def get_all_asset_info(self, group=0):
ret_t = []
hc = HttpClient(ret_type="json")
url = "%s?key=%s&user=%s" % (settings.OPS_HOST_IN_GROUP_URL,
settings.OPS_KEY, self._user)
logger.info("query url: %s", url)
ret = hc.get(url)
logger.info("query data is: %s", ret["data"])
asset_groups = {}
if ret and ret["statusCode"] == 200:
_data = ret["data"]
display_id = 1
for ip in _data:
a = Asset()
a.ip = ip
a.hostname = _data[ip]["name"]
a.comment = ""
a.group = _data[ip]["group"]
#####get data from ops api
a.role = _data[ip]["user"]
if a.group in asset_groups:
asset_groups[a.group].asset_set.append(a)
else:
g = AssetGroup()
g.name = _data[ip]["group"]
g.id = display_id
g.comment = ""
g.asset_set = [a]
display_id += 1
asset_groups[a.group] = g
self.asset_group.append(g)
self.assets.append(a)
for group in self.asset_group:
group.asset_count = len(group.asset_set)
def __init__(self, user):
self.user = user
self.user_perm = get_group_user_perm(self.user)
self.perm_assets = sorted(self.user_perm.get('asset', []))
self.search_result = self.perm_assets
self.perm_asset_groups = self.user_perm.get('asset_group', [])
logger.info("get group is: %s", self.perm_asset_groups)
def perm_role_recycle(request):
role_id = request.GET.get('role_id')
asset_ids = request.GET.get('asset_id').split(',')
# 仅有推送的角色才回收
assets = [get_object(Asset, id=asset_id) for asset_id in asset_ids]
recycle_assets = []
for asset in assets:
if True in [push.success for push in asset.perm_push.all()]:
recycle_assets.append(asset)
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
get_object(PermRole, id=role_id).name)
logger.info("recycle user msg: %s" % msg_del_user)
logger.info("recycle sudo msg: %s" % msg_del_sudo)
except Exception as e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError("回收已推送的系统用户失败: %s" % e)
for asset_id in asset_ids:
asset = get_object(Asset, id=asset_id)
assets.append(asset)
role = get_object(PermRole, id=role_id)
PermPush.objects.filter(asset=asset, role=role).delete()
return HttpResponse('删除成功')
def perm_role_recycle(request):
role_id = request.GET.get('role_id')
asset_ids = request.GET.get('asset_id').split(',')
# 仅有推送的角色才回收
assets = [get_object(Asset, id=asset_id) for asset_id in asset_ids]
recycle_assets = []
for asset in assets:
if True in [push.success for push in asset.perm_push.all()]:
recycle_assets.append(asset)
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
logger.info("recycle user msg: %s" % msg_del_user)
logger.info("recycle sudo msg: %s" % msg_del_sudo)
except Exception, e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
def search(self, str_r=''):
# 搜索结果保存
if str_r:
if not str_r.startswith("/"):
try:
id_ = int(str_r)
if id_ < len(self.search_result):
self.search_result = [self.search_result[id_]]
return
else:
raise ValueError
except (ValueError, TypeError):
logger.exception("type error")
str_r = str_r.lstrip("/").lower()
self.search_result = [asset for asset in self.perm_assets if str_r == str(asset.ip).lower()] or \
[asset for asset in self.perm_assets if str_r in str(asset.ip).lower() \
or str_r in str(asset.hostname).lower() \
or str_r in str(asset.comment).lower()]
logger.info("get asset: %s", self.search_result)
else:
# 如果没有输入就展现所有
self.search_result = self.perm_assets
push.asset for push in role.perm_push.all() if push.success
]
logger.debug(u"delete role %s - delete_assets: %s" %
(role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(
get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
get_object(PermRole, id=role_id).name)
except Exception, e:
logger.warning(u"Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
logger.info(u"delete role %s - execute delete user: %s" %
(role.name, msg_del_user))
logger.info(u"delete role %s - execute delete sudo: %s" %
(role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除存储的秘钥,以及目录
try:
key_files = os.listdir(role_key)
for key_file in key_files:
os.remove(os.path.join(role_key, key_file))
os.rmdir(role_key)
except OSError, e:
logger.warning(u"Delete Role: delete key error, %s" % e)
raise ServerError(u"删除系统用户key失败: %s" % e)
logger.info(u"delete role %s - delete role key directory: %s" %
(role.name, role_key))
# 数据库里删除记录
logger.warning(u"Delete Role: role_id %s not exist" % role_id)
raise ServerError(u"role_id %s 无数据记录" % role_id)
role_key = role.key_path
# 删除推送到主机上的role
recycle_assets = [push.asset for push in role.perm_push.all() if push.success]
logger.debug(u"delete role %s - delete_assets: %s" % (role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(get_object(PermRole, id=role_id).name)
except Exception, e:
logger.warning(u"Recycle Role failed: %s" % e)
raise ServerError(u"回收已推送的系统用户失败: %s" % e)
logger.info(u"delete role %s - execute delete user: %s" % (role.name, msg_del_user))
logger.info(u"delete role %s - execute delete sudo: %s" % (role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除存储的秘钥,以及目录
try:
key_files = os.listdir(role_key)
for key_file in key_files:
os.remove(os.path.join(role_key, key_file))
os.rmdir(role_key)
except OSError, e:
logger.warning(u"Delete Role: delete key error, %s" % e)
raise ServerError(u"删除系统用户key失败: %s" % e)
logger.info(u"delete role %s - delete role key directory: %s" % (role.name, role_key))
# 数据库里删除记录
role.delete()
return HttpResponse(u"删除系统用户: %s" % role.name)
def start_shell():
global q
"""
Use paramiko channel connect server interactive.
使用paramiko模块的channel,连接后端,进入交互式
"""
log_file_f, log_time_f, log = self.get_log()
termlog = TermLogRecorder(self.user)
termlog.setid(log.id)
old_tty = termios.tcgetattr(sys.stdin)
pre_timestamp = time.time()
data = ''
input_mode = False
try:
tty.setraw(sys.stdin.fileno())
tty.setcbreak(sys.stdin.fileno())
self.channel.settimeout(0.0)
cache_line = ""
RECORD_CMD_FLAG = True
while True:
try:
r, w, e = select.select([self.channel, sys.stdin], [],
[])
flag = fcntl.fcntl(sys.stdin, fcntl.F_GETFL, 0)
fcntl.fcntl(sys.stdin.fileno(), fcntl.F_SETFL,
flag | os.O_NONBLOCK)
except Exception:
pass
if self.channel in r:
try:
y = self.channel.recv(10240)
if len(y) == 0:
break
index = 0
len_y = len(y)
f = open(RECORD_PATH, "a+")
while index < len_y:
try:
n = os.write(sys.stdout.fileno(),
y[index:])
if self.role == "rd" and RECORD_CMD_FLAG:
f.write(y[index:])
sys.stdout.flush()
index += n
except OSError as msg:
if msg.errno == errno.EAGAIN:
continue
f.close()
now_timestamp = time.time()
termlog.write(y)
termlog.recoder = False
log_time_f.write('%s %s\n' % (round(
now_timestamp - pre_timestamp, 4), len(y)))
log_time_f.flush()
log_file_f.write(y)
log_file_f.flush()
pre_timestamp = now_timestamp
log_file_f.flush()
self.vim_data += y
if input_mode:
data += y
except socket.timeout:
pass
if sys.stdin in r:
RECORD_CMD_FLAG = True
try:
x = os.read(sys.stdin.fileno(), 4096)
q.put(x)
except OSError:
pass
termlog.recoder = True
input_mode = True
if self.is_output(str(x)):
# 如果len(str(x)) > 1 说明是复制输入的
if len(str(x)) > 1:
data = x
match = self.vim_end_pattern.findall(self.vim_data)
if match:
if self.vim_flag or len(match) == 2:
self.vim_flag = False
else:
self.vim_flag = True
elif not self.vim_flag:
self.vim_flag = False
data = self.deal_command(data)[0:200]
if data is not None:
TtyLog(log=log,
datetime=datetime.datetime.now(),
cmd=data).save()
data = ''
self.vim_data = ''
input_mode = False
if len(x) == 0:
break
if x in ['\x03', '\r\n', '\n', '\x0D']:
f = open(RECORD_PATH, "r")
lines = f.readlines()
cmd = ""
if lines:
cmd = lines[-1]
f.close()
f = open(RECORD_PATH, "w")
f.close()
cmds_str = re.compile('\[?.*@.*\]?[\$#]\s').split(
cmd)
logger.info("get command from log file is: %s",
cmds_str)
if len(cmds_str) == 2:
cmds = cmds_str[1]
logger.info("command >>>: %s", cmds.split("|"))
cmd = set([
i.split()[0].strip()
for i in cmds.split("|") if i.split()
])
logger.info("command set>>>: %s", cmd)
if self.role == "rd" and not ALLOW_CMD.issuperset(
cmd):
x = '\x03'
if "tail" in cmd or "cat" in cmd:
RECORD_CMD_FLAG = False
else:
RECORD_CMD_FLAG = True
cache_line = ""
self.channel.send(x)
if self.kill_shell:
break
finally:
termios.tcsetattr(sys.stdin, termios.TCSADRAIN, old_tty)
log_file_f.write('End time is %s' % datetime.datetime.now())
log_file_f.close()
log_time_f.close()
termlog.save()
log.filename = termlog.filename
log.is_finished = True
log.end_time = datetime.datetime.now()
log.save()
if os.path.isfile(RECORD_PATH):
os.remove(RECORD_PATH)
sys.exit(0)
def perm_role_delete(request):
"""
delete role page
"""
if request.method == "GET":
try:
# 获取参数删除的role对象
role_id = request.GET.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning("Delete Role: role_id %s not exist" % role_id)
raise ServerError("role_id %s 无数据记录" % role_id)
# 删除推送到主机上的role
filter_type = request.GET.get("filter_type")
if filter_type:
if filter_type == "recycle_assets":
recycle_assets = [
push.asset for push in role.perm_push.all()
if push.success
]
print(recycle_assets)
recycle_assets_ip = ','.join(
[asset.ip for asset in recycle_assets])
return HttpResponse(recycle_assets_ip)
else:
return HttpResponse("no such filter_type: %s" %
filter_type)
else:
return HttpResponse("filter_type: ?")
except ServerError as e:
return HttpResponse(e)
if request.method == "POST":
try:
# 获取参数删除的role对象
role_id = request.POST.get("id")
role = get_object(PermRole, id=role_id)
if not role:
logger.warning("Delete Role: role_id %s not exist" % role_id)
raise ServerError("role_id %s 无数据记录" % role_id)
role_key = role.key_path
# 删除推送到主机上的role
recycle_assets = [
push.asset for push in role.perm_push.all() if push.success
]
logger.debug("delete role %s - delete_assets: %s" %
(role.name, recycle_assets))
if recycle_assets:
recycle_resource = gen_resource(recycle_assets)
task = MyTask(recycle_resource)
try:
msg_del_user = task.del_user(
get_object(PermRole, id=role_id).name)
msg_del_sudo = task.del_user_sudo(
get_object(PermRole, id=role_id).name)
except Exception as e:
logger.warning("Recycle Role failed: %s" % e)
raise ServerError("回收已推送的系统用户失败: %s" % e)
logger.info("delete role %s - execute delete user: %s" %
(role.name, msg_del_user))
logger.info("delete role %s - execute delete sudo: %s" %
(role.name, msg_del_sudo))
# TODO: 判断返回结果,处理异常
# 删除存储的秘钥,以及目录
try:
key_files = os.listdir(role_key)
for key_file in key_files:
os.remove(os.path.join(role_key, key_file))
os.rmdir(role_key)
except OSError as e:
logger.warning("Delete Role: delete key error, %s" % e)
raise ServerError("删除系统用户key失败: %s" % e)
logger.info("delete role %s - delete role key directory: %s" %
(role.name, role_key))
# 数据库里删除记录
role.delete()
return HttpResponse("删除系统用户: %s" % role.name)
except ServerError as e:
return HttpResponseBadRequest("删除失败, 原因: %s" % e)
return HttpResponseNotAllowed("仅支持POST")
