Sudo on remote systems
ElementalVoid
I'm looking to use the AutomateIt tool as a replacement to some really
really ugly shell scripts that my company is currently using to
automate deployments. The problem is that I need to be able to execute
sudo on remote systems. Currently this is accomplished as follows:
ssh login@server sudo -u username bash <<EOF
echo Commands
echo Go
echo Here
EOF
That works, it is ugly but it works. This is usually done to be able
to control applications under the tomcat user as well as to push out
new configuration files and code distribution files under tomcat
ownership. For security reasons our sysadmin does not want to open the
tomcat user to direct ssh logins.
I'm wondering what your thoughts are on the proper way to do something
like that with AutomateIt. Any help would be appreciated.
Thanks,
Matt
Igal Koshevoy
above workflow, for example, by uploading a recipe and executing it with
sudo, e.g.:
ssh login@server sudo -u username automateit myrecipe.rb
You'll probably also want to put that command into a wrapper script
(e.g., shell, make, rake, cap) to make it easier to run, and keep it and
the recipe(s) under revision control.
However, given what you've said, I feel obligated to suggest that you
consider alternative workflows and tools because they may be a better
fit for your situation:
1. Configuration management tools like AutomateIt are ideal for setting
up servers as root. However, if you're using them without root
privileges for some different purpose and have more modest needs, you
may be better off using already-installed tools like bash and Perl, or
maybe use your favorite scripting language.
2. Deployment tools like Capistrano, Vlad the Deployer, Fabric and such
are ideal for deploying custom applications. I typically use AutomateIt
to setup the server (e.g., install Java, and configure and start
Tomcat), but let the developers deploy their custom applications with
their preferred tool (e.g., run an Ant task to upload a .war file and
tell Tomcat to use it; use Capistrano to deploy a Rails app; etc). I
keep server setup and custom application deployment separate because
these tasks are typically done by different people, on different
schedules, and with a strong preference for different tools.
3. If you need to run a stand-alone app without root privileges, tools
like Make, Rake or AutomateIt are good choices for downloading,
compiling and configuring everything so you can get a complete stack
running within your account. However, this is often more time-consuming
and frustrating than setting up a system that you have root on.
Does this answer your questions?
-igal
Tim Uckun
>>
> 2. Deployment tools like Capistrano, Vlad the Deployer, Fabric and such
> are ideal for deploying custom applications. I typically use AutomateIt
> to setup the server (e.g., install Java, and configure and start
> Tomcat), but let the developers deploy their custom applications with
> their preferred tool (e.g., run an Ant task to upload a .war file and
> tell Tomcat to use it; use Capistrano to deploy a Rails app; etc). I
> keep server setup and custom application deployment separate because
> these tasks are typically done by different people, on different
> schedules, and with a strong preference for different tools.
Hey Igal.
Do you put automateit into a cron job and run it repeatedly? This is
the approach taken by similar software like puppet, chef, cfengine
etc.
Personally I can see the need to run some tasks repeatedly but
obviously most things only need to be done once (as long as nobody
comes behind you and undoes them of course).