Re: ant and sudo

Wed, 12 Nov 2008 05:59:05 -0800 

Hendrik Maryns wrote:

Steve Loughran schreef:

The way we do root level access is to ssh in to localhost and run stuff
as root there. you can either set up the <ssh> command with the relevant
(property driven) password, 

How would I do that?  I need something similar for <signjar>.  Right now
I use a plain password in the task, but that is just a temporary
solution, of course.




1. you have a property file in a subdirectory that only you can read; it 
is not under SCM. If you have an OS that can encrypt bits of the 
filesystem, encrypt that file.



Call it something like servers/ with the name of a specific server 
underneath, ideally the hostname: here is chamonix.properties


#property settings to upload to chamonix steve's desktop
ssh.enabled=true
ssh.server=chamonix
ssh.user=stevel
ssh.dir=public_html
ssh.keyfile=${user.home}/.ssh/chamonix.private
ssh.passphrase=
ssh.verbose=true
ssh.trust=true


2. You have a target that takes the server name as a property, and loads 
the given file


 <target name="load-server-settings" depends="init">
    <fail unless="server">
      Failed.
      Set the "server" property to the name of a server
      whose connection settings are in a property file under
      ${server.dir}.
    </fail>
    <property name="ssh.propfile"
        location="${server.dir}/${server}.properties"/>
    <loadproperties srcfile="${ssh.propfile}"/>
    <echo>
      SCP target is ${ssh.server}
      User is ${ssh.user}
      trust=${ssh.trust}
      keyfile=${ssh.keyfile}
    </echo>
    <presetdef name="ssh-remote">
      <sshexec host="${ssh.server}"
          username="${ssh.user}"
          passphrase="${ssh.passphrase}"
          trust="${ssh.trust}"
          timeout="6000000"
          keyfile="${ssh.keyfile}"
          />
    </presetdef>
  </target>

You can then use the scp command to upload files



    <scp remoteToDir="${ssh.path}"
        passphrase="${ssh.passphrase}"
        keyfile="${ssh.keyfile}"
        trust="${ssh.trust}"
        verbose="${ssh.verbose}">
      <fileset refid="upload.fileset"/>
    </scp>

or the <ssh-remote> presetdef to issue remote commands

  <target name="ssh-ls" depends="load-server-settings">
    <ssh-remote command="ls"/>
  </target>

To run against a server,

ant ssh-ls -Dserver=chamonix


What you must not do is stick passwords on the command line, as anyone 
else on a unix system can see those arguments via the ps command.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]























					Reply via email to