Synchronize files to remote hosts via rsync over SSH and execute arbitrary commands on remote hosts

Note: rsync must be installed on the remote host. No additional rsync daemon configuration is required as it directly uses SSH channel for data transfer

Simple example to sync local dist folder to ~/target directory on remote machines:

Example 1: Using SSH key to login to remote host

# .cnb.yml
main:
  push:
    - stages:
      - name: rsync
        image: tencentcom/rsync
        # Reference secret repository config file
        imports: https://your-git.com/group/secret-repo/-/blob/main/env.yml
        settings:
          user: $LOGIN_USER
          key: $PRIVATE_KEY
          hosts:
            - ip1
            - ip2
          source: ./dist/
          target: ~/target/

          # Required parameters above, optional parameters below
          port: 22
          include:
            - "app.tar.gz"
            - "app.tar.gz.md5"
          exclude:
            - "*"
          prescript:
            - cd ~/packages
            - md5sum -c app.tar.gz.md5
            - tar -xf app.tar.gz -C ~/app 
          script:
            - cd ~/packages
            - md5sum -c app.tar.gz.md5
            - tar -xf app.tar.gz -C ~/app
          ssh_args: -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa

Reference secret repository config file to get rsync key and rsync user:

# Secret repository env.yml
# SSH private key for login
PRIVATE_KEY: |
  -----BEGIN RSA PRIVATE KEY-----
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  -----END RSA PRIVATE KEY-----
# SSH login user
LOGIN_USER: xxx
# Declare which plugin tasks can reference this config file
allow_images:
  - tencentcom/rsync
# Declare which repository pipelines can reference this config file
allow_slugs:
  - groupname/reponame

Example 2: Using SSH password to login to remote host

# .cnb.yml
main:
  push:
    - stages:
      - name: rsync
        image: tencentcom/rsync
        # Reference secret repository config file
        imports: https://your-git.com/group/secret-repo/-/blob/main/env.yml
        settings:
          user: $LOGIN_USER
          password: $PASSWORD
          hosts:
            - ip1
            - ip2
          source: ./dist/
          target: ~/target/

          # Required parameters above, optional parameters below
          port: 22
          include:
            - "app.tar.gz"
            - "app.tar.gz.md5"
          exclude:
            - "*"
          prescript:
            - cd ~/packages
            - md5sum -c app.tar.gz.md5
            - tar -xf app.tar.gz -C ~/app 
          script:
            - cd ~/packages
            - md5sum -c app.tar.gz.md5
            - tar -xf app.tar.gz -C ~/app

Reference secret repository config file to get rsync key and rsync user:

# Secret repository env.yml
# SSH login user
LOGIN_USER: xxx
# SSH login password
PASSWORD: xxx
# Declare which plugin tasks can reference this config file
allow_images:
  - tencentcom/rsync
# Declare which repository pipelines can reference this config file
allow_slugs:
  - groupname/reponame

• user User for logging into remote machine, defaults to root
• key SSH private key for accessing remote machine. Choose between key and password, with password having higher priority
• password SSH password for accessing remote machine. Choose between key and password, with password having higher priority
• hosts Hostname or IP address of remote machine
• port Connection port of remote machine, defaults to 22
• source Source folder to sync, defaults to ./
• target Target folder on remote machine
• include rsync include filter
• exclude rsync exclude filter
• recursive Whether to sync recursively, defaults to false
• delete Whether to delete contents of target folder, defaults to false
• args Additional rsync command line arguments for the plugin, e.g. "--blocking-io"
• ssh_args Additional ssh command line arguments for the plugin, e.g."-o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa"
• prescript List of commands to run on remote machine before rsync execution
• script List of commands to run on remote machine after rsync execution
• log_level SSH log level, defaults to quiet mode

Modified based on drone-rsync

1. Generate key pair

# Generate public key id_rsa.pub and private key id_rsa
ssh-keygen -t rsa

1. Add public key id_rsa.pub content to ~/.ssh/authorized_keys file on remote machine

You can directly copy and paste id_rsa.pub content to ~/.ssh/authorized_keys file, or use following command:

# This command is not supported on Windows machines, only on Mac/Linux
ssh-copy-id -p 22 root@123.123.123.123

1. Add private key id_rsa content to secret repository, pass PRIVATE_KEY in pipeline, then plugin can use key for passwordless login. See examples above

When using the rsync plugin, you may encounter the following error:

Unable to negotiate with xxx.xxx.xxx.xxx port 22: no matching host key type found. Their offer: ssh-rsa,ssh-dss. This error indicates that the server only offers ssh-rsa and ssh-dss key algorithms.

In this case, you can resolve the issue by specifying the ssh_args: -o HostKeyAlgorithms=+ssh-rsa -o PubkeyAcceptedAlgorithms=+ssh-rsa parameter.