传统运维 - jumpserver同步阿里云资产
2021-05-11
#!/usr/bin/env python3
#coding=utf-8
#Author:cuijianzhe
import json
import requests
import time
from httpsig.requests_auth import HTTPSignatureAuth
from aliyunsdkcore.client import AcsClient
from aliyunsdkecs.request.v20140526.DescribeInstancesRequest import DescribeInstancesRequest
from collections import Counter
#jumpserver api key
KEY_ID = 'eab0ce65-2d2d-43c9-9085-4xxx863b29d'
SECRET = '220960bd-2d37-42e5-a374-326eee4646'
Jumpserver_url = 'http://127.0.0.1'
#aliyun参数
aliyun_ip_list_windows = []
aliyun_ip_list = []
aliyun_name_list = []
JumpIP_list = []
JumpID_list = []
class aliyun_ecs():
def __init__(self):
self._client = AcsClient('LTAI80hDIWGzV0kC', 'lt23l6nLWLfCgb1aamYpIpbi6wWvDq', 'cn-hangzhou')
def res(self):
request = DescribeInstancesRequest()
request.set_accept_format('json')
response = json.loads(self._client.do_action_with_exception(request))
return response
def page_num(self):
_ecs_num = (self.res()).get('TotalCount')//100 + 2
return _ecs_num
def assets_list(self):
request = DescribeInstancesRequest()
for num in range(1,self.page_num()):
request.set_accept_format('json')
request.set_InstanceNetworkType("vpc")
request.set_Status("Running")
request.set_VpcId("vpc-bp1v1o46xkaingzalvmvy")
request.set_PageNumber(num)
request.set_PageSize(100)
response = json.loads(self._client.do_action_with_exception(request))
instances_list = response.get('Instances').get('Instance')
for info in instances_list:
assetsOSType = info.get('OSType')
assetsIp = ''.join(info.get('VpcAttributes').get('PrivateIpAddress').get('IpAddress'))
assetsName = info.get('InstanceName')
if assetsOSType == "linux":
aliyun_name_list.append(assetsName)
aliyun_ip_list.append(assetsIp)
else:
aliyun_ip_list_windows.append(assetsIp)
class new_Jumpserver():
def __init__(self,ip,hostname,id,host=Jumpserver_url,keyid=KEY_ID,secret=SECRET):
self.host = host
self.keyid = keyid
self.secret = secret
self.ip = ip
self.hostname = hostname
self.id = id
def _auth(self):
signature_headers = ['(request-target)', 'accept', 'date', 'host']
auth = HTTPSignatureAuth(key_id=self.keyid, secret=self.secret,
algorithm='hmac-sha256',
headers=signature_headers)
return auth
def _headers(self):
headers = {
'Accept': 'application/json',
'Date': str(time.strftime("%a %b %d %H:%M:%S %Y", time.localtime()))
}
return headers
def get_assets(self):
url = self.host + '/api/v1/assets/assets/'
req = requests.get(url, auth=self._auth(), headers=self._headers())
return json.loads(req.content)
def get_nodes(self):
url = self.host + '/api/v1/assets/nodes/'
req = requests.get(url,auth=self._auth(),headers=self._headers())
return json.loads(req.content)
def create_assets(self):
url = self.host + '/api/v1/assets/assets/'
data = {
'hostname': self.hostname,
'ip': self.ip,
'platform':'Linux',
# 'nodes': self.get_nodes()[0].get('id'),
'nodes': '71dfad19-1d56-4404-be7f-a327a1dcfe9a',
"admin_user_display": "yqn",
"protocols": ["ssh/22"],
"created_by": "Administrator",
"admin_user": self.get_assets()[0].get('yqn'),
"is_active": 'true',
}
req = requests.post(url,auth=self._auth(),headers=self._headers(),data=data)
return json.loads(req.content)
def delete_assets(self):
# /assets/nodes/{id}/
url = Jumpserver_url + '/api/v1/assets/assets/{}/'.format(self.id)
req = requests.delete(url, auth=self._auth(), headers=self._headers())
return req.content.decode('utf-8')
def send_msg(text):
headers = {'Content-Type': 'application/json;charset=utf-8'}
# api_url = "https://oapi.dingtalk.com/robot/send?access_token=b85094464fc5364ccde023afae04a554bd0174b4c8a2270b4b1e28fd2a71dc67"
api_url = "https://oapi.dingtalk.com/robot/send?access_token=c75aafba7e62e54ebaeb4490586450dc1ce3ff1bd2f627136bba8595818bb6ff"
json_text= {
"actionCard": {
"title": "Jumpserver同步资产通知",
"text": text,
"hideAvatar": "0",
"btnOrientation": "0",
"btns": [
{
"title": "Jumpserver链接",
"actionURL": "http://jumper.sa.iyunquna.com"
},
]
},
"msgtype": "actionCard"
}
Text = requests.post(api_url,data=json.dumps(json_text),headers=headers).json()
return Text
if __name__ == '__main__':
#服务器白名单
# white_list_ip = ['172.30.235.39', '10.174.32.202', '172.31.168.246', '172.25.21.115', '172.25.139.8', '172.30.246.5']
#ali全部资产写入列表
# for num in range(1,10):
# all_assets = aliyun_ecs(int(num))
# aliyun_list = all_assets.assets_list()
aliyun_ecs().assets_list()
aliassets_dict = dict(list(zip(aliyun_ip_list,aliyun_name_list))) #将aliyun资产ip和命名合并成字典
#jumpserver全部资产
Jump_assetsInfo = new_Jumpserver(ip=None,hostname=None,id=None)
for var in Jump_assetsInfo.get_assets():
if "192.168." in var.get('ip'):
JumpIP_list.append(var.get('ip'))
JumpID_list.append(var.get('id'))
jumpserver_dict = dict(list(zip(JumpIP_list,JumpID_list))) #将Jumpserver资产合并成子字典
# 检查Jumpserver是否存在重复资产
dup = dict(Counter(JumpIP_list))
dup_set = [key for key,value in dup.items()if value > 1]
if dup_set:
message = '**Jumpserver中存在重复资产信息列表**:' + '\n\n' + str(dup_set)
send_msg(message)
with open('/opt/logs/jumpserver/rsync_assets/log', 'a', encoding='utf-8') as dup_assets:
dup_assets.write(message +'\n')
if len(aliyun_ip_list) > 10: #检查是否有阿里云获取到的值,有则执行下一步
#ali云和Jumpserver资产对比,如果jumpserver有而阿里云以及本地机房没有则删除Jumpserver资产
# delete_ip_list = [ip for ip in JumpIP_list if ip not in aliyun_ip_list+white_list_ip+aliyun_ip_list_windows]
delete_ip_list = [ip for ip in JumpIP_list if ip not in aliyun_ip_list+aliyun_ip_list_windows]
if len(delete_ip_list) > 0:
delete_msg = '**Jumpserver删除资产通知**:' + '\n\n' + \
'**当前时间**:' + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + '\n\n' + \
'**删除ip列表**:' + str(delete_ip_list)
for ip in delete_ip_list:
del_assets = new_Jumpserver(id=jumpserver_dict[ip],ip=None,hostname=None)
del_assets.delete_assets()
with open('/opt/logs/jumpserver/rsync_assets/log','a',encoding='utf-8') as f:
f.write(delete_msg + '\n')
send_msg(delete_msg)
#列表推导式--> 同步阿里云资产到Jumpserver
add_ip_list = [ip for ip in aliyun_ip_list if ip not in JumpIP_list]
if len(add_ip_list) > 0:
add_msg = '**Jumpserver添加资产通知**:' + '\n\n' + \
'**当前时间**:' + time.strftime("%Y-%m-%d %H:%M:%S", time.localtime()) + '\n\n' + \
'**添加ip列表**:' + str(add_ip_list)
for ip in add_ip_list:
add_assets = new_Jumpserver(ip=ip, hostname=aliassets_dict[ip] + '-' + ip,id=None)
add_assets.create_assets()
with open('/opt/logs/jumpserver/rsync_assets/log','a',encoding='utf-8') as f:
f.write(add_msg + '\n')
send_msg(add_msg)