mobilize-ssh 1.0.74 → 1.0.84
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +10 -6
- data/lib/mobilize-ssh/handlers/ssh.rb +54 -28
- data/lib/mobilize-ssh/version.rb +1 -1
- data/lib/samples/ssh.yml +6 -0
- data/mobilize-ssh.gemspec +1 -1
- metadata +4 -4
data/README.md
CHANGED
|
@@ -76,10 +76,6 @@ Configure
|
|
|
76
76
|
<a name='section_Configure_Ssh'></a>
|
|
77
77
|
### Configure Ssh
|
|
78
78
|
|
|
79
|
-
* Please note -- ssh currently requires passwordless sudo on every host
|
|
80
|
-
machine where commands will be executed. It needs this to run queries on
|
|
81
|
-
behalf of other users on that machine.
|
|
82
|
-
|
|
83
79
|
The Ssh configuration consists of:
|
|
84
80
|
* tmp_file_dir, which is where files will be stored before being scp'd
|
|
85
81
|
over to the nodes. They will be deleted afterwards, unless the job
|
|
@@ -87,8 +83,16 @@ fails in mid-copy. By default this is tmp/file/.
|
|
|
87
83
|
* nodes, identified by aliases, such as `test_node`. This alias is what you should
|
|
88
84
|
pass into the "node" param over in the ssh.run task.
|
|
89
85
|
|
|
90
|
-
Each node has
|
|
91
|
-
|
|
86
|
+
Each node has:
|
|
87
|
+
* a host;
|
|
88
|
+
* a gateway (optional); If you don't need a gateway, remove that row from the configuration file.
|
|
89
|
+
* sudoers; these are user names that are allowed to pass su_user params
|
|
90
|
+
to the run call. This requires passwordless sudo for the host user.
|
|
91
|
+
* su_all_users true/false option, which ensures that commands are executed by the
|
|
92
|
+
user on the Runner. It prefixes all commands with sudo su <user_name> before executing the
|
|
93
|
+
command. This is strongly recommended if possible as it ensures users do
|
|
94
|
+
not overstep their permissions. This requires passwordless sudo for the
|
|
95
|
+
host user and accounts on the host machine for each user.
|
|
92
96
|
|
|
93
97
|
Each host and gateway has a series of ssh params:
|
|
94
98
|
* name - the ip address or name of the host
|
|
@@ -16,6 +16,14 @@ module Mobilize
|
|
|
16
16
|
Ssh.config['nodes'][node]['gateway']
|
|
17
17
|
end
|
|
18
18
|
|
|
19
|
+
def Ssh.sudoers(node)
|
|
20
|
+
Ssh.config['nodes'][node]['sudoers']
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
def Ssh.su_all_users(node)
|
|
24
|
+
Ssh.config['nodes'][node]['su_all_users']
|
|
25
|
+
end
|
|
26
|
+
|
|
19
27
|
#determine if current machine is on host domain, needs gateway if one is provided and it is not
|
|
20
28
|
def Ssh.needs_gateway?(node)
|
|
21
29
|
host_domain_name = Ssh.host(node)['name'].split(".")[-2..-1].join(".")
|
|
@@ -60,10 +68,9 @@ module Mobilize
|
|
|
60
68
|
end
|
|
61
69
|
|
|
62
70
|
def Ssh.run(node,command,file_hash=nil,su_user=nil)
|
|
63
|
-
|
|
71
|
+
key,user = Ssh.host(node).ie{|h| ['key','user'].map{|k| h[k]}}
|
|
64
72
|
key_path = "#{Base.root}/#{key}"
|
|
65
73
|
Ssh.set_key_permissions(key_path)
|
|
66
|
-
opts = {:port=>(port || 22),:keys=>key_path}
|
|
67
74
|
su_user ||= user
|
|
68
75
|
file_hash ||= {}
|
|
69
76
|
#make sure the dir for this command is clear
|
|
@@ -73,42 +80,55 @@ module Mobilize
|
|
|
73
80
|
Ssh.pop_comm_dir(comm_dir,file_hash)
|
|
74
81
|
#move any files up to the node
|
|
75
82
|
rem_dir = nil
|
|
83
|
+
#make sure user starts in rem_dir
|
|
84
|
+
rem_dir = "#{comm_md5}/"
|
|
85
|
+
#make sure the rem_dir is gone
|
|
86
|
+
Ssh.fire!(node,"rm -rf #{rem_dir}")
|
|
76
87
|
if File.exists?(comm_dir)
|
|
77
|
-
#make sure user starts in rem_dir
|
|
78
|
-
rem_dir = "#{comm_md5}/"
|
|
79
|
-
command = ["cd #{rem_dir}",command].join(";")
|
|
80
|
-
#make sure the rem_dir is gone
|
|
81
|
-
Ssh.run(node,"rm -rf #{rem_dir}")
|
|
82
88
|
Ssh.scp(node,comm_dir,rem_dir)
|
|
83
89
|
"rm -rf #{comm_dir}".bash
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
end
|
|
89
|
-
if su_user != user
|
|
90
|
-
#wrap the command in sudo su -c
|
|
91
|
-
command = %{sudo su #{su_user} -c "#{command}"}
|
|
90
|
+
else
|
|
91
|
+
#create folder
|
|
92
|
+
mkdir_command = "mkdir #{rem_dir}"
|
|
93
|
+
Ssh.fire!(node,mkdir_command)
|
|
92
94
|
end
|
|
93
|
-
|
|
94
|
-
|
|
95
|
+
#create cmd_file in rem_folder
|
|
96
|
+
cmd_file = "#{comm_md5}.sh"
|
|
97
|
+
cmd_path = "#{rem_dir}#{cmd_file}"
|
|
98
|
+
Ssh.write(node,command,cmd_path)
|
|
99
|
+
full_cmd = "(cd #{rem_dir} && sh #{cmd_file})"
|
|
100
|
+
#fire_cmd runs sh on cmd_path, optionally with sudo su
|
|
101
|
+
fire_cmd = if su_user != user
|
|
102
|
+
%{sudo su #{su_user} -c "#{full_cmd}"}
|
|
103
|
+
else
|
|
104
|
+
full_cmd
|
|
105
|
+
end
|
|
106
|
+
result = Ssh.fire!(node,fire_cmd)
|
|
107
|
+
#remove the directory after you're done
|
|
108
|
+
rm_cmd = "rm -rf #{rem_dir}"
|
|
109
|
+
Ssh.fire!(node,rm_cmd)
|
|
110
|
+
result
|
|
111
|
+
end
|
|
112
|
+
|
|
113
|
+
def Ssh.fire!(node,cmd)
|
|
114
|
+
name,key,port,user = Ssh.host(node).ie{|h| ['name','key','port','user'].map{|k| h[k]}}
|
|
115
|
+
key_path = "#{Base.root}/#{key}"
|
|
116
|
+
Ssh.set_key_permissions(key_path)
|
|
117
|
+
opts = {:port=>(port || 22),:keys=>key_path}
|
|
95
118
|
if Ssh.needs_gateway?(node)
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
119
|
+
gname,gkey,gport,guser = Ssh.gateway(node).ie{|h| ['name','key','port','user'].map{|k| h[k]}}
|
|
120
|
+
gkey_path = "#{Base.root}/#{gkey}"
|
|
121
|
+
gopts = {:port=>(gport || 22),:keys=>gkey_path}
|
|
122
|
+
Net::SSH::Gateway.run(gname,guser,name,user,cmd,gopts,opts)
|
|
100
123
|
else
|
|
101
|
-
|
|
102
|
-
|
|
103
|
-
|
|
124
|
+
Net::SSH.start(name,user,opts) do |ssh|
|
|
125
|
+
ssh.run(cmd)
|
|
126
|
+
end
|
|
104
127
|
end
|
|
105
|
-
#delete remote dir if necessary
|
|
106
|
-
Ssh.run(node,"sudo rm -rf #{rem_dir}") if rem_dir
|
|
107
|
-
result
|
|
108
128
|
end
|
|
109
129
|
|
|
110
130
|
def Ssh.read(node,path)
|
|
111
|
-
Ssh.
|
|
131
|
+
Ssh.fire!(node,"cat #{path}")
|
|
112
132
|
end
|
|
113
133
|
|
|
114
134
|
def Ssh.write(node,fdata,to_path,binary=false)
|
|
@@ -156,10 +176,16 @@ module Mobilize
|
|
|
156
176
|
|
|
157
177
|
def Ssh.run_by_stage_path(stage_path)
|
|
158
178
|
s = Stage.where(:path=>stage_path).first
|
|
179
|
+
u = s.job.runner.user
|
|
159
180
|
params = s.params
|
|
160
181
|
node, command = [params['node'],params['cmd']]
|
|
161
182
|
file_hash = Ssh.file_hash_by_stage_path(stage_path)
|
|
162
183
|
su_user = s.params['su_user']
|
|
184
|
+
if su_user and !Ssh.sudoers(node).include?(u.name)
|
|
185
|
+
raise "You do not have su permissions for this node"
|
|
186
|
+
elsif su_user.nil? and Ssh.su_all_users(node)
|
|
187
|
+
su_user = u.name
|
|
188
|
+
end
|
|
163
189
|
Ssh.run(node,command,file_hash,su_user)
|
|
164
190
|
end
|
|
165
191
|
end
|
data/lib/mobilize-ssh/version.rb
CHANGED
data/lib/samples/ssh.yml
CHANGED
|
@@ -2,17 +2,23 @@ development:
|
|
|
2
2
|
tmp_file_dir: "tmp/file/"
|
|
3
3
|
nodes:
|
|
4
4
|
dev_node:
|
|
5
|
+
sudoers: [sudo_user]
|
|
6
|
+
su_all_users: true
|
|
5
7
|
host: {name: dev-host.com, key: "config/mobilize/ssh_private.key", port: 22, user: host_user}
|
|
6
8
|
gateway: {name: dev-gateway.com, key: "config/mobilize/ssh_private.key", port: 22, user: gateway_user}
|
|
7
9
|
test:
|
|
8
10
|
tmp_file_dir: "tmp/file/"
|
|
9
11
|
nodes:
|
|
10
12
|
test_node:
|
|
13
|
+
sudoers: [sudo_user]
|
|
14
|
+
su_all_users: true
|
|
11
15
|
host: {name: test-host.com, key: "config/mobilize/ssh_private.key", port: 22, user: host_user}
|
|
12
16
|
gateway: {name: test-gateway.com, key: "config/mobilize/ssh_private.key", port: 22, user: gateway_user}
|
|
13
17
|
production:
|
|
14
18
|
tmp_file_dir: "tmp/file/"
|
|
15
19
|
nodes:
|
|
16
20
|
prod_node:
|
|
21
|
+
sudoers: [sudo_user]
|
|
22
|
+
su_all_users: true
|
|
17
23
|
host: {name: prod-host.com, key: "config/mobilize/ssh_private.key", port: 22, user: host_user}
|
|
18
24
|
gateway: {name: prod-gateway.com, key: "config/mobilize/ssh_private.key", port: 22, user: gateway_user}
|
data/mobilize-ssh.gemspec
CHANGED
|
@@ -16,7 +16,7 @@ Gem::Specification.new do |gem|
|
|
|
16
16
|
gem.executables = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
|
|
17
17
|
gem.test_files = gem.files.grep(%r{^(test|spec|features)/})
|
|
18
18
|
gem.require_paths = ["lib"]
|
|
19
|
-
gem.add_runtime_dependency "mobilize-base","1.0.
|
|
19
|
+
gem.add_runtime_dependency "mobilize-base","1.0.84"
|
|
20
20
|
gem.add_runtime_dependency "net-ssh"
|
|
21
21
|
gem.add_runtime_dependency "net-scp"
|
|
22
22
|
gem.add_runtime_dependency "net-ssh-gateway"
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: mobilize-ssh
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.84
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date: 2012-12-
|
|
12
|
+
date: 2012-12-19 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: mobilize-base
|
|
@@ -18,7 +18,7 @@ dependencies:
|
|
|
18
18
|
requirements:
|
|
19
19
|
- - '='
|
|
20
20
|
- !ruby/object:Gem::Version
|
|
21
|
-
version: 1.0.
|
|
21
|
+
version: 1.0.84
|
|
22
22
|
type: :runtime
|
|
23
23
|
prerelease: false
|
|
24
24
|
version_requirements: !ruby/object:Gem::Requirement
|
|
@@ -26,7 +26,7 @@ dependencies:
|
|
|
26
26
|
requirements:
|
|
27
27
|
- - '='
|
|
28
28
|
- !ruby/object:Gem::Version
|
|
29
|
-
version: 1.0.
|
|
29
|
+
version: 1.0.84
|
|
30
30
|
- !ruby/object:Gem::Dependency
|
|
31
31
|
name: net-ssh
|
|
32
32
|
requirement: !ruby/object:Gem::Requirement
|