yystopf
/
gitlink_runner_ssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

初始化项目

This commit is contained in:
yystopf 2023-04-10 17:21:14 +08:00
commit cafd22d439
9 changed files with 330 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md Normal file
View File

@ -0,0 +1,32 @@
# jianmu-runner-ssh
#### 介绍
用于通过ssh私钥免密登陆远程主机执行命令
#### 输入参数
```
JIANMU_SSH_PASS: 远程主机登陆密码
JIANMU_SSH_PRIVATE_KEY: 远程主机私钥
JIANMU_SSH_IP: 远程主机IP
JIANMU_SSH_PORT: SSH端口
JIANMU_SSH_USER: SSH连接用户
JIANMU_SSH_CMD: 远程执行的命令
```
#### 构建docker镜像
```
# 创建docker镜像
docker build --rm -f dockerfile/xxx -t jianmudev/jianmu-runner-ssh-cmd:${version} .
# 上传docker镜像
docker push jianmudev/jianmu-runner-ssh-cmd:${version}
```
#### 用法
```
docker run --rm \
-e JIANMU_SSH_PRIVATE_KEY=xxx \
-e JIANMU_SSH_HOST=xxx \
-e JIANMU_SSH_CMD=xxx \
jianmudev/jianmu-runner-ssh-cmd:${version}
```

10
dockerfile/Dockerfile Normal file
View File

@ -0,0 +1,10 @@
FROM docker.jianmuhub.com/library/alpine:3.17.0
RUN sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
RUN apk add --no-cache openssh-client && \
apk add --no-cache expect
COPY script /usr/local/bin/
COPY files/ssh_config /etc/ssh/ssh_config

65
dsl/node_def_scp_resource.yml Normal file
View File

@ -0,0 +1,65 @@
ref: scp_resource
version: 0.0.1
description: 支持跳板机复制本地文件到远程服务器, 须设置免密登录
inputParameters:
- ref: ssh_private_key
name: ssh私钥
type: SECRET
required: true
value: ""
description: "可以免密登陆目标主机的ssh私钥必填"
- ref: remote_host
name: 远程服务器IP
type: STRING
required: true
description: "ssh登陆的远程服务器的ip"
- ref: remote_port
name: 远程服务器端口
type: STRING
value: "22"
description: "ssh登陆所用端口默认为22"
- ref: remote_user
name: 远程服务器连接用户
type: STRING
value: root
description: "ssh登陆时的用户默认为root"
- ref: remote_file
name: 远程文件/目录路径
type: STRING
required: true
description: "文件/目录上传的远程路径"
- ref: local_file
name: 本地文件/目录路径
type: STRING
required: true
value: ""
description: "需要上传的文件/目录路径,必填"
- ref: gateway_host
name: 跳板机服务器IP
type: STRING
required: true
description: "ssh登陆的跳板机服务器的ip"
- ref: gateway_port
name: 跳板机端口
type: STRING
value: "22"
description: "ssh登陆跳板机所用端口默认为22"
- ref: gateway_user
name: 跳板机连接用户
type: STRING
value: root
description: "ssh登陆跳板机时的用户默认为root"
- ref: local_file
name: 临时文件/目录路径
type: STRING
required: true
value: ""
description: "临时文件/目录路径,必填"
spec:
image: 'docker.jianmuhub.com/yystopf/runner_ssh:0.0.1'
entrypoint:
- "/bin/sh"
- "-c"
cmd:
- "/usr/local/bin/execute_scp"

52
dsl/node_def_ssh_cmd.yml Normal file
View File

@ -0,0 +1,52 @@
ref: ssh_cmd
version: 0.0.1
description: 支持跳板机运行连接远程服务器,并支持执行脚本,须设置免密登录
inputParameters:
- ref: ssh_private_key
name: ssh私钥
type: SECRET
required: true
value: ""
description: "可以免密登陆目标主机的ssh私钥必填"
- ref: remote_host
name: 远程服务器IP
type: STRING
required: true
description: "ssh登陆的远程服务器的ip"
- ref: remote_port
name: 远程服务器端口
type: STRING
value: "22"
description: "ssh登陆所用端口默认为22"
- ref: remote_user
name: 远程服务器连接用户
type: STRING
value: root
description: "ssh登陆时的用户默认为root"
- ref: gateway_host
name: 跳板机服务器IP
type: STRING
required: true
description: "ssh登陆的跳板机服务器的ip"
- ref: gateway_port
name: 跳板机端口
type: STRING
value: "22"
description: "ssh登陆跳板机所用端口默认为22"
- ref: gateway_user
name: 跳板机连接用户
type: STRING
value: root
description: "ssh登陆跳板机时的用户默认为root"
- ref: ssh_cmd
name: 执行命令
type: STRING
required: true
description: "需要在远程执行的命令"
spec:
image: 'docker.jianmuhub.com/yystopf/runner_ssh:0.0.1'
entrypoint:
- "/bin/sh"
- "-c"
cmd:
- "/usr/local/bin/execute_ssh"

48
files/ssh_config Normal file
View File

@ -0,0 +1,48 @@
# $OpenBSD: ssh_config,v 1.34 2019/02/04 02:39:42 dtucker Exp $
# This is the ssh client system-wide configuration file. See
# ssh_config(5) for more information. This file provides defaults for
# users, and the values can be changed in per-user configuration files
# or on the command line.
# Configuration data is parsed as follows:
# 1. command line options
# 2. user-specific file
# 3. system-wide file
# Any configuration value is only changed the first time it is set.
# Thus, host-specific definitions should be at the beginning of the
# configuration file, and defaults at the end.
# Site-wide defaults for some commonly used options. For a comprehensive
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
Host *
# ForwardAgent no
# ForwardX11 no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# GSSAPIDelegateCredentials no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
# ConnectTimeout 0
StrictHostKeyChecking no
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# IdentityFile ~/.ssh/id_ecdsa
# IdentityFile ~/.ssh/id_ed25519
# Port 22
# Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,3des-cbc
# MACs hmac-md5,hmac-sha1,umac-64@openssh.com
# EscapeChar ~
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
IPQoS throughput
ServerAliveCountMax 5
ServerAliveInterval 60

19
script/execute_scp Executable file
View File

@ -0,0 +1,19 @@
#!/bin/sh
set -e
if [[ ! -z "${JIANMU_SSH_PRIVATE_KEY}" ]]; then
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo -e "${JIANMU_SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
set -x
scp_expect
else
echo "ERROR!Parameter is missing, ssh_private_key is required."
exit 1
fi

20
script/execute_ssh Executable file
View File

@ -0,0 +1,20 @@
#!/bin/sh
set -e
if [[ ! -z "${JIANMU_SSH_PRIVATE_KEY}" ]]; then
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo -e "${JIANMU_SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
set -x
scp_expect
else
echo "ERROR!Parameter is missing, ssh_private_key is required."
exit 1
fi

52
script/scp_expect Executable file
View File

@ -0,0 +1,52 @@
#!/usr/bin/expect
set timeout -1
set local_file ${JIANMU_LOCAL_FILE}
set remote_user ${JIANMU_REMOTE_USER}
set remote_host ${JIANMU_REMOTE_HOST}
set remote_port ${JIANMU_REMOTE_PORT}
set remote_password ${JIANMU_REMOTE_PASS}
set remote_file ${JIANMU_REMOTE_FILE}
set gateway_user ${JIANMU_GATEWAY_USER}
set gateway_host ${JIANMU_GATEWAY_HOST}
set gateway_port ${JIANMU_GATEWAY_PORT}
set gateway_password ${JIANMU_GATEWAY_PASS}
set temp_file ${JIANMU_TEMP_FILE}
# 上传文件到跳板机
spawn scp -P $gateway_port -r $local_file $gateway_user@$gateway_host:~/$temp_file
expect {
"yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$gateway_password\r" };
}
# 登录跳板机
spawn ssh -p $gateway_port $gateway_user@$gateway_host
expect {
"yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$gateway_password\r" };
"*$ " {
# 从跳板机复制文件到目标主机
send "scp -P $remote_port -r $temp_file $remote_user@$remote_host:~/$remote_file\r"
expect {
"yes/no" {
send "yes\r"
exp_continue
}
"*password:" {
send "$remote_password\r"
}
"*$ " {
send "rm $temp_file\r"
expect "*$ " {send "exit\r"}
}
}
}
}

32
script/ssh_expect Executable file
View File

@ -0,0 +1,32 @@
#!/usr/bin/expect
set timeout -1
set remote_user ${JIANMU_REMOTE_USER}
set remote_host ${JIANMU_REMOTE_HOST}
set remote_port ${JIANMU_REMOTE_PORT}
set ssh_cmd ${JIANMU_SSH_CMD}
set gateway_user ${JIANMU_GATEWAY_USER}
set gateway_host ${JIANMU_GATEWAY_HOST}
set gateway_port ${JIANMU_GATEWAY_PORT}
# 登录跳板机
spawn ssh -p $gateway_port $gateway_user@$gateway_host
expect {
"yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$gateway_password\r" };
"*$ " {
send "ssh -p $remote_port $remote_user@$remote_host $ssh_cmd\r"
expect {
"yes/no" { send "yes\r"; exp_continue }
"*password:" { send "$remote_password\r" };
"*$ " {send "exit\r"}
}
}
}