From f790d54c11e67bb5ffe70869a40b824e61d76a71 Mon Sep 17 00:00:00 2001 From: "Wu,Qiang-Roy" Date: Sat, 9 Aug 2025 14:52:56 +0800 Subject: [PATCH] fix security issue: not default value for password --- ascend_deployer/library/scp.py | 4 ++-- ascend_deployer/playbooks/distribution.yml | 2 +- .../playbooks/install/install_ascend-device-plugin.yml | 4 ++-- ascend_deployer/playbooks/install/install_ascend-operator.yml | 4 ++-- ascend_deployer/playbooks/install/install_clusterd.yml | 4 ++-- ascend_deployer/playbooks/install/install_hccl-controller.yml | 4 ++-- ascend_deployer/playbooks/install/install_noded.yml | 4 ++-- ascend_deployer/playbooks/install/install_npu-exporter.yml | 4 ++-- .../playbooks/install/install_resilience-controller.yml | 4 ++-- ascend_deployer/playbooks/install/install_volcano.yml | 4 ++-- ascend_deployer/playbooks/label_node.yml | 2 +- ascend_deployer/playbooks/sync_time.yml | 2 +- 12 files changed, 21 insertions(+), 21 deletions(-) diff --git a/ascend_deployer/library/scp.py b/ascend_deployer/library/scp.py index c8b4bd23..7717f94f 100644 --- a/ascend_deployer/library/scp.py +++ b/ascend_deployer/library/scp.py @@ -30,7 +30,7 @@ class Scp: ip=dict(type="str", required=True), port=dict(type="str", required=True), remote_user=dict(type="str", required=True), - passwd=dict(type=str, required=True, no_log=True), + passwd=dict(type=str, no_log=True), src=dict(type="str", required=True), dest=dict(type="str", required=True), fetch=dict(type="bool", required=False, default=False), @@ -38,7 +38,7 @@ class Scp: ) self.ip = self.module.params["ip"] self.remote_user = self.module.params["remote_user"] - self.passwd = self.module.params["passwd"] + self.passwd = self.module.params.get("passwd", "") self.src = self.module.params["src"] self.dest = self.module.params["dest"] self.fetch = self.module.params["fetch"] diff --git a/ascend_deployer/playbooks/distribution.yml b/ascend_deployer/playbooks/distribution.yml index f8bf2a9c..d78d3c79 100644 --- a/ascend_deployer/playbooks/distribution.yml +++ b/ascend_deployer/playbooks/distribution.yml @@ -6,7 +6,7 @@ ip: "{{inventory_hostname}}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ansible_ssh_user}}" - passwd: "{{ansible_ssh_pass|default('')}}" + passwd: "{{ansible_ssh_pass}}" src: "~/resources_{{ansible_architecture}}.tar ../resources/{{os_and_arch}}/bzip2* ../resources/{{os_and_arch}}/unzip* ../resources/{{os_and_arch}}/tar*" dest: "~/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_ascend-device-plugin.yml b/ascend_deployer/playbooks/install/install_ascend-device-plugin.yml index c7a12e50..7cbeacff 100644 --- a/ascend_deployer/playbooks/install/install_ascend-device-plugin.yml +++ b/ascend_deployer/playbooks/install/install_ascend-device-plugin.yml @@ -13,7 +13,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ device_plugin_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/device-plugin" fetch: 'true' @@ -37,7 +37,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/device-plugin/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/device-plugin/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_ascend-operator.yml b/ascend_deployer/playbooks/install/install_ascend-operator.yml index c8b8c29d..0ccad881 100644 --- a/ascend_deployer/playbooks/install/install_ascend-operator.yml +++ b/ascend_deployer/playbooks/install/install_ascend-operator.yml @@ -13,7 +13,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ ascend_operator_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/ascend-operator" fetch: 'true' @@ -28,7 +28,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/ascend-operator/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/ascend-operator/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_clusterd.yml b/ascend_deployer/playbooks/install/install_clusterd.yml index 393b0201..3e087c11 100644 --- a/ascend_deployer/playbooks/install/install_clusterd.yml +++ b/ascend_deployer/playbooks/install/install_clusterd.yml @@ -29,7 +29,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ clusterd_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/clusterd" fetch: 'true' @@ -45,7 +45,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/clusterd/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/clusterd/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_hccl-controller.yml b/ascend_deployer/playbooks/install/install_hccl-controller.yml index 5fc94933..3f643a11 100644 --- a/ascend_deployer/playbooks/install/install_hccl-controller.yml +++ b/ascend_deployer/playbooks/install/install_hccl-controller.yml @@ -19,7 +19,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ hccl_controller_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/hccl-controller" fetch: 'true' @@ -35,7 +35,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/hccl-controller/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/hccl-controller/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_noded.yml b/ascend_deployer/playbooks/install/install_noded.yml index db1e3da9..10f443dd 100644 --- a/ascend_deployer/playbooks/install/install_noded.yml +++ b/ascend_deployer/playbooks/install/install_noded.yml @@ -13,7 +13,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ noded_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/noded" fetch: 'true' @@ -28,7 +28,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/noded/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/noded/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_npu-exporter.yml b/ascend_deployer/playbooks/install/install_npu-exporter.yml index 9cb6d40b..cf417a74 100644 --- a/ascend_deployer/playbooks/install/install_npu-exporter.yml +++ b/ascend_deployer/playbooks/install/install_npu-exporter.yml @@ -13,7 +13,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ npu_exporter_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/npu-exporter" fetch: 'true' @@ -28,7 +28,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/npu-exporter/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/npu-exporter/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_resilience-controller.yml b/ascend_deployer/playbooks/install/install_resilience-controller.yml index 3a8c1d37..79a3c0ac 100644 --- a/ascend_deployer/playbooks/install/install_resilience-controller.yml +++ b/ascend_deployer/playbooks/install/install_resilience-controller.yml @@ -13,7 +13,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resilience_controller_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/resilience-controller" fetch: 'true' @@ -28,7 +28,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/resilience-controller/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/resilience-controller/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/install/install_volcano.yml b/ascend_deployer/playbooks/install/install_volcano.yml index 1df6226e..5e1421c7 100644 --- a/ascend_deployer/playbooks/install/install_volcano.yml +++ b/ascend_deployer/playbooks/install/install_volcano.yml @@ -13,7 +13,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ volcano_images }}" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/volcano" fetch: 'true' @@ -29,7 +29,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/volcano/*" dest: "{{ resource_path }}/mindxdl/dlImages/{{ ansible_architecture }}/volcano/" delegate_to: localhost diff --git a/ascend_deployer/playbooks/label_node.yml b/ascend_deployer/playbooks/label_node.yml index 937bc58a..460ba09a 100644 --- a/ascend_deployer/playbooks/label_node.yml +++ b/ascend_deployer/playbooks/label_node.yml @@ -53,7 +53,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "/root/.ascend_deployer/dl_yaml/label/label_node.json" dest: "/root/.ascend_deployer/dl_yaml/label/groups/{{ inventory_hostname }}" fetch: 'true' diff --git a/ascend_deployer/playbooks/sync_time.yml b/ascend_deployer/playbooks/sync_time.yml index 2e13fe5d..c7f2d089 100644 --- a/ascend_deployer/playbooks/sync_time.yml +++ b/ascend_deployer/playbooks/sync_time.yml @@ -7,7 +7,7 @@ ip: "{{ inventory_hostname }}" port: "{{ansible_ssh_port|default('22')}}" remote_user: "{{ ansible_ssh_user }}" - passwd: "{{ ansible_ssh_pass|default('') }}" + passwd: "{{ ansible_ssh_pass }}" src: "/etc/localtime" dest: "/etc/localtime" delegate_to: localhost -- Gitee