def update_asset(request, asset_type, pk): if request.method == 'GET': asset = Assets.objects.get(id=pk) asset_types = Assets.asset_types asset_status_ = Assets.asset_status_ asset_admins = UserProfile.objects.all() asset_providers = AssetProvider.objects.all() asset_idcs = IDC.objects.all() password = CryptPwd().decrypt_pwd(asset.serverassets.password) server_assets = ServerAssets.objects.select_related('assets') return render(request, 'assets/update_asset.html', locals()) elif request.method == 'POST': if asset_type == 'server': if request.POST.get('host_vars'): server_obj = ServerAssets.objects.filter(id=pk) if request.POST.get('host_vars') == 'null': server_obj.update(host_vars='') else: server_obj.update(host_vars=request.POST.get('host_vars')) msg = ServerAssets.objects.get( id=pk).assets.asset_management_ip return JsonResponse({'code': 200, 'msg': msg}) else: asset = Assets.objects.get(id=pk) ServerAssets.objects.filter(id=asset.serverassets.id).update( username=request.POST.get('username'), password=CryptPwd().encrypt_pwd( request.POST.get('password')), port=request.POST.get('port'), ) return JsonResponse({'code': 200, 'msg': '修改成功'}) return JsonResponse({'code': 200, 'msg': '修改成功'})
def ssh_terminal(request, pk): server_obj = ServerAssets.objects.select_related('assets').get(id=pk) ssh_server_ip = server_obj.assets.asset_management_ip if request.method == 'GET': download_file = request.GET.get('download_file') if download_file: download_file_path = os.path.join(settings.MEDIA_ROOT, 'admin_files', request.user.username, 'download', ssh_server_ip) sftp = SFTP(ssh_server_ip, server_obj.port, server_obj.username, CryptPwd().decrypt_pwd(server_obj.password)) response = sftp.download_file(download_file, download_file_path) return response else: remote_ip = request.META.get('REMOTE_ADDR') return render(request, 'assets/ssh_terminal.html', locals()) elif request.method == 'POST': try: upload_file = request.FILES.get('upload_file') upload_file_path = os.path.join(settings.MEDIA_ROOT, 'fort_files', request.user.username, 'upload', server_obj.assets.asset_management_ip) sftp = SFTP(ssh_server_ip, server_obj.port, server_obj.username, CryptPwd().decrypt_pwd(server_obj.password)) sftp.upload_file(upload_file, upload_file_path) return JsonResponse({'code': 200, 'msg': '上传成功!文件默认放在{}用户家目录下'.format(server_obj.username)}) except Exception as e: return JsonResponse({'code': 500, 'msg': '上传失败!{}'.format(e)})
def db_edit(request, pk): db = DBConfig.objects.select_related('db_server').get(id=pk) if request.method == 'GET': data = { 'db_server': db.db_server_id, 'db_port': db.db_port, 'db_name': db.db_name, 'db_user': db.db_user, 'db_password': CryptPwd().decrypt_pwd(db.db_password), 'db_group': [group.id for group in db.db_group.all()], 'db_memo': db.db_memo } return JsonResponse({'code': 200, 'data': data}) elif request.method == 'POST': try: db.db_port = int(request.POST.get('db_port')) db.db_name = request.POST.get('db_name') db.db_user = request.POST.get('db_user') db.db_password = CryptPwd().encrypt_pwd( request.POST.get('db_password')) db.db_memo = request.POST.get('db_memo') db.db_group.set(request.POST.getlist('db_group')) db.save() return JsonResponse({'code': 200, 'data': None, 'msg': '数据库更新成功!'}) except Exception as e: return JsonResponse({ 'code': 500, 'data': None, 'msg': '数据库更新失败!{}'.format(e) })
def login(request): next_url = request.GET.get('next', None) crypt = CryptPwd() if request.method == 'GET': if request.session.get('username') and request.session.get('lock'): del request.session['lock'] del request.session['username'] return render(request, 'login.html') elif request.method == 'POST': print('这是post请求') username = request.POST.get('username') password = request.POST.get('password') de_password = crypt.de_js_encrypt(password) login_ip = request.META.get('REMOTE_ADDR') # code = request.POST.get('code') remember_me = request.POST.get('remember_me') # if code.lower() != request.session.get('check_code', 'error').lower(): # return render(request, 'login.html', {"login_error_info": "验证码错误,请重新输入!"}) user = auth.authenticate(username=username, password=de_password) print(user) if user and user.is_active: auth.login(request, user) request.session['username'] = username if remember_me: request.session.set_expiry(60 * 60 * 24 * 7) else: request.session.set_expiry(0) UserProfile.objects.filter(username=username).update( login_status=0) # get_login_info.delay(login_user=username, login_ip=login_ip, login_status='登录成功') print('未知1') if next_url: print('未知2') if next_url == '/' and not user.is_superuser: return HttpResponseRedirect('/users/user_center/', locals()) print('未知3') return HttpResponseRedirect(next_url, locals()) else: print('未知4') return HttpResponseRedirect('/users/user_center/', locals()) elif user is None: get_login_info.delay(login_user=username, login_ip=login_ip, login_status='登录失败') return render(request, 'login.html', {"login_error_info": "输入的用户名或密码错误!"}) elif not user.is_active: return render(request, 'login.html', {"login_error_info": "账户被禁用!"}) else: return render(request, 'login.html', {"login_error_info": "未知异常,请联系管理员!"})
def __init__(self, *args, **kwargs): super(AdminGuacamole, self).__init__(*args, **kwargs) self.server = ServerAssets.objects.select_related('assets').get(id=self.scope['path'].split('/')[3]) self.ip = self.server.assets.asset_management_ip self.port = self.server.port self.username = self.server.username self.password = CryptPwd().decrypt_pwd(self.server.password)
def connect(self): self.group_name = self.scope['url_route']['kwargs']['group_name'] path = self.scope['path'] server_id = path.split('/')[3] host = ServerAssets.objects.select_related('assets').get(id=server_id) username = host.username password = CryptPwd().decrypt_pwd(host.password) self.host_ip = host.assets.asset_management_ip host_port = int(host.port) try: self.ssh = paramiko.SSHClient() self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) if self.host_ip.startswith('1'): self.ssh.connect(self.host_ip, host_port, username='******', key_filename='/root/.ssh/id_rsa') else: self.ssh.connect(self.host_ip, host_port, username, password) # 创建channels group async_to_sync(self.channel_layer.group_add)(self.group_name, self.channel_name) except Exception as e: logging.getLogger().error('用户{}通过webssh连接{}失败!原因:{}'.format(username, self.host_ip, e)) self.chan = self.ssh.invoke_shell(term='xterm', width=150, height=30) self.chan.settimeout(0) self.t1 = MyThread(self) self.t1.setDaemon(True) self.t1.start() # 返回给receive方法处理 self.accept()
def db_list(request): if request.method == 'GET': dbs = DBConfig.objects.select_related('db_server').all() services = Service.objects.select_related('project').select_related( 'service_asset').all() groups = Group.objects.all() return render(request, 'dbmanager/db_list.html', locals()) elif request.method == 'POST': try: db = DBConfig.objects.create(db_server=Service.objects.get( id=request.POST.get('db_server')), db_port=int( request.POST.get('db_port')), db_name=request.POST.get('db_name'), db_user=request.POST.get('db_user'), db_password=CryptPwd().encrypt_pwd( request.POST.get('db_password')), db_memo=request.POST.get('db_memo')) db.db_group.set(request.POST.getlist('db_group')) return JsonResponse({'code': 200, 'data': None, 'msg': '数据库添加成功!'}) except Exception as e: return JsonResponse({ 'code': 500, 'data': None, 'msg': '数据库添加失败!{}'.format(e) })
def gen_resource(host_ids, group_ids=None): host_list = [] for host_id in host_ids: host = {} host_obj = ServerAssets.objects.get(id=host_id) host['ip'] = host_obj.assets.asset_management_ip host['port'] = int(host_obj.port) host['username'] = host_obj.username host['password'] = CryptPwd().decrypt_pwd(host_obj.password) if host_obj.host_vars: host_vars = eval(host_obj.host_vars) for k, v in host_vars.items(): host[k] = v host_list.append(host) if group_ids: resource = {} group_values = {} for group_id in group_ids: group_obj = AnsibleInventory.objects.get(id=group_id) group_values['hosts'] = host_list if group_obj.ans_group_vars: group_values['group_vars'] = eval(group_obj.ans_group_vars) resource[group_obj.ans_group_name] = group_values else: resource = host_list return resource
def connect(self): if self.scope["user"].is_anonymous: self.close(code=1007) else: self.accept() username = self.server.username try: self.ssh.load_system_host_keys() self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) self.ssh.connect(self.host_ip, int(self.server.port), username, CryptPwd().decrypt_pwd(self.server.password), timeout=5) except Exception as e: fort_logger.error('用户{}通过webssh连接{}失败!原因:{}'.format( username, self.host_ip, e)) self.send('用户{}通过webssh连接{}失败!原因:{}'.format( username, self.host_ip, e)) self.close() self.chan = self.ssh.invoke_shell(term='xterm', width=self.width, height=self.height) # 设置如果3分钟没有任何输入,就断开连接 self.chan.settimeout(60 * 3) self.t1.setDaemon(True) self.t1.start()
def db_exec(request): if request.method == 'GET': dbs = DBConfig.objects.prefetch_related('db_group').all() user_groups = request.user.groups.all() user_dbs = [] for db in dbs: if not set(db.db_group.all()).isdisjoint(set(user_groups)): user_dbs.append(db) return render(request, 'dbmanager/db_exec.html', {'user_dbs': user_dbs}) elif request.method == 'POST': pk = request.POST.get('pk') sql = request.POST.get('sql') sql_type = request.POST.get('sql_type') sql_file = request.FILES.get('upload_file') if sql_file: sql = ''.join({chunk.decode('utf-8') for chunk in sql_file.chunks(chunk_size=1024)}) sql_file.close() return JsonResponse({'code': 200, 'data': sql, 'msg': 'sql上传成功!'}) db = DBConfig.objects.select_related('db_server').get(id=pk) try: conn = MysqlPool(db.db_server.service_asset.asset_management_ip, db.db_port, db.db_user, CryptPwd().decrypt_pwd(db.db_password), db.db_name) if sql == 'show tables': res = conn.get_tables(sql) return JsonResponse({'code': 200, 'data': res, 'msg': 'sql执行成功!'}) elif sql_type == 'select': table_heads, res = conn.exec_select(sql) if isinstance(table_heads, list): db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql, db_sql_res=res, db_sql_res_thead=str(table_heads)) return JsonResponse({'code': 200, 'table_heads': table_heads, 'data': res, 'db_log_id': db_log_id, 'msg': 'sql执行成功!'}) else: db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql, db_sql_res=res) return JsonResponse({'code': 507, 'data': res, 'db_log_id': db_log_id, 'msg': 'sql执行失败!'}) elif sql_type == 'sql-one': res = conn.exec_sql_one(sql) db_sql_res = '受影响的行数: {}'.format(res) if isinstance(res, int) else str(res) db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql, db_sql_res=db_sql_res) return JsonResponse( {'code': 200, 'data': db_sql_res, 'db_log_id': db_log_id, 'msg': 'sql执行成功!'}) elif sql_type == 'sql-many': sql_list = sql.split('args=') run_sql = sql_list[0].rstrip() args = eval(sql_list[1]) res = conn.exec_sql_many(run_sql, args) db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql, db_sql_res='受影响的行数: {}'.format(res)) return JsonResponse( {'code': 200, 'data': '受影响的行数: {}'.format(res), 'db_log_id': db_log_id, 'msg': 'sql执行成功!'}) except Exception as e: return JsonResponse({'code': 500, 'data': None, 'msg': 'sql执行失败!{}'.format(e)})
def update(self, instance, validated_data): for attr, value in validated_data.items(): if attr == 'server_user_password': if instance.server_user_password != value: setattr(instance, attr, CryptPwd().encrypt_pwd(value)) else: setattr(instance, attr, value) instance.save() return instance
def create(self, data): if data.get('assets'): assets_data = data.pop('assets') assets = Assets.objects.create(**assets_data) else: assets = Assets() data['assets'] = assets data['password'] = CryptPwd().encrypt_pwd(data['password']) server = ServerAssets.objects.create(**data) return server
def connect(self): self.accept('guacamole') self.client.handshake(protocol='rdp', hostname=self.server_ip, port=self.server.port, password=CryptPwd().decrypt_pwd(self.server.password), username=self.server.username, width=self.width, height=self.height, dpi=self.dpi) self.send('0.,{0}.{1};'.format(len(self.group_name), self.group_name)) self.guacamole_thread.setDaemon(True) self.guacamole_thread.start()
def connect(self): self.accept('guacamole') self.client.handshake( protocol='rdp', hostname=self.fort_server.assets.asset_management_ip, port=self.fort_server.port, password=CryptPwd().decrypt_pwd(self.fort_server.password), username=self.fort_server.username) self.send('0.,{0}.{1};'.format(len(self.group_name), self.group_name)) self.guacamole_thread.setDaemon(True) self.guacamole_thread.start()
def lock_screen(request): crypt = CryptPwd() if request.method == 'GET': user = UserProfile.objects.get(username=request.user) UserProfile.objects.filter(username=request.user).update( login_status=3 ) request.session['lock'] = 'lock' if 'lock_screen' not in request.META.get('HTTP_REFERER'): request.session['referer_url'] = request.META.get('HTTP_REFERER') public_key = crypt.gen_pri_pub_key return render(request, 'lockscreen.html', locals()) elif request.method == 'POST': de_password = crypt.de_js_encrypt(request.POST.get('pwd')) user = auth.authenticate(username=request.session['username'], password=de_password) if user: del request.session['lock'] referer_url = request.session.get('referer_url') return redirect(referer_url) return render(request, 'lockscreen.html', {"login_error_info": "密码错误!请确认输入的密码是否正确!", 'public_key': crypt.gen_pri_pub_key})
def update_pwd(request): if request.method == 'POST': pks = request.POST.getlist('pks') pwd = request.POST.get('pwd') try: for pk in pks: server = Assets.objects.get(id=pk).serverassets server.password = CryptPwd().encrypt_pwd(pwd) server.save() return JsonResponse({'code': 200, 'msg': '更新完毕!'}) except Exception as e: return JsonResponse({'code': 500, 'msg': '更新失败:{}'.format(e)})
def receive(self, text_data=None, bytes_data=None): info = json.loads(text_data) self.host = info['host'] self.port = info['port'] self.username = info['username'] self.password = CryptPwd().decrypt_pwd(info['password']) self.log_file = info['log_file'] self.cmd = "/usr/bin/sshpass -p {password} /usr/bin/ssh -t -p {port} {user}@{host} /usr/bin/tailf " \ "{log_file}".format(password=self.password, port=self.port, user=self.username, host=self.host, log_file=self.log_file) self.t1.setDaemon(True) self.t1.start()
def get_top_data(request, pk): server_obj = ServerAssets.objects.select_related('assets').get(id=pk) resource = [{"ip": server_obj.assets.asset_management_ip, "port": int(server_obj.port), "username": server_obj.username, "password": CryptPwd().decrypt_pwd(server_obj.password)}] ans = ANSRunner(resource, become='yes', become_method='sudo', become_user='******') ans.run_module(host_list=[server_obj.assets.asset_management_ip], module_name='shell', module_args='export COLUMNS\=400 && top -bcn 1 && df -h -t ext3 -t ext4 -t xfs') result = ans.get_module_results[0] if 'success' in result: load, tasks, cpu, mem, swap, heads, body, disk = handle_top_data(result) return JsonResponse({'code': 200, 'data': {'load': load, 'tasks': tasks, 'cpu': cpu, 'mem': mem, 'swap': swap, 'heads': heads, 'body': body, 'disk': disk}, 'msg': '收集成功!'}) else: return JsonResponse({'code': 500, 'msg': '收集失败!{}'.format(result[result.index('>>') + 1:])})
def connect(self): self.accept() username = self.server.username try: self.ssh.load_system_host_keys() self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) self.ssh.connect(self.host_ip, int(self.server.port), username, CryptPwd().decrypt_pwd(self.server.password)) except Exception as e: logging.getLogger().error('用户{}通过webssh连接{}失败!原因:{}'.format(username, self.host_ip, e)) self.send('用户{}通过webssh连接{}失败!原因:{}'.format(username, self.host_ip, e)) self.chan = self.ssh.invoke_shell(term='xterm', width=150, height=30) self.chan.settimeout(0) self.t1.setDaemon(True) self.t1.start()
def server_facts(request): if request.method == 'POST': pk = request.POST.get('pk') module = request.POST.get('module') server_obj = ServerAssets.objects.select_related('assets').get(id=pk) resource = [{"ip": server_obj.assets.asset_management_ip, "port": int(server_obj.port), "username": server_obj.username, "password": CryptPwd().decrypt_pwd(server_obj.password)}] try: ans = ANSRunner(resource, become='yes', become_method='sudo', become_user='******') ans.run_module(host_list=[server_obj.assets.asset_management_ip], module_name=module, module_args="") for data in ans.get_module_results: if module == 'setup': if 'success' in data: server_info, server_model, nks = handle_setup_data(data) Assets.objects.filter(id=server_obj.assets_id).update( asset_model=server_model ) ServerAssets.objects.select_related('assets').filter(id=pk).update(**server_info) asset = Assets.objects.get(id=server_obj.assets_id) for nk in nks: mac = nk.get('network_card_mac') NetworkCardAssets.objects.select_related('asset').update_or_create(defaults=nk, asset=asset, network_card_mac=mac) return JsonResponse({'code': 200, 'msg': '收集完成!'}) else: return JsonResponse({'code': 500, 'msg': '收集失败!{}'.format(data[data.index('>>') + 1:])}) elif module == 'get_mem': if 'success' in data: mem_infos = handle_mem_data(data) asset = Assets.objects.get(id=server_obj.assets_id) for mem_info in mem_infos: ram_slot = mem_info.get('ram_slot') RamAssets.objects.select_related('asset').update_or_create(defaults=mem_info, asset=asset, ram_slot=ram_slot) return JsonResponse({'code': 200, 'msg': '收集完成!'}) else: return JsonResponse({'code': 500, 'msg': '收集失败!{}'.format(data[data.index('>>') + 1:])}) except Exception as e: return JsonResponse({'code': 500, 'msg': str(e)})
def gen_host_list(host_ids): """ 生成格式为:[{"ip": "10.0.0.0", "port": "22", "username": "******", "password": "******"}, ...] :return: """ host_list = [] for host_id in host_ids: host = {} host_obj = ServerAssets.objects.get(id=host_id) host['ip'] = host_obj.assets.asset_management_ip host['port'] = int(host_obj.port) host['username'] = host_obj.username host['password'] = CryptPwd().decrypt_pwd(host_obj.password) if host_obj.host_vars: host_vars = eval(host_obj.host_vars) for k, v in host_vars.items(): host[k] = v host_list.append(host) return host_list
def connect(self): path = self.scope['path'] server_id = path.split('/')[3] host = ServerAssets.objects.select_related('assets').get(id=server_id) username = host.username self.host_ip = host.assets.asset_management_ip host_port = int(host.port) password = CryptPwd().decrypt_pwd(host.password) # 创建channels group, 命名为:用户名,并使用channel_layer写入到redis async_to_sync(self.channel_layer.group_add)(self.channel_name, self.channel_name) self.ssh = paramiko.SSHClient() self.ssh.load_system_host_keys() self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) self.ssh.connect(self.host_ip, host_port, username, password) self.chan = self.ssh.invoke_shell(term='xterm') self.chan.settimeout(0) t1 = MyThread(self) t1.setDaemon(True) t1.start() # 返回给receive方法处理 self.accept()
def import_assets(request): if request.method == 'POST': file = request.FILES.get('file') filename = os.path.join(settings.BASE_DIR, 'upload', file.name) if not os.path.exists(os.path.dirname(filename)): os.makedirs(os.path.dirname(filename)) with open(filename, 'wb') as f: for chunk in file.chunks(): f.write(chunk) try: xl_file = xlrd.open_workbook(filename) sheet_names = xl_file.sheet_names() data_list = [] for sheet_name in sheet_names: sheet_obj = xl_file.sheet_by_name(sheet_name) for i in range(1, sheet_obj.nrows): data_list.append(sheet_obj.row_values(i)) for data in data_list: assets = { 'asset_type': data[0], 'asset_nu': data[1], 'asset_model': data[2] if data[2] else None, 'asset_provider': AssetProvider.objects.get( id=int(data[3])) if data[3] else None, 'asset_status': int(data[4]) if data[4] else 0, 'asset_management_ip': data[5] if data[5] else None, 'asset_admin': UserProfile.objects.get(id=int(data[6])) if data[6] else UserProfile.objects.get(username=request.user), 'asset_idc': IDC.objects.get(id=int(data[7])) if data[7] else None, 'asset_cabinet': Cabinet.objects.select_related('idc').get( id=int(data[8])) if data[8] else None, 'asset_purchase_day': xlrd.xldate_as_datetime(data[9], 0), 'asset_expire_day': xlrd.xldate_as_datetime(data[10], 0), 'asset_price': data[11] if data[11] else None, 'asset_memo': data[12], } asset_obj, created = Assets.objects.update_or_create( asset_nu=data[1], defaults=assets) if data[0] == 'server': server_asset = { 'server_type': int(data[13]), 'username': data[14], 'password': CryptPwd().encrypt_pwd(str(data[15])) if data[15] else None, 'port': int(data[16]), 'hosted_on': ServerAssets.objects.select_related('assets').get( id=int(data[17])) if data[17] else None, } ServerAssets.objects.update_or_create( assets=asset_obj, defaults=server_asset) elif data[0] == 'network': NetworkAssets.objects.update_or_create(assets=asset_obj, network_type=int( data[13])) elif data[0] == 'office': OfficeAssets.objects.update_or_create(assets=asset_obj, office_type=int( data[13])) elif data[0] == 'security': SecurityAssets.objects.update_or_create(assets=asset_obj, security_type=int( data[13])) elif data[0] == 'storage': StorageAssets.objects.update_or_create(assets=asset_obj, storage_type=int( data[13])) elif data[0] == 'software': SoftwareAssets.objects.update_or_create(assets=asset_obj, software_type=int( data[13])) return JsonResponse({'code': 200, 'msg': '导入成功!'}) except Exception as e: return JsonResponse({'code': 500, 'msg': '导入失败!,{}'.format(e)})
def create(self, validated_data): validated_data['server_user_password'] = CryptPwd().encrypt_pwd( validated_data['server_user_password']) server = PullAssetConf.objects.create(**validated_data) return server