Merge pull request #1253 from ErikJiang/support_ssh_with_key

streamlined remote access with ssh key mode for other linux
kubean-io · May 21, 2024 · cb029fe · cb029fe
2 parents 2f2ebc1 + 8eaa0a3
commit cb029fe
Show file tree

Hide file tree

Showing 2 changed files with 72 additions and 40 deletions.
diff --git a/build/os-packages/others/README.md b/build/os-packages/others/README.md
@@ -30,8 +30,21 @@ Prepare the OS package tarball file in advance.
 ``` bash
 $ export PKGS_YML_PATH=/home/pkgs.yml
 $ export PKGS_TAR_PATH=/home/os-pkgs.tar.gz
-$ export SSH_USER=root
-$ export SSH_PASS=dangerous
 $ export HOST_IPS='192.168.10.11 192.168.10.12'
+
+# username/password authentication
+$ export SSH_USER=root
+$ export SSH_CRED=dangerous
+$ ./other_os_pkgs.sh install
+
+# public/private key authentication
+$ export SSH_MODE=KEY
+$ export SSH_USER=root
+$ ./other_os_pkgs.sh install
+
+# public/private key authentication (specify the private key path)
+$ export SSH_MODE=KEY
+$ export SSH_USER=root
+$ export SSH_CRED=/home/ssh/id_rsa
 $ ./other_os_pkgs.sh install
 ```
diff --git a/build/os-packages/others/other_os_pkgs.sh b/build/os-packages/others/other_os_pkgs.sh
@@ -11,8 +11,9 @@ ARCH=${ARCH:-''}
 PKGS_YML_PATH=${PKGS_YML_PATH:-"pkgs.yml"}
 PKGS_TAR_PATH=${PKGS_TAR_PATH:-"os-pkgs-${DISTRO}-${VERSION}.tar.gz"}
 
+SSH_MODE=${SSH_MODE:-'PWD'} # PWD or KEY
 SSH_USER=${SSH_USER:-''}
-SSH_PASS=${SSH_PASS:-''}
+SSH_CRED=${SSH_CRED:=''}
 HOST_IPS=${HOST_IPS:-''}
 
 REMOTE_REPO_PATH='/home/other_repo'
@@ -273,30 +274,44 @@ function Build() {
 ###### Install OS Package ######
 #==============================#
 
-function ssh_run() {
-  local ip=$1
+function remote_exec() {
+  local host=$1
   local cmd=$2
-  sshpass -p ${SSH_PASS} ssh ${SSH_USER}@${ip} -o StrictHostKeyChecking=no "${cmd}"
+
+  if [[ "${SSH_MODE}" == "KEY" && -z "${SSH_CRED}" ]]; then
+    ssh "${SSH_USER}@${host}" -o StrictHostKeyChecking=no "${cmd}"
+  elif [[ "${SSH_MODE}" == "KEY" && -f "${SSH_CRED}" ]]; then
+    ssh -i "${SSH_CRED}" "${SSH_USER}@${host}" -o StrictHostKeyChecking=no "${cmd}"
+  elif [[ "${SSH_MODE}" == "PWD" ]]; then
+    sshpass -p "${SSH_CRED}" ssh "${SSH_USER}@${host}" -o StrictHostKeyChecking=no "${cmd}"
+  fi
 }
 
-function ssh_cp() {
-  local ip=$1
+function remote_copy() {
+  local host=$1
   local local_path=$2
   local remote_path=$3
-  sshpass -p ${SSH_PASS} scp ${local_path} ${SSH_USER}@${ip}:${remote_path}
+
+  if [[ "${SSH_MODE}" == "KEY" && -z "${SSH_CRED}" ]]; then
+    scp "${local_path}" "${SSH_USER}@${host}:${remote_path}"
+  elif [[ "${SSH_MODE}" == "KEY" && -f "${SSH_CRED}" ]]; then
+    scp -i "${SSH_CRED}" "${local_path}" "${SSH_USER}@${host}:${remote_path}"
+  elif [[ "${SSH_MODE}" == "PWD" ]]; then
+    sshpass -p "${SSH_CRED}" scp "${local_path}" "${SSH_USER}@${host}:${remote_path}"
+  fi
 }
 
 function get_remote_os_release() {
   local ip=$1
   local keyword=$2
-  local ret=$(ssh_run "${ip}" "cat /etc/os-release |grep '^${keyword}='" | awk -F '=' '{print $2}' | sed 's/\"//g' | tr A-Z a-z)
+  local ret=$(remote_exec "${ip}" "cat /etc/os-release |grep '^${keyword}='" | awk -F '=' '{print $2}' | sed 's/\"//g' | tr A-Z a-z)
   echo ${ret}
 }
 
 function check_deb_pkg_installed() {
   local ip=$1
   local pkg_name=$2
-  ssh_run "${ip}" "dpkg-query --show --showformat='\${db:Status-Status}\n' ${pkg_name} 2>/dev/null"
+  remote_exec "${ip}" "dpkg-query --show --showformat='\${db:Status-Status}\n' ${pkg_name} 2>/dev/null"
 }
 
 function dnf_install() {
@@ -305,7 +320,7 @@ function dnf_install() {
   local yum_repo_config='other-extra.repo'
   local packages=$(cat ${PKGS_YML_PATH} | yq eval '.yum.required_pkgs[],.commons[]' | tr '\n' ' ')
 
-  ssh_run "${ip}" "mv /etc/yum.repos.d/ /etc/yum.repos.d.bak/ && mkdir -p /etc/yum.repos.d/"
+  remote_exec "${ip}" "mv /etc/yum.repos.d/ /etc/yum.repos.d.bak/ && mkdir -p /etc/yum.repos.d/"
   # Distribute yum repo configuration
   cat >${yum_repo_config} <<EOF
 [other-extra]
@@ -321,15 +336,15 @@ enabled=1
 gpgcheck=0
 sslverify=0
 EOF
-  ssh_cp "${ip}" "${yum_repo_config}" "${yum_repos_path}"
-  ssh_run "${ip}" "dnf clean all && dnf repolist"
+  remote_copy "${ip}" "${yum_repo_config}" "${yum_repos_path}"
+  remote_exec "${ip}" "dnf clean all && dnf repolist"
   rm ${yum_repo_config} -rf
   # Installing yum packages
   set +e
   # install container-selinux need enable container-tools module
-  ssh_run "${ip}" "dnf module enable container-tools -y"
+  remote_exec "${ip}" "dnf module enable container-tools -y"
   for item in ${packages}; do
-    ssh_run "${ip}" "dnf install -y ${item} --disablerepo=* --enablerepo=other-extra"
+    remote_exec "${ip}" "dnf install -y ${item} --disablerepo=* --enablerepo=other-extra"
     if [ $? -ne 0 ]; then
       log_warn "failed to install package '${item}'"
     fi
@@ -343,7 +358,7 @@ function yum_install() {
   local yum_repo_config='other-extra.repo'
   local packages=$(cat ${PKGS_YML_PATH} | yq eval '.yum.required_pkgs[],.commons[]' | tr '\n' ' ')
 
-  ssh_run "${ip}" "mv /etc/yum.repos.d/ /etc/yum.repos.d.bak/ && mkdir -p /etc/yum.repos.d/"
+  remote_exec "${ip}" "mv /etc/yum.repos.d/ /etc/yum.repos.d.bak/ && mkdir -p /etc/yum.repos.d/"
   # Distribute yum repo configuration
   cat >${yum_repo_config} <<EOF
 [other-extra]
@@ -353,13 +368,13 @@ enabled=1
 gpgcheck=0
 sslverify=0
 EOF
-  ssh_cp "${ip}" "${yum_repo_config}" "${yum_repos_path}"
-  ssh_run "${ip}" "yum clean all && yum repolist"
+  remote_copy "${ip}" "${yum_repo_config}" "${yum_repos_path}"
+  remote_exec "${ip}" "yum clean all && yum repolist"
   rm ${yum_repo_config} -rf
   # Installing yum packages
   set +e
   for item in ${packages}; do
-    ssh_run "${ip}" "yum install -y ${item} --disablerepo=* --enablerepo=other-extra"
+    remote_exec "${ip}" "yum install -y ${item} --disablerepo=* --enablerepo=other-extra"
     if [ $? -ne 0 ]; then
       log_warn "failed to install package '${item}'"
     fi
@@ -375,9 +390,9 @@ function apt_install() {
   local install_failed_list=()
 
   # Add apt source for remote node
-  ssh_run "${ip}" "mv ${apt_repo_path} ${apt_repo_path}.disabled"
-  ssh_run "${ip}" "echo \"${extra_repo}\" > ${apt_repo_path}"
-  ssh_run "${ip}" "apt-get update"
+  remote_exec "${ip}" "mv ${apt_repo_path} ${apt_repo_path}.disabled"
+  remote_exec "${ip}" "echo \"${extra_repo}\" > ${apt_repo_path}"
+  remote_exec "${ip}" "apt-get update"
   # Installing deb packages
   set +e
   for item in ${packages}; do
@@ -386,7 +401,7 @@ function apt_install() {
       log_warn "the package '${item}' has been installed"
       continue
     fi
-    ssh_run "${ip}" "apt-get install -y ${item}"
+    remote_exec "${ip}" "apt-get install -y ${item}"
     if [ $? -ne 0 ]; then
       log_warn "failed to install package '${item}'"
       install_failed_list+=(${item})
@@ -401,7 +416,7 @@ function apt_install() {
   fi
 
   # Remove apt source for remote node
-  # ssh_run "${ip}" "mv ${apt_repo_path}.disabled  ${apt_repo_path}"
+  # remote_exec "${ip}" "mv ${apt_repo_path}.disabled  ${apt_repo_path}"
 
 }
 
@@ -434,15 +449,19 @@ function Install() {
   if [ -z "${HOST_IPS}" ]; then
     log_erro "Host IPs: \${HOST_IPS} should not be empty."
   fi
-  # Check if SSH_USER/SSH_PASS is empty
-  if [ -z "${SSH_USER}" ] || [ -z "${SSH_PASS}" ]; then
-    log_erro "SSH USER/PASS: \${SSH_USER} or \${SSH_PASS} should not be empty."
+  # Check if SSH_USER/SSH_CRED is empty
+  if [[ -z "${SSH_USER}" ]]; then
+    log_erro "SSH USER/PASS: \${SSH_USER} should not be empty."
+  fi
+
+  if [[ "${SSH_MODE}" == "PWD" && -z "${SSH_CRED}" ]]; then
+    log_erro "SSH USER/PASS: \${SSH_CRED} should not be empty."
   fi
 
   yq_install
 
   for ip in ${HOST_IPS[@]}; do
-    if [ -z "$(ssh_run "${ip}" "command -v tar")" ]; then
+    if [ -z "$(remote_exec "${ip}" "command -v tar")" ]; then
       log_erro "Node(${ip}) does not have the tar command line installed"
     fi
 
@@ -453,28 +472,28 @@ function Install() {
       VERSION=$(get_remote_os_release ${ip} 'VERSION_ID')
     fi
     if [ -z "${ARCH}" ]; then
-      ARCH=$(ssh_run "${ip}" "uname -m")
+      ARCH=$(remote_exec "${ip}" "uname -m")
     fi
     # 1. Distribute OS packages to each node
-    ssh_run "${ip}" "rm ${REMOTE_REPO_PATH} -rf && mkdir -p ${REMOTE_REPO_PATH}"
-    ssh_cp "${ip}" "${PKGS_TAR_PATH}" "${REMOTE_REPO_PATH}"
+    remote_exec "${ip}" "rm ${REMOTE_REPO_PATH} -rf && mkdir -p ${REMOTE_REPO_PATH}"
+    remote_copy "${ip}" "${PKGS_TAR_PATH}" "${REMOTE_REPO_PATH}"
 
     # 2. Unzip the OS package
     # gunzip os-pkgs.tar.gz
     # cat os-pkgs.tar | cpio -i -d -H tar
-    ssh_run "${ip}" "cd ${REMOTE_REPO_PATH} && tar -zxvf $(basename ${PKGS_TAR_PATH})"
-    ssh_run "${ip}" "cd ${REMOTE_REPO_PATH}/os-pkgs/ && tar -zxvf os-pkgs-$(require_arch).tar.gz"
+    remote_exec "${ip}" "cd ${REMOTE_REPO_PATH} && tar -zxvf $(basename ${PKGS_TAR_PATH})"
+    remote_exec "${ip}" "cd ${REMOTE_REPO_PATH}/os-pkgs/ && tar -zxvf os-pkgs-$(require_arch).tar.gz"
 
     # 3. Install the OS package
-    if [ ! -z "$(ssh_run "${ip}" "command -v dnf")" ]; then
+    if [ ! -z "$(remote_exec "${ip}" "command -v dnf")" ]; then
       dnf_install ${ip}
-    elif [ ! -z "$(ssh_run "${ip}" "command -v yum")" ]; then
+    elif [ ! -z "$(remote_exec "${ip}" "command -v yum")" ]; then
       yum_install ${ip}
-    elif [ ! -z "$(ssh_run "${ip}" "command -v apt-get")" ]; then
+    elif [ ! -z "$(remote_exec "${ip}" "command -v apt-get")" ]; then
       apt_install ${ip}
-    elif [ ! -z "$(ssh_run "${ip}" "command -v zypper")" ]; then
+    elif [ ! -z "$(remote_exec "${ip}" "command -v zypper")" ]; then
       zypper_install ${ip}
-    elif [ ! -z "$(ssh_run "${ip}" "command -v apk")" ]; then
+    elif [ ! -z "$(remote_exec "${ip}" "command -v apk")" ]; then
       apk_install ${ip}
     else
       log_erro "FAILED TO INSTALL PACKAGE: Package manager not found."
@@ -508,7 +527,7 @@ Examples
   export PKGS_YML_PATH=/home/pkgs.yml
   export PKGS_TAR_PATH=/home/os-pkgs.tar.gz
   export SSH_USER=root
-  export SSH_PASS=dangerous
+  export SSH_CRED=dangerous
   export HOST_IPS='192.168.10.11 192.168.10.12'
   ./$cmd install
 EOF