python运维实战--跨堡垒机连接二级服务器上传文件
paramiko的有关概念和操作
这个python脚本能做什么
- 免密跨越堡垒机将客户端文件上传至目标机,使用前请做好公钥通信工作
- 本脚本使用比较灵活,可自由指定客户端待上传文件路径、堡垒机账户、堡垒机上临时文件存放路径、目标机ssh端口,目标机账户,目标机ip,目标机文件路径
说明⚠️:如遇到公钥通信设置失败,请参阅如下文档
python代码如下:
#!/usr/bin/env python
# coding=utf-8
from optparse import OptionParser
import paramiko
import os,sys,time
"""
这个脚本的作用是实现堡垒机模式下,文件上传
"""
parser = OptionParser()
parser.add_option('-j', '--jumperuser', dest='jumperuser', help='Company jumper machine account like wutengfei, ..')
parser.add_option('-u', '--username', dest='username', help='Target machine account like wutengfei, ..')
parser.add_option('-p', '--port', dest='port', help='Target machine port')
parser.add_option('-m', '--hostname', dest='hostname', help='Target machine ip address like 192.168.246.168')
parser.add_option('-l', '--localpath', dest='localpath', help="Client local file path like '/Users/test.py'")
parser.add_option('-d', '--destpath', dest='destpath', help="Jumper server file path like '/tmp/test.py'")
parser.add_option('-t', '--targetpath', dest='targetpath', help="remote server file path like '/tmp/test.py'")
(opts,args) = parser.parse_args()
#定义跳板机信息
jumpername = "jumper.shuju.com" # 跳板机ip/域名
jumperport = 22 # 跳板机ssh端口
paramiko.util.log_to_file('syslogin.log')
class JumperInfo(object):
"""
将文件从客户端上传至跳板机
"""
def __init__(self,username,localpath,destpath):
self.username = str(username)
self.localpath = str(localpath)
self.destpath = str(destpath)
def jumper_ftp(self,jumperuser,localpath,destpath):
private_key = os.path.expandvars('$HOME/.ssh/id_rsa')
private_key = paramiko.RSAKey.from_private_key_file(private_key)
t = paramiko.Transport(('jumper.shuju.com', 22))
t.connect(username=jumperuser, pkey=private_key)
sftp = paramiko.SFTPClient.from_transport(t)
sftp.put(localpath,destpath)
sftp.close()
passinfo='\'s password: '
class Jumper_put(JumperInfo):
"""
将跳板机上的文件上传至目标机
"""
def __init__(self,hostname,username,port,targetpath):
self.hostname = str(hostname)
self.username = str(username)
self.port = str(port)
self.targetpath = str(targetpath)
def jumper_scp(self,jumperuser,destpath,username,hostname,targetpath,port):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
privatekey = os.path.expandvars('$HOME/.ssh/id_rsa')
key = paramiko.RSAKey.from_private_key_file(privatekey)
ssh.connect(hostname='jumper.shuju.com', username=jumperuser, port=22, pkey=key)
channel = ssh.invoke_shell()
channel.settimeout(10)
buff = ''
resp = ''
channel.send('scp ' + ' ' + '-P' + ' ' + port + ' ' + destpath + ' ' + username + '@' + hostname + ':' + targetpath + '\n')
while not buff.endswith('$ '):
resp = channel.recv(9999)
if not resp.find(passinfo)==-1:
print 'Error info: Authentication failed.'
channel.close()
ssh.close()
sys.exit()
buff += resp
print buff
channel.close()
ssh.close()
def main():
jumper_ssh = JumperInfo(username=opts.jumperuser,localpath=opts.localpath,destpath=opts.destpath)
jumper_ssh.jumper_ftp(opts.jumperuser,opts.localpath,opts.destpath)
target_ssh = Jumper_put(hostname=opts.hostname,username=opts.username,port=opts.port,targetpath=opts.targetpath)
target_ssh.jumper_scp(opts.jumperuser,opts.destpath,opts.username,opts.hostname,opts.targetpath,opts.port)
if __name__ == '__main__':
if opts.jumperuser == None or opts.username == None or opts.hostname == None or opts.localpath == None or opts.destpath == None or opts.targetpath == None or opts.port == None:
parser.print_help()
exit(-1)
main()
脚本执行情况
实战--上传客户端文件
python test.py -j wutengfei -u wutengfei -p 22 -m 192.168.246.168 -l /tmp/test.py -d /tmp/test.py -t /tmp
fei.tgz 100% 1658 3.1MB/s 00:00
代码帮助选项
python test.py -h
Usage: test.py [options]
Options:
-h, --help show this help message and exit
-j JUMPERUSER, --jumperuser=JUMPERUSER
Company jumper machine account like wutengfei, ..
-u USERNAME, --username=USERNAME
Target machine account like wutengfei, ..
-p PORT, --port=PORT Target machine port
-m HOSTNAME, --hostname=HOSTNAME
Target machine ip address like 192.168.246.168
-l LOCALPATH, --localpath=LOCALPATH
Client local file path like '/Users/test.py'
-d DESTPATH, --destpath=DESTPATH
Jumper server file path like '/tmp/test.py'
-t TARGETPATH, --targetpath=TARGETPATH
remote server file path like '/tmp/test.py'
这个python脚本缺点
- 不能上传目录,但可以将目录进行打包,如上例实战那样
- 当然还有其它问题存在,以后会持续改进,不足之处请大家指正,谢谢~
这个python脚本下步优化
- 增加文件下载功能
- 增加传输目录功能
转载于:https://blog.51cto.com/wutengfei/2176738