def install_ssh_key():
"""
Installs ssh public key from `key_filename` env into authorized_keys file
"""
with open(env.key_filename + '.pub', 'r') as ssh_key_fp:
ssh_public_key = ssh_key_fp.readline().strip("\n\r ")
ssh_key_fp.close()
abort_msg = None
utils.puts("Checking previous installation...")
with settings(abort_exception=FabricException):
try:
run('! grep \"{0}\" ~/.ssh/authorized_keys > /dev/null'.format(
ssh_public_key.replace('"', '\\\\"')))
except (FabricException):
abort_msg = "Public key is already installed on authorized_keys file"
if abort_msg:
utils.abort(abort_msg)
run("[ ! -d ~/.ssh ] && mkdir ~/.ssh || true")
run("echo \"{0}\" >> ~/.ssh/authorized_keys ".format(
ssh_public_key.replace('"', '\\\\"')))
def create_run_dir():
"""
Create a `run` directory inside the project root for the socket and pid files
"""
utils.puts("Creating run dir...")
abort_msg = None
with settings(abort_exception=FabricException):
try:
run('which setfacl > /dev/null 2>&1')
except (FabricException):
abort_msg = "This conf uses POSIX acl setfacl command"
if abort_msg:
utils.abort(abort_msg)
# TODO: remove diffs on requirements.txt
run_dir = env.deploy_path + '/run'
run("[ -d \"{0}\" ] || mkdir \"{0}\" ".format(run_dir))
run("setfacl -m 'u:{1}:rwx' \"{0}\"".format(run_dir, env.service_user))
run("setfacl -n -m 'm::rwx' \"{0}\"".format(run_dir))
run("setfacl -d -m 'u:{1}:rwx' \"{0}\"".format(run_dir, env.service_user))
run("setfacl -d -n -m 'm::rwx' \"{0}\"".format(run_dir))
def deploy_virtualenv():
"""
Create the virtualenv inside the root project directory
"""
utils.puts("Checking virtualenv...")
abort_msg = None
with settings(abort_exception=FabricException):
try:
run('which virtualenv > /dev/null 2>&1')
except (FabricException):
abort_msg = "python-virtualenv must be installed"
if abort_msg:
utils.abort(abort_msg)
# TODO: remove diffs on requirements.txt
run(("[ -f \"{0}/virtualenv/bin/activate\" ] || " +
"virtualenv -p $(which python3) --prompt='({1}) ' \"{0}/virtualenv\""
).format(env.deploy_path, name))
utils.puts("Installing from requirements.txt...")
run(("source {0}/virtualenv/bin/activate && " +
"pip install -r {0}/current/requirements.txt").format(
env.deploy_path))
def starting():
"""
Start a deployment, make sure server(s) ready.
"""
if "local" in env.roles:
utils.abort("Cannot run deploy in local role")
abort_msg = None
utils.puts("Check server packages...")
with settings(abort_exception=FabricException):
try:
run('which python3 > /dev/null 2>&1')
except (FabricException):
abort_msg = "Python 3 must be installed"
try:
run('which virtualenv > /dev/null 2>&1')
except (FabricException):
abort_msg = "virtualenv for python must be installed"
if abort_msg:
utils.abort(abort_msg)
execute('check', host=env.host)
execute('set_previous_revision', host=env.host)
def run(self, *args, **kwargs):
for func in self.prereqs:
execute(func, host=env.host)
# set role specific variables from roledefs
with settings(**self.role_settings()):
result = super(WrappedCallableDependenciesTask, self).run(*args, **kwargs)
for func in self.postreqs:
execute(func, host=env.host)
return result
def run(self, *args, **kwargs):
for func in self.prereqs:
execute(func, host=env.host)
# set role specific variables from roledefs
with settings(**self.role_settings()):
result = super(WrappedCallableDependenciesTask,
self).run(*args, **kwargs)
for func in self.postreqs:
execute(func, host=env.host)
return result
def install_git_ssh():
"""
Installs ssh kit for git (automation/keys/deploy.key)
"""
abort_msg = None
git_key_name = "git.{0}.key".format(name)
utils.puts("Checking previous installation...")
with settings(abort_exception=FabricException):
try:
run('[ ! -f ~/.ssh/{0} ]'.format(git_key_name))
except FabricException:
abort_msg = "{0} already exists".format(git_key_name)
if abort_msg:
utils.abort(abort_msg)
utils.puts("Copying key...")
put(current_path + '/automation/keys/deploy.key', '~/.ssh/' + git_key_name)
with open(current_path + '/automation/ssh.git.conf', 'r') as ssh_conf_fp:
ssh_git_conf = ssh_conf_fp.read()
ssh_conf_fp.close()
git_parsed_url = urlparse(env.repo_url).hostname
git_username = git_parsed_url.username or 'git'
if not git_parsed_url.username:
utils.puts("Not user present in git URL, using `git` as default")
utils.puts("Adding conf to user ssh config file...")
run("echo \"{0}\" >> ~/.ssh/config ".format(
ssh_git_conf\
.format(
user=git_username,
host=git_parsed_url.hostname,
key_name=git_key_name
)\
.replace('"', '\\\\"')
))
utils.puts("Enforce permissions for user ssh config file and key...")
run("chmod 600 ~/.ssh/config")
run("chmod 600 ~/.ssh/" + git_key_name)
utils.puts("Adding {0} to known_hosts".format(git_parsed_url.hostname))
run(("(host={0}; ssh-keyscan -H $host; "
"for ip in $(dig {0} +short); do "
"ssh-keyscan -H $host,$ip; "
"ssh-keyscan -H $ip; "
"done) 2> /dev/null >> ~/.ssh/known_hosts").format(
git_parsed_url.hostname))
