网站首页 > 博客文章 正文
简介
蓝鲸实现vsphere虚拟机交付 -虚拟机管理(VSPHERE)实现的是从模板克隆新的虚拟机,下面我们需要将其添加到jumpserver中。
在此我们要借助于jumpserver的API,我们可以直接查看jumpserver swagger来查看相关API。
可参见官网说明:jumpserver开发文档
思路
jumpserver添加主机的流程:
- 创建资产,需要主机的基本信息、管理用户、节点等信息;
- 推送系统用户,需要将主机推送到指定的系统用户下;
因此我们需要在跳板机管理下建两个原子:
- 创建资产原子
- 推送系统用户原子
流程如下:
跳板机管理(JUMP)开发
1.创建资产原子前端开发
vim jump_asset_create.js
(function(){
$.atoms.jump_asset_create = [
{
tag_code: "jump_asset_hostname",
type: "input",
attrs: {
name: gettext("跳板机主机名"),
placeholder: gettext("主机名"),
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_asset_host",
type: "input",
attrs: {
name: gettext("IP"),
placeholder: gettext("IP"),
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_asset_protocol",
type: "select",
attrs: {
name: gettext("协议"),
placeholder: gettext("协议"),
items: [
{text: "ssh", value: "ssh"},
],
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_asset_port",
type: "select",
attrs: {
name: gettext("端口"),
placeholder: gettext("SSH端口"),
items: [
{text: "1022", value: "1022"},
{text: "22", value: "22"},
],
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_asset_platform",
type: "select",
attrs: {
name: gettext("系统平台"),
placeholder: gettext("系统平台"),
items: [
{text: "Linux", value: "Linux"},
],
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_asset_adminuser",
type: "select",
attrs: {
name: gettext("管理用户"),
placeholder: gettext("管理用户"),
items: [
{text: "all-server-root", value: "f2fe91582dcf44f4a711295953b1ffe2"},
],
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_asset_node",
type: "select",
attrs: {
name: gettext("跳板机节点"),
placeholder: gettext("节点"),
hookable: true,
remote: true,
remote_url: $.context.site_url + 'pipeline/jump_assets_nodes/' + $.context.biz_cc_id + '/',
remote_data_init: function(resp) {
return resp.data;
},
validation: [
{
type: "required"
}
]
}
},
]
})();
前端展示如下:
2.推送系统用户原子前端开发
vim jump_system_user_push.js
(function(){
$.atoms.jump_system_user_push = [
{
tag_code: "jump_asset_id",
type: "input",
attrs: {
name: gettext("资产"),
placeholder: gettext("资产uuid"),
hookable: true,
validation: [
{
type: "required"
}
]
}
},
{
tag_code: "jump_system_user",
type: "select",
attrs: {
name: gettext("系统用户"),
placeholder: gettext("系统用户uuid"),
items: [
{text: "first_line_sa", value: "1e955415-df33-4bab-9228-42199c6714d4"},
{text: "second_line_sa", value: "991e668b-0bf0-4743-8bcb-2442a524f7da"},
],
hookable: true,
validation: [
{
type: "required"
}
]
}
},
]
})();前端展示如下:
3.两个原子的后端开发
vim jump.py
# -*- coding: utf-8 -*-
'''
jumpserver 跳板机管理
'''
from pipeline.conf import settings
from pipeline.core.flow.activity import Service
from pipeline.component_framework.component import Component
import requests
import json
import logging
logger = logging.getLogger("root")
__group_name__ = u"跳板机管理(JUMP)"
class JumpAssetCreateService(Service):
__need_schedule__ = False
def execute(self, data, parent_data):
jump_asset_hostname = data.get_one_of_inputs('jump_asset_hostname')
jump_asset_host = data.get_one_of_inputs('jump_asset_host')
jump_asset_protocol = data.get_one_of_inputs('jump_asset_protocol')
jump_asset_port = data.get_one_of_inputs('jump_asset_port')
jump_asset_platform = data.get_one_of_inputs('jump_asset_platform')
#jump_asset_adminuser和jump_asset_node必须是uuid,否则请求jumpserver不成功
jump_asset_adminuser = data.get_one_of_inputs('jump_asset_adminuser')
jump_asset_node = data.get_one_of_inputs('jump_asset_node')
headers = {
"Authorization": "Token xxxxxxxxxxxxx",
"Content-Type": "application/json"
}
param = {
"hostname": jump_asset_hostname,
"ip": jump_asset_host,
"protocol": jump_asset_protocol,
"port": jump_asset_port,
"platform": jump_asset_platform,
"admin_user": jump_asset_adminuser,
"nodes": [jump_asset_node]
}
response = requests.post('http://jumpserver.test.cn/api/assets/v1/assets/', data=json.dumps(param), headers=headers)
if response.status_code < 300:
asset_id = response.json()["id"]
data.set_outputs('asset_id', asset_id)
return True
else:
data.set_outputs('ex_data', u"资产更新失败(可能资产已经存在),status_code: %s" % str(response.status_code))
return False
def outputs_format(self):
return [
self.OutputItem(name=(u'资产id'), key='asset_id', type='str'),
self.OutputItem(name=(u'异常信息'), key='ex_data', type='str')
]
class JumpAssetCreateComponent(Component):
name = u'创建资产'
code = 'jump_asset_create'
bound_service = JumpAssetCreateService
form = settings.STATIC_URL + 'custom_atoms/jumpserver/jump_asset_create.js'
class JumpSystemUserPushService(Service):
__need_schedule__ = False
def execute(self, data, parent_data):
#jump_asset和jump_system_user必须是uuid,否则请求jumpserver不成功
jump_asset_id = data.get_one_of_inputs('jump_asset_id')
jump_system_user = data.get_one_of_inputs('jump_system_user')
headers = {
"Authorization": "Token xxxxxxxxxxxxxxxxxxx",
"Content-Type": "application/json"
}
url = 'http://jumpserver.test.cn/api/assets/v1/system-user/' + jump_system_user.strip() + '/asset/' + jump_asset_id.strip() + '/push/'
try:
#推送系统用户
response = requests.get(url, headers=headers)
if response.status_code < 300:
task = response.json()["task"]
data.set_outputs('data', task)
return True
else:
data.set_outputs('ex_data', u"推送系统用户失败,status_code: %s" % str(response.status_code))
return False
except Exception as e:
data.set_outputs('ex_data', e)
logger.error(e)
return False
def outputs_format(self):
return [
self.OutputItem(name=(u'查询结果'), key='data', type='str'),
self.OutputItem(name=(u'异常信息'), key='ex_data', type='str')
]
class JumpSystemUserPushComponent(Component):
name = u'推送系统用户'
code = 'jump_system_user_push'
bound_service = JumpSystemUserPushService
form = settings.STATIC_URL + 'custom_atoms/jumpserver/jump_system_user_push.js' 开发过程中需要注意以下:
- jumpserver的jump_asset、jump_system_user、jump_asset_adminuser和jump_asset_node必须是uuid,否则请求jumpserver不成功
- 跳板机节点信息我们需要根据在前段js中异步取jumpserver的节点信息,如下:
vim bk-sops-atoms/pipeline_plugins/components/query/sites/open/query.py
#获取jumpserver的节点信息
def jump_assets_nodes(request, biz_cc_id):
"""
@summary: 查询jumpserver节点
@param request:
@param biz_cc_id:
@return:
"""
headers = {
"Authorization": "Token 8465f987623e372d14ddb88f3f1df3f3c9573955",
"Content-Type": "application/json"
}
response = requests.get('http://jump.test.cn/api/assets/v1/nodes/', headers=headers)
if response.status_code != 200:
message = "[http://jump.test.cn/api/assets/v1/nodes/] status_code: %s" % str(response.status_code)
logger.error(message)
result = {
'result': False,
'data': [],
'message': message
}
return JsonResponse(result)
assets_nodes = []
for item in response.json():
assets_nodes.append({
'value': item['id'],
'text': item['value']
})
return JsonResponse({'result': True, 'data': assets_nodes})
#在此文件下添加路由
urlpatterns = [
#新增获取jumpserver节点信息
url(r'^jump_assets_nodes/(?P<biz_cc_id>\d+)/#39;, jump_assets_nodes),
]4.最终效果
填写新上架虚拟机的基本信息
总结
在开发跳板机管理原子时,前端异步获取的节点信息及路由方式是通过查看蓝鲸自带的获取方式进行模仿添加,可以将跳板机的最新的节点信息展示给我们。通过蓝鲸的标准运维将jumpserver加入到运维流程中,大大提高了我们的工作效率。
- 上一篇: jumpserver测试验证(二)
- 下一篇: JumpServer运维审计平台高可用集群部署设计方案
猜你喜欢
- 2024-11-19 允许某个资产通过某个 IP 登录 JumpServer 之后进行连接的设定
- 2024-11-19 JumpServer 访问 Linux(CentOS)的图形界面的配置方法
- 2024-11-19 JumpServer 对接其他认证方式后的等待时间的设置
- 2024-11-19 Jumpserver 任意命令执行漏洞分析报告
- 2024-11-19 操作指南|JumpServer与Keycloak集成对接
- 2024-11-19 使用frp+jumpserver集中管理远程内网服务器
- 2024-11-19 网站未动,跳板机Jumpserver先行
- 2024-11-19 Jumpserver 通过 SSH 连接资产
- 2024-11-19 【堡垒机V3】JumpServer 组件相关的常见问题
- 2024-11-19 最新JumpServer未授权访问漏洞(CVE-2023-42442)分析
欢迎 你 发表评论:
- 最近发表
- 标签列表
-
- powershellfor (55)
- messagesource (56)
- aspose.pdf破解版 (56)
- promise.race (63)
- 2019cad序列号和密钥激活码 (62)
- window.performance (66)
- qt删除文件夹 (72)
- mysqlcaching_sha2_password (64)
- ubuntu升级gcc (58)
- nacos启动失败 (64)
- ssh-add (70)
- jwt漏洞 (58)
- macos14下载 (58)
- yarnnode (62)
- abstractqueuedsynchronizer (64)
- source~/.bashrc没有那个文件或目录 (65)
- springboot整合activiti工作流 (70)
- jmeter插件下载 (61)
- 抓包分析 (60)
- idea创建mavenweb项目 (65)
- vue回到顶部 (57)
- qcombobox样式表 (68)
- vue数组concat (56)
- tomcatundertow (58)
- pastemac (61)
本文暂时没有评论,来添加一个吧(●'◡'●)