init

2026-01-04 18:58:20 +08:00 · 2026-01-04 18:58:20 +08:00 · b135ed7476
commit b135ed7476
parent 78d7645a8b
7 changed files with 475 additions and 0 deletions
--- a/.env
+++ b/.env
@ -0,0 +1,4 @@
+FLASK_ENV=development
+DATABASE_URL=mysql+pymysql://username:password@localhost:3306/ip_ops
+AWS_CONFIG_PATH=config/accounts.yaml
+IP_RETRY_LIMIT=5
--- a/app.py
+++ b/app.py
@ -0,0 +1,74 @@
+import os
+from typing import Dict
+
+from dotenv import load_dotenv
+from flask import Flask, jsonify, render_template, request
+
+from aws_service import (
+    AWSOperationError,
+    ConfigError,
+    AccountConfig,
+    load_account_configs,
+    replace_instance_ip,
+)
+from db import init_db, load_disallowed_ips
+
+
+load_dotenv()
+
+app = Flask(__name__)
+
+
+def load_configs() -> Dict[str, AccountConfig]:
+    config_path = os.getenv("AWS_CONFIG_PATH", "config/accounts.yaml")
+    return load_account_configs(config_path)
+
+
+try:
+    account_configs = load_configs()
+    init_error = ""
+except ConfigError as exc:
+    account_configs = {}
+    init_error = str(exc)
+
+retry_limit = int(os.getenv("IP_RETRY_LIMIT", "5"))
+
+try:
+    init_db()
+    db_error = ""
+except Exception as exc:  # noqa: BLE001 - surface DB connection issues to UI
+    db_error = f"数据库初始化失败: {exc}"
+
+
+@app.route("/", methods=["GET"])
+def index():
+    if init_error or db_error:
+        return render_template("index.html", accounts=[], init_error=init_error or db_error)
+    return render_template("index.html", accounts=account_configs.values(), init_error="")
+
+
+@app.route("/replace_ip", methods=["POST"])
+def replace_ip():
+    if init_error or db_error:
+        return jsonify({"error": init_error or db_error}), 500
+
+    ip_to_replace = request.form.get("ip_to_replace", "").strip()
+    account_name = request.form.get("account_name", "").strip()
+
+    if not ip_to_replace:
+        return jsonify({"error": "请输入要替换的IP"}), 400
+    if account_name not in account_configs:
+        return jsonify({"error": "无效的账户选择"}), 400
+
+    disallowed = load_disallowed_ips()
+    account = account_configs[account_name]
+    try:
+        result = replace_instance_ip(ip_to_replace, account, disallowed, retry_limit)
+    except AWSOperationError as exc:
+        return jsonify({"error": str(exc)}), 400
+
+    return jsonify(result), 200
+
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0", port=5000, debug=True)
--- a/aws_service.py
+++ b/aws_service.py
@ -0,0 +1,158 @@
+import os
+from dataclasses import dataclass
+from typing import Dict, List, Optional
+
+import boto3
+from botocore.exceptions import BotoCoreError, ClientError
+import yaml
+
+
+class ConfigError(Exception):
+    pass
+
+
+class AWSOperationError(Exception):
+    pass
+
+
+@dataclass
+class AccountConfig:
+    name: str
+    region: str
+    access_key_id: str
+    secret_access_key: str
+    ami_id: str
+    instance_type: str
+    subnet_id: str
+    security_group_ids: List[str]
+    key_name: Optional[str] = None
+
+
+def load_account_configs(path: str) -> Dict[str, AccountConfig]:
+    if not os.path.exists(path):
+        raise ConfigError(f"Config file not found at {path}")
+    with open(path, "r", encoding="utf-8") as f:
+        data = yaml.safe_load(f)
+    if not data or "accounts" not in data:
+        raise ConfigError("accounts.yaml missing 'accounts' list")
+    accounts = {}
+    for item in data["accounts"]:
+        cfg = AccountConfig(
+            name=item["name"],
+            region=item["region"],
+            access_key_id=item["access_key_id"],
+            secret_access_key=item["secret_access_key"],
+            ami_id=item["ami_id"],
+            instance_type=item["instance_type"],
+            subnet_id=item["subnet_id"],
+            security_group_ids=item.get("security_group_ids", []),
+            key_name=item.get("key_name"),
+        )
+        accounts[cfg.name] = cfg
+    return accounts
+
+
+def ec2_client(account: AccountConfig):
+    return boto3.client(
+        "ec2",
+        region_name=account.region,
+        aws_access_key_id=account.access_key_id,
+        aws_secret_access_key=account.secret_access_key,
+    )
+
+
+def _find_instance_id_by_ip(client, ip: str) -> Optional[str]:
+    filters = [
+        {"Name": "instance-state-name", "Values": ["pending", "running", "stopping", "stopped"]},
+    ]
+    for field in ["ip-address", "private-ip-address"]:
+        try:
+            resp = client.describe_instances(Filters=filters + [{"Name": field, "Values": [ip]}])
+        except (ClientError, BotoCoreError) as exc:
+            raise AWSOperationError(f"Failed to describe instances: {exc}") from exc
+
+        for reservation in resp.get("Reservations", []):
+            for instance in reservation.get("Instances", []):
+                return instance["InstanceId"]
+    return None
+
+
+def _wait_for_state(client, instance_id: str, waiter_name: str) -> None:
+    waiter = client.get_waiter(waiter_name)
+    waiter.wait(InstanceIds=[instance_id])
+
+
+def _terminate_instance(client, instance_id: str) -> None:
+    try:
+        client.terminate_instances(InstanceIds=[instance_id])
+        _wait_for_state(client, instance_id, "instance_terminated")
+    except (ClientError, BotoCoreError) as exc:
+        raise AWSOperationError(f"Failed to terminate instance {instance_id}: {exc}") from exc
+
+
+def _provision_instance(client, account: AccountConfig) -> str:
+    try:
+        params = {
+            "ImageId": account.ami_id,
+            "InstanceType": account.instance_type,
+            "MinCount": 1,
+            "MaxCount": 1,
+            "SubnetId": account.subnet_id,
+            "SecurityGroupIds": account.security_group_ids,
+        }
+        if account.key_name:
+            params["KeyName"] = account.key_name
+        resp = client.run_instances(**params)
+        instance_id = resp["Instances"][0]["InstanceId"]
+        _wait_for_state(client, instance_id, "instance_running")
+        return instance_id
+    except (ClientError, BotoCoreError) as exc:
+        raise AWSOperationError(f"Failed to create instance: {exc}") from exc
+
+
+def _get_public_ip(client, instance_id: str) -> str:
+    try:
+        resp = client.describe_instances(InstanceIds=[instance_id])
+        reservations = resp.get("Reservations", [])
+        if not reservations:
+            raise AWSOperationError("Instance not found when reading IP")
+        instance = reservations[0]["Instances"][0]
+        return instance.get("PublicIpAddress") or ""
+    except (ClientError, BotoCoreError) as exc:
+        raise AWSOperationError(f"Failed to fetch public IP: {exc}") from exc
+
+
+def _recycle_ip_until_free(client, instance_id: str, banned_ips: set[str], retry_limit: int) -> str:
+    attempts = 0
+    while attempts < retry_limit:
+        current_ip = _get_public_ip(client, instance_id)
+        if current_ip and current_ip not in banned_ips:
+            return current_ip
+        try:
+            client.stop_instances(InstanceIds=[instance_id])
+            _wait_for_state(client, instance_id, "instance_stopped")
+            client.start_instances(InstanceIds=[instance_id])
+            _wait_for_state(client, instance_id, "instance_running")
+        except (ClientError, BotoCoreError) as exc:
+            raise AWSOperationError(f"Failed while cycling IP: {exc}") from exc
+        attempts += 1
+    raise AWSOperationError("Reached retry limit while attempting to obtain a free IP")
+
+
+def replace_instance_ip(
+    ip: str, account: AccountConfig, disallowed_ips: set[str], retry_limit: int = 5
+) -> Dict[str, str]:
+    client = ec2_client(account)
+    instance_id = _find_instance_id_by_ip(client, ip)
+    if not instance_id:
+        raise AWSOperationError(f"No instance found with IP {ip}")
+
+    _terminate_instance(client, instance_id)
+    new_instance_id = _provision_instance(client, account)
+
+    new_ip = _recycle_ip_until_free(client, new_instance_id, disallowed_ips, retry_limit)
+    return {
+        "terminated_instance_id": instance_id,
+        "new_instance_id": new_instance_id,
+        "new_ip": new_ip,
+    }
--- a/config/accounts.yaml
+++ b/config/accounts.yaml
@ -0,0 +1,20 @@
+accounts:
+  - name: 91-500f
+    region: us-east-1
+    access_key_id: AKIASAZ4PZBSBRYB7WFJ
+    secret_access_key: 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
+    ami_id: ami-xxxxxxxx
+    instance_type: t3.micro
+    subnet_id: subnet-xxxxxxxx
+    security_group_ids:
+      - sg-xxxxxxxx
+    key_name: optional-keypair-name
+  - name: account-two
+    region: us-west-2
+    access_key_id: YOUR_ACCESS_KEY_ID
+    secret_access_key: YOUR_SECRET_ACCESS_KEY
+    ami_id: ami-yyyyyyyy
+    instance_type: t3.micro
+    subnet_id: subnet-yyyyyyyy
+    security_group_ids:
+      - sg-yyyyyyyy
--- a/db.py
+++ b/db.py
@ -0,0 +1,44 @@
+import os
+from contextlib import contextmanager
+from typing import Iterable
+
+from sqlalchemy import Column, Integer, String, create_engine, select
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.orm import declarative_base, sessionmaker
+
+DATABASE_URL = os.getenv("DATABASE_URL", "mysql+pymysql://ec2_mt5:8FmzXj4xcz3AiH2R@163.123.183.106:3306/ip_ops")
+
+engine = create_engine(DATABASE_URL, pool_pre_ping=True)
+SessionLocal = sessionmaker(bind=engine, autoflush=False, autocommit=False)
+Base = declarative_base()
+
+
+class IPOperation(Base):
+    __tablename__ = "ip_operations"
+
+    id = Column(Integer, primary_key=True, autoincrement=True)
+    ip_address = Column(String(64), unique=True, nullable=False, index=True)
+    note = Column(String(255), nullable=True)
+
+
+def init_db() -> None:
+    Base.metadata.create_all(bind=engine)
+
+
+@contextmanager
+def db_session():
+    session = SessionLocal()
+    try:
+        yield session
+        session.commit()
+    except SQLAlchemyError:
+        session.rollback()
+        raise
+    finally:
+        session.close()
+
+
+def load_disallowed_ips() -> set[str]:
+    with db_session() as session:
+        rows: Iterable[IPOperation] = session.scalars(select(IPOperation.ip_address))
+        return {row for row in rows}
--- a/requirements.txt
+++ b/requirements.txt
@ -0,0 +1,5 @@
+Flask==3.0.2
+boto3==1.34.14
+PyMySQL==1.1.0
+SQLAlchemy==2.0.25
+python-dotenv==1.0.1
--- a/templates/index.html
+++ b/templates/index.html
@ -0,0 +1,170 @@
+<!doctype html>
+<html lang="zh-CN">
+<head>
+    <meta charset="utf-8">
+    <title>AWS IP 替换工具</title>
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <style>
+        :root {
+            --bg: linear-gradient(135deg, #0f172a, #1e293b);
+            --card: #0b1224;
+            --accent: #22d3ee;
+            --accent-2: #a855f7;
+            --text: #e2e8f0;
+            --muted: #94a3b8;
+            --danger: #f87171;
+        }
+        * { box-sizing: border-box; }
+        body {
+            margin: 0;
+            min-height: 100vh;
+            font-family: "Segoe UI", "Helvetica Neue", Arial, sans-serif;
+            background: var(--bg);
+            color: var(--text);
+            display: flex;
+            align-items: center;
+            justify-content: center;
+            padding: 32px;
+        }
+        .shell {
+            width: 100%;
+            max-width: 760px;
+            background: var(--card);
+            border: 1px solid rgba(255, 255, 255, 0.08);
+            border-radius: 14px;
+            padding: 28px;
+            box-shadow: 0 25px 60px rgba(0, 0, 0, 0.45);
+        }
+        h1 {
+            margin: 0 0 6px;
+            letter-spacing: 0.8px;
+        }
+        p.lead {
+            margin: 0 0 18px;
+            color: var(--muted);
+        }
+        label {
+            display: block;
+            font-weight: 600;
+            margin-bottom: 6px;
+            color: #cbd5e1;
+        }
+        input, select, button {
+            width: 100%;
+            padding: 12px 14px;
+            border-radius: 10px;
+            border: 1px solid rgba(255, 255, 255, 0.08);
+            background: rgba(255, 255, 255, 0.04);
+            color: var(--text);
+            font-size: 15px;
+            outline: none;
+            transition: border-color 0.2s ease, transform 0.1s ease;
+        }
+        input:focus, select:focus {
+            border-color: var(--accent);
+            transform: translateY(-1px);
+        }
+        button {
+            cursor: pointer;
+            background: linear-gradient(135deg, var(--accent), var(--accent-2));
+            font-weight: 700;
+            text-transform: uppercase;
+            letter-spacing: 0.6px;
+            border: none;
+            margin-top: 16px;
+        }
+        button:disabled { opacity: 0.6; cursor: not-allowed; }
+        .field { margin-bottom: 16px; }
+        .status {
+            margin-top: 14px;
+            padding: 14px;
+            border-radius: 10px;
+            background: rgba(255, 255, 255, 0.04);
+            border: 1px solid rgba(255, 255, 255, 0.08);
+        }
+        .status.error { border-color: rgba(248, 113, 113, 0.5); color: var(--danger); }
+        .mono { font-family: "SFMono-Regular", Consolas, "Liberation Mono", monospace; }
+        .badge {
+            display: inline-block;
+            padding: 2px 8px;
+            background: rgba(255, 255, 255, 0.08);
+            border-radius: 999px;
+            margin-right: 6px;
+            font-size: 12px;
+        }
+        .muted { color: var(--muted); }
+        .grid { display: grid; gap: 12px; }
+        @media (max-width: 600px) {
+            .shell { padding: 20px; }
+        }
+    </style>
+</head>
+<body>
+<div class="shell">
+    <h1>AWS IP 替换</h1>
+    <p class="lead">通过输入现有服务器 IP，自动销毁实例并用指定 AMI 创建新实例，确保新 IP 不在运维表。</p>
+
+    {% if init_error %}
+        <div class="status error">配置加载失败：{{ init_error }}</div>
+    {% endif %}
+
+    <form id="replace-form" class="grid">
+        <div class="field">
+            <label for="ip_to_replace">当前 IP</label>
+            <input id="ip_to_replace" name="ip_to_replace" type="text" placeholder="例如：54.12.34.56 或 10.0.1.23" required>
+        </div>
+        <div class="field">
+            <label for="account_name">AWS 账户</label>
+            <select id="account_name" name="account_name" required>
+                {% for account in accounts %}
+                    <option value="{{ account.name }}">{{ account.name }} ({{ account.region }})</option>
+                {% endfor %}
+            </select>
+            <div class="muted" style="margin-top:6px;">账户、AMI、实例类型等从 <span class="mono">config/accounts.yaml</span> 读取。</div>
+        </div>
+        <button type="submit" id="submit-btn">开始替换</button>
+    </form>
+
+    <div id="status-box" class="status" style="display:none;"></div>
+</div>
+
+<script>
+    const form = document.getElementById('replace-form');
+    const statusBox = document.getElementById('status-box');
+    const submitBtn = document.getElementById('submit-btn');
+
+    function setStatus(message, isError = false) {
+        statusBox.style.display = 'block';
+        statusBox.className = 'status' + (isError ? ' error' : '');
+        statusBox.innerHTML = message;
+    }
+
+    form.addEventListener('submit', async (e) => {
+        e.preventDefault();
+        submitBtn.disabled = true;
+        setStatus('正在执行，请稍候...');
+
+        const formData = new FormData(form);
+        try {
+            const resp = await fetch('/replace_ip', {
+                method: 'POST',
+                body: formData,
+            });
+            const data = await resp.json();
+            if (!resp.ok) {
+                throw new Error(data.error || '请求失败');
+            }
+            setStatus(
+                `<div><span class="badge">旧实例</span><span class="mono">${data.terminated_instance_id}</span></div>` +
+                `<div><span class="badge">新实例</span><span class="mono">${data.new_instance_id}</span></div>` +
+                `<div><span class="badge">新 IP</span><span class="mono">${data.new_ip}</span></div>`
+            );
+        } catch (err) {
+            setStatus(err.message, true);
+        } finally {
+            submitBtn.disabled = false;
+        }
+    });
+</script>
+</body>
+</html>