Merge pull request #1070 from jumpserver/dev

[Update] 升级版本号
2025-12-24 13:02:37 +00:00 · 2018-03-14 20:03:02 +08:00 · 2018-03-14 19:57:35 +08:00 · 2018-03-14 19:56:04 +08:00 · 2018-03-14 19:37:36 +08:00 · 2018-03-14 19:33:48 +08:00
796 changed files with 44139 additions and 29963 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,7 @@
+.git
+logs/*
+data/*
+.github
+tmp/*
+django.db
+celerybeat.pid
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -0,0 +1,16 @@
+[简述你的问题]
+
+##### 使用版本
+[请提供你使用的Jumpserver版本 0.3.2 或 0.5.0]
+
+##### 问题复现步骤
+1. [步骤1]
+2. [步骤2]
+
+##### 具体表现[截图可能会更好些,最好能截全]
+
+
+##### 其他
+
+
+[注:] 完成后请关闭 issue
--- a/.gitignore
+++ b/.gitignore
@@ -1,46 +1,34 @@
-*.py[cod]
-.idea
-test.py
 .DS_Store
-db.sqlite3
-# C extensions
-*.so
-
-# Packages
-*.egg
-*.egg-info
+*.pyc
+*.pyo
+*.swp
+.env
+env
+env*
+venv
 dist
 build
-eggs
-parts
-bin
-var
-sdist
-develop-eggs
-.installed.cfg
-lib
-lib64
-__pycache__
-
-# Installer logs
-pip-log.txt
-
-# Unit test / coverage reports
-.coverage
+*.egg
+*.egg-info
+_mailinglist
+dump.rdb
 .tox
-nosetests.xml
-
-# Translations
-*.mo
-
-# Mr Developer
-.mr.developer.cfg
-.project
-.pydevproject
-.settings
+.cache/
+.idea/
+db.sqlite3
+config.py
+migrations/
 *.log
-logs/*
-keys/*
-jumpserver.conf
-nohup.out
+host_rsa_key
+*.bat
+tags
+jumpserver.iml
+.python-version
 tmp/*
+sessions/*
+media
+celerybeat.pid
+django.db
+celerybeat-schedule.db
+data/static
+docs/_build/
--- a/4
+++ b/4
@@ -1,4 +1,4 @@
-GNU GENERAL PUBLIC LICENSE
+                    GNU GENERAL PUBLIC LICENSE
                       Version 2, June 1991

 Copyright (C) 1989, 1991 Free Software Foundation, Inc., <http://fsf.org/>
@@ -336,4 +336,4 @@ This General Public License does not permit incorporating your program into
 proprietary programs.  If your program is a subroutine library, you may
 consider it more useful to permit linking proprietary applications with the
 library.  If this is what you want to do, use the GNU Lesser General
-Public License instead of this License.
+Public License instead of this License.
--- a/README.md
+++ b/README.md
@@ -1,80 +1,61 @@
-## 写在前面
- - 版本号变更 2.0 -> 0.2版本 3.0 -> 0.3版本
+## Jumpserver

-#欢迎使用Jumpserver
-**Jumpserver** 是一款由python编写开源的跳板机(堡垒机)系统，实现了跳板机应有的功能。基于ssh协议来管理，客户端无需安装agent。
-支持常见系统:
- 1. redhat centos
- 2. debian
- 3. suse ubuntu
- 4. freebsd
- 5. 其他ssh协议硬件设备
-
-###截图：
-
-首页
- 
-![webterminal](https://github.com/ibuler/static/raw/master/jumpserver3/index.jpg)
-
-WebTerminal:
-
-![webterminal](https://github.com/ibuler/static/raw/master/jumpserver3/webTerminal.gif)
-
-Web批量执行命令
-
-![WebExecCommand](https://github.com/ibuler/static/raw/master/jumpserver3/webExec.gif)
-
-录像回放
-
-![录像](https://github.com/ibuler/static/raw/master/jumpserver3/record.gif)
-
-跳转和批量命令
-
-![跳转](https://github.com/ibuler/static/raw/master/jumpserver3/connect.gif)
-
-命令统计
-
-![跳转](https://github.com/ibuler/static/raw/master/jumpserver3/command.jpg)
-
-### 文档
-
-* [访问wiki](https://github.com/jumpserver/jumpserver/wiki)
-* [概览](https://github.com/jumpserver/jumpserver/wiki/%E6%A6%82%E8%A7%88)
-* [名词解释](https://github.com/jumpserver/jumpserver/wiki/%E5%90%8D%E8%AF%8D%E8%A7%A3%E9%87%8A)
-* [常见问题](https://github.com/jumpserver/jumpserver/wiki/%E5%B8%B8%E8%A7%81%E9%97%AE%E9%A2%98)
-* 安装基于：[RedHat 的系统](https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-RedHat-%E7%9A%84%E7%B3%BB%E7%BB%9F)，[Debian 的系统](https://github.com/jumpserver/jumpserver/wiki/%E5%9F%BA%E4%BA%8E-Debian-%E7%9A%84%E7%B3%BB%E7%BB%9F)
-* [快速开始](https://github.com/jumpserver/jumpserver/wiki/%E5%BF%AB%E9%80%9F%E5%BC%80%E5%A7%8B)
-* [安装图解](https://github.com/jumpserver/jumpserver/wiki/%E5%AE%89%E8%A3%85%E5%9B%BE%E8%A7%A3)
-* [应用图解](https://github.com/jumpserver/jumpserver/wiki/%E5%BA%94%E7%94%A8%E5%9B%BE%E8%A7%A3)
-
-### 特点
-
-* 完全开源，GPL授权
-* Python编写，容易再次开发
-* 实现了跳板机基本功能，认证、授权、审计
-* 集成了Ansible，批量命令等
-* 支持WebTerminal
-* Bootstrap编写，界面美观
-* 自动收集硬件信息
-* 录像回放
-* 命令搜索
-* 实时监控
-* 批量上传下载
-
-### 其它
-
-[Jumpserver官网](http://www.jumpserver.org)
-
-[论坛](http://bbs.jumpserver.org)
-
-[demo站点](http://demo.jumpserver.org)
-
-交流群: 399218702
-
-### 团队
-
-![](https://github.com/ibuler/static/raw/master/jumpserver3/team.jpg)
+[![Python3](https://img.shields.io/badge/python-3.6-green.svg?style=plastic)](https://www.python.org/)
+[![Django](https://img.shields.io/badge/django-1.11-brightgreen.svg?style=plastic)](https://www.djangoproject.com/)
+[![Ansible](https://img.shields.io/badge/ansible-2.2.2.0-blue.svg?style=plastic)](https://www.ansible.com/)
+[![Paramiko](https://img.shields.io/badge/paramiko-2.1.2-green.svg?style=plastic)](http://www.paramiko.org/)


+----
+
+Jumpserver是全球首款完全开源的堡垒机，使用GNU GPL v2.0开源协议，是符合 4A 的专业运维审计系统。
+
+Jumpserver使用Python / Django 进行开发，遵循 Web 2.0 规范，配备了业界领先的 Web Terminal 解决方案，交互界面美观、用户体验好。
+
+Jumpserver采纳分布式架构，支持多机房跨区域部署，中心节点提供 API，各机房部署登录节点，可横向扩展、无并发限制。
+
+改变世界，从一点点开始。
+
+----
+
+### 功能
+  - 统一认证
+  - 资产管理
+  - 统一授权
+  - 审计
+  - 支持LDAP认证
+  - Web terminal
+  - SSH Server
+  - 支持Windows RDP
+
+### 开始使用
+
+快速开始文档  [Docker安装](http://docs.jumpserver.org/zh/latest/quickstart.html)
+
+一步一步安装文档 [详细部署](http://docs.jumpserver.org/zh/latest/step_by_step.html)
+
+也可以查看我们完整文档包括了使用和开发 [文档](http://docs.jumpserver.org)
+
+### Demo 和 截图 
+
+我们提供了DEMO和截图可以让你快速了解Jumpserver
+
+[DEMO](http://demo.jumpserver.org)
+[截图](http://docs.jumpserver.org/zh/docs/snapshot.html)
+
+### SDK 
+
+我们还编写了一些SDK，供你其它系统快速和Jumpserver APi交互，
+
+- [python](https://github.com/jumpserver/jumpserver-python-sdk) Jumpserver其它组件使用这个SDK完成交互
+- [java](https://github.com/KaiJunYan/jumpserver-java-sdk.git) 恺珺同学提供的Java版本的SDK


+### License & Copyright
+Copyright (c) 2014-2018 Beijing Duizhan Tech, Inc., All rights reserved.
+
+Licensed under The GNU General Public License version 2 (GPLv2)  (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
+
+https://www.gnu.org/licenses/gpl-2.0.html
+
+Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
--- a/apps/init.py
+++ b/apps/init.py
@@ -0,0 +1,5 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# 
+
+__version__ = "0.5.0"
--- a/apps/assets/init.py
+++ b/apps/assets/init.py
--- a/apps/assets/api/init.py
+++ b/apps/assets/api/init.py
@@ -0,0 +1,5 @@
+from .admin_user import *
+from .asset import *
+from .label import *
+from .system_user import *
+from .node import *
--- a/apps/assets/api/admin_user.py
+++ b/apps/assets/api/admin_user.py
@@ -0,0 +1,76 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from django.db import transaction
+from rest_framework import generics
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+
+from common.mixins import IDInFilterMixin
+from common.utils import get_logger
+from ..hands import IsSuperUser
+from ..models import AdminUser, Asset
+from .. import serializers
+from ..tasks import test_admin_user_connectability_manual
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'AdminUserViewSet', 'ReplaceNodesAdminUserApi', 'AdminUserTestConnectiveApi'
+]
+
+
+class AdminUserViewSet(IDInFilterMixin, BulkModelViewSet):
+    """
+    Admin user api set, for add,delete,update,list,retrieve resource
+    """
+    queryset = AdminUser.objects.all()
+    serializer_class = serializers.AdminUserSerializer
+    permission_classes = (IsSuperUser,)
+
+
+class ReplaceNodesAdminUserApi(generics.UpdateAPIView):
+    queryset = AdminUser.objects.all()
+    serializer_class = serializers.ReplaceNodeAdminUserSerializer
+    permission_classes = (IsSuperUser,)
+
+    def update(self, request, *args, **kwargs):
+        admin_user = self.get_object()
+        serializer = self.serializer_class(data=request.data)
+        if serializer.is_valid():
+            nodes = serializer.validated_data['nodes']
+            assets = []
+            for node in nodes:
+                assets.extend([asset.id for asset in node.get_all_assets()])
+
+            with transaction.atomic():
+                Asset.objects.filter(id__in=assets).update(admin_user=admin_user)
+
+            return Response({"msg": "ok"})
+        else:
+            return Response({'error': serializer.errors}, status=400)
+
+
+class AdminUserTestConnectiveApi(generics.RetrieveAPIView):
+    """
+    Test asset admin user connectivity
+    """
+    queryset = AdminUser.objects.all()
+    permission_classes = (IsSuperUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        admin_user = self.get_object()
+        test_admin_user_connectability_manual.delay(admin_user)
+        return Response({"msg": "Task created"})
--- a/apps/assets/api/asset.py
+++ b/apps/assets/api/asset.py
@@ -0,0 +1,112 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework import generics
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+from rest_framework_bulk import ListBulkCreateUpdateDestroyAPIView
+from rest_framework.pagination import LimitOffsetPagination
+from django.shortcuts import get_object_or_404
+from django.db.models import Q
+
+from common.mixins import IDInFilterMixin
+from common.utils import get_logger
+from ..hands import IsSuperUser, IsValidUser, IsSuperUserOrAppUser, \
+    NodePermissionUtil
+from ..models import  Asset, SystemUser, AdminUser, Node
+from .. import serializers
+from ..tasks import update_asset_hardware_info_manual, \
+    test_asset_connectability_manual
+from ..utils import LabelFilter
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'AssetViewSet', 'UserAssetListView', 'AssetListUpdateApi',
+    'AssetRefreshHardwareApi', 'AssetAdminUserTestApi'
+]
+
+
+class AssetViewSet(IDInFilterMixin, LabelFilter, BulkModelViewSet):
+    """
+    API endpoint that allows Asset to be viewed or edited.
+    """
+    filter_fields = ("hostname", "ip")
+    search_fields = filter_fields
+    ordering_fields = ("hostname", "ip", "port", "cpu_cores")
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    pagination_class = LimitOffsetPagination
+    permission_classes = (IsSuperUserOrAppUser,)
+
+    def get_queryset(self):
+        queryset = super().get_queryset()
+        admin_user_id = self.request.query_params.get('admin_user_id')
+        node_id = self.request.query_params.get("node_id")
+
+        if admin_user_id:
+            admin_user = get_object_or_404(AdminUser, id=admin_user_id)
+            queryset = queryset.filter(admin_user=admin_user)
+        if node_id:
+            node = get_object_or_404(Node, id=node_id)
+            if not node.is_root():
+                queryset = queryset.filter(nodes__key__startswith=node.key).distinct()
+        return queryset
+
+
+class UserAssetListView(generics.ListAPIView):
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    permission_classes = (IsValidUser,)
+
+    def get_queryset(self):
+        assets_granted = NodePermissionUtil.get_user_assets(self.request.user).keys()
+        queryset = self.queryset.filter(
+            id__in=[asset.id for asset in assets_granted]
+        )
+        return queryset
+
+
+class AssetListUpdateApi(IDInFilterMixin, ListBulkCreateUpdateDestroyAPIView):
+    """
+    Asset bulk update api
+    """
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    permission_classes = (IsSuperUser,)
+
+
+class AssetRefreshHardwareApi(generics.RetrieveAPIView):
+    """
+    Refresh asset hardware info
+    """
+    queryset = Asset.objects.all()
+    serializer_class = serializers.AssetSerializer
+    permission_classes = (IsSuperUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_id = kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_id)
+        summary = update_asset_hardware_info_manual(asset)[1]
+        logger.debug("Refresh summary: {}".format(summary))
+        if summary.get('dark'):
+            return Response(summary['dark'].values(), status=501)
+        else:
+            return Response({"msg": "ok"})
+
+
+class AssetAdminUserTestApi(generics.RetrieveAPIView):
+    """
+    Test asset admin user connectivity
+    """
+    queryset = Asset.objects.all()
+    permission_classes = (IsSuperUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        asset_id = kwargs.get('pk')
+        asset = get_object_or_404(Asset, pk=asset_id)
+        ok, msg = test_asset_connectability_manual(asset)
+        if ok:
+            return Response({"msg": "pong"})
+        else:
+            return Response({"error": msg}, status=502)
--- a/apps/assets/api/label.py
+++ b/apps/assets/api/label.py
@@ -0,0 +1,38 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from rest_framework_bulk import BulkModelViewSet
+from django.db.models import Count
+
+from common.utils import get_logger
+from ..hands import IsSuperUser
+from ..models import Label
+from .. import serializers
+
+
+logger = get_logger(__file__)
+__all__ = ['LabelViewSet']
+
+
+class LabelViewSet(BulkModelViewSet):
+    queryset = Label.objects.annotate(asset_count=Count("assets"))
+    permission_classes = (IsSuperUser,)
+    serializer_class = serializers.LabelSerializer
+
+    def list(self, request, *args, **kwargs):
+        if request.query_params.get("distinct"):
+            self.serializer_class = serializers.LabelDistinctSerializer
+            self.queryset = self.queryset.values("name").distinct()
+        return super().list(request, *args, **kwargs)
--- a/apps/assets/api/node.py
+++ b/apps/assets/api/node.py
@@ -0,0 +1,150 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from rest_framework import generics, mixins
+from rest_framework.views import APIView
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+from django.utils.translation import ugettext_lazy as _
+from django.shortcuts import get_object_or_404
+
+from common.utils import get_logger, get_object_or_none
+from ..hands import IsSuperUser
+from ..models import Node
+from ..tasks import update_assets_hardware_info_util, test_asset_connectability_util
+from .. import serializers
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'NodeViewSet', 'NodeChildrenApi',
+    'NodeAddAssetsApi', 'NodeRemoveAssetsApi',
+    'NodeAddChildrenApi', 'RefreshNodeHardwareInfoApi',
+    'TestNodeConnectiveApi'
+]
+
+
+class NodeViewSet(BulkModelViewSet):
+    queryset = Node.objects.all()
+    permission_classes = (IsSuperUser,)
+    serializer_class = serializers.NodeSerializer
+
+    def perform_create(self, serializer):
+        child_key = Node.root().get_next_child_key()
+        serializer.validated_data["key"] = child_key
+        serializer.save()
+
+
+class NodeChildrenApi(mixins.ListModelMixin, generics.CreateAPIView):
+    queryset = Node.objects.all()
+    permission_classes = (IsSuperUser,)
+    serializer_class = serializers.NodeSerializer
+    instance = None
+
+    def post(self, request, *args, **kwargs):
+        if not request.data.get("value"):
+            request.data["value"] = _("New node {}").format(
+                Node.root().get_next_child_key().split(":")[-1]
+            )
+        return super().post(request, *args, **kwargs)
+
+    def create(self, request, *args, **kwargs):
+        instance = self.get_object()
+        value = request.data.get("value")
+        node = instance.create_child(value=value)
+        return Response(
+            {"id": node.id, "key": node.key, "value": node.value},
+            status=201,
+        )
+
+    def get(self, request, *args, **kwargs):
+        instance = self.get_object()
+        if self.request.query_params.get("all"):
+            children = instance.get_all_children()
+        else:
+            children = instance.get_children()
+        response = [{"id": node.id, "key": node.key, "value": node.value} for node in children]
+        return Response(response, status=200)
+
+
+class NodeAddChildrenApi(generics.UpdateAPIView):
+    queryset = Node.objects.all()
+    permission_classes = (IsSuperUser,)
+    serializer_class = serializers.NodeAddChildrenSerializer
+    instance = None
+
+    def put(self, request, *args, **kwargs):
+        instance = self.get_object()
+        nodes_id = request.data.get("nodes")
+        children = [get_object_or_none(Node, id=pk) for pk in nodes_id]
+        for node in children:
+            if not node:
+                continue
+            node.parent = instance
+            node.save()
+        return Response("OK")
+
+
+class NodeAddAssetsApi(generics.UpdateAPIView):
+    serializer_class = serializers.NodeAssetsSerializer
+    queryset = Node.objects.all()
+    permission_classes = (IsSuperUser,)
+    instance = None
+
+    def perform_update(self, serializer):
+        assets = serializer.validated_data.get('assets')
+        instance = self.get_object()
+        instance.assets.add(*tuple(assets))
+
+
+class NodeRemoveAssetsApi(generics.UpdateAPIView):
+    serializer_class = serializers.NodeAssetsSerializer
+    queryset = Node.objects.all()
+    permission_classes = (IsSuperUser,)
+    instance = None
+
+    def perform_update(self, serializer):
+        assets = serializer.validated_data.get('assets')
+        instance = self.get_object()
+        if instance != Node.root():
+            instance.assets.remove(*tuple(assets))
+
+
+class RefreshNodeHardwareInfoApi(APIView):
+    permission_classes = (IsSuperUser,)
+    model = Node
+
+    def get(self, request, *args, **kwargs):
+        node_id = kwargs.get('pk')
+        node = get_object_or_404(self.model, id=node_id)
+        assets = node.assets.all()
+        # task_name = _("Refresh node assets hardware info: {}".format(node.name))
+        task_name = _("更新节点资产硬件信息: {}".format(node.name))
+        update_assets_hardware_info_util.delay(assets, task_name=task_name)
+        return Response({"msg": "Task created"})
+
+
+class TestNodeConnectiveApi(APIView):
+    permission_classes = (IsSuperUser,)
+    model = Node
+
+    def get(self, request, *args, **kwargs):
+        node_id = kwargs.get('pk')
+        node = get_object_or_404(self.model, id=node_id)
+        assets = node.assets.all()
+        task_name = _("测试节点下资产是否可连接: {}".format(node.name))
+        test_asset_connectability_util.delay(assets, task_name=task_name)
+        return Response({"msg": "Task created"})
+
--- a/apps/assets/api/system_user.py
+++ b/apps/assets/api/system_user.py
@@ -0,0 +1,84 @@
+# ~*~ coding: utf-8 ~*~
+# Copyright (C) 2014-2018 Beijing DuiZhan Technology Co.,Ltd. All Rights Reserved.
+#
+# Licensed under the GNU General Public License v2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.gnu.org/licenses/gpl-2.0.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+from rest_framework import generics
+from rest_framework.response import Response
+from rest_framework_bulk import BulkModelViewSet
+from common.utils import get_logger
+from ..hands import IsSuperUser, IsSuperUserOrAppUser
+from ..models import SystemUser
+from .. import serializers
+from ..tasks import push_system_user_to_assets_manual, \
+    test_system_user_connectability_manual
+
+
+logger = get_logger(__file__)
+__all__ = [
+    'SystemUserViewSet', 'SystemUserAuthInfoApi',
+    'SystemUserPushApi', 'SystemUserTestConnectiveApi'
+]
+
+
+class SystemUserViewSet(BulkModelViewSet):
+    """
+    System user api set, for add,delete,update,list,retrieve resource
+    """
+    queryset = SystemUser.objects.all()
+    serializer_class = serializers.SystemUserSerializer
+    permission_classes = (IsSuperUserOrAppUser,)
+
+
+class SystemUserAuthInfoApi(generics.RetrieveUpdateAPIView):
+    """
+    Get system user auth info
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsSuperUserOrAppUser,)
+    serializer_class = serializers.SystemUserAuthSerializer
+
+    def update(self, request, *args, **kwargs):
+        password = request.data.pop("password", None)
+        private_key = request.data.pop("private_key", None)
+        instance = self.get_object()
+
+        if password or private_key:
+            instance.set_auth(password=password, private_key=private_key)
+        return super().update(request, *args, **kwargs)
+
+
+class SystemUserPushApi(generics.RetrieveAPIView):
+    """
+    Push system user to cluster assets api
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsSuperUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        push_system_user_to_assets_manual.delay(system_user)
+        return Response({"msg": "Task created"})
+
+
+class SystemUserTestConnectiveApi(generics.RetrieveAPIView):
+    """
+    Push system user to cluster assets api
+    """
+    queryset = SystemUser.objects.all()
+    permission_classes = (IsSuperUser,)
+
+    def retrieve(self, request, *args, **kwargs):
+        system_user = self.get_object()
+        test_system_user_connectability_manual.delay(system_user)
+        return Response({"msg": "Task created"})
--- a/apps/assets/apps.py
+++ b/apps/assets/apps.py
@@ -0,0 +1,11 @@
+from __future__ import unicode_literals
+
+from django.apps import AppConfig
+
+
+class AssetsConfig(AppConfig):
+    name = 'assets'
+
+    def ready(self):
+        from . import signals_handler
+        super().ready()
--- a/apps/assets/const.py
+++ b/apps/assets/const.py
@@ -0,0 +1,38 @@
+# -*- coding: utf-8 -*-
+#
+
+UPDATE_ASSETS_HARDWARE_TASKS = [
+   {
+       'name': "setup",
+       'action': {
+           'module': 'setup'
+       }
+   }
+]
+
+ADMIN_USER_CONN_CACHE_KEY = "ADMIN_USER_CONN_{}"
+TEST_ADMIN_USER_CONN_TASKS = [
+    {
+        "name": "ping",
+        "action": {
+            "module": "ping",
+        }
+    }
+]
+
+ASSET_ADMIN_CONN_CACHE_KEY = "ASSET_ADMIN_USER_CONN_{}"
+
+SYSTEM_USER_CONN_CACHE_KEY = "SYSTEM_USER_CONN_{}"
+TEST_SYSTEM_USER_CONN_TASKS = [
+   {
+       "name": "ping",
+       "action": {
+           "module": "ping",
+       }
+   }
+]
+
+TASK_OPTIONS = {
+    'timeout': 10,
+    'forks': 10,
+}
--- a/apps/assets/forms/init.py
+++ b/apps/assets/forms/init.py
@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+#
+from .asset import *
+from .label import *
+from .user import *
--- a/apps/assets/forms/asset.py
+++ b/apps/assets/forms/asset.py
@@ -0,0 +1,136 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from ..models import Asset, AdminUser
+from common.utils import get_logger
+
+logger = get_logger(__file__)
+__all__ = ['AssetCreateForm', 'AssetUpdateForm', 'AssetBulkUpdateForm']
+
+
+class AssetCreateForm(forms.ModelForm):
+    class Meta:
+        model = Asset
+        fields = [
+            'hostname', 'ip', 'public_ip', 'port',  'comment',
+            'nodes', 'is_active', 'admin_user', 'labels', 'platform',
+
+        ]
+        widgets = {
+            'nodes': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Nodes')
+            }),
+            'admin_user': forms.Select(attrs={
+                'class': 'select2', 'data-placeholder': _('Admin user')
+            }),
+            'labels': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Labels')
+            }),
+            'port': forms.TextInput(),
+        }
+        help_texts = {
+            'hostname': '* required',
+            'ip': '* required',
+            'port': '* required',
+            'admin_user': _(
+                'root or other NOPASSWD sudo privilege user existed in asset,'
+                'If asset is windows or other set any one, more see admin user left menu'
+            ),
+            'platform': _("* required Must set exact system platform, Windows, Linux ...")
+        }
+
+
+class AssetUpdateForm(forms.ModelForm):
+    class Meta:
+        model = Asset
+        fields = [
+            'hostname', 'ip', 'port', 'nodes',  'is_active', 'platform',
+            'public_ip', 'number', 'comment', 'admin_user', 'labels',
+        ]
+        widgets = {
+            'nodes': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Nodes')
+            }),
+            'admin_user': forms.Select(attrs={
+                'class': 'select2', 'data-placeholder': _('Admin user')
+            }),
+            'labels': forms.SelectMultiple(attrs={
+                'class': 'select2', 'data-placeholder': _('Labels')
+            }),
+            'port': forms.TextInput(),
+        }
+        help_texts = {
+            'hostname': '* required',
+            'ip': '* required',
+            'port': '* required',
+            'cluster': '* required',
+            'admin_user': _(
+                'root or other NOPASSWD sudo privilege user existed in asset,'
+                'If asset is windows or other set any one, more see admin user left menu'
+            ),
+            'platform': _("* required Must set exact system platform, Windows, Linux ...")
+        }
+
+
+class AssetBulkUpdateForm(forms.ModelForm):
+    assets = forms.ModelMultipleChoiceField(
+        required=True, help_text='* required',
+        label=_('Select assets'), queryset=Asset.objects.all(),
+        widget=forms.SelectMultiple(
+            attrs={
+                'class': 'select2',
+                'data-placeholder': _('Select assets')
+            }
+        )
+    )
+    port = forms.IntegerField(
+        label=_('Port'), required=False, min_value=1, max_value=65535,
+    )
+    admin_user = forms.ModelChoiceField(
+        required=False, queryset=AdminUser.objects.all(),
+        label=_("Admin user"),
+        widget=forms.Select(
+            attrs={
+                'class': 'select2',
+                'data-placeholder': _('Admin user')
+            }
+        )
+    )
+
+    class Meta:
+        model = Asset
+        fields = [
+            'assets', 'port',  'admin_user', 'labels', 'nodes', 'platform'
+        ]
+        widgets = {
+            'labels': forms.SelectMultiple(
+                attrs={'class': 'select2', 'data-placeholder': _('Select labels')}
+            ),
+            'nodes': forms.SelectMultiple(
+                attrs={'class': 'select2', 'data-placeholder': _('Select nodes')}
+            ),
+        }
+
+    def save(self, commit=True):
+        changed_fields = []
+        for field in self._meta.fields:
+            if self.data.get(field) not in [None, '']:
+                changed_fields.append(field)
+
+        cleaned_data = {k: v for k, v in self.cleaned_data.items()
+                        if k in changed_fields}
+        assets = cleaned_data.pop('assets')
+        labels = cleaned_data.pop('labels', [])
+        nodes = cleaned_data.pop('nodes')
+        assets = Asset.objects.filter(id__in=[asset.id for asset in assets])
+        assets.update(**cleaned_data)
+
+        if labels:
+            for label in labels:
+                label.assets.add(*tuple(assets))
+        if nodes:
+            for node in nodes:
+                node.assets.add(*tuple(assets))
+        return assets
--- a/apps/assets/forms/label.py
+++ b/apps/assets/forms/label.py
@@ -0,0 +1,33 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from ..models import Label, Asset
+
+__all__ = ['LabelForm']
+
+
+class LabelForm(forms.ModelForm):
+    assets = forms.ModelMultipleChoiceField(
+        queryset=Asset.objects.all(), label=_('Asset'), required=False,
+        widget=forms.SelectMultiple(
+            attrs={'class': 'select2', 'data-placeholder': _('Select assets')}
+        )
+    )
+
+    class Meta:
+        model = Label
+        fields = ['name', 'value', 'assets']
+
+    def __init__(self, *args, **kwargs):
+        if kwargs.get('instance', None):
+            initial = kwargs.get('initial', {})
+            initial['assets'] = kwargs['instance'].assets.all()
+        super().__init__(*args, **kwargs)
+
+    def save(self, commit=True):
+        label = super().save(commit=commit)
+        assets = self.cleaned_data['assets']
+        label.assets.set(assets)
+        return label
--- a/apps/assets/forms/user.py
+++ b/apps/assets/forms/user.py
@@ -0,0 +1,135 @@
+# -*- coding: utf-8 -*-
+#
+from django import forms
+from django.utils.translation import gettext_lazy as _
+
+from ..models import AdminUser, SystemUser
+from common.utils import validate_ssh_private_key, ssh_pubkey_gen, get_logger
+
+logger = get_logger(__file__)
+__all__ = [
+    'FileForm', 'SystemUserForm', 'AdminUserForm',
+]
+
+
+class FileForm(forms.Form):
+    file = forms.FileField()
+
+
+class PasswordAndKeyAuthForm(forms.ModelForm):
+    # Form field name can not start with `_`, so redefine it,
+    password = forms.CharField(
+        widget=forms.PasswordInput, max_length=128,
+        strip=True, required=False,
+        help_text=_('Password or private key passphrase'),
+        label=_("Password"),
+    )
+    # Need use upload private key file except paste private key content
+    private_key_file = forms.FileField(required=False, label=_("Private key"))
+
+    def clean_private_key_file(self):
+        private_key_file = self.cleaned_data['private_key_file']
+        password = self.cleaned_data['password']
+
+        if private_key_file:
+            key_string = private_key_file.read()
+            private_key_file.seek(0)
+            if not validate_ssh_private_key(key_string, password):
+                raise forms.ValidationError(_('Invalid private key'))
+        return private_key_file
+
+    def validate_password_key(self):
+        password = self.cleaned_data['password']
+        private_key_file = self.cleaned_data.get('private_key_file', '')
+
+        if not password and not private_key_file:
+            raise forms.ValidationError(_(
+                'Password and private key file must be input one'
+            ))
+
+    def gen_keys(self):
+        password = self.cleaned_data.get('password', '') or None
+        private_key_file = self.cleaned_data['private_key_file']
+        public_key = private_key = None
+
+        if private_key_file:
+            private_key = private_key_file.read().strip().decode('utf-8')
+            public_key = ssh_pubkey_gen(private_key=private_key, password=password)
+        return private_key, public_key
+
+
+class AdminUserForm(PasswordAndKeyAuthForm):
+    def save(self, commit=True):
+        # Because we define custom field, so we need rewrite :method: `save`
+        admin_user = super().save(commit=commit)
+        password = self.cleaned_data.get('password', '') or None
+        private_key, public_key = super().gen_keys()
+        admin_user.set_auth(password=password, public_key=public_key, private_key=private_key)
+        return admin_user
+
+    def clean(self):
+        super().clean()
+        if not self.instance:
+            super().validate_password_key()
+
+    class Meta:
+        model = AdminUser
+        fields = ['name', 'username', 'password', 'private_key_file', 'comment']
+        widgets = {
+            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
+            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
+        }
+        help_texts = {
+            'name': '* required',
+            'username': '* required',
+        }
+
+
+class SystemUserForm(PasswordAndKeyAuthForm):
+    # Admin user assets define, let user select, save it in form not in view
+    auto_generate_key = forms.BooleanField(initial=True, required=False)
+
+    def save(self, commit=True):
+        # Because we define custom field, so we need rewrite :method: `save`
+        system_user = super().save()
+        password = self.cleaned_data.get('password', '') or None
+        auto_generate_key = self.cleaned_data.get('auto_generate_key', False)
+        private_key, public_key = super().gen_keys()
+
+        if auto_generate_key:
+            logger.info('Auto generate key and set system user auth')
+            system_user.auto_gen_auth()
+        else:
+            system_user.set_auth(password=password, private_key=private_key, public_key=public_key)
+        return system_user
+
+    def clean(self):
+        super().clean()
+        auto_generate = self.cleaned_data.get('auto_generate_key')
+        if not self.instance and not auto_generate:
+            super().validate_password_key()
+
+    class Meta:
+        model = SystemUser
+        fields = [
+            'name', 'username', 'protocol', 'auto_generate_key',
+            'password', 'private_key_file', 'auto_push', 'sudo',
+            'comment', 'shell', 'nodes', 'priority',
+        ]
+        widgets = {
+            'name': forms.TextInput(attrs={'placeholder': _('Name')}),
+            'username': forms.TextInput(attrs={'placeholder': _('Username')}),
+            'nodes': forms.SelectMultiple(
+                attrs={
+                    'class': 'select2',
+                    'data-placeholder': _('Nodes')
+                }
+            ),
+        }
+        help_texts = {
+            'name': '* required',
+            'username': '* required',
+            'nodes': _('If auto push checked, system user will be create at node assets'),
+            'auto_push': _('Auto push system user to asset'),
+            'priority': _('High level will be using login asset as default, if user was granted more than 2 system user'),
+        }
--- a/apps/assets/hands.py
+++ b/apps/assets/hands.py
@@ -0,0 +1,17 @@
+"""
+    jumpserver.__app__.hands.py
+    ~~~~~~~~~~~~~~~~~
+
+    This app depends other apps api, function .. should be import or write mack here.
+
+    Other module of this app shouldn't connect with other app.
+
+    :copyright: (c) 2014-2018 by Jumpserver Team.
+    :license: GPL v2, see LICENSE for more details.
+"""
+
+
+from common.mixins import AdminUserRequiredMixin
+from common.permissions import IsAppUser, IsSuperUser, IsValidUser, IsSuperUserOrAppUser
+from users.models import User, UserGroup
+from perms.utils import NodePermissionUtil
--- a/apps/assets/migrations/0001_initial.py
+++ b/apps/assets/migrations/0001_initial.py
@@ -0,0 +1,168 @@
+# -*- coding: utf-8 -*-
+# Generated by Django 1.11 on 2017-12-21 16:06
+from __future__ import unicode_literals
+
+import assets.models.utils
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+def add_default_group(apps, schema_editor):
+    group_model = apps.get_model("assets", "AssetGroup")
+    db_alias = schema_editor.connection.alias
+    group_model.objects.using(db_alias).create(
+        name="Default"
+    )
+
+
+def add_default_cluster(apps, schema_editor):
+    cluster_model = apps.get_model("assets", "Cluster")
+    db_alias = schema_editor.connection.alias
+    cluster_model.objects.using(db_alias).create(
+        name="Default"
+    )
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='AdminUser',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('username', models.CharField(max_length=16, verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=32, null=True, verbose_name='Created by')),
+                ('become', models.BooleanField(default=True)),
+                ('become_method', models.CharField(choices=[('sudo', 'sudo'), ('su', 'su')], default='sudo', max_length=4)),
+                ('become_user', models.CharField(default='root', max_length=64)),
+                ('_become_pass', models.CharField(default='', max_length=128)),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='Asset',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('ip', models.GenericIPAddressField(db_index=True, verbose_name='IP')),
+                ('hostname', models.CharField(max_length=128, unique=True, verbose_name='Hostname')),
+                ('port', models.IntegerField(default=22, verbose_name='Port')),
+                ('is_active', models.BooleanField(default=True, verbose_name='Is active')),
+                ('type', models.CharField(blank=True, choices=[('Server', 'Server'), ('VM', 'VM'), ('Switch', 'Switch'), ('Router', 'Router'), ('Firewall', 'Firewall'), ('Storage', 'Storage')], default='Server', max_length=16, null=True, verbose_name='Asset type')),
+                ('env', models.CharField(blank=True, choices=[('Prod', 'Production'), ('Dev', 'Development'), ('Test', 'Testing')], default='Prod', max_length=8, null=True, verbose_name='Asset environment')),
+                ('status', models.CharField(blank=True, choices=[('In use', 'In use'), ('Out of use', 'Out of use')], default='In use', max_length=12, null=True, verbose_name='Asset status')),
+                ('public_ip', models.GenericIPAddressField(blank=True, null=True, verbose_name='Public IP')),
+                ('remote_card_ip', models.CharField(blank=True, max_length=16, null=True, verbose_name='Remote control card IP')),
+                ('cabinet_no', models.CharField(blank=True, max_length=32, null=True, verbose_name='Cabinet number')),
+                ('cabinet_pos', models.IntegerField(blank=True, null=True, verbose_name='Cabinet position')),
+                ('number', models.CharField(blank=True, max_length=32, null=True, verbose_name='Asset number')),
+                ('vendor', models.CharField(blank=True, max_length=64, null=True, verbose_name='Vendor')),
+                ('model', models.CharField(blank=True, max_length=54, null=True, verbose_name='Model')),
+                ('sn', models.CharField(blank=True, max_length=128, null=True, verbose_name='Serial number')),
+                ('cpu_model', models.CharField(blank=True, max_length=64, null=True, verbose_name='CPU model')),
+                ('cpu_count', models.IntegerField(null=True, verbose_name='CPU count')),
+                ('cpu_cores', models.IntegerField(null=True, verbose_name='CPU cores')),
+                ('memory', models.CharField(blank=True, max_length=64, null=True, verbose_name='Memory')),
+                ('disk_total', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Disk total')),
+                ('disk_info', models.CharField(blank=True, max_length=1024, null=True, verbose_name='Disk info')),
+                ('platform', models.CharField(blank=True, max_length=128, null=True, verbose_name='Platform')),
+                ('os', models.CharField(blank=True, max_length=128, null=True, verbose_name='OS')),
+                ('os_version', models.CharField(blank=True, max_length=16, null=True, verbose_name='OS version')),
+                ('os_arch', models.CharField(blank=True, max_length=16, null=True, verbose_name='OS arch')),
+                ('hostname_raw', models.CharField(blank=True, max_length=128, null=True, verbose_name='Hostname raw')),
+                ('created_by', models.CharField(blank=True, max_length=32, null=True, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('comment', models.TextField(blank=True, default='', max_length=128, verbose_name='Comment')),
+                ('admin_user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='assets.AdminUser', verbose_name='Admin user')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AssetGroup',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=64, unique=True, verbose_name='Name')),
+                ('created_by', models.CharField(blank=True, max_length=32, verbose_name='Created by')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='Cluster',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=32, verbose_name='Name')),
+                ('bandwidth', models.CharField(blank=True, max_length=32, verbose_name='Bandwidth')),
+                ('contact', models.CharField(blank=True, max_length=128, verbose_name='Contact')),
+                ('phone', models.CharField(blank=True, max_length=32, verbose_name='Phone')),
+                ('address', models.CharField(blank=True, max_length=128, verbose_name='Address')),
+                ('intranet', models.TextField(blank=True, verbose_name='Intranet')),
+                ('extranet', models.TextField(blank=True, verbose_name='Extranet')),
+                ('date_created', models.DateTimeField(auto_now_add=True, null=True, verbose_name='Date created')),
+                ('operator', models.CharField(blank=True, max_length=32, verbose_name='Operator')),
+                ('created_by', models.CharField(blank=True, max_length=32, verbose_name='Created by')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('admin_user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to='assets.AdminUser', verbose_name='Admin user')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.CreateModel(
+            name='SystemUser',
+            fields=[
+                ('id', models.UUIDField(default=uuid.uuid4, primary_key=True, serialize=False)),
+                ('name', models.CharField(max_length=128, unique=True, verbose_name='Name')),
+                ('username', models.CharField(max_length=16, verbose_name='Username')),
+                ('_password', models.CharField(blank=True, max_length=256, null=True, verbose_name='Password')),
+                ('_private_key', models.TextField(blank=True, max_length=4096, null=True, validators=[assets.models.utils.private_key_validator], verbose_name='SSH private key')),
+                ('_public_key', models.TextField(blank=True, max_length=4096, verbose_name='SSH public key')),
+                ('comment', models.TextField(blank=True, verbose_name='Comment')),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_updated', models.DateTimeField(auto_now=True)),
+                ('created_by', models.CharField(max_length=32, null=True, verbose_name='Created by')),
+                ('priority', models.IntegerField(default=10, verbose_name='Priority')),
+                ('protocol', models.CharField(choices=[('ssh', 'ssh')], default='ssh', max_length=16, verbose_name='Protocol')),
+                ('auto_push', models.BooleanField(default=True, verbose_name='Auto push')),
+                ('sudo', models.TextField(default='/sbin/ifconfig', verbose_name='Sudo')),
+                ('shell', models.CharField(default='/bin/bash', max_length=64, verbose_name='Shell')),
+                ('cluster', models.ManyToManyField(blank=True, to='assets.Cluster', verbose_name='Cluster')),
+            ],
+            options={
+                'ordering': ['name'],
+            },
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='cluster',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='assets', to='assets.Cluster', verbose_name='Cluster'),
+        ),
+        migrations.AddField(
+            model_name='asset',
+            name='groups',
+            field=models.ManyToManyField(blank=True, related_name='assets', to='assets.AssetGroup', verbose_name='Asset groups'),
+        ),
+        migrations.AlterUniqueTogether(
+            name='asset',
+            unique_together=set([('ip', 'port')]),
+        ),
+
+        migrations.RunPython(add_default_cluster),
+        migrations.RunPython(add_default_group),
+    ]
--- a/apps/assets/migrations/init.py
+++ b/apps/assets/migrations/init.py
--- a/apps/assets/models/init.py
+++ b/apps/assets/models/init.py
@@ -0,0 +1,10 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+from .user import AdminUser, SystemUser
+from .label import Label
+from .cluster import *
+from .group import *
+from .node import *
+from .asset import *
+from .utils import *
--- a/apps/assets/models/asset.py
+++ b/apps/assets/models/asset.py
@@ -0,0 +1,176 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# 
+
+import uuid
+import logging
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+from django.core.cache import cache
+
+from ..const import ASSET_ADMIN_CONN_CACHE_KEY
+from .cluster import Cluster
+from .group import AssetGroup
+from .user import AdminUser, SystemUser
+
+__all__ = ['Asset']
+logger = logging.getLogger(__name__)
+
+
+def default_cluster():
+    from .cluster import Cluster
+    name = "Default"
+    defaults = {"name": name}
+    cluster, created = Cluster.objects.get_or_create(
+        defaults=defaults, name=name
+    )
+    return cluster.id
+
+
+def default_node():
+    try:
+        from .node import Node
+        return Node.root()
+    except:
+        return None
+
+
+class Asset(models.Model):
+    # Important
+    PLATFORM_CHOICES = (
+        ('Linux', 'Linux'),
+        ('Unix', 'Unix'),
+        ('MacOS', 'MacOS'),
+        ('BSD', 'BSD'),
+        ('Windows', 'Windows'),
+        ('Other', 'Other'),
+    )
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    ip = models.GenericIPAddressField(max_length=32, verbose_name=_('IP'), db_index=True)
+    hostname = models.CharField(max_length=128, unique=True, verbose_name=_('Hostname'))
+    port = models.IntegerField(default=22, verbose_name=_('Port'))
+    nodes = models.ManyToManyField('assets.Node', default=default_node, related_name='assets', verbose_name=_("Nodes"))
+    is_active = models.BooleanField(default=True, verbose_name=_('Is active'))
+
+    # Auth
+    admin_user = models.ForeignKey('assets.AdminUser', on_delete=models.PROTECT, null=True, verbose_name=_("Admin user"))
+
+    # Some information
+    public_ip = models.GenericIPAddressField(max_length=32, blank=True, null=True, verbose_name=_('Public IP'))
+    number = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Asset number'))
+
+    # Collect
+    vendor = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Vendor'))
+    model = models.CharField(max_length=54, null=True, blank=True, verbose_name=_('Model'))
+    sn = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('Serial number'))
+
+    cpu_model = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('CPU model'))
+    cpu_count = models.IntegerField(null=True, verbose_name=_('CPU count'))
+    cpu_cores = models.IntegerField(null=True, verbose_name=_('CPU cores'))
+    memory = models.CharField(max_length=64, null=True, blank=True, verbose_name=_('Memory'))
+    disk_total = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk total'))
+    disk_info = models.CharField(max_length=1024, null=True, blank=True, verbose_name=_('Disk info'))
+
+    platform = models.CharField(max_length=128, choices=PLATFORM_CHOICES, default='Linux', verbose_name=_('Platform'))
+    os = models.CharField(max_length=128, null=True, blank=True, verbose_name=_('OS'))
+    os_version = models.CharField(max_length=16, null=True, blank=True, verbose_name=_('OS version'))
+    os_arch = models.CharField(max_length=16, blank=True, null=True, verbose_name=_('OS arch'))
+    hostname_raw = models.CharField(max_length=128, blank=True, null=True, verbose_name=_('Hostname raw'))
+
+    labels = models.ManyToManyField('assets.Label', blank=True, related_name='assets', verbose_name=_("Labels"))
+    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True, blank=True, verbose_name=_('Date created'))
+    comment = models.TextField(max_length=128, default='', blank=True, verbose_name=_('Comment'))
+
+    def __str__(self):
+        return self.hostname
+
+    @property
+    def is_valid(self):
+        warning = ''
+        if not self.is_active:
+            warning += ' inactive'
+        else:
+            return True, ''
+        return False, warning
+
+    def is_unixlike(self):
+        if self.platform not in ("Windows", "Other"):
+            return True
+        else:
+            return False
+
+    @property
+    def hardware_info(self):
+        if self.cpu_count:
+            return '{} Core {} {}'.format(
+                self.cpu_count * self.cpu_cores,
+                self.memory, self.disk_total
+            )
+        else:
+            return ''
+
+    @property
+    def is_connective(self):
+        if not self.is_unixlike():
+            return True
+        val = cache.get(ASSET_ADMIN_CONN_CACHE_KEY.format(self.hostname))
+        if val == 1:
+            return True
+        else:
+            return False
+
+    def to_json(self):
+        return {
+            'id': self.id,
+            'hostname': self.hostname,
+            'ip': self.ip,
+            'port': self.port,
+        }
+
+    def _to_secret_json(self):
+        """
+        Ansible use it create inventory, First using asset user,
+        otherwise using cluster admin user
+
+        Todo: May be move to ops implements it
+        """
+        data = self.to_json()
+        if self.admin_user:
+            admin_user = self.admin_user
+            data.update({
+                'username': admin_user.username,
+                'password': admin_user.password,
+                'private_key': admin_user.private_key_file,
+                'become': admin_user.become_info,
+                'groups': [node.value for node in self.nodes.all()],
+            })
+        return data
+
+    class Meta:
+        unique_together = ('ip', 'port')
+        verbose_name = _("Asset")
+
+    @classmethod
+    def generate_fake(cls, count=100):
+        from random import seed, choice
+        import forgery_py
+        from django.db import IntegrityError
+
+        seed()
+        for i in range(count):
+            asset = cls(ip='%s.%s.%s.%s' % (i, i, i, i),
+                        hostname=forgery_py.internet.user_name(True),
+                        admin_user=choice(AdminUser.objects.all()),
+                        port=22,
+                        created_by='Fake')
+            try:
+                asset.save()
+                asset.system_users = [choice(SystemUser.objects.all()) for i in range(3)]
+                asset.groups = [choice(AssetGroup.objects.all()) for i in range(3)]
+                logger.debug('Generate fake asset : %s' % asset.ip)
+            except IntegrityError:
+                print('Error continue')
+                continue
+
--- a/apps/assets/models/cluster.py
+++ b/apps/assets/models/cluster.py
@@ -0,0 +1,63 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+import logging
+import uuid
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+__all__ = ['Cluster']
+logger = logging.getLogger(__name__)
+
+
+class Cluster(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=32, verbose_name=_('Name'))
+    admin_user = models.ForeignKey('assets.AdminUser', null=True, blank=True, on_delete=models.SET_NULL, verbose_name=_("Admin user"))
+    bandwidth = models.CharField(max_length=32, blank=True, verbose_name=_('Bandwidth'))
+    contact = models.CharField(max_length=128, blank=True, verbose_name=_('Contact'))
+    phone = models.CharField(max_length=32, blank=True, verbose_name=_('Phone'))
+    address = models.CharField(max_length=128, blank=True, verbose_name=_("Address"))
+    intranet = models.TextField(blank=True, verbose_name=_('Intranet'))
+    extranet = models.TextField(blank=True, verbose_name=_('Extranet'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True, verbose_name=_('Date created'))
+    operator = models.CharField(max_length=32, blank=True, verbose_name=_('Operator'))
+    created_by = models.CharField(max_length=32, blank=True, verbose_name=_('Created by'))
+    comment = models.TextField(blank=True, verbose_name=_('Comment'))
+
+    def __str__(self):
+        return self.name
+
+    @classmethod
+    def initial(cls):
+        return cls.objects.get_or_create(name=_('Default'), created_by=_('System'), comment=_('Default Cluster'))[0]
+
+    class Meta:
+        ordering = ['name']
+        verbose_name = _("Cluster")
+
+    @classmethod
+    def generate_fake(cls, count=5):
+        from random import seed, choice
+        import forgery_py
+        from django.db import IntegrityError
+
+        seed()
+        for i in range(count):
+            cluster = cls(name=forgery_py.name.full_name(),
+                          bandwidth='200M',
+                          contact=forgery_py.name.full_name(),
+                          phone=forgery_py.address.phone(),
+                          address=forgery_py.address.city() + forgery_py.address.street_address(),
+                          operator=choice(['北京联通', '北京电信', 'BGP全网通']),
+                          comment=forgery_py.lorem_ipsum.sentence(),
+                          created_by='Fake')
+            try:
+                cluster.save()
+                logger.debug('Generate fake asset group: %s' % cluster.name)
+            except IntegrityError:
+                print('Error continue')
+                continue
--- a/apps/assets/models/group.py
+++ b/apps/assets/models/group.py
@@ -0,0 +1,53 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# 
+
+from __future__ import unicode_literals
+
+import uuid
+
+from django.db import models
+import logging
+from django.utils.translation import ugettext_lazy as _
+
+
+__all__ = ['AssetGroup']
+logger = logging.getLogger(__name__)
+
+
+class AssetGroup(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=64, unique=True, verbose_name=_('Name'))
+    created_by = models.CharField(max_length=32, null=True, blank=True, verbose_name=_('Created by'))
+    date_created = models.DateTimeField(auto_now_add=True, null=True, verbose_name=_('Date created'))
+    comment = models.TextField(blank=True, verbose_name=_('Comment'))
+
+    def __str__(self):
+        return self.name
+
+    class Meta:
+        ordering = ['name']
+        verbose_name = _("Asset group")
+
+    @classmethod
+    def initial(cls):
+        asset_group = cls(name=_('Default'), comment=_('Default asset group'))
+        asset_group.save()
+
+    @classmethod
+    def generate_fake(cls, count=100):
+        from random import seed
+        import forgery_py
+        from django.db import IntegrityError
+
+        seed()
+        for i in range(count):
+            group = cls(name=forgery_py.name.full_name(),
+                        comment=forgery_py.lorem_ipsum.sentence(),
+                        created_by='Fake')
+            try:
+                group.save()
+                logger.debug('Generate fake asset group: %s' % group.name)
+            except IntegrityError:
+                print('Error continue')
+                continue
--- a/apps/assets/models/label.py
+++ b/apps/assets/models/label.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+#
+
+import uuid
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+class Label(models.Model):
+    SYSTEM_CATEGORY = "S"
+    USER_CATEGORY = "U"
+    CATEGORY_CHOICES = (
+        ("S", _("System")),
+        ("U", _("User"))
+    )
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=128, verbose_name=_("Name"))
+    value = models.CharField(max_length=128, verbose_name=_("Value"))
+    category = models.CharField(max_length=128, choices=CATEGORY_CHOICES, default=USER_CATEGORY, verbose_name=_("Category"))
+    is_active = models.BooleanField(default=True, verbose_name=_("Is active"))
+    comment = models.TextField(blank=True, null=True, verbose_name=_("Comment"))
+    date_created = models.DateTimeField(
+        auto_now_add=True, null=True, blank=True, verbose_name=_('Date created')
+    )
+
+    @classmethod
+    def get_queryset_group_by_name(cls):
+        names = cls.objects.values_list('name', flat=True)
+        for name in names:
+            yield name, cls.objects.filter(name=name)
+
+    def __str__(self):
+        return "{}:{}".format(self.name, self.value)
+
+    class Meta:
+        db_table = "assets_label"
+        unique_together = ('name', 'value')
--- a/apps/assets/models/node.py
+++ b/apps/assets/models/node.py
@@ -0,0 +1,119 @@
+# -*- coding: utf-8 -*-
+#
+import uuid
+
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+
+
+__all__ = ['Node']
+
+
+class Node(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    key = models.CharField(unique=True, max_length=64, verbose_name=_("Key"))  # '1:1:1:1'
+    value = models.CharField(max_length=128, unique=True, verbose_name=_("Value"))
+    child_mark = models.IntegerField(default=0)
+    date_create = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return self.value
+
+    @property
+    def name(self):
+        return self.value
+
+    @property
+    def full_value(self):
+        if self == self.__class__.root():
+            return self.value
+        else:
+            return '{}/{}'.format(self.value, self.parent.full_value)
+
+    @property
+    def level(self):
+        return len(self.key.split(':'))
+
+    def get_next_child_key(self):
+        mark = self.child_mark
+        self.child_mark += 1
+        self.save()
+        return "{}:{}".format(self.key, mark)
+
+    def create_child(self, value):
+        child_key = self.get_next_child_key()
+        child = self.__class__.objects.create(key=child_key, value=value)
+        return child
+
+    def get_children(self):
+        return self.__class__.objects.filter(key__regex=r'{}:[0-9]+$'.format(self.key))
+
+    def get_all_children(self):
+        return self.__class__.objects.filter(key__startswith='{}:'.format(self.key))
+
+    def get_family(self):
+        children = list(self.get_all_children())
+        children.append(self)
+        return children
+
+    def get_assets(self):
+        from .asset import Asset
+        assets = Asset.objects.filter(nodes__id=self.id)
+        return assets
+
+    def get_active_assets(self):
+        return self.get_assets().filter(is_active=True)
+
+    def get_all_assets(self):
+        from .asset import Asset
+        if self.is_root():
+            assets = Asset.objects.all()
+        else:
+            nodes = self.get_family()
+            assets = Asset.objects.filter(nodes__in=nodes)
+        return assets
+
+    def get_all_active_assets(self):
+        return self.get_all_assets().filter(is_active=True)
+
+    def is_root(self):
+        return self.key == '0'
+
+    @property
+    def parent(self):
+        if self.key == "0":
+            return self.__class__.root()
+        elif not self.key.startswith("0"):
+            return self.__class__.root()
+
+        parent_key = ":".join(self.key.split(":")[:-1])
+        try:
+            parent = self.__class__.objects.get(key=parent_key)
+        except Node.DoesNotExist:
+            return self.__class__.root()
+        else:
+            return parent
+
+    @parent.setter
+    def parent(self, parent):
+        self.key = parent.get_next_child_key()
+
+    @property
+    def ancestor(self):
+        if self.parent == self.__class__.root():
+            return [self.__class__.root()]
+        else:
+            return [self.parent, *tuple(self.parent.ancestor)]
+
+    @property
+    def ancestor_with_node(self):
+        ancestor = self.ancestor
+        ancestor.insert(0, self)
+        return ancestor
+
+    @classmethod
+    def root(cls):
+        obj, created = cls.objects.get_or_create(
+            key='0', defaults={"key": '0', 'value': "ROOT"}
+        )
+        return obj
--- a/apps/assets/models/user.py
+++ b/apps/assets/models/user.py
@@ -0,0 +1,289 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+import os
+import logging
+import uuid
+from hashlib import md5
+
+import sshpubkeys
+from django.core.cache import cache
+from django.db import models
+from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
+
+from common.utils import get_signer, ssh_key_string_to_obj, ssh_key_gen
+from .utils import private_key_validator
+from ..const import SYSTEM_USER_CONN_CACHE_KEY
+
+
+__all__ = ['AdminUser', 'SystemUser',]
+logger = logging.getLogger(__name__)
+signer = get_signer()
+
+
+class AssetUser(models.Model):
+    id = models.UUIDField(default=uuid.uuid4, primary_key=True)
+    name = models.CharField(max_length=128, unique=True, verbose_name=_('Name'))
+    username = models.CharField(max_length=128, verbose_name=_('Username'))
+    _password = models.CharField(max_length=256, blank=True, null=True, verbose_name=_('Password'))
+    _private_key = models.TextField(max_length=4096, blank=True, null=True, verbose_name=_('SSH private key'), validators=[private_key_validator, ])
+    _public_key = models.TextField(max_length=4096, blank=True, verbose_name=_('SSH public key'))
+    comment = models.TextField(blank=True, verbose_name=_('Comment'))
+    date_created = models.DateTimeField(auto_now_add=True)
+    date_updated = models.DateTimeField(auto_now=True)
+    created_by = models.CharField(max_length=128, null=True, verbose_name=_('Created by'))
+
+    @property
+    def password(self):
+        if self._password:
+            return signer.unsign(self._password)
+        else:
+            return None
+
+    @password.setter
+    def password(self, password_raw):
+        raise AttributeError("Using set_auth do that")
+        # self._password = signer.sign(password_raw)
+
+    @property
+    def private_key(self):
+        if self._private_key:
+            return signer.unsign(self._private_key)
+
+    @private_key.setter
+    def private_key(self, private_key_raw):
+        raise AttributeError("Using set_auth do that")
+        # self._private_key = signer.sign(private_key_raw)
+
+    @property
+    def private_key_obj(self):
+        if self._private_key:
+            key_str = signer.unsign(self._private_key)
+            return ssh_key_string_to_obj(key_str, password=self.password)
+        else:
+            return None
+
+    @property
+    def private_key_file(self):
+        if not self.private_key_obj:
+            return None
+        project_dir = settings.PROJECT_DIR
+        tmp_dir = os.path.join(project_dir, 'tmp')
+        key_str = signer.unsign(self._private_key)
+        key_name = '.' + md5(key_str.encode('utf-8')).hexdigest()
+        key_path = os.path.join(tmp_dir, key_name)
+        if not os.path.exists(key_path):
+            self.private_key_obj.write_private_key_file(key_path)
+            os.chmod(key_path, 0o400)
+        return key_path
+
+    @property
+    def public_key(self):
+        key = signer.unsign(self._public_key)
+        if key:
+            return key
+        else:
+            return None
+
+    @property
+    def public_key_obj(self):
+        if self.public_key:
+            try:
+                return sshpubkeys.SSHKey(self.public_key)
+            except TabError:
+                pass
+        return None
+
+    def set_auth(self, password=None, private_key=None, public_key=None):
+        update_fields = []
+        if password:
+            self._password = signer.sign(password)
+            update_fields.append('_password')
+        if private_key:
+            self._private_key = signer.sign(private_key)
+            update_fields.append('_private_key')
+        if public_key:
+            self._public_key = signer.sign(public_key)
+            update_fields.append('_public_key')
+
+        if update_fields:
+            self.save(update_fields=update_fields)
+
+    def auto_gen_auth(self):
+        password = str(uuid.uuid4())
+        private_key, public_key = ssh_key_gen(
+            username=self.name, password=password
+        )
+        self.set_auth(password=password,
+                      private_key=private_key,
+                      public_key=public_key)
+
+    def _to_secret_json(self):
+        """Push system user use it"""
+        return {
+            'name': self.name,
+            'username': self.username,
+            'password': self.password,
+            'public_key': self.public_key,
+            'private_key': self.private_key_file,
+        }
+
+    class Meta:
+        abstract = True
+
+
+class AdminUser(AssetUser):
+    """
+    A privileged user that ansible can use it to push system user and so on
+    """
+    BECOME_METHOD_CHOICES = (
+        ('sudo', 'sudo'),
+        ('su', 'su'),
+    )
+    become = models.BooleanField(default=True)
+    become_method = models.CharField(choices=BECOME_METHOD_CHOICES, default='sudo', max_length=4)
+    become_user = models.CharField(default='root', max_length=64)
+    _become_pass = models.CharField(default='', max_length=128)
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def become_pass(self):
+        password = signer.unsign(self._become_pass)
+        if password:
+            return password
+        else:
+            return ""
+
+    @become_pass.setter
+    def become_pass(self, password):
+        self._become_pass = signer.sign(password)
+
+    @property
+    def become_info(self):
+        if self.become:
+            info = {
+                "method": self.become_method,
+                "user": self.become_user,
+                "pass": self.become_pass,
+            }
+        else:
+            info = None
+        return info
+
+    def get_related_assets(self):
+        assets = self.asset_set.all()
+        return assets
+
+    @property
+    def assets_amount(self):
+        return self.get_related_assets().count()
+
+    class Meta:
+        ordering = ['name']
+        verbose_name = _("Admin user")
+
+    @classmethod
+    def generate_fake(cls, count=10):
+        from random import seed
+        import forgery_py
+        from django.db import IntegrityError
+
+        seed()
+        for i in range(count):
+            obj = cls(name=forgery_py.name.full_name(),
+                      username=forgery_py.internet.user_name(),
+                      password=forgery_py.lorem_ipsum.word(),
+                      comment=forgery_py.lorem_ipsum.sentence(),
+                      created_by='Fake')
+            try:
+                obj.save()
+                logger.debug('Generate fake asset group: %s' % obj.name)
+            except IntegrityError:
+                print('Error continue')
+                continue
+
+
+class SystemUser(AssetUser):
+    SSH_PROTOCOL = 'ssh'
+    RDP_PROTOCOL = 'rdp'
+    PROTOCOL_CHOICES = (
+        (SSH_PROTOCOL, 'ssh'),
+        (RDP_PROTOCOL, 'rdp'),
+    )
+
+    nodes = models.ManyToManyField('assets.Node', blank=True, verbose_name=_("Nodes"))
+    priority = models.IntegerField(default=10, verbose_name=_("Priority"))
+    protocol = models.CharField(max_length=16, choices=PROTOCOL_CHOICES, default='ssh', verbose_name=_('Protocol'))
+    auto_push = models.BooleanField(default=True, verbose_name=_('Auto push'))
+    sudo = models.TextField(default='/sbin/ifconfig', verbose_name=_('Sudo'))
+    shell = models.CharField(max_length=64,  default='/bin/bash', verbose_name=_('Shell'))
+
+    def __str__(self):
+        return self.name
+
+    def to_json(self):
+        return {
+            'id': self.id,
+            'name': self.name,
+            'username': self.username,
+            'protocol': self.protocol,
+            'priority': self.priority,
+            'auto_push': self.auto_push,
+        }
+
+    @property
+    def assets(self):
+        assets = set()
+        for node in self.nodes.all():
+            assets.update(set(node.get_all_assets()))
+        return assets
+
+    @property
+    def assets_connective(self):
+        _result = cache.get(SYSTEM_USER_CONN_CACHE_KEY.format(self.name), {})
+        return _result
+
+    @property
+    def unreachable_assets(self):
+        return list(self.assets_connective.get('dark', {}).keys())
+
+    @property
+    def reachable_assets(self):
+        return self.assets_connective.get('contacted', [])
+
+    def is_need_push(self):
+        if self.auto_push and self.protocol == self.__class__.SSH_PROTOCOL:
+            return True
+        else:
+            return False
+
+    class Meta:
+        ordering = ['name']
+        verbose_name = _("System user")
+
+    @classmethod
+    def generate_fake(cls, count=10):
+        from random import seed
+        import forgery_py
+        from django.db import IntegrityError
+
+        seed()
+        for i in range(count):
+            obj = cls(name=forgery_py.name.full_name(),
+                      username=forgery_py.internet.user_name(),
+                      password=forgery_py.lorem_ipsum.word(),
+                      comment=forgery_py.lorem_ipsum.sentence(),
+                      created_by='Fake')
+            try:
+                obj.save()
+                logger.debug('Generate fake asset group: %s' % obj.name)
+            except IntegrityError:
+                print('Error continue')
+                continue
+
+
+
--- a/apps/assets/models/utils.py
+++ b/apps/assets/models/utils.py
@@ -0,0 +1,35 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+#
+
+from django.core.exceptions import ValidationError
+from common.utils import validate_ssh_private_key
+
+
+__all__ = ['init_model', 'generate_fake']
+
+
+def init_model():
+    from . import Cluster, SystemUser, AdminUser, AssetGroup, Asset
+    for cls in [Cluster, SystemUser, AdminUser, AssetGroup, Asset]:
+        if hasattr(cls, 'initial'):
+            cls.initial()
+
+
+def generate_fake():
+    from . import Cluster, SystemUser, AdminUser, AssetGroup, Asset
+    for cls in [Cluster, SystemUser, AdminUser, AssetGroup, Asset]:
+        if hasattr(cls, 'generate_fake'):
+            cls.generate_fake()
+
+
+def private_key_validator(value):
+    if not validate_ssh_private_key(value):
+        raise ValidationError(
+            _('%(value)s is not an even number'),
+            params={'value': value},
+        )
+
+
+if __name__ == '__main__':
+    pass
--- a/apps/assets/serializers/init.py
+++ b/apps/assets/serializers/init.py
@@ -0,0 +1,8 @@
+# -*- coding: utf-8 -*-
+#
+
+from .asset import *
+from .admin_user import *
+from .label import *
+from .system_user import *
+from .node import *
--- a/apps/assets/serializers/admin_user.py
+++ b/apps/assets/serializers/admin_user.py
@@ -0,0 +1,52 @@
+# -*- coding: utf-8 -*-
+#
+from django.core.cache import cache
+from rest_framework import serializers
+from ..models import Node, AdminUser
+from ..const import ADMIN_USER_CONN_CACHE_KEY
+
+
+class AdminUserSerializer(serializers.ModelSerializer):
+    """
+    管理用户
+    """
+    assets_amount = serializers.SerializerMethodField()
+    unreachable_amount = serializers.SerializerMethodField()
+    reachable_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = AdminUser
+        fields = '__all__'
+
+    @staticmethod
+    def get_unreachable_amount(obj):
+        data = cache.get(ADMIN_USER_CONN_CACHE_KEY.format(obj.name))
+        if data:
+            return len(data.get('dark'))
+        else:
+            return 0
+
+    @staticmethod
+    def get_reachable_amount(obj):
+        data = cache.get(ADMIN_USER_CONN_CACHE_KEY.format(obj.name))
+        if data:
+            return len(data.get('contacted'))
+        else:
+            return 0
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return obj.assets_amount
+
+
+class ReplaceNodeAdminUserSerializer(serializers.ModelSerializer):
+    """
+    管理用户更新关联到的集群
+    """
+    nodes = serializers.PrimaryKeyRelatedField(
+        many=True, queryset=Node.objects.all()
+    )
+
+    class Meta:
+        model = AdminUser
+        fields = ['id', 'nodes']
--- a/apps/assets/serializers/asset.py
+++ b/apps/assets/serializers/asset.py
@@ -0,0 +1,62 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+from rest_framework_bulk.serializers import BulkListSerializer
+
+from common.mixins import BulkSerializerMixin
+from ..models import Asset
+from .system_user import AssetSystemUserSerializer
+
+
+class AssetSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+    """
+    资产的数据结构
+    """
+
+    class Meta:
+        model = Asset
+        list_serializer_class = BulkListSerializer
+        fields = '__all__'
+        validators = []  # If not set to [], partial bulk update will be error
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend([
+            'hardware_info', 'is_connective',
+        ])
+        return fields
+
+
+class AssetGrantedSerializer(serializers.ModelSerializer):
+    """
+    被授权资产的数据结构
+    """
+    system_users_granted = AssetSystemUserSerializer(many=True, read_only=True)
+    system_users_join = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Asset
+        fields = (
+            "id", "hostname", "ip", "port", "system_users_granted",
+            "is_active", "system_users_join", "os",
+            "platform", "comment"
+        )
+
+    @staticmethod
+    def get_system_users_join(obj):
+        system_users = [s.username for s in obj.system_users_granted]
+        return ', '.join(system_users)
+
+
+class MyAssetGrantedSerializer(AssetGrantedSerializer):
+    """
+    普通用户获取授权的资产定义的数据结构
+    """
+
+    class Meta:
+        model = Asset
+        fields = (
+            "id", "hostname", "system_users_granted",
+            "is_active", "system_users_join",
+            "os", "platform", "comment",
+        )
--- a/apps/assets/serializers/cluster.py
+++ b/apps/assets/serializers/cluster.py
@@ -0,0 +1,46 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework import serializers
+from common.mixins import BulkSerializerMixin
+from ..models import Asset, Cluster
+
+
+class ClusterUpdateAssetsSerializer(serializers.ModelSerializer):
+    """
+    集群更新资产数据结构
+    """
+    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
+
+    class Meta:
+        model = Cluster
+        fields = ['id', 'assets']
+
+
+class ClusterSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+    """
+    cluster
+    """
+    assets_amount = serializers.SerializerMethodField()
+    admin_user_name = serializers.SerializerMethodField()
+    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
+    system_users = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Cluster
+        fields = '__all__'
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return obj.assets.count()
+
+    @staticmethod
+    def get_admin_user_name(obj):
+        try:
+            return obj.admin_user.name
+        except AttributeError:
+            return ''
+
+    @staticmethod
+    def get_system_users(obj):
+        return ', '.join(obj.name for obj in obj.systemuser_set.all())
--- a/apps/assets/serializers/label.py
+++ b/apps/assets/serializers/label.py
@@ -0,0 +1,37 @@
+# -*- coding: utf-8 -*-
+#
+from rest_framework import serializers
+from rest_framework_bulk.serializers import BulkListSerializer
+
+from ..models import Label
+
+
+class LabelSerializer(serializers.ModelSerializer):
+    asset_count = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Label
+        fields = '__all__'
+        list_serializer_class = BulkListSerializer
+
+    @staticmethod
+    def get_asset_count(obj):
+        return obj.assets.count()
+
+    def get_field_names(self, declared_fields, info):
+        fields = super().get_field_names(declared_fields, info)
+        fields.extend(['get_category_display'])
+        return fields
+
+
+class LabelDistinctSerializer(serializers.ModelSerializer):
+    value = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Label
+        fields = ("name", "value")
+
+    @staticmethod
+    def get_value(obj):
+        labels = Label.objects.filter(name=obj["name"])
+        return ', '.join([label.value for label in labels])
--- a/apps/assets/serializers/node.py
+++ b/apps/assets/serializers/node.py
@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+from rest_framework import serializers
+from rest_framework_bulk.serializers import BulkListSerializer
+
+from common.mixins import BulkSerializerMixin
+from ..models import Asset, Node
+from .asset import AssetGrantedSerializer
+
+
+class NodeGrantedSerializer(BulkSerializerMixin, serializers.ModelSerializer):
+    """
+    授权资产组
+    """
+    assets_granted = AssetGrantedSerializer(many=True, read_only=True)
+    assets_amount = serializers.SerializerMethodField()
+    parent = serializers.SerializerMethodField()
+    name = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Node
+        fields = [
+            'id', 'key', 'name', 'value', 'parent',
+            'assets_granted', 'assets_amount',
+        ]
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return len(obj.assets_granted)
+
+    @staticmethod
+    def get_name(obj):
+        return obj.name
+
+    @staticmethod
+    def get_parent(obj):
+        return obj.parent.id
+
+
+class NodeSerializer(serializers.ModelSerializer):
+    parent = serializers.SerializerMethodField()
+    assets_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = Node
+        fields = ['id', 'key', 'value', 'parent', 'assets_amount']
+        list_serializer_class = BulkListSerializer
+
+    @staticmethod
+    def get_parent(obj):
+        return obj.parent.id
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return obj.get_all_assets().count()
+
+    def get_fields(self):
+        fields = super().get_fields()
+        field = fields["key"]
+        field.required = False
+        return fields
+
+
+class NodeAssetsSerializer(serializers.ModelSerializer):
+    assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
+
+    class Meta:
+        model = Node
+        fields = ['assets']
+
+
+class NodeAddChildrenSerializer(serializers.Serializer):
+    nodes = serializers.ListField()
--- a/apps/assets/serializers/system_user.py
+++ b/apps/assets/serializers/system_user.py
@@ -0,0 +1,69 @@
+from rest_framework import serializers
+
+from ..models import SystemUser
+
+
+class SystemUserSerializer(serializers.ModelSerializer):
+    """
+    系统用户
+    """
+    unreachable_amount = serializers.SerializerMethodField()
+    reachable_amount = serializers.SerializerMethodField()
+    unreachable_assets = serializers.SerializerMethodField()
+    reachable_assets = serializers.SerializerMethodField()
+    assets_amount = serializers.SerializerMethodField()
+
+    class Meta:
+        model = SystemUser
+        exclude = ('_password', '_private_key', '_public_key')
+
+    @staticmethod
+    def get_unreachable_assets(obj):
+        return obj.unreachable_assets
+
+    @staticmethod
+    def get_reachable_assets(obj):
+        return obj.reachable_assets
+
+    def get_unreachable_amount(self, obj):
+        return len(self.get_unreachable_assets(obj))
+
+    def get_reachable_amount(self, obj):
+        return len(self.get_reachable_assets(obj))
+
+    @staticmethod
+    def get_assets_amount(obj):
+        return len(obj.assets)
+
+
+class SystemUserAuthSerializer(serializers.ModelSerializer):
+    """
+    系统用户认证信息
+    """
+    password = serializers.CharField(max_length=1024)
+    private_key = serializers.CharField(max_length=4096)
+
+    class Meta:
+        model = SystemUser
+        fields = [
+            "id", "name", "username", "protocol",
+            "password", "private_key",
+        ]
+
+
+class AssetSystemUserSerializer(serializers.ModelSerializer):
+    """
+    查看授权的资产系统用户的数据结构，这个和AssetSerializer不同，字段少
+    """
+    class Meta:
+        model = SystemUser
+        fields = ('id', 'name', 'username', 'priority', 'protocol',  'comment',)
+
+
+class SystemUserSimpleSerializer(serializers.ModelSerializer):
+    """
+    系统用户最基本信息的数据结构
+    """
+    class Meta:
+        model = SystemUser
+        fields = ('id', 'name', 'username')
--- a/apps/assets/signals.py
+++ b/apps/assets/signals.py
@@ -0,0 +1,5 @@
+# -*- coding: utf-8 -*-
+#
+from django.dispatch import Signal
+
+on_app_ready = Signal()
--- a/apps/assets/signals_handler.py
+++ b/apps/assets/signals_handler.py
@@ -0,0 +1,71 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.db.models.signals import post_save, m2m_changed
+from django.dispatch import receiver
+
+from common.utils import get_logger
+from .models import Asset, SystemUser, Node
+from .tasks import update_assets_hardware_info_util, \
+    test_asset_connectability_util, push_system_user_to_node, \
+    push_node_system_users_to_asset
+
+
+logger = get_logger(__file__)
+
+
+def update_asset_hardware_info_on_created(asset):
+    logger.debug("Update asset `{}` hardware info".format(asset))
+    update_assets_hardware_info_util.delay([asset])
+
+
+def test_asset_conn_on_created(asset):
+    logger.debug("Test asset `{}` connectability".format(asset))
+    test_asset_connectability_util.delay([asset])
+
+
+def set_asset_root_node(asset):
+    logger.debug("Set asset default node: {}".format(Node.root()))
+    asset.nodes.add(Node.root())
+
+
+@receiver(post_save, sender=Asset, dispatch_uid="my_unique_identifier")
+def on_asset_created_or_update(sender, instance=None, created=False, **kwargs):
+    set_asset_root_node(instance)
+    if created:
+        logger.info("Asset `{}` create signal received".format(instance))
+        update_asset_hardware_info_on_created(instance)
+        test_asset_conn_on_created(instance)
+
+
+@receiver(post_save, sender=SystemUser, dispatch_uid="my_unique_identifier")
+def on_system_user_update(sender, instance=None, created=True, **kwargs):
+    if instance and not created:
+        for node in instance.nodes.all():
+            push_system_user_to_node(instance, node)
+
+
+@receiver(m2m_changed, sender=SystemUser.nodes.through)
+def on_system_user_node_change(sender, instance=None, **kwargs):
+    if instance and kwargs["action"] == "post_add":
+        for pk in kwargs['pk_set']:
+            node = kwargs['model'].objects.get(pk=pk)
+            push_system_user_to_node(instance, node)
+
+
+@receiver(m2m_changed, sender=Asset.nodes.through)
+def on_asset_node_changed(sender, instance=None, **kwargs):
+    if isinstance(instance, Asset) and kwargs['action'] == 'post_add':
+        logger.debug("Asset node change signal received")
+        for pk in kwargs['pk_set']:
+            node = kwargs['model'].objects.get(pk=pk)
+            push_node_system_users_to_asset(node, [instance])
+
+
+@receiver(m2m_changed, sender=Asset.nodes.through)
+def on_node_assets_changed(sender, instance=None, **kwargs):
+    if isinstance(instance, Node) and kwargs['action'] == 'post_add':
+        logger.debug("Node assets change signal received")
+        assets = kwargs['model'].objects.filter(pk__in=kwargs['pk_set'])
+        push_node_system_users_to_asset(instance, assets)
+
--- a/apps/assets/tasks.py
+++ b/apps/assets/tasks.py
@@ -0,0 +1,440 @@
+# ~*~ coding: utf-8 ~*~
+import json
+import re
+import os
+
+from celery import shared_task
+from django.core.cache import cache
+from django.utils.translation import ugettext as _
+
+from common.utils import get_object_or_none, capacity_convert, \
+    sum_capacity, encrypt_password, get_logger
+from common.celery import register_as_period_task, after_app_shutdown_clean, \
+    after_app_ready_start, app as celery_app
+
+from .models import SystemUser, AdminUser, Asset, Cluster
+from . import const
+
+
+FORKS = 10
+TIMEOUT = 60
+logger = get_logger(__file__)
+CACHE_MAX_TIME = 60*60*60
+disk_pattern = re.compile(r'^hd|sd|xvd|vd')
+PERIOD_TASK = os.environ.get("PERIOD_TASK", "on")
+
+
+@shared_task
+def set_assets_hardware_info(result, **kwargs):
+    """
+    Using ops task run result, to update asset info
+
+    @shared_task must be exit, because we using it as a task callback, is must
+    be a celery task also
+    :param result:
+    :param kwargs: {task_name: ""}
+    :return:
+    """
+    result_raw = result[0]
+    assets_updated = []
+    for hostname, info in result_raw.get('ok', {}).items():
+        info = info.get('setup', {}).get('ansible_facts', {})
+        if not info:
+            logger.error("Get asset info failed: {}".format(hostname))
+            continue
+
+        asset = get_object_or_none(Asset, hostname=hostname)
+        if not asset:
+            continue
+
+        ___vendor = info.get('ansible_system_vendor', 'Unknown')
+        ___model = info.get('ansible_product_name', 'Unknown')
+        ___sn = info.get('ansible_product_serial', 'Unknown')
+
+        for ___cpu_model in info.get('ansible_processor', []):
+            if ___cpu_model.endswith('GHz') or ___cpu_model.startswith("Intel"):
+                break
+        else:
+            ___cpu_model = 'Unknown'
+        ___cpu_model = ___cpu_model[:64]
+        ___cpu_count = info.get('ansible_processor_count', 0)
+        ___cpu_cores = info.get('ansible_processor_cores', None) or len(info.get('ansible_processor', []))
+        ___memory = '%s %s' % capacity_convert('{} MB'.format(info.get('ansible_memtotal_mb')))
+        disk_info = {}
+        for dev, dev_info in info.get('ansible_devices', {}).items():
+            if disk_pattern.match(dev) and dev_info['removable'] == '0':
+                disk_info[dev] = dev_info['size']
+        ___disk_total = '%s %s' % sum_capacity(disk_info.values())
+        ___disk_info = json.dumps(disk_info)
+
+        ___platform = info.get('ansible_system', 'Unknown')
+        ___os = info.get('ansible_distribution', 'Unknown')
+        ___os_version = info.get('ansible_distribution_version', 'Unknown')
+        ___os_arch = info.get('ansible_architecture', 'Unknown')
+        ___hostname_raw = info.get('ansible_hostname', 'Unknown')
+
+        for k, v in locals().items():
+            if k.startswith('___'):
+                setattr(asset, k.strip('_'), v)
+        asset.save()
+        assets_updated.append(asset)
+    return assets_updated
+
+
+@shared_task
+def update_assets_hardware_info_util(assets, task_name=None):
+    """
+    Using ansible api to update asset hardware info
+    :param assets:  asset seq
+    :param task_name: task_name running
+    :return: result summary ['contacted': {}, 'dark': {}]
+    """
+    from ops.utils import update_or_create_ansible_task
+    if task_name is None:
+        # task_name = _("Update some assets hardware info")
+        task_name = _("更新资产硬件信息")
+    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
+    hostname_list = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
+    task, created = update_or_create_ansible_task(
+        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+    )
+    result = task.run()
+    # Todo: may be somewhere using
+    # Manual run callback function
+    set_assets_hardware_info(result)
+    return result
+
+
+@shared_task
+def update_asset_hardware_info_manual(asset):
+    # task_name = _("Update asset hardware info")
+    task_name = _("更新资产硬件信息")
+    return update_assets_hardware_info_util([asset], task_name=task_name)
+
+
+@celery_app.task
+@register_as_period_task(interval=3600)
+@after_app_ready_start
+@after_app_shutdown_clean
+def update_assets_hardware_info_period():
+    """
+    Update asset hardware period task
+    :return:
+    """
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, update assets hardware info pass")
+        return
+
+    from ops.utils import update_or_create_ansible_task
+    # task_name = _("Update assets hardware info period")
+    task_name = _("定期更新资产硬件信息")
+    hostname_list = [
+        asset.hostname for asset in Asset.objects.all()
+        if asset.is_active and asset.is_unixlike()
+    ]
+    tasks = const.UPDATE_ASSETS_HARDWARE_TASKS
+
+    # Only create, schedule by celery beat
+    update_or_create_ansible_task(
+        task_name, hosts=hostname_list, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+        interval=60*60*24, is_periodic=True, callback=set_assets_hardware_info.name,
+    )
+
+
+##  ADMIN USER CONNECTIVE  ##
+
+@shared_task
+def set_admin_user_connectability_info(result, **kwargs):
+    admin_user = kwargs.get("admin_user")
+    task_name = kwargs.get("task_name")
+    if admin_user is None and task_name is not None:
+        admin_user = task_name.split(":")[-1]
+
+    raw, summary = result
+    cache_key = const.ADMIN_USER_CONN_CACHE_KEY.format(admin_user)
+    cache.set(cache_key, summary, CACHE_MAX_TIME)
+
+    for i in summary.get('contacted', []):
+        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
+        cache.set(asset_conn_cache_key, 1, CACHE_MAX_TIME)
+
+    for i, msg in summary.get('dark', {}).items():
+        asset_conn_cache_key = const.ASSET_ADMIN_CONN_CACHE_KEY.format(i)
+        cache.set(asset_conn_cache_key, 0, CACHE_MAX_TIME)
+        logger.error(msg)
+
+
+@shared_task
+def test_admin_user_connectability_util(admin_user, task_name):
+    """
+    Test asset admin user can connect or not. Using ansible api do that
+    :param admin_user:
+    :param task_name:
+    :return:
+    """
+    from ops.utils import update_or_create_ansible_task
+
+    assets = admin_user.get_related_assets()
+    hosts = [asset.hostname for asset in assets
+             if asset.is_active and asset.is_unixlike()]
+    if not hosts:
+        return
+    tasks = const.TEST_ADMIN_USER_CONN_TASKS
+    task, created = update_or_create_ansible_task(
+        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+    )
+    result = task.run()
+    set_admin_user_connectability_info(result, admin_user=admin_user.name)
+    return result
+
+
+@celery_app.task
+@register_as_period_task(interval=3600)
+@after_app_ready_start
+@after_app_shutdown_clean
+def test_admin_user_connectability_period():
+    """
+    A period task that update the ansible task period
+    """
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test admin user connectability pass")
+        return
+
+    admin_users = AdminUser.objects.all()
+    for admin_user in admin_users:
+        # task_name = _("Test admin user connectability period: {}".format(admin_user.name))
+        task_name = _("定期测试管理账号可连接性: {}".format(admin_user.name))
+        test_admin_user_connectability_util(admin_user, task_name)
+
+
+@shared_task
+def test_admin_user_connectability_manual(admin_user):
+    # task_name = _("Test admin user connectability: {}").format(admin_user.name)
+    task_name = _("测试管理行号可连接性: {}").format(admin_user.name)
+    return test_admin_user_connectability_util.delay(admin_user, task_name)
+
+
+@shared_task
+def test_asset_connectability_util(assets, task_name=None):
+    from ops.utils import update_or_create_ansible_task
+
+    if task_name is None:
+        # task_name = _("Test assets connectability")
+        task_name = _("测试资产可连接性")
+    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
+    if not hosts:
+        logger.info("No hosts, passed")
+        return {}
+    tasks = const.TEST_ADMIN_USER_CONN_TASKS
+    task, created = update_or_create_ansible_task(
+        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System',
+    )
+    result = task.run()
+    summary = result[1]
+    for k in summary.get('dark'):
+        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 0, CACHE_MAX_TIME)
+
+    for k in summary.get('contacted'):
+        cache.set(const.ASSET_ADMIN_CONN_CACHE_KEY.format(k), 1, CACHE_MAX_TIME)
+    return summary
+
+
+@shared_task
+def test_asset_connectability_manual(asset):
+    summary = test_asset_connectability_util([asset])
+
+    if summary.get('dark'):
+        return False, summary['dark']
+    else:
+        return True, ""
+
+
+##  System user connective ##
+
+@shared_task
+def set_system_user_connectablity_info(result, **kwargs):
+    summary = result[1]
+    task_name = kwargs.get("task_name")
+    system_user = kwargs.get("system_user")
+    if system_user is None:
+        system_user = task_name.split(":")[-1]
+    cache_key = const.SYSTEM_USER_CONN_CACHE_KEY.format(system_user)
+    cache.set(cache_key, summary, CACHE_MAX_TIME)
+
+
+@shared_task
+def test_system_user_connectability_util(system_user, task_name):
+    """
+    Test system cant connect his assets or not.
+    :param system_user:
+    :param task_name:
+    :return:
+    """
+    from ops.utils import update_or_create_ansible_task
+    assets = system_user.assets
+    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
+    tasks = const.TEST_SYSTEM_USER_CONN_TASKS
+    if not hosts:
+        logger.info("No hosts, passed")
+        return {}
+    task, created = update_or_create_ansible_task(
+        task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS,
+        run_as=system_user.name, created_by="System",
+    )
+    result = task.run()
+    set_system_user_connectablity_info(result, system_user=system_user.name)
+    return result
+
+
+@shared_task
+def test_system_user_connectability_manual(system_user):
+    task_name = _("Test system user connectability: {}").format(system_user)
+    return test_system_user_connectability_util(system_user, task_name)
+
+
+@shared_task
+@register_as_period_task(interval=3600)
+@after_app_ready_start
+@after_app_shutdown_clean
+def test_system_user_connectability_period():
+    if PERIOD_TASK != "on":
+        logger.debug("Period task disabled, test system user connectability pass")
+        return
+
+    system_users = SystemUser.objects.all()
+    for system_user in system_users:
+        # task_name = _("Test system user connectability period: {}".format(system_user))
+        task_name = _("定期测试系统用户可连接性: {}".format(system_user))
+        test_system_user_connectability_util(system_user, task_name)
+
+
+####  Push system user tasks ####
+
+def get_push_system_user_tasks(system_user):
+    # Set root as system user is dangerous
+    if system_user.username == "root":
+        return []
+
+    tasks = []
+    if system_user.password:
+        tasks.append({
+            'name': 'Add user {}'.format(system_user.username),
+            'action': {
+                'module': 'user',
+                'args': 'name={} shell={} state=present password={}'.format(
+                    system_user.username, system_user.shell,
+                    encrypt_password(system_user.password, salt="K3mIlKK"),
+                ),
+            }
+        })
+    if system_user.public_key:
+        tasks.append({
+            'name': 'Set {} authorized key'.format(system_user.username),
+            'action': {
+                'module': 'authorized_key',
+                'args': "user={} state=present key='{}'".format(
+                    system_user.username, system_user.public_key
+                )
+            }
+        })
+    if system_user.sudo:
+        tasks.append({
+            'name': 'Set {} sudo setting'.format(system_user.username),
+            'action': {
+                'module': 'lineinfile',
+                'args': "dest=/etc/sudoers state=present regexp='^{0} ALL=' "
+                        "line='{0} ALL=(ALL) NOPASSWD: {1}' "
+                        "validate='visudo -cf %s'".format(
+                    system_user.username,
+                    system_user.sudo,
+                )
+            }
+        })
+    return tasks
+
+
+@shared_task
+def push_system_user_util(system_users, assets, task_name):
+    from ops.utils import update_or_create_ansible_task
+    tasks = []
+    for system_user in system_users:
+        if not system_user.is_need_push():
+            msg = "push system user `{}` passed, may be not auto push or ssh " \
+                  "protocol is not ssh".format(system_user.name)
+            logger.info(msg)
+            continue
+        tasks.extend(get_push_system_user_tasks(system_user))
+
+    if not tasks:
+        logger.info("Not tasks, passed")
+        return {}
+
+    hosts = [asset.hostname for asset in assets if asset.is_active and asset.is_unixlike()]
+    if not hosts:
+        logger.info("Not hosts, passed")
+        return {}
+    task, created = update_or_create_ansible_task(
+        task_name=task_name, hosts=hosts, tasks=tasks, pattern='all',
+        options=const.TASK_OPTIONS, run_as_admin=True, created_by='System'
+    )
+    return task.run()
+
+
+def get_node_push_system_user_task_name(system_user, node):
+
+    # return _("Push system user to node: {} => {}").format(
+    return _("推送系统用户到节点资产: {} => {}").format(
+        system_user.name,
+        node.value
+    )
+
+
+def push_system_user_to_node(system_user, node):
+    assets = node.get_all_assets()
+    task_name = get_node_push_system_user_task_name(system_user, node)
+    push_system_user_util.delay([system_user], assets, task_name)
+
+
+@shared_task
+def push_system_user_related_nodes(system_user):
+    if not system_user.is_need_push():
+        msg = "push system user `{}` passed, may be not auto push or ssh " \
+              "protocol is not ssh".format(system_user.name)
+        logger.info(msg)
+        return
+
+    nodes = system_user.nodes.all()
+    for node in nodes:
+        push_system_user_to_node(system_user, node)
+
+
+@shared_task
+def push_system_user_to_assets_manual(system_user):
+    push_system_user_related_nodes(system_user)
+
+
+def push_node_system_users_to_asset(node, assets):
+    system_users = []
+    nodes = node.ancestor_with_node
+    # 获取该节点所有父节点有的系统用户, 然后推送
+    for n in nodes:
+        system_users.extend(list(n.systemuser_set.all()))
+
+    if system_users:
+        # task_name = _("Push system users to node: {}").format(node.value)
+        task_name = _("推送节点系统用户到新加入资产中: {}").format(node.value)
+        push_system_user_util.delay(system_users, assets, task_name)
+
+
+# @shared_task
+# @register_as_period_task(interval=3600)
+# @after_app_ready_start
+# # @after_app_shutdown_clean
+# def push_system_user_period():
+#     for system_user in SystemUser.objects.all():
+#         push_system_user_related_nodes(system_user)
--- a/apps/assets/templates/assets/_asset_group_bulk_update_modal.html
+++ b/apps/assets/templates/assets/_asset_group_bulk_update_modal.html
@@ -0,0 +1,41 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% block modal_id %}asset_group_bulk_update_modal{% endblock %}
+{% block modal_class %}modal-lg{% endblock %}
+{% block modal_title%}{% trans "Update asset group" %}{% endblock %}
+{% block modal_body %}
+{% load bootstrap3 %}
+<p class="text-success text-center">{% trans "Hint: only change the field you want to update." %}</p>
+<form method="post" class="form-horizontal" action="" id="fm_asset_group_bulk_update">
+    <div class="form-group">
+        <label for="assets" class="col-sm-2 control-label">{% trans 'Assets' %}</label>
+        <div class="col-sm-9" id="select2-container">
+            <select name="assets" id="select2_groups" data-placeholder="{% trans 'Select Asset' %}" class="select2 form-control m-b" multiple>
+                {% for asset in assets %}
+                    <option value="{{ asset.id }}">{{ asset.ip }}</option>
+                {% endfor %}
+            </select>
+        </div>
+    </div>
+	<div class="form-group">
+        <label for="system_users" class="col-sm-2 control-label">{% trans 'System users' %}</label>
+        <div class="col-sm-9" id="select2-container">
+            <select name="system_users" id="select2_groups" data-placeholder="{% trans 'Select System Users' %}" class="select2 form-control m-b" multiple>
+                {% for system_user in system_users %}
+                    <option value="{{ system_user.id }}">{{ system_user.name }}</option>
+                {% endfor %}
+            </select>
+        </div>
+    </div>
+
+    <div class="form-group">
+        <div class="col-sm-9 col-lg-9 col-sm-offset-2">
+            <div class="checkbox checkbox-success">
+                <input type="checkbox" name="enable_otp" checked id="id_enable_otp"><label for="id_enable_otp">{% trans 'Enable-OTP' %}</label>
+            </div>
+        </div>
+    </div>
+
+</form>
+{% endblock %}
+{% block modal_confirm_id %}btn_asset_group_bulk_update{% endblock %}
--- a/apps/assets/templates/assets/_asset_import_modal.html
+++ b/apps/assets/templates/assets/_asset_import_modal.html
@@ -0,0 +1,29 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+{% block modal_id %}asset_import_modal{% endblock %}
+{% block modal_title%}{% trans "Import asset" %}{% endblock %}
+{% block modal_body %}
+<form method="post" action="{% url 'assets:asset-import' %}" id="fm_asset_import" enctype="multipart/form-data">
+    {% csrf_token %}
+    <div class="form-group">
+        <label class="control-label" for="id_assets">{% trans "Template" %}</label>
+        <a href="{% url 'assets:asset-export' %}" style="display: block">{% trans 'Download' %}</a>
+    </div>
+    <div class="form-group">
+        <label class="control-label" for="id_users">{% trans "Asset csv file" %}</label>
+        <input id="id_assets" type="file" name="file" />
+        <span class="help-block red-fonts">
+            {% trans 'If set id, will use this id update asset existed' %}
+        </span>
+    </div>
+</form>
+<p>
+    <p class="text-success" id="id_created"></p>
+    <p id="id_created_detail"></p>
+    <p class="text-warning" id="id_updated"></p>
+    <p id="id_updated_detail"></p>
+    <p class="text-danger" id="id_failed"></p>
+    <p id="id_failed_detail"></p>
+</p>
+{% endblock %}
+{% block modal_confirm_id %}btn_asset_import{% endblock %}
--- a/apps/assets/templates/assets/_asset_list_modal.html
+++ b/apps/assets/templates/assets/_asset_list_modal.html
@@ -0,0 +1,132 @@
+{% extends '_modal.html' %}
+{% load i18n %}
+
+{% block modal_class %}modal-lg{% endblock %}
+{% block modal_id %}asset_list_modal{% endblock %}
+{#{% block modal_title%}{% trans "Please select assets" %}{% endblock %}#}
+{% block modal_body %}
+{#<div class="btn-group" style="float: right">#}
+{#   <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>#}
+{#   <ul class="dropdown-menu labels">#}
+{#       {% for label in labels %}#}
+{#           <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>#}
+{#       {% endfor %}#}
+{#   </ul>#}
+{#</div>#}
+<table class="table table-striped table-bordered table-hover " id="asset_modal_table" width="100%">
+   <thead>
+       <tr>
+           <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+           <th class="text-center">{% trans 'Hostname' %}</th>
+           <th class="text-center">{% trans 'IP' %}</th>
+           <th class="text-center">{% trans 'Hardware' %}</th>
+           <th class="text-center">{% trans 'Active' %}</th>
+           <th class="text-center">{% trans 'Reachable' %}</th>
+           <th class="text-center">{% trans 'Action' %}</th>
+       </tr>
+   </thead>
+   <tbody>
+   </tbody>
+</table>
+<div id="actions" class="hide">
+   <div class="input-group">
+       <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+           <option value="delete">{% trans 'Delete selected' %}</option>
+           <option value="update">{% trans 'Update selected' %}</option>
+           <option value="deactive">{% trans 'Deactive selected' %}</option>
+           <option value="active">{% trans 'Active selected' %}</option>
+       </select>
+       <div class="input-group-btn pull-left" style="padding-left: 5px;">
+           <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+            {% trans 'Submit' %}
+           </button>
+       </div>
+   </div>
+</div>
+<script>
+
+var modal_table;
+
+function initModalTable() {
+    var options = {
+        ele: $('#asset_modal_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
+                var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 3, createdCell: function (td, cellData, rowData) {
+                $(td).html(rowData.hardware_info)
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                if (cellData === 'Unknown'){
+                    $(td).html('<i class="fa fa-circle text-warning"></i>')
+                } else if (!cellData) {
+                    $(td).html('<i class="fa fa-circle text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-circle text-navy"></i>')
+                }
+            }},
+            {targets: 6, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:asset-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+            }}
+        ],
+        ajax_url: '{% url "api-assets:asset-list" %}',
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" },
+            {data: "cpu_cores"}, {data: "is_active", orderable: false },
+            {data: "is_connective", orderable: false}, {data: "id", orderable: false }
+        ],
+        op_html: $('#actions').html()
+    };
+    modal_table = jumpserver.initServerSideDataTable(options);
+    return modal_table;
+}
+
+$(document).ready(function(){
+   initModalTable();
+}).on('click', '#btn_select_assets', function () {
+    var data_table = $('#asset_modal_table').DataTable();
+    var id_list = [];
+    data_table.rows({selected: true}).every(function(){
+        id_list.push(this.data().id);
+    });
+    var current_node;
+    var nodes = zTree.getSelectedNodes();
+    if (nodes && nodes.length === 1) {
+        current_node = nodes[0]
+    } else {
+        return
+    }
+
+    var data = {
+        'assets': id_list
+    };
+
+    var success = function () {
+        modal_table.ajax.reload()
+    };
+
+    APIUpdateAttr({
+        'url': '/api/assets/v1/nodes/' + current_node.id + '/assets/add/',
+        'method': 'PUT',
+        'body': JSON.stringify(data),
+        'success': success
+    })
+})
+</script>
+
+{% endblock %}
+{% block modal_confirm_id %}btn_select_assets{% endblock %}
+
+
--- a/apps/assets/templates/assets/_system_user.html
+++ b/apps/assets/templates/assets/_system_user.html
@@ -0,0 +1,121 @@
+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap3 %}
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{{ action }}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+                    <div class="ibox-content">
+                        <form enctype="multipart/form-data" method="post" class="form-horizontal" action="" >
+                            {% csrf_token %}
+                            {% if form.non_field_errors %}
+                                <div class="alert alert-danger">
+                                    {{ form.non_field_errors }}
+                                </div>
+                            {% endif %}
+                            <h3>{% trans 'Basic' %}</h3>
+                            {% bootstrap_field form.name layout="horizontal" %}
+                            {% bootstrap_field form.username layout="horizontal" %}
+                            {% bootstrap_field form.priority layout="horizontal" %}
+                            {% bootstrap_field form.protocol layout="horizontal" %}
+
+                            {% block auth %}
+                            <h3>{% trans 'Auth' %}</h3>
+                            <div class="auto-generate">
+                                <div class="form-group">
+                                    <label for="{{ form.auto_generate_key.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto generate key' %}</label>
+                                    <div class="col-sm-8">
+                                        {{ form.auto_generate_key}}
+                                    </div>
+                                </div>
+                            </div>
+                            <div class="auth-fields">
+                                {% bootstrap_field form.password layout="horizontal" %}
+                                {% bootstrap_field form.private_key_file layout="horizontal" %}
+                            </div>
+                            <div class="form-group">
+                                <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
+                                <div class="col-sm-8">
+                                    {{ form.auto_push}}
+                                </div>
+                            </div>
+                            {% endblock %}
+                            <h3>{% trans 'Other' %}</h3>
+                            {% bootstrap_field form.sudo layout="horizontal" %}
+                            {% bootstrap_field form.shell layout="horizontal" %}
+                            {% bootstrap_field form.comment layout="horizontal" %}
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+    <script>
+        var auto_generate_key = '#'+'{{ form.auto_generate_key.id_for_label }}';
+        var protocol_id = '#' + '{{ form.protocol.id_for_label }}';
+        var password_id = '#' + '{{ form.password.id_for_label }}';
+        var private_key_id = '#' + '{{ form.private_key_file.id_for_label }}';
+        var sudo_id = '#' + '{{ form.sudo.id_for_label }}';
+        var shell_id = '#' + '{{ form.shell.id_for_label }}';
+
+        var need_change_field = [auto_generate_key, private_key_id, sudo_id, shell_id] ;
+
+        function authFieldsDisplay() {
+            if ($(auto_generate_key).prop('checked')) {
+                $('.auth-fields').addClass('hidden');
+            } else {
+                $('.auth-fields').removeClass('hidden');
+            }
+        }
+
+        function protocolChange() {
+            if ($(protocol_id).attr('value') === 'rdp') {
+                $.each(need_change_field, function (index, value) {
+                    $(value).addClass('hidden')
+                });
+                $(password_id).removeClass('hidden')
+            } else {
+                $.each(need_change_field, function (index, value) {
+                    $(value).removeClass('hidden')
+                });
+            }
+        }
+        $(document).ready(function () {
+            $('.select2').select2();
+            authFieldsDisplay();
+            protocolChange();
+            $(auto_generate_key).change(function () {
+                authFieldsDisplay();
+            });
+        })
+    </script>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_assets.html
+++ b/apps/assets/templates/assets/admin_user_assets.html
@@ -0,0 +1,135 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'assets:admin-user-detail' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'assets:admin-user-assets' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Assets list' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Asset list of ' %} <b>{{ admin_user.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-striped table-bordered table-hover" id="asset_list_table">
+                                        <thead>
+                                            <tr>
+                                                <th class="text-center">
+                                                    <input type="checkbox" id="check_all" class="ipt_check_all" >
+                                                </th>
+                                                <th>{% trans 'Hostname' %}</th>
+                                                <th>{% trans 'IP' %}</th>
+                                                <th>{% trans 'Port' %}</th>
+                                                <th>{% trans 'Reachable' %}</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td width="50%">{% trans 'Test connective' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-test-connective" style="width: 54px">{% trans 'Test' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+
+function initTable() {
+    var options = {
+		ele: $('#asset_list_table'),
+		buttons: [],
+		order: [],
+		columnDefs: [
+			{targets: 1, createdCell: function (td, cellData, rowData) {
+				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
+				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+			}},
+			{targets: 4, createdCell: function (td, cellData) {
+				if (!cellData) {
+					$(td).html('<i class="fa fa-times text-danger"></i>')
+				} else {
+					$(td).html('<i class="fa fa-check text-navy"></i>')
+				}
+			}}],
+		ajax_url: '{% url "api-assets:asset-list" %}?admin_user_id={{ admin_user.id }}',
+		columns: [
+		    {data: function(){return ""}}, {data: "hostname" }, {data: "ip" },
+            {data: "port" },  {data: "is_connective" }],
+		op_html: $('#actions').html()
+	};
+	jumpserver.initServerSideDataTable(options);
+}
+
+$(document).ready(function () {
+	initTable();
+})
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:admin-user-connective' pk=admin_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success_message: "{% trans 'Task has been send, seen left asset status' %}"
+    });
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_create_update.html
+++ b/apps/assets/templates/assets/admin_user_create_update.html
@@ -0,0 +1,62 @@
+{% extends 'base.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap3 %}
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="ibox-title">
+                        <h5>{{ action }}</h5>
+                        <div class="ibox-tools">
+                            <a class="collapse-link">
+                                <i class="fa fa-chevron-up"></i>
+                            </a>
+                            <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                <i class="fa fa-wrench"></i>
+                            </a>
+                            <a class="close-link">
+                                <i class="fa fa-times"></i>
+                            </a>
+                        </div>
+                    </div>
+                    <div class="ibox-content">
+                        {% if form.non_field_errors %}
+                        <div class="alert alert-danger">
+                            {{ form.non_field_errors }}
+                        </div>
+                        {% endif %}
+                        <form enctype="multipart/form-data" method="post" class="form-horizontal" action="" >
+                            {% csrf_token %}
+                            {% bootstrap_field form.name layout="horizontal" %}
+                            {% bootstrap_field form.username layout="horizontal" %}
+                            {% bootstrap_field form.password layout="horizontal" %}
+                            {% bootstrap_field form.private_key_file layout="horizontal" %}
+                            {% bootstrap_field form.comment layout="horizontal" %}
+
+                            <div class="form-group">
+                                <div class="col-sm-4 col-sm-offset-2">
+                                    <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+                                    <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                </div>
+                            </div>
+                        </form>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+    <script>
+        $(document).ready(function () {
+            $('.select2').select2();
+        })
+    </script>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_detail.html
+++ b/apps/assets/templates/assets/admin_user_detail.html
@@ -0,0 +1,171 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li class="active">
+                                <a href="{% url 'assets:admin-user-detail' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'assets:admin-user-assets' pk=admin_user.pk %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Assets list' %} </a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:admin-user-update' pk=admin_user.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-danger btn-delete-admin-user">
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
+                                </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span class="label"><b>{{ admin_user.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td>{% trans 'Name' %}:</td>
+                                            <td><b>{{ admin_user.name }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Username' %}:</td>
+                                            <td><b>{{ admin_user.username }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Date created' %}:</td>
+                                            <td><b>{{ admin_user.date_created }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Created by' %}:</td>
+                                            <td><b>{{ asset_group.created_by  }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Comment' %}:</td>
+                                            <td><b>{{ admin_user.comment }}</b></td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Replace node assets admin user with this' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table group_edit" id="table-clusters">
+                                        <tbody>
+                                        <form>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <select data-placeholder="{% trans 'Select nodes' %}"  id="nodes_selected"  class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for node in nodes %}
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node.value }}</option>
+                                                        {% endfor %}
+                                                    </select>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <button type="button" class="btn btn-primary btn-sm" id="btn-change-admin-user">{% trans 'Confirm' %}</button>
+                                                </td>
+                                            </tr>
+                                        </form>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    </div>
+
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+function replaceNodeAssetsAdminUser(nodes) {
+    var the_url = "{% url 'api-assets:replace-nodes-admin-user' pk=admin_user.id %}";
+    var body = {
+        nodes: nodes
+    };
+    var success = function(data) {
+        // remove all the selected groups from select > option and rendered ul element;
+        $('.select2-selection__rendered').empty();
+        $('#nodes_selected').val('');
+        $.map(jumpserver.nodes_selected, function(value, index) {
+            $('#opt_' + index).remove();
+        });
+        // clear jumpserver.groups_selected
+        jumpserver.nodes_selected = {};
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        success: success
+    });
+}
+
+jumpserver.nodes_selected = {};
+$(document).ready(function () {
+    $('.select2').select2()
+    .on('select2:select', function(evt) {
+        var data = evt.params.data;
+        jumpserver.nodes_selected[data.id] = data.text;
+    }).on('select2:unselect', function(evt) {
+        var data = evt.params.data;
+        delete jumpserver.nodes_selected[data.id]
+    });
+})
+.on('click', '.btn-delete-admin-user', function () {
+    var $this = $(this);
+    var name = "{{ admin_user.name }}";
+    var uid = "{{ admin_user.id }}";
+    var the_url = '{% url "api-assets:admin-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    var redirect_url = "{% url 'assets:admin-user-list' %}";
+    objectDelete($this, name, the_url, redirect_url);
+})
+.on('click', '#btn-change-admin-user', function () {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
+       return false;
+    }
+    var nodes = [];
+    $.map(jumpserver.nodes_selected, function(value, index) {
+        nodes.push(index);
+    });
+    replaceNodeAssetsAdminUser(nodes);
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/admin_user_list.html
+++ b/apps/assets/templates/assets/admin_user_list.html
@@ -0,0 +1,112 @@
+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block table_search %}
+{% endblock %}
+
+{% block help_message %}
+    <div class="alert alert-info help-message">
+    管理用户是服务器的root，或拥有 NOPASSWD: ALL sudo权限的用户，Jumpserver使用该用户来 `推送系统用户`、`获取资产硬件信息`等。
+    Windows或其它硬件可以随意设置一个
+    </div>
+{% endblock %}
+
+{% block table_container %}
+<div class="uc pull-left m-r-5">
+    <a href="{% url "assets:admin-user-create" %}" class="btn btn-sm btn-primary"> {% trans "Create admin user" %} </a>
+</div>
+<table class="table table-striped table-bordered table-hover " id="admin_user_list_table" >
+    <thead>
+    <tr>
+        <th class="text-center">
+            <input type="checkbox" id="check_all" class="ipt_check_all" >
+        </th>
+        <th class="text-center">{% trans 'Name' %}</th>
+        <th class="text-center">{% trans 'Username' %}</th>
+        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Reachable' %}</th>
+        <th class="text-center">{% trans 'Unreachable' %}</th>
+        <th class="text-center">{% trans 'Ratio' %}</th>
+        <th class="text-center">{% trans 'Comment' %}</th>
+        <th class="text-center">{% trans 'Action' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+$(document).ready(function(){
+    var options = {
+        ele: $('#admin_user_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "assets:admin-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-navy'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData +'">' + innerHtml + '</span>');
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-danger'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+            }},
+            {targets: 6, createdCell: function (td, cellData, rowData) {
+                var val = 0;
+                var innerHtml = "";
+                var total = rowData.assets_amount;
+                var reachable = rowData.reachable_amount;
+                if (total !== 0) {
+                    val = reachable/total * 100;
+                }
+
+                if (val === 100) {
+                    innerHtml = "<span class='text-navy'>" + val + "% </span>";
+                } else {
+                    var num = new Number(val);
+                    innerHtml = "<span class='text-danger'>" + num.toFixed(1) + "% </span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+
+            }},
+            {targets: 8, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:admin-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+             }}],
+        ajax_url: '{% url "api-assets:admin-user-list" %}',
+        columns: [{data: function(){return ""}}, {data: "name" }, {data: "username" }, {data: "assets_amount" },
+                  {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }]
+    };
+    jumpserver.initDataTable(options);
+})
+
+.on('click', '.btn_admin_user_delete', function () {
+	var $this = $(this);
+	var $data_table = $("#admin_user_list_table").DataTable();
+	var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+	var uid = $this.data('uid');
+	var the_url = '{% url "api-assets:admin-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+	objectDelete($this, name, the_url);
+	setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+
+});
+</script>
+{% endblock %}
+
+
+
--- a/apps/assets/templates/assets/asset_bulk_update.html
+++ b/apps/assets/templates/assets/asset_bulk_update.html
@@ -0,0 +1,69 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block form %}
+<div class="ydxbd" id="formlists" style="display: block;">
+    <p id="tags_p" class="mgl-5 c02">选择需要修改属性</p>
+    <div class="tagBtnList">
+        <a class="label label-primary" id="change_all" value="1">全选</a>
+        {% for field in form %}
+            {% if field.name != 'assets' %}
+             <a data-id="{{ field.id_for_label }}" class="label label-default label-primary field-tag" value="1">{{ field.label }}</a>
+            {% endif %}
+        {% endfor %}
+    </div>
+</div>
+<form method="post" class="form-horizontal" id="add_form">
+    {% csrf_token %}
+    {% bootstrap_form form layout="horizontal" %}
+    <div class="form-group abc">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+            <button class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+</form>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script>
+    $(document).ready(function () {
+        $('.select2').select2();
+    }).on('click', '.field-tag', function() {
+        changeField(this);
+    }).on('click', '#change_all', function () {
+        var tag_fields = $('.field-tag');
+        var $this = $(this);
+        var active = '1';
+        if ($this.attr('value') == '0'){
+            active = '0';
+            $this.attr('value', '1').addClass('label-primary')
+        } else {
+            active = '1';
+            $this.attr('value', '0').removeClass('label-primary')
+        }
+        $.each(tag_fields, function (k, v) {
+            changeField(v, active)
+        })
+    });
+
+    function changeField(obj, active) {
+        var $this = $(obj);
+        var field_id = $this.data('id');
+        if (!active) {
+            active = $this.attr('value');
+        }
+        if (active == '0') {
+            $this.attr('value', '1').addClass('label-primary');
+            var form_groups = $('#add_form .form-group:not(.abc)');
+            form_groups.filter(':has(#'  + field_id + ')').show().find('select,input').prop('disabled', false)
+        } else {
+            $this.attr('value', '0').removeClass('label-primary');
+            var form_groups = $('#add_form .form-group:not(.abc)');
+            form_groups.filter(':has(#'  + field_id + ')').hide().find('select,input').prop('disabled', true)
+        }
+    }
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/asset_create.html
+++ b/apps/assets/templates/assets/asset_create.html
@@ -0,0 +1,89 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load asset_tags %}
+{% load common_tags %}
+
+{% block form %}
+    <form action="" method="post" class="form-horizontal">
+    {% if form.non_field_errors %}
+         <div class="alert alert-danger">
+             {{ form.non_field_errors }}
+         </div>
+    {% endif %}
+    {% csrf_token %}
+    <h3>{% trans 'Basic' %}</h3>
+    {% bootstrap_field form.hostname layout="horizontal" %}
+    {% bootstrap_field form.ip layout="horizontal" %}
+    {% bootstrap_field form.port layout="horizontal" %}
+    {% bootstrap_field form.platform layout="horizontal" %}
+    {% bootstrap_field form.public_ip layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Auth' %}</h3>
+    {% bootstrap_field form.admin_user layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Node' %}</h3>
+    {% bootstrap_field form.nodes layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Labels' %}</h3>
+    <div class="form-group {% if form.errors.labels %} has-error {% endif %}">
+        <label for="{{ form.labels.id_for_label }}" class="col-md-2 control-label">{% trans 'Label' %}</label>
+        <div class="col-md-9">
+            <select name="labels" class="select2 labels" data-placeholder="{% trans 'Select labels' %}" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
+                {% for name, labels in form.labels.field.queryset|group_labels %}
+                <optgroup label="{{ name }}">
+                    {% for label in labels %}
+                        {% if label in form.labels.initial %}
+                            <option value="{{ label.id }}" selected>{{ label.value }}</option>
+                        {% else %}
+                            <option value="{{ label.id }}">{{ label.value }}</option>
+                        {% endif %}
+                    {% endfor %}
+                </optgroup>
+                {% endfor %}
+            </select>
+            {% if form.errors.labels %}
+                {% for e in form.errors.labels %}
+                    <div class="help-block">{{ e }}</div>
+                {% endfor %}
+            {% endif %}
+        </div>
+    </div>
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Other' %}</h3>
+    {% bootstrap_field form.comment layout="horizontal" %}
+    {% bootstrap_field form.is_active layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+    </form>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script>
+function format(item) {
+   var group = item.element.parentElement.label;
+   return group + ':' + item.text;
+}
+
+$(document).ready(function () {
+    $('.select2').select2({
+        allowClear: true
+    });
+    $(".labels").select2({
+        allowClear: true,
+        templateSelection: format
+    });
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/asset_detail.html
+++ b/apps/assets/templates/assets/asset_detail.html
@@ -0,0 +1,364 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
+    <link href='{% static "css/plugins/sweetalert/sweetalert.css" %}' rel="stylesheet">
+    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
+    <script src='{% static "js/plugins/sweetalert/sweetalert.min.js" %}'></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li class="active">
+                                <a href="{% url 'assets:asset-detail' pk=asset.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Asset detail' %} </a>
+                            </li>
+                            {% if user.is_superuser %}
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:asset-update' pk=asset.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-danger btn-delete-asset">
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
+                                </a>
+                            </li>
+                            {% endif %}
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-7" style="padding-left: 0">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span class="label"><b>{{ asset.hostname }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td width="20%">{% trans 'Hostname' %}:</td>
+                                            <td><b>{{ asset.hostname }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'IP' %}:</td>
+                                            <td><b>{{ asset.ip }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Public IP' %}:</td>
+                                            <td><b>{{ asset.public_ip|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Port' %}:</td>
+                                            <td><b>{{ asset.port }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Admin user' %}:</td>
+                                            <td><b>{{ asset.admin_user }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Vendor' %}:</td>
+                                            <td><b>{{ asset.vendor|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Model' %}:</td>
+                                            <td><b>{{ asset.model|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'CPU' %}:</td>
+                                            <td><b>{{ asset.cpu_model|default:"" }} {{ asset.cpu_count|default:"" }}*{{ asset.cpu_cores|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Memory' %}:</td>
+                                            <td><b>{{ asset.memory|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Disk' %}:</td>
+                                            <td><b>{{ asset.disk_total|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Platform' %}:</td>
+                                            <td><b>{{ asset.platform|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'OS' %}:</td>
+                                            <td><b>{{ asset.os|default:"" }} {{ asset.os_version|default:"" }} {{ asset.os_arch|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Is active' %}:</td>
+                                            <td><b>{{ asset.is_active|yesno:"Yes,No" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Serial number' %}:</td>
+                                            <td><b>{{ asset.sn|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Asset number' %}:</td>
+                                            <td><b>{{ asset.number|default:"" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Created by' %}:</td>
+                                            <td><b>{{ asset.created_by }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Date joined' %}:</td>
+                                            <td><b>{{ asset.date_joined|date:"Y-m-j H:i:s" }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Comment' %}:</td>
+                                            <td><b>{{ asset.comment }}</b></td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        {% if user.is_superuser %}
+                        <div class="col-sm-5" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick modify' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                          <td width="50%">{% trans 'Active' %}:</td>
+                                            <td>
+                                              <span class="pull-right">
+                                                  <div class="switch">
+                                                      <div class="onoffswitch">
+                                                          <input type="checkbox" {% if asset.is_active %} checked {% endif %}  class="onoffswitch-checkbox" id="is_active">
+                                                          <label class="onoffswitch-label" for="is_active">
+                                                              <span class="onoffswitch-inner"></span>
+                                                              <span class="onoffswitch-switch"></span>
+                                                          </label>
+                                                      </div>
+                                                  </div>
+                                              </span>
+                                          </td>
+                                        </tr>
+                                        {% if asset.is_unixlike %}
+                                        <tr>
+                                            <td>{% trans 'Refresh hardware' %}:</td>
+                                            <td>
+                                                <span class="pull-right">
+                                                    <button type="button" class="btn btn-primary btn-xs" id="btn_refresh_asset" style="width: 54px">{% trans 'Refresh' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Test connective' %}:</td>
+                                            <td>
+                                                <span class="pull-right">
+                                                    <button type="button" class="btn btn-primary btn-xs" id="btn-test-is-alive" style="width: 54px">{% trans 'Test' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        {% endif %}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+
+                            <div class="panel panel-info">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Nodes' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table group_edit" id="add-asset2group">
+                                        <tbody>
+                                        <form>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <select data-placeholder="{% trans 'Nodes' %}" id="groups_selected" class="select2 groups" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for node in nodes_remain %}
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node.name }}</option>
+                                                        {% endfor %}
+                                                    </select>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <button type="button" class="btn btn-info btn-sm" id="btn-update-nodes">{% trans 'Confirm' %}</button>
+                                                </td>
+                                            </tr>
+                                        </form>
+
+                                        {% for node in asset.nodes.all %}
+                                        <tr>
+                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node.name }}</b></td>
+                                          <td>
+                                              <button class="btn btn-danger pull-right btn-xs btn-leave-node" type="button"><i class="fa fa-minus"></i></button>
+                                          </td>
+                                        </tr>
+                                        {% endfor %}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+
+                            <div class="panel panel-warning">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Labels' %}
+                                </div>
+                                <div class="panel-body">
+                                    <ul class="tag-list" style="padding: 0">
+                                        {% for label in asset.labels.all %}
+                                            <li ><a href=""><i class="fa fa-tag"></i> {{ label.name }}:{{ label.value }}</a></li>
+                                        {% endfor %}
+                                    </ul>
+                                </div>
+                            </div>
+                        {% endif %}
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+jumpserver.nodes_selected = {};
+function updateAssetNodes(nodes) {
+    var the_url = "{% url 'api-assets:asset-detail' pk=asset.id %}";
+    var body = {
+        nodes: Object.assign([], nodes)
+    };
+    var success = function(data) {
+        // remove all the selected groups from select > option and rendered ul element;
+        $('.select2-selection__rendered').empty();
+        $('#groups_selected').val('');
+        $.map(jumpserver.nodes_selected, function(group_name, index) {
+            $('#opt_' + index).remove();
+            // change tr html of user groups.
+            $('#add-asset2group tbody').append(
+                '<tr>' +
+                '<td><b class="bdg_node" data-gid="' + index + '">' + group_name + '</b></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn-leave-node" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '</tr>'
+            )
+        });
+        // clear jumpserver.groups_selected
+        jumpserver.nodes_selected = {};
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        success: success
+    });
+}
+
+function refreshAssetHardware() {
+    var the_url = "{% url 'api-assets:asset-refresh' pk=asset.id %}";
+    var success = function (data) {
+        location.reload();
+    };
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        success: success,
+        error: error,
+        method: 'GET'
+    });
+}
+
+
+$(document).ready(function () {
+    $('.select2.groups').select2().on('select2:select', function(evt) {
+        var data = evt.params.data;
+        jumpserver.nodes_selected[data.id] = data.text;
+    }).on('select2:unselect', function(evt) {
+        var data = evt.params.data;
+        delete jumpserver.nodes_selected[data.id]
+    });
+}).on('click', '#is_active', function () {
+    var the_url = '{% url "api-assets:asset-detail" pk=asset.id %}';
+    var checked = $(this).prop('checked');
+    var body = {
+        'is_active': checked
+    };
+    var success = '{% trans "Update successfully!" %}';
+    var status = $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").text();
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        success_message: success
+    });
+    if (status === "False") {
+            $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('True');
+    }else{
+            $(".ibox-content > table > tbody > tr:nth-child(13) > td:last >b").html('False');
+    }
+}).on('click', '#btn-update-nodes', function () {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
+       return false;
+    }
+    var nodes = $('.bdg_node').map(function() {
+        return $(this).data('gid');
+    }).get();
+    $.map(jumpserver.nodes_selected, function(value, index) {
+        nodes.push(index);
+        $('#opt_' + index).remove();
+    });
+    updateAssetNodes(nodes)
+}).on('click', '.btn-leave-node', function() {
+    var $this = $(this);
+    var $tr = $this.closest('tr');
+    var $badge = $tr.find('.bdg_node');
+    var gid = $badge.data('gid');
+    var group_name = $badge.html() || $badge.text();
+    $('#groups_selected').append(
+        '<option value="' + gid + '" id="opt_' + gid + '">' + group_name + '</option>'
+    );
+    $tr.remove();
+    var groups = $('.bdg_node').map(function () {
+        return $(this).data('gid');
+    }).get();
+    updateAssetNodes(groups)
+}).on('click', '.btn-delete-asset', function () {
+    var $this = $(this);
+    var name = "{{ asset.hostname }}";
+    var uid = "{{ asset.id }}";
+    var the_url = '{% url "api-assets:asset-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    var redirect_url = "{% url 'assets:asset-list' %}";
+    objectDelete($this, name, the_url, redirect_url);
+}).on('click', '#btn_refresh_asset', function () {
+    alert('关闭alert, 等待完成, 自动刷新页面');
+    refreshAssetHardware()
+}).on('click', '#btn-test-is-alive', function () {
+    var the_url = "{% url 'api-assets:asset-alive-test' pk=asset.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    alert('关闭alert, 等待完成');
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success_message: "{% trans "Reachable" %}"
+    });
+})
+
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/asset_list.html
+++ b/apps/assets/templates/assets/asset_list.html
@@ -0,0 +1,661 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block help_message %}
+    <div class="alert alert-info help-message">
+    左侧是资产树，右击可以新建、删除、更改树节点，授权资产也是以节点方式组织的，右侧是属于该节点下的资产
+    </div>
+{% endblock %}
+
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/ztree/awesomeStyle/awesome.css' %}" rel="stylesheet">
+    <script type="text/javascript" src="{% static 'js/plugins/ztree/jquery.ztree.all.min.js' %}"></script>
+    <script src="{% static 'js/jquery.form.min.js' %}"></script>
+	<style type="text/css">
+        div#rMenu {
+            position:absolute;
+            visibility:hidden;
+            text-align: left;
+            top: 100%;
+            left: 0;
+            z-index: 1000;
+            float: left;
+            padding: 5px 0;
+            margin: 2px 0 0;
+            list-style: none;
+            background-clip: padding-box;
+        }
+        div#rMenu li{
+        	margin: 1px 0;
+        	cursor: pointer;
+        	{#list-style: none outside none;#}
+        }
+        .dropdown a:hover {
+            background-color: #f1f1f1
+        }
+	</style>
+
+{% endblock %}
+
+{% block content %}
+<div class="wrapper wrapper-content">
+   <div class="row">
+       <div class="col-lg-3" id="split-left">
+           <div class="ibox float-e-margins">
+               <div class="ibox-content mailbox-content" style="padding-top: 0">
+                   <div class="file-manager ">
+                       <div id="assetTree" class="ztree">
+                       </div>
+
+                       <div class="clearfix"></div>
+                   </div>
+               </div>
+           </div>
+       </div>
+       <div class="col-lg-9 animated fadeInRight" id="split-right">
+           <div class="tree-toggle">
+               <div class="btn btn-sm btn-primary tree-toggle-btn" onclick="toggle()">
+                   <i class="fa fa-angle-left fa-x" id="toggle-icon"></i>
+               </div>
+           </div>
+               <div class="mail-box-header">
+                   <div class="uc pull-left m-r-5"><a class="btn btn-sm btn-primary btn-create-asset"> {% trans "Create asset" %} </a></div>
+                    <div class="html5buttons">
+                        <div class="dt-buttons btn-group">
+                            <a class="btn btn-default btn_import" data-toggle="modal" data-target="#asset_import_modal" tabindex="0">
+                                <span>{% trans "Import" %}</span>
+                            </a>
+                            <a class="btn btn-default btn_export" tabindex="0">
+                                <span>{% trans "Export" %}</span>
+                            </a>
+                        </div>
+                    </div>
+                   <div class="btn-group" style="float: right">
+                       <button data-toggle="dropdown" class="btn btn-default btn-sm dropdown-toggle">{% trans 'Label' %} <span class="caret"></span></button>
+                       <ul class="dropdown-menu labels">
+                           {% for label in labels %}
+                               <li><a style="font-weight: bolder">{{ label.name }}:{{ label.value }}</a></li>
+                           {% endfor %}
+                       </ul>
+                   </div>
+                   <table class="table table-striped table-bordered table-hover " id="asset_list_table" style="width: 100%">
+                       <thead>
+                           <tr>
+                               <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+                               <th class="text-center">{% trans 'Hostname' %}</th>
+                               <th class="text-center">{% trans 'IP' %}</th>
+                               <th class="text-center">{% trans 'Hardware' %}</th>
+                               <th class="text-center">{% trans 'Active' %}</th>
+                               <th class="text-center">{% trans 'Reachable' %}</th>
+                               <th class="text-center">{% trans 'Action' %}</th>
+                           </tr>
+                       </thead>
+                       <tbody>
+                       </tbody>
+                   </table>
+                   <div id="actions" class="hide">
+                       <div class="input-group">
+                           <select class="form-control m-b" style="width: auto" id="slct_bulk_update">
+                               <option value="delete">{% trans 'Delete selected' %}</option>
+                               <option value="update">{% trans 'Update selected' %}</option>
+                               <option value="remove">{% trans 'Remove from this node' %}</option>
+                               <option value="deactive">{% trans 'Deactive selected' %}</option>
+                               <option value="active">{% trans 'Active selected' %}</option>
+                           </select>
+                           <div class="input-group-btn pull-left" style="padding-left: 5px;">
+                               <button id='btn_bulk_update' style="height: 32px;"  class="btn btn-sm btn-primary">
+                                {% trans 'Submit' %}
+                               </button>
+                           </div>
+                       </div>
+                   </div>
+           </div>
+       </div>
+   </div>
+</div>
+
+<div id="rMenu">
+    <ul class="dropdown-menu">
+        <li id="menu_asset_create" class="btn-create-asset" tabindex="-1"><a>{% trans 'Create asset' %}</a></li>
+        <li id="menu_asset_add" class="btn-add-asset" data-toggle="modal" data-target="#asset_list_modal" tabindex="0"><a>{% trans 'Add asset' %}</a></li>
+        <li id="menu_refresh_hardware_info" class="btn-refresh-hardware" tabindex="-1"><a>{% trans 'Refresh node hardware info' %}</a></li>
+        <li id="menu_test_connective" class="btn-test-connective" tabindex="-1"><a>{% trans 'Test node connective' %}</a></li>
+        <li class="divider"></li>
+        <li id="m_create" tabindex="-1" onclick="addTreeNode();"><a>{% trans 'Add node' %}</a></li>
+        <li id="m_del" tabindex="-1" onclick="editTreeNode();"><a>{% trans 'Rename node' %}</a></li>
+        <li class="divider"></li>
+        <li id="m_del" tabindex="-1" onclick="removeTreeNode();"><a>{% trans 'Delete node' %}</a></li>
+    </ul>
+</div>
+
+{% include 'assets/_asset_import_modal.html' %}
+{% include 'assets/_asset_list_modal.html' %}
+{% endblock %}
+
+{% block custom_foot_js %}
+<script>
+var zTree, rMenu, asset_table, show = 0;
+function initTable() {
+    var options = {
+        ele: $('#asset_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
+                var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 3, createdCell: function (td, cellData, rowData) {
+                $(td).html(rowData.hardware_info)
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                if (cellData === 'Unknown'){
+                    $(td).html('<i class="fa fa-circle text-warning"></i>')
+                } else if (!cellData) {
+                    $(td).html('<i class="fa fa-circle text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-circle text-navy"></i>')
+                }
+            }},
+            {targets: 6, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:asset-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_asset_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+            }}
+        ],
+        ajax_url: '{% url "api-assets:asset-list" %}',
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" },
+            {data: "cpu_cores"}, {data: "is_active", orderable: false },
+            {data: "is_connective", orderable: false}, {data: "id", orderable: false }
+        ],
+        op_html: $('#actions').html()
+    };
+    asset_table = jumpserver.initServerSideDataTable(options);
+    return asset_table
+}
+
+
+function addTreeNode() {
+	hideRMenu();
+	var parentNode = zTree.getSelectedNodes()[0];
+	if (!parentNode){
+	    return
+    }
+    var url = "{% url 'api-assets:node-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", parentNode.id );
+    $.post(url,  {}, function (data, status){
+        if (status === "success") {
+            var newNode = {
+                name: data["value"],
+                id: data["id"],
+                pId: parentNode.id
+            };
+            newNode.checked = zTree.getSelectedNodes()[0].checked;
+            zTree.addNodes(parentNode, 0, newNode);
+        } else {
+            alert("{% trans 'Create node failed' %}")
+        }
+    });
+}
+
+function removeTreeNode() {
+	hideRMenu();
+	var current_node = zTree.getSelectedNodes()[0];
+	if (!current_node){
+	    return
+    }
+
+	if (current_node.children && current_node.children.length > 0) {
+		alert("{% trans 'Have child node, cancel' %}")
+	} else {
+        var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", current_node.id );
+		$.ajax({
+            url: url,
+            method: "DELETE",
+            success: function () {
+                zTree.removeNode(current_node);
+            }
+        });
+	}
+}
+
+function editTreeNode() {
+    hideRMenu();
+	var current_node = zTree.getSelectedNodes()[0];
+	if (!current_node){
+	    return
+    }
+    if (current_node.value) {
+        current_node.name = current_node.value;
+    }
+    zTree.editName(current_node);
+}
+
+
+function OnRightClick(event, treeId, treeNode) {
+    if (!treeNode && event.target.tagName.toLowerCase() !== "button" && $(event.target).parents("a").length === 0) {
+		zTree.cancelSelectedNode();
+		showRMenu("root", event.clientX, event.clientY);
+	} else if (treeNode && !treeNode.noR) {
+		zTree.selectNode(treeNode);
+		showRMenu("node", event.clientX, event.clientY);
+	}
+}
+
+function showRMenu(type, x, y) {
+	$("#rMenu ul").show();
+	{#if (type === "root") {#}
+	{#	return#}
+	{# } else {#}
+	{#	$("#m_del").show();#}
+	{#	$("#m_check").show();#}
+	{#	$("#m_unCheck").show();#}
+	{# }#}
+    x -= 220;
+    rMenu.css({"top":y+"px", "left":x+"px", "visibility":"visible"});
+
+	$("body").bind("mousedown", onBodyMouseDown);
+}
+
+function beforeClick(treeId, treeNode, clickFlag) {
+    return true;
+}
+
+function hideRMenu() {
+	if (rMenu) rMenu.css({"visibility": "hidden"});
+	$("body").unbind("mousedown", onBodyMouseDown);
+}
+
+function onBodyMouseDown(event){
+	if (!(event.target.id === "rMenu" || $(event.target).parents("#rMenu").length>0)) {
+		rMenu.css({"visibility" : "hidden"});
+	}
+}
+
+
+function onRename(event, treeId, treeNode, isCancel){
+    var url = "{% url 'api-assets:node-detail' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", treeNode.id);
+    var data = {"value": treeNode.name};
+    if (isCancel){
+        return
+    }
+    APIUpdateAttr({
+        url: url,
+        body: JSON.stringify(data),
+        method: "PATCH"
+    })
+}
+
+function onSelected(event, treeNode) {
+    var url = asset_table.ajax.url();
+    url = setUrlParam(url, "node_id", treeNode.id);
+    setCookie('node_selected', treeNode.id);
+    asset_table.ajax.url(url);
+    asset_table.ajax.reload();
+}
+
+function selectQueryNode() {
+    var query_node_id = $.getUrlParam("node");
+    var cookie_node_id = getCookie('node_selected');
+    var node;
+    var node_id;
+
+    if (query_node_id !== null) {
+        node_id = query_node_id
+    } else if (cookie_node_id !== null) {
+        node_id = cookie_node_id;
+    }
+
+    node = zTree.getNodesByParam("id", node_id, null);
+    if (node){
+        zTree.selectNode(node[0]);
+    }
+}
+
+function beforeDrag() {
+    return true
+}
+
+function beforeDrop(treeId, treeNodes, targetNode, moveType) {
+    var treeNodesNames = [];
+    $.each(treeNodes, function (index, value) {
+        treeNodesNames.push(value.value);
+    });
+
+    var msg = "你想移动节点: `" + treeNodesNames.join(",") + "` 到 `" + targetNode.value + "` 下吗?";
+    if (confirm(msg)){
+        return true
+    } else {
+        return false
+    }
+}
+
+function onDrag(event, treeId, treeNodes) {
+}
+
+function onDrop(event, treeId, treeNodes, targetNode, moveType) {
+    var treeNodesIds = [];
+    $.each(treeNodes, function (index, value) {
+        treeNodesIds.push(value.id);
+    });
+
+    var the_url = "{% url 'api-assets:node-add-children' pk=DEFAULT_PK %}".replace("{{ DEFAULT_PK }}", targetNode.id);
+    var body = {nodes: treeNodesIds};
+    APIUpdateAttr({
+        url: the_url,
+        method: "PUT",
+        body: JSON.stringify(body)
+    })
+}
+
+function initTree() {
+    var setting = {
+        view: {
+            dblClickExpand: false,
+            showLine: true
+        },
+        data: {
+            simpleData: {
+                enable: true
+            }
+        },
+        edit: {
+            enable: true,
+			showRemoveBtn: false,
+			showRenameBtn: false,
+            drag: {
+                isCopy: true,
+                isMove: true
+            }
+        },
+        callback: {
+            onRightClick: OnRightClick,
+            beforeClick: beforeClick,
+            onRename: onRename,
+            onSelected: onSelected,
+            beforeDrag: beforeDrag,
+            onDrag: onDrag,
+            beforeDrop: beforeDrop,
+            onDrop: onDrop
+        }
+    };
+
+    var zNodes = [];
+    $.get("{% url 'api-assets:node-list' %}", function(data, status){
+        $.each(data, function (index, value) {
+            value["pId"] = value["parent"];
+            {#if (value["key"] === "0") {#}
+            value["open"] = true;
+            {# }#}
+            value["name"] = value["value"] + ' (' + value['assets_amount'] + ')';
+            value['value'] = value['value'];
+        });
+        zNodes = data;
+        $.fn.zTree.init($("#assetTree"), setting, zNodes);
+        zTree = $.fn.zTree.getZTreeObj("assetTree");
+		rMenu = $("#rMenu");
+		selectQueryNode();
+    });
+}
+
+function toggle() {
+    if (show === 0) {
+        $("#split-left").hide(500, function () {
+            $("#split-right").attr("class", "col-lg-12");
+            $("#toggle-icon").attr("class", "fa fa-angle-right fa-x");
+            show = 1;
+        });
+    } else {
+        $("#split-right").attr("class", "col-lg-9");
+        $("#toggle-icon").attr("class", "fa fa-angle-left fa-x");
+        $("#split-left").show(500);
+        show = 0;
+    }
+}
+
+$(document).ready(function(){
+    initTable();
+    initTree();
+})
+.on('click', '.labels li', function () {
+    var val = $(this).text();
+    $("#asset_list_table_filter input").val(val);
+    asset_table.search(val).draw();
+ })
+.on('click', '.btn_export', function () {
+    var $data_table = $('#asset_list_table').DataTable();
+    var rows = $data_table.rows('.selected').data();
+    var assets = [];
+    $.each(rows, function (index, obj) {
+        assets.push(obj.id)
+    });
+    $.ajax({
+        url: "{% url "assets:asset-export" %}",
+        method: 'POST',
+        data: JSON.stringify({assets_id: assets}),
+        dataType: "json",
+        success: function (data, textStatus) {
+            window.open(data.redirect)
+        },
+        error: function () {
+            toastr.error('Export failed');
+        }
+    })
+})
+.on('click', '#btn_asset_import', function () {
+    var $form = $('#fm_asset_import');
+    $form.find('.help-block').remove();
+    function success (data) {
+        if (data.valid === false) {
+            $('<span />', {class: 'help-block text-danger'}).html(data.msg).insertAfter($('#id_assets'));
+        } else {
+            $('#id_created').html(data.created_info);
+            $('#id_created_detail').html(data.created.join(', '));
+            $('#id_updated').html(data.updated_info);
+            $('#id_updated_detail').html(data.updated.join(', '));
+            $('#id_failed').html(data.failed_info);
+            $('#id_failed_detail').html(data.failed.join(', '));
+            var $data_table = $('#asset_list_table').DataTable();
+            $data_table.ajax.reload();
+        }
+    }
+    $form.ajaxSubmit({success: success});
+})
+.on('click', '.btn-create-asset', function () {
+    var url = "{% url 'assets:asset-create' %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+        url += "?node_id=" + current_node.id;
+    }
+    window.open(url, '_self');
+})
+.on('click', '.btn-refresh-hardware', function () {
+    var url = "{% url 'api-assets:node-refresh-hardware-info' pk=DEFAULT_PK %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+    } else {
+        return null;
+    }
+
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.id);
+    function success() {
+        rMenu.css({"visibility" : "hidden"});
+    }
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success_message: "更新硬件信息任务下发成功",
+        success: success
+    });
+
+})
+.on('click', '.btn-test-connective', function () {
+    var url = "{% url 'api-assets:node-test-connective' pk=DEFAULT_PK %}";
+    var nodes = zTree.getSelectedNodes();
+    var current_node;
+    if (nodes && nodes.length ===1 ){
+        current_node = nodes[0];
+    } else {
+        return null;
+    }
+
+    var the_url = url.replace("{{ DEFAULT_PK }}", current_node.id);
+    function success() {
+        rMenu.css({"visibility" : "hidden"});
+    }
+    APIUpdateAttr({
+        url: the_url,
+        method: "GET",
+        success_message: "测试可连接性任务下发成功",
+        success: success
+    });
+})
+.on('click', '.btn_asset_delete', function () {
+    var $this = $(this);
+    var $data_table = $("#asset_list_table").DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:asset-detail" pk=DEFAULT_PK %}'.replace("{{ DEFAULT_PK }}", uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+})
+.on('click', '#btn_bulk_update', function () {
+    var action = $('#slct_bulk_update').val();
+    var $data_table = $('#asset_list_table').DataTable();
+    var id_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        id_list.push(this.data().id);
+    });
+    if (id_list.length === 0) {
+        return false;
+    }
+    var the_url = "{% url 'api-assets:asset-list' %}";
+
+    function doDeactive() {
+        var data = [];
+        $.each(id_list, function(index, object_id) {
+            var obj = {"pk": object_id, "is_active": false};
+            data.push(obj);
+        });
+        function success() {
+            asset_table.ajax.reload()
+        }
+        APIUpdateAttr({
+            url: the_url,
+            method: 'PATCH',
+            body: JSON.stringify(data),
+            success: success
+        });
+    }
+    function doActive() {
+        var data = [];
+        $.each(id_list, function(index, object_id) {
+            var obj = {"pk": object_id, "is_active": true};
+            data.push(obj);
+        });
+        function success() {
+            asset_table.ajax.reload()
+        }
+        APIUpdateAttr({
+            url: the_url,
+            method: 'PATCH',
+            body: JSON.stringify(data),
+            success: success
+        });
+    }
+    function doDelete() {
+        swal({
+            title: "{% trans 'Are you sure?' %}",
+            text: "{% trans 'This will delete the selected assets !!!' %}",
+            type: "warning",
+            showCancelButton: true,
+            confirmButtonColor: "#DD6B55",
+            confirmButtonText: "{% trans 'Confirm' %}",
+            closeOnConfirm: false
+        }, function() {
+            var success = function() {
+                var msg = "{% trans 'Asset Deleted.' %}";
+                swal("{% trans 'Asset Delete' %}", msg, "success");
+                $('#asset_list_table').DataTable().ajax.reload();
+            };
+            var fail = function() {
+                var msg = "{% trans 'Asset Deleting failed.' %}";
+                swal("{% trans 'Asset Delete' %}", msg, "error");
+            };
+            var url_delete = the_url + '?id__in=' + JSON.stringify(id_list);
+            APIUpdateAttr({
+                url: url_delete,
+                method: 'DELETE',
+                success: success,
+                error: fail
+            });
+            $data_table.ajax.reload();
+            jumpserver.checked = false;
+        });
+    }
+    function doUpdate() {
+        var id_list_string = id_list.join(',');
+        var url = "{% url 'assets:asset-bulk-update' %}?assets_id=" + id_list_string;
+        location.href = url
+    }
+
+    function doRemove() {
+        var current_node;
+        var nodes = zTree.getSelectedNodes();
+        if (nodes && nodes.length === 1) {
+            current_node = nodes[0]
+        } else {
+            return
+        }
+
+        var data = {
+            'assets': id_list
+        };
+
+        var success = function () {
+            asset_table.ajax.reload()
+        };
+
+        APIUpdateAttr({
+            'url': '/api/assets/v1/nodes/' + current_node.id + '/assets/remove/',
+            'method': 'PUT',
+            'body': JSON.stringify(data),
+            'success': success
+        })
+    }
+    switch(action) {
+        case 'deactive':
+            doDeactive();
+            break;
+        case 'delete':
+            doDelete();
+            break;
+        case 'update':
+            doUpdate();
+            break;
+        case 'active':
+            doActive();
+            break;
+        case 'remove':
+            doRemove();
+            break;
+        default:
+            break;
+    }
+});
+</script>
+
+{% endblock %}
--- a/apps/assets/templates/assets/asset_update.html
+++ b/apps/assets/templates/assets/asset_update.html
@@ -0,0 +1,93 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load asset_tags %}
+{% load common_tags %}
+
+{% block custom_head_css_js_create %}
+    <link href="{% static "css/plugins/inputTags.css" %}" rel="stylesheet">
+    <script src="{% static "js/plugins/inputTags.jquery.min.js" %}"></script>
+{% endblock %}
+
+{% block form %}
+    <form action="" method="post" class="form-horizontal">
+    {% if form.no_field_errors %}
+         <div class="alert alert-danger">
+             {{ form.non_field_errors }}
+         </div>
+    {% endif %}
+    {% csrf_token %}
+    <h3>{% trans 'Basic' %}</h3>
+    {% bootstrap_field form.hostname layout="horizontal" %}
+    {% bootstrap_field form.ip layout="horizontal" %}
+    {% bootstrap_field form.port layout="horizontal" %}
+    {% bootstrap_field form.platform layout="horizontal" %}
+    {% bootstrap_field form.public_ip layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Auth' %}</h3>
+    {% bootstrap_field form.admin_user layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Node' %}</h3>
+    {% bootstrap_field form.nodes layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Labels' %}</h3>
+    <div class="form-group">
+        <label for="{{ form.labels.id_for_label }}" class="col-md-2 control-label">{% trans 'Label' %}</label>
+        <div class="col-md-9">
+            <select name="labels" class="select2 labels" data-placeholder="Select labels" style="width: 100%" multiple="" tabindex="4" id="{{ form.labels.id_for_label }}">
+                {% for name, labels in form.labels.field.queryset|group_labels %}
+                <optgroup label="{{ name }}">
+                    {% for label in labels %}
+                        {% if label in form.labels.initial %}
+                            <option value="{{ label.id }}" selected>{{ label.value }}</option>
+                        {% else %}
+                            <option value="{{ label.id }}">{{ label.value }}</option>
+                        {% endif %}
+                    {% endfor %}
+                </optgroup>
+                {% endfor %}
+            </select>
+        </div>
+    </div>
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Configuration' %}</h3>
+    {% bootstrap_field form.number layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <h3>{% trans 'Other' %}</h3>
+    {% bootstrap_field form.comment layout="horizontal" %}
+    {% bootstrap_field form.is_active layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-white" type="reset">{% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+
+</form>
+{% endblock %}
+
+{% block custom_foot_js %}
+    <script>
+    function format(item) {
+        var group = item.element.parentElement.label;
+        return group + ':' + item.text;
+    }
+    $(document).ready(function () {
+        $('.select2').select2({
+            allowClear: true
+        });
+        $(".labels").select2({
+            allowClear: true,
+            templateSelection: format
+        });
+    })
+    </script>
+{% endblock %}
--- a/apps/assets/templates/assets/delete_confirm.html
+++ b/apps/assets/templates/assets/delete_confirm.html
@@ -0,0 +1,15 @@
+{% load i18n %}
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>{% trans 'Confirm delete' %}</title>
+</head>
+<body>
+<form action="" method="post">
+    {% csrf_token %}
+    <p>{% trans 'Are you sure delete' %} <b>{{ object.name }} </b> ?</p>
+    <input type="submit" value="Confirm" />
+</form>
+</body>
+</html>
--- a/apps/assets/templates/assets/label_create_update.html
+++ b/apps/assets/templates/assets/label_create_update.html
@@ -0,0 +1,31 @@
+{% extends '_base_create_update.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+
+{% block form %}
+<form id="groupForm" method="post" class="form-horizontal">
+    {% csrf_token %}
+    {% bootstrap_field form.name layout="horizontal" %}
+    {% bootstrap_field form.value layout="horizontal" %}
+    {% bootstrap_field form.assets layout="horizontal" %}
+
+    <div class="hr-line-dashed"></div>
+    <div class="form-group">
+        <div class="col-sm-4 col-sm-offset-2">
+            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+        </div>
+    </div>
+</form>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script type="text/javascript">
+    $(document).ready(function () {
+        $('.select2').select2({
+            closeOnSelect: false
+        });
+    });
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/label_list.html
+++ b/apps/assets/templates/assets/label_list.html
@@ -0,0 +1,70 @@
+{% extends '_base_list.html' %}
+{% load i18n static %}
+{% block table_search %}{% endblock %}
+{% block table_container %}
+<div class="uc pull-left  m-r-5">
+    <a href="{% url 'assets:label-create' %}" class="btn btn-sm btn-primary"> {% trans "Create label" %} </a>
+</div>
+<table class="table table-striped table-bordered table-hover " id="label_list_table" >
+    <thead>
+    <tr>
+        <th class="text-center">
+            <input type="checkbox" id="check_all" class="ipt_check_all" >
+        </th>
+        <th class="text-center">{% trans 'Name' %}</th>
+        <th class="text-center">{% trans 'Value' %}</th>
+        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Action' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+{% block content_bottom_left %}{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#label_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+{#                var detail_btn = '<a href="{% url "assets:label-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';#}
+                var detail_btn = '<a>' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+             }},
+
+            {targets: 4, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:label-update" pk=DEFAULT_PK %}" class="btn btn-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn-delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+             }}
+        ],
+        ajax_url: '{% url "api-assets:label-list" %}?sort=name',
+        columns: [
+            {data: "id"}, {data: "name" }, {data: "value" },
+            {data: "asset_count" }, {data: "id"}
+        ],
+        op_html: $('#actions').html()
+    };
+    jumpserver.initDataTable(options);
+}
+$(document).ready(function(){
+    initTable();
+})
+.on('click', '.btn-delete', function () {
+    var $this = $(this);
+    var $data_table = $('#label_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:label-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+});
+</script>
+{% endblock %}
+
+
+
--- a/apps/assets/templates/assets/system_user_asset.html
+++ b/apps/assets/templates/assets/system_user_asset.html
@@ -0,0 +1,166 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+    <script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+{% endblock %}
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'assets:system-user-detail' pk=system_user.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">
+                                <i class="fa fa-bar-chart-o"></i> {% trans 'Assets' %}
+                                </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span style="float: left">{% trans 'Assets of ' %} <b>{{ system_user.name }} </b><span class="badge">{{ paginator.count }}</span></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table table-hover" id="system_user_list">
+                                        <thead>
+                                            <tr>
+                                                <th>{% trans 'Hostname' %}</th>
+                                                <th>{% trans 'IP' %}</th>
+                                                <th>{% trans 'Port' %}</th>
+                                                <th>{% trans 'Reachable' %}</th>
+                                            </tr>
+                                        </thead>
+                                        <tbody>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td width="50%">{% trans 'Push system user now' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-push" style="width: 54px">{% trans 'Push' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        <tr>
+                                            <td width="50%">{% trans 'Test assets connective' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-test-connective" style="width: 54px">{% trans 'Test' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initAssetsTable() {
+    var unreachable = {{ system_user.unreachable_assets|safe}};
+    var options = {
+		ele: $('#system_user_list'),
+		buttons: [],
+		order: [],
+		columnDefs: [
+			{targets: 0, createdCell: function (td, cellData, rowData) {
+				var detail_btn = '<a href="{% url "assets:asset-detail" pk=DEFAULT_PK %}" data-aid="'+rowData.id+'">' + cellData + '</a>';
+				$(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+			}},
+			{targets: 3, createdCell: function (td, cellData) {
+				if (unreachable.indexOf(cellData) >= 0) {
+					$(td).html('<i class="fa fa-times text-danger"></i>')
+				} else {
+					$(td).html('<i class="fa fa-check text-navy"></i>')
+				}
+			}}
+		],
+		ajax_url: '{% url "api-assets:asset-list" %}?system_user_id={{ system_user.id }}',
+		columns: [{data: "hostname" }, {data: "ip" }, {data: "port" }, {data: "hostname" }],
+		op_html: $('#actions').html()
+	};
+	jumpserver.initServerSideDataTable(options);
+}
+
+$(document).ready(function () {
+	$('.select2').select2()
+	.on("select2:select", function (evt) {
+		var data = evt.params.data;
+		jumpserver.assets_selected[data.id] = data.text;
+		jumpserver.asset_groups_selected[data.id] = data.text;
+	})
+	.on('select2:unselect', function(evt) {
+		var data = evt.params.data;
+		delete jumpserver.assets_selected[data.id];
+		delete jumpserver.asset_groups_selected[data.id];
+	});
+	initAssetsTable();
+})
+.on('click', '.btn-push', function () {
+    var the_url = "{% url 'api-assets:system-user-push' pk=system_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success_message: "{% trans "Task has been send, Go to ops task list seen result" %}"
+    });
+})
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:system-user-connective' pk=system_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success_message: "{% trans "Task has been send, seen left assets status" %}"
+    });
+})
+
+
+
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/system_user_create.html
+++ b/apps/assets/templates/assets/system_user_create.html
@@ -0,0 +1,7 @@
+{% extends 'assets/_system_user.html' %}
+{% load i18n %}
+{% load static %}
+
+{% block auth %}
+    {{ block.super }}
+{% endblock %}
--- a/apps/assets/templates/assets/system_user_detail.html
+++ b/apps/assets/templates/assets/system_user_detail.html
@@ -0,0 +1,319 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load i18n %}
+
+{% block custom_head_css_js %}
+    <link href='{% static "css/plugins/select2/select2.min.css" %}' rel="stylesheet">
+    <script src='{% static "js/plugins/select2/select2.full.min.js" %}'></script>
+{% endblock %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li class="active">
+                                <a href="{% url 'assets:system-user-detail' pk=system_user.id %}" class="text-center"><i class="fa fa-laptop"></i> {% trans 'Detail' %} </a>
+                            </li>
+{#                            <li>#}
+{#                                <a href="{% url 'assets:system-user-asset' pk=system_user.id %}" class="text-center">#}
+{#                                <i class="fa fa-bar-chart-o"></i> {% trans 'Attached assets' %}#}
+{#                                </a>#}
+{#                            </li>#}
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-default" href="{% url 'assets:system-user-update' pk=system_user.id %}"><i class="fa fa-edit"></i>{% trans 'Update' %}</a>
+                            </li>
+                            <li class="pull-right">
+                                <a class="btn btn-outline btn-danger btn-del">
+                                    <i class="fa fa-trash-o"></i>{% trans 'Delete' %}
+                                </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-8" style="padding-left: 0;">
+                            <div class="ibox float-e-margins">
+                                <div class="ibox-title">
+                                    <span class="label"><b>{{ system_user.name }}</b></span>
+                                    <div class="ibox-tools">
+                                        <a class="collapse-link">
+                                            <i class="fa fa-chevron-up"></i>
+                                        </a>
+                                        <a class="dropdown-toggle" data-toggle="dropdown" href="#">
+                                            <i class="fa fa-wrench"></i>
+                                        </a>
+                                        <ul class="dropdown-menu dropdown-user">
+                                        </ul>
+                                        <a class="close-link">
+                                            <i class="fa fa-times"></i>
+                                        </a>
+                                    </div>
+                                </div>
+                                <div class="ibox-content">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td>{% trans 'Name' %}:</td>
+                                            <td><b>{{ system_user.name }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Username' %}:</td>
+                                            <td><b>{{ system_user.username }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Protocol' %}:</td>
+                                            <td><b>{{ system_user.protocol }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Sudo' %}:</td>
+                                            <td><b>{{ system_user.sudo }}</b></td>
+                                        </tr>
+                                        {% if system_user.shell %}
+                                        <tr>
+                                            <td>{% trans 'Shell' %}:</td>
+                                            <td><b>{{ system_user.shell }}</b></td>
+                                        </tr>
+                                        {% endif %}
+                                        {% if system_user.home %}
+                                        <tr>
+                                            <td>{% trans 'Home' %}:</td>
+                                            <td><b>{{ system_user.home }}</b></td>
+                                        </tr>
+                                        {% endif %}
+                                        {% if system_user.uid %}
+                                            <tr>
+                                                <td>{% trans 'Uid' %}:</td>
+                                                <td><b>{{ system_user.uid }}</b></td>
+                                            </tr>
+                                        {% endif %}
+                                        <tr>
+                                            <td>{% trans 'Date created' %}:</td>
+                                            <td><b>{{ system_user.date_created }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Created by' %}:</td>
+                                            <td><b>{{ asset_group.created_by  }}</b></td>
+                                        </tr>
+                                        <tr>
+                                            <td>{% trans 'Comment' %}:</td>
+                                            <td><b>{{ system_user.comment }}</b></td>
+                                        </tr>
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+
+                        <div class="col-sm-4" style="padding-left: 0;padding-right: 0">
+                            <div class="panel panel-primary">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Quick update' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table">
+                                        <tbody>
+                                        <tr class="no-borders-tr">
+                                            <td width="50%">{% trans 'Auto push' %}:</td>
+                                            <td>
+                                                <span class="pull-right">
+                                                    <div class="switch">
+                                                        <div class="onoffswitch">
+                                                            <input type="checkbox" {% if system_user.auto_push %} checked {% endif %} class="onoffswitch-checkbox" id="btn-auto-push">
+                                                            <label class="onoffswitch-label" for="btn-auto-push">
+                                                                <span class="onoffswitch-inner"></span>
+                                                                <span class="onoffswitch-switch"></span>
+                                                            </label>
+                                                        </div>
+                                                    </div>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        <tr class="no-borders-tr">
+                                        {% if system_user.auto_push %}
+                                            <td width="50%">{% trans 'Push system user now' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-push" style="width: 54px">{% trans 'Push' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+                                        <tr>
+                                        {% endif %}
+                                            <td width="50%">{% trans 'Test assets connective' %}:</td>
+                                            <td>
+                                                <span style="float: right">
+                                                    <button type="button" class="btn btn-primary btn-xs btn-test-connective" style="width: 54px">{% trans 'Test' %}</button>
+                                                </span>
+                                            </td>
+                                        </tr>
+
+{#                                        <tr>#}
+{#                                            <td width="50%">{% trans 'Change auth period' %}:</td>#}
+{#                                            <td>#}
+{#                                                <span style="float: right">#}
+{#                                                    <button type="button" class="btn btn-primary btn-xs" style="width: 54px">{% trans 'Reset' %}</button>#}
+{#                                                </span>#}
+{#                                            </td>#}
+{#                                        </tr>#}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                            <div class="panel panel-info">
+                                <div class="panel-heading">
+                                    <i class="fa fa-info-circle"></i> {% trans 'Nodes' %}
+                                </div>
+                                <div class="panel-body">
+                                    <table class="table node_edit" id="add-asset2group">
+                                        <tbody>
+                                        <form>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <select data-placeholder="{% trans 'Add to node' %}" id="node_selected" class="select2" style="width: 100%" multiple="" tabindex="4">
+                                                        {% for node in nodes_remain %}
+                                                        <option value="{{ node.id }}" id="opt_{{ node.id }}" >{{ node.name }}</option>
+                                                        {% endfor %}
+                                                    </select>
+                                                </td>
+                                            </tr>
+                                            <tr>
+                                                <td colspan="2" class="no-borders">
+                                                    <button type="button" class="btn btn-info btn-sm" id="btn-add-to-node">{% trans 'Confirm' %}</button>
+                                                </td>
+                                            </tr>
+                                        </form>
+
+                                        {% for node in system_user.nodes.all %}
+                                        <tr>
+                                          <td ><b class="bdg_node" data-gid={{ node.id }}>{{ node.name }}</b></td>
+                                          <td>
+                                              <button class="btn btn-danger pull-right btn-xs btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button>
+                                          </td>
+                                        </tr>
+                                        {% endfor %}
+                                        </tbody>
+                                    </table>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+function updateSystemUserCluster(nodes) {
+    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
+    var body = {
+        nodes: Object.assign([], nodes)
+    };
+    var success = function(data) {
+        // remove all the selected groups from select > option and rendered ul element;
+        $('.select2-selection__rendered').empty();
+        $('#node_selected').val('');
+        $.map(jumpserver.nodes_selected, function(node_name, index) {
+            $('#opt_' + index).remove();
+            // change tr html of user groups.
+            $('.node_edit tbody').append(
+                '<tr>' +
+                '<td><b class="bdg_node" data-gid="' + index + '">' + node_name + '</b></td>' +
+                '<td><button class="btn btn-danger btn-xs pull-right btn-remove-from-node" type="button"><i class="fa fa-minus"></i></button></td>' +
+                '</tr>'
+            )
+        });
+        // clear jumpserver.groups_selected
+        jumpserver.nodes_selected = {};
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body),
+        success: success
+    });
+}
+jumpserver.nodes_selected = {};
+$(document).ready(function () {
+    $('.select2').select2()
+    .on('select2:select', function(evt) {
+            var data = evt.params.data;
+            jumpserver.nodes_selected[data.id] = data.text;
+    })
+    .on('select2:unselect', function(evt) {
+        var data = evt.params.data;
+        delete jumpserver.nodes_selected[data.id];
+    });
+})
+.on('click', '#btn-auto-push', function () {
+    var checked = $(this).prop('checked');
+    var the_url = "{% url 'api-assets:system-user-detail' pk=system_user.id %}";
+    var body = {
+        'auto_push': checked
+    };
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(body)
+    });
+})
+.on('click', '#btn-add-to-node', function() {
+    if (Object.keys(jumpserver.nodes_selected).length === 0) {
+        return false;
+    }
+    var nodes = $('.bdg_node').map(function() {
+        return $(this).data('gid');
+    }).get();
+    $.map(jumpserver.nodes_selected, function(value, index) {
+        nodes.push(index);
+    });
+    updateSystemUserCluster(nodes);
+})
+.on('click', '.btn-remove-from-node', function() {
+    var $this = $(this);
+    var $tr = $this.closest('tr');
+    var $badge = $tr.find('.bdg_node');
+    var gid = $badge.data('gid');
+    var node_name = $badge.html() || $badge.text();
+    $('#groups_selected').append(
+        '<option value="' + gid + '" id="opt_' + gid + '">' + node_name + '</option>'
+    );
+    $tr.remove();
+    var nodes = $('.bdg_node').map(function () {
+        return $(this).data('gid');
+    }).get();
+    updateSystemUserCluster(nodes);
+}).on('click', '.btn-del', function () {
+    var $this = $(this);
+    var name = "{{ system_user.name}}";
+    var uid = "{{ system_user.id }}";
+    var the_url = '{% url "api-assets:system-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    var redirect_url = "{% url 'assets:system-user-list' %}";
+    objectDelete($this, name, the_url, redirect_url);
+})
+.on('click', '.btn-push', function () {
+    var the_url = "{% url 'api-assets:system-user-push' pk=system_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success_message: "{% trans "Task has been send, Go to ops task list seen result" %}"
+    });
+})
+.on('click', '.btn-test-connective', function () {
+    var the_url = "{% url 'api-assets:system-user-connective' pk=system_user.id %}";
+    var error = function (data) {
+        alert(data)
+    };
+    APIUpdateAttr({
+        url: the_url,
+        error: error,
+        method: 'GET',
+        success_message: "{% trans "Task has been send, seen left assets status" %}"
+    });
+})
+</script>
+{% endblock %}
--- a/apps/assets/templates/assets/system_user_list.html
+++ b/apps/assets/templates/assets/system_user_list.html
@@ -0,0 +1,173 @@
+{% extends '_base_list.html' %}
+{% load i18n %}
+
+{% block help_message %}
+    <div class="alert alert-info help-message">
+    系统用户是 Jumpserver跳转登录资产时使用的用户，可以理解为登录资产用户，如 web, sa, dba(`ssh web@some-host`), 而不是使用某个用户的用户名跳转登录服务器(`ssh xiaoming@some-host`);
+    简单来说是 用户使用自己的用户名登录Jumpserver, Jumpserver使用系统用户登录资产。
+    系统用户创建时，如果选择了自动推送 Jumpserver会使用ansible自动推送系统用户到资产中，如果资产(交换机、windows)不支持ansible, 请手动填写账号密码。
+    目前还不支持Windows的自动推送
+    </div>
+{% endblock %}
+
+{% block table_search %}
+{% endblock %}
+
+{% block table_container %}
+<div class="uc pull-left m-r-5">
+    <a href="{% url 'assets:system-user-create' %}" class="btn btn-sm btn-primary "> {% trans "Create system user" %} </a>
+</div>
+<table class="table table-striped table-bordered table-hover " id="system_user_list_table" >
+    <thead>
+    <tr>
+        <th class="text-center">
+            <input type="checkbox" id="check_all" class="ipt_check_all" >
+        </th>
+        <th class="text-center">{% trans 'Name' %}</th>
+        <th class="text-center">{% trans 'Username' %}</th>
+        <th class="text-center">{% trans 'Asset' %}</th>
+        <th class="text-center">{% trans 'Reachable' %}</th>
+        <th class="text-center">{% trans 'Unreachable' %}</th>
+        <th class="text-center">{% trans 'Ratio' %}</th>
+        <th class="text-center">{% trans 'Comment' %}</th>
+        <th class="text-center">{% trans 'Action' %}</th>
+    </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+function initTable() {
+    var options = {
+        ele: $('#system_user_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                var detail_btn = '<a href="{% url "assets:system-user-detail" pk=DEFAULT_PK %}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 4, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-navy'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData +'">' + innerHtml + '</span>');
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                var innerHtml = "";
+                if (cellData !== 0) {
+                    innerHtml = "<span class='text-danger'>" + cellData + "</span>";
+                } else {
+                    innerHtml = "<span>" + cellData + "</span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+            }},
+            {targets: 6, createdCell: function (td, cellData, rowData) {
+                var val = 0;
+                var innerHtml = "";
+                var total = rowData.assets_amount;
+                var reachable = rowData.reachable_amount;
+                if (total !== 0) {
+                    val = reachable/total * 100;
+                }
+
+                if (val === 100) {
+                    innerHtml = "<span class='text-navy'>" + val + "% </span>";
+                } else {
+                    var num = new Number(val);
+                    innerHtml = "<span class='text-danger'>" + num.toFixed(1) + "% </span>";
+                }
+                $(td).html('<span href="javascript:void(0);" data-toggle="tooltip" title="' + cellData + '">' + innerHtml + '</span>');
+
+            }},
+            {targets: 8, createdCell: function (td, cellData, rowData) {
+                var update_btn = '<a href="{% url "assets:system-user-update" pk=DEFAULT_PK %}" class="btn btn-xs m-l-xs btn-info">{% trans "Update" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                var del_btn = '<a class="btn btn-xs btn-danger m-l-xs btn_admin_user_delete" data-uid="{{ DEFAULT_PK }}">{% trans "Delete" %}</a>'.replace('{{ DEFAULT_PK }}', cellData);
+                $(td).html(update_btn + del_btn)
+            }}],
+        ajax_url: '{% url "api-assets:system-user-list" %}',
+        columns: [
+            {data: "id" }, {data: "name" }, {data: "username" }, {data: "assets_amount" },
+            {data: "reachable_amount"}, {data: "unreachable_amount"}, {data: "id"}, {data: "comment" }, {data: "id" }
+        ],
+        op_html: $('#actions').html()
+        };
+    jumpserver.initDataTable(options);
+}
+
+$(document).ready(function(){
+    initTable();
+})
+
+.on('click', '.btn_admin_user_delete', function () {
+    var $this = $(this);
+    var $data_table = $('#cluster_list_table').DataTable();
+    var name = $(this).closest("tr").find(":nth-child(2)").children('a').html();
+    var uid = $this.data('uid');
+    var the_url = '{% url "api-assets:system-user-detail" pk=DEFAULT_PK %}'.replace('{{ DEFAULT_PK }}', uid);
+    objectDelete($this, name, the_url);
+    setTimeout( function () {
+        $data_table.ajax.reload();
+    }, 3000);
+})
+
+.on('click', '#btn_bulk_update', function () {
+    var action = $('#slct_bulk_update').val();
+    var $data_table = $('#system_user_list_table').DataTable();
+    var id_list = [];
+    var plain_id_list = [];
+    $data_table.rows({selected: true}).every(function(){
+        id_list.push({id: this.data().id});
+        plain_id_list.push(this.data().id);
+    });
+    if (id_list === []) {
+        return false;
+    }
+    var the_url = "{% url 'api-assets:system-user-list' %}";
+    function doDelete() {
+        swal({
+            title: "{% trans 'Are you sure?' %}",
+            text: "{% trans 'This will delete the selected System Users !!!' %}",
+            type: "warning",
+            showCancelButton: true,
+            confirmButtonColor: "#DD6B55",
+            confirmButtonText: "{% trans 'Confirm' %}",
+            closeOnConfirm: false
+        }, function() {
+            var success = function() {
+                var msg = "{% trans 'System Users Deleted.' %}";
+                swal("{% trans 'System Users Delete' %}", msg, "success");
+                $('#system_user_list_table').DataTable().ajax.reload();
+            };
+            var fail = function() {
+                var msg = "{% trans 'System Users Deleting failed.' %}";
+                swal("{% trans 'System Users Delete' %}", msg, "error");
+            };
+            var url_delete = the_url + '?id__in=' + JSON.stringify(plain_id_list);
+            APIUpdateAttr({url: url_delete, method: 'DELETE', success: success, error: fail});
+            $data_table.ajax.reload();
+            jumpserver.checked = false;
+        });
+    }
+    function doUpdate() {
+{#        TODO: bulk update the System Users #}
+    }
+    switch (action) {
+        case 'delete':
+            doDelete();
+            break;
+        case 'update':
+            doUpdate();
+            break;
+        default:
+            break;
+    }
+})
+</script>
+{% endblock %}
+
+
+
--- a/apps/assets/templates/assets/system_user_update.html
+++ b/apps/assets/templates/assets/system_user_update.html
@@ -0,0 +1,24 @@
+{% extends 'assets/_system_user.html' %}
+{% load i18n %}
+{% load static %}
+{% load bootstrap3 %}
+
+{% block auth %}
+    <h3>{% trans 'Auth' %}</h3>
+    {% bootstrap_field form.password layout="horizontal" %}
+    {% bootstrap_field form.private_key_file layout="horizontal" %}
+    <div class="form-group">
+        <label for="{{ form.as_push.id_for_label }}" class="col-sm-2 control-label">{% trans 'Auto push' %}</label>
+        <div class="col-sm-8">
+            {{ form.auto_push}}
+        </div>
+    </div>
+{% endblock %}
+
+{% block custom_foot_js %}
+	<script>
+    $(document).ready(function () {
+        $('.select2').select2();
+    })
+	</script>
+{% endblock %}
--- a/apps/assets/templates/assets/user_asset_list.html
+++ b/apps/assets/templates/assets/user_asset_list.html
@@ -0,0 +1,81 @@
+{% extends '_base_list.html' %}
+{% load i18n %}
+{% load static %}
+{% block custom_head_css_js %}
+<link href="{% static 'css/plugins/select2/select2.min.css' %}" rel="stylesheet">
+<script src="{% static 'js/plugins/select2/select2.full.min.js' %}"></script>
+
+{% endblock %}
+{% block content_left_head %}{% endblock %}
+
+{% block table_search %}
+{% endblock %}
+
+{% block table_container %}
+<table class="table table-striped table-bordered table-hover " id="asset_list_table" >
+    <thead>
+        <tr>
+            <th class="text-center"><input type="checkbox" class="ipt_check_all"></th>
+            <th class="text-center">{% trans 'Hostname' %}</th>
+            <th class="text-center">{% trans 'IP' %}</th>
+            <th class="text-center">{% trans 'Port' %}</th>
+            <th class="text-center">{% trans 'Hardware' %}</th>
+            <th class="text-center">{% trans 'Active' %}</th>
+            <th class="text-center">{% trans 'Connective' %}</th>
+        </tr>
+    </thead>
+    <tbody>
+    </tbody>
+</table>
+{% endblock %}
+
+{% block custom_foot_js %}
+<script src="{% static 'js/jquery.form.min.js' %}"></script>
+<script type="text/javascript">
+
+function initTable() {
+    var options = {
+        ele: $('#asset_list_table'),
+        columnDefs: [
+            {targets: 1, createdCell: function (td, cellData, rowData) {
+                {% url 'assets:asset-detail' pk=DEFAULT_PK as the_url  %}
+                var detail_btn = '<a href="{{ the_url }}">' + cellData + '</a>';
+                $(td).html(detail_btn.replace('{{ DEFAULT_PK }}', rowData.id));
+            }},
+            {targets: 5, createdCell: function (td, cellData) {
+                if (!cellData) {
+                    $(td).html('<i class="fa fa-times text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-check text-navy"></i>')
+                }
+            }},
+            {targets: 6, createdCell: function (td, cellData) {
+                if (cellData == 'Unknown'){
+                    $(td).html('<i class="fa fa-circle text-warning"></i>')
+                } else if (!cellData) {
+                    $(td).html('<i class="fa fa-circle text-danger"></i>')
+                } else {
+                    $(td).html('<i class="fa fa-circle text-navy"></i>')
+                }
+            }},
+{#            {targets: 9, createdCell: function (td, cellData, rowData) {#}
+{#                var conn_btn = '<a href="{% url "terminal:web-terminal" %}?id={{ DEFAULT_PK }}" class="btn btn-xs btn-info">{% trans "Connect" %}</a>'.replace("{{ DEFAULT_PK }}", cellData);#}
+{#                $(td).html(conn_btn)#}
+{#            }}#}
+        ],
+        ajax_url: '{% url "api-assets:user-asset-list" %}',
+        columns: [
+            {data: "id"}, {data: "hostname" }, {data: "ip" }, {data: "port" },
+            {data: "hardware_info"}, {data: "is_active" }, {data: "is_connective"}
+        ],
+        op_html: $('#actions').html()
+    };
+    return jumpserver.initDataTable(options);
+}
+
+$(document).ready(function(){
+    initTable();
+});
+
+</script>
+{% endblock %}
--- a/apps/assets/templatetags/init.py
+++ b/apps/assets/templatetags/init.py
@@ -0,0 +1,2 @@
+# -*- coding: utf-8 -*-
+#
--- a/apps/assets/templatetags/asset_tags.py
+++ b/apps/assets/templatetags/asset_tags.py
@@ -0,0 +1,12 @@
+from collections import defaultdict
+
+from django import template
+register = template.Library()
+
+
+@register.filter
+def group_labels(queryset):
+    grouped = defaultdict(list)
+    for label in queryset:
+        grouped[label.name].append(label)
+    return [(name, labels) for name, labels in grouped.items()]
--- a/apps/assets/tests.py
+++ b/apps/assets/tests.py
--- a/apps/assets/urls/init.py
+++ b/apps/assets/urls/init.py
@@ -0,0 +1 @@
+
--- a/apps/assets/urls/api_urls.py
+++ b/apps/assets/urls/api_urls.py
@@ -0,0 +1,55 @@
+# coding:utf-8
+from django.conf.urls import url
+from .. import api
+from rest_framework_bulk.routes import BulkRouter
+
+app_name = 'assets'
+
+
+router = BulkRouter()
+# router.register(r'v1/groups', api.AssetGroupViewSet, 'asset-group')
+router.register(r'v1/assets', api.AssetViewSet, 'asset')
+# router.register(r'v1/clusters', api.ClusterViewSet, 'cluster')
+router.register(r'v1/admin-user', api.AdminUserViewSet, 'admin-user')
+router.register(r'v1/system-user', api.SystemUserViewSet, 'system-user')
+router.register(r'v1/labels', api.LabelViewSet, 'label')
+router.register(r'v1/nodes', api.NodeViewSet, 'node')
+
+urlpatterns = [
+    url(r'^v1/assets-bulk/$', api.AssetListUpdateApi.as_view(), name='asset-bulk-update'),
+    url(r'^v1/system-user/(?P<pk>[0-9a-zA-Z\-]{36})/auth-info/', api.SystemUserAuthInfoApi.as_view(),
+        name='system-user-auth-info'),
+    url(r'^v1/assets/(?P<pk>[0-9a-zA-Z\-]{36})/refresh/$',
+        api.AssetRefreshHardwareApi.as_view(), name='asset-refresh'),
+    url(r'^v1/assets/(?P<pk>[0-9a-zA-Z\-]{36})/alive/$',
+        api.AssetAdminUserTestApi.as_view(), name='asset-alive-test'),
+    url(r'^v1/assets/user-assets/$',
+        api.UserAssetListView.as_view(), name='user-asset-list'),
+    # update the asset group, which add or delete the asset to the group
+    #url(r'^v1/groups/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
+    #    api.GroupUpdateAssetsApi.as_view(), name='group-update-assets'),
+    #url(r'^v1/groups/(?P<pk>[0-9a-zA-Z\-]{36})/assets/add/$',
+    #    api.GroupAddAssetsApi.as_view(), name='group-add-assets'),
+    # update the Cluster, and add or delete the assets to the Cluster
+    #url(r'^v1/cluster/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$',
+    #    api.ClusterAddAssetsApi.as_view(), name='cluster-add-assets'),
+    #url(r'^v1/cluster/(?P<pk>[0-9a-zA-Z\-]{36})/assets/connective/$',
+    #    api.ClusterTestAssetsAliveApi.as_view(), name='cluster-test-connective'),
+    url(r'^v1/admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/nodes/$',
+        api.ReplaceNodesAdminUserApi.as_view(), name='replace-nodes-admin-user'),
+    url(r'^v1/admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/connective/$',
+        api.AdminUserTestConnectiveApi.as_view(), name='admin-user-connective'),
+    url(r'^v1/system-user/(?P<pk>[0-9a-zA-Z\-]{36})/push/$',
+        api.SystemUserPushApi.as_view(), name='system-user-push'),
+    url(r'^v1/system-user/(?P<pk>[0-9a-zA-Z\-]{36})/connective/$',
+        api.SystemUserTestConnectiveApi.as_view(), name='system-user-connective'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/$', api.NodeChildrenApi.as_view(), name='node-children'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/children/add/$', api.NodeAddChildrenApi.as_view(), name='node-add-children'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/add/$', api.NodeAddAssetsApi.as_view(), name='node-add-assets'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/assets/remove/$', api.NodeRemoveAssetsApi.as_view(), name='node-remove-assets'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/refresh-hardware-info/$', api.RefreshNodeHardwareInfoApi.as_view(), name='node-refresh-hardware-info'),
+    url(r'^v1/nodes/(?P<pk>[0-9a-zA-Z\-]{36})/test-connective/$', api.TestNodeConnectiveApi.as_view(), name='node-test-connective'),
+]
+
+urlpatterns += router.urls
+
--- a/apps/assets/urls/views_urls.py
+++ b/apps/assets/urls/views_urls.py
@@ -0,0 +1,43 @@
+# coding:utf-8
+from django.conf.urls import url
+from .. import views
+
+app_name = 'assets'
+
+urlpatterns = [
+    # Resource asset url
+    url(r'^$', views.AssetListView.as_view(), name='asset-index'),
+    url(r'^asset/$', views.AssetListView.as_view(), name='asset-list'),
+    url(r'^asset/create/$', views.AssetCreateView.as_view(), name='asset-create'),
+    url(r'^asset/export/$', views.AssetExportView.as_view(), name='asset-export'),
+    url(r'^asset/import/$', views.BulkImportAssetView.as_view(), name='asset-import'),
+    url(r'^asset/(?P<pk>[0-9a-zA-Z\-]{36})/$', views.AssetDetailView.as_view(), name='asset-detail'),
+    url(r'^asset/(?P<pk>[0-9a-zA-Z\-]{36})/update/$', views.AssetUpdateView.as_view(), name='asset-update'),
+    url(r'^asset/(?P<pk>[0-9a-zA-Z\-]{36})/delete/$', views.AssetDeleteView.as_view(), name='asset-delete'),
+    url(r'^asset/update/$', views.AssetBulkUpdateView.as_view(), name='asset-bulk-update'),
+
+    # User asset view
+    url(r'^user-asset/$', views.UserAssetListView.as_view(), name='user-asset-list'),
+
+    # Resource admin user url
+    url(r'^admin-user/$', views.AdminUserListView.as_view(), name='admin-user-list'),
+    url(r'^admin-user/create/$', views.AdminUserCreateView.as_view(), name='admin-user-create'),
+    url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/$', views.AdminUserDetailView.as_view(), name='admin-user-detail'),
+    url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/update/$', views.AdminUserUpdateView.as_view(), name='admin-user-update'),
+    url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/delete/$', views.AdminUserDeleteView.as_view(), name='admin-user-delete'),
+    url(r'^admin-user/(?P<pk>[0-9a-zA-Z\-]{36})/assets/$', views.AdminUserAssetsView.as_view(), name='admin-user-assets'),
+
+    # Resource system user url
+    url(r'^system-user/$', views.SystemUserListView.as_view(), name='system-user-list'),
+    url(r'^system-user/create/$', views.SystemUserCreateView.as_view(), name='system-user-create'),
+    url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/$', views.SystemUserDetailView.as_view(), name='system-user-detail'),
+    url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/update/$', views.SystemUserUpdateView.as_view(), name='system-user-update'),
+    url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/delete/$', views.SystemUserDeleteView.as_view(), name='system-user-delete'),
+    url(r'^system-user/(?P<pk>[0-9a-zA-Z\-]{36})/asset/$', views.SystemUserAssetView.as_view(), name='system-user-asset'),
+
+    url(r'^label/$', views.LabelListView.as_view(), name='label-list'),
+    url(r'^label/create/$', views.LabelCreateView.as_view(), name='label-create'),
+    url(r'^label/(?P<pk>[0-9a-zA-Z\-]{36})/update/$', views.LabelUpdateView.as_view(), name='label-update'),
+    url(r'^label/(?P<pk>[0-9a-zA-Z\-]{36})/delete/$', views.LabelDeleteView.as_view(), name='label-delete'),
+]
+
--- a/apps/assets/utils.py
+++ b/apps/assets/utils.py
@@ -0,0 +1,48 @@
+# ~*~ coding: utf-8 ~*~
+#
+from collections import defaultdict
+from functools import reduce
+import operator
+
+from django.db.models import Q
+
+from common.utils import get_object_or_none
+from .models import Asset, SystemUser, Label
+
+
+def get_assets_by_id_list(id_list):
+    return Asset.objects.filter(id__in=id_list)
+
+
+def get_assets_by_hostname_list(hostname_list):
+    return Asset.objects.filter(hostname__in=hostname_list)
+
+
+def get_system_user_by_name(name):
+    system_user = get_object_or_none(SystemUser, name=name)
+    return system_user
+
+
+class LabelFilter:
+    def filter_queryset(self, queryset):
+        queryset = super().filter_queryset(queryset)
+        query_keys = self.request.query_params.keys()
+        all_label_keys = Label.objects.values_list('name', flat=True)
+        valid_keys = set(all_label_keys) & set(query_keys)
+        labels_query = {}
+        for key in valid_keys:
+            labels_query[key] = self.request.query_params.get(key)
+
+        conditions = []
+        for k, v in labels_query.items():
+            query = {'labels__name': k, 'labels__value': v}
+            conditions.append(query)
+
+        if conditions:
+            for kwargs in conditions:
+                queryset = queryset.filter(**kwargs)
+        return queryset
+
+
+
+
--- a/apps/assets/views/init.py
+++ b/apps/assets/views/init.py
@@ -0,0 +1,5 @@
+# coding:utf-8
+from .asset import *
+from .system_user import *
+from .admin_user import *
+from .label import *
--- a/apps/assets/views/admin_user.py
+++ b/apps/assets/views/admin_user.py
@@ -0,0 +1,116 @@
+# coding:utf-8
+from __future__ import absolute_import, unicode_literals
+from django.utils.translation import ugettext as _
+from django.conf import settings
+from django.urls import reverse_lazy
+from django.views.generic import TemplateView, ListView
+from django.views.generic.edit import CreateView, DeleteView, UpdateView
+from django.contrib.messages.views import SuccessMessageMixin
+from django.views.generic.detail import DetailView, SingleObjectMixin
+
+from common.const import create_success_msg, update_success_msg
+from .. import forms
+from ..models import AdminUser, Node
+from ..hands import AdminUserRequiredMixin
+
+__all__ = [
+    'AdminUserCreateView', 'AdminUserDetailView',
+    'AdminUserDeleteView', 'AdminUserListView',
+    'AdminUserUpdateView', 'AdminUserAssetsView',
+]
+
+
+class AdminUserListView(AdminUserRequiredMixin, TemplateView):
+    model = AdminUser
+    template_name = 'assets/admin_user_list.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Admin user list'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AdminUserCreateView(AdminUserRequiredMixin,
+                          SuccessMessageMixin,
+                          CreateView):
+    model = AdminUser
+    form_class = forms.AdminUserForm
+    template_name = 'assets/admin_user_create_update.html'
+    success_url = reverse_lazy('assets:admin-user-list')
+    success_message = create_success_msg
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Create admin user')
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AdminUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+    model = AdminUser
+    form_class = forms.AdminUserForm
+    template_name = 'assets/admin_user_create_update.html'
+    success_url = reverse_lazy('assets:admin-user-list')
+    success_message = update_success_msg
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Update admin user'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AdminUserDetailView(AdminUserRequiredMixin, DetailView):
+    model = AdminUser
+    template_name = 'assets/admin_user_detail.html'
+    context_object_name = 'admin_user'
+    object = None
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Admin user detail'),
+            'nodes': Node.objects.all()
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AdminUserAssetsView(AdminUserRequiredMixin, SingleObjectMixin, ListView):
+    paginate_by = settings.DISPLAY_PER_PAGE
+    template_name = 'assets/admin_user_assets.html'
+    context_object_name = 'admin_user'
+    object = None
+
+    def get(self, request, *args, **kwargs):
+        self.object = self.get_object(queryset=AdminUser.objects.all())
+        return super().get(request, *args, **kwargs)
+
+    def get_queryset(self):
+        self.queryset = self.object.asset_set.all()
+        return self.queryset
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Admin user detail'),
+            "total_amount": len(self.queryset),
+            'unreachable_amount': len([asset for asset in self.queryset if asset.is_connective is False])
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AdminUserDeleteView(AdminUserRequiredMixin, DeleteView):
+    model = AdminUser
+    template_name = 'delete_confirm.html'
+    success_url = reverse_lazy('assets:admin-user-list')
+
+
--- a/apps/assets/views/asset.py
+++ b/apps/assets/views/asset.py
@@ -0,0 +1,324 @@
+# coding:utf-8
+from __future__ import absolute_import, unicode_literals
+
+import csv
+import json
+import uuid
+import codecs
+import chardet
+from io import StringIO
+
+from django.conf import settings
+from django.utils.translation import ugettext_lazy as _
+from django.views.generic import TemplateView, ListView, View
+from django.views.generic.edit import CreateView, DeleteView, FormView, UpdateView
+from django.urls import reverse_lazy
+from django.views.generic.detail import DetailView
+from django.http import HttpResponse, JsonResponse
+from django.views.decorators.csrf import csrf_exempt
+from django.utils.decorators import method_decorator
+from django.core.cache import cache
+from django.utils import timezone
+from django.contrib.auth.mixins import LoginRequiredMixin
+from django.shortcuts import redirect
+from django.contrib.messages.views import SuccessMessageMixin
+
+from common.mixins import JSONResponseMixin
+from common.utils import get_object_or_none, get_logger, is_uuid
+from common.const import create_success_msg, update_success_msg
+from .. import forms
+from ..models import Asset, AssetGroup, AdminUser, Cluster, SystemUser, Label, Node
+from ..hands import AdminUserRequiredMixin
+
+
+__all__ = [
+    'AssetListView', 'AssetCreateView', 'AssetUpdateView',
+    'UserAssetListView', 'AssetBulkUpdateView', 'AssetDetailView',
+    'AssetDeleteView', 'AssetExportView', 'BulkImportAssetView',
+]
+logger = get_logger(__file__)
+
+
+class AssetListView(AdminUserRequiredMixin, TemplateView):
+    template_name = 'assets/asset_list.html'
+
+    def get_context_data(self, **kwargs):
+        Node.root()
+        context = {
+            'app': _('Assets'),
+            'action': _('Asset list'),
+            'labels': Label.objects.all().order_by('name'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class UserAssetListView(LoginRequiredMixin, TemplateView):
+    template_name = 'assets/user_asset_list.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'action': _('My assets'),
+            'system_users': SystemUser.objects.all(),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AssetCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+    model = Asset
+    form_class = forms.AssetCreateForm
+    template_name = 'assets/asset_create.html'
+    success_url = reverse_lazy('assets:asset-list')
+
+    # def form_valid(self, form):
+    #     print("form valid")
+    #     asset = form.save()
+    #     asset.created_by = self.request.user.username or 'Admin'
+    #     asset.date_created = timezone.now()
+    #     asset.save()
+    #     return super().form_valid(form)
+
+    def get_form(self, form_class=None):
+        form = super().get_form(form_class=form_class)
+        node_id = self.request.GET.get("node_id")
+        if node_id:
+            node = get_object_or_none(Node, id=node_id)
+        else:
+            node = Node.root()
+        form["nodes"].initial = node
+        return form
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Create asset'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+    def get_success_message(self, cleaned_data):
+        return create_success_msg % ({"name": cleaned_data["hostname"]})
+
+
+# class AssetModalListView(AdminUserRequiredMixin, ListView):
+#     paginate_by = settings.DISPLAY_PER_PAGE
+#     model = Asset
+#     context_object_name = 'asset_modal_list'
+#     template_name = 'assets/_asset_list_modal.html'
+#
+#     def get_context_data(self, **kwargs):
+#         assets = Asset.objects.all()
+#         assets_id = self.request.GET.get('assets_id', '')
+#         assets_id_list = [i for i in assets_id.split(',') if i.isdigit()]
+#         context = {
+#             'all_assets': assets_id_list,
+#             'assets': assets
+#         }
+#         kwargs.update(context)
+#         return super().get_context_data(**kwargs)
+
+
+class AssetBulkUpdateView(AdminUserRequiredMixin, ListView):
+    model = Asset
+    form_class = forms.AssetBulkUpdateForm
+    template_name = 'assets/asset_bulk_update.html'
+    success_url = reverse_lazy('assets:asset-list')
+    id_list = None
+    form = None
+
+    def get(self, request, *args, **kwargs):
+        assets_id = self.request.GET.get('assets_id', '')
+        self.id_list = [i for i in assets_id.split(',')]
+
+        if kwargs.get('form'):
+            self.form = kwargs['form']
+        elif assets_id:
+            self.form = self.form_class(
+                initial={'assets': self.id_list}
+            )
+        else:
+            self.form = self.form_class()
+        return super().get(request, *args, **kwargs)
+
+    def post(self, request, *args, **kwargs):
+        form = self.form_class(request.POST)
+        if form.is_valid():
+            form.save()
+            return redirect(self.success_url)
+        else:
+            return self.get(request, form=form, *args, **kwargs)
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Bulk update asset'),
+            'form': self.form,
+            'assets_selected': self.id_list,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class AssetUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+    model = Asset
+    form_class = forms.AssetUpdateForm
+    template_name = 'assets/asset_update.html'
+    success_url = reverse_lazy('assets:asset-list')
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Update asset'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+    def get_success_message(self, cleaned_data):
+        return update_success_msg % ({"name": cleaned_data["hostname"]})
+
+
+class AssetDeleteView(AdminUserRequiredMixin, DeleteView):
+    model = Asset
+    template_name = 'delete_confirm.html'
+    success_url = reverse_lazy('assets:asset-list')
+
+
+class AssetDetailView(DetailView):
+    model = Asset
+    context_object_name = 'asset'
+    template_name = 'assets/asset_detail.html'
+
+    def get_context_data(self, **kwargs):
+        nodes_remain = Node.objects.exclude(assets=self.object)
+        context = {
+            'app': _('Assets'),
+            'action': _('Asset detail'),
+            'nodes_remain': nodes_remain,
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+@method_decorator(csrf_exempt, name='dispatch')
+class AssetExportView(View):
+    def get(self, request):
+        spm = request.GET.get('spm', '')
+        assets_id_default = [Asset.objects.first().id] if Asset.objects.first() else []
+        assets_id = cache.get(spm, assets_id_default)
+        fields = [
+            field for field in Asset._meta.fields
+            if field.name not in [
+                'date_created'
+            ]
+        ]
+        filename = 'assets-{}.csv'.format(
+            timezone.localtime(timezone.now()).strftime('%Y-%m-%d_%H-%M-%S')
+        )
+        response = HttpResponse(content_type='text/csv')
+        response['Content-Disposition'] = 'attachment; filename="%s"' % filename
+        response.write(codecs.BOM_UTF8)
+        assets = Asset.objects.filter(id__in=assets_id)
+        writer = csv.writer(response, dialect='excel', quoting=csv.QUOTE_MINIMAL)
+
+        header = [field.verbose_name for field in fields]
+        writer.writerow(header)
+
+        for asset in assets:
+            data = [getattr(asset, field.name) for field in fields]
+            writer.writerow(data)
+        return response
+
+    def post(self, request, *args, **kwargs):
+        try:
+            assets_id = json.loads(request.body).get('assets_id', [])
+        except ValueError:
+            return HttpResponse('Json object not valid', status=400)
+        spm = uuid.uuid4().hex
+        cache.set(spm, assets_id, 300)
+        url = reverse_lazy('assets:asset-export') + '?spm=%s' % spm
+        return JsonResponse({'redirect': url})
+
+
+class BulkImportAssetView(AdminUserRequiredMixin, JSONResponseMixin, FormView):
+    form_class = forms.FileForm
+
+    def form_valid(self, form):
+        f = form.cleaned_data['file']
+        det_result = chardet.detect(f.read())
+        f.seek(0)  # reset file seek index
+
+        file_data = f.read().decode(det_result['encoding']).strip(codecs.BOM_UTF8.decode())
+        csv_file = StringIO(file_data)
+        reader = csv.reader(csv_file)
+        csv_data = [row for row in reader]
+        fields = [
+            field for field in Asset._meta.fields
+            if field.name not in [
+                'date_created'
+            ]
+        ]
+        header_ = csv_data[0]
+        mapping_reverse = {field.verbose_name: field.name for field in fields}
+        attr = [mapping_reverse.get(n, None) for n in header_]
+        if None in attr:
+            data = {'valid': False,
+                    'msg': 'Must be same format as '
+                           'template or export file'}
+            return self.render_json_response(data)
+
+        created, updated, failed = [], [], []
+        assets = []
+        for row in csv_data[1:]:
+            if set(row) == {''}:
+                continue
+
+            asset_dict = dict(zip(attr, row))
+            id_ = asset_dict.pop('id', 0)
+            for k, v in asset_dict.items():
+                if k == 'is_active':
+                    v = True if v in ['TRUE', 1, 'true'] else False
+                elif k == 'admin_user':
+                    v = get_object_or_none(AdminUser, name=v)
+                elif k in ['port', 'cpu_count', 'cpu_cores']:
+                    try:
+                        v = int(v)
+                    except ValueError:
+                        v = 0
+                else:
+                    continue
+                asset_dict[k] = v
+
+            asset = get_object_or_none(Asset, id=id_) if is_uuid(id_) else None
+            if not asset:
+                try:
+                    if len(Asset.objects.filter(hostname=asset_dict.get('hostname'))):
+                        raise Exception(_('already exists'))
+                    asset = Asset.objects.create(**asset_dict)
+                    created.append(asset_dict['hostname'])
+                    assets.append(asset)
+                except Exception as e:
+                    failed.append('%s: %s' % (asset_dict['hostname'], str(e)))
+            else:
+                for k, v in asset_dict.items():
+                    if v:
+                        setattr(asset, k, v)
+                try:
+                    asset.save()
+                    updated.append(asset_dict['hostname'])
+                except Exception as e:
+                    failed.append('%s: %s' % (asset_dict['hostname'], str(e)))
+
+        data = {
+            'created': created,
+            'created_info': 'Created {}'.format(len(created)),
+            'updated': updated,
+            'updated_info': 'Updated {}'.format(len(updated)),
+            'failed': failed,
+            'failed_info': 'Failed {}'.format(len(failed)),
+            'valid': True,
+            'msg': 'Created: {}. Updated: {}, Error: {}'.format(
+                len(created), len(updated), len(failed))
+        }
+        return self.render_json_response(data)
+
--- a/apps/assets/views/label.py
+++ b/apps/assets/views/label.py
@@ -0,0 +1,72 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.views.generic import TemplateView, CreateView, \
+    UpdateView, DeleteView, DetailView
+from django.utils.translation import ugettext_lazy as _
+from django.urls import reverse_lazy
+
+from common.mixins import AdminUserRequiredMixin
+from common.const import create_success_msg, update_success_msg
+from ..models import Label
+from ..forms import LabelForm
+
+
+__all__ = (
+    "LabelListView", "LabelCreateView", "LabelUpdateView",
+    "LabelDetailView", "LabelDeleteView",
+)
+
+
+class LabelListView(AdminUserRequiredMixin, TemplateView):
+    template_name = 'assets/label_list.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Label list'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class LabelCreateView(AdminUserRequiredMixin, CreateView):
+    model = Label
+    template_name = 'assets/label_create_update.html'
+    form_class = LabelForm
+    success_url = reverse_lazy('assets:label-list')
+    success_message = create_success_msg
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Create label'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class LabelUpdateView(AdminUserRequiredMixin, UpdateView):
+    model = Label
+    template_name = 'assets/label_create_update.html'
+    form_class = LabelForm
+    success_url = reverse_lazy('assets:label-list')
+    success_message = update_success_msg
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Update label'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class LabelDetailView(AdminUserRequiredMixin, DetailView):
+    pass
+
+
+class LabelDeleteView(AdminUserRequiredMixin, DeleteView):
+    model = Label
+    template_name = 'delete_confirm.html'
+    success_url = reverse_lazy('assets:label-list')
--- a/apps/assets/views/system_user.py
+++ b/apps/assets/views/system_user.py
@@ -0,0 +1,99 @@
+# ~*~ coding: utf-8 ~*~
+
+from django.utils.translation import ugettext as _
+from django.views.generic import TemplateView
+from django.views.generic.edit import CreateView, DeleteView, UpdateView
+from django.urls import reverse_lazy
+from django.contrib.messages.views import SuccessMessageMixin
+from django.views.generic.detail import DetailView
+
+from common.const import create_success_msg, update_success_msg
+from ..forms import SystemUserForm
+from ..models import SystemUser, Node
+from ..hands import AdminUserRequiredMixin
+
+
+__all__ = [
+    'SystemUserCreateView', 'SystemUserUpdateView',
+    'SystemUserDetailView', 'SystemUserDeleteView',
+    'SystemUserAssetView', 'SystemUserListView',
+]
+
+
+class SystemUserListView(AdminUserRequiredMixin, TemplateView):
+    template_name = 'assets/system_user_list.html'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('System user list'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class SystemUserCreateView(AdminUserRequiredMixin, SuccessMessageMixin, CreateView):
+    model = SystemUser
+    form_class = SystemUserForm
+    template_name = 'assets/system_user_create.html'
+    success_url = reverse_lazy('assets:system-user-list')
+    success_message = create_success_msg
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Create system user'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class SystemUserUpdateView(AdminUserRequiredMixin, SuccessMessageMixin, UpdateView):
+    model = SystemUser
+    form_class = SystemUserForm
+    template_name = 'assets/system_user_update.html'
+    success_url = reverse_lazy('assets:system-user-list')
+    success_message = update_success_msg
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('Update system user')
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class SystemUserDetailView(AdminUserRequiredMixin, DetailView):
+    template_name = 'assets/system_user_detail.html'
+    context_object_name = 'system_user'
+    model = SystemUser
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('Assets'),
+            'action': _('System user detail'),
+            'nodes_remain': Node.objects.exclude(systemuser=self.object)
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
+
+
+class SystemUserDeleteView(AdminUserRequiredMixin, DeleteView):
+    model = SystemUser
+    template_name = 'delete_confirm.html'
+    success_url = reverse_lazy('assets:system-user-list')
+
+
+class SystemUserAssetView(AdminUserRequiredMixin, DetailView):
+    model = SystemUser
+    template_name = 'assets/system_user_asset.html'
+    context_object_name = 'system_user'
+
+    def get_context_data(self, **kwargs):
+        context = {
+            'app': _('assets'),
+            'action': _('System user asset'),
+        }
+        kwargs.update(context)
+        return super().get_context_data(**kwargs)
--- a/apps/common/README.md
+++ b/apps/common/README.md
@@ -0,0 +1,76 @@
+# Common app 
+
+Common app provide common view, function or others.
+
+Common app shouldn't rely on other apps, because It may lead to cycle 
+import.
+
+If your want to implement some function or class, you should think 
+whether other app use or not. If yes, You should make in common.
+
+If the ability more relate to your app tightness, It's mean your app 
+provide this ability, not common, You should write it on your app utils.
+
+
+
+## Celery usage 
+
+
+Jumpserver use celery to run task async. Using redis as the broker, so
+you should run a redis instance
+
+#### Run redis
+
+	$ yum -y install redis 
+	
+	or
+	
+	$ docker run -name jumpserver-redis -d -p 6379:6379 redis redis-server
+
+
+#### Write tasks in app_name/tasks.py
+
+ops/tasks.py
+
+```
+from __future__ import absolute_import
+
+import time
+from celery import shared_task
+from common import celery_app
+
+
+@shared_task
+def longtime_add(x, y):
+    print 'long time task begins'
+    # sleep 5 seconds
+    time.sleep(5)
+    print 'long time task finished'
+    return x + y
+    
+
+@celery_app.task(name='hello-world')
+def hello():
+    print 'hello world!'
+  
+```
+
+#### Run celery in development 
+
+```
+$ cd apps
+$ celery -A common worker -l info 
+```
+
+#### Test using task
+
+```
+$ ./manage.py shell
+>>> from ops.tasks import longtime_add
+>>> res = longtime_add.delay(1, 2)
+>>> res.get()
+```
+
+
+
+
--- a/apps/common/init.py
+++ b/apps/common/init.py
@@ -0,0 +1,5 @@
+from __future__ import absolute_import
+
+# This will make sure the app is always imported when
+# Django starts so that shared_task will use this app.
+from .celery import app as celery_app
--- a/apps/common/api.py
+++ b/apps/common/api.py
@@ -0,0 +1,107 @@
+# -*- coding: utf-8 -*-
+#
+import json
+
+from rest_framework.views import APIView
+from rest_framework.views import Response
+from ldap3 import Server, Connection
+from django.core.mail import get_connection, send_mail
+from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
+
+from .permissions import IsSuperUser, IsAppUser
+from .serializers import MailTestSerializer, LDAPTestSerializer
+
+
+class MailTestingAPI(APIView):
+    permission_classes = (IsSuperUser,)
+    serializer_class = MailTestSerializer
+    success_message = _("Test mail sent to {}, please check")
+
+    def post(self, request):
+        serializer = self.serializer_class(data=request.data)
+        if serializer.is_valid():
+            email_host_user = serializer.validated_data["EMAIL_HOST_USER"]
+            kwargs = {
+                "host": serializer.validated_data["EMAIL_HOST"],
+                "port": serializer.validated_data["EMAIL_PORT"],
+                "username": serializer.validated_data["EMAIL_HOST_USER"],
+                "password": serializer.validated_data["EMAIL_HOST_PASSWORD"],
+                "use_ssl": serializer.validated_data["EMAIL_USE_SSL"],
+                "use_tls": serializer.validated_data["EMAIL_USE_TLS"]
+            }
+            connection = get_connection(timeout=5, **kwargs)
+            try:
+                connection.open()
+            except Exception as e:
+                return Response({"error": str(e)}, status=401)
+
+            try:
+                send_mail("Test", "Test smtp setting", email_host_user,
+                          [email_host_user], connection=connection)
+            except Exception as e:
+                return Response({"error": str(e)}, status=401)
+
+            return Response({"msg": self.success_message.format(email_host_user)})
+        else:
+            return Response({"error": str(serializer.errors)}, status=401)
+
+
+class LDAPTestingAPI(APIView):
+    permission_classes = (IsSuperUser,)
+    serializer_class = LDAPTestSerializer
+    success_message = _("Test ldap success")
+
+    def post(self, request):
+        serializer = self.serializer_class(data=request.data)
+        if serializer.is_valid():
+            host = serializer.validated_data["AUTH_LDAP_SERVER_URI"]
+            bind_dn = serializer.validated_data["AUTH_LDAP_BIND_DN"]
+            password = serializer.validated_data["AUTH_LDAP_BIND_PASSWORD"]
+            use_ssl = serializer.validated_data.get("AUTH_LDAP_START_TLS", False)
+            search_ou = serializer.validated_data["AUTH_LDAP_SEARCH_OU"]
+            search_filter = serializer.validated_data["AUTH_LDAP_SEARCH_FILTER"]
+            attr_map = serializer.validated_data["AUTH_LDAP_USER_ATTR_MAP"]
+
+            try:
+                attr_map = json.loads(attr_map)
+            except json.JSONDecodeError:
+                return Response({"error": "AUTH_LDAP_USER_ATTR_MAP not valid"}, status=401)
+
+            server = Server(host, use_ssl=use_ssl)
+            conn = Connection(server, bind_dn, password)
+            try:
+                conn.bind()
+            except Exception as e:
+                return Response({"error": str(e)}, status=401)
+
+            ok = conn.search(search_ou, search_filter % ({"user": "*"}),
+                             attributes=list(attr_map.values()))
+            if not ok:
+                return Response({"error": "Search no entry matched"}, status=401)
+
+            users = []
+            for entry in conn.entries:
+                user = {}
+                for attr, mapping in attr_map.items():
+                    if hasattr(entry, mapping):
+                        user[attr] = getattr(entry, mapping)
+                users.append(user)
+            if len(users) > 0:
+                return Response({"msg": _("Match {} s users").format(len(users))})
+            else:
+                return Response({"error": "Have user but attr mapping error"}, status=401)
+        else:
+            return Response({"error": str(serializer.errors)}, status=401)
+
+
+class DjangoSettingsAPI(APIView):
+    def get(self, request):
+        if not settings.DEBUG:
+            return Response('Only debug mode support')
+
+        configs = {}
+        for i in dir(settings):
+            if i.isupper():
+                configs[i] = str(getattr(settings, i))
+        return Response(configs)
--- a/apps/common/apps.py
+++ b/apps/common/apps.py
@@ -0,0 +1,13 @@
+from __future__ import unicode_literals
+
+from django.apps import AppConfig
+
+
+class CommonConfig(AppConfig):
+    name = 'common'
+
+    def ready(self):
+        from . import signals_handler
+        from .signals import django_ready
+        django_ready.send(self.__class__)
+        return super().ready()
--- a/apps/common/celery.py
+++ b/apps/common/celery.py
@@ -0,0 +1,201 @@
+# ~*~ coding: utf-8 ~*~
+
+import os
+import json
+from functools import wraps
+
+from celery import Celery, subtask
+from celery.signals import worker_ready, worker_shutdown
+from django.db.utils import ProgrammingError, OperationalError
+
+from .utils import get_logger
+
+logger = get_logger(__file__)
+
+# set the default Django settings module for the 'celery' program.
+os.environ.setdefault('DJANGO_SETTINGS_MODULE', 'jumpserver.settings')
+
+from django.conf import settings
+from django.core.cache import cache
+
+app = Celery('jumpserver')
+
+# Using a string here means the worker will not have to
+# pickle the object when using Windows.
+app.config_from_object('django.conf:settings', namespace='CELERY')
+app.autodiscover_tasks(lambda: [app_config.split('.')[0] for app_config in settings.INSTALLED_APPS])
+
+
+def create_or_update_celery_periodic_tasks(tasks):
+    from django_celery_beat.models import PeriodicTask, IntervalSchedule, CrontabSchedule
+    """
+    :param tasks: {
+        'add-every-monday-morning': {
+            'task': 'tasks.add' # A registered celery task,
+            'interval': 30,
+            'crontab': "30 7 * * *",
+            'args': (16, 16),
+            'kwargs': {},
+            'enabled': False,
+        },
+    }
+    :return:
+    """
+    # Todo: check task valid, task and callback must be a celery task
+    for name, detail in tasks.items():
+        interval = None
+        crontab = None
+        try:
+            IntervalSchedule.objects.all().count()
+        except (ProgrammingError, OperationalError):
+            return None
+
+        if isinstance(detail.get("interval"), int):
+            intervals = IntervalSchedule.objects.filter(
+                every=detail["interval"], period=IntervalSchedule.SECONDS
+            )
+            if intervals:
+                interval = intervals[0]
+            else:
+                interval = IntervalSchedule.objects.create(
+                    every=detail['interval'],
+                    period=IntervalSchedule.SECONDS,
+                )
+        elif isinstance(detail.get("crontab"), str):
+            try:
+                minute, hour, day, month, week = detail["crontab"].split()
+            except ValueError:
+                raise SyntaxError("crontab is not valid")
+            kwargs = dict(
+                minute=minute, hour=hour, day_of_week=week,
+                day_of_month=day, month_of_year=month,
+            )
+            contabs = CrontabSchedule.objects.filter(
+                **kwargs
+            )
+            if contabs:
+                crontab = contabs[0]
+            else:
+                crontab = CrontabSchedule.objects.create(**kwargs)
+        else:
+            raise SyntaxError("Schedule is not valid")
+
+        defaults = dict(
+            interval=interval,
+            crontab=crontab,
+            name=name,
+            task=detail['task'],
+            args=json.dumps(detail.get('args', [])),
+            kwargs=json.dumps(detail.get('kwargs', {})),
+            enabled=detail.get('enabled', True),
+        )
+
+        task = PeriodicTask.objects.update_or_create(
+            defaults=defaults, name=name,
+        )
+        return task
+
+
+def disable_celery_periodic_task(task_name):
+    from django_celery_beat.models import PeriodicTask
+    PeriodicTask.objects.filter(name=task_name).update(enabled=False)
+
+
+def delete_celery_periodic_task(task_name):
+    from django_celery_beat.models import PeriodicTask
+    PeriodicTask.objects.filter(name=task_name).delete()
+
+
+__REGISTER_PERIODIC_TASKS = []
+__AFTER_APP_SHUTDOWN_CLEAN_TASKS = []
+__AFTER_APP_READY_RUN_TASKS = []
+
+
+def register_as_period_task(crontab=None, interval=None):
+    """
+    Warning: Task must be have not any args and kwargs
+    :param crontab:  "* * * * *"
+    :param interval:  60*60*60
+    :return:
+    """
+    if crontab is None and interval is None:
+        raise SyntaxError("Must set crontab or interval one")
+
+    def decorate(func):
+        if crontab is None and interval is None:
+            raise SyntaxError("Interval and crontab must set one")
+
+        # Because when this decorator run, the task was not created,
+        # So we can't use func.name
+        name = '{func.__module__}.{func.__name__}'.format(func=func)
+        if name not in __REGISTER_PERIODIC_TASKS:
+            create_or_update_celery_periodic_tasks({
+                name: {
+                    'task': name,
+                    'interval': interval,
+                    'crontab': crontab,
+                    'args': (),
+                    'enabled': True,
+                }
+            })
+            __REGISTER_PERIODIC_TASKS.append(name)
+
+        @wraps(func)
+        def wrapper(*args, **kwargs):
+            return func(*args, **kwargs)
+        return wrapper
+    return decorate
+
+
+def after_app_ready_start(func):
+    # Because when this decorator run, the task was not created,
+    # So we can't use func.name
+    name = '{func.__module__}.{func.__name__}'.format(func=func)
+    if name not in __AFTER_APP_READY_RUN_TASKS:
+        __AFTER_APP_READY_RUN_TASKS.append(name)
+
+    @wraps(func)
+    def decorate(*args, **kwargs):
+        return func(*args, **kwargs)
+
+    return decorate
+
+
+def after_app_shutdown_clean(func):
+    # Because when this decorator run, the task was not created,
+    # So we can't use func.name
+    name = '{func.__module__}.{func.__name__}'.format(func=func)
+    if name not in __AFTER_APP_READY_RUN_TASKS:
+        __AFTER_APP_SHUTDOWN_CLEAN_TASKS.append(name)
+
+    @wraps(func)
+    def decorate(*args, **kwargs):
+        return func(*args, **kwargs)
+
+    return decorate
+
+
+@worker_ready.connect
+def on_app_ready(sender=None, headers=None, body=None, **kwargs):
+    if cache.get("CELERY_APP_READY", 0) == 1:
+        return
+    cache.set("CELERY_APP_READY", 1, 10)
+    logger.debug("App ready signal recv")
+    logger.debug("Start need start task: [{}]".format(
+        ", ".join(__AFTER_APP_READY_RUN_TASKS))
+    )
+    for task in __AFTER_APP_READY_RUN_TASKS:
+        subtask(task).delay()
+
+
+@worker_shutdown.connect
+def after_app_shutdown(sender=None, headers=None, body=None, **kwargs):
+    if cache.get("CELERY_APP_SHUTDOWN", 0) == 1:
+        return
+    cache.set("CELERY_APP_SHUTDOWN", 1, 10)
+    from django_celery_beat.models import PeriodicTask
+    logger.debug("App shutdown signal recv")
+    logger.debug("Clean need cleaned period tasks: [{}]".format(
+        ', '.join(__AFTER_APP_SHUTDOWN_CLEAN_TASKS))
+    )
+    PeriodicTask.objects.filter(name__in=__AFTER_APP_SHUTDOWN_CLEAN_TASKS).delete()
--- a/apps/common/compat.py
+++ b/apps/common/compat.py
@@ -0,0 +1,82 @@
+#!/usr/bin/env python
+# -*- coding: utf-8 -*-
+# 
+
+"""
+兼容Python版本
+"""
+
+import sys
+
+is_py2 = (sys.version_info[0] == 2)
+is_py3 = (sys.version_info[0] == 3)
+
+
+try:
+    import simplejson as json
+except (ImportError, SyntaxError):
+    import json
+
+
+if is_py2:
+
+    def to_bytes(data):
+        """若输入为unicode， 则转为utf-8编码的bytes；其他则原样返回。"""
+        if isinstance(data, unicode):
+            return data.encode('utf-8')
+        else:
+            return data
+
+    def to_string(data):
+        """把输入转换为str对象"""
+        return to_bytes(data)
+
+    def to_unicode(data):
+        """把输入转换为unicode，要求输入是unicode或者utf-8编码的bytes。"""
+        if isinstance(data, bytes):
+            return data.decode('utf-8')
+        else:
+            return data
+
+    def stringify(input):
+        if isinstance(input, dict):
+            return dict([(stringify(key), stringify(value)) for key,value in input.iteritems()])
+        elif isinstance(input, list):
+            return [stringify(element) for element in input]
+        elif isinstance(input, unicode):
+            return input.encode('utf-8')
+        else:
+            return input
+
+    builtin_str = str
+    bytes = str
+    str = unicode
+
+
+elif is_py3:
+
+    def to_bytes(data):
+        """若输入为str（即unicode），则转为utf-8编码的bytes；其他则原样返回"""
+        if isinstance(data, str):
+            return data.encode(encoding='utf-8')
+        else:
+            return data
+
+    def to_string(data):
+        """若输入为bytes，则认为是utf-8编码，并返回str"""
+        if isinstance(data, bytes):
+            return data.decode('utf-8')
+        else:
+            return data
+
+    def to_unicode(data):
+        """把输入转换为unicode，要求输入是unicode或者utf-8编码的bytes。"""
+        return to_string(data)
+
+    def stringify(input):
+        return input
+
+    builtin_str = str
+    bytes = bytes
+    str = str
+
--- a/apps/common/const.py
+++ b/apps/common/const.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.utils.translation import ugettext as _
+
+create_success_msg = _("<b>%(name)s</b> was created successfully")
+update_success_msg = _("<b>%(name)s</b> was updated successfully")
--- a/apps/common/exceptions.py
+++ b/apps/common/exceptions.py
@@ -0,0 +1,3 @@
+# -*- coding: utf-8 -*-
+#
+
--- a/apps/common/fields.py
+++ b/apps/common/fields.py
@@ -0,0 +1,45 @@
+# -*- coding: utf-8 -*-
+#
+import json
+
+from django import forms
+from django.utils import six
+from django.core.exceptions import ValidationError
+from django.utils.translation import ugettext as _
+from rest_framework import serializers
+
+
+class DictField(forms.Field):
+    widget = forms.Textarea
+
+    def to_python(self, value):
+        """Returns a Python boolean object."""
+        # Explicitly check for the string 'False', which is what a hidden field
+        # will submit for False. Also check for '0', since this is what
+        # RadioSelect will provide. Because bool("True") == bool('1') == True,
+        # we don't need to handle that explicitly.
+        if isinstance(value, six.string_types):
+            try:
+                value = json.loads(value)
+                return value
+            except json.JSONDecodeError:
+                return ValidationError(_("Not a valid json"))
+        else:
+            return ValidationError(_("Not a string type"))
+
+    def validate(self, value):
+        if isinstance(value, ValidationError):
+            raise value
+        if not value and self.required:
+            raise ValidationError(self.error_messages['required'], code='required')
+
+    def has_changed(self, initial, data):
+        # Sometimes data or initial may be a string equivalent of a boolean
+        # so we should run it through to_python first to get a boolean value
+        return self.to_python(initial) != self.to_python(data)
+
+
+class StringIDField(serializers.Field):
+    def to_representation(self, value):
+        return {"pk": value.pk, "name": value.__str__()}
+
--- a/apps/common/forms.py
+++ b/apps/common/forms.py
@@ -0,0 +1,170 @@
+# -*- coding: utf-8 -*-
+#
+import json
+
+from django import forms
+from django.utils.translation import ugettext_lazy as _
+from django.utils.html import escape
+from django.db import transaction
+from django.conf import settings
+
+from .models import Setting
+from .fields import DictField
+
+
+def to_model_value(value):
+    try:
+        return json.dumps(value)
+    except json.JSONDecodeError:
+        return None
+
+
+def to_form_value(value):
+    try:
+        data = json.loads(value)
+        if isinstance(data, dict):
+            data = value
+        return data
+    except json.JSONDecodeError:
+        return ""
+
+
+class BaseForm(forms.Form):
+    def __init__(self, *args, **kwargs):
+        super().__init__(*args, **kwargs)
+        db_settings = Setting.objects.all()
+        for name, field in self.fields.items():
+            db_value = getattr(db_settings, name).value
+            django_value = getattr(settings, name) if hasattr(settings, name) else None
+            if db_value is False or db_value:
+                field.initial = to_form_value(db_value)
+            elif django_value is False or django_value:
+                field.initial = to_form_value(to_model_value(django_value))
+
+    def save(self, category="default"):
+        if not self.is_bound:
+            raise ValueError("Form is not bound")
+
+        db_settings = Setting.objects.all()
+        if self.is_valid():
+            with transaction.atomic():
+                for name, value in self.cleaned_data.items():
+                    field = self.fields[name]
+                    if isinstance(field.widget, forms.PasswordInput) and not value:
+                        continue
+                    if value == to_form_value(getattr(db_settings, name).value):
+                        continue
+
+                    defaults = {
+                        'name': name,
+                        'category': category,
+                        'value': to_model_value(value)
+                    }
+                    Setting.objects.update_or_create(defaults=defaults, name=name)
+        else:
+            raise ValueError(self.errors)
+
+
+class BasicSettingForm(BaseForm):
+    SITE_URL = forms.URLField(
+        label=_("Current SITE URL"),
+        help_text="eg: http://jumpserver.abc.com:8080"
+    )
+    USER_GUIDE_URL = forms.URLField(
+        label=_("User Guide URL"), required=False,
+        help_text=_("User first login update profile done redirect to it")
+    )
+    EMAIL_SUBJECT_PREFIX = forms.CharField(
+        max_length=1024, label=_("Email Subject Prefix"),
+        initial="[Jumpserver] "
+    )
+
+
+class EmailSettingForm(BaseForm):
+    EMAIL_HOST = forms.CharField(
+        max_length=1024, label=_("SMTP host"), initial='smtp.jumpserver.org'
+    )
+    EMAIL_PORT = forms.CharField(max_length=5, label=_("SMTP port"), initial=25)
+    EMAIL_HOST_USER = forms.CharField(
+        max_length=128, label=_("SMTP user"), initial='noreply@jumpserver.org'
+    )
+    EMAIL_HOST_PASSWORD = forms.CharField(
+        max_length=1024, label=_("SMTP password"), widget=forms.PasswordInput,
+        required=False, help_text=_("Some provider use token except password")
+    )
+    EMAIL_USE_SSL = forms.BooleanField(
+        label=_("Use SSL"), initial=False, required=False,
+        help_text=_("If SMTP port is 465, may be select")
+    )
+    EMAIL_USE_TLS = forms.BooleanField(
+        label=_("Use TLS"), initial=False, required=False,
+        help_text=_("If SMTP port is 587, may be select")
+    )
+
+
+class LDAPSettingForm(BaseForm):
+    AUTH_LDAP_SERVER_URI = forms.CharField(
+        label=_("LDAP server"), initial='ldap://localhost:389'
+    )
+    AUTH_LDAP_BIND_DN = forms.CharField(
+        label=_("Bind DN"), initial='cn=admin,dc=jumpserver,dc=org'
+    )
+    AUTH_LDAP_BIND_PASSWORD = forms.CharField(
+        label=_("Password"), initial='',
+        widget=forms.PasswordInput, required=False
+    )
+    AUTH_LDAP_SEARCH_OU = forms.CharField(
+        label=_("User OU"), initial='ou=tech,dc=jumpserver,dc=org'
+    )
+    AUTH_LDAP_SEARCH_FILTER = forms.CharField(
+        label=_("User search filter"), initial='(cn=%(user)s)',
+        help_text=_("Choice may be (cn|uid|sAMAccountName)=%(user)s)")
+    )
+    AUTH_LDAP_USER_ATTR_MAP = DictField(
+        label=_("User attr map"),
+        initial=json.dumps({
+            "username": "cn",
+            "name": "sn",
+            "email": "mail"
+        }),
+        help_text=_(
+            "User attr map present how to map LDAP user attr to jumpserver, username,name,email is jumpserver attr")
+    )
+    # AUTH_LDAP_GROUP_SEARCH_OU = CONFIG.AUTH_LDAP_GROUP_SEARCH_OU
+    # AUTH_LDAP_GROUP_SEARCH_FILTER = CONFIG.AUTH_LDAP_GROUP_SEARCH_FILTER
+    AUTH_LDAP_START_TLS = forms.BooleanField(
+        label=_("Use SSL"), initial=False, required=False
+    )
+    AUTH_LDAP = forms.BooleanField(label=_("Enable LDAP auth"), initial=False, required=False)
+
+
+class TerminalSettingForm(BaseForm):
+    SORT_BY_CHOICES = (
+        ('hostname', _('Hostname')),
+        ('ip', _('IP')),
+    )
+    TERMINAL_ASSET_LIST_SORT_BY = forms.ChoiceField(
+        choices=SORT_BY_CHOICES, initial='hostname', label=_("List sort by")
+    )
+    TERMINAL_HEARTBEAT_INTERVAL = forms.IntegerField(
+        initial=5, label=_("Heartbeat interval"), help_text=_("Units: seconds")
+    )
+    TERMINAL_PASSWORD_AUTH = forms.BooleanField(
+        initial=True, required=False, label=_("Password auth")
+    )
+    TERMINAL_PUBLIC_KEY_AUTH = forms.BooleanField(
+        initial=True, required=False, label=_("Public key auth")
+    )
+    TERMINAL_COMMAND_STORAGE = DictField(
+        label=_("Command storage"), help_text=_(
+            "Set terminal storage setting, `default` is the using as default,"
+            "You can set other storage and some terminal using"
+        )
+    )
+    TERMINAL_REPLAY_STORAGE = DictField(
+        label=_("Replay storage"), help_text=_(
+            "Set replay storage setting, `default` is the using as default,"
+            "You can set other storage and some terminal using"
+        )
+    )
+
--- a/apps/common/migrations/init.py
+++ b/apps/common/migrations/init.py
--- a/apps/common/mixins.py
+++ b/apps/common/mixins.py
@@ -0,0 +1,126 @@
+# coding: utf-8
+
+from django.db import models
+from django.http import JsonResponse
+from django.utils import timezone
+from django.utils.translation import ugettext_lazy as _
+from django.contrib.auth.mixins import UserPassesTestMixin
+
+
+class NoDeleteQuerySet(models.query.QuerySet):
+
+    def delete(self):
+        return self.update(is_discard=True, discard_time=timezone.now())
+
+
+class NoDeleteManager(models.Manager):
+
+    def get_all(self):
+        return NoDeleteQuerySet(self.model, using=self._db)
+
+    def get_queryset(self):
+        return NoDeleteQuerySet(self.model, using=self._db).filter(is_discard=False)
+
+    def get_deleted(self):
+        return NoDeleteQuerySet(self.model, using=self._db).filter(is_discard=True)
+
+
+class NoDeleteModelMixin(models.Model):
+    is_discard = models.BooleanField(verbose_name=_("is discard"), default=False)
+    discard_time = models.DateTimeField(verbose_name=_("discard time"), null=True, blank=True)
+
+    objects = NoDeleteManager()
+
+    class Meta:
+        abstract = True
+
+    def delete(self):
+        self.is_discard = True
+        self.discard_time = timezone.now()
+        return self.save()
+
+
+class JSONResponseMixin(object):
+    """JSON mixin"""
+    @staticmethod
+    def render_json_response(context):
+        return JsonResponse(context)
+
+
+class IDInFilterMixin(object):
+    def filter_queryset(self, queryset):
+        queryset = super(IDInFilterMixin, self).filter_queryset(queryset)
+        id_list = self.request.query_params.get('id__in')
+        if id_list:
+            import json
+            try:
+                ids = json.loads(id_list)
+            except Exception as e:
+                return queryset
+            if isinstance(ids, list):
+                queryset = queryset.filter(id__in=ids)
+        return queryset
+
+
+class BulkSerializerMixin(object):
+    """
+    Become rest_framework_bulk not support uuid as a primary key
+    so rewrite it. https://github.com/miki725/django-rest-framework-bulk/issues/66
+    """
+    def to_internal_value(self, data):
+        from rest_framework_bulk import BulkListSerializer
+        ret = super(BulkSerializerMixin, self).to_internal_value(data)
+
+        id_attr = getattr(self.Meta, 'update_lookup_field', 'id')
+        request_method = getattr(getattr(self.context.get('view'), 'request'), 'method', '')
+        # add update_lookup_field field back to validated data
+        # since super by default strips out read-only fields
+        # hence id will no longer be present in validated_data
+        if all((isinstance(self.root, BulkListSerializer),
+                id_attr,
+                request_method in ('PUT', 'PATCH'))):
+            id_field = self.fields[id_attr]
+            if data.get("id"):
+                id_value = id_field.to_internal_value(data.get("id"))
+            else:
+                id_value = id_field.to_internal_value(data.get("pk"))
+            ret[id_attr] = id_value
+
+        return ret
+
+
+class DatetimeSearchMixin:
+    date_format = '%Y-%m-%d'
+    date_from = date_to = None
+
+    def get(self, request, *args, **kwargs):
+        date_from_s = self.request.GET.get('date_from')
+        date_to_s = self.request.GET.get('date_to')
+
+        if date_from_s:
+            date_from = timezone.datetime.strptime(date_from_s, self.date_format)
+            tz = timezone.get_current_timezone()
+            self.date_from = tz.localize(date_from)
+        else:
+            self.date_from = timezone.now() - timezone.timedelta(7)
+
+        if date_to_s:
+            date_to = timezone.datetime.strptime(
+                date_to_s + ' 23:59:59', self.date_format + ' %H:%M:%S'
+            )
+            self.date_to = date_to.replace(
+                tzinfo=timezone.get_current_timezone()
+            )
+        else:
+            self.date_to = timezone.now()
+        return super().get(request, *args, **kwargs)
+
+
+class AdminUserRequiredMixin(UserPassesTestMixin):
+    def test_func(self):
+        if not self.request.user.is_authenticated:
+            return False
+        elif not self.request.user.is_superuser:
+            self.raise_exception = True
+            return False
+        return True
--- a/apps/common/models.py
+++ b/apps/common/models.py
@@ -0,0 +1,81 @@
+import json
+
+import ldap
+from django.db import models
+from django.db.utils import ProgrammingError, OperationalError
+from django.utils.translation import ugettext_lazy as _
+from django.conf import settings
+from django_auth_ldap.config import LDAPSearch
+
+
+class SettingQuerySet(models.QuerySet):
+    def __getattr__(self, item):
+        instances = self.filter(name=item)
+        if len(instances) == 1:
+            return instances[0]
+        else:
+            return Setting()
+
+
+class SettingManager(models.Manager):
+    def get_queryset(self):
+        return SettingQuerySet(self.model, using=self._db)
+
+
+class Setting(models.Model):
+    name = models.CharField(max_length=128, unique=True, verbose_name=_("Name"))
+    value = models.TextField(verbose_name=_("Value"))
+    category = models.CharField(max_length=128, default="default")
+    enabled = models.BooleanField(verbose_name=_("Enabled"), default=True)
+    comment = models.TextField(verbose_name=_("Comment"))
+
+    objects = SettingManager()
+
+    def __str__(self):
+        return self.name
+
+    @property
+    def cleaned_value(self):
+        try:
+            return json.loads(self.value)
+        except json.JSONDecodeError:
+            return None
+
+    @cleaned_value.setter
+    def cleaned_value(self, item):
+        try:
+            v = json.dumps(item)
+            self.value = v
+        except json.JSONDecodeError as e:
+            raise ValueError("Json dump error: {}".format(str(e)))
+
+    @classmethod
+    def refresh_all_settings(cls):
+        try:
+            settings_list = cls.objects.all()
+            for setting in settings_list:
+                setting.refresh_setting()
+        except (ProgrammingError, OperationalError):
+            pass
+
+    def refresh_setting(self):
+        try:
+            value = json.loads(self.value)
+        except json.JSONDecodeError:
+            return
+        setattr(settings, self.name, value)
+
+        if self.name == "AUTH_LDAP":
+            if self.cleaned_value and settings.AUTH_LDAP_BACKEND not in settings.AUTHENTICATION_BACKENDS:
+                settings.AUTHENTICATION_BACKENDS.insert(0, settings.AUTH_LDAP_BACKEND)
+            elif not self.cleaned_value and settings.AUTH_LDAP_BACKEND in settings.AUTHENTICATION_BACKENDS:
+                settings.AUTHENTICATION_BACKENDS.remove(settings.AUTH_LDAP_BACKEND)
+
+        if self.name == "AUTH_LDAP_SEARCH_FILTER":
+            settings.AUTH_LDAP_USER_SEARCH = LDAPSearch(
+                settings.AUTH_LDAP_SEARCH_OU, ldap.SCOPE_SUBTREE,
+                settings.AUTH_LDAP_SEARCH_FILTER,
+            )
+
+    class Meta:
+        db_table = "settings"
--- a/apps/common/permissions.py
+++ b/apps/common/permissions.py
@@ -0,0 +1,52 @@
+# -*- coding: utf-8 -*-
+#
+
+from rest_framework import permissions
+
+
+class IsValidUser(permissions.IsAuthenticated, permissions.BasePermission):
+    """Allows access to valid user, is active and not expired"""
+
+    def has_permission(self, request, view):
+        return super(IsValidUser, self).has_permission(request, view) \
+            and request.user.is_valid
+
+
+class IsAppUser(IsValidUser):
+    """Allows access only to app user """
+
+    def has_permission(self, request, view):
+        return super(IsAppUser, self).has_permission(request, view) \
+            and request.user.is_app
+
+
+class IsSuperUser(IsValidUser):
+    """Allows access only to superuser"""
+
+    def has_permission(self, request, view):
+        return super(IsSuperUser, self).has_permission(request, view) \
+            and request.user.is_superuser
+
+
+class IsSuperUserOrAppUser(IsValidUser):
+    """Allows access between superuser and app user"""
+
+    def has_permission(self, request, view):
+        return super(IsSuperUserOrAppUser, self).has_permission(request, view) \
+            and (request.user.is_superuser or request.user.is_app)
+
+
+class IsSuperUserOrAppUserOrUserReadonly(IsSuperUserOrAppUser):
+    def has_permission(self, request, view):
+        if IsValidUser.has_permission(self, request, view) \
+                and request.method in permissions.SAFE_METHODS:
+            return True
+        else:
+            return IsSuperUserOrAppUser.has_permission(self, request, view)
+
+
+class IsCurrentUserOrReadOnly(permissions.BasePermission):
+    def has_object_permission(self, request, view, obj):
+        if request.method in permissions.SAFE_METHODS:
+            return True
+        return obj == request.user
--- a/apps/common/serializers.py
+++ b/apps/common/serializers.py
@@ -0,0 +1,21 @@
+from rest_framework import serializers
+
+
+class MailTestSerializer(serializers.Serializer):
+    EMAIL_HOST = serializers.CharField(max_length=1024, required=True)
+    EMAIL_PORT = serializers.IntegerField(default=25)
+    EMAIL_HOST_USER = serializers.CharField(max_length=1024)
+    EMAIL_HOST_PASSWORD = serializers.CharField()
+    EMAIL_USE_SSL = serializers.BooleanField(default=False)
+    EMAIL_USE_TLS = serializers.BooleanField(default=False)
+
+
+class LDAPTestSerializer(serializers.Serializer):
+    AUTH_LDAP_SERVER_URI = serializers.CharField(max_length=1024)
+    AUTH_LDAP_BIND_DN = serializers.CharField(max_length=1024)
+    AUTH_LDAP_BIND_PASSWORD = serializers.CharField()
+    AUTH_LDAP_SEARCH_OU = serializers.CharField()
+    AUTH_LDAP_SEARCH_FILTER = serializers.CharField()
+    AUTH_LDAP_USER_ATTR_MAP = serializers.CharField()
+    AUTH_LDAP_START_TLS = serializers.BooleanField(required=False)
+
--- a/apps/common/signals.py
+++ b/apps/common/signals.py
@@ -0,0 +1,7 @@
+# -*- coding: utf-8 -*-
+#
+
+from django.dispatch import Signal
+
+django_ready = Signal()
+ldap_auth_enable = Signal(providing_args=["enabled"])
--- a/apps/common/signals_handler.py
+++ b/apps/common/signals_handler.py
@@ -0,0 +1,44 @@
+# -*- coding: utf-8 -*-
+#
+from django.dispatch import receiver
+from django.db.models.signals import post_save
+from django.conf import settings
+from django.db.utils import ProgrammingError, OperationalError
+
+from .models import Setting
+from .utils import get_logger
+from .signals import django_ready, ldap_auth_enable
+
+logger = get_logger(__file__)
+
+
+@receiver(post_save, sender=Setting, dispatch_uid="my_unique_identifier")
+def refresh_settings_on_changed(sender, instance=None, **kwargs):
+    logger.debug("Receive setting item change")
+    logger.debug("  - refresh setting: {}".format(instance.name))
+    if instance:
+        instance.refresh_setting()
+
+
+@receiver(django_ready, dispatch_uid="my_unique_identifier")
+def refresh_all_settings_on_django_ready(sender, **kwargs):
+    logger.debug("Receive django ready signal")
+    logger.debug("  - fresh all settings")
+    try:
+        Setting.refresh_all_settings()
+    except (ProgrammingError, OperationalError):
+        pass
+
+
+@receiver(ldap_auth_enable, dispatch_uid="my_unique_identifier")
+def ldap_auth_on_changed(sender, enabled=True, **kwargs):
+    if enabled:
+        logger.debug("Enable LDAP auth")
+        if settings.AUTH_LDAP_BACKEND not in settings.AUTH_LDAP_BACKEND:
+            settings.AUTHENTICATION_BACKENDS.insert(0, settings.AUTH_LDAP_BACKEND)
+
+    else:
+        logger.debug("Disable LDAP auth")
+        if settings.AUTH_LDAP_BACKEND in settings.AUTHENTICATION_BACKENDS:
+            settings.AUTHENTICATION_BACKENDS.remove(settings.AUTH_LDAP_BACKEND)
+
--- a/apps/common/tasks.py
+++ b/apps/common/tasks.py
@@ -0,0 +1,33 @@
+from django.core.mail import send_mail
+from django.conf import settings
+from .celery import app
+from .utils import get_logger
+
+
+logger = get_logger(__file__)
+
+
+@app.task
+def send_mail_async(*args, **kwargs):
+    """ Using celery to send email async
+
+    You can use it as django send_mail function
+
+    Example:
+    send_mail_sync.delay(subject, message, from_mail, recipient_list, fail_silently=False, html_message=None)
+
+    Also you can ignore the from_mail, unlike django send_mail, from_email is not a require args:
+
+    Example:
+    send_mail_sync.delay(subject, message, recipient_list, fail_silently=False, html_message=None)
+    """
+    if len(args) == 3:
+        args = list(args)
+        args[0] = settings.EMAIL_SUBJECT_PREFIX + args[0]
+        args.insert(2, settings.EMAIL_HOST_USER)
+        args = tuple(args)
+
+    try:
+        send_mail(*args, **kwargs)
+    except Exception as e:
+        logger.error("Sending mail error: {}".format(e))
--- a/apps/common/templates/common/basic_setting.html
+++ b/apps/common/templates/common/basic_setting.html
@@ -0,0 +1,103 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load common_tags %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li class="active">
+                                <a href="" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Basic setting' %}</a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:email-setting' %}"  class="text-center"><i class="fa fa-envelope"></i> {% trans 'Email setting' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:ldap-setting' %}" class="text-center"><i class="fa fa-archive"></i> {% trans 'LDAP setting' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:terminal-setting' %}" class="text-center"><i class="fa fa-hdd-o"></i> {% trans 'Terminal setting' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-12" style="padding-left:0">
+                                <div class="ibox-content" style="border-width: 0;padding-top: 40px;">
+                                    <form action="" method="post" class="form-horizontal">
+                                    {% if form.non_field_errors %}
+                                         <div class="alert alert-danger">
+                                             {{ form.non_field_errors }}
+                                         </div>
+                                    {% endif %}
+                                    {% csrf_token %}
+                                    {% for field in form %}
+                                        {% if not field.field|is_bool_field %}
+                                            {% bootstrap_field field layout="horizontal" %}
+                                        {% else %}
+                                            <div class="form-group">
+                                                <label for="{{ field.id_for_label }}" class="col-sm-2 control-label">{{ field.label }}</label>
+                                                <div class="col-sm-8">
+                                                    <div class="col-sm-1">
+                                                        {{ field }}
+                                                    </div>
+                                                    <div class="col-sm-9">
+                                                        <span class="help-block" >{{ field.help_text }}</span>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        {% endif %}
+                                    {% endfor %}
+                                    <div class="hr-line-dashed"></div>
+                                    <div class="form-group">
+                                        <div class="col-sm-4 col-sm-offset-2">
+                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                        </div>
+                                    </div>
+                                    </form>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+$(document).ready(function () {
+})
+.on("click", ".btn-test", function () {
+    var data = {};
+    var form = $("form").serializeArray();
+    $.each(form, function (i, field) {
+        data[field.name] = field.value;
+    });
+
+    var the_url = "{% url 'api-common:mail-testing' %}";
+
+    function error(message) {
+        toastr.error(message)
+    }
+
+    function success(message) {
+        toastr.success(message.msg)
+    }
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(data),
+        method: "POST",
+        flash_message: false,
+        success: success,
+        error: error
+    });
+
+})
+</script>
+{% endblock %}
--- a/apps/common/templates/common/email_setting.html
+++ b/apps/common/templates/common/email_setting.html
@@ -0,0 +1,104 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load common_tags %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'settings:basic-setting' %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Basic setting' %}</a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'settings:email-setting' %}"  class="text-center"><i class="fa fa-envelope"></i> {% trans 'Email setting' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:ldap-setting' %}" class="text-center"><i class="fa fa-archive"></i> {% trans 'LDAP setting' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:terminal-setting' %}" class="text-center"><i class="fa fa-hdd-o"></i> {% trans 'Terminal setting' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-12" style="padding-left:0">
+                                <div class="ibox-content" style="border-width: 0;padding-top: 40px;">
+                                    <form action="" method="post" class="form-horizontal">
+                                    {% if form.non_field_errors %}
+                                         <div class="alert alert-danger">
+                                             {{ form.non_field_errors }}
+                                         </div>
+                                    {% endif %}
+                                    {% csrf_token %}
+                                    {% for field in form %}
+                                        {% if not field.field|is_bool_field %}
+                                            {% bootstrap_field field layout="horizontal" %}
+                                        {% else %}
+                                            <div class="form-group">
+                                                <label for="{{ field.id_for_label }}" class="col-sm-2 control-label">{{ field.label }}</label>
+                                                <div class="col-sm-8">
+                                                    <div class="col-sm-1">
+                                                        {{ field }}
+                                                    </div>
+                                                    <div class="col-sm-9">
+                                                        <span class="help-block" >{{ field.help_text }}</span>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        {% endif %}
+                                    {% endfor %}
+                                    <div class="hr-line-dashed"></div>
+                                    <div class="form-group">
+                                        <div class="col-sm-4 col-sm-offset-2">
+                                            <button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
+                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                        </div>
+                                    </div>
+                                    </form>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+$(document).ready(function () {
+})
+.on("click", ".btn-test", function () {
+    var data = {};
+    var form = $("form").serializeArray();
+    $.each(form, function (i, field) {
+        data[field.name] = field.value;
+    });
+
+    var the_url = "{% url 'api-common:mail-testing' %}";
+
+    function error(message) {
+        toastr.error(message)
+    }
+
+    function success(message) {
+        toastr.success(message.msg)
+    }
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(data),
+        method: "POST",
+        flash_message: false,
+        success: success,
+        error: error
+    });
+
+})
+</script>
+{% endblock %}
--- a/apps/common/templates/common/ldap_setting.html
+++ b/apps/common/templates/common/ldap_setting.html
@@ -0,0 +1,103 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load common_tags %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'settings:basic-setting' %}" class="text-center"><i class="fa fa-cubes"></i> {% trans 'Basic setting' %}</a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:email-setting' %}"  class="text-center"><i class="fa fa-envelope"></i> {% trans 'Email setting' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'settings:ldap-setting' %}" class="text-center"><i class="fa fa-archive"></i> {% trans 'LDAP setting' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:terminal-setting' %}" class="text-center"><i class="fa fa-hdd-o"></i> {% trans 'Terminal setting' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-12" style="padding-left:0">
+                                <div class="ibox-content" style="border-width: 0;padding-top: 40px;">
+                                    <form action="" method="post" class="form-horizontal">
+                                    {% if form.non_field_errors %}
+                                         <div class="alert alert-danger">
+                                             {{ form.non_field_errors }}
+                                         </div>
+                                    {% endif %}
+                                    {% csrf_token %}
+                                    {% for field in form %}
+                                        {% if not field.field|is_bool_field %}
+                                            {% bootstrap_field field layout="horizontal" %}
+                                        {% else %}
+                                            <div class="form-group">
+                                                <label for="{{ field.id_for_label }}" class="col-sm-2 control-label">{{ field.label }}</label>
+                                                <div class="col-sm-8">
+                                                    <div class="col-sm-1">
+                                                        {{ field }}
+                                                    </div>
+                                                    <div class="col-sm-9">
+                                                        <span class="help-block" >{{ field.help_text }}</span>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        {% endif %}
+                                    {% endfor %}
+                                    <div class="hr-line-dashed"></div>
+                                    <div class="form-group">
+                                        <div class="col-sm-4 col-sm-offset-2">
+                                            <button class="btn btn-default btn-test" type="button"> {% trans 'Test connection' %}</button>
+                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                                            <button id="submit_button" class="btn btn-primary" type="submit">{% trans 'Submit' %}</button>
+                                        </div>
+                                    </div>
+                                    </form>
+                                </div>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+<script>
+$(document).ready(function () {
+})
+.on("click", ".btn-test", function () {
+    var data = {};
+    var form = $("form").serializeArray();
+    $.each(form, function (i, field) {
+        data[field.name] = field.value;
+    });
+
+    var the_url = "{% url 'api-common:ldap-testing' %}";
+
+    function error(message) {
+        toastr.error(message)
+    }
+
+    function success(message) {
+        toastr.success(message.msg)
+    }
+    APIUpdateAttr({
+        url: the_url,
+        body: JSON.stringify(data),
+        method: "POST",
+        flash_message: false,
+        success: success,
+        error: error
+    });
+})
+</script>
+{% endblock %}
--- a/apps/common/templates/common/terminal_setting.html
+++ b/apps/common/templates/common/terminal_setting.html
@@ -0,0 +1,150 @@
+{% extends 'base.html' %}
+{% load static %}
+{% load bootstrap3 %}
+{% load i18n %}
+{% load common_tags %}
+
+{% block content %}
+    <div class="wrapper wrapper-content animated fadeInRight">
+        <div class="row">
+            <div class="col-sm-12">
+                <div class="ibox float-e-margins">
+                    <div class="panel-options">
+                        <ul class="nav nav-tabs">
+                            <li>
+                                <a href="{% url 'settings:basic-setting' %}" class="text-center"><i
+                                        class="fa fa-cubes"></i> {% trans 'Basic setting' %}</a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:email-setting' %}" class="text-center"><i
+                                        class="fa fa-envelope"></i> {% trans 'Email setting' %} </a>
+                            </li>
+                            <li>
+                                <a href="{% url 'settings:ldap-setting' %}" class="text-center"><i
+                                        class="fa fa-archive"></i> {% trans 'LDAP setting' %} </a>
+                            </li>
+                            <li class="active">
+                                <a href="{% url 'settings:terminal-setting' %}" class="text-center"><i
+                                        class="fa fa-hdd-o"></i> {% trans 'Terminal setting' %} </a>
+                            </li>
+                        </ul>
+                    </div>
+                    <div class="tab-content">
+                        <div class="col-sm-12" style="padding-left:0">
+                            <div class="ibox-content" style="border-width: 0;padding-top: 40px;">
+                                <form action="" method="post" class="form-horizontal">
+                                    {% if form.non_field_errors %}
+                                        <div class="alert alert-danger">
+                                            {{ form.non_field_errors }}
+                                        </div>
+                                    {% endif %}
+                                    {% csrf_token %}
+                                    <h3>{% trans "Basic setting" %}</h3>
+                                    {% for field in form %}
+                                        {% if not field.field|is_bool_field %}
+                                            {% bootstrap_field field layout="horizontal" %}
+                                        {% else %}
+                                            <div class="form-group">
+                                                <label for="{{ field.id_for_label }}"
+                                                       class="col-sm-2 control-label">{{ field.label }}</label>
+                                                <div class="col-sm-8">
+                                                    <div class="col-sm-1">
+                                                        {{ field }}
+                                                    </div>
+                                                    <div class="col-sm-9">
+                                                        <span class="help-block">{{ field.help_text }}</span>
+                                                    </div>
+                                                </div>
+                                            </div>
+                                        {% endif %}
+                                    {% endfor %}
+
+                                    <div class="hr-line-dashed"></div>
+                                    <h3>{% trans "Command storage" %}</h3>
+                                    <table class="table table-hover " id="task-history-list-table">
+                                        <thead>
+                                        <tr>
+                                            <th>{% trans 'Name' %}</th>
+                                            <th>{% trans 'Type' %}</th>
+                                        </tr>
+                                        </thead>
+                                        <tbody>
+                                        {% for name, setting in command_storage.items %}
+                                            <tr>
+                                                <td>{{ name }}</td>
+                                                <td>{{ setting.TYPE }}</td>
+                                            </tr>
+                                        {% endfor %}
+                                        </tbody>
+                                    </table>
+                                    <div class="hr-line-dashed"></div>
+                                    <h3>{% trans "Replay storage" %}</h3>
+                                    <table class="table table-hover " id="task-history-list-table">
+                                        <thead>
+                                        <tr>
+                                            <th>{% trans 'Name' %}</th>
+                                            <th>{% trans 'Type' %}</th>
+                                        </tr>
+                                        </thead>
+                                        <tbody>
+                                        {% for name, setting in replay_storage.items %}
+                                            <tr>
+                                                <td>{{ name }}</td>
+                                                <td>{{ setting.TYPE }}</td>
+                                            </tr>
+                                        {% endfor %}
+                                        </tbody>
+                                    </table>
+                                    <div class="hr-line-dashed"></div>
+                                    <div class="form-group">
+                                        <div class="col-sm-4 col-sm-offset-2">
+                                            <button class="btn btn-default" type="reset"> {% trans 'Reset' %}</button>
+                                            <button id="submit_button" class="btn btn-primary"
+                                                    type="submit">{% trans 'Submit' %}</button>
+                                        </div>
+                                    </div>
+                                </form>
+                            </div>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+    </div>
+{% endblock %}
+{% block custom_foot_js %}
+    <script>
+        $(document).ready(function () {
+        })
+            .on("click", ".btn-test", function () {
+                var data = {};
+                var form = $("form").serializeArray();
+                $.each(form, function (i, field) {
+                    data[field.name] = field.value;
+                });
+
+                var the_url = "{% url 'api-common:ldap-testing' %}";
+
+                function error(message) {
+                    toastr.error(message)
+                }
+
+                function success(message) {
+                    toastr.success(message.msg)
+                }
+
+                APIUpdateAttr({
+                    url: the_url,
+                    body: JSON.stringify(data),
+                    method: "POST",
+                    flash_message: false,
+                    success: success,
+                    error: error
+                });
+            })
+            .on('click', '', function () {
+
+            })
+    </script>
+{% endblock %}
--- a/apps/common/templatetags/init.py
+++ b/apps/common/templatetags/init.py
--- a/apps/common/templatetags/common_tags.py
+++ b/apps/common/templatetags/common_tags.py
@@ -0,0 +1,102 @@
+# ~*~ coding: utf-8 ~*~
+
+from django import template
+from django.utils import timezone
+from django.utils.translation import gettext as _
+from django.utils.html import escape
+from django import forms
+
+register = template.Library()
+
+
+@register.filter
+def join_queryset_attr(queryset, attr, delimiter=', '):
+    return delimiter.join([getattr(obj, attr, '') for obj in queryset])
+
+
+@register.filter
+def pagination_range(total_page, current_num=1, display=5):
+    """Return Page range
+
+    :param total_page: Total numbers of paginator
+    :param current_num: current display page num
+    :param display: Display as many as [:display:] page
+
+    In order to display many page num on web like:
+    < 1 2 3 4 5 >
+    """
+    try:
+        current_num = int(current_num)
+    except ValueError:
+        current_num = 1
+
+    half_display = int(display/2)
+    start = current_num - half_display if current_num > half_display else 1
+    if start + display <= total_page:
+        end = start + display
+    else:
+        end = total_page + 1
+        start = end - display if end > display else 1
+
+    return range(start, end)
+
+
+@register.filter
+def join_attr(seq, attr=None, sep=None):
+    if sep is None:
+        sep = ', '
+    if attr is not None:
+        seq = [getattr(obj, attr) for obj in seq]
+    return sep.join(seq)
+
+
+@register.filter
+def int_to_str(value):
+    return str(value)
+
+
+@register.filter
+def ts_to_date(ts):
+    try:
+        ts = float(ts)
+    except (TypeError, ValueError):
+        ts = 0
+    dt = timezone.datetime.fromtimestamp(ts).\
+        replace(tzinfo=timezone.get_current_timezone())
+    return dt.strftime('%Y-%m-%d %H:%M:%S')
+
+
+@register.filter
+def to_html(s):
+    return escape(s).replace('\n', '<br />')
+
+
+@register.filter
+def time_util_with_seconds(date_from, date_to):
+    if not date_from:
+        return ''
+    if not date_to:
+        return ''
+        date_to = timezone.now()
+
+    delta = date_to - date_from
+    seconds = delta.seconds
+    if seconds < 60:
+        return '{} s'.format(seconds)
+    elif seconds < 60*60:
+        return '{} m'.format(seconds//60)
+    else:
+        return '{} h'.format(seconds//3600)
+
+
+@register.filter
+def is_bool_field(field):
+    if isinstance(field, forms.BooleanField):
+        return True
+    else:
+        return False
+
+
+@register.filter
+def to_dict(data):
+    return dict(data)
--- a/apps/common/tests.py
+++ b/apps/common/tests.py
--- a/apps/common/urls/api_urls.py
+++ b/apps/common/urls/api_urls.py
@@ -0,0 +1,13 @@
+from __future__ import absolute_import
+
+from django.conf.urls import url
+
+from .. import api
+
+app_name = 'common'
+
+urlpatterns = [
+    url(r'^v1/mail/testing/$', api.MailTestingAPI.as_view(), name='mail-testing'),
+    url(r'^v1/ldap/testing/$', api.LDAPTestingAPI.as_view(), name='ldap-testing'),
+    url(r'^v1/django-settings/$', api.DjangoSettingsAPI.as_view(), name='django-settings'),
+]
--- a/Show More
+++ b/Show More