[Product-Developers] Re: Clearer hostout documentation?

Dylan Jay djay at pretaweb.com
Mon Feb 1 23:11:24 UTC 2010


On 02/02/2010, at 1:07 AM, Derek Broughton wrote:

> Dylan Jay wrote:
>
>> Hi,
>>
>> I spent yesterday improving the explanation of how hostout can be  
>> used
>> since I'm finding it more and more useful.
>>
>> I'd love some feedback on how to make it clearer still or ideas to
>> make it better.
>
> Very cool.  I hadn't seen it before but I can really, really, use  
> this...
>
>> ... [host1]
>> ... recipe = collective.hostout
>> ... host = 127.0.0.1:10022
>> ... user = root
>> ... password = root
>> ... path = /usr/local/plone/host1
>> ... """ % globals())
>>
>> If you don't include your password you will be prompted for it later.
>
> This is just the SSH password?  Any possibility of having it run ssh- 
> copy-id
> for passwordless logins?

there is some code in there that just needs to be tweaked to work.

> Also a note that many hosts ban SSH logins as root
> is worthwhile, though I imagine that won't come as a surprise to  
> many people
> who are using this tool.

Even more annoying is that all the distros other than ubuntu do not  
let you ssh exec a command to root. They require a tty. This can be  
unset but obviously via a tty. Hostout uses Fabric and fabric doesn't  
support tty :( I haven't figured a way around this yet.

The plan is to do something like
1. bootstrap the host to create a deployment user that has permissions  
to the remote path. ssh copy the key. Also create the effective-user  
to run processes as.
2. login as the deployment user and deploy

This all gets a bit messy when deployment requires sudo access. Again  
haven't figured a way around all this yet.

>
>> password
>>  The password for the login user. If not given then hostout will ask
>> each time.
>>
>> identity-file
>>  A public key for the login user.
>
> I hope that the password prompt is given by SSH and not "hostout" -  
> ssh
> knows whether it needs a password, hostout can't know.

Actually it's fabric. Fabric uses paramiko rather than openssh. Fabric  
also retains the sudo password for the duration as it will replay it  
if it's asked again for a password during a sudo operation.


>>
>> Todo list
>> *********
> ...
>> - Automatically setup host with password-less ssh login.
>
> Ah-hah.  I guess that answers my first question!
>
> I can see I'll be playing with this a lot today.  Thanks Dylan.

any suggestions/code for the above challenges is welcome :)

> -- 
> derek
>
>
> _______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> http://lists.plone.org/mailman/listinfo/product-developers





More information about the Product-Developers mailing list