import paramiko, sys, time
sys.stdout.reconfigure(encoding='utf-8', errors='replace')

client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect('101.79.17.164', username='root', password='1q2w3e!Q', timeout=15)

def run(label, cmd, timeout=30):
    print(f'\n[{label}]')
    _, o, e = client.exec_command(cmd, timeout=timeout)
    out = o.read().decode('utf-8', errors='replace').strip()
    if out: print(out[:300])
    return out

# init.groovy.d 스크립트 제거 (비밀번호 "admin"으로 재설정하는 스크립트)
run('init.groovy 제거', 'rm -f /var/lib/jenkins/init.groovy.d/00_setup.groovy && ls /var/lib/jenkins/init.groovy.d/')

# Script Console로 비밀번호 재설정 (보안 비활성화 상태)
run('비밀번호 재설정 (보안 비활성화)', """
curl -sf -X POST http://127.0.0.1:9080/scriptText \
  --data-urlencode 'script=
import jenkins.model.*
import hudson.security.*

def instance = Jenkins.instance

// HudsonPrivateSecurityRealm으로 비밀번호 재설정
def realm = new HudsonPrivateSecurityRealm(false)
realm.createAccount("admin", "1q2w3e!Q")
instance.setSecurityRealm(realm)

def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)
instance.setSecurityEnabled(true)
instance.save()
println "비밀번호 재설정 완료"
' 2>/dev/null || echo "Script Console 접근 실패"
""")

# useSecurity 다시 활성화
run('보안 재활성화', """
sed -i 's/<useSecurity>false<\/useSecurity>/<useSecurity>true<\/useSecurity>/' /var/lib/jenkins/config.xml
grep "useSecurity" /var/lib/jenkins/config.xml
""")

run('Jenkins 재시작', 'systemctl restart jenkins && sleep 10 && systemctl is-active jenkins')
time.sleep(5)

# 새 비밀번호로 확인
run('새 비밀번호로 API 확인', """
for pw in '1q2w3e!Q' 'admin' 'Admin@2026!'; do
  HTTP=$(curl -sf -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/api/json -u "admin:$pw" 2>/dev/null)
  echo "admin/$pw → HTTP $HTTP"
  if [ "$HTTP" = "200" ]; then
    echo "SUCCESS! 비밀번호: $pw"
    break
  fi
done
""")

client.close()