mirror of https://github.com/jumpserver/jumpserver
fit2bot
GitHub
parent
2adfbeaeb7
commit
95eeeb4208
|
|
@ -0,0 +1,54 @@
|
|||
- hosts: demo
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: Test privileged account
|
||||
ansible.builtin.ping:
|
||||
|
||||
- name: Change password
|
||||
ansible.builtin.user:
|
||||
name: "{{ account.username }}"
|
||||
password: "{{ account.secret | password_hash('des') }}"
|
||||
update_password: always
|
||||
when: secret_type == "password"
|
||||
|
||||
- name: create user If it already exists, no operation will be performed
|
||||
ansible.builtin.user:
|
||||
name: "{{ account.username }}"
|
||||
when: secret_type == "ssh_key"
|
||||
|
||||
- name: remove jumpserver ssh key
|
||||
ansible.builtin.lineinfile:
|
||||
dest: "{{ kwargs.dest }}"
|
||||
regexp: "{{ kwargs.regexp }}"
|
||||
state: absent
|
||||
when:
|
||||
- secret_type == "ssh_key"
|
||||
- kwargs.strategy == "set_jms"
|
||||
|
||||
- name: Change SSH key
|
||||
ansible.builtin.authorized_key:
|
||||
user: "{{ account.username }}"
|
||||
key: "{{ account.secret }}"
|
||||
exclusive: "{{ kwargs.exclusive }}"
|
||||
when: secret_type == "ssh_key"
|
||||
|
||||
- name: Refresh connection
|
||||
ansible.builtin.meta: reset_connection
|
||||
|
||||
- name: Verify password
|
||||
ansible.builtin.ping:
|
||||
become: no
|
||||
vars:
|
||||
ansible_user: "{{ account.username }}"
|
||||
ansible_password: "{{ account.secret }}"
|
||||
ansible_become: no
|
||||
when: secret_type == "password"
|
||||
|
||||
- name: Verify SSH key
|
||||
ansible.builtin.ping:
|
||||
become: no
|
||||
vars:
|
||||
ansible_user: "{{ account.username }}"
|
||||
ansible_ssh_private_key_file: "{{ account.private_key_path }}"
|
||||
ansible_become: no
|
||||
when: secret_type == "ssh_key"
|
||||
|
|
@ -0,0 +1,6 @@
|
|||
id: change_secret_aix
|
||||
name: Change secret for aix
|
||||
category: host
|
||||
type:
|
||||
- AIX
|
||||
method: change_secret
|
||||
|
|
@ -1,3 +1,4 @@
|
|||
import json
|
||||
import os
|
||||
import shutil
|
||||
from collections import defaultdict
|
||||
|
|
@ -196,6 +197,30 @@ class BasePlaybookManager:
|
|||
def before_runner_start(self, runner):
|
||||
pass
|
||||
|
||||
@staticmethod
|
||||
def delete_sensitive_data(path):
|
||||
if settings.DEBUG_DEV:
|
||||
return
|
||||
|
||||
with open(path, 'r') as f:
|
||||
d = json.load(f)
|
||||
def delete_keys(d, keys_to_delete):
|
||||
"""
|
||||
递归函数:删除嵌套字典中的指定键
|
||||
"""
|
||||
if not isinstance(d, dict):
|
||||
return d
|
||||
keys = list(d.keys())
|
||||
for key in keys:
|
||||
if key in keys_to_delete:
|
||||
del d[key]
|
||||
else:
|
||||
delete_keys(d[key], keys_to_delete)
|
||||
return d
|
||||
d = delete_keys(d, ['secret', 'ansible_password'])
|
||||
with open(path, 'w') as f:
|
||||
json.dump(d, f)
|
||||
|
||||
def run(self, *args, **kwargs):
|
||||
runners = self.get_runners()
|
||||
if len(runners) > 1:
|
||||
|
|
@ -213,6 +238,7 @@ class BasePlaybookManager:
|
|||
self.before_runner_start(runner)
|
||||
try:
|
||||
cb = runner.run(**kwargs)
|
||||
self.delete_sensitive_data(runner.inventory)
|
||||
self.on_runner_success(runner, cb)
|
||||
except Exception as e:
|
||||
self.on_runner_failed(runner, e)
|
||||
|
|
|
|||
|
|
@ -81,7 +81,13 @@ class HostTypes(BaseType):
|
|||
{'name': 'Unix'},
|
||||
{'name': 'macOS'},
|
||||
{'name': 'BSD'},
|
||||
{'name': 'AIX'},
|
||||
{
|
||||
'name': 'AIX',
|
||||
'automation': {
|
||||
'push_account_method': 'push_account_aix',
|
||||
'change_secret_method': 'change_secret_aix',
|
||||
}
|
||||
},
|
||||
],
|
||||
cls.WINDOWS: [
|
||||
{'name': 'Windows'},
|
||||
|
|
|
|||
|
|
@ -51,7 +51,8 @@ def check_registered_tasks(*args, **kwargs):
|
|||
continue
|
||||
for attr in attrs:
|
||||
if not hasattr(task, attr):
|
||||
print('>>> Task {} has no attribute {}'.format(name, attr))
|
||||
# print('>>> Task {} has no attribute {}'.format(name, attr))
|
||||
pass
|
||||
|
||||
|
||||
@signals.before_task_publish.connect
|
||||
|
|
|
|||
Loading…
Reference in New Issue