[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fab-user] Key-based authentication
From: |
Christian Vest Hansen |
Subject: |
Re: [Fab-user] Key-based authentication |
Date: |
Sat, 14 Jun 2008 00:03:24 +0200 |
Oh.. You're relying on paramiko to pick up the keys automatically?
I didn't anticipate that use case, so I've refined the implementation.
It'd be nice if you could try it out and see how it works. Changes are
in both repos.
On 6/13/08, Sergey Kirillov <address@hidden> wrote:
> Wow, thanks a lot.
>
> Here is my fabfile.py
>
> ---
> set(
> fab_user = 'wishes',
> fab_password = None,
> fab_mode = 'rolling',
> project = 'wishes',
> deploy_to = '/home/wishes',
> manage_py = '$(deploy_to)/wishes/src/wl/manage',
> fab_debug = True,
> )
>
> import logging
> logging.basicConfig()
>
>
> def production():
> "Configures Fabric for production environment."
> set(env='production')
> set(fab_hosts=['production host'])
>
> def staging():
> "Configures Fabric for Staging environment."
> set(env='staging')
> set(fab_hosts=['192.168.1.60'])
> #
> set(fab_key_filename='/home/serg/projects/wishlist/staging_key.pri')
>
> def build():
> local('hg archive -t tgz /tmp/$(project).tgz')
>
> def upload():
> require('env', provided_by=['production','staging'])
> put('/tmp/$(project).tgz', '/tmp/$(project).tgz')
>
> def cleanup():
> require('env', provided_by=['production','staging'])
> run('rm /tmp/$(project).tgz', fail='warn')
> local('rm /tmp/$(project).tgz', fail='warn')
>
> def patch_database():
> require('env', provided_by=['production','staging'])
> run('$(manage_py) migrate', fail='abort')
> def restart():
> require('env', provided_by=['production','staging'])
> run('sudo /etc/init.d/wishes-fcgi restart', fail='abort')
> # sudo('invoke-rc.d wishes-fcgi restart', fail='abort')
>
> def deploy():
> "Build the project and deploy it to a specified environment."
> require('env', provided_by=['production','staging'])
>
> build()
> upload()
>
> run('tar -C $(deploy_to) -xzf /tmp/$(project).tgz', fail='abort')
> #run('sudo -u $(sudo_user) cp
> $(deploy_to)/wishes/conf/settings.py
> $(deploy_to)/wishes/src/wl/', fail='abort')
> patch_database()
> restart()
>
> cleanup()
> ---
>
>
>
>
> Christian Vest Hansen wrote:
>
> > I edited the _connect code so you shouldn't have to
> > set(fab_password=None) in order to please _connect(). Also, sudo() now
> > only uses a password if one is defined.
> >
> > It's in both git repos. Hopefully this will make it look a little less
> > sketchy whenever someone want to do key-based authentication.
> >
> >
> > On 6/12/08, Christian Vest Hansen <address@hidden> wrote:
> >
> >
> > > Can you post a working fabfile configured to use SSH keys?
> > >
> > > I'de like to document this in the tutorial.
> > >
> > >
> > > On 6/12/08, Christian Vest Hansen <address@hidden> wrote:
> > > > Alright, I'm glad you figured it out - this is good stuff to know as
> > > > there's a high likelyhood that others will run into the same
> problems.
> > > >
> > > >
> > > >
> > > > On 6/12/08, Sergey Kirillov <address@hidden> wrote:
> > > > > Hi Christian,
> > > > >
> > > > > Yes, I saw that.
> > > > >
> > > > > It works now. I had to set 'fab_password': None in order to
> bypass 'if
> > > > > 'fab_password' not in ENV:' check in _connect(). But now sudo()
> does not
> > > > > work because it tries to do
> > > > > 'stdin.write(env['fab_password'])' and fails
> there with
> > > > > exception.
> > > > >
> > > > > To solve this I've updated /etc/sudoers and have listed all
> commands that
> > > > > need to be executed as passwordless. So instead of sudo() I'm
> using
> > > > > run('sudo dosomething'), and it works like a charm.
> > > > >
> > > > > Deployment user does not have password at all, and I can give
> people access
> > > > > to deployment just by adding their SSH public keys into
> > > > > ~/.ssh/authorized_keys of deployment user.
> > > > >
> > > > >
> > > > >
> > > > >
> > > > > Christian Vest Hansen wrote:
> > > > >
> > > > > > I haven't tried key-based authentication myself, but Fabric will
> relay
> > > > > > any fab_pkey and fab_key_filename to the SSHClient.connect
> method in
> > > > > > paramiko:
> > > > > >
> > > > > >
> > > > >
> http://www.lag.net/paramiko/docs/paramiko.SSHClient-class.html#connect
> > > > > >
> > > > > > Hope that helps.
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Venlig hilsen / Kind regards,
> > > > Christian Vest Hansen.
> > > >
> > >
> > >
> > > --
> > > Venlig hilsen / Kind regards,
> > > Christian Vest Hansen.
> > >
> > >
> > >
> >
> >
> >
> >
>
>
--
Venlig hilsen / Kind regards,
Christian Vest Hansen.
- [Fab-user] Key-based authentication, Sergey Kirillov, 2008/06/11
- Re: [Fab-user] Key-based authentication, Christian Vest Hansen, 2008/06/12
- Re: [Fab-user] Key-based authentication, Sergey Kirillov, 2008/06/12
- Re: [Fab-user] Key-based authentication, Christian Vest Hansen, 2008/06/12
- Re: [Fab-user] Key-based authentication, Christian Vest Hansen, 2008/06/12
- Re: [Fab-user] Key-based authentication, Christian Vest Hansen, 2008/06/12
- Re: [Fab-user] Key-based authentication, Sergey Kirillov, 2008/06/13
- Re: [Fab-user] Key-based authentication,
Christian Vest Hansen <=
- Re: [Fab-user] Key-based authentication, Sergey Kirillov, 2008/06/14