Creating a executable for mac terminal commands - bash

I'm using a series of commands for deploying my files to production,This is done manually currently.Is it possible to make these commands to an executable file,So that i don't have to copy paste these commands each and every time.
When the first line is executed ie, connecting to the root server it will ask for the password and have to paste the password: xxxxxxxxxxxxxx
I'm using mac system.
if you have any idea please let me know?
ssh root#server
pwd: xxxxxxxxxxxxxx
ssh-agent bash
ssh-add bi-master
cd /home/trans/bimaster
git status
git pull git#bitbucket.org:xxxxxxxxx/bimaster.git master

Yes it is possible, normally people use services like Jenkins (free) or bamboo (not free) to run deployment tasks, then you can save credentials on the bamboo/Jenkins server and write a deployment script or pipeline to do the deployment steps.
You should also consider setting up ssh keys on your local machine (public private keypair with ssh-keygen) and the remote (just the public key - ssh-copy-id can do this IIRC) so you don't have to rely on password logins on the remote login. generally, ssh keys are considered more secure and practical than using passwords.
Also, don't do things as the root user unless you have no other choice or you're just testing. Running things as root in production is asking for trouble.

Related

How to run ssh commands on a host after mounting via sshfs and avoid 2FA?

I have the following situation. I am able to ssh into a server but it requires 2FA each time I ssh into the server. Let's say that I do not have control over the server's configuration to disable/bypass 2FA. After successfully ssh'ing into the server, I am free to run commands on that server through my local terminal.
I can also run sshfs to mount a directory on my local machine with a directory on the server (this will trigger 2FA once):
$ sshfs <server>:/a/b/c /my/local/folder
I would like to be able to run a script locally from my machine which invokes commands on the SSH server. I would not like to run the script inside the server. For example, my script may do something like the following, executed locally:
$ ssh <server> <command 1>
$ ssh <server> <command 2>
...
$ ssh <server> <command X>
However, each time the script runs a ssh command, it will trigger 2FA. I would like to avoid the 2FA completely, if possible. Ideally, I would like to encounter the 2FA once per day. Is there any way that I can leverage the sshfs mount and piggyback the session to send ssh commands to the host? I am open to other extreme alternatives as well (e.g. sending key strokes to the window of my local ssh terminal)

Using Jenkins to SSH into EC2 Ubuntu instance and run shell scripts

I have installed Jenkins on my local, I have created my own EC2 instance, I can ssh into my instance and run some shell scripts to shut down my Wildfly server installed on my instance.
This is what I do when I do it manually on my Mac.
open my mac terminal, type
ssh -i /Users/xxx/tools/xxxx.pem ubuntu#10.206.xxx.xx
It will login to my Instance, and then I type:
cd /srv/wildfly-10.1.0.Final/bin
sudo -s
source /etc/profile
./jboss-cli.sh --connect command=:shutdown
The screen will output
{"outcome" => "success"}
Now, I want to using Jenkins, when I click build button, it will ssh into that instance and run these shell scripts for me. The output is expected the same as I run it after I ssh into the instance.
My question is: what steps should I follow, after I login to my Jenkins local environment: localhost:8080
Create a New Item, which one? Is there some plugin I can use? Where to put my shell scripts, will it run successfully?
A guide would be helpful, thanks a lot!
Additon:
when I try to login: using my ssh command, I get this error:
Pseudo-terminal will not be allocated because stdin is not a terminal.
Host key verification failed.
Too many questions to answer in one post. but this should get you started.
ssh from jenkins to your ec2 should be password less, should you need to set the keys in jenkins. use the credential manager and create one, by pasting the private key
https://www.cloudbees.com/blog/using-ssh-jenkins
Refer remote command execution over ssh for the rest of the task.
you will find how to do this in tons.. but this should give you an idea. https://www.cyberciti.biz/faq/unix-linux-execute-command-using-ssh/
For the question on job type, at this point just go with the freestyle .. And later, you may plan for fancy stuff.
You need to add the PEM file details in place where it asks for Private Key

Run batch scripts on a remote server (windows) from jenkins

I've got a continuous integration server (Jenkins ) which builds my code (checks for compilation errors) and runs tests and then deploys the files to a remote server (not a war file, but the actual file structure) I do this with a Jenkins plugin which allows me to transfer files via samba, it does this nightly.
Now, what I need to do is run an ant command on the remote server. And after that I need to start the application server on the remote server, the application server is started by running a .bat file from the command line.
I'm pretty clueless how to accomplish this, I know Jenkins is capable of running batch commands, but how do I make them run in the context of the server and not the context of the build server?
If Jenkins on Windows, remote on *nix, use plink.exe (which is essentially command line PuTTy)
If Jenkins on Windows, remote on Window, use psexec.exe
If Jenkins on *nix, remote on *nix, use ssh
If Jenkins on *nix, remote on Windows, (update 2015-01) Ansible http://docs.ansible.com/intro_windows.html has support for calling Windows commands, eg powershell, from a unix/linux machine, https://github.com/ansible/ansible-examples/blob/master/windows/run-powershell.yml
Tell me what OSes are involved (both on Jenkins and remote), and I will flash this out further.
Edit:
The download page for psexec.exe lists all command line options. You will want something along the lines of:
psexec \\remotecomputername -u remoteusername -p remotepassword cmd /c <your commands here>
Replace <your commands here> with actual commands as you would execute them from command prompt.
Note that psexec first needs to install a service, and required elevated command prompt/admin remote credentials to do so.
Also, you need to run psexec -accepteula once to accept the EULA prompt.
Following Slav's answer above, here is a simpler solution for Jenkins (*nix) to remote (windows):
Install an SSH server on your remote windows (MobaSSH home edition worked well for me)
Make sure your Jenkins user, on your Jenkins machine, has the required certification to open an SSH connection with your remote (you can simply open a terminal and ssh to your remote once, then accept the certification. Make sure it is saved for the Jenkins user).
You can now add an execute shell build phase in your Jenkins job which can SSH to your remote windows machine.
Notes :
The established connection might require some additional work - you might have to set windows environment variables or map network drivers in order for your executed commands or batch files to work properly on your windows machines.
If you wish to run GUI related operations this solution might not be relevant (Following my work on running automation tests which require GUI manipulation).
Using Jenkins SSH plugin is an issue, as seen here.
1、i install (MobaSSH home ) on my remote windows server .
2、and install jenkins ssh plugin
3、edit shell eg: go build project
4、it seems something wrong ,
" go: creating work dir: CreateFile C:\WINDOWS\system32\bsh\tmp: The system cannot find the path specified."
I ended up going with a different approach after trying out psexec.exe for a while.
Psexec.exe and copying files over the network was a bit slow and unstable, especially since the domain I work on has a policy of changing password every months (which broke the build).
In the end I went with the master/slave approach, which is faster and more stable. Since I don't have to use psexec.exe and don't have to copy files over the network.

Problems running svn+ssh from Jenkins in OS X using ssh keys

Trying to run a simple
svn list svn+ssh://...
from within jenkins on os X, as an execute shell step. The job is not linked to a SVN repository - I am trying to do an svn list manually on the tags folder without having jenkins downloading a copy of each tag.
but other jobs are connected to svn and jenkins checks out code fine.
I have downloaded jenkins from here which runs jenkins as a daemon
The problem is ssh keys. After a few iterations, here where I am at.
In /Library/LaunchDaemons/org.jenkins-ci.plist I have set JENKINS_HOME as /Users/Shared/Jenkins/Home (that's where jenkins gets installed), and in there I have created ssh keys, without passphrase (for now)
The actual command I am running is
svn --config-dir=/Users/Shared/Jenkins/Home/.subversion list svn+ssh://...
to get around jenkins running shell steps as root without actually having root permissions (not sure why - jenkins is launched by loading /Library/LaunchDaemons/org.jenkins-ci.plist) and causing a permission error when it tires to read /var/root/.servers
in --config-dir=/Users/Shared/Jenkins/Home/.subversion/config I have added
ssh = $SVN_SSH ssh -v -i /Users/Shared/Jenkins/Home/.ssh/id_rsa
so ssh can connect to the server. The last missing step now is that the shell expects the passphrase and cannot get it from Keychain (obviously)
debug1: read_passphrase: can't open /dev/tty: Device not configured
I thought leaving an empty passphrase would do the job, but it doesn't. Any clues? Thanks in advance.
I don't think there is a workaround to "read_passphrase: can't open /dev/tty: Device not configured" - the command expects terminal input and can't get it, nor can it get Keychain to provide it. It's all tied in with running as a daemon.
In the end I downloaded the latest version of the jenkins installer and re-installed to run manually and not as a daemon, so it runs as me instead of some weird flavour of root, and the problem disappeared.

Ant: How to avoid SSH passwords?

Problem
We have a server over which we have FULL control
We have a long, complicated shell script that interacts with this server via SCP and SSH
We have an Ant Target that runs the script
simplified example:
<target name="run-script">
<exec executable="/path/to/script_that_runs_ssh_cmds.sh" />
</target>
This target fails with the following exception:
ssh_askpass: exec(/usr/libexec/ssh-askpass): No such file or directory
Question
After researching a bit, I think this can be fixed by generating public/private key pairs. That way, the ssh command doesn't have to prompt for passwords. Assuming this solution will work, how do you go about making it so that SSH calls on the system use keys in lieu of prompting for passwords? Is it possible to set this up in a way that anyone on our team can run the Ant target successfully from their laptop?
Note: We're all running OS X 10.6 (Leopard) and physically connected to the same LAN as the server.
You can just install the private key under ~/.ssh and ssh will automatically look into that directory and use the key you installed.
In the server side, add the public key to ~/.ssh/authorized_keys

Resources