From bfd77aa1b04ec4a70651c01d9929381a582d1a40 Mon Sep 17 00:00:00 2001 From: fit2bot <68588906+fit2bot@users.noreply.github.com> Date: Wed, 7 Jun 2023 17:28:35 +0800 Subject: [PATCH] feat: automation windows pyrdp ping (#10602) * feat: automation windows pyrdp ping * perf: add pyfreerdp deps --------- Co-authored-by: feng <1304903146@qq.com> Co-authored-by: Eric --- .../verify_account/custom/{ => rdp}/main.yml | 0 .../verify_account/custom/rdp/manifest.yml | 13 +++ .../verify_account/custom/ssh/main.yml | 14 +++ .../custom/{ => ssh}/manifest.yml | 0 apps/ops/ansible/modules/custom_command.py | 4 +- apps/ops/ansible/modules/rdp_ping.py | 86 +++++++++++++++++++ apps/ops/ansible/modules/ssh_ping.py | 4 +- .../ansible/modules_utils/custom_common.py | 3 +- requirements/apk_pkg.sh | 2 +- requirements/deb_pkg.sh | 2 +- requirements/mac_pkg.sh | 2 +- requirements/requirements.txt | 1 + requirements/rpm_pkg.sh | 2 +- 13 files changed, 123 insertions(+), 10 deletions(-) rename apps/accounts/automations/verify_account/custom/{ => rdp}/main.yml (100%) create mode 100644 apps/accounts/automations/verify_account/custom/rdp/manifest.yml create mode 100644 apps/accounts/automations/verify_account/custom/ssh/main.yml rename apps/accounts/automations/verify_account/custom/{ => ssh}/manifest.yml (100%) create mode 100644 apps/ops/ansible/modules/rdp_ping.py diff --git a/apps/accounts/automations/verify_account/custom/main.yml b/apps/accounts/automations/verify_account/custom/rdp/main.yml similarity index 100% rename from apps/accounts/automations/verify_account/custom/main.yml rename to apps/accounts/automations/verify_account/custom/rdp/main.yml diff --git a/apps/accounts/automations/verify_account/custom/rdp/manifest.yml b/apps/accounts/automations/verify_account/custom/rdp/manifest.yml new file mode 100644 index 000000000..79fcce96b --- /dev/null +++ b/apps/accounts/automations/verify_account/custom/rdp/manifest.yml @@ -0,0 +1,13 @@ +id: verify_account_by_rdp +name: "{{ 'Windows rdp account verify' | trans }}" +category: + - host +type: + - windows +method: verify_account + +i18n: + Windows rdp account verify: + zh: 使用 Python 模块 pyfreerdp 验证账号 + ja: Python モジュール pyfreerdp を使用してアカウントを検証する + en: Using Python module pyfreerdp to verify account diff --git a/apps/accounts/automations/verify_account/custom/ssh/main.yml b/apps/accounts/automations/verify_account/custom/ssh/main.yml new file mode 100644 index 000000000..cf4a937a7 --- /dev/null +++ b/apps/accounts/automations/verify_account/custom/ssh/main.yml @@ -0,0 +1,14 @@ +- hosts: custom + gather_facts: no + vars: + ansible_connection: local + + tasks: + - name: Verify account + ssh_ping: + login_host: "{{ jms_asset.address }}" + login_port: "{{ jms_asset.port }}" + login_user: "{{ account.username }}" + login_password: "{{ account.secret }}" + login_secret_type: "{{ account.secret_type }}" + login_private_key_path: "{{ account.private_key_path }}" diff --git a/apps/accounts/automations/verify_account/custom/manifest.yml b/apps/accounts/automations/verify_account/custom/ssh/manifest.yml similarity index 100% rename from apps/accounts/automations/verify_account/custom/manifest.yml rename to apps/accounts/automations/verify_account/custom/ssh/manifest.yml diff --git a/apps/ops/ansible/modules/custom_command.py b/apps/ops/ansible/modules/custom_command.py index 4edff4324..e4f7cf11d 100644 --- a/apps/ops/ansible/modules/custom_command.py +++ b/apps/ops/ansible/modules/custom_command.py @@ -64,7 +64,7 @@ name: from ansible.module_utils.basic import AnsibleModule from ops.ansible.modules_utils.custom_common import ( - SSHClient, ssh_common_argument_spec + SSHClient, common_argument_spec ) @@ -85,7 +85,7 @@ def get_commands(module): def main(): - argument_spec = ssh_common_argument_spec() + argument_spec = common_argument_spec() argument_spec.update( name=dict(required=True, aliases=['user']), password=dict(aliases=['pass'], no_log=True), diff --git a/apps/ops/ansible/modules/rdp_ping.py b/apps/ops/ansible/modules/rdp_ping.py new file mode 100644 index 000000000..f069b5bf7 --- /dev/null +++ b/apps/ops/ansible/modules/rdp_ping.py @@ -0,0 +1,86 @@ +#!/usr/bin/python + +from __future__ import absolute_import, division, print_function + +__metaclass__ = type + +DOCUMENTATION = ''' +--- +module: custom_rdp_ping +short_description: Use rdp to probe whether an asset is connectable +description: + - Use rdp to probe whether an asset is connectable +''' + +EXAMPLES = ''' +- name: > + Ping asset server. + custom_rdp_ping: + login_host: 127.0.0.1 + login_port: 3389 + login_user: jms + login_password: password +''' + +RETURN = ''' +is_available: + description: Windows server availability. + returned: always + type: bool + sample: true +conn_err_msg: + description: Connection error message. + returned: always + type: str + sample: '' +''' + +import pyfreerdp +from typing import NamedTuple +from ansible.module_utils.basic import AnsibleModule + +from ops.ansible.modules_utils.custom_common import ( + common_argument_spec +) + + +# ========================================= +# Module execution. +# + +class Param(NamedTuple): + hostname: str + port: int + username: str + password: str + + +def main(): + options = common_argument_spec() + module = AnsibleModule(argument_spec=options, supports_check_mode=True) + result = {'changed': False, 'is_available': False} + + secret_type = module.params['login_secret_type'] + if secret_type != 'password': + module.fail_json( + msg=f'The current ansible does not support \ + the verification method for {secret_type} types.' + ) + return module.exit_json(**result) + + params = Param( + hostname=module.params['login_host'], + port=module.params['login_port'], + username=module.params['login_user'], + password=module.params['login_password'] + ) + + is_available = pyfreerdp.check_connectivity(*params, '', 0) + result['is_available'] = is_available + if not is_available: + module.fail_json(msg='Unable to connect to asset.') + return module.exit_json(**result) + + +if __name__ == '__main__': + main() diff --git a/apps/ops/ansible/modules/ssh_ping.py b/apps/ops/ansible/modules/ssh_ping.py index 15a30eb0e..700291e24 100644 --- a/apps/ops/ansible/modules/ssh_ping.py +++ b/apps/ops/ansible/modules/ssh_ping.py @@ -40,7 +40,7 @@ conn_err_msg: from ansible.module_utils.basic import AnsibleModule from ops.ansible.modules_utils.custom_common import ( - SSHClient, ssh_common_argument_spec + SSHClient, common_argument_spec ) @@ -50,7 +50,7 @@ from ops.ansible.modules_utils.custom_common import ( def main(): - options = ssh_common_argument_spec() + options = common_argument_spec() module = AnsibleModule(argument_spec=options, supports_check_mode=True,) result = { diff --git a/apps/ops/ansible/modules_utils/custom_common.py b/apps/ops/ansible/modules_utils/custom_common.py index 07c2b6648..5da1a725e 100644 --- a/apps/ops/ansible/modules_utils/custom_common.py +++ b/apps/ops/ansible/modules_utils/custom_common.py @@ -1,11 +1,10 @@ import time import paramiko - from paramiko.ssh_exception import SSHException, NoValidConnectionsError -def ssh_common_argument_spec(): +def common_argument_spec(): options = dict( login_host=dict(type='str', required=False, default='localhost'), login_port=dict(type='int', required=False, default=22), diff --git a/requirements/apk_pkg.sh b/requirements/apk_pkg.sh index b85baf5e6..c188c2d32 100644 --- a/requirements/apk_pkg.sh +++ b/requirements/apk_pkg.sh @@ -3,4 +3,4 @@ apk add \ gcc make python3-dev python3 libffi-dev mariadb-dev \ libc-dev krb5-dev openldap-dev jpeg-dev linux-headers sshpass \ openssh-client build-base libressl libffi-dev libressl-dev \ - libxslt-dev libxml2-dev xmlsec-dev xmlsec + libxslt-dev libxml2-dev xmlsec-dev xmlsec freerdp-dev diff --git a/requirements/deb_pkg.sh b/requirements/deb_pkg.sh index 18d0b8f06..31c6eedf9 100644 --- a/requirements/deb_pkg.sh +++ b/requirements/deb_pkg.sh @@ -2,4 +2,4 @@ apt install \ g++ make iputils-ping default-libmysqlclient-dev libpq-dev \ libffi-dev libldap2-dev libsasl2-dev openssh-client sshpass pkg-config libxml2-dev \ - libxmlsec1-dev libxmlsec1-openssl libaio-dev freetds-dev + libxmlsec1-dev libxmlsec1-openssl libaio-dev freetds-dev freerdp2-dev diff --git a/requirements/mac_pkg.sh b/requirements/mac_pkg.sh index 45049eb0a..909282cf0 100644 --- a/requirements/mac_pkg.sh +++ b/requirements/mac_pkg.sh @@ -5,7 +5,7 @@ PROJECT_DIR=$(dirname "$BASE_DIR") echo "1. 安装依赖" brew install libtiff libjpeg webp little-cms2 openssl gettext git \ git-lfs mysql libxml2 libxmlsec1 pkg-config postgresql freetds openssl \ - libffi + libffi freerdp echo "2. 下载 IP 数据库" ip_db_path="${PROJECT_DIR}/apps/common/utils/geoip/GeoLite2-City.mmdb" diff --git a/requirements/requirements.txt b/requirements/requirements.txt index 74999c74e..33bc01dbe 100644 --- a/requirements/requirements.txt +++ b/requirements/requirements.txt @@ -126,6 +126,7 @@ pyOpenSSL==22.0.0 redis==4.5.4 pyOpenSSL==22.0.0 pymongo==4.2.0 +pyfreerdp==0.0.1 # Debug ipython==8.10.0 ForgeryPy3==0.3.1 diff --git a/requirements/rpm_pkg.sh b/requirements/rpm_pkg.sh index 53df8bf0d..b1f7126a1 100644 --- a/requirements/rpm_pkg.sh +++ b/requirements/rpm_pkg.sh @@ -2,4 +2,4 @@ yum -y install \ gcc-c++ sshpass mariadb-devel openldap-devel openssh-clients libxml2-devel \ xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel \ - postgresql-devel + postgresql-devel freerdp-devel