fix: 自动化任务网关连接数 自定义ansible rdp 测试可连接性端口错误 (#12373)

Co-authored-by: feng <1304903146@qq.com>

apps/accounts/automations/change_secret/custom/ssh/main.yml

@@ -1,7 +1,6 @@
 - hosts: custom
   gather_facts: no
   vars:
-    asset_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}"
     ansible_connection: local
     ansible_become: false
 
@@ -9,7 +8,7 @@
     - name: Test privileged account (paramiko)
       ssh_ping:
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ asset_port }}"
+        login_port: "{{ jms_asset.port }}"
         login_user: "{{ jms_account.username }}"
         login_password: "{{ jms_account.secret }}"
         login_secret_type: "{{ jms_account.secret_type }}"
@@ -27,7 +26,7 @@
         login_user: "{{ jms_account.username }}"
         login_password: "{{ jms_account.secret }}"
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ asset_port }}"
+        login_port: "{{ jms_asset.port }}"
         login_secret_type: "{{ jms_account.secret_type }}"
         login_private_key_path: "{{ jms_account.private_key_path }}"
         become: "{{ custom_become | default(False) }}"
@@ -49,7 +48,7 @@
         login_user: "{{ account.username }}"
         login_password: "{{ account.secret }}"
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ asset_port }}"
+        login_port: "{{ jms_asset.port }}"
         become: "{{ account.become.ansible_become | default(False) }}"
         become_method: su
         become_user: "{{ account.become.ansible_user | default('') }}"

apps/accounts/automations/change_secret/custom/ssh/manifest.yml

@@ -6,6 +6,7 @@ category:
 type:
   - all
 method: change_secret
+protocol: ssh
 params:
   - name: commands
     type: list

apps/accounts/automations/verify_account/custom/rdp/main.yml

@@ -8,7 +8,7 @@
     - name: Verify account (pyfreerdp)
       rdp_ping:
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'rdp') | map(attribute='port') | first }}"
+        login_port: "{{ jms_asset.port }}"
         login_user: "{{ account.username }}"
         login_password: "{{ account.secret }}"
         login_secret_type: "{{ account.secret_type }}"

apps/accounts/automations/verify_account/custom/rdp/manifest.yml

@@ -5,6 +5,7 @@ category:
 type:
   - windows
 method: verify_account
+protocol: rdp
 
 i18n:
   Windows rdp account verify:

apps/accounts/automations/verify_account/custom/ssh/main.yml

@@ -9,7 +9,7 @@
     - name: Verify account (paramiko)
       ssh_ping:
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}"
+        login_port: "{{ jms_asset.port }}"
         login_user: "{{ account.username }}"
         login_password: "{{ account.secret }}"
         login_secret_type: "{{ account.secret_type }}"

apps/accounts/automations/verify_account/custom/ssh/manifest.yml

@@ -6,6 +6,7 @@ category:
 type:
   - all
 method: verify_account
+protocol: ssh
 
 i18n:
   SSH account verify:

apps/assets/automations/base/manager.py

@@ -53,8 +53,9 @@ class SSHTunnelManager:
                 print(f'\033[31m {err_msg} 原因: {e} \033[0m\n')
                 not_valid.append(k)
             else:
+                local_bind_port = server.local_bind_port
                 host['ansible_host'] = jms_asset['address'] = host['login_host'] = '127.0.0.1'
-                host['ansible_port'] = jms_asset['port'] = host['login_port'] = server.local_bind_port
+                host['ansible_port'] = jms_asset['port'] = host['login_port'] = local_bind_port
                 servers.append(server)
 
         # 网域不可连接的，就不继续执行此资源的后续任务了
@@ -211,22 +212,19 @@ class BasePlaybookManager:
             os.chmod(key_path, 0o400)
         return key_path
 
-    def generate_inventory(self, platformed_assets, inventory_path):
+    def generate_inventory(self, platformed_assets, inventory_path, protocol):
         inventory = JMSInventory(
             assets=platformed_assets,
             account_prefer=self.ansible_account_prefer,
             account_policy=self.ansible_account_policy,
             host_callback=self.host_callback,
             task_type=self.__class__.method_type(),
+            protocol=protocol,
         )
         inventory.write_to_file(inventory_path)
 
-    def generate_playbook(self, platformed_assets, platform, sub_playbook_dir):
-        method_id = getattr(platform.automation, '{}_method'.format(self.__class__.method_type()))
-        method = self.method_id_meta_mapper.get(method_id)
-        if not method:
-            logger.error("Method not found: {}".format(method_id))
-            return
+    @staticmethod
+    def generate_playbook(method, sub_playbook_dir):
         method_playbook_dir_path = method['dir']
         sub_playbook_path = os.path.join(sub_playbook_dir, 'project', 'main.yml')
         shutil.copytree(method_playbook_dir_path, os.path.dirname(sub_playbook_path))
@@ -258,8 +256,16 @@ class BasePlaybookManager:
                 sub_dir = '{}_{}'.format(platform.name, i)
                 playbook_dir = os.path.join(self.runtime_dir, sub_dir)
                 inventory_path = os.path.join(self.runtime_dir, sub_dir, 'hosts.json')
-                self.generate_inventory(_assets, inventory_path)
-                playbook_path = self.generate_playbook(_assets, platform, playbook_dir)
+
+                method_id = getattr(platform.automation, '{}_method'.format(self.__class__.method_type()))
+                method = self.method_id_meta_mapper.get(method_id)
+
+                if not method:
+                    logger.error("Method not found: {}".format(method_id))
+                    continue
+                protocol = method.get('protocol')
+                self.generate_inventory(_assets, inventory_path, protocol)
+                playbook_path = self.generate_playbook(method, playbook_dir)
                 if not playbook_path:
                     continue
 

apps/assets/automations/ping/custom/rdp/main.yml

@@ -10,6 +10,6 @@
         login_user: "{{ jms_account.username }}"
         login_password: "{{ jms_account.secret }}"
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'rdp') | map(attribute='port') | first }}"
+        login_port: "{{ jms_asset.port }}"
         login_secret_type: "{{ jms_account.secret_type }}"
         login_private_key_path: "{{ jms_account.private_key_path }}"

apps/assets/automations/ping/custom/rdp/manifest.yml

@@ -6,6 +6,8 @@ category:
 type:
   - windows
 method: ping
+protocol: rdp
+
 i18n:
   Ping by pyfreerdp:
     zh: '使用 Python 模块 pyfreerdp 测试主机可连接性'

apps/assets/automations/ping/custom/ssh/main.yml

@@ -11,7 +11,7 @@
         login_user: "{{ jms_account.username }}"
         login_password: "{{ jms_account.secret }}"
         login_host: "{{ jms_asset.address }}"
-        login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}"
+        login_port: "{{ jms_asset.port }}"
         login_secret_type: "{{ jms_account.secret_type }}"
         login_private_key_path: "{{ jms_account.private_key_path }}"
         become: "{{ custom_become | default(False) }}"

apps/assets/automations/ping/custom/ssh/manifest.yml

@@ -6,6 +6,8 @@ category:
 type:
   - all
 method: ping
+protocol: ssh
+
 i18n:
   Ping by paramiko:
     zh: '使用 Python 模块 paramiko 测试主机可连接性'

apps/ops/ansible/inventory.py

@@ -13,7 +13,7 @@ class JMSInventory:
     def __init__(
             self, assets, account_policy='privileged_first',
             account_prefer='root,Administrator', host_callback=None,
-            exclude_localhost=False, task_type=None
+            exclude_localhost=False, task_type=None, protocol=None
     ):
         """
         :param assets:
@@ -27,6 +27,7 @@ class JMSInventory:
         self.exclude_hosts = {}
         self.exclude_localhost = exclude_localhost
         self.task_type = task_type
+        self.protocol = protocol
 
     @staticmethod
     def clean_assets(assets):
@@ -116,7 +117,7 @@ class JMSInventory:
 
         if gateway:
             ansible_connection = host.get('ansible_connection', 'ssh')
-            if ansible_connection in ('local', 'winrm'):
+            if ansible_connection in ('local', 'winrm', 'rdp'):
                 host['gateway'] = {
                     'address': gateway.address, 'port': gateway.port,
                     'username': gateway.username, 'secret': gateway.password,
@@ -128,19 +129,20 @@ class JMSInventory:
                 host['jms_asset'].update(ansible_ssh_common_args)
                 host.update(ansible_ssh_common_args)
 
-    @staticmethod
-    def get_primary_protocol(ansible_config, protocols):
+    def get_primary_protocol(self, ansible_config, protocols):
         invalid_protocol = type('protocol', (), {'name': 'null', 'port': 0})
         ansible_connection = ansible_config.get('ansible_connection')
         # 数值越小，优先级越高，若用户在 ansible_config 中配置了，则提高用户配置方式的优先级
         protocol_priority = {'ssh': 10, 'winrm': 9, ansible_connection: 1}
+        if self.protocol:
+            protocol_priority.update({self.protocol: 0})
         protocol_sorted = sorted(protocols, key=lambda x: protocol_priority.get(x.name, 999))
         protocol = protocol_sorted[0] if protocol_sorted else invalid_protocol
         return protocol
 
     @staticmethod
     def fill_ansible_config(ansible_config, protocol):
-        if protocol.name in ('ssh', 'winrm'):
+        if protocol.name in ('ssh', 'winrm', 'rdp'):
             ansible_config['ansible_connection'] = protocol.name
         if protocol.name == 'winrm':
             if protocol.setting.get('use_ssl', False):
@@ -179,6 +181,8 @@ class JMSInventory:
             } if account else None
         }
 
+        protocols = host['jms_asset']['protocols']
+        host['jms_asset'].update({f"{p['name']}_port": p['port'] for p in protocols})
         if host['jms_account'] and tp == 'oracle':
             host['jms_account']['mode'] = 'sysdba' if account.privileged else None