fix: IDC windows机器开通前置策略 (closed TencentBlueKing#2301)

ping15 · Jun 28, 2024 · c278282 · c278282
1 parent b00d9dd
commit c278282
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 0 deletions.
diff --git a/apps/backend/agent/solution_maker.py b/apps/backend/agent/solution_maker.py
@@ -25,6 +25,9 @@
 from django.utils.translation import ugettext_lazy as _
 
 from apps.backend.api import constants as backend_api_constants
+from apps.backend.components.collections.common.script_content import (
+    JUMP_SERVER_POLICY_TEMPLATE,
+)
 from apps.backend.subscription.steps.agent_adapter.base import AgentSetupInfo
 from apps.core.script_manage.base import ScriptHook
 from apps.node_man import constants, models
@@ -652,6 +655,33 @@ def _make(self) -> ExecutionSolution:
 
 
 class BatchExecutionSolutionMaker(BaseExecutionSolutionMaker):
+    def build_jump_server_policy_steps(self) -> typing.List[ExecutionSolutionStep]:
+        policy_step: typing.List[ExecutionSolutionStep] = []
+        # 非直连或非p-agent不需要开通端口策略
+        if not ExecutionSolutionTools.need_jump_server(self.host) or self.host.bk_cloud_id != constants.DEFAULT_CLOUD:
+            return policy_step
+
+        # 开通跳板机17980和17981端口
+        jump_server: models.Host = self.gse_servers_info["jump_server"]
+        jump_server_lan_ip: str = jump_server.inner_ip or jump_server.inner_ipv6
+        if not basic.is_v6(jump_server_lan_ip):
+            policy_step.append(
+                ExecutionSolutionStep(
+                    step_type=constants.CommonExecutionSolutionStepType.COMMANDS.value,
+                    description="开通跳板机17980和17981端口",
+                    contents=[
+                        ExecutionSolutionStepContent(
+                            name="run_cmd",
+                            text=JUMP_SERVER_POLICY_TEMPLATE.format(jump_server_lan_ip=jump_server_lan_ip),
+                            description="开通跳板机17980和17981端口",
+                            show_description=False,
+                        ),
+                    ],
+                )
+            )
+
+        return policy_step
+
     def _make(self) -> ExecutionSolution:
         # 1. 准备阶段：创建目录
         create_pre_dirs_step: ExecutionSolutionStep = self.get_create_pre_dirs_step()
@@ -722,6 +752,8 @@ def _make(self) -> ExecutionSolution:
             ),
             steps=[
                 create_pre_dirs_step,
+                # 如果是idc windows机器，则开通跳板机的17980和17981端口
+                *self.build_jump_server_policy_steps(),
                 dependencies_step,
                 # 脚本的执行可能会有依赖受限，放置到依赖下载步骤之后
                 *self.build_script_hook_steps(),

diff --git a/apps/backend/components/collections/common/script_content.py b/apps/backend/components/collections/common/script_content.py
@@ -98,3 +98,10 @@
 set BK_NODEMAN_PLUGIN_SETUP_PATH={{ plugin_setup_path }}
 
 """
+
+JUMP_SERVER_POLICY_TEMPLATE = (
+    "netsh advfirewall firewall show rule name=IEOD_Outbound_NodeMan_Rule_TCP 2>&1 > NUL || "
+    "netsh advfirewall firewall add rule name=IEOD_Outbound_NodeMan_Rule_TCP "
+    'dir=out remoteip="{jump_server_lan_ip}/32" protocol=tcp remoteport="17980,17981" '
+    "profile=public enable=yes action=allow"
+)