I'm writing a fab script to do a git pull on a remote server, but I get Permission denied (publickey,keyboard-interactive). when fabric runs the command.
If I ssh to the server and then do the pull, it works. (I've already setup the keys on the server, so it doesn't ask for passphrases, etc.)
Here's my fabric task:
import fabric.api as fab
def update():
'''
update workers code
'''
with fab.cd('~/myrepo'):
# pull changes
print colors.cyan('Pulling changes...')
fab.run('git pull origin master')
How do I get it to work with Fabric?
Edit: My server is a Google Compute instance, and it provides a gcutil tool to ssh to the instance. This is the command it runs to connect to the server:
ssh -o UserKnownHostsFile=/dev/null -o CheckHostIP=no -o StrictHostKeyChecking=no -i /Users/John/.ssh/google_compute_engine -A -p 22 John#123.456.789.101
The script is able to connect to the server AFAICT (it's able to run commands on the server like cd and supervisor and git status), it's just git pull that fails.
you need to edit fabfile like this in order to enable ssh agent fowarding option.
from fabric.api import *
env.hosts = ['123.456.789.101']
env.user = 'John'
env.key_filename = '/Users/John/.ssh/google_compute_engine'
env.forward_agent = True
def update():
'''
update workers code
'''
with cd('~/myrepo'):
# pull changes
print colors.cyan('Pulling changes...')
run('git pull origin master')
Related
I have created a docker container to run my python program inside.
My program requires retrieving the known_host under my .ssh folder:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.load_host_keys(os.path.expanduser(os.path.join("~", ".ssh", "known_hosts")))
ssh.connect(server, username=username, password=password)
I have mounted it into the docker container using:
docker run --name test_cntr --rm \
-v $SCRIPT_DIR:/home/ \
-v $DATA_DIR:/home/data \
-v $HOME/.ssh/known_hosts:/root/.ssh/known_hosts \
-e PYTHONPATH=/home/sciprt_dir:/home/sciprt_dir/lib \
-e INDEX=0 \
dummy_image python /home/run.py
Found that my program can successfully get the known_hosts file sometimes, but sometimes not, below error is shown:
Exception is [Errno -2] Name or service not known
I didn't re-run the container during the run.py execution. Suppose the known_hosts mounted to the container at the beginning and run.py should be able to use it throughout whole running.
At the end I found that, one of the servers using for this program, did not register on the domain server, so that sometimes my program works when using server that is registered, and sometimes it does not work when the server is not registered.. Thanks all for help!
I'm working with fabric3 (https://pypi.python.org/pypi/Fabric3) , a python 3 port of fabric.
I have the following function wchich I'm running locally in win7 using git-bash:
#roles('production')
def dir():
env.key_filename = '~/.ssh/deploy'
local("git push mysite master")
run('pwd')
run('ls')
code_dir = '/home/deploy/mysite'
with cd(code_dir):
run('pwd')
run('git reset --hard master')
run('ls -la')
output:
$ fab dir
[deploy#198.x.x.x] Executing task 'dir'
[localhost] local: git push mysite master
deploy#198.x.x.x's password:
When I run the function, I get asked for the password. It seems to be ignoring the key. How can I get the function to use the prescribed key?
I added git as a user to my .ssh/config file and it now appears to work.
Host deploy
HostName 198.x.x.x
User deploy
PreferredAuthentications publickey
IdentityFile ~/.ssh/deploy
IdentitiesOnly yes
Host 198.x.x.x
HostName 198.x.x.x
User git
IdentityFile ~/.ssh/deploy
I have this Jenkins build configuration for my Django application in "Execute Windows batch command" field:
// Code is downloaded using Git plugin
virtualenv data/.venv
call data/.venv/Scripts/activate.bat
pip install -r requirements/local.txt
cd src/
python .\manage.py test
cd ..
fabric dev deploy // Build job get stuck here
All steps work OK except the last one. Jenkins gets stuck on first Fabric attempt to connect to remote server. In "Console output" is spinner keep spinning and I need to kill build manually.
When I run Fabric task manually from CLI, it works. I read about some problems with Jenkins+known_hosts, so I tried env.reject_unknown_hosts = True in fabfile to see if there is "Add to authorized keys" question.
Fabfile is pretty standard, nothing special:
#task
def dev():
env.user = "..."
env.hosts = "..."
env.key_filename = "..."
nv.reject_unknown_hosts = True
#task
def deploy():
local("python src/manage.py check") # <---- OK, output is in Jenkins
run('git reset --hard') # <---- Jenkins will freeze
run('git pull --no-edit origin master')
# etc ....
print("Done.")
These requires a password, the process is probbaly stuck asking for user's password.
Add --no-pty to the command to make sure it's not blocking and reporting the error.
It is than solved based o your specific remote/ssh/tty setup.
I want to be able to log in to my AWS postgres database from a remote machine. I am using the following Fabric script:
import sys
from fabric.api import env, run, abort
env.port = 123
env.use_ssh_config = True
def setuser(user):
"""Sets the ssh user for the fabric script"""
env.user = user
env.password = 'mypassword'
def setenv(server):
"""Sets the environment for the fabric script"""
env.hosts = ['staging']
def sync():
# log into AWS server
run("psql --host=staging.xxx.rds.amazonaws.com --username=x_user --port=5432 --password --dbname=x_database")
run("mypassword")
I run this Fabric script using the following command:
fab -f sync_staging.py sync --password=mypassword
This logs me into the remote machine, runs the line run("psql .... and then it prompts me for a password:
[stage] out: Password for user x_user:
Is there any way that I can supply the password (or respond to the prompt) such that it logs me in automatically?
There are 2 ways of solving this that I know of:
.pgpass password file in your home directory on remote host
PGPASSWORD env variable (set on remote host)
If you need to set an environment variable on remote host, use with shell_env(PGPASSWORD='mypassword'), Fabric docs here: fabric.context_managers.shell_env
Hope it solves your problem.
I'm running some deployment tasks with Fabric that needs to checkout/update a Mercurial repository to the machine and then execute the appropriate copying/configuration.
Every time that I instatiate a new machine (we're currently using EC2 for our infrastructure) or when I run hg pull in the machine it'll ask for my ssh key passphrase, that's a bit annoying when we need to initialize a dozen machines at a time.
I've tried to run ssh-add in Fabric when the new EC2 instance is initialized but it seems like that ssh-agent isn't running for that shell and I get a Could not open a connection to your authentication agent. message from the output of Fabric.
How would I make ssh-add work when connected to the instance by the Fabric script?
A comment on fabric's issue tracker solved this for me. It's a modified version of the lincolnloop solution. Using this "run" instead of fabric's will pipe your commands through ssh locally, allowing your local ssh-agent to provide the keys.
from fabric.api import env, roles, local, output
from fabric.operations import _shell_escape
def run(command, shell=True, pty=True):
"""
Helper function.
Runs a command with SSH agent forwarding enabled.
Note:: Fabric (and paramiko) can't forward your SSH agent.
This helper uses your system's ssh to do so.
"""
real_command = command
if shell:
cwd = env.get('cwd', '')
if cwd:
cwd = 'cd %s && ' % _shell_escape(cwd)
real_command = '%s "%s"' % (env.shell,
_shell_escape(cwd + real_command))
if output.debug:
print("[%s] run: %s" % (env.host_string, real_command))
elif output.running:
print("[%s] run: %s" % (env.host_string, command))
local("ssh -A %s '%s'" % (env.host_string, real_command))
Please note that I'm running Fabric 1.3.2, and this fix won't be needed much longer.