From 9f7b066ca62061c38e0f051cc80c5707da6a229e Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sun, 4 Oct 2015 21:50:29 +0800 Subject: [PATCH 01/36] shouquanxiugai --- jperm/models.py | 45 ++++--- jperm/perm_api.py | 111 +++++++++++++++++ jperm/urls.py | 3 +- jperm/views.py | 56 ++++++++- jumpserver/api.py | 4 + jumpserver/models.py | 12 ++ jumpserver/urls.py | 1 + jumpserver/views.py | 3 + juser/models.py | 2 + playbook/user_perm.yaml | 17 +++ static/js/base.js | 8 +- templates/jperm/perm_edit.html | 2 +- .../{user_perm.html => perm_user_edit.html} | 68 +++++------ .../{perm_list.html => perm_user_list.html} | 57 +++------ templates/nav.html | 3 + templates/setting.html | 112 ++++++++++++++++++ tmp/147164c46a9611e5a797000c29f7d66e | 3 + tmp/14721dba6a9611e5a797000c29f7d66e | 17 +++ tmp/1d0e27de6a9611e5ae2e000c29f7d66e | 3 + tmp/1d0e993a6a9611e5ae2e000c29f7d66e | 17 +++ tmp/2e6324f46a9511e58276000c29f7d66e | 3 + tmp/2e63c0b26a9511e58276000c29f7d66e | 17 +++ tmp/39c5fac46a9511e585f9000c29f7d66e | 3 + tmp/39c69db26a9511e585f9000c29f7d66e | 17 +++ tmp/3ce93d2c6a9211e5a651000c29f7d66e | 4 + tmp/3ceb07b06a9211e5a651000c29f7d66e | 10 ++ tmp/48fd55966a9511e59d6b000c29f7d66e | 4 + tmp/48fdf7626a9511e59d6b000c29f7d66e | 17 +++ tmp/764e1d166a9311e5886c000c29f7d66e | 5 + tmp/765012a66a9311e5886c000c29f7d66e | 17 +++ tmp/aa4bd3526a9211e5a53f000c29f7d66e | 4 + tmp/aa4cbc546a9211e5a53f000c29f7d66e | 10 ++ tmp/bbd799fa6a9511e59e68000c29f7d66e | 3 + tmp/bbd931026a9511e59e68000c29f7d66e | 17 +++ tmp/c2774ea46a9511e5be00000c29f7d66e | 3 + tmp/c2780ae26a9511e5be00000c29f7d66e | 17 +++ tmp/c6a8384a6a8a11e5b929000c29f7d66e | 11 ++ tmp/d3e0469c6a8511e5ae99000c29f7d66e | 6 + tmp/f8b99a686a9411e5b0fb000c29f7d66e | 3 + tmp/f8bb07546a9411e5b0fb000c29f7d66e | 17 +++ 40 files changed, 627 insertions(+), 105 deletions(-) create mode 100644 jperm/perm_api.py create mode 100644 jumpserver/models.py create mode 100644 playbook/user_perm.yaml rename templates/jperm/{user_perm.html => perm_user_edit.html} (71%) rename templates/jperm/{perm_list.html => perm_user_list.html} (52%) create mode 100644 templates/setting.html create mode 100644 tmp/147164c46a9611e5a797000c29f7d66e create mode 100644 tmp/14721dba6a9611e5a797000c29f7d66e create mode 100644 tmp/1d0e27de6a9611e5ae2e000c29f7d66e create mode 100644 tmp/1d0e993a6a9611e5ae2e000c29f7d66e create mode 100644 tmp/2e6324f46a9511e58276000c29f7d66e create mode 100644 tmp/2e63c0b26a9511e58276000c29f7d66e create mode 100644 tmp/39c5fac46a9511e585f9000c29f7d66e create mode 100644 tmp/39c69db26a9511e585f9000c29f7d66e create mode 100644 tmp/3ce93d2c6a9211e5a651000c29f7d66e create mode 100644 tmp/3ceb07b06a9211e5a651000c29f7d66e create mode 100644 tmp/48fd55966a9511e59d6b000c29f7d66e create mode 100644 tmp/48fdf7626a9511e59d6b000c29f7d66e create mode 100644 tmp/764e1d166a9311e5886c000c29f7d66e create mode 100644 tmp/765012a66a9311e5886c000c29f7d66e create mode 100644 tmp/aa4bd3526a9211e5a53f000c29f7d66e create mode 100644 tmp/aa4cbc546a9211e5a53f000c29f7d66e create mode 100644 tmp/bbd799fa6a9511e59e68000c29f7d66e create mode 100644 tmp/bbd931026a9511e59e68000c29f7d66e create mode 100644 tmp/c2774ea46a9511e5be00000c29f7d66e create mode 100644 tmp/c2780ae26a9511e5be00000c29f7d66e create mode 100644 tmp/c6a8384a6a8a11e5b929000c29f7d66e create mode 100644 tmp/d3e0469c6a8511e5ae99000c29f7d66e create mode 100644 tmp/f8b99a686a9411e5b0fb000c29f7d66e create mode 100644 tmp/f8bb07546a9411e5b0fb000c29f7d66e diff --git a/jperm/models.py b/jperm/models.py index 167ae0485..336016f8f 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -5,22 +5,37 @@ from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup -class UserPerm(models.Model): - user = models.ForeignKey(User) - asset = models.ForeignKey(Asset, null=True) - asset_group = models.ForeignKey(AssetGroup, null=True) +# class PermUserAsset(models.Model): +# user = models.ForeignKey(User) +# asset = models.ForeignKey(Asset) +# +# def __unicode__(self): +# return self.user.username +# +# +# class PermUserAssetGroup(models.Model): +# user = models.ForeignKey(User) +# asset_group = models.ForeignKey(AssetGroup) +# +# def __unicode__(self): +# return self.user.username +# +# +# class PermUserGroupAsset(models.Model): +# user_group = models.ForeignKey(UserGroup) +# asset = models.ForeignKey(Asset) +# +# def __unicode__(self): +# return self.user_group.name +# +# +# class PermUserGroupAssetGroup(models.Model): +# user_group = models.ForeignKey(UserGroup) +# asset_group = models.ForeignKey(AssetGroup) +# +# def __unicode__(self): +# return self.user_group.name - def __unicode__(self): - return self.user.name - - -class GroupPerm(models.Model): - user_group = models.ForeignKey(UserGroup) - asset = models.ForeignKey(Asset, null=True) - asset_group = models.ForeignKey(AssetGroup, null=True) - - def __unicode__(self): - return self.user.name # class CmdGroup(models.Model): diff --git a/jperm/perm_api.py b/jperm/perm_api.py new file mode 100644 index 000000000..cbaede5a3 --- /dev/null +++ b/jperm/perm_api.py @@ -0,0 +1,111 @@ +# coding: utf-8 + +from jasset.models import * +from jumpserver.api import * +import uuid +import re +from ansible.playbook import PlayBook +from ansible import callbacks, utils + + +def get_object_list(model, id_list): + object_list = [] + for object_id in id_list: + if object_id: + object_list.extend(model.objects.filter(id=int(object_id))) + + return object_list + + +def perm_user_handle(user, asset_new, asset_del, group_new, group_del): + username = user.name + asset_group_new = get_object_list(AssetGroup, group_new) + asset_group_del = get_object_list(AssetGroup, group_del) + for asset_group in asset_group_new: + asset_new.extend([asset.ip for asset in asset_group.asset_set.all()]) + + for asset_group in asset_group_del: + asset_del.extend(asset.ip for asset in asset_group.asset_set.all()) + + +def get_rand_file_path(base_dir=os.path.join(BASE_DIR, 'tmp')): + filename = uuid.uuid1().hex + return os.path.join(base_dir, filename) + + +def get_inventory(host_group): + path = get_rand_file_path() + f = open(path, 'w') + for group, host_list in host_group.items(): + f.write('[%s]\n' % group) + for ip in host_list: + asset = get_object(Asset, ip=ip) + if asset.use_default_auth: + f.write('%s ansbile_ssh_port=%s\n' % (ip, asset.port)) + else: + f.write('%s ansible_ssh_port=%s ansible_ssh_user=%s ansbile_ssh_pass=%s\n' + % (ip, asset.port, asset.username, CRYPTOR.decrypt(asset.password))) + f.close() + return path + + +def get_playbook(tempate, var): + str_playbook = open(tempate).read() + for k, v in var.items(): + str_playbook = re.sub(r'%s' % k, v, str_playbook) + path = get_rand_file_path() + f = open(path, 'w') + f.write(str_playbook) + return path + + +def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del): + asset_new_ip = [] + asset_del_ip = [] + + if '' in asset_group_new: + asset_group_new.remove('') + + if '' in asset_group_del: + asset_group_del.remove('') + + asset_new_ip.extend([asset.ip for asset in get_object_list(Asset, asset_new)]) + + for asset_group_id in asset_group_new: + asset_new_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) + + asset_del_ip.extend([asset.ip for asset in get_object_list(Asset, asset_del)]) + + for asset_group_id in asset_group_del: + asset_del_ip.extend([asset.ip for asset in get_object(AssetGroup, id=asset_group_id).asset_set.all()]) + + print asset_new_ip + print asset_del_ip + + stats = callbacks.AggregateStats() + playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) + runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) + + if asset_new_ip or asset_del_ip: + host_group = {'new': asset_new_ip, 'del': asset_del_ip} + host_list = get_inventory(host_group) + playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), + {'the_new_group': 'new', 'the_del_group': 'del', + 'the_user': user.username, 'the_pub_key': '/tmp/id_rsa.pub'}) + print host_list, playbook + results = PlayBook(host_list=host_list, + playbook=playbook, + forks=5, + remote_user='web', + remote_pass='redhat', + callbacks=playbook_cb, + runner_callbacks=runner_cb, + stats=stats, + become=True, + become_user='root').run() + + for hostname, result in results.items(): + if result.get('failures', 2): + print "%s >>> Failed" % hostname + else: + print "%s >>> Success" % hostname diff --git a/jperm/urls.py b/jperm/urls.py index c4f398c66..a32025944 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -3,7 +3,8 @@ from jperm.views import * urlpatterns = patterns('jperm.views', # Examples: - (r'^user/$', user_perm), + (r'^user/$', perm_user_list), + (r'^perm_user_edit/$', perm_user_edit), # (r'^dept_perm_edit/$', 'dept_perm_edit'), # (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}), # (r'^dept_perm_list/$', 'dept_perm_list'), diff --git a/jperm/views.py b/jperm/views.py index c098f6b37..fdf95aa0d 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -8,12 +8,58 @@ # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q +from jperm.models import * from jumpserver.api import * +from jperm.perm_api import * -def user_perm(request): +@require_role('admin') +def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' - return my_render('jperm/user_perm.html', locals(), request) + keyword = request.GET.get('search', '') + users_list = User.objects.all() + + if keyword: + users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) + users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) + + return my_render('jperm/perm_user_list.html', locals(), request) + + +@require_role('admin') +def perm_user_edit(request): + header_title, path1, path2 = '用户授权', '授权管理', '授权更改' + user_id = request.GET.get('id', '') + user = get_object(User, id=user_id) + asset_all = Asset.objects.all() + asset_group_all = AssetGroup.objects.all() + + asset_id_list = user.assets.split(',') + asset_group_id_list = user.asset_groups.split(',') + if request.method == 'GET' and user: + asset_permed = get_object_list(Asset, asset_id_list) + asset_group_permed = get_object_list(AssetGroup, asset_group_id_list) + assets = [asset for asset in asset_all if asset not in asset_permed] + asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] + return my_render('jperm/perm_user_edit.html', locals(), request) + + elif request.method == 'POST' and user: + asset_select = request.POST.getlist('asset_select', []) + asset_group_select = request.POST.getlist('asset_groups_select', []) + asset_new = list(set(asset_select) - set(asset_id_list)) + asset_del = list(set(asset_id_list) - set(asset_select)) + asset_group_new = list(set(asset_group_select) - set(asset_group_id_list)) + asset_group_del = list(set(asset_group_id_list) - set(asset_group_select)) + user.assets = ','.join(asset_select) + user.asset_groups = ','.join(asset_group_select) + user.save() + + perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del) + + return HttpResponseRedirect('/jperm/user/') + + else: + return HttpResponse('输入错误') # def asset_cmd_groups_get(asset_groups_select='', cmd_groups_select=''): @@ -51,7 +97,7 @@ def user_perm(request): # perm.user_group = user_groups # perm.asset_group = asset_groups # msg = '添加成功' -# return render_to_response('jperm/user_perm.html', locals(), context_instance=RequestContext(request)) +# return render_to_response('jperm/perm_user_edit.html', locals(), context_instance=RequestContext(request)) # # # def dept_add_asset(dept_id, asset_list): @@ -115,7 +161,7 @@ def user_perm(request): # contact_list = contact_list_confirm # # contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request)) +# return render_to_response('jperm/perm_user_list.html', locals(), context_instance=RequestContext(request)) # # # @require_admin @@ -147,7 +193,7 @@ def user_perm(request): # contact_list = contact_list_confirm # # contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('jperm/perm_list.html', locals(), context_instance=RequestContext(request)) +# return render_to_response('jperm/perm_user_list.html', locals(), context_instance=RequestContext(request)) # # # @require_super_user diff --git a/jumpserver/api.py b/jumpserver/api.py index 59411abe4..fcd21c913 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -476,6 +476,10 @@ def get_object(model, **kwargs): use this function for query 使用改封装函数查询数据库 """ + for value in kwargs.values(): + if not value: + return None + the_object = model.objects.filter(**kwargs) if len(the_object) == 1: the_object = the_object[0] diff --git a/jumpserver/models.py b/jumpserver/models.py new file mode 100644 index 000000000..aa186301b --- /dev/null +++ b/jumpserver/models.py @@ -0,0 +1,12 @@ +# coding: utf-8 + +from django.db import models + + +class Setting(models.Model): + default_user = models.CharField(max_length=100, null=True, blank=True) + default_password = models.CharField(max_length=100, null=True, blank=True) + default_pri_key_path = models.CharField(max_length=100, null=True, blank=True) + + class Meta: + db_table = u'setting' \ No newline at end of file diff --git a/jumpserver/urls.py b/jumpserver/urls.py index 617d0351e..6c483ea5b 100644 --- a/jumpserver/urls.py +++ b/jumpserver/urls.py @@ -12,6 +12,7 @@ urlpatterns = patterns('', (r'^logout/$', 'jumpserver.views.logout'), (r'^file/upload/$', 'jumpserver.views.upload'), (r'^file/download/$', 'jumpserver.views.download'), + (r'^setting', 'jumpserver.views.setting'), (r'^error/$', 'jumpserver.views.httperror'), (r'^juser/', include('juser.urls')), (r'^jasset/', include('jasset.urls')), diff --git a/jumpserver/views.py b/jumpserver/views.py index 37784f9c7..9b0ce396c 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -229,6 +229,9 @@ def logout(request): request.session.delete() return HttpResponseRedirect('/login/') + +def setting(request): + return my_render('setting.html', locals(), request) # # def filter_ajax_api(request): # attr = request.GET.get('attr', 'user') diff --git a/juser/models.py b/juser/models.py index 67325ef7f..da61481b2 100644 --- a/juser/models.py +++ b/juser/models.py @@ -32,6 +32,8 @@ class User(models.Model): role = models.CharField(max_length=2, choices=USER_ROLE_CHOICES, default='CU') uuid = models.CharField(max_length=100) group = models.ManyToManyField(UserGroup) + assets = models.TextField(max_length=1000, verbose_name="Assets", default='') + asset_groups = models.CharField(max_length=1000, verbose_name="Asset Groups", default='') ssh_key_pwd = models.CharField(max_length=200) is_active = models.BooleanField(default=True) last_login = models.DateTimeField(null=True) diff --git a/playbook/user_perm.yaml b/playbook/user_perm.yaml new file mode 100644 index 000000000..4aaefa91d --- /dev/null +++ b/playbook/user_perm.yaml @@ -0,0 +1,17 @@ +- hosts: the_new_group + vars: + user: the_user + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=the_pub_key dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: the_del_group + vars: + user: the_user + tasks: + - name: del user + user: name={{ user }} state=absent remove=yes diff --git a/static/js/base.js b/static/js/base.js index 0c5612a0d..5445ab9b6 100644 --- a/static/js/base.js +++ b/static/js/base.js @@ -89,7 +89,7 @@ function move(from, to, from_o, to_o) { //} // -function selectAll(){ +function selectAllOption(){ var checklist = document.getElementsByName ("selected"); if(document.getElementById("select_all").checked) { @@ -106,6 +106,12 @@ function selectAll(){ } +function checkAll(formID){ + $('#'+formID+'option').each(function(){ + $(this).attr('checked', true) + }) +} + // //function move_all(from, to){ // $("#"+from).children().each(function(){ diff --git a/templates/jperm/perm_edit.html b/templates/jperm/perm_edit.html index 1b2377bac..33cd1e4eb 100644 --- a/templates/jperm/perm_edit.html +++ b/templates/jperm/perm_edit.html @@ -82,7 +82,7 @@
- +
diff --git a/templates/jperm/user_perm.html b/templates/jperm/perm_user_edit.html similarity index 71% rename from templates/jperm/user_perm.html rename to templates/jperm/perm_user_edit.html index f3a675f39..1b6f491e8 100644 --- a/templates/jperm/user_perm.html +++ b/templates/jperm/perm_user_edit.html @@ -8,7 +8,7 @@
-
主机授权添加
+
{{ user.name }}授权修改
@@ -23,7 +23,7 @@
-
+ {% if error %}
{{ error }}
{% endif %} @@ -33,41 +33,48 @@
+
+ + +
+
+ +
+ +
+
- + {% for asset in assets %} + {% endfor %}
-
- - +
+ +
- + {% for asset in asset_permed %} + + {% endfor %}
-
- -
- -
-
- +
+ {% for asset_group in asset_group_permed %} + + {% endfor %}
- -
-
- -
- -
-
-
- +
@@ -130,18 +131,6 @@ $('#sudoPerm').validator({ tip: "输入授权名", ok: "", msg: {required: "必须填写!"} - }, - "user_groups_select": { - rule: "required", - tip: "选择用户组", - ok: "", - msg: {checked: "至少选择一个用户组"} - }, - "asset_groups_select": { - rule: "required", - tip: "选择主机组", - ok: "", - msg: {checked: "至少选择一个主机组"} } }, @@ -156,6 +145,7 @@ $(document).ready(function(){ $('#user_groups_select option').each(function(){ $(this).prop('selected', true) }) + $('#asset_groups_select option').each(function(){ $(this).prop('selected', true) }) diff --git a/templates/jperm/perm_list.html b/templates/jperm/perm_user_list.html similarity index 52% rename from templates/jperm/perm_list.html rename to templates/jperm/perm_user_list.html index 23b6818df..785dbbbbd 100644 --- a/templates/jperm/perm_list.html +++ b/templates/jperm/perm_user_list.html @@ -16,12 +16,6 @@ - @@ -30,13 +24,13 @@
- 添加小组 + 添加用户
@@ -46,27 +40,23 @@ - - - - - - + + + + - {% for group in contacts.object_list %} + {% for user in users.object_list %} - - - - - - + + + + {% endfor %} @@ -75,7 +65,7 @@
- Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries + Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries
{% include 'paginator.html' %} @@ -86,23 +76,4 @@
- - {% endblock %} \ No newline at end of file diff --git a/templates/nav.html b/templates/nav.html index 7eb758c3b..ff622f8b7 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -44,6 +44,9 @@
  • 日志审计
    • +
  • + 设置 +
  • 访问官网
    • diff --git a/templates/setting.html b/templates/setting.html new file mode 100644 index 000000000..991354f7a --- /dev/null +++ b/templates/setting.html @@ -0,0 +1,112 @@ +{% extends 'base.html' %} +{% load mytags %} + + +{% block content %} + {% include 'nav_cat_bar.html' %} +
    +
    +
    +
    +
    +
    项目设置
    +
    + + + + + + + + + +
    +
    + +
    +
    +
    +
    + +
    +
    + +
    +
    +
    + + {% if error %} +
    {{ error }}
    + {% endif %} + {% if msg %} +
    {{ msg }}
    + {% endif %} +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    +
    + +
    + +
    +
    +
    +
    +
    + + +
    +
    + +
    + +
    +
    组名所属部门成员数目授权主机组数目授权主机数目备注用户所属用户组授权资产授权资产组 操作
    {{ group.name }} {{ group.dept.name }} {{ group.id | member_count }} {{ group.id | ugrp_perm_agrp_count }} {{ group.id | ugrp_perm_asset_count }} {{ group.comment }} {{ user.name }} {{ user.id }} {{ user.id }} {{ user.comment }} - 详情 - 授权编辑 + 详情 + 编辑
    + + + + + + +
    组名
    +
    + +
    +
    +
    +
    +
    +
    + + + + + +{% endblock %} \ No newline at end of file diff --git a/tmp/147164c46a9611e5a797000c29f7d66e b/tmp/147164c46a9611e5a797000c29f7d66e new file mode 100644 index 000000000..61bfa4c43 --- /dev/null +++ b/tmp/147164c46a9611e5a797000c29f7d66e @@ -0,0 +1,3 @@ +[new] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat +[del] diff --git a/tmp/14721dba6a9611e5a797000c29f7d66e b/tmp/14721dba6a9611e5a797000c29f7d66e new file mode 100644 index 000000000..3bbd6ba29 --- /dev/null +++ b/tmp/14721dba6a9611e5a797000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent remove=yes diff --git a/tmp/1d0e27de6a9611e5ae2e000c29f7d66e b/tmp/1d0e27de6a9611e5ae2e000c29f7d66e new file mode 100644 index 000000000..7e7718a23 --- /dev/null +++ b/tmp/1d0e27de6a9611e5ae2e000c29f7d66e @@ -0,0 +1,3 @@ +[new] +[del] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/1d0e993a6a9611e5ae2e000c29f7d66e b/tmp/1d0e993a6a9611e5ae2e000c29f7d66e new file mode 100644 index 000000000..3bbd6ba29 --- /dev/null +++ b/tmp/1d0e993a6a9611e5ae2e000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent remove=yes diff --git a/tmp/2e6324f46a9511e58276000c29f7d66e b/tmp/2e6324f46a9511e58276000c29f7d66e new file mode 100644 index 000000000..61bfa4c43 --- /dev/null +++ b/tmp/2e6324f46a9511e58276000c29f7d66e @@ -0,0 +1,3 @@ +[new] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat +[del] diff --git a/tmp/2e63c0b26a9511e58276000c29f7d66e b/tmp/2e63c0b26a9511e58276000c29f7d66e new file mode 100644 index 000000000..ff93b7663 --- /dev/null +++ b/tmp/2e63c0b26a9511e58276000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent diff --git a/tmp/39c5fac46a9511e585f9000c29f7d66e b/tmp/39c5fac46a9511e585f9000c29f7d66e new file mode 100644 index 000000000..7e7718a23 --- /dev/null +++ b/tmp/39c5fac46a9511e585f9000c29f7d66e @@ -0,0 +1,3 @@ +[new] +[del] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/39c69db26a9511e585f9000c29f7d66e b/tmp/39c69db26a9511e585f9000c29f7d66e new file mode 100644 index 000000000..ff93b7663 --- /dev/null +++ b/tmp/39c69db26a9511e585f9000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent diff --git a/tmp/3ce93d2c6a9211e5a651000c29f7d66e b/tmp/3ce93d2c6a9211e5a651000c29f7d66e new file mode 100644 index 000000000..8c0ee4573 --- /dev/null +++ b/tmp/3ce93d2c6a9211e5a651000c29f7d66e @@ -0,0 +1,4 @@ +[new] +[del] +127.0.0.1 ansbile_ssh_port=22 +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/3ceb07b06a9211e5a651000c29f7d66e b/tmp/3ceb07b06a9211e5a651000c29f7d66e new file mode 100644 index 000000000..aa13ef257 --- /dev/null +++ b/tmp/3ceb07b06a9211e5a651000c29f7d66e @@ -0,0 +1,10 @@ +- hosts: new + vars: + user: testfd + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 \ No newline at end of file diff --git a/tmp/48fd55966a9511e59d6b000c29f7d66e b/tmp/48fd55966a9511e59d6b000c29f7d66e new file mode 100644 index 000000000..482b37ae6 --- /dev/null +++ b/tmp/48fd55966a9511e59d6b000c29f7d66e @@ -0,0 +1,4 @@ +[new] +127.0.0.1 ansbile_ssh_port=22 +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat +[del] diff --git a/tmp/48fdf7626a9511e59d6b000c29f7d66e b/tmp/48fdf7626a9511e59d6b000c29f7d66e new file mode 100644 index 000000000..9a17241ca --- /dev/null +++ b/tmp/48fdf7626a9511e59d6b000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: testfd + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: testfd + tasks: + - name: del user + user: name={{ user }} state=absent diff --git a/tmp/764e1d166a9311e5886c000c29f7d66e b/tmp/764e1d166a9311e5886c000c29f7d66e new file mode 100644 index 000000000..45661fbf3 --- /dev/null +++ b/tmp/764e1d166a9311e5886c000c29f7d66e @@ -0,0 +1,5 @@ +[new] +127.0.0.1 ansbile_ssh_port=22 +[del] +127.0.0.1 ansbile_ssh_port=22 +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/765012a66a9311e5886c000c29f7d66e b/tmp/765012a66a9311e5886c000c29f7d66e new file mode 100644 index 000000000..9a17241ca --- /dev/null +++ b/tmp/765012a66a9311e5886c000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: testfd + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: testfd + tasks: + - name: del user + user: name={{ user }} state=absent diff --git a/tmp/aa4bd3526a9211e5a53f000c29f7d66e b/tmp/aa4bd3526a9211e5a53f000c29f7d66e new file mode 100644 index 000000000..482b37ae6 --- /dev/null +++ b/tmp/aa4bd3526a9211e5a53f000c29f7d66e @@ -0,0 +1,4 @@ +[new] +127.0.0.1 ansbile_ssh_port=22 +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat +[del] diff --git a/tmp/aa4cbc546a9211e5a53f000c29f7d66e b/tmp/aa4cbc546a9211e5a53f000c29f7d66e new file mode 100644 index 000000000..aa13ef257 --- /dev/null +++ b/tmp/aa4cbc546a9211e5a53f000c29f7d66e @@ -0,0 +1,10 @@ +- hosts: new + vars: + user: testfd + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 \ No newline at end of file diff --git a/tmp/bbd799fa6a9511e59e68000c29f7d66e b/tmp/bbd799fa6a9511e59e68000c29f7d66e new file mode 100644 index 000000000..61bfa4c43 --- /dev/null +++ b/tmp/bbd799fa6a9511e59e68000c29f7d66e @@ -0,0 +1,3 @@ +[new] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat +[del] diff --git a/tmp/bbd931026a9511e59e68000c29f7d66e b/tmp/bbd931026a9511e59e68000c29f7d66e new file mode 100644 index 000000000..3bbd6ba29 --- /dev/null +++ b/tmp/bbd931026a9511e59e68000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent remove=yes diff --git a/tmp/c2774ea46a9511e5be00000c29f7d66e b/tmp/c2774ea46a9511e5be00000c29f7d66e new file mode 100644 index 000000000..7e7718a23 --- /dev/null +++ b/tmp/c2774ea46a9511e5be00000c29f7d66e @@ -0,0 +1,3 @@ +[new] +[del] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/c2780ae26a9511e5be00000c29f7d66e b/tmp/c2780ae26a9511e5be00000c29f7d66e new file mode 100644 index 000000000..3bbd6ba29 --- /dev/null +++ b/tmp/c2780ae26a9511e5be00000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent remove=yes diff --git a/tmp/c6a8384a6a8a11e5b929000c29f7d66e b/tmp/c6a8384a6a8a11e5b929000c29f7d66e new file mode 100644 index 000000000..89c7aa8ed --- /dev/null +++ b/tmp/c6a8384a6a8a11e5b929000c29f7d66e @@ -0,0 +1,11 @@ +- hosts: hello world + vars: + user: testuserssss + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + diff --git a/tmp/d3e0469c6a8511e5ae99000c29f7d66e b/tmp/d3e0469c6a8511e5ae99000c29f7d66e new file mode 100644 index 000000000..be37d2580 --- /dev/null +++ b/tmp/d3e0469c6a8511e5ae99000c29f7d66e @@ -0,0 +1,6 @@ +[world] +125.39.8.222 ansbile_ssh_port=2234 +202.106.0.20 ansbile_ssh_port=22 +[hello] +125.39.8.222 ansbile_ssh_port=2234 +202.106.0.20 ansbile_ssh_port=22 diff --git a/tmp/f8b99a686a9411e5b0fb000c29f7d66e b/tmp/f8b99a686a9411e5b0fb000c29f7d66e new file mode 100644 index 000000000..61bfa4c43 --- /dev/null +++ b/tmp/f8b99a686a9411e5b0fb000c29f7d66e @@ -0,0 +1,3 @@ +[new] +192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat +[del] diff --git a/tmp/f8bb07546a9411e5b0fb000c29f7d66e b/tmp/f8bb07546a9411e5b0fb000c29f7d66e new file mode 100644 index 000000000..ff93b7663 --- /dev/null +++ b/tmp/f8bb07546a9411e5b0fb000c29f7d66e @@ -0,0 +1,17 @@ +- hosts: new + vars: + user: admin + tasks: + - name: add user + user: name={{ user }} state=present + - name: .ssh direcotory + file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory + - name: set authorizied_file + copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 + +- hosts: del + vars: + user: admin + tasks: + - name: del user + user: name={{ user }} state=absent From fef3879c8565631b279761202cc09a32890f6964 Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sun, 4 Oct 2015 21:50:51 +0800 Subject: [PATCH 02/36] rm tmpfile --- tmp/147164c46a9611e5a797000c29f7d66e | 3 --- tmp/14721dba6a9611e5a797000c29f7d66e | 17 ----------------- tmp/1d0e27de6a9611e5ae2e000c29f7d66e | 3 --- tmp/1d0e993a6a9611e5ae2e000c29f7d66e | 17 ----------------- tmp/2e6324f46a9511e58276000c29f7d66e | 3 --- tmp/2e63c0b26a9511e58276000c29f7d66e | 17 ----------------- tmp/39c5fac46a9511e585f9000c29f7d66e | 3 --- tmp/39c69db26a9511e585f9000c29f7d66e | 17 ----------------- tmp/3ce93d2c6a9211e5a651000c29f7d66e | 4 ---- tmp/3ceb07b06a9211e5a651000c29f7d66e | 10 ---------- tmp/48fd55966a9511e59d6b000c29f7d66e | 4 ---- tmp/48fdf7626a9511e59d6b000c29f7d66e | 17 ----------------- tmp/764e1d166a9311e5886c000c29f7d66e | 5 ----- tmp/765012a66a9311e5886c000c29f7d66e | 17 ----------------- tmp/aa4bd3526a9211e5a53f000c29f7d66e | 4 ---- tmp/aa4cbc546a9211e5a53f000c29f7d66e | 10 ---------- tmp/bbd799fa6a9511e59e68000c29f7d66e | 3 --- tmp/bbd931026a9511e59e68000c29f7d66e | 17 ----------------- tmp/c2774ea46a9511e5be00000c29f7d66e | 3 --- tmp/c2780ae26a9511e5be00000c29f7d66e | 17 ----------------- tmp/c6a8384a6a8a11e5b929000c29f7d66e | 11 ----------- tmp/d3e0469c6a8511e5ae99000c29f7d66e | 6 ------ tmp/f8b99a686a9411e5b0fb000c29f7d66e | 3 --- tmp/f8bb07546a9411e5b0fb000c29f7d66e | 17 ----------------- 24 files changed, 228 deletions(-) delete mode 100644 tmp/147164c46a9611e5a797000c29f7d66e delete mode 100644 tmp/14721dba6a9611e5a797000c29f7d66e delete mode 100644 tmp/1d0e27de6a9611e5ae2e000c29f7d66e delete mode 100644 tmp/1d0e993a6a9611e5ae2e000c29f7d66e delete mode 100644 tmp/2e6324f46a9511e58276000c29f7d66e delete mode 100644 tmp/2e63c0b26a9511e58276000c29f7d66e delete mode 100644 tmp/39c5fac46a9511e585f9000c29f7d66e delete mode 100644 tmp/39c69db26a9511e585f9000c29f7d66e delete mode 100644 tmp/3ce93d2c6a9211e5a651000c29f7d66e delete mode 100644 tmp/3ceb07b06a9211e5a651000c29f7d66e delete mode 100644 tmp/48fd55966a9511e59d6b000c29f7d66e delete mode 100644 tmp/48fdf7626a9511e59d6b000c29f7d66e delete mode 100644 tmp/764e1d166a9311e5886c000c29f7d66e delete mode 100644 tmp/765012a66a9311e5886c000c29f7d66e delete mode 100644 tmp/aa4bd3526a9211e5a53f000c29f7d66e delete mode 100644 tmp/aa4cbc546a9211e5a53f000c29f7d66e delete mode 100644 tmp/bbd799fa6a9511e59e68000c29f7d66e delete mode 100644 tmp/bbd931026a9511e59e68000c29f7d66e delete mode 100644 tmp/c2774ea46a9511e5be00000c29f7d66e delete mode 100644 tmp/c2780ae26a9511e5be00000c29f7d66e delete mode 100644 tmp/c6a8384a6a8a11e5b929000c29f7d66e delete mode 100644 tmp/d3e0469c6a8511e5ae99000c29f7d66e delete mode 100644 tmp/f8b99a686a9411e5b0fb000c29f7d66e delete mode 100644 tmp/f8bb07546a9411e5b0fb000c29f7d66e diff --git a/tmp/147164c46a9611e5a797000c29f7d66e b/tmp/147164c46a9611e5a797000c29f7d66e deleted file mode 100644 index 61bfa4c43..000000000 --- a/tmp/147164c46a9611e5a797000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat -[del] diff --git a/tmp/14721dba6a9611e5a797000c29f7d66e b/tmp/14721dba6a9611e5a797000c29f7d66e deleted file mode 100644 index 3bbd6ba29..000000000 --- a/tmp/14721dba6a9611e5a797000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent remove=yes diff --git a/tmp/1d0e27de6a9611e5ae2e000c29f7d66e b/tmp/1d0e27de6a9611e5ae2e000c29f7d66e deleted file mode 100644 index 7e7718a23..000000000 --- a/tmp/1d0e27de6a9611e5ae2e000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -[del] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/1d0e993a6a9611e5ae2e000c29f7d66e b/tmp/1d0e993a6a9611e5ae2e000c29f7d66e deleted file mode 100644 index 3bbd6ba29..000000000 --- a/tmp/1d0e993a6a9611e5ae2e000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent remove=yes diff --git a/tmp/2e6324f46a9511e58276000c29f7d66e b/tmp/2e6324f46a9511e58276000c29f7d66e deleted file mode 100644 index 61bfa4c43..000000000 --- a/tmp/2e6324f46a9511e58276000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat -[del] diff --git a/tmp/2e63c0b26a9511e58276000c29f7d66e b/tmp/2e63c0b26a9511e58276000c29f7d66e deleted file mode 100644 index ff93b7663..000000000 --- a/tmp/2e63c0b26a9511e58276000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent diff --git a/tmp/39c5fac46a9511e585f9000c29f7d66e b/tmp/39c5fac46a9511e585f9000c29f7d66e deleted file mode 100644 index 7e7718a23..000000000 --- a/tmp/39c5fac46a9511e585f9000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -[del] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/39c69db26a9511e585f9000c29f7d66e b/tmp/39c69db26a9511e585f9000c29f7d66e deleted file mode 100644 index ff93b7663..000000000 --- a/tmp/39c69db26a9511e585f9000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent diff --git a/tmp/3ce93d2c6a9211e5a651000c29f7d66e b/tmp/3ce93d2c6a9211e5a651000c29f7d66e deleted file mode 100644 index 8c0ee4573..000000000 --- a/tmp/3ce93d2c6a9211e5a651000c29f7d66e +++ /dev/null @@ -1,4 +0,0 @@ -[new] -[del] -127.0.0.1 ansbile_ssh_port=22 -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/3ceb07b06a9211e5a651000c29f7d66e b/tmp/3ceb07b06a9211e5a651000c29f7d66e deleted file mode 100644 index aa13ef257..000000000 --- a/tmp/3ceb07b06a9211e5a651000c29f7d66e +++ /dev/null @@ -1,10 +0,0 @@ -- hosts: new - vars: - user: testfd - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 \ No newline at end of file diff --git a/tmp/48fd55966a9511e59d6b000c29f7d66e b/tmp/48fd55966a9511e59d6b000c29f7d66e deleted file mode 100644 index 482b37ae6..000000000 --- a/tmp/48fd55966a9511e59d6b000c29f7d66e +++ /dev/null @@ -1,4 +0,0 @@ -[new] -127.0.0.1 ansbile_ssh_port=22 -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat -[del] diff --git a/tmp/48fdf7626a9511e59d6b000c29f7d66e b/tmp/48fdf7626a9511e59d6b000c29f7d66e deleted file mode 100644 index 9a17241ca..000000000 --- a/tmp/48fdf7626a9511e59d6b000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: testfd - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: testfd - tasks: - - name: del user - user: name={{ user }} state=absent diff --git a/tmp/764e1d166a9311e5886c000c29f7d66e b/tmp/764e1d166a9311e5886c000c29f7d66e deleted file mode 100644 index 45661fbf3..000000000 --- a/tmp/764e1d166a9311e5886c000c29f7d66e +++ /dev/null @@ -1,5 +0,0 @@ -[new] -127.0.0.1 ansbile_ssh_port=22 -[del] -127.0.0.1 ansbile_ssh_port=22 -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/765012a66a9311e5886c000c29f7d66e b/tmp/765012a66a9311e5886c000c29f7d66e deleted file mode 100644 index 9a17241ca..000000000 --- a/tmp/765012a66a9311e5886c000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: testfd - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: testfd - tasks: - - name: del user - user: name={{ user }} state=absent diff --git a/tmp/aa4bd3526a9211e5a53f000c29f7d66e b/tmp/aa4bd3526a9211e5a53f000c29f7d66e deleted file mode 100644 index 482b37ae6..000000000 --- a/tmp/aa4bd3526a9211e5a53f000c29f7d66e +++ /dev/null @@ -1,4 +0,0 @@ -[new] -127.0.0.1 ansbile_ssh_port=22 -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat -[del] diff --git a/tmp/aa4cbc546a9211e5a53f000c29f7d66e b/tmp/aa4cbc546a9211e5a53f000c29f7d66e deleted file mode 100644 index aa13ef257..000000000 --- a/tmp/aa4cbc546a9211e5a53f000c29f7d66e +++ /dev/null @@ -1,10 +0,0 @@ -- hosts: new - vars: - user: testfd - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 \ No newline at end of file diff --git a/tmp/bbd799fa6a9511e59e68000c29f7d66e b/tmp/bbd799fa6a9511e59e68000c29f7d66e deleted file mode 100644 index 61bfa4c43..000000000 --- a/tmp/bbd799fa6a9511e59e68000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat -[del] diff --git a/tmp/bbd931026a9511e59e68000c29f7d66e b/tmp/bbd931026a9511e59e68000c29f7d66e deleted file mode 100644 index 3bbd6ba29..000000000 --- a/tmp/bbd931026a9511e59e68000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent remove=yes diff --git a/tmp/c2774ea46a9511e5be00000c29f7d66e b/tmp/c2774ea46a9511e5be00000c29f7d66e deleted file mode 100644 index 7e7718a23..000000000 --- a/tmp/c2774ea46a9511e5be00000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -[del] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat diff --git a/tmp/c2780ae26a9511e5be00000c29f7d66e b/tmp/c2780ae26a9511e5be00000c29f7d66e deleted file mode 100644 index 3bbd6ba29..000000000 --- a/tmp/c2780ae26a9511e5be00000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent remove=yes diff --git a/tmp/c6a8384a6a8a11e5b929000c29f7d66e b/tmp/c6a8384a6a8a11e5b929000c29f7d66e deleted file mode 100644 index 89c7aa8ed..000000000 --- a/tmp/c6a8384a6a8a11e5b929000c29f7d66e +++ /dev/null @@ -1,11 +0,0 @@ -- hosts: hello world - vars: - user: testuserssss - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - diff --git a/tmp/d3e0469c6a8511e5ae99000c29f7d66e b/tmp/d3e0469c6a8511e5ae99000c29f7d66e deleted file mode 100644 index be37d2580..000000000 --- a/tmp/d3e0469c6a8511e5ae99000c29f7d66e +++ /dev/null @@ -1,6 +0,0 @@ -[world] -125.39.8.222 ansbile_ssh_port=2234 -202.106.0.20 ansbile_ssh_port=22 -[hello] -125.39.8.222 ansbile_ssh_port=2234 -202.106.0.20 ansbile_ssh_port=22 diff --git a/tmp/f8b99a686a9411e5b0fb000c29f7d66e b/tmp/f8b99a686a9411e5b0fb000c29f7d66e deleted file mode 100644 index 61bfa4c43..000000000 --- a/tmp/f8b99a686a9411e5b0fb000c29f7d66e +++ /dev/null @@ -1,3 +0,0 @@ -[new] -192.168.244.129 ansible_ssh_port=22 ansible_ssh_user=root ansbile_ssh_pass=redhat -[del] diff --git a/tmp/f8bb07546a9411e5b0fb000c29f7d66e b/tmp/f8bb07546a9411e5b0fb000c29f7d66e deleted file mode 100644 index ff93b7663..000000000 --- a/tmp/f8bb07546a9411e5b0fb000c29f7d66e +++ /dev/null @@ -1,17 +0,0 @@ -- hosts: new - vars: - user: admin - tasks: - - name: add user - user: name={{ user }} state=present - - name: .ssh direcotory - file: name=/home/{{ user }}/.ssh mode=700 owner={{ user }} group={{ user }} state=directory - - name: set authorizied_file - copy: src=/tmp/id_rsa.pub dest=/home/{{ user }}/.ssh/authorizied_keys owner={{ user }} group={{ user }} mode=600 - -- hosts: del - vars: - user: admin - tasks: - - name: del user - user: name={{ user }} state=absent From 6482a5e214ce96029b28e19eb30cbd446fdabcde Mon Sep 17 00:00:00 2001 From: guanghongwei Date: Sun, 4 Oct 2015 21:51:23 +0800 Subject: [PATCH 03/36] add ignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index b749de2d9..3771a02ba 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,4 @@ logs keys jumpserver.conf nohup.out +tmp/* From 699046dad5712c207a674642c55219be5505325e Mon Sep 17 00:00:00 2001 From: Administrator Date: Mon, 5 Oct 2015 23:48:03 +0800 Subject: [PATCH 04/36] =?UTF-8?q?=E4=BF=AE=E6=94=B9settings?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jasset/models.py | 4 ++-- jasset/views.py | 9 +++++---- jperm/perm_api.py | 13 ++++++++++--- jumpserver/models.py | 4 ++-- jumpserver/views.py | 24 +++++++++++++++++++++++- templates/jasset/asset_add.html | 33 +++++++++++++-------------------- templates/setting.html | 10 ++++------ 7 files changed, 59 insertions(+), 38 deletions(-) diff --git a/jasset/models.py b/jasset/models.py index 8f51f8989..cfa8392e1 100644 --- a/jasset/models.py +++ b/jasset/models.py @@ -60,11 +60,11 @@ class AssetGroup(models.Model): class Asset(models.Model): ip = models.IPAddressField(unique=True) - port = models.IntegerField(max_length=6) + port = models.IntegerField(max_length=6, blank=True, null=True) group = models.ManyToManyField(AssetGroup) username = models.CharField(max_length=20, blank=True, null=True) password = models.CharField(max_length=80, blank=True, null=True) - use_default_auth = models.BooleanField(default=True) + use_default = models.BooleanField(default=True) date_added = models.DateTimeField(auto_now=True, default=datetime.datetime.now(), null=True) is_active = models.BooleanField(default=True) comment = models.CharField(max_length=100, blank=True, null=True) diff --git a/jasset/views.py b/jasset/views.py index 259a7357d..eb500050d 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -87,18 +87,19 @@ def asset_add(request): asset_group_all = AssetGroup.objects.all() if request.method == 'POST': ip = request.POST.get('ip') - port = request.POST.get('port') groups = request.POST.getlist('groups') - use_default_auth = True if request.POST.getlist('use_default_auth', []) else False + use_default = True if request.POST.getlist('use_default', []) else False is_active = True if request.POST.get('is_active') else False comment = request.POST.get('comment') - if not use_default_auth: + if not use_default: username = request.POST.get('username') password = request.POST.get('password') + port = request.POST.get('port') password_encode = CRYPTOR.encrypt(password) else: username = None + port = None password_encode = None try: @@ -110,7 +111,7 @@ def asset_add(request): pass else: db_asset_add( - ip=ip, port=port, use_default_auth=use_default_auth, is_active=is_active, comment=comment, + ip=ip, port=port, use_default=use_default, is_active=is_active, comment=comment, groups=groups, username=username, password=password_encode ) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index cbaede5a3..015d0a8a8 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -7,6 +7,8 @@ import re from ansible.playbook import PlayBook from ansible import callbacks, utils +from jumpserver.models import Setting + def get_object_list(model, id_list): object_list = [] @@ -92,12 +94,17 @@ def perm_user_api(user, asset_new, asset_del, asset_group_new, asset_group_del): playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), {'the_new_group': 'new', 'the_del_group': 'del', 'the_user': user.username, 'the_pub_key': '/tmp/id_rsa.pub'}) - print host_list, playbook + settings = get_object(Setting, id=1) + if settings: + default_user = settings.default_user + default_pri_key_path = settings.default_pri_key_path + else: + default_user = default_pri_key_path = '' results = PlayBook(host_list=host_list, playbook=playbook, forks=5, - remote_user='web', - remote_pass='redhat', + remote_user=default_user, + private_key_file=default_pri_key_path, callbacks=playbook_cb, runner_callbacks=runner_cb, stats=stats, diff --git a/jumpserver/models.py b/jumpserver/models.py index aa186301b..046ebb730 100644 --- a/jumpserver/models.py +++ b/jumpserver/models.py @@ -5,8 +5,8 @@ from django.db import models class Setting(models.Model): default_user = models.CharField(max_length=100, null=True, blank=True) - default_password = models.CharField(max_length=100, null=True, blank=True) + default_port = models.IntegerField(max_length=10, null=True, blank=True) default_pri_key_path = models.CharField(max_length=100, null=True, blank=True) class Meta: - db_table = u'setting' \ No newline at end of file + db_table = u'setting' diff --git a/jumpserver/views.py b/jumpserver/views.py index 9b0ce396c..cdf1b3591 100644 --- a/jumpserver/views.py +++ b/jumpserver/views.py @@ -12,7 +12,7 @@ from django.http import HttpResponse # from jperm.models import Apply import paramiko from jumpserver.api import * - +from jumpserver.models import Setting def getDaysByNum(num): @@ -231,6 +231,28 @@ def logout(request): def setting(request): + header_title, path1 = '项目设置', '设置' + if request.method == "POST": + username = request.POST.get('username', '') + port = request.POST.get('port', '') + private_key = request.POST.get('key', '') + + if '' in [username, port, private_key]: + return HttpResponse('所填内容不能为空') + else: + settings = get_object(Setting, id=1) + private_key_path = os.path.join(BASE_DIR, 'keys', 'default', 'default_private_key.pem') + with open(private_key_path, 'w') as f: + f.write(private_key) + os.chmod(private_key_path, 0600) + if settings: + Setting.objects.filter(id=1).update(default_user=username, default_port=port, + default_pri_key_path=private_key_path) + else: + settings = Setting(default_user=username, default_port=port, + default_pri_key_path=private_key_path).save() + + msg = "设置成功" return my_render('setting.html', locals(), request) # # def filter_ajax_api(request): diff --git a/templates/jasset/asset_add.html b/templates/jasset/asset_add.html index bbf8b196f..13125ca0d 100644 --- a/templates/jasset/asset_add.html +++ b/templates/jasset/asset_add.html @@ -42,27 +42,24 @@
    -
    - -
    - -
    -
    - -
    -
    - +
    + - - - - {% endblock %} \ No newline at end of file From 06eedff49f79f21a57c0da6096c8832547e87513 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Wed, 7 Oct 2015 20:14:07 +0800 Subject: [PATCH 09/36] fix common --- jperm/perm_api.py | 97 ++++++++++++++++++----------- jperm/views.py | 2 +- playbook/user_perm.yaml | 10 ++- templates/jperm/perm_user_edit.html | 2 +- 4 files changed, 66 insertions(+), 45 deletions(-) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 185fe969d..21a69ac09 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -54,19 +54,18 @@ def get_playbook(template, var): return path -def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None): +def playbook_run(inventory, playbook, settings): stats = callbacks.AggregateStats() playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) # run the playbook - print default_user, default_port, default_pri_key_path, inventory, playbook - if default_user and default_port and default_pri_key_path: + if settings: playbook = PlayBook(host_list=inventory, playbook=playbook, forks=5, - remote_user=default_user, - remote_port=default_port, - private_key_file=default_pri_key_path, + remote_user=settings.default_user, + remote_port=settings.default_port, + private_key_file=settings.default_pri_key_path, callbacks=playbook_cb, runner_callbacks=runner_cb, stats=stats, @@ -98,43 +97,67 @@ def playbook_run(inventory, playbook, default_user=None, default_port=None, defa return results_r -def perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=None, user_group=None): - """用户授权api,通过调用ansible API完成用户新建等""" - asset_new_ip = [] # 新授权的ip列表 - asset_del_ip = [] # 回收授权的ip列表 +def perm_user_api(perm_info): + """ + 用户授权api,通过调用ansible API完成用户新建等,传入参数必须如下,列表中可以是对象,也可以是用户名和ip + perm_info = {'del': {'users': [], + 'assets': [], + }, + 'new': {'users': [], + 'assets': []}} + """ + try: + new_users = perm_info['new']['users'] + new_assets = perm_info['new']['assets'] + del_users = perm_info['del']['users'] + del_assets = perm_info['del']['assets'] + except IndexError: + raise ServerError("Error: function perm_user_api传入参数错误") - asset_new_ip.extend([asset.ip for asset in asset_new]) # 查库,获取新授权ip - for asset_group in asset_group_new: - asset_new_ip.extend([asset.ip for asset in asset_group.asset_set.all()]) # 同理 - asset_del_ip.extend([asset.ip for asset in asset_del]) # 查库,获取回收授权的ip - for asset_group in asset_group_del: - asset_del_ip.extend([asset.ip for asset in asset_group.asset_set.all()]) # 同理 - - if asset_new_ip or asset_del_ip: - host_group = {'new': asset_new_ip, 'del': asset_del_ip} - inventory = get_inventory(host_group) - if user: - the_items = user.username, - elif user_group: - users = user_group.user_set.all() - the_items = ','.join([user.username for user in users]) + # 检查传入的是字符串还是对象 + check_users = new_users + del_users + try: + if isinstance(check_users[0], str): + var_type = 'str' else: - return HttpResponse('Argument error.') + var_type = 'obj' - playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), - {'the_new_group': 'new', 'the_del_group': 'del', - 'the_items': the_items, 'the_pub_key': '/tmp/id_rsa.pub'}) + except IndexError: + raise ServerError("Error: function perm_user_api传入参数错误") - settings = get_object(Setting, id=1) - if settings: - default_user = settings.default_user - default_port = settings.default_port - default_pri_key_path = settings.default_pri_key_path + print new_assets, del_assets + print new_users, del_users + try: + if var_type == 'str': + new_ip = new_assets + del_ip = del_assets + new_username = new_users + del_username = del_users else: - default_user = default_port = default_pri_key_path = '' + new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)] + del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)] + new_username = [user.username for user in new_users if isinstance(user, User)] + del_username = [user.username for user in del_users if isinstance(user, User)] + except IndexError: + raise ServerError("Error: function perm_user_api传入参数类型错误") - results_r = playbook_run(inventory, playbook, default_user, default_port, default_pri_key_path) - return results_r + print new_ip, del_ip + print new_username, del_username + + host_group = {'new': new_ip, 'del': del_ip} + inventory = get_inventory(host_group) + + the_new_users = ','.join(new_username) + the_del_users = ','.join(del_username) + + playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), + {'the_new_group': 'new', 'the_del_group': 'del', + 'the_new_users': the_new_users, 'the_del_users': the_del_users, + 'the_pub_key': '/tmp/id_rsa.pub'}) + + settings = get_object(Setting, name='default') + results_r = playbook_run(inventory, playbook, settings) + return results_r def refresh_group_api(user_group=None, asset_group=None): diff --git a/jperm/views.py b/jperm/views.py index 15f375d79..98c1b3bb7 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1 +1 @@ -# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply import json from django.db.models import Q from jperm.models import * from jumpserver.api import * from jperm.perm_api import * @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user=user) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') \ No newline at end of file +# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jperm.models import * from jumpserver.api import * from jperm.perm_api import * @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 perm_info = { 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') \ No newline at end of file diff --git a/playbook/user_perm.yaml b/playbook/user_perm.yaml index d57ff1964..6310249d4 100644 --- a/playbook/user_perm.yaml +++ b/playbook/user_perm.yaml @@ -2,18 +2,16 @@ tasks: - name: del user user: name={{ item }} state=absent remove=yes - with_items: [ the_items ] + with_items: [ the_del_users ] - hosts: the_new_group tasks: - name: add user user: name={{ item }} state=present - with_items: [ the_items ] + with_items: [ the_new_users ] - name: .ssh direcotory file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory - with_items: [ the_items ] + with_items: [ the_new_users ] - name: set authorizied_file copy: src=the_pub_key dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600 - with_items: [ the_items ] - - + with_items: [ the_new_users ] diff --git a/templates/jperm/perm_user_edit.html b/templates/jperm/perm_user_edit.html index e7db76b0d..5d06997f5 100644 --- a/templates/jperm/perm_user_edit.html +++ b/templates/jperm/perm_user_edit.html @@ -107,7 +107,7 @@
    - +
    From 50d2bfb27200f44c4eedb5a7a26f46829101a39c Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Mon, 12 Oct 2015 09:58:38 +0800 Subject: [PATCH 10/36] someday --- jperm/models.py | 72 +---- jperm/perm_api.py | 68 ++--- jperm/urls.py | 1 + jperm/views.py | 2 +- jumpserver/api.py | 2 +- jumpserver/settings.py | 6 +- jumpserver/templatetags/mytags.py | 358 +------------------------ templates/jperm/dept_perm_edit.html | 179 ------------- templates/jperm/dept_perm_list.html | 104 ------- templates/jperm/perm_apply.html | 187 ------------- templates/jperm/perm_apply_exec.html | 31 --- templates/jperm/perm_apply_info.html | 55 ---- templates/jperm/perm_apply_search.html | 40 --- templates/jperm/perm_asset_detail.html | 61 ----- templates/jperm/perm_detail.html | 118 -------- templates/jperm/perm_edit.html | 130 --------- templates/jperm/perm_edit_bak.html | 138 ---------- templates/jperm/perm_list_ajax.html | 132 --------- templates/jperm/perm_log.html | 108 +++----- templates/jperm/perm_log_offline.html | 127 --------- templates/jperm/perm_log_online.html | 128 --------- templates/jperm/perm_user_detail.html | 240 ----------------- templates/jperm/sudo_add.html | 226 ---------------- templates/jperm/sudo_cmd_add.html | 148 ---------- templates/jperm/sudo_cmd_detail.html | 48 ---- templates/jperm/sudo_cmd_list.html | 140 ---------- templates/jperm/sudo_detail.html | 170 ------------ templates/jperm/sudo_edit.html | 155 ----------- templates/jperm/sudo_list.html | 129 --------- templates/nav.html | 1 + 30 files changed, 88 insertions(+), 3216 deletions(-) delete mode 100644 templates/jperm/dept_perm_edit.html delete mode 100644 templates/jperm/dept_perm_list.html delete mode 100644 templates/jperm/perm_apply.html delete mode 100644 templates/jperm/perm_apply_exec.html delete mode 100644 templates/jperm/perm_apply_info.html delete mode 100644 templates/jperm/perm_apply_search.html delete mode 100644 templates/jperm/perm_asset_detail.html delete mode 100644 templates/jperm/perm_detail.html delete mode 100644 templates/jperm/perm_edit.html delete mode 100644 templates/jperm/perm_edit_bak.html delete mode 100644 templates/jperm/perm_list_ajax.html delete mode 100644 templates/jperm/perm_log_offline.html delete mode 100644 templates/jperm/perm_log_online.html delete mode 100644 templates/jperm/perm_user_detail.html delete mode 100644 templates/jperm/sudo_add.html delete mode 100644 templates/jperm/sudo_cmd_add.html delete mode 100644 templates/jperm/sudo_cmd_detail.html delete mode 100644 templates/jperm/sudo_cmd_list.html delete mode 100644 templates/jperm/sudo_detail.html delete mode 100644 templates/jperm/sudo_edit.html delete mode 100644 templates/jperm/sudo_list.html diff --git a/jperm/models.py b/jperm/models.py index 336016f8f..1a07e6572 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -5,71 +5,7 @@ from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup -# class PermUserAsset(models.Model): -# user = models.ForeignKey(User) -# asset = models.ForeignKey(Asset) -# -# def __unicode__(self): -# return self.user.username -# -# -# class PermUserAssetGroup(models.Model): -# user = models.ForeignKey(User) -# asset_group = models.ForeignKey(AssetGroup) -# -# def __unicode__(self): -# return self.user.username -# -# -# class PermUserGroupAsset(models.Model): -# user_group = models.ForeignKey(UserGroup) -# asset = models.ForeignKey(Asset) -# -# def __unicode__(self): -# return self.user_group.name -# -# -# class PermUserGroupAssetGroup(models.Model): -# user_group = models.ForeignKey(UserGroup) -# asset_group = models.ForeignKey(AssetGroup) -# -# def __unicode__(self): -# return self.user_group.name - - - -# class CmdGroup(models.Model): -# name = models.CharField(max_length=50, unique=True) -# cmd = models.CharField(max_length=999) -# comment = models.CharField(blank=True, null=True, max_length=50) -# -# def __unicode__(self): -# return self.name -# -# -# class SudoPerm(models.Model): -# user_group = models.ForeignKey(UserGroup) -# user_runas = models.CharField(max_length=100) -# asset_group = models.ManyToManyField(AssetGroup) -# cmd_group = models.ManyToManyField(CmdGroup) -# comment = models.CharField(max_length=30, null=True, blank=True) -# -# def __unicode__(self): -# return self.user_group.name -# -# -# class Apply(models.Model): -# uuid = UUIDField(auto=True) -# applyer = models.CharField(max_length=20) -# admin = models.CharField(max_length=20) -# approver = models.CharField(max_length=20) -# bisgroup = models.CharField(max_length=500) -# asset = models.CharField(max_length=500) -# comment = models.TextField(blank=True, null=True) -# status = models.IntegerField(max_length=2) -# date_add = models.DateTimeField(null=True) -# date_end = models.DateTimeField(null=True) -# read = models.IntegerField(max_length=2) -# -# def __unicode__(self): -# return self.applyer +class PermLog(models.Model): + datetime = models.DateTimeField(auto_now_add=True) + result = models.CharField(max_length=1000, null=True, blank=True, default='') + is_finished = models.BooleanField(default=False) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 21a69ac09..d777ca82d 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -6,6 +6,7 @@ import uuid import re from ansible.playbook import PlayBook from ansible import callbacks, utils +from jumpserver.tasks import playbook_run, add from jumpserver.models import Setting @@ -54,49 +55,6 @@ def get_playbook(template, var): return path -def playbook_run(inventory, playbook, settings): - stats = callbacks.AggregateStats() - playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) - runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) - # run the playbook - if settings: - playbook = PlayBook(host_list=inventory, - playbook=playbook, - forks=5, - remote_user=settings.default_user, - remote_port=settings.default_port, - private_key_file=settings.default_pri_key_path, - callbacks=playbook_cb, - runner_callbacks=runner_cb, - stats=stats, - become=True, - become_user='root') - else: - playbook = PlayBook(host_list=inventory, - playbook=playbook, - forks=5, - callbacks=playbook_cb, - runner_callbacks=runner_cb, - stats=stats, - become=True, - become_user='root') - - results = playbook.run() - results_r = {'unreachable': [], 'failures': [], 'success': []} - for hostname, result in results.items(): - if result.get('unreachable', 2): - results_r['unreachable'].append(hostname) - print "%s >>> unreachable" % hostname - elif result.get('failures', 2): - results_r['failures'].append(hostname) - print "%s >>> Failed" % hostname - else: - results_r['success'].append(hostname) - print "%s >>> Success" % hostname - - return results_r - - def perm_user_api(perm_info): """ 用户授权api,通过调用ansible API完成用户新建等,传入参数必须如下,列表中可以是对象,也可以是用户名和ip @@ -111,6 +69,8 @@ def perm_user_api(perm_info): new_assets = perm_info['new']['assets'] del_users = perm_info['del']['users'] del_assets = perm_info['del']['assets'] + + print new_users, new_assets except IndexError: raise ServerError("Error: function perm_user_api传入参数错误") @@ -125,8 +85,6 @@ def perm_user_api(perm_info): except IndexError: raise ServerError("Error: function perm_user_api传入参数错误") - print new_assets, del_assets - print new_users, del_users try: if var_type == 'str': new_ip = new_assets @@ -141,9 +99,6 @@ def perm_user_api(perm_info): except IndexError: raise ServerError("Error: function perm_user_api传入参数类型错误") - print new_ip, del_ip - print new_username, del_username - host_group = {'new': new_ip, 'del': del_ip} inventory = get_inventory(host_group) @@ -155,9 +110,22 @@ def perm_user_api(perm_info): 'the_new_users': the_new_users, 'the_del_users': the_del_users, 'the_pub_key': '/tmp/id_rsa.pub'}) + print playbook, inventory + settings = get_object(Setting, name='default') - results_r = playbook_run(inventory, playbook, settings) - return results_r + results = playbook_run(inventory, playbook, settings) + return results + + +def get_user_assets(user): + if isinstance(user, int): + user = get_object(User, id=user) + elif isinstance(user, str): + user = get_object(User, username=user) + elif isinstance(user, User): + user = user + else: + user = None def refresh_group_api(user_group=None, asset_group=None): diff --git a/jperm/urls.py b/jperm/urls.py index 705ad9307..c95ab9684 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -7,6 +7,7 @@ urlpatterns = patterns('jperm.views', (r'^perm_user_edit/$', perm_user_edit), (r'^group/$', perm_group_list), (r'^perm_group_edit/$', perm_group_edit), + (r'log/$', log), # (r'^dept_perm_edit/$', 'dept_perm_edit'), # (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}), # (r'^dept_perm_list/$', 'dept_perm_list'), diff --git a/jperm/views.py b/jperm/views.py index 98c1b3bb7..8a5e67e3e 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1 +1 @@ -# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jperm.models import * from jumpserver.api import * from jperm.perm_api import * @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 perm_info = { 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) # 通过API授权或回收 unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') \ No newline at end of file +# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) \ No newline at end of file diff --git a/jumpserver/api.py b/jumpserver/api.py index fcd21c913..faabb068c 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -18,8 +18,8 @@ from django.http import HttpResponse, Http404 from django.template import RequestContext from juser.models import User, UserGroup from jasset.models import Asset, AssetGroup -from jlog.models import Log from jasset.models import AssetAlias +from jlog.models import Log from django.core.exceptions import ObjectDoesNotExist, MultipleObjectsReturned from django.http import HttpResponseRedirect from django.shortcuts import render_to_response diff --git a/jumpserver/settings.py b/jumpserver/settings.py index aeeaec053..0a5a69bee 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -11,7 +11,9 @@ https://docs.djangoproject.com/en/1.7/ref/settings/ # Build paths inside the project like this: os.path.join(BASE_DIR, ...) import os import ConfigParser +import djcelery +djcelery.setup_loader() config = ConfigParser.ConfigParser() BASE_DIR = os.path.dirname(os.path.dirname(__file__)) @@ -43,7 +45,7 @@ TEMPLATE_DEBUG = True ALLOWED_HOSTS = ['0.0.0.0/8'] - +BROKER_URL = 'django://' # Application definition INSTALLED_APPS = ( @@ -54,6 +56,8 @@ INSTALLED_APPS = ( 'django.contrib.messages', 'django.contrib.staticfiles', 'django.contrib.humanize', + 'djcelery', + 'kombu.transport.django', 'jumpserver', 'juser', 'jasset', diff --git a/jumpserver/templatetags/mytags.py b/jumpserver/templatetags/mytags.py index 160970ad2..2bd1df20b 100644 --- a/jumpserver/templatetags/mytags.py +++ b/jumpserver/templatetags/mytags.py @@ -12,14 +12,6 @@ from jasset.models import AssetAlias register = template.Library() -# @register.filter(name='stamp2str') -# def stamp2str(value): -# try: -# return time.strftime('%Y/%m/%d %H:%M:%S', time.localtime(value)) -# except AttributeError: -# return '0000/00/00 00:00:00' - - @register.filter(name='int2str') def int2str(value): """ @@ -42,18 +34,6 @@ def get_role(user_id): return u"普通用户" -# @register.filter(name='groups_str') -# def groups_str(user_id): -# groups = [] -# user = User.objects.get(id=user_id) -# for group in user.group.all(): -# groups.append(group.name) -# if len(groups) < 3: -# return ' '.join(groups) -# else: -# return "%s ..." % ' '.join(groups[0:2]) -# - @register.filter(name='groups2str') def groups2str(group_list): """ @@ -87,72 +67,6 @@ def user_asset_group_count(user): """ return len(user.asset_group.all()) -# -# @register.filter(name='user_group_asset_count') -# def user_group_asset_count(user_group): -# """ -# 返回用户组权限主机的数量 -# """ -# assets_id = user_group.assets.split(',') -# asset_groups = user_group.asset_groups.split(',') -# -# for asset_group_id in asset_groups: -# asset_group = get_object(AssetGroup, id=asset_group_id) -# if asset_group: -# assets_id.extend(asset.id for asset in asset_group.asset_set.all()) -# -# assets_id = set(map(str, assets_id)) -# return len(assets_id) -# -# -# @register.filter(name='user_group_asset_count') -# def user_group_asset_group_count(user_group): -# """ -# 返回用户组权限主机组的数量 -# """ -# return len(user_group.asset_groups.split(',')) -# -# @register.filter(name='group_str2_all') -# def group_str2_all(group_list): -# group_lis = [] -# for i in group_list: -# if str(i) != 'ALL': -# group_lis.append(i) -# if len(group_lis) < 3: -# return ' '.join([group.name for group in group_lis]) -# else: -# return '%s ...' % ' '.join([group.name for group in group_lis[0:2]]) -# -# -# @register.filter(name='group_dept_all') -# def group_dept_all(group_list): -# group_lis = [] -# for i in group_list: -# if str(i) != 'ALL': -# group_lis.append(i) -# return ' '.join([group.name for group in group_lis]) -# -# -# @register.filter(name='group_manage_str') -# def group_manage_str(username): -# user = User.objects.get(username=username) -# group = user.user_group.filter(type='M') -# if group: -# return group[0].name -# else: -# return '' -# -# -# @register.filter(name='get_item') -# def get_item(dictionary, key): -# return dictionary.get(key) -# -# -# @register.filter(name='get_login_type') -# def get_login_type(login): -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# return login_types[login] - @register.filter(name='bool2str') def bool2str(value): @@ -162,16 +76,6 @@ def bool2str(value): return u'否' -# # @register.filter(name='user_readonly') -# # def user_readonly(user_id): -# # user = User.objects.filter(id=user_id) -# # if user: -# # user = user[0] -# # if user.role == 'CU': -# # return False -# # return True - - @register.filter(name='members_count') def members_count(group_id): """统计用户组下成员数量""" @@ -181,148 +85,6 @@ def members_count(group_id): else: return 0 -# -# @register.filter(name='group_user_count') -# def group_user_count(group_id): -# group = UserGroup.objects.get(id=group_id) -# return group.user_set.count() -# -# -# @register.filter(name='dept_user_num') -# def dept_user_num(dept_id): -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# return dept.user_set.count() -# else: -# return 0 -# -# -# @register.filter(name='dept_group_num') -# def dept_group_num(dept_id): -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# return dept.usergroup_set.all().count() -# else: -# return 0 -# -# -# @register.filter(name='perm_count') -# def perm_count(group_id): -# group = UserGroup.objects.get(id=group_id) -# return group.perm_set.count() -# -# -# @register.filter(name='dept_asset_num') -# def dept_asset_num(dept_id): -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# return dept.asset_set.all().count() -# return 0 -# -# -# @register.filter(name='ugrp_perm_agrp_count') -# def ugrp_perm_agrp_count(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# if user_group: -# user_group = user_group[0] -# return user_group.perm_set.all().count() -# return 0 -# -# -# @register.filter(name='ugrp_sudo_agrp_count') -# def ugrp_sudo_agrp_count(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# asset_groups = [] -# if user_group: -# user_group = user_group[0] -# for perm in user_group.sudoperm_set.all(): -# asset_groups.extend(perm.asset_group.all()) -# return len(set(asset_groups)) -# return 0 -# -# -# @register.filter(name='ugrp_perm_asset_count') -# def ugrp_perm_asset_count(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# assets = [] -# if user_group: -# user_group = user_group[0] -# asset_groups = [perm.asset_group for perm in user_group.perm_set.all()] -# for asset_group in asset_groups: -# assets.extend(asset_group.asset_set.all()) -# return len(set(assets)) -# -# -# @register.filter(name='ugrp_sudo_asset_count') -# def ugrp_sudo_asset_count(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# asset_groups = [] -# assets = [] -# if user_group: -# user_group = user_group[0] -# for perm in user_group.sudoperm_set.all(): -# asset_groups.extend(perm.asset_group.all()) -# -# for asset_group in asset_groups: -# assets.extend(asset_group.asset_set.all()) -# return len(set(assets)) -# -# -# @register.filter(name='get_user_alias') -# def get_user_alias(post, user_id): -# user = User.objects.get(id=user_id) -# host = Asset.objects.get(id=post.id) -# alias = AssetAlias.objects.filter(user=user, host=host) -# if alias: -# return alias[0].alias -# else: -# return '' -# -# -# @register.filter(name='group_type_to_str') -# def group_type_to_str(type_name): -# group_types = { -# 'P': '用户', -# 'M': '部门', -# 'A': '用户组', -# } -# return group_types.get(type_name) -# -# -# @register.filter(name='ast_to_list') -# def ast_to_list(lis): -# ast_lis = ast.literal_eval(lis) -# if len(ast_lis) <= 2: -# return ','.join([i for i in ast_lis]) -# else: -# restr = ','.join([i for i in ast_lis[0:2]]) + '...' -# return restr -# -# -# @register.filter(name='get_group_count') -# def get_group_count(post, dept): -# count = post.asset_set.filter(dept=dept).count() -# return count -# -# -# @register.filter(name='get_idc_count') -# def get_idc_count(post, dept): -# count = post.asset_set.filter(dept=dept).count() -# return count -# -# -# @register.filter(name='ast_to_list_1') -# def ast_to_list_1(lis): -# return ast.literal_eval(lis) -# -# -# @register.filter(name='string_length') -# def string_length(string, length): -# return '%s ...' % string[0:length] - @register.filter(name='to_name') def to_name(user_id): @@ -336,17 +98,6 @@ def to_name(user_id): return '非法用户' -# @register.filter(name='to_dept_name') -# def to_dept_name(user_id): -# try: -# user = User.objects.filter(id=int(user_id)) -# if user: -# user = user[0] -# return user.dept.name -# except: -# return '非法部门' - - @register.filter(name='to_role_name') def to_role_name(role_id): """role_id 转变为角色名称""" @@ -359,99 +110,16 @@ def to_avatar(role_id='0'): """不同角色不同头像""" role_dict = {'0': 'user', '1': 'admin', '2': 'root'} return role_dict.get(str(role_id), 'user') -# -# -# @register.filter(name='get_user_asset_group') -# def get_user_asset_group(user): -# return user.get_asset_group() -# -# -# @register.filter(name='group_asset_list') -# def group_asset_list(group): -# return group.asset_set.all() -# -# -# @register.filter(name='group_asset_list_count') -# def group_asset_list_count(group): -# return group.asset_set.all().count() -# -# -# @register.filter(name='time_delta') -# def time_delta(time_before): -# delta = datetime.datetime.now() - time_before -# days = delta.days -# if days: -# return "%s 天前" % days -# else: -# hours = delta.seconds/3600 -# if hours: -# return "%s 小时前" % hours -# else: -# mins = delta.seconds/60 -# if mins: -# return '%s 分钟前' % mins -# else: -# return '%s 秒前' % delta.seconds -# -# -# @register.filter(name='sudo_cmd_list') -# def sudo_cmd_list(cmd_group_id): -# cmd_group = CmdGroup.objects.filter(id=cmd_group_id) -# if cmd_group: -# cmd_group = cmd_group[0] -# return cmd_group.cmd.split(',') -# -# -# @register.filter(name='sudo_cmd_count') -# def sudo_cmd_count(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# cmds = [] -# if user_group: -# user_group = user_group[0] -# cmd_groups = [] -# -# for perm in user_group.sudoperm_set.all(): -# cmd_groups.extend(perm.cmd_group.all()) -# -# for cmd_group in cmd_groups: -# cmds.extend(cmd_group.cmd.split(',')) -# return len(set(cmds)) -# -# else: -# return 0 -# -# -# @register.filter(name='sudo_cmd_count') -# def sudo_cmd_count(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# cmds = [] -# if user_group: -# user_group = user_group[0] -# cmd_groups = [] -# for perm in user_group.sudoperm_set.all(): -# cmd_groups.extend(perm.cmd_group.all()) -# -# for cmd_group in cmd_groups: -# cmds.extend(cmd_group.cmd.split(',')) -# return len(set(cmds)) -# else: -# return 0 -# -# -# @register.filter(name='sudo_cmd_ids') -# def sudo_cmd_ids(user_group_id): -# user_group = UserGroup.objects.filter(id=user_group_id) -# if user_group: -# user_group = user_group[0] -# cmd_groups = [] -# for perm in user_group.sudoperm_set.all(): -# cmd_groups.extend(perm.cmd_group.all()) -# cmd_ids = [str(cmd_group.id) for cmd_group in cmd_groups] -# return ','.join(cmd_ids) -# else: -# return '0' -# -# -# @register.filter(name='cmd_group_split') -# def cmd_group_split(cmd_group): -# return cmd_group.cmd.split(',') + + +@register.filter(name='result2bool') +def result2bool(result=''): + """将结果定向为结果""" + result = eval(result) + unreachable = result.get('unreachable', []) + failures = result.get('failures', []) + + if unreachable or failures: + return '失败' + else: + return '成功' diff --git a/templates/jperm/dept_perm_edit.html b/templates/jperm/dept_perm_edit.html deleted file mode 100644 index 7d9c8247f..000000000 --- a/templates/jperm/dept_perm_edit.html +++ /dev/null @@ -1,179 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - - -
    -
    -
    -
    -
    -
    部门授权编辑
    -
    - - - - - - - - - - -
    -
    - - - - - -
    -
    - {% if error %} -
    {{ error }}
    - {% endif %} - {% if msg %} -
    {{ msg }}
    - {% endif %} -
    -
    - -
    - - -
    -
    - -
    - -
    - -
    - -
    -
    -
    -
    - -
    -
    - - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -
    -
    - -
    -
    -
    -
    -
    - - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/dept_perm_list.html b/templates/jperm/dept_perm_list.html deleted file mode 100644 index 92d467d89..000000000 --- a/templates/jperm/dept_perm_list.html +++ /dev/null @@ -1,104 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    查看部门
    -
    - - - - - - - - - - -
    -
    - -
    -
    - 添加部门 - -
    - - - - - - - - - - - - - - {% for dept in contacts.object_list %} - - - - - - - - {% endfor %} - -
    部门名称部门成员数目授权主机数目备注操作
    {{ dept.name }} {{ dept.id | dept_user_num }} {{ dept.id | dept_asset_num }} {{ dept.comment }} -{# 主机#} - 授权编辑 -
    -
    -
    -
    - Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries -
    -
    - {% include 'paginator.html' %} -
    -
    -
    -
    -
    -
    - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_apply.html b/templates/jperm/perm_apply.html deleted file mode 100644 index 167a9574e..000000000 --- a/templates/jperm/perm_apply.html +++ /dev/null @@ -1,187 +0,0 @@ -{% extends 'base.html' %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    填写要申请主机的基本信息
    -
    - - - - - - -
      -
    - - - -
    -
    - - - - - -
    - {% if emg %} -
    {{ emg }}
    - {% endif %} - {% if smg %} -
    {{ smg }}
    - {% endif %} -
    - {% csrf_token %} -
    -
    -
    - -
    -
    -
    -
    - -
    -
    -
    - - {% for da in dept_da %} - - {% endfor %} -
    -
    - -
    -
    - -
    - -
    -
    - -
    -
    - -
    - -
    -
    -
    -
    - -
    -
    - - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    - - -
    -
    -
    -
    - -
    -
    -
    - -
    -
    -
    -
    -
    -
    -
    -
    - - -{% endblock content %} \ No newline at end of file diff --git a/templates/jperm/perm_apply_exec.html b/templates/jperm/perm_apply_exec.html deleted file mode 100644 index 6e9580210..000000000 --- a/templates/jperm/perm_apply_exec.html +++ /dev/null @@ -1,31 +0,0 @@ -{% extends 'base.html' %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -

    -
    -
    -
    -
    -
    - - - -{% endblock content %} \ No newline at end of file diff --git a/templates/jperm/perm_apply_info.html b/templates/jperm/perm_apply_info.html deleted file mode 100644 index 716b76f15..000000000 --- a/templates/jperm/perm_apply_info.html +++ /dev/null @@ -1,55 +0,0 @@ -{% load mytags %} - - - - - - - - - - - - - - -
    -

    {{ post.applyer }}权限申请详情

    -
    -
    -
    -
    申请人
    -
    所属部门
    -
    申请主机组
    -
    申请主机
    - {% for i in post.asset|ast_to_list_1 %} -
    Null
    - {% endfor %} -
    批准人
    -
    申请时间
    -
    批准时间
    -
    备注
    -
    -
    -
    -
    -
    -
    {{ post.applyer }}
    -
    {{ post.dept }}
    -
    {% for i in post.bisgroup|ast_to_list_1 %} {{ i }} {% endfor %}
    - {% for i in post.asset|ast_to_list_1 %} -
    {{ i }}
    - {% endfor %} -
    Null
    -
    {{ post.approver }}1
    -
    {{ post.date_add|date:"Y-m-d H:i:s"}}
    -
    {{ post.date_end|date:"Y-m-d H:i:s" }}1
    -
    {{ post.comment }}
    -
    -
    -
    - - \ No newline at end of file diff --git a/templates/jperm/perm_apply_search.html b/templates/jperm/perm_apply_search.html deleted file mode 100644 index 7f62da3aa..000000000 --- a/templates/jperm/perm_apply_search.html +++ /dev/null @@ -1,40 +0,0 @@ -{% load mytags %} -
    - - - - - - - - - - - - - - - - {% for post in contacts.object_list %} - - - - - - - - - - - {% endfor %} - -
    申请人 所属部门 申请主机组 申请主机 批准人 申请时间 备注 详情
    {{ post.applyer }} {{ post.dept }} {{ post.bisgroup|ast_to_list }} {{ post.asset|ast_to_list }} {{ post.approver }} {{ post.date_add|date:"Y-m-d H:i:s"}} {{ post.comment }} - 详情 -
    -
    -
    -
    - {% include 'paginator.html' %} -
    -
    - \ No newline at end of file diff --git a/templates/jperm/perm_asset_detail.html b/templates/jperm/perm_asset_detail.html deleted file mode 100644 index 8be1ece6b..000000000 --- a/templates/jperm/perm_asset_detail.html +++ /dev/null @@ -1,61 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} - -{% block content %} - {% include 'nav_cat_bar.html' %} -
    -
    - -
    -
    -
    -
    授权主机详情
    -
    - - - - - - - - - - -
    -
    -
    - - - - - - - - - - {% for asset in assets_list %} - - - - - - {% endfor %} - -
    IPIDC主机组
    {{ asset.ip }}{{ asset.idc.name }} - {% for group in asset.bis_group.all|filter_private %} - {{ group }} - {% endfor %} -
    -
    -
    -
    - -
    -
    - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_detail.html b/templates/jperm/perm_detail.html deleted file mode 100644 index b772e4613..000000000 --- a/templates/jperm/perm_detail.html +++ /dev/null @@ -1,118 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} - -{% block content %} - {% include 'nav_cat_bar.html' %} -
    -
    -
    -
    -
    -
    授权主机/组
    -
    - - - - - - - - - - -
    -
    -
    -

    用户

    - 组下用户. -
    -
    -
    -
    -
    - - {{ user_group.name }} -
    - 共: {{ group_user_num }} 用户 -
    -
    -

    {{ user_group.comment }}

    -

    - {% for user in users %} - {{ user.name }}
    - {% endfor %} -

    -

    -
    -
    -
    - {% if not user|get_user_asset_group %} - (无) - {% endif %} -
    -
    -
    - -
    -
    -
    -
    授权主机/组
    -
    - - - - - - - - - - -
    -
    -
    -

    授权主机/组

    - 这里包含了用户所有的主机组和组下的主机. -
    -
    - {% for group in asset_groups %} -
    -
    -
    - - {{ group.name }} -
    - 共: {{ group | group_asset_list_count }}台 -
    -
    -

    {{ group.comment }}

    -

    - {% for asset in group|group_asset_list %} - {{ asset.ip }}
    - {% endfor %} -

    -

    -
    -
    -
    - {% endfor %} - {% if not user|get_user_asset_group %} - (暂无) - {% endif %} -
    -
    -
    -
    -
    - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_edit.html b/templates/jperm/perm_edit.html deleted file mode 100644 index 33cd1e4eb..000000000 --- a/templates/jperm/perm_edit.html +++ /dev/null @@ -1,130 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    主机授权修改
    -
    - - - - - - - - - - -
    -
    - -
    -
    - {% if error %} -
    {{ error }}
    - {% endif %} - {% if msg %} -
    {{ msg }}
    - {% endif %} -
    -
    - -
    - - -
    -
    - -
    - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -
    -
    - -
    -
    -
    -
    -
    - - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_edit_bak.html b/templates/jperm/perm_edit_bak.html deleted file mode 100644 index cba2d4155..000000000 --- a/templates/jperm/perm_edit_bak.html +++ /dev/null @@ -1,138 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} - -{% block content %} - - - {% include 'nav_cat_bar.html' %} -
    -
    -
    -
    - -
    -
    授权编辑表单 Edit perm of Group
    -
    - - - - - - - - - - -
    -
    - -
    -
    -
    -
    - - -
    -
    -
    -
    - -
    -
    -
    -
    - - -
    -
    - -
    -
    - -
    -

    未授权主机组

    -
    - - -
    -
    - -
    -
    - - -
    -
    - -

    授权主机

    -
    - -
    -
    -
    -
    -
    -
    - - -
    -
    -
    -
    - -
    -
    -
    -
    -
    - -{# #} - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_list_ajax.html b/templates/jperm/perm_list_ajax.html deleted file mode 100644 index 64a15a0f2..000000000 --- a/templates/jperm/perm_list_ajax.html +++ /dev/null @@ -1,132 +0,0 @@ -{% load mytags %} -{% ifequal tab 'tab1' %} - - - - - - - - - - - - {% for group in contacts.object_list %} - - - - - - - - {% endfor %} - -
    组名 - 类型 - 成员数量授权数量操作
    {{ group.name }} {{ group.type|group_type_to_str }} {{ group.id|member_count }} {{ group.id|perm_count }} - 详情 - 编辑 - 删除 -
    -
    -
    -
    - Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries -
    -
    -
    -
    -
      - {% if contacts.has_previous %} - - {% else %} - - {% endif %} - {% for page in p.page_range %} - {% ifequal offset1 page %} -
    • {{ page }}
      • - {% else %} -
    • {{ page }}
      • - {% endifequal %} - {% endfor %} - {% if contacts.has_next %} - - {% else %} - - {% endif %} -
    -
    -
    -
    -{% else %} - - - - - - - - - - - - {% for user in contacts2.object_list %} - - - - - - - - {% endfor %} - -
    用户角色属组主机数量操作
    {{ user.name }} {{ user.id | get_role }} {{ user.username | groups_str }} {{ user.id | perm_asset_count }} - 详情 -
    -
    -
    -
    - Showing {{ contacts2.start_index }} to {{ contacts2.end_index }} of {{ p2.count }} entries -
    -
    -
    -
    -
      - {% if contacts2.has_previous %} - - {% else %} - - {% endif %} - {% for page in p2.page_range %} - {% ifequal offset1 page %} -
    • {{ page }}
      • - {% else %} -
    • {{ page }}
      • - {% endifequal %} - {% endfor %} - {% if contacts2.has_next %} - - {% else %} - - {% endif %} -
    -
    -
    -
    -{% endifequal %} \ No newline at end of file diff --git a/templates/jperm/perm_log.html b/templates/jperm/perm_log.html index 3b71002e6..b24a868a1 100644 --- a/templates/jperm/perm_log.html +++ b/templates/jperm/perm_log.html @@ -1,12 +1,14 @@ {% extends 'base.html' %} +{% load mytags %} {% block content %} {% include 'nav_cat_bar.html' %} +
    -
    +
    -
    -
    用户权限申请详细信息列表
    +
    +
    查看小组
    @@ -14,12 +16,6 @@ - @@ -27,63 +23,47 @@
    -
    - -
    -
    -
    - - - - - - - - - - - - - - - {% for post in contacts.object_list %} - - - - - - - - - - - - - {% endfor %} - -
    申请人 所属部门 申请主机组 申请主机 申请时间 批准时间 备注
    {{ post.applyer }} {{ post.dept }} {{ post.bisgroup }} {{ post.asset }} {{ post.date_add|date:"Y-m-d H:i:s"}} {{ post.date_end|date:"Y-m-d H:i:s" }} {{ post.comment }}
    -
    -
    +
    +
    + +
    + + + + + + + + + + + {% for log in logs %} + + + + + + {% endfor %} + +
    日期结果完成
    {{ log.datetime | date:"Y-n-d G:i:s" }} + {{ log.result | result2bool | safe }} + {{ log.is_finished | yesno:"是,否,为止" }}
    +
    +
    +
    + Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries +
    +
    + {% include 'paginator.html' %} +
    diff --git a/templates/jperm/perm_log_offline.html b/templates/jperm/perm_log_offline.html deleted file mode 100644 index 8b1250277..000000000 --- a/templates/jperm/perm_log_offline.html +++ /dev/null @@ -1,127 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} -
    -
    -
    -
    -
    -
    用户权限申请详细信息列表
    -
    - - - - - - - - - - -
    -
    - -
    -
    - -
    -
    -
    - - - - - - - - - - - - - - - - {% for post in contacts.object_list %} - - - - - - - - - - - {% endfor %} - -
    申请人 所属部门 申请主机组 申请主机 批准人 申请时间 备注 详情
    {{ post.applyer }} {{ post.dept }} {{ post.bisgroup|ast_to_list }} {{ post.asset|ast_to_list }} {{ post.approver }} {{ post.date_add|date:"Y-m-d H:i:s"}} {{ post.comment }} - 详情 -
    -
    -
    -
    - {% include 'paginator.html' %} -
    -
    -
    -
    -
    -
    -
    - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_log_online.html b/templates/jperm/perm_log_online.html deleted file mode 100644 index cda6b07c3..000000000 --- a/templates/jperm/perm_log_online.html +++ /dev/null @@ -1,128 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} -
    -
    -
    -
    -
    -
    用户权限申请详细信息列表
    -
    - - - - - - - - - - -
    -
    - -
    -
    - -
    -
    -
    - - - - - - - - - - - - - - - {% for post in contacts.object_list %} - - - - - - - - - - {% endfor %} - -
    申请人 所属部门 申请主机组 申请主机 申请时间 备注 操作
    {{ post.applyer }} {{ post.dept }} {{ post.bisgroup|ast_to_list }} {{ post.asset|ast_to_list }} {{ post.date_add|date:"Y-m-d H:i:s"}} {{ post.comment }} - 详情 - {% ifnotequal session_role_id 0 %} - 确认 - 删除 - {% endifnotequal %} -
    -
    -
    -
    - {% include 'paginator.html' %} -
    -
    -
    -
    -
    -
    -
    - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_user_detail.html b/templates/jperm/perm_user_detail.html deleted file mode 100644 index 3a17821a4..000000000 --- a/templates/jperm/perm_user_detail.html +++ /dev/null @@ -1,240 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    用户授权详情
    -
    - - - - - - - - - - -
    -
    - -
    -
    -
    -
    - -
    -
    - -
    - -
    -
    - - - - - - - - - - - - {% for perm in contacts.object_list %} - - - - - - - - {% endfor %} - -
    名称用户组主机组备注操作
    {{ perm.name }} - {% for user_group in perm.user_group.all %} - {{ user_group.name }} - {% endfor %} - - {% for asset_group in perm.asset_group.all %} - {{ asset_group.name }} - {% endfor %} - {{ perm.comment }} - 详情 - 编辑 - 删除 -
    -
    -
    -
    - Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries -
    -
    -
    -
    -
      - {% if contacts.has_previous %} - - {% else %} - - {% endif %} - {% for page in page_range %} - {% ifequal current_page page %} -
    • {{ page }}
      • - {% else %} -
    • {{ page }}
      • - {% endifequal %} - {% endfor %} - {% if contacts.has_next %} - - {% else %} - - {% endif %} -
    -
    -
    -
    -
    - -
    -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# {% for user in contacts2.object_list %}#} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# #} -{# {% endfor %}#} -{# #} -{#
    用户角色属组主机数量操作
    {{ user.name }} {{ user.id | get_role }} {{ user.username | groups_str }} {{ user.id | perm_asset_count }} #} -{# 详情#} -{#
    #} -{#
    #} -{#
    #} -{#
    #} -{# Showing {{ contacts2.start_index }} to {{ contacts2.end_index }} of {{ p2.count }} entries#} -{#
    #} -{#
    #} -{#
    #} -{#
    #} -{#
      #} -{# {% if contacts2.has_previous %}#} -{# #} -{# {% else %}#} -{# #} -{# {% endif %}#} -{# {% for page in page_range2 %}#} -{# {% ifequal current_page page %}#} -{#
    • {{ page }}
      • #} -{# {% else %}#} -{#
    • {{ page }}
      • #} -{# {% endifequal %}#} -{# {% endfor %}#} -{# {% if contacts2.has_next %}#} -{# #} -{# {% else %}#} -{# #} -{# {% endif %}#} -{#
    #} -{#
    #} -{#
    #} -{#
    #} - -
    -
    - -
    - -
    - - - -
    -
    -
    -
    -
    - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_add.html b/templates/jperm/sudo_add.html deleted file mode 100644 index 0087da321..000000000 --- a/templates/jperm/sudo_add.html +++ /dev/null @@ -1,226 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    Sudo授权添加
    -
    - - - - - - - - - - -
    -
    - -
    -
    -
    - -
    -
    - -
    - -
    -
    -
    - {% if error %} -
    {{ error }}
    - {% endif %} - {% if msg %} -
    {{ msg }}
    - {% endif %} -
    -
    - -
    - - 取个名字方便辨识,只支持英文 -
    -
    -
    - -
    - -
    - - - 允许以哪个用户允许sudo,逗号分隔,默认root - -
    -
    -
    - -
    - -
    -
    - -
    -
    - - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    - -
    - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    - -
    - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    - - -
    -
    - -
    - -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -
    -
    -
    -
    -
    - -
    -
    -
    -
    -
    - - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_cmd_add.html b/templates/jperm/sudo_cmd_add.html deleted file mode 100644 index ff46b049c..000000000 --- a/templates/jperm/sudo_cmd_add.html +++ /dev/null @@ -1,148 +0,0 @@ -{% extends 'base.html' %} - -{% block content %} - {% include 'nav_cat_bar.html' %} -
    -
    -
    -
    -
    -
    填写基本信息
    -
    - - - - - - - - - - -
    -
    -
    -
    -
    -
    - -
    -
    - -
    - -
    -
    -
    - {% if error %} -
    {{ error }}
    - {% endif %} - {% if msg %} -
    {{ msg }}
    - {% endif %} -
    - -
    - - -
    -
    - {% ifequal session_role_id 2 %} -
    -
    - -
    - -
    -
    - {% endifequal %} -
    -
    - -
    - - - 输入命令一行一个,请写绝对路径如: /bin/su,所有是ALL,排除su是 !/bin/su - -
    -
    -
    -
    - -
    - -
    -
    - -
    -
    -
    - - -
    -
    - -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_cmd_detail.html b/templates/jperm/sudo_cmd_detail.html deleted file mode 100644 index 26a7b8e72..000000000 --- a/templates/jperm/sudo_cmd_detail.html +++ /dev/null @@ -1,48 +0,0 @@ -{% load mytags %} - - - {% include 'link_css.html' %} - - - - - -
    -
    - {% if cmd_group_name %} -

    {{ cmd_group.name }} 命令详情

    - {% endif %} -
    - - - {% if cmd_group_name %} - - - - - - - - - - - - - - {% endif %} - - - - -
    ID名称部门
    {{ cmd_group.id }}{{ cmd_group.name }}{{ cmd_group.dept.name }}
    命令: - {{ cmds_str }} -
    -
    -
    - - \ No newline at end of file diff --git a/templates/jperm/sudo_cmd_list.html b/templates/jperm/sudo_cmd_list.html deleted file mode 100644 index f7c2d9652..000000000 --- a/templates/jperm/sudo_cmd_list.html +++ /dev/null @@ -1,140 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    查看命令分组
    -
    - - - - - - - - - - -
    -
    - -
    -
    -
    -
    - -
    -
    - -
    -
    -
    - - - - - - - - - - - - - {% for group in contacts.object_list %} - - - - - - - - {% endfor %} - -
    组名命令部门备注操作
    {{ group.name }} {{ group.cmd | string_length:50 }} {{ group.dept.name }} {{ group.comment }} - 详情 - 编辑 - 删除 -
    -
    -
    -
    -
    -
    -
    -
    - Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries -
    -
    -
    -
    -
      - {% if contacts.has_previous %} - - {% else %} - - {% endif %} - {% for page in p.page_range %} - {% ifequal offset1 page %} -
    • {{ page }}
      • - {% else %} -
    • {{ page }}
      • - {% endifequal %} - {% endfor %} - {% if contacts.has_next %} - - {% else %} - - {% endif %} -
    -
    -
    -
    -
    -
    -
    -
    -
    - - - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_detail.html b/templates/jperm/sudo_detail.html deleted file mode 100644 index c732a4b37..000000000 --- a/templates/jperm/sudo_detail.html +++ /dev/null @@ -1,170 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} - -{% block content %} - {% include 'nav_cat_bar.html' %} -
    -
    -
    -
    -
    -
    授权主机/组
    -
    - - - - - - - - - - -
    -
    -
    -

    用户

    - 组下用户. -
    -
    -
    -
    -
    - - {{ user_group.name }} -
    - 共: {{ group_user_num }} 用户 -
    -
    -

    {{ user_group.comment }}

    -

    - {% for user in users %} - {{ user.name }}
    - {% endfor %} -

    -

    -
    -
    -
    - {% if not users %} - (暂无) - {% endif %} -
    -
    -
    - -
    -
    -
    -
    授权主机/组
    -
    - - - - - - - - - - -
    -
    -
    -

    授权主机/组

    - 这里包含了sudo授权所有的主机组和组下的主机. -
    -
    - {% for group in asset_groups %} -
    -
    -
    - - {{ group.name }} -
    - 共: {{ group | group_asset_list_count }}台 -
    -
    -

    {{ group.comment }}

    -

    - {% for asset in group|group_asset_list %} - {{ asset.ip }}
    - {% endfor %} -

    -

    -
    -
    -
    - {% endfor %} - {% if not asset_groups %} - (暂无) - {% endif %} -
    -
    -
    - -
    -
    -
    -
    授权命令/组
    -
    - - - - - - - - - - -
    -
    -
    - {% for cmd_group in cmd_groups %} -
    -
    -
    - - {{ cmd_group.name }} -
    - 共: {{ cmd_group.id|sudo_cmd_count }} 个 -
    -
    -

    {{ group.comment }}

    -

    - {% for cmd in cmd_group|cmd_group_split %} - {{ cmd }}
    - {% endfor %} -

    -

    -
    -
    -
    - {% endfor %} - {% if not cmd_groups %} - (暂无) - {% endif %} -
    -
    -
    - -
    -
    - -{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sudo_edit.html b/templates/jperm/sudo_edit.html deleted file mode 100644 index e1c7977ce..000000000 --- a/templates/jperm/sudo_edit.html +++ /dev/null @@ -1,155 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    Sudo授权编辑
    -
    - - - - - - - - - - -
    -
    - -
    -
    -
    -
    - -
    -
    - -
    -
    - {% if error %} -
    {{ error }}
    - {% endif %} - {% if msg %} -
    {{ msg }}
    - {% endif %} -
    -
    - -
    - - - - 允许以哪个用户进行sudo,逗号分隔,如: root或者 ALL 等 - -
    -
    - -
    - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    - -
    - -
    - -
    -
    - -
    -
    - -
    -
    - - -
    -
    - -
    -
    - -
    -
    -
    - - -
    -
    - -
    - -
    -
    -
    -
    - -
    -
    -
    - - -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    -{% endblock %} - diff --git a/templates/jperm/sudo_list.html b/templates/jperm/sudo_list.html deleted file mode 100644 index ab9116e7a..000000000 --- a/templates/jperm/sudo_list.html +++ /dev/null @@ -1,129 +0,0 @@ -{% extends 'base.html' %} -{% load mytags %} -{% block content %} -{% include 'nav_cat_bar.html' %} - -
    -
    -
    -
    -
    -
    Sudo授权列表
    -
    - - - - - - - - - - -
    -
    - -
    - -
    -
    -
    - -
    -
    - -
    -
    -
    - - - - - - - - - - - - - - - {% for group in contacts.object_list %} - - - - - - - - - - - {% endfor %} - -
    组名所属部门成员数目授权主机组数目授权主机数目sudo命令备注操作
    {{ group.name }} {{ group.dept.name }} {{ group.id | member_count }} {{ group.id | ugrp_sudo_agrp_count }} {{ group.id | ugrp_sudo_asset_count }} {{ group.id | sudo_cmd_count }} {{ group.comment }} - 详情 - sudo授权 -
    -
    -
    -
    - Showing {{ contacts.start_index }} to {{ contacts.end_index }} of {{ p.count }} entries -
    -
    - {% include 'paginator.html' %} -
    -
    -
    -
    -
    -
    -
    -
    -
    -
    - - - -{% endblock %} \ No newline at end of file diff --git a/templates/nav.html b/templates/nav.html index d0a5e37b9..f0b6bd2db 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -39,6 +39,7 @@ 命令授权
  • 权限审批
    • +
  • 授权记录
  • From fe1f825fdf91d46e83a246801321c5be4b5dc0c4 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Mon, 19 Oct 2015 23:40:16 +0800 Subject: [PATCH 11/36] perm edit --- jasset/views.py | 303 ---------------------------------------------- jperm/perm_api.py | 165 ++++++++++++++++++++++--- 2 files changed, 149 insertions(+), 319 deletions(-) diff --git a/jasset/views.py b/jasset/views.py index 4a33f647c..8e639c3b3 100644 --- a/jasset/views.py +++ b/jasset/views.py @@ -118,119 +118,6 @@ def asset_add(request): msg = u'主机 %s 添加成功' % ip return my_render('jasset/asset_add.html', locals(), request) -# -# -# @require_admin -# def host_add_batch(request): -# """ 批量添加主机 """ -# header_title, path1, path2 = u'批量添加主机', u'资产管理', u'批量添加主机' -# login_types = {'LDAP': 'L', 'MAP': 'M'} -# active_types = {'激活': 1, '禁用': 0} -# dept_id = get_user_dept(request) -# if request.method == 'POST': -# multi_hosts = request.POST.get('j_multi').split('\n') -# for host in multi_hosts: -# if host == '': -# break -# j_ip, j_port, j_type, j_idc, j_groups, j_depts, j_active, j_comment = host.split() -# j_active = active_types[str(j_active)] -# j_group = ast.literal_eval(j_groups) -# j_dept = ast.literal_eval(j_depts) -# -# if j_type not in ['LDAP', 'MAP']: -# return httperror(request, u'没有%s这种登录方式!' %j_type) -# -# j_type = login_types[j_type] -# idc = IDC.objects.filter(name=j_idc) -# if idc: -# j_idc = idc[0].id -# else: -# return httperror(request, '添加失败, 没有%s这个IDC' % j_idc) -# -# group_ids, dept_ids = [], [] -# for group_name in j_group: -# group = BisGroup.objects.filter(name=group_name) -# if group: -# group_id = group[0].id -# else: -# return httperror(request, '添加失败, 没有%s这个主机组' % group_name) -# group_ids.append(group_id) -# -# for dept_name in j_dept: -# dept = DEPT.objects.filter(name=dept_name) -# if dept: -# dept_id = dept[0].id -# else: -# return httperror(request, '添加失败, 没有%s这个部门' % dept_name) -# dept_ids.append(dept_id) -# -# if is_group_admin(request) and not validate(request, asset_group=group_ids, edept=dept_ids): -# return httperror(request, '添加失败, 没有%s这个主机组' % group_name) -# -# if Asset.objects.filter(ip=str(j_ip)): -# return httperror(request, '添加失败, 改IP%s已存在' % j_ip) -# -# host_info = [j_ip, j_port, j_idc, j_type, group_ids, dept_ids, j_active, j_comment] -# db_host_insert(host_info) -# -# smg = u'批量添加添加成功' -# return my_render('jasset/host_add_multi.html', locals(), request) -# -# return my_render('jasset/host_add_multi.html', locals(), request) -# -# -# @require_admin -# def host_edit_batch(request): -# """ 批量修改主机 """ -# if request.method == 'POST': -# len_table = request.POST.get('len_table') -# for i in range(int(len_table)): -# j_id = "editable[" + str(i) + "][j_id]" -# j_ip = "editable[" + str(i) + "][j_ip]" -# j_port = "editable[" + str(i) + "][j_port]" -# j_dept = "editable[" + str(i) + "][j_dept]" -# j_idc = "editable[" + str(i) + "][j_idc]" -# j_type = "editable[" + str(i) + "][j_type]" -# j_group = "editable[" + str(i) + "][j_group]" -# j_active = "editable[" + str(i) + "][j_active]" -# j_comment = "editable[" + str(i) + "][j_comment]" -# -# j_id = request.POST.get(j_id).strip() -# j_ip = request.POST.get(j_ip).strip() -# j_port = request.POST.get(j_port).strip() -# j_dept = request.POST.getlist(j_dept) -# j_idc = request.POST.get(j_idc).strip() -# j_type = request.POST.get(j_type).strip() -# j_group = request.POST.getlist(j_group) -# j_active = request.POST.get(j_active).strip() -# j_comment = request.POST.get(j_comment).strip() -# -# host_info = [j_id, j_ip, j_idc, j_port, j_type, j_group, j_dept, j_active, j_comment] -# batch_host_edit(host_info) -# -# return HttpResponseRedirect('/jasset/host_list/') -# -# -# @require_role(role='user') -# def host_edit_common_batch(request): -# """ 普通用户批量修改主机别名 """ -# u = get_session_user_info(request)[2] -# if request.method == 'POST': -# len_table = request.POST.get('len_table') -# for i in range(int(len_table)): -# j_id = "editable[" + str(i) + "][j_id]" -# j_alias = "editable[" + str(i) + "][j_alias]" -# j_id = request.POST.get(j_id, '').strip() -# j_alias = request.POST.get(j_alias, '').strip() -# a = Asset.objects.get(id=j_id) -# asset_alias = AssetAlias.objects.filter(user=u, host=a) -# if asset_alias: -# asset_alias = asset_alias[0] -# asset_alias.alias = j_alias -# asset_alias.save() -# else: -# AssetAlias.objects.create(user=u, host=a, alias=j_alias) -# return my_render('jasset/host_list_common.html', locals(), request) @require_role(role='user') @@ -313,53 +200,6 @@ def asset_edit(request): return my_render('jasset/asset_edit.html', locals(), request) -# @require_role(role='admin') -# def host_edit_adm(request): -# """ 部门管理员修改主机 """ -# header_title, path1, path2 = u'修改主机', u'资产管理', u'修改主机' -# actives = {1: u'激活', 0: u'禁用'} -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# eidc = IDC.objects.all() -# dept = get_session_user_info(request)[5] -# egroup = BisGroup.objects.exclude(name='ALL').filter(dept=dept) -# host_id = request.GET.get('id', '') -# post = Asset.objects.filter(id=int(host_id)) -# if post: -# post = post[0] -# else: -# return httperror(request, '没有此主机!') -# -# e_group = post.bis_group.all() -# -# if request.method == 'POST': -# j_ip = request.POST.get('j_ip') -# j_idc = request.POST.get('j_idc') -# j_port = request.POST.get('j_port') -# j_type = request.POST.get('j_type') -# j_dept = request.POST.getlist('j_dept') -# j_group = request.POST.getlist('j_group') -# j_active = request.POST.get('j_active') -# j_comment = request.POST.get('j_comment') -# -# host_info = [j_ip, j_port, j_idc, j_type, j_group, j_dept, j_active, j_comment] -# -# if not validate(request, asset_group=j_group, edept=j_dept): -# emg = u'修改失败,您无权操作!' -# return my_render('jasset/asset_edit.html', locals(), request) -# -# if j_type == 'M': -# j_user = request.POST.get('j_user') -# j_password = request.POST.get('j_password') -# db_host_update(host_info, j_user, j_password, post) -# else: -# db_host_update(host_info, post) -# -# smg = u'主机 %s 修改成功' % j_ip -# return HttpResponseRedirect('/jasset/host_detail/?id=%s' % host_id) -# -# return my_render('jasset/asset_edit.html', locals(), request) - - @require_role('admin') def asset_detail(request): """ 主机详情 """ @@ -370,146 +210,3 @@ def asset_detail(request): return my_render('jasset/asset_detail.html', locals(), request) - - -# -# -# @require_admin -# def group_edit(request): -# """ 修改主机组 """ -# header_title, path1, path2 = u'编辑主机组', u'资产管理', u'编辑主机组' -# group_id = request.GET.get('id', '') -# group = BisGroup.objects.filter(id=group_id) -# if group: -# group = group[0] -# else: -# httperror(request, u'没有这个主机组!') -# -# host_all = Asset.objects.all() -# dept_id = get_session_user_info(request)[3] -# eposts = Asset.objects.filter(bis_group=group) -# -# if is_group_admin(request) and not validate(request, asset_group=[group_id]): -# return httperror(request, '编辑失败, 您无权操作!') -# dept = DEPT.objects.filter(id=group.dept.id) -# if dept: -# dept = dept[0] -# else: -# return httperror(request, u'没有这个部门!') -# -# all_dept = dept.asset_set.all() -# posts = [g for g in all_dept if g not in eposts] -# -# if request.method == 'POST': -# j_group = request.POST.get('j_group', '') -# j_hosts = request.POST.getlist('j_hosts', '') -# j_dept = request.POST.get('j_dept', '') -# j_comment = request.POST.get('j_comment', '') -# -# j_dept = DEPT.objects.filter(id=int(j_dept)) -# j_dept = j_dept[0] -# -# group.asset_set.clear() -# for host in j_hosts: -# g = Asset.objects.get(id=host) -# group.asset_set.add(g) -# BisGroup.objects.filter(id=group_id).update(name=j_group, dept=j_dept, comment=j_comment) -# smg = u'主机组%s修改成功' % j_group -# return HttpResponseRedirect('/jasset/group_list') -# -# return my_render('jasset/group_edit.html', locals(), request) -# -# -# @require_admin -# def group_detail(request): -# """ 主机组详情 """ -# header_title, path1, path2 = u'主机组详情', u'资产管理', u'主机组详情' -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# dept = get_session_user_info(request)[5] -# group_id = request.GET.get('id', '') -# group = BisGroup.objects.get(id=group_id) -# if is_super_user(request): -# posts = Asset.objects.filter(bis_group=group).order_by('ip') -# -# elif is_group_admin(request): -# if not validate(request, asset_group=[group_id]): -# return httperror(request, u'您无权查看!') -# posts = Asset.objects.filter(bis_group=group).filter(dept=dept).order_by('ip') -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) -# return my_render('jasset/group_detail.html', locals(), request) -# -# -# @require_admin -# def group_del_host(request): -# """ 主机组中剔除主机, 并不删除真实主机 """ -# if request.method == 'POST': -# group_id = request.POST.get('group_id') -# offset = request.GET.get('id', '') -# group = BisGroup.objects.get(id=group_id) -# if offset == 'group': -# len_list = request.POST.get("len_list") -# for i in range(int(len_list)): -# key = "id_list[" + str(i) + "]" -# jid = request.POST.get(key) -# g = Asset.objects.get(id=jid) -# group.asset_set.remove(g) -# -# else: -# offset = request.GET.get('id', '') -# group_id = request.GET.get('gid', '') -# group = BisGroup.objects.get(id=group_id) -# g = Asset.objects.get(id=offset) -# group.asset_set.remove(g) -# -# return HttpResponseRedirect('/jasset/group_detail/?id=%s' % group.id) -# - -# @require_admin -# def dept_host_ajax(request): -# """ 添加主机组时, 部门联动主机异步 """ -# dept_id = request.GET.get('id', '') -# if dept_id not in ['1', '2']: -# dept = DEPT.objects.filter(id=dept_id) -# if dept: -# dept = dept[0] -# hosts = dept.asset_set.all() -# else: -# hosts = Asset.objects.all() -# -# return my_render('jasset/dept_host_ajax.html', locals(), request) -# -# -# def show_all_ajax(request): -# """ 批量修改主机时, 部门和组全部显示 """ -# env = request.GET.get('env', '') -# get_id = request.GET.get('id', '') -# host = Asset.objects.filter(id=get_id) -# if host: -# host = host[0] -# return my_render('jasset/show_all_ajax.html', locals(), request) -# -# -# @require_login -# def host_search(request): -# """ 搜索主机 """ -# keyword = request.GET.get('keyword') -# login_types = {'L': 'LDAP', 'M': 'MAP'} -# dept = get_session_user_info(request)[5] -# post_all = Asset.objects.filter(Q(ip__contains=keyword) | -# Q(idc__name__contains=keyword) | -# Q(bis_group__name__contains=keyword) | -# Q(comment__contains=keyword)).distinct().order_by('ip') -# if is_super_user(request): -# posts = post_all -# -# elif is_group_admin(request): -# posts = post_all.filter(dept=dept) -# -# elif is_common_user(request): -# user_id, username = get_session_user_info(request)[0:2] -# post_perm = user_perm_asset_api(username) -# posts = list(set(post_all) & set(post_perm)) -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) -# -# return my_render('jasset/host_search.html', locals(), request) \ No newline at end of file diff --git a/jperm/perm_api.py b/jperm/perm_api.py index d777ca82d..8f95a7e1b 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -65,10 +65,10 @@ def perm_user_api(perm_info): 'assets': []}} """ try: - new_users = perm_info['new']['users'] - new_assets = perm_info['new']['assets'] - del_users = perm_info['del']['users'] - del_assets = perm_info['del']['assets'] + new_users = perm_info.get('new', {}).get('users', []) + new_assets = perm_info.get('new', {}).get('assets',[]) + del_users = perm_info.get('del', {}).get('users', []) + del_assets = perm_info.get('del', {}).get('assets', []) print new_users, new_assets except IndexError: @@ -117,18 +117,151 @@ def perm_user_api(perm_info): return results -def get_user_assets(user): - if isinstance(user, int): - user = get_object(User, id=user) - elif isinstance(user, str): - user = get_object(User, username=user) - elif isinstance(user, User): - user = user - else: - user = None +def user_group_permed(user_group): + assets = user_group.asset_set.all() + asset_groups = user_group.asset_group.all() + + for asset_group in asset_groups: + assets.extend(asset_group.asset.all()) + + return {'assets': assets, 'asset_groups': asset_groups} + + +def user_permed(user): + asset_groups = [] + assets = [] + user_groups = user.user_group.all() + asset_groups.extend(user.asset_group.all()) + assets.extend(user.asset.all()) + + for user_group in user_groups: + asset_groups.extend(user_group_permed(user_group).get('assets', [])) + assets.extend((user_group_permed(user_group).get('asset_groups', []))) + + return {'assets': assets, 'asset_groups': asset_groups} + + +def _public_perm_api(info): + """ + 公用的用户,用户组,主机,主机组编辑修改新建调用的api,用来完成授权 + info like that: + { + 'type': 'new_user', + 'user': 'a', + 'group': ['A', 'B'] + } + + { + 'type': 'edit_user', + 'user': 'a', + 'group': {'new': ['A'], 'del': []} + } + + { + 'type': 'del_user', + 'user': ['a', 'b'] + } + + { + 'type': 'edit_user_group', + 'group': 'A', + 'user': {'del': ['a', 'b'], 'new': ['c', 'd']} + } + + { + 'type': 'del_user_group', + 'group': ['A'] + } + + { + 'type': 'new_asset', + 'asset': 'a', + 'group': ['A', 'B'] + } + + { + 'type': 'edit_asset', + 'asset': 'a', + 'group': { + 'del': ['A', ['B'], + 'new': ['C', ['D']] + } + } + + { + 'type': 'del_asset', + 'asset': ['a', 'b'] + } + + { + 'type': 'edit_asset_group', + 'group': 'A', + 'asset': {'new': ['a', 'b'], 'del': ['c', 'd']} + } + + { + 'type': 'del_asset_group', + 'group': ['A', 'B'] + } + """ + + if info.get('type') == 'new_user': + new_assets = [] + user = info.get('user') + user_groups = info.get('group') + for user_group in user_groups: + new_assets.extend(user_group_permed(user_group).get('assets', [])) + + perm_info = { + 'new': {'users': [user], 'assets': new_assets} + } + elif info.get('type') == 'edit_user': + new_assets = [] + del_assets = [] + user = info.get('user') + new_group = info.get('group').get('new') + del_group = info.get('group').get('del') + + for user_group in new_group: + new_assets.extend(user_group_permed(user_group).get('assets', [])) + + for user_group in del_group: + del_assets.extend((user_group_permed(user_group).get('assets', []))) + + perm_info = { + 'del': {'users': [user], 'assets': del_assets}, + 'new': {'users': [user], 'assets': new_assets} + } + + elif info.get('type') == 'del_user': + user = info.get('user') + del_assets = user_permed(user).get('assets', []) + perm_info = { + 'del': {'users': [user], 'assets': del_assets}, + } + + elif info.get('type') == 'edit_user_group': + user_group = info.get('group') + new_users = info.get('user').get('new') + del_users = info.get('user').get('del') + assets = user_group_permed(user_group).get('assets', []) + + perm_info = { + 'new': {'users': new_users, 'assets': assets}, + 'del': {'users': del_users, 'assets': assets} + } + + elif info.get('type') == 'del_user_group': + assets = [] + user_groups = info.get('group', []) + del_users = [user_group.user_set.all() for user_group in user_groups] + for user_group in user_groups: + assets.extend(user_group_permed(user_group).get('assets', [])) + + perm_info = {} + + + -def refresh_group_api(user_group=None, asset_group=None): - """用户组添加删除用户,主机组添加删除主机触发""" - pass From 40d00f7cbd97442ba9c37574dcd0c419b11f5942 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=BF=E5=AE=8F=E4=BC=9F?= Date: Wed, 21 Oct 2015 20:44:28 +0800 Subject: [PATCH 12/36] lost playboo_run --- jperm/models.py | 6 +- jperm/perm_api.py | 76 ++++++++------- jperm/views.py | 2 +- juser/views.py | 244 ++++------------------------------------------ 4 files changed, 65 insertions(+), 263 deletions(-) diff --git a/jperm/models.py b/jperm/models.py index 1a07e6572..9584e8946 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -7,5 +7,7 @@ from jasset.models import Asset, AssetGroup class PermLog(models.Model): datetime = models.DateTimeField(auto_now_add=True) - result = models.CharField(max_length=1000, null=True, blank=True, default='') - is_finished = models.BooleanField(default=False) + action = models.CharField(max_length=100, null=True, blank=True, default='') + results = models.CharField(max_length=1000, null=True, blank=True, default='') + is_success = models.BooleanField(default=False) + is_finish = models.BooleanField(default=False) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 8f95a7e1b..2ded2087c 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -6,9 +6,10 @@ import uuid import re from ansible.playbook import PlayBook from ansible import callbacks, utils -from jumpserver.tasks import playbook_run, add +from jumpserver.tasks import playbook_run from jumpserver.models import Setting +from jperm.models import PermLog def get_object_list(model, id_list): @@ -64,38 +65,21 @@ def perm_user_api(perm_info): 'new': {'users': [], 'assets': []}} """ + log = PermLog(action=perm_info.get('action', '')) try: new_users = perm_info.get('new', {}).get('users', []) - new_assets = perm_info.get('new', {}).get('assets',[]) + new_assets = perm_info.get('new', {}).get('assets', []) del_users = perm_info.get('del', {}).get('users', []) del_assets = perm_info.get('del', {}).get('assets', []) - print new_users, new_assets except IndexError: raise ServerError("Error: function perm_user_api传入参数错误") - # 检查传入的是字符串还是对象 - check_users = new_users + del_users try: - if isinstance(check_users[0], str): - var_type = 'str' - else: - var_type = 'obj' - - except IndexError: - raise ServerError("Error: function perm_user_api传入参数错误") - - try: - if var_type == 'str': - new_ip = new_assets - del_ip = del_assets - new_username = new_users - del_username = del_users - else: - new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)] - del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)] - new_username = [user.username for user in new_users if isinstance(user, User)] - del_username = [user.username for user in del_users if isinstance(user, User)] + new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)] + del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)] + new_username = [user.username for user in new_users if isinstance(user, User)] + del_username = [user.username for user in del_users if isinstance(user, User)] except IndexError: raise ServerError("Error: function perm_user_api传入参数类型错误") @@ -114,11 +98,20 @@ def perm_user_api(perm_info): settings = get_object(Setting, name='default') results = playbook_run(inventory, playbook, settings) + if not results.get('failed', 1) and not results.get('unreachable', ''): + is_success = True + else: + is_success = False + + log.results = results + log.is_finish = True + log.is_success = is_success + log.save() return results def user_group_permed(user_group): - assets = user_group.asset_set.all() + assets = user_group.asset.all() asset_groups = user_group.asset_group.all() for asset_group in asset_groups: @@ -130,7 +123,7 @@ def user_group_permed(user_group): def user_permed(user): asset_groups = [] assets = [] - user_groups = user.user_group.all() + user_groups = user.group.all() asset_groups.extend(user.asset_group.all()) assets.extend(user.asset.all()) @@ -213,7 +206,7 @@ def _public_perm_api(info): new_assets.extend(user_group_permed(user_group).get('assets', [])) perm_info = { - 'new': {'users': [user], 'assets': new_assets} + 'new': {'action': 'new user: ' + user.name, 'users': [user], 'assets': new_assets} } elif info.get('type') == 'edit_user': new_assets = [] @@ -229,6 +222,7 @@ def _public_perm_api(info): del_assets.extend((user_group_permed(user_group).get('assets', []))) perm_info = { + 'action': 'edit user: ' + user.name, 'del': {'users': [user], 'assets': del_assets}, 'new': {'users': [user], 'assets': new_assets} } @@ -237,7 +231,7 @@ def _public_perm_api(info): user = info.get('user') del_assets = user_permed(user).get('assets', []) perm_info = { - 'del': {'users': [user], 'assets': del_assets}, + 'action': 'del user: ' + user.name, 'del': {'users': [user], 'assets': del_assets}, } elif info.get('type') == 'edit_user_group': @@ -247,18 +241,32 @@ def _public_perm_api(info): assets = user_group_permed(user_group).get('assets', []) perm_info = { + 'action': 'edit user group: ' + user_group.name, 'new': {'users': new_users, 'assets': assets}, 'del': {'users': del_users, 'assets': assets} } elif info.get('type') == 'del_user_group': - assets = [] - user_groups = info.get('group', []) - del_users = [user_group.user_set.all() for user_group in user_groups] - for user_group in user_groups: - assets.extend(user_group_permed(user_group).get('assets', [])) + user_group = info.get('group', []) + del_users = user_group.user_set.all() + assets = user_group_permed(user_group).get('assets', []) + + perm_info = { + 'action': "del user group: " + user_group.name, 'del': {'users': del_users, 'assets': assets} + } + else: + return + + try: + results = perm_user_api(perm_info) # 通过API授权或回收 + except ServerError, e: + return e + else: + return results + + + - perm_info = {} diff --git a/jperm/views.py b/jperm/views.py index 8a5e67e3e..0fd1f1f99 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1 +1 @@ -# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 results = perm_user_api(asset_new, asset_del, asset_group_new, asset_group_del, user_group=user_group) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) \ No newline at end of file +# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'action': 'perm user edit: ' + user.name, 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 users = user_group.user_set.all() perm_info = { 'action': 'perm group edit: ' + user_group.name, 'del': {'users': users, 'assets': asset_del}, 'new': {'users': users, 'assets': asset_new} } results = perm_user_api(perm_info) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) \ No newline at end of file diff --git a/juser/views.py b/juser/views.py index 6cfd91ef1..c6ca3a649 100644 --- a/juser/views.py +++ b/juser/views.py @@ -11,6 +11,7 @@ from django.template import RequestContext from django.db.models import ObjectDoesNotExist from juser.user_api import * +from jperm.perm_api import _public_perm_api, perm_user_api, user_permed def chg_role(request): @@ -89,31 +90,6 @@ def group_del(request): return HttpResponse('删除成功') -# @require_role(role='admin') -# def group_list_adm(request): -# header_title, path1, path2 = '查看部门小组', '用户管理', '查看小组' -# keyword = request.GET.get('search', '') -# did = request.GET.get('did', '') -# user, dept = get_session_user_dept(request) -# contact_list = dept.usergroup_set.all().order_by('name') -# -# if keyword: -# contact_list = contact_list.filter(Q(name__icontains=keyword) | Q(comment__icontains=keyword)) -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# return render_to_response('juser/group_list.html', locals(), context_instance=RequestContext(request)) - -# -# @require_role(role='admin') -# def group_detail(request): -# group_id = request.GET.get('id', None) -# if not group_id: -# return HttpResponseRedirect('/') -# group = UserGroup.objects.get(id=group_id) -# users = group.user_set.all() -# return render_to_response('juser/group_detail.html', locals(), context_instance=RequestContext(request)) - - @require_role(role='super') def group_edit(request): error = '' @@ -165,54 +141,6 @@ def group_edit(request): return my_render('juser/group_edit.html', locals(), request) -# @require_role(role='admin') -# def group_edit_adm(request): -# error = '' -# msg = '' -# header_title, path1, path2 = '修改小组信息', '用户管理', '编辑小组' -# user, dept = get_session_user_dept(request) -# if request.method == 'GET': -# group_id = request.GET.get('id', '') -# if not validate(request, user_group=[group_id]): -# return HttpResponseRedirect('/juser/group_list/') -# group = UserGroup.objects.filter(id=group_id) -# if group: -# group = group[0] -# users_all = dept.user_set.all() -# users_selected = group.user_set.all() -# users = [user for user in users_all if user not in users_selected] -# -# return render_to_response('juser/group_edit.html', locals(), context_instance=RequestContext(request)) -# else: -# group_id = request.POST.get('group_id', '') -# group_name = request.POST.get('group_name', '') -# comment = request.POST.get('comment', '') -# users_selected = request.POST.getlist('users_selected') -# -# users = [] -# try: -# if not validate(request, user=users_selected): -# raise ServerError(u'右侧非部门用户') -# -# if not validate(request, user_group=[group_id]): -# raise ServerError(u'没有权限修改本组') -# -# for user_id in users_selected: -# users.extend(User.objects.filter(id=user_id)) -# -# user_group = UserGroup.objects.filter(id=group_id) -# if user_group: -# user_group.update(name=group_name, comment=comment, dept=dept) -# user_group = user_group[0] -# user_group.user_set.clear() -# user_group.user_set = users -# -# except ServerError, e: -# error = e -# -# return HttpResponseRedirect('/juser/group_list/') - - @require_role(role='super') def user_add(request): error = '' @@ -257,11 +185,20 @@ def user_add(request): is_active=is_active, date_joined=datetime.datetime.now()) server_add_user(username, password, ssh_key_pwd, ssh_key_login_need) - except Exception, e: + user = get_object(User, username=username) + if groups: + user_groups = [] + for user_group_id in groups: + user_groups.extend(UserGroup.objects.filter(id=user_group_id)) + print user_groups + results = _public_perm_api({'type': 'new_user', 'user': user, 'group': user_groups}) + print results + except IndexError, e: error = u'添加用户 %s 失败 %s ' % (username, e) try: db_del_user(username) server_del_user(username) + _public_perm_api({'type': 'del_user', 'user': user, 'group': user_groups}) except Exception: pass else: @@ -271,78 +208,6 @@ def user_add(request): return my_render('juser/user_add.html', locals(), request) -# @require_role(role='admin') -# def user_add_adm(request): -# error = '' -# msg = '' -# header_title, path1, path2 = '添加用户', '用户管理', '添加用户' -# user, dept = get_session_user_dept(request) -# group_all = dept.usergroup_set.all() -# -# if request.method == 'POST': -# username = request.POST.get('username', '') -# password = PyCrypt.gen_rand_pwd(16) -# name = request.POST.get('name', '') -# email = request.POST.get('email', '') -# groups = request.POST.getlist('groups', []) -# ssh_key_pwd = PyCrypt.gen_rand_pwd(16) -# is_active = True if request.POST.get('is_active', '1') == '1' else False -# ldap_pwd = PyCrypt.gen_rand_pwd(16) -# -# try: -# if '' in [username, password, ssh_key_pwd, name, groups, is_active]: -# error = u'带*内容不能为空' -# raise ServerError -# user = User.objects.filter(username=username) -# if user: -# error = u'用户 %s 已存在' % username -# raise ServerError -# -# except ServerError: -# pass -# else: -# try: -# user = db_add_user(username=username, -# password=CRYPTOR.md5_crypt(password), -# name=name, email=email, dept=dept, -# groups=groups, role='CU', -# ssh_key_pwd=CRYPTOR.md5_crypt(ssh_key_pwd), -# ldap_pwd=CRYPTOR.encrypt(ldap_pwd), -# is_active=is_active, -# date_joined=datetime.datetime.now()) -# -# server_add_user(username, password, ssh_key_pwd) -# if LDAP_ENABLE: -# ldap_add_user(username, ldap_pwd) -# -# except Exception, e: -# error = u'添加用户 %s 失败 %s ' % (username, e) -# try: -# db_del_user(username) -# server_del_user(username) -# if LDAP_ENABLE: -# ldap_del_user(username) -# except Exception: -# pass -# else: -# mail_title = u'恭喜你的跳板机用户添加成功 Jumpserver' -# mail_msg = """ -# Hi, %s -# 您的用户名: %s -# 您的部门: %s -# 您的角色: %s -# 您的web登录密码: %s -# 您的ssh密钥文件密码: %s -# 密钥下载地址: http://%s:%s/juser/down_key/?id=%s -# 说明: 请登陆后再下载密钥! -# """ % (name, username, dept.name, '普通用户', -# password, ssh_key_pwd, SEND_IP, SEND_PORT, user.id) -# send_mail(mail_title, mail_msg, MAIL_FROM, [email], fail_silently=False) -# msg = u'添加用户 %s 成功! 用户密码已发送到 %s 邮箱!' % (username, email) -# -# return render_to_response('juser/user_add.html', locals(), context_instance=RequestContext(request)) - - @require_role(role='super') def user_list(request): user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} @@ -365,31 +230,6 @@ def user_list(request): return my_render('juser/user_list.html', locals(), request) -# @require_role(role='admin') -# def user_list_adm(request): -# user_role = {'SU': u'超级管理员', 'GA': u'组管理员', 'CU': u'普通用户'} -# header_title, path1, path2 = '查看用户', '用户管理', '用户列表' -# keyword = request.GET.get('keyword', '') -# user, dept = get_session_user_dept(request) -# gid = request.GET.get('gid', '') -# contact_list = dept.user_set.all().order_by('name') -# -# if gid: -# if not validate(request, user_group=[gid]): -# return HttpResponseRedirect('/juser/user_list/') -# user_group = UserGroup.objects.filter(id=gid) -# if user_group: -# user_group = user_group[0] -# contact_list = user_group.user_set.all() -# -# if keyword: -# contact_list = contact_list.filter(Q(username__icontains=keyword) | Q(name__icontains=keyword)).order_by('name') -# -# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(contact_list, request) -# -# return render_to_response('juser/user_list.html', locals(), context_instance=RequestContext(request)) - - @require_role(role='user') def user_detail(request): header_title, path1, path2 = '用户详情', '用户管理', '用户详情' @@ -420,8 +260,12 @@ def user_del(request): user_ids = request.GET.get('id', '') user_id_list = user_ids.split(',') for user_id in user_id_list: - User.objects.filter(id=user_id).delete() - + user = get_object(User, id=user_id) + if user: + assets = user_permed(user) + result = _public_perm_api({'type': 'del_user', 'user': user, 'asset': assets}) + print result + user.delete() return HttpResponse('删除成功') @@ -540,6 +384,7 @@ def user_edit(request): admin_groups=admin_groups, role=role_post, is_active=is_active) + _public_perm_api({'type': 'del_user', 'user': user, 'asset': user_permed(user)}) if email_need: msg = u""" @@ -561,59 +406,6 @@ def user_edit(request): # @require_role(role='admin') def user_edit_adm(request): pass -# header_title, path1, path2 = '编辑用户', '用户管理', '用户编辑' -# user, dept = get_session_user_dept(request) -# if request.method == 'GET': -# user_id = request.GET.get('id', '') -# if not user_id: -# return HttpResponseRedirect('/juser/user_list/') -# -# if not validate(request, user=[user_id]): -# return HttpResponseRedirect('/juser/user_list/') -# -# user = User.objects.filter(id=user_id) -# dept_all = DEPT.objects.all() -# group_all = dept.usergroup_set.all() -# if user: -# user = user[0] -# groups_str = ' '.join([str(group.id) for group in user.group.all()]) -# -# else: -# user_id = request.POST.get('user_id', '') -# password = request.POST.get('password', '') -# name = request.POST.get('name', '') -# email = request.POST.get('email', '') -# groups = request.POST.getlist('groups', []) -# ssh_key_pwd = request.POST.get('ssh_key_pwd', '') -# is_active = True if request.POST.get('is_active', '1') == '1' else False -# -# if not validate(request, user=[user_id], user_group=groups): -# return HttpResponseRedirect('/juser/user_edit/') -# if user_id: -# user = User.objects.filter(id=user_id) -# if user: -# user = user[0] -# else: -# return HttpResponseRedirect('/juser/user_list/') -# -# if password != user.password: -# password = CRYPTOR.md5_crypt(password) -# -# if ssh_key_pwd != user.ssh_key_pwd: -# ssh_key_pwd = CRYPTOR.encrypt(ssh_key_pwd) -# -# db_update_user(user_id=user_id, -# password=password, -# name=name, -# email=email, -# groups=groups, -# is_active=is_active, -# ssh_key_pwd=ssh_key_pwd) -# -# return HttpResponseRedirect('/juser/user_list/') -# -# return render_to_response('juser/user_edit.html', locals(), context_instance=RequestContext(request)) -# def profile(request): From 77131a39d48f87860a42095453a9248f13da8fb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=BF=E5=AE=8F=E4=BC=9F?= Date: Wed, 21 Oct 2015 20:53:07 +0800 Subject: [PATCH 13/36] recovery playboo_run --- jperm/perm_api.py | 2 -- jumpserver/tasks.py | 46 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 jumpserver/tasks.py diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 2ded2087c..18892ce94 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -4,8 +4,6 @@ from jasset.models import * from jumpserver.api import * import uuid import re -from ansible.playbook import PlayBook -from ansible import callbacks, utils from jumpserver.tasks import playbook_run from jumpserver.models import Setting diff --git a/jumpserver/tasks.py b/jumpserver/tasks.py new file mode 100644 index 000000000..54726eb10 --- /dev/null +++ b/jumpserver/tasks.py @@ -0,0 +1,46 @@ +# coding: utf-8 + +from ansible.playbook import PlayBook +from ansible import callbacks, utils + + +def playbook_run(inventory, playbook, default_user=None, default_port=None, default_pri_key_path=None): + stats = callbacks.AggregateStats() + playbook_cb = callbacks.PlaybookCallbacks(verbose=utils.VERBOSITY) + runner_cb = callbacks.PlaybookRunnerCallbacks(stats, verbose=utils.VERBOSITY) + # run the playbook + print default_user, default_port, default_pri_key_path, inventory, playbook + if default_user and default_port and default_pri_key_path: + playbook = PlayBook(host_list=inventory, + playbook=playbook, + forks=5, + remote_user=default_user, + remote_port=default_port, + private_key_file=default_pri_key_path, + callbacks=playbook_cb, + runner_callbacks=runner_cb, + stats=stats, + become=True, + become_user='root') + else: + playbook = PlayBook(host_list=inventory, + playbook=playbook, + forks=5, + callbacks=playbook_cb, + runner_callbacks=runner_cb, + stats=stats, + become=True, + become_user='root') + results = playbook.run() + results_r = {'unreachable': [], 'failures': [], 'success': []} + for hostname, result in results.items(): + if result.get('unreachable', 2): + results_r['unreachable'].append(hostname) + print "%s >>> unreachable" % hostname + elif result.get('failures', 2): + results_r['failures'].append(hostname) + print "%s >>> Failed" % hostname + else: + results_r['success'].append(hostname) + print "%s >>> Success" % hostname + return results_r \ No newline at end of file From 4baffed48172c548b783e8d68cde02cddd513002 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Wed, 21 Oct 2015 21:19:18 +0800 Subject: [PATCH 14/36] base commit --- jperm/perm_api.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 18892ce94..0202ef19b 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -96,7 +96,7 @@ def perm_user_api(perm_info): settings = get_object(Setting, name='default') results = playbook_run(inventory, playbook, settings) - if not results.get('failed', 1) and not results.get('unreachable', ''): + if not results.get('failures', 1) and not results.get('unreachable', ''): is_success = True else: is_success = False From 79e81340dc837df84799cd3cad95d44bfde87383 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Wed, 21 Oct 2015 22:39:53 +0800 Subject: [PATCH 15/36] modify log --- jperm/perm_api.py | 3 ++- templates/jperm/perm_log.html | 21 ++++++++++++++++++--- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 0202ef19b..585fa3cbf 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -204,7 +204,8 @@ def _public_perm_api(info): new_assets.extend(user_group_permed(user_group).get('assets', [])) perm_info = { - 'new': {'action': 'new user: ' + user.name, 'users': [user], 'assets': new_assets} + 'action': 'new user: ' + user.name, + 'new': {'users': [user], 'assets': new_assets} } elif info.get('type') == 'edit_user': new_assets = [] diff --git a/templates/jperm/perm_log.html b/templates/jperm/perm_log.html index b24a868a1..ead5f399d 100644 --- a/templates/jperm/perm_log.html +++ b/templates/jperm/perm_log.html @@ -40,7 +40,8 @@ 日期 - 结果 + 动作 + 成功 完成 @@ -48,10 +49,13 @@ {% for log in logs %} {{ log.datetime | date:"Y-n-d G:i:s" }} + {{ log.action }} - {{ log.result | result2bool | safe }} + + {{ log.is_success | yesno:"是,否,为止" }} + - {{ log.is_finished | yesno:"是,否,为止" }} + {{ log.is_finish | yesno:"是,否,为止" }} {% endfor %} @@ -70,4 +74,15 @@
    • +{% endblock %} + +{% block self_footer_js %} + + {% endblock %} \ No newline at end of file From 72a18d6abf4b2a279e94d5a9e5c4a28e09dcbb98 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Sat, 24 Oct 2015 23:52:06 +0800 Subject: [PATCH 16/36] use map --- jperm/models.py | 8 ++ jperm/perm_api.py | 22 ++++- jperm/urls.py | 41 +++------ jperm/views.py | 2 +- jumpserver/tasks.py | 1 + juser/user_api.py | 36 ++++---- playbook/user_perm.yaml | 2 +- templates/jperm/sys_user_add.html | 130 +++++++++++++++++++++++++++++ templates/jperm/sys_user_list.html | 102 ++++++++++++++++++++++ templates/nav.html | 2 +- 10 files changed, 290 insertions(+), 56 deletions(-) create mode 100644 templates/jperm/sys_user_add.html create mode 100644 templates/jperm/sys_user_list.html diff --git a/jperm/models.py b/jperm/models.py index 9584e8946..b86ddd433 100644 --- a/jperm/models.py +++ b/jperm/models.py @@ -11,3 +11,11 @@ class PermLog(models.Model): results = models.CharField(max_length=1000, null=True, blank=True, default='') is_success = models.BooleanField(default=False) is_finish = models.BooleanField(default=False) + + +class SysUser(models.Model): + username = models.CharField(max_length=100) + password = models.CharField(max_length=100) + comment = models.CharField(max_length=100, null=True, blank=True, default='') + + diff --git a/jperm/perm_api.py b/jperm/perm_api.py index 585fa3cbf..ccfcbb6b4 100644 --- a/jperm/perm_api.py +++ b/jperm/perm_api.py @@ -76,8 +76,8 @@ def perm_user_api(perm_info): try: new_ip = [asset.ip for asset in new_assets if isinstance(asset, Asset)] del_ip = [asset.ip for asset in del_assets if isinstance(asset, Asset)] - new_username = [user.username for user in new_users if isinstance(user, User)] - del_username = [user.username for user in del_users if isinstance(user, User)] + new_username = [user.username for user in new_users] + del_username = [user.username for user in del_users] except IndexError: raise ServerError("Error: function perm_user_api传入参数类型错误") @@ -90,7 +90,7 @@ def perm_user_api(perm_info): playbook = get_playbook(os.path.join(BASE_DIR, 'playbook', 'user_perm.yaml'), {'the_new_group': 'new', 'the_del_group': 'del', 'the_new_users': the_new_users, 'the_del_users': the_del_users, - 'the_pub_key': '/tmp/id_rsa.pub'}) + 'KEY_DIR': os.path.join(SSH_KEY_DIR, 'sysuser')}) print playbook, inventory @@ -264,6 +264,22 @@ def _public_perm_api(info): return results +def push_user(user, asset_groups_id): + assets = [] + if not user: + return {'error': '没有该用户'} + for group_id in asset_groups_id: + asset_group = get_object(AssetGroup, id=group_id) + if asset_group: + assets.extend(asset_group.asset_set.all()) + perm_info = { + 'action': 'Push user:' + user.username, + 'new': {'users': [user], 'assets': assets} + } + + results = perm_user_api(perm_info) + return results + diff --git a/jperm/urls.py b/jperm/urls.py index c95ab9684..3892407c1 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -2,34 +2,13 @@ from django.conf.urls import patterns, include, url from jperm.views import * urlpatterns = patterns('jperm.views', - # Examples: - (r'^user/$', perm_user_list), - (r'^perm_user_edit/$', perm_user_edit), - (r'^group/$', perm_group_list), - (r'^perm_group_edit/$', perm_group_edit), - (r'log/$', log), - # (r'^dept_perm_edit/$', 'dept_perm_edit'), - # (r'^perm_list/$', view_splitter, {'su': perm_list, 'adm': perm_list_adm}), - # (r'^dept_perm_list/$', 'dept_perm_list'), - # (r'^perm_user_detail/$', 'perm_user_detail'), - # (r'^perm_detail/$', 'perm_detail'), - # (r'^perm_del/$', 'perm_del'), - # (r'^perm_asset_detail/$', 'perm_asset_detail'), - # (r'^sudo_list/$', view_splitter, {'su': sudo_list, 'adm': sudo_list_adm}), - # (r'^sudo_del/$', 'sudo_del'), - # (r'^sudo_edit/$', view_splitter, {'su': sudo_edit, 'adm': sudo_edit_adm}), - # (r'^sudo_refresh/$', 'sudo_refresh'), - # (r'^sudo_detail/$', 'sudo_detail'), - # (r'^cmd_add/$', view_splitter, {'su': cmd_add, 'adm': cmd_add_adm}), - # (r'^cmd_list/$', 'cmd_list'), - # (r'^cmd_del/$', 'cmd_del'), - # (r'^cmd_edit/$', 'cmd_edit'), - # (r'^cmd_detail/$', 'cmd_detail'), - # (r'^apply/$', 'perm_apply'), - # (r'^apply_show/(\w+)/$', 'perm_apply_log'), - # (r'^apply_exec/$', 'perm_apply_exec'), - # (r'^apply_info/$', 'perm_apply_info'), - # (r'^apply_del/$', 'perm_apply_del'), - # (r'^apply_search/$', 'perm_apply_search'), - -) + (r'^user/$', perm_user_list), + (r'^perm_user_edit/$', perm_user_edit), + (r'^group/$', perm_group_list), + (r'^perm_group_edit/$', perm_group_edit), + (r'^log/$', log), + (r'^sys_user_add/$', sys_user_add), + (r'^sys_user_list/$', sys_user_list), + (r'^sys_user_del/$', sys_user_del), + (r'^sys_user_edit/$', sys_user_edit), + ) diff --git a/jperm/views.py b/jperm/views.py index 0fd1f1f99..2e910e025 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -1 +1 @@ -# # coding: utf-8 # import sys # # reload(sys) # sys.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'action': 'perm user edit: ' + user.name, 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 users = user_group.user_set.all() perm_info = { 'action': 'perm group edit: ' + user_group.name, 'del': {'users': users, 'assets': asset_del}, 'new': {'users': users, 'assets': asset_new} } results = perm_user_api(perm_info) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) \ No newline at end of file +# # coding: utf-8 # import sysuser # # reload(sysuser) # sysuser.setdefaultencoding('utf8') # # from django.shortcuts import render_to_response # from django.template import RequestContext # from jperm.models import Perm, SudoPerm, CmdGroup, Apply from django.db.models import Q from jumpserver.api import * from jperm.perm_api import * from jperm.models import PermLog as Log from jperm.models import SysUser from juser.user_api import gen_ssh_key @require_role('admin') def perm_user_list(request): header_title, path1, path2 = '用户授权', '授权管理', '用户授权' keyword = request.GET.get('search', '') users_list = User.objects.all() # 获取所有用户 if keyword: users_list = users_list.filter(Q(name=keyword) | Q(username=keyword)) # 搜索 users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) # 分页 return my_render('jperm/perm_user_list.html', locals(), request) @require_role('admin') def perm_user_edit(request): header_title, path1, path2 = '用户授权', '授权管理', '授权更改' user_id = request.GET.get('id', '') user = get_object(User, id=user_id) asset_all = Asset.objects.all() # 获取所有资产 asset_group_all = AssetGroup.objects.all() # 获取所有资产组 asset_permed = user.asset.all() # 获取授权的资产对象列表 asset_group_permed = user.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user: assets = [asset for asset in asset_all if asset not in asset_permed] # 获取没有授权的资产对象列表 asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] # 同理 return my_render('jperm/perm_user_edit.html', locals(), request) elif request.method == 'POST' and user: asset_id_select = request.POST.getlist('asset_select', []) # 获取选择的资产id列表 asset_group_id_select = request.POST.getlist('asset_groups_select', []) # 获取选择的资产组id列表 asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 for asset_group in asset_group_new: asset_new.extend(asset_group.asset_set.all()) for asset_group in asset_group_del: asset_del.extend(asset_group.asset_set.all()) perm_info = { 'action': 'perm user edit: ' + user.name, 'del': {'users': [user], 'assets': asset_del}, 'new': {'users': [user], 'assets': asset_new} } print perm_info try: results = perm_user_api(perm_info) # 通过API授权或回收 except ServerError, e: return HttpResponse(e) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user.asset = asset_select user.asset_group = asset_group_select user.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') @require_role('admin') def perm_group_list(request): header_title, path1, path2 = '用户组授权', '授权管理', '用户组授权' keyword = request.GET.get('search', '') user_groups_list = UserGroup.objects.all() if keyword: request = user_groups_list.filter(Q(name=keyword) | Q(comment=keyword)) user_groups_list, p, user_groups, page_range, current_page, show_first, show_end = pages(user_groups_list, request) return my_render('jperm/perm_group_list.html', locals(), request) @require_role('admin') def perm_group_edit(request): header_title, path1, path2 = '用户组授权', '授权管理', '授权更改' user_group_id = request.GET.get('id', '') user_group = get_object(UserGroup, id=user_group_id) asset_all = Asset.objects.all() asset_group_all = AssetGroup.objects.all() asset_permed = user_group.asset.all() # 获取授权的资产对象列表 asset_group_permed = user_group.asset_group.all() # 获取授权的资产组对象列表 if request.method == 'GET' and user_group: assets = [asset for asset in asset_all if asset not in asset_permed] asset_groups = [asset_group for asset_group in asset_group_all if asset_group not in asset_group_permed] return my_render('jperm/perm_group_edit.html', locals(), request) elif request.method == 'POST' and user_group: asset_id_select = request.POST.getlist('asset_select', []) asset_group_id_select = request.POST.getlist('asset_groups_select', []) asset_select = get_object_list(Asset, asset_id_select) asset_group_select = get_object_list(AssetGroup, asset_group_id_select) asset_new = list(set(asset_select) - set(asset_permed)) # 计算的得到新授权的资产对象列表 asset_del = list(set(asset_permed) - set(asset_select)) # 计算得到回收权限的资产对象列表 asset_group_new = list(set(asset_group_select) - set(asset_group_permed)) # 新授权的资产组对象列表 asset_group_del = list(set(asset_group_permed) - set(asset_group_select)) # 回收的资产组对象列表 users = user_group.user_set.all() perm_info = { 'action': 'perm group edit: ' + user_group.name, 'del': {'users': users, 'assets': asset_del}, 'new': {'users': users, 'assets': asset_new} } results = perm_user_api(perm_info) unreachable_asset = [] failures_asset = [] for ip in results.get('unreachable'): unreachable_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) for ip in results.get('failures'): failures_asset.extend(filter(lambda x: x, Asset.objects.filter(ip=ip))) failures_asset.extend(unreachable_asset) # 失败的授权要统计 for asset in failures_asset: if asset in asset_select: asset_select.remove(asset) else: asset_select.append(asset) user_group.asset = asset_select user_group.asset_group = asset_group_select user_group.save() # 保存到数据库 return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") else: return HttpResponse('输入错误') def log(request): header_title, path1, path2 = '授权记录', '授权管理', '授权记录' log_all = Log.objects.all().order_by('-datetime') log_all, p, logs, page_range, current_page, show_first, show_end = pages(log_all, request) return my_render('jperm/perm_log.html', locals(), request) def sys_user_add(request): asset_group_all = AssetGroup.objects.all() if request.method == 'POST': username = request.POST.get('username', '') password = request.POST.get('password', '') asset_groups_id = request.POST.getlist('asset_groups_select', []) comment = request.POST.get('comment') sys_user = SysUser(username=username, password=password, comment=comment) sys_user.save() gen_ssh_key(username, key_dir=os.path.join(SSH_KEY_DIR, 'sysuser'), authorized_keys=False) results = push_user(sys_user, asset_groups_id) return HttpResponse(json.dumps(results, sort_keys=True, indent=4), content_type="application/json") return my_render('jperm/sys_user_add.html', locals(), request) def sys_user_list(request): users_list = SysUser.objects.all() users_list, p, users, page_range, current_page, show_first, show_end = pages(users_list, request) return my_render('jperm/sys_user_list.html', locals(), request) def sys_user_edit(request): pass def sys_user_del(request): pass \ No newline at end of file diff --git a/jumpserver/tasks.py b/jumpserver/tasks.py index 54726eb10..22fd514ef 100644 --- a/jumpserver/tasks.py +++ b/jumpserver/tasks.py @@ -32,6 +32,7 @@ def playbook_run(inventory, playbook, default_user=None, default_port=None, defa become=True, become_user='root') results = playbook.run() + print results results_r = {'unreachable': [], 'failures': [], 'success': []} for hostname, result in results.items(): if result.get('unreachable', 2): diff --git a/juser/user_api.py b/juser/user_api.py index 04a638a0f..2354b663f 100644 --- a/juser/user_api.py +++ b/juser/user_api.py @@ -1,6 +1,7 @@ # coding: utf-8 from Crypto.PublicKey import RSA +from subprocess import call from juser.models import AdminGroup from jumpserver.api import * @@ -115,30 +116,27 @@ def db_del_user(username): user.delete() -def gen_ssh_key(username, password=None, length=2048): +def gen_ssh_key(username, password='', + key_dir=os.path.join(BASE_DIR, 'keys/user/'), + authorized_keys=True, home="/home", length=2048): """ generate a user ssh key in a property dir 生成一个用户ssh密钥对 """ - print "gen_ssh_key" + str(time.time()) - private_key_dir = os.path.join(BASE_DIR, 'keys/jumpserver/') - private_key_file = os.path.join(private_key_dir, username+".pem") - public_key_dir = '/home/%s/.ssh/' % username - public_key_file = os.path.join(public_key_dir, 'authorized_keys') - is_dir(private_key_dir) - is_dir(public_key_dir, username, mode=0700) + private_key_file = os.path.join(key_dir, username) + if os.path.isfile(private_key_file): + os.unlink(private_key_file) + ret = bash('ssh-keygen -t rsa -f %s -b %s -P "%s"' % (private_key_file, length, password)) - key = RSA.generate(length) - with open(private_key_file, 'w') as pri_f: - pri_f.write(key.exportKey('PEM', password)) - os.chmod(private_key_file, 0600) - print "gen_ssh_pub_key" + str(time.time()) - pub_key = key.publickey() - with open(public_key_file, 'w') as pub_f: - pub_f.write(pub_key.exportKey('OpenSSH')) - os.chmod(public_key_file, 0600) - bash('chown %s:%s %s' % (username, username, public_key_file)) - print "gen_ssh_key_end" + str(time.time()) + if authorized_keys: + auth_key_dir = os.path.join(home, username, '.ssh') + is_dir(auth_key_dir, username, mode=0700) + authorized_key_file = os.path.join(auth_key_dir, 'authorized_keys') + with open(private_key_file+'.pub') as pub_f: + with open(authorized_key_file, 'w') as auth_f: + auth_f.write(pub_f.read()) + os.chmod(authorized_key_file, 0600) + bash('chown %s:%s %s' % (username, username, authorized_key_file)) def server_add_user(username, password, ssh_key_pwd, ssh_key_login_need): diff --git a/playbook/user_perm.yaml b/playbook/user_perm.yaml index 6310249d4..4bcfd72e6 100644 --- a/playbook/user_perm.yaml +++ b/playbook/user_perm.yaml @@ -13,5 +13,5 @@ file: name=/home/{{ item }}/.ssh mode=700 owner={{ item }} group={{ item }} state=directory with_items: [ the_new_users ] - name: set authorizied_file - copy: src=the_pub_key dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600 + copy: src=KEY_DIR/{{ item }}.pub dest=/home/{{ item }}/.ssh/authorizied_keys owner={{ item }} group={{ item }} mode=600 with_items: [ the_new_users ] diff --git a/templates/jperm/sys_user_add.html b/templates/jperm/sys_user_add.html new file mode 100644 index 000000000..ac4fd2db1 --- /dev/null +++ b/templates/jperm/sys_user_add.html @@ -0,0 +1,130 @@ +{% extends 'base.html' %} +{% load mytags %} +{% block content %} + {% include 'nav_cat_bar.html' %} +
    +
    +
    +
    +
    +
    +
    + +
    +
    + +
    +
    +
    +
    + {% if error %} +
    {{ error }}
    + {% endif %} + {% if msg %} +
    {{ msg }}
    + {% endif %} +
    + +
    + +
    +
    +
    +
    + +
    + + 通常在其它硬件上使用,服务器会使用自动生成的key +
    + +
    +
    +
    + +
    +
    + + 将在以上资产组服务器新建系统用户 +
    +
    + +
    +
    + + +
    +
    + +
    +
    + +
    +
    +
    +
    +
    + +
    + +
    +
    +
    +
    +
    + + +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    +{% endblock %} +{% block self_footer_js %} + + +{% endblock %} \ No newline at end of file diff --git a/templates/jperm/sys_user_list.html b/templates/jperm/sys_user_list.html new file mode 100644 index 000000000..20236a0ea --- /dev/null +++ b/templates/jperm/sys_user_list.html @@ -0,0 +1,102 @@ +{% extends 'base.html' %} +{% load mytags %} +{% block content %} +{% include 'nav_cat_bar.html' %} + +
    +
    +
    +
    +
    +
    +
    + +
    +
    + +
    +
    +
    +
    + + + + + + + + + + {% for user in users.object_list %} + + + + + + {% endfor %} + +
    + + 用户名操作
    + + {{ user.username }} + 详情 + 编辑 + 删除 +
    +
    +
    +
    + Showing {{ users.start_index }} to {{ users.end_index }} of {{ p.count }} entries +
    +
    + {% include 'paginator.html' %} +
    +
    +
    +
    +
    +
    +
    +
    +
    +
    + +{% endblock %} +{% block self_head_css_js %} + +{% endblock %} \ No newline at end of file diff --git a/templates/nav.html b/templates/nav.html index f0b6bd2db..08a68b620 100644 --- a/templates/nav.html +++ b/templates/nav.html @@ -36,7 +36,7 @@
  • - 命令授权 + 系统用户
  • 权限审批
  • 授权记录
    • From 9366003f7bc574037d2df9a02be799fb3b380d61 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=B9=BF=E5=AE=8F=E4=BC=9F?= Date: Mon, 26 Oct 2015 22:17:16 +0800 Subject: [PATCH 17/36] jlog --- connect.py | 71 ------------ jlog/log_api.py | 68 +++++++++++ jlog/models.py | 2 - jlog/urls.py | 6 +- jlog/views.py | 184 ++++++++++++++--------------- jumpserver/api.py | 198 +++++++++++++------------------- jumpserver/settings.py | 2 +- jumpserver/urls.py | 2 +- templates/jlog/base.jinja2 | 111 ++++++++++++++++++ templates/jlog/dynamic.jinja2 | 11 ++ templates/jlog/log_offline.html | 10 +- templates/jlog/log_online.html | 8 -- templates/jlog/static.jinja2 | 18 +++ 13 files changed, 379 insertions(+), 312 deletions(-) create mode 100644 jlog/log_api.py create mode 100644 templates/jlog/base.jinja2 create mode 100644 templates/jlog/dynamic.jinja2 create mode 100644 templates/jlog/static.jinja2 diff --git a/connect.py b/connect.py index 7994205ec..66268d50c 100644 --- a/connect.py +++ b/connect.py @@ -19,7 +19,6 @@ if django.get_version() != '1.6': django.setup() from jumpserver.api import ServerError, User, Asset, Jtty, get_object from jumpserver.api import logger -from jumpserver.api import BisGroup as AssetGroup login_user = get_object(User, username=getpass.getuser()) @@ -98,76 +97,6 @@ def print_prompt(): print textwrap.dedent(msg) -# def remote_exec_cmd(ip, port, username, password, cmd): -# try: -# time.sleep(5) -# ssh = paramiko.SSHClient() -# ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) -# ssh.connect(ip, port, username, password, timeout=5) -# stdin, stdout, stderr = ssh.exec_command("bash -l -c '%s'" % cmd) -# out = stdout.readlines() -# err = stderr.readlines() -# color_print('%s:' % ip, 'blue') -# for i in out: -# color_print(" " * 4 + i.strip(), 'green') -# for j in err: -# color_print(" " * 4 + j.strip(), 'red') -# ssh.close() -# except Exception as e: -# color_print(ip + ':', 'blue') -# color_print(str(e), 'red') - - -# def multi_remote_exec_cmd(hosts, username, cmd): -# pool = Pool(processes=5) -# for host in hosts: -# username, password, ip, port = get_connect_item(username, host) -# pool.apply_async(remote_exec_cmd, (ip, port, username, password, cmd)) -# pool.close() -# pool.join() - - -# def exec_cmd_servers(username): -# color_print("You can choose in the following IP(s), Use glob or ips split by comma. q/Q to PreLayer.", 'green') -# user.get_asset_info(printable=True) -# while True: -# hosts = [] -# inputs = raw_input('\033[1;32mip(s)>: \033[0m') -# if inputs in ['q', 'Q']: -# break -# get_hosts = login_user.get_asset_info().keys() -# -# if ',' in inputs: -# ips_input = inputs.split(',') -# for host in ips_input: -# if host in get_hosts: -# hosts.append(host) -# else: -# for host in get_hosts: -# if fnmatch.fnmatch(host, inputs): -# hosts.append(host.strip()) -# -# if len(hosts) == 0: -# color_print("Check again, Not matched any ip!", 'red') -# continue -# else: -# print "You matched ip: %s" % hosts -# color_print("Input the Command , The command will be Execute on servers, q/Q to quit.", 'green') -# while True: -# cmd = raw_input('\033[1;32mCmd(s): \033[0m') -# if cmd in ['q', 'Q']: -# break -# exec_log_dir = os.path.join(log_dir, 'exec_cmds') -# if not os.path.isdir(exec_log_dir): -# os.mkdir(exec_log_dir) -# os.chmod(exec_log_dir, 0777) -# filename = "%s/%s.log" % (exec_log_dir, time.strftime('%Y%m%d')) -# f = open(filename, 'a') -# f.write("DateTime: %s User: %s Host: %s Cmds: %s\n" % -# (time.strftime('%Y/%m/%d %H:%M:%S'), username, hosts, cmd)) -# multi_remote_exec_cmd(hosts, username, cmd) - - def main(): """ he he diff --git a/jlog/log_api.py b/jlog/log_api.py new file mode 100644 index 000000000..c9d54149a --- /dev/null +++ b/jlog/log_api.py @@ -0,0 +1,68 @@ +# coding: utf-8 + + +from argparse import ArgumentParser, FileType +from contextlib import closing +from codecs import open as copen +from json import dumps +from math import ceil +from os.path import basename, dirname, exists, join +from struct import unpack +from subprocess import Popen +from sys import platform, prefix, stderr +from tempfile import NamedTemporaryFile + +from jinja2 import FileSystemLoader, Template +from jinja2.environment import Environment + +from jumpserver.api import BASE_DIR + + +DEFAULT_TEMPLATE = join(BASE_DIR, 'templates', 'jlog', 'static.jinja2') + + +def escapeString(string): + string = string.encode('unicode_escape').decode('utf-8') + string = string.replace("'", "\\'") + string = '\'' + string + '\'' + return string + + +def getTiming(timef): + timing = None + with closing(timef): + timing = [l.strip().split(' ') for l in timef] + timing = [(int(ceil(float(r[0]) * 1000)), int(r[1])) for r in timing] + return timing + + +def scriptToJSON(scriptf, timing=None): + ret = [] + + with closing(scriptf): + scriptf.readline() # ignore first header line from script file + offset = 0 + for t in timing: + data = escapeString(scriptf.read(t[1])) + offset += t[0] + ret.append((data, offset)) + return dumps(ret) + + +def renderTemplate(script_path, time_file_path, dimensions=(24, 60), templatename=DEFAULT_TEMPLATE): + with copen(script_path, encoding='utf-8', errors='replace') as scriptf: + with open(time_file_path) as timef: + timing = getTiming(timef) + json = scriptToJSON(scriptf, timing) + + fsl = FileSystemLoader(dirname(templatename), 'utf-8') + e = Environment() + e.loader = fsl + + templatename = basename(templatename) + rendered = e.get_template(templatename).render(json=json, + dimensions=dimensions) + + return rendered + + diff --git a/jlog/models.py b/jlog/models.py index baaffb5a7..9398ef45e 100644 --- a/jlog/models.py +++ b/jlog/models.py @@ -5,12 +5,10 @@ class Log(models.Model): user = models.CharField(max_length=20, null=True) host = models.CharField(max_length=20, null=True) remote_ip = models.CharField(max_length=100) - dept_name = models.CharField(max_length=20) log_path = models.CharField(max_length=100) start_time = models.DateTimeField(null=True) pid = models.IntegerField(max_length=10) is_finished = models.BooleanField(default=False) - handle_finished = models.BooleanField(default=False) end_time = models.DateTimeField(null=True) def __unicode__(self): diff --git a/jlog/urls.py b/jlog/urls.py index 0b6810d3c..24d821f12 100644 --- a/jlog/urls.py +++ b/jlog/urls.py @@ -5,7 +5,7 @@ from jlog.views import * urlpatterns = patterns('', url(r'^$', log_list), url(r'^log_list/(\w+)/$', log_list), - url(r'^log_kill/', log_kill), - url(r'^history/$', log_history), - url(r'^search/$', log_search), + # url(r'^log_kill/', log_kill), + # url(r'^history/$', log_history), + # url(r'^search/$', log_search), ) \ No newline at end of file diff --git a/jlog/views.py b/jlog/views.py index 0eb74f815..187802a7b 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -4,117 +4,103 @@ from django.template import RequestContext from django.shortcuts import render_to_response from jumpserver.api import * -from jasset.views import httperror from django.http import HttpResponseNotFound CONF = ConfigParser() CONF.read('%s/jumpserver.conf' % BASE_DIR) +from jlog.models import Log + +# def get_user_info(request, offset): +# """ 获取用户信息及环境 """ +# env_dic = {'online': 0, 'offline': 1} +# env = env_dic[offset] +# keyword = request.GET.get('keyword', '') +# user_info = get_session_user_info(request) +# user_id, username = user_info[0:2] +# dept_id, dept_name = user_info[3:5] +# ret = [request, keyword, env, username, dept_name] +# +# return ret +# +# +# def get_user_log(ret_list): +# """ 获取不同类型用户日志记录 """ +# request, keyword, env, username, dept_name = ret_list +# post_all = Log.objects.filter(is_finished=env).order_by('-start_time') +# post_keyword_all = Log.objects.filter(Q(user__contains=keyword) | +# Q(host__contains=keyword)) \ +# .filter(is_finished=env).order_by('-start_time') +# +# if keyword: +# posts = post_keyword_all +# else: +# posts = post_all +# +# return posts -def get_user_info(request, offset): - """ 获取用户信息及环境 """ - env_dic = {'online': 0, 'offline': 1} - env = env_dic[offset] - keyword = request.GET.get('keyword', '') - user_info = get_session_user_info(request) - user_id, username = user_info[0:2] - dept_id, dept_name = user_info[3:5] - ret = [request, keyword, env, username, dept_name] - - return ret - - -def get_user_log(ret_list): - """ 获取不同类型用户日志记录 """ - request, keyword, env, username, dept_name = ret_list - post_all = Log.objects.filter(is_finished=env).order_by('-start_time') - post_keyword_all = Log.objects.filter(Q(user__contains=keyword) | - Q(host__contains=keyword)) \ - .filter(is_finished=env).order_by('-start_time') - - if is_super_user(request): - if keyword: - posts = post_keyword_all - else: - posts = post_all - - elif is_group_admin(request): - if keyword: - posts = post_keyword_all.filter(dept_name=dept_name) - else: - posts = post_all.filter(dept_name=dept_name) - - elif is_common_user(request): - if keyword: - posts = post_keyword_all.filter(user=username) - else: - posts = post_all.filter(user=username) - - return posts - - -@require_login def log_list(request, offset): """ 显示日志 """ header_title, path1, path2 = u'查看日志', u'查看日志', u'在线用户' keyword = request.GET.get('keyword', '') web_socket_host = CONF.get('websocket', 'web_socket_host') - posts = get_user_log(get_user_info(request, offset)) + # posts = get_user_log(get_user_info(request, offset)) + if offset == 'online': + posts = Log.objects.filter(is_finished=False).order_by('-start_time') + else: + posts = Log.objects.filter(is_finished=True).order_by('-start_time') contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request)) - -@require_admin -def log_kill(request): - """ 杀掉connect进程 """ - pid = request.GET.get('id', '') - log = Log.objects.filter(pid=pid) - if log: - log = log[0] - dept_name = log.dept_name - deptname = get_session_user_info(request)[4] - if is_group_admin(request) and dept_name != deptname: - return httperror(request, u'Kill失败, 您无权操作!') - try: - os.kill(int(pid), 9) - except OSError: - pass - Log.objects.filter(pid=pid).update(is_finished=1, end_time=datetime.datetime.now()) - return render_to_response('jlog/log_offline.html', locals(), context_instance=RequestContext(request)) - else: - return HttpResponseNotFound(u'没有此进程!') - - -@require_login -def log_history(request): - """ 命令历史记录 """ - log_id = request.GET.get('id', 0) - log = Log.objects.filter(id=int(log_id)) - if log: - log = log[0] - dept_name = log.dept_name - deptname = get_session_user_info(request)[4] - if is_group_admin(request) and dept_name != deptname: - return httperror(request, '查看失败, 您无权查看!') - - elif is_common_user(request): - return httperror(request, '查看失败, 您无权查看!') - - log_his = "%s.his" % log.log_path - if os.path.isfile(log_his): - f = open(log_his) - content = f.read() - return HttpResponse(content) - else: - return httperror(request, '无日志记录, 请查看日志处理脚本是否开启!') - - -@require_login -def log_search(request): - """ 日志搜索 """ - offset = request.GET.get('env', '') - keyword = request.GET.get('keyword', '') - posts = get_user_log(get_user_info(request, offset)) - contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) - return render_to_response('jlog/log_search.html', locals(), context_instance=RequestContext(request)) +# +# def log_kill(request): +# """ 杀掉connect进程 """ +# pid = request.GET.get('id', '') +# log = Log.objects.filter(pid=pid) +# if log: +# log = log[0] +# dept_name = log.dept_name +# deptname = get_session_user_info(request)[4] +# if is_group_admin(request) and dept_name != deptname: +# return httperror(request, u'Kill失败, 您无权操作!') +# try: +# os.kill(int(pid), 9) +# except OSError: +# pass +# Log.objects.filter(pid=pid).update(is_finished=1, end_time=datetime.datetime.now()) +# return render_to_response('jlog/log_offline.html', locals(), context_instance=RequestContext(request)) +# else: +# return HttpResponseNotFound(u'没有此进程!') +# +# +# def log_history(request): +# """ 命令历史记录 """ +# log_id = request.GET.get('id', 0) +# log = Log.objects.filter(id=int(log_id)) +# if log: +# log = log[0] +# dept_name = log.dept_name +# deptname = get_session_user_info(request)[4] +# if is_group_admin(request) and dept_name != deptname: +# return httperror(request, '查看失败, 您无权查看!') +# +# elif is_common_user(request): +# return httperror(request, '查看失败, 您无权查看!') +# +# log_his = "%s.his" % log.log_path +# if os.path.isfile(log_his): +# f = open(log_his) +# content = f.read() +# return HttpResponse(content) +# else: +# return httperror(request, '无日志记录, 请查看日志处理脚本是否开启!') +# +# +# def log_search(request): +# """ 日志搜索 """ +# offset = request.GET.get('env', '') +# keyword = request.GET.get('keyword', '') +# posts = get_user_log(get_user_info(request, offset)) +# contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) +# return render_to_response('jlog/log_search.html', locals(), context_instance=RequestContext(request)) diff --git a/jumpserver/api.py b/jumpserver/api.py index faabb068c..b4ee56595 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -12,6 +12,7 @@ import random import subprocess import paramiko import struct, fcntl, signal,socket, select, fnmatch +import re from django.core.paginator import Paginator, EmptyPage, InvalidPage from django.http import HttpResponse, Http404 @@ -69,75 +70,6 @@ def set_log(level): return logger_f -# class LDAPMgmt(): -# """ -# LDAP class for add, select, del, update -# LDAP 管理类,增删改查 -# """ -# def __init__(self, -# host_url, -# base_dn, -# root_cn, -# root_pw): -# self.ldap_host = host_url -# self.ldap_base_dn = base_dn -# self.conn = ldap.initialize(host_url) -# self.conn.set_option(ldap.OPT_REFERRALS, 0) -# self.conn.protocol_version = ldap.VERSION3 -# self.conn.simple_bind_s(root_cn, root_pw) -# -# def list(self, filter, scope=ldap.SCOPE_SUBTREE, attr=None): -# """ -# query -# 查询 -# """ -# result = {} -# try: -# ldap_result = self.conn.search_s(self.ldap_base_dn, scope, filter, attr) -# for entry in ldap_result: -# name, data = entry -# for k, v in data.items(): -# print '%s: %s' % (k, v) -# result[k] = v -# return result -# except ldap.LDAPError, e: -# print e -# -# def add(self, dn, attrs): -# """ -# add -# 添加 -# """ -# try: -# ldif = modlist.addModlist(attrs) -# self.conn.add_s(dn, ldif) -# except ldap.LDAPError, e: -# print e -# -# def modify(self, dn, attrs): -# """ -# modify -# 更改 -# """ -# try: -# attr_s = [] -# for k, v in attrs.items(): -# attr_s.append((2, k, v)) -# self.conn.modify_s(dn, attr_s) -# except ldap.LDAPError, e: -# print e -# -# def delete(self, dn): -# """ -# delete -# 删除 -# """ -# try: -# self.conn.delete_s(dn) -# except ldap.LDAPError, e: -# print e - - def page_list_return(total, current=1): """ page @@ -181,17 +113,46 @@ def pages(post_objects, request): return post_objects, paginator, page_objects, page_range, current_page, show_first, show_end +def remove_control_char(str_r): + """ + 处理日志特殊字符 + """ + control_char = re.compile(r""" + \x1b[ #%()*+\-.\/]. | + \r | #匹配 回车符(CR) + (?:\x1b\[|\x9b) [ -?]* [@-~] | #匹配 控制顺序描述符(CSI)... Cmd + (?:\x1b\]|\x9d) .*? (?:\x1b\\|[\a\x9c]) | \x07 | #匹配 操作系统指令(OSC)...终止符或振铃符(ST|BEL) + (?:\x1b[P^_]|[\x90\x9e\x9f]) .*? (?:\x1b\\|\x9c) | #匹配 设备控制串或私讯或应用程序命令(DCS|PM|APC)...终止符(ST) + \x1b. #匹配 转义过后的字符 + [\x80-\x9f] #匹配 所有控制字符 + """, re.X) + backspace = re.compile(r"[^\b][\b]") + line_filtered = control_char.sub('', str_r.rstrip()) + while backspace.search(line_filtered): + line_filtered = backspace.sub('', line_filtered) + + return line_filtered + + +def newline_code_in(strings): + for i in ['\r', '\r\n', '\n']: + if i in strings: + #print "new line" + return True + return False + + class Jtty(object): """ A virtual tty class 一个虚拟终端类,实现连接ssh和记录日志 """ - def __init__(self, user, asset): + def __init__(self, username, ip): self.chan = None - self.username = user.username - self.ip = asset.ip - self.user = user - self.asset = asset + self.username = username + self.ip = ip + # self.user = user + # self.asset = asset @staticmethod def get_win_size(): @@ -227,11 +188,8 @@ class Jtty(object): timestamp_start = int(time.time()) date_start = time.strftime('%Y%m%d', time.localtime(timestamp_start)) time_start = time.strftime('%H%M%S', time.localtime(timestamp_start)) - log_filename = '%s_%s_%s.log' % (self.username, self.ip, time_start) today_connect_log_dir = os.path.join(tty_log_dir, date_start) - log_file_path = os.path.join(today_connect_log_dir, log_filename) - dept_name = self.user.dept.name - + log_file_path = os.path.join(today_connect_log_dir, '%s_%s_%s' % (self.username, self.ip, time_start)) pid = os.getpid() pts = os.popen("ps axu | grep %s | grep -v grep | awk '{ print $7 }'" % pid).read().strip() ip_list = os.popen("who | grep %s | awk '{ print $5 }'" % pts).read().strip('()\n') @@ -242,23 +200,29 @@ class Jtty(object): raise ServerError('Create %s failed, Please modify %s permission.' % (today_connect_log_dir, tty_log_dir)) try: - log_file = open(log_file_path, 'a') + log_file_f = open(log_file_path + '.log', 'a') + log_time_f = open(log_file_path + '.time', 'a') + log_res_f = open(log_file_path + '.res', 'a') except IOError: raise ServerError('Create logfile failed, Please modify %s permission.' % today_connect_log_dir) - log = Log(user=self.username, host=self.ip, remote_ip=ip_list, dept_name=dept_name, + log = Log(user=self.username, host=self.ip, remote_ip=ip_list, log_path=log_file_path, start_time=datetime.datetime.now(), pid=pid) - log_file.write('Start time is %s\n' % datetime.datetime.now()) + log_file_f.write('Start time is %s\n' % datetime.datetime.now()) log.save() - return log_file, log + return log_file_f, log_time_f, log_res_f, log def posix_shell(self): """ Use paramiko channel connect server interactive. 使用paramiko模块的channel,连接后端,进入交互式 """ - log_file, log = self.log_record() + log_file_f, log_time_f, log_res_f, log = self.log_record() old_tty = termios.tcgetattr(sys.stdin) + pre_timestamp = time.time() + input_r = '' + input_mode = False + try: tty.setraw(sys.stdin.fileno()) tty.setcbreak(sys.stdin.fileno()) @@ -277,23 +241,40 @@ class Jtty(object): break sys.stdout.write(x) sys.stdout.flush() - log_file.write(x) - log_file.flush() + log_file_f.write(x) + now_timestamp = time.time() + log_time_f.write('%s %s\n' % (round(now_timestamp-pre_timestamp, 4), len(x))) + pre_timestamp = now_timestamp + log_file_f.flush() + log_time_f.flush() + + if input_mode and not newline_code_in(x): + input_r += x + except socket.timeout: pass if sys.stdin in r: x = os.read(sys.stdin.fileno(), 1) + if not input_mode: + input_mode = True + + if str(x) in ['\r', '\n', '\r\n']: + input_r = remove_control_char(input_r) + log_res_f.write('%s: %s\n' % (datetime.datetime.now().strftime("%Y-%m-%d %H:%M:%S"), input_r)) + log_res_f.flush() + input_r = '' + input_mode = False + if len(x) == 0: break self.chan.send(x) finally: termios.tcsetattr(sys.stdin, termios.TCSADRAIN, old_tty) - log_file.write('End time is %s' % datetime.datetime.now()) - log_file.close() + log_file_f.write('End time is %s' % datetime.datetime.now()) + log_file_f.close() log.is_finished = True - log.handle_finished = False log.end_time = datetime.datetime.now() log.save() @@ -302,27 +283,15 @@ class Jtty(object): get args for connect: ip, port, username, passwd 获取连接需要的参数,也就是服务ip, 端口, 用户账号和密码 """ - if not self.asset.is_active: - raise ServerError('该主机被禁用 Host %s is not active.' % self.ip) + # if not self.asset.is_active: + # raise ServerError('该主机被禁用 Host %s is not active.' % self.ip) + # + # if not self.user.is_active: + # raise ServerError('该用户被禁用 User %s is not active.' % self.username) - if not self.user.is_active: - raise ServerError('该用户被禁用 User %s is not active.' % self.username) - - login_type_dict = { - 'L': self.user.ldap_pwd, - } - - if self.asset.login_type in login_type_dict: - password = CRYPTOR.decrypt(login_type_dict[self.asset.login_type]) - return self.username, password, self.ip, int(self.asset.port) - - elif self.asset.login_type == 'M': - username = self.asset.username - password = CRYPTOR.decrypt(self.asset.password) - return username, password, self.ip, int(self.asset.port) - - else: - raise ServerError('不支持的服务器登录方式 Login type is not in ["L", "M"]') + # password = CRYPTOR.decrypt(self.]) + # return self.username, password, self.ip, int(self.asset.port) + return 'root', 'redhat', '127.0.0.1', 22 def get_connection(self): """ @@ -337,7 +306,7 @@ class Jtty(object): ssh.load_system_host_keys() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) try: - ssh.connect(ip, port=port, username=username, password=password, compress=True) + ssh.connect(ip, port=port, username=username, password=password) except paramiko.ssh_exception.AuthenticationException, paramiko.ssh_exception.SSHException: raise ServerError('认证错误 Authentication Error.') except socket.error: @@ -351,7 +320,7 @@ class Jtty(object): 连接服务器 """ ps1 = "PS1='[\u@%s \W]\$ '\n" % self.ip - login_msg = "clear;echo -e '\\033[32mLogin %s done. Enjoy it.\\033[0m'\n" % self.asset.ip + login_msg = "clear;echo -e '\\033[32mLogin %s done. Enjoy it.\\033[0m'\n" % self.ip # 发起ssh连接请求 Make a ssh connection ssh = self.get_connection() @@ -706,14 +675,5 @@ def my_render(template, data, request): CRYPTOR = PyCrypt(KEY) -# if LDAP_ENABLE: -# LDAP_HOST_URL = CONF.get('ldap', 'host_url') -# LDAP_BASE_DN = CONF.get('ldap', 'base_dn') -# LDAP_ROOT_DN = CONF.get('ldap', 'root_dn') -# LDAP_ROOT_PW = CONF.get('ldap', 'root_pw') -# ldap_conn = LDAPMgmt(LDAP_HOST_URL, LDAP_BASE_DN, LDAP_ROOT_DN, LDAP_ROOT_PW) -# else: -# ldap_conn = None - log_level = CONF.get('base', 'log') logger = set_log(log_level) \ No newline at end of file diff --git a/jumpserver/settings.py b/jumpserver/settings.py index 0a5a69bee..279320c92 100644 --- a/jumpserver/settings.py +++ b/jumpserver/settings.py @@ -62,7 +62,7 @@ INSTALLED_APPS = ( 'juser', 'jasset', 'jperm', - # 'jlog', + 'jlog', ) MIDDLEWARE_CLASSES = ( diff --git a/jumpserver/urls.py b/jumpserver/urls.py index 6c483ea5b..c6d6b4421 100644 --- a/jumpserver/urls.py +++ b/jumpserver/urls.py @@ -16,7 +16,7 @@ urlpatterns = patterns('', (r'^error/$', 'jumpserver.views.httperror'), (r'^juser/', include('juser.urls')), (r'^jasset/', include('jasset.urls')), - # (r'^jlog/', include('jlog.urls')), + (r'^jlog/', include('jlog.urls')), (r'^jperm/', include('jperm.urls')), (r'^node_auth/', 'jumpserver.views.node_auth'), diff --git a/templates/jlog/base.jinja2 b/templates/jlog/base.jinja2 new file mode 100644 index 000000000..926163d1d --- /dev/null +++ b/templates/jlog/base.jinja2 @@ -0,0 +1,111 @@ + + {% block head %}{% endblock %} + + + + + + + + + -5x +5x + + + diff --git a/templates/jlog/dynamic.jinja2 b/templates/jlog/dynamic.jinja2 new file mode 100644 index 000000000..8ddf2a8ac --- /dev/null +++ b/templates/jlog/dynamic.jinja2 @@ -0,0 +1,11 @@ +{% extends "base.jinja2" %} +{% block head %} + + + +{% endblock %} diff --git a/templates/jlog/log_offline.html b/templates/jlog/log_offline.html index 12bfb5af5..b949a0e18 100644 --- a/templates/jlog/log_offline.html +++ b/templates/jlog/log_offline.html @@ -39,12 +39,6 @@ - @@ -77,12 +71,12 @@ 用户名 - 所属部门 登录主机 来源IP {% ifnotequal session_role_id 0 %} 命令统计 {% endifnotequal %} + 回放录像 登录时间 结束时间 @@ -92,12 +86,12 @@ {% for post in contacts.object_list %} {{ post.user }} - {{ post.dept_name }} {{ post.host }} {{ post.remote_ip }} {% ifnotequal session_role_id 0 %} 命令统计 {% endifnotequal %} + 回放 {{ post.start_time|date:"Y-m-d H:i:s"}} {{ post.end_time|date:"Y-m-d H:i:s" }} diff --git a/templates/jlog/log_online.html b/templates/jlog/log_online.html index 7e2858e57..4731c5ff1 100644 --- a/templates/jlog/log_online.html +++ b/templates/jlog/log_online.html @@ -39,12 +39,6 @@ - @@ -77,7 +71,6 @@ 用户名 - 所属部门 登录主机 来源IP {% ifnotequal session_role_id 0 %} @@ -92,7 +85,6 @@ {% for post in contacts.object_list %} {{ post.user }} - {{ post.dept_name }} {{ post.host }} {{ post.remote_ip }} {% ifnotequal session_role_id 0 %} diff --git a/templates/jlog/static.jinja2 b/templates/jlog/static.jinja2 new file mode 100644 index 000000000..6e41b7ee5 --- /dev/null +++ b/templates/jlog/static.jinja2 @@ -0,0 +1,18 @@ +{% extends "base.jinja2" %} +{% block head %} + + + +{% endblock %} From ffab7ae697fefc2613e1956d6aa0f0459b6a6431 Mon Sep 17 00:00:00 2001 From: "ibuler@qq.com" Date: Tue, 27 Oct 2015 20:25:18 +0800 Subject: [PATCH 18/36] some --- jlog/log_api.py | 2 +- jlog/urls.py | 3 +- jlog/views.py | 58 +++++++++++++++------------ jumpserver/api.py | 2 +- templates/jlog/log_offline.html | 62 ++++++++++++++++++----------- templates/jlog/log_online.html | 70 +++++++++++++++++---------------- 6 files changed, 114 insertions(+), 83 deletions(-) diff --git a/jlog/log_api.py b/jlog/log_api.py index c9d54149a..5ef484777 100644 --- a/jlog/log_api.py +++ b/jlog/log_api.py @@ -49,7 +49,7 @@ def scriptToJSON(scriptf, timing=None): return dumps(ret) -def renderTemplate(script_path, time_file_path, dimensions=(24, 60), templatename=DEFAULT_TEMPLATE): +def renderTemplate(script_path, time_file_path, dimensions=(24, 80), templatename=DEFAULT_TEMPLATE): with copen(script_path, encoding='utf-8', errors='replace') as scriptf: with open(time_file_path) as timef: timing = getTiming(timef) diff --git a/jlog/urls.py b/jlog/urls.py index 24d821f12..fe061e799 100644 --- a/jlog/urls.py +++ b/jlog/urls.py @@ -6,6 +6,7 @@ urlpatterns = patterns('', url(r'^$', log_list), url(r'^log_list/(\w+)/$', log_list), # url(r'^log_kill/', log_kill), - # url(r'^history/$', log_history), + url(r'^history/$', log_history), + url(r'^record/$', log_record), # url(r'^search/$', log_search), ) \ No newline at end of file diff --git a/jlog/views.py b/jlog/views.py index 187802a7b..53a954b17 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -9,6 +9,7 @@ from django.http import HttpResponseNotFound CONF = ConfigParser() CONF.read('%s/jumpserver.conf' % BASE_DIR) from jlog.models import Log +from jlog.log_api import renderTemplate # def get_user_info(request, offset): # """ 获取用户信息及环境 """ @@ -72,31 +73,38 @@ def log_list(request, offset): # return render_to_response('jlog/log_offline.html', locals(), context_instance=RequestContext(request)) # else: # return HttpResponseNotFound(u'没有此进程!') -# -# -# def log_history(request): -# """ 命令历史记录 """ -# log_id = request.GET.get('id', 0) -# log = Log.objects.filter(id=int(log_id)) -# if log: -# log = log[0] -# dept_name = log.dept_name -# deptname = get_session_user_info(request)[4] -# if is_group_admin(request) and dept_name != deptname: -# return httperror(request, '查看失败, 您无权查看!') -# -# elif is_common_user(request): -# return httperror(request, '查看失败, 您无权查看!') -# -# log_his = "%s.his" % log.log_path -# if os.path.isfile(log_his): -# f = open(log_his) -# content = f.read() -# return HttpResponse(content) -# else: -# return httperror(request, '无日志记录, 请查看日志处理脚本是否开启!') -# -# + + +def log_history(request): + """ 命令历史记录 """ + log_id = request.GET.get('id', 0) + log = Log.objects.filter(id=int(log_id)) + if log: + log = log[0] + log_his = "%s.his" % log.log_path + print log_his + if os.path.isfile(log_his): + f = open(log_his) + content = f.read() + return HttpResponse(content) + else: + return HttpResponse('无日志记录, 请查看日志处理脚本是否开启!') + + +def log_record(request): + log_id = request.GET.get('id', 0) + log = Log.objects.filter(id=int(log_id)) + if log: + log = log[0] + log_file = log.log_path + '.log' + log_time = log.log_path + '.time' + if os.path.isfile(log_file) and os.path.isfile(log_time): + content = renderTemplate(log_file, log_time) + return HttpResponse(content) + else: + return HttpResponse('无日志记录, 请查看日志处理脚本是否开启!') + + # def log_search(request): # """ 日志搜索 """ # offset = request.GET.get('env', '') diff --git a/jumpserver/api.py b/jumpserver/api.py index b4ee56595..38a7821eb 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -202,7 +202,7 @@ class Jtty(object): try: log_file_f = open(log_file_path + '.log', 'a') log_time_f = open(log_file_path + '.time', 'a') - log_res_f = open(log_file_path + '.res', 'a') + log_res_f = open(log_file_path + '.his', 'a') except IOError: raise ServerError('Create logfile failed, Please modify %s permission.' % today_connect_log_dir) diff --git a/templates/jlog/log_offline.html b/templates/jlog/log_offline.html index b949a0e18..91726cd4f 100644 --- a/templates/jlog/log_offline.html +++ b/templates/jlog/log_offline.html @@ -1,6 +1,7 @@ {% extends 'base.html' %} {% block content %} {% include 'nav_cat_bar.html' %} + -{##} - - - - -

    - 这是段落中的粗体文本。 -

    hello

    - -

    - - - - - - - diff --git a/templates/test2.html b/templates/test2.html new file mode 100644 index 000000000..14d1f375f --- /dev/null +++ b/templates/test2.html @@ -0,0 +1,10 @@ + + + Poem Maker Pro + +

    Your poem

    +

    Two {{roads}} diverged in a {{wood}}, and I—
    +I took the one less travelled by,
    +And that has {{made}} all the {{difference}}.

    + + \ No newline at end of file From b30697ea20bbbd866015cd1c0b517f1d1b2db825 Mon Sep 17 00:00:00 2001 From: ibuler Date: Tue, 3 Nov 2015 19:12:15 +0800 Subject: [PATCH 25/36] =?UTF-8?q?=E5=9F=BA=E6=9C=AC=E5=AE=8C=E6=88=90?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jumpserver/api.py | 1 + run_log_watch.py | 36 +++++++++------- templates/jlog/log_monitor.html | 2 +- templates/jlog/log_online.html | 73 ++++++++++++++++++++++++++++----- 4 files changed, 86 insertions(+), 26 deletions(-) diff --git a/jumpserver/api.py b/jumpserver/api.py index 9d0ab1c23..f693832f6 100644 --- a/jumpserver/api.py +++ b/jumpserver/api.py @@ -182,6 +182,7 @@ class Jtty(object): raise ServerError('Create %s failed, Please modify %s permission.' % (today_connect_log_dir, tty_log_dir)) try: + # log_file_f = open('/opt/jumpserver/logs/tty/20151102/a_b_191034.log', 'a') log_file_f = open(log_file_path + '.log', 'a') log_time_f = open(log_file_path + '.time', 'a') except IOError: diff --git a/run_log_watch.py b/run_log_watch.py index ad8168739..3313ed65d 100644 --- a/run_log_watch.py +++ b/run_log_watch.py @@ -11,11 +11,13 @@ import tornado.options import tornado.web import tornado.websocket import tornado.httpserver +import tornado.gen from tornado.options import define, options from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY define("port", default=8080, help="run on the given port", type=int) +define("host", default='0.0.0.0', help="run port on", type=str) class EventHandler(ProcessEvent): @@ -63,7 +65,7 @@ class Application(tornado.web.Application): def __init__(self): handlers = [ (r'/', MainHandler), - (r'/send', SendHandler), + (r'/monitor', MonitorHandler), ] setting = { @@ -75,31 +77,33 @@ class Application(tornado.web.Application): tornado.web.Application.__init__(self, handlers, **setting) -class SendHandler(tornado.websocket.WebSocketHandler): +class MonitorHandler(tornado.websocket.WebSocketHandler): clients = set() + def __init__(self, *args, **kwargs): + self.file_path = None + super(self.__class__, self).__init__(*args, **kwargs) + def check_origin(self, origin): return True def open(self): - SendHandler.clients.add(self) + # 获取监控的path + self.file_path = self.get_argument('file_path', '') + MonitorHandler.clients.add(self) self.stream.set_nodelay(True) def on_message(self, message): - self.write_message(message) - # while True: - # self.write_message(json.dumps(message)) - # time.sleep(1) - # # 服务器主动关闭 - # self.close() - # SendHandler.clients.remove(self) - - file_monitor('/opt/jumpserver/logs/tty/20151102/a_b_191034.log', client=self) - self.write_message('monitor /tmp/test1234') + self.write_message('Connect WebSocket Success.
    ') + # 监控日志,发生变动发向客户端 + file_monitor('%s.log' % self.file_path, client=self) + self.write_message('Disconnect WebSocket.
    ') def on_close(self): # 客户端主动关闭 - SendHandler.clients.remove(self) + self.close() + self.finish() + MonitorHandler.clients.remove(self) class MainHandler(tornado.web.RequestHandler): @@ -111,5 +115,7 @@ if __name__ == '__main__': tornado.options.parse_command_line() app = Application() server = tornado.httpserver.HTTPServer(app) - server.listen(options.port) + server.bind(options.port, options.host) + # server.listen(options.port) + server.start(num_processes=1) tornado.ioloop.IOLoop.instance().start() diff --git a/templates/jlog/log_monitor.html b/templates/jlog/log_monitor.html index 91037b1c2..8f3c1ef3d 100644 --- a/templates/jlog/log_monitor.html +++ b/templates/jlog/log_monitor.html @@ -42,7 +42,7 @@ ws.onmessage = function(evt){ console.log(evt.data); - $('#content').append(evt.data.replace('\r\n', '
    ').replace('[\r\n]', '
    ')); + $('#content').append(evt.data.replace(/\n|\r|(\r\n)|(\u0085)|(\u2028)|(\u2029)/g, '
    ')); }; ws.onclose = function(evt){ diff --git a/templates/jlog/log_online.html b/templates/jlog/log_online.html index 55bacb4fb..b12302331 100644 --- a/templates/jlog/log_online.html +++ b/templates/jlog/log_online.html @@ -77,7 +77,7 @@ {{ post.remote_ip }} {% ifnotequal session_role_id 0 %} 命令统计 - 监控 + 监控 {% endifnotequal %} {{ post.start_time|date:"Y-m-d H:i:s" }} @@ -99,13 +99,66 @@ {##} + + + + + + + From 9a897e0cf4b6bc9b49ebd0aadd19e70e0f0a463d Mon Sep 17 00:00:00 2001 From: ibuler Date: Thu, 5 Nov 2015 20:07:21 +0800 Subject: [PATCH 35/36] =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E5=AF=BC=E5=85=A5selec?= =?UTF-8?q?t=E9=94=99=E8=AF=AF?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- jlog/urls.py | 2 +- jlog/views.py | 6 +- jumpserver.conf | 2 +- run_tornado.py | 241 -------------------------- run_log_watch.py => run_websocket.py | 29 +--- static/js/wssh.js | 2 +- templates/jlog/log_online.html | 2 +- templates/jlog/web_terminal.html | 248 +++++---------------------- 8 files changed, 57 insertions(+), 475 deletions(-) delete mode 100644 run_tornado.py rename run_log_watch.py => run_websocket.py (90%) diff --git a/jlog/urls.py b/jlog/urls.py index 25eeb6a02..0058bcfe6 100644 --- a/jlog/urls.py +++ b/jlog/urls.py @@ -8,5 +8,5 @@ urlpatterns = patterns('', url(r'^history/$', log_history), url(r'^log_kill/', log_kill), url(r'^record/$', log_record), - url(r'web_terminal/$', web_terminal), + url(r'^web_terminal/$', web_terminal), ) \ No newline at end of file diff --git a/jlog/views.py b/jlog/views.py index 14b27a70c..02c3678ff 100644 --- a/jlog/views.py +++ b/jlog/views.py @@ -11,9 +11,6 @@ from models import Log from jumpserver.settings import web_socket_host -web_socket_host = 'ws://j:8080/monitor' - - @require_role('admin') def log_list(request, offset): """ 显示日志 """ @@ -51,7 +48,7 @@ def log_list(request, offset): contact_list, p, contacts, page_range, current_page, show_first, show_end = pages(posts, request) - web_socket_uri = web_socket_host + web_monitor_uri = '%s/monitor' % web_socket_host return render_to_response('jlog/log_%s.html' % offset, locals(), context_instance=RequestContext(request)) @@ -106,5 +103,6 @@ def log_record(request): def web_terminal(request): + web_terminal_uri = '%s/terminal' % web_socket_host return render_to_response('jlog/web_terminal.html', locals()) diff --git a/jumpserver.conf b/jumpserver.conf index 94ee1653f..cb0eba98d 100644 --- a/jumpserver.conf +++ b/jumpserver.conf @@ -23,7 +23,7 @@ root_pw = secret234 [websocket] -web_socket_host = 192.168.40.140:3000 +web_socket_host = ws://192.168.244.129:3000 [mail] diff --git a/run_tornado.py b/run_tornado.py deleted file mode 100644 index 0a3438306..000000000 --- a/run_tornado.py +++ /dev/null @@ -1,241 +0,0 @@ -#!/usr/bin/env python -__author__ = 'liuzheng' - -import sys -import os -import re -from tornado.options import options, define, parse_command_line -import tornado.wsgi -import tornado.web -import tornado.httpserver -import tornado.ioloop -import tornado.web -import tornado.ioloop -import tornado.websocket -import pty -import io -import struct -import string -import random -import fcntl -import termios -import tornado.process -import tornado.options -import signal -import utils -import getpass -from connect import Jtty - -define('port', type=int, default=8000) - -ioloop = tornado.ioloop.IOLoop.instance() - -class Terminal(tornado.websocket.WebSocketHandler): - terminals = set() - - def pty(self): - # Make a "unique" id in 4 bytes - self.uid = ''.join( - random.choice( - string.ascii_lowercase + string.ascii_uppercase + - string.digits) - for _ in range(4)) - - self.pid, self.fd = pty.fork() - # print "pid:",self.pid,"fd",self.fd,"uid",self.uid - if self.pid == 0: - # print "Login as", self.user - os.execv("/usr/bin/ssh", [self.user, "localhost"]) - # self.callee = utils.User(name=self.user) - # self.determine_user() - self.shell() - else: - self.communicate() - - def determine_user(self): - if self.callee is None: - # If callee is now known and we have unsecure connection - user = self.user - - try: - self.callee = utils.User(name=user) - except Exception: - # self.log.debug("Can't switch to user %s" % user, exc_info=True) - self.callee = utils.User(name='nobody') - - assert self.callee is not None - - def shell(self): - try: - os.chdir(self.path or self.callee.dir) - except Exception: - pass - env = os.environ - # If local and local user is the same as login user - # We set the env of the user from the browser - # Usefull when running as root - if self.caller == self.callee: - env.update(self.socket.env) - env["TERM"] = "xterm-256color" - env["COLORTERM"] = "butterfly" - env["HOME"] = self.callee.dir - # print(self.callee.dir) - env["LOCATION"] = "http%s://%s:%d/" % ( - "s" if not True else "", - "localhost", 8001) - env["PATH"] = '%s:%s' % (os.path.abspath(os.path.join( - os.path.dirname(__file__), 'bin')), env.get("PATH")) - - try: - tty = os.ttyname(0).replace('/dev/', '') - except Exception: - tty = '' - - if self.caller != self.callee: - try: - os.chown(os.ttyname(0), self.callee.uid, -1) - except Exception: - pass - - utils.add_user_info( - self.uid, - tty, os.getpid(), - self.callee.name, self.request.headers['Host']) - - if os.path.exists('/usr/bin/su'): - args = ['/usr/bin/su'] - else: - args = ['/bin/su'] - - if sys.platform == 'linux': - args.append('-p') - if tornado.options.options.shell: - args.append('-s') - args.append(tornado.options.options.shell) - args.append(self.callee.name) - os.execvpe(args[0], args, env) - - def communicate(self): - fcntl.fcntl(self.fd, fcntl.F_SETFL, os.O_NONBLOCK) - - self.reader = io.open( - self.fd, - 'rb', - buffering=0, - closefd=False - ) - self.writer = io.open( - self.fd, - 'wt', - encoding='utf-8', - closefd=False - ) - ioloop.add_handler( - self.fd, self.shellHandle, ioloop.READ | ioloop.ERROR) - - def allow_draft76(self): - # for iOS 5.0 Safari - return True - - def check_origin(self, origin): - return True - - def open(self): - print "term socket open" - self.fd = None - self.closed = False - self.socket = utils.Socket(self.ws_connection.stream.socket) - self.set_nodelay(True) - self.path = None - self.user = getpass.getuser() - self.caller = self.callee = None - # self.user = "liuzheng" - self.callee = None - - Terminal.terminals.add(self) - - self.pty() - print self.fd - - def on_message(self, msg): - print "on_message ", msg - if not hasattr(self, 'writer'): - self.on_close() - self.close() - return - if msg[0] == 'C': # Change screen - c, r = map(int, msg[1:].split(',')) - s = struct.pack("HHHH", r, c, 0, 0) - fcntl.ioctl(self.fd, termios.TIOCSWINSZ, s) - elif msg[0] == 'R': # Run shell - self.writer.write(msg[1:]) - self.writer.flush() - - def shellHandle(self, f, events): - if events & ioloop.READ: - try: - read = self.reader.read() - except IOError: - read = '' - - if read and len(read) != 0 and self.ws_connection: - self.write_message(read.decode('utf-8', 'replace')) - else: - events = ioloop.ERROR - - if events & ioloop.ERROR: - self.on_close() - self.close() - - def on_close(self): - print "term close", self.uid - if self.closed: - return - self.closed = True - - if getattr(self, 'pid', 0) == 0: - return - - utils.rm_user_info(self.uid, self.pid) - - try: - ioloop.remove_handler(self.fd) - except Exception: - pass - - try: - os.close(self.fd) - except Exception: - pass - try: - os.kill(self.pid, signal.SIGKILL) - os.waitpid(self.pid, 0) - except Exception: - pass - Terminal.terminals.remove(self) - - -class Index(tornado.web.RequestHandler): - def get(self): - self.render('templates/terminal.html') - - -def main(): - sys.path.append('./jumpserver') # path to your project if needed - - parse_command_line() - - tornado_app = tornado.web.Application( - [ - ('/ws/terminal', Terminal), - ('/ws/Terminal', Index), - ]) - - server = tornado.httpserver.HTTPServer(tornado_app) - server.listen(options.port) - - tornado.ioloop.IOLoop.instance().start() - - -if __name__ == '__main__': - main() diff --git a/run_log_watch.py b/run_websocket.py similarity index 90% rename from run_log_watch.py rename to run_websocket.py index 209a42453..7283ed9b0 100644 --- a/run_log_watch.py +++ b/run_websocket.py @@ -16,32 +16,22 @@ import tornado.gen from tornado.websocket import WebSocketClosedError from tornado.options import define, options -from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY +from pyinotify import WatchManager, Notifier, ProcessEvent, IN_DELETE, IN_CREATE, IN_MODIFY, AsyncNotifier -from gevent import monkey -monkey.patch_all() - -import gevent +# from gevent import monkey +# monkey.patch_all() +# import gevent from gevent.socket import wait_read, wait_write -from gevent.select import select -from gevent.event import Event import paramiko -from paramiko import PasswordRequiredException -from paramiko.dsskey import DSSKey -from paramiko.rsakey import RSAKey -from paramiko.ssh_exception import SSHException - -import socket try: import simplejson as json except ImportError: import json -from StringIO import StringIO -define("port", default=8080, help="run on the given port", type=int) +define("port", default=3000, help="run on the given port", type=int) define("host", default='0.0.0.0', help="run port on", type=str) @@ -80,7 +70,7 @@ def file_monitor(path='.', client=None): print "You should monitor a file" sys.exit(3) else: - print "now starting monitor %s." %path + print "now starting monitor %s." % path global f f = open(path, 'r') st_size = os.stat(path)[6] @@ -88,7 +78,6 @@ def file_monitor(path='.', client=None): while True: try: - print "hello world" notifier.process_events() if notifier.check_events(): notifier.read_events() @@ -101,7 +90,6 @@ def file_monitor(path='.', client=None): class Application(tornado.web.Application): def __init__(self): handlers = [ - (r'/', MainHandler), (r'/monitor', MonitorHandler), (r'/terminal', WebTerminalHandler), ] @@ -164,11 +152,6 @@ class MonitorHandler(tornado.websocket.WebSocketHandler): MonitorHandler.threads.remove(MonitorHandler.threads[client_index]) -class MainHandler(tornado.web.RequestHandler): - def get(self): - self.render('log_watch.html') - - class WebTerminalHandler(tornado.websocket.WebSocketHandler): tasks = [] diff --git a/static/js/wssh.js b/static/js/wssh.js index a7b2aae01..54d4260e2 100644 --- a/static/js/wssh.js +++ b/static/js/wssh.js @@ -37,7 +37,7 @@ client.connect({ */ function WSSHClient() { -}; +} WSSHClient.prototype._generateEndpoint = function(options) { console.log(options); diff --git a/templates/jlog/log_online.html b/templates/jlog/log_online.html index 2122e500e..f2eacb9d6 100644 --- a/templates/jlog/log_online.html +++ b/templates/jlog/log_online.html @@ -108,7 +108,7 @@ function init(obj){ var file_path = obj.attr('file_path'); - var wsUri = '{{ web_socket_uri }}'; + var wsUri = '{{ web_monitor_uri }}'; var socket = new WebSocket(wsUri + '?file_path=' + file_path); socket.onopen = function(evt){ socket.send(file_path) diff --git a/templates/jlog/web_terminal.html b/templates/jlog/web_terminal.html index 6f5649443..514fe6850 100644 --- a/templates/jlog/web_terminal.html +++ b/templates/jlog/web_terminal.html @@ -2,12 +2,10 @@ - wssh + Jumpserver web terminal - + + + +{% endblock %} +{% block content %} +{% include 'nav_cat_bar.html' %}
    @@ -104,8 +123,6 @@ {# window.open('/jlog/monitor/', '监控', 'height=500, width=910, top=89px, left=99px,toolbar=no,menubar=no,scrollbars=auto,resizeable=no,location=no,status=no');#} {# })#} {# });#} - - function init(obj){ var file_path = obj.attr('file_path'); var wsUri = '{{ web_monitor_uri }}'; @@ -121,31 +138,27 @@ var username = obj.closest('tr').find('#username').text(); var ip = obj.closest('tr').find('#ip').text(); - BootstrapDialog.show({message: function(){ - var tag = $('
    ');
-{#            document.cookie.split('; ').forEach(function(obj){#}
-{#                var info = obj.split('=');#}
-{#                if(info.length == 2 ){#}
-{#                    if(info[0] == 'username'){#}
-{#                        username = info[1];#}
-{#                    }else if(info[0] == 'seed'){#}
-{#                        seed = info[1];#}
-{#                    }#}
-{#                }#}
-{#            });#}
 
+
+        BootstrapDialog.show({message: function(){
             //服务器端认证
 {#            socket.send('login', {userid:message.id, filename:message.filename,username:username,seed:seed});#}
-            socket.onmessage = function(evt){
-                var control_regx =  /\x1B\[([0-9]{1,3}((;[0-9]{1,3})*)?)?[m|K]/g;
-                var newline_regx = /\n|\r|(\r\n)|(\u0085)|(\u2028)|(\u2029)/g;
-{#                if (option == 'new') {#}
-                tag.append(evt.data.replace(newline_regx, '
    ').replace(control_regx, ''));
-{#                } else if (option == 'exist') {#}
-{#                    tag.append('
    ' + exsit_message + '
    ');#}
-{#                }#}
-                tag.animate({ scrollTop: tag[0].scrollHeight}, 1);
-            };
+            var term = new Terminal({
+              cols: 80,
+              rows: 24,
+              screenKeys: false
+            });
+            var tag = $('
    ');
+            term.open();
+            term.resize(80, 24);
+
+            window.setTimeout(function(){
+                $('.terminal').detach().appendTo('#term');
+                socket.onmessage = function(evt){
+                term.write(evt.data);
+            }}, 1000);
+
+
 
             tag[0].style.color = "#00FF00";
             return tag[0];
@@ -158,7 +171,7 @@
 
     $(document).ready(function(){
         $('.monitor').click(function(){
-            init($(this))
+            init($(this));
         });
 
         $('.log_command').on('click',function(){