preface
Since we are used to using DRONE to do CI/CD, we cannot directly connect to the server through SSH in some cases. Let’s say our servers are in a private cloud; Or maybe we don’t want to map SSH to the public network; Or we can’t SSH directly. So our hero of today was born: drone-remote-agent.
introduce
Drone-remote-agent implements SSH command execution through websocket proxy, supports script uploading to server and proxy execution, and the whole Websocket communication is encrypted.
features
- Supports batch file uploading
- Supports batch command execution
- Only SSH account and password authentication is supported
- The entire communication is encrypted using AES+RSA
Begin to use
The public key is generated
openssl genrsa -out rsa_private_key.pem 1024
openssl rsa -in rsa_private_key.pem -pubout -out rsa_public_key.pem
Copy the codeDeploying the server
Deploy the plug-in on the server and start it in agent mode. Here docker is used to indicate:
docker pull pumelo/dra
docker run -d -v /path:/path --mode agent --prk /path/rsa_private_key.pem
Copy the codeNote here that you need to upload the private key to the server and map it to the container.
Step configuration in Drone
Add a step to.drone.yml
steps:
- name: deploy-container
pull: if-not-exists
image: pumelo/dra
volumes:
- name: wsKey
path: /dra
settings:
agent-endpoint: 10.10. 027.: 8080
ssh-host: 10.10. 027.: 22
ssh-username: root
ssh-password: 123456
publicKeyFilePath: /dra/rsa_public_key.pem
script: Execute the script remotely
- docker pull 10.10. 014.: 5000 / nginx: 1.15
- docker run -d \
- --name=test-nginx-a \
- -p8877:80 \
- 10.10. 014.: 5000 / nginx: 1.15
upload: # upload file list, only support files, folder will automatically ignore local:remote
- ./README.md:/data/README.md
Copy the codeThe source code
Pumelotea/Drone-remote-agent: Drones execute SSH scripts over Websocket channels (github.com)