Merge branch 'ansible_api' into ops_dev

# Conflicts:
#	apps/jumpserver/urls.py
#	apps/locale/zh/LC_MESSAGES/django.po
#	apps/templates/_nav.html
#	requirements.txt
#	run_server.py

apps/jumpserver/settings.py

@@ -180,6 +180,12 @@ LOGGING = {
             'formatter': 'main',
             'filename': os.path.join(PROJECT_DIR, 'logs', 'jumpserver.log')
         },
+        'ansible_logs': {
+            'level': 'DEBUG',
+            'class': 'logging.FileHandler',
+            'formatter': 'main',
+            'filename': os.path.join(PROJECT_DIR, 'logs', 'ansible.log')
+        },
     },
     'loggers': {
         'django': {
@@ -208,6 +214,10 @@ LOGGING = {
         'jumpserver.users.view': {
             'handlers': ['console', 'file'],
             'level': LOG_LEVEL,
+        },
+        'ops.ansible_api': {
+            'handlers': ['console', 'ansible_logs'],
+            'level': LOG_LEVEL,
         }
     }
 }

apps/jumpserver/urls.py

@@ -22,6 +22,7 @@ from django.views.generic.base import TemplateView
 urlpatterns = [
     url(r'^captcha/', include('captcha.urls')),
     url(r'^$', TemplateView.as_view(template_name='base.html'), name='index'),
+
     url(r'^users/', include('users.urls.views_urls', namespace='users')),
     url(r'^assets/', include('assets.urls.views_urls', namespace='assets')),
     url(r'^perms/', include('perms.urls.views_urls', namespace='perms')),
@@ -32,6 +33,10 @@ urlpatterns = [
     url(r'^api/perms/', include('perms.urls.api_urls', namespace='api-perms')),
     url(r'^api/audits/', include('audits.urls.api_urls', namespace='api-audits')),
     url(r'^api/terminal/', include('terminal.urls.api_urls', namespace='api-terminal')),
+    url(r'^(api/)?users/', include('users.urls')),
+    url(r'^assets/', include('assets.urls')),
+    url(r'^perms/', include('perms.urls')),
+    url(r'^(api/)?ops/', include('ops.urls')),
 ]
 
 

apps/ops/api.py

-# ~*~ coding: utf-8 ~*~
-# 
-

apps/ops/api/exc.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals, print_function
+
+from rest_framework.exceptions import APIException
+from django.utils.translation import ugettext as _
+
+
+class ServiceUnavailable(APIException):
+    status_code = default_code = 503
+    default_detail = _('Service temporarily unavailable, try again later.')
+
+
+class ServiceNotImplemented(APIException):
+    status_code = default_code = 501
+    default_detail = _('This service maybe implemented in the future, but now not implemented!')
+

apps/ops/api/permissions.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+
+from rest_framework import permissions
+
+
+class AdminUserRequired(permissions.BasePermission):
+    """
+    Custom permission to only allow admin user to access the resource.
+    """
+
+    def has_object_permission(self, request, view, obj):
+        # Read permissions are allowed to any request,
+        # so we'll always allow GET, HEAD or OPTIONS requests.
+        if request.method in permissions.SAFE_METHODS:
+            return True
+
+        # Write permissions are only allowed to the admin role.
+        return request.user.is_staff

apps/ops/api/serializers.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+
+from ..models import HostAlia, UserAlia, CmdAlia, RunasAlia, Extra_conf, Privilege, Sudo, CronTable
+from rest_framework import serializers
+
+
+class HostAliaSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = HostAlia
+
+
+class CmdAliaSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = CmdAlia
+
+
+class UserAliaSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = UserAlia
+
+
+class RunasAliaSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = RunasAlia
+
+
+class ExtraconfSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Extra_conf
+
+
+class PrivilegeSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Privilege
+
+
+class SudoSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = Sudo
+
+
+class CronTableSerializer(serializers.ModelSerializer):
+
+    class Meta:
+        model = CronTable

apps/ops/api/views.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+from rest_framework import viewsets, mixins
+
+from serializers import *
+from permissions import *
+
+
+class HostAliaViewSet(mixins.CreateModelMixin,
+                      mixins.ListModelMixin,
+                      mixins.RetrieveModelMixin,
+                      mixins.UpdateModelMixin,
+                      mixins.DestroyModelMixin,
+                      viewsets.GenericViewSet):
+    queryset = HostAlia.objects.all()
+    serializer_class = HostAliaSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class CmdAliaViewSet(mixins.CreateModelMixin,
+                     mixins.ListModelMixin,
+                     mixins.RetrieveModelMixin,
+                     mixins.UpdateModelMixin,
+                     mixins.DestroyModelMixin,
+                     viewsets.GenericViewSet):
+    queryset = CmdAlia.objects.all()
+    serializer_class = CmdAliaSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class UserAliaViewSet(mixins.CreateModelMixin,
+                      mixins.ListModelMixin,
+                      mixins.RetrieveModelMixin,
+                      mixins.UpdateModelMixin,
+                      mixins.DestroyModelMixin,
+                      viewsets.GenericViewSet):
+    queryset = UserAlia.objects.all()
+    serializer_class = UserAliaSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class RunasAliaViewSet(mixins.CreateModelMixin,
+                       mixins.ListModelMixin,
+                       mixins.RetrieveModelMixin,
+                       mixins.UpdateModelMixin,
+                       mixins.DestroyModelMixin,
+                       viewsets.GenericViewSet):
+    queryset = RunasAlia.objects.all()
+    serializer_class = RunasAliaSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class ExtraconfViewSet(mixins.CreateModelMixin,
+                       mixins.ListModelMixin,
+                       mixins.RetrieveModelMixin,
+                       mixins.UpdateModelMixin,
+                       mixins.DestroyModelMixin,
+                       viewsets.GenericViewSet):
+    queryset = Extra_conf.objects.all()
+    serializer_class = ExtraconfSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class PrivilegeViewSet(mixins.CreateModelMixin,
+                       mixins.ListModelMixin,
+                       mixins.RetrieveModelMixin,
+                       mixins.UpdateModelMixin,
+                       mixins.DestroyModelMixin,
+                       viewsets.GenericViewSet):
+    queryset = Privilege.objects.all()
+    serializer_class = PrivilegeSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class SudoViewSet(mixins.CreateModelMixin,
+                  mixins.ListModelMixin,
+                  mixins.RetrieveModelMixin,
+                  mixins.UpdateModelMixin,
+                  mixins.DestroyModelMixin,
+                  viewsets.GenericViewSet):
+    queryset = Sudo.objects.all()
+    serializer_class = SudoSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+class CronTableViewSet(mixins.CreateModelMixin,
+                       mixins.ListModelMixin,
+                       mixins.RetrieveModelMixin,
+                       mixins.UpdateModelMixin,
+                       mixins.DestroyModelMixin,
+                       viewsets.GenericViewSet):
+    queryset = CronTable.objects.all()
+    serializer_class = CronTableSerializer
+    permission_classes = (AdminUserRequired,)
+
+
+

apps/ops/models.py

-from __future__ import unicode_literals
-
-from django.db import models
-
-# Create your models here.

apps/ops/models/__init__.py

+from ansible import Tasker, AnsiblePlay, AnsibleTask, AnsibleHostResult
+from sudo import HostAlia, UserAlia, CmdAlia, RunasAlia, Privilege, Extra_conf, Sudo
+from cron import CronTable

apps/ops/models/ansible.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals, absolute_import
+
+import logging
+import json
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+logger = logging.getLogger(__name__)
+
+
+class Tasker(models.Model):
+    uuid = models.CharField(max_length=128, verbose_name=_('UUID'), primary_key=True)
+    name = models.CharField(max_length=128, blank=True, verbose_name=_('Name'))
+    start = models.DateTimeField(auto_now_add=True, verbose_name=_('Start Time'))
+    end = models.DateTimeField(blank=True, null=True, verbose_name=_('End Time'))
+    exit_code = models.IntegerField(default=0, verbose_name=_('Exit Code'))
+    completed = models.BooleanField(default=False, verbose_name=_('Is Completed'))
+    hosts = models.TextField(blank=True, null=True, verbose_name=_('Hosts'))
+
+    def __unicode__(self):
+        return "%s" % self.uuid
+
+    @property
+    def total_hosts(self):
+        return self.hosts.split(',')
+
+
+class AnsiblePlay(models.Model):
+    tasker = models.ForeignKey(Tasker, related_name='plays', blank=True, null=True)
+    uuid = models.CharField(max_length=128, verbose_name=_('UUID'), primary_key=True)
+    name = models.CharField(max_length=128, verbose_name=_('Name'))
+
+    def __unicode__(self):
+        return "%s<%s>" % (self.name, self.uuid)
+
+    def to_dict(self):
+        return {"uuid": self.uuid, "name": self.name}
+
+
+class AnsibleTask(models.Model):
+    play = models.ForeignKey(AnsiblePlay, related_name='tasks', blank=True, null=True)
+    uuid = models.CharField(max_length=128, verbose_name=_('UUID'), primary_key=True)
+    name = models.CharField(max_length=128, blank=True, verbose_name=_('Name'))
+
+    def __unicode__(self):
+        return "%s<%s>" % (self.name, self.uuid)
+
+    def to_dict(self):
+        return {"uuid": self.uuid, "name": self.name}
+
+    def failed(self):
+        pass
+
+    def success(self):
+        pass
+
+
+class AnsibleHostResult(models.Model):
+    task = models.ForeignKey(AnsibleTask, related_name='host_results', blank=True, null=True)
+    name = models.CharField(max_length=128, blank=True, verbose_name=_('Name'))
+    success = models.TextField(blank=True, verbose_name=_('Success'))
+    skipped = models.TextField(blank=True, verbose_name=_('Skipped'))
+    failed = models.TextField(blank=True, verbose_name=_('Failed'))
+    unreachable = models.TextField(blank=True, verbose_name=_('Unreachable'))
+    no_host = models.TextField(blank=True, verbose_name=_('NoHost'))
+
+    def __unicode__(self):
+        return "%s %s<%s>" % (self.name, str(self.is_success), self.task.uuid)
+
+    @property
+    def is_failed(self):
+        if self.failed or self.unreachable or self.no_host:
+            return True
+        return False
+
+    @property
+    def is_success(self):
+        return not self.is_failed
+
+    @property
+    def _success_data(self):
+        if self.success:
+            return json.loads(self.success)
+        elif self.skipped:
+            return json.loads(self.skipped)
+
+    @property
+    def _failed_data(self):
+        if self.failed:
+            return json.loads(self.failed)
+        elif self.unreachable:
+            return json.loads(self.unreachable)
+        elif self.no_host:
+            return {"msg": self.no_host}
+
+    @property
+    def failed_msg(self):
+        return self._failed_data.get("msg")
+
+    @staticmethod
+    def __filter_disk(ansible_devices, exclude_devices):
+        """
+        过滤磁盘设备，丢弃掉不需要的设备
+
+        :param ansible_devices: 对应的facts字段
+        :param exclude_devices: <list> 一个需要被丢弃的设备,匹配规则是startwith, 比如需要丢弃sr0子类的 ['sr']
+        :return: <dict> 过滤获取的结果
+        """
+        for start_str in exclude_devices:
+            for key in ansible_devices.keys():
+                if key.startswith(start_str):
+                    ansible_devices.pop(key)
+        return ansible_devices
+
+    @staticmethod
+    def __filter_interface(ansible_interfaces, exclude_interface):
+        """
+        过滤网卡设备，丢弃掉不需要的网卡， 比如lo
+
+        :param ansible_interface: 对应的facts字段
+        :param exclude_interface: <list> 一个需要被丢弃的设备,匹配规则是startwith, 比如需要丢弃lo子类的 ['lo']
+        :return: <dict> 过滤获取的结果
+        """
+        for interface in ansible_interfaces:
+            for start_str in exclude_interface:
+                if interface.startswith(start_str):
+                    i = ansible_interfaces.index(interface)
+                    ansible_interfaces.pop(i)
+        return ansible_interfaces
+
+    @staticmethod
+    def __gather_interface(facts, interfaces):
+        """
+        收集所有interface的具体信息
+
+        :param facts: ansible faces
+        :param interfaces: 需要收集的intreface列表
+        :return: <dict> interface的详情
+        """
+        result = {}
+        for key in interfaces:
+            gather_key = "ansible_" + key
+            if gather_key in facts.keys():
+                result[key] = facts.get(gather_key)
+        return result
+
+    def __deal_setup(self):
+        """
+        处理ansible setup模块收集到的数据，提取资产需要的部分
+
+        :return: <dict> {"msg": <str>, "data": <dict>}, 注意msg是异常信息, 有msg时 data为None
+        """
+        result = self._success_data
+        module_name = result['invocation'].get('module_name') if result.get('invocation') else None
+        if module_name is not None:
+            if module_name != "setup":
+                return {"msg": "the property only for ansible setup module result!, can't support other module", "data":None}
+            else:
+                data = {}
+                facts =result.get('ansible_facts')
+                interfaces = self.__filter_interface(facts.get('ansible_interfaces'), ['lo'])
+
+                cpu_describe = "%s %s" % (facts.get('ansible_processor')[0], facts.get('ansible_processor')[1]) if len(facts.get('ansible_processor')) >= 2 else ""
+
+                data['sn'] = facts.get('ansible_product_serial')
+                data['env'] = facts.get('ansible_env')
+                data['os'] = "%s %s(%s)" % (facts.get('ansible_distribution'),
+                                         facts.get('ansible_distribution_version'),
+                                         facts.get('ansible_distribution_release'))
+                data['mem'] = facts.get('ansible_memtotal_mb')
+                data['cpu'] = "%s %d核" % (cpu_describe, facts.get('ansible_processor_count'))
+                data['disk'] = self.__filter_disk(facts.get('ansible_devices'), ['sr'])
+                data['interface'] = self.__gather_interface(facts, interfaces)
+                return {"msg": None, "data": data}
+        else:
+            return {"msg": "there result isn't ansible setup module result! can't process this data format", "data": None}
+
+    @property
+    def deal_setup(self):
+        try:
+            return self.__deal_setup()
+        except Exception as e:
+            return {"msg": "deal with setup data failed, %s" % e.message, "data": None}
+
+    def __deal_ping(self):
+        """
+        处理ansible ping模块收集到的数据
+
+        :return: <dict> {"msg": <str>, "data": {"success": <bool>}}, 注意msg是异常信息, 有msg时 data为None
+        """
+        result = self._success_data
+        module_name = result['invocation'].get('module_name') if result.get('invocation') else None
+        if module_name is not None:
+            if module_name != "ping":
+                return {"msg": "the property only for ansible setup module result!, can't support other module", "data":None}
+            else:
+                ping = True if result.get('ping') == "pong" else False
+
+                return {"msg": None, "data": {"success": ping}}
+        else:
+            return {"msg": "there isn't module_name field! can't process this data format", "data": None}
+
+    @property
+    def deal_ping(self):
+        try:
+            return self.__deal_ping()
+        except Exception as e:
+            return {"msg": "deal with ping data failed, %s" % e.message, "data": None}
+
+
+
+
+
+
+
+
+
+

apps/ops/models/cron.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals, absolute_import
+
+from django.db import models
+from assets.models import Asset
+from django.utils.translation import ugettext_lazy as _
+
+
+class CronTable(models.Model):
+    name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Name'),
+                            help_text=_("Description of a crontab entry"))
+    month = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Month'),
+                             help_text=_("Month of the year the job should run ( 1-12, *, */2, etc )"))
+    weekday = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('WeekDay'),
+                               help_text=_("Day of the week that the job should run"
+                                           " ( 0-6 for Sunday-Saturday, *, etc )"))
+    day = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Day'),
+                           help_text=_("Day of the month the job should run ( 1-31, *, */2, etc )"))
+    hour = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Hour'),
+                            help_text=_("Hour when the job should run ( 0-23, *, */2, etc )"))
+    minute = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Minute'),
+                              help_text=_("Minute when the job should run ( 0-59, *, */2, etc )"))
+    job = models.CharField(max_length=4096, blank=True, null=True, verbose_name=_('Job'),
+                           help_text=_("The command to execute or, if env is set, the value of "
+                                       "environment variable. Required if state=present."))
+    user = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('User'),
+                            help_text=_("The specific user whose crontab should be modified."))
+    asset = models.ForeignKey(Asset, null=True, blank=True, related_name='crontables')
+
+    @property
+    def describe(self):
+        return "http://docs.ansible.com/ansible/cron_module.html"
\ No newline at end of file

apps/ops/models/sudo.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals, absolute_import
+
+from jinja2 import Template
+from django.db import models
+from assets.models import Asset
+from django.utils.translation import ugettext_lazy as _
+
+
+class HostAlia(models.Model):
+    name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Host_Alias'))
+    host_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
+
+    def __unicode__(self):
+        return self.name
+
+
+class UserAlia(models.Model):
+    name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('User_Alias'))
+    user_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
+
+    def __unicode__(self):
+        return self.name
+
+
+class CmdAlia(models.Model):
+    name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Command_Alias'))
+    cmd_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
+
+    def __unicode__(self):
+        return self.name
+
+
+class RunasAlia(models.Model):
+    name = models.CharField(max_length=128, blank=True, null=True, unique=True, verbose_name=_('Runas_Alias'))
+    runas_items = models.TextField(blank=True, null=True, verbose_name=_('Host_Items'))
+
+    def __unicode__(self):
+        return self.name
+
+
+class Privilege(models.Model):
+    user = models.ForeignKey(UserAlia, blank=True, null=True, related_name='privileges')
+    host = models.ForeignKey(HostAlia, blank=True, null=True, related_name='privileges')
+    runas = models.ForeignKey(RunasAlia, blank=True, null=True, related_name='privileges')
+    command = models.ForeignKey(CmdAlia, blank=True, null=True, related_name='privileges')
+    nopassword = models.BooleanField(default=True, verbose_name=_('Is_NoPassword'))
+
+    def __unicode__(self):
+        return "[%s %s %s %s %s]" % (self.user.name,
+                                     self.host.name,
+                                     self.runas.name,
+                                     self.command.name,
+                                     self.nopassword)
+
+    def to_tuple(self):
+        return self.user.name, self.host.name, self.runas.name, self.command.name, self.nopassword
+
+
+class Extra_conf(models.Model):
+    line = models.TextField(blank=True, null=True, verbose_name=_('Extra_Item'))
+
+    def __unicode__(self):
+        return self.line
+
+
+class Sudo(models.Model):
+    """
+    Sudo配置文件对象, 用于配置sudo的配置文件
+
+    :param extra_lines: <list> [<line1>, <line2>,...]
+    :param privileges: <list> [(user, host, runas, command, nopassword),]
+    """
+
+    asset = models.ForeignKey(Asset, null=True, blank=True, related_name='sudos')
+    extra_lines = models.ManyToManyField(Extra_conf, related_name='sudos', blank=True)
+    privilege_items = models.ManyToManyField(Privilege, related_name='sudos', blank=True)
+
+    @property
+    def users(self):
+        return {privilege.user.name: privilege.user.user_items.split(',') for privilege in self.privilege_items.all()}
+
+    @property
+    def commands(self):
+        return {privilege.command.name: privilege.command.cmd_items.split(',') for privilege in self.privilege_items.all()}
+
+    @property
+    def hosts(self):
+        return {privilege.host.name: privilege.host.host_items.split(',') for privilege in self.privilege_items.all()}
+
+    @property
+    def runas(self):
+        return {privilege.runas.name: privilege.runas.runas_items.split(',') for privilege in self.privilege_items.all()}
+
+    @property
+    def extras(self):
+        return [extra.line for extra in self.extra_lines.all()]
+
+    @property
+    def privileges(self):
+        return [privilege.to_tuple() for privilege in self.privilege_items.all()]
+
+    @property
+    def content(self):
+        template = Template(self.__sudoers_jinja2_tmp__)
+        context = {"User_Alias": self.users,
+                   "Cmnd_Alias": self.commands,
+                   "Host_Alias": self.hosts,
+                   "Runas_Alias": self.runas,
+                   "Extra_Lines": self.extras,
+                   "Privileges": self.privileges}
+        return template.render(context)
+
+    @property
+    def __sudoers_jinja2_tmp__(self):
+        return """# management by JumpServer
+# This file MUST be edited with the 'visudo' command as root.
+#
+# Please consider adding local content in /etc/sudoers.d/ instead of
+# directly modifying this file.
+#
+# See the man page for details on how to write a sudoers file.
+#
+Defaults        env_reset
+Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
+# JumpServer Generate Other Configure is here
+{% if Extra_Lines -%}
+{% for line in Extra_Lines -%}
+{{ line }}
+{% endfor %}
+{%- endif %}
+
+# Host alias specification
+{% if Host_Alias -%}
+{% for flag, items in Host_Alias.iteritems() -%}
+Host_Alias    {{ flag }} = {{ items|join(', ') }}
+{% endfor %}
+{%- endif %}
+
+# User alias specification
+{% if User_Alias -%}
+{% for flag, items in User_Alias.iteritems() -%}
+User_Alias    {{ flag }} = {{ items|join(', ') }}
+{% endfor %}
+{%- endif %}
+
+
+# Cmnd alias specification
+{% if Cmnd_Alias -%}
+{% for flag, items in Cmnd_Alias.iteritems() -%}
+Cmnd_Alias    {{ flag }} = {{ items|join(', ') }}
+{% endfor %}
+{%- endif %}
+
+# Run as alias specification
+{% if Runas_Alias -%}
+{% for flag, items in Runas_Alias.iteritems() -%}
+Runas_Alias    {{ flag }} = {{ items|join(', ') }}
+{% endfor %}
+{%- endif %}
+
+# User privilege specification
+root    ALL=(ALL:ALL) ALL
+
+# JumpServer Generate User privilege is here.
+# Note privileges is a tuple list like [(user, host, runas, command, nopassword),]
+{% if Privileges -%}
+{% for User_Flag, Host_Flag, Runas_Flag, Command_Flag, NopassWord in Privileges -%}
+{% if NopassWord -%}
+{{ User_Flag }} {{ Host_Flag }}=({{ Runas_Flag }}) NOPASSWD: {{ Command_Flag }}
+{%- else -%}
+{{ User_Flag }} {{ Host_Flag }}=({{ Runas_Flag }}) {{ Command_Flag }}
+{%- endif %}
+{% endfor %}
+{%- endif %}
+
+# Members of the admin group may gain root privileges
+%admin ALL=(ALL) ALL
+
+# Allow members of group sudo to execute any command
+%sudo   ALL=(ALL:ALL) ALL
+
+# See sudoers(5) for more information on "#include" directives:
+
+#includedir /etc/sudoers.d
+"""
\ No newline at end of file

apps/ops/run_tasks.py

-from .tasks import longtime_add
-import time
-
-result = longtime_add.delay(1,2)
-print 'Task finished? ', result.ready()
-print 'Task result: ', result.result
-time.sleep(10)
-print 'Task finished? ', result.ready()
-print 'Task result: ', result.result
\ No newline at end of file

apps/ops/tasks.py

-from __future__ import absolute_import
-import time
-
-from celery import shared_task
-from common import celery_app
-
-
-@shared_task
-def longtime_add(x, y):
-    print 'long time task begins'
-    # sleep 5 seconds
-    time.sleep(5)
-    print 'long time task finished'
-    return x + y
-
-
-@celery_app.task(name='hello-world')
-def hello():
-    print('hello world!')

apps/ops/tasks/_celery_tasks.py

+from __future__ import absolute_import, unicode_literals
+
+from celery import shared_task
+
+from common import celery_app
+from ops.utils.ansible_api import Config, ADHocRunner
+
+
+@shared_task(name="get_asset_hardware_info")
+def get_asset_hardware_info(task_name, task_uuid, *assets):
+    conf = Config()
+    play_source = {
+            "name": "Get host hardware information",
+            "hosts": "default",
+            "gather_facts": "no",
+            "tasks": [
+                dict(action=dict(module='setup'))
+            ]
+        }
+    hoc = ADHocRunner(conf, play_source, *assets)
+    ext_code, result = hoc.run(task_name, task_uuid)
+    return ext_code, result
+
+
+@shared_task(name="asset_test_ping_check")
+def asset_test_ping_check(task_name, task_uuid, *assets):
+    conf = Config()
+    play_source = {
+            "name": "Test host connection use ping",
+            "hosts": "default",
+            "gather_facts": "no",
+            "tasks": [
+                dict(action=dict(module='ping'))
+            ]
+        }
+    hoc = ADHocRunner(conf, play_source, *assets)
+    ext_code, result = hoc.run(task_name, task_uuid)
+    return ext_code, result
+
+
+@shared_task(name="add_user_to_assert")
+def add_user_to_asset():
+    pass
+
+
+@celery_app.task(name='hello-world')
+def hello():
+    print('hello world!')

apps/ops/tasks/taskers.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+
+from ops.tasks import _celery_tasks
+
+from ops.models import Tasker
+from uuid import uuid1
+from celery.result import AsyncResult
+
+
+def get_result(task_id):
+    result = AsyncResult(task_id)
+    if result.ready():
+        return {"Completed": True, "data": result.get()}
+    else:
+        return {"Completed": False, "data": None}
+
+
+def __get_result_by_tasker_id(tasker_uuid, deal_method):
+    tasker = Tasker.objects.get(uuid=tasker_uuid)
+    total = tasker.total_hosts
+    total_len = len(total)
+    host_results = []
+
+    # 存储数据
+    for play in tasker.plays.all():
+        for t in play.tasks.all():
+            task = {'name': t.name, 'uuid': t.uuid, 'percentage': 0, 'completed': {'success': {}, 'failed': {}}}
+            completed = []
+            count = 0
+            for h in t.host_results.all():
+                completed.append(h.name)
+                count += 1
+                if h.is_success:
+                    result = getattr(h, deal_method)
+                    if result.get('msg') is None:
+                        task['completed']['success'][h.name] = result.get('data')
+                    else:
+                        task['completed']['failed'][h.name] = result.get('msg')
+                else:
+                    task['completed']['failed'][h.name] = h.failed_msg
+
+            # 计算进度
+            task['percentage'] = float(count * 100 / total_len)
+            task['waited'] = list(set(total) - set(completed))
+
+            host_results.append(task)
+
+    return host_results
+
+
+def start_get_hardware_info(*assets):
+    name = "Get host hardware information"
+    uuid = "tasker-" + uuid1().hex
+    _celery_tasks.get_asset_hardware_info.delay(name, uuid, *assets)
+    return uuid
+
+
+def __get_hardware_info(tasker_uuid):
+    return __get_result_by_tasker_id(tasker_uuid, 'deal_setup')
+
+
+def get_hardware_info(tasker_uuid):
+    """
+
+    :param assets: 资产列表
+    :return: 返回数据结构样列
+        {u'data': [{u'completed': {
+                        u'failed': {u'192.168.232.135': u'Authentication failure.'},
+                        u'success': {u'192.168.1.119': {u'cpu': u'GenuineIntel Intel Xeon E312xx (Sandy Bridge) 6\u6838',
+                                                        u'disk': {<device_name>: <device_detail_dict>},
+                                                        u'env': {<env_name>: <env_value>},
+                                                        u'interface': {<interface_name>: <interface_detail_dict>},
+                                                        u'mem': 3951,
+                                                        u'os': u'Ubuntu 16.04(xenial)',
+                                                        u'sn': u'NA'}}},
+                   u'name': u'',
+                   u'percentage': 100.0,
+                   u'uuid': u'87cfedfe-ba55-44ff-bc43-e7e73b869ca1',
+                   u'waited': []}
+                  ],
+         u'msg': None}
+    """
+    try:
+        return {"msg": None, "data": __get_hardware_info(tasker_uuid)}
+    except Exception as e:
+        return {"msg": "query data failed!, %s" % e.message, "data": None}
+
+
+def start_ping_test(*assets):
+    name = "Test host connection"
+    uuid = "tasker-" + uuid1().hex
+    _celery_tasks.asset_test_ping_check.delay(name, uuid, *assets)
+    return uuid
+
+
+def __get_ping_test(tasker_uuid):
+    return __get_result_by_tasker_id(tasker_uuid, 'deal_ping')
+
+
+def get_ping_test(tasker_uuid):
+    """
+
+    :param assets: 资产列表
+    :return: 返回数据结构样列
+        {u'data': [{u'completed': {
+                        u'failed': {u'192.168.232.135': u'Authentication failure.'},
+                        u'success': {u'192.168.1.119': {u'success': True}}},
+                    u'name': u'',
+                    u'percentage': 100.0,
+                    u'uuid': u'3e6e0d3b-bee0-4383-b19e-bec6ba55d346',
+                    u'waited': []}
+                  ],
+         u'msg': None}
+    """
+    try:
+        return {"msg": None, "data": __get_ping_test(tasker_uuid)}
+    except Exception as e:
+        return {"msg": "query data failed!, %s" % e.message, "data": None}
+

apps/ops/templates/cron/_cron.html

+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap %}
+{% block custom_head_css_js %}
+    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
+    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+    <link href="{% static "css/plugins/datepicker/datepicker3.css" %}" rel="stylesheet">
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{% block user_template_title %}{% trans 'Create user' %}{% endblock %}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+                    <div class="ibox-content">
+                        <form method="post" class="form-horizontal" action="" enctype="multipart/form-data">
+                            {% csrf_token %}
+                            <h3>{% trans 'Account' %}</h3>
+                            {% block username %} {% endblock %}
+                            {{ form.email|bootstrap_horizontal }}
+                            {{ form.name|bootstrap_horizontal }}
+                            {{ form.groups|bootstrap_horizontal }}
+
+                            <div class="hr-line-dashed"></div>
+                            {% block password %} {% endblock %}
+
+                            <div class="hr-line-dashed"></div>
+                            <h3>{% trans 'Security and Role' %}</h3>
+                            {{ form.role|bootstrap_horizontal }}
+                            <div class="form-group {% if form.date_expired.errors %} has-error {% endif %}" id="date_5">
+                                <label for="{{ form.date_expired.id_for_label }}" class="col-sm-2 control-label">{{ form.date_expired.label }}</label>
+                                <div class="col-sm-9">
+                                    <div class="input-group date">
+                                        <span class="input-group-addon"><i class="fa fa-calendar"></i></span>
+                                        <input id="{{ form.date_expired.id_for_label }}" name="{{ form.date_expired.html_name }}" type="text" class="form-control" value="{{ form.date_expired.value|date:'Y-m-d' }}">
+                                    </div>
+                                    <span class="help-block ">{{ form.date_expired.errors }}</span>
+                                </div>
+                             </div>
+{#                            {{ form.date_expired|bootstrap_horizontal }}#}
+                            <div class="form-group">
+                                <label for="{{ form.enable_otp.id_for_label }}" class="col-sm-2 control-label">{% trans 'Enable OTP' %}</label>
+                                <div class="col-sm-8">
+                                    {{ form.enable_otp }}
+                                </div>
+                            </div>
+                            <div class="hr-line-dashed"></div>
+                            <h3>{% trans 'Profile' %}</h3>
+                            {{ form.phone|bootstrap_horizontal }}
+                            {{ form.wechat|bootstrap_horizontal }}
+                            {{ form.comment|bootstrap_horizontal }}
+                            <div class="hr-line-dashed"></div>
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+    <script src="{% static 'js/plugins/datapicker/bootstrap-datepicker.js' %}"></script>
+    <script>
+        $(document).ready(function () {
+            $('.select2').select2();
+
+            $('.input-group.date').datepicker({
+                format: "yyyy-mm-dd",
+                todayBtn: "linked",
+                keyboardNavigation: false,
+                forceParse: false,
+                calendarWeeks: true,
+                autoclose: true
+            });
+        })
+    </script>
+{% endblock %}

apps/ops/templates/cron/create.html

+{% extends 'cron/_cron.html' %}
+{% load i18n %}
+{% load bootstrap %}
+{% block user_template_title %}{% trans "Create user" %}{% endblock %}
+{% block username %}
+    {{ form.username|bootstrap_horizontal }}
+{% endblock %}
+{% block password %}
+    <h3>{% trans 'Password' %}</h3>
+    <div class="form-group">
+        <label class="col-sm-2 control-label">{% trans 'Password' %}</label>
+        <div class="col-sm-8 controls" >
+            {% trans 'Reset link will be generated and sent to the user. ' %}
+        </div>
+    </div>
+{% endblock %}
\ No newline at end of file

apps/ops/templates/cron/list.html

+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block custom_head_css_js %}
+{{ block.super }}
+<style>
+div.dataTables_wrapper div.dataTables_filter,
+.dataTables_length {
+    float: right !important;
+}
+
+div.dataTables_wrapper div.dataTables_filter {
+  margin-left: 15px;
+}
+</style>
+{% endblock %}
+{% block table_search %}{% endblock %}
+{% block table_container %}
+<div class="uc pull-left"><a href="javascript:void(0);" class="btn btn-sm btn-primary" data-toggle="modal" data-target="#user_import_modal"> {% trans "Import user" %} </a></div>
+<div class="uc pull-left m-l-5 m-r-5"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
+<table class="table table-striped table-bordered table-hover " id="user_list_table" >
+    <thead>
+        <tr>
+            <th class="text-center">
+                <div class="checkbox checkbox-default"><input id="" type="checkbox" class="ipt_check_all"><label></label></div>
+            </th>
+            <th class="text-center">{% trans 'Name' %}</a></th>
+            <th class="text-center">{% trans 'Username' %}</a></th>
+            <th class="text-center">{% trans 'Role' %}</th>
+            <th class="text-center">{% trans 'User group' %}</th>
+            <th class="text-center">{% trans 'Asset num' %}</th>
+            <th class="text-center">{% trans 'Active' %}</a></th>
+            <th class="text-center">{% trans 'Action' %}</th>
+        </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+<div id="actions" class="hide">
+    <div class="input-group">
+        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+            <option value="delete">{% trans 'Delete selected' %}</option>
+            <option value="update">{% trans 'Update selected' %}</option>
+            <option value="deactive">{% trans 'Deactive selected' %}</option>
+        </select>
+        <div class="input-group-btn pull-left" style="padding-left: 5px;">
+            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+             {% trans 'Submit' %}
+            </button>
+        </div>
+    </div>
+</div>
+{% include "users/_user_bulk_update_modal.html" %}
+{% include "users/_user_import_modal.html" %}
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script src="{% static 'js/jquery.form.min.js' %}"></script>
+<script>
+$(document).ready(function(){
+    var options = {
+        ele: $('#user_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "users:user-detail" pk=99991937 %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('99991937', rowData.id));
+             }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var innerHtml = cellData.length > 8 ? cellData.substring(0, 8) + '...': cellData;
+                $(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
+             }},
+            {targets: 6, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+             }},
+            {targets: 7, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "users:user-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_user_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
+                if (rowData.id === 1) {
+                    $(td).html(update_btn)
+                } else {
+                    $(td).html(update_btn + del_btn)
+                }
+             }}],
+        ajax_url: '{% url "users:user-bulk-update-api" %}',
+        columns: [{data: function(){return ""}}, {data: "username" }, {data: "name" }, {data: "get_role_display" }, {data: "group_display" },
+                  {data: function(){return 999}}, {data: "active_display" }, {data: "id" }],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}).on('click', '#btn_bulk_update', function(){
+    var action = $('#slct_bulk_update').val();
+    var $data_table = $('#user_list_table').DataTable()
+    var id_list = [];
+    var plain_id_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        id_list.push({id: this.data().id});
+        plain_id_list.push(this.data().id);
+    });
+    if (id_list === []) {
+        return false;
+    };
+    var the_url = "{% url 'users:user-bulk-update-api' %}";
+    function doDeactive() {
+        var body = $.each(id_list, function(index, user_object) {
+            user_object['is_active'] = false;
+        });
+        APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(body)});
+        $data_table.ajax.reload();
+        jumpserver.checked = false;
+    }
+    function doDelete() {
+        swal({
+            title: "{% trans 'Are you sure?' %}",
+            text: "{% trans 'This will delete the selected users !!!' %}",
+            type: "warning",
+            showCancelButton: true,
+            confirmButtonColor: "#DD6B55",
+            confirmButtonText: "{% trans 'Confirm' %}",
+            closeOnConfirm: false
+        }, function() {
+            var success = function() {
+                var msg = "{% trans 'User Deleted.' %}";
+                swal("{% trans 'User Delete' %}", msg, "success");
+                $('#user_list_table').DataTable().ajax.reload();
+            };
+            var fail = function() {
+                var msg = "{% trans 'User Deleting failed.' %}";
+                swal("{% trans 'User Delete' %}", msg, "error");
+            };
+            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
+            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
+            jumpserver.checked = false;
+        });
+    }
+    function doUpdate() {
+        $('#user_bulk_update_modal').modal('show');
+    }
+    switch(action) {
+        case 'deactive':
+            doDeactive();
+            break;
+        case 'delete':
+            doDelete();
+            break;
+        case 'update':
+            doUpdate();
+            break;
+        default:
+            break;
+    }
+}).on('click', '.btn_user_delete', function(){
+    var $this = $(this);
+    function doDelete() {
+        var uid = $this.data('uid');
+        var the_url = '{% url "users:user-patch-api" pk=99991937 %}'.replace('99991937', uid);
+        var body = {};
+        var success = function() {
+            var msg = "{% trans 'User Deleted.' %}";
+            swal("{% trans 'User Delete' %}", msg, "success");
+            $('#user_list_table').DataTable().ajax.reload();
+        };
+        var fail = function() {
+            var msg = "{% trans 'User Deleting failed.' %}";
+            swal("{% trans 'User Delete' %}", msg, "error");
+        }
+        APIUpdateAttr({
+            url: the_url,
+            body: JSON.stringify(body),
+            method: 'DELETE',
+            success: success,
+            error: fail
+        });
+    }
+    swal({
+        title: "{% trans 'Are you sure?' %}",
+        text: "{% trans 'This will delete the selected user.' %}",
+        type: "warning",
+        showCancelButton: true,
+        confirmButtonColor: "#DD6B55",
+        confirmButtonText: "{% trans 'Confirm' %}",
+        closeOnConfirm: false
+    }, function() {
+        doDelete();
+    });
+}).on('click', '#btn_user_bulk_update', function(){
+    var json_data = $('#fm_user_bulk_update').serializeObject();
+    var body = {};
+    body.enable_otp = (json_data.enable_otp === 'on')? true: false;
+    if (json_data.role != '') {
+        body.role = json_data.role;
+    }
+    if (json_data.groups != undefined) {
+        body.groups = json_data.groups;
+    }
+    if (typeof body.groups === 'string') {
+        body.groups = [parseInt(body.groups)]
+    } else if(typeof body.groups === 'array') {
+        new_groups = body.groups.map(Number);
+        body.groups = new_groups;
+    }
+    var $data_table = $('#user_list_table').DataTable()
+    var post_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        var content = Object.assign({id: this.data().id}, body);
+        post_list.push(content);
+    });
+    if (post_list === []) {
+        return false;
+    };
+    var the_url = "{% url 'users:user-bulk-update-api' %}";
+    var success = function() {
+        var msg = "{% trans 'The selected users has been updated successfully.' %}";
+        swal("{% trans 'User Updated' %}", msg, "success");
+        $('#user_list_table').DataTable().ajax.reload();
+        jumpserver.checked = false;
+    }
+    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});
+    $('#user_bulk_update_modal').modal('hide');
+}).on('click', '#btn_user_import', function() {
+    var $form = $('#fm_user_import');
+    $form.find('.help-block').remove();
+    function success (data) {
+        if (data.success === false) {
+            var $help = $form.find('.help-block');
+            $('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_excel'));
+        } else {
+            $('#user_import_modal').modal('hide');
+            var $data_table = $('#user_list_table').DataTable();
+            toastr.success("{% trans 'Import User Success.' %}")
+            $data_table.ajax.reload();
+        }
+    }
+    $form.ajaxSubmit({success: success});
+}).on('change', '#id_excel', function() {
+    $(this).siblings('.help-block').remove();
+})
+</script>
+{% endblock %}
+

apps/ops/templates/cron/update.html

+{% extends 'cron/_cron.html' %}
+{% load i18n %}
+{% block user_template_title %}{% trans "Update user" %}{% endblock %}
+{% block username %}
+    <div class="form-group">
+        <label for="{{ form.username.id_for_label }}" class="col-sm-2 control-label">{% trans 'Username' %}</label>
+        <div class="col-sm-9 controls" >
+            <input id="{{ form.username.id_for_label }}" name="{{ form.username.html_name }}" type="text" value="{{ user_object.username }}" readonly class="form-control">
+        </div>
+    </div>
+{% endblock %}
+{% block password %}
+    <h3>{% trans 'Password' %}</h3>
+    <div class="form-group">
+        <label for="password" class="col-sm-2 control-label">{% trans 'Password' %}</label>
+        <div class="col-sm-9 controls" >
+            <input id="password" name="password" type="password" class="form-control">
+        </div>
+    </div>
+{% endblock %}

apps/ops/templates/sudo/_sudo.html

+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap %}
+{% block custom_head_css_js %}
+    <link href="{% static "css/plugins/select2/select2.min.css" %}" rel="stylesheet">
+    <script src="{% static "js/plugins/select2/select2.full.min.js" %}"></script>
+    <link href="{% static "css/plugins/datepicker/datepicker3.css" %}" rel="stylesheet">
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{% block user_template_title %}{% trans 'Create user' %}{% endblock %}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+                    <div class="ibox-content">
+                        <form method="post" class="form-horizontal" action="" enctype="multipart/form-data">
+                            {% csrf_token %}
+                            <h3>{% trans 'Account' %}</h3>
+                            {% block username %} {% endblock %}
+                            {{ form.email|bootstrap_horizontal }}
+                            {{ form.name|bootstrap_horizontal }}
+                            {{ form.groups|bootstrap_horizontal }}
+
+                            <div class="hr-line-dashed"></div>
+                            {% block password %} {% endblock %}
+
+                            <div class="hr-line-dashed"></div>
+                            <h3>{% trans 'Security and Role' %}</h3>
+                            {{ form.role|bootstrap_horizontal }}
+                            <div class="form-group {% if form.date_expired.errors %} has-error {% endif %}" id="date_5">
+                                <label for="{{ form.date_expired.id_for_label }}" class="col-sm-2 control-label">{{ form.date_expired.label }}</label>
+                                <div class="col-sm-9">
+                                    <div class="input-group date">
+                                        <span class="input-group-addon"><i class="fa fa-calendar"></i></span>
+                                        <input id="{{ form.date_expired.id_for_label }}" name="{{ form.date_expired.html_name }}" type="text" class="form-control" value="{{ form.date_expired.value|date:'Y-m-d' }}">
+                                    </div>
+                                    <span class="help-block ">{{ form.date_expired.errors }}</span>
+                                </div>
+                             </div>
+{#                            {{ form.date_expired|bootstrap_horizontal }}#}
+                            <div class="form-group">
+                                <label for="{{ form.enable_otp.id_for_label }}" class="col-sm-2 control-label">{% trans 'Enable OTP' %}</label>
+                                <div class="col-sm-8">
+                                    {{ form.enable_otp }}
+                                </div>
+                            </div>
+                            <div class="hr-line-dashed"></div>
+                            <h3>{% trans 'Profile' %}</h3>
+                            {{ form.phone|bootstrap_horizontal }}
+                            {{ form.wechat|bootstrap_horizontal }}
+                            {{ form.comment|bootstrap_horizontal }}
+                            <div class="hr-line-dashed"></div>
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+    <script src="{% static 'js/plugins/datapicker/bootstrap-datepicker.js' %}"></script>
+    <script>
+        $(document).ready(function () {
+            $('.select2').select2();
+
+            $('.input-group.date').datepicker({
+                format: "yyyy-mm-dd",
+                todayBtn: "linked",
+                keyboardNavigation: false,
+                forceParse: false,
+                calendarWeeks: true,
+                autoclose: true
+            });
+        })
+    </script>
+{% endblock %}

apps/ops/templates/sudo/create.html

+{% extends 'sudo/_sudo.html' %}
+{% load i18n %}
+{% load bootstrap %}
+{% block user_template_title %}{% trans "Create user" %}{% endblock %}
+{% block username %}
+    {{ form.username|bootstrap_horizontal }}
+{% endblock %}
+{% block password %}
+    <h3>{% trans 'Password' %}</h3>
+    <div class="form-group">
+        <label class="col-sm-2 control-label">{% trans 'Password' %}</label>
+        <div class="col-sm-8 controls" >
+            {% trans 'Reset link will be generated and sent to the user. ' %}
+        </div>
+    </div>
+{% endblock %}
\ No newline at end of file

apps/ops/templates/sudo/list.html

+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block custom_head_css_js %}
+{{ block.super }}
+<style>
+div.dataTables_wrapper div.dataTables_filter,
+.dataTables_length {
+    float: right !important;
+}
+
+div.dataTables_wrapper div.dataTables_filter {
+  margin-left: 15px;
+}
+</style>
+{% endblock %}
+{% block table_search %}{% endblock %}
+{% block table_container %}
+<div class="uc pull-left"><a href="javascript:void(0);" class="btn btn-sm btn-primary" data-toggle="modal" data-target="#user_import_modal"> {% trans "Import user" %} </a></div>
+<div class="uc pull-left m-l-5 m-r-5"><a href="{% url "users:user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create user" %} </a></div>
+<table class="table table-striped table-bordered table-hover " id="user_list_table" >
+    <thead>
+        <tr>
+            <th class="text-center">
+                <div class="checkbox checkbox-default"><input id="" type="checkbox" class="ipt_check_all"><label></label></div>
+            </th>
+            <th class="text-center">{% trans 'Name' %}</a></th>
+            <th class="text-center">{% trans 'Username' %}</a></th>
+            <th class="text-center">{% trans 'Role' %}</th>
+            <th class="text-center">{% trans 'User group' %}</th>
+            <th class="text-center">{% trans 'Asset num' %}</th>
+            <th class="text-center">{% trans 'Active' %}</a></th>
+            <th class="text-center">{% trans 'Action' %}</th>
+        </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+<div id="actions" class="hide">
+    <div class="input-group">
+        <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+            <option value="delete">{% trans 'Delete selected' %}</option>
+            <option value="update">{% trans 'Update selected' %}</option>
+            <option value="deactive">{% trans 'Deactive selected' %}</option>
+        </select>
+        <div class="input-group-btn pull-left" style="padding-left: 5px;">
+            <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+             {% trans 'Submit' %}
+            </button>
+        </div>
+    </div>
+</div>
+{% include "users/_user_bulk_update_modal.html" %}
+{% include "users/_user_import_modal.html" %}
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script src="{% static 'js/jquery.form.min.js' %}"></script>
+<script>
+$(document).ready(function(){
+    var options = {
+        ele: $('#user_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "users:user-detail" pk=99991937 %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('99991937', rowData.id));
+             }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var innerHtml = cellData.length > 8 ? cellData.substring(0, 8) + '...': cellData;
+                $(td).html('<a href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</a>');
+             }},
+            {targets: 6, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+             }},
+            {targets: 7, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "users:user-update" pk=99991937 %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('99991937', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_user_delete" data-uid="99991937">{% trans "Delete" %}</a>'.replace('99991937', cellData);
+                if (rowData.id === 1) {
+                    $(td).html(update_btn)
+                } else {
+                    $(td).html(update_btn + del_btn)
+                }
+             }}],
+        ajax_url: '{% url "users:user-bulk-update-api" %}',
+        columns: [{data: function(){return ""}}, {data: "username" }, {data: "name" }, {data: "get_role_display" }, {data: "group_display" },
+                  {data: function(){return 999}}, {data: "active_display" }, {data: "id" }],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}).on('click', '#btn_bulk_update', function(){
+    var action = $('#slct_bulk_update').val();
+    var $data_table = $('#user_list_table').DataTable()
+    var id_list = [];
+    var plain_id_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        id_list.push({id: this.data().id});
+        plain_id_list.push(this.data().id);
+    });
+    if (id_list === []) {
+        return false;
+    };
+    var the_url = "{% url 'users:user-bulk-update-api' %}";
+    function doDeactive() {
+        var body = $.each(id_list, function(index, user_object) {
+            user_object['is_active'] = false;
+        });
+        APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(body)});
+        $data_table.ajax.reload();
+        jumpserver.checked = false;
+    }
+    function doDelete() {
+        swal({
+            title: "{% trans 'Are you sure?' %}",
+            text: "{% trans 'This will delete the selected users !!!' %}",
+            type: "warning",
+            showCancelButton: true,
+            confirmButtonColor: "#DD6B55",
+            confirmButtonText: "{% trans 'Confirm' %}",
+            closeOnConfirm: false
+        }, function() {
+            var success = function() {
+                var msg = "{% trans 'User Deleted.' %}";
+                swal("{% trans 'User Delete' %}", msg, "success");
+                $('#user_list_table').DataTable().ajax.reload();
+            };
+            var fail = function() {
+                var msg = "{% trans 'User Deleting failed.' %}";
+                swal("{% trans 'User Delete' %}", msg, "error");
+            };
+            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
+            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
+            jumpserver.checked = false;
+        });
+    }
+    function doUpdate() {
+        $('#user_bulk_update_modal').modal('show');
+    }
+    switch(action) {
+        case 'deactive':
+            doDeactive();
+            break;
+        case 'delete':
+            doDelete();
+            break;
+        case 'update':
+            doUpdate();
+            break;
+        default:
+            break;
+    }
+}).on('click', '.btn_user_delete', function(){
+    var $this = $(this);
+    function doDelete() {
+        var uid = $this.data('uid');
+        var the_url = '{% url "users:user-patch-api" pk=99991937 %}'.replace('99991937', uid);
+        var body = {};
+        var success = function() {
+            var msg = "{% trans 'User Deleted.' %}";
+            swal("{% trans 'User Delete' %}", msg, "success");
+            $('#user_list_table').DataTable().ajax.reload();
+        };
+        var fail = function() {
+            var msg = "{% trans 'User Deleting failed.' %}";
+            swal("{% trans 'User Delete' %}", msg, "error");
+        }
+        APIUpdateAttr({
+            url: the_url,
+            body: JSON.stringify(body),
+            method: 'DELETE',
+            success: success,
+            error: fail
+        });
+    }
+    swal({
+        title: "{% trans 'Are you sure?' %}",
+        text: "{% trans 'This will delete the selected user.' %}",
+        type: "warning",
+        showCancelButton: true,
+        confirmButtonColor: "#DD6B55",
+        confirmButtonText: "{% trans 'Confirm' %}",
+        closeOnConfirm: false
+    }, function() {
+        doDelete();
+    });
+}).on('click', '#btn_user_bulk_update', function(){
+    var json_data = $('#fm_user_bulk_update').serializeObject();
+    var body = {};
+    body.enable_otp = (json_data.enable_otp === 'on')? true: false;
+    if (json_data.role != '') {
+        body.role = json_data.role;
+    }
+    if (json_data.groups != undefined) {
+        body.groups = json_data.groups;
+    }
+    if (typeof body.groups === 'string') {
+        body.groups = [parseInt(body.groups)]
+    } else if(typeof body.groups === 'array') {
+        new_groups = body.groups.map(Number);
+        body.groups = new_groups;
+    }
+    var $data_table = $('#user_list_table').DataTable()
+    var post_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        var content = Object.assign({id: this.data().id}, body);
+        post_list.push(content);
+    });
+    if (post_list === []) {
+        return false;
+    };
+    var the_url = "{% url 'users:user-bulk-update-api' %}";
+    var success = function() {
+        var msg = "{% trans 'The selected users has been updated successfully.' %}";
+        swal("{% trans 'User Updated' %}", msg, "success");
+        $('#user_list_table').DataTable().ajax.reload();
+        jumpserver.checked = false;
+    }
+    APIUpdateAttr({url: the_url, method: 'PATCH', body: JSON.stringify(post_list), success: success});
+    $('#user_bulk_update_modal').modal('hide');
+}).on('click', '#btn_user_import', function() {
+    var $form = $('#fm_user_import');
+    $form.find('.help-block').remove();
+    function success (data) {
+        if (data.success === false) {
+            var $help = $form.find('.help-block');
+            $('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_excel'));
+        } else {
+            $('#user_import_modal').modal('hide');
+            var $data_table = $('#user_list_table').DataTable();
+            toastr.success("{% trans 'Import User Success.' %}")
+            $data_table.ajax.reload();
+        }
+    }
+    $form.ajaxSubmit({success: success});
+}).on('change', '#id_excel', function() {
+    $(this).siblings('.help-block').remove();
+})
+</script>
+{% endblock %}
+

apps/ops/templates/sudo/update.html

+{% extends 'sudo/_sudo.html' %}
+{% load i18n %}
+{% block user_template_title %}{% trans "Update user" %}{% endblock %}
+{% block username %}
+    <div class="form-group">
+        <label for="{{ form.username.id_for_label }}" class="col-sm-2 control-label">{% trans 'Username' %}</label>
+        <div class="col-sm-9 controls" >
+            <input id="{{ form.username.id_for_label }}" name="{{ form.username.html_name }}" type="text" value="{{ user_object.username }}" readonly class="form-control">
+        </div>
+    </div>
+{% endblock %}
+{% block password %}
+    <h3>{% trans 'Password' %}</h3>
+    <div class="form-group">
+        <label for="password" class="col-sm-2 control-label">{% trans 'Password' %}</label>
+        <div class="col-sm-9 controls" >
+            <input id="password" name="password" type="password" class="form-control">
+        </div>
+    </div>
+{% endblock %}

apps/ops/urls.py

+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+
+from rest_framework.routers import DefaultRouter
+from django.conf.urls import url, include
+
+
+from api import views as api_view
+import views as page_view
+
+
+app_name = 'ops'
+
+router = DefaultRouter()
+router.register(r'host_alia',  api_view.HostAliaViewSet)
+router.register(r'user_alia',  api_view.UserAliaViewSet)
+router.register(r'cmd_alia',   api_view.CmdAliaViewSet)
+router.register(r'runas_alia', api_view.RunasAliaViewSet)
+router.register(r'extra_conf', api_view.ExtraconfViewSet)
+router.register(r'privilege',  api_view.PrivilegeViewSet)
+router.register(r'sudo',       api_view.SudoViewSet)
+router.register(r'cron',       api_view.CronTableViewSet)
+
+urlpatterns = [
+    # Resource Sudo url
+    url(r'^sudo/list$',   page_view.SudoListView.as_view(),   name='page-sudo-list'),
+    url(r'^sudo/create$', page_view.SudoCreateView.as_view(), name='page-sudo-create'),
+    url(r'^sudo/detail$', page_view.SudoDetailView.as_view(), name='page-sudo-detail'),
+    url(r'^sudo/update$', page_view.SudoUpdateView.as_view(), name='page-sudo-update'),
+
+    # Resource Cron url
+    url(r'^cron/list$',   page_view.CronListView.as_view(),   name='page-cron-list'),
+    url(r'^cron/create$', page_view.CronCreateView.as_view(), name='page-cron-create'),
+    url(r'^cron/detail$', page_view.CronDetailView.as_view(), name='page-cron-detail'),
+    url(r'^cron/update$', page_view.CronUpdateView.as_view(), name='page-cron-update'),
+]
+
+urlpatterns += [
+    url(r'^v1/sudo', include(router.urls)),
+]
+
+

apps/ops/utils.py

-# ~*~ coding: utf-8 ~*~
-#

apps/ops/utils/mixins.py

+# ~*~ coding: utf-8 ~*~
+
+
+class CreateSudoPrivilegesMixin(object):
+
+    def create_privilege(self):
+        pass
+
+
+class ListSudoPrivilegesMixin(object):
+
+    def get_all_privilege(self):
+        pass
\ No newline at end of file

apps/ops/views.py

-from django.shortcuts import render
+# ~*~ coding: utf-8 ~*~
+from __future__ import unicode_literals
+
+from django.conf import settings
+from django.views.generic.list import ListView, MultipleObjectMixin
+from django.views.generic.edit import CreateView, DeleteView, UpdateView
+from django.views.generic.detail import DetailView, SingleObjectMixin
+
+from users.utils import AdminUserRequiredMixin
+from .utils.mixins import CreateSudoPrivilegesMixin, ListSudoPrivilegesMixin
+from models import *
+
+
+class SudoListView(AdminUserRequiredMixin, ListSudoPrivilegesMixin, ListView):
+    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
+    model = Sudo
+    context_object_name = 'sudos'
+    template_name = 'sudo/list.html'
+
+
+class SudoCreateView(AdminUserRequiredMixin, CreateSudoPrivilegesMixin, CreateView):
+    model = Sudo
+    template_name = 'sudo/create.html'
+
+
+class SudoUpdateView(AdminUserRequiredMixin, UpdateView):
+    model = Sudo
+    template_name = 'sudo/update.html'
+
+
+class SudoDetailView(DetailView):
+    model = Sudo
+    context_object_name = 'sudo'
+    template_name = 'sudo/detail.html'
+
+
+class CronListView(AdminUserRequiredMixin, ListSudoPrivilegesMixin, ListView):
+    paginate_by = settings.CONFIG.DISPLAY_PER_PAGE
+    model = CronTable
+    context_object_name = 'crons'
+    template_name = 'sudo/list.html'
+
+
+class CronCreateView(AdminUserRequiredMixin, CreateSudoPrivilegesMixin, CreateView):
+    model = CronTable
+    template_name = 'cron/create.html'
+
+
+class CronUpdateView(AdminUserRequiredMixin, UpdateView):
+    model = CronTable
+    template_name = 'cron/update.html'
+
+
+class CronDetailView(DetailView):
+    model = CronTable
+    context_object_name = 'sudo'
+    template_name = 'cron/detail.html'
 
-# Create your views here.

apps/templates/_nav.html

@@ -34,9 +34,25 @@
         </li>
     </ul>
 </li>
+
 <li id="terminal">
     <a href="{% url 'terminal:terminal-list' %}">
         <i class="fa fa-desktop"></i><span class="nav-label">{% trans 'Terminal' %}</span><span class="label label-info pull-right"></span>
+
+
+<li id="ops">
+    <a>
+        <i class="fa fa-inbox"></i> <span class="nav-label">{% trans 'Job Center' %}</span><span class="fa arrow"></span>
+    </a>
+    <ul class="nav nav-second-level">
+        <li id="sudo"><a href="{% url 'ops:page-sudo-list' %}">{% trans 'Sudo' %}</a></li>
+        <li id="cron"><a href="{% url 'ops:page-cron-list' %}">{% trans 'Cron' %}</a></li>
+    </ul>
+</li>
+
+<li id="">
+    <a href="">
+        <i class="fa fa-files-o"></i><span class="nav-label">{% trans 'Audits' %}</span><span class="label label-info pull-right"></span>
     </a>
 </li>
 <li id="audits">

requirements.txt

@@ -6,7 +6,7 @@ djangorestframework==3.4.5
 ForgeryPy==0.1
 openpyxl==2.4.0
 celery==3.1.23
-ansible==2.1.1.0
+ansible==2.1.2.0
 django-simple-captcha==0.5.2
 django-formtools==1.0
 sshpubkeys==2.2.0
@@ -14,4 +14,7 @@ djangorestframework-bulk==0.2.1
 paramiko==2.0.2
 django-redis-cache==1.7.1
 requests==2.11.1
-itsdangerous==0.24
\ No newline at end of file
+itsdangerous==0.24
+python-gssapi==0.6.4
+tornado==4.4.2
+eventlet==0.19.0

run_server.py

@@ -30,7 +30,7 @@ def start_celery():
     os.chdir(apps_dir)
     os.environ.setdefault('C_FORCE_ROOT', '1')
     print('start celery')
-    subprocess.call('celery -A common worker -B -s /tmp/celerybeat-schedule -l info ', shell=True)
+    subprocess.call('celery -A common worker -P eventlet -B -s /tmp/celerybeat-schedule -l info ', shell=True)
 
 
 def main():