Ssh

SVN 送出後問題(呼叫 Bash)

  • October 10, 2014

全部,

我想在我的送出後掛鉤結束時呼叫一個 bash 腳本(做一些 rsync 魔術)。

這是我的送出後掛鉤的樣子:

#!/bin/bash

REPOS="$1"
REV="$2"

SVNLOOK="/usr/bin/svnlook"
AWK="/usr/bin/awk"

temp_dir="/var/www/vhosts/domain.com/temp"$(date +"%s")       # to avoid conflict, append unix timestamp

webroot_dev="/var/www/vhosts/domain.com/dev.project.com"      
webroot_alpha="/var/www/vhosts/domain.com/alpha.project.com"
webroot_beta="/var/www/vhosts/domain.com/beta.project.com"
webroot_live="/var/www/vhosts/domain.com/project.com"

repo_dev="file:///var/svn/Echo/branches/Dev"
repo_alpha="file:///var/svn/Echo/trunk"
repo_beta="file:///var/svn/Echo/branches/Beta"
repo_live="file:///var/svn/Echo/branches/Live"

is_dev=`$SVNLOOK dirs-changed -r "$REV" "$REPOS" | grep -c "Dev"`
is_alpha=`$SVNLOOK dirs-changed -r "$REV" "$REPOS" | grep -c "trunk"`
is_beta=`$SVNLOOK dirs-changed -r "$REV" "$REPOS" | grep -c "Beta"`
is_live=`$SVNLOOK dirs-changed -r "$REV" "$REPOS" | grep -c "Live"`

# Export from svn to web root; save previous version in ???.project.com.bkp
if [ $is_dev -gt 0 ]; then
rev="$SVNLOOK youngest $repo_dev";

   svn export "$repo_dev" "$temp_dir" --force
   rm -rf "${webroot_dev}.bkp"
   mv -f "${webroot_dev}/" "${webroot_dev}.bkp"
   mv -f "$temp_dir" "$webroot_dev"
   date +%s > "${webroot_dev}/public/ex/config/version.txt"
   cp "/usr/local/bin/scripts/releases/override.dev.ini" "${webroot_dev}/public/ex/config/ini/override.ini"
   chown -R apache:apache "$webroot_dev"
   chown -R apache:apache "${webroot_dev}.bkp"
   cp -p -R "${webroot_dev}.bkp/public/uploads/avatars" "${webroot_dev}/public/uploads"
   sh /var/svn/Echo/hooks/testing.sh # -- THIS IS WHAT FAILS
elif  [ $is_alpha -gt 0 ]; then
   svn export "$repo_alpha" "$temp_dir" --force
   rm -rf "${webroot_alpha}.bkp"
   mv -f "${webroot_alpha}/" "${webroot_alpha}.bkp"
   mv -f "$temp_dir" "$webroot_alpha"
   date +%s > "${webroot_alpha}/public/ex/config/version.txt"
   chown -R apache:apache "$webroot_alpha"
   chown -R apache:apache "${webroot_alpha}.bkp"
   cp -p -R "${webroot_alpha}.bkp/public/uploads/avatars" "${webroot_alpha}/public/uploads"
elif [ $is_beta -gt 0 ]; then
   :
elif [ $is_live -gt 0 ]; then
   :
fi

我試圖呼叫的腳本是“testing.sh”,程式碼如下所示:

#!/bin/bash
rsync -rtvu --cvs-exclude --delete /var/www/vhosts/domain.com/dev.project.com/ -e "ssh -i /var/svn/Project/hooks/testing.pem" ec2-user@ipaddress:/home/ec2-user/testing/

我得到的錯誤如下:

送出後掛鉤失敗(退出程式碼 255),輸出:主機密鑰驗證失敗。rsync:連接意外關閉(到目前為止收到 0 個字節)

$$ sender $$ rsync 錯誤:在 io.c(463) 出現無法解釋的錯誤(程式碼 255)$$ sender=2.6.8 $$

更新:如果我從同一位置手動執行 testing.sh,這一切都很好。只有在通過 post-commit 掛鉤執行 bash 腳本時才會報告主機密鑰錯誤。

在 ssh 身份驗證期間,可能會提示您將主機添加到您的 known_hosts 文件中?

您可以通過添加命令行選項來禁用它:

-o StrictHostKeyChecking=no

ssh 手冊頁摘錄:

ssh automatically maintains and checks a database containing identification for all hosts it has ever been used with.  Host keys are stored in ~/.ssh/known_hosts in the user’s
    home directory.  Additionally, the file /etc/ssh/ssh_known_hosts is automatically checked for known hosts.  Any new hosts are automatically added to the user’s file.  If a host’s
    identification ever changes, ssh warns about this and disables password authentication to prevent server spoofing or man-in-the-middle attacks, which could otherwise be used to
    circumvent the encryption.  The StrictHostKeyChecking option can be used to control logins to machines whose host key is not known or has changed.

引用自:https://serverfault.com/questions/634858