github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge branch 'dev' of https://git.coding.net/jumpserver/jumpserver into NormalUserPageLZ

pull/26/head
liuzheng712 2015-11-25 14:52:30 +08:00
parent c89d43d269 742e56fc5f
commit 175f2702d1
32 changed files with 520 additions and 798 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

138
connect.py
View File

@ -19,14 +19,14 @@ import struct, fcntl, signal, socket, select
os.environ['DJANGO_SETTINGS_MODULE'] = 'jumpserver.settings'
if django.get_version() != '1.6':
django.setup()
from jumpserver.api import ServerError, User, Asset, AssetGroup, get_object, mkdir, get_asset_info, get_role
from jumpserver.api import logger, Log, TtyLog, get_role_key
from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm
from django.contrib.sessions.models import Session
from jumpserver.api import ServerError, User, Asset, PermRole, AssetGroup, get_object, mkdir, get_asset_info, get_role
from jumpserver.api import logger, Log, TtyLog, get_role_key, CRYPTOR
from jperm.perm_api import gen_resource, get_group_asset_perm, get_group_user_perm, user_have_perm
from jumpserver.settings import LOG_DIR
from jperm.ansible_api import Command
login_user = get_object(User, username=getpass.getuser())
VIM_FLAG = False
try:
import termios
@ -69,6 +69,9 @@ class Tty(object):
self.ssh = None
self.connect_info = None
self.login_type = 'ssh'
self.vim_flag = False
self.ps1_pattern = re.compile('\[.*@.*\][\$#]')
self.vim_data = ''
@staticmethod
def is_output(strings):
@ -78,25 +81,24 @@ class Tty(object):
return True
return False
@staticmethod
def deal_command(str_r):
def deal_command(self, str_r):
"""
处理命令中特殊字符
"""
str_r = re.sub('\x07','',str_r) #删除响铃
patch_char = re.compile('\x08\x1b\[C') #删除方向左右一起的按键
str_r = re.sub('\x07', '', str_r) # 删除响铃
patch_char = re.compile('\x08\x1b\[C') # 删除方向左右一起的按键
while patch_char.search(str_r):
str_r = patch_char.sub('', str_r.rstrip())
result_command = '' #最后的结果
backspace_num = 0 #光标移动的个数
reach_backspace_flag = False #没有检测到光标键则为true
pattern_str=''
result_command = '' # 最后的结果
backspace_num = 0 # 光标移动的个数
reach_backspace_flag = False # 没有检测到光标键则为true
pattern_str = ''
while str_r:
tmp = re.match(r'\s*\w+\s*', str_r)
if tmp:
if reach_backspace_flag :
pattern_str +=str(tmp.group(0))
if reach_backspace_flag:
pattern_str += str(tmp.group(0))
str_r = str_r[len(str(tmp.group(0))):]
continue
else:
@ -107,7 +109,7 @@ class Tty(object):
tmp = re.match(r'\x1b\[K[\x08]*', str_r)
if tmp:
if backspace_num > 0:
if backspace_num > len(result_command) :
if backspace_num > len(result_command):
result_command += pattern_str
result_command = result_command[0:-backspace_num]
else:
@ -117,8 +119,8 @@ class Tty(object):
if del_len > 0:
result_command = result_command[0:-del_len]
reach_backspace_flag = False
backspace_num =0
pattern_str=''
backspace_num = 0
pattern_str = ''
str_r = str_r[len(str(tmp.group(0))):]
continue
@ -136,13 +138,13 @@ class Tty(object):
else:
break
if reach_backspace_flag :
pattern_str +=str_r[0]
else :
if reach_backspace_flag:
pattern_str += str_r[0]
else:
result_command += str_r[0]
str_r = str_r[1:]
if backspace_num > 0 :
if backspace_num > 0:
result_command = result_command[0:-backspace_num] + pattern_str
control_char = re.compile(r"""
@ -155,35 +157,13 @@ class Tty(object):
[\x80-\x9f] | (?:\x1b\]0.*) | \[.*@.*\][\$#] | (.*mysql>.*) #匹配 所有控制字符
""", re.X)
result_command = control_char.sub('', result_command.strip())
global VIM_FLAG
if not VIM_FLAG:
if result_command.startswith('vi'):
VIM_FLAG = True
return result_command.decode('utf8',"ignore")
if not self.vim_flag:
if result_command.startswith('vi') or result_command.startswith('fg'):
self.vim_flag = True
return result_command.decode('utf8', "ignore")
else:
return ''
@staticmethod
def remove_control_char(str_r):
"""
处理日志特殊字符
"""
control_char = re.compile(r"""
\x1b[ #%()*+\-.\/]. |
\r | #匹配 回车符(CR)
(?:\x1b\[|\x9b) [ -?]* [@-~] | #匹配 控制顺序描述符(CSI)... Cmd
(?:\x1b\]|\x9d) .*? (?:\x1b\\|[\a\x9c]) | \x07 | #匹配 操作系统指令(OSC)...终止符或振铃符(ST|BEL)
(?:\x1b[P^_]|[\x90\x9e\x9f]) .*? (?:\x1b\\|\x9c) | #匹配 设备控制串或私讯或应用程序命令(DCS|PM|APC)...终止符(ST)
\x1b. #匹配 转义过后的字符
[\x80-\x9f] #匹配 所有控制字符
""", re.X)
backspace = re.compile(r"[^\b][\b]")
line_filtered = control_char.sub('', str_r.rstrip())
while backspace.search(line_filtered):
line_filtered = backspace.sub('', line_filtered)
return line_filtered
def get_log(self):
"""
Logging user command and output.
@ -230,15 +210,17 @@ class Tty(object):
"""
获取需要登陆的主机的信息和映射用户的账号密码
"""
# 1. get ip, port
# 2. get 映射用户
# 3. get 映射用户的账号密码或者key
# self.connect_info = {'user': '', 'asset': '', 'ip': '', 'port': 0, 'role_name': '', 'role_pass': '', 'role_key': ''}
asset_info = get_asset_info(self.asset)
role_key = get_role_key(self.user, self.role)
role_pass = CRYPTOR.decrypt(self.role.password)
self.connect_info = {'user': self.user, 'asset': self.asset, 'ip': asset_info.get('ip'),
'port': int(asset_info.get('port')), 'role_name': self.role.name,
'role_pass': self.role.password, 'role_key': self.role.key_path}
'role_pass': role_pass, 'role_key': role_key}
logger.debug("Connect: Host: %s Port: %s User: %s Pass: %s Key: %s" % (asset_info.get('ip'),
asset_info.get('port'),
self.role.name,
role_pass,
role_key))
return self.connect_info
def get_connection(self):
@ -252,7 +234,7 @@ class Tty(object):
ssh.load_system_host_keys()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
role_key = get_role_key(self.user, self.role)
role_key = connect_info.get('role_key')
if role_key and os.path.isfile(role_key):
try:
ssh.connect(connect_info.get('ip'),
@ -262,7 +244,8 @@ class Tty(object):
look_for_keys=False)
self.ssh = ssh
return ssh
except paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException:
except (paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException):
logger.warning('Use ssh key %s Failed.' % role_key)
pass
ssh.connect(connect_info.get('ip'),
@ -319,12 +302,8 @@ class SshTty(Tty):
log_file_f, log_time_f, log = self.get_log()
old_tty = termios.tcgetattr(sys.stdin)
pre_timestamp = time.time()
pattern = re.compile('\[.*@.*\][\$#]')
data = ''
chan_str = ''
input_mode = False
global VIM_FLAG
try:
tty.setraw(sys.stdin.fileno())
tty.setcbreak(sys.stdin.fileno())
@ -341,8 +320,8 @@ class SshTty(Tty):
x = self.channel.recv(1024)
if len(x) == 0:
break
if VIM_FLAG:
chan_str += x
if self.vim_flag:
self.vim_data += x
sys.stdout.write(x)
sys.stdout.flush()
now_timestamp = time.time()
@ -361,21 +340,20 @@ class SshTty(Tty):
if sys.stdin in r:
x = os.read(sys.stdin.fileno(), 1)
input_mode = True
if str(x) in ['\r', '\n', '\r\n']:
if VIM_FLAG:
match = pattern.search(chan_str)
if self.vim_flag:
match = self.ps1_pattern.search(self.vim_data)
if match:
VIM_FLAG = False
data = self.deal_command(data)
self.vim_flag = False
data = self.deal_command(data)[0:200]
if len(data) > 0:
TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
else:
data = self.deal_command(data)
data = self.deal_command(data)[0:200]
if len(data) > 0:
TtyLog(log=log, datetime=datetime.datetime.now(), cmd=data).save()
data = ''
chan_str = ''
self.vim_data = ''
input_mode = False
if len(x) == 0:
@ -465,24 +443,33 @@ class Nav(object):
def search(self, str_r=''):
gid_pattern = re.compile(r'^g\d+$')
# 获取用户授权的所有主机信息
if not self.user_perm:
self.user_perm = get_group_user_perm(self.user)
user_asset_all = self.user_perm.get('asset').keys()
# 搜索结果保存
user_asset_search = []
if str_r:
# 资产组组id匹配
if gid_pattern.match(str_r):
user_asset_search = list(Asset.objects.all())
gid = int(str_r.lstrip('g'))
# 获取资产组包含的资产
user_asset_search = get_object(AssetGroup, id=gid).asset_set.all()
else:
# 匹配 ip, hostname, 备注
for asset in user_asset_all:
if str_r in asset.ip or str_r in str(asset.comment):
if str_r in asset.ip or str_r in str(asset.hostname) or str_r in str(asset.comment):
user_asset_search.append(asset)
else:
# 如果没有输入就展现所有
user_asset_search = user_asset_all
self.search_result = dict(zip(range(len(user_asset_search)), user_asset_search))
print '\033[32m[%-3s] %-15s %-15s %-5s %-10s %s \033[0m' % ('ID', 'AssetName', 'IP', 'Port', 'Role', 'Comment')
for index, asset in self.search_result.items():
# 获取该资产信息
asset_info = get_asset_info(asset)
# 获取该资产包含的角色
role = [str(role.name) for role in self.user_perm.get('asset').get(asset).get('role')]
if asset.comment:
print '[%-3s] %-15s %-15s %-5s %-10s %s' % (index, asset.hostname, asset.ip, asset_info.get('port'),
@ -491,9 +478,11 @@ class Nav(object):
print '[%-3s] %-15s %-15s %-5s %-10s' % (index, asset.hostname, asset.ip, asset_info.get('port'), role)
print
@staticmethod
def print_asset_group():
user_asset_group_all = AssetGroup.objects.all()
def print_asset_group(self):
"""
打印用户授权的资产组
"""
user_asset_group_all = get_group_user_perm(self.user).get('asset_group', [])
print '\033[32m[%-3s] %-15s %s \033[0m' % ('ID', 'GroupName', 'Comment')
for asset_group in user_asset_group_all:
@ -504,6 +493,9 @@ class Nav(object):
print
def exec_cmd(self):
"""
批量执行命令
"""
self.search()
while True:
print "请输入主机名、IP或ansile支持的pattern, q退出"

459
jasset/ansible_api.py
View File

@ -1,459 +0,0 @@
# -*- coding: utf-8 -*-
from ansible.inventory.group import Group
from ansible.inventory.host import Host
from ansible.inventory import Inventory
from ansible.runner import Runner
from ansible.playbook import PlayBook
from ansible import callbacks
from ansible import utils
from passlib.hash import sha512_crypt
# from utils import get_rand_pass
import random
import os.path
API_DIR = os.path.dirname(os.path.abspath(__file__))
ANSIBLE_DIR = os.path.join(API_DIR, 'playbooks')
def get_rand_pass():
"""
get a reandom password.
"""
lower = [chr(i) for i in range(97,123)]
upper = [chr(i).upper() for i in range(97,123)]
digit = [str(i) for i in range(10)]
password_pool = []
password_pool.extend(lower)
password_pool.extend(upper)
password_pool.extend(digit)
pass_list = [random.choice(password_pool) for i in range(1,14)]
pass_list.insert(random.choice(range(1,14)), '@')
pass_list.insert(random.choice(range(1,14)), random.choice(digit))
password = ''.join(pass_list)
return password
class AnsibleError(StandardError):
"""
the base AnsibleError which contains error(required),
data(optional) and message(optional).
存储所有Ansible 异常对象
"""
def __init__(self, error, data='', message=''):
super(AnsibleError, self).__init__(message)
self.error = error
self.data = data
self.message = message
class CommandValueError(AnsibleError):
"""
indicate the input value has error or invalid.
the data specifies the error field of input form.
输入不合法 异常对象
"""
def __init__(self, field, message=''):
super(CommandValueError, self).__init__('value:invalid', field, message)
class MyInventory(object):
"""
this is my ansible inventory object.
"""
def __init__(self, resource):
"""
resource的数据格式是一个列表字典比如
{
"group1": {
"hosts": [{"hostname": "10.10.10.10", "port": "22", "username": "test", "password": "mypass"}, ...],
"vars": {"var1": value1, "var2": value2, ...}
}
}
如果你只传入1个列表这默认该列表内的所有主机属于my_group组,比如
[{"hostname": "10.10.10.10", "port": "22", "username": "test", "password": "mypass"}, ...]
"""
self.resource = resource
self.inventory = Inventory()
self.gen_inventory()
def add_group(self, hosts, groupname, groupvars=None):
"""
add hosts to a group
"""
my_group = Group(name=groupname)
# if group variables exists, add them to group
if groupvars:
for key, value in groupvars.iteritems():
my_group.set_variable(key, value)
# add hosts to group
for host in hosts:
# set connection variables
hostname = host.get("hostname")
hostport = host.get("port")
username = host.get("username")
password = host.get("password")
my_host = Host(name=hostname, port=hostport)
my_host.set_variable('ansible_ssh_host', hostname)
my_host.set_variable('ansible_ssh_port', hostport)
my_host.set_variable('ansible_ssh_user', username)
my_host.set_variable('ansible_ssh_pass', password)
# set other variables
for key, value in host.iteritems():
if key not in ["hostname", "port", "username", "password"]:
my_host.set_variable(key, value)
# add to group
my_group.add_host(my_host)
self.inventory.add_group(my_group)
def gen_inventory(self):
"""
add hosts to inventory.
"""
if isinstance(self.resource, list):
self.add_group(self.resource, 'my_group')
elif isinstance(self.resource, dict):
for groupname, hosts_and_vars in self.resource.iteritems():
self.add_group(hosts_and_vars.get("hosts"), groupname, hosts_and_vars.get("vars"))
class Command(MyInventory):
"""
this is a command object for parallel execute command.
"""
def __init__(self, *args, **kwargs):
super(Command, self).__init__(*args, **kwargs)
self.results = ''
def run(self, command, module_name="command", timeout=5, forks=10, group='my_group'):
"""
run command from andible ad-hoc.
command : 必须是一个需要执行的命令字符串 比如
'uname -a'
"""
if module_name not in ["raw", "command", "shell"]:
raise CommandValueError("module_name",
"module_name must be of the 'raw, command, shell'")
hoc = Runner(module_name=module_name,
module_args=command,
timeout=timeout,
inventory=self.inventory,
subset=group,
forks=forks
)
self.results = hoc.run()
if self.stdout:
return {"ok": self.stdout}
else:
msg = []
if self.stderr:
msg.append(self.stderr)
if self.dark:
msg.append(self.dark)
return {"failed": msg}
@property
def raw_results(self):
"""
get the ansible raw results.
"""
return self.results
@property
def exec_time(self):
"""
get the command execute time.
"""
result = {}
all = self.results.get("contacted")
for key, value in all.iteritems():
result[key] = {
"start": value.get("start"),
"end" : value.get("end"),
"delta": value.get("delta"),}
return result
@property
def stdout(self):
"""
get the comamnd standard output.
"""
result = {}
all = self.results.get("contacted")
for key, value in all.iteritems():
result[key] = value.get("stdout")
return result
@property
def stderr(self):
"""
get the command standard error.
"""
result = {}
all = self.results.get("contacted")
for key, value in all.iteritems():
result[key] = {
"stderr": value.get("stderr"),
"warnings": value.get("warnings"),}
return result
@property
def dark(self):
"""
get the dark results.
"""
return self.results.get("dark")
class Tasks(Command):
"""
this is a tasks object for include the common command.
"""
def __init__(self, *args, **kwargs):
super(Tasks, self).__init__(*args, **kwargs)
def __run(self, module_args, module_name="command", timeout=5, forks=10, group='my_group'):
"""
run command from andible ad-hoc.
command : 必须是一个需要执行的命令字符串 比如
'uname -a'
"""
hoc = Runner(module_name=module_name,
module_args=module_args,
timeout=timeout,
inventory=self.inventory,
subset=group,
forks=forks
)
self.results = hoc.run()
@property
def msg(self):
"""
get the contacted and dark msg
"""
msg = {}
for result in ["contacted", "dark"]:
all = self.results.get(result)
for key, value in all.iteritems():
if value.get("msg"):
msg[key] = value.get("msg")
return msg
def push_key(self, user, key_path):
"""
push the ssh authorized key to target.
"""
module_args = 'user="%s" key="{{ lookup("file", "%s") }}"' % (user, key_path)
self.__run(module_args, "authorized_key")
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def del_key(self, user, key_path):
"""
push the ssh authorized key to target.
"""
module_args = 'user="%s" key="{{ lookup("file", "%s") }}" state="absent"' % (user, key_path)
self.__run(module_args, "authorized_key")
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def add_user(self, username, password):
"""
add a host user.
"""
encrypt_pass = sha512_crypt.encrypt(password)
module_args = 'name=%s shell=/bin/bash password=%s' % (username, encrypt_pass)
self.__run(module_args, "user")
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def add_multi_user(self, *args):
"""
add multi user
:param args:
user
:return:
"""
results = {}
users = {}
action = results["action_info"] = {}
for user in args:
users[user] = get_rand_pass()
for user, password in users.iteritems():
ret = self.add_user(user, password)
action[user] = ret
results["user_info"] = users
return results
def del_user(self, username):
"""
delete a host user.
"""
module_args = 'name=%s state=absent remove=yes move_home=yes force=yes' % (username)
self.__run(module_args, "user")
return {"status": "failed","msg": self.msg} if self.msg else {"status": "ok"}
def add_init_users(self):
"""
add initail users: SA, DBA, DEV
"""
results = {}
action = results["action_info"] = {}
users = {"SA": get_rand_pass(), "DBA": get_rand_pass(), "DEV": get_rand_pass()}
for user, password in users.iteritems():
ret = self.add_user(user, password)
action[user] = ret
results["user_info"] = users
return results
def del_init_users(self):
"""
delete initail users: SA, DBA, DEV
"""
results = {}
action = results["action_info"] = {}
for user in ["SA", "DBA", "DEV"]:
ret = self.del_user(user)
action[user] = ret
return results
def get_host_info(self):
"""
use the setup module get host informations
:return:
all_ip is list
processor_count is int
system_dist_version is string
system_type is string
disk is dict (device_name: device_size}
system_dist is string
processor_type is string
default_ip is string
hostname is string
product_sn is string
memory_total is int (MB)
default_mac is string
product_name is string
"""
self.__run('', 'setup')
result = {}
all = self.results.get("contacted")
for key, value in all.iteritems():
setup =value.get("ansible_facts")
# get disk informations
disk_all = setup.get("ansible_devices")
disk_need = {}
for disk_name, disk_info in disk_all.iteritems():
if disk_name.startswith('sd') or disk_name.startswith('hd') or disk_name.startswith('vd'):
disk_need[disk_name] = disk_info.get("size")
result[key] = {
"other_ip": setup.get("ansible_all_ipv4_addresses"),
"hostname": setup.get("ansible_hostname" ),
"ip": setup.get("ansible_default_ipv4").get("address"),
"mac": setup.get("ansible_default_ipv4").get("macaddress"),
"brand": setup.get("ansible_product_name"),
"cpu_type": setup.get("ansible_processor"),
"cpu_cores": setup.get("ansible_processor_count"),
"memory": setup.get("ansible_memtotal_mb"),
"disk": disk_need,
"system_type": setup.get("ansible_distribution"),
"system_version": setup.get("ansible_distribution_version"),
"asset_type": setup.get("ansible_system"),
"sn": setup.get("ansible_product_serial")
}
return {"status": "failed", "msg": self.msg} if self.msg else {"status": "ok", "result": result}
class CustomAggregateStats(callbacks.AggregateStats):
"""
Holds stats about per-host activity during playbook runs.
"""
def __init__(self):
super(CustomAggregateStats, self).__init__()
self.results = []
def compute(self, runner_results, setup=False, poll=False,
ignore_errors=False):
"""
Walk through all results and increment stats.
"""
super(CustomAggregateStats, self).compute(runner_results, setup, poll,
ignore_errors)
self.results.append(runner_results)
def summarize(self, host):
"""
Return information about a particular host
"""
summarized_info = super(CustomAggregateStats, self).summarize(host)
# Adding the info I need
summarized_info['result'] = self.results
return summarized_info
class MyPlaybook(MyInventory):
"""
this is my playbook object for execute playbook.
"""
def __init__(self, *args, **kwargs):
super(MyPlaybook, self).__init__(*args, **kwargs)
def run(self, playbook_relational_path, extra_vars=None):
"""
run ansible playbook,
only surport relational path.
"""
stats = callbacks.AggregateStats()
playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY)
runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY)
playbook_path = os.path.join(ANSIBLE_DIR, playbook_relational_path)
pb = PlayBook(
playbook = playbook_path,
stats = stats,
callbacks = playbook_cb,
runner_callbacks = runner_cb,
inventory = self.inventory,
extra_vars = extra_vars,
check=False)
self.results = pb.run()
@property
def raw_results(self):
"""
get the raw results after playbook run.
"""
return self.results
class App(MyPlaybook):
"""
this is a app object for inclue the common playbook.
"""
def __init__(self, *args, **kwargs):
super(App, self).__init__(*args, **kwargs)
if __name__ == "__main__":
pass

69
jasset/asset_api.py
View File

@ -4,6 +4,8 @@ import xlsxwriter
from django.db.models import AutoField
from jumpserver.api import *
from jasset.models import ASSET_STATUS, ASSET_TYPE, ASSET_ENV, IDC, AssetRecord
from jperm.ansible_api import MyRunner
from jperm.perm_api import gen_resource
def group_add_asset(group, asset_id=None, asset_ip=None):
@ -359,7 +361,6 @@ def ansible_record(asset, ansible_dic, username):
old = asset_dic.get(field)
new = ansible_dic.get(field)
if unicode(old) != unicode(new):
print old, new, type(old), type(new)
setattr(asset, field, value)
asset.save()
alert_dic[field] = [old, new]
@ -384,16 +385,17 @@ def excel_to_db(excel_file):
row = table.row_values(row_num)
if row:
ip, port, hostname, use_default_auth, username, password, group = row
use_default_auth = 1 if use_default_auth == u'默认' else 0
if get_object(Asset, hostname=hostname):
continue
use_default_auth = 1 if use_default_auth == u'默认' else 0
password_encode = CRYPTOR.encrypt(password) if password else ''
if hostname:
asset = Asset(ip=ip,
port=port,
hostname=hostname,
use_default_auth=use_default_auth,
username=username,
password=password
password=password_encode
)
asset.save()
group_list = group.split('/')
@ -406,3 +408,64 @@ def excel_to_db(excel_file):
asset.group = group_instance
asset.save()
return True
def get_ansible_asset_info(asset_ip, setup_info):
disk_all = setup_info.get("ansible_devices")
disk_need = {}
for disk_name, disk_info in disk_all.iteritems():
if disk_name.startswith('sd') or disk_name.startswith('hd') or disk_name.startswith('vd'):
disk_need[disk_name] = disk_info.get("size")
all_ip = setup_info.get("ansible_all_ipv4_addresses")
other_ip_list = all_ip.remove(asset_ip) if asset_ip in all_ip else []
other_ip = ','.join(other_ip_list) if other_ip_list else ''
# hostname = setup_info.get("ansible_hostname")
# ip = setup_info.get("ansible_default_ipv4").get("address")
mac = setup_info.get("ansible_default_ipv4").get("macaddress")
brand = setup_info.get("ansible_product_name")
cpu_type = setup_info.get("ansible_processor")[1]
cpu_cores = setup_info.get("ansible_processor_count")
cpu = cpu_type + ' * ' + unicode(cpu_cores)
memory = setup_info.get("ansible_memtotal_mb")
disk = disk_need
system_type = setup_info.get("ansible_distribution")
system_version = setup_info.get("ansible_distribution_version")
# asset_type = setup_info.get("ansible_system")
sn = setup_info.get("ansible_product_serial")
asset_info = [other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand]
return asset_info
def asset_ansible_update(obj_list, name=''):
resource = gen_resource(obj_list)
ansible_instance = MyRunner(resource)
ansible_asset_info = ansible_instance.run(module_name='setup', pattern='*')
for asset in obj_list:
try:
setup_info = ansible_asset_info['contacted'][asset.hostname]['ansible_facts']
except KeyError:
continue
else:
asset_info = get_ansible_asset_info(asset.ip, setup_info)
other_ip, mac, cpu, memory, disk, sn, system_type, system_version, brand = asset_info
asset_dic = {"other_ip": other_ip,
"mac": mac,
"cpu": cpu,
"memory": memory,
"disk": disk,
"sn": sn,
"system_type": system_type,
"system_version": system_version,
"brand": brand
}
ansible_record(asset, asset_dic, name)
def asset_ansible_update_all():
name = u'定时更新'
asset_all = Asset.objects.all()
asset_ansible_update(asset_all, name)

4
jasset/models.py
View File

@ -57,7 +57,7 @@ class Asset(models.Model):
"""
asset modle
"""
ip = models.GenericIPAddressField(blank=True, null=True, verbose_name=u"主机IP")
ip = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"主机IP")
other_ip = models.CharField(max_length=255, blank=True, null=True, verbose_name=u"其他IP")
hostname = models.CharField(unique=True, max_length=128, verbose_name=u"主机名")
port = models.IntegerField(blank=True, null=True, verbose_name=u"端口号")
@ -73,7 +73,7 @@ class Asset(models.Model):
memory = models.CharField(max_length=128, blank=True, null=True, verbose_name=u'内存')
disk = models.CharField(max_length=128, blank=True, null=True, verbose_name=u'硬盘')
system_type = models.CharField(max_length=32, blank=True, null=True, verbose_name=u"系统类型")
system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"版本号")
system_version = models.CharField(max_length=8, blank=True, null=True, verbose_name=u"系统版本号")
cabinet = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'机柜号')
position = models.IntegerField(blank=True, null=True, verbose_name=u'机器位置')
number = models.CharField(max_length=32, blank=True, null=True, verbose_name=u'资产编号')

1
jasset/urls.py
View File

@ -11,6 +11,7 @@ urlpatterns = patterns('',
url(r"^asset_detail/$", asset_detail),
url(r'^asset_edit/$', asset_edit),
url(r'^asset_update/$', asset_update),
url(r'^asset_update_batch/$', asset_update_batch),
# url(r'^search/$', host_search),
# url(r"^show_all_ajax/$", show_all_ajax),
url(r'^group_add/$', group_add),

99
jasset/views.py
View File

@ -1,13 +1,13 @@
# coding:utf-8
import ast
from django.db.models import Q
from jasset.asset_api import *
from jumpserver.api import *
from jumpserver.models import Setting
from jasset.forms import AssetForm, IdcForm
from jasset.models import Asset, IDC, AssetGroup, ASSET_TYPE, ASSET_STATUS
from ansible_api import Tasks
from jperm.ansible_api import Tasks, MyRunner
from jperm.perm_api import gen_resource
@require_role('admin')
@ -95,8 +95,6 @@ def group_list(request):
"""
header_title, path1, path2 = u'查看资产组', u'资产管理', u'查看资产组'
keyword = request.GET.get('keyword', '')
gid = request.GET.get('gid')
sid = request.GET.get('sid')
asset_group_list = AssetGroup.objects.all()
if keyword:
@ -132,6 +130,7 @@ def asset_add(request):
af = AssetForm()
if request.method == 'POST':
af_post = AssetForm(request.POST)
print af_post
ip = request.POST.get('ip', '')
hostname = request.POST.get('hostname', '')
is_active = True if request.POST.get('is_active') == '1' else False
@ -200,7 +199,7 @@ def asset_edit(request):
header_title, path1, path2 = u'修改资产', u'资产管理', u'修改资产'
asset_id = request.GET.get('id', '')
username = request.session.get('username', 'admin')
username = request.user.username
asset = get_object(Asset, id=asset_id)
if asset:
password_old = asset.password
@ -211,13 +210,13 @@ def asset_edit(request):
ip = request.POST.get('ip', '')
hostname = request.POST.get('hostname', '')
password = request.POST.get('password', '')
is_active = True if request.POST.get('is_active') == '1' else False
use_default_auth = request.POST.get('use_default_auth', '')
try:
asset_test = get_object(Asset, hostname=hostname)
if asset_test and asset_id != unicode(asset_test.id):
error = u'该主机名 %s 已存在!' % hostname
raise ServerError(error)
emg = u'该主机名 %s 已存在!' % hostname
raise ServerError(emg)
except ServerError:
pass
else:
@ -226,10 +225,12 @@ def asset_edit(request):
if use_default_auth:
af_save.username = ''
af_save.password = ''
af_save.port = None
else:
if password_old != password:
password_encode = CRYPTOR.encrypt(password)
af_save.password = password_encode
af_save.is_active = True if is_active else False
af_save.save()
af_post.save_m2m()
# asset_new = get_object(Asset, id=asset_id)
@ -237,9 +238,10 @@ def asset_edit(request):
info = asset_diff(af_post.__dict__.get('initial'), request.POST)
db_asset_alert(asset, username, info)
msg = u'主机 %s 修改成功' % ip
smg = u'主机 %s 修改成功' % ip
else:
emg = u'主机 %s 修改失败' % ip
return my_render('jasset/error.html', locals(), request)
return HttpResponseRedirect('/jasset/asset_detail/?id=%s' % asset_id)
return my_render('jasset/asset_edit.html', locals(), request)
@ -250,6 +252,7 @@ def asset_list(request):
"""
asset list view
"""
header_title, path1, path2 = u'查看资产', u'资产管理', u'查看资产'
idc_all = IDC.objects.filter()
asset_group_all = AssetGroup.objects.all()
asset_types = ASSET_TYPE
@ -311,7 +314,7 @@ def asset_list(request):
@require_role('admin')
def asset_edit_batch(request):
af = AssetForm()
name = request.session.get('username', 'admin')
name = request.user.username
asset_group_all = AssetGroup.objects.all()
if request.method == 'POST':
@ -382,9 +385,8 @@ def asset_edit_batch(request):
asset.save()
if alert_list:
username = unicode(name) + ' - ' + u'批量'
print alert_list
AssetRecord.objects.create(asset=asset, username=username, content=alert_list)
recode_name = unicode(name) + ' - ' + u'批量'
AssetRecord.objects.create(asset=asset, username=recode_name, content=alert_list)
return HttpResponse('ok')
return my_render('jasset/asset_edit_batch.html', locals(), request)
@ -410,53 +412,34 @@ def asset_update(request):
"""
asset_id = request.GET.get('id', '')
asset = get_object(Asset, id=asset_id)
name = request.user.username
if not asset:
return HttpResponseRedirect('/jasset/asset_detail/?id=%s' % asset_id)
name = request.session.get('username', 'admin')
if asset.use_default_auth:
default = Setting.objects.all()
if default:
default = default[0]
username = default.default_user
password = default.default_password
port = default.default_port
else:
return HttpResponse(u'没有设置默认用户名和密码!')
else:
username = asset.username
password = asset.password
port = asset.port
resource = [{"hostname": asset.ip, "port": port,
"username": username, "password": password}]
ansible_instance = Tasks(resource)
ansible_asset_info = ansible_instance.get_host_info()
if ansible_asset_info['status'] == 'ok':
asset_info = ansible_asset_info['result'][asset.ip]
if asset_info:
hostname = asset_info.get('hostname')
other_ip = ','.join(asset_info.get('other_ip'))
cpu_type = asset_info.get('cpu_type')[1]
cpu_cores = asset_info.get('cpu_cores')
cpu = cpu_type + ' * ' + unicode(cpu_cores)
memory = asset_info.get('memory')
disk = asset_info.get('disk')
sn = asset_info.get('sn')
brand = asset_info.get('brand')
system_type = asset_info.get('system_type')
system_version = asset_info.get('system_version')
asset_dic = {"hostname": hostname, "other_ip": other_ip, "cpu": cpu,
"memory": memory, "disk": disk, "system_type": system_type,
"system_version": system_version, "brand": brand, "sn": sn
}
ansible_record(asset, asset_dic, name)
asset_ansible_update([asset], name)
return HttpResponseRedirect('/jasset/asset_detail/?id=%s' % asset_id)
@require_role('admin')
def asset_update_batch(request):
if request.method == 'POST':
arg = request.GET.get('arg', '')
name = unicode(request.user.username) + ' - ' + u'自动更新'
if arg == 'all':
asset_list = Asset.objects.all()
else:
asset_list = []
asset_id_all = unicode(request.POST.get('asset_id_all', ''))
asset_id_all = asset_id_all.split(',')
for asset_id in asset_id_all:
asset = get_object(Asset, id=asset_id)
if asset:
asset_list.append(asset)
asset_ansible_update(asset_list, name)
return HttpResponse(u'批量更新成功!')
return HttpResponse(u'批量更新成功!')
@require_role('admin')
def idc_add(request):
"""
@ -477,9 +460,7 @@ def idc_add(request):
return HttpResponseRedirect("/jasset/idc_list/")
else:
idc_form = IdcForm()
return render_to_response('jasset/idc_add.html',
locals(),
context_instance=RequestContext(request))
return my_render('jasset/idc_add.html', locals(), request)
@require_role('admin')
@ -495,9 +476,7 @@ def idc_list(request):
else:
posts = IDC.objects.exclude(name='ALL').order_by('id')
contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request)
return render_to_response('jasset/idc_list.html',
locals(),
context_instance=RequestContext(request))
return my_render('jasset/idc_list.html', locals(), request)
@require_role('admin')

1
jlog/urls.py
View File

@ -9,4 +9,5 @@ urlpatterns = patterns('',
url(r'^log_kill/', log_kill),
url(r'^record/$', log_record),
url(r'^web_terminal/$', web_terminal),
url(r'^get_role_name/$', get_role_name),
)

21
jlog/views.py
View File

@ -4,6 +4,7 @@ from django.template import RequestContext
from django.shortcuts import render_to_response
from jumpserver.api import *
from jperm.perm_api import user_have_perm
from django.http import HttpResponseNotFound
from jlog.log_api import renderTemplate
@ -50,6 +51,7 @@ def log_list(request, offset):
web_monitor_uri = 'ws://%s/monitor' % WEB_SOCKET_HOST
web_kill_uri = 'http://%s/kill' % WEB_SOCKET_HOST
session_id = request.session.session_key
return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request))
@ -103,11 +105,20 @@ def log_record(request):
return HttpResponse('无日志记录!')
@require_role('user')
def get_role_name(request):
asset_id = request.GET.get('id', 9999)
asset = get_object(Asset, id=asset_id)
if asset:
role = user_have_perm(request.user, asset=asset)
return HttpResponse(','.join([i.name for i in role]))
return HttpResponse('error')
@require_role('user')
def web_terminal(request):
#username = get_session.get('username', '')
token = request.COOKIES.get('sessionid')
username = request.user.username
asset_name = '127.0.0.1'
web_terminal_uri = 'ws://%s/terminal?username=%s&asset_name=%s&token=%s' % (WEB_SOCKET_HOST, username, asset_name, token)
asset_id = request.GET.get('id')
role_name = request.GET.get('role')
web_terminal_uri = 'ws://%s/terminal?id=%s&role=%s' % (WEB_SOCKET_HOST, asset_id, role_name)
return render_to_response('jlog/web_terminal.html', locals())

9
jperm/perm_api.py
View File

@ -132,6 +132,15 @@ def get_group_asset_perm(ob):
return perm
def user_have_perm(user, asset):
user_perm_all = get_group_user_perm(user)
user_assets = user_perm_all.get('asset').keys()
if asset in user_assets:
return user_perm_all.get('asset').get(asset).get('role')
else:
return []
def gen_resource(ob, ex='', perm=None):
"""
ob为用户或资产列表或资产queryset, 如果同时输入用户和资产则获取用户在这些资产上的信息

2
jperm/utils.py
View File

@ -46,7 +46,7 @@ def gen_keys():
"""
key_basename = "key-" + uuid4().hex
key_path_dir = os.path.join(KEY_DIR, 'role_key', key_basename)
mkdir(key_path_dir, 0755)
mkdir(key_path_dir, mode=0755)
key = RSAKey.generate(2048)
private_key = os.path.join(key_path_dir, 'id_rsa')
public_key = os.path.join(key_path_dir, 'id_rsa.pub')

2
jumpserver.conf
View File

@ -13,7 +13,7 @@ password = mysql234
database = jumpserver
[websocket]
web_socket_host = j:3000
web_socket_host = js:3000
[mail]
mail_enable = 1

5
jumpserver/api.py
View File

@ -54,12 +54,15 @@ def get_asset_info(asset):
if default:
info['port'] = default.default_port
info['username'] = default.default_user
try:
info['password'] = CRYPTOR.decrypt(default.default_password)
except ServerError:
pass
info['ssh_key'] = default.default_pri_key_path
else:
info['port'] = asset.port
info['username'] = asset.username
info['password'] = asset.password
info['password'] = CRYPTOR.decrypt(asset.password)
return info

8
jumpserver/context_processors.py
View File

@ -5,16 +5,12 @@ from jumpserver.api import *
def name_proc(request):
user_id = request.user.id
# role_id = request.session.get('role_id')
role_id = {'SU':2,'GA':1,'CU':0}.get(request.user.role,0)
# if role_id == 2:
role_id = {'SU': 2, 'GA': 1, 'CU': 0}.get(request.user.role, 0)
# role_id = 'SU'
user_total_num = User.objects.all().count()
user_active_num = User.objects.filter().count()
host_total_num = Asset.objects.all().count()
host_active_num = Asset.objects.filter(is_active=True).count()
# else:
# pass
request.session.set_expiry(3600)
info_dic = {'session_user_id': user_id,

5
jumpserver/settings.py
View File

@ -66,6 +66,7 @@ INSTALLED_APPS = (
'django.contrib.messages',
'django.contrib.staticfiles',
'django.contrib.humanize',
'django_crontab',
'bootstrapform',
'jumpserver',
'juser',
@ -149,3 +150,7 @@ USE_TZ = False
STATIC_URL = '/static/'
BOOTSTRAP_COLUMN_COUNT = 10
CRONJOBS = [
('0 1 * * *', 'jasset.asset_api.asset_ansible_update_all')
]

15
jumpserver/templatetags/mytags.py
View File

@ -209,7 +209,11 @@ def str_to_dic(info):
"""
str to list
"""
return ast.literal_eval(info).iteritems()
if '{' in info:
info_dic = ast.literal_eval(info).iteritems()
else:
info_dic = {}
return info_dic
@register.filter(name='str_to_code')
@ -237,3 +241,12 @@ def key_exist(username):
return True
else:
return False
@register.filter(name='check_role')
def check_role(asset_id, user):
"""
ssh key is exist or not
"""
return user

146
run_websocket.py
View File

@ -7,6 +7,7 @@ import os
import sys
import os.path
import threading
import datetime
import urllib
import tornado.ioloop
@ -20,16 +21,10 @@ from tornado.websocket import WebSocketClosedError
from tornado.options import define, options
from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY, AsyncNotifier
import select
# from gevent import monkey
# monkey.patch_all()
# import gevent
# from gevent.socket import wait_read, wait_write
import struct, fcntl, signal, socket, select, fnmatch
import paramiko
from connect import Tty
from connect import TtyLog, Log
from connect import Tty, User, Asset, PermRole, logger, get_object
from connect import TtyLog, Log, Session, user_have_perm
try:
import simplejson as json
@ -41,17 +36,54 @@ define("port", default=3000, help="run on the given port", type=int)
define("host", default='0.0.0.0', help="run port on", type=str)
def require_auth(func):
def _deco(request, *args, **kwargs):
username = request.get_argument('username', '')
asset_name = request.get_argument('asset_name', '')
token = request.get_argument('token', '')
print username, asset_name, token
client = tornado.httpclient.HTTPClient()
# response = client.fetch('http://some/url') + urllib.urlencode({'username': username,
# 'asset_name': asset_name, 'token': token})
# return request.close()
def require_auth(role='user'):
def _deco(func):
def _deco2(request, *args, **kwargs):
if request.get_cookie('sessionid'):
session_key = request.get_cookie('sessionid')
else:
session_key = request.get_argument('sessionid', '')
logger.debug('Websocket: session_key: %s' % session_key)
if session_key:
session = get_object(Session, session_key=session_key)
logger.debug('Websocket: session: %s' % session)
if session and datetime.datetime.now() < session.expire_date:
user_id = session.get_decoded().get('_auth_user_id')
user = get_object(User, id=user_id)
if user:
logger.debug('Websocket: user [ %s ] request websocket' % user.username)
request.user = user
if role == 'admin':
if user.role in ['SU', 'GA']:
return func(request, *args, **kwargs)
logger.debug('Websocket: user [ %s ] is not admin.' % user.username)
else:
return func(request, *args, **kwargs)
else:
logger.debug('Websocket: session expired: %s' % session_key)
try:
request.close()
except AttributeError:
pass
logger.warning('Websocket: Request auth failed.')
# asset_id = int(request.get_argument('id', 9999))
# print asset_id
# asset = Asset.objects.filter(id=asset_id)
# if asset:
# asset = asset[0]
# request.asset = asset
# else:
# request.close()
#
# if user:
# user = user[0]
# request.user = user
#
# else:
# print("No session user.")
# request.close()
return _deco2
return _deco
@ -70,14 +102,7 @@ class EventHandler(ProcessEvent):
def __init__(self, client=None):
self.client = client
def process_IN_CREATE(self, event):
print "Create file:%s." % os.path.join(event.path, event.name)
def process_IN_DELETE(self, event):
print "Delete file:%s." % os.path.join(event.path, event.name)
def process_IN_MODIFY(self, event):
print "Modify file:%s." % os.path.join(event.path, event.name)
self.client.write_message(f.read())
@ -87,10 +112,10 @@ def file_monitor(path='.', client=None):
notifier = AsyncNotifier(wm, EventHandler(client))
wm.add_watch(path, mask, auto_add=True, rec=True)
if not os.path.isfile(path):
print "You should monitor a file"
logger.debug("File %s does not exist." % path)
sys.exit(3)
else:
print "now starting monitor %s." % path
logger.debug("Now starting monitor file %s." % path)
global f
f = open(path, 'r')
st_size = os.stat(path)[6]
@ -136,7 +161,7 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
def check_origin(self, origin):
return True
@require_auth
@require_auth('admin')
def open(self):
# 获取监控的path
self.file_path = self.get_argument('file_path', '')
@ -158,7 +183,8 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
print len(MonitorHandler.threads), len(MonitorHandler.clients)
logger.debug("Websocket: Monitor client num: %s, thread num: %s" % (len(MonitorHandler.clients),
len(MonitorHandler.threads)))
def on_message(self, message):
# 监控日志,发生变动发向客户端
@ -168,10 +194,13 @@ class MonitorHandler(tornado.websocket.WebSocketHandler):
# 客户端主动关闭
# self.close()
print "Close websocket."
logger.debug("Websocket: Monitor client close request")
try:
client_index = MonitorHandler.clients.index(self)
MonitorHandler.clients.remove(self)
MonitorHandler.threads.remove(MonitorHandler.threads[client_index])
except ValueError:
pass
class WebTty(Tty):
@ -184,16 +213,16 @@ class WebTty(Tty):
class WebTerminalKillHandler(tornado.web.RequestHandler):
@require_auth('admin')
def get(self):
ws_id = self.get_argument('id')
Log.objects.filter(id=ws_id).update(is_finished=True)
for ws in WebTerminalHandler.clients:
print ws.id
if ws.id == int(ws_id):
print "killed"
logger.debug("Kill log id %s" % ws_id)
ws.log.save()
ws.close()
print len(WebTerminalHandler.clients)
logger.debug('Websocket: web terminal client num: %s' % len(WebTerminalHandler.clients))
class WebTerminalHandler(tornado.websocket.WebSocketHandler):
@ -206,18 +235,38 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
self.log_time_f = None
self.log = None
self.id = 0
self.user = None
super(WebTerminalHandler, self).__init__(*args, **kwargs)
def check_origin(self, origin):
return True
@require_auth
@require_auth('user')
def open(self):
asset_name = self.get_argument('asset_name', '')
username = self.get_argument('username', '')
token = self.get_argument('token', '')
print asset_name, username, token
self.term = WebTty('a', 'b')
logger.debug('Websocket: Open request')
role_name = self.get_argument('role', 'sb')
asset_id = self.get_argument('id', 9999)
asset = get_object(Asset, id=asset_id)
if asset:
roles = user_have_perm(self.user, asset)
logger.debug(roles)
login_role = ''
for role in roles:
if role.name == role_name:
login_role = role
break
if not login_role:
logger.warning('Websocket: Not that Role %s for Host: %s User: %s ' % (role_name, asset.hostname,
self.user.username))
self.close()
return
else:
logger.warning('Websocket: No that Host: %s User: %s ' % (asset_id, self.user.username))
self.close()
return
logger.debug('Websocket: request web terminal Host: %s User: %s Role: %s' % (asset.hostname, self.user.username,
login_role.name))
self.term = WebTty(self.user, asset, login_role)
self.term.get_connection()
self.term.channel = self.term.ssh.invoke_shell(term='xterm')
WebTerminalHandler.tasks.append(MyThread(target=self.forward_outbound))
@ -236,13 +285,23 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
if data.get('data'):
self.term.input_mode = True
if str(data['data']) in ['\r', '\n', '\r\n']:
TtyLog(log=self.log, datetime=datetime.datetime.now(), cmd=self.term.deal_command(self.term.data, self.term.ssh)).save()
if self.term.vim_flag:
match = self.term.ps1_pattern.search(self.term.vim_data)
if match:
self.term.vim_flag = False
vim_data = self.term.deal_command(self.term.vim_data)[0:200]
if len(data) > 0:
TtyLog(log=self.log, datetime=datetime.datetime.now(), cmd=vim_data).save()
TtyLog(log=self.log, datetime=datetime.datetime.now(),
cmd=self.term.deal_command(self.term.data)[0:200]).save()
self.term.vim_data = ''
self.term.data = ''
self.term.input_mode = False
self.term.channel.send(data['data'])
def on_close(self):
print 'On_close'
logger.debug('Websocket: Close request')
if self in WebTerminalHandler.clients:
WebTerminalHandler.clients.remove(self)
try:
@ -267,6 +326,8 @@ class WebTerminalHandler(tornado.websocket.WebSocketHandler):
if not len(recv):
return
data += recv
if self.term.vim_flag:
self.term.vim_data += recv
try:
self.write_message(json.dumps({'data': data}))
now_timestamp = time.time()
@ -290,4 +351,5 @@ if __name__ == '__main__':
server.bind(options.port, options.host)
# server.listen(options.port)
server.start(num_processes=1)
print "Run server on %s:%s" % (options.host, options.port)
tornado.ioloop.IOLoop.instance().start()

BIN
static/files/excels/cmdb_excel_2015_11_14_11_38.xlsx
View File

Binary file not shown.

BIN
static/files/excels/cmdb_excel_2015_11_14_11_39.xlsx
View File

Binary file not shown.

BIN
static/files/excels/cmdb_excel_2015_11_19_22_05.xlsx
View File

Binary file not shown.

BIN
static/files/excels/cmdb_excel_2015_11_20_00_04.xlsx Normal file
View File

Binary file not shown.

46
templates/jasset/asset_add.html
View File

@ -55,7 +55,7 @@
<div class="col-sm-2">
<div class="radio i-checks">
<label>
<input type="checkbox" checked="" id="id_use_default_auth" name="use_default_auth"><span> 使用默认 </span>
<input type="checkbox" checked="checked" id="id_use_default_auth" name="use_default_auth"><span> 使用默认 </span>
</label>
</div>
</div>
@ -142,26 +142,46 @@
rules: {
check_ip: [/^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){3}$/, 'ip地址不正确'],
check_port: [/^\d{1,5}$/, '端口号不正确'],
use_default_auth: function() {
var str1 = $("#id_use_default_auth").is(":checked");
if (str1 == true){
var decide = false;
} else {
var decide = true;
}
return decide}
},
fields: {
{# "ip": {#}
{# rule: "required;check_ip",#}
{# tip: "输入IP",#}
{# ok: "",#}
{# msg: {required: "必须填写!"}#}
{# },#}
"ip": {
rule: "check_ip;",
tip: "输入IP",
ok: "",
msg: {required: "必须填写!"}
},
"hostname": {
rule: "required",
tip: "填写主机名",
ok: "",
msg: {required: "必须填写!"}
},
{# "port": {#}
{# rule: "required;check_port",#}
{# tip: "输入端口号",#}
{# ok: "",#}
{# msg: {required: "必须填写!"}#}
{# }#}
"port": {
rule: "required(use_default_auth)",
tip: "输入端口号",
ok: "",
msg: {required: "必须填写!"}
},
"username": {
rule: "required(use_default_auth)",
tip: "输入用户名",
ok: "",
msg: {required: "必须填写!"}
},
"password": {
rule: "required(use_default_auth)",
tip: "输入密码",
ok: "",
msg: {required: "必须填写!"}
}
},
valid: function(form) {
form.submit();

14
templates/jasset/asset_detail.html
View File

@ -11,9 +11,15 @@
<div class="ibox-title">
<span class="text text-primary"><b>{{ asset.ip }}</b></span>
<div class="ibox-tools">
<a class="" href="/jasset/asset_update/?id={{ asset.id }}">
<i class="fa fa-refresh"></i>
</a>
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
</a>
<a class="dropdown-toggle" data-toggle="dropdown" href="#">
<i class="fa fa-wrench"></i>
</a>
<ul class="dropdown-menu dropdown-user">
</ul>
<a class="close-link">
@ -29,14 +35,14 @@
<div>
<div class="text-left">
<table class="table">
<tr>
<td class="text-navy">IP</td>
<td>{{ asset.ip|default_if_none:"" }}</td>
</tr>
<tr>
<td class="text-navy">主机名</td>
<td>{{ asset.hostname|default_if_none:"" }}</td>
</tr>
<tr>
<td class="text-navy">IP</td>
<td>{{ asset.ip|default_if_none:"" }}</td>
</tr>
<tr>
<td class="text-navy">其他IP</td>
<td>

47
templates/jasset/asset_edit.html
View File

@ -55,7 +55,7 @@
<div class="col-sm-2">
<div class="radio i-checks">
<label>
<input type="checkbox" {% if asset.use_default_auth %} checked="" {% endif %} id="id_use_default_auth" name="use_default_auth"><span> 使用默认 </span>
<input type="checkbox" {% if asset.use_default_auth %} checked="checked" {% endif %} id="id_use_default_auth" name="use_default_auth"><span> 使用默认 </span>
</label>
</div>
</div>
@ -77,7 +77,7 @@
<div class="hr-line-dashed"></div>
<label class="col-sm-2 control-label"> 端口<span class="red-fonts">*</span> </label>
<div class="col-sm-8">
<input type="text" placeholder="Port" value="{{ asset.port }}" name="port" class="form-control">
<input type="text" placeholder="Port" value="{{ asset.port|default_if_none:"" }}" name="port" class="form-control">
</div>
</div>
@ -99,6 +99,12 @@
<div class="hr-line-dashed"></div>
{{ af.disk|bootstrap_horizontal }}
<div class="hr-line-dashed"></div>
{{ af.system_type|bootstrap_horizontal }}
<div class="hr-line-dashed"></div>
{{ af.system_version|bootstrap_horizontal }}
<div class="hr-line-dashed"></div>
{{ af.number|bootstrap_horizontal }}
@ -186,6 +192,14 @@
rules: {
check_ip: [/^(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])(\.(\d{1,2}|1\d\d|2[0-4]\d|25[0-5])){3}$/, 'ip地址不正确'],
check_port: [/^\d{1,5}$/, '端口号不正确'],
use_default_auth: function() {
var str1 = $("#id_use_default_auth").is(":checked");
if (str1 == true){
var decide = false;
} else {
var decide = true;
}
return decide}
},
fields: {
"hostname": {
@ -194,17 +208,24 @@
ok: "",
msg: {required: "必须填写!"}
},
{# "ip": {#}
{# rule: "required;check_ip",#}
{# tip: "输入IP",#}
{# ok: "",#}
{# msg: {required: "必须填写!"}#}
{# },#}
{# "port": {#}
{# rule: "required;check_port",#}
{# tip: "输入端口号",#}
{# ok: "",#}
{# msg: {required: "必须填写!"}#}
"port": {
rule: "required(use_default_auth)",
tip: "输入端口号",
ok: "",
msg: {required: "必须填写!"}
},
"username": {
rule: "required(use_default_auth)",
tip: "输入用户名",
ok: "",
msg: {required: "必须填写!"}
},
"password": {
rule: "required(use_default_auth)",
tip: "输入密码",
ok: "",
msg: {required: "必须填写!"}
}
},
valid: function(form) {
form.submit();

27
templates/jasset/asset_edit_batch.html
View File

@ -54,29 +54,17 @@
<div class="col-sm-2">
<div class="radio i-checks">
<label>
<<<<<<< HEAD
<input type="radio" checked="" value="no_action" id="no" name="use_default_auth" class="auth"><span> 不修改 </span>
=======
<input type="radio" checked="" value="" id="no" name="use_default_auth" class="auth"><span> 不修改 </span>
>>>>>>> cmdb
</label>
</div>
<div class="radio i-checks">
<label>
<<<<<<< HEAD
<input type="radio" id="default" name="use_default_auth" class="auth"><span> 使用默认 </span>
=======
<input type="radio" id="default" name="use_default_auth" class="auth" value="default"><span> 使用默认 </span>
>>>>>>> cmdb
</label>
</div>
<div class="radio i-checks">
<label>
<<<<<<< HEAD
<input type="radio" id="pass" name="use_default_auth" class="auth"><span> 用户名密码 </span>
=======
<input type="radio" id="pass" name="use_default_auth" class="auth" value="user_passwd"><span> 用户名密码 </span>
>>>>>>> cmdb
</label>
</div>
</div>
@ -138,21 +126,6 @@
</div>
<script>
$(document).ready(function() {
<<<<<<< HEAD
$('#host_edit').click(function () {
var args = {};
var match = null;
var uuid = decodeURIComponent(location.search.substring(1));
var reg = /(?:([^&amp;]+)=([^&amp;]+))/g;
while((match = reg.exec(uuid))!==null){
args[match[1]] = match[2];
}
var ids = args['uuid'];
$('#uuid').val(ids)
});
=======
>>>>>>> cmdb
$('.auth').click(function(){
if ($(this).attr('id') == 'pass'){
$('#admin_account').css('display', 'block')

110
templates/jasset/asset_list.html
View File

@ -130,7 +130,7 @@
<a href="/jasset/asset_detail/?id={{ asset.id }}" class="btn btn-xs btn-primary">详情</a>
{% ifnotequal session_role_id 0 %}
<a href="/jasset/asset_edit/?id={{ asset.id }}" class="btn btn-xs btn-info">编辑</a>
<a href="/jasset/asset_update/?id={{ asset.id }}" class="btn btn-xs btn-info">更新</a>
<a value="{{ asset.id }}" class="conn btn btn-xs btn-warning">连接</a>
<a value="/jasset/asset_del/?id={{ asset.id }}" class="btn btn-xs btn-danger asset_del">删除</a>
{% endifnotequal %}
</td>
@ -142,6 +142,8 @@
<div class="col-sm-6">
<input type="button" id="asset_del" class="btn btn-danger btn-sm" name="del_button" value="删除"/>
<a value="/jasset/asset_edit_batch/" type="button" class="btn btn-sm btn-warning iframe">修改</a>
<input type="button" id="asset_update" class="btn btn-info btn-sm" name="update_button" value="更新"/>
<input type="button" id="asset_update_all" class="btn btn-primary btn-sm" name="update_button" value="更新全部"/>
</div>
{% include 'paginator.html' %}
</div>
@ -155,23 +157,10 @@
{% block self_footer_js %}
<script>
$('table td').on('change', function(env, id){
var url = "/jasset/show_all_ajax/?env=" + env + "&id=" + id;
console.log(url);
$.ajax({
type: "GET",
url: url,
// data: $("#search_form").serialize(),
success: function (data) {
$("#j_dept_"+id).html(data);
}
});
});
$(document).ready(function(){
$('.asset_del').click(function(){
var row = $(this).closest('tr');
if (confirm("确定删除")) {
if (confirm("确定删除?")) {
$.get(
$(this).attr('value'),
{},
@ -180,9 +169,46 @@
}
)
}
})
});
$('.conn').click(function(){
var url='/jlog/get_role_name/?id=' + $(this).attr('value');
var href = $(this).attr('href');
var new_url = '/jlog/web_terminal/?id=' + $(this).attr('value') + '&role=';
$.ajax({
type: 'GET',
url: url,
data: {},
success: function(data){
var dataArray = data.split(',');
if (dataArray.length == 1 && data != 'error'){
console.log('one');
window.open(new_url + data, '', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');
} else if (dataArray.length == '1' && data == 'error'){
layer.alert('没有授权角色')
} else {
aUrl = '';
$.each(dataArray, function(index, value){
aUrl += '<a onclick="windowOpen(this); return false" class="btn btn-xs btn-primary newa" href=' + new_url + value + '>' + value + '</a> '
});
layer.alert(aUrl, {
skin: 'layui-layer-molv',
title: '多个角色,请选择一个连接',
closeBtn: 0
})
}
}
});
return false
});
});
function windowOpen(aTab){
var new_url = aTab.href;
window.open(new_url, '', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');
return false
}
$(".iframe").on('click', function(){
var asset_id_all = getIDall();
if (asset_id_all == ''){
@ -219,14 +245,15 @@
});
});
$('#asset_del').click(function () {
var asset_id_all = getIDall();
console.log(asset_id_all);
if (asset_id_all == ''){
alert("请至少选择一行!");
return false;
}
if (confirm("确定删除")) {
if (confirm("确定删除?")) {
$.ajax({
type: "post",
data: {asset_id_all: asset_id_all},
@ -238,6 +265,40 @@
}
});
$('#asset_update').click(function () {
var asset_id_all = getIDall();
if (asset_id_all == ''){
alert("请至少选择一行!");
return false;
}
layer.msg('玩命更新中...', {time: 200000});
$.ajax({
type: "post",
data: {asset_id_all: asset_id_all},
url: "/jasset/asset_update_batch/",
success: function () {
parent.location.reload();
}
});
});
{# function update_tips(){#}
{# layer.tips('我是另外一个tips只不过我长得跟之前那位稍有些不一样。', '吸附元素选择器', {#}
{# tips: [1, '#3595CC'],#}
{# time: 4000#}
{# });#}
{# }#}
$('#asset_update_all').click(function () {
layer.msg('玩命更新中...', {time: 200000});
$.ajax({
type: "post",
url: "/jasset/asset_update_batch/?arg=all",
success: function () {
parent.location.reload();
}
});
});
function change_info(){
var args = $("#asset_form").serialize();
@ -249,19 +310,6 @@
change_info()
}
});
function show_all(env, id) {
var url = "/jasset/show_all_ajax/?env=" + env + "&id=" + id;
console.log(url);
$.ajax({
type: "GET",
url: url,
success: function (data) {
$("#j_group_" + id).html(data);
}
});
}
</script>
{% endblock %}

2
templates/jasset/error.html
View File

@ -1,4 +1,4 @@
{% for field in af %}
{% for field in af_form %}
<div class="alert alert-warning text-center"> {{ field.errors }}</div>
{{ field.label_tag }}: {{ field }}
{% endfor %}

8
templates/jasset/idc_list.html
View File

@ -30,6 +30,7 @@
<div class="ibox-content">
<div class="">
<a target="_blank" href="/jasset/idc_add" class="btn btn-sm btn-primary "> 添加IDC </a>
<input type="button" id="del_check" class="btn btn-danger btn-sm" name="del_button" value="删除所选"/>
<form id="search_form" method="get" action="" class="pull-right mail-search">
<div class="input-group">
<input type="text" class="form-control input-sm" id="search_input" name="keyword" placeholder="Search">
@ -78,10 +79,9 @@
</table>
<div class="row">
<div class="col-sm-6">
{% ifequal session_role_id 2 %}
<input type="button" id="del_check" class="btn btn-danger btn-sm" name="del_button" value="删除"/>
<!--<input type="button" id="alter_button" class="btn btn-warning btn-sm" name="alter_button" value="修改" onclick="alter('contents_form')" />-->
{% endifequal %}
<div class="dataTables_info" id="editable_info" role="status" aria-live="polite">
Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries
</div>
</div>
{% include 'paginator.html' %}
</div>

26
templates/jlog/log_online.html
View File

@ -50,7 +50,7 @@
<div class="col-lg-12">
<div class="ibox float-e-margins">
<div id="ibox-content" class="ibox-title">
<h5> 用户日志详细信息列表 <input type="button" id="test_connect" class="btn btn-primary" value="测试连接 web terminal" /> </h5>
<h5> 用户日志详细信息列表 </h5>
<div class="ibox-tools">
<a class="collapse-link">
<i class="fa fa-chevron-up"></i>
@ -79,11 +79,9 @@
<th class="text-center"> 用户名 </th>
<th class="text-center"> 登录主机 </th>
<th class="text-center"> 来源IP </th>
{% ifnotequal session_role_id 0 %}
<th class="text-center"> 统计命令 </th>
<th class="text-center"> 实时监控 </th>
<th class="text-center"> 阻断 </th>
{% endifnotequal %}
<th class="text-center"> 登录时间 </th>
</tr>
@ -94,11 +92,9 @@
<td id="username" class="text-center"> {{ post.user }} </td>
<td id="ip" class="text-center"> {{ post.host }} </td>
<td id="remote_ip" class="text-center"> {{ post.remote_ip }} </td>
{% ifnotequal session_role_id 0 %}
<td class="text-center"><a href="/jlog/history/?id={{ post.id }}" class="log_command"> 命令统计 </a></td>
<td class="text-center"><a class="monitor" file_path="{{ post.log_path }}"> 监控 </a></td>
<td class="text-center"><input type="button" id="cut" class="btn btn-danger btn-xs" name="cut" value="阻断" onclick='cut("{{ post.pid }}", "{{ post.remote_ip }}")' /></td>
{% endifnotequal %}
<td class="text-center" id="start_time"> {{ post.start_time|date:"Y-m-d H:i:s" }} </td>
</tr>
{% endfor %}
@ -188,35 +184,19 @@
}});
return false;
});
$('#test_connect').click(function(){
window.open('/jlog/web_terminal/?asset_name="hello', '播放', 'height=400, width=600, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');
});
});
{# function log_search(){#}
{# $.ajax({#}
{# type: "GET",#}
{# url: "/jlog/search/?env=online",#}
{# data: $("#search_form").serialize(),#}
{# success: function (data) {#}
{# $(".tab-content").html(data);#}
{# }#}
{# });#}
{# }#}
function cut(num, host){
console.log(host);
if (host=='Web'){
var g_url = '{{ web_kill_uri }}' + '?id=' + num;
} else {
g_url = "/jlog/log_kill/?id=" + num;
var g_url = "/jlog/log_kill/?id=" + num;
}
$.ajax({
type: "GET",
url: g_url,
url: g_url+"&sessionid={{ session_id }}",
success: window.open("/jlog/log_list/online/", "_self")
});

2
templates/jperm/perm_role_add.html
View File

@ -34,7 +34,7 @@
<div class="alert alert-success text-center">{{ msg }}</div>
{% endif %}
<div class="form-group">
<label for="role_name" class="col-sm-2 control-label">规则名称<span class="red-fonts">*</span></label>
<label for="role_name" class="col-sm-2 control-label">角色名称<span class="red-fonts">*</span></label>
<div class="col-sm-8">
<input id="role_name" name="role_name" placeholder="Role Name" type="text" class="form-control">
</div>

2
templates/nav.html
View File

@ -36,8 +36,6 @@
<li class="role">
<a href="/jperm/role/">系统角色</a>
</li>
<li class="apply_show online"><a href="/jperm/apply_show/online/">权限审批</a></li>
<li class="apply_show online"><a href="/jperm/log/">授权记录</a></li>
</ul>
</li>
<li id="jlog">

4
templates/nav_li_profile.html
View File

@ -36,7 +36,7 @@
<script>
$(".iframe_user").on('click', function(){
var url= $(this).attr("value");
$.layer({
layer.open({
type: 2,
title: '个人信息',
maxmin: true,
@ -45,7 +45,7 @@
shade: [0.5, '#000000'],
shadeClose: true,
area : ['800px' , '600px'],
iframe: {src: url}
content: url
});
});
</script>

20
templates/setting.html
View File

@ -29,7 +29,7 @@
<div class="panel-options">
<ul class="nav nav-tabs">
<li id="tab1" class="active"><a data-toggle="tab" href="#tab-default" aria-expanded="true">默认设置</a></li>
<li id="tab2" class=""><a data-toggle="tab" href="#tab-email" aria-expanded="true">邮箱设置</a></li>
{# <li id="tab2" class=""><a data-toggle="tab" href="#tab-email" aria-expanded="true">邮箱设置</a></li>#}
</ul>
</div>
</div>
@ -82,15 +82,15 @@
</form>
</div>
<div id="tab-email" class="tab-pane">
<table class="table table-striped table-bordered table-hover " id="editable" >
<thead>
<tr>
<th class="text-center">组名</th>
</tr>
</thead>
</table>
</div>
{# <div id="tab-email" class="tab-pane">#}
{# <table class="table table-striped table-bordered table-hover " id="editable" >#}
{# <thead>#}
{# <tr>#}
{# <th class="text-center">组名</th>#}
{# </tr>#}
{# </thead>#}
{# </table>#}
{# </div>#}
</div>
</div>
</div>