def write(self, content, oper, log_dict={}):
'''
写入日志,追加方式
日志格式为
写入年月日 时分秒 写入时间戳 日志级别 操作用户 日志内容(字符串或者字典)
:参数
log_dict : 日志字典
oper : 操作者
content : 日志内容
isdubug:是否为debug日志
:返回
一个元组,(False,原因)或者(True, 文件名)
'''
if not content :
return (False , '日志内容为空!!!!')
from library.utils.dict import _2dot
content = _2dot(content)
try :
content = json.dumps(content)
except :
content = str(content)
# json的标准格式:要求必须 只能使用双引号作为键 或者 值的边界符号,不能使用单引号,而且“键”必须使用边界符(双引号)
if log_dict == {} or not log_dict or not isinstance(log_dict, dict) :
log_dict = self.default_log_dict
try :
dest = log_dict['dest']
if dest != 'file':
level = self.default_log_dict['level']
log_file = self.default_log_dict['file']
else :
level = log_dict['level']
if level not in level_list :
level = self.default_log_dict['level']
log_file = log_dict['file']
except :
level = self.default_log_dict['level']
log_file = self.default_log_dict['file']
if not oper :
oper = 'unknown'
from library.utils.time_conv import timestamp2datetime
curl_time = timestamp2datetime(fmt='%Y-%m-%d %H:%M:%S')
message = curl_time + self.delimiter + str(time.time()) + self.delimiter + level + self.delimiter + oper + self.delimiter + content + '\n'
if level == 'debug' :
from library.utils.traceback import get_traceback
caller_str = get_traceback()
message = message + caller_str + '\n'
from library.utils.file import write_file
result = write_file(log_file , 'a' , message, force=True , backup=False)
return result
def decrypt_file(self, filename):
result = self._handle_ciphertext(filename=filename)
if not result[0]:
if not result[1]:
return (False, result[2])
else:
# 这是一个ansible-vault加密的数据,使用ansible-vault进行处理
result = self._ansible_vault_encrpyt(result[2])
if result[0]:
data = result[1]
result = write_file(filename,
'w',
data,
force=True,
backup=False)
if result[1]:
self.logger.info('解密ansible文件' + filename +
'成功,注:使用ansible2.3版本方法')
else:
self.logger.error('解密ansible数据' + filename +
'失败,无法写入文件,原因:' + result[1] +
',注:使用ansible2.3版本方法')
return result
else:
self.logger.error('解密ansible数据' + filename + '失败,原因:' +
result[1] + ',注:使用ansible2.3版本方法')
return result
else:
if not result[1]:
result = write_file(filename,
'w',
result[2],
force=True,
backup=False)
if not result[0]:
self.logger.error('解密ansible数据' + filename +
'失败,无法写入文件,原因:' + result[1] +
',注:使用本系统自定义方法')
return result
result = self.cipher.decrypt_file(filename)
if result[0]:
self.logger.info('解密ansible文件' + filename + '成功,注:使用本系统自定义方法')
else:
self.logger.error('解密ansible数据' + filename + '失败,原因:' +
result[1] + ',注:使用本系统自定义方法')
return result
def _write_file(self, filename, data):
'''
把数据写入文件
:parm
filename:文件名
data:数据
'''
result = write_file(filename, 'w', data, force=True, backup=False)
if not result[0]:
return (False, result[1])
return (True, filename)
def _write2file(self, content, filename):
'''
写入文件,如果处理加密数据等,应该放在这里
:parm
content:写入的内容
filename:指定文件名
'''
if not isinstance(content, str) :
self.logger.error('将yaml原始数据写入文件' + filename + '失败,原因:参数错误,content必须为字符串')
return (False, '参数错误,content必须为字符串')
result = write_file(filename , 'w' , content, force=True)
if result[0] :
self.logger.error('将yaml原始数据写入文件' + filename + '成功')
return (True, filename)
else :
self.logger.error('将yaml原始数据写入文件' + filename + '失败,原因:' + result[1])
return (False, '写入文件失败,' + result[1])
def rekey_file(self, filename, new_password):
result = self._handle_ciphertext(filename=filename)
if not result[0]:
if not result[1]:
return (False, result[2])
else:
# 这是一个ansible-vault加密的数据,使用ansible-vault进行处理
result = self._ansible_vault_encrpyt(result[2])
if result[0]:
self.logger.info('修改ansible加密文件' + filename +
'的vault密码成功,注:使用ansible2.3版本方法')
return self.cipher.encrypt_file(filename)
else:
self.logger.error('修改ansible加密文件' + filename +
'的vault密码失败,原因:' + result[1] +
',注:使用ansible2.3版本方法')
return result
else:
if not result[1]:
result = write_file(filename,
'w',
result[2],
force=True,
backup=False)
if not result[0]:
self.logger.error('修改ansible加密文件' + filename +
'的vault密码失败,无法写入文件,原因:' + result[1] +
',注:使用本系统自定义方法')
return result
result = self.cipher.rekey_file(filename, new_password)
if result[0]:
self.logger.info('修改ansible加密文件' + filename +
'的vault密码成功,注:使用本系统自定义方法')
else:
self.logger.error('修改ansible加密文件' + filename +
'的vault密码失败,原因:' + result[1] +
',注:使用本系统自定义方法')
return result
def write_file(self, username, vault_password, group_list=[]):
self.init_para(username)
result = self.get_data(username, self.inve_rediskey, self.inve_mongocollect, force=False, mongoshare=False)
if not group_list or not (isinstance(group_list, (list, tuple)) or group_list == 'all') or 'all' in group_list:
group_list = self.group_list
used_hosts_list = []
group_dict = {}
if result[0] :
allhost_data = result[1]
for data in allhost_data :
result = self.decryp_dict(username, vault_password, data, self.host_vault_list)
if not result[0] :
return result
data = result[1]
group = data.get('group', [])
try :
for g in group :
if g in group_list :
name = data.get('name', '')
if g not in group_dict :
if g != 'all' :
group_dict[g] = []
if name not in used_hosts_list :
ansible_ssh_host = data['ssh_host']
ansible_ssh_port = data.get('ssh_port', '')
ansible_ssh_user = data.get('ssh_user', '')
ansible_ssh_pass = data.get('ssh_pass', '')
ansible_sudo_pass = data.get('sudo_pass', '')
ansible_sudo_exec = data.get('sudo_exec', '')
ansible_ssh_private_key_file = data.get('ssh_private_key_file', '')
ansible_shell_type = data.get('shell_type', '')
ansible_connection = data.get('connection', '')
ansible_python_interpreter = data.get('python_interpreter', '')
host_str = str(name) + ' ansible_ssh_host=' + str(ansible_ssh_host)
protect_str = str(name) + ' ansible_ssh_host=' + str(ansible_ssh_host)
if ansible_ssh_port :
host_str = host_str + ' ansible_ssh_port=' + str(ansible_ssh_port)
protect_str = protect_str + ' ansible_ssh_port=' + str(ansible_ssh_port)
if ansible_ssh_user :
host_str = host_str + ' ansible_ssh_user='******' ansible_ssh_user='******' ansible_ssh_pass='******' ansible_ssh_pass='******'***hidden***'
if ansible_sudo_pass :
host_str = host_str + ' ansible_sudo_pass='******' ansible_sudo_pass='******'***hidden***'
if ansible_sudo_exec :
host_str = host_str + ' ansible_sudo_exec=' + str(ansible_sudo_exec)
protect_str = protect_str + ' ansible_sudo_exec=' + str(ansible_sudo_exec)
if ansible_ssh_private_key_file :
host_str = host_str + ' ansible_ssh_private_key_file=' + str(ansible_ssh_private_key_file)
protect_str = protect_str + ' ansible_ssh_private_key_file=' + '***hidden***'
if ansible_shell_type :
host_str = host_str + ' ansible_shell_type=' + str(ansible_shell_type)
protect_str = protect_str + ' ansible_shell_type=' + str(ansible_shell_type)
if ansible_connection :
host_str = host_str + ' ansible_connection=' + str(ansible_connection)
protect_str = protect_str + ' ansible_connection=' + str(ansible_connection)
if ansible_python_interpreter :
host_str = host_str + ' ansible_python_interpreter=' + str(ansible_python_interpreter)
protect_str = protect_str + ' ansible_python_interpreter=' + str(ansible_python_interpreter)
group_dict[g].append((host_str, protect_str))
used_hosts_list.append(name)
except :
pass
content_str = ''
protect_content_str = ''
for group in group_dict :
content_list = group_dict[group]
if content_str :
content_str = content_str + '\n[' + group + ']'
protect_content_str = protect_content_str + '\n[' + group + ']'
else :
content_str = '[' + group + ']'
protect_content_str = '[' + group + ']'
for content in content_list :
host_str = content[0]
protect_str = content[1]
content_str = content_str + '\n' + host_str
protect_content_str = protect_content_str + '\n' + protect_str
content_str = content_str + '\n'
protect_content_str = protect_content_str + '\n'
inve_file = '/dev/shm/lykops/ansible/inventory_' + random_str()
result = write_file(inve_file , 'w' , content_str)
if result[0] :
self.logger.info('将用户' + username + '主机按照ansible的hosts.conf格式写入临时文件成功')
return (True, inve_file, protect_content_str)
else :
self.logger.info('将用户' + username + '主机按照ansible的hosts.conf格式写入临时文件失败,原因:' + result[1])
return result
