{"id":38358074,"url":"https://github.com/maggot-code/remote-command","last_synced_at":"2026-01-17T03:17:31.013Z","repository":{"id":312132135,"uuid":"1044507195","full_name":"maggot-code/remote-command","owner":"maggot-code","description":"堡垒机自动化命令执行服务，基于 Django 和 Ansible，支持多跳 SSH、统一 API 与详细日志。","archived":false,"fork":false,"pushed_at":"2025-09-27T14:23:05.000Z","size":170,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-09-27T16:19:45.142Z","etag":null,"topics":["ansible","automation","bastion","devops","django","python","ssh"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/maggot-code.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-08-25T19:40:01.000Z","updated_at":"2025-09-27T14:23:08.000Z","dependencies_parsed_at":"2025-08-29T00:13:09.656Z","dependency_job_id":"a4063fb6-cf93-4dd5-8791-c51dfcbc2909","html_url":"https://github.com/maggot-code/remote-command","commit_stats":null,"previous_names":["maggot-code/remote-command"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/maggot-code/remote-command","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maggot-code%2Fremote-command","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maggot-code%2Fremote-command/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maggot-code%2Fremote-command/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maggot-code%2Fremote-command/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/maggot-code","download_url":"https://codeload.github.com/maggot-code/remote-command/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/maggot-code%2Fremote-command/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28492633,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-17T02:39:23.645Z","status":"ssl_error","status_checked_at":"2026-01-17T02:34:19.649Z","response_time":85,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","automation","bastion","devops","django","python","ssh"],"created_at":"2026-01-17T03:17:30.882Z","updated_at":"2026-01-17T03:17:30.957Z","avatar_url":"https://github.com/maggot-code.png","language":"Python","readme":"\n# Ansible 跳板机免密自动化服务\n\n## 项目简介\n\n本项目通过Django后端整合Ansible，实现堡垒机（跳板机）场景下对内网节点的自动化命令执行。平台支持多层SSH免密跳转，统一API接口，详细日志审计，适用于自动化运维和合规追踪。\n\n## 目录结构\n\n```\n.\n├── ansible/           # Ansible相关封装与配置\n├── api/               # Django API接口\n├── artifacts/         # 任务执行产物与缓存\n├── deploy/            # 部署相关脚本\n├── logs/              # 日志文件\n├── remote_call/       # 远程调用与上下文服务\n├── server/            # Django服务端\n├── test/              # 测试用例\n├── manage.py\n├── pyproject.toml\n├── uv.lock\n├── db.sqlite3\n├── all.ini\n└── README.md\n```\n\n## 环境依赖\n\n- Python 3.9.6\n- Django 4.2.23\n- Ansible 8.7.0\n- Ansible-runner 2.4.1\n- OpenSSH（各节点版本见下表）\n\n| 角色         | IP                | 用户      | 密钥/密码位置                        | OpenSSH版本         |\n| ------------ | ----------------- | --------- | ------------------------------------ | ------------------- |\n| Django Server| 192.168.199.196   | root      | /root/.ssh/id_rsa_ansible            | 9.9p2, LibreSSL 3.3.6|\n| 堡垒机       | 192.168.27.131    | root      | /root/.ssh/id_rsa, /root/.ssh/authorized_keys | 8.7p1, OpenSSL 3.2.2|\n| 内网节点     | 192.168.27.132    | internal-node | /home/internal-node/.ssh/authorized_keys | 8.7p1, OpenSSL 3.2.2|\n\n## 系统架构\n\n- Django Server与内网节点无法直连，需经堡垒机跳转。\n- Django Server使用专用密钥对堡垒机免密，堡垒机再免密连接内网节点。\n- 用户通过API提交命令请求，后端组装Ansible上下文，调用ansible_runner执行，结果经堡垒机回传。\n\n\u003c!-- 如有架构图可放置于docs/目录 --\u003e\n\n## 快速开始\n\n1. 克隆项目并安装依赖\n\n     ```bash\n     git clone https://github.com/maggot-code/remote-command.git\n     cd remote-command\n     pip install -r requirements.txt\n     ```\n\n2. 配置堡垒机信息\n\n     - 编辑 `ansible/config.py` 或相关配置文件，填写堡垒机IP、用户、密钥路径等。\n\n3. 启动Django服务\n\n     ```bash\n     python manage.py migrate\n     python manage.py runserver 0.0.0.0:8000\n     ```\n\n4. 访问API接口（示例）\n\n     ```http\n     POST /api/remote_call/\n     Content-Type: application/json\n\n     {\n         \"host\": \"192.168.27.132\",\n         \"user\": \"internal-node\",\n         \"command\": \"uname -a\",\n         \"os_type\": \"linux\"\n     }\n     ```\n\n## API设计\n\n- 统一返回格式：\n\n    ```json\n    {\n        \"code\": 0,\n        \"msg\": \"success\",\n        \"data\": {\n            \"stdout\": \"...\",\n            \"stderr\": \"...\",\n            \"exit_code\": 0,\n            \"start_time\": \"...\",\n            \"end_time\": \"...\"\n        }\n    }\n    ```\n\n- 支持参数\n    - host: 内部节点IP\n    - user: 内部节点用户名\n    - password: 内部节点密码\n    - command: 执行命令\n    - os_type: 操作系统类型（linux/windows）\n\n- 错误码与说明详见 [docs/error_codes.md](docs/error_codes.md)\n\n## 日志与审计\n\n- 所有操作请求、参数、命令、结果、来源IP、时间等均详细记录于 `logs/` 目录。\n- 日志分级（INFO/WARN/ERROR），支持按需查询。\n- 关键操作具备审计追踪能力，便于合规与溯源。\n\n## 安全与认证\n\n- API接口需认证（建议支持Token/JWT/OAuth2等）。\n- 支持用户、角色、权限粒度的命令与节点访问控制。\n- 关键操作建议二次确认或多因子认证。\n\n## 扩展性设计\n\n- 支持多操作系统（当前聚焦Linux，后续可扩展Windows等）。\n- 操作系统相关逻辑采用策略/工厂模式，便于扩展。\n- 资源清理机制：定期清理ansible临时文件、日志、缓存，防止磁盘占满。\n\n## 贡献指南\n\n1. Fork本仓库并新建分支\n2. 提交PR前请确保通过所有测试\n3. 详细描述变更内容及动机\n\n## License\n\n本项目采用 MIT License，详见 [LICENSE](LICENSE)。\n\n\n```python\nclass UserContext:\n    INTERACTIVE_KEYWORDS = [\"disable\", \"enable\", \"y\", \"yes\"]\n\n    def __init__(self, command_list):\n        self.command = command_list\n\n    def use_interaction(self):\n        \"\"\"\n        判断是否需使用 send_command_timing\n        \"\"\"\n        for cmd in self.command:\n            if self._has_interactive_keyword(cmd):\n                return True\n        return False\n\n    def _has_interactive_keyword(self, cmd):\n        \"\"\"\n        判断当前命令是否属于交互式命令。\n        可进一步扩展成正则或 DSL。\n        \"\"\"\n        lower_cmd = cmd.strip().lower()\n        return any(k in lower_cmd for k in self.INTERACTIVE_KEYWORDS)\n\n    def get_command(self):\n        \"\"\"\n        返回命令数组（让 service 层保持解耦）\n        \"\"\"\n        return self.command\n\n\ndef execute_command(conn, user_ctx):\n    if user_ctx.use_interaction():\n        # 使用交互模式\n        output = \"\"\n        for cmd in user_ctx.get_command():\n            r = conn.send_command_timing(cmd)\n            output += r + \"\\n\"\n        return output\n    else:\n        # 使用配置集，一次发\n        return conn.send_config_set(user_ctx.get_command())\n\n```","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaggot-code%2Fremote-command","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmaggot-code%2Fremote-command","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmaggot-code%2Fremote-command/lists"}