最近项目中遇到一个典型事件,当RHEL 的SELINUX设为DISABLE时
使用JAVA的Jsch 库调用SSH命令时将随机返回空字符串,我使用的版本是0.1.49,最新版本0.1.51未测试。
关于Jsch: http://www.jcraft.com/jsch/
为此,我特意写了一个程序测试:
package com.ibm.leo;
import com.ibm.gts.cms.common.guestssh.api.GuestSshServiceFactory;
import com.ibm.gts.cms.common.guestssh.api.IGuestSshProperties;
import com.ibm.gts.cms.common.guestssh.api.IGuestSshService;
import com.ibm.gts.cms.common.guestssh.api.IScriptResponse;
public class GuestSSH {
/**
* This code snippet will validate that the guestssh service remove execute will return null randomly if the selinux was disabled.
* */
public static void main(String[] args) {
try{
int sshRC=-1;
if(args.length<3){
System.out.println("Usage: java -jar testssh.jar <Host IP> <command> <count>");
System.exit(1);
}
int count=Integer.parseInt(args[2]);
if(count==0) count=1;
int nullCount=0;
System.out.println("start test...");
// Run the command via SSH
IGuestSshService sshService = GuestSshServiceFactory.GetService();
IGuestSshProperties props = sshService.makeGuestSshProperties();
props.setConnectTimeout(60000); // 60 seconds to establish connection with the guest
props.setCommandTimeout(60 * 60 * 1000); // 1 hour to wait for command to complete (after connection)
//props.setScriptInputStream(null); // stdin may be null, which is OK and means no stdin data
for(int i=1;i<=count;i++){
IScriptResponse response = sshService.invoke("root", args[0], 22, null, args[1], null, props);
sshRC = response.getReturnCode();
String[] stdoutLines = response.getStandardOutputLines();
if(stdoutLines[0].trim().equals("")) nullCount++;
System.out.println("Exceute count:"+i+" returnCode: "+sshRC +" return Lines:"+stdoutLines.length);
for (String line : stdoutLines) {
System.out.println("Command return: "+line);
}
}
System.out.println("End test, the total execute count is "+count+", and first line null return count is: " + nullCount);
}catch(Exception e){
System.out.println(e.getMessage());
}
}
}
测试结果如下:
D: mp>java -jar testssh.jar 192.168.1.244 hostname 5 start test... Exceute count:1 returnCode: 0 return Lines:1 Command return: GMTDev Exceute count:2 returnCode: 0 return Lines:1 Command return: Exceute count:3 returnCode: 0 return Lines:1 Command return: Exceute count:4 returnCode: 0 return Lines:1 Command return: Exceute count:5 returnCode: 0 return Lines:1 Command return: GMTDev End test, the total execute count is 5, and first line null return count is: 3
从结果中可以看出,共取了5次主机名,只有两得到,3次虽然命令成功执行,但返回空值,这种情况只有当SELINUX=disabled时出现,而Enforcing和permissive返回值都正常。
或许是guestssh的一个BUG? 记录一下备查。