|
4 | 4 | and systems administration tasks. It allows the user to run commands across a |
5 | 5 | server farm. |
6 | 6 |
|
7 | | -At GDS, we use Fabric to simplify and automate common systems administration |
8 | | -tasks. These scripts are deployed on our "jumpbox" machines at |
9 | | -`/usr/local/share/govuk-fabric`, and can be executed using the `govuk_fab` |
10 | | -helper script, installed in `/usr/local/bin` |
11 | | - |
12 | | -## Usage |
13 | | - |
14 | | -In order to use the fabric scripts, you will need to enable ssh-agent |
15 | | -forwarding when you connect to the jumpboxes. For example: |
| 7 | +## Local usage |
16 | 8 |
|
17 | | - $ ssh -A jumpbox-1.management.production |
| 9 | +This is intended to be setup and run on your local workstation/laptop. |
18 | 10 |
|
19 | | -## Local usage |
| 11 | +### Setup |
20 | 12 |
|
21 | | -You can also use the fabric scripts from an external machine with a small amount |
22 | | -of setup on your part. You will need to install Fabric, |
| 13 | +To install the dependencies: |
23 | 14 |
|
24 | 15 | $ pip install -Ur requirements.txt |
25 | 16 |
|
26 | 17 | NB: if you get a "pip: command not found" error, run this first: |
27 | 18 |
|
28 | 19 | $ sudo easy_install pip |
29 | 20 |
|
30 | | -configure it (see [the fabric documentation][fabdoc] for more examples), |
| 21 | +Configure it (see [the fabric documentation][fabdoc] for more examples), |
31 | 22 |
|
32 | 23 | $ echo 'user = jimbob' >> ~/.fabricrc |
33 | 24 |
|
34 | | -and then you should be able to run it: |
| 25 | +[fabdoc]: http://docs.fabfile.org/en/latest/usage/fab.html |
| 26 | + |
| 27 | +### Commands |
| 28 | + |
| 29 | +You can view a list of the available tasks: |
| 30 | + |
| 31 | + $ fab -l |
| 32 | + |
| 33 | +And execute against an environment and set of hosts like so: |
35 | 34 |
|
36 | 35 | $ fab preview all hosts |
37 | 36 | ... |
38 | 37 | $ fab preview class:frontend do:'uname -a' |
39 | 38 | ... |
40 | 39 |
|
41 | | -[fabdoc]: http://docs.fabfile.org/en/latest/usage/fab.html |
| 40 | +## Remote usage (legacy) |
| 41 | + |
| 42 | +It was previously possible to use these scripts from the jumpboxes via the |
| 43 | +`govuk_fab` wrapper. This is no longer supported as it relied on SSH agent |
| 44 | +forwarding, which is a Bad Thing because other people with root access to |
| 45 | +that jumpbox would be able to re-use any of the private keys in your agent. |
| 46 | + |
| 47 | +You should convert to the [local usage](#Local usage) method described above |
| 48 | +and ensure that you do not have the following option anywhere in your |
| 49 | +`~/.ssh/config`: |
42 | 50 |
|
| 51 | + ForwardAgent yes |
0 commit comments