github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

feat: 测试可连接性mongodb支持ssl

pull/9383/head
jiangweidong 2023-01-19 09:57:58 +08:00 committed by Jiangjie.Bai
parent ae79584faa
commit 211a0abe9e
5 changed files with 51 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
apps/accounts/automations/change_secret/database/mongodb/main.yml
View File

@ -11,6 +11,11 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_database: "{{ jms_asset.specific.db_name }}"
ssl: "{{ jms_asset.specific.use_ssl }}"
ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
ssl_certfile: "{{ jms_asset.specific.client_key }}"
connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
register: db_info
- name: Display MongoDB version
@ -38,6 +43,11 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_database: "{{ jms_asset.specific.db_name }}"
ssl: "{{ jms_asset.specific.use_ssl }}"
ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
ssl_certfile: "{{ jms_asset.specific.client_key }}"
connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
when:
- db_info is succeeded
- change_info is succeeded

5
apps/accounts/automations/verify_account/database/mongodb/main.yml
View File

@ -11,3 +11,8 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_database: "{{ jms_asset.specific.db_name }}"
ssl: "{{ jms_asset.specific.use_ssl }}"
ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
ssl_certfile: "{{ jms_asset.specific.client_key }}"
connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"

5
apps/assets/automations/gather_facts/database/mongodb/main.yml
View File

@ -11,6 +11,11 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_database: "{{ jms_asset.specific.db_name }}"
ssl: "{{ jms_asset.specific.use_ssl }}"
ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
ssl_certfile: "{{ jms_asset.specific.client_key }}"
connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"
register: db_info
- name: Define info by set_fact

5
apps/assets/automations/ping/database/mongodb/main.yml
View File

@ -11,3 +11,8 @@
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
login_database: "{{ jms_asset.specific.db_name }}"
ssl: "{{ jms_asset.specific.use_ssl }}"
ssl_ca_certs: "{{ jms_asset.specific.ca_cert }}"
ssl_certfile: "{{ jms_asset.specific.client_key }}"
connection_options:
- tlsAllowInvalidHostnames: "{{ jms_asset.specific.allow_invalid_cert}}"

26
apps/ops/ansible/inventory.py
View File

@ -98,6 +98,30 @@ class JMSInventory:
if gateway:
host.update(self.make_proxy_command(gateway))
@staticmethod
def write_cert_to_file(filename, content):
if not content:
return ''
with open(filename, 'w') as f:
f.write(content)
return filename
def convert_cert_to_file(self, host, path_dir):
specific = host.get('jms_asset', {}).get('specific')
if not specific:
return host
cert_dir = os.path.join(path_dir, 'certs')
if not os.path.exists(cert_dir):
os.makedirs(cert_dir, 0o700, True)
for i in ('ca_cert', 'client_key', 'client_cert'):
result = self.write_cert_to_file(
os.path.join(cert_dir, i), specific.get(i)
)
host['jms_asset']['specific'][i] = result
return host
def asset_to_host(self, asset, account, automation, protocols, platform):
host = {
'name': '{}'.format(asset.name),
@ -178,6 +202,8 @@ class JMSInventory:
if not automation.ansible_enabled:
host['error'] = _('Ansible disabled')
else:
host = self.convert_cert_to_file(host, path_dir)
if self.host_callback is not None:
host = self.host_callback(