shell #85
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: shell | |
# 此Actions将创建一个虚拟机,并自动注册到Jumpserver,用于提供一个shell环境。 | |
# 它受Actions运行时的约束,最长运行时间为5h 50min,超时后将自动关闭。 | |
# 最后10min将取消注册,Tailscale和Jumpserver的连接将断开。 | |
# | |
# 为了保证虚拟机的安全,您需要在Settings->Secrets中设置以下变量: | |
# TAILSCALE_AUTH_KEY: Tailscale认证密钥 | |
# JUMPSERVER_HOST: Jumpserver的地址 | |
# JUMPSERVER_PTOKEN: Jumpserver的PTOKEN | |
# SHELL_USERNAME: 注册到Jumpserver的用户名 | |
# SHELL_PASSWORD: 注册到Jumpserver的用户密码 | |
# | |
# 需要做Settings->Environment中设置以下变量: | |
# JUMPSERVER_CREATE_HOSTS_TEMPLATE: 创建主机的模板,其中包含以下变量: | |
# __GITHUB_HOSTNAME__: 用于在Jumpserver中显示的主机名 | |
# __ADDRESS__: 用于在Jumpserver中显示的主机地址 | |
# __JUMP_USERNAME__: 用于在Jumpserver中显示的主机用户名 | |
on: | |
# 允许您从Actions选项卡手动运行此工作流 | |
workflow_dispatch: | |
inputs: | |
hostname: | |
description: 'HostName' | |
required: false | |
default: '' | |
load_secret: | |
description: 'Load Secret' | |
required: false | |
default: 'false' | |
jobs: | |
shell: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install Tailscale | |
uses: tailscale/github-action@ce41a99162202a647a4b24c30c558a567b926709 | |
with: | |
authkey: ${{ secrets.TAILSCALE_AUTH_KEY }} | |
- name: Change Passwd | |
run: | | |
echo '${{secrets.SHELL_USERNAME}}:${{ secrets.SHELL_PASSWORD }}' |sudo chpasswd | |
echo success. | |
- name: add Public Key to runner | |
run: | | |
git clone https://gist.github.com/lee-cq/ed0f7e2bf9e039f1797c5b700ba118ec | |
mkdir -p ~/.ssh | |
cd ed0f7e2bf9e039f1797c5b700ba118ec || exit 1 | |
chmod +x setup.sh && ./setup.sh | |
- name: Update Server | |
run: | | |
sudo ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime | |
sudo cp actions/shell/self_shell.sh /etc/profile.d/ | |
git config --global user.email "[email protected]" | |
git config --global user.name "Lee CQ" | |
echo ${{secrets.GH_P_TOKEN}} |gh auth login --with-token | |
echo Success. | |
- name: Load RClone | |
if: ${{ github.event.inputs.load_secret == 'true' }} | |
run: | | |
echo 'Load RClone' | |
curl https://rclone.org/install.sh | sudo bash | |
rclone version | |
mkdir -p ~/.config/rclone | |
cat << EOF > ~/.config/rclone/rclone.conf | |
${{ secrets.RCLONE_CONFIG }} | |
EOF | |
if [ $(rclone listremotes) ]; then | |
echo "Rclone Config is OK" | |
else | |
echo "Rclone Config is Error" | |
exit 1 | |
fi | |
echo success. | |
- name: Load Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: '3.11' | |
cache: 'pip' | |
- run: | | |
if [ -f requirements.txt ]; then | |
pip install -r requirements.txt | |
fi | |
- name: Verify SSHD | |
run: | | |
if [ -z "$(sudo netstat -ntlp |grep -v grep |grep :22 |grep sshd)" ]; then | |
echo "sshd is not running." | |
if [ ! -f /lib/systemd/system/ssh.service ]; then | |
echo sshd is not installed. will install ... | |
sudo apt-get update; | |
sudo apt-get install -y openssh-server; | |
fi | |
echo "starting sshd ..." | |
sudo systemctl restart sshd | |
fi | |
- name: Upload Host To Jumpserver | |
run: | | |
cat > update_data.json << EOF | |
{ | |
"platform": { | |
"pk": 1 | |
}, | |
"nodes": [ | |
{ | |
"pk": "84327184-bd01-4a78-9765-b3748a7ec94d" | |
} | |
], | |
"protocols": [ | |
{ | |
"name": "ssh", | |
"port": 22, | |
"primary": true, | |
"default": false, | |
"required": false, | |
"secret_types": [ | |
"password", | |
"ssh_key" | |
], | |
"setting": { | |
"console": false, | |
"security": "any", | |
"sftp_enabled": true, | |
"sftp_home": "/tmp", | |
"autofill": "basic", | |
"username_selector": "", | |
"password_selector": "", | |
"submit_selector": "", | |
"script": [], | |
"auth_username": false | |
} | |
} | |
], | |
"labels": [], | |
"is_active": true, | |
"name": "__GITHUB_HOSTNAME__", | |
"address": "__ADDRESS__", | |
"accounts": [ | |
{ | |
"name": "__SHELL_USERNAME__", | |
"username": "__SHELL_USERNAME__", | |
"secret_type": "password", | |
"spec_info": {}, | |
"comment": "", | |
"has_secret": true, | |
"privileged": true, | |
"is_active": true, | |
"secret": "__SHELL_PASSWORD__" | |
} | |
] | |
} | |
EOF | |
tailscale_ip=$(tailscale ip |grep -v ':') | |
github_hostname="github-$(hostname)" | |
if [ -z "$tailscale_ip" ]; then | |
echo "tailscale ip is empty." | |
exit 1 | |
fi | |
sed -i "s/__GITHUB_HOSTNAME__/${github_hostname}/g" update_data.json | |
sed -i "s/__ADDRESS__/${tailscale_ip}/g" update_data.json | |
sed -i "s/__SHELL_USERNAME__/${{secrets.SHELL_USERNAME}}/g" update_data.json | |
sed -i 's/__SHELL_PASSWORD__/${{secrets.SHELL_PASSWORD}}/g' update_data.json | |
echo 'Update Data ----->'; | |
cat update_data.json | |
echo 'Update Data End <-----'; | |
curl --location --request POST '${{ secrets.JUMPSERVER_HOST }}/api/v1/assets/hosts/' \ | |
-H 'Content-Type: application/json' \ | |
-H 'Authorization: Token ${{ secrets.JUMPSERVER_PTOKEN }}' \ | |
-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002' \ | |
--data-binary @update_data.json | |
- name: Debugger | |
run: | | |
touch /tmp/keepalive | |
echo 'created keepalive file.' | |
echo 'timeout 21000s(5h 50m).' | |
timeout 21000 bash -c 'stopout=21000; while true;do echo $((stopout=$stopout-3)) > /tmp/stopout ; test -f /tmp/keepalive || break; sleep 3; done ' || echo Timeouted. | |
echo 'The VM will be shutdown in 10 minutes.' | |
- name: Clear tailscale | |
run: | | |
if [ -f /usr/bin/tailscale ]; then | |
sudo tailscale down | |
sudo tailscale logout | |
fi | |
echo down. | |
- name: Clear Jumpserver | |
run: | | |
curl --location -sSLf --request GET '${{ secrets.JUMPSERVER_HOST }}/api/v1/assets/hosts/' \ | |
-H 'Authorization: Token ${{ secrets.JUMPSERVER_PTOKEN }}' \ | |
-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002' \ | |
-o hosts.json | |
echo 'Hosts Info Saved .' | |
github_hostname="github-$(hostname)" | |
host_id=$(cat hosts.json |jq -r ".[] | select(.name==\"${github_hostname}\") | .id") | |
echo "host_name: ${github_hostname}" | |
echo "host_id: ${host_id}" | |
curl --location --request DELETE "${{secrets.JUMPSERVER_HOST}}/api/v1/assets/assets/${host_id}/" \ | |
-H 'Authorization: Token ${{ secrets.JUMPSERVER_PTOKEN }}' \ | |
-H 'X-JMS-ORG: 00000000-0000-0000-0000-000000000002' | |
echo "shutdown now" |