mirror of https://github.com/jumpserver/jumpserver
fit2bot
GitHub
parent
ae5d4257ad
commit
ef2b7b464e
|
|
@ -47,4 +47,8 @@
|
|||
login_password: "{{ account.secret }}"
|
||||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
become: false
|
||||
become: "{{ account.become.ansible_become | default(False) }}"
|
||||
become_method: su
|
||||
become_user: "{{ account.become.ansible_user | default('') }}"
|
||||
become_password: "{{ account.become.ansible_password | default('') }}"
|
||||
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
||||
|
|
|
|||
|
|
@ -80,7 +80,11 @@
|
|||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
become: "{{ account.become.ansible_become | default(False) }}"
|
||||
become_method: su
|
||||
become_user: "{{ account.become.ansible_user | default('') }}"
|
||||
become_password: "{{ account.become.ansible_password | default('') }}"
|
||||
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
||||
when: account.secret_type == "password"
|
||||
delegate_to: localhost
|
||||
|
||||
|
|
@ -91,6 +95,5 @@
|
|||
login_user: "{{ account.username }}"
|
||||
login_private_key_path: "{{ account.private_key_path }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
when: account.secret_type == "ssh_key"
|
||||
delegate_to: localhost
|
||||
|
|
|
|||
|
|
@ -80,7 +80,11 @@
|
|||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
become: "{{ account.become.ansible_become | default(False) }}"
|
||||
become_method: su
|
||||
become_user: "{{ account.become.ansible_user | default('') }}"
|
||||
become_password: "{{ account.become.ansible_password | default('') }}"
|
||||
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
||||
when: account.secret_type == "password"
|
||||
delegate_to: localhost
|
||||
|
||||
|
|
@ -91,6 +95,5 @@
|
|||
login_user: "{{ account.username }}"
|
||||
login_private_key_path: "{{ account.private_key_path }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
when: account.secret_type == "ssh_key"
|
||||
delegate_to: localhost
|
||||
|
|
|
|||
|
|
@ -80,7 +80,11 @@
|
|||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
become: "{{ account.become.ansible_become | default(False) }}"
|
||||
become_method: su
|
||||
become_user: "{{ account.become.ansible_user | default('') }}"
|
||||
become_password: "{{ account.become.ansible_password | default('') }}"
|
||||
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
||||
when: account.secret_type == "password"
|
||||
delegate_to: localhost
|
||||
|
||||
|
|
@ -91,7 +95,6 @@
|
|||
login_user: "{{ account.username }}"
|
||||
login_private_key_path: "{{ account.private_key_path }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
when: account.secret_type == "ssh_key"
|
||||
delegate_to: localhost
|
||||
|
||||
|
|
|
|||
|
|
@ -80,7 +80,11 @@
|
|||
login_host: "{{ jms_asset.address }}"
|
||||
login_port: "{{ jms_asset.port }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
become: "{{ account.become.ansible_become | default(False) }}"
|
||||
become_method: su
|
||||
become_user: "{{ account.become.ansible_user | default('') }}"
|
||||
become_password: "{{ account.become.ansible_password | default('') }}"
|
||||
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
||||
when: account.secret_type == "password"
|
||||
delegate_to: localhost
|
||||
|
||||
|
|
@ -91,7 +95,6 @@
|
|||
login_user: "{{ account.username }}"
|
||||
login_private_key_path: "{{ account.private_key_path }}"
|
||||
gateway_args: "{{ jms_asset.ansible_ssh_common_args | default('') }}"
|
||||
become: false
|
||||
when: account.secret_type == "ssh_key"
|
||||
delegate_to: localhost
|
||||
|
||||
|
|
|
|||
|
|
@ -13,8 +13,8 @@
|
|||
login_password: "{{ account.secret }}"
|
||||
login_secret_type: "{{ account.secret_type }}"
|
||||
login_private_key_path: "{{ account.private_key_path }}"
|
||||
become: "{{ custom_become | default(False) }}"
|
||||
become_method: "{{ custom_become_method | default('su') }}"
|
||||
become_user: "{{ custom_become_user | default('') }}"
|
||||
become_password: "{{ custom_become_password | default('') }}"
|
||||
become_private_key_path: "{{ custom_become_private_key_path | default(None) }}"
|
||||
become: "{{ account.become.ansible_become | default(False) }}"
|
||||
become_method: "{{ account.become.ansible_become_method | default('su') }}"
|
||||
become_user: "{{ account.become.ansible_user | default('') }}"
|
||||
become_password: "{{ account.become.ansible_password | default('') }}"
|
||||
become_private_key_path: "{{ account.become.ansible_ssh_private_key_file | default(None) }}"
|
||||
|
|
|
|||
|
|
@ -1,11 +1,23 @@
|
|||
- hosts: demo
|
||||
gather_facts: no
|
||||
tasks:
|
||||
- name: Verify account connectivity
|
||||
become: no
|
||||
- name: Verify account connectivity(Do not switch)
|
||||
ansible.builtin.ping:
|
||||
vars:
|
||||
ansible_become: no
|
||||
ansible_user: "{{ account.username }}"
|
||||
ansible_password: "{{ account.secret }}"
|
||||
ansible_ssh_private_key_file: "{{ account.private_key_path }}"
|
||||
when: not account.become.ansible_become
|
||||
|
||||
- name: Verify account connectivity(Switch)
|
||||
ansible.builtin.ping:
|
||||
vars:
|
||||
ansible_become: yes
|
||||
ansible_user: "{{ account.become.ansible_user }}"
|
||||
ansible_password: "{{ account.become.ansible_password }}"
|
||||
ansible_ssh_private_key_file: "{{ account.become.ansible_ssh_private_key_file }}"
|
||||
ansible_become_method: "{{ account.become.ansible_become_method }}"
|
||||
ansible_become_user: "{{ account.become.ansible_become_user }}"
|
||||
ansible_become_password: "{{ account.become.ansible_become_password }}"
|
||||
when: account.become.ansible_become
|
||||
|
|
|
|||
|
|
@ -42,7 +42,6 @@ class VerifyAccountManager(AccountBasePlaybookManager):
|
|||
if host.get('error'):
|
||||
return host
|
||||
|
||||
# host['ssh_args'] = '-o ControlMaster=no -o ControlPersist=no'
|
||||
accounts = asset.accounts.all()
|
||||
accounts = self.get_accounts(account, accounts)
|
||||
inventory_hosts = []
|
||||
|
|
@ -64,7 +63,8 @@ class VerifyAccountManager(AccountBasePlaybookManager):
|
|||
'username': account.username,
|
||||
'secret_type': account.secret_type,
|
||||
'secret': secret,
|
||||
'private_key_path': private_key_path
|
||||
'private_key_path': private_key_path,
|
||||
'become': account.get_ansible_become_auth(),
|
||||
}
|
||||
if account.platform.type == 'oracle':
|
||||
h['account']['mode'] = 'sysdba' if account.privileged else None
|
||||
|
|
|
|||
|
|
@ -95,6 +95,33 @@ class Account(AbsConnectivity, BaseAccount):
|
|||
""" 排除自己和以自己为 su-from 的账号 """
|
||||
return self.asset.accounts.exclude(id=self.id).exclude(su_from=self)
|
||||
|
||||
@staticmethod
|
||||
def make_account_ansible_vars(su_from):
|
||||
var = {
|
||||
'ansible_user': su_from.username,
|
||||
}
|
||||
if not su_from.secret:
|
||||
return var
|
||||
var['ansible_password'] = su_from.secret
|
||||
var['ansible_ssh_private_key_file'] = su_from.private_key_path
|
||||
return var
|
||||
|
||||
def get_ansible_become_auth(self):
|
||||
su_from = self.su_from
|
||||
platform = self.platform
|
||||
auth = {'ansible_become': False}
|
||||
if not (platform.su_enabled and su_from):
|
||||
return auth
|
||||
|
||||
auth.update(self.make_account_ansible_vars(su_from))
|
||||
become_method = 'sudo' if platform.su_method != 'su' else 'su'
|
||||
password = su_from.secret if become_method == 'sudo' else self.secret
|
||||
auth['ansible_become'] = True
|
||||
auth['ansible_become_method'] = become_method
|
||||
auth['ansible_become_user'] = self.username
|
||||
auth['ansible_become_password'] = password
|
||||
return auth
|
||||
|
||||
|
||||
def replace_history_model_with_mixin():
|
||||
"""
|
||||
|
|
|
|||
|
|
@ -77,9 +77,11 @@ class JMSInventory:
|
|||
return var
|
||||
|
||||
@staticmethod
|
||||
def make_custom_become_ansible_vars(account, platform):
|
||||
def make_custom_become_ansible_vars(account, su_from_auth):
|
||||
su_method = su_from_auth['ansible_become_method']
|
||||
var = {
|
||||
'custom_become': True, 'custom_become_method': platform.su_method,
|
||||
'custom_become': True,
|
||||
'custom_become_method': su_method,
|
||||
'custom_become_user': account.su_from.username,
|
||||
'custom_become_password': account.su_from.secret,
|
||||
'custom_become_private_key_path': account.su_from.private_key_path
|
||||
|
|
@ -98,16 +100,9 @@ class JMSInventory:
|
|||
|
||||
su_from = account.su_from
|
||||
if platform.su_enabled and su_from:
|
||||
host.update(self.make_account_ansible_vars(su_from))
|
||||
host.update(self.make_custom_become_ansible_vars(account, platform))
|
||||
become_method = 'sudo' if platform.su_method != 'su' else 'su'
|
||||
host['ansible_become'] = True
|
||||
host['ansible_become_method'] = 'sudo'
|
||||
host['ansible_become_user'] = account.username
|
||||
if become_method == 'sudo':
|
||||
host['ansible_become_password'] = su_from.secret
|
||||
else:
|
||||
host['ansible_become_password'] = account.secret
|
||||
su_from_auth = account.get_ansible_become_auth()
|
||||
host.update(su_from_auth)
|
||||
host.update(self.make_custom_become_ansible_vars(account, su_from_auth))
|
||||
elif platform.su_enabled and not su_from and \
|
||||
self.task_type in (AutomationTypes.change_secret, AutomationTypes.push_account):
|
||||
host.update(self.make_account_ansible_vars(account))
|
||||
|
|
|
|||
|
|
@ -63,13 +63,13 @@ class SSHClient:
|
|||
@staticmethod
|
||||
def _is_match_user(user, content):
|
||||
# 正常命令切割后是[命令,用户名,交互前缀]
|
||||
remote_user = content.split()[1] if len(content.split()) >= 3 else None
|
||||
return remote_user and remote_user == user
|
||||
content_list = content.split() if len(content.split()) >= 3 else None
|
||||
return content_list and user in content_list
|
||||
|
||||
def switch_user(self):
|
||||
self._get_channel()
|
||||
if not self.module.params['become']:
|
||||
return None
|
||||
return
|
||||
method = self.module.params['become_method']
|
||||
username = self.module.params['login_user']
|
||||
if method == 'sudo':
|
||||
|
|
@ -85,7 +85,7 @@ class SSHClient:
|
|||
su_output, err_msg = self.execute(commands)
|
||||
if err_msg:
|
||||
return err_msg
|
||||
i_output, err_msg = self.execute(['whoami'])
|
||||
i_output, err_msg = self.execute(['whoami'], delay_time=1)
|
||||
if err_msg:
|
||||
return err_msg
|
||||
|
||||
|
|
@ -153,14 +153,14 @@ class SSHClient:
|
|||
output = self.channel.recv(size).decode(encoding)
|
||||
return output
|
||||
|
||||
def execute(self, commands):
|
||||
def execute(self, commands, delay_time=0.3):
|
||||
if not self.is_connect:
|
||||
self.connect()
|
||||
output, error_msg = '', ''
|
||||
try:
|
||||
for command in commands:
|
||||
self.channel.send(command + '\n')
|
||||
time.sleep(0.3)
|
||||
time.sleep(delay_time)
|
||||
output = self._get_recv()
|
||||
except Exception as e:
|
||||
error_msg = str(e)
|
||||
|
|
@ -170,5 +170,5 @@ class SSHClient:
|
|||
try:
|
||||
self.channel.close()
|
||||
self.client.close()
|
||||
except:
|
||||
except Exception:
|
||||
pass
|
||||
|
|
|
|||
Loading…
Reference in New Issue