Small knowledge, big challenge! This article is participating in the creation activity of “Essential Tips for Programmers”.

Background demand

At present, we need to do server migration, from Ali Cloud to local deployment <dev-test>. The project uses Nexus to build Maven management warehouse, which was originally managed on Ali Cloud server, so it doesn't matter where we access it, and it can be accessed from the Internet. So now that maven repository is deployed locally, how do you build access on Ali Cloud server? The usage scenario is as follows: Wherever you deploy git, you build it first, pull the latest code and package it, and then deploy the application, which takes a long time. The JAR package that we want to deploy online now is the one that passed our test and uploaded to the server. The JAR package is obtained from the server during deployment and then deployed.Copy the code

Problems that need to be solved

How and where is the jar package that passed the test uploaded? When deploying, how to obtain jar package deployment?Copy the code

Multiple solutions

  • FTP server: Upload the JAR package to the FTP server, and then download the JAR package from the FTP server.
  • SCP remote upload command, remotely upload the local JAR package to the server where the JAR package is stored, and then….
  • Git repository hosting, local push to repository, clone down at deployment time, and then….
  • Independent IP open port, so that the original deployment mode remains unchanged, unified Jenkins scheduling does not need to be modified.

Choose a solution

1. The FTP server needs to be set up in the transfer server, and the host connected to the server needs to install the client; More tedious; 2, SCP if the remote can be transmitted through the public key without secret, local to remote, may need to enter a password; 3, Git repository if there are multiple services, it is not easy to manage, I do not know whether it is multiple services, multiple Git or?? 4, independent IP set open port, more trouble, the original online deployment mode need not change.Copy the code

SCP privacy-free transfer of files to remote servers

Difficulty: When transferring files from Linux client A to Linux client B, SCP needs to input the password. Very inconvenient! Pub public key content of B ~/. SSH /authorized_keysCopy the code
  • Generate a local authentication key for the host: ssh-keygen -t rsa -p “-f ~/. Ssh/id_rsa >/dev/null 2>&1
  • Ssh-copy-id -i ~/.ssh/id_rsa.pub “[email protected]” to copy the local pub key to the authorized_keys file of another host:
    • You need to enter the login passwords of other hosts to establish trust relationships
  • SCP local files are automatically transferred to the remote server
#! /usr/bin/expect set DATE [exec date +%Y%m%d%k] set password xxxxxxxxxxxx set filename [lindex $argv 0] set serverip 47.122.115.120 spawn SCP $filename root@$serverIP :/opt set timeout 300 expect "root@$serverip's password:" set timeout 300 send "$password\r" set timeout 300 send "exit\r" expect eofCopy the code
  • SCP transfers files from the remote server to the local
#! /usr/bin/expect set DATE [exec date +%Y%m%d%k] set password xxxxxxxxxxxx #set filename [lindex $argv 0] set serverip Spawn SCP root@$serverIP :/opt/test. TXT /opt set timeout 300 expect "root@$serverip's password:" set timeout 300 send "$password\r" set timeout 300 send "exit\r" expect eofCopy the code

Setting up an FTP server

  • Is installed into the FTP query: RPM – qa | grep VSFTPD
  • Run the RPM -e vsftpd-3* command to uninstall the FTP file
  • Yum install -y VSFTPD
  • Create FTP login user: useradd ftptest, do not want it to login to Linux parameter: -s /sbin/nologin
    • To change the failure of an existing user to login to the system, run the usermod -s /sbin/nologin ftptest command
    • Change the shell permission of the nologin user to usermod -s /bin/bash ftptest
  • /etc/vsftp/vsftpd. conf file.
Anonymous_enable = [YES | NO] # default YES default anonymous users to access, Security setting NO local_enable=YES # Allow local user access write_enable=YES # Allow write xferlog_file=/var/log/xferlog # chroot_list_enable=YES # Yes, Chroot_list_file =/etc/ VSFTPD /chroot_list userlist_enable=YES # user_list whitelist takes effect userlist_deny=NO # User_list whitelist accessible local_root=/var/ FTP # Access the root directory of FTPCopy the code
  • The blacklist cannot access FTP users: ftpusers
  • Whitelist users that can access FTP: user_list, valid only when userlist_deny=NO
  • Troubleshooting the Nologin user login to the FTP server:
Edit: /etc/shells Added: /sbin/nologinCopy the code
  • FTP Automatic login Upload files to the server script
#! /bin/bash # This script is used to upload the generated data files to the client FTP service periodically every day. # Specify the home directory for uploading the files. SRCDIR=/opt/ # Specify the directory for uploading the files to the peer FTP server USER=ftptest PASSWD=" XXXXXX "# IP=47.122.100.85 # FTP server port, Default PORT=21 # specify the date of the file to be uploaded targetDay= 'date -d "-1 days" +"%Y%m%d" # SCP root @ $host: $SRCDIR/test. TXT. / # # done to determine if the file access right [$? - eq 0] | | echo "Copy romote files failed, PLS check." >>$SRCDIR/upload_file.log # Upload file to FTP server ftp-ivn <<EOF open $IP $PORT user $user $PASSWD passive binary PWD LCD $SRCDIR put test. TXT quit EOF # Upload $targetDay's files to romote FTP server [$? -eq 0] && echo "Upload $targetDay's files to Romote FTP server successful." >>$SRCDIR/upload_file.log || echo "Upload files failed, pls check." >>$SRCDIR/upload_file.logCopy the code

Expect scripting language

Expect is a tool for automatic interaction, and expect-send is used for the interaction process. The script execution method is different from that of bash shell, for example, expect example.expCopy the code
  • Install: yum install -y expect
  • Passing a parameter to a script:
To pass arguments to an Expect script, bash shell uses $1,$2... Epxect stores the script's execution parameters in the array $argv, which is normally assigned to a variable in the script: set variable name [lindex $argv parameter < also from 0 script >]Copy the code
  • Examples of Expect scripts: set sets variables, send sends instructions, and Eof proposes the Expect script.
#! /usr/bin/expect set DATE [exec date +%Y%m%d%k] set password xxxxxxxxxxxxxx #set filename [lindex $argv 0] set serverip Spawn SCP root@$serverIP :/opt/test. TXT /opt set timeout 300 expect "root@$serverip's password:" set timeout 300 send "$password\r" set timeout 300 send "exit\r" expect eofCopy the code
  • In this way, automatic interaction can be realized. SCP remote file transfer does not need to enter a password, and SSH can also be used as a jumper to connect to a remote server without encryption
  • Example SSH connection to a remote server: Interact continues to operate < wait for human interaction >, and EOF exits automation
#! /usr/bin/expect set ip [lindex $argv 0] set username [lindex $argv 1] set passwd [lindex $argv 2] spawn ssh -l $username  $ip expect { "yes/no" { send "yes\r"; exp_continue } "password:" { send "$passwd\r" } } #expect eof interactCopy the code
  • Argv0 is the script itself, [lindexargv0 is the script itself, [lindexargv0 is the script itself, [lindexargv0] is the first argument, and so on
Yum install, cannot find image install, try another image
# yum clean all # yum makecache # yum -y update # yum makecache #Copy the code