github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 修改 ansible change password

pull/8970/head
ibuler 2022-10-10 20:56:13 +08:00
parent 1d757ec19a
commit 9198c93fcf
6 changed files with 92 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
apps/assets/automations/change_password/database/change_password_mysql/main.yml
View File

@ -1,29 +1,46 @@
- hosts: demo - hosts: mysql
gather_facts: no
vars:
ansible_python_interpreter: /usr/local/bin/python
jms_account:
username: root
password: redhat
jms_asset:
address: 127.0.0.1
port: 3306
account:
username: web1
password: jumpserver
tasks: tasks:
- name: ping - name: Test MySQL connection
ping: community.mysql.mysql_info:
login_user: "{{ jms_account.username }}"
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
filter: version
register: db_info
#- name: print variables - name: MySQL version
# debug: debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}" var: db_info.version.full
- name: Change password - name: Change MySQL password
user: community.mysql.mysql_user:
login_user: "{{ jms_account.username }}"
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
name: "{{ account.username }}" name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}" password: "{{ account.secret }}"
update_password: always host: "%"
when: account.password when: db_info is succeeded
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password - name: Verify password
ping: community.mysql.mysql_info:
vars: login_user: "{{ account.username }}"
ansible_user: "{{ account.username }}" login_password: "{{ account.secret }}"
ansible_pass: "{{ account.password }}" login_host: "{{ jms_asset.address }}"
ansible_ssh_connection: paramiko login_port: "{{ jms_asset.port }}"
filter: version

51
apps/assets/automations/change_password/database/change_password_postgresql/main.yml
View File

@ -1,10 +1,45 @@
{% for account in accounts %} - hosts: mysql
- hosts: {{ account.asset.name }} gather_facts: no
vars: vars:
ansible_python_interpreter: /usr/local/bin/python
jms_account:
username: postgre
password: postgre
jms_asset:
address: 127.0.0.1
port: 5432
account: account:
username: {{ account.username }} username: web1
password: {{ account.password }} secret: jumpserver
public_key: {{ account.public_key }}
roles: tasks:
- change_password - name: Test PostgreSQL connection
{% endfor %} community.postgresql.postgresql_info:
login_user: "{{ jms_account.username }}"
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
register: db_info
- name: Display PostgreSQL version
debug:
var: db_info.version.full
- name: Change PostgreSQL password
community.postgresql.postgresql_user:
login_user: "{{ jms_account.username }}"
login_password: "{{ jms_account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"
name: "{{ account.username }}"
password: "{{ account.secret }}"
comment: Updated by jumpserver
state: present
when: db_info is succeeded
- name: Verify password
community.postgresql.postgresql_info:
login_user: "{{ account.username }}"
login_password: "{{ account.secret }}"
login_host: "{{ jms_asset.address }}"
login_port: "{{ jms_asset.port }}"

27
apps/assets/automations/change_password/database/change_password_postgresql/roles/change_password/tasks/main.yml
View File

@ -1,27 +0,0 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

7
apps/ops/ansible/inventory.py
View File

@ -62,13 +62,16 @@ class JMSInventory:
def asset_to_host(self, asset, account, automation, protocols): def asset_to_host(self, asset, account, automation, protocols):
host = { host = {
'name': asset.name, 'name': asset.name,
'asset': { 'jms_asset': {
'id': str(asset.id), 'name': asset.name, 'address': asset.address, 'id': str(asset.id), 'name': asset.name, 'address': asset.address,
'type': asset.type, 'category': asset.category, 'type': asset.type, 'category': asset.category,
'protocol': asset.protocol, 'port': asset.port, 'protocol': asset.protocol, 'port': asset.port,
'protocols': [{'name': p.name, 'port': p.port} for p in protocols], 'protocols': [{'name': p.name, 'port': p.port} for p in protocols],
}, },
'exclude': '' 'jms_account': {
'id': str(account.id), 'username': account.username,
'secret': account.secret, 'secret_type': account.secret_type
} if account else None
} }
ansible_connection = automation.ansible_config.get('ansible_connection', 'ssh') ansible_connection = automation.ansible_config.get('ansible_connection', 'ssh')
gateway = None gateway = None

4
apps/orgs/models.py
View File

@ -78,7 +78,9 @@ class Organization(OrgRoleMixin, models.Model):
ROOT_ID = '00000000-0000-0000-0000-000000000000' ROOT_ID = '00000000-0000-0000-0000-000000000000'
ROOT_NAME = _('GLOBAL') ROOT_NAME = _('GLOBAL')
DEFAULT_ID = '00000000-0000-0000-0000-000000000002' DEFAULT_ID = '00000000-0000-0000-0000-000000000002'
DEFAULT_NAME = 'Default' DEFAULT_NAME = _('DEFAULT')
SYSTEM_ID = '00000000-0000-0000-0000-000000000004'
SYSTEM_NAME = _('SYSTEM')
orgs_mapping = None orgs_mapping = None
class Meta: class Meta:

2
apps/perms/urls/asset_permission.py
View File

@ -65,7 +65,7 @@ user_permission_urlpatterns = [
path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccountsApi.as_view(), name='my-asset-accounts'), path('assets/<uuid:asset_id>/accounts/', api.MyGrantedAssetAccountsApi.as_view(), name='my-asset-accounts'),
# 用户登录资产的特殊账号, @INPUT, @USER 等 # 用户登录资产的特殊账号, @INPUT, @USER 等
path('<uuid:pk>/assets/special-accounts/', api.UserGrantedAssetSpecialAccountsApi.as_view(), name='user-special-accounts'), path('<uuid:pk>/assets/special-accounts/', api.UserGrantedAssetSpecialAccountsApi.as_view(), name='user-special-accounts'),
path('/assets/special-accounts/', api.MyGrantedAssetSpecialAccountsApi.as_view(), name='my-special-accounts'), path('assets/special-accounts/', api.MyGrantedAssetSpecialAccountsApi.as_view(), name='my-special-accounts'),
] ]
user_group_permission_urlpatterns = [ user_group_permission_urlpatterns = [