deprec » sysadmin http://deprec.org deployment recipes for Capistrano Thu, 28 Jul 2011 07:31:55 +0000 en-US hourly 1 http://wordpress.org/?v=4.2.5 Network http://deprec.org/recipes/network/?utm_source=rss&utm_medium=rss&utm_campaign=network http://deprec.org/recipes/network/#comments Wed, 25 May 2011 13:50:51 +0000 http://deprec.org/?p=282 When I spin up new virtual machines in the lab they come into the world with the same IP (.69) and the hostname of ‘template’. The following recipe makes updating the hostname and networking details a breeze. If the my workstation can resolve the new hostname to an IP (DNS or /etc/hosts) deprec will make sensible suggestions for network addresses.

$ cap deprec:network:config HOSTS=lucid
    triggering load callbacks
  * executing `deprec:connect_canonical_tasks'
  * executing `deprec:network:config'
  * executing `deprec:network:hostname'
Enter the hostname for the server
lucid2
<...lines removed for clarity...>
Number of network interfaces  |1|

address  |192.168.56.105|

netmask  |255.255.255.0|

broadcast  |192.168.56.255|

default gateway  |192.168.56.1|

<...lines removed for clarity...>

About to restart networking on lucid
Are you 'down with that'?  |y|
y
  * executing "sudo -p 'sudo password: ' /etc/init.d/networking restart"
    servers: ["lucid"]
    [lucid] executing command
 ** [out :: lucid] * Reconfiguring network interfaces...
 ** [out :: lucid]

Advanced Tip
I set the following in ~/.caprc so I don’t get prompted for DNS servers and search path.

set :network_dns_nameservers, '192.231.203.132 192.231.203.3'
set :network_dns_search_path, 'failmode.com'
]]> http://deprec.org/recipes/network/feed/ 0 SSH http://deprec.org/recipes/ssh/?utm_source=rss&utm_medium=rss&utm_campaign=ssh http://deprec.org/recipes/ssh/#comments Wed, 25 May 2011 13:38:05 +0000 http://deprec.org/?p=278 You want to disable password based access to servers so you need a painless way to manage users ssh pubkeys. These recipes help you do both.

Setup a user’s SSH public keys

If you’re setting up keys for yourself  you can just hit enter. deprec looks in your homedir for your public key.

If you’re pushing out keys for another user, deprec looks for their key and alerts you if it can’t be found.

$ cap deprec:ssh:setup_keys HOSTS=lucid
    triggering load callbacks
  * executing `deprec:connect_canonical_tasks'
  * executing `deprec:ssh:setup_keys'
Setup keys for which user?  |mbailey|
fred

          Could not find ssh public key(s) for user fred

          Please create file containing ssh public keys in:

          config/ssh/authorized_keys/fred

Push out some smarter SSH configs

While you *could* just push out my version of sshd_config without reading through it that would be placing blind faith in me and rubygems.org. We’re going to generate the configs locally and then push them out instead

Generate a copy of SSH configs to keep under source control

$ cap deprec:ssh:config_gen
    triggering load callbacks
  * executing `deprec:connect_canonical_tasks'
  * executing `deprec:ssh:config_gen'

File exists (config/ssh/etc/ssh/sshd_config).
    Overwrite? ([y]es, [n]o, [d]iff)  |n|
y
[done] config/ssh/etc/ssh/sshd_config written
[skip] Identical file exists (config/ssh/etc/ssh/ssh_config).

Finally push out some smarter SSH configs

deprec’s :config tasks always push out local copies of config files in preference to generating them.

cap deprec:ssh:config HOSTS=lucid
]]> http://deprec.org/recipes/ssh/feed/ 0 Users http://deprec.org/recipes/users/?utm_source=rss&utm_medium=rss&utm_campaign=users http://deprec.org/recipes/users/#comments Wed, 25 May 2011 13:34:25 +0000 http://deprec.org/?p=274 Create user accounts on remote servers complete with public key access and sudo access if desired. This is handy when you’re given the root account of a new VPS and want to create an account for yourself. It’s also great for adding a new user to multiple accounts in parallel.

Change root password

I run this when I’m given the root account of a new VPS.

$ cap deprec:users:passwd HOSTS=lucid1 USER=root
triggering load callbacks 
* executing `deprec:connect_canonical_tasks' 
* executing `deprec:users:passwd' 
Enter userid |root|
Enter new password for root ********

Create a new user account

$ cap deprec:users:add HOSTS=lucid 
triggering load callbacks 
* executing `deprec:connect_canonical_tasks' 
* executing `deprec:users:add' 
Enter userid |mbailey| 
Should this be an admin account? |no| 
yes 
Enter new password for mbailey ******** 
Re-enter new password for mbailey ********

Change other user’s password

This can be a lot quicker than SSH’ing into a number of hosts to change a user’s password.

$ cap deprec:users:passwd HOSTS=lucid1,lucid2,lucid3,lucid4 
triggering load callbacks 
* executing `deprec:connect_canonical_tasks' 
* executing `deprec:users:passwd' 
Enter userid |mbailey| 
Enter new password for mbailey ********
]]> http://deprec.org/recipes/users/feed/ 0