Automatic configuration management method and device based on bastion host

Abstract

The invention discloses an automatic configuration management method and device based on a bastion host, the method comprising: providing an automatic operation and maintenance entrance on the front-end management interface, collecting user input, and constructing an operation and maintenance task request according to the operation and maintenance task; Thrift service receiving front-end sending Ansible receives the call of the Thrift service, and logs in to the target host through SSH to execute the operation and maintenance task, and the task result is returned to the Thrift service in JSON format; Thrift converts the task result after Ansible is executed in JSON format Return to the front-end management interface; the front-end management interface displays the task result.

Description

technical field [0001] The present invention relates to the field of computer technology, in particular to an automatic configuration management method and device based on a bastion host. Background technique [0002] The bastion machine is an operation and maintenance security audit product for large-scale data centers. The operation and maintenance users can complete the operation and maintenance management of a large number of devices through the centralized management and authorization management functions of the bastion machine. At the same time, the bastion machine can audit the operation and maintenance. Dimension user's operation process. In the traditional operation and maintenance mode, the operation and maintenance user directly connects to the remote server through the local device to perform operation and maintenance management operations. The entire operation process is invisible and uncontrollable, and there are great risks; In the role of an intermediate age...

AI Technical Summary

Problems solved by technology

[0004] In order to meet the security compliance requirements of configuration management, IT operation and maintenance personnel must connect to the server through the bastion host to perform operation and maintenance management operations; however, automatic operation and maintenance tools such as scripts cannot use the bastion host, and remote operations cannot monitor and record. Meet security compliance requirements

[0005] 1. Operation and maintenance personnel can only manually complete some tedious and time-consuming operations using traditional bastion hosts, which cannot meet the current requirements of automated operation and maintenance, especially batch configuration management

For the operation and maintenance personnel of the traditional bastion machine, although the security is greatly enhanced, the operation and maintenance efficiency becomes low

[0006] 2. Traditional bastion hosts face the difficulty of password management for servers and virtual machines by operation and maintenance personnel, and cannot perform account inspections on managed servers, virtual machines, and network devices. coming security risk

Backup work is usually done by manual or script backup, it is difficult to achieve unified management of backup files

Traditional bastion hosts can only be backed up manually or through scripts

Images