|
|
Jumpserver是全球首款完全开源的堡垒机,是符合 4A 的专业运维审计系统。 http://www.jumpserver.org6 A9 Q9 P- g. A$ w9 E& t6 [
9 }2 J% P3 Z+ a, E( V, fjms很好用,但是引入公司内部,也会有一些问题,比如资产导入,资产和项目关联,如何和现有cmdb打通等问题。我这里只是抛砖引玉,介绍下jms如何二次开发,做企业定制化版的jumpserver,打通DevOps系统的方法。/ Y# [5 Q' `' a7 d5 s9 d8 j" ~
首先,以增加项目管理 这个功能为例,说说堡垒机如何二次开发的。
% Z1 J# y- v- Y8 B
) h% F# s# o- p基于版本 Version 1.4.10-2 GPLv2.# a. S @& ]% h5 g: Q" B
* S9 N; |% V- F7 R5 @一、概述. [6 I" x1 p' |' m
Jumpserver用的是python的django框架开发,API 采用了DRF(Django REST framework),基于CBV(Class-based views)开发模式,因此,二次开发也是比较简单的,一般先定义model,然后写api,再使用template渲染,前端基本用datatables较多。
e4 W+ e3 M. e" ^' E7 m2 \" t l8 M% w S. K3 \0 g5 d; u) q% C
实现效果:) f; a# m1 v" p1 v5 P' C+ ~
项目管理! ^, b8 x/ i2 }: I
项目详情
( I- K( g8 G3 U) Q# `项目详情20 N9 Y$ r+ E# U8 I( b$ M% ?7 q
' B* O" S; B0 H* w1 E
二、实战7 A2 F3 Q; w% H9 E: ~" {5 k0 l, F
项目(project)管理或者说是服务(service)管理,服务和主机是有关系的,我这里一个主机可以部署多个服务,同时一个服务也可以部署在多台主机上,所以是多堆多的关系
* B! i* m7 S! L- S* i
4 B2 _1 ?: V. r3 @2 z: ^) a2.1 定义project model
! o! {" d1 W% ujumpserver/apps/assets/models/project.py: d! w. `/ F% K5 j) c
. I9 L: P' }7 R4 C
/ V/ Q% U0 X% K* G: V. J: K
0 H( B2 ^/ y& U4 e o1 O% u
#!/usr/bin/env python
1 G- b7 K! x* V: r2 f2 h# -*- coding: utf-8 -*-
) t) F: Q2 j" c1 ^5 F x6 Y/ @& i
! B- i4 R/ @% D$ J+ q! _' yfrom __future__ import unicode_literals" Z; G9 X" n( D, o) |- `3 t- _# d
( i& Q/ J& {& ~) ufrom django.db import models# p! N8 k: @9 l0 _
import logging! E! n% K5 D8 q) b: Z5 Z# z% c
from django.utils.translation import ugettext_lazy as _
0 K2 Z: u4 n! iimport uuid
* P/ r8 Q8 v0 I: r8 C: P" g) Zfrom django.core.cache import cache
' c# W6 r5 [$ z/ d
. C O4 p5 W: x Z6 V__all__ = ['Project', 'TYPE_CHOICES']1 Q( p5 `/ Q. c) _* h B. c4 \ ?
logger = logging.getLogger(__name__)% \$ {! v( c. J: Y0 \( u, `
1 G3 c9 s' ^, Z" U$ s2 J; XTYPE_CHOICES = (
+ e2 u* Q$ g" n% @& N ('Java', 'java'),
8 z% g$ }' U$ k% t! ? ('React', 'react'),. w# G$ ]2 G/ ^, y6 [
('Cpp', 'c++'),; [- W- Y" z3 \4 G7 [# b. a& K
('Python', 'python'), M ]- u o: h! u7 ^& h$ r
('Middleware', 'Middleware'),4 m" z7 a- V/ J* U# T$ O" s' u
('Other', 'Other'),1 ^; ~% Q% K4 _7 G- G
)5 m6 p/ h( M" k$ L, ^
4 X H7 l5 l% u0 J
( U3 t" G1 e5 H- ?1 ?; E9 Eclass Project(models.Model):
7 e! T3 _4 D! w8 d0 `, Q6 x TYPE_CHOICES =TYPE_CHOICES
' C1 f7 `9 ?' v* W; ?9 O9 S+ y/ Y7 b4 R) `
id = models.UUIDField(default=uuid.uuid4, primary_key=True)' f1 d! E) V/ r/ a
name = models.CharField(max_length=64, unique=True, verbose_name=_('Name'))
" \- u+ q' r8 L( S' Z. k3 @5 C; l \8 ^% j; E& T, L& n( p) B
parent = models.ForeignKey('self', null=True, blank=True, related_name="children", on_delete=models.SET_NULL)5 X1 b/ ], M4 R8 Z; x/ o
7 {9 O4 {0 r- R+ Z7 M, n' m
domain_name = models.CharField(max_length=64, blank=True, verbose_name=_('Domain Name'))
# |4 e/ G' s% j Y( ^3 C0 Y git_address = models.CharField(max_length=128, blank=True, verbose_name=_('Git Address'))
% m: w& l( f u/ p7 r port = models.IntegerField(blank=True, null=True, verbose_name=_('Open port'))
& d2 b* L- B# q, A/ Y( P1 ]# Y type = models.CharField(choices=TYPE_CHOICES, max_length=16, blank=True, null=True,( U0 X$ W7 s& R$ }" [+ A$ g' j
default='Java', verbose_name=_('Project type'), )
$ h% N$ U/ h: z& ?! u- @ dev_users = models.ManyToManyField(
/ W8 @2 K7 {7 l, e h( { 'users.User', related_name='users1',1 H: w; @, `& A" E. R" V) U9 w/ e
blank=True, verbose_name=_('Dev Users')4 s$ h% J* q0 {
)) l3 S8 ~3 ^- @7 }/ G
sa_users = models.ManyToManyField(
$ C& t! j: k" j$ ?* L9 v 'users.User', related_name='users2',
! j; P1 z$ k, B1 S3 a+ E9 B blank=True, verbose_name=_('Sa Users')
" ?4 D5 y V5 `& e; t7 _ )
) ?8 Y4 N8 X+ K; o scrum_master = models.ForeignKey('users.User', on_delete=models.SET_NULL, null=True, verbose_name=_('Scrum Master'))
/ _2 I% H7 k5 q" _3 x3 V0 [: t created_by = models.CharField(max_length=32, blank=True, verbose_name=_('Created by'))8 D: w1 b7 V" |; D5 W0 l
updated_by = models.CharField(max_length=32, blank=True, verbose_name=_('Updated by'))
4 b" W* Y- Q9 @; Y& s8 } date_created = models.DateTimeField(auto_now_add=True, null=True, verbose_name=_('Date created'))
! J; u" g% C; z" h date_updated = models.DateTimeField(auto_now=True, null=True, verbose_name=_('Date updated'))
* h* R+ _) m* Z1 s comment = models.TextField(blank=True, verbose_name=_('Comment'))
! s9 @) W. A1 U5 s4 m% Z* d! R. T level = models.IntegerField(default=0, verbose_name=_('Level'))! w3 r) j" h) U; t4 \
2 s" r' M6 @: C: [3 `9 e: w, l6 _
def __unicode__(self):" q/ L! _% K7 ^$ y- W0 d4 f
return self.name
* p8 n- a& p6 M$ j1 I+ y7 } __str__ = __unicode__
. F M0 l" G( n2 i( E6 u Z1 n, I4 i. |0 q: x# z; F: r
@property+ O' I# |( K4 L% ~: e3 s }
def all_sa_users(self):
0 C( r# w( e. A9 ?% y- o7 a return [user.name for user in self.sa_users.all()]
$ S0 `' ~* N3 U" D, c6 u/ m- m5 g8 ~: l/ g- f
@property ?3 O6 W9 z. @! Z; N
def all_dev_users(self):1 E& Z, q+ H$ A9 O& a) I$ M4 p
return [user.name for user in self.dev_users.all()]
* r' X2 F, m9 B, ?
5 i- J$ J+ L& M! n def get_related_assets(self):
( o' M$ a' e( f( _7 S% x$ H assets = self.assets.all()
2 K1 `. ]& t& [' ]. [0 D$ V, |6 c return assets. H+ V( n' W7 A
- d1 S" r, C# x5 M) p def get_related_assets_ip(self):
/ r+ b7 H3 |4 L5 J7 m l( U; ] assets = self.assets.all()( E5 o0 v7 c2 V% [3 l6 Y/ s
return [{'ip': asset.ip, 'environment': asset.environment} for asset in assets], M0 n- A: [; T; t6 [5 m! N3 y
2 F8 e7 Y/ T; W1 v @property
1 h9 F& {0 r' A3 s def all_assets_ip(self):
6 Y0 d( B9 [. I2 s* z return self.get_related_assets_ip()! `2 x4 i; [- f8 b. t y$ {& ]* Q2 T) m
+ L0 h8 {6 L$ ? o' F! n( C& G class Meta:
3 G; K! u2 q* W8 q0 D1 o ordering = ['name']
9 n# i# ^0 C4 h4 A2.2 修改asset model
5 S0 U" k* {4 J+ |jumpserver/apps/assets/models/asset.py
% K8 \& ^7 m/ c( S9 U) [4 ^5 ^6 ~4 U/ g& P- D3 f) ^
& q6 Y& |% J1 `5 z
# {: a+ j' T+ j; C& C% T' O0 ]$ m
# 增加环境定义
4 ?- S% {. f5 r9 Y; D, L1 pENV_CHOICES = (
1 p) c6 m' a/ } e ('DEV', 'dev'),! t6 f/ n2 c* c9 ~0 Q
('TEST', 'test'),
0 ]7 k( D8 @, o' n& H ('DEMO', 'demo'),/ s. S1 Z3 [, ?8 h% c3 ]$ M
('TDEMO', 'tdemo'),
3 J: c9 m1 z: z7 _ ('PROD', 'prod'),
$ f8 d) V" w; r: m4 G1 R r ('Other', 'other'),& p) K7 V- h. I
)* _. N$ j) s7 Q* j. |- z. ~
environment = models.CharField(max_length=32, choices=ENV_CHOICES, default='DEV', verbose_name=_('Environment'))
) B' Q) B9 S- X# f/ o# Project 和 asset 多对多关系/ g* Q2 S: R1 z" X
projects = models.ManyToManyField(Project, blank=True, verbose_name=_('Projects'), related_name='assets', )
# i, u' j2 ^' F: N& c* P. U2.3 加入全局变量中init! p7 _& { L v3 u8 Q9 P5 C
jumpserver/apps/assets/models/init.py 末尾增加
8 b, `7 {3 Q, R- v
+ L* ^9 E/ m* H- k! T1+ ]8 X9 [4 w; M7 c: _4 Z6 r* @: Q
from .project import *5 ^, a( ~/ d. G# o
2.4 定义DRF的serializers
8 l3 c% j8 i; M- R9 xjumpserver/apps/assets/serializers/project.py
) n9 ~0 v0 k9 A! A X0 A' _9 R/ Q/ d& Q# G
# J) V- y2 f( X: P7 s( d. h
- x% E, h" u4 Z
from rest_framework_bulk import BulkListSerializer, BulkSerializerMixin
8 j; M7 ?+ @* f% {+ \* S& Xfrom rest_framework import serializers* ~7 S; d6 d/ X- t q0 V
from ..models import Project, Asset2 Q0 O1 K$ o( A# b+ k0 B
1 x9 y. N. e; L' v* `
" L% _& J( T+ j2 D1 p
class ProjectSerializer(serializers.ModelSerializer):2 k- D! U: X. C7 D2 A+ Z5 ]* F" S
asset_count = serializers.SerializerMethodField() \4 Y8 Y9 p$ @& e
& c' D5 b' |8 j2 _. k/ k
class Meta:
. i I1 I, F- } d" Q9 j0 p$ G model = Project: X: F) Y" z9 y+ u' A+ g
fields = '__all__'9 ^1 {$ o3 ^6 h2 z& l
1 [4 u6 m9 ?0 C @staticmethod
7 o8 r5 ?6 ^3 [/ E; ~2 |+ y8 Y2 x/ D def get_asset_count(obj):; d1 t4 a( G9 B/ U: y1 u5 Q
return obj.assets.count()2 Q3 `8 Y4 z/ G( b! d1 c) p
; u$ L3 ^, Z& ?# m, b3 c s
8 _7 i# C; R+ T8 j- k s. k8 J9 L3 Uclass ProjectAssetsSerializer(serializers.ModelSerializer): a1 r( U% P5 s& l# Y) v! X
class Meta:
; K6 ?: E6 `8 ?0 r! ^ fields = ['id', 'name', 'port']
+ C0 M+ I2 ?! y6 x0 f4 T" _ model = Project
4 C0 g! P' I I! S& y0 u0 P3 E4 e! u% l! t# q; Y |( ?" S
def get_field_names(self, declared_fields, info):
9 O9 z: `0 F( g- @ fields = super().get_field_names(declared_fields, info)
8 U2 K5 {! G9 t fields.extend([
. N. D# K- p8 W2 M( r& B: i8 e 'all_assets_ip'
& r' F E0 L: ?3 j" ]4 M ])
$ e4 w" P) l: L7 Q: X( I& _; q6 J4 ` return fields
5 y& R5 D3 \; v w9 Q+ o. q- L4 g3 V6 d" {! D: K
* c; u; y% l- x, B: X/ Uclass ProjectUpdateSerializer(serializers.ModelSerializer):- n& [, j- W( _+ W
"""update the project, and add or delete the asset to the project"""
" x' N( {0 y8 [. f# H: ` assets = serializers.PrimaryKeyRelatedField(many=True, queryset=Asset.objects.all())
0 I- {3 n6 r( ^6 p+ j* }" s3 A' E, u0 O4 m5 X- M1 J
class Meta:
% [9 k% M _4 M4 |/ N model = Project
; Q1 @% s: f3 K% i fields = ['id', 'assets']
$ r6 E6 S7 G/ c% l8 e+ w- N; [% G- y' D7 O7 o4 f
) U; T1 [3 ]2 U" `7 t4 ~
class AssetUpdateProjectSerializer(serializers.ModelSerializer):
6 [1 d. c/ ~$ G; z/ x projects = serializers.PrimaryKeyRelatedField(many=True, queryset=Project.objects.all())2 L: l. d- v* ?7 z" V F
8 g: p1 ~9 h o* q* o/ B; F4 E class Meta:& {! B# F7 v% n! Q& S) i( u
model = Asset
$ L* c7 a. v! i# H: m fields = ['id', 'projects']( F7 i8 q! K, {, ?! b
2.5 增加URl支持& l" U K% f8 Z; J4 v
/jumpserver/apps/assets/urls/api_urls.py' m5 ?$ Q" T+ M2 Z/ k- J3 e8 K
' W m& ], ?$ e4 I+ s+ O/ P: v3 c% V3 J8 q9 b
; q) F: S! s/ [& K( ~router.register(r'projects', api.ProjectViewSet, 'project')
( ?# C. |. \' C9 L5 h3 drouter.register(r'projects-assets', api.ProjectAssetsViewSet, 'project-assets-view')! ]0 ?0 p5 C0 B
$ E" ~# [: }; x. l' a' z& G# urlpatterns 增加:2 \% `2 U# g3 S& T' W7 X
path(r'assets/<uuid:pk>/projects/',
( i3 J1 d7 i* V0 A4 p2 d* ]3 { api.AssetUpdateProjectApi.as_view(), name='asset-update-project'),7 B" F7 |) m/ d% \/ w0 W' o( X
path(r'projects/<uuid:pk>/assets/',+ K. a+ Q" M. Z( y: j. n' @3 C5 I
api.ProjectUpdateApi.as_view(), name='project-update-assets'),
. f% G+ P# X) F0 x path('project/<uuid:pk>/assets/',2 f% f# k* v5 [
api.ProjectAssetsListView.as_view(), name='project-assets'),' a$ }6 |: R8 r: o6 Y
API到这里基本写完了,至于前端的一些,都是调用这些api,进行增删改查操作,详情见github
7 q. v. W2 ^3 X9 M: T
9 v' [ Q: P- I* N- q3 数据库迁移
6 |# C# l- o' w定义了模型以后,需要执行migrate命令进行数据库变更,省了自己执行sql+ i9 @5 r* b9 J9 y& @
% z. v5 o$ |/ V& z% k Y3 J
% r# f* G5 `5 f1 s# K4 j$ L
b( i/ R! e. h2 t" P! s% J
cd jumpserver/utils8 d+ h$ G( S: z- T4 i; x1 d
bash make_migrations.sh
% ~7 w) {3 j6 L+ T4 国际化
7 {0 N5 l" S. V4 {1 ^ M. Y( o因为我们定义的好多变量都是英文的,这里可以通过国际化手段支持中英文! Y# Z5 p J$ ]$ W. P7 [7 ^! Z
7 f- `5 p5 {. u8 F" S7 ^+ ~' D& s9 K" X: @$ L7 x, @
& H, `: b# |' u! K& d# 先执行
, N! w. k+ g4 V! \7 @: Ucd jumpserver/apps+ \# ~$ l5 f3 s9 Q" W7 {
python manage.py makemessages -l zh
6 I; `" R- b% V# 修改jumpserver/apps/locale/zh/LC_MESSAGES/django.po 的中英文对应
/ U1 @1 S. o. b( R' ]vim jumpserver/apps/locale/zh/LC_MESSAGES/django.po3 U0 V A+ S5 B4 E
# 修改完成后生效,完全生效需要服务重启% r5 y# f) G) w+ b6 |) O
python manage.py compilemessages
2 o4 o/ p" U5 Y. ?5 g! U, `6 C3 |& W7 g' E! [9 Q+ }1 ?
6 U) b4 ]5 H+ J3 d, W, y) M5 l# V
( L1 w' ?; A! n; |; a# T( n
|
|
发表于 2023-3-23 17:00:05