Automated O & M tool Fabric-password Management (env. password and ssh key)

Automated O & M tool Fabric-password Management (env. password and ssh key)

When Fabric is used, if a large number of servers are used for processing, we need to configure the host password. The password of each host is the same, but different, you need to configure different hosts. The following two configuration methods are available:

Note: This document mainly references Password management and grimnes Using SSH keys with Fabric.

Env. password

Fabric helps you record logon passwords and sudo passwords by keeping them in the memory and dual cache in some cases. When the passwords of multiple systems are the same, this prevents you from repeatedly inputting the passwords. Or when the sudo configuration file of a remote system does not cache its own password.

The first layer is a simple default or backup password cache. Env. password (it can also be set through the command line parameter -- password or -- initial-password-prompt ). This env variable stores a single password, which will be used when the current host string does not have a specified host cache entry event.

Env. passwords (plural, multiple passwords), as the cache for each host user, stores the recently entered password 1 for the unique user/host/port combination. Because of this cache, only a single password is required for connecting different users and hosts with the same session.

Depending on your configuration file and the number of hosts connected to your session, you may find it very useful to set these envs. Even so, Fabric will automatically fill them up when necessary, without unnecessary configuration.

Note that this value is used to update the default password cache and the current value of env. host_string for each password prompt.

No code to say the ball, on the code. NO CODE NO BB

1. All hosts have the same password. The following code has the same user name and password for several hosts. The main task is to comment in batches, stop applications in batches, and shut down instances in batches.

#!/usr/bin/python env# -*- coding: utf-8 -*-from fabric.api import envfrom fabric.api import cdfrom fabric.api import runfrom fabric.api import localfrom fabric.api import getfrom fabric.api import putenv.user = 'username'env.password = 'passwd'env.hosts = ['192.168.1.1', '192.168.1.2', '192.168.1.3', '192.168.1.4']def get_version():    local('cat /etc/issue')    run('cat /etc/issue')    #with cd('/root/'):    #    put('/home/libaoyin/test.txt', 'test.txt', mode=0755)    #    get('hello_world.txt')    run('ls')def get_host_name():    run('hostname')#kill all stockd'servicedef kill_apps_stockd():    run('killall stockd')#discharge the crontabdef comment_crontabl():    put ('/home/apps/ykq/crontab.txt','crontab.txt')    run('crontab crontab.txt')# offline stockd's servicedef offline_stockd():    kill_apps_stockd()    comment_crontabl()#shutdown all stockd serverdef shutdown_stockd_server():    run('sudo poweroff')

1. All hosts have the same username but different passwords.
   Here, I would like to thank @ Kollin for his prompt, correct the error, and take his sample program as an example.
   However, it seems that the reason for this Fabric is "based on different user names and passwords"
   I have not considered the same user name and different passwords. If you want to do this, you can modify the source code, and then env. user and env. passwords can be spliced. Otherwise, each value must be input.user@In this way, you need to write more code.

The sample program is invalid.

env.user = 'username'env.passwords = {'192.168.1.1':'passwd1','192.168.1.2':'passwd2','192.168.1.3':'passwd3'}env.hosts = ['192.168.1.1', '192.168.1.2', '192.168.1.3']

Correct @ Kollin sample program

from fabric.api import *env.hosts = [    'user@192.168.1.1',    'user@192.168.1.2',]env.passwords = {    'user@192.168.1.1:22': 'password1',    'user@192.168.1.2:22': 'password2',}@taskdef echo():    run('echo "hello,world"')

Note: a special article about roles in Fabric will be written later.

SSH KEY

We recommend that you use the ssh key for batch host execution to ensure security. The operation is as follows:

1. Log on to the server and generate an SSH Key

$ ssh-keygen -t rsa -b 4096

After you type the preceding command, a series of prompts will appear. Ignore it and press Enter.
After the execution is completed~/.ssh/Directory to generate the following two files:

~ /. Ssh/id_rsa Private Key ~ /. Ssh/id_rsa.pub Public Key

1. Public Key Filling

   Generate a public key file~/.ssh/id_rsa.pubAdd the data to the remote serverauthorized_keys fileFile

   Note: If the remote server does not have.sshFolder, you need to create

scp ~/.ssh/id_rsa.pub user@host:~/.ssh/cat ~/.ssh/id_rsa.pub >> authorized_keys

Then we have prepared to replace our password with our SSH Key:

#!/usr/bin/python envfrom fabric.api import *from fabric.colors import *from fabric.context_managers import *env.hosts=['168.192.1.10','168.192.1.12']# env.password='xxxxxx'env.key_filename = "~/.ssh/id_rsa"def ls_path():    print(green("I'm local  /home/apps/"))    with cd('/home/apps'):        run('ls -l')def put_path():    print(green("I'm put local's test file to 10 and 12"))    put('/home/apps/test','/home/apps/')    print(yellow("I'm 10 or 12 /home/apps/"))    with cd('/home/apps'):        run('ls -l')def deploy():    execute(ls_path)    execute(put_path)

1. We strongly recommend that you use SSH key-based access instead of relying on the same password.

Use Vagrant and Fabric for Integration Testing

Fabric: Python Remote Deployment Tool

This article permanently updates the link address: