通过 ssh 在远端 host 执行命令。
host: 目标机器 hostname 或 IPport: 目标主机 ssh portprotocol: 要使用的 IP 协议:可以是 tcp、tcp4 或 tcp6username: 目标主机用户名password: 目标主机密码key: 私钥文本key_path: 私钥路径passphrase: 私钥密码短语script: 在远端服务器执行的命令script_stop: 命令失败时停止执行后续命令timeout: SSH 连接建立的最长时间, 默认为 30 秒command_timeout: 执行命令的最长时间, 默认为 10 分钟proxy_host: 代理的 hostname 或 IPproxy_port: 代理主机的 ssh portproxy_protocol: 用于代理的 IP 协议:可以是 tcp、tcp4 或 tcp6proxy_username: 代理主机用户名proxy_password: 代理主机密码proxy_key: 代理主机私钥明文文本proxy_key_path: 代理主机私钥的路径proxy_passphrase: 代理主机私钥密码短语
简单示例:
main:
push:
- stages:
- name: echo file
image: tencentcom/ssh
settings:
host: xx.xx.xx.xxx
username: root
password: xxxx
port: 22
script:
- echo hello world
- echo test > ~/test.txt
多台目标机器例子:
main:
push:
- stages:
- name: echo file
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xxx
- xx.xx.xx.xxx
username: root
password: xxxx
port: 22
script:
- echo hello world
- echo test > ~/test.txt
host 带 port 例子:
main:
push:
- stages:
- name: echo file
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xxx:22
username: root
password: xxxx
script:
- echo hello world
- echo test > ~/test.txt
命令超时例子:
main:
push:
- stages:
- name: echo file
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xx:22
username: root
password: xxxx
command_timeout: 10s
script:
- sleep 15s
引用密钥仓库配置文件获取密码例子:
# 密钥仓库 env.yml
PAASWORD: xxxx
# 声明指定镜像的插件任务能引用该配置文件
allow_images:
- tencentcom/ssh
# 声明指定仓库的流水线能引用该配置文件
allow_slugs:
- group/repo
main:
push:
- stages:
- name: echo file
# 引用密钥仓库配置文件
imports: https://xxx/group/secret-repo/-/blob/main/env.yml
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xxx:22
username: root
# 引用密钥仓库配置文件中的变量
password: $PAASWORD
script:
- echo hellworld
引用密钥仓库配置文件获取 ssh key 例子:
# 密钥仓库 env.yml
SSH_KEY: |
-----BEGIN OPENSSH PRIVATE KEY-----
xxx
-----END OPENSSH PRIVATE KEY-----
# 声明指定镜像的插件任务能引用该配置文件
allow_images:
- tencentcom/ssh
# 声明指定仓库的流水线能引用该配置文件
allow_slugs:
- group/repo
main:
push:
- stages:
- name: echo file
# 引用密钥仓库配置文件
imports: https://xxx/group/secret-repo/-/blob/main/env.yml
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xxx:22
username: root
key: $SSH_KEY
script:
- echo hellworld
脚本失败后停止执行后续脚本示例:
main:
push:
- stages:
- name: echo file
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xxx:22
username: root
password: xxxx
script_stop: true
script:
- echo test1 > ~/test.txt
- echo1 hellworld
# 该命令不会执行
- echo test2 > ~/test.txt
ssh key 带 passphrase 示例:
main:
push:
- stages:
- name: echo file
# 引用密钥仓库配置文件
imports: http://xxx/-group/secret-repo/-/blob/main/env.yml
image: tencentcom/ssh
settings:
host:
- xx.xx.xx.xxx:22
username: root
key: $SSH_KEY_PHRASE
passphrase: xxx
script:
- echo hellworld
使用 JumpServer 在内网机器执行命令
main:
push:
- imports: https://cnb.cool/examples/secrets/-/blob/main/springboot-maven-docker-jumpserver-config.yml
stages:
- name: 通过 ssh 插件和 jumpserver,到目标机器执行启动命令
image: tencentcom/ssh
settings:
# 内网机器 IP
host:
- ${REMOTE_HOST}
username: ${REMOTE_USERNAME}
key: ${REMOTE_KEY}
port: ${REMOTE_PORT}
command_timeout: 2m
# 公网机器 IP
proxy_host: ${PROXY_HOST}
proxy_port: ${PROXY_PORT}
proxy_protocol: tcp
proxy_username: ${PROXY_USERNAME}
proxy_key: ${PROXY_KEY}
script: |
hostname
35/F,Tencent Building,Kejizhongyi Avenue,Nanshan District,Shenzhen
