github/jumpserver
1
0
Fork 0
mirror of https://github.com/jumpserver/jumpserver.git synced 2025-06-28 15:57:23 +00:00
Code Issues Projects Releases Wiki Activity

perf: 优化 Ansible 账号选择

Browse Source
This commit is contained in:
ibuler 2023-03-16 19:06:50 +08:00 committed by Jiangjie.Bai
parent 93a7cee4de
commit cad6fffd74
2 changed files with 20 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
apps/ops/ansible/inventory.py
View File

@ -139,12 +139,12 @@ class JMSInventory:
self.make_ssh_account_vars(host, asset, account, automation, protocols, platform, gateway) self.make_ssh_account_vars(host, asset, account, automation, protocols, platform, gateway)
return host return host
def get_asset_accounts(self, asset): def get_asset_sorted_accounts(self, asset):
from assets.const import Connectivity accounts = list(asset.accounts.filter(is_active=True))
accounts = asset.accounts.filter(is_active=True).order_by('-privileged', '-date_updated') connectivity_score = {'ok': 2, '-': 1, 'err': 0}
accounts_connectivity_ok = list(accounts.filter(connectivity=Connectivity.OK)) sort_key = lambda x: (x.privileged, connectivity_score.get(x.connectivity, 0), x.date_updated)
accounts_connectivity_no = list(accounts.exclude(connectivity=Connectivity.OK)) accounts_sorted = sorted(accounts, key=sort_key, reverse=True)
return accounts_connectivity_ok + accounts_connectivity_no return accounts_sorted
@staticmethod @staticmethod
def get_account_prefer(account_prefer): def get_account_prefer(account_prefer):
@ -163,28 +163,23 @@ class JMSInventory:
return account return account
def select_account(self, asset): def select_account(self, asset):
accounts = self.get_asset_accounts(asset) accounts = self.get_asset_sorted_accounts(asset)
if not accounts or self.account_policy == 'skip': if not accounts:
return None return None
account_selected = None
# 首先找到特权账号 refer_account = self.get_refer_account(accounts)
privileged_accounts = list(filter(lambda account: account.privileged, accounts)) if refer_account:
return refer_account
# 不同类型的账号选择,优先使用提供的名称 account_selected = accounts[0]
refer_privileged_account = self.get_refer_account(privileged_accounts) if self.account_policy == 'skip':
if self.account_policy in ['privileged_only', 'privileged_first']: return None
first_privileged = privileged_accounts[0] if privileged_accounts else None elif self.account_policy == 'privileged_first':
account_selected = refer_privileged_account or first_privileged
# 此策略不管是否匹配到账号都需强制返回
if self.account_policy == 'privileged_only':
return account_selected return account_selected
elif self.account_policy == 'privileged_only' and account_selected.privileged:
if not account_selected: return account_selected
account_selected = self.get_refer_account(accounts) else:
return None
return account_selected or accounts[0]
def generate(self, path_dir): def generate(self, path_dir):
hosts = [] hosts = []

2
apps/ops/models/job.py
View File

@ -46,7 +46,7 @@ class JMSPermedInventory(JMSInventory):
self.user = user self.user = user
self.assets_accounts_mapper = self.get_assets_accounts_mapper() self.assets_accounts_mapper = self.get_assets_accounts_mapper()
def get_asset_accounts(self, asset): def get_asset_sorted_accounts(self, asset):
return self.assets_accounts_mapper.get(asset.id, []) return self.assets_accounts_mapper.get(asset.id, [])
def get_assets_accounts_mapper(self): def get_assets_accounts_mapper(self):