1,760
edits
Changes
→PART 2: running privileged commands on remote machines
==PART 3: Set up SSH login with public key authentication ==
: In order for your controller workstation you to automate run multiple tasks execution on your VMmultiple remote machines without typing the in the password for each connection, you need to configure your VM to accept SSH public key authentication instead of in addtion to password authentication. You've done this in both OPS235 and OPS335, and here is a summary on of how to do it between your account on matrix and your VM:
: Create a new SSH key pair (one private, and one public) under your account on matrix.senecacollege.ca.
ssh-copy-id -i ~/.ssh/id_rsa.pub -p 7200 student@myvmlab.senecacollege.ca
</source>
: The above command should add the contents of your pub key to ~/.ssh/authorized_keys under your student account on your VM.[Note: If you want to setup another controller workstation, you can either copy to '''private key''' to it, or generate another SSH key pair, and copy the '''public key''' to the VM.]: Verify and confirm that your account on matrix can SSH to your VM as 'student' without prompting being prompted for a password:<source lang='bash'>
[raymond.chan@mtrx-node05pd lab8]$ ssh -p 7200 student@myvmlab.senecacollege.ca
Last login: Fri Jul 3 12:46:19 2020 from mtrx-node05pd.dcm.senecacollege.ca
[raymond.chan@mtrx-node05pd lab8]$
</source>
: If you got similar result as shown above, you have successfully configure configured your controller workstation and your VM to use public key authentication.
=INVESTIGATION 2 - Running the fab command in ad-hoc mode =
== PART 2: running privileged commands on remote machines ==
: <font color='red'><b>**WARNING** Run privileged commands incorrectly with sudo may cause irreparable damage to your remote machine.</b></font>
: We say that running an ad-hoc fab command is very similar to the SSH command with shell commands attached at the end. Let's try both with privileged commands, like the "yum" command.
[student@centos7 ~]$
</source>
: The above tests confirm confirmed that the student user is allowed to execute the sudo command to run the yum command to install and remove rpm packagepackages. Now let's logout from the VM and go back to matrix. On matrix, try to run the sudo command using SSH:<source lang='bash'>
[student@centos7 ~]$ exit
logout
fab --host=myvmlab.senecacollege.ca --port=7200 --user=student -- 'sudo yum install tree -y'
</source>
: Type in your user student's password when prompted for "sudo password", the '''yum install ''' command to should be executed successfully and install the '''tree ''' rpm package should be executed successfully. If the tree rpm package is already installed, you can remove it with the following ad-hoc fab command: <source lang='bash'>
fab --host=myvmlab.senecacollege.ca --port=7200 --user=student -- 'sudo yum remove tree -y'
</source>
= INVESTIGATION 3: Running the fab command in script mode =
= Lab Exercise: Create a Fabric task called makeUser() =
: Study the Fabric API run(), sudo(), local(), and put() and utilize them to create a new Fabric task called makeUser()
: The makeUser() task should perform the following on a remote machine to:
:* create a new user called "ops435p" with home directory "/home/ops435p".
:* add the new user to the sudo group called "wheel".
:* from your instructor, get the ssh public key which is posted on the internet to your controller workstation.:* add the ssh public key obtained from your instructor to the file named "authorized_keys" in the ~ops435p/.ssh directoryon the remote machine. (Note: Make sure that you set the proper ownership and permissions on both the directory ~ops435p/.ssh and the file "~ops435p/.ssh/authorized_keys.)
:Add the makeUser() to your final version of fabfile.py.
:Run the new task makeUser() on your VM.
