This recipe centers on using the SSH plugin. With this plugin, you are able to connect to appliances (think managed routers, switches, and so on...) or a Linux- or Solaris-based system, run programs, or transfer files.
We need to be able to create a new workflow. We also need a Linux or Solaris system that we can access via SSH (for example, as root). If you don't have a Linux system handy, you can use the Orchestrator appliance itself.
For the SCP example, you need to allow Orchestrator access to its local filesystem, or use the default /var/run/vco
directory. Refer to the Configuring access to the local filesystem recipe in Chapter 2, Optimizing Orchestrator Configuration.
If you want to connect to the appliance itself (127.0.0.1
) you need to enable SSH access as shown in the Tuning the appliance recipe in Chapter 2, Optimizing Orchestrator Configuration.
We split this recipe into three parts: SSH access, SSL key access, and SCP usage.
You will find a very good, while rather chatty (logs), SSH workflow in Library | SSH | Run SSH command. However, we will create a new short version to showcase SSH:
Name |
Type |
Place |
Usage |
|
String |
IN |
The IP or FQDN of the host we want to connect to. |
|
String |
IN |
The username to connect to the host. |
|
SecureString |
IN |
The password of the user to connect to the host. |
|
String |
IN |
The command we want to run on the host. |
|
String |
OUT |
The result of the command we run. |
|
Number |
OUT |
The exit code |
|
String |
OUT |
The error message encountered. |
// Open a new SSH session with password var mySSHSession = new SSHSession(host , user); mySSHSession.connectWithPassword(password); //execute the SSH command mySSHSession.executeCommand(command , true); // prepare output output=mySSHSession.output; exitcode=mySSHSession.exitCode; error=mySSHSession.error; //disconnect the SSH session mySSHSession.disconnect();
When running this workflow, you will have to supply a command string. The string can be a single command or a string of commands the Linux system can utilize. A command you can try is date
.
In the previous example, we used password authentication to log in to the Linux host system. We can use SSL keys to allow automatic login without using a password, which is the method commonly used for automation purposes.
To enable SSL authentication, first we need an SSL key, and we need to store it on the target Linux system. We will use the existing workflows to accomplish this:
vco-key.pub
onto the file /root/.ssh/authorized_keys
.mySSHSession.connectWithPassword(Password);
line with mySSHSession.connectWithIdentity("../conf/vco_key" , "");
. The shorter path works as Orchestrator's working directory is the app-server
directory.SCP stands for Secure CoPy and allows you to transfer files using an SSH encryption tunnel. However, before we can copy anything from or to the Orchestrator server, we need to have a directory that Orchestrator has access to (see the Configuring access to the local filesystem recipe in Chapter 2, Optimizing Orchestrator Configuration. You can also use the default directory, /var/run/vco
.
Name |
Type |
Place |
Usage |
|
String |
IN |
The name of the file. |
|
String |
IN |
The directory on the Orchestrator server. |
|
String |
IN |
The directory on the remote host. |
mySSHSession.executeCommand(Command , true);
line with one of the following, depending on whether you want to send or receive a file:
Upload |
|
Download |
|
Using SSH together with Orchestrator generates a very powerful team. You can use SSH to access an existing Linux system, configure it, or to connect to a Linux-based management system, such as a Red Hat satellite server.
But, even more powerfully, you can connect to the Orchestrator appliance itself. If you generate a SSL key and register it on 127.0.0.1
(Orchestrator itself), you can run commands as root, such as mounting a NFS or SMB directory. Please be aware that opening SSH for Orchestrator may be considered a security risk.
SCP can be used in conjunction with Orchestrator resources to upload and download files or to transfer any other files between Orchestrator and a target system. Please note that you can also transfer files from one remote system to another using Orchestrator as a temporary storage between transfers.
The example workflows are:
09.04.1 SSH (short with password)
09.04.2 SSH (short with SSL Key)
09.04.3 SCPput
09.04.4 SCPget
02.01 Tuning the Appliance