feat: automation windows pyrdp ping (#10602)

* feat: automation windows pyrdp ping * perf: add pyfreerdp deps --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Eric <xplzv@126.com>
2023-06-07 17:28:35 +08:00 · 2023-06-07 17:28:35 +08:00 · bfd77aa1b0
parent cc57fcacce
commit bfd77aa1b0
13 changed files with 123 additions and 10 deletions
--- a/apps/accounts/automations/verify_account/custom/rdp/main.yml
+++ b/apps/accounts/automations/verify_account/custom/rdp/main.yml
--- a/apps/accounts/automations/verify_account/custom/rdp/manifest.yml
+++ b/apps/accounts/automations/verify_account/custom/rdp/manifest.yml
@ -0,0 +1,13 @@
+id: verify_account_by_rdp
+name: "{{ 'Windows rdp account verify' | trans }}"
+category:
+  - host
+type:
+  - windows
+method: verify_account
+
+i18n:
+  Windows rdp account verify:
+    zh: 使用 Python 模块 pyfreerdp 验证账号
+    ja: Python モジュール pyfreerdp を使用してアカウントを検証する
+    en: Using Python module pyfreerdp to verify account
--- a/apps/accounts/automations/verify_account/custom/ssh/main.yml
+++ b/apps/accounts/automations/verify_account/custom/ssh/main.yml
@ -0,0 +1,14 @@
+- hosts: custom
+  gather_facts: no
+  vars:
+    ansible_connection: local
+
+  tasks:
+    - name: Verify account
+      ssh_ping:
+        login_host: "{{ jms_asset.address }}"
+        login_port: "{{ jms_asset.port }}"
+        login_user: "{{ account.username }}"
+        login_password: "{{ account.secret }}"
+        login_secret_type: "{{ account.secret_type }}"
+        login_private_key_path: "{{ account.private_key_path }}"
--- a/apps/accounts/automations/verify_account/custom/ssh/manifest.yml
+++ b/apps/accounts/automations/verify_account/custom/ssh/manifest.yml
--- a/apps/ops/ansible/modules/custom_command.py
+++ b/apps/ops/ansible/modules/custom_command.py
@ -64,7 +64,7 @@ name:
 from ansible.module_utils.basic import AnsibleModule

 from ops.ansible.modules_utils.custom_common import (
-    SSHClient, ssh_common_argument_spec
+    SSHClient, common_argument_spec
 )


@ -85,7 +85,7 @@ def get_commands(module):


 def main():
-    argument_spec = ssh_common_argument_spec()
+    argument_spec = common_argument_spec()
    argument_spec.update(
        name=dict(required=True, aliases=['user']),
        password=dict(aliases=['pass'], no_log=True),
--- a/apps/ops/ansible/modules/rdp_ping.py
+++ b/apps/ops/ansible/modules/rdp_ping.py
@ -0,0 +1,86 @@
+#!/usr/bin/python
+
+from __future__ import absolute_import, division, print_function
+
+__metaclass__ = type
+
+DOCUMENTATION = '''
+---
+module: custom_rdp_ping
+short_description: Use rdp to probe whether an asset is connectable
+description:
+    - Use rdp to probe whether an asset is connectable
+'''
+
+EXAMPLES = '''
+- name: >
+    Ping asset server.
+  custom_rdp_ping:
+    login_host: 127.0.0.1
+    login_port: 3389
+    login_user: jms
+    login_password: password
+'''
+
+RETURN = '''
+is_available:
+  description: Windows server availability.
+  returned: always
+  type: bool
+  sample: true
+conn_err_msg:
+  description: Connection error message.
+  returned: always
+  type: str
+  sample: ''
+'''
+
+import pyfreerdp
+from typing import NamedTuple
+from ansible.module_utils.basic import AnsibleModule
+
+from ops.ansible.modules_utils.custom_common import (
+    common_argument_spec
+)
+
+
+# =========================================
+# Module execution.
+#
+
+class Param(NamedTuple):
+    hostname: str
+    port: int
+    username: str
+    password: str
+
+
+def main():
+    options = common_argument_spec()
+    module = AnsibleModule(argument_spec=options, supports_check_mode=True)
+    result = {'changed': False, 'is_available': False}
+
+    secret_type = module.params['login_secret_type']
+    if secret_type != 'password':
+        module.fail_json(
+            msg=f'The current ansible does not support \
+                the verification method for {secret_type} types.'
+        )
+        return module.exit_json(**result)
+
+    params = Param(
+        hostname=module.params['login_host'],
+        port=module.params['login_port'],
+        username=module.params['login_user'],
+        password=module.params['login_password']
+    )
+
+    is_available = pyfreerdp.check_connectivity(*params, '', 0)
+    result['is_available'] = is_available
+    if not is_available:
+        module.fail_json(msg='Unable to connect to asset.')
+    return module.exit_json(**result)
+
+
+if __name__ == '__main__':
+    main()
--- a/apps/ops/ansible/modules/ssh_ping.py
+++ b/apps/ops/ansible/modules/ssh_ping.py
@ -40,7 +40,7 @@ conn_err_msg:
 from ansible.module_utils.basic import AnsibleModule

 from ops.ansible.modules_utils.custom_common import (
-    SSHClient, ssh_common_argument_spec
+    SSHClient, common_argument_spec
 )


@ -50,7 +50,7 @@ from ops.ansible.modules_utils.custom_common import (


 def main():
-    options = ssh_common_argument_spec()
+    options = common_argument_spec()
    module = AnsibleModule(argument_spec=options, supports_check_mode=True,)

    result = {
--- a/apps/ops/ansible/modules_utils/custom_common.py
+++ b/apps/ops/ansible/modules_utils/custom_common.py
@ -1,11 +1,10 @@
 import time

 import paramiko
-
 from paramiko.ssh_exception import SSHException, NoValidConnectionsError


-def ssh_common_argument_spec():
+def common_argument_spec():
    options = dict(
        login_host=dict(type='str', required=False, default='localhost'),
        login_port=dict(type='int', required=False, default=22),
--- a/requirements/apk_pkg.sh
+++ b/requirements/apk_pkg.sh
@ -3,4 +3,4 @@ apk add \
    gcc make python3-dev python3 libffi-dev mariadb-dev \
    libc-dev krb5-dev openldap-dev jpeg-dev linux-headers sshpass \
    openssh-client build-base libressl libffi-dev libressl-dev \
-    libxslt-dev libxml2-dev xmlsec-dev xmlsec
+    libxslt-dev libxml2-dev xmlsec-dev xmlsec freerdp-dev
--- a/requirements/deb_pkg.sh
+++ b/requirements/deb_pkg.sh
@ -2,4 +2,4 @@
 apt install \
    g++ make iputils-ping default-libmysqlclient-dev libpq-dev \
    libffi-dev libldap2-dev libsasl2-dev openssh-client sshpass pkg-config libxml2-dev \
-    libxmlsec1-dev libxmlsec1-openssl libaio-dev freetds-dev
+    libxmlsec1-dev libxmlsec1-openssl libaio-dev freetds-dev freerdp2-dev
--- a/requirements/mac_pkg.sh
+++ b/requirements/mac_pkg.sh
@ -5,7 +5,7 @@ PROJECT_DIR=$(dirname "$BASE_DIR")
 echo "1. 安装依赖"
 brew install libtiff libjpeg webp little-cms2 openssl gettext git \
   git-lfs mysql libxml2 libxmlsec1 pkg-config postgresql freetds openssl \
-   libffi
+   libffi freerdp

 echo "2. 下载 IP 数据库"
 ip_db_path="${PROJECT_DIR}/apps/common/utils/geoip/GeoLite2-City.mmdb"
--- a/requirements/requirements.txt
+++ b/requirements/requirements.txt
@ -126,6 +126,7 @@ pyOpenSSL==22.0.0
 redis==4.5.4
 pyOpenSSL==22.0.0
 pymongo==4.2.0
+pyfreerdp==0.0.1
 # Debug
 ipython==8.10.0
 ForgeryPy3==0.3.1
--- a/requirements/rpm_pkg.sh
+++ b/requirements/rpm_pkg.sh
@ -2,4 +2,4 @@
 yum -y install \
    gcc-c++ sshpass mariadb-devel openldap-devel openssh-clients libxml2-devel \
    xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel \
-    postgresql-devel
+    postgresql-devel freerdp-devel