From c278282778bc018e4077490288f5d0b8eeccb547 Mon Sep 17 00:00:00 2001 From: v_gqpgguo Date: Fri, 28 Jun 2024 12:02:57 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20IDC=20windows=E6=9C=BA=E5=99=A8=E5=BC=80?= =?UTF-8?q?=E9=80=9A=E5=89=8D=E7=BD=AE=E7=AD=96=E7=95=A5=20(closed=20#2301?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/backend/agent/solution_maker.py | 32 +++++++++++++++++++ .../collections/common/script_content.py | 7 ++++ 2 files changed, 39 insertions(+) diff --git a/apps/backend/agent/solution_maker.py b/apps/backend/agent/solution_maker.py index 1edf236cb..1d66a72a0 100644 --- a/apps/backend/agent/solution_maker.py +++ b/apps/backend/agent/solution_maker.py @@ -25,6 +25,9 @@ from django.utils.translation import ugettext_lazy as _ from apps.backend.api import constants as backend_api_constants +from apps.backend.components.collections.common.script_content import ( + JUMP_SERVER_POLICY_TEMPLATE, +) from apps.backend.subscription.steps.agent_adapter.base import AgentSetupInfo from apps.core.script_manage.base import ScriptHook from apps.node_man import constants, models @@ -652,6 +655,33 @@ def _make(self) -> ExecutionSolution: class BatchExecutionSolutionMaker(BaseExecutionSolutionMaker): + def build_jump_server_policy_steps(self) -> typing.List[ExecutionSolutionStep]: + policy_step: typing.List[ExecutionSolutionStep] = [] + # 非直连或非p-agent不需要开通端口策略 + if not ExecutionSolutionTools.need_jump_server(self.host) or self.host.bk_cloud_id != constants.DEFAULT_CLOUD: + return policy_step + + # 开通跳板机17980和17981端口 + jump_server: models.Host = self.gse_servers_info["jump_server"] + jump_server_lan_ip: str = jump_server.inner_ip or jump_server.inner_ipv6 + if not basic.is_v6(jump_server_lan_ip): + policy_step.append( + ExecutionSolutionStep( + step_type=constants.CommonExecutionSolutionStepType.COMMANDS.value, + description="开通跳板机17980和17981端口", + contents=[ + ExecutionSolutionStepContent( + name="run_cmd", + text=JUMP_SERVER_POLICY_TEMPLATE.format(jump_server_lan_ip=jump_server_lan_ip), + description="开通跳板机17980和17981端口", + show_description=False, + ), + ], + ) + ) + + return policy_step + def _make(self) -> ExecutionSolution: # 1. 准备阶段:创建目录 create_pre_dirs_step: ExecutionSolutionStep = self.get_create_pre_dirs_step() @@ -722,6 +752,8 @@ def _make(self) -> ExecutionSolution: ), steps=[ create_pre_dirs_step, + # 如果是idc windows机器,则开通跳板机的17980和17981端口 + *self.build_jump_server_policy_steps(), dependencies_step, # 脚本的执行可能会有依赖受限,放置到依赖下载步骤之后 *self.build_script_hook_steps(), diff --git a/apps/backend/components/collections/common/script_content.py b/apps/backend/components/collections/common/script_content.py index b94051e98..1ce004f9b 100644 --- a/apps/backend/components/collections/common/script_content.py +++ b/apps/backend/components/collections/common/script_content.py @@ -98,3 +98,10 @@ set BK_NODEMAN_PLUGIN_SETUP_PATH={{ plugin_setup_path }} """ + +JUMP_SERVER_POLICY_TEMPLATE = ( + "netsh advfirewall firewall show rule name=IEOD_Outbound_NodeMan_Rule_TCP 2>&1 > NUL || " + "netsh advfirewall firewall add rule name=IEOD_Outbound_NodeMan_Rule_TCP " + 'dir=out remoteip="{jump_server_lan_ip}/32" protocol=tcp remoteport="17980,17981" ' + "profile=public enable=yes action=allow" +)