mirror of https://github.com/jumpserver/jumpserver
Merge branch 'v3' of github.com:jumpserver/jumpserver into v3
commit
350c9e4a80
|
@ -2,27 +2,21 @@
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /usr/local/bin/python
|
ansible_python_interpreter: /usr/local/bin/python
|
||||||
jms_account:
|
|
||||||
username: root
|
|
||||||
secret: redhat
|
|
||||||
jms_asset:
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 3306
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Gather facts info
|
- name: Get info
|
||||||
community.mysql.mysql_info:
|
community.mysql.mysql_info:
|
||||||
login_user: "{{ jms_account.username }}"
|
login_user: "{{ jms_account.username }}"
|
||||||
login_password: "{{ jms_account.secret }}"
|
login_password: "{{ jms_account.secret }}"
|
||||||
login_host: "{{ jms_asset.address }}"
|
login_host: "{{ jms_asset.address }}"
|
||||||
login_port: "{{ jms_asset.port }}"
|
login_port: "{{ jms_asset.port }}"
|
||||||
|
filter: version
|
||||||
register: db_info
|
register: db_info
|
||||||
|
|
||||||
- name: Get info
|
- name: Define Mysql info by set_fact
|
||||||
set_fact:
|
set_fact:
|
||||||
info:
|
info:
|
||||||
version: "{{ db_info.version.full }}"
|
version: "{{ db_info.version.full }}"
|
||||||
|
|
||||||
- debug:
|
- debug:
|
||||||
var: db_info
|
var: info
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load Diff
|
@ -2,19 +2,9 @@
|
||||||
gather_facts: no
|
gather_facts: no
|
||||||
vars:
|
vars:
|
||||||
ansible_python_interpreter: /usr/local/bin/python
|
ansible_python_interpreter: /usr/local/bin/python
|
||||||
jms_account:
|
|
||||||
username: postgre
|
|
||||||
secret: postgre
|
|
||||||
jms_asset:
|
|
||||||
address: 127.0.0.1
|
|
||||||
port: 5432
|
|
||||||
database: testdb
|
|
||||||
account:
|
|
||||||
username: test
|
|
||||||
secret: jumpserver
|
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Test PostgreSQL connection
|
- name: Get info
|
||||||
community.postgresql.postgresql_info:
|
community.postgresql.postgresql_info:
|
||||||
login_user: "{{ jms_account.username }}"
|
login_user: "{{ jms_account.username }}"
|
||||||
login_password: "{{ jms_account.secret }}"
|
login_password: "{{ jms_account.secret }}"
|
||||||
|
@ -23,6 +13,10 @@
|
||||||
login_db: "{{ jms_asset.database }}"
|
login_db: "{{ jms_asset.database }}"
|
||||||
register: db_info
|
register: db_info
|
||||||
|
|
||||||
- name: Debug it
|
- name: Define Postgresql info by set_fact
|
||||||
debug:
|
set_fact:
|
||||||
var: db_info
|
info:
|
||||||
|
version: "{{ db_info.server_version.raw }}"
|
||||||
|
|
||||||
|
- debug:
|
||||||
|
var: info
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
{% for account in accounts %}
|
|
||||||
- hosts: {{ account.asset.name }}
|
|
||||||
vars:
|
|
||||||
account:
|
|
||||||
username: {{ account.username }}
|
|
||||||
password: {{ account.password }}
|
|
||||||
public_key: {{ account.public_key }}
|
|
||||||
roles:
|
|
||||||
- change_secret
|
|
||||||
{% endfor %}
|
|
|
@ -1,8 +0,0 @@
|
||||||
id: gather_facts_sqlserver
|
|
||||||
name: Change password for SQLServer
|
|
||||||
version: 1
|
|
||||||
category: database
|
|
||||||
type:
|
|
||||||
- sqlserver
|
|
||||||
method: gather_facts
|
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
- name: ping
|
|
||||||
ansible.builtin.ping:
|
|
||||||
|
|
||||||
#- name: print variables
|
|
||||||
# debug:
|
|
||||||
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
|
|
||||||
|
|
||||||
- name: Change password
|
|
||||||
user:
|
|
||||||
name: "{{ account.username }}"
|
|
||||||
password: "{{ account.password | password_hash('des') }}"
|
|
||||||
update_password: always
|
|
||||||
when: account.password
|
|
||||||
|
|
||||||
- name: Change public key
|
|
||||||
authorized_key:
|
|
||||||
user: "{{ account.username }}"
|
|
||||||
key: "{{ account.public_key }}"
|
|
||||||
state: present
|
|
||||||
when: account.public_key
|
|
||||||
|
|
||||||
- name: Verify password
|
|
||||||
ansible.builtin.ping:
|
|
||||||
vars:
|
|
||||||
ansible_user: "{{ account.username }}"
|
|
||||||
ansible_pass: "{{ account.password }}"
|
|
||||||
ansible_ssh_connection: paramiko
|
|
|
@ -2,7 +2,7 @@
|
||||||
gather_facts: yes
|
gather_facts: yes
|
||||||
tasks:
|
tasks:
|
||||||
- name: Get info
|
- name: Get info
|
||||||
set_fact:
|
ansible.builtin.set_fact:
|
||||||
info:
|
info:
|
||||||
arch: "{{ ansible_architecture }}"
|
arch: "{{ ansible_architecture }}"
|
||||||
distribution: "{{ ansible_distribution }}"
|
distribution: "{{ ansible_distribution }}"
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
from common.utils import get_logger
|
from common.utils import get_logger
|
||||||
|
from assets.const import AutomationTypes
|
||||||
from ..base.manager import BasePlaybookManager
|
from ..base.manager import BasePlaybookManager
|
||||||
|
|
||||||
logger = get_logger(__name__)
|
logger = get_logger(__name__)
|
||||||
|
@ -11,7 +12,7 @@ class GatherFactsManager(BasePlaybookManager):
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def method_type(cls):
|
def method_type(cls):
|
||||||
return 'gather_facts'
|
return AutomationTypes.gather_facts
|
||||||
|
|
||||||
def host_callback(self, host, asset=None, **kwargs):
|
def host_callback(self, host, asset=None, **kwargs):
|
||||||
super().host_callback(host, asset=asset, **kwargs)
|
super().host_callback(host, asset=asset, **kwargs)
|
||||||
|
@ -19,14 +20,10 @@ class GatherFactsManager(BasePlaybookManager):
|
||||||
return host
|
return host
|
||||||
|
|
||||||
def on_host_success(self, host, result):
|
def on_host_success(self, host, result):
|
||||||
info = result.get('Get info', {}).get('res', {}).get('ansible_facts', {}).get('info', {})
|
info = result.get('debug', {}).get('res', {}).get('info', {})
|
||||||
asset = self.host_asset_mapper.get(host)
|
asset = self.host_asset_mapper.get(host)
|
||||||
if asset and info:
|
if asset and info:
|
||||||
asset.info = info
|
asset.info = info
|
||||||
asset.save()
|
asset.save()
|
||||||
else:
|
else:
|
||||||
logger.error("Not found info, task name must be 'Get info': {}".format(host))
|
logger.error("Not found info, task name must be 'Get info': {}".format(host))
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,7 @@ from common.db.fields import EncryptJsonDictTextField
|
||||||
from orgs.mixins.models import OrgModelMixin
|
from orgs.mixins.models import OrgModelMixin
|
||||||
from ops.mixin import PeriodTaskModelMixin
|
from ops.mixin import PeriodTaskModelMixin
|
||||||
from assets.models import Node, Asset
|
from assets.models import Node, Asset
|
||||||
|
from assets.tasks import execute_automation
|
||||||
|
|
||||||
|
|
||||||
class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
|
class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
|
||||||
|
@ -38,7 +39,11 @@ class BaseAutomation(CommonModelMixin, PeriodTaskModelMixin, OrgModelMixin):
|
||||||
return assets.group_by_platform()
|
return assets.group_by_platform()
|
||||||
|
|
||||||
def get_register_task(self):
|
def get_register_task(self):
|
||||||
raise NotImplementedError
|
name = f"automation_{self.type}_strategy_period_{str(self.id)[:8]}"
|
||||||
|
task = execute_automation.name
|
||||||
|
args = (str(self.id), Trigger.timing, self._meta.model)
|
||||||
|
kwargs = {}
|
||||||
|
return name, task, args, kwargs
|
||||||
|
|
||||||
def get_many_to_many_ids(self, field: str):
|
def get_many_to_many_ids(self, field: str):
|
||||||
return [str(i) for i in getattr(self, field).all().values_list('id', flat=True)]
|
return [str(i) for i in getattr(self, field).all().values_list('id', flat=True)]
|
||||||
|
|
|
@ -4,7 +4,6 @@ from django.utils.translation import ugettext_lazy as _
|
||||||
from common.db import fields
|
from common.db import fields
|
||||||
from common.const.choices import Trigger
|
from common.const.choices import Trigger
|
||||||
from common.db.models import JMSBaseModel
|
from common.db.models import JMSBaseModel
|
||||||
from assets.tasks import execute_change_secret_automation
|
|
||||||
from assets.const import AutomationTypes, SecretType, SecretStrategy, SSHKeyStrategy
|
from assets.const import AutomationTypes, SecretType, SecretStrategy, SSHKeyStrategy
|
||||||
from .base import BaseAutomation
|
from .base import BaseAutomation
|
||||||
|
|
||||||
|
@ -35,13 +34,6 @@ class ChangeSecretAutomation(BaseAutomation):
|
||||||
class Meta:
|
class Meta:
|
||||||
verbose_name = _("Change secret automation")
|
verbose_name = _("Change secret automation")
|
||||||
|
|
||||||
def get_register_task(self):
|
|
||||||
name = "automation_change_secret_strategy_period_{}".format(str(self.id)[:8])
|
|
||||||
task = execute_change_secret_automation.name
|
|
||||||
args = (str(self.id), Trigger.timing)
|
|
||||||
kwargs = {}
|
|
||||||
return name, task, args, kwargs
|
|
||||||
|
|
||||||
def to_attr_json(self):
|
def to_attr_json(self):
|
||||||
attr_json = super().to_attr_json()
|
attr_json = super().to_attr_json()
|
||||||
attr_json.update({
|
attr_json.update({
|
||||||
|
|
|
@ -1,16 +1,15 @@
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
|
||||||
|
from assets.const import AutomationTypes
|
||||||
from .base import BaseAutomation
|
from .base import BaseAutomation
|
||||||
|
|
||||||
|
|
||||||
__all__ = ['GatherFactsAutomation']
|
__all__ = ['GatherFactsAutomation']
|
||||||
|
|
||||||
|
|
||||||
class GatherFactsAutomation(BaseAutomation):
|
class GatherFactsAutomation(BaseAutomation):
|
||||||
class Meta:
|
|
||||||
verbose_name = _("Gather asset facts")
|
|
||||||
|
|
||||||
def save(self, *args, **kwargs):
|
def save(self, *args, **kwargs):
|
||||||
self.type = 'gather_facts'
|
self.type = AutomationTypes.gather_facts
|
||||||
super().save(*args, **kwargs)
|
super().save(*args, **kwargs)
|
||||||
|
|
||||||
|
class Meta:
|
||||||
|
verbose_name = _("Gather asset facts")
|
||||||
|
|
|
@ -55,7 +55,7 @@ class AccountSerializerCreateMixin(serializers.ModelSerializer):
|
||||||
class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
|
class AccountSerializer(AccountSerializerCreateMixin, BaseAccountSerializer):
|
||||||
asset = ObjectRelatedField(
|
asset = ObjectRelatedField(
|
||||||
required=False, queryset=Asset.objects,
|
required=False, queryset=Asset.objects,
|
||||||
label=_('Asset'), attrs=('id', 'name', 'address')
|
label=_('Asset'), attrs=('id', 'name', 'address', 'platform_id')
|
||||||
)
|
)
|
||||||
|
|
||||||
class Meta(BaseAccountSerializer.Meta):
|
class Meta(BaseAccountSerializer.Meta):
|
||||||
|
|
|
@ -7,12 +7,11 @@ logger = get_logger(__file__)
|
||||||
|
|
||||||
|
|
||||||
@shared_task
|
@shared_task
|
||||||
def execute_change_secret_automation(pid, trigger):
|
def execute_automation(pid, trigger, mode):
|
||||||
from assets.models import ChangeSecretAutomation
|
|
||||||
with tmp_to_root_org():
|
with tmp_to_root_org():
|
||||||
instance = get_object_or_none(ChangeSecretAutomation, pk=pid)
|
instance = get_object_or_none(mode, pk=pid)
|
||||||
if not instance:
|
if not instance:
|
||||||
logger.error("No automation plan found: {}".format(pid))
|
logger.error("No automation task found: {}".format(pid))
|
||||||
return
|
return
|
||||||
with tmp_to_org(instance.org):
|
with tmp_to_org(instance.org):
|
||||||
instance.execute(trigger)
|
instance.execute(trigger)
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Generated by Django 3.2.14 on 2022-10-25 11:08
|
||||||
|
|
||||||
|
from django.db import migrations, models
|
||||||
|
import django.db.models.deletion
|
||||||
|
|
||||||
|
|
||||||
|
class Migration(migrations.Migration):
|
||||||
|
|
||||||
|
dependencies = [
|
||||||
|
('assets', '0111_alter_changesecretautomation_secret_strategy'),
|
||||||
|
('authentication', '0012_auto_20220816_1629'),
|
||||||
|
]
|
||||||
|
|
||||||
|
operations = [
|
||||||
|
migrations.RemoveField(
|
||||||
|
model_name='connectiontoken',
|
||||||
|
name='type',
|
||||||
|
),
|
||||||
|
migrations.AddField(
|
||||||
|
model_name='connectiontoken',
|
||||||
|
name='account_display',
|
||||||
|
field=models.CharField(default='', max_length=128, verbose_name='Account display'),
|
||||||
|
),
|
||||||
|
migrations.AlterField(
|
||||||
|
model_name='connectiontoken',
|
||||||
|
name='account',
|
||||||
|
field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, related_name='connection_tokens', to='assets.account', verbose_name='Account'),
|
||||||
|
),
|
||||||
|
]
|
|
@ -63,13 +63,6 @@ def date_expired_default():
|
||||||
|
|
||||||
|
|
||||||
class ConnectionToken(OrgModelMixin, JMSBaseModel):
|
class ConnectionToken(OrgModelMixin, JMSBaseModel):
|
||||||
class Type(models.TextChoices):
|
|
||||||
asset = 'asset', _('Asset')
|
|
||||||
application = 'application', _('Application')
|
|
||||||
|
|
||||||
type = models.CharField(
|
|
||||||
max_length=16, default=Type.asset, choices=Type.choices, verbose_name=_("Type")
|
|
||||||
)
|
|
||||||
secret = models.CharField(max_length=64, default='', verbose_name=_("Secret"))
|
secret = models.CharField(max_length=64, default='', verbose_name=_("Secret"))
|
||||||
date_expired = models.DateTimeField(
|
date_expired = models.DateTimeField(
|
||||||
default=date_expired_default, verbose_name=_("Date expired")
|
default=date_expired_default, verbose_name=_("Date expired")
|
||||||
|
@ -85,7 +78,11 @@ class ConnectionToken(OrgModelMixin, JMSBaseModel):
|
||||||
related_name='connection_tokens', null=True, blank=True
|
related_name='connection_tokens', null=True, blank=True
|
||||||
)
|
)
|
||||||
asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
|
asset_display = models.CharField(max_length=128, default='', verbose_name=_("Asset display"))
|
||||||
account = models.CharField(max_length=128, default='', verbose_name=_("Account"))
|
account = models.ForeignKey(
|
||||||
|
'assets.Account', on_delete=models.SET_NULL, verbose_name=_('Account'),
|
||||||
|
related_name='connection_tokens', null=True, blank=True
|
||||||
|
)
|
||||||
|
account_display = models.CharField(max_length=128, default='', verbose_name=_("Account display"))
|
||||||
|
|
||||||
class Meta:
|
class Meta:
|
||||||
ordering = ('-date_expired',)
|
ordering = ('-date_expired',)
|
||||||
|
|
|
@ -1,10 +1,8 @@
|
||||||
# -*- coding: utf-8 -*-
|
# -*- coding: utf-8 -*-
|
||||||
#
|
#
|
||||||
import abc
|
import abc
|
||||||
import uuid
|
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
from django.db import models
|
from django.db import models
|
||||||
from django import forms
|
|
||||||
from rest_framework import serializers
|
from rest_framework import serializers
|
||||||
|
|
||||||
from .celery.utils import (
|
from .celery.utils import (
|
||||||
|
|
|
@ -39,6 +39,9 @@ exclude_permissions = (
|
||||||
('assets', 'assetuser', '*', '*'),
|
('assets', 'assetuser', '*', '*'),
|
||||||
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
('assets', 'gathereduser', 'add,delete,change', 'gathereduser'),
|
||||||
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
|
('assets', 'accountbackupplanexecution', 'delete,change', 'accountbackupplanexecution'),
|
||||||
|
# TODO 暂时去掉历史账号的权限
|
||||||
|
('assets', 'account', '*', 'assethistoryaccount'),
|
||||||
|
('assets', 'account', '*', 'assethistoryaccountsecret'),
|
||||||
|
|
||||||
('perms', 'userassetgrantedtreenoderelation', '*', '*'),
|
('perms', 'userassetgrantedtreenoderelation', '*', '*'),
|
||||||
('perms', 'usergrantedmappingnode', '*', '*'),
|
('perms', 'usergrantedmappingnode', '*', '*'),
|
||||||
|
|
Loading…
Reference in New Issue