perf: Ansible playbook

2025-02-18 16:23:26 +08:00 · 2025-02-18 16:23:26 +08:00 · 13e5a03312
parent daea434ce6
commit 13e5a03312
39 changed files with 56 additions and 50 deletions
--- a/apps/accounts/automations/change_secret/database/mongodb/main.yml
+++ b/apps/accounts/automations/change_secret/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test MongoDB connection
--- a/apps/accounts/automations/change_secret/database/mysql/main.yml
+++ b/apps/accounts/automations/change_secret/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    db_name: "{{ jms_asset.spec_info.db_name }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/change_secret/database/oracle/main.yml
+++ b/apps/accounts/automations/change_secret/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oracle
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test Oracle connection
--- a/apps/accounts/automations/change_secret/database/postgresql/main.yml
+++ b/apps/accounts/automations/change_secret/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgre
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/change_secret/database/sqlserver/main.yml
+++ b/apps/accounts/automations/change_secret/database/sqlserver/main.yml
@ -1,7 +1,7 @@
 - hosts: sqlserver
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test SQLServer connection
--- a/apps/accounts/automations/change_secret/host/aix/main.yml
+++ b/apps/accounts/automations/change_secret/host/aix/main.yml
@ -9,7 +9,8 @@
        database: passwd
        key: "{{ account.username }}"
      register: user_info
-      ignore_errors: yes  # 忽略错误，如果用户不存在时不会导致playbook失败
+      failed_when: false
+      changed_when: false

    - name: "Add {{ account.username }} user"
      ansible.builtin.user:
@ -18,10 +19,10 @@
        shell: "{{ params.shell if params.shell | length > 0 else omit }}"
        home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
        groups: "{{ params.groups if params.groups | length > 0 else omit }}"
-        append: yes
+        append: "{{ true if params.groups | length > 0 else false }}"
        expires: -1
        state: present
-      when: user_info.failed
+      when: user_info.msg is defined

    - name: "Set {{ account.username }} sudo setting"
      ansible.builtin.lineinfile:
@ -31,7 +32,7 @@
        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
        validate: visudo -cf %s
      when:
-        - user_info.failed or params.modify_sudo
+        - user_info.msg is defined or params.modify_sudo
        - params.sudo

    - name: "Change {{ account.username }} password"
--- a/apps/accounts/automations/change_secret/host/posix/main.yml
+++ b/apps/accounts/automations/change_secret/host/posix/main.yml
@ -9,7 +9,8 @@
        database: passwd
        key: "{{ account.username }}"
      register: user_info
-      ignore_errors: yes  # 忽略错误，如果用户不存在时不会导致playbook失败
+      failed_when: false
+      changed_when: false

    - name: "Add {{ account.username }} user"
      ansible.builtin.user:
@ -18,10 +19,10 @@
        shell: "{{ params.shell if params.shell | length > 0 else omit }}"
        home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
        groups: "{{ params.groups if params.groups | length > 0 else omit }}"
-        append: yes
+        append: "{{ true if params.groups | length > 0 else false }}"
        expires: -1
        state: present
-      when: user_info.failed
+      when: user_info.msg is defined

    - name: "Set {{ account.username }} sudo setting"
      ansible.builtin.lineinfile:
@ -31,7 +32,7 @@
        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
        validate: visudo -cf %s
      when:
-        - user_info.failed or params.modify_sudo
+        - user_info.msg is defined or params.modify_sudo
        - params.sudo

    - name: "Change {{ account.username }} password"
--- a/apps/accounts/automations/gather_account/database/mongodb/main.yml
+++ b/apps/accounts/automations/gather_account/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Get info
--- a/apps/accounts/automations/gather_account/database/mysql/main.yml
+++ b/apps/accounts/automations/gather_account/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
    ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
--- a/apps/accounts/automations/gather_account/database/oracle/main.yml
+++ b/apps/accounts/automations/gather_account/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oralce
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Get info
--- a/apps/accounts/automations/gather_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/gather_account/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgresql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/gather_account/database/sqlserver/main.yml
+++ b/apps/accounts/automations/gather_account/database/sqlserver/main.yml
@ -1,7 +1,7 @@
 - hosts: sqlserver
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test SQLServer connection
--- a/apps/accounts/automations/push_account/database/mongodb/main.yml
+++ b/apps/accounts/automations/push_account/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test MongoDB connection
--- a/apps/accounts/automations/push_account/database/mysql/main.yml
+++ b/apps/accounts/automations/push_account/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    db_name: "{{ jms_asset.spec_info.db_name }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/push_account/database/oracle/main.yml
+++ b/apps/accounts/automations/push_account/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oracle
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test Oracle connection
--- a/apps/accounts/automations/push_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/push_account/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgre
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/push_account/database/sqlserver/main.yml
+++ b/apps/accounts/automations/push_account/database/sqlserver/main.yml
@ -1,7 +1,7 @@
 - hosts: sqlserver
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test SQLServer connection
--- a/apps/accounts/automations/push_account/host/aix/main.yml
+++ b/apps/accounts/automations/push_account/host/aix/main.yml
@ -9,7 +9,8 @@
        database: passwd
        key: "{{ account.username }}"
      register: user_info
-      ignore_errors: yes  # 忽略错误，如果用户不存在时不会导致playbook失败
+      failed_when: false
+      changed_when: false

    - name: "Add {{ account.username }} user"
      ansible.builtin.user:
@ -18,10 +19,10 @@
        shell: "{{ params.shell if params.shell | length > 0 else omit }}"
        home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
        groups: "{{ params.groups if params.groups | length > 0 else omit }}"
-        append: yes
+        append: "{{ true if params.groups | length > 0 else false }}"
        expires: -1
        state: present
-      when: user_info.failed
+      when: user_info.msg is defined

    - name: "Set {{ account.username }} sudo setting"
      ansible.builtin.lineinfile:
@ -31,7 +32,7 @@
        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
        validate: visudo -cf %s
      when:
-        - user_info.failed or params.modify_sudo
+        - user_info.msg is defined or params.modify_sudo
        - params.sudo

    - name: "Change {{ account.username }} password"
--- a/apps/accounts/automations/push_account/host/posix/main.yml
+++ b/apps/accounts/automations/push_account/host/posix/main.yml
@ -9,7 +9,8 @@
        database: passwd
        key: "{{ account.username }}"
      register: user_info
-      ignore_errors: yes  # 忽略错误，如果用户不存在时不会导致playbook失败
+      failed_when: false
+      changed_when: false

    - name: "Add {{ account.username }} user"
      ansible.builtin.user:
@ -18,10 +19,10 @@
        shell: "{{ params.shell if params.shell | length > 0 else omit }}"
        home: "{{ params.home if params.home | length > 0 else '/home/' + account.username }}"
        groups: "{{ params.groups if params.groups | length > 0 else omit }}"
-        append: yes
+        append: "{{ true if params.groups | length > 0 else false }}"
        expires: -1
        state: present
-      when: user_info.failed
+      when: user_info.msg is defined

    - name: "Set {{ account.username }} sudo setting"
      ansible.builtin.lineinfile:
@ -31,7 +32,7 @@
        line: "{{ account.username + ' ALL=(ALL) NOPASSWD: ' + params.sudo }}"
        validate: visudo -cf %s
      when:
-        - user_info.failed or params.modify_sudo
+        - user_info.msg is defined or params.modify_sudo
        - params.sudo

    - name: "Change {{ account.username }} password"
--- a/apps/accounts/automations/remove_account/database/mongodb/main.yml
+++ b/apps/accounts/automations/remove_account/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: "Remove account"
--- a/apps/accounts/automations/remove_account/database/mysql/main.yml
+++ b/apps/accounts/automations/remove_account/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
    ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
--- a/apps/accounts/automations/remove_account/database/oracle/main.yml
+++ b/apps/accounts/automations/remove_account/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oracle
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: "Remove account"
--- a/apps/accounts/automations/remove_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/remove_account/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgresql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/remove_account/database/sqlserver/main.yml
+++ b/apps/accounts/automations/remove_account/database/sqlserver/main.yml
@ -1,7 +1,7 @@
 - hosts: sqlserver
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: "Remove account"
--- a/apps/accounts/automations/verify_account/database/mongodb/main.yml
+++ b/apps/accounts/automations/verify_account/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Verify account
--- a/apps/accounts/automations/verify_account/database/mysql/main.yml
+++ b/apps/accounts/automations/verify_account/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
    ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
--- a/apps/accounts/automations/verify_account/database/oracle/main.yml
+++ b/apps/accounts/automations/verify_account/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oracle
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Verify account
--- a/apps/accounts/automations/verify_account/database/postgresql/main.yml
+++ b/apps/accounts/automations/verify_account/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgresql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/accounts/automations/verify_account/database/sqlserver/main.yml
+++ b/apps/accounts/automations/verify_account/database/sqlserver/main.yml
@ -1,7 +1,7 @@
 - hosts: sqlserver
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Verify account
--- a/apps/assets/automations/gather_facts/database/mongodb/main.yml
+++ b/apps/assets/automations/gather_facts/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Get info
--- a/apps/assets/automations/gather_facts/database/mysql/main.yml
+++ b/apps/assets/automations/gather_facts/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
    ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
--- a/apps/assets/automations/gather_facts/database/oracle/main.yml
+++ b/apps/assets/automations/gather_facts/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oracle
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Get info
--- a/apps/assets/automations/gather_facts/database/postgresql/main.yml
+++ b/apps/assets/automations/gather_facts/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgresql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/assets/automations/ping/database/mongodb/main.yml
+++ b/apps/assets/automations/ping/database/mongodb/main.yml
@ -1,7 +1,7 @@
 - hosts: mongodb
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test MongoDB connection
--- a/apps/assets/automations/ping/database/mysql/main.yml
+++ b/apps/assets/automations/ping/database/mysql/main.yml
@ -1,7 +1,7 @@
 - hosts: mysql
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
    ssl_cert: "{{ jms_asset.secret_info.client_cert | default('') }}"
--- a/apps/assets/automations/ping/database/oracle/main.yml
+++ b/apps/assets/automations/ping/database/oracle/main.yml
@ -1,7 +1,7 @@
 - hosts: oracle
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test Oracle connection
--- a/apps/assets/automations/ping/database/postgresql/main.yml
+++ b/apps/assets/automations/ping/database/postgresql/main.yml
@ -1,7 +1,7 @@
 - hosts: postgre
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"
    check_ssl: "{{ jms_asset.spec_info.use_ssl }}"
    check_ca: "{{ check_ssl and not jms_asset.spec_info.allow_invalid_cert }}"
    ca_cert: "{{ jms_asset.secret_info.ca_cert | default('') }}"
--- a/apps/assets/automations/ping/database/sqlserver/main.yml
+++ b/apps/assets/automations/ping/database/sqlserver/main.yml
@ -1,7 +1,7 @@
 - hosts: sqlserver
  gather_facts: no
  vars:
-    ansible_python_interpreter: /opt/py3/bin/python
+    ansible_python_interpreter: "{{ local_python_interpreter }}"

  tasks:
    - name: Test SQLServer connection
--- a/apps/ops/ansible/inventory.py
+++ b/apps/ops/ansible/inventory.py
@ -2,6 +2,7 @@
 import json
 import os
 import re
+import sys
 from collections import defaultdict

 from django.utils.translation import gettext as _
@ -191,6 +192,7 @@ class JMSInventory:
        secret_info = {k: v for k, v in asset.secret_info.items() if v}
        host = {
            'name': name,
+            'local_python_interpreter': sys.executable,
            'jms_asset': {
                'id': str(asset.id), 'name': asset.name, 'address': asset.address,
                'type': tp, 'category': category,