GitLocker: The Coding Marketplace

Description:

povfabrichelpers 0.3

Fabric Helpers
This is a collection of helpers we use in Fabric scripts. They’re primarily
intended to manage Ubuntu servers (12.04 LTS or 14.04 LTS).

Contents

Fabric Helpers

Helpers (aka why would I want this?)
Instance management API
Usage

Usage as a git submodule

Testing Fabfiles with Vagrant

Changelog

0.3 (2016-09-11)
0.2 (2015-08-06)
0.1 (2014-11-19)

Helpers (aka why would I want this?)
APT packages:

ensure_apt_not_outdated() - runs apt-get update at most once a day
install_packages("vim screen build-essential")
install_missing_packages("vim screen build-essential")
if not package_installed('git'): ...
if not package_available('pov-admin-helpers'): ...

User accounts:

ensure_user("myusername")

SSH:

ensure_known_host("example.com ssh-rsa AAA....")

Locales:

ensure_locales("en", "lt")

Files and directories:

ensure_directory("/srv/data", mode=0o700)
upload_file('crontab', '/etc/cron.d/mycrontab')
generate_file('crontab.in', '/etc/cron.d/mycrontab', context, use_jinja=True)
download_file('/home/user/.ssh/authorized_keys', 'https://example.com/ssh.pubkey')

GIT:

git_clone("git@github.com:ProgrammersOfVilnius/project.git", "/opt/project")
git_update("/opt/project")

PostgreSQL:

ensure_postgresql_user("username")
ensure_postgresql_db("dbname", "owner")

Apache:

ensure_ssl_key(...)
install_apache_website('apache.conf.in', 'example.com', context, use_jinja=True, modules='ssl rewrite proxy_http')`

Postfix:

install_postfix_virtual_table('virtual', '/etc/postfix/virtual.example.com')`
make_postfix_public()

Keeping a changelog in /root/Changelog (requires
/usr/sbin/new-changelog-entry from pov-admin-tools)

changelog("# Installing stuff")
changelog_append("# more stuff")
changelog_banner("Installing stuff")
run_and_changelog("apt-get install stuff")

plus many other helpers have changelog and/or changelog_append
arguments to invoke these implicitly.

Instance management API
All of my fabfiles can manage several instances of a particular service.
Externally this looks like
fab instance1 task1 task2 instance2 task3
which executes Fabric tasks task1 and task2 on instance instance1
and then executes task3 on instance2.
An instance defines various parameters, such as

what server hosts it
where on the filesystem it lives
what Unix user IDs are used
what database is used for this instance
etc.

To facilitate this pov_fabric provides three things:

An Instance class that should be subclassed to provide your own instances
from pov_fabric import Instance as BaseInstance

class Instance(BaseInstance):
def __init__(self, name, host, home='/opt/sentry', user='sentry',
dbname='sentry'):
super(Instance, self).Instance.__init__(name, host)
self.home = home
self.user = user
self.dbname = dbname
and since that’s a bit repetitive there’s a helper
from pov_fabric import Instance as BaseInstance

Instance = BaseInstance.with_params(
home='/opt/sentry',
user='sentry',
dbname='sentry',
)
which is equivalent to the original manual subclassing.
(BTW you can also add parameters with no sensible default this way, e.g.
BaseInstance.with_params(user=BaseInstance.REQUIRED).)

An Instance.define() class method that defines new instances and
creates tasks for selecting them
Instance.define(
name='testing',
host='root@vagrantbox',
)
Instance.define(
name='production',
host='server1.pov.lt',
)
Instance.define(
name='staging',
host='server1.pov.lt',
home='/opt/sentry-staging',
user='sentry-staging',
dbname='sentry-staging',
)
(BTW you can also define aliases with Instance.define_alias('prod', 'production').)

A get_instance() function that returns the currently selected instance
(or aborts with an error if the user didn’t select one)
from pov_fabric import get_instance

@task
def look_around():
instance = get_instance()
with settings(host_string=instance.host):
run('hostname')

Previously I used a slightly different command style
fab task1:instance1 task2:instance1 task3:instance2
and this can still be supported if you write your tasks like this
@task
def look_around(instance=None):
instance = get_instance(instance)
with settings(host_string=instance.host):
run('hostname')
Be careful if you mix styles, e.g.
fab instance1 task1 task2:instance2 task3
will run task1 and task3 on instance1 and it will run task2 on
instance2.

Usage
Get the latest release from PyPI:
pip install pov-fabric-helpers
and then import the helpers you want in your fabfile.py
from fabric.api import ...
from pov_fabric import ...

Usage as a git submodule
You can add this repository as a git submodule
cd ~/src/project
git submodule add https://github.com/ProgrammersOfVilnius/pov-fabric-helpers
and in your fabfile.py add
sys.path.insert(0, os.path.join(os.path.dirname(__file__), 'pov-fabric-helpers'))
if not os.path.exists(os.path.join(sys.path[0], 'pov_fabric.py')):
sys.exit("Please run 'git submodule update --init'.")
from pov_fabric import ...

Testing Fabfiles with Vagrant
I don’t know about you, but I was never able to write a fabfile.py that worked
on the first try. Vagrant was very useful for testing fabfiles without
destroying real servers in the process. Here’s how:

Create a Vagrantfile somewhere with
Vagrant.configure("2") do |config|
config.vm.box = "ubuntu/precise64" # Ubuntu 12.04
config.vm.provider :virtualbox do |vb|
vb.customize ["modifyvm", :id, "--memory", "1024"]
end
end

Run vagrant up
Run vagrant ssh-config and copy the snippet to your ~/.ssh/config,
but change the name to vagrantbox, e.g.
Host vagrantbox
HostName 127.0.0.1
User vagrant
Port 2222
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
PasswordAuthentication no
IdentityFile ~/.vagrant.d/insecure_private_key
IdentitiesOnly yes
LogLevel FATAL

Test that ssh vagrantbox works
In your fabfile.py create a testing instance
Instance.define(
name='testing',
host='vagrant@vagrantbox',
...
)

Test with fab testing install etc.

Changelog

0.3 (2016-09-11)

register_host_key() now takes fingerprints so you can specify both
MD5 and SHA256 fingerprints.
Use either register_host_key(key, fingerprint=md5_fprint) or
register_host_key(key, fingerprints=[md5_fprint, sha256_fprint]).

Low-level helper ssh_key_fingerprint() now takes force_md5 so you
can insist on MD5 instead of whatever OpenSSH gives you by default (which is
SHA256 for modern OpenSSH).

0.2 (2015-08-06)

New helpers:

git_update(), register_host_key(),
ensure_locales(),
changelog_banner(), run_and_changelog(),
has_new_changelog_message(),
install_missing_packages(), package_available(),
upload_file(), generate_file(), ensure_directory(),
download_file(),
install_postfix_virtual_table(),
install_apache_website(),
ensure_ssl_key().

New optional arguments for existing helpers:

git_clone() now takes branch and changelog.
ensure_user() now takes shell, home, create_home, and
changelog.
install_packages() now takes changelog.
changelog() now takes context.
changelog_append() now takes context and optional.
changelog_banner() now takes context and optional.

Increased safety:

all helpers check their arguments for unsafe shell metacharacters.
changelog() and friends quote the arguments correctly.

Improved instance API:

allow str.format(**instance) (by making Instance a subclass of
dict).
allow instance aliases defined via Instance.define_alias(alias, name)
static method.

Bugfixes:

ensure_postgresql_db() now works correctly on Ubuntu 14.04.
run_as_root now correctly handles env.host_string with no
username part.

New low-level helpers you’re probably not interested in, unless you’re
writing your own helpers:

aslist(), assert_shell_safe(),
ssh_key_fingerprint(),
render_jinja2(), render_sinterp(),
parse_git_repo(),
generate_ssl_config(), generate_ssl_key(), generate_ssl_csr(),
get_postfix_setting(), parse_postfix_setting(),
add_postfix_virtual_map(), add_postfix_setting(),
run_as_root().

0.1 (2014-11-19)

First public release.
Helpers:

ensure_apt_not_outdated(), package_installed(),
install_packages(),
ensure_known_host(), ensure_user(),
git_clone(),
ensure_postgresql_user(), ensure_postgresql_db(),
changelog(), changelog_append().

Instance API:

class Instance, Instance.with_params(),
Instance.REQUIRED, Instance.define().
instance._asdict().
get_instance().

Low-level helpers you’re probably not interested in, unless you’re
writing your own helpers:

asbool(),
postgresql_user_exists(), postgresql_db_exists().