From c66b1db784955e11760efc7fde3744c4f4259d01 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 20 Dec 2023 16:02:13 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E8=87=AA=E5=8A=A8=E5=8C=96=E4=BB=BB?= =?UTF-8?q?=E5=8A=A1=E7=BD=91=E5=85=B3=E8=BF=9E=E6=8E=A5=E6=95=B0=20?= =?UTF-8?q?=E8=87=AA=E5=AE=9A=E4=B9=89ansible=20rdp=20=E6=B5=8B=E8=AF=95?= =?UTF-8?q?=E5=8F=AF=E8=BF=9E=E6=8E=A5=E6=80=A7=E7=AB=AF=E5=8F=A3=E9=94=99?= =?UTF-8?q?=E8=AF=AF=20(#12373)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: feng <1304903146@qq.com> --- .../change_secret/custom/ssh/main.yml | 7 +++-- .../change_secret/custom/ssh/manifest.yml | 1 + .../verify_account/custom/rdp/main.yml | 2 +- .../verify_account/custom/rdp/manifest.yml | 1 + .../verify_account/custom/ssh/main.yml | 2 +- .../verify_account/custom/ssh/manifest.yml | 1 + apps/assets/automations/base/manager.py | 26 ++++++++++++------- .../automations/ping/custom/rdp/main.yml | 2 +- .../automations/ping/custom/rdp/manifest.yml | 2 ++ .../automations/ping/custom/ssh/main.yml | 2 +- .../automations/ping/custom/ssh/manifest.yml | 2 ++ apps/ops/ansible/inventory.py | 14 ++++++---- 12 files changed, 39 insertions(+), 23 deletions(-) diff --git a/apps/accounts/automations/change_secret/custom/ssh/main.yml b/apps/accounts/automations/change_secret/custom/ssh/main.yml index c4381b730..8ff38475f 100644 --- a/apps/accounts/automations/change_secret/custom/ssh/main.yml +++ b/apps/accounts/automations/change_secret/custom/ssh/main.yml @@ -1,7 +1,6 @@ - hosts: custom gather_facts: no vars: - asset_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}" ansible_connection: local ansible_become: false @@ -9,7 +8,7 @@ - name: Test privileged account (paramiko) ssh_ping: login_host: "{{ jms_asset.address }}" - login_port: "{{ asset_port }}" + login_port: "{{ jms_asset.port }}" login_user: "{{ jms_account.username }}" login_password: "{{ jms_account.secret }}" login_secret_type: "{{ jms_account.secret_type }}" @@ -27,7 +26,7 @@ login_user: "{{ jms_account.username }}" login_password: "{{ jms_account.secret }}" login_host: "{{ jms_asset.address }}" - login_port: "{{ asset_port }}" + login_port: "{{ jms_asset.port }}" login_secret_type: "{{ jms_account.secret_type }}" login_private_key_path: "{{ jms_account.private_key_path }}" become: "{{ custom_become | default(False) }}" @@ -49,7 +48,7 @@ login_user: "{{ account.username }}" login_password: "{{ account.secret }}" login_host: "{{ jms_asset.address }}" - login_port: "{{ asset_port }}" + login_port: "{{ jms_asset.port }}" become: "{{ account.become.ansible_become | default(False) }}" become_method: su become_user: "{{ account.become.ansible_user | default('') }}" diff --git a/apps/accounts/automations/change_secret/custom/ssh/manifest.yml b/apps/accounts/automations/change_secret/custom/ssh/manifest.yml index be0248d68..7d3d0edde 100644 --- a/apps/accounts/automations/change_secret/custom/ssh/manifest.yml +++ b/apps/accounts/automations/change_secret/custom/ssh/manifest.yml @@ -6,6 +6,7 @@ category: type: - all method: change_secret +protocol: ssh params: - name: commands type: list diff --git a/apps/accounts/automations/verify_account/custom/rdp/main.yml b/apps/accounts/automations/verify_account/custom/rdp/main.yml index 017f4bab3..b0c7cbe4f 100644 --- a/apps/accounts/automations/verify_account/custom/rdp/main.yml +++ b/apps/accounts/automations/verify_account/custom/rdp/main.yml @@ -8,7 +8,7 @@ - name: Verify account (pyfreerdp) rdp_ping: login_host: "{{ jms_asset.address }}" - login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'rdp') | map(attribute='port') | first }}" + login_port: "{{ jms_asset.port }}" login_user: "{{ account.username }}" login_password: "{{ account.secret }}" login_secret_type: "{{ account.secret_type }}" diff --git a/apps/accounts/automations/verify_account/custom/rdp/manifest.yml b/apps/accounts/automations/verify_account/custom/rdp/manifest.yml index 1d68afbac..e4b034366 100644 --- a/apps/accounts/automations/verify_account/custom/rdp/manifest.yml +++ b/apps/accounts/automations/verify_account/custom/rdp/manifest.yml @@ -5,6 +5,7 @@ category: type: - windows method: verify_account +protocol: rdp i18n: Windows rdp account verify: diff --git a/apps/accounts/automations/verify_account/custom/ssh/main.yml b/apps/accounts/automations/verify_account/custom/ssh/main.yml index 4519fc3ad..05be21f0c 100644 --- a/apps/accounts/automations/verify_account/custom/ssh/main.yml +++ b/apps/accounts/automations/verify_account/custom/ssh/main.yml @@ -9,7 +9,7 @@ - name: Verify account (paramiko) ssh_ping: login_host: "{{ jms_asset.address }}" - login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}" + login_port: "{{ jms_asset.port }}" login_user: "{{ account.username }}" login_password: "{{ account.secret }}" login_secret_type: "{{ account.secret_type }}" diff --git a/apps/accounts/automations/verify_account/custom/ssh/manifest.yml b/apps/accounts/automations/verify_account/custom/ssh/manifest.yml index 12d495d01..bebc02c7f 100644 --- a/apps/accounts/automations/verify_account/custom/ssh/manifest.yml +++ b/apps/accounts/automations/verify_account/custom/ssh/manifest.yml @@ -6,6 +6,7 @@ category: type: - all method: verify_account +protocol: ssh i18n: SSH account verify: diff --git a/apps/assets/automations/base/manager.py b/apps/assets/automations/base/manager.py index 4ebed3118..2a74243d0 100644 --- a/apps/assets/automations/base/manager.py +++ b/apps/assets/automations/base/manager.py @@ -53,8 +53,9 @@ class SSHTunnelManager: print(f'\033[31m {err_msg} 原因: {e} \033[0m\n') not_valid.append(k) else: + local_bind_port = server.local_bind_port host['ansible_host'] = jms_asset['address'] = host['login_host'] = '127.0.0.1' - host['ansible_port'] = jms_asset['port'] = host['login_port'] = server.local_bind_port + host['ansible_port'] = jms_asset['port'] = host['login_port'] = local_bind_port servers.append(server) # 网域不可连接的,就不继续执行此资源的后续任务了 @@ -211,22 +212,19 @@ class BasePlaybookManager: os.chmod(key_path, 0o400) return key_path - def generate_inventory(self, platformed_assets, inventory_path): + def generate_inventory(self, platformed_assets, inventory_path, protocol): inventory = JMSInventory( assets=platformed_assets, account_prefer=self.ansible_account_prefer, account_policy=self.ansible_account_policy, host_callback=self.host_callback, task_type=self.__class__.method_type(), + protocol=protocol, ) inventory.write_to_file(inventory_path) - def generate_playbook(self, platformed_assets, platform, sub_playbook_dir): - method_id = getattr(platform.automation, '{}_method'.format(self.__class__.method_type())) - method = self.method_id_meta_mapper.get(method_id) - if not method: - logger.error("Method not found: {}".format(method_id)) - return + @staticmethod + def generate_playbook(method, sub_playbook_dir): method_playbook_dir_path = method['dir'] sub_playbook_path = os.path.join(sub_playbook_dir, 'project', 'main.yml') shutil.copytree(method_playbook_dir_path, os.path.dirname(sub_playbook_path)) @@ -258,8 +256,16 @@ class BasePlaybookManager: sub_dir = '{}_{}'.format(platform.name, i) playbook_dir = os.path.join(self.runtime_dir, sub_dir) inventory_path = os.path.join(self.runtime_dir, sub_dir, 'hosts.json') - self.generate_inventory(_assets, inventory_path) - playbook_path = self.generate_playbook(_assets, platform, playbook_dir) + + method_id = getattr(platform.automation, '{}_method'.format(self.__class__.method_type())) + method = self.method_id_meta_mapper.get(method_id) + + if not method: + logger.error("Method not found: {}".format(method_id)) + continue + protocol = method.get('protocol') + self.generate_inventory(_assets, inventory_path, protocol) + playbook_path = self.generate_playbook(method, playbook_dir) if not playbook_path: continue diff --git a/apps/assets/automations/ping/custom/rdp/main.yml b/apps/assets/automations/ping/custom/rdp/main.yml index a68670998..75e40c027 100644 --- a/apps/assets/automations/ping/custom/rdp/main.yml +++ b/apps/assets/automations/ping/custom/rdp/main.yml @@ -10,6 +10,6 @@ login_user: "{{ jms_account.username }}" login_password: "{{ jms_account.secret }}" login_host: "{{ jms_asset.address }}" - login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'rdp') | map(attribute='port') | first }}" + login_port: "{{ jms_asset.port }}" login_secret_type: "{{ jms_account.secret_type }}" login_private_key_path: "{{ jms_account.private_key_path }}" diff --git a/apps/assets/automations/ping/custom/rdp/manifest.yml b/apps/assets/automations/ping/custom/rdp/manifest.yml index ab5846100..b8346c3f2 100644 --- a/apps/assets/automations/ping/custom/rdp/manifest.yml +++ b/apps/assets/automations/ping/custom/rdp/manifest.yml @@ -6,6 +6,8 @@ category: type: - windows method: ping +protocol: rdp + i18n: Ping by pyfreerdp: zh: '使用 Python 模块 pyfreerdp 测试主机可连接性' diff --git a/apps/assets/automations/ping/custom/ssh/main.yml b/apps/assets/automations/ping/custom/ssh/main.yml index 925d3f2e1..b974425be 100644 --- a/apps/assets/automations/ping/custom/ssh/main.yml +++ b/apps/assets/automations/ping/custom/ssh/main.yml @@ -11,7 +11,7 @@ login_user: "{{ jms_account.username }}" login_password: "{{ jms_account.secret }}" login_host: "{{ jms_asset.address }}" - login_port: "{{ jms_asset.protocols | selectattr('name', 'equalto', 'ssh') | map(attribute='port') | first }}" + login_port: "{{ jms_asset.port }}" login_secret_type: "{{ jms_account.secret_type }}" login_private_key_path: "{{ jms_account.private_key_path }}" become: "{{ custom_become | default(False) }}" diff --git a/apps/assets/automations/ping/custom/ssh/manifest.yml b/apps/assets/automations/ping/custom/ssh/manifest.yml index 95bb85d60..7a7068108 100644 --- a/apps/assets/automations/ping/custom/ssh/manifest.yml +++ b/apps/assets/automations/ping/custom/ssh/manifest.yml @@ -6,6 +6,8 @@ category: type: - all method: ping +protocol: ssh + i18n: Ping by paramiko: zh: '使用 Python 模块 paramiko 测试主机可连接性' diff --git a/apps/ops/ansible/inventory.py b/apps/ops/ansible/inventory.py index a6efc34c0..0dfa0b575 100644 --- a/apps/ops/ansible/inventory.py +++ b/apps/ops/ansible/inventory.py @@ -13,7 +13,7 @@ class JMSInventory: def __init__( self, assets, account_policy='privileged_first', account_prefer='root,Administrator', host_callback=None, - exclude_localhost=False, task_type=None + exclude_localhost=False, task_type=None, protocol=None ): """ :param assets: @@ -27,6 +27,7 @@ class JMSInventory: self.exclude_hosts = {} self.exclude_localhost = exclude_localhost self.task_type = task_type + self.protocol = protocol @staticmethod def clean_assets(assets): @@ -116,7 +117,7 @@ class JMSInventory: if gateway: ansible_connection = host.get('ansible_connection', 'ssh') - if ansible_connection in ('local', 'winrm'): + if ansible_connection in ('local', 'winrm', 'rdp'): host['gateway'] = { 'address': gateway.address, 'port': gateway.port, 'username': gateway.username, 'secret': gateway.password, @@ -128,19 +129,20 @@ class JMSInventory: host['jms_asset'].update(ansible_ssh_common_args) host.update(ansible_ssh_common_args) - @staticmethod - def get_primary_protocol(ansible_config, protocols): + def get_primary_protocol(self, ansible_config, protocols): invalid_protocol = type('protocol', (), {'name': 'null', 'port': 0}) ansible_connection = ansible_config.get('ansible_connection') # 数值越小,优先级越高,若用户在 ansible_config 中配置了,则提高用户配置方式的优先级 protocol_priority = {'ssh': 10, 'winrm': 9, ansible_connection: 1} + if self.protocol: + protocol_priority.update({self.protocol: 0}) protocol_sorted = sorted(protocols, key=lambda x: protocol_priority.get(x.name, 999)) protocol = protocol_sorted[0] if protocol_sorted else invalid_protocol return protocol @staticmethod def fill_ansible_config(ansible_config, protocol): - if protocol.name in ('ssh', 'winrm'): + if protocol.name in ('ssh', 'winrm', 'rdp'): ansible_config['ansible_connection'] = protocol.name if protocol.name == 'winrm': if protocol.setting.get('use_ssl', False): @@ -179,6 +181,8 @@ class JMSInventory: } if account else None } + protocols = host['jms_asset']['protocols'] + host['jms_asset'].update({f"{p['name']}_port": p['port'] for p in protocols}) if host['jms_account'] and tp == 'oracle': host['jms_account']['mode'] = 'sysdba' if account.privileged else None