mobilize-ssh 1.0.74 → 1.0.84
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +10 -6
- data/lib/mobilize-ssh/handlers/ssh.rb +54 -28
- data/lib/mobilize-ssh/version.rb +1 -1
- data/lib/samples/ssh.yml +6 -0
- data/mobilize-ssh.gemspec +1 -1
- metadata +4 -4
data/README.md
CHANGED
|
@@ -76,10 +76,6 @@ Configure
|
|
|
76
76
|
<a name='section_Configure_Ssh'></a>
|
|
77
77
|
### Configure Ssh
|
|
78
78
|
|
|
79
|
-
* Please note -- ssh currently requires passwordless sudo on every host
|
|
80
|
-
machine where commands will be executed. It needs this to run queries on
|
|
81
|
-
behalf of other users on that machine.
|
|
82
|
-
|
|
83
79
|
The Ssh configuration consists of:
|
|
84
80
|
* tmp_file_dir, which is where files will be stored before being scp'd
|
|
85
81
|
over to the nodes. They will be deleted afterwards, unless the job
|
|
@@ -87,8 +83,16 @@ fails in mid-copy. By default this is tmp/file/.
|
|
|
87
83
|
* nodes, identified by aliases, such as `test_node`. This alias is what you should
|
|
88
84
|
pass into the "node" param over in the ssh.run task.
|
|
89
85
|
|
|
90
|
-
Each node has
|
|
91
|
-
|
|
86
|
+
Each node has:
|
|
87
|
+
* a host;
|
|
88
|
+
* a gateway (optional); If you don't need a gateway, remove that row from the configuration file.
|
|
89
|
+
* sudoers; these are user names that are allowed to pass su_user params
|
|
90
|
+
to the run call. This requires passwordless sudo for the host user.
|
|
91
|
+
* su_all_users true/false option, which ensures that commands are executed by the
|
|
92
|
+
user on the Runner. It prefixes all commands with sudo su <user_name> before executing the
|
|
93
|
+
command. This is strongly recommended if possible as it ensures users do
|
|
94
|
+
not overstep their permissions. This requires passwordless sudo for the
|
|
95
|
+
host user and accounts on the host machine for each user.
|
|
92
96
|
|
|
93
97
|
Each host and gateway has a series of ssh params:
|
|
94
98
|
* name - the ip address or name of the host
|
|
@@ -16,6 +16,14 @@ module Mobilize
|
|
|
16
16
|
Ssh.config['nodes'][node]['gateway']
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
def Ssh.sudoers(node)
|
|
20
|
+
Ssh.config['nodes'][node]['sudoers']
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def Ssh.su_all_users(node)
|
|
24
|
+
Ssh.config['nodes'][node]['su_all_users']
|
|
25
|
+
end
|
|
26
|
+
|
|
19
27
|
#determine if current machine is on host domain, needs gateway if one is provided and it is not
|
|
20
28
|
def Ssh.needs_gateway?(node)
|
|
21
29
|
host_domain_name = Ssh.host(node)['name'].split(".")[-2..-1].join(".")
|
|
@@ -60,10 +68,9 @@ module Mobilize
|
|
|
60
68
|
end
|
|
61
69
|
|
|
62
70
|
def Ssh.run(node,command,file_hash=nil,su_user=nil)
|
|
63
|
-
|
|
71
|
+
key,user = Ssh.host(node).ie{|h| ['key','user'].map{|k| h[k]}}
|
|
64
72
|
key_path = "#{Base.root}/#{key}"
|
|
65
73
|
Ssh.set_key_permissions(key_path)
|
|
66
|
-
opts = {:port=>(port || 22),:keys=>key_path}
|
|
67
74
|
su_user ||= user
|
|
68
75
|
file_hash ||= {}
|
|
69
76
|
#make sure the dir for this command is clear
|
|
@@ -73,42 +80,55 @@ module Mobilize
|
|
|
73
80
|
Ssh.pop_comm_dir(comm_dir,file_hash)
|
|
74
81
|
#move any files up to the node
|
|
75
82
|
rem_dir = nil
|
|
83
|
+
#make sure user starts in rem_dir
|
|
84
|
+
rem_dir = "#{comm_md5}/"
|
|
85
|
+
#make sure the rem_dir is gone
|
|
86
|
+
Ssh.fire!(node,"rm -rf #{rem_dir}")
|
|
76
87
|
if File.exists?(comm_dir)
|
|
77
|
-
#make sure user starts in rem_dir
|
|
78
|
-
rem_dir = "#{comm_md5}/"
|
|
79
|
-
command = ["cd #{rem_dir}",command].join(";")
|
|
80
|
-
#make sure the rem_dir is gone
|
|
81
|
-
Ssh.run(node,"rm -rf #{rem_dir}")
|
|
82
88
|
Ssh.scp(node,comm_dir,rem_dir)
|
|
83
89
|
"rm -rf #{comm_dir}".bash
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
end
|
|
89
|
-
if su_user != user
|
|
90
|
-
#wrap the command in sudo su -c
|
|
91
|
-
command = %{sudo su #{su_user} -c "#{command}"}
|
|
90
|
+
else
|
|
91
|
+
#create folder
|
|
92
|
+
mkdir_command = "mkdir #{rem_dir}"
|
|
93
|
+
Ssh.fire!(node,mkdir_command)
|
|
92
94
|
end
|
|
93
|
-
|
|
94
|
-
|
|
95
|
+
#create cmd_file in rem_folder
|
|
96
|
+
cmd_file = "#{comm_md5}.sh"
|
|
97
|
+
cmd_path = "#{rem_dir}#{cmd_file}"
|
|
98
|
+
Ssh.write(node,command,cmd_path)
|
|
99
|
+
full_cmd = "(cd #{rem_dir} && sh #{cmd_file})"
|
|
100
|
+
#fire_cmd runs sh on cmd_path, optionally with sudo su
|
|
101
|
+
fire_cmd = if su_user != user
|
|
102
|
+
%{sudo su #{su_user} -c "#{full_cmd}"}
|
|
103
|
+
else
|
|
104
|
+
full_cmd
|
|
105
|
+
end
|
|
106
|
+
result = Ssh.fire!(node,fire_cmd)
|
|
107
|
+
#remove the directory after you're done
|
|
108
|
+
rm_cmd = "rm -rf #{rem_dir}"
|
|
109
|
+
Ssh.fire!(node,rm_cmd)
|
|
110
|
+
result
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
def Ssh.fire!(node,cmd)
|
|
114
|
+
name,key,port,user = Ssh.host(node).ie{|h| ['name','key','port','user'].map{|k| h[k]}}
|
|
115
|
+
key_path = "#{Base.root}/#{key}"
|
|
116
|
+
Ssh.set_key_permissions(key_path)
|
|
117
|
+
opts = {:port=>(port || 22),:keys=>key_path}
|
|
95
118
|
if Ssh.needs_gateway?(node)
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
119
|
+
gname,gkey,gport,guser = Ssh.gateway(node).ie{|h| ['name','key','port','user'].map{|k| h[k]}}
|
|
120
|
+
gkey_path = "#{Base.root}/#{gkey}"
|
|
121
|
+
gopts = {:port=>(gport || 22),:keys=>gkey_path}
|
|
122
|
+
Net::SSH::Gateway.run(gname,guser,name,user,cmd,gopts,opts)
|
|
100
123
|
else
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
124
|
+
Net::SSH.start(name,user,opts) do |ssh|
|
|
125
|
+
ssh.run(cmd)
|
|
126
|
+
end
|
|
104
127
|
end
|
|
105
|
-
#delete remote dir if necessary
|
|
106
|
-
Ssh.run(node,"sudo rm -rf #{rem_dir}") if rem_dir
|
|
107
|
-
result
|
|
108
128
|
end
|
|
109
129
|
|
|
110
130
|
def Ssh.read(node,path)
|
|
111
|
-
Ssh.
|
|
131
|
+
Ssh.fire!(node,"cat #{path}")
|
|
112
132
|
end
|
|
113
133
|
|
|
114
134
|
def Ssh.write(node,fdata,to_path,binary=false)
|
|
@@ -156,10 +176,16 @@ module Mobilize
|
|
|
156
176
|
|
|
157
177
|
def Ssh.run_by_stage_path(stage_path)
|
|
158
178
|
s = Stage.where(:path=>stage_path).first
|
|
179
|
+
u = s.job.runner.user
|
|
159
180
|
params = s.params
|
|
160
181
|
node, command = [params['node'],params['cmd']]
|
|
161
182
|
file_hash = Ssh.file_hash_by_stage_path(stage_path)
|
|
162
183
|
su_user = s.params['su_user']
|
|
184
|
+
if su_user and !Ssh.sudoers(node).include?(u.name)
|
|
185
|
+
raise "You do not have su permissions for this node"
|
|
186
|
+
elsif su_user.nil? and Ssh.su_all_users(node)
|
|
187
|
+
su_user = u.name
|
|
188
|
+
end
|
|
163
189
|
Ssh.run(node,command,file_hash,su_user)
|
|
164
190
|
end
|
|
165
191
|
end
|
data/lib/mobilize-ssh/version.rb
CHANGED
data/lib/samples/ssh.yml
CHANGED
|
@@ -2,17 +2,23 @@ development:
|
|
|
2
2
|
tmp_file_dir: "tmp/file/"
|
|
3
3
|
nodes:
|
|
4
4
|
dev_node:
|
|
5
|
+
sudoers: [sudo_user]
|
|
6
|
+
su_all_users: true
|
|
5
7
|
host: {name: dev-host.com, key: "config/mobilize/ssh_private.key", port: 22, user: host_user}
|
|
6
8
|
gateway: {name: dev-gateway.com, key: "config/mobilize/ssh_private.key", port: 22, user: gateway_user}
|
|
7
9
|
test:
|
|
8
10
|
tmp_file_dir: "tmp/file/"
|
|
9
11
|
nodes:
|
|
10
12
|
test_node:
|
|
13
|
+
sudoers: [sudo_user]
|
|
14
|
+
su_all_users: true
|
|
11
15
|
host: {name: test-host.com, key: "config/mobilize/ssh_private.key", port: 22, user: host_user}
|
|
12
16
|
gateway: {name: test-gateway.com, key: "config/mobilize/ssh_private.key", port: 22, user: gateway_user}
|
|
13
17
|
production:
|
|
14
18
|
tmp_file_dir: "tmp/file/"
|
|
15
19
|
nodes:
|
|
16
20
|
prod_node:
|
|
21
|
+
sudoers: [sudo_user]
|
|
22
|
+
su_all_users: true
|
|
17
23
|
host: {name: prod-host.com, key: "config/mobilize/ssh_private.key", port: 22, user: host_user}
|
|
18
24
|
gateway: {name: prod-gateway.com, key: "config/mobilize/ssh_private.key", port: 22, user: gateway_user}
|
data/mobilize-ssh.gemspec
CHANGED
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
|
|
|
16
16
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
|
17
17
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
|
18
18
|
gem.require_paths = ["lib"]
|
|
19
|
-
gem.add_runtime_dependency "mobilize-base","1.0.
|
|
19
|
+
gem.add_runtime_dependency "mobilize-base","1.0.84"
|
|
20
20
|
gem.add_runtime_dependency "net-ssh"
|
|
21
21
|
gem.add_runtime_dependency "net-scp"
|
|
22
22
|
gem.add_runtime_dependency "net-ssh-gateway"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mobilize-ssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.84
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-12-
|
|
12
|
+
date: 2012-12-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: mobilize-base
|
|
@@ -18,7 +18,7 @@ dependencies:
|
|
|
18
18
|
requirements:
|
|
19
19
|
- - '='
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
|
-
version: 1.0.
|
|
21
|
+
version: 1.0.84
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - '='
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 1.0.
|
|
29
|
+
version: 1.0.84
|
|
30
30
|
- !ruby/object:Gem::Dependency
|
|
31
31
|
name: net-ssh
|
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|