[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Fab-user] specifying login and password?
|
From: |
Timothee Besset |
|
Subject: |
Re: [Fab-user] specifying login and password? |
|
Date: |
Wed, 18 Feb 2009 16:16:55 -0600 |
|
User-agent: |
Mozilla-Thunderbird 2.0.0.19 (X11/20090103) |
Christian Vest Hansen wrote:
> You can specify a username in the host name strings in fab_hosts, like this:
>
> config.fab_hosts = ['address@hidden',
> 'address@hidden', 'address@hidden']
>
> When Fabric finds that it needs to connect, it will do the following:
>
> 1. snatch the usernames from each of the host strings, defaulting to
> fab_user if a host string has no specified user.
> 2. create a specialized copy of "config" for each user.
> 3. create a HostConnection object for each host string, grouped by
> username and assign the user-specific config.
> 4. each HostConnection also create their own copy of config, based on
> their user-config.
> 5. ask each HostConnection to create a physical SSH session.
> 5.1. the HostConnection will then try to open a connection right away,
> assuming it'll just work.
> 5.1.1. and it will work if a) a password is readily available in the
> user-config, or b) we can log in with a key-file.
> 5.2. if that fails, HostConnection will prompt for a password for that
> specific host.
> 5.2.1. this password will be stored in both the host-local config and
> in the user-local config.
> 5.2.2. the next HostConnection in this user-group, if any, will then
> be able to read this password from the user-config.
> 5.3. if we get authentication failures, the password will be re-prompted.
> 5.4. if we get IOErrors, socket errors or KeyboardInterrupt, Fabric will halt.
>
> The host-level config, and password, is the one that is used for sudo.
>
> So, I believe Fabric has the majority of the log-in use-cases(?)
> covered. But I agree that the documentation is indeed lacking.
>
>
Well, here are the main problems I see:
It doesn't cover one password per host, which is the case I was mostly
concerned with. It doesn't do password based sudo either. Specifying the
login in the host name is a nice standard thing, but doesn't really
address any of that.
The things implemented in fabric so far work pretty well for me,
although it's lacking in documentation, and sometimes counterintuitive
(see the 'put' problem). It would be interesting to work on allowing
fabric to be better integrated, such as loading a module from python,
and dynamically driving some of the core functionality. I find myself
generating fabfiles from scripts and running them ..
TTimo
> On Wed, Feb 18, 2009 at 9:46 PM, Leah Culver <address@hidden> wrote:
>
>> I'm also very interested in this issue since my project has different users
>> that are allowed to deploy (but aren't the root user).
>>
>> Are you considering bubbling up the password prompt? I wouldn't mind having
>> to enter my password for each operation that requires it and then no
>> passwords really need to be passed around.
>>
>> Thanks,
>> Leah
>>
>>
>>
>> On Wed, Feb 18, 2009 at 12:40 PM, Jeff Forcier <address@hidden> wrote:
>>
>>> Hi Timothee,
>>>
>>> Nicolas is largely correct, the "best" way to handle this is to use
>>> SSH key-based authentication, which then means you won't need to be
>>> prompted for any passwords during the connection phase.
>>>
>>> However, that's only a partial solution because you'll still need to
>>> do each password in the event of a sudo() operation, assuming your
>>> connection user doesn't have blanket passwordless sudo (not
>>> recommended!).
>>>
>>> We don't really have good password management in Fabric right now, and
>>> storing user passwords in general is always a tricky issue, so while
>>> I'd like to put something in to make it more convenient in your case
>>> (many different passwords across systems) it will take some
>>> deliberation about how to best do it, or if it's something we should
>>> *be* doing.
>>>
>>> Rest assured that the issue is on the table, however :)
>>>
>>> Best,
>>> Jeff
>>>
>>> On Wed, Feb 18, 2009 at 2:55 PM, Nicolas Steinmetz <address@hidden>
>>> wrote:
>>>
>>>> 2009/2/18 Timothee Besset <address@hidden>
>>>>
>>>>> Hello,
>>>>>
>>>>> New user .. finding documentation very, very scarce ..
>>>>>
>>>>> Is there a way to specify login and password along with the hosts list?
>>>>> I want to use fab to configure a fairly large number of machines with
>>>>> different access settings.
>>>>>
>>>> One solution would be to use ssh connections with key (and then without
>>>> managing login & password). It depends whether your architecture allows
>>>> it
>>>> or not.
>>>> Not really a direct answer, sorry.
>>>> Otherwise, did you look at sudo command, you should be able to use a
>>>> login
>>>> and maybe a password too.
>>>> Hope it helps a little bit,
>>>> Nicolas
>>>> --
>>>> Nicolas Steinmetz
>>>> http://www.steinmetz.fr - http://www.unelectronlibre.info/
>>>>
>>>> _______________________________________________
>>>> Fab-user mailing list
>>>> address@hidden
>>>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> Fab-user mailing list
>>> address@hidden
>>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>>
>> _______________________________________________
>> Fab-user mailing list
>> address@hidden
>> http://lists.nongnu.org/mailman/listinfo/fab-user
>>
>>
>>
>
>
>
>