Ansible Script 추가

2023-12-19 13:36:16 +09:00
parent 0273450ff6
commit 05cb8d9269
2610 changed files with 281893 additions and 0 deletions
--- a/ansible/infra_setting/roles/connect-settings/files/00_old/gen_password.py
+++ b/ansible/infra_setting/roles/connect-settings/files/00_old/gen_password.py
@@ -0,0 +1,44 @@
+#!/usr/bin/python3
+
+import base64, random, string, os
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad, unpad
+
+try:
+    encrypt_flag=True if os.sys.argv[1].lower()=='1' else False 
+except Exception as err:
+    encrypt_flag=False
+
+def generate_password(length=8, num_uppercase=1, num_lowercase=1, num_digits=1, num_sp_char=1):
+    sp_char = '!@#$'
+    all_chars = string.ascii_letters + string.digits + sp_char
+
+    password = [
+        *random.choices(string.ascii_uppercase, k=num_uppercase),
+        *random.choices(string.ascii_lowercase, k=num_lowercase),
+        *random.choices(string.digits, k=num_digits),
+        *random.choices(sp_char, k=num_sp_char)
+    ]
+
+    remaining_length = length - (num_uppercase + num_lowercase + num_digits + num_sp_char)
+    password += random.choices(all_chars, k=remaining_length)
+    
+    random.shuffle(password)
+    return ''.join(password)
+
+def encrypt(plain_text, key):
+    manual_iv = b'PhilinnovatorDEV'
+    cipher = AES.new(key, AES.MODE_CBC, iv=manual_iv)
+    ct_bytes = cipher.encrypt(pad(plain_text.encode(), 16))
+    ct = base64.b64encode(ct_bytes).decode('utf-8')
+    return ct
+
+key = b'PhilinnovatorDEVPhilinnovatorDEV'
+plain_text = generate_password()
+
+if encrypt_flag: 
+    encrypted_text = encrypt(plain_text, key)
+    print(encrypted_text)
+else:
+    print(plain_text)
--- a/ansible/infra_setting/roles/connect-settings/files/00_old/vault_test.py
+++ b/ansible/infra_setting/roles/connect-settings/files/00_old/vault_test.py
@@ -0,0 +1,11 @@
+import hvac
+
+str_url   = "http://10.10.43.98:31080"
+str_token = "hvs.CAESIMV6zCg-GpUP4pQgVA5f1ZXkgyJZrqOC6QDCegrpiAX9Gh4KHGh2cy5ORkpkc2ZyVUxYd09qUVFtQldRNDBjS3I"
+client = hvac.Client(url=str_url, token=str_token)
+
+str_mount_point = 'kv'
+str_secret_path = 'host1'
+read_secret_result = client.secrets.kv.v1.read_secret(mount_point=str_mount_point, path=str_secret_path)
+print(read_secret_result)
+
--- a/ansible/infra_setting/roles/connect-settings/files/custom_excel
+++ b/ansible/infra_setting/roles/connect-settings/files/custom_excel
@@ -0,0 +1,108 @@
+#!/usr/bin/python3
+#-*- coding: utf-8 -*-
+
+import os, sys, time, errno, socket, signal, psutil, random, logging.handlers, subprocess, paramiko, hvac
+from xlwt import Workbook, XFStyle, Borders, Font, Pattern
+from socket import error as SocketError
+
+process_time 	= time.strftime("%Y%m%d_%H%M", time.localtime())
+excel_file_name = '/mnt/e/excel/{}.xls'.format(process_time)
+
+def process_close(flag=True, result=''):
+    if flag:
+        print("[Success]")
+    else:
+        print("[Fail]:{}".format(result))
+
+    sys.exit(0)
+
+def set_header(sheet, header_list):
+    # 폰트 설정
+    font = Font()
+    font.bold = True
+
+    # 테두리 설정
+    borders = Borders()
+    borders.left = Borders.THIN
+    borders.right = Borders.THIN
+    borders.top = Borders.THIN
+    borders.bottom = Borders.THIN
+
+    # 배경색 설정
+    pattern = Pattern() 
+    pattern.pattern = Pattern.SOLID_PATTERN 
+    pattern.pattern_fore_colour = 22 # #E2EFDA는 xlwt에서 인덱스 22에 해당하는 색입니다.
+
+    hdrstyle = XFStyle()
+    hdrstyle.font = font
+    hdrstyle.borders = borders
+    hdrstyle.pattern = pattern
+
+    for idx, header in enumerate(header_list):
+        sheet.write(0, idx, header, hdrstyle)
+        sheet.col(idx).width = len(header) * 800
+
+def write_data(sheet, data_list):
+    datestyle = XFStyle()
+    datestyle.num_format_str = 'YYYY-MM-DD'
+
+    for row_num, data in enumerate(data_list, start=1):
+        for col_num, cell_data in enumerate(data):
+            if col_num == 7:
+                sheet.write(row_num, col_num, cell_data, datestyle)
+            elif col_num in [1, 4, 5]:
+                formatted_data = u'{}'.format(cell_data) if cell_data else ''
+                sheet.write(row_num, col_num, formatted_data)
+            else:
+                sheet.write(row_num, col_num, cell_data)
+
+def excel_write(header_list=[], data_list=[], filename='', sheetTitle=''):
+    workbook = Workbook(style_compression=2, encoding='utf-8')
+    sheet = workbook.add_sheet(sheetTitle)
+
+    set_header(sheet, header_list)
+    write_data(sheet, data_list)
+
+    sheet.panes_frozen = True
+    sheet.vert_split_pos = 0
+    sheet.horz_split_pos = 1
+    workbook.save(filename)
+
+def main():
+    header_list=['번호','호스트 유형','호스트명','호스트 IP','포트번호','프로토콜','인증방법','1차 로그인 계정명','1차 로그인 비밀번호','1차 로그인 계정명','2차 로그인 비밀번호','용도','비고']
+    data_list=[]
+
+    openfile=open('/tmp/host_list','r')
+    readfile=openfile.readlines()
+    openfile.close()
+    for idx, host_data in enumerate(readfile):
+        try:
+            if idx==0: continue
+            host_num=idx
+            hosttype=host_data.strip().split(' ')[0]
+            print(hosttype)
+            hostname=host_data.strip().split(' ')[1]
+            host_ips=host_data.strip().split(' ')[2]
+            port_num=int(host_data.strip().split(' ')[3])
+            protocol='SSH'
+            auth_con='Password'
+            username=host_data.strip().split(' ')[4]
+            first_pw=host_data.strip().split(' ')[5]
+            rootuser=host_data.strip().split(' ')[6]
+            secon_pw=host_data.strip().split(' ')[7]
+            descript='-'
+            remarks_='-'
+            data_list.append([host_num,hosttype,hostname,host_ips,port_num,protocol,auth_con,username,first_pw,rootuser,secon_pw,descript,remarks_,])
+        except:
+            continue
+
+    excel_write(header_list, data_list, excel_file_name, 'TEST')
+
+DEBUG=False
+try:
+	if os.sys.argv[1]: DEBUG=True
+except:
+	pass
+main()
+process_close()
+
--- a/ansible/infra_setting/roles/connect-settings/files/decrypt_password
+++ b/ansible/infra_setting/roles/connect-settings/files/decrypt_password
@@ -0,0 +1,21 @@
+#!/usr/bin/python3
+#-*- coding: utf-8 -*-
+
+import base64, random, string, os
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad, unpad
+
+try:
+    encrypted_text=os.sys.argv[1]
+except:
+    encrypted_text="q6i1/JxyNe1OUrO0JKu+Z4WQTyQZam2yIJTp43dl1pI="
+
+def decrypt(ct, key):
+    manual_iv = b'PhilinnovatorDEV'
+    ct_bytes = base64.b64decode(ct)
+    cipher = AES.new(key, AES.MODE_CBC, iv=manual_iv)
+    return unpad(cipher.decrypt(ct_bytes), 16).decode('utf-8')
+
+key = b'PhilinnovatorDEVPhilinnovatorDEV'
+print(decrypt(encrypted_text, key))
--- a/ansible/infra_setting/roles/connect-settings/files/gen_password
+++ b/ansible/infra_setting/roles/connect-settings/files/gen_password
@@ -0,0 +1,45 @@
+#!/usr/bin/python3
+#-*- coding: utf-8 -*-
+
+import base64, random, string, os
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad, unpad
+
+try:
+    encrypt_flag=True if os.sys.argv[1].lower()=='1' else False 
+except Exception as err:
+    encrypt_flag=False
+
+def generate_password(length=12, num_uppercase=3, num_lowercase=4, num_digits=3, num_sp_char=2):
+    sp_char = '!@#$'
+    all_chars = string.ascii_letters + string.digits + sp_char
+
+    password = [
+        *random.choices(string.ascii_uppercase, k=num_uppercase),
+        *random.choices(string.ascii_lowercase, k=num_lowercase),
+        *random.choices(string.digits, k=num_digits),
+        *random.choices(sp_char, k=num_sp_char)
+    ]
+
+    remaining_length = length - (num_uppercase + num_lowercase + num_digits + num_sp_char)
+    password += random.choices(all_chars, k=remaining_length)
+    
+    random.shuffle(password)
+    return ''.join(password)
+
+def encrypt(plain_text, key):
+    manual_iv = b'PhilinnovatorDEV'
+    cipher = AES.new(key, AES.MODE_CBC, iv=manual_iv)
+    ct_bytes = cipher.encrypt(pad(plain_text.encode(), 16))
+    ct = base64.b64encode(ct_bytes).decode('utf-8')
+    return ct
+
+key = b'PhilinnovatorDEVPhilinnovatorDEV'
+plain_text = generate_password()
+
+if encrypt_flag: 
+    encrypted_text = encrypt(plain_text, key)
+    print(encrypted_text)
+else:
+    print(plain_text)
--- a/ansible/infra_setting/roles/connect-settings/files/vault_get
+++ b/ansible/infra_setting/roles/connect-settings/files/vault_get
@@ -0,0 +1,17 @@
+#!/usr/bin/python3
+#-*- coding: utf-8 -*-
+
+import hvac
+import os
+
+hostname=os.sys.argv[1]
+
+str_url   = "http://10.10.43.240:30803"
+client = hvac.Client(url=str_url)
+client.auth.approle.login(role_id="e96c5fd8-abde-084a-fde7-7450a9348a70", secret_id="5371706b-414a-11d3-f3fd-6cf98871aad1")
+
+try:
+    data = client.secrets.kv.v2.read_secret_version(mount_point='host', path=hostname, raise_on_deleted_version=True)['data']['data']
+    print(data)
+except Exception as err:
+    print(err)
--- a/ansible/infra_setting/roles/connect-settings/files/vault_put
+++ b/ansible/infra_setting/roles/connect-settings/files/vault_put
@@ -0,0 +1,21 @@
+#!/usr/bin/python3
+#-*- coding: utf-8 -*-
+
+import hvac
+import os
+
+hostname=os.sys.argv[1]
+accountid=os.sys.argv[2]
+password=os.sys.argv[3]
+adminuser=os.sys.argv[4]
+adminpass=os.sys.argv[5]
+
+str_url   = "http://10.10.43.240:30803"
+client = hvac.Client(url=str_url)
+client.auth.approle.login(role_id="e96c5fd8-abde-084a-fde7-7450a9348a70", secret_id="5371706b-414a-11d3-f3fd-6cf98871aad1")
+
+client.secrets.kv.v2.create_or_update_secret(
+    mount_point='host',
+    path=hostname,
+    secret=dict(accountid=f'{accountid}',password=f'{password}',adminuser=f'{adminuser}',adminpass=f'{adminpass}')
+)