def push_role_to_asset(asset_list, role, username, proxy=None):
"""from permManage.ansible_api import MyTask
推送系统用户到远程主机上
"""
try:
proxy_assets = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name)
need_push_assets = list(set(asset_list) & set(proxy_assets))
push_resource = gen_resource(need_push_assets)
# TODO 调用Ansible API 进行推送
host_list = [asset.networking.all()[0].ip_address for asset in need_push_assets]
host_names = [asset.name for asset in need_push_assets]
if host_list:
task = MyTask(push_resource, host_list)
ret = {}
# 因为要先建立用户,而push key是在 password也完成的情况下的可选项
# 1. 以秘钥 方式推送角色
role_proxy = get_one_or_all('PermRole', proxy, role.uuid_id)
ret["pass_push"] = task.add_user(role.name, proxy, role.system_groups, username)
time.sleep(1) # 暂停1秒,保证用户创建完成之后再推送key
ret["key_push"] = task.push_key(role.name, os.path.join(role_proxy['key_path'], 'id_rsa.pub'),
proxy, username)
# 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信,不再提供密码方式的推送>
# 3. 推送sudo配置文件
sudo_list = [sudo for sudo in role.sudo.all()]
if sudo_list:
sudo_uuids = [sudo.uuid_id for sudo in role.sudo.all()]
ret['sudo'] = task.push_sudo(role, sudo_uuids, proxy, username)
logger.info('推送用户结果ret:%s'%ret)
# TODO 将事件放进queue中
event_task_names = []
if ret.has_key('pass_push'):
tk_pass_push = ret['pass_push']['task_name']
event_task_names.append(tk_pass_push)
if ret.has_key('key_push'):
tk_key_push = ret['key_push']['task_name']
event_task_names.append(tk_key_push)
if ret.has_key('sudo'):
if 'task_name' in ret['sudo']:
tk_sudo_push = ret['sudo']['task_name']
event_task_names.append(tk_sudo_push)
event = dict(push_assets=host_names, role_name=role.name, password_push=False,
key_push=True, task_proxy=proxy.proxy_name)
event['tasks'] = event_task_names
event['username'] = username
task_queue.put(event)
# TODO 记录task事件
for item in event['tasks']:
tk = Task()
tk.task_name = item
tk.status = 'running'
tk.start_time = datetime.datetime.now()
tk.username = username
tk.save()
except Exception as e:
raise ServerError(e)
def push_role_to_asset(asset_list, role, username, proxy=None):
"""from permManage.ansible_api import MyTask
推送系统用户到远程主机上
"""
try:
proxy_assets = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name)
need_push_assets = list(set(asset_list) & set(proxy_assets))
push_resource = gen_resource(need_push_assets)
# TODO 调用Ansible API 进行推送
host_list = [
asset.networking.all()[0].ip_address for asset in need_push_assets
]
host_names = [asset.name for asset in need_push_assets]
if host_list:
task = MyTask(push_resource, host_list)
ret = {}
# 因为要先建立用户,而push key是在 password也完成的情况下的可选项
# 1. 以秘钥 方式推送角色
role_proxy = get_one_or_all('PermRole', proxy, role.uuid_id)
ret["pass_push"] = task.add_user(role.name, proxy,
role.system_groups, username)
time.sleep(1) # 暂停1秒,保证用户创建完成之后再推送key
ret["key_push"] = task.push_key(
role.name, os.path.join(role_proxy['key_path'], 'id_rsa.pub'),
proxy, username)
# 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信,不再提供密码方式的推送>
# 3. 推送sudo配置文件
sudo_list = [sudo for sudo in role.sudo.all()]
if sudo_list:
sudo_uuids = [sudo.uuid_id for sudo in role.sudo.all()]
ret['sudo'] = task.push_sudo(role, sudo_uuids, proxy, username)
logger.info('推送用户结果ret:%s' % ret)
# TODO 将事件放进queue中
event_task_names = []
if ret.has_key('pass_push'):
tk_pass_push = ret['pass_push']['task_name']
event_task_names.append(tk_pass_push)
if ret.has_key('key_push'):
tk_key_push = ret['key_push']['task_name']
event_task_names.append(tk_key_push)
if ret.has_key('sudo'):
if 'task_name' in ret['sudo']:
tk_sudo_push = ret['sudo']['task_name']
event_task_names.append(tk_sudo_push)
event = dict(push_assets=host_names,
role_name=role.name,
password_push=False,
key_push=True,
task_proxy=proxy.proxy_name)
event['tasks'] = event_task_names
event['username'] = username
task_queue.put(event)
# TODO 记录task事件
for item in event['tasks']:
tk = Task()
tk.task_name = item
tk.status = 'running'
tk.start_time = datetime.datetime.now()
tk.username = username
tk.save()
except Exception as e:
raise ServerError(e)
def perm_role_push(request, res, *args):
"""
the role push page
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送"
res['operator'] = path2
role_id = request.GET.get('id')
asset_ids = request.GET.get('asset_id')
role = get_object(PermRole, id=role_id)
assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all()
if asset_ids:
need_push_asset = [get_object(Asset, id=asset_id) for asset_id in asset_ids.split(',')]
if request.method == "POST":
# 获取推荐角色的名称列表
# 计算出需要推送的资产列表
asset_ids = request.POST.getlist("assets")
asset_group_ids = request.POST.getlist("asset_groups")
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
asset_groups_obj = [AssetGroup.objects.get(id=asset_group_id) for asset_group_id in asset_group_ids]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj))
push_resource = gen_resource(calc_assets)
# 调用Ansible API 进行推送
password_push = True if request.POST.get("use_password") else False
key_push = True if request.POST.get("use_publicKey") else False
task = MyTask(push_resource)
ret = {}
# 因为要先建立用户,而push key是在 password也完成的情况下的 可选项
# 1. 以秘钥 方式推送角色
if key_push:
ret["pass_push"] = task.add_user(role.name)
ret["key_push"] = task.push_key(role.name, os.path.join(role.key_path, 'id_rsa.pub'))
# 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信, 不再提供密码方式的推送>
# elif password_push:
# ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
# 3. 推送sudo配置文件
if key_push:
sudo_list = set([sudo for sudo in role.sudo.all()]) # set(sudo1, sudo2, sudo3)
if sudo_list:
ret['sudo'] = task.push_sudo_file([role], sudo_list)
logger.debug('推送role结果: %s' % ret)
success_asset = {}
failed_asset = {}
logger.debug(ret)
for push_type, result in ret.items():
if result.get('failed'):
for hostname, info in result.get('failed').items():
if hostname in failed_asset.keys():
if info in failed_asset.get(hostname):
failed_asset[hostname] += info
else:
failed_asset[hostname] = info
for push_type, result in ret.items():
if result.get('ok'):
for hostname, info in result.get('ok').items():
if hostname in failed_asset.keys():
continue
elif hostname in success_asset.keys():
if str(info) in success_asset.get(hostname, ''):
success_asset[hostname] += str(info)
else:
success_asset[hostname] = str(info)
# 推送成功 回写push表
for asset in calc_assets:
push_check = PermPush.objects.filter(role=role, asset=asset)
if push_check:
func = push_check.update
else:
def func(**kwargs):
PermPush(**kwargs).save()
if failed_asset.get(asset.name):
func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=False,
result=failed_asset.get(asset.name))
else:
func(is_password=password_push, is_public_key=key_push, role=role, asset=asset, success=True)
if not failed_asset:
msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(success_asset.keys()))
res['content'] = msg
else:
error = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ] 进入系统用户详情,查看失败原因' % (role.name,
','.join(failed_asset.keys()),
','.join(success_asset.keys()))
res['flag'] = 'false'
res['content'] = error
return my_render('permManage/perm_role_push.html', locals(), request)
