#! /usr/bin/env python
# -*- coding:utf-8 -*-
# Author:Zheng
import requests
import sys
import json
import urllib3
import asyncio
import netdev
import subprocess
urllib3.disable_warnings()
class H3C_Jumpserver:
def get_token(self):
#获取token
url = 'https://10.0.6.135/webui/api/authenticate'
data={'username':'admin','password':'admin'}
#需要上传堡垒机账号的用户密码
headers = {"Content-Type": "application/json;charset=utf-8"}
response = requests.post(url, data=json.dumps(data), headers=headers,verify=False)
if response.status_code in [200,201] and response:
return json.loads(response.text)['ST_AUTH_TOKEN']
else:
print("获取token失败")
sys.exit()
def get_department(self):
#这个是获取部门id的
url = 'http://10.0.6.135/webui/api/department'
headers={"st-auth-token":self.get_token()}
response = requests.get(url, headers=headers, verify=False)
if response.status_code !=200:
return 'error'
else:
return json.loads(response.text)
def get_resGroup(self):
#这个是获取资产组的的id
url = 'https://10.0.6.135/webui/api/resGroup?page=0&size=1000'
headers = {"st-auth-token": self.get_token()}
#data={'page':0,'size':1000}
response = requests.get(url, headers=headers, verify=False)
if response.status_code != 200:
return 'error'
else:
return json.loads(response.text)['content']
def creat_resGroup(self,resGroup):
#创建资产组
url = 'http://10.0.6.135/webui/api/resGroup'
headers = {"st-auth-token": self.get_token()}
data={
"name": resGroup,
"department": {"id" : 1},
}
response = requests.post(url, headers=headers, data=data, verify=False)
print(response.text)
print(response.status_code)
def create_dev(self,dev_name,ip,dev_type,sysType,resGroups,username,password,priv="false"):
#添加资产
create_url = 'https://10.0.6.135/webui/api/dev'
create_headers = {"st-auth-token": self.get_token(),
"Content-Type": "application/json",'charset':"utf-8"
}
print(create_headers)
create_data={
"name":dev_name,
"ip":ip,
'type':dev_type,
#type 是资产类别,类型为Number ,可选值:0 为主机, 1 为网络, 2 数据库, 3 应用系统。
'sysType':sysType,
#sysType是资产类型,类型为Object,格式"{"id":1},主机有Linux:1, Windows:2,Cisco :5,Huawei :6,
# Juniper NetScreen:7,H3C:8,,General Network: 9。
'resGroups':resGroups,
#资产组列表,列表内容为资产组的对象列表,例如:"resGroups":[{"id":1},{"id":2}]。
"department": {"id" : 1},
#这个是部门的ID,如果没有太多需求,就使用1就可以了,就是默认的部门,如果有部门的需求,可以使用get_department获取部门 ID
'charset':'UTF-8'
}
create_response = requests.post(create_url, headers=create_headers, data=json.dumps(create_data), verify=False)
if create_response.status_code in [400,401,404] :
if json.loads(create_response.text)[0]['code']=='Duplicate':
print('%s %s已经存在!'%(dev_name,ip))
elif json.loads(create_response.text)[0]['code']=='size':
print(('%s %s字符串超过最大长度!'%(dev_name,ip)))
elif json.loads(create_response.text)[0]['code']=='Conflict':
print(('%s %s提交的请求数据,在系统中存在冲突!' % (dev_name, ip)))
elif create_response.status_code in [200,201]:
print('%s %s设备添加成功!'%(dev_name,ip))
res=self.changeAccount(json.loads(create_response.text),username,password)
if res =="success":
print("%s添加账号%s成功."%(dev_name,username))
else:
print("%s添加账号%s失败." % (dev_name, username))
def changeAccount(self,dev_id,username,password):
#更改设备的管理账户密码,如果不存在的话,则是给该资产添加此账户密码
url="https://10.0.6.135/webui/api/dev/changeAccount/%s"%dev_id
headers = {"st-auth-token": self.get_token(),"Content-Type": "application/json;charset=utf-8"}
data={
"name": username,
"password": password,
}
response = requests.put(url, headers=headers, data= json.dumps(data), verify=False)
if response.status_code in [200,201,204]:
return "success"
else:
return 'error'
def get_dev(self,id):
#获取设备的id
url = 'https://10.0.6.135/webui/api/dev/%s'%id
headers = {"st-auth-token": self.get_token()}
response = requests.get(url, headers=headers,verify=False)
if response.status_code != 200:
return 'error'
else:
return json.loads(response.content)
async def get_ip(dev):
#获取H3C网络设备的名称
async with netdev.create(**dev) as ios:
commands = 'dis cu | in sysname'
out = await ios.send_command(commands)
out=out.split()[1]
#print(out)
return out
async def run(ip_addr):
#通过异步城区,创建要登陆的设备列表
dev_dict={}
try:
dev1 = {'username': 'admin',
'password': 'admin', # 填写你的交换机密码
'device_type': 'hp_comware', # 华为 华三测试用这个type,因为没有huawei huasan关键字的type,netdev目前2020年仅支持它罗列的操作系统
'host': ip_addr
}
devname = await get_ip(dev1)
dev_dict[devname]=ip_addr
return dev_dict
except Exception as e:
print("error")
def get_dev(ip_list):
#获取所有可以登录设备的设备名和IP
tasks=[]
#ip_list=['42.236.77.2','42.236.77.6','111.51.8.1','111.51.8.0']
loop=asyncio.get_event_loop()
for ip in ip_list:
task = asyncio.ensure_future(run(ip))
tasks.append(task)
result = loop.run_until_complete(asyncio.gather(*tasks))
return result
if __name__ == '__main__':
ip_range = input("请输入起始IP地址eg:1.1.1.1/1.1.1.10:")
#输入要纳管设备的地址段,输入开始结束地址即可,这样会通过fping进行批量ping,获取可以ping通的地址列表
if ip_range:
ip_start, ip_end = ip_range.split("/")[0], ip_range.split("/")[1]
cmd = r'C:\Windows\System32\fping -g %s /%s -t 1' % (ip_start, ip_end)
#此处需要再windows/system32下安装fping的软件
# fping结果输出
res = subprocess.Popen(cmd, stdout=subprocess.PIPE).stdout.readlines()
print(cmd)
res = subprocess.Popen(cmd, stdout=subprocess.PIPE).stdout.readlines()
ip_alive = []
print(res)
for line in res:
if 'from' in line.decode(encoding='utf-8'):
ip_alive.append(line.decode(encoding='utf-8').split()[2].rstrip(':'))
#得到可以ping通的地址列表
dev_list=get_dev(ip_alive)
#获取可以登录的设备的列表,不能登录的,会写成None
Jumpserver=H3C_Jumpserver()
for dev in dev_list:
if dev !=None:
(key, value), = dev.items()
#key,value就是可能录设备的设备名称和ip地址
Jumpserver.create_dev(key,value,1,{"id":8},[{"id":5}],"admin","admin")
结果:
配套Fping 软件下载地址
https://download.csdn.net/download/weixin_43089784/85056204
下载后安装位置:C:\Windows\System32
添加其他厂商设备和Linux设备案例参考链接:
https://blog.csdn.net/weixin_43089784/article/details/123850861?spm=1001.2014.3001.5502