import paramiko, sys, time
sys.stdout.reconfigure(encoding='utf-8', errors='replace')

client = paramiko.SSHClient()
client.set_missing_host_key_policy(paramiko.AutoAddPolicy())
client.connect('101.79.17.164', username='root', password='1q2w3e!Q', timeout=15)

def run(label, cmd, timeout=30):
    print(f'\n[{label}]')
    _, o, e = client.exec_command(cmd, timeout=timeout)
    print(o.read().decode('utf-8', errors='replace').strip()[:400])

run('Jenkins 사용자 목록', 'ls /var/lib/jenkins/users/ 2>/dev/null')
run('admin 사용자 설정', 'cat /var/lib/jenkins/users/admin_*/config.xml 2>/dev/null | head -20')
run('Security Realm', 'grep -A5 "securityRealm" /var/lib/jenkins/config.xml 2>/dev/null | head -10')

# Jenkins 보안을 임시 비활성화 후 비밀번호 재설정
run('보안 임시 비활성화', """
# config.xml에서 useSecurity를 false로 변경
sed -i 's|<useSecurity>true</useSecurity>|<useSecurity>false</useSecurity>|' /var/lib/jenkins/config.xml
echo "보안 비활성화"
grep "useSecurity" /var/lib/jenkins/config.xml
""")

run('Jenkins 재시작', 'systemctl restart jenkins && sleep 8 && systemctl is-active jenkins')

# 보안 비활성화 상태에서 비밀번호 재설정 Groovy 스크립트 실행
run('API 확인 (보안 비활성화)', """
HTTP=$(curl -sf -o /dev/null -w "%{http_code}" http://127.0.0.1:9080/api/json 2>/dev/null)
echo "HTTP: $HTTP"
""")

run('admin 비밀번호 재설정', """
# Jenkins Script Console을 통해 비밀번호 재설정
curl -sf -X POST http://127.0.0.1:9080/scriptText \
  --data-urlencode 'script=
import jenkins.model.*
import hudson.security.*
def instance = Jenkins.getInstance()
def realm = new HudsonPrivateSecurityRealm(false)
realm.createAccount("admin", "Admin@2026!")
instance.setSecurityRealm(realm)
def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
strategy.setAllowAnonymousRead(false)
instance.setAuthorizationStrategy(strategy)
instance.setSecurityEnabled(true)
instance.save()
println "done"
' 2>/dev/null
""")

run('보안 재활성화 확인', """
grep "useSecurity" /var/lib/jenkins/config.xml
""")

run('Jenkins 재시작', 'systemctl restart jenkins && sleep 8 && systemctl is-active jenkins')

client.close()