From 355bb6a36eb3d9754ec8eea1bc0e56d0fa3e1ca4 Mon Sep 17 00:00:00 2001 From: lilyLuLiu Date: Fri, 27 Sep 2024 15:51:27 +0800 Subject: [PATCH] add proxy/bastion for connection --- Makefile | 2 +- lib/common/remote.sh | 60 ++++++++++++++++++++++++++++++++++---------- 2 files changed, 48 insertions(+), 14 deletions(-) diff --git a/Makefile b/Makefile index 8e942dd..57ef719 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -VERSION ?= 0.0.6 +VERSION ?= 0.0.7 CONTAINER_MANAGER ?= podman IMG ?= quay.io/rhqp/deliverest:v${VERSION} diff --git a/lib/common/remote.sh b/lib/common/remote.sh index 4ad162c..39c490a 100755 --- a/lib/common/remote.sh +++ b/lib/common/remote.sh @@ -18,7 +18,11 @@ remote_required () { [[ -z "${TARGET_HOST_KEY_PATH+x}" && -z "${TARGET_HOST_PASSWORD+x}" ]] \ && echo "TARGET_HOST_KEY_PATH or TARGET_HOST_PASSWORD required" \ && validate=0 - + + if [[ -n "${BASTION_HOST}" && -n "${BASTION_HOST_USERNAME}" ]] + $(ssh_config_file) + fi + return $validate } @@ -63,7 +67,7 @@ check_connection() { # Define remote connection uri () { local remote="${TARGET_HOST_USERNAME}@${TARGET_HOST}" - if [[ ! -z "${TARGET_HOST_DOMAIN+x}" ]]; then + if [[ -n "${TARGET_HOST_DOMAIN}" ]]; then remote="${TARGET_HOST_USERNAME}@${TARGET_HOST_DOMAIN}@${TARGET_HOST}" fi echo "${remote}" @@ -73,10 +77,13 @@ uri () { # $1 local path # $2 remote path scp_to_cmd () { - if [[ ! -z "${TARGET_HOST_KEY_PATH+x}" ]]; then - echo "scp -r $(connect_options) -i ${TARGET_HOST_KEY_PATH} ${1} $(uri):${2}" + cmd="scp -r $(connect_options) " + if [[ -n "${BASTION_HOST}" && -n "${BASTION_USERNAME}" ]]; then + echo "${cmd} -F ssh_config ${1} target_host:${2}" + elif [[ -n "${TARGET_HOST_KEY_PATH}" ]]; then + echo "${cmd} -i ${TARGET_HOST_KEY_PATH} ${1} $(uri):${2}" else - echo "sshpass -p ${TARGET_HOST_PASSWORD} scp -r $(connect_options) ${1} $(uri):${2}" + echo "sshpass -p ${TARGET_HOST_PASSWORD} ${cmd} ${1} $(uri):${2}" fi } @@ -84,26 +91,53 @@ scp_to_cmd () { # $1 remote path # $2 local path scp_from_cmd () { - if [[ ! -z "${TARGET_HOST_KEY_PATH+x}" ]]; then - echo "scp -r $(connect_options) -i ${TARGET_HOST_KEY_PATH} $(uri):${1} ${2}" + cmd="scp -r $(connect_options) " + if [[ -n "${BASTION_HOST}" && -n "${BASTION_USERNAME}" ]]; then + echo "${cmd} -F ssh_config target_host:${1} ${2} " + elif [[ -n "${TARGET_HOST_KEY_PATH}" ]]; then + echo "${cmd} -i ${TARGET_HOST_KEY_PATH} $(uri):${1} ${2}" else - echo "sshpass -p ${TARGET_HOST_PASSWORD} scp -r $(connect_options) $(uri):${1} ${2}" + echo "sshpass -p ${TARGET_HOST_PASSWORD} ${cmd} $(uri):${1} ${2}" fi } # Generate SSH command ssh_cmd () { - cmd="" - if [[ ! -z "${TARGET_HOST_KEY_PATH+x}" ]]; then - cmd="ssh $(connect_options) -i ${TARGET_HOST_KEY_PATH} $(uri) " + cmd="ssh $(connect_options) " + if [[ -n "${BASTION_HOST}" && -n "${BASTION_USERNAME}" ]]; then + cmd+="-F ssh_config target_host " + elif [[ -n "${TARGET_HOST_KEY_PATH}" ]]; then + cmd+="-i ${TARGET_HOST_KEY_PATH} $(uri) " else - cmd="sshpass -p ${TARGET_HOST_PASSWORD} ssh $(connect_options) $(uri) " + cmd="sshpass -p ${TARGET_HOST_PASSWORD} ${cmd} $(uri) " fi + # On AWS MacOS ssh session is not recognized as expected if [[ ${OS} == 'darwin' ]]; then cmd+="sudo su - ${TARGET_HOST_USERNAME} -c \"PATH=\$PATH:/usr/local/bin && $@\"" else - cmd+="$@" + cmd+=" $@" fi echo "${cmd}" } +# +ssh_config_file() { + cat < ssh_config +Host proxy_host + HostName ${BASTION_HOST} + User ${BASTION_HOST_USERNAME} + IdentityFile ${BASTION_HOST_KEY_PATH} + +Host target_host + HostName ${TARGET_HOST} + User ${TARGET_HOST_USERNAME} + IdentityFile ${TARGET_HOST_KEY_PATH} + ProxyJump proxy_host +EOF + if [[ -z ${TARGET_HOST_KEY_PATH+x} ]]; then + sed -i"" -e '9d' ssh_config + fi + if [[ -z ${BASTION_HOST_KEY_PATH+x} ]]; then + sed -i"" -e '4d' ssh_config + fi +}