diff --git a/.gitignore b/.gitignore index 372644811..ec0378141 100644 --- a/.gitignore +++ b/.gitignore @@ -31,7 +31,6 @@ media celerybeat.pid django.db celerybeat-schedule.db -data/static docs/_build/ xpack xpack.bak diff --git a/apps/assets/const.py b/apps/assets/const.py index 9c5603052..f403a4131 100644 --- a/apps/assets/const.py +++ b/apps/assets/const.py @@ -16,6 +16,7 @@ class PlatformMixin: def platform_constraints(cls): return { 'domain_enabled': False, + 'url_enabled': False, 'su_enabled': False, 'brand_enabled': False, 'ping_enabled': False, @@ -88,7 +89,7 @@ class Category(PlatformMixin, ChoicesMixin, models.TextChoices): 'change_password_enabled': False, 'create_account_enabled': False, 'gather_accounts_enabled': False, - '_protocols': ['http', 'https'] + '_protocols': ['http'] }, cls.CLOUD: { 'domain_enabled': False, @@ -168,12 +169,16 @@ class WebTypes(PlatformMixin, ChoicesMixin, models.TextChoices): class CloudTypes(PlatformMixin, ChoicesMixin, models.TextChoices): K8S = 'k8s', 'Kubernetes' + VSPHERE = 'vsphere', 'VMware vSphere' @classmethod def platform_constraints(cls): return { cls.K8S: { '_protocols': ['k8s'] + }, + cls.VSPHERE: { + '_protocols': ['vsphere'] } } diff --git a/apps/assets/models/utils.py b/apps/assets/models/utils.py index c8e8c6a08..dfc2ace2c 100644 --- a/apps/assets/models/utils.py +++ b/apps/assets/models/utils.py @@ -59,14 +59,17 @@ def update_internal_platforms(platform_model): {'name': 'Redis', 'category': 'database', 'type': 'redis'}, # 网络设备 - {'name': 'Generic', 'category': 'networking', 'type': 'general', 'brand': 'other'}, - {'name': 'Huawei', 'category': 'networking', 'type': 'general', 'brand': 'huawei'}, - {'name': 'Cisco', 'category': 'networking', 'type': 'general', 'brand': 'cisco'}, - {'name': 'H3C', 'category': 'networking', 'type': 'general', 'brand': 'h3c'}, + {'name': 'Generic', 'category': 'device', 'type': 'general', 'brand': 'other'}, + {'name': 'Huawei', 'category': 'device', 'type': 'general', 'brand': 'huawei'}, + {'name': 'Cisco', 'category': 'device', 'type': 'general', 'brand': 'cisco'}, + {'name': 'H3C', 'category': 'device', 'type': 'general', 'brand': 'h3c'}, # Web + {'name': 'Website', 'category': 'web', 'type': 'general'}, # Cloud + {'name': 'Kubernetes', 'category': 'cloud', 'type': 'k8s'}, + {'name': 'VMware vSphere', 'category': 'cloud', 'type': 'vsphere'}, ] platforms = platform_model.objects.all() diff --git a/apps/assets/playbooks/base/__init__.py b/apps/assets/playbooks/base/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/assets/playbooks/generate_playbook/base.py b/apps/assets/playbooks/base/generator.py similarity index 96% rename from apps/assets/playbooks/generate_playbook/base.py rename to apps/assets/playbooks/base/generator.py index 12a39f12c..972d12409 100644 --- a/apps/assets/playbooks/generate_playbook/base.py +++ b/apps/assets/playbooks/base/generator.py @@ -4,10 +4,11 @@ import shutil from typing import List from django.conf import settings + from assets.models import Asset -class BaseGeneratePlaybook: +class BaseRunner: src_filepath: str def __init__(self, assets: List[Asset], strategy): diff --git a/apps/assets/playbooks/base/runner.py b/apps/assets/playbooks/base/runner.py new file mode 100644 index 000000000..1370db6ba --- /dev/null +++ b/apps/assets/playbooks/base/runner.py @@ -0,0 +1,47 @@ +import os +import tempfile +import shutil +from typing import List + +from django.conf import settings + +from assets.models import Asset + + +class BasePlaybookGenerator: + def __init__(self, assets: list[Asset], strategy, ansible_connection='ssh'): + self.assets = assets + self.strategy = strategy + self.playbook_dir = self.temp_folder_path() + + def generate(self): + self.prepare_playbook_dir() + self.generate_inventory() + self.generate_playbook() + + def prepare_playbook_dir(self): + pass + + def generate_inventory(self): + pass + + def generate_playbook(self): + pass + + @property + def base_dir(self): + tmp_dir = os.path.join(settings.PROJECT_DIR, 'tmp') + path = os.path.join(tmp_dir, self.strategy) + return path + + def temp_folder_path(self): + return tempfile.mkdtemp(dir=self.base_dir) + + def del_temp_folder(self): + shutil.rmtree(self.playbook_dir) + + def generate_temp_playbook(self): + src = self.src_filepath + dst = os.path.join(self.temp_folder, self.strategy) + shutil.copytree(src, dst) + return dst diff --git a/apps/assets/playbooks/change_password/__init__.py b/apps/assets/playbooks/change_password/__init__.py new file mode 100644 index 000000000..e69de29bb diff --git a/apps/assets/playbooks/change_password/database/change_password_mysql/main.yml b/apps/assets/playbooks/change_password/database/change_password_mysql/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_mysql/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/playbooks/change_password/database/change_password_mysql/manifest.yml b/apps/assets/playbooks/change_password/database/change_password_mysql/manifest.yml new file mode 100644 index 000000000..043549ec6 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_mysql/manifest.yml @@ -0,0 +1,6 @@ +id: change_password_mysql +name: Change password for MySQL +category: database +type: + - mysql +method: change_password diff --git a/apps/assets/playbooks/change_password/database/change_password_mysql/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/database/change_password_mysql/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_mysql/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/change_password/database/change_password_oracle/main.yml b/apps/assets/playbooks/change_password/database/change_password_oracle/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_oracle/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/playbooks/change_password/database/change_password_oracle/manifest.yml b/apps/assets/playbooks/change_password/database/change_password_oracle/manifest.yml new file mode 100644 index 000000000..d3bab86e1 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_oracle/manifest.yml @@ -0,0 +1,6 @@ +id: change_password_oracle +name: Change password for Oracle +method: change_password +category: database +type: + - oracle diff --git a/apps/assets/playbooks/change_password/database/change_password_oracle/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/database/change_password_oracle/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_oracle/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/change_password/database/change_password_postgresql/main.yml b/apps/assets/playbooks/change_password/database/change_password_postgresql/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_postgresql/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/playbooks/change_password/database/change_password_postgresql/manifest.yml b/apps/assets/playbooks/change_password/database/change_password_postgresql/manifest.yml new file mode 100644 index 000000000..9abe184be --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_postgresql/manifest.yml @@ -0,0 +1,6 @@ +id: change_password_postgresql +name: Change password for PostgreSQL +category: database +type: + - postgresql +method: change_password diff --git a/apps/assets/playbooks/change_password/database/change_password_postgresql/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/database/change_password_postgresql/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_postgresql/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/change_password/database/change_password_sqlserver/main.yml b/apps/assets/playbooks/change_password/database/change_password_sqlserver/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_sqlserver/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/playbooks/change_password/database/change_password_sqlserver/manifest.yml b/apps/assets/playbooks/change_password/database/change_password_sqlserver/manifest.yml new file mode 100644 index 000000000..b16a24dc9 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_sqlserver/manifest.yml @@ -0,0 +1,8 @@ +id: change_password_sqlserver +name: Change password for SQLServer +version: 1 +category: database +type: + - sqlserver +method: change_password + diff --git a/apps/assets/playbooks/change_password/database/change_password_sqlserver/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/database/change_password_sqlserver/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/playbooks/change_password/database/change_password_sqlserver/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/change_password/host/change_password_aix/main.yml b/apps/assets/playbooks/change_password/host/change_password_aix/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_aix/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/playbooks/change_password/host/change_password_aix/manifest.yml b/apps/assets/playbooks/change_password/host/change_password_aix/manifest.yml new file mode 100644 index 000000000..451c10f8e --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_aix/manifest.yml @@ -0,0 +1,6 @@ +id: change_password_aix +name: Change password for AIX +category: host +type: + - aix +method: change_password diff --git a/apps/assets/playbooks/change_password/host/change_password_aix/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/host/change_password_aix/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_aix/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/change_password/host/change_password_linux/main.yml b/apps/assets/playbooks/change_password/host/change_password_linux/main.yml new file mode 100644 index 000000000..a7d0f9417 --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_linux/main.yml @@ -0,0 +1,8 @@ +- hosts: all + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password diff --git a/apps/assets/playbooks/change_password/host/change_password_linux/manifest.yml b/apps/assets/playbooks/change_password/host/change_password_linux/manifest.yml new file mode 100644 index 000000000..25183c25d --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_linux/manifest.yml @@ -0,0 +1,7 @@ +id: change_password_linux +name: Change password for Linux +category: host +type: + - unix + - linux +method: change_password diff --git a/apps/assets/playbooks/change_password/host/change_password_linux/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/host/change_password_linux/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..e0ba9c73f --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_linux/roles/change_password/tasks/main.yml @@ -0,0 +1,23 @@ +- name: Check connection + ping: + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('sha512') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/change_password/host/change_password_local_windows/main.yml b/apps/assets/playbooks/change_password/host/change_password_local_windows/main.yml new file mode 100644 index 000000000..402c7fa8d --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_local_windows/main.yml @@ -0,0 +1,10 @@ +{% for account in accounts %} +- hosts: {{ account.asset.name }} + vars: + account: + username: {{ account.username }} + password: {{ account.password }} + public_key: {{ account.public_key }} + roles: + - change_password +{% endfor %} diff --git a/apps/assets/playbooks/change_password/host/change_password_local_windows/manifest.yml b/apps/assets/playbooks/change_password/host/change_password_local_windows/manifest.yml new file mode 100644 index 000000000..7f34008e6 --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_local_windows/manifest.yml @@ -0,0 +1,7 @@ +id: change_password_local_windows +name: Change password local account for Windows +version: 1 +method: change_password +category: host +type: + - windows diff --git a/apps/assets/playbooks/change_password/host/change_password_local_windows/roles/change_password/tasks/main.yml b/apps/assets/playbooks/change_password/host/change_password_local_windows/roles/change_password/tasks/main.yml new file mode 100644 index 000000000..903cd9115 --- /dev/null +++ b/apps/assets/playbooks/change_password/host/change_password_local_windows/roles/change_password/tasks/main.yml @@ -0,0 +1,27 @@ +- name: ping + ping: + +#- name: print variables +# debug: +# msg: "Username: {{ account.username }}, Password: {{ account.password }}" + +- name: Change password + user: + name: "{{ account.username }}" + password: "{{ account.password | password_hash('des') }}" + update_password: always + when: account.password + +- name: Change public key + authorized_key: + user: "{{ account.username }}" + key: "{{ account.public_key }}" + state: present + when: account.public_key + +- name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" + ansible_ssh_connection: paramiko diff --git a/apps/assets/playbooks/host/ansible_posix_ping/main.yml b/apps/assets/playbooks/host/ansible_posix_ping/main.yml new file mode 100644 index 000000000..4ccdb3074 --- /dev/null +++ b/apps/assets/playbooks/host/ansible_posix_ping/main.yml @@ -0,0 +1,13 @@ +- hosts: centos + gather_facts: no + vars: + account: + username: web + password: test123 + + tasks: + - name: Verify password + ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" diff --git a/apps/assets/playbooks/host/ansible_posix_ping/manifest.yml b/apps/assets/playbooks/host/ansible_posix_ping/manifest.yml new file mode 100644 index 000000000..6cd223f1c --- /dev/null +++ b/apps/assets/playbooks/host/ansible_posix_ping/manifest.yml @@ -0,0 +1,10 @@ +id: ansible_posix_ping +name: Ansible posix ping +description: Ansible ping +category: host +type: + - linux + - unix + - macos + - bsd +method: verify_account diff --git a/apps/assets/playbooks/host/ansible_win_ping/main.yml b/apps/assets/playbooks/host/ansible_win_ping/main.yml new file mode 100644 index 000000000..726d04a53 --- /dev/null +++ b/apps/assets/playbooks/host/ansible_win_ping/main.yml @@ -0,0 +1,13 @@ +- hosts: centos + gather_facts: no + vars: + account: + username: web + password: test123 + + tasks: + - name: Verify password + win_ping: + vars: + ansible_user: "{{ account.username }}" + ansible_pass: "{{ account.password }}" diff --git a/apps/assets/playbooks/host/ansible_win_ping/manifest.yml b/apps/assets/playbooks/host/ansible_win_ping/manifest.yml new file mode 100644 index 000000000..fe881de3b --- /dev/null +++ b/apps/assets/playbooks/host/ansible_win_ping/manifest.yml @@ -0,0 +1,6 @@ +id: ansible_win_ping +name: Ansible win ping +category: host +type: + - windows +method: verify_account