fab-user
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fab-user] specifying login and password?


From: Christian Vest Hansen
Subject: Re: [Fab-user] specifying login and password?
Date: Wed, 18 Feb 2009 23:03:58 +0100

You can specify a username in the host name strings in fab_hosts, like this:

config.fab_hosts = ['address@hidden',
'address@hidden', 'address@hidden']

When Fabric finds that it needs to connect, it will do the following:

1. snatch the usernames from each of the host strings, defaulting to
fab_user if a host string has no specified user.
2. create a specialized copy of "config" for each user.
3. create a HostConnection object for each host string, grouped by
username and assign the user-specific config.
4. each HostConnection also create their own copy of config, based on
their user-config.
5. ask each HostConnection to create a physical SSH session.
5.1. the HostConnection will then try to open a connection right away,
assuming it'll just work.
5.1.1. and it will work if a) a password is readily available in the
user-config, or b) we can log in with a key-file.
5.2. if that fails, HostConnection will prompt for a password for that
specific host.
5.2.1. this password will be stored in both the host-local config and
in the user-local config.
5.2.2. the next HostConnection in this user-group, if any, will then
be able to read this password from the user-config.
5.3. if we get authentication failures, the password will be re-prompted.
5.4. if we get IOErrors, socket errors or KeyboardInterrupt, Fabric will halt.

The host-level config, and password, is the one that is used for sudo.

So, I believe Fabric has the majority of the log-in use-cases(?)
covered. But I agree that the documentation is indeed lacking.

On Wed, Feb 18, 2009 at 9:46 PM, Leah Culver <address@hidden> wrote:
> I'm also very interested in this issue since my project has different users
> that are allowed to deploy (but aren't the root user).
>
> Are you considering bubbling up the password prompt? I wouldn't mind having
> to enter my password for each operation that requires it and then no
> passwords really need to be passed around.
>
> Thanks,
> Leah
>
>
>
> On Wed, Feb 18, 2009 at 12:40 PM, Jeff Forcier <address@hidden> wrote:
>>
>> Hi Timothee,
>>
>> Nicolas is largely correct, the "best" way to handle this is to use
>> SSH key-based authentication, which then means you won't need to be
>> prompted for any passwords during the connection phase.
>>
>> However, that's only a partial solution because you'll still need to
>> do each password in the event of a sudo() operation, assuming your
>> connection user doesn't have blanket passwordless sudo (not
>> recommended!).
>>
>> We don't really have good password management in Fabric right now, and
>> storing user passwords in general is always a tricky issue, so while
>> I'd like to put something in to make it more convenient in your case
>> (many different passwords across systems) it will take some
>> deliberation about how to best do it, or if it's something we should
>> *be* doing.
>>
>> Rest assured that the issue is on the table, however :)
>>
>> Best,
>> Jeff
>>
>> On Wed, Feb 18, 2009 at 2:55 PM, Nicolas Steinmetz <address@hidden>
>> wrote:
>> >
>> >
>> > 2009/2/18 Timothee Besset <address@hidden>
>> >>
>> >> Hello,
>> >>
>> >> New user .. finding documentation very, very scarce ..
>> >>
>> >> Is there a way to specify login and password along with the hosts list?
>> >> I want to use fab to configure a fairly large number of machines with
>> >> different access settings.
>> >
>> > One solution would be to use ssh connections with key (and then without
>> > managing login & password). It depends whether your architecture allows
>> > it
>> > or not.
>> > Not really a direct answer, sorry.
>> > Otherwise, did you look at sudo command, you should be able to use a
>> > login
>> > and maybe a password too.
>> > Hope it helps a little bit,
>> > Nicolas
>> > --
>> > Nicolas Steinmetz
>> > http://www.steinmetz.fr - http://www.unelectronlibre.info/
>> >
>> > _______________________________________________
>> > Fab-user mailing list
>> > address@hidden
>> > http://lists.nongnu.org/mailman/listinfo/fab-user
>> >
>> >
>>
>>
>> _______________________________________________
>> Fab-user mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/fab-user
>
>
> _______________________________________________
> Fab-user mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/fab-user
>
>



-- 
Venlig hilsen / Kind regards,
Christian Vest Hansen.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]