github
/
jumpserver
mirror of https://github.com/jumpserver/jumpserver
1
0
Fork 0
Code Issues Releases Wiki Activity

perf: 暂存修改

pull/8931/head
ibuler 2022-09-19 09:52:09 +08:00
parent a86d5c1456
commit b50d28ff9c
32 changed files with 403 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -31,7 +31,6 @@ media
celerybeat.pid celerybeat.pid
django.db django.db
celerybeat-schedule.db celerybeat-schedule.db
data/static
docs/_build/ docs/_build/
xpack xpack
xpack.bak xpack.bak

7
apps/assets/const.py
View File

@ -16,6 +16,7 @@ class PlatformMixin:
def platform_constraints(cls): def platform_constraints(cls):
return { return {
'domain_enabled': False, 'domain_enabled': False,
'url_enabled': False,
'su_enabled': False, 'su_enabled': False,
'brand_enabled': False, 'brand_enabled': False,
'ping_enabled': False, 'ping_enabled': False,
@ -88,7 +89,7 @@ class Category(PlatformMixin, ChoicesMixin, models.TextChoices):
'change_password_enabled': False, 'change_password_enabled': False,
'create_account_enabled': False, 'create_account_enabled': False,
'gather_accounts_enabled': False, 'gather_accounts_enabled': False,
'_protocols': ['http', 'https'] '_protocols': ['http']
}, },
cls.CLOUD: { cls.CLOUD: {
'domain_enabled': False, 'domain_enabled': False,
@ -168,12 +169,16 @@ class WebTypes(PlatformMixin, ChoicesMixin, models.TextChoices):
class CloudTypes(PlatformMixin, ChoicesMixin, models.TextChoices): class CloudTypes(PlatformMixin, ChoicesMixin, models.TextChoices):
K8S = 'k8s', 'Kubernetes' K8S = 'k8s', 'Kubernetes'
VSPHERE = 'vsphere', 'VMware vSphere'
@classmethod @classmethod
def platform_constraints(cls): def platform_constraints(cls):
return { return {
cls.K8S: { cls.K8S: {
'_protocols': ['k8s'] '_protocols': ['k8s']
},
cls.VSPHERE: {
'_protocols': ['vsphere']
} }
} }

11
apps/assets/models/utils.py
View File

@ -59,14 +59,17 @@ def update_internal_platforms(platform_model):
{'name': 'Redis', 'category': 'database', 'type': 'redis'}, {'name': 'Redis', 'category': 'database', 'type': 'redis'},
# 网络设备 # 网络设备
{'name': 'Generic', 'category': 'networking', 'type': 'general', 'brand': 'other'}, {'name': 'Generic', 'category': 'device', 'type': 'general', 'brand': 'other'},
{'name': 'Huawei', 'category': 'networking', 'type': 'general', 'brand': 'huawei'}, {'name': 'Huawei', 'category': 'device', 'type': 'general', 'brand': 'huawei'},
{'name': 'Cisco', 'category': 'networking', 'type': 'general', 'brand': 'cisco'}, {'name': 'Cisco', 'category': 'device', 'type': 'general', 'brand': 'cisco'},
{'name': 'H3C', 'category': 'networking', 'type': 'general', 'brand': 'h3c'}, {'name': 'H3C', 'category': 'device', 'type': 'general', 'brand': 'h3c'},
# Web # Web
{'name': 'Website', 'category': 'web', 'type': 'general'},
# Cloud # Cloud
{'name': 'Kubernetes', 'category': 'cloud', 'type': 'k8s'},
{'name': 'VMware vSphere', 'category': 'cloud', 'type': 'vsphere'},
] ]
platforms = platform_model.objects.all() platforms = platform_model.objects.all()

0
apps/assets/playbooks/base/__init__.py Normal file
View File

3
apps/assets/playbooks/generate_playbook/base.py → apps/assets/playbooks/base/generator.py
View File

@ -4,10 +4,11 @@ import shutil
from typing import List from typing import List
from django.conf import settings from django.conf import settings
from assets.models import Asset from assets.models import Asset
class BaseGeneratePlaybook: class BaseRunner:
src_filepath: str src_filepath: str
def __init__(self, assets: List[Asset], strategy): def __init__(self, assets: List[Asset], strategy):

47
apps/assets/playbooks/base/runner.py Normal file
View File

@ -0,0 +1,47 @@
import os
import tempfile
import shutil
from typing import List
from django.conf import settings
from assets.models import Asset
class BasePlaybookGenerator:
def __init__(self, assets: list[Asset], strategy, ansible_connection='ssh'):
self.assets = assets
self.strategy = strategy
self.playbook_dir = self.temp_folder_path()
def generate(self):
self.prepare_playbook_dir()
self.generate_inventory()
self.generate_playbook()
def prepare_playbook_dir(self):
pass
def generate_inventory(self):
pass
def generate_playbook(self):
pass
@property
def base_dir(self):
tmp_dir = os.path.join(settings.PROJECT_DIR, 'tmp')
path = os.path.join(tmp_dir, self.strategy)
return path
def temp_folder_path(self):
return tempfile.mkdtemp(dir=self.base_dir)
def del_temp_folder(self):
shutil.rmtree(self.playbook_dir)
def generate_temp_playbook(self):
src = self.src_filepath
dst = os.path.join(self.temp_folder, self.strategy)
shutil.copytree(src, dst)
return dst

0
apps/assets/playbooks/change_password/__init__.py Normal file
View File

10
apps/assets/playbooks/change_password/database/change_password_mysql/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

6
apps/assets/playbooks/change_password/database/change_password_mysql/manifest.yml Normal file
View File

@ -0,0 +1,6 @@
id: change_password_mysql
name: Change password for MySQL
category: database
type:
- mysql
method: change_password

27
apps/assets/playbooks/change_password/database/change_password_mysql/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

10
apps/assets/playbooks/change_password/database/change_password_oracle/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

6
apps/assets/playbooks/change_password/database/change_password_oracle/manifest.yml Normal file
View File

@ -0,0 +1,6 @@
id: change_password_oracle
name: Change password for Oracle
method: change_password
category: database
type:
- oracle

27
apps/assets/playbooks/change_password/database/change_password_oracle/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

10
apps/assets/playbooks/change_password/database/change_password_postgresql/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

6
apps/assets/playbooks/change_password/database/change_password_postgresql/manifest.yml Normal file
View File

@ -0,0 +1,6 @@
id: change_password_postgresql
name: Change password for PostgreSQL
category: database
type:
- postgresql
method: change_password

27
apps/assets/playbooks/change_password/database/change_password_postgresql/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

10
apps/assets/playbooks/change_password/database/change_password_sqlserver/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

8
apps/assets/playbooks/change_password/database/change_password_sqlserver/manifest.yml Normal file
View File

@ -0,0 +1,8 @@
id: change_password_sqlserver
name: Change password for SQLServer
version: 1
category: database
type:
- sqlserver
method: change_password

27
apps/assets/playbooks/change_password/database/change_password_sqlserver/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

10
apps/assets/playbooks/change_password/host/change_password_aix/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

6
apps/assets/playbooks/change_password/host/change_password_aix/manifest.yml Normal file
View File

@ -0,0 +1,6 @@
id: change_password_aix
name: Change password for AIX
category: host
type:
- aix
method: change_password

27
apps/assets/playbooks/change_password/host/change_password_aix/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

8
apps/assets/playbooks/change_password/host/change_password_linux/main.yml Normal file
View File

@ -0,0 +1,8 @@
- hosts: all
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password

7
apps/assets/playbooks/change_password/host/change_password_linux/manifest.yml Normal file
View File

@ -0,0 +1,7 @@
id: change_password_linux
name: Change password for Linux
category: host
type:
- unix
- linux
method: change_password

23
apps/assets/playbooks/change_password/host/change_password_linux/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,23 @@
- name: Check connection
ping:
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('sha512') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

10
apps/assets/playbooks/change_password/host/change_password_local_windows/main.yml Normal file
View File

@ -0,0 +1,10 @@
{% for account in accounts %}
- hosts: {{ account.asset.name }}
vars:
account:
username: {{ account.username }}
password: {{ account.password }}
public_key: {{ account.public_key }}
roles:
- change_password
{% endfor %}

7
apps/assets/playbooks/change_password/host/change_password_local_windows/manifest.yml Normal file
View File

@ -0,0 +1,7 @@
id: change_password_local_windows
name: Change password local account for Windows
version: 1
method: change_password
category: host
type:
- windows

27
apps/assets/playbooks/change_password/host/change_password_local_windows/roles/change_password/tasks/main.yml Normal file
View File

@ -0,0 +1,27 @@
- name: ping
ping:
#- name: print variables
# debug:
# msg: "Username: {{ account.username }}, Password: {{ account.password }}"
- name: Change password
user:
name: "{{ account.username }}"
password: "{{ account.password | password_hash('des') }}"
update_password: always
when: account.password
- name: Change public key
authorized_key:
user: "{{ account.username }}"
key: "{{ account.public_key }}"
state: present
when: account.public_key
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"
ansible_ssh_connection: paramiko

13
apps/assets/playbooks/host/ansible_posix_ping/main.yml Normal file
View File

@ -0,0 +1,13 @@
- hosts: centos
gather_facts: no
vars:
account:
username: web
password: test123
tasks:
- name: Verify password
ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"

10
apps/assets/playbooks/host/ansible_posix_ping/manifest.yml Normal file
View File

@ -0,0 +1,10 @@
id: ansible_posix_ping
name: Ansible posix ping
description: Ansible ping
category: host
type:
- linux
- unix
- macos
- bsd
method: verify_account

13
apps/assets/playbooks/host/ansible_win_ping/main.yml Normal file
View File

@ -0,0 +1,13 @@
- hosts: centos
gather_facts: no
vars:
account:
username: web
password: test123
tasks:
- name: Verify password
win_ping:
vars:
ansible_user: "{{ account.username }}"
ansible_pass: "{{ account.password }}"

6
apps/assets/playbooks/host/ansible_win_ping/manifest.yml Normal file
View File

@ -0,0 +1,6 @@
id: ansible_win_ping
name: Ansible win ping
category: host
type:
- windows
method: verify_account