def lock_ip(self, iplist):
cmdlist = []
lock_list = self.cache.setSmembers()
for ip in iplist:
work_log.debug(f"{ip}")
if ip not in lock_list:
cmd = (
f"""sed -i '/http_x_forwarded_for/s/")/|{ip}")/' {self.deny_conf}"""
)
cmdlist.append(cmd)
else:
work_log.error(f"lock: {ip} in lock_list")
if not cmdlist:
# 需解锁的IP并未屏蔽
# 多个IP中部分存在的情况暂缓
return {"redata": str(iplist) + " IP地址已经在锁定列表", "recode": 1}
rundata = self.run_task_list(cmdlist)
if rundata.get('recode') == 0:
self.cache.setAdd(ip)
work_log.info('cache lock')
elif rundata.get('recode') == 8:
self.cache.setAdd(ip)
work_log.info(f'server run error, yes cache +lock')
elif rundata.get('recode') == 9:
work_log.info(f'server run error, not cache +lock')
return rundata
def HostCpuData(self, data):
ip = data.get("ip")
# current_time = time.strftime('%Y-%m-%d %H:%M:%S')
old_time = time.strftime("%Y-%m-%d_%X",
time.localtime(time.time() - 3600))
try:
abc = (db.session.query(
func.date_format(t_host_cpu.ctime, "%H:%i:%s").label("ctime"),
t_host_cpu.cpu,
).filter(t_host_cpu.ip == ip, t_host_cpu.ctime > old_time).all())
except Exception as e:
work_log.error('select db HostCpuData error')
work_log.error(str(e))
return {"recode": 9, "redata": str(e)}
x_name = []
cpu = []
work_log.debug(str(abc))
for i in abc:
x_name.append(str(i.ctime))
cpu.append(format(i.cpu, ".2f"))
value = {"x_name": x_name, "y_data": {"cpu": cpu}}
return {"recode": 0, "redata": value}
def net_port_scan(self, ip, port):
try:
work_dir = conf_data("work_dir")
source_file = work_dir + "/utils/port_scan.py"
des_file = "/tmp/port_scan.py"
work_log.debug("copy file to remote")
self.ssh_file_put(source_file, des_file)
except Exception as e:
work_log.error('scp port check file to remote server error')
return 9
cmd0 = "chmod u+x " + des_file
cmd1 = des_file + " " + ip + " " + str(port)
cmd2 = "rm " + des_file
try:
work_log.debug("chmod file")
self.ssh_cmd(cmd0)
work_log.debug("exec remote file")
cmdstatus, taskstatus = self.ssh_cmd(cmd1, stdout=True)
work_log.info(str(taskstatus))
work_log.debug("rm file to remote")
self.ssh_cmd(cmd2)
recode = int(taskstatus.rstrip("\n"))
work_log.info(str(recode))
except Exception as e:
work_log.error("remote exec cmd error")
work_log.error(str(e))
recode = 2
return recode
work_log.debug("port scan recode: %s" % recode)
def nginx_task(self, ip, task):
work_log.debug("nginx_task task: " + str(task))
if task == "start":
recode, data = self.__ssh_cmd(ip, self.start_cmd)
elif task == "stop":
recode, data = self.__ssh_cmd(ip, self.stop_cmd)
elif task == "reload":
recode, data = self.__ssh_cmd(ip, self.reload_cmd)
elif task == "restart":
self.__ssh_cmd(ip, self.stop_cmd)
recode, data = self.__ssh_cmd(ip, self.start_cmd)
elif task == "show_access_log":
cmd = "tail -n 200 " + self.nginx_access_log
recode, data = self.__ssh_cmd(ip, cmd)
elif task == "show_error_log":
cmd = "tail -n 200 " + self.nginx_error_log
recode, data = self.__ssh_cmd(ip, cmd)
elif task == "clear_access_log":
cmd = "> " + self.nginx_access_log
recode, data = self.__ssh_cmd(ip, cmd)
else:
return {"recode": 2, "redata": "not found task"}
if not data:
data = "sucesse"
newdata = {"redata": data, "recode": recode}
return newdata
def v3_nginx():
work_log.info(str(request.path))
work_log.info("request service interface, ip: %s " % (request.remote_addr))
work_log.debug(str(request.json))
try:
if request.json.get("obj") != "dmz_nginx":
return "", 404
except Exception as e:
return "", 404
try:
task = request.json.get("task")
iplist = request.json.get("ip")
if task in ["lock", "unlock", "clearlock", "showlock"]:
info = Nginx_Acl()
data = info.run_task(iplist, task)
if task == "showlock":
data = {"ip": data.get("redata")}
work_log.info('return: ' + str(data))
return jsonify(data)
else:
return jsonify({"redata": "req format error", "recode": 1})
except Exception as e:
work_log.error(str(e))
return jsonify({"redata": "run error", "recode": 2})
def v2_upload():
work_log.debug(str(request.path))
work_log.info("request host interface ip: %s" % (request.remote_addr))
try:
file = request.files["file"]
ip = request.form["ip"]
destdir = request.form["dir"]
user = request.form["user"]
if not ip or not destdir:
return "", 404
work_log.info(
f"upload file, ip: {ip}, filename: {file.filename}, dest: {destdir}, user: {user}"
)
tmp_dir = conf_data("work_tmp_dir")
local_tmp = os.path.join(tmp_dir, file.filename)
dest = os.path.join(destdir, file.filename)
file.save(local_tmp) # 保存临时文件
info = UpDownFile(ip, user)
data = info.upload(local_tmp, dest)
os.remove(local_tmp) # 删除临时文件
return jsonify(data)
except Exception as e:
work_log.error("upload file run error")
work_log.error(str(e))
return jsonify({"recode": 9, "redata": str(e)})
else:
return "", 200
def run_task(self, task):
if self.port and int(self.port) >= 17101 and int(self.port) <= 17106:
return self.single_service(task)
elif not self.port:
work_log.debug('single no port')
return self.single_host_server(task)
else:
return {"recode": 1, "redata": "参数错误"}
def nginx_single(self, data):
task = data.get("task")
info = NginxManager()
server = data.get("server")
work_log.debug("nginx task: %s, server: %s " %
(str(task), str(server)))
data = info.nginx_task(server, task)
return data
def port_scan(self, ip, port):
work_log.debug("networkmanager local port_scan: " + str(ip) + " : " +
str(port))
socket.setdefaulttimeout(2)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
result = s.connect_ex((ip, int(port)))
work_log.debug("networkmanager local port_scan, recode: " +
str(result))
return result
def v2_downfile(file_name):
'''从服务器自身的临时目录下载文件'''
work_log.debug("---------------")
work_log.debug(str(request.path))
work_log.info("request host interface ip: %s" % (request.remote_addr))
if request.method == "GET":
tmp_dir = conf_data("work_tmp_dir")
return send_from_directory(tmp_dir, file_name, as_attachment=True)
def run_task(self, data):
task = data.get("task")
work_log.debug(str(data))
if task == "check_port":
return self.check_port(data)
elif task == "iptable":
return {"recode": 1, 'redata': "未开放"}
else:
work_log.debug(str("task not found"))
return {"recode": 1, 'redata': "参数错误"}
def run_task(self, data):
work_log.debug(str(data))
unit = data.get("unit")
if unit == "nginx":
return self.nginx(data)
if unit == "memcached":
return self.memcached(data)
if unit == "weblogic":
return self.weblogic(data)
def _weblogic_ssh_cmd(self, cmd):
work_log.info("weblogic_ssh host: %s cmd: %s" % (self.ip, cmd))
try:
ssh = HostBaseCmd(self.ip, user=self.user)
data = ssh.ssh_cmd(cmd, stdout=True)
work_log.debug("_weblogic_ssh_cmd redata: %s" % str(data))
return data
except Exception as e:
work_log.error("_weblogic_ssh_cmd Exception error")
work_log.error(str(e))
return [2, str(e)]
def run_cmd_task(self, arg, stdout=False):
pool = Pool(processes=self.processes)
info = []
work_log.debug(str(self.hostlist))
for host in self.hostlist:
info.append(pool.apply_async(self._ssh_cmd, (host, arg, stdout)))
pool.close()
pool.join()
data = []
for i in info:
data.append(i.get())
return data
def run(self):
work_log.debug(str(self.data))
task = self.data.get("task")
arg = self.data.get("arg")
if task == 'cmd':
return self.cmd(arg)
elif task == 'unit':
return self.unit(arg)
elif task == 'script':
return self.script(arg)
else:
work_log.error('form error')
return {"recode": 1, "redata": "format error"}
def remote_check_port(self, server, ip, port):
work_log.info('login remote server check port')
try:
info = HostBaseCmd(server, scp=True)
redata = info.net_port_scan(ip=ip, port=port)
except Exception as e:
work_log.error(str(e))
return {"recode": 9, 'redata': '连接服务器失败'}
work_log.debug("port scan status: "+str(redata))
if redata == 0:
return {"recode": 0, 'redata': '探测成功'}
else:
return {"recode": 4, 'redata': '探测失败'}
def sms_send():
work_log.debug('no phone arg')
if request.method == "GET":
work_log.debug(str(request.path))
phone = request.args.get("phone")
if not phone:
return "error", 404
else:
body = request.args.get("body")
work_log.info(str(body))
phone_list = phone.split(",")
work_log.debug(str(phone_list))
sms = Sms_tools()
data = sms.send_mess(phone_list, body)
if data == 1:
work_log.error("link sms webservice interface error")
return "", 510
elif data == 2:
work_log.error("webservice interface args error")
return "", 511
else:
work_log.debug(str("sms_send yes-------------"))
return "", 200
else:
work_log.error('other error')
return "error", 404
def check_url(self, url):
work_log.info("checkweburl: " + str(url))
try:
info = CheckWebInterface()
recode = info.get_url_status_code(url, timeout=2)
work_log.debug(str(recode))
if recode == 200:
return {"recode": 0, "redata": "success 成功"}
else:
return {"recode": recode, "redata": "error"}
except Exception as e:
work_log.error("checkweburl error")
work_log.error(str(e))
return {"recode": 9, "redata": "server error"}
def ssh_cmd(self, cmd, stdout=False):
work_log.info("ssh_cmd host: %s cmd: %s" % (self.ip, cmd))
try:
run_stdout, run_stderr = self.runshell(cmd)
if run_stderr:
# 先记录执行的错误输出
work_log.error("ssh_cmd is error stdout")
work_log.error(str(run_stderr))
# 需要标准输出的情况
if stdout:
if run_stderr:
return [2, run_stderr.decode("utf-8")]
else:
work_log.debug("ssh_cmd success, run_stdout")
work_log.debug(str(run_stdout))
return [0, run_stdout.decode("utf-8")]
# 不需要标准输出的情况
if run_stderr:
return [2, run_stderr.decode("utf-8")]
else:
work_log.debug("ssh_cmd success, run_stdout")
work_log.debug(str(run_stdout))
return [0, "success"]
except Exception as e:
work_log.error("ssh_cmd Exception error")
work_log.error(str(e))
return False
def v2_local():
work_log.debug(str(request.path))
try:
key = request.json.get("key")
if verify_key(key) and request.json.get("obj") == "local":
info = LocalTask(request.json.get("content"))
data = info.run()
return jsonify(data)
else:
work_log.error("req verify_key or obj error")
return "", 404
except Exception as e:
work_log.error("host run error")
work_log.error(str(e))
return jsonify({"recode": 9, "redata": str(e)})
def local_check_port(self, ip, port):
work_log.debug('local exec remote port test')
info = NetworkManager()
try:
recode = info.port_scan(ip, port)
if recode == 0:
return {"recode": recode, 'redata': '成功'}
elif recode == 1:
return {"recode": 4, 'redata': '主机存在端口不可访问'}
else:
return {"recode": 4, 'redata': '目标不能访问'}
except Exception as e:
work_log.error(str(e))
redata = "scan error"
return {"recode": 2, 'redata': '程序错误'}
def send_mess(self, mobile_list, content):
rspXml_body = []
url = conf_data("sms_conf", "url")
password = conf_data("sms_conf", "passwd")
try:
work_log.info(url)
work_log.info(mobile_list)
work_log.info(content)
client = Client(url)
except Exception as e:
work_log.error("link sms webservice interface url error")
work_log.error(str(e))
return 1
for mobile in mobile_list:
reqXml = (
"""<?xml version=\"1.0\" encoding=\"UTF-8\"?> <SmsServiceReq><SmsList>
<Mobile>""" + mobile + """</Mobile>
<Contents><![CDATA[""" + content + """]]></Contents></SmsList>
</SmsServiceReq>""")
work_log.debug("-------------------------------------")
work_log.debug(str(mobile))
work_log.debug("send sms xml")
work_log.debug(str(reqXml))
work_log.debug("-------------------------------------")
action = "00"
target = "0101"
brief = self.md5s(password + action + reqXml + target)
try:
rspXml = client.service.smsService(target, action, reqXml,
brief)
work_log.info("send_mess yes-----------------------------")
work_log.info(str(mobile))
work_log.info(str(content))
work_log.info("send_mess rspXml---------------------------")
work_log.info(str(rspXml))
work_log.info("send_mess yes-----------------------------")
except Exception as e:
work_log.error("send_mess error----------------------------")
work_log.error(str(reqXml))
work_log.error("send_mess error----------------------------")
work_log.error(str(e))
work_log.error("send_mess error----------------------------")
return 2
rspXml_body.append(rspXml)
return rspXml_body
def v2_service():
work_log.debug(str(request.path))
work_log.debug("request service interface, ip: %s " %
(request.remote_addr))
try:
key = request.json.get("key")
if verify_key(key) and request.json.get("obj") == "service":
info = Service()
data = info.run_task(request.json.get("content"))
work_log.info(str(data))
return jsonify(data)
else:
work_log.error("req verify_key or obj error")
return "", 404
except Exception as e:
work_log.error("req format error")
work_log.error(str(e))
return "", 404
def run_task_group(self, task):
work_log.debug(f"weblogic group: {self.group}, task: {task}")
try:
if task == "start":
data = self.start_wg_group()
elif task == "stop":
data = self.stop_wg_group()
else:
return {"recode": 9, "redata": "参数错误"}
if any(map(self.checkRunData, data)):
return {"recode": 2, "redata": data}
else:
return {"recode": 0, "redata": data}
except Exception as e:
work_log.error("run_task_group task error")
work_log.error(str(e))
return {"recode": 9, "redata": str(e)}
def v2_down():
'''原理:从指定服务器上下载文件到临时目录,再返回一个文件的get下载路径'''
work_log.debug("---------------")
work_log.debug(str(request.path))
work_log.info("request host interface ip: %s" % (request.remote_addr))
try:
key = request.json.get("key")
if not verify_key(key) and request.json.get("obj") != "file":
work_log.error("req verify_key or obj error")
return "", 404
except Exception as e:
work_log.error(str(e))
work_log.error("req verify_key or obj error")
return "", 404
info = DownRemoteFile(request.json.get("content"))
data = info.down()
return jsonify(data)
def start_weblogic_single_service(self, port=None):
'''port 为给此函数传的参数,如过没有则使用类中的端口'''
work_log.debug("start_weblogic_single_service")
if not port:
# all service
cmd = " ".join([
self.service_script, "weblogic", "start",
str(int(self.port) - 17100)
])
else:
cmd = " ".join([
self.service_script, "weblogic", "start",
str(int(port) - 17100)
])
work_log.debug(str(cmd))
run_data = self._weblogic_ssh_cmd(cmd)
if run_data[0] == 0:
return {"recode": 0, "redata": "success"}
else:
return {"recode": run_data[0], "redata": run_data[1]}
def memcached(self, data):
types = data.get("types")
task = data.get("task")
if types == 'single':
server = data.get("server")
port = data.get("port")
if task in ["start", "stop"]:
info = MemcachedManagerSingle(server, port)
return info.run_task(task)
if types == 'group':
group = data.get("group")
if group not in conf_data("mc_group"):
work_log.debug(f"memcached grou not find")
return {"recode": 9, "redata": "参数错误-group错误"}
if task in ["start", "stop"]:
info = MemcachedManagerGroup(group)
return info.run_task(task)
return {"recode": 1, "redata": "format error"}
return {"recode": 1, "redata": "format error"}
def update_host(self, mess):
try:
work_log.debug(str(mess))
hostid = mess.get("id")
data = t_conf_host.query.filter_by(id=hostid).first()
if not data:
work_log.info("host id is not found %d" % hostid)
return {"recode": 4, "redata": "host not found"}
work_log.debug(str(data))
data.id = (mess.get("id"), )
data.ip_v4 = (mess.get("ip_v4"), )
data.ip_v6 = (mess.get("ip_v6"), )
data.ip_v4_m = (mess.get("ip_v4_m"), )
data.name = (mess.get("name"), )
data.operating_system = (mess.get("operating_system"), )
data.hostname = (mess.get("hostname"), )
data.cpu_number = (mess.get("cpu_number"), )
data.memory_size = (mess.get("memory_size"), )
data.sn = (mess.get("sn"), )
data.address = (mess.get("address"), )
data.belong_machineroom = (mess.get("belong_machineroom"), )
data.rack = (mess.get("rack"), )
data.manufacturer = (mess.get("manufacturer"), )
data.dev_type = (mess.get("dev_type"), )
data.dev_category = (mess.get("dev_category"), )
data.produce = (mess.get("produce"), )
data.level = (mess.get("level"), )
data.info = mess.get("info")
db.session.commit()
work_log.info("update host --- yes")
return {"recode": 0, "redata": "ok"}
except Exception as e:
work_log.error("update host --- error")
work_log.error(str(e))
return {"recode": 9, "redata": "error"}
def v2_network():
work_log.debug(str(request.path))
work_log.debug("request network interface, ip: %s " % (request.remote_addr))
if request.method == "GET":
ping_ipaddr = request.args.get("ping")
checkurl = request.args.get("checkurl")
if ping_ipaddr:
info = NetWork()
data = info.ping(ping_ipaddr)
return jsonify(data)
elif checkurl:
info = Service()
data = info.check_url(checkurl)
return jsonify(data)
else:
work_log.error(str("req format error"))
return "", 404
elif request.method == "POST":
try:
key = request.json.get("key")
if verify_key(key) and request.json.get("obj") == "network":
info = NetWork()
data = info.run_task(request.json.get("content"))
work_log.info(str(data))
return jsonify(data)
else:
work_log.error("req verify_key or obj error")
return "", 404
except Exception as e:
work_log.error("req error")
work_log.error(str(e))
return "", 404
else:
return "", 404
def unlock_ip(self, iplist):
cmdlist = []
lock_list = self.cache.setSmembers()
for ip in iplist:
work_log.debug(f"{ip}")
if ip in lock_list:
cmd = f"""sed -i '/http_x_forwarded_for/s/|{ip}//' {self.deny_conf}"""
cmdlist.append(cmd)
else:
work_log.error(f"unlock: {ip} no in lock_list")
if not cmdlist:
# 需解锁的IP并未屏蔽
return {"redata": str(iplist) + " IP地址未在锁定列表", "recode": 1}
rundata = self.run_task_list(cmdlist)
if rundata.get('recode') == 0:
self.cache.setRemove(ip)
work_log.info('cache unlock')
elif rundata.get('recode') == 8:
self.cache.setRemove(ip)
work_log.info('server run error, yes cache unlock')
elif rundata.get('recode') == 9:
work_log.info('server run error, not cache unlock')
return rundata
