Host).filter(models.Host.hostname == val.get('hostname')).first()
logger.debug("host_obj---\n%s" % host_obj)
assert host_obj
for item in val['remote_users']: # 要bind到该主机上的账户信息
logger.debug(item)
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-password':
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.password == item.get('password')
).first()
else:
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.auth_type == item.get('auth_type'),
).first()
if not remoteuser_obj:
print_err("RemoteUser obj %s does not exist." % item, logout=True)
bindhost_obj = models.BindHost(host_id=host_obj.id, remoteuser_id=remoteuser_obj.id) # 设定bind关系
session.add(bindhost_obj)
# for groups this host binds to 该主机bind到主机组
if source[key].get('groups'):
group_objs = session.query(models.HostGroup).filter(
models.HostGroup.name.in_(source[key].get('groups'))).all()
assert group_objs
logger.info('groups:%s' % group_objs)
bindhost_obj.host_groups = group_objs
# for user_profiles this host binds to 该主机bind到的用户
if source[key].get('user_profiles'):
userprofile_objs = session.query(models.UserProfile).filter(models.UserProfile.username.in_(
source[key].get('user_profiles')
)).all()
logger.debug(userprofile_objs)
assert userprofile_objs
logger.info("userprofiles:%s" % userprofile_objs)
bindhost_obj.user_profiles = userprofile_objs
# print(bindhost_obj)
session.commit()
logger.info("create bindhosts sucess!")
def create_bindhosts(argvs):
'''
create bind hosts
:param argvs:
:return:
'''
if '-f' in argvs:
bindhosts_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_bindhosts -f <the new bindhosts file>",
quit=True)
source = yaml_parser(bindhosts_file)
if source:
for key, val in source.items():
# print(key,val)
host_obj = session.query(model_v2.Host).filter(
model_v2.Host.hostname == val.get('hostname')).first()
assert host_obj
for item in val['remote_users']:
print(item)
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-password':
remoteuser_obj = session.query(model_v2.RemoteUser).filter(
model_v2.RemoteUser.username == item.get('username'),
model_v2.RemoteUser.password == item.get(
'password')).first()
else:
remoteuser_obj = session.query(model_v2.RemoteUser).filter(
model_v2.RemoteUser.username == item.get('username'),
model_v2.RemoteUser.auth_type == item.get('auth_type'),
).first()
if not remoteuser_obj:
print_err("RemoteUser obj %s does not exist." % item,
quit=True)
bindhost_obj = model_v2.BindHost(
host_id=host_obj.id, remoteuser_id=remoteuser_obj.id)
session.add(bindhost_obj)
# for groups this host binds to
if source[key].get('groups'):
group_objs = session.query(model_v2.HostGroup).filter(
model_v2.HostGroup.name.in_(
source[key].get('groups'))).all()
assert group_objs
print('groups:', group_objs)
bindhost_obj.hostgroups = group_objs
# for user_profiles this host binds to
if source[key].get('fortress_user'):
fortressuser_objs = session.query(
model_v2.FortressUser).filter(
model_v2.FortressUser.username.in_(
source[key].get('fortress_user'))).all()
assert fortressuser_objs
print("fortressuser:", fortressuser_objs)
bindhost_obj.fortress_users = fortressuser_objs
# print(bindhost_obj)
session.commit()
def create_remoteusers(remoteuser_file):
source = yaml_parser(remoteuser_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.RemoteUser(username=val['username'],
auth_type=val['auth_type'],
password=val.get('password'))
session.add(obj)
session.commit()
def create_hosts(argvs):
msg = 'the new hosts file'
host_file = parse_argvs(argvs, msg)
#print(host_file)
source = yaml_parser(host_file)
if source:
for key,val in source.items():
obj = models.Host(hostname=key,ip_addr=val.get('ip_addr'),port=val.get('port') or 22)
session.add(obj)
session.commit()
def create_hosts(host_file):
source = yaml_parser(host_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.Host(hostname=key,
ip_addr=val['ip_addr'],
port=val.get('port') or 22)
session.add(obj)
session.commit()
def log_recording(logs):
"""
flush user operations on remote host into DB
:param logs: list format [logItem1,logItem2,...]
:return:
"""
print("\033[41;1m--logs:\033[0m", logs)
# session.add_all(logs)
session.add(logs)
session.commit()
def create_groups(group_file):
source = yaml_parser(group_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.Group(name=key)
if val.get('user_profiles'):
user_profiles = common.user_profiles_filter(val)
obj.user_profiles = user_profiles
if val.get('bind_hosts'):
bind_hosts = common.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
session.add(obj)
session.commit()
def create_hosts(argvs):
"""根据yml文件创建host表中的数据"""
if '-f' in argvs:
hosts_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreate_hosts -f <the new hosts file>", quit=True)
source = yaml_parser(hosts_file) # 解析yml文件为对象
if source:
# print(source)
for key, val in source.items():
print(key, val)
obj = models_v2.Host(hostname=key, ip=val.get('ip'), port=val.get('port') or 22) # 创建一行host数据
session.add(obj)
session.commit()
def store_aduit_log(user_profile_obj, bind_host_obj, cmd):
'''
:param user_obj: 登录远程计算机的用户对象
:param bind_host_obj: 远程计算机对象
:param cmd: 用户对象执行的命令字符串
:return:
'''
aduitLog_obj = models.AuditLog(user_profile_id=user_profile_obj.id,
bind_host_id=bind_host_obj.id,
cmd=cmd,
date=datetime.datetime.now())
session.add(aduitLog_obj)
session.commit()
def create_bindhosts(argv):
'''
create bind hosts
:param argv:
:return:
'''
if '-f' in argv:
bindhost_file = argv[argv.index('-f') + 1]
else:
print_err(
"invalid usage, should be:\ncreate_hosts -f <the new bindhosts file>",
quit=True)
source = yaml_parser(bindhost_file)
if source:
print(source)
for key, val in source:
host_obj = session.query(models.Host).filter(
models.Host.hostname == val.get('hostname'))
assert host_obj
for item in val['remote_users']:
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-passwd':
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.password == item.get('password'),
).first()
else:
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username == item.get('username'),
models.RemoteUser.auth_type == item.get('auth_type'),
).first()
if not remoteuser_obj:
print_err("RemoteUser obj %s does not exist." % item,
quit=True)
bindhost_obj = models.BindHost(host_id=host_obj.id,
remoteuser_id=remoteuser_obj.id)
session.add(bindhost_obj)
if source[key].get('groups'):
group_obj = session.query(models.HostGroup).filter(
models.HostGroup.name.in_(
source[key].get('groups'))).all()
assert group_obj
bindhost_obj.host_groups = group_obj
if source[key].get('user_profiles'):
userprofile_obj = session.query(models.UserProfile).filter(
models.UserProfile.username.in_(
source[key].get('user_profiles'))).all()
assert userprofile_obj
bindhost_obj.user_profiles = userprofile_obj
session.commit()
def create_remoteusers(argvs):
"""根据yml文件创建remote_user表中的数据"""
if '-f' in argvs:
remoteusers_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreate_remoteusers -f <the new remoteusers file>", quit=True)
source = yaml_parser(remoteusers_file)
if source:
for key, val in source.items():
print(key, val)
obj = models_v2.RemoteUser(username=val.get('username'), auth_type=val.get('auth_type'),
password=val.get('password'))
session.add(obj)
session.commit()
def create_bindhosts(argvs):
'''
create bind hosts
:param argvs:
:return:
'''
if '-f' in argvs:
bindhosts_file = argvs[argvs.index("-f") +1 ]
else:
print_err("invalid usage, should be:\ncreate_hosts -f <the new bindhosts file>",quit=True)
source = yaml_parser(bindhosts_file)
if source:
for key,val in source.items():
#print(key,val)
host_obj = session.query(models.Host).filter(models.Host.hostname==val.get('hostname')).first()
assert host_obj
for item in val['remote_users']:
print(item )
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-passwd':
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username==item.get('username'),
models.RemoteUser.password==item.get('password')
).first()
else:
remoteuser_obj = session.query(models.RemoteUser).filter(
models.RemoteUser.username==item.get('username'),
models.RemoteUser.auth_type==item.get('auth_type'),
).first()
if not remoteuser_obj:
print_err("RemoteUser obj %s does not exist." % item,quit=True )
bindhost_obj = models.BindHost(host_id=host_obj.id,remoteuser_id=remoteuser_obj.id)
session.add(bindhost_obj)
#for groups this host binds to
if source[key].get('groups'):
group_objs = session.query(models.Group).filter(models.Group.name.in_(source[key].get('groups') )).all()
assert group_objs
print('groups:', group_objs)
bindhost_obj.groups = group_objs
#for user_profiles this host binds to
if source[key].get('user_profiles'):
userprofile_objs = session.query(models.UserProfile).filter(models.UserProfile.username.in_(
source[key].get('user_profiles')
)).all()
assert userprofile_objs
print("userprofiles:",userprofile_objs)
bindhost_obj.user_profiles = userprofile_objs
#print(bindhost_obj)
session.commit()
def create_groups(argvs):
msg = 'the new groups file'
group_file = parse_argvs(argvs, msg)
source = yaml_parser(group_file)
if source:
for key,val in source.items():
obj = models.Group(name=key)
if val.get('bind_hosts'):#多对多关系
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
if val.get('user_profiles'):#多对多关系
user_profiles = common_filters.user_profiles_filter(val)
obj.user_profiles = user_profiles
session.add(obj)
session.commit()
def create_hosts(argvs):
if '-f' in argvs:
hosts_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_hosts -f <the new hosts file>",
quit=True)
source = yaml_parser(hosts_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.Host(hostname=key,
ip_addr=val.get('ip_addr'),
port=val.get('port') or 22)
session.add(obj)
session.commit()
def create_remoteusers(argvs):
if '-f' in argvs:
remoteusers_file = argvs[argvs.index("-f") + 1]
else:
print_err(
"invalid usage, should be:\ncreate_remoteusers -f <the new remoteusers file>",
quit=True)
source = yaml_parser(remoteusers_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.RemoteUser(username=val.get('username'),
auth_type=val.get('auth_type'),
password=val.get('password'))
session.add(obj)
session.commit()
def create_users(argvs):
msg = 'the new users file'
user_file = parse_argvs(argvs, msg)
source = yaml_parser(user_file)
if source:
for key,val in source.items():
obj = models.UserProfile(username=key,password=val.get('password'))
if val.get('groups'):#多对多关系
groups = common_filters.groups_filter(val)
obj.groups = groups
if val.get('bind_hosts'):#多对多关系
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
session.add(obj)
session.commit()
def create_bindhosts(argvs):
"""根据yml文件创建BindHost表中的数据"""
if '-f' in argvs:
bindhosts_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreate_hosts -f <the new bindhosts file>", quit=True)
source = yaml_parser(bindhosts_file)
if source:
for key, val in source.items():
# print(key,val)
host_obj = session.query(models_v2.Host).filter(models_v2.Host.hostname == val.get('hostname')).first()
assert host_obj # 断言是否存在这个主机, 如果没有抛出异常不向下执行
for item in val['remote_users']:
print(item)
assert item.get('auth_type')
if item.get('auth_type') == 'ssh-passwd':
remoteuser_obj = session.query(models_v2.RemoteUser).filter(
models_v2.RemoteUser.username == item.get('username'),
models_v2.RemoteUser.password == item.get('password')
).first()
else:
remoteuser_obj = session.query(models_v2.RemoteUser).filter(
models_v2.RemoteUser.username == item.get('username'),
models_v2.RemoteUser.auth_type == item.get('auth_type'),
).first()
if not remoteuser_obj: # 如果RemoteUser表不存在bindhost.yml文件中的remoteUser, 抛出异常
print_err("RemoteUser obj %s does not exist." % item, quit=True)
bindhost_obj = models_v2.BindHost(host_id=host_obj.id, remoteuser_id=remoteuser_obj.id)
session.add(bindhost_obj)
# for groups this host binds to
if source[key].get('groups'):
# select * from HostGroup where name in (bjgroup, shgroup);
group_objs = session.query(models_v2.HostGroup).filter(
models_v2.HostGroup.name.in_(source[key].get('groups'))).all()
assert group_objs # 断言
bindhost_obj.host_groups = group_objs
# for user_profiles this host binds to
if source[key].get('user_profiles'):
userprofile_objs = session.query(models_v2.UserProfile).filter(models_v2.UserProfile.username.in_(
source[key].get('user_profiles')
)).all()
assert userprofile_objs # 断言
print("userprofiles:", userprofile_objs)
bindhost_obj.user_profiles = userprofile_objs
# print(bindhost_obj)
session.commit()
def create_users(user_file):
source = yaml_parser(user_file)
if source:
for key, val in source.items():
print(key, val)
obj = models.UserProfile(username=key,
password=val['password'])
if val.get('groups'):
'''如果val中含有group,且该group存在,则同时讲该用户加入对应group'''
groups = common.bind_group_filter(val)
obj.groups = groups
if val.get('bind_hosts'):
'''如果val有bind_hosts,则同时绑定hosts'''
bind_hosts = common.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
session.add(obj)
session.commit()
def create_hosts(argvs):
'''
create hosts
:param argvs:
:return:
'''
if '-f' in argvs:
hosts_file = argvs[argvs.index("-f") +1 ]
else:
print_err("invalid usage, should be:\ncreate_hosts -f <the new hosts file>",quit=True)
source = yaml_parser(hosts_file)
if source:
for key,val in source.items():
print(key,val)
obj = models.Host(hostname=key,ip_addr=val.get('ip_addr'), port=val.get('port') or 22)
session.add(obj)
session.commit()
def create_groups(argvs):
"""根据yml文件创建Group表中的数据"""
if '-f' in argvs:
group_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreategroups -f <the new groups file>", quit=True)
source = yaml_parser(group_file)
if source:
for key, val in source.items():
print(key, val)
obj = models_v2.HostGroup(name=key)
# if val.get('bind_hosts'):
# bind_hosts = common_filters.bind_hosts_filter(val)
# obj.bind_hosts = bind_hosts
#
# if val.get('user_profiles'):
# user_profiles = common_filters.user_profiles_filter(val)
# obj.user_profiles = user_profiles
session.add(obj)
session.commit()
def create_users(argvs):
"""根据yml文件创建堡垒机user表中的数据"""
if '-f' in argvs:
user_file = argvs[argvs.index("-f") + 1]
else:
print_err("invalid usage, should be:\ncreateusers -f <the new users file>", quit=True)
source = yaml_parser(user_file)
if source:
for key, val in source.items():
print(key, val)
obj = models_v2.UserProfile(username=key, password=val.get('password'))
# if val.get('groups'):
# groups = session.query(models_v2.Group).filter(models_v2.Group.name.in_(val.get('groups'))).all()
# if not groups:
# print_err("none of [%s] exist in group table." % val.get('groups'), quit=True)
# obj.groups = groups
# if val.get('bind_hosts'):
# bind_hosts = common_filters.bind_hosts_filter(val)
# obj.bind_hosts = bind_hosts
# # print(obj)
session.add(obj)
session.commit()
def create_groups(argvs):
'''
create groups
:param argvs:
:return:
'''
if '-f' in argvs:
group_file = argvs[argvs.index("-f") +1 ]
else:
print_err("invalid usage, should be:\ncreategroups -f <the new groups file>",quit=True)
source = yaml_parser(group_file)
if source:
for key,val in source.items():
print(key,val)
obj = models.Group(name=key)
if val.get('bind_hosts'):
bind_hosts = common_filters.bind_hosts_filter(val)
obj.bind_hosts = bind_hosts
if val.get('user_profiles'):
user_profiles = common_filters.user_profiles_filter(val)
obj.user_profiles = user_profiles
session.add(obj)
session.commit()