feat: 添加MCP服务器测试套件和Kali Linux测试支持

refactor(consul): 将Consul集群作业文件移动到components目录 refactor(vault): 将Vault集群作业文件移动到components目录 refactor(nomad): 将Nomad NFS卷作业文件移动到components目录 fix(ssh): 修复浏览器主机的SSH密钥认证配置 fix(ansible): 更新Ansible配置以支持SSH密钥认证 test: 添加全面的MCP服务器测试脚本和报告 test: 添加Kali Linux测试套件和健康检查 test: 添加自动化测试运行脚本 docs: 更新README以包含测试说明和经验教训 docs: 添加Vault部署指南和测试文档 chore: 更新Makefile添加测试相关命令
2025-09-29 14:00:22 +00:00
parent f72b17a34f
commit c0064b2cad
72 changed files with 6326 additions and 109 deletions
--- a/configuration/playbooks/security/setup-browser-ssh-auth.yml
+++ b/configuration/playbooks/security/setup-browser-ssh-auth.yml
@@ -0,0 +1,81 @@
+---
+- name: Setup complete SSH key authentication for browser host
+  hosts: browser
+  become: yes
+  vars:
+    target_user: ben
+    ssh_key_comment: "ansible-generated-key-for-{{ inventory_hostname }}"
+
+  tasks:
+    - name: Copy existing Ed25519 SSH public key to target user
+      copy:
+        src: /root/.ssh/id_ed25519.pub
+        dest: /home/{{ target_user }}/.ssh/id_ed25519.pub
+        owner: "{{ target_user }}"
+        group: "{{ target_user }}"
+        mode: '0644'
+
+    - name: Copy existing Ed25519 SSH private key to target user
+      copy:
+        src: /root/.ssh/id_ed25519
+        dest: /home/{{ target_user }}/.ssh/id_ed25519
+        owner: "{{ target_user }}"
+        group: "{{ target_user }}"
+        mode: '0600'
+
+    - name: Get SSH public key content
+      command: cat /home/{{ target_user }}/.ssh/id_ed25519.pub
+      register: ssh_public_key
+      become_user: "{{ target_user }}"
+      changed_when: false
+
+    - name: Ensure .ssh directory exists for user
+      file:
+        path: /home/{{ target_user }}/.ssh
+        state: directory
+        owner: "{{ target_user }}"
+        group: "{{ target_user }}"
+        mode: '0700'
+
+    - name: Add public key to authorized_keys
+      authorized_key:
+        user: "{{ target_user }}"
+        state: present
+        key: "{{ ssh_public_key.stdout }}"
+      become_user: "{{ target_user }}"
+
+    - name: Configure SSH to prefer key authentication
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^PasswordAuthentication'
+        line: 'PasswordAuthentication yes'
+        backup: yes
+      notify: restart sshd
+      when: ansible_connection != 'local'
+
+    - name: Configure SSH to allow key authentication
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^PubkeyAuthentication'
+        line: 'PubkeyAuthentication yes'
+        backup: yes
+      notify: restart sshd
+      when: ansible_connection != 'local'
+
+    - name: Configure SSH authorized keys file permissions
+      file:
+        path: /home/{{ target_user }}/.ssh/authorized_keys
+        owner: "{{ target_user }}"
+        group: "{{ target_user }}"
+        mode: '0600'
+
+    - name: Display success message
+      debug:
+        msg: "SSH key authentication has been configured for user {{ target_user }} on {{ inventory_hostname }}"
+
+  handlers:
+    - name: restart sshd
+      systemd:
+        name: sshd
+        state: restarted
+      when: ansible_connection != 'local'
--- a/configuration/playbooks/security/setup-ssh-keys.yml
+++ b/configuration/playbooks/security/setup-ssh-keys.yml
@@ -0,0 +1,62 @@
+---
+- name: Setup SSH key authentication for browser host
+ hosts: browser
+ become: yes
+ vars:
+    target_user: ben
+    ssh_key_comment: "ansible-generated-key"
+  tasks:
+    - name: Generate SSH key pair if it doesn't exist
+      user:
+        name: "{{ target_user }}"
+        generate_ssh_key: yes
+        ssh_key_bits: 4096
+        ssh_key_comment: "{{ ssh_key_comment }}"
+      become_user: "{{ target_user }}"
+
+    - name: Get SSH public key content
+      command: cat /home/{{ target_user }}/.ssh/id_rsa.pub
+      register: ssh_public_key
+      become_user: "{{ target_user }}"
+      changed_when: false
+
+    - name: Display SSH public key for manual configuration
+      debug:
+        msg: |
+          SSH Public Key for {{ inventory_hostname }}:
+          {{ ssh_public_key.stdout }}
+          
+          To complete key-based authentication setup:
+          1. Copy the above public key to the target system's authorized_keys
+          2. Or use ssh-copy-id command from this system:
+             ssh-copy-id -i /home/{{ target_user }}/.ssh/id_rsa.pub {{ target_user }}@{{ inventory_hostname }}
+
+    - name: Ensure .ssh directory exists for user
+      file:
+        path: /home/{{ target_user }}/.ssh
+        state: directory
+        owner: "{{ target_user }}"
+        group: "{{ target_user }}"
+        mode: '0700'
+
+    - name: Configure SSH to prefer key authentication
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^PasswordAuthentication'
+        line: 'PasswordAuthentication yes'
+        backup: yes
+      notify: restart sshd
+
+    - name: Configure SSH to allow key authentication
+      lineinfile:
+        path: /etc/ssh/sshd_config
+        regexp: '^PubkeyAuthentication'
+        line: 'PubkeyAuthentication yes'
+        backup: yes
+      notify: restart sshd
+
+  handlers:
+    - name: restart sshd
+      systemd:
+        name: sshd
+        state: restarted