diff --git a/apps/assets/playbooks/generate_playbook/change_password.py b/apps/assets/playbooks/generate_playbook/change_password.py index a3f723d28..20c3f0889 100644 --- a/apps/assets/playbooks/generate_playbook/change_password.py +++ b/apps/assets/playbooks/generate_playbook/change_password.py @@ -22,7 +22,7 @@ class GenerateChangePasswordPlaybook(BaseGeneratePlaybook): self.relation_asset_map = self.get_username_relation_asset_map(usernames) def get_username_relation_asset_map(self, usernames): - # TODO 没牛逼用户的资产 网关 + # TODO 没特权用户的资产 要考虑网关 complete_map = { asset: list(asset.accounts.value_list('username', flat=True)) @@ -34,6 +34,9 @@ class GenerateChangePasswordPlaybook(BaseGeneratePlaybook): relation_map = {} for asset, usernames in complete_map.items(): + usernames = list(set(usernames) & set(usernames)) + if not usernames: + continue relation_map[asset] = list(set(usernames) & set(usernames)) return relation_map @@ -59,7 +62,6 @@ class GenerateChangePasswordPlaybook(BaseGeneratePlaybook): 'ansible_port': asset.get_target_ssh_port(), # TODO 需要根绝协议取端口号 'ansible_user': asset.admin_user.username, 'ansible_pass': asset.admin_user.username, - 'ansible_connection': 'ssh', 'usernames': usernames, } pathname = os.path.join(host_vars_pathname, f'{asset.name}.yml') diff --git a/apps/assets/playbooks/generate_playbook/verify.py b/apps/assets/playbooks/generate_playbook/verify.py index e69de29bb..88695b814 100644 --- a/apps/assets/playbooks/generate_playbook/verify.py +++ b/apps/assets/playbooks/generate_playbook/verify.py @@ -0,0 +1,86 @@ +import os +import yaml +from typing import List + +from django.conf import settings +from assets.models import Asset +from .base import BaseGeneratePlaybook + + +class GenerateVerifyPlaybook(BaseGeneratePlaybook): + + def __init__( + self, assets: List[Asset], strategy, usernames + ): + super().__init__(assets, strategy) + self.relation_asset_map = self.get_account_relation_asset_map(usernames) + + def get_account_relation_asset_map(self, usernames): + # TODO 没特权用户的资产 要考虑网关 + complete_map = { + asset: list(asset.accounts.all()) + for asset in self.assets + } + + if '*' in usernames: + return complete_map + + relation_map = {} + for asset, accounts in complete_map.items(): + account_map = {account.username: account for account in accounts} + accounts = [account_map[i] for i in (set(usernames) & set(account_map))] + if not accounts: + continue + relation_map[asset] = accounts + return relation_map + + @property + def src_filepath(self): + return os.path.join( + settings.BASE_DIR, 'assets', 'playbooks', 'strategy', + 'verify', 'roles', self.strategy + ) + + def generate_hosts(self): + host_pathname = os.path.join(self.temp_folder, 'hosts') + with open(host_pathname, 'w', encoding='utf8') as f: + for asset in self.relation_asset_map.keys(): + f.write(f'{asset.name}\n') + + def generate_host_vars(self): + host_vars_pathname = os.path.join(self.temp_folder, 'hosts', 'host_vars') + os.makedirs(host_vars_pathname, exist_ok=True) + for asset, accounts in self.relation_asset_map.items(): + account_info = [] + for account in accounts: + private_key_filename = f'{asset.name}_{account.username}' if account.private_key else '' + account_info.append({ + 'username': account.username, + 'password': account.password, + 'private_key_filename': private_key_filename, + }) + host_vars = { + 'ansible_host': asset.get_target_ip(), + 'ansible_port': asset.get_target_ssh_port(), # TODO 需要根绝协议取端口号 + 'account_info': account_info, + } + pathname = os.path.join(host_vars_pathname, f'{asset.name}.yml') + with open(pathname, 'w', encoding='utf8') as f: + f.write(yaml.dump(host_vars, allow_unicode=True)) + + def generate_secret_key_files(self): + file_pathname = os.path.join(self.temp_folder, self.strategy, 'files') + os.makedirs(file_pathname, exist_ok=True) + for asset, accounts in self.relation_asset_map.items(): + for account in accounts: + if account.private_key: + path_name = os.path.join(file_pathname, f'{asset.name}_{account.username}') + with open(path_name, 'w', encoding='utf8') as f: + f.write(account.private_key) + + def execute(self): + self.generate_temp_playbook() + self.generate_hosts() + self.generate_host_vars() + self.generate_secret_key_files() + # self.generate_role_main() # TODO Linux 暂时不需要 diff --git a/apps/assets/playbooks/strategy/verify/roles/linux/main.yml b/apps/assets/playbooks/strategy/verify/roles/linux/main.yml index ba07ece17..03c666df7 100644 --- a/apps/assets/playbooks/strategy/verify/roles/linux/main.yml +++ b/apps/assets/playbooks/strategy/verify/roles/linux/main.yml @@ -1,7 +1,5 @@ - hosts: all vars: connection_type: ssh - password: - value: {{ password}} roles: - linux diff --git a/apps/assets/playbooks/strategy/verify/roles/linux/tasks/main.yml b/apps/assets/playbooks/strategy/verify/roles/linux/tasks/main.yml index 0bf6e8ee1..ff9e1eb99 100644 --- a/apps/assets/playbooks/strategy/verify/roles/linux/tasks/main.yml +++ b/apps/assets/playbooks/strategy/verify/roles/linux/tasks/main.yml @@ -1,8 +1,8 @@ - name: Verify user ping: vars: - ansible_user: "{{ item }}" - ansible_pass: "{{ password }}" + ansible_user: "{{ item.username }}" + ansible_pass: "{{ item.username }}" ansible_connection: "{{ connection_type | default('ssh') }}" - ansible_ssh_private_key_file: "{{ private_key_file }}" - with_items: "{{ usernames }}" + ansible_ssh_private_key_file: "{{ item.private_key_file }}" + with_items: "{{ account_info }}"