「Python3」实现获取aws实例信息导入jumpserver --整理版又来了

「Python3」实现获取aws实例信息导入jumpserver --整理版又来了

五月 16, 2019
  1. 此脚本的作用是获取aws备注信息写入jumpserver的备注信息中
  2. 秘钥节点信息请修改credentials.ini配置文件,修改下面region支持不同的地区
  3. 更新新增加的资产不需要删除直接导入,更新现有的资产信息需要先删除jumpserver中现有的资产,删除操作执行方式打开register_ec2函数中的delete
  4. 导入时先执行导入service_data(即先导入服务器的资产)再执行导入全部,执行方式打开main里的service_data
  5. 原因还是因为3,已经存在资产不能再次导入,如果先导入全部,再执行导入服务器资会导致分组失败

说明:工作需求,线上服务器几百台,手动写到jumpserver里不现实,这个脚本是使用AWS的SDK和jumpserver的SDK、RESTAPI实现从aws获取实例的信息然后自动导入jumpserver,因为jumpserver已经导入的实例存在唯一的UUID,所以重复导入会有问题,要先删除原来的实例才能重新导入,(jumpserver应该也支持更新的实例信息的接口,需要信息为list,有时间再继续研究)
第一个是配置文件,将aws和jumpserver需要的秘钥信息提取到了一个文件里,通过第二个脚本读取获取认证信息
整理版将脚本中的变量信息都提取到了配置文件中,方便更改

配置信息[region] 通过更改region来实现支持不同的地区:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
[dev]
aws_access_key_id=XXX
aws_secret_access_key=XXX
aws_region=XXX

[aws_cn]
aws_access_key_id=XXX
aws_secret_access_key=XXX
aws_region=XXX

[aws_ko]
aws_access_key_id = XXX
aws_secret_access_key = XXX
aws_region = XXX

[jms_cn]
jms_server = http://XX.XX.XX.XX
jms_port = XX
jms_username = XX
jms_password = XX
jms_user = XX
jms_dev_node = XX
jms_default_node = XX

执行时更改要执行的地区region、aws_local信息,打开register函数:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
import configparser
import boto3
from jms import service
import requests
import json
import uuid
from pprint import pprint

cfg = configparser.ConfigParser()
cfg.read('credentials.ini')
region = 'jms_cn'
jump_service = service.UserService(endpoint=cfg.get(region,'jms_server'))
jump_service.login(username=cfg.get(region,'jms_username'),password=cfg.get(region,'jms_password'),pubkey=None)
jump_endpoint = cfg.get(region, 'jms_server')
admin = cfg.get(region,'jms_username')
passowrd = cfg.get(region,'jms_password')
jump_user = cfg.get(region,'jms_user')
jump_dev_node_name = cfg.get(region,'jms_dev_node')
jump_default_node_name = cfg.get(region,'jms_default_node')
# assents = jump_service.get_assets()

def get_aws_info(local,default_node_uuid):
    session = boto3.session.Session(aws_access_key_id=cfg.get(local, 'aws_access_key_id'), aws_secret_access_key=cfg.get(local,'aws_secret_access_key'), region_name=cfg.get(local,'aws_region'))
    ec2_resource = session.resource('ec2')
    ec2_list = []
    admin_user_uuid = get_user_info()
    for instance in ec2_resource.instances.all():
        ec2_server = {}
        ec2_Name_index = [i for i, x in enumerate(instance.tags) if x['Key'].find('Name') == 0]
    # print(ec2_Name_index)
    # name = []
    # for i, x in enumerate(instance.tags):
    #     if x['Key'].find('Name') == 0:
    #         name.append(i)
    #         print(name)
        ec2_Service_index = [i for i, x in enumerate(instance.tags) if x['Key'].find('Service') == 0]
    #   ec2_server['id'] = instance.id
        ec2_server['id'] = str(uuid.uuid3(uuid.NAMESPACE_DNS, instance.id))
        ec2_server['ip'] = instance.private_ip_address
        ec2_server['hostname'] = instance.tags[ec2_Name_index[0]]['Value']
        ec2_server['protocol'] = 'ssh'
        ec2_server['port'] = '22'
        ec2_server['platform'] = 'Linux'
        ec2_server['is_active'] = 'true'
        ec2_server['comment'] = instance.tags[ec2_Service_index[0]]['Value']
        ec2_server['admin_user'] = admin_user_uuid
        ec2_server['nodes'] = [default_node_uuid]
        ec2_server['org_name'] = 'DEFAULT'
        ec2_list.append(ec2_server)
    return ec2_list

def services_list_info(default_node_uuid):
    service_list = []
    for j in range(len(ec2_list)):
        if ec2_list[j]['hostname'].__contains__('match') or ec2_list[j]['hostname'].__contains__('multiplay') or \
                ec2_list[j]['hostname'].__contains__('crossservice') or ec2_list[j]['hostname'].__contains__('auth') or \
                ec2_list[j]['hostname'].__contains__('gamex') or ec2_list[j]['hostname'].__contains__('pay') or \
                ec2_list[j]['hostname'].__contains__('gatex') or ec2_list[j]['hostname'].__contains__('crossall'):
            service_list.append(ec2_list[j])
    service_node_list = []
    for k in service_list:
        node_server = {}
        node_server['id'] = k['id']
        node_server['ip'] = k['ip']
        node_server['hostname'] = k['hostname']
        node_server['protocol'] = k['protocol']
        node_server['port'] = k['port']
        node_server['platform'] = k['platform']
        node_server['is_active'] = 'true'
        node_server['comment'] = k['comment']
        node_server['admin_user'] = k['admin_user']
        node_server['nodes'] = [default_node_uuid]
        node_server['org_name'] = k['org_name']
        service_node_list.append(node_server)
    return service_node_list

def get_token():
    url = '%s/api/users/v1/auth/' % jump_endpoint
    query_args = {
        "username": admin,
        "password": passowrd
    }
    response = requests.post(url, data = query_args)
    return json.loads(response.text)['token']

def get_nodes_info():
    url_nodes = '%s/api/assets/v1/nodes/' % jump_endpoint
    token = get_token()
    header_info = { "Authorization": 'Bearer ' + token }
    response = requests.get(url_nodes, headers=header_info)
#    pprint(json.loads(response.text))
    nodes_info = json.loads(response.text)
    nodes_list = []
    for nodes in nodes_info:
        nodes_server = {}
        nodes_server['id'] = nodes['id']
        nodes_server['value'] = nodes['value']
        nodes_list.append(nodes_server)
    service_node_info = {}
    service = nodes_list[0]['value']
    default = nodes_list[1]['value']
    service_node_info[service] = nodes_list[0]['id']
    service_node_info[default] = nodes_list[1]['id']
    service_node_uuid = service_node_info[jump_dev_node_name]
    default_node_uuid = service_node_info[jump_default_node_name]
    return default_node_uuid,service_node_uuid

def get_user_info():
    url_nodes = '%s/api/assets/v1/admin-user/' % jump_endpoint
    token = get_token()
    header_info = { "Authorization": 'Bearer ' + token }
    response = requests.get(url_nodes, headers=header_info)
    users_info = json.loads(response.text)
    users_server = {}
    for users in users_info:
        users_server[users['name']] = users['id']
    admin_uuid = users_server[jump_user]
    return admin_uuid

def register_ec2(data):
    url = '%s/api/assets/v1/assets/' % jump_endpoint
    token = get_token()
    header_info = {'Content-Type': 'application/json', 'Accept': 'application/json',"Authorization": 'Bearer ' + token}
#    requests.delete(url, headers = header_info, data=json.dumps(data))
    requests.post(url, headers = header_info, data=json.dumps(data))

if __name__ == '__main__':
    get_user_info()
    nodes_list = get_nodes_info()
    default_node_uuid = nodes_list[0]
    service_node_uuid = nodes_list[1]
    aws_local = 'aws_cn'
    ec2_list = get_aws_info(aws_local,default_node_uuid)
    service_list = services_list_info(service_node_uuid)

    for ec2_data in ec2_list:
        print(ec2_data)
        # register_ec2(ec2_data)

    # for service_data in service_list:
    #     print(service_data)
    #     register_ec2(service_data)