oJob SSH Basics

As part of the OpenAF series of oPacks there is one called oJob-common which provides common building blocks to make some tasks easier in oJobs.

One of those tasks is handling SSH operations (oJobSSH). For example: sending a file to a remote host, receiving a file or executing commands.

To include in your oJob simple add:

include:
- oJobSSH.yaml

Additionally, to make sure the oJob-common oPack is installed you can also the following entry to the ojob entry:

include:
- oJobSSH.yaml

ojob:
  opacks:
  - oJob-common

Providing credentials

When providing the SSH credentials to run the specific operations you can provide it directly, through OpenAF SBuckets or through an external list.

The following provides different examples of how to execute “uname -a” in a remote host.

Directly

To provide the credentials directly:

include:
- oJobSSH.yaml

ojob:
  opacks:
  - oJob-common

todo:
- name: Run uname
  args:
    host : 1.2.3.4
    port : 22
    login: somelogin
    pass : somepass   # this password can be encrypted

jobs:
# ---------------
- name: Run uname
  to  : SSH Exec
  args:
    cmd: uname -a

As you can see the credentials are passed on the todo arguments and the command is generically placed on the specific job definition arguments.

As always, if instead of providing a single map entry you provided an array the Run uname job will be executed in parallel for each entry.

External list

In the previous example we saw how a single entry or several can be provided. If you need to have a list of remote hosts the better solution becomes building an external file with that list:

list.yaml

- name : my host 1
  host : host1.local
  login: user1
  pass : pass1234
  key  : key.rsa

- name : my host 2
  host : host2.local
  login: user1
  pass : pass1234
  key  : |
    -----BEGIN RSA PRIVATE KEY-----
    abc123xyz...
    -----END RSA PRIVATE KEY-----

Note: when you provide a private key (either an external file or the entire text) the pass entry will refer to the private key password if necessary.

include:
- oJobSSH.yaml

ojob:
  opacks:
  - oJob-common

todo:
# Loads from the list.yaml file into an internal myhosts OpenAF channel
- name: SSH Load hosts
  args:
    chHosts: myhosts
    file   : list.yaml

# Executes the uname command but using "myhosts" for credentials
- name: Run uname
  args:
    chHosts: myhosts

jobs:
# ---------------
- name: Run uname
  to  : SSH Exec
  args:
    cmd: uname -a

SBuckets

An even more secure way is to use OpenAF SBuckets which is provided generically by the oJobBasics.yaml included in the same oJob-common oPack.

You can use in a similar fashion to the “External List” and “Directly”, previsouly described, but just mentioning the secKey, secBucket and secPass (optionally you can also provide secRepo and secMainPass if you want to load from a different SBucket repository)

init:
  sec: &SEC
    secBucket: hosts
    secPass  : ...    # should be encrypted

include:
- oJobBasics.yaml
- oJobSSH.yaml

ojob:
  opacks:
  - oJob-common

todo:
# Executes the uname command but the SBucket arguments
- name: Run uname
  args: *SEC

jobs:
# ---------------
# the from "oJob Sec Get" will pick up the SBucket arguments and provided the "SSH Exec" in this case
- name: Run uname
  from: oJob Sec Get
  to  : SSH Exec
  args:
    cmd: uname -a

Copy a file to a remote host

For copying a file you can use the SSH Send file:

jobs:
# --------------------
- name: Send myzip.zip
  to  : SSH Send file
  args:
    source: /my/local/Path/myzip.zip
    target: /my/remote/Path/myzip.zip

Copy a remote host file to the local filesytem

For copying a remote file you can use the SSH Get file:

jobs:
# -------------------
- name: Get myzip.zip
  to  : SSH Get file
  args:
    source: /my/remote/Path/myzip.zip
    target: /my/local/Path/myzip.zip

Executing remote commands

Single and multiple remote commands:

You can execute a single command:

jobs:
# -------------------
- name: Execute uname
  to  : SSH Exec
  args:
    cmd: uname -a

or multiple:

jobs:
# -------------------
- name: Execute uname
  to  : SSH Exec
  args:
    cmd:
    - echo -- [You are in `pwd`] -------------

    - >-
      echo -- [Previous directory] ----------- &&
      cd .. &&
      ls -1

    - >-
      echo -- [Current directory] ------------ &&
      cd . &&
      ls -1

Passing values to other jobs

include:
- oJobSSH.yaml

ojob:
  opacks:
  - oJob-common
  
todo:
- name: Get public IP and show it
  args:
  # a list of hosts to get the public IP

jobs:
# -------------------------------
- name: Get public IP and show it
  to  :
  - Get public IP
  - Show it

# -------------------
- name: Get public IP
  to  : SSH Exec
  args:
    # Quite disables the output of content and makes it available in args between jobs
    quiet: true
    cmd  : |
      curl https://ifconfig.co/json

# -------------
- name: Show it
  exec: |
    // args.exitcode provides the exit code of the remote command
    if (args.exitcode == 0) {
      // args.stdout the corresponding stdout
      print("Public IP: " + jsonParse(args.stdout).ip);
    } else {
      // args.stderr the corresponding stderr
      printErr(args.stderr);
    }