-
Notifications
You must be signed in to change notification settings - Fork 13
/
server_setup.py
165 lines (128 loc) · 5.53 KB
/
server_setup.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
from fabric.api import *
from fabric.contrib.files import exists
from fabric.utils import abort
import string, random
def setup_webspace():
"""
Make live web space (e.g., www) and backup web space (e.g. www.backup) as root user
"""
# Change the permissions to match the correct user and group
sudo("mkdir -p %(backup_project_full_path)s" % env)
sudo("chown -R %s.%s %s" % (env.deploy_user, env.deploy_group, env.backup_pre_path))
sudo("chmod -R 775 %s" % env.backup_pre_path)
sudo("chown -R %s.%s %s" % (env.deploy_user, env.deploy_group, env.live_pre_path))
sudo("chmod -R 775 %s" % env.live_pre_path)
sudo("mkdir -p %s" % env.edoc_path)
sudo("chown -R %s.%s %s" % (env.deploy_user, env.deploy_group, env.edoc_path))
sudo("chmod -R 775 %s" % env.edoc_path)
@task(default=True)
def setup_server():
"""
Create the 'deploy' user and set up the web space and backup web space
"""
create_deploy_user_with_ssh()
setup_webspace()
@task
def create_deploy_user_with_ssh():
"""
Create 'deploy' user as root.
This function will create the deployment user. It will place
this user in the group assigned.
"""
random_password = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for _ in range(32))
# Make a deploy user with the right group membership
with settings(warn_only=True):
if sudo('getent passwd %s > /dev/null' % env.deploy_user).return_code == 0:
sudo('usermod -g %s %s' % (env.deploy_group, env.deploy_user))
else:
sudo('useradd -m -b /home -u 800 -g %s -s /bin/bash -c "deployment user" %s -p %s' \
% (env.deploy_group, env.deploy_user, random_password))
with settings(warn_only=True):
if sudo('test -d ~%s/.ssh/keys' % env.deploy_user).failed:
sudo('mkdir -p ~%s/.ssh/keys' % env.deploy_user)
path_to_authorized_keys = "~%s/.ssh/authorized_keys" % env.deploy_user
if sudo("test -e %s" % path_to_authorized_keys).succeeded:
sudo('cp %s ~%s/.ssh/keys/default.pub' % (path_to_authorized_keys, env.deploy_user))
else:
sudo("touch %s" % path_to_authorized_keys)
path_to_new_pub_key = "/home/%(deploy_user)s/.ssh/keys/%(user)s.pub" % env
put(env.pubkey_filename, path_to_new_pub_key, use_sudo=True)
sudo("cat %s >> %s" % (path_to_new_pub_key, path_to_authorized_keys))
sudo("chown -R %s.%s ~%s/.ssh" % (env.deploy_user, env.deploy_group, env.deploy_user))
update_ssh_permissions(as_root=True)
# TODO: automatically add ssh key or prompt
def update_ssh_permissions(as_root=False):
"""
Adjust perms on the 'deploy' user's ssh keys
"""
if as_root:
sudo('chmod 700 /home/%s/.ssh' % env.deploy_user)
sudo('chmod 644 /home/%s/.ssh/authorized_keys' % env.deploy_user)
sudo('chmod -R 700 /home/%s/.ssh/keys' % env.deploy_user)
else:
with settings(user=env.deploy_user):
run('chmod 700 /home/%s/.ssh' % env.deploy_user)
run('chmod 644 /home/%s/.ssh/authorized_keys' % env.deploy_user)
run('chmod -R 700 /home/%s/.ssh/keys' % env.deploy_user)
# run('chown -R %s.%s /home/%s' % (env.deploy_user, env.deploy_group, env.deploy_user))
def add_new_ssh_key_as_string(ssh_public_key_string, name):
"""
Add an ssh key to the deploy user's authorized keys from a string.
TODO: validate string is valid ssh key
ssh_public_key_string: the actual public key string
name: the name of the user this key is tied to
"""
ssh_key = ssh_public_key_string
copy_ssh_key_to_host(ssh_key,name)
rebuild_authorized_keys()
update_ssh_permissions()
@task
def add_ssh_key(path, name):
"""
Add an ssh key to the deploy user's authorized keys by providing <path>,<name>
path: the path to the file with the public key.
name: the name of the user this key is tied to.
"""
ssh_key = open(path, 'r').read()
copy_ssh_key_to_host(ssh_key, name)
rebuild_authorized_keys()
update_ssh_permissions()
@task
def rm_ssh_key(name):
"""
Remove an ssh key for the named user by providing <name>
name: the name of the user the key is tied to.
"""
rm_ssh_key_from_host(name)
rebuild_authorized_keys()
update_ssh_permissions()
def copy_ssh_key_to_host(ssh_key, name):
"""
Creates a new pub file with the name provided and
ssh key inside. Ships that pub file to the deploy
users ssh directory
ssh_key: String of ssh_key to create a new pub file from
name: the name of the user this key is tied to
"""
with settings(user=env.deploy_user):
pub_file = open('%s.pub' % name, 'w')
pub_file.write(ssh_key)
pub_file.close()
put('%s.pub' % name, '/home/%s/.ssh/keys/' % env.user)
def rm_ssh_key_from_host(name):
"""
Removes an ssh keyfile from a host
name: the name of the user this key is tied to
"""
with settings(user=env.deploy_user):
run('rm /home/%s/.ssh/keys/%s.pub' % (env.user,name))
def rebuild_authorized_keys():
"""
Take all the current pub files and recreate authorized_keys from them.
If any of the pub files are removed, they get removed from the authorized keys
and can no longer ssh in.
"""
with settings(user=env.deploy_user):
run('cat `find /home/%s/.ssh/keys/ -type f` > tmpfile' % env.deploy_user)
run('cp tmpfile /home/%s/.ssh/authorized_keys' % env.deploy_user)
run('rm tmpfile')