perf: 优化针对低版本 ssh 版本的任务

apps/accounts/automations/change_secret/custom/ssh/main.yml

@@ -18,6 +18,7 @@
         become_user: "{{ custom_become_user | default('') }}"
         become_password: "{{ custom_become_password | default('') }}"
         become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       register: ping_info
       delegate_to: localhost
 
@@ -54,4 +55,5 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       delegate_to: localhost

apps/accounts/automations/change_secret/host/aix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,5 +96,6 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost

apps/accounts/automations/change_secret/host/posix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,5 +96,6 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost

apps/accounts/automations/push_account/host/aix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,6 +96,7 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost
 

apps/accounts/automations/push_account/host/posix/main.yml

@@ -85,6 +85,7 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "password"
       delegate_to: localhost
 
@@ -95,6 +96,7 @@
         login_user: "{{ account.username }}"
         login_private_key_path: "{{ account.private_key_path  }}"
         gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"
       when: account.secret_type == "ssh_key"
       delegate_to: localhost
 

apps/accounts/automations/verify_account/custom/ssh/main.yml

@@ -19,3 +19,4 @@
         become_user: "{{ account.become.ansible_user | default('') }}"
         become_password: "{{ account.become.ansible_password | default('') }}"
         become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"

apps/assets/automations/ping/custom/ssh/main.yml

@@ -19,3 +19,4 @@
         become_user: "{{ custom_become_user | default('') }}"
         become_password: "{{ custom_become_password | default('') }}"
         become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
+        old_ssh_version: "{{ jms_asset.old_ssh_version | default(False) }}"

apps/assets/const/protocol.py

@@ -38,6 +38,14 @@ class Protocol(ChoicesMixin, models.TextChoices):
             cls.ssh: {
                 'port': 22,
                 'secret_types': ['password', 'ssh_key'],
+                'setting': {
+                    'old_ssh_version': {
+                        'type': 'bool',
+                        'default': False,
+                        'label': _('Old SSH version'),
+                        'help_text': _('Old SSH version like openssh 5.x or 6.x')
+                    }
+                }
             },
             cls.sftp: {
                 'port': 22,

apps/ops/ansible/inventory.py

@@ -91,6 +91,15 @@ class JMSInventory:
         }
         return var
 
+    @staticmethod
+    def make_protocol_setting_vars(host, protocols):
+        # 针对 ssh 协议的特殊处理
+        for p in protocols:
+            if p.name == 'ssh':
+                if hasattr(p, 'setting'):
+                    setting = getattr(p, 'setting')
+                    host['old_ssh_version'] = setting.get('old_ssh_version', False)
+
     def make_account_vars(self, host, asset, account, automation, protocol, platform, gateway):
         from accounts.const import AutomationTypes
         if not account:
@@ -186,6 +195,8 @@ class JMSInventory:
             } if account else None
         }
 
+        self.make_protocol_setting_vars(host, protocols)
+
         protocols = host['jms_asset']['protocols']
         host['jms_asset'].update({f"{p['name']}_port": p['port'] for p in protocols})
         if host['jms_account'] and tp == 'oracle':

apps/ops/ansible/modules_utils/custom_common.py

@@ -4,9 +4,8 @@ import time
 import paramiko
 from sshtunnel import SSHTunnelForwarder
 
-from packaging import version
 
-if version.parse(paramiko.__version__) > version.parse("2.8.1"):
+class OldSSHTransport(paramiko.transport.Transport):
     _preferred_pubkeys = (
         "ssh-ed25519",
         "ecdsa-sha2-nistp256",
@@ -17,7 +16,6 @@ if version.parse(paramiko.__version__) > version.parse("2.8.1"):
         "rsa-sha2-512",
         "ssh-dss",
     )
-    paramiko.transport.Transport._preferred_pubkeys = _preferred_pubkeys
 
 
 def common_argument_spec():
@@ -36,6 +34,8 @@ def common_argument_spec():
         become_user=dict(type='str', required=False),
         become_password=dict(type='str', required=False, no_log=True),
         become_private_key_path=dict(type='str', required=False, no_log=True),
+
+        old_ssh_version=dict(type='bool', default=False, required=False),
     )
     return options
 
@@ -69,6 +69,8 @@ class SSHClient:
             params['username'] = self.module.params['login_user']
             params['password'] = self.module.params['login_password']
             params['key_filename'] = self.module.params['login_private_key_path'] or None
+        if self.module.params['old_ssh_version']:
+            params['transport_factory'] = OldSSHTransport
         return params
 
     def _get_channel(self):