Python+Django+Ansible Playbook automation operation and maintenance project practice: Asset Management

Python+Django+Ansible Playbook automation operation and maintenance project practice

1, Asset management, automated discovery and scanning

1. Server asset detection, scanning and discovery

1) Assets under Asset Management:

2) Abstractions and conventions:

2. Probe protocol and module

1) Detection protocol

2) Detection modules and tools

3) nmap tool probe usage

# Ubuntu installation
sudo apt install nmap

# linux Installation
yum install nmap

# python installation
pip install python-nmap ==0.61
# probe ip 192.168.1.155 Is it alive``nmap ``-``n ``-``sP ``-``EP ``192.168``.``1.155` `# probe ip Segment survival ip``nmap ``-``n ``-``sP ``-``EP ``192.168``.``1.155``/``24` `# -EP: the returned data, including ports, are displayed

4) Use of Python nmap module

First, install the python nmap module in the python environment, and then use Python nmap

import nmap

nm = nmap.PortScanner()  # Port service, host scan
nm.scan(hosts='192.168.1.0/24',arguments='-n -sP -PE')   # Scan the hosts network   
nm.all_hosts()  # Only enabled ip addresses can be found in the LAN

Operation results

nm.scan(hosts='192.168.1.0/24',arguments='-n -sP -PE'): 

nm.all_hosts(): 

3. telnet module in python judges ssh service host

1) SSH port survival scan

Judge whether the host list belongs to a Linux server: according to the above - abstraction and convention

① . the ssh service port opened in the system is a Linux server

② . open ssh port range: 222022202

telnet command: judge whether the port is alive

telnet 192.168.1.155 22

Output: linux server

telnetlib module: python module, which comes with python

import telnetlib
tm = telnetlib.Telnet(host='192.168.1.155',port='22',timeout=4)
tm.read_until('\n',timeout=5) #Perform ip port scanning and end when a line break occurs

# Return result:
# 'SSH-2.0-OpenSSH_6.7p1 Raspbian-5+deb8u2\r\n'

# Regular matching to determine whether it is a linux server
import re
re.search('ssh',tm.read_until('\n',timeout=5))  # If True, it is a linux server

Summary:

4. Host login probe

Use a series of authentication methods to cycle SSH login to get the correct login method:

1) Log in to the server using ssh: ssh -l root 192.168.1.155 -p 22, press enter and enter the password as required

sudo apt``-``get install openssh``-``server ``# Ubuntu lower SSH install` `/``etc``/``init.d``/``ssh start  ``# SSH start-up` `ssh ``-``l User name native ip ``-``p port  ``# SSH login

2) Login with secret key and public key

① Edit: vim /etc/ssh/sshd_config

Find the following and confirm that it is enabled:

RSAAuthentication yes # enable user account password login authentication

PubkeyAuthentication yes # enable public and private key login authentication

② . generate public key and secret key for the current user

Execution instruction: SSH KenGen

The system will automatically generate two public / private key files for you, and place them in the path: / home / user /. ssh /. Public key: id_rsa.pub, private key: id_rsa

If: Enter passphrase (empty...) appears, you can ignore it and enter directly

③ , rename, or copy the public key file:

mv id_rsa.pub authorized_keys # rename, must be named authorized_keys, configuration file sshd_config, authorized_ The keys file must be placed in the location of the public key (home / user /. ssh)

④ . ensure the public key file permission 600 (rwx -111:7)

chmod 600 authorized_keys

⑤ copy the private key to your client

If it is linux, put it under the path of home / user /. ssh

5. pexpect and paramiko modules

1)pexpect

① . installation: pip install pexpect

② run() function of pexpect:

Execute the command directly and return the result and status

import pexpectpexpect.run("ls /tmp")  # Execute the command directly and print tmp Files in directory pexpect.run("ls /tmp",withexitstatua=1) #There is a number at the end of the printed data, '0' represents success and '1' represents execution failure 

③ spawn class of pexpect

Start the subroutine and control the subroutine with rich methods:

Class instantiation

Buffer content matching: regular matching, pexpect.EOF, pexpect.TIMEOUT (in regular expression) symbol number stay p e x p e c t in only generation surface Symbols in pexpect only represent Symbols in pexpect only represent symbols and have no other meaning. To represent the end, you can use: \ r\n, for the end of the line)

Send instructions to subroutines

Script simulates ssh login

Terminal session

import pexpect# chk = pexpect.spawn('ls -l /tmp/') # instantiation  ssh_k = pexpect.spawn('ssh root%127.0.0.1 -p22') # instantiation  ssh_k.expect('password:')   # Buffer content matching: it is executed after instantiation to match the execution of subroutines. A result of 0 indicates that the matching is successful

Send command:

send(): add an extra carriage return by default. sendline does not

sendline()

sendcontrol(char): send control character

Script simulates ssh login

  • pexpect realizes ssh automatic user password login
  • pexpect realizes automatic secret key login of ssh
# -*- coding: utf-8 -*-

import pexpect

def login_ssh_passwd(port="",user="",host="",passwd=""):
    '''Functions: for pexepect realization ssh Automated user password login'''

    # print 'ssh -p %s %s@%s' % (port,user, host)
    if  port and user and host and passwd:
        ssh = pexpect.spawn('ssh -p %s %s@%s' % (port,user, host)) # Instantiate spawn
        i = ssh.expect(['password:', 'continue connecting (yes/no)?'], timeout=5) # Execute buffer content matching, first login matching (continue...), non first login matching (password)
        if i == 0 : # Result of parameter 1
            ssh.sendline(passwd) # Match the password and send the password
        elif i == 1: # Result of parameter 2
            ssh.sendline('yes\n')
            ssh.expect('password: ')
            ssh.sendline(passwd)
        index = ssh.expect (["#", pexpect.EOF, pexpect.TIMEOUT])  # Match to'#'indicates the root user

        if index == 0: # root user
            print "logging in as root!"
            ssh.interact()
        elif index == 1: # Error EOF
            print "logging process exit!"
        elif index == 2: # TIMEOUT
            print "logging timeout exit"
    else:
        print "Parameter error!"

def login_ssh_key(keyfile="",user="",host="",port=""):
    '''Functions: for implementing pexepect realization ssh Automated key login for'''

    if  port and user and host and keyfile:
        ssh = pexpect.spawn('ssh -i %s -p %s %s@%s' % (keyfile,port,user, host))
        i = ssh.expect( [pexpect.TIMEOUT,'continue connecting (yes/no)?'], timeout=2)
        # print '...................................',0
        if i == 1: # Indicates the first login
            ssh.sendline('yes\n')
            index = ssh.expect (["#", pexpect.EOF, pexpect.TIMEOUT])
        else: # It's not the first time to log in, even if the safe login is successful
            index = ssh.expect (["#", pexpect.EOF, pexpect.TIMEOUT])
        if index == 0:
            print "logging in as root!"
            ssh.interact()
        elif index == 1:
            print "logging process exit!"
        elif index == 2:
            print "logging timeout exit"
    else:
        print "Parameter error!"

def main():
    '''Main function: realize two ways of login respectively'''
    # login_ssh_passwd(port='22',user='root',host='192.168.1.101',passwd='imooccs')
    login_ssh_key(keyfile="/tmp/id_rsa",port='22',user='root',host='192.168.1.101')


if __name__ == "__main__":
    main()

Session control:

When the script is executed to simulate ssh login, an ssh.interact() method is executed successfully. This is session control. After successful ssh login, you can enter the session terminal to log in to the server

④ Defects in pexpect module

2)paramiko

An SSH Remote secure connection based on python, SSH client module for SSH Remote command execution, file transfer and other functions

paramiko reference: https://www.cnblogs.com/Eric15/articles/9185291.html

① . installation

pip install paramiko  # install

② Realize ssh account and password login

import paramiko
  
# Create SSH object
ssh = paramiko.SSHClient()
# Allow connection not in know_hosts in hosts file
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Connect server
ssh.connect(hostname='c1.salt.com', port=22, username='wupeiqi', password='123')
  
# Execute command
stdin, stdout, stderr = ssh.exec_command('df')
# To obtain the command results, stdin can first input instructions from the remote server (stdin.write(), stdout to obtain the output results of the remote machine, and stderr to receive error messages)
result = stdout.read()
  
# Close connection
ssh.close()

③ . realize the key login of ssh

import paramiko
 
private_key = paramiko.RSAKey.from_private_key_file('/home/auto/.ssh/id_rsa')
 
# Create SSH object
ssh = paramiko.SSHClient()
# Allow connection not in know_hosts in hosts file
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
# Connect server
ssh.connect(hostname='c1.salt.com', port=22, username='wupeiqi', pkey=private_key)
 
# Execute command
stdin, stdout, stderr = ssh.exec_command('df')
# Get command results
result = stdout.read()
 
# Close connection
ssh.close()

⑤ Application and defects of paramiko

6. Obtain host asset information through operating system

1) How to get information by logging in to the system

① What information is obtained through the system

② Why do you want to obtain this information (importance of host asset information and detection object)

  • Asset and equipment identification
  • It is the basic information of assets and the cornerstone of automation platform

Probe host type (probe object): a host entity that is not a docker container type

③ Introduction to linux commands for obtaining information

1. How to obtain host assets (system hostname, system version)

Obtain the system host name: hostname, uname -a, cat /etc/sysconfig/network (the last command, cat is used for centos, not for Ubuntu), etc

Obtain system version: cat /etc/issue, cat / etc / RedHat release, uname, lsb_release

2. Host asset (mac address information) acquisition

linux system: cat /sys/class/net/eht0/adress, ifconfig eth0, ip a

ESXI: esxcfg-vmknic -l

Application:

linux: cat /sys/class/net/[^vtlsb]*/address

ESXI: esxcfg-vmknic -l|awk '{print $8}'|grep ':'

Common to different operating systems: cat / sys / class / net / [^ vtlsb] * / address | esxcfg vmknic - L | awk '{print $8}' | grep ':'

3. Acquisition of host assets (machine model, sn serial number)

Obtain the machine model: dmidecode - s system manufacturer, dmidecode - s system product name

Get sn serial number: dmidecode - s system serial number

7. Read configuration file of yaml project

Configuration file reading: yaml module

It is an intuitive data serialization format that can be recognized by computer, similar to xml. Because it is easy to be parsed, it is applied to the configuration file read by the program in the project

Installation: pip install PyYAML

use:

import yaml

myconf = yaml.load(file('conf/scanhosts.yaml'))
print(myconf['hostsinfo']['nets'])
# Result: [192.168.1]

Reference link:

https://www.cnblogs.com/Eric15/articles/9795725.html

Tags: Python Linux Operation & Maintenance server

Posted on Sat, 20 Nov 2021 08:06:43 -0500 by perrohunter