def top_pro_add(request):
if request.method == "POST":
name = request.POST.get('name')
hosts = request.POST.get('servers')
filename = request.POST.get('filename')
rule = request.POST.get('rule')
limit = request.POST.get('limit')
exception = request.POST.get('exception')
globalip = request.POST.get('globalip')
hook = request.POST.get('hook')
remark = request.POST.get('remark')
if dsACL_TopProject.objects.filter(name=name):
return JsonResponse({'code': 1, 'msg': "该项目已存在", 'count': 1})
if hosts:
for i in strIp_to_listIp(hosts):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "目标服务器IP格式错误",
'count': 1
})
if exception:
for i in strIp_to_listIp(exception):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "无限制IP格式错误",
'count': 1
})
if globalip:
for i in strIp_to_listIp(globalip):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "默认添加IP格式错误",
'count': 1
})
if not limit: limit = 0
data = dsACL_TopProject(name=name,
servers=hosts,
filename=filename,
rule=rule,
limit=limit,
exception=exception,
globalip=globalip,
hook=hook,
remark=remark)
data.save()
return JsonResponse({'code': 0, 'msg': "添加成功", 'count': 1})
return render(request, 'allow_list/top_pro_add.html', locals())
def nginx_acl_task(sid):
"""CMDB访问控制系统将本地文件上传到服务器"""
sub_obj = dsACL_SubProject.objects.get(pk=sid)
top_obj = sub_obj.parentPro
if sub_obj.useParentConf:
servers = top_obj.servers
filename = top_obj.filename
rule = top_obj.rule
hook = top_obj.hook
else:
servers = sub_obj.servers
filename = sub_obj.filename
rule = sub_obj.rule
hook = sub_obj.hook
# 推送文件
ruleIp = ""
if top_obj.globalip:
globalip = top_obj.globalip.split('\n')
for gip in globalip:
ruleIp = ruleIp + rule.replace("{IP}", gip) + '\n'
if sub_obj.useParentConf:
sub_list = [
sub for sub in dsACL_SubProject.objects.filter(parentPro=top_obj)
if sub.useParentConf
]
for s in sub_list:
for i in dsACL_ngx.objects.filter(project=s):
ruleIp = ruleIp + rule.replace("{IP}", i.host) + '\n'
else:
for acl_obj in dsACL_ngx.objects.filter(project=sub_obj):
ruleIp = ruleIp + rule.replace("{IP}", acl_obj.host) + '\n'
localfile = "/data/nginx_acl_cmdb/aclTmpfile_%s_%s" % (sub_obj.name,
top_obj.name)
with open(localfile, "wb+") as f:
f.write(ruleIp)
for server in strIp_to_listIp(servers):
try:
server_obj = Server.objects.get(ssh_host=server)
except:
server_obj = Server.objects.filter(ssh_host=server)[0]
run_ftp(server, int(server_obj.ssh_port), server_obj.ssh_password,
server_obj.ssh_user, localfile, filename)
if hook:
res = run_cmd(server, int(server_obj.ssh_port),
server_obj.ssh_password, server_obj.ssh_user, hook)
def sub_pro_add(request, tid):
toppro = dsACL_TopProject.objects.get(pk=tid)
if request.method == "POST":
name = request.POST.get('name')
useParentConf = request.POST.get('useParentConf')
if useParentConf:
useParentConf = False
else:
useParentConf = True
hosts = request.POST.get('servers')
filename = request.POST.get('filename')
rule = request.POST.get('rule')
hook = request.POST.get('hook')
remark = request.POST.get('remark')
if dsACL_SubProject.objects.filter(parentPro=toppro, name=name):
return JsonResponse({'code': 1, 'msg': "该项目已存在", 'count': 1})
if hosts:
for i in strIp_to_listIp(hosts):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "目标服务器IP格式错误",
'count': 1
})
data = dsACL_SubProject(name=name,
parentPro=toppro,
useParentConf=useParentConf,
servers=hosts,
filename=filename,
rule=rule,
hook=hook,
remark=remark)
data.save()
return JsonResponse({'code': 0, 'msg': "子项目添加成功", 'count': 1})
return render(request, 'allow_list/sub_pro_add.html', locals())
def sub_pro_api(request):
action = request.GET.get('action')
sid = request.GET.get('id')
tid = request.GET.get('tid')
project_name = request.GET.get('project_name')
toppro = dsACL_TopProject.objects.get(pk=tid)
value = request.GET.get('value')
res = {'code': 1, 'msg': "错误", 'count': 0}
if action == "get":
page = request.GET.get('page')
limit = request.GET.get('limit')
if page == 1:
start_line = 0
end_line = limit
else:
start_line = int(page) * int(limit) - int(limit)
end_line = int(page) * int(limit)
keyword = request.GET.get('keyword')
if keyword:
data = dsACL_SubProject.objects.filter(parentPro=toppro,
name__contains=keyword)
else:
data = dsACL_SubProject.objects.filter(parentPro=toppro)
count = len(data)
data = data[start_line:end_line]
res = {
'code': 0,
'msg': "",
'count': count,
'data':
[eval(i.toJSON(), {
'true': 1,
'false': 0
}) for i in data if i]
}
elif action == "getAll":
data = dsACL_SubProject.objects.filter(parentPro=toppro)
res = {
'code': 0,
'msg': "所有sub项目",
'count': len(data),
'data':
[eval(i.toJSON(), {
'true': 1,
'false': 0
}) for i in data if i]
}
elif action == "get_All":
line_table = {
"cache_ips": [],
"cow_ips": [],
}
toppros = dsACL_TopProject.objects.filter(
id__in=line_table[project_name])
toppros_id = [top.id for top in toppros if top]
data = dsACL_SubProject.objects.filter(parentPro__in=toppros_id)
res = {
'code': 0,
'msg': "所有sub项目",
'count': len(data),
'data':
[eval(i.toJSON(), {
'true': 1,
'false': 0
}) for i in data if i]
}
elif action == "edit_name":
if dsACL_SubProject.objects.filter(parentPro=toppro, name=value):
return JsonResponse({'code': 1, 'msg': "项目名已存在", 'count': 1})
data = dsACL_SubProject.objects.get(pk=sid)
data.name = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_filename":
data = dsACL_SubProject.objects.get(pk=sid)
data.filename = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_rule":
data = dsACL_SubProject.objects.get(pk=sid)
data.rule = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == 'edit_hook':
data = dsACL_SubProject.objects.get(pk=sid)
data.hook = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == 'edit_remark':
data = dsACL_SubProject.objects.get(pk=sid)
data.remark = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "del":
for delID in eval(sid):
data = dsACL_SubProject.objects.get(pk=delID)
data.delete()
res = {'code': 0, 'msg': "删除sub项目成功", 'count': 1}
elif action == "check_servers":
data = dsACL_SubProject.objects.get(pk=sid)
hosts = data.servers
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
if Server.objects.filter(ssh_host=i):
server_List.append({
"host": i,
"isexists": True,
"status": ssh_check(i)
})
else:
server_List.append({
"host": i,
"isexists": False,
"status": False
})
res = {
'code': 0,
'msg': "目标服务器检测",
'count': len(servers),
'data': server_List
}
elif action == "add_servers":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_SubProject.objects.get(pk=sid)
hosts = []
if data.servers: hosts = strIp_to_listIp(data.servers)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
servers = "\n".join(hosts)
data.servers = servers
data.save()
res = {'code': 0, 'msg': "添加目标服务器成功", 'count': 1}
elif action == "del_servers":
data = dsACL_SubProject.objects.get(pk=sid)
hosts = strIp_to_listIp(data.servers)
hosts = [x for x in hosts if x != value]
if hosts:
servers = "\n".join(hosts)
else:
servers = ""
data.servers = servers
data.save()
res = {'code': 0, 'msg': "删除目标服务器成功", 'count': 1}
elif action == "edit_servers":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_SubProject.objects.get(pk=sid)
servers = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.servers)
])
data.servers = servers
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_useParentConf":
data = dsACL_SubProject.objects.get(pk=sid)
if value == "True":
value = True
print "使用top配置"
else:
value = False
print "使用sub配置"
data.useParentConf = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
return JsonResponse(res)
def top_pro_api(request):
"""
id: id
action: get 获取字段 value为搜索条件keyword,另外有limit和page参数
action: del 删除
action: edit_name 编辑名字
action: edit_servers 编辑服务器信息
action: check_servers 检测服务器状态
action: add_servers 添加
action: del_servers 删除目标服务器
action: edit_filename 编辑文件路径信息
action: edit_rule 编辑匹配规则
action: edit_limit 编辑限制条目
action: edit_exception 编辑特权IP
action: get_exception 获取特权ip
action: add_exception 添加特权ip
action: del_exception 删除特权ip
action: edit_global 编辑默认IP
action: get_global 获取默认ip
action: add_global 添加默认ip
action: del_global 删除默认ip
action: edit_hook 编辑钩子
action: edit_remark 编辑备注
value: 对应值
"""
action = request.GET.get('action')
tid = request.GET.get('id')
value = request.GET.get('value')
if action == "get":
page = request.GET.get('page')
limit = request.GET.get('limit')
if page == 1:
start_line = 0
end_line = limit
else:
start_line = int(page) * int(limit) - int(limit)
end_line = int(page) * int(limit)
keyword = request.GET.get('keyword')
if keyword:
data = dsACL_TopProject.objects.filter(
name__contains=keyword)[start_line:end_line]
count = len(data)
else:
data = dsACL_TopProject.objects.all()[start_line:end_line]
count = dsACL_TopProject.objects.count()
res = {
'code': 0,
'msg': "",
'count': count,
'data': [eval(i.toJSON()) for i in data if i]
}
elif action == "getAll":
data = dsACL_TopProject.objects.all()
res = {
'code': 0,
'msg': "所有top项目",
'count': len(data),
'data': [eval(i.toJSON()) for i in data if i]
}
elif action == "edit_name":
if dsACL_TopProject.objects.filter(name=value):
return JsonResponse({'code': 1, 'msg': "该项目已存在", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
data.name = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_filename":
data = dsACL_TopProject.objects.get(pk=tid)
data.filename = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_rule":
data = dsACL_TopProject.objects.get(pk=tid)
data.rule = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_limit":
if not value: value = 0
data = dsACL_TopProject.objects.get(pk=tid)
data.limit = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_hook":
data = dsACL_TopProject.objects.get(pk=tid)
data.hook = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_remark":
data = dsACL_TopProject.objects.get(pk=tid)
data.remark = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_servers":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
servers = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.servers)
])
data.servers = servers
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_exception":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
exception = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.exception)
])
data.exception = exception
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "del":
for delID in eval(tid):
data = dsACL_TopProject.objects.get(pk=delID)
data.delete()
res = {'code': 0, 'msg': "删除成功", 'count': 1}
elif action == "check_servers":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = data.servers
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
if Server.objects.filter(ssh_host=i):
server_List.append({
"host": i,
"isexists": True,
"status": ssh_check(i)
})
else:
server_List.append({
"host": i,
"isexists": False,
"status": False
})
res = {
'code': 0,
'msg': "目标服务器检测",
'count': len(servers),
'data': server_List
}
elif action == "add_servers":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
hosts = []
if data.servers: hosts = strIp_to_listIp(data.servers)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
servers = "\n".join(hosts)
data.servers = servers
data.save()
res = {'code': 0, 'msg': "添加目标服务器成功", 'count': 1}
elif action == "del_servers":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = strIp_to_listIp(data.servers)
hosts = [x for x in hosts if x != value]
if hosts:
servers = "\n".join(hosts)
else:
servers = ""
data.servers = servers
data.save()
res = {'code': 0, 'msg': "删除目标服务器成功", 'count': 1}
elif action == "get_exception":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = data.exception
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
server_List.append({"host": i})
res = {
'code': 0,
'msg': "特权IP查看",
'count': len(servers),
'data': server_List
}
elif action == "add_exception":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
hosts = []
if data.exception: hosts = strIp_to_listIp(data.exception)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
exception = "\n".join(hosts)
data.exception = exception
data.save()
res = {'code': 0, 'msg': "添加特权IP成功", 'count': 1}
elif action == "del_exception":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = strIp_to_listIp(data.exception)
hosts = [x for x in hosts if x != value]
if hosts:
exception = "\n".join(hosts)
else:
exception = ""
data.exception = exception
data.save()
res = {'code': 0, 'msg': "删除特权IP成功", 'count': 1}
elif action == "get_global":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = data.globalip
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
server_List.append({"host": i})
res = {
'code': 0,
'msg': "默认IP查看",
'count': len(servers),
'data': server_List
}
elif action == "add_global":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
hosts = []
if data.globalip: hosts = strIp_to_listIp(data.globalip)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
globalip = "\n".join(hosts)
data.globalip = globalip
data.save()
res = {'code': 0, 'msg': "添加全局默认IP成功", 'count': 1}
elif action == "del_global":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = strIp_to_listIp(data.globalip)
hosts = [x for x in hosts if x != value]
if hosts:
globalip = "\n".join(hosts)
else:
globalip = ""
data.globalip = globalip
data.save()
res = {'code': 0, 'msg': "删除默认IP成功", 'count': 1}
elif action == "edit_global":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
globalip = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.globalip)
])
data.globalip = globalip
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
return JsonResponse(res)
def nginx_acl_adds(request):
if request.method == 'POST':
host = request.POST.get('host')
host_list = strIp_to_listIp(host)
for ip in host_list:
if not isValidIp(ip):
return JsonResponse({'code': 1, 'msg': 'IP格式错误!', 'count': 0})
tids = request.POST.get('topproject').split("_")
name = request.POST.get('project')
deltask = request.POST.get('delTask')
delDateTime = request.POST.get('delDateTime')
delDateTime = beijing2utc(delDateTime)
remark = request.POST.get('remark')
for tid in tids:
top_obj = dsACL_TopProject.objects.get(pk=tid)
sub_obj = dsACL_SubProject.objects.filter(
parentPro=top_obj).filter(name=name)[0]
# 判断添加限制,特权IP
limit = top_obj.limit
exception = top_obj.exception
if limit != 0:
subps = dsACL_SubProject.objects.filter(parentPro=top_obj)
for ip in host_list:
ipNum = 0
for subpro in subps:
ipNum += dsACL_ngx.objects.filter(project=subpro,
host=ip).count()
if ipNum >= limit and ip not in exception:
return JsonResponse({
'code':
1,
'msg':
'IP: %s 添加次数大于 %s' % (ip, limit),
'count':
0
})
if not deltask:
deltask = False
delDateTime = None
else:
deltask = True
for ipaddr in host_list:
if dsACL_ngx.objects.filter(project=sub_obj, host=ipaddr):
continue
data = dsACL_ngx(host=ipaddr,
zone=get_ip_zone(ipaddr),
project=sub_obj,
user=request.user,
remark=remark,
delTask=deltask,
delDateTime=delDateTime)
data.save()
if deltask:
schedule, _ = ClockedSchedule.objects.get_or_create(
clocked_time=data.delDateTime)
PeriodicTask.objects.create(
name="acl_delIp_%s" % data.host,
task="Allow_list.tasks.nginx_acl_del",
clocked=schedule,
args=json.dumps([data.id]),
one_off=True,
enabled=True)
# 调用异步任务同步文件
nginx_acl_scp.delay(sub_obj.id)
return JsonResponse({'code': 0, 'msg': 'IP添加完成'})
return render(request, 'allow_list/nginx_acl_adds.html', locals())