1,760
edits
Changes
→PART 2: running privileged commands on remote machines
= LAB OBJECTIVES =
:0. Review SSH setup and SSH remote shell command execution:1. Explore the Fabric Python library (Fabric API) and its command line tool "fab".:2. Create Fabric scripts utilizing Fabric's API and environment objects to define tasks for the '''fab''' command.
:3. Use the '''fab''' command to execute fabric script to perform pre-defined tasks on remote Linux machines.
== Prerequisites ==
:# Has the user account named "stduent" and password for your VM with access port on myvmlab.senecacollege.ca
:# Regular account on Matrix.senecacollege.ca
== Overview ==
: Fabric is a Python library and command-line tool for streamlining the use of SSH for application deployment or system administration tasks. It has two major components:
:# a command-line interface program called "fab" that which lets you execute arbitrary Python functions on local and remote machines.
:# a set of Python APIs that you can use and call in your Python functions to make executing shell commands over SSH much easier.
: We are going to use the Fabric API to define tasks and its use the '''fab''' command to define and execute Python functions (those tasks on one or tasks), to automate interactions with more remote Linux machines in this lab.
== REFERENCE ==
:[http://www.fabfile.org/]
|}
: <font color='blue'>Please note that the version of Fabric currently installed on matrix.senecacollege.ca for this lab is 1.14 .0 and it supports only Python version 2.</font> The Fabric script files we are going to create in this lab have to meet Python version 2.x requirements. (e.g. print is a keyword, not a built-in function in Python 2.x)
:2. You should have some experience on the following topics in OPS235 and or OPS335. Please review them to prepare for the activities in this lab:
:* create and configure a regular user on a Linux system.
:* Configure sudoers using the visudo command
:* using the yum command to install, remove, and update rpm packages
= INVESTIGATION 1: The Fabric Environment =
:# Controller workstation - the machine that has the Fabric package installed and runs the "fab" command
:## the Fabric Python Library (aka the fabric api)- the fabric package (already installed on matrix):## the Fabric API - fabric.api:## the Fabric command - '''fab''': run runs Fabric script, name of the script is default to fabfile.py in the current working directory unless specified otherwise with the '-f' option.
:## Fabric script: contains fabric environment object value and Python functions (or tasks) to be executed by the '''fab''' command.
:# Remote machine: the target machine on which one or more Fabric tasks will be executed.
:## running the ssh server daemon
:## use public key (or password based) authentication for ssh connectionconnections
== PART 1 - Configure and test your controller workstation ==
number of concurrent processes to use in parallel mode
</source>
<font color='green'><b>Please note pay special attention and study the following command-line options for '''fab''' as they will be used in some of the activities in this lab:
:# -H,
:# -f,
:* password: (let's assume it is 'P@ssw0rd' for the following instruction in this lab)
:* port number for SSH access via myvmlab.senecacollege.ca (e.g. 7200)
: This VM will be used as the remote Linux machine in our Fabric environment. Login to matrix and try the following SSH command to test the connectivity between matrix and your assignment assigned VM:
<pre>
[raymond.chan@mtrx-node05pd lab8]$ ssh -p 7200 student@myvmlab.senecacollege.ca
student@myvmlab.senecacollege.ca's password:[type the password for the student user here]
Last login: Fri Jul 3 11:06:24 2020 from mtrx-node05pd.dcm.senecacollege.ca
</pre>
</source>
:The three shell commands: hostname, id, and df were executed sequentially. Compare the outputs above with the previous results when executing the corresponding commands in the login shell.
:Please note that you were your VM was configured to asked to provide for the user's password for every SSH connectionattemp. We are going to change that behaviour next.
==PART 3: Set up SSH login with public key authentication ==
: In order for your controller workstation you to automate run multiple tasks execution on your VMmultiple remote machines without typing the in the password for each connection, you need to configure your VM to accept SSH public key authentication instead of in addtion to password authentication. You've done this in both OPS235 and OPS335, and here is a summary on of how to do it between your account on matrix and your VM:
: Create a new SSH key pair (one private, and one public) under your account on matrix.senecacollege.ca.
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 7200 student@myvmlab.senecacollege.ca
</source>
: The above command should add the contents of your pub key to ~/.ssh/authorized_keys under your student account on your VM.[Note: If you want to setup another controller workstation, you can either copy to '''private key''' to it, or generate another SSH key pair, and copy the '''public key''' to the VM.]: Verify and confirm that your account on matrix can SSH to your VM as 'student' without prompting being prompted for a password:<source lang='bash'>
[raymond.chan@mtrx-node05pd lab8]$ ssh -p 7200 student@myvmlab.senecacollege.ca
Last login: Fri Jul 3 12:46:19 2020 from mtrx-node05pd.dcm.senecacollege.ca
[raymond.chan@mtrx-node05pd lab8]$
</source>
: If you got similar result as shown above, you have successfully configure configured your controller workstation and your VM to use public key authentication.
=INVESTIGATION 2 - Running the fab command in ad-hoc mode =
== PART 2: running privileged commands on remote machines ==
: <font color='red'><b>**WARNING** Run privileged commands incorrectly with sudo may cause irreparable damage to your remote machine.</b></font>
: We say that running an ad-hoc fab command is very similar to the SSH command with shell commands attached at the end. Let's try both with privileged commands, like the "yum" command.
[student@centos7 ~]$
</source>
: The above tests confirm confirmed that the student user is allowed to execute the sudo command to run the yum command to install and remove rpm packagepackages. Now let's logout from the VM and go back to matrix. On matrix, try to run the sudo command using SSH:<source lang='bash'>
[student@centos7 ~]$ exit
logout
fab --host=myvmlab.senecacollege.ca --port=7200 --user=student -- 'sudo yum install tree -y'
</source>
: Type in your user student's password when prompted for "sudo password", the '''yum install ''' command to should be executed successfully and install the '''tree ''' rpm package should be executed successfully. If the tree rpm package is already installed, you can remove it with the following ad-hoc fab command: <source lang='bash'>
fab --host=myvmlab.senecacollege.ca --port=7200 --user=student -- 'sudo yum remove tree -y'
</source>
= INVESTIGATION 3: Running the fab command in script mode =
= Lab Exercise: Create a Fabric task called makeUser() =
: Study the Fabric API run(), sudo(), local(), and put() and utilize them to create a new Fabric task called makeUser(): The makeUser() function task should perform the followingon a remote machine to:
:* create a new user called "ops435p" with home directory "/home/ops435p".
:* add it the new user to the sudo group called "wheel". :* ask from your professor for a instructor, get the ssh public key and which is posted on the internet to your controller workstation.:* add it the ssh public key obtained from your instructor to the file named "authorized_keys" in the ~ops435p/.ssh directoryon the remote machine. (Note: Make sure that you set the proper ownership and permissions on both the directory ~ops435p/.ssh and the file "~ops435p/.ssh/authorized_keys.)
:Add the makeUser() to your final version of fabfile.py.
:Run the new task makeUser() on your VM.
