|
| 1 | +# fabric2 |
| 2 | +fabric2 is the upgrade from fabric1 |
| 3 | + |
| 4 | +## why use fabric2? |
| 5 | + |
| 6 | +The whole purpose of fabric, is to allow you to perform tasks on infrastructure. |
| 7 | +Running commands, inside of ec2 instances (including magento2 deployments) |
| 8 | +Running commands inside docker containers |
| 9 | +Running magento2 bin commands |
| 10 | + |
| 11 | +All of the above, across multiple instances, via instance discovery, all, in parallel |
| 12 | + |
| 13 | +fabric is great for the following reasons |
| 14 | +* written in python |
| 15 | +* supports python3 |
| 16 | +* zero setup on your ec2 instances |
| 17 | +* communication through SSH (supports user SSH config files - see examples) |
| 18 | +* zero setup on the instances |
| 19 | +* with boto3 fabric can do much much more than just issue SSH commands |
| 20 | +* extremely flexible |
| 21 | + |
| 22 | +## Install fabric2 |
| 23 | +Clone repo, then run |
| 24 | +```pip3 install -r requirements.txt``` |
| 25 | + |
| 26 | +## setup |
| 27 | +#### AWS Profiles |
| 28 | + |
| 29 | +I use a aws credentials file for my projects |
| 30 | +and example should look like the below. The company name here is important |
| 31 | +because we will be using it in our variables.env file (and finally in our fabfile.py) |
| 32 | + |
| 33 | +```bash |
| 34 | +❯❯❯ cat ~/.aws/credentials |
| 35 | + |
| 36 | +[default] |
| 37 | +region=eu-west-1 |
| 38 | + |
| 39 | +[company-stg] |
| 40 | +region=REGION |
| 41 | +aws_access_key_id=ACCESS_KEY |
| 42 | +aws_secret_access_key=SECRET |
| 43 | + |
| 44 | +[company-prd] |
| 45 | +region=REGION |
| 46 | +aws_access_key_id=ACCESS_KEY |
| 47 | +aws_secret_access_key=SECRET |
| 48 | +``` |
| 49 | + |
| 50 | +#### SSH config |
| 51 | +I use ssh config files, for all my projects |
| 52 | + |
| 53 | +Inside of my ~/.ssh/config file I have the following |
| 54 | +```bash |
| 55 | +❯❯❯ cat ~/.ssh/config |
| 56 | + |
| 57 | +Include ~/.ssh/config.d/git |
| 58 | +Include ~/.ssh/config.d/company1 |
| 59 | +Include ~/.ssh/config.d/company2 |
| 60 | +Include ~/.ssh/config.d/company3 |
| 61 | + |
| 62 | +# All hosts |
| 63 | +Host * |
| 64 | + # Never ever do ForwardAgent to unknown hosts |
| 65 | + # https://blog.filippo.io/ssh-whoami-filippo-io/ |
| 66 | + ForwardAgent no |
| 67 | + # Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 |
| 68 | + UseRoaming no |
| 69 | + AddKeysToAgent yes |
| 70 | + # Might need to remove this |
| 71 | + IdentitiesOnly yes |
| 72 | +``` |
| 73 | +An example of the ~/.ssh/config.d/company1 looks like |
| 74 | +```bash |
| 75 | +❯❯❯ cat ~/.ssh/config.d/company1 |
| 76 | + |
| 77 | +# Company1 |
| 78 | +# Keys |
| 79 | +# Production |
| 80 | +Host bastion.prd.company1 |
| 81 | + HostName 1.1.1.1 |
| 82 | + IdentityFile ~/.ssh/company1-prd-key.pem |
| 83 | + User USER |
| 84 | + ForwardAgent yes |
| 85 | + StrictHostKeyChecking no |
| 86 | + UserKnownHostsFile /dev/null |
| 87 | + |
| 88 | +# Staging |
| 89 | +Host bastion.stg.company1 |
| 90 | + HostName 2.2.2.2 |
| 91 | + IdentityFile ~/.ssh/company1-stg-key.pem |
| 92 | + User USER |
| 93 | + ForwardAgent yes |
| 94 | + StrictHostKeyChecking no |
| 95 | + UserKnownHostsFile /dev/null |
| 96 | + |
| 97 | +# Proxy Commands |
| 98 | +# Production |
| 99 | +Host 10.1.*.* |
| 100 | + ProxyCommand ssh -e none % [email protected] -W %h:%p |
| 101 | + ForwardAgent yes |
| 102 | + User USER |
| 103 | + IdentityFile ~/.ssh/company1-prd-key.pem |
| 104 | + StrictHostKeyChecking no |
| 105 | + UserKnownHostsFile /dev/null |
| 106 | + |
| 107 | +# Staging |
| 108 | +Host 10.2.*.* |
| 109 | + ProxyCommand ssh -e none % [email protected] -W %h:%p |
| 110 | + ForwardAgent yes |
| 111 | + User USER |
| 112 | + IdentityFile ~/.ssh/company1-stg-key.pem |
| 113 | + StrictHostKeyChecking no |
| 114 | + UserKnownHostsFile /dev/null% |
| 115 | +``` |
| 116 | + |
| 117 | +#### Working with fabric |
| 118 | +When you issue ``fab`` you'll see the following |
| 119 | +```bash |
| 120 | +❯❯❯ fab |
| 121 | +Usage: fab [--core-opts] task1 [--task1-opts] ... taskN [--taskN-opts] |
| 122 | + |
| 123 | +Core options: |
| 124 | + |
| 125 | + --complete Print tab-completion candidates for given parse remainder. |
| 126 | + --hide=STRING Set default value of run()'s 'hide' kwarg. |
| 127 | + --no-dedupe Disable task deduplication. |
| 128 | + --print-completion-script=STRING Print the tab-completion script for your preferred shell (bash|zsh|fish). |
| 129 | + --prompt-for-login-password Request an upfront SSH-auth password prompt. |
| 130 | + --prompt-for-passphrase Request an upfront SSH key passphrase prompt. |
| 131 | + --prompt-for-sudo-password Prompt user at start of session for the sudo.password config value. |
| 132 | + --write-pyc Enable creation of .pyc files. |
| 133 | + -c STRING, --collection=STRING Specify collection name to load. |
| 134 | + -d, --debug Enable debug output. |
| 135 | + -D INT, --list-depth=INT When listing tasks, only show the first INT levels. |
| 136 | + -e, --echo Echo executed commands before running. |
| 137 | + -f STRING, --config=STRING Runtime configuration file to use. |
| 138 | + -F STRING, --list-format=STRING Change the display format used when listing tasks. Should be one of: flat (default), nested, json. |
| 139 | + -h [STRING], --help[=STRING] Show core or per-task help and exit. |
| 140 | + -H STRING, --hosts=STRING Comma-separated host name(s) to execute tasks against. |
| 141 | + -i, --identity Path to runtime SSH identity (key) file. May be given multiple times. |
| 142 | + -l [STRING], --list[=STRING] List available tasks, optionally limited to a namespace. |
| 143 | + -p, --pty Use a pty when executing shell commands. |
| 144 | + -r STRING, --search-root=STRING Change root directory used for finding task modules. |
| 145 | + -R, --dry Echo commands instead of running. |
| 146 | + -S STRING, --ssh-config=STRING Path to runtime SSH config file. |
| 147 | + -t INT, --connect-timeout=INT Specifies default connection timeout, in seconds. |
| 148 | + -T INT, --command-timeout=INT Specify a global command execution timeout, in seconds. |
| 149 | + -V, --version Show version and exit. |
| 150 | + -w, --warn-only Warn, instead of failing, when shell commands fail. |
| 151 | +``` |
| 152 | +and ``fab -l`` to list commands |
| 153 | +```bash |
| 154 | +❯❯❯ fab -l |
| 155 | +
|
| 156 | +Available tasks: |
| 157 | +
|
| 158 | + exec Execute command on systems |
| 159 | + exec-docker Execute command on a docker container running on the systems |
| 160 | + exec-magento Execute magento on the php docker container running on the systems |
| 161 | + get-hosts-info Get information about hosts |
| 162 | + ip Get local ip address |
| 163 | + report Hosts report their status |
| 164 | + set-ssh-config Set Ip Address of Bastion in ssh config file |
| 165 | +``` |
| 166 | +## Example commands |
| 167 | +```bash |
| 168 | +# get instances and their info |
| 169 | +# -f is for filter (ec2 instances filter in the console, works with wildcards) |
| 170 | +fab get-hosts-info -f "abc*" -e environment # stg | prd |
| 171 | +
|
| 172 | +# execute a command on a system |
| 173 | +fab exec -e environment -f "abc*Cron-host" -c "sudo -u root service crond status" |
| 174 | +
|
| 175 | +# creating magento users |
| 176 | +# NOTE: This command has been built to issue inside of a php docker container |
| 177 | +fab exec-magento -f "abc*Admin-host" -e environment -c "admin:user:create --admin-user='pica.chu ' --admin-password='picachu !' --admin-email='[email protected]' --admin-firstname='Pica ' --admin-lastname='Chu '" |
| 178 | +
|
| 179 | +``` |
0 commit comments