[英]Running "sudo su" within a gitlab pipeline
I've installed some software on a server that my gitlab runner SSH's to, and one of the commands needs to be run after doing sudo su
.我已经在我的 gitlab 运行器 SSH 的服务器上安装了一些软件,并且在执行sudo su
之后需要运行其中一个命令。 If I run it as a regular user, but with sudo
in front of it - it doesn't work.如果我以普通用户身份运行它,但前面有sudo
- 它不起作用。 I have to first completely switch to the sudo user first.我必须先完全切换到 sudo 用户。
This works fine when I SSH into the server and do the commands manually.当我 SSH 进入服务器并手动执行命令时,这工作正常。 But when I try it from the pipeline (rough code below):但是当我从管道中尝试它时(下面的粗略代码):
my_script:
stage: stage
script:
- ssh -o -i id_rsa -tt user@1.1.1.1 << EOF
- sudo su
- run_special_command <blah blah>
- exit
# above exits from the SSH. below should stop the pipeline
- exit 0
- EOF
I get very weird output like the below:我很奇怪 output 如下所示:
$ sudo su
[user@1.1.1.1 user]$ sudo su
echo $'\x1b[32;1m$ run_special_command <blah blah>\x1b[0;m'
run_special_command <blah blah>
echo $'\x1b[32;1m$ exit\x1b[0;m'
exit
echo $'\x1b[32;1m$ exit 0\x1b[0;m'
exit 0
echo $'\x1b[32;1m$ EOF\x1b[0;m'
And what I'm seeing is that it doesn't even run the command at all - and I can't figure out why.我看到的是它甚至根本不运行命令——我不知道为什么。
In this case, you need to put your script as a multi-line string in your YAML.在这种情况下,您需要将脚本作为多行字符串放在 YAML 中。 Alternatively, commit a shell script to repo and execute that.或者,提交一个 shell 脚本来回购并执行它。
and one of the commands needs to be run after doing sudo su.并且需要在执行 sudo su 之后运行其中一个命令。 If I run it as a regular user, but with sudo in front of it - it doesn't work.如果我以普通用户身份运行它,但前面有 sudo - 它不起作用。
As a side note, you can probably use sudo -E
instead of sudo su
before the command.附带说明一下,您可以在命令之前使用sudo -E
而不是sudo su
。 But what you have should also work with the multi-line script.但是您所拥有的也应该与多行脚本一起使用。
MyJob:
script: |
ssh -o -i id_rsa -tt user@host << EOF
sudo -E my_command
EOF
exit 0
Alternatively, write your script into a shell script committed to the repository (with executable permissions set) and run it from your job:或者,将您的脚本写入提交到存储库的 shell 脚本(具有可执行权限集)并从您的作业中运行它:
MyJob:
script: “my_script.sh”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.