From 856e7c16e511819af1130cbe9df01091485274ce Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Thu, 10 Dec 2020 20:50:22 +0800 Subject: [PATCH] =?UTF-8?q?feat:=20=E6=B7=BB=E5=8A=A0=E7=BB=84=E4=BB=B6?= =?UTF-8?q?=E7=9B=91=E6=8E=A7;TerminalModel=E6=B7=BB=E5=8A=A0type=E5=AD=97?= =?UTF-8?q?=E6=AE=B5;=20(#5206)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 添加组件监控;TerminalModel添加type字段; * feat: Terminal序列类添加type字段 * feat: Terminal序列类添加type字段为只读 * feat: 修改组件status文案 * feat: 取消上传组件状态序列类count字段 * reactor: 修改termina/models目录结构 * feat: 修改ComponentTypeChoices * feat: 取消考虑CoreComponent类型 * feat: 修改Terminal status判断逻辑 * feat: 终端列表添加status过滤; 组件状态序列类添加default值 * feat: 添加PrometheusMetricsAPI * feat: 修改PrometheusMetricsAPI Co-authored-by: Bai --- apps/jumpserver/api.py | 11 +- apps/jumpserver/urls.py | 1 + apps/terminal/api/__init__.py | 1 + apps/terminal/api/component.py | 34 ++ apps/terminal/api/terminal.py | 15 +- apps/terminal/const.py | 24 + .../terminal/migrations/0030_terminal_type.py | 42 ++ apps/terminal/models.py | 486 ------------------ apps/terminal/models/__init__.py | 6 + apps/terminal/models/command.py | 21 + apps/terminal/models/session.py | 210 ++++++++ apps/terminal/models/status.py | 28 + apps/terminal/models/storage.py | 103 ++++ apps/terminal/models/task.py | 25 + apps/terminal/models/terminal.py | 247 +++++++++ apps/terminal/serializers/__init__.py | 1 + apps/terminal/serializers/components.py | 25 + apps/terminal/serializers/terminal.py | 10 +- apps/terminal/urls/api_urls.py | 5 +- apps/terminal/utils.py | 102 ++++ 20 files changed, 902 insertions(+), 495 deletions(-) create mode 100644 apps/terminal/api/component.py create mode 100644 apps/terminal/migrations/0030_terminal_type.py delete mode 100644 apps/terminal/models.py create mode 100644 apps/terminal/models/__init__.py create mode 100644 apps/terminal/models/command.py create mode 100644 apps/terminal/models/session.py create mode 100644 apps/terminal/models/status.py create mode 100644 apps/terminal/models/storage.py create mode 100644 apps/terminal/models/task.py create mode 100644 apps/terminal/models/terminal.py create mode 100644 apps/terminal/serializers/components.py diff --git a/apps/jumpserver/api.py b/apps/jumpserver/api.py index 026a90b9a..b74099fa3 100644 --- a/apps/jumpserver/api.py +++ b/apps/jumpserver/api.py @@ -2,13 +2,14 @@ from django.core.cache import cache from django.utils import timezone from django.utils.timesince import timesince from django.db.models import Count, Max -from django.http.response import JsonResponse +from django.http.response import JsonResponse, HttpResponse from rest_framework.views import APIView from collections import Counter from users.models import User from assets.models import Asset from terminal.models import Session +from terminal.utils import ComponentsPrometheusMetricsUtil from orgs.utils import current_org from common.permissions import IsOrgAdmin, IsOrgAuditor from common.utils import lazyproperty @@ -305,3 +306,11 @@ class IndexApi(TotalCountMixin, DatesLoginMetricMixin, APIView): return JsonResponse(data, status=200) +class PrometheusMetricsApi(APIView): + permission_classes = () + + def get(self, request, *args, **kwargs): + util = ComponentsPrometheusMetricsUtil() + metrics_text = util.get_prometheus_metrics_text() + return HttpResponse(metrics_text, content_type='text/plain; version=0.0.4; charset=utf-8') + diff --git a/apps/jumpserver/urls.py b/apps/jumpserver/urls.py index 47518d946..d03c20ba3 100644 --- a/apps/jumpserver/urls.py +++ b/apps/jumpserver/urls.py @@ -23,6 +23,7 @@ api_v1 = [ path('common/', include('common.urls.api_urls', namespace='api-common')), path('applications/', include('applications.urls.api_urls', namespace='api-applications')), path('tickets/', include('tickets.urls.api_urls', namespace='api-tickets')), + path('prometheus/metrics/', api.PrometheusMetricsApi.as_view()) ] api_v2 = [ diff --git a/apps/terminal/api/__init__.py b/apps/terminal/api/__init__.py index 640dacb6a..c0c6b8197 100644 --- a/apps/terminal/api/__init__.py +++ b/apps/terminal/api/__init__.py @@ -5,3 +5,4 @@ from .session import * from .command import * from .task import * from .storage import * +from .component import * diff --git a/apps/terminal/api/component.py b/apps/terminal/api/component.py new file mode 100644 index 000000000..aec404370 --- /dev/null +++ b/apps/terminal/api/component.py @@ -0,0 +1,34 @@ +# -*- coding: utf-8 -*- +# + +import logging +from rest_framework import generics, status +from rest_framework.views import Response + +from .. import serializers +from ..utils import ComponentsMetricsUtil +from common.permissions import IsAppUser, IsSuperUser + +logger = logging.getLogger(__file__) + + +__all__ = [ + 'ComponentsStateAPIView', 'ComponentsMetricsAPIView', +] + + +class ComponentsStateAPIView(generics.CreateAPIView): + """ koko, guacamole, omnidb 上报状态 """ + permission_classes = (IsAppUser,) + serializer_class = serializers.ComponentsStateSerializer + + +class ComponentsMetricsAPIView(generics.GenericAPIView): + """ 返回汇总组件指标数据 """ + permission_classes = (IsSuperUser,) + + def get(self, request, *args, **kwargs): + component_type = request.query_params.get('type') + util = ComponentsMetricsUtil(component_type) + metrics = util.get_metrics() + return Response(metrics, status=status.HTTP_200_OK) diff --git a/apps/terminal/api/terminal.py b/apps/terminal/api/terminal.py index 2ee353e3e..a5e976034 100644 --- a/apps/terminal/api/terminal.py +++ b/apps/terminal/api/terminal.py @@ -27,7 +27,7 @@ class TerminalViewSet(JMSBulkModelViewSet): queryset = Terminal.objects.filter(is_deleted=False) serializer_class = serializers.TerminalSerializer permission_classes = (IsSuperUser,) - filter_fields = ['name', 'remote_addr'] + filter_fields = ['name', 'remote_addr', 'type'] def create(self, request, *args, **kwargs): if isinstance(request.data, list): @@ -60,6 +60,15 @@ class TerminalViewSet(JMSBulkModelViewSet): logger.error("Register terminal error: {}".format(data)) return Response(data, status=400) + def filter_queryset(self, queryset): + queryset = super().filter_queryset(queryset) + status = self.request.query_params.get('status') + if not status: + return queryset + filtered_queryset_id = [str(q.id) for q in queryset if q.status == status] + queryset = queryset.filter(id__in=filtered_queryset_id) + return queryset + def get_permissions(self): if self.action == "create": self.permission_classes = (AllowAny,) @@ -104,15 +113,11 @@ class StatusViewSet(viewsets.ModelViewSet): task_serializer_class = serializers.TaskSerializer def create(self, request, *args, **kwargs): - self.handle_status(request) self.handle_sessions() tasks = self.request.user.terminal.task_set.filter(is_finished=False) serializer = self.task_serializer_class(tasks, many=True) return Response(serializer.data, status=201) - def handle_status(self, request): - request.user.terminal.is_alive = True - def handle_sessions(self): sessions_id = self.request.data.get('sessions', []) # guacamole 上报的 session 是字符串 diff --git a/apps/terminal/const.py b/apps/terminal/const.py index 4d19d007c..b7a48fab3 100644 --- a/apps/terminal/const.py +++ b/apps/terminal/const.py @@ -108,3 +108,27 @@ COMMAND_STORAGE_TYPE_CHOICES_EXTENDS = [ COMMAND_STORAGE_TYPE_CHOICES = COMMAND_STORAGE_TYPE_CHOICES_DEFAULT + \ COMMAND_STORAGE_TYPE_CHOICES_EXTENDS + +from django.db.models import TextChoices +from django.utils.translation import ugettext_lazy as _ + + +class ComponentStatusChoices(TextChoices): + critical = 'critical', _('Critical') + high = 'high', _('High') + normal = 'normal', _('Normal') + + @classmethod + def status(cls): + return set(dict(cls.choices).keys()) + + +class TerminalTypeChoices(TextChoices): + koko = 'koko', 'KoKo' + guacamole = 'guacamole', 'Guacamole' + omnidb = 'omnidb', 'OmniDB' + + @classmethod + def types(cls): + return set(dict(cls.choices).keys()) + diff --git a/apps/terminal/migrations/0030_terminal_type.py b/apps/terminal/migrations/0030_terminal_type.py new file mode 100644 index 000000000..4e4d871f8 --- /dev/null +++ b/apps/terminal/migrations/0030_terminal_type.py @@ -0,0 +1,42 @@ +# Generated by Django 3.1 on 2020-12-10 07:05 + +from django.db import migrations, models + +TERMINAL_TYPE_KOKO = 'koko' +TERMINAL_TYPE_GUACAMOLE = 'guacamole' +TERMINAL_TYPE_OMNIDB = 'omnidb' + + +def migrate_terminal_type(apps, schema_editor): + terminal_model = apps.get_model("terminal", "Terminal") + db_alias = schema_editor.connection.alias + terminals = terminal_model.objects.using(db_alias).all() + for terminal in terminals: + name = terminal.name.lower() + if 'koko' in name: + _type = TERMINAL_TYPE_KOKO + elif 'gua' in name: + _type = TERMINAL_TYPE_GUACAMOLE + elif 'omnidb' in name: + _type = TERMINAL_TYPE_OMNIDB + else: + _type = TERMINAL_TYPE_KOKO + terminal.type = _type + terminal_model.objects.bulk_update(terminals, ['type']) + + +class Migration(migrations.Migration): + + dependencies = [ + ('terminal', '0029_auto_20201116_1757'), + ] + + operations = [ + migrations.AddField( + model_name='terminal', + name='type', + field=models.CharField(choices=[('koko', 'KoKo'), ('guacamole', 'Guacamole'), ('omnidb', 'OmniDB')], default='koko', max_length=64, verbose_name='type'), + preserve_default=False, + ), + migrations.RunPython(migrate_terminal_type) + ] diff --git a/apps/terminal/models.py b/apps/terminal/models.py deleted file mode 100644 index 17eb59f00..000000000 --- a/apps/terminal/models.py +++ /dev/null @@ -1,486 +0,0 @@ -from __future__ import unicode_literals - -import os -import uuid -import jms_storage - -from django.db import models -from django.db.models.signals import post_save -from django.utils.translation import ugettext_lazy as _ -from django.utils import timezone -from django.conf import settings -from django.core.files.storage import default_storage -from django.core.cache import cache - -from assets.models import Asset -from users.models import User -from orgs.mixins.models import OrgModelMixin -from common.mixins import CommonModelMixin -from common.fields.model import EncryptJsonDictTextField -from common.db.models import ChoiceSet -from .backends import get_multi_command_storage -from .backends.command.models import AbstractSessionCommand -from . import const - - -class Terminal(models.Model): - id = models.UUIDField(default=uuid.uuid4, primary_key=True) - name = models.CharField(max_length=128, verbose_name=_('Name')) - remote_addr = models.CharField(max_length=128, blank=True, verbose_name=_('Remote Address')) - ssh_port = models.IntegerField(verbose_name=_('SSH Port'), default=2222) - http_port = models.IntegerField(verbose_name=_('HTTP Port'), default=5000) - command_storage = models.CharField(max_length=128, verbose_name=_("Command storage"), default='default') - replay_storage = models.CharField(max_length=128, verbose_name=_("Replay storage"), default='default') - user = models.OneToOneField(User, related_name='terminal', verbose_name='Application User', null=True, on_delete=models.CASCADE) - is_accepted = models.BooleanField(default=False, verbose_name='Is Accepted') - is_deleted = models.BooleanField(default=False) - date_created = models.DateTimeField(auto_now_add=True) - comment = models.TextField(blank=True, verbose_name=_('Comment')) - STATUS_KEY_PREFIX = 'terminal_status_' - - @property - def is_alive(self): - key = self.STATUS_KEY_PREFIX + str(self.id) - return bool(cache.get(key)) - - @is_alive.setter - def is_alive(self, value): - key = self.STATUS_KEY_PREFIX + str(self.id) - cache.set(key, value, 60) - - @property - def is_active(self): - if self.user and self.user.is_active: - return True - return False - - @is_active.setter - def is_active(self, active): - if self.user: - self.user.is_active = active - self.user.save() - - def get_command_storage(self): - storage = CommandStorage.objects.filter(name=self.command_storage).first() - return storage - - def get_command_storage_config(self): - s = self.get_command_storage() - if s: - config = s.config - else: - config = settings.DEFAULT_TERMINAL_COMMAND_STORAGE - return config - - def get_command_storage_setting(self): - config = self.get_command_storage_config() - return {"TERMINAL_COMMAND_STORAGE": config} - - def get_replay_storage(self): - storage = ReplayStorage.objects.filter(name=self.replay_storage).first() - return storage - - def get_replay_storage_config(self): - s = self.get_replay_storage() - if s: - config = s.config - else: - config = settings.DEFAULT_TERMINAL_REPLAY_STORAGE - return config - - def get_replay_storage_setting(self): - config = self.get_replay_storage_config() - return {"TERMINAL_REPLAY_STORAGE": config} - - @staticmethod - def get_login_title_setting(): - login_title = None - if settings.XPACK_ENABLED: - from xpack.plugins.interface.models import Interface - login_title = Interface.get_login_title() - return {'TERMINAL_HEADER_TITLE': login_title} - - @property - def config(self): - configs = {} - for k in dir(settings): - if not k.startswith('TERMINAL'): - continue - configs[k] = getattr(settings, k) - configs.update(self.get_command_storage_setting()) - configs.update(self.get_replay_storage_setting()) - configs.update(self.get_login_title_setting()) - configs.update({ - 'SECURITY_MAX_IDLE_TIME': settings.SECURITY_MAX_IDLE_TIME - }) - return configs - - @property - def service_account(self): - return self.user - - def create_app_user(self): - random = uuid.uuid4().hex[:6] - user, access_key = User.create_app_user( - name="{}-{}".format(self.name, random), comment=self.comment - ) - self.user = user - self.save() - return user, access_key - - def delete(self, using=None, keep_parents=False): - if self.user: - self.user.delete() - self.user = None - self.is_deleted = True - self.save() - return - - def __str__(self): - status = "Active" - if not self.is_accepted: - status = "NotAccept" - elif self.is_deleted: - status = "Deleted" - elif not self.is_active: - status = "Disable" - return '%s: %s' % (self.name, status) - - class Meta: - ordering = ('is_accepted',) - db_table = "terminal" - - -class Status(models.Model): - id = models.UUIDField(default=uuid.uuid4, primary_key=True) - session_online = models.IntegerField(verbose_name=_("Session Online"), default=0) - cpu_used = models.FloatField(verbose_name=_("CPU Usage")) - memory_used = models.FloatField(verbose_name=_("Memory Used")) - connections = models.IntegerField(verbose_name=_("Connections")) - threads = models.IntegerField(verbose_name=_("Threads")) - boot_time = models.FloatField(verbose_name=_("Boot Time")) - terminal = models.ForeignKey(Terminal, null=True, on_delete=models.CASCADE) - date_created = models.DateTimeField(auto_now_add=True) - - class Meta: - db_table = 'terminal_status' - get_latest_by = 'date_created' - - def __str__(self): - return self.date_created.strftime("%Y-%m-%d %H:%M:%S") - - -class Session(OrgModelMixin): - class LOGIN_FROM(ChoiceSet): - ST = 'ST', 'SSH Terminal' - WT = 'WT', 'Web Terminal' - - class PROTOCOL(ChoiceSet): - SSH = 'ssh', 'ssh' - RDP = 'rdp', 'rdp' - VNC = 'vnc', 'vnc' - TELNET = 'telnet', 'telnet' - MYSQL = 'mysql', 'mysql' - ORACLE = 'oracle', 'oracle' - MARIADB = 'mariadb', 'mariadb' - POSTGRESQL = 'postgresql', 'postgresql' - K8S = 'k8s', 'kubernetes' - - id = models.UUIDField(default=uuid.uuid4, primary_key=True) - user = models.CharField(max_length=128, verbose_name=_("User"), db_index=True) - user_id = models.CharField(blank=True, default='', max_length=36, db_index=True) - asset = models.CharField(max_length=128, verbose_name=_("Asset"), db_index=True) - asset_id = models.CharField(blank=True, default='', max_length=36, db_index=True) - system_user = models.CharField(max_length=128, verbose_name=_("System user"), db_index=True) - system_user_id = models.CharField(blank=True, default='', max_length=36, db_index=True) - login_from = models.CharField(max_length=2, choices=LOGIN_FROM.choices, default="ST", verbose_name=_("Login from")) - remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True) - is_success = models.BooleanField(default=True, db_index=True) - is_finished = models.BooleanField(default=False, db_index=True) - has_replay = models.BooleanField(default=False, verbose_name=_("Replay")) - has_command = models.BooleanField(default=False, verbose_name=_("Command")) - terminal = models.ForeignKey(Terminal, null=True, on_delete=models.DO_NOTHING, db_constraint=False) - protocol = models.CharField(choices=PROTOCOL.choices, default='ssh', max_length=16, db_index=True) - date_start = models.DateTimeField(verbose_name=_("Date start"), db_index=True, default=timezone.now) - date_end = models.DateTimeField(verbose_name=_("Date end"), null=True) - - upload_to = 'replay' - ACTIVE_CACHE_KEY_PREFIX = 'SESSION_ACTIVE_{}' - _DATE_START_FIRST_HAS_REPLAY_RDP_SESSION = None - - def get_rel_replay_path(self, version=2): - """ - 获取session日志的文件路径 - :param version: 原来后缀是 .gz,为了统一新版本改为 .replay.gz - :return: - """ - suffix = '.replay.gz' - if version == 1: - suffix = '.gz' - date = self.date_start.strftime('%Y-%m-%d') - return os.path.join(date, str(self.id) + suffix) - - def get_local_path(self, version=2): - rel_path = self.get_rel_replay_path(version=version) - if version == 2: - local_path = os.path.join(self.upload_to, rel_path) - else: - local_path = rel_path - return local_path - - @property - def asset_obj(self): - return Asset.objects.get(id=self.asset_id) - - @property - def _date_start_first_has_replay_rdp_session(self): - if self.__class__._DATE_START_FIRST_HAS_REPLAY_RDP_SESSION is None: - instance = self.__class__.objects.filter( - protocol='rdp', has_replay=True - ).order_by('date_start').first() - if not instance: - date_start = timezone.now() - timezone.timedelta(days=365) - else: - date_start = instance.date_start - self.__class__._DATE_START_FIRST_HAS_REPLAY_RDP_SESSION = date_start - return self.__class__._DATE_START_FIRST_HAS_REPLAY_RDP_SESSION - - def can_replay(self): - if self.has_replay: - return True - if self.date_start < self._date_start_first_has_replay_rdp_session: - return True - return False - - @property - def can_join(self): - _PROTOCOL = self.PROTOCOL - if self.is_finished: - return False - if self.protocol in [_PROTOCOL.SSH, _PROTOCOL.TELNET, _PROTOCOL.K8S]: - return True - else: - return False - - @property - def db_protocols(self): - _PROTOCOL = self.PROTOCOL - return [_PROTOCOL.MYSQL, _PROTOCOL.MARIADB, _PROTOCOL.ORACLE, _PROTOCOL.POSTGRESQL] - - @property - def can_terminate(self): - _PROTOCOL = self.PROTOCOL - if self.is_finished: - return False - if self.protocol in self.db_protocols: - return False - else: - return True - - def save_replay_to_storage(self, f): - local_path = self.get_local_path() - try: - name = default_storage.save(local_path, f) - except OSError as e: - return None, e - - if settings.SERVER_REPLAY_STORAGE: - from .tasks import upload_session_replay_to_external_storage - upload_session_replay_to_external_storage.delay(str(self.id)) - return name, None - - @classmethod - def set_sessions_active(cls, sessions_id): - data = {cls.ACTIVE_CACHE_KEY_PREFIX.format(i): i for i in sessions_id} - cache.set_many(data, timeout=5*60) - - @classmethod - def get_active_sessions(cls): - return cls.objects.filter(is_finished=False) - - def is_active(self): - if self.protocol in ['ssh', 'telnet', 'rdp', 'mysql']: - key = self.ACTIVE_CACHE_KEY_PREFIX.format(self.id) - return bool(cache.get(key)) - return True - - @property - def command_amount(self): - command_store = get_multi_command_storage() - return command_store.count(session=str(self.id)) - - @property - def login_from_display(self): - return self.get_login_from_display() - - @classmethod - def generate_fake(cls, count=100, is_finished=True): - import random - from orgs.models import Organization - from users.models import User - from assets.models import Asset, SystemUser - from orgs.utils import get_current_org - from common.utils.random import random_datetime, random_ip - - org = get_current_org() - if not org or not org.is_real(): - Organization.default().change_to() - i = 0 - users = User.objects.all()[:100] - assets = Asset.objects.all()[:100] - system_users = SystemUser.objects.all()[:100] - while i < count: - user_random = random.choices(users, k=10) - assets_random = random.choices(assets, k=10) - system_users = random.choices(system_users, k=10) - - ziped = zip(user_random, assets_random, system_users) - sessions = [] - now = timezone.now() - month_ago = now - timezone.timedelta(days=30) - for user, asset, system_user in ziped: - ip = random_ip() - date_start = random_datetime(month_ago, now) - date_end = random_datetime(date_start, date_start+timezone.timedelta(hours=2)) - data = dict( - user=str(user), user_id=user.id, - asset=str(asset), asset_id=asset.id, - system_user=str(system_user), system_user_id=system_user.id, - remote_addr=ip, - date_start=date_start, - date_end=date_end, - is_finished=is_finished, - ) - sessions.append(Session(**data)) - cls.objects.bulk_create(sessions) - i += 10 - - class Meta: - db_table = "terminal_session" - ordering = ["-date_start"] - - def __str__(self): - return "{0.id} of {0.user} to {0.asset}".format(self) - - -class Task(models.Model): - NAME_CHOICES = ( - ("kill_session", "Kill Session"), - ) - - id = models.UUIDField(default=uuid.uuid4, primary_key=True) - name = models.CharField(max_length=128, choices=NAME_CHOICES, verbose_name=_("Name")) - args = models.CharField(max_length=1024, verbose_name=_("Args")) - terminal = models.ForeignKey(Terminal, null=True, on_delete=models.SET_NULL) - is_finished = models.BooleanField(default=False) - date_created = models.DateTimeField(auto_now_add=True) - date_finished = models.DateTimeField(null=True) - - class Meta: - db_table = "terminal_task" - - -class CommandManager(models.Manager): - def bulk_create(self, objs, **kwargs): - resp = super().bulk_create(objs, **kwargs) - for i in objs: - post_save.send(i.__class__, instance=i, created=True) - return resp - - -class Command(AbstractSessionCommand): - objects = CommandManager() - - class Meta: - db_table = "terminal_command" - ordering = ('-timestamp',) - - -class CommandStorage(CommonModelMixin): - TYPE_CHOICES = const.COMMAND_STORAGE_TYPE_CHOICES - TYPE_DEFAULTS = dict(const.REPLAY_STORAGE_TYPE_CHOICES_DEFAULT).keys() - TYPE_SERVER = const.COMMAND_STORAGE_TYPE_SERVER - - name = models.CharField(max_length=128, verbose_name=_("Name"), unique=True) - type = models.CharField( - max_length=16, choices=TYPE_CHOICES, verbose_name=_('Type'), - default=TYPE_SERVER - ) - meta = EncryptJsonDictTextField(default={}) - comment = models.TextField( - max_length=128, default='', blank=True, verbose_name=_('Comment') - ) - - def __str__(self): - return self.name - - @property - def config(self): - config = self.meta - config.update({'TYPE': self.type}) - return config - - def in_defaults(self): - return self.type in self.TYPE_DEFAULTS - - def is_valid(self): - if self.in_defaults(): - return True - storage = jms_storage.get_log_storage(self.config) - return storage.ping() - - def is_using(self): - return Terminal.objects.filter(command_storage=self.name).exists() - - -class ReplayStorage(CommonModelMixin): - TYPE_CHOICES = const.REPLAY_STORAGE_TYPE_CHOICES - TYPE_SERVER = const.REPLAY_STORAGE_TYPE_SERVER - TYPE_DEFAULTS = dict(const.REPLAY_STORAGE_TYPE_CHOICES_DEFAULT).keys() - - name = models.CharField(max_length=128, verbose_name=_("Name"), unique=True) - type = models.CharField( - max_length=16, choices=TYPE_CHOICES, verbose_name=_('Type'), - default=TYPE_SERVER - ) - meta = EncryptJsonDictTextField(default={}) - comment = models.TextField( - max_length=128, default='', blank=True, verbose_name=_('Comment') - ) - - def __str__(self): - return self.name - - def convert_type(self): - s3_type_list = [const.REPLAY_STORAGE_TYPE_CEPH] - tp = self.type - if tp in s3_type_list: - tp = const.REPLAY_STORAGE_TYPE_S3 - return tp - - def get_extra_config(self): - extra_config = {'TYPE': self.convert_type()} - if self.type == const.REPLAY_STORAGE_TYPE_SWIFT: - extra_config.update({'signer': 'S3SignerType'}) - return extra_config - - @property - def config(self): - config = self.meta - extra_config = self.get_extra_config() - config.update(extra_config) - return config - - def in_defaults(self): - return self.type in self.TYPE_DEFAULTS - - def is_valid(self): - if self.in_defaults(): - return True - storage = jms_storage.get_object_storage(self.config) - target = 'tests.py' - src = os.path.join(settings.BASE_DIR, 'common', target) - return storage.is_valid(src, target) - - def is_using(self): - return Terminal.objects.filter(replay_storage=self.name).exists() diff --git a/apps/terminal/models/__init__.py b/apps/terminal/models/__init__.py new file mode 100644 index 000000000..1de5fd31e --- /dev/null +++ b/apps/terminal/models/__init__.py @@ -0,0 +1,6 @@ +from .command import * +from .session import * +from .status import * +from .storage import * +from .task import * +from .terminal import * diff --git a/apps/terminal/models/command.py b/apps/terminal/models/command.py new file mode 100644 index 000000000..fba906226 --- /dev/null +++ b/apps/terminal/models/command.py @@ -0,0 +1,21 @@ +from __future__ import unicode_literals + +from django.db import models +from django.db.models.signals import post_save +from ..backends.command.models import AbstractSessionCommand + + +class CommandManager(models.Manager): + def bulk_create(self, objs, **kwargs): + resp = super().bulk_create(objs, **kwargs) + for i in objs: + post_save.send(i.__class__, instance=i, created=True) + return resp + + +class Command(AbstractSessionCommand): + objects = CommandManager() + + class Meta: + db_table = "terminal_command" + ordering = ('-timestamp',) diff --git a/apps/terminal/models/session.py b/apps/terminal/models/session.py new file mode 100644 index 000000000..4e2a1b99a --- /dev/null +++ b/apps/terminal/models/session.py @@ -0,0 +1,210 @@ +from __future__ import unicode_literals + +import os +import uuid + +from django.db import models +from django.utils.translation import ugettext_lazy as _ +from django.utils import timezone +from django.conf import settings +from django.core.files.storage import default_storage +from django.core.cache import cache + +from assets.models import Asset +from orgs.mixins.models import OrgModelMixin +from common.db.models import ChoiceSet +from ..backends import get_multi_command_storage +from .terminal import Terminal + + +class Session(OrgModelMixin): + class LOGIN_FROM(ChoiceSet): + ST = 'ST', 'SSH Terminal' + WT = 'WT', 'Web Terminal' + + class PROTOCOL(ChoiceSet): + SSH = 'ssh', 'ssh' + RDP = 'rdp', 'rdp' + VNC = 'vnc', 'vnc' + TELNET = 'telnet', 'telnet' + MYSQL = 'mysql', 'mysql' + ORACLE = 'oracle', 'oracle' + MARIADB = 'mariadb', 'mariadb' + POSTGRESQL = 'postgresql', 'postgresql' + K8S = 'k8s', 'kubernetes' + + id = models.UUIDField(default=uuid.uuid4, primary_key=True) + user = models.CharField(max_length=128, verbose_name=_("User"), db_index=True) + user_id = models.CharField(blank=True, default='', max_length=36, db_index=True) + asset = models.CharField(max_length=128, verbose_name=_("Asset"), db_index=True) + asset_id = models.CharField(blank=True, default='', max_length=36, db_index=True) + system_user = models.CharField(max_length=128, verbose_name=_("System user"), db_index=True) + system_user_id = models.CharField(blank=True, default='', max_length=36, db_index=True) + login_from = models.CharField(max_length=2, choices=LOGIN_FROM.choices, default="ST", verbose_name=_("Login from")) + remote_addr = models.CharField(max_length=128, verbose_name=_("Remote addr"), blank=True, null=True) + is_success = models.BooleanField(default=True, db_index=True) + is_finished = models.BooleanField(default=False, db_index=True) + has_replay = models.BooleanField(default=False, verbose_name=_("Replay")) + has_command = models.BooleanField(default=False, verbose_name=_("Command")) + terminal = models.ForeignKey(Terminal, null=True, on_delete=models.DO_NOTHING, db_constraint=False) + protocol = models.CharField(choices=PROTOCOL.choices, default='ssh', max_length=16, db_index=True) + date_start = models.DateTimeField(verbose_name=_("Date start"), db_index=True, default=timezone.now) + date_end = models.DateTimeField(verbose_name=_("Date end"), null=True) + + upload_to = 'replay' + ACTIVE_CACHE_KEY_PREFIX = 'SESSION_ACTIVE_{}' + _DATE_START_FIRST_HAS_REPLAY_RDP_SESSION = None + + def get_rel_replay_path(self, version=2): + """ + 获取session日志的文件路径 + :param version: 原来后缀是 .gz,为了统一新版本改为 .replay.gz + :return: + """ + suffix = '.replay.gz' + if version == 1: + suffix = '.gz' + date = self.date_start.strftime('%Y-%m-%d') + return os.path.join(date, str(self.id) + suffix) + + def get_local_path(self, version=2): + rel_path = self.get_rel_replay_path(version=version) + if version == 2: + local_path = os.path.join(self.upload_to, rel_path) + else: + local_path = rel_path + return local_path + + @property + def asset_obj(self): + return Asset.objects.get(id=self.asset_id) + + @property + def _date_start_first_has_replay_rdp_session(self): + if self.__class__._DATE_START_FIRST_HAS_REPLAY_RDP_SESSION is None: + instance = self.__class__.objects.filter( + protocol='rdp', has_replay=True + ).order_by('date_start').first() + if not instance: + date_start = timezone.now() - timezone.timedelta(days=365) + else: + date_start = instance.date_start + self.__class__._DATE_START_FIRST_HAS_REPLAY_RDP_SESSION = date_start + return self.__class__._DATE_START_FIRST_HAS_REPLAY_RDP_SESSION + + def can_replay(self): + if self.has_replay: + return True + if self.date_start < self._date_start_first_has_replay_rdp_session: + return True + return False + + @property + def can_join(self): + _PROTOCOL = self.PROTOCOL + if self.is_finished: + return False + if self.protocol in [_PROTOCOL.SSH, _PROTOCOL.TELNET, _PROTOCOL.K8S]: + return True + else: + return False + + @property + def db_protocols(self): + _PROTOCOL = self.PROTOCOL + return [_PROTOCOL.MYSQL, _PROTOCOL.MARIADB, _PROTOCOL.ORACLE, _PROTOCOL.POSTGRESQL] + + @property + def can_terminate(self): + _PROTOCOL = self.PROTOCOL + if self.is_finished: + return False + if self.protocol in self.db_protocols: + return False + else: + return True + + def save_replay_to_storage(self, f): + local_path = self.get_local_path() + try: + name = default_storage.save(local_path, f) + except OSError as e: + return None, e + + if settings.SERVER_REPLAY_STORAGE: + from .tasks import upload_session_replay_to_external_storage + upload_session_replay_to_external_storage.delay(str(self.id)) + return name, None + + @classmethod + def set_sessions_active(cls, sessions_id): + data = {cls.ACTIVE_CACHE_KEY_PREFIX.format(i): i for i in sessions_id} + cache.set_many(data, timeout=5*60) + + @classmethod + def get_active_sessions(cls): + return cls.objects.filter(is_finished=False) + + def is_active(self): + if self.protocol in ['ssh', 'telnet', 'rdp', 'mysql']: + key = self.ACTIVE_CACHE_KEY_PREFIX.format(self.id) + return bool(cache.get(key)) + return True + + @property + def command_amount(self): + command_store = get_multi_command_storage() + return command_store.count(session=str(self.id)) + + @property + def login_from_display(self): + return self.get_login_from_display() + + @classmethod + def generate_fake(cls, count=100, is_finished=True): + import random + from orgs.models import Organization + from users.models import User + from assets.models import Asset, SystemUser + from orgs.utils import get_current_org + from common.utils.random import random_datetime, random_ip + + org = get_current_org() + if not org or not org.is_real(): + Organization.default().change_to() + i = 0 + users = User.objects.all()[:100] + assets = Asset.objects.all()[:100] + system_users = SystemUser.objects.all()[:100] + while i < count: + user_random = random.choices(users, k=10) + assets_random = random.choices(assets, k=10) + system_users = random.choices(system_users, k=10) + + ziped = zip(user_random, assets_random, system_users) + sessions = [] + now = timezone.now() + month_ago = now - timezone.timedelta(days=30) + for user, asset, system_user in ziped: + ip = random_ip() + date_start = random_datetime(month_ago, now) + date_end = random_datetime(date_start, date_start+timezone.timedelta(hours=2)) + data = dict( + user=str(user), user_id=user.id, + asset=str(asset), asset_id=asset.id, + system_user=str(system_user), system_user_id=system_user.id, + remote_addr=ip, + date_start=date_start, + date_end=date_end, + is_finished=is_finished, + ) + sessions.append(Session(**data)) + cls.objects.bulk_create(sessions) + i += 10 + + class Meta: + db_table = "terminal_session" + ordering = ["-date_start"] + + def __str__(self): + return "{0.id} of {0.user} to {0.asset}".format(self) diff --git a/apps/terminal/models/status.py b/apps/terminal/models/status.py new file mode 100644 index 000000000..a0607e5dc --- /dev/null +++ b/apps/terminal/models/status.py @@ -0,0 +1,28 @@ +from __future__ import unicode_literals + +import uuid + +from django.db import models +from django.utils.translation import ugettext_lazy as _ + +from .terminal import Terminal + + +class Status(models.Model): + id = models.UUIDField(default=uuid.uuid4, primary_key=True) + session_online = models.IntegerField(verbose_name=_("Session Online"), default=0) + cpu_used = models.FloatField(verbose_name=_("CPU Usage")) + memory_used = models.FloatField(verbose_name=_("Memory Used")) + connections = models.IntegerField(verbose_name=_("Connections")) + threads = models.IntegerField(verbose_name=_("Threads")) + boot_time = models.FloatField(verbose_name=_("Boot Time")) + terminal = models.ForeignKey(Terminal, null=True, on_delete=models.CASCADE) + date_created = models.DateTimeField(auto_now_add=True) + + class Meta: + db_table = 'terminal_status' + get_latest_by = 'date_created' + + def __str__(self): + return self.date_created.strftime("%Y-%m-%d %H:%M:%S") + diff --git a/apps/terminal/models/storage.py b/apps/terminal/models/storage.py new file mode 100644 index 000000000..66fbe393d --- /dev/null +++ b/apps/terminal/models/storage.py @@ -0,0 +1,103 @@ +from __future__ import unicode_literals + +import os +import jms_storage + +from django.db import models +from django.utils.translation import ugettext_lazy as _ +from django.conf import settings + +from common.mixins import CommonModelMixin +from common.fields.model import EncryptJsonDictTextField +from .. import const +from .terminal import Terminal + + +class CommandStorage(CommonModelMixin): + TYPE_CHOICES = const.COMMAND_STORAGE_TYPE_CHOICES + TYPE_DEFAULTS = dict(const.REPLAY_STORAGE_TYPE_CHOICES_DEFAULT).keys() + TYPE_SERVER = const.COMMAND_STORAGE_TYPE_SERVER + + name = models.CharField(max_length=128, verbose_name=_("Name"), unique=True) + type = models.CharField( + max_length=16, choices=TYPE_CHOICES, verbose_name=_('Type'), + default=TYPE_SERVER + ) + meta = EncryptJsonDictTextField(default={}) + comment = models.TextField( + max_length=128, default='', blank=True, verbose_name=_('Comment') + ) + + def __str__(self): + return self.name + + @property + def config(self): + config = self.meta + config.update({'TYPE': self.type}) + return config + + def in_defaults(self): + return self.type in self.TYPE_DEFAULTS + + def is_valid(self): + if self.in_defaults(): + return True + storage = jms_storage.get_log_storage(self.config) + return storage.ping() + + def is_using(self): + return Terminal.objects.filter(command_storage=self.name).exists() + + +class ReplayStorage(CommonModelMixin): + TYPE_CHOICES = const.REPLAY_STORAGE_TYPE_CHOICES + TYPE_SERVER = const.REPLAY_STORAGE_TYPE_SERVER + TYPE_DEFAULTS = dict(const.REPLAY_STORAGE_TYPE_CHOICES_DEFAULT).keys() + + name = models.CharField(max_length=128, verbose_name=_("Name"), unique=True) + type = models.CharField( + max_length=16, choices=TYPE_CHOICES, verbose_name=_('Type'), + default=TYPE_SERVER + ) + meta = EncryptJsonDictTextField(default={}) + comment = models.TextField( + max_length=128, default='', blank=True, verbose_name=_('Comment') + ) + + def __str__(self): + return self.name + + def convert_type(self): + s3_type_list = [const.REPLAY_STORAGE_TYPE_CEPH] + tp = self.type + if tp in s3_type_list: + tp = const.REPLAY_STORAGE_TYPE_S3 + return tp + + def get_extra_config(self): + extra_config = {'TYPE': self.convert_type()} + if self.type == const.REPLAY_STORAGE_TYPE_SWIFT: + extra_config.update({'signer': 'S3SignerType'}) + return extra_config + + @property + def config(self): + config = self.meta + extra_config = self.get_extra_config() + config.update(extra_config) + return config + + def in_defaults(self): + return self.type in self.TYPE_DEFAULTS + + def is_valid(self): + if self.in_defaults(): + return True + storage = jms_storage.get_object_storage(self.config) + target = 'tests.py' + src = os.path.join(settings.BASE_DIR, 'common', target) + return storage.is_valid(src, target) + + def is_using(self): + return Terminal.objects.filter(replay_storage=self.name).exists() diff --git a/apps/terminal/models/task.py b/apps/terminal/models/task.py new file mode 100644 index 000000000..c863c9f77 --- /dev/null +++ b/apps/terminal/models/task.py @@ -0,0 +1,25 @@ +from __future__ import unicode_literals + +import uuid + +from django.db import models +from django.utils.translation import ugettext_lazy as _ +from .terminal import Terminal + + +class Task(models.Model): + NAME_CHOICES = ( + ("kill_session", "Kill Session"), + ) + + id = models.UUIDField(default=uuid.uuid4, primary_key=True) + name = models.CharField(max_length=128, choices=NAME_CHOICES, verbose_name=_("Name")) + args = models.CharField(max_length=1024, verbose_name=_("Args")) + terminal = models.ForeignKey(Terminal, null=True, on_delete=models.SET_NULL) + is_finished = models.BooleanField(default=False) + date_created = models.DateTimeField(auto_now_add=True) + date_finished = models.DateTimeField(null=True) + + class Meta: + db_table = "terminal_task" + diff --git a/apps/terminal/models/terminal.py b/apps/terminal/models/terminal.py new file mode 100644 index 000000000..fb7a1dc24 --- /dev/null +++ b/apps/terminal/models/terminal.py @@ -0,0 +1,247 @@ +from __future__ import unicode_literals +import uuid + +from django.db import models +from django.utils.translation import ugettext_lazy as _ +from django.conf import settings +from django.core.cache import cache + +from users.models import User +from .. import const + + +class ComputeStatusMixin: + + # system status + @staticmethod + def _common_compute_system_status(value, thresholds): + if thresholds[0] <= value <= thresholds[1]: + return const.ComponentStatusChoices.normal.value + elif thresholds[1] < value <= thresholds[2]: + return const.ComponentStatusChoices.high.value + else: + return const.ComponentStatusChoices.critical.value + + def _compute_system_cpu_load_1_status(self, value): + thresholds = [0, 5, 20] + return self._common_compute_system_status(value, thresholds) + + def _compute_system_memory_used_percent_status(self, value): + thresholds = [0, 85, 95] + return self._common_compute_system_status(value, thresholds) + + def _compute_system_disk_used_percent_status(self, value): + thresholds = [0, 80, 99] + return self._common_compute_system_status(value, thresholds) + + def _compute_system_status(self, state): + system_status_keys = [ + 'system_cpu_load_1', 'system_memory_used_percent', 'system_disk_used_percent' + ] + system_status = [] + for system_status_key in system_status_keys: + state_value = state[system_status_key] + status = getattr(self, f'_compute_{system_status_key}_status')(state_value) + system_status.append(status) + return system_status + + def _compute_component_status(self, state): + system_status = self._compute_system_status(state) + if const.ComponentStatusChoices.critical in system_status: + return const.ComponentStatusChoices.critical + elif const.ComponentStatusChoices.high in system_status: + return const.ComponentStatusChoices.high + else: + return const.ComponentStatusChoices.normal + + @staticmethod + def _compute_component_status_display(status): + return getattr(const.ComponentStatusChoices, status).label + + +class TerminalStateMixin(ComputeStatusMixin): + CACHE_KEY_COMPONENT_STATE = 'CACHE_KEY_COMPONENT_STATE_TERMINAL_{}' + CACHE_TIMEOUT = 120 + + @property + def cache_key(self): + return self.CACHE_KEY_COMPONENT_STATE.format(str(self.id)) + + # get + def _get_from_cache(self): + return cache.get(self.cache_key) + + def _set_to_cache(self, state): + cache.set(self.cache_key, state, self.CACHE_TIMEOUT) + + # set + def _add_status(self, state): + status = self._compute_component_status(state) + status_display = self._compute_component_status_display(status) + state.update({ + 'status': status, + 'status_display': status_display + }) + + @property + def state(self): + state = self._get_from_cache() + return state or {} + + @state.setter + def state(self, state): + self._add_status(state) + self._set_to_cache(state) + + +class TerminalStatusMixin(TerminalStateMixin): + + # alive + @property + def is_alive(self): + return bool(self.state) + + # status + @property + def status(self): + if self.is_alive: + return self.state['status'] + else: + return const.ComponentStatusChoices.critical.value + + @property + def status_display(self): + return self._compute_component_status_display(self.status) + + @property + def is_normal(self): + return self.status == const.ComponentStatusChoices.normal.value + + @property + def is_high(self): + return self.status == const.ComponentStatusChoices.high.value + + @property + def is_critical(self): + return self.status == const.ComponentStatusChoices.critical.value + + +class Terminal(TerminalStatusMixin, models.Model): + id = models.UUIDField(default=uuid.uuid4, primary_key=True) + name = models.CharField(max_length=128, verbose_name=_('Name')) + type = models.CharField(choices=const.TerminalTypeChoices.choices, max_length=64, verbose_name=_('type')) + remote_addr = models.CharField(max_length=128, blank=True, verbose_name=_('Remote Address')) + ssh_port = models.IntegerField(verbose_name=_('SSH Port'), default=2222) + http_port = models.IntegerField(verbose_name=_('HTTP Port'), default=5000) + command_storage = models.CharField(max_length=128, verbose_name=_("Command storage"), default='default') + replay_storage = models.CharField(max_length=128, verbose_name=_("Replay storage"), default='default') + user = models.OneToOneField(User, related_name='terminal', verbose_name='Application User', null=True, on_delete=models.CASCADE) + is_accepted = models.BooleanField(default=False, verbose_name='Is Accepted') + is_deleted = models.BooleanField(default=False) + date_created = models.DateTimeField(auto_now_add=True) + comment = models.TextField(blank=True, verbose_name=_('Comment')) + + @property + def is_active(self): + if self.user and self.user.is_active: + return True + return False + + @is_active.setter + def is_active(self, active): + if self.user: + self.user.is_active = active + self.user.save() + + def get_command_storage(self): + from .storage import CommandStorage + storage = CommandStorage.objects.filter(name=self.command_storage).first() + return storage + + def get_command_storage_config(self): + s = self.get_command_storage() + if s: + config = s.config + else: + config = settings.DEFAULT_TERMINAL_COMMAND_STORAGE + return config + + def get_command_storage_setting(self): + config = self.get_command_storage_config() + return {"TERMINAL_COMMAND_STORAGE": config} + + def get_replay_storage(self): + from .storage import ReplayStorage + storage = ReplayStorage.objects.filter(name=self.replay_storage).first() + return storage + + def get_replay_storage_config(self): + s = self.get_replay_storage() + if s: + config = s.config + else: + config = settings.DEFAULT_TERMINAL_REPLAY_STORAGE + return config + + def get_replay_storage_setting(self): + config = self.get_replay_storage_config() + return {"TERMINAL_REPLAY_STORAGE": config} + + @staticmethod + def get_login_title_setting(): + login_title = None + if settings.XPACK_ENABLED: + from xpack.plugins.interface.models import Interface + login_title = Interface.get_login_title() + return {'TERMINAL_HEADER_TITLE': login_title} + + @property + def config(self): + configs = {} + for k in dir(settings): + if not k.startswith('TERMINAL'): + continue + configs[k] = getattr(settings, k) + configs.update(self.get_command_storage_setting()) + configs.update(self.get_replay_storage_setting()) + configs.update(self.get_login_title_setting()) + configs.update({ + 'SECURITY_MAX_IDLE_TIME': settings.SECURITY_MAX_IDLE_TIME + }) + return configs + + @property + def service_account(self): + return self.user + + def create_app_user(self): + random = uuid.uuid4().hex[:6] + user, access_key = User.create_app_user( + name="{}-{}".format(self.name, random), comment=self.comment + ) + self.user = user + self.save() + return user, access_key + + def delete(self, using=None, keep_parents=False): + if self.user: + self.user.delete() + self.user = None + self.is_deleted = True + self.save() + return + + def __str__(self): + status = "Active" + if not self.is_accepted: + status = "NotAccept" + elif self.is_deleted: + status = "Deleted" + elif not self.is_active: + status = "Disable" + return '%s: %s' % (self.name, status) + + class Meta: + ordering = ('is_accepted',) + db_table = "terminal" + diff --git a/apps/terminal/serializers/__init__.py b/apps/terminal/serializers/__init__.py index f1714dc21..e958d7955 100644 --- a/apps/terminal/serializers/__init__.py +++ b/apps/terminal/serializers/__init__.py @@ -4,3 +4,4 @@ from .terminal import * from .session import * from .storage import * from .command import * +from .components import * diff --git a/apps/terminal/serializers/components.py b/apps/terminal/serializers/components.py new file mode 100644 index 000000000..7cc1612ad --- /dev/null +++ b/apps/terminal/serializers/components.py @@ -0,0 +1,25 @@ + +from rest_framework import serializers +from django.utils.translation import ugettext_lazy as _ + + +class ComponentsStateSerializer(serializers.Serializer): + # system + system_cpu_load_1 = serializers.FloatField( + required=False, default=0, label=_("System cpu load 1 minutes") + ) + system_memory_used_percent = serializers.FloatField( + required=False, default=0, label=_('System memory used percent') + ) + system_disk_used_percent = serializers.FloatField( + required=False, default=0, label=_('System disk used percent') + ) + # sessions + session_active_count = serializers.IntegerField( + required=False, default=0, label=_("Session active count") + ) + + def save(self, **kwargs): + request = self.context['request'] + terminal = request.user.terminal + terminal.state = self.validated_data diff --git a/apps/terminal/serializers/terminal.py b/apps/terminal/serializers/terminal.py index 896c44440..ef285c869 100644 --- a/apps/terminal/serializers/terminal.py +++ b/apps/terminal/serializers/terminal.py @@ -6,19 +6,25 @@ from common.utils import is_uuid from ..models import ( Terminal, Status, Session, Task, CommandStorage, ReplayStorage ) +from .components import ComponentsStateSerializer class TerminalSerializer(BulkModelSerializer): session_online = serializers.SerializerMethodField() is_alive = serializers.BooleanField(read_only=True) + status = serializers.CharField(read_only=True) + status_display = serializers.CharField(read_only=True) + state = ComponentsStateSerializer(read_only=True) class Meta: model = Terminal fields = [ - 'id', 'name', 'remote_addr', 'http_port', 'ssh_port', + 'id', 'name', 'type', 'remote_addr', 'http_port', 'ssh_port', 'comment', 'is_accepted', "is_active", 'session_online', - 'is_alive', 'date_created', 'command_storage', 'replay_storage' + 'is_alive', 'date_created', 'command_storage', 'replay_storage', + 'status', 'status_display', 'state' ] + read_only_fields = ['type', 'date_created'] @staticmethod def get_kwargs_may_be_uuid(value): diff --git a/apps/terminal/urls/api_urls.py b/apps/terminal/urls/api_urls.py index d1c860f03..5a8efe8e8 100644 --- a/apps/terminal/urls/api_urls.py +++ b/apps/terminal/urls/api_urls.py @@ -33,7 +33,10 @@ urlpatterns = [ path('commands/export/', api.CommandExportApi.as_view(), name="command-export"), path('commands/insecure-command/', api.InsecureCommandAlertAPI.as_view(), name="command-alert"), path('replay-storages//test-connective/', api.ReplayStorageTestConnectiveApi.as_view(), name='replay-storage-test-connective'), - path('command-storages//test-connective/', api.CommandStorageTestConnectiveApi.as_view(), name='command-storage-test-connective') + path('command-storages//test-connective/', api.CommandStorageTestConnectiveApi.as_view(), name='command-storage-test-connective'), + # components + path('components/metrics/', api.ComponentsMetricsAPIView.as_view(), name='components-metrics'), + path('components/state/', api.ComponentsStateAPIView.as_view(), name='components-state'), # v2: get session's replay # path('v2/sessions//replay/', # api.SessionReplayV2ViewSet.as_view({'get': 'retrieve'}), diff --git a/apps/terminal/utils.py b/apps/terminal/utils.py index 9c87695d0..68456dfbe 100644 --- a/apps/terminal/utils.py +++ b/apps/terminal/utils.py @@ -11,6 +11,7 @@ import jms_storage from common.tasks import send_mail_async from common.utils import get_logger, reverse from settings.models import Setting +from . import const from .models import ReplayStorage, Session, Command @@ -101,3 +102,104 @@ def send_command_alert_mail(command): logger.debug(message) send_mail_async.delay(subject, message, recipient_list, html_message=message) + + +class ComponentsMetricsUtil(object): + + def __init__(self, component_type=None): + self.type = component_type + self.components = [] + self.initial_components() + + def initial_components(self): + from .models import Terminal + terminals = Terminal.objects.all().order_by('type') + if self.type: + terminals = terminals.filter(type=self.type) + self.components = list(terminals) + + def get_metrics(self): + total_count = normal_count = high_count = critical_count = session_active_total = 0 + for component in self.components: + total_count += 1 + if not component.is_alive: + critical_count += 1 + continue + session_active_total += component.state.get('session_active_count', 0) + if component.is_normal: + normal_count += 1 + elif component.is_high: + high_count += 1 + else: + critical_count += 1 + metrics = { + 'total': total_count, + 'normal': normal_count, + 'high': high_count, + 'critical': critical_count, + 'session_active': session_active_total + } + return metrics + + +class ComponentsPrometheusMetricsUtil(ComponentsMetricsUtil): + + @staticmethod + def get_status_metrics(metrics): + return { + 'any': metrics['total'], + 'normal': metrics['normal'], + 'high': metrics['high'], + 'critical': metrics['critical'] + } + + def get_prometheus_metrics_text(self): + prometheus_metrics = [] + prometheus_metrics.append('# JumpServer 各组件状态个数汇总') + base_status_metric_text = 'jumpserver_components_status_total{component_type="%s", status="%s"} %s' + for component in self.components: + component_type = component.type + base_metrics = self.get_metrics() + + prometheus_metrics.append(f'## 组件: {component_type}') + status_metrics = self.get_status_metrics(base_metrics) + for status, value in status_metrics.items(): + metric_text = base_status_metric_text % (component_type, status, value) + prometheus_metrics.append(metric_text) + + prometheus_metrics.append('\n') + prometheus_metrics.append('# JumpServer 各组件在线会话数汇总') + base_session_active_metric_text = 'jumpserver_components_session_active_total{component_type="%s"} %s' + for component in self.components: + component_type = component.type + prometheus_metrics.append(f'## 组件: {component_type}') + base_metrics = self.get_metrics() + metric_text = base_session_active_metric_text % ( + component_type, + base_metrics['session_active'] + ) + prometheus_metrics.append(metric_text) + + prometheus_metrics.append('\n') + prometheus_metrics.append('# JumpServer 各组件节点一些指标') + base_system_state_metric_text = 'jumpserver_components_%s{component_type="%s", component="%s"} %s' + system_states_name = [ + 'system_cpu_load_1', 'system_memory_used_percent', + 'system_disk_used_percent', 'session_active_count' + ] + for system_state_name in system_states_name: + prometheus_metrics.append(f'## 指标: {system_state_name}') + for component in self.components: + if not component.is_alive: + continue + component_type = component.type + metric_text = base_system_state_metric_text % ( + system_state_name, + component_type, + component.name, + component.state.get(system_state_name) + ) + prometheus_metrics.append(metric_text) + + prometheus_metrics_text = '\n'.join(prometheus_metrics) + return prometheus_metrics_text