diff --git a/jperm/ansible_api.py b/jperm/ansible_api.py index d452a6028..27d61f0e9 100644 --- a/jperm/ansible_api.py +++ b/jperm/ansible_api.py @@ -444,23 +444,8 @@ class Tasks(Command): :return: """ module_args1 = file_path - ret1 = self.__run(module_args1, "script") - module_args2 = 'visudo -c | grep "parsed OK" &> /dev/null && echo "ok" || echo "failed"' - ret2 = self.__run(module_args2, "shell") - ret2_status = [host_value.get("stdout") for host_value in ret2["result"]["contacted"].values()] - - result = {} - if not ret1["msg"]: - result["step1"] = "ok" - else: - result["msg"] = ret1["msg"] - - if not ret2["msg"] and "failed" not in ret2_status: - result["step2"] = "ok" - else: - result["msg"] = ret1["msg"] - - return result + ret = self.__run(module_args1, "script") + return ret class CustomAggregateStats(callbacks.AggregateStats): diff --git a/jperm/urls.py b/jperm/urls.py index 1e2ccf4cd..456cf5c87 100644 --- a/jperm/urls.py +++ b/jperm/urls.py @@ -13,9 +13,9 @@ urlpatterns = patterns('jperm.views', (r'^role/perm_role_detail/$', perm_role_detail), (r'^role/perm_role_edit/$', perm_role_edit), (r'^role/push/$', perm_role_push), + (r'^role/recycle/$', perm_role_recycle), (r'^sudo/$', perm_sudo_list), (r'^sudo/perm_sudo_add/$', perm_sudo_add), (r'^sudo/perm_sudo_delete/$', perm_sudo_delete), (r'^sudo/perm_sudo_edit/$', perm_sudo_edit), - ) diff --git a/jperm/views.py b/jperm/views.py index 38a003859..12ca395ba 100644 --- a/jperm/views.py +++ b/jperm/views.py @@ -319,6 +319,7 @@ def perm_role_detail(request): if request.method == "GET": role_id = request.GET.get("id") + role = get_object(PermRole, id=role_id) role_info = get_role_info(role_id) # 渲染数据 @@ -410,25 +411,8 @@ def perm_role_push(request): for asset_group in asset_groups_obj: group_assets_obj.extend(asset_group.asset_set.all()) calc_assets = list(set(assets_obj) | set(group_assets_obj)) - - # 生成Inventory - # push_resource = [] - # for asset in calc_assets: - # if asset.use_default_auth: - # username = Setting.field1 - # port = Setting.field2 - # password = Setting.field3 - # else: - # username = asset.username - # password = asset.password - # port = asset.port - # push_resource.append({"hostname": asset.ip, - # "port": port, - # "username": username, - # "password": password}) push_resource = gen_resource(calc_assets) - - logger.debug('推送role res: %s' % push_resource) + logger.debug('Push role res: %s' % push_resource) # 调用Ansible API 进行推送 password_push = True if request.POST.get("use_password") else False @@ -463,7 +447,7 @@ def perm_role_push(request): if ret['sudo'].get('msg'): ret_failed = ret['sudo'].get('msg') - os.remove(add_sudo_script) + # os.remove(add_sudo_script) logger.debug('推送role结果: %s' % ret) logger.debug('推送role错误: %s' % ret_failed) @@ -591,3 +575,15 @@ def perm_sudo_delete(request): return HttpResponse(u"不支持该操作") +@require_role('admin') +def perm_role_recycle(request): + role_id = request.GET.get('role_id') + asset_ids = request.GET.get('asset_id').split(',') + for asset_id in asset_ids: + asset = get_object(Asset, id=asset_id) + role = get_object(PermRole, id=role_id) + PermPush.objects.filter(asset=asset, role=role).delete() + return HttpResponse('删除成功') + + + diff --git a/templates/jperm/perm_role_detail.html b/templates/jperm/perm_role_detail.html index a6cb9ad11..757ec08f2 100644 --- a/templates/jperm/perm_role_detail.html +++ b/templates/jperm/perm_role_detail.html @@ -1,7 +1,6 @@ {% extends 'base.html' %} {% load mytags %} - {% block content %} {% include 'nav_cat_bar.html' %}
@@ -146,7 +145,7 @@
-
+
推送主机 @@ -172,17 +171,25 @@
+ 删除 + + {% for asset, info in pushed_asset.items %} + @@ -191,6 +198,7 @@ {% else %} {% endif %} + {% endfor %} @@ -204,7 +212,7 @@
- 未推送主机 + 未推送主机
@@ -245,14 +253,43 @@
+ + +{% endblock %} +{% block self_footer_js %} + - - {% endblock %} \ No newline at end of file diff --git a/templates/jperm/perm_role_list.html b/templates/jperm/perm_role_list.html index e9305a165..36c7023ba 100644 --- a/templates/jperm/perm_role_list.html +++ b/templates/jperm/perm_role_list.html @@ -99,7 +99,7 @@ function remove_role(role_id){ del_row.remove() }, error: function (msg) { - console.log(msg) + console.log(msg); alert("失败: " + msg) } }); diff --git a/templates/jperm/role_sudo.j2 b/templates/jperm/role_sudo.j2 index c19f255ac..6fca2a7f9 100644 --- a/templates/jperm/role_sudo.j2 +++ b/templates/jperm/role_sudo.j2 @@ -1,15 +1,15 @@ #!/bin/bash -sudo_file=/etc/sudoers -sudo_file_bak=/etc/sudoers.bak - +real_file=/etc/sudoers +tmp_file=$(mktemp /tmp/XXXXXXX) # Backup sudoers file cp ${sudo_file} ${sudo_file_bak} # Add Command Aliases add_cmd_alias() { + sudo_file=$1 {% for sudo in sudo_alias %} if $(grep '^Cmnd_Alias {{ sudo.name }}' ${sudo_file} &> /dev/null); then sed -i 's@^Cmnd_Alias.*{{ sudo.name }}.*@Cmnd_Alias {{ sudo.name }} = {{ sudo.commands }}@g' ${sudo_file} @@ -22,6 +22,7 @@ add_cmd_alias() { # Add Command Aliases to role add_role_chosen() { + sudo_file=$1 {% for role, alias in role_chosen_aliase.items %} if $(grep '^{{ role }}.*' ${sudo_file} &> /dev/null); then sed -i 's@^{{ role }}.*@{{ role }} ALL = NOPASSWD: {{ alias }}@g' ${sudo_file} @@ -31,20 +32,12 @@ add_role_chosen() { {% endfor %} } -# Check sudoers file configured correctly -check_sudo_file() { - status=$(visudo -c &> /dev/null && echo "ok" || echo "failed") - if [ ${status} == "failed" ]; then - mv ${sudo_file_bak} ${sudo_file} - ret="failed" - else - ret="ok" - fi + +check_syntax(){ + visudo -c -f $1 } +cp $real_file $tmp_file && add_cmd_alias $tmp_file && add_role_chosen $tmp_file || exit 1 +check_syntax $tmp_file && add_cmd_alias $real_file && add_role_chosen $real_file && rm -f $tmp_file || exit 2 +check_syntax $real_file -add_cmd_alias -add_role_chosen -check_sudo_file - -echo ${ret} \ No newline at end of file
+ + 主机 密钥 密码 结果操作
+ + {{ asset.hostname }} {{ info.key | yesno:"是,否,未知" }} {{ info.password | yesno:"是,否,未知" }} {{ info.success | yesno:"成功,失败,未知" }}