CMDB Project Management

Operation and maintenance Automation project
Reduce human intervention and reduce personnel costs
-Asset Management
-Operation Management

CMDB
-Operational Automation Fundamentals
-Asset Management, automated collection, API interface, visual management

Loading system, Server environment, bitstream upload Code, real-time monitoring server

First, the method of collecting assets
1.CMDB Asset Acquisition Method agent
-Local Execution Command v=subprocess.getoutput (' ipconfig ')
-Get critical information
-Data entry into the database
-Cannot directly connect to database, because of security, write Django program, submit data through a URL to the views function, and then submit to the database (Api,requests.post)

Pros: Quick
Not good: there are agents

# Acquisition Data import subprocessimport Requestsresult = subprocess.getoutput (' ipconfig ') # result regular expression processing # organizing Asset information data_dict = {' Nic ': {}, ' disk ': {}, ' mem ': {},}# send data requests.post (' http://www.127.0.0.1:8000/assets.html ', data=data_dict)

　　

2.CMDB Asset Acquisition Method SSH

There's a machine in the middle that collects assets and can't subprocess.
Python has a module Paramiko, host name + password + command to execute commands on the machine, get the results back to the intermediate machine, then to the API, then to the database

Pros: no agent
Disadvantage: Paramiko Slow (ansible,fabric)

Code:
Import requests
Import Paramiko
# get the host name not captured today
Requests.get (' http://www.127.0.0.1:8000/assets.html ')
result = [' c1.com ', ' c2.com ']
# ################## connect remote server via Paramiko, execute command ##################
# Create an SSH object
SSH = Paramiko. Sshclient ()
# Allow connections to hosts that are not in the Know_hosts file
Ssh.set_missing_host_key_policy (Paramiko. Autoaddpolicy ())
# Connection Server
Ssh.connect (hostname= ' 192.168.14.36 ', port=22, username= ' Wupeiqi ', password= ' 123 ')

# Execute Command
# stdin, stdout, stderr = Ssh.exec_command (' ipconfig ')
# Stdin.write (") # for writing letters
# Get command results
# result = Stdout.read ()
# Close Connection
# Ssh.close ()
# Print (Result)

# data_dict = {result}
# ################## Send Data ##################
# requests.post (' http://www.127.0.0.1:8000/assets.html ', data=data_dict)

Code: Import Requestsimport paramiko# get today does not capture host name Requests.get (' http://www.127.0.0.1:8000/assets.html ') result = [' c1.com ', ' c2.com ']# ################## connect remote server via Paramiko, execute command ################### create ssh object ssh = Paramiko. Sshclient () # allows connections to host Ssh.set_missing_host_key_policy (Paramiko) that are not in the Know_hosts file. Autoaddpolicy ()) # Connection Server Ssh.connect (hostname= ' 192.168.14.36 ', port=22, username= ' Wupeiqi ', password= ' 123 ') # Execute command # stdin, stdout, stderr = Ssh.exec_command (' ipconfig ') # stdin.write (') # for writing messages # get command Result # = Stdout.read () # Close Connection # SSH.C Lose () # print (result) # data_dict = {result}# ################## send data ################### requests.post ('/HTTP/ Www.127.0.0.1:8000/assets.html ', data=data_dict)

　　

The Saltstack of 3.CMDB Asset collection method (most fire)

The basic process, there is also the intermediate acquisition of the assets of the machine

But unlike relying on third-party tools, it is faster to send execution commands remotely (salt.cmd (' c1.com ', ' ipconfig '))
The difference from SSH: it is not a hard connection to maintain a queue. Salt-master sends the command to the queue, Salt-slave gets its own command, and puts the result in another queue
Master is taken from this queue. RPC form, no wait.
Pros: Fast, no deployment agent development
Cons: Relying on third parties

Code: # ################## get not collected Today host name ################## #result = Requests.get (' http://www.127.0.0.1:8000/assets.html ' # result = [' c1.com ', ' c2.com ']# ################## remote server executes command ################### import subprocess# result = subprocess. GetOutput ("Salt ' c1.com ' cmd.run ' Ifconfig '") # Local execution command, local via SALTSTACK to remotely fetch Data # # import salt.client# local = Salt.client.LocalClient () # result = Local.cmd (' c2.salt.com ', ' cmd.run ', [' ifconfig ']) # ################## send data ####### ############ requests.post (' http://www.127.0.0.1:8000/assets.html ', data=data_dict)

　　

The puppet of 4.CMDB Asset collection method (older)

Puppet is similar to Saltstack, passively accepts Slava results

Puppet has a reporting function, slave actively connect to master every time, execute custom commands, this script has to be written in Ruby

Advantages: Automatic reporting
Cons: Ruby

Summary: Write the configuration file, compatible with the first three ways, depending on the circumstances of the choice. You can collect it once a day.
-First, the agent executes the script regularly, reports to the API (provides data, collects data for unified management)
-the second, Paramiko from the API which machine has not reported, remote execution command, FETCH data
-third, rely on Saltstack, Queue RPC form,
-fourth, know, connect master every time, execute factor command script, report results


Second, Saltstack run

1. Install saltstackrpm--import Https://repo.saltstack.com/yum/redhat/6/x86_64/latest/SALTSTACK-GPG-KEY.pubMaster:yum Install Salt-mastermaster Preparation: A. Configuration file, listening on native ipvim/etc/salt/masterinterface: native IP address B. Start Master/etc/init.d/salt-master Startslave:yum Install Salt-minionslave prepare: A. Config file, connect that mastervim/etc/salt/minionmaster: remote Master address B. Start Slave/etc/init.d/salt-minion Start2. Create a Relationship view master:salt-key-laccepted keys:denied keys:unaccepted Keys:c1.comc2.comc3.comRejected Keys: Accept Master:salt-key -A c1.comaccepted Keys:c1.comc2.comDenied keys:unaccepted Keys:c3.comRejected keys:3. Execute command master:salt ' c1.com ' cmd.run ' ifconfig ' python execute import salt.clientlocal = salt.client.LocalClient () result = Local.cmd (' c2.salt.com ', ' cmd.run ', [' ifconfig '])

　　

Third, the asset collection plug-in

Python Program directory structure:
-Bin: Executable file directory
-conf: Configuration file directory
-lib: Public module directory
-LOG: Logs
-SRC: Business logic

Send data: Dictionary nested dictionary data, through Requests.post JSON can be automatically converted to string, and then to byte, the server needs to first STR (body) and then loads

Four, dynamic encryption method

The first: Set a random string in headers, and the server gets the request. meta[' Http_authkey '] comparison

headers={' Authkey ': ' ASDASD '}json.loads (str (request.body,encoding= ' utf-8 '))

　　

The second type: MD5 random string encryption

app_id = ' asdasdasdasd ' m = Hashlib.md5 () m.update (bytes (app_id,encoding= ' utf-8 ')) Authkey = M.hexdigest ()

　　

The third type: random string | Current time = "string after encryption | time

Current_time = Time.time () app_id = ' asdasdasdasd ' app_id_time = "%s|%s"% (app_id,current_time) m = Hashlib.md5 () m.update ( Bytes (app_id_time,encoding= ' utf-8 ')) Authkey = M.hexdigest () authkey_time = "%s|%s"% (authkey,current_time) Auth_key_ Time = Request. meta[' http_authkey ']auth_key,client_ctime = auth_key_time.split (' | ') Key_time = "%s|%s"% (ck,client_ctime) m = Hashlib.md5 () m.update (bytes (key_time, encoding= ' Utf-8 ')) Authkey = M.hexdigest () if Authkey!=auth_key:return HttpResponse (' authorization failed ')

　　

The fourth type: on the third basis, by encrypting the string list and the time limit, to limit

Server_current_time = Time.time () auth_list = []if server_current_time-10 > Float (client_ctime): Return HttpResponse ( ' Authorization failed ') if auth_key_time in Auth_list:return HttpResponse (' authorization failed ') Auth_list.append (auth_key_time) #仅当通过三重验证后才加入列表

　　

2018/07/25 Day, CMDB after desk management

I. Configuration file Control Generation table

Table_config = [{' Q ': ' id ', ' title ': ' ID ', ' Display ': ' false},{' Q ': ' Cabinet_num ', ' title ': ' Cabinet number ', ' Display ': true},]q_ List.append (i[' Q ']) # Add the column name to fetch data_list = models. Asset.objects.all (). VALUES (*q_list) data_list = List (data_list) # go to list function initheaders (table_config) {var tr = Document.createelement (' tr '); $.each (Table_config,function (k,item) {# loop if (item.display) {var th = Document.createelement (' th '); th.innerhtml = item.title;# Assignment $ (TR). append (th);}}); $ (' #thead_th '). Append (TR)}

　　

Second, the custom string method implements the string substitution

String.prototype.format = function (Kwargs) {var ret = This.replace (/\{(\w+) \}/g,function (km,m) {return kwargs[m]}) ; return ret};

　　

Iii. Custom @ symbol rules

{' Q ': None, ' title ': ' Operation ', ' Display ': True, ' text ': {' content ': ' <a href= '/asset-detail/{m} ' >{n}</a> ', ' Kwargs ': {' n ': ' View ', ' m ': ' @id '}}},var Kwargs = {};$.each (config.text.kwargs,function (key,value) {if (value[0]== ' @ ') {# Gets the data for the database when the first character is @ kwargs[key]=item[value.substring (1,value.length)];} else {kwargs[key]=value;}}); var temp = Config.text.content.format (Kwargs); td.innerhtml = temp;

　　

Four, double @ rules

The global variable function initglobaldata (global_list) {$.each (Global_list,function (k,v) {window[k]=v})}views functions in the front-end setting string {' Q ': ' device_type_id ', ' title ': ' Asset type ', ' Display ': True, ' text ': {' content ': ' {n} ', ' Kwargs ': {' n ': ' @ @device_type_choices '}}} , JavaScript determines if (value.substring (0,2) = = ' @@ ') {var globalname = value.substring (2,value.length); var currentid = item[ config.q];# gets the database corresponding to the Idvar t = Gettextfromglobalbyid (Globalname,currentid); # go to the global variable to take the ID corresponding to the text kwargs[key]=t;} Define function Gettextfromglobalbyid (Globalname,currentid) {var ret = Null;$.each (window[globalname],function (K,item) {if (item[0]==currentid) {ret = item[1];# take ID corresponding to the text return}}); return ret}

　　

V. Custom attributes and the single @ rule

{' Q ': ' Cabinet_num ', ' title ': ' Cabinet number ', ' Display ': True, ' text ': {' content ': ' {n} ', ' Kwargs ': {' n ': ' @cabinet_num '}}, ' Attrs ' : {' edit-enable ': ' true ', ' edit-type ': ' Input '}},$.each (config.attrs,function (KK,VV) {td.setattribute (KK,VV);});

　　

Single @ rule:

{' Q ': ' Manager__name ', ' title ': ' Admin group ', ' Display ': True, ' text ': {' content ': ' {n} ', ' Kwargs ': {' n ': ' @manager__name '}}, ' Attrs ': {' name ': ' manager_id ', ' origin ': ' @manager_id ', ' edit-enable ': ' true ', ' edit-type ': ' Select ', ' global-name ': ' Manager_choices '}},

　　

Origin: The assignment (ID number) used to generate the Select box, and Origin's @ is converted to the value of item within the Initbody function, so that a value can be assigned when the Select box is generated.
For input, it is not assigned and is used only to compare the newly generated values New-val
Name: Used to save the newly edited value, the dictionary key
Global-name: Used to generate the input box from the global variables corresponding to the dictionary to loop.



Summarize:

CMDB Project Management