perf(qualys/agents): combine toutes les cmds en 1 seul channel SSH avec markers - evite Timeout opening channel sur PSMP

2026-04-28 01:18:59 +02:00 · 2026-04-28 01:18:59 +02:00 · 5abc474805
commit 5abc474805
parent d4205fb8f8
1 changed files with 31 additions and 12 deletions
--- a/app/services/realtime_audit_service.py
+++ b/app/services/realtime_audit_service.py
@ -931,19 +931,38 @@ def audit_qualys_agent_only(hostname):
    result["connection_method"] = f"{method} -> {target}"

    try:
+        # Toutes les commandes dans 1 seul script bash avec markers — 1 channel SSH unique.
+        # Evite le "Timeout opening channel" sur PSMP qui limite le nombre de channels.
+        combined_parts = []
        for key, cmd in QUALYS_AGENT_CMDS.items():
-            out = _run(client, cmd)
-            # Retry avec reconnect si Timeout opening channel (limite PSMP)
-            if out and ("timeout opening channel" in out.lower() or
-                        "channel closed" in out.lower()):
-                try:
-                    client.close()
-                except Exception:
-                    pass
-                client = _connect(target, hostname)
-                if client:
-                    out = _run(client, cmd)
-            result[key] = out or "(empty)"
+            combined_parts.append(f"echo '__SECTION_{key}_START__'")
+            combined_parts.append(cmd)
+            combined_parts.append(f"echo '__SECTION_{key}_END__'")
+        combined = "; ".join(combined_parts)
+
+        # exec_command direct avec timeout plus long (60s) car script combiné = curl 5s + plusieurs commandes
+        try:
+            _, stdout_chk, _ = client.exec_command("id -u", timeout=5)
+            uid = stdout_chk.read().decode().strip()
+            full_cmd = combined if uid == "0" else "sudo bash -c '" + combined.replace("'", "'\"'\"'") + "'"
+            _, stdout, stderr = client.exec_command(full_cmd, timeout=60)
+            big_out = stdout.read().decode("utf-8", errors="replace")
+            err = stderr.read().decode("utf-8", errors="replace")
+            if not big_out.strip() and err.strip():
+                # Fallback retry sans sudo si sudoers refuse
+                _, stdout2, _ = client.exec_command(combined, timeout=60)
+                big_out = stdout2.read().decode("utf-8", errors="replace")
+        except Exception as ex_inner:
+            big_out = f"ERROR: {ex_inner}"
+        # Parser la sortie en cherchant les markers
+        for key in QUALYS_AGENT_CMDS:
+            start_marker = f"__SECTION_{key}_START__"
+            end_marker = f"__SECTION_{key}_END__"
+            try:
+                section = big_out.split(start_marker, 1)[1].split(end_marker, 1)[0].strip()
+            except Exception:
+                section = "(parsing failed)"
+            result[key] = section or "(empty)"
        result["status"] = "OK"
    except Exception as e:
        result["status"] = "ERROR"