def asset_ansible_update(obj_list, name=''):
resource = gen_resource(obj_list)
ansible_instance = MyRunner(resource)
ansible_asset_info = ansible_instance.run(module_name='setup', pattern='*')
logger.debug('获取硬件信息: %s' % ansible_asset_info)
for asset in obj_list:
try:
setup_info = ansible_asset_info['contacted'][asset.hostname]['ansible_facts']
except KeyError:
continue
else:
asset_info = get_ansible_asset_info(asset.ip, setup_info)
other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand, system_arch = asset_info
asset_dic = {"other_ip": other_ip,
"mac": mac,
"cpu": cpu,
"memory": memory,
"disk": disk,
"sn": sn,
"system_type": system_type,
"system_version": system_version,
"system_arch": system_arch,
"brand": brand
}
ansible_record(asset, asset_dic, name)
def asset_ansible_update(obj_list, name=''):
resource = gen_resource(obj_list)
ansible_instance = MyRunner(resource)
ansible_asset_info = ansible_instance.run(module_name='setup', pattern='*')
logger.debug('获取硬件信息: %s' % ansible_asset_info)
for asset in obj_list:
try:
setup_info = ansible_asset_info['contacted'][asset.hostname]['ansible_facts']
logger.debug("setup_info: %s" % setup_info)
except KeyError, e:
logger.error("获取setup_info失败: %s" % e)
continue
else:
try:
asset_info = get_ansible_asset_info(asset.ip, setup_info)
print asset_info
other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand, system_arch = asset_info
asset_dic = {"other_ip": other_ip,
"mac": mac,
"cpu": cpu,
"memory": memory,
"disk": disk,
"sn": sn,
"system_type": system_type,
"system_version": system_version,
"system_arch": system_arch,
"brand": brand
}
ansible_record(asset, asset_dic, name)
except Exception as e:
logger.error("save setup info failed! %s" % e)
traceback.print_exc()
def download(request):
user = request.user
assets = get_group_user_perm(user).get('asset').keys()
asset_select = []
if request.method == 'POST':
remote_ip = request.META.get('REMOTE_ADDR')
asset_ids = request.POST.getlist('asset_ids', '')
file_path = request.POST.get('file_path')
date_now = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
upload_dir = get_tmp_dir()
for asset_id in asset_ids:
asset_select.append(get_object(Asset, id=asset_id))
if not set(asset_select).issubset(set(assets)):
illegal_asset = set(asset_select).issubset(set(assets))
return HttpResponse(u'没有权限的服务器 %s' % ','.join([asset.hostname for asset in illegal_asset]))
res = gen_resource({'user': user, 'asset': asset_select})
runner = MyRunner(res)
runner.run('fetch', module_args='src=%s dest=%s' % (file_path, upload_dir), pattern='*')
FileLog(user=request.user.username, host=' '.join([asset.hostname for asset in asset_select]),
filename=file_path, type='download', remote_ip=remote_ip, result=runner.results).save()
logger.debug(runner.results)
os.chdir('/tmp')
tmp_dir_name = os.path.basename(upload_dir)
tar_file = '%s.tar.gz' % upload_dir
bash('tar czf %s %s' % (tar_file, tmp_dir_name))
f = open(tar_file)
data = f.read()
f.close()
response = HttpResponse(data, content_type='application/octet-stream')
response['Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(tar_file)
return response
return render_to_response('download.html', locals(), context_instance=RequestContext(request))
def perm_role_recycle(request):
role_id = request.GET.get('role_id')
asset_ids = request.GET.get('asset_id').split(',')
# 仅有推送的角色才回收
assets = [get_object(Asset, id=asset_id) for asset_id in asset_ids]
recycle_assets = []
for asset in assets:
if True in [push.success for push in asset.perm_push.all()]:
recycle_assets.append(asset)
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
get_object(PermRole, id=role_id).name)
logger.info("recycle user msg: %s" % msg_del_user)
logger.info("recycle sudo msg: %s" % msg_del_sudo)
except Exception as e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError("回收已推送的系统用户失败: %s" % e)
for asset_id in asset_ids:
asset = get_object(Asset, id=asset_id)
assets.append(asset)
role = get_object(PermRole, id=role_id)
PermPush.objects.filter(asset=asset, role=role).delete()
return HttpResponse('删除成功')
def asset_ansible_update(obj_list, name=''):
resource = gen_resource(obj_list)
ansible_instance = MyRunner(resource)
ansible_asset_info = ansible_instance.run(module_name='setup', pattern='*')
logger.debug('获取硬件信息: %s' % ansible_asset_info)
for asset in obj_list:
try:
setup_info = ansible_asset_info['contacted'][
asset.hostname]['ansible_facts']
logger.debug("setup_info: %s" % setup_info)
except KeyError, e:
logger.error("获取setup_info失败: %s" % e)
continue
else:
try:
asset_info = get_ansible_asset_info(asset.ip, setup_info)
logger.debug("asset_info: %s" % asset_info)
other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand, system_arch = asset_info
asset_dic = {
"other_ip": other_ip,
"mac": mac,
"cpu": cpu,
"memory": memory,
"disk": disk,
"sn": sn,
"system_type": system_type,
"system_version": system_version,
"system_arch": system_arch,
"brand": brand
}
ansible_record(asset, asset_dic, name)
except Exception as e:
logger.error("save setup info failed! %s" % e)
traceback.print_exc()
def download(self):
while True:
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
try:
print("进入批量下载模式")
print("请输入主机名或ansile支持的pattern, 多个主机:分隔,q退出")
pattern = input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
assets = self.user_perm.get('asset').keys()
res = gen_resource({'user': self.user, 'asset': assets}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ''
print("匹配用户:\n")
for inv in runner.inventory.get_hosts(pattern=pattern):
asset_name_str += '%s ' % inv.name
print(' %s' % inv.name)
if not asset_name_str:
color_print('没有匹配主机')
continue
print()
while True:
tmp_dir = get_tmp_dir()
logger.debug('Download tmp dir: %s' % tmp_dir)
print("请输入文件路径(不支持目录)")
file_path = input("\033[1;32mPath>:\033[0m ").strip()
if file_path == 'q':
break
if not file_path:
color_print("文件路径为空")
continue
runner.run('fetch', module_args='src=%s dest=%s' % (file_path, tmp_dir), pattern=pattern)
ret = runner.results
FileLog(user=self.user.name, host=asset_name_str, filename=file_path, type='download',
remote_ip=remote_ip, result=ret).save()
logger.debug('Download file result: %s' % ret)
os.chdir('/tmp')
tmp_dir_name = os.path.basename(tmp_dir)
if not os.listdir(tmp_dir):
color_print('下载全部失败')
continue
bash('tar czf %s.tar.gz %s && sz %s.tar.gz' % (tmp_dir, tmp_dir_name, tmp_dir))
if ret.get('failed'):
error = '文件名称: %s \n下载失败: [ %s ] \n下载成功 [ %s ]' % \
('%s.tar.gz' % tmp_dir_name, ', '.join(ret.get('failed').keys()),
', '.join(ret.get('ok').keys()))
color_print(error)
else:
msg = '文件名称: %s \n下载成功 [ %s ]' % (
'%s.tar.gz' % tmp_dir_name, ', '.join(ret.get('ok').keys()))
color_print(msg, 'green')
print
except IndexError:
pass
def download(self):
while True:
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
try:
print "进入批量下载模式"
print "请输入主机名或ansible支持的pattern, 多个主机:分隔,q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
assets = self.user_perm.get('asset').keys()
res = gen_resource({'user': self.user, 'asset': assets}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ''
print "匹配主机:\n"
for inv in runner.inventory.get_hosts(pattern=pattern):
asset_name_str += '%s ' % inv.name
print ' %s' % inv.name
if not asset_name_str:
color_print('没有匹配主机')
continue
print
while True:
tmp_dir = get_tmp_dir()
logger.debug('Download tmp dir: %s' % tmp_dir)
print "请输入文件路径(不支持目录)"
file_path = raw_input("\033[1;32mPath>:\033[0m ").strip()
if file_path == 'q':
break
if not file_path:
color_print("文件路径为空")
continue
runner.run('fetch', module_args='src=%s dest=%s' % (file_path, tmp_dir), pattern=pattern)
ret = runner.results
FileLog(user=self.user.name, host=asset_name_str, filename=file_path, type='download',
remote_ip=remote_ip, result=ret).save()
logger.debug('Download file result: %s' % ret)
os.chdir('/tmp')
tmp_dir_name = os.path.basename(tmp_dir)
if not os.listdir(tmp_dir):
color_print('下载全部失败')
continue
bash('tar czf %s.tar.gz %s && sz %s.tar.gz' % (tmp_dir, tmp_dir_name, tmp_dir))
if ret.get('failed'):
error = '文件名称: %s \n下载失败: [ %s ] \n下载成功 [ %s ]' % \
('%s.tar.gz' % tmp_dir_name, ', '.join(ret.get('failed').keys()), ', '.join(ret.get('ok').keys()))
color_print(error)
else:
msg = '文件名称: %s \n下载成功 [ %s ]' % ('%s.tar.gz' % tmp_dir_name, ', '.join(ret.get('ok').keys()))
color_print(msg, 'green')
print
except IndexError:
pass
def upload(self):
while True:
try:
print "进入批量上传模式"
print
print "授权包含该系统用户的所有主机"
assets = self.user_perm.get('asset').keys()
for asset in assets:
print ' %s' % asset.hostname
print
print "请输入主机名或ansible支持的pattern, 多个主机:分隔 q退出"
print
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
res = gen_resource({'user': self.user, 'asset': assets}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ''
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print inv.name
asset_name_str += '%s ' % inv.name
if not asset_name_str:
color_print('没有匹配主机')
continue
tmp_dir = get_tmp_dir()
logger.debug('Upload tmp dir: %s' % tmp_dir)
os.chdir(tmp_dir)
bash('rz')
filename_str = ' '.join(os.listdir(tmp_dir))
if not filename_str:
color_print("上传文件为空")
continue
logger.debug('上传文件: %s' % filename_str)
runner = MyRunner(res)
runner.run('copy', module_args='src=%s dest=%s directory_mode'
% (tmp_dir, '/tmp'), pattern=pattern)
ret = runner.results
FileLog(user=self.user.username, name=self.user.name, host=asset_name_str, filename=filename_str,
remote_ip=remote_ip, type='upload', result=ret).save()
logger.debug('Upload file: %s' % ret)
if ret.get('failed'):
error = '上传目录: %s \n上传失败: [ %s ] \n上传成功 [ %s ]' % (tmp_dir,
', '.join(ret.get('failed').keys()),
', '.join(ret.get('ok').keys()))
color_print(error)
else:
msg = '上传目录: %s \n传送成功 [ %s ]' % (tmp_dir, ', '.join(ret.get('ok').keys()))
color_print(msg, 'green')
print
except IndexError:
pass
def download(request):
user = request.user
assets = list(get_group_user_perm(user).get('asset').keys())
asset_select = []
if request.method == 'POST':
remote_ip = request.META.get('REMOTE_ADDR')
asset_ids = request.POST.getlist('asset_ids', '')
file_path = request.POST.get('file_path')
date_now = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
download_dir = get_tmp_dir()
for asset_id in asset_ids:
asset_select.append(get_object(Asset, id=asset_id))
if not set(asset_select).issubset(set(assets)):
illegal_asset = set(asset_select).issubset(set(assets))
return HttpResponse(
'没有权限的服务器 %s' %
','.join([asset.hostname for asset in illegal_asset]))
res = gen_resource({'user': user, 'asset': asset_select})
runner = MyRunner(res)
runner.run('fetch',
module_args='src=%s dest=%s' % (file_path, download_dir),
pattern='*')
FileLog(user=request.user.username,
host=' '.join([asset.hostname for asset in asset_select]),
filename=file_path,
type='download',
remote_ip=remote_ip,
result=runner.results).save()
logger.debug(runner.results)
tmp_dir_name = os.path.basename(download_dir)
file_zip = '/tmp/' + tmp_dir_name + '.zip'
zf = zipfile.ZipFile(file_zip, "w", zipfile.ZIP_DEFLATED)
for dirname, subdirs, files in os.walk(download_dir):
arcname = dirname.split(download_dir)[-1]
if arcname:
zf.write(dirname, arcname)
for filename in files:
filename = os.path.join(dirname, filename)
arcname = filename.split(download_dir)[-1]
zf.write(filename, arcname)
zf.close()
f = open(file_zip, 'rb')
data = f.read()
f.close()
response = HttpResponse(data, content_type='application/octet-stream')
response[
'Content-Disposition'] = 'attachment; filename=%s.zip' % tmp_dir_name
return response
return render(request, 'download.html', locals())
def upload(self):
while True:
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
try:
print "进入批量上传模式"
print "请输入主机名或ansible支持的pattern, 多个主机:分隔 q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
assets = self.user_perm.get('asset').keys()
res = gen_resource({'user': self.user, 'asset': assets}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ''
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print inv.name
asset_name_str += '%s ' % inv.name
if not asset_name_str:
color_print('没有匹配主机')
continue
tmp_dir = get_tmp_dir()
logger.debug('Upload tmp dir: %s' % tmp_dir)
os.chdir(tmp_dir)
bash('rz')
filename_str = ' '.join(os.listdir(tmp_dir))
if not filename_str:
color_print("上传文件为空")
continue
logger.debug('上传文件: %s' % filename_str)
runner = MyRunner(res)
runner.run('copy', module_args='src=%s dest=%s directory_mode'
% (tmp_dir, tmp_dir), pattern=pattern)
ret = runner.results
FileLog(user=self.user.name, host=asset_name_str, filename=filename_str,
remote_ip=remote_ip, type='upload', result=ret).save()
logger.debug('Upload file: %s' % ret)
if ret.get('failed'):
error = '上传目录: %s \n上传失败: [ %s ] \n上传成功 [ %s ]' % (tmp_dir,
', '.join(ret.get('failed').keys()),
', '.join(ret.get('ok').keys()))
color_print(error)
else:
msg = '上传目录: %s \n传送成功 [ %s ]' % (tmp_dir, ', '.join(ret.get('ok').keys()))
color_print(msg, 'green')
print
except IndexError:
pass
def upload(request):
user = request.user
assets = get_group_user_perm(user).get('asset').keys()
asset_select = []
if request.method == 'POST':
remote_ip = request.META.get('REMOTE_ADDR')
asset_ids = request.POST.getlist('asset_ids', '')
upload_files = request.FILES.getlist('file[]', None)
date_now = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
upload_dir = get_tmp_dir()
# file_dict = {}
for asset_id in asset_ids:
asset_select.append(get_object(Asset, id=asset_id))
if not set(asset_select).issubset(set(assets)):
illegal_asset = set(asset_select).issubset(set(assets))
return HttpResponse(
'没有权限的服务器 %s' %
','.join([asset.hostname for asset in illegal_asset]))
for upload_file in upload_files:
file_path = '%s/%s' % (upload_dir, upload_file.name)
with open(file_path, 'w') as f:
for chunk in upload_file.chunks():
f.write(chunk)
res = gen_resource({'user': user, 'asset': asset_select})
runner = MyRunner(res)
#TODO 更改文件上传路径
runner.run('copy',
module_args='src=%s dest=%s directory_mode' %
(upload_dir, '/tmp'),
pattern='*')
ret = runner.results
logger.debug(ret)
FileLog(user=request.user.username,
host=' '.join([asset.hostname for asset in asset_select]),
filename=' '.join([f.name for f in upload_files]),
type='upload',
remote_ip=remote_ip,
result=ret).save()
if ret.get('failed'):
error = u'上传目录: %s <br> 上传失败: [ %s ] <br>上传成功 [ %s ]' % (
upload_dir, ', '.join(ret.get('failed').keys()), ', '.join(
ret.get('ok').keys()))
return HttpResponse(error, status=500)
msg = u'上传目录: %s <br> 传送成功 [ %s ]' % (upload_dir, ', '.join(
ret.get('ok').keys()))
return HttpResponse(msg)
return my_render('upload.html', locals(), request)
def download(request):
user = request.user
assets = get_group_user_perm(user).get('asset').keys()
asset_select = []
if request.method == 'POST':
remote_ip = request.META.get('REMOTE_ADDR')
asset_ids = request.POST.getlist('asset_ids', '')
file_path = request.POST.get('file_path')
date_now = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
upload_dir = get_tmp_dir()
for asset_id in asset_ids:
asset_select.append(get_object(Asset, id=asset_id))
if not set(asset_select).issubset(set(assets)):
illegal_asset = set(asset_select).issubset(set(assets))
return HttpResponse(
u'没有权限的服务器 %s' %
','.join([asset.hostname for asset in illegal_asset]))
res = gen_resource({'user': user, 'asset': asset_select})
runner = MyRunner(res)
runner.run('fetch',
module_args='src=%s dest=%s' % (file_path, upload_dir),
pattern='*')
FileLog(user=request.user.username,
host=' '.join([asset.hostname for asset in asset_select]),
filename=file_path,
type='download',
remote_ip=remote_ip,
result=runner.results).save()
logger.debug(runner.results)
os.chdir('/tmp')
tmp_dir_name = os.path.basename(upload_dir)
tar_file = '%s.tar.gz' % upload_dir
bash('tar czf %s %s' % (tar_file, tmp_dir_name))
f = open(tar_file)
data = f.read()
f.close()
response = HttpResponse(data, content_type='application/octet-stream')
response[
'Content-Disposition'] = 'attachment; filename=%s' % os.path.basename(
tar_file)
return response
return render_to_response('download.html',
locals(),
context_instance=RequestContext(request))
def asset_ansible_update(obj_list, name=''):
resource = gen_resource(obj_list)
ansible_instance = MyRunner(resource)
ansible_asset_info = ansible_instance.run(module_name='setup', pattern='*')
logger.debug('获取硬件信息: %s' % ansible_asset_info)
for asset in obj_list:
try:
setup_info = ansible_asset_info['contacted'][asset.hostname]['ansible_facts']
logger.debug("setup_info: %s" % setup_info)
except KeyError, e:
logger.error("获取setup_info失败: %s" % e)
continue
else:
try:
asset_info = get_ansible_asset_info(asset.ip, setup_info)
print asset_info
# modified by jox Thu Aug 11-12
#other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand, system_arch = asset_info
other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand, system_arch,os_version, kernel_version, physical_cpu, cpu_core, timezone, nameserver, domain, search = asset_info
asset_dic = {"other_ip": other_ip,
"mac": mac,
"cpu": cpu,
"memory": memory,
"disk": disk,
"sn": sn,
"system_type": system_type,
"system_version": system_version,
"system_arch": system_arch,
"brand": brand,
# added by jox Thu Aug 11 13:28:18 CST 2016
"os_version": os_version,
"kernel_version": kernel_version,
"physical_cpu": physical_cpu,
"cpu_core": cpu_core,
# added bu jox Fri Aug 12 12:27:08 CST 2016
"timezone": timezone,
"nameserver": nameserver,
"domain": domain,
"search": search
}
# over
ansible_record(asset, asset_dic, name)
except Exception as e:
logger.error("save setup info failed! %s" % e)
traceback.print_exc()
def upload(request):
user = request.user
assets = get_group_user_perm(user).get('asset').keys()
asset_select = []
if request.method == 'POST':
remote_ip = request.META.get('REMOTE_ADDR')
asset_ids = request.POST.getlist('asset_ids', '')
upload_files = request.FILES.getlist('file[]', None)
date_now = datetime.datetime.now().strftime("%Y%m%d%H%M%S")
upload_dir = get_tmp_dir()
# file_dict = {}
for asset_id in asset_ids:
asset_select.append(get_object(Asset, id=asset_id))
if not set(asset_select).issubset(set(assets)):
illegal_asset = set(asset_select).issubset(set(assets))
return HttpResponse('没有权限的服务器 %s' % ','.join([asset.hostname for asset in illegal_asset]))
for upload_file in upload_files:
file_path = '%s/%s' % (upload_dir, upload_file.name)
with open(file_path, 'w') as f:
for chunk in upload_file.chunks():
f.write(chunk)
res = gen_resource({'user': user, 'asset': asset_select})
runner = MyRunner(res)
runner.run('copy', module_args='src=%s dest=%s directory_mode'
% (upload_dir, upload_dir), pattern='*')
ret = runner.results
logger.debug(ret)
FileLog(user=request.user.username, host=' '.join([asset.hostname for asset in asset_select]),
filename=' '.join([f.name for f in upload_files]), type='upload', remote_ip=remote_ip,
result=ret).save()
if ret.get('failed'):
error = u'上传目录: %s <br> 上传失败: [ %s ] <br>上传成功 [ %s ]' % (upload_dir,
', '.join(ret.get('failed').keys()),
', '.join(ret.get('ok').keys()))
return HttpResponse(error, status=500)
msg = u'上传目录: %s <br> 传送成功 [ %s ]' % (upload_dir, ', '.join(ret.get('ok').keys()))
return HttpResponse(msg)
return my_render('upload.html', locals(), request)
def perm_role_push(request):
"""
the role push page
"""
# 渲染数据
header_title, path1, path2 = "系统用户", "系统用户管理", "系统用户推送"
role_id = request.GET.get('id')
asset_ids = request.GET.get('asset_id')
role = get_object(PermRole, id=role_id)
assets = Asset.objects.all()
asset_groups = AssetGroup.objects.all()
if asset_ids:
need_push_asset = [
get_object(Asset, id=asset_id) for asset_id in asset_ids.split(',')
]
if request.method == "POST":
# 获取推荐角色的名称列表
# 计算出需要推送的资产列表
asset_ids = request.POST.getlist("assets")
asset_group_ids = request.POST.getlist("asset_groups")
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
asset_groups_obj = [
AssetGroup.objects.get(id=asset_group_id)
for asset_group_id in asset_group_ids
]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj))
push_resource = gen_resource(calc_assets)
# 调用Ansible API 进行推送
password_push = True if request.POST.get("use_password") else False
key_push = True if request.POST.get("use_publicKey") else False
task = MyTask(push_resource)
ret = {}
# 因为要先建立用户,而push key是在 password也完成的情况下的 可选项
# 1. 以秘钥 方式推送角色
if key_push:
ret["pass_push"] = task.add_user(role.name)
ret["key_push"] = task.push_key(
role.name, os.path.join(role.key_path, 'id_rsa.pub'))
# 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信, 不再提供密码方式的推送>
# elif password_push:
# ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
# 3. 推送sudo配置文件
if key_push:
sudo_list = set([sudo for sudo in role.sudo.all()
]) # set(sudo1, sudo2, sudo3)
if sudo_list:
ret['sudo'] = task.push_sudo_file([role], sudo_list)
else:
ret['sudo'] = task.recyle_cmd_alias(role.name)
logger.debug('推送role结果: %s' % ret)
success_asset = {}
failed_asset = {}
logger.debug(ret)
for push_type, result in list(ret.items()):
if result.get('failed'):
for hostname, info in list(result.get('failed').items()):
if hostname in list(failed_asset.keys()):
if info in failed_asset.get(hostname):
failed_asset[hostname] += info
else:
failed_asset[hostname] = info
for push_type, result in list(ret.items()):
if result.get('ok'):
for hostname, info in list(result.get('ok').items()):
if hostname in list(failed_asset.keys()):
continue
elif hostname in list(success_asset.keys()):
if str(info) in success_asset.get(hostname, ''):
success_asset[hostname] += str(info)
else:
success_asset[hostname] = str(info)
# 推送成功 回写push表
for asset in calc_assets:
push_check = PermPush.objects.filter(role=role, asset=asset)
if push_check:
func = push_check.update
else:
def func(**kwargs):
PermPush(**kwargs).save()
if failed_asset.get(asset.hostname):
func(is_password=password_push,
is_public_key=key_push,
role=role,
asset=asset,
success=False,
result=failed_asset.get(asset.hostname))
else:
func(is_password=password_push,
is_public_key=key_push,
role=role,
asset=asset,
success=True)
if not failed_asset:
msg = '系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(
list(success_asset.keys())))
else:
error = '系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ] 请点系统用户->点对应名称->点失败,查看失败原因' % (
role.name, ','.join(list(failed_asset.keys())), ','.join(
list(success_asset.keys())))
return my_render('jperm/perm_role_push.html', locals(), request)
def exec_cmd(self):
"""
批量执行命令
"""
while True:
roles = self.user_perm.get('role').keys()
if len(roles) > 1: # 授权角色数大于1
color_print('[%-2s] %-15s' % ('ID', '系统用户'), 'info')
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print '[%-2s] %-15s' % (i, r.name)
print
print "请输入运行命令所关联系统用户的ID, q退出"
try:
role_id = int(
raw_input("\033[1;32mRole>:\033[0m ").strip())
if role_id == 'q':
break
except (IndexError, ValueError):
color_print('错误输入')
else:
role = role_check[int(role_id)]
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
else:
color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。')
return
#判断用户选择打印的组或者主机
try:
_t = raw_input("\033[1;32mG/g or H/h>:\033[0m ").strip()
if _t == 'q':
break
except (IndexError, ValueError):
color_print('错误输入')
if _t in ['G', 'g']:
user_asset_group_all = get_group_user_perm(self.user).get(
'asset_group', [])
color_print('[%-3s] %-20s %s' % ('ID', '组名', '备注'), 'title')
for asset_group in user_asset_group_all:
print '[%-3s] %-15s %s' % (
asset_group.id, asset_group.name, asset_group.comment)
print
try:
_gid = raw_input("\033[1;32mGid>:\033[0m ").strip()
if _gid == 'q':
break
except (IndexError, ValueError):
color_print('错误输入')
else:
_gid_pattern = re.compile(r'^\d+$')
if _gid_pattern.match(_gid):
gid = int(_gid.lstrip('g'))
# 获取资产组包含的资产
asset_group = get_object(AssetGroup, id=gid)
if asset_group and asset_group in self.perm_asset_groups:
_search_result = list(asset_group.asset_set.all())
print "授权包含该系统用户的所有主机(测试功能)"
#assets = []
if hasattr(_search_result, '__iter__'):
for index, asset in enumerate(_search_result):
#assets_obj = [Asset.objects.get(id=asset_id) for asset_id in _search_result]
#assets.append(assets_obj)
print ' %s' % asset.hostname
print
#print(assets)
#print type(assets[0])
else:
color_print('没有该资产组或没有权限')
return
else:
assets = list(
self.user_perm.get(
'role', {}).get(role).get('asset')) # 获取该用户,角色授权主机
print "授权包含该系统用户的所有主机"
for asset in assets:
print ' %s' % asset.hostname
print
print "请输入主机名或ansible支持的pattern, 多个主机:分隔, q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
res = gen_resource(
{
'user': self.user,
'asset': assets,
'role': role
},
perm=self.user_perm)
print(assets)
runner = MyRunner(res)
asset_name_str = ''
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print ' %s' % inv.name
asset_name_str += '%s ' % inv.name
print
while True:
print "请输入执行的命令, 按q退出"
command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
if command == 'q':
break
elif not command:
color_print('命令不能为空...')
continue
runner.run('shell', command, pattern=pattern)
ExecLog(host=asset_name_str,
user=self.user.username,
cmd=command,
remote_ip=remote_ip,
result=runner.results).save()
for k, v in runner.results.items():
if k == 'ok':
for host, output in v.items():
color_print("%s => %s" % (host, 'Ok'), 'green')
print output
print
else:
for host, output in v.items():
color_print("%s => %s" % (host, k), 'red')
color_print(output, 'red')
print
print "~o~ Task finished ~o~"
print
def exec_cmd(self):
"""
批量执行命令
"""
while True:
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
roles = self.user_perm.get("role").keys()
if len(roles) > 1: # 授权角色数大于1
color_print("[%-2s] %-15s" % ("ID", "系统用户"), "info")
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print "[%-2s] %-15s" % (i, r.name)
print
print "请输入运行命令所关联系统用户的ID, q退出"
try:
role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
if role_id == "q":
break
except (IndexError, ValueError):
color_print("错误输入")
else:
role = role_check[int(role_id)]
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
assets = list(self.user_perm.get("role", {}).get(role).get("asset")) # 获取该用户,角色授权主机
print "授权包含该系统用户的所有主机"
for asset in assets:
print " %s" % asset.hostname
print
print "请输入主机名或ansile支持的pattern, 多个主机:分隔, q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == "q":
break
else:
res = gen_resource({"user": self.user, "asset": assets, "role": role}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ""
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print " %s" % inv.name
asset_name_str += "%s " % inv.name
print
while True:
print "请输入执行的命令, 按q退出"
command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
if command == "q":
break
runner.run("shell", command, pattern=pattern)
ExecLog(
host=asset_name_str,
user=self.user.username,
cmd=command,
remote_ip=remote_ip,
result=runner.results,
).save()
for k, v in runner.results.items():
if k == "ok":
for host, output in v.items():
color_print("%s => %s" % (host, "Ok"), "green")
print output
print
else:
for host, output in v.items():
color_print("%s => %s" % (host, k), "red")
color_print(output, "red")
print
print "~o~ Task finished ~o~"
print
def perm_role_delete(request):
"""
delete role page
"""
if request.method == "GET":
try:
# 获取参数删除的role对象
role_id = request.GET.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning("Delete Role: role_id %s not exist" % role_id)
raise ServerError("role_id %s 无数据记录" % role_id)
# 删除推送到主机上的role
filter_type = request.GET.get("filter_type")
if filter_type:
if filter_type == "recycle_assets":
recycle_assets = [
push.asset for push in role.perm_push.all()
if push.success
]
print(recycle_assets)
recycle_assets_ip = ','.join(
[asset.ip for asset in recycle_assets])
return HttpResponse(recycle_assets_ip)
else:
return HttpResponse("no such filter_type: %s" %
filter_type)
else:
return HttpResponse("filter_type: ?")
except ServerError as e:
return HttpResponse(e)
if request.method == "POST":
try:
# 获取参数删除的role对象
role_id = request.POST.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning("Delete Role: role_id %s not exist" % role_id)
raise ServerError("role_id %s 无数据记录" % role_id)
role_key = role.key_path
# 删除推送到主机上的role
recycle_assets = [
push.asset for push in role.perm_push.all() if push.success
]
logger.debug("delete role %s - delete_assets: %s" %
(role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(
get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
get_object(PermRole, id=role_id).name)
except Exception as e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError("回收已推送的系统用户失败: %s" % e)
logger.info("delete role %s - execute delete user: %s" %
(role.name, msg_del_user))
logger.info("delete role %s - execute delete sudo: %s" %
(role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除存储的秘钥,以及目录
try:
key_files = os.listdir(role_key)
for key_file in key_files:
os.remove(os.path.join(role_key, key_file))
os.rmdir(role_key)
except OSError as e:
logger.warning("Delete Role: delete key error, %s" % e)
raise ServerError("删除系统用户key失败: %s" % e)
logger.info("delete role %s - delete role key directory: %s" %
(role.name, role_key))
# 数据库里删除记录
role.delete()
return HttpResponse("删除系统用户: %s" % role.name)
except ServerError as e:
return HttpResponseBadRequest("删除失败, 原因: %s" % e)
return HttpResponseNotAllowed("仅支持POST")
def exec_cmd(self):
"""
批量执行命令
"""
while True:
roles = self.user_perm.get('role').keys()
if len(roles) > 1: # 授权角色数大于1
color_print('[%-2s] %-15s' % ('ID', '系统用户'), 'info')
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print '[%-2s] %-15s' % (i, r.name)
print
print "请输入运行命令所关联系统用户的ID, q退出"
try:
role_id = raw_input("\033[1;32mRole>:\033[0m ").strip()
if role_id == 'q':
break
except (IndexError, ValueError):
color_print('错误输入')
else:
role = role_check[int(role_id)]
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
else:
color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。')
return
assets = list(self.user_perm.get('role', {}).get(role).get('asset')) # 获取该用户,角色授权主机
print "授权包含该系统用户的所有主机"
for asset in assets:
print ' %s' % asset.hostname
print
print "请输入主机名或ansible支持的pattern, 多个主机:分隔, q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
res = gen_resource({'user': self.user, 'asset': assets, 'role': role}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ''
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print ' %s' % inv.name
asset_name_str += '%s ' % inv.name
print
while True:
print "请输入执行的命令, 按q退出"
command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
if command == 'q':
break
elif not command:
color_print('命令不能为空...')
continue
runner.run('shell', command, pattern=pattern)
ExecLog(host=asset_name_str, user=self.user.username, cmd=command, remote_ip=remote_ip,
result=runner.results).save()
for k, v in runner.results.items():
if k == 'ok':
for host, output in v.items():
color_print("%s => %s" % (host, 'Ok'), 'green')
print output
print
else:
for host, output in v.items():
color_print("%s => %s" % (host, k), 'red')
color_print(output, 'red')
print
print "~o~ Task finished ~o~"
print
def download(self):
while True:
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
try:
print "进入批量下载模式"
print "请输入主机名或ansile支持的pattern, 多个主机:分隔,q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == "q":
break
else:
assets = self.user_perm.get("asset").keys()
res = gen_resource({"user": self.user, "asset": assets}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ""
print "匹配主机:\n"
for inv in runner.inventory.get_hosts(pattern=pattern):
asset_name_str += "%s " % inv.name
print " %s" % inv.name
if not asset_name_str:
color_print("没有匹配主机")
continue
print
while True:
tmp_dir = get_tmp_dir()
logger.debug("Download tmp dir: %s" % tmp_dir)
print "请输入文件路径(不支持目录)"
file_path = raw_input("\033[1;32mPath>:\033[0m ").strip()
if file_path == "q":
break
if not file_path:
color_print("文件路径为空")
continue
runner.run("fetch", module_args="src=%s dest=%s" % (file_path, tmp_dir), pattern=pattern)
ret = runner.results
FileLog(
user=self.user.name,
host=asset_name_str,
filename=file_path,
type="download",
remote_ip=remote_ip,
result=ret,
).save()
logger.debug("Download file result: %s" % ret)
os.chdir("/tmp")
tmp_dir_name = os.path.basename(tmp_dir)
if not os.listdir(tmp_dir):
color_print("下载全部失败")
continue
bash("tar czf %s.tar.gz %s && sz %s.tar.gz" % (tmp_dir, tmp_dir_name, tmp_dir))
if ret.get("failed"):
error = "文件名称: %s \n下载失败: [ %s ] \n下载成功 [ %s ]" % (
"%s.tar.gz" % tmp_dir_name,
", ".join(ret.get("failed").keys()),
", ".join(ret.get("ok").keys()),
)
color_print(error)
else:
msg = "文件名称: %s \n下载成功 [ %s ]" % (
"%s.tar.gz" % tmp_dir_name,
", ".join(ret.get("ok").keys()),
)
color_print(msg, "green")
print
except IndexError:
pass
def upload(self):
while True:
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
try:
print "进入批量上传模式"
print "请输入主机名或ansile支持的pattern, 多个主机:分隔 q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == "q":
break
else:
assets = self.user_perm.get("asset").keys()
res = gen_resource({"user": self.user, "asset": assets}, perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ""
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print inv.name
asset_name_str += "%s " % inv.name
if not asset_name_str:
color_print("没有匹配主机")
continue
tmp_dir = get_tmp_dir()
logger.debug("Upload tmp dir: %s" % tmp_dir)
os.chdir(tmp_dir)
bash("rz")
filename_str = " ".join(os.listdir(tmp_dir))
if not filename_str:
color_print("上传文件为空")
continue
logger.debug("上传文件: %s" % filename_str)
runner = MyRunner(res)
runner.run(
"copy", module_args="src=%s dest=%s directory_mode" % (tmp_dir, tmp_dir), pattern=pattern
)
ret = runner.results
FileLog(
user=self.user.name,
host=asset_name_str,
filename=filename_str,
remote_ip=remote_ip,
type="upload",
result=ret,
).save()
logger.debug("Upload file: %s" % ret)
if ret.get("failed"):
error = "上传目录: %s \n上传失败: [ %s ] \n上传成功 [ %s ]" % (
tmp_dir,
", ".join(ret.get("failed").keys()),
", ".join(ret.get("ok").keys()),
)
color_print(error)
else:
msg = "上传目录: %s \n传送成功 [ %s ]" % (tmp_dir, ", ".join(ret.get("ok").keys()))
color_print(msg, "green")
print
except IndexError:
pass
def exec_cmd(self):
"""
批量执行命令
"""
while True:
roles = self.user_perm.get('role').keys()
if len(roles) > 1: # 授权角色数大于1
color_print('[%-2s] %-15s' % ('ID', '系统用户'), 'info')
role_check = dict(zip(range(len(roles)), roles))
for i, r in role_check.items():
print '[%-2s] %-15s' % (i, r.name)
print
print "请输入运行命令所关联系统用户的ID, q退出"
try:
role_id = int(
raw_input("\033[1;32mRole>:\033[0m ").strip())
if role_id == 'q':
break
except (IndexError, ValueError):
color_print('错误输入')
else:
role = role_check[int(role_id)]
elif len(roles) == 1: # 授权角色数为1
role = roles[0]
else:
color_print('当前用户未被授予角色,无法执行任何操作,如有疑问请联系管理员。')
return
assets = list(
self.user_perm.get('role',
{}).get(role).get('asset')) # 获取该用户,角色授权主机
print "授权包含该系统用户的所有主机"
for asset in assets:
print ' %s' % asset.hostname
print
print "请输入主机名或ansible支持的pattern, 多个主机:分隔, q退出"
pattern = raw_input("\033[1;32mPattern>:\033[0m ").strip()
if pattern == 'q':
break
else:
res = gen_resource(
{
'user': self.user,
'asset': assets,
'role': role
},
perm=self.user_perm)
runner = MyRunner(res)
asset_name_str = ''
print "匹配主机:"
for inv in runner.inventory.get_hosts(pattern=pattern):
print ' %s' % inv.name
asset_name_str += '%s ' % inv.name
print
while True:
print "请输入执行的命令, 按q退出"
command = raw_input("\033[1;32mCmds>:\033[0m ").strip()
if command == 'q':
break
elif not command:
color_print('命令不能为空...')
continue
runner.run('shell', command, pattern=pattern)
ExecLog(host=asset_name_str,
user=self.user.username,
cmd=command,
remote_ip=remote_ip,
result=runner.results).save()
for k, v in runner.results.items():
if k == 'ok':
for host, output in v.items():
color_print("%s => %s" % (host, 'Ok'), 'green')
print output
print
else:
for host, output in v.items():
color_print("%s => %s" % (host, k), 'red')
color_print(output, 'red')
print
print "~o~ Task finished ~o~"
print
def task_ansible_role_push(user, push_task, role):
connection.close()
asset_ids = push_task['assets']
asset_group_ids = push_task['asset_groups']
assets_obj = [Asset.objects.get(id=asset_id) for asset_id in asset_ids]
asset_groups_obj = [
AssetGroup.objects.get(id=asset_group_id)
for asset_group_id in asset_group_ids
]
group_assets_obj = []
for asset_group in asset_groups_obj:
group_assets_obj.extend(asset_group.asset_set.all())
calc_assets = list(set(assets_obj) | set(group_assets_obj))
push_resource = gen_resource(calc_assets)
# 调用Ansible API 进行推送
password_push = True if push_task['use_password'] else False
key_push = True if push_task['use_publicKey'] else False
task = MyTask(push_resource)
ret = {}
# 因为要先建立用户,而push key是在 password也完成的情况下的 可选项
# 1. 以秘钥 方式推送角色
if key_push:
ret["pass_push"] = task.add_user(role.name)
ret["key_push"] = task.push_key(
role.name, os.path.join(role.key_path, 'id_rsa.pub'))
# 2. 推送账号密码 <为了安全 系统用户统一使用秘钥进行通信, 不再提供密码方式的推送>
# elif password_push:
# ret["pass_push"] = task.add_user(role.name, CRYPTOR.decrypt(role.password))
# 3. 推送sudo配置文件
if key_push:
sudo_list = set([sudo for sudo in role.sudo.all()
]) # set(sudo1, sudo2, sudo3)
if sudo_list:
ret['sudo'] = task.push_sudo_file([role], sudo_list)
else:
ret['sudo'] = task.recyle_cmd_alias(role.name)
logger.debug('推送role结果: %s' % ret)
success_asset = {}
failed_asset = {}
logger.debug(ret)
for push_type, result in ret.items():
if result.get('failed'):
for hostname, info in result.get('failed').items():
if hostname in failed_asset.keys():
if info in failed_asset.get(hostname):
failed_asset[hostname] += info
else:
failed_asset[hostname] = info
for push_type, result in ret.items():
if result.get('ok'):
for hostname, info in result.get('ok').items():
if hostname in failed_asset.keys():
continue
elif hostname in success_asset.keys():
if str(info) in success_asset.get(hostname, ''):
success_asset[hostname] += str(info)
else:
success_asset[hostname] = str(info)
# 推送成功 回写push表
for asset in calc_assets:
push_check = PermPush.objects.filter(role=role, asset=asset)
if push_check:
func = push_check.update
else:
def func(**kwargs):
PermPush(**kwargs).save()
if failed_asset.get(asset.hostname):
func(is_password=password_push,
is_public_key=key_push,
role=role,
asset=asset,
success=False,
result=failed_asset.get(asset.hostname))
else:
func(is_password=password_push,
is_public_key=key_push,
role=role,
asset=asset,
success=True)
if not failed_asset:
msg = u'系统用户 %s 推送成功[ %s ]' % (role.name, ','.join(
success_asset.keys()))
else:
msg = u'系统用户 %s 推送失败 [ %s ], 推送成功 [ %s ] 请点系统用户->点对应名称->点失败,查看失败原因' % (
role.name, ','.join(failed_asset.keys()), ','.join(
success_asset.keys()))
SystemLog.objects.create(user=user, log_type='ansible用户推送', info=msg)
