python运维实战--跨堡垒机连接二级服务器上传文件

python运维实战--跨堡垒机连接二级服务器上传文件

paramiko的有关概念和操作

• Welcome to Paramiko! — Paramiko documentation

这个python脚本能做什么

• 免密跨越堡垒机将客户端文件上传至目标机，使用前请做好公钥通信工作
• 本脚本使用比较灵活，可自由指定客户端待上传文件路径、堡垒机账户、堡垒机上临时文件存放路径、目标机ssh端口，目标机账户，目标机ip，目标机文件路径

说明⚠️：如遇到公钥通信设置失败，请参阅如下文档

• linux下免密认证登录失败原因总结
• ssh-copy-id使用及非默认22端口时报错

python代码如下：

#!/usr/bin/env python
# coding=utf-8

from optparse import OptionParser
import paramiko
import os,sys,time

"""
这个脚本的作用是实现堡垒机模式下,文件上传
"""

parser = OptionParser()
parser.add_option('-j', '--jumperuser', dest='jumperuser', help='Company jumper machine account like wutengfei, ..')
parser.add_option('-u', '--username', dest='username', help='Target machine account like wutengfei, ..')
parser.add_option('-p', '--port', dest='port', help='Target machine port')
parser.add_option('-m', '--hostname', dest='hostname', help='Target machine ip address like 192.168.246.168')
parser.add_option('-l', '--localpath', dest='localpath', help="Client local file path like '/Users/test.py'")
parser.add_option('-d', '--destpath', dest='destpath', help="Jumper server file path like '/tmp/test.py'")
parser.add_option('-t', '--targetpath', dest='targetpath', help="remote server file path like '/tmp/test.py'")
(opts,args) = parser.parse_args()

#定义跳板机信息
jumpername = "jumper.shuju.com" # 跳板机ip／域名
jumperport = 22 # 跳板机ssh端口
paramiko.util.log_to_file('syslogin.log')

class JumperInfo(object):
    """
    将文件从客户端上传至跳板机
    """
    def __init__(self,username,localpath,destpath):
        self.username = str(username)
        self.localpath = str(localpath)
        self.destpath = str(destpath)

    def jumper_ftp(self,jumperuser,localpath,destpath):
        private_key = os.path.expandvars('$HOME/.ssh/id_rsa')
        private_key = paramiko.RSAKey.from_private_key_file(private_key)
        t = paramiko.Transport(('jumper.shuju.com', 22))
        t.connect(username=jumperuser, pkey=private_key)
        sftp = paramiko.SFTPClient.from_transport(t)
        sftp.put(localpath,destpath)
        sftp.close()

passinfo='\'s password: '

class Jumper_put(JumperInfo):
    """
    将跳板机上的文件上传至目标机
    """

    def __init__(self,hostname,username,port,targetpath):
        self.hostname = str(hostname)
        self.username = str(username)
        self.port = str(port)
        self.targetpath = str(targetpath)

    def jumper_scp(self,jumperuser,destpath,username,hostname,targetpath,port):
        ssh = paramiko.SSHClient()
        ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
        privatekey = os.path.expandvars('$HOME/.ssh/id_rsa')
        key = paramiko.RSAKey.from_private_key_file(privatekey)
        ssh.connect(hostname='jumper.shuju.com', username=jumperuser, port=22, pkey=key)
        channel = ssh.invoke_shell()
        channel.settimeout(10)
        buff = ''
        resp = ''
        channel.send('scp ' + ' ' + '-P' + ' ' + port + ' ' + destpath + ' ' + username + '@' + hostname + ':' + targetpath + '\n')

        while not buff.endswith('$ '):
            resp = channel.recv(9999)
            if not resp.find(passinfo)==-1:
                print 'Error info: Authentication failed.'
                channel.close()
                ssh.close()
                sys.exit()
            buff += resp
        print buff
        channel.close()
        ssh.close()

def main():
    jumper_ssh = JumperInfo(username=opts.jumperuser,localpath=opts.localpath,destpath=opts.destpath)
    jumper_ssh.jumper_ftp(opts.jumperuser,opts.localpath,opts.destpath)
    target_ssh = Jumper_put(hostname=opts.hostname,username=opts.username,port=opts.port,targetpath=opts.targetpath)
    target_ssh.jumper_scp(opts.jumperuser,opts.destpath,opts.username,opts.hostname,opts.targetpath,opts.port)

if __name__ == '__main__':
    if opts.jumperuser == None or opts.username == None or opts.hostname == None or opts.localpath == None or opts.destpath == None or opts.targetpath == None or opts.port == None:
        parser.print_help()
        exit(-1)

main()

脚本执行情况

实战--上传客户端文件

python test.py -j wutengfei -u wutengfei -p 22 -m 192.168.246.168  -l /tmp/test.py -d /tmp/test.py -t /tmp
fei.tgz                                       100% 1658     3.1MB/s   00:00

代码帮助选项

python test.py -h
Usage: test.py [options]

Options:
  -h, --help            show this help message and exit
  -j JUMPERUSER, --jumperuser=JUMPERUSER
                        Company jumper machine account like wutengfei, ..
  -u USERNAME, --username=USERNAME
                        Target machine account like wutengfei, ..
  -p PORT, --port=PORT  Target machine port
  -m HOSTNAME, --hostname=HOSTNAME
                        Target machine ip address like 192.168.246.168
  -l LOCALPATH, --localpath=LOCALPATH
                        Client local file path like '/Users/test.py'
  -d DESTPATH, --destpath=DESTPATH
                        Jumper server file path like '/tmp/test.py'
  -t TARGETPATH, --targetpath=TARGETPATH
                        remote server file path like '/tmp/test.py'

这个python脚本缺点

• 不能上传目录，但可以将目录进行打包，如上例实战那样
• 当然还有其它问题存在，以后会持续改进，不足之处请大家指正，谢谢～

这个python脚本下步优化

• 增加文件下载功能
• 增加传输目录功能

转载于:https://blog.51cto.com/wutengfei/2176738