mirror of
https://cgit.krebsco.de/krops
synced 2024-11-23 11:39:48 +01:00
ssh, rsync: support using sudo on remote
This allows deployment of remote hosts without having ssh access to the root user. Passwordless sudo is recommended since krops will use multiple ssh sessions and the password will not be remembered. Closes https://github.com/krebs/krops/issues/3
This commit is contained in:
parent
2e94e6eb24
commit
cd21575333
3 changed files with 11 additions and 6 deletions
|
@ -46,12 +46,13 @@ let {
|
||||||
default = defVal: val: if val != null then val else defVal;
|
default = defVal: val: if val != null then val else defVal;
|
||||||
parse = lib.match "(([^@]+)@)?(([^:/]+))?(:([^/]+))?(/.*)?" s;
|
parse = lib.match "(([^@]+)@)?(([^:/]+))?(:([^/]+))?(/.*)?" s;
|
||||||
elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null;
|
elemAt' = xs: i: if lib.length xs > i then lib.elemAt xs i else null;
|
||||||
in {
|
in if lib.isString s then {
|
||||||
user = default (lib.getEnv "LOGNAME") (elemAt' parse 1);
|
user = default (lib.getEnv "LOGNAME") (elemAt' parse 1);
|
||||||
host = default (lib.maybeEnv "HOSTNAME" lib.getHostName) (elemAt' parse 3);
|
host = default (lib.maybeEnv "HOSTNAME" lib.getHostName) (elemAt' parse 3);
|
||||||
port = default "22" /* "ssh"? */ (elemAt' parse 5);
|
port = default "22" /* "ssh"? */ (elemAt' parse 5);
|
||||||
path = default "/var/src" /* no default? */ (elemAt' parse 6);
|
path = default "/var/src" /* no default? */ (elemAt' parse 6);
|
||||||
};
|
sudo = false;
|
||||||
|
} else s;
|
||||||
|
|
||||||
shell = let
|
shell = let
|
||||||
isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]";
|
isSafeChar = lib.testString "[-+./0-9:=A-Z_a-z]";
|
||||||
|
|
|
@ -26,7 +26,7 @@ in
|
||||||
"-p" target.port
|
"-p" target.port
|
||||||
"-t"
|
"-t"
|
||||||
target.host
|
target.host
|
||||||
command
|
(if target.sudo then command else "sudo ${command}")
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -157,6 +157,7 @@ let
|
||||||
fi
|
fi
|
||||||
${rsync}/bin/rsync \
|
${rsync}/bin/rsync \
|
||||||
${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \
|
${optionalString (config.useChecksum or false) /* sh */ "--checksum"} \
|
||||||
|
${optionalString target.sudo /* sh */ "--rsync-path=\"sudo rsync\""} \
|
||||||
-e ${quote (ssh' target)} \
|
-e ${quote (ssh' target)} \
|
||||||
-vFrlptD \
|
-vFrlptD \
|
||||||
--delete-excluded \
|
--delete-excluded \
|
||||||
|
@ -172,9 +173,12 @@ let
|
||||||
shell' = target: script:
|
shell' = target: script:
|
||||||
if isLocalTarget target
|
if isLocalTarget target
|
||||||
then script
|
then script
|
||||||
else /* sh */ ''
|
else
|
||||||
${ssh' target} ${quote target.host} ${quote script}
|
if target.sudo then /* sh */ ''
|
||||||
'';
|
${ssh' target} ${quote target.host} ${quote "sudo bash -c ${quote script}"}
|
||||||
|
'' else ''
|
||||||
|
${ssh' target} ${quote target.host} ${quote script}
|
||||||
|
'';
|
||||||
|
|
||||||
ssh' = target: concatMapStringsSep " " quote [
|
ssh' = target: concatMapStringsSep " " quote [
|
||||||
"${openssh}/bin/ssh"
|
"${openssh}/bin/ssh"
|
||||||
|
|
Loading…
Reference in a new issue