Fabric: a System Administrator's Best Friend
A Brief Word on Application Deployment
Fabric also is used in development teams to deploy new code to production. It is actually used in a fairly similar fashion to how system administrators use it (copy files, run a few commands and so on), just in a very specific manner. Because of how automated Fabric is, it's easy to incorporate it into a continuous integration cycle and even fully automate your deployment process.
env.no_agentto True, forcing your SSH layer not to talk to the SSH agent when trying to unlock private key files.
env.forward_agentto True, enabling agent forwarding.
env.abort_on_promptsto True, forcing Fabric to abort whenever it would prompt for input.
env.rcfileto the given file path, which Fabric will try to load on startup and use to update environment variables.
--display=COMMAND— prints the entire docstring for the given task, if there is one. It does not currently print out the task's function signature, so descriptive docstrings are a good idea. (They're always a good idea, of course, just more so here.)
-n M— sets the number of times to attempt connections. Sets
env.disable_known_hoststo True, preventing Fabric from loading the user's SSH known_hosts file.
--fabfile=FABFILE— the fabfile name pattern to search for (defaults to fabfile.py), or alternately an explicit file path to load as the fabfile (for example, /path/to/my/fabfile.py).
--list-format=LIST_FORMAT— allows control over the output format of
shortis equivalent to
normalis the same as simply omitting this option entirely (the default), and
nestedprints out a nested namespace tree.
env.gatewayto HOST host string.
--help— displays a standard help message with all possible options and a brief overview of what they do, then exits.
--hide=LEVELS— a comma-separated list of output levels to hide by default.
env.hoststo the given comma-delimited list of host strings.
env.exclude_hoststo the given comma-delimited list of host strings to keep out of the final host list.
-i KEY_FILENAME— when set to a file path, will load the given file as an SSH identity file (usually a private key). This option may be repeated multiple times. Sets (or appends to)
--initial-password-prompt— forces a password prompt at the start of the session (after fabfile load and option parsing, but before executing any tasks) in order to pre-fill
env.password. This is useful for fire-and-forget runs (especially parallel sessions, in which runtime input is not possible) when setting the password via
--passwordor by setting
env.passwordin your fabfile is undesirable.
env.no_keysto True, forcing the SSH layer not to look for SSH private key files in one's home directory.
env.keepaliveto the given (integer) value, specifying an SSH keepalive interval.
--linewise— forces output to be buffered line by line instead of byte by byte. Often useful or required for parallel execution.
--list— imports a fabfile as normal, but then prints a list of all discovered tasks and exits. Will also print the first line of each task's docstring, if it has one, next to it (truncating if necessary).
env.passwordto the given string; it then will be used as the default password when making SSH connections or calling the sudo program.
env.parallelto True, causing tasks to run in parallel.
env.always_use_ptyto False, causing all run/sudo calls to behave as if one had specified
env.reject_unknown_hoststo True, causing Fabric to abort when connecting to hosts not found in the user's SSH known_hosts file.
env.rolesto the given comma-separated list of role names.
--set KEY=VALUE,...— allows you to set default values for arbitrary Fabric env vars. Values set this way have a low precedence. They will not override more specific env vars that also are specified on the command line.
env.shellto the given string, overriding the default shell wrapper used to execute remote commands.
--shortlist— similar to
--list, but without any embellishment—just task names separated by newlines with no indentation or docstrings.
--show=LEVELS— a comma-separated list of output levels to be added to those that are shown by default.
env.skip_bad_hosts, causing Fabric to skip unavailable hosts.
-t N— set connection timeout in seconds. Sets
env.userto the given string; it then will be used as the default user name when making SSH connections.
--version— displays Fabric's version number, then exits.
env.warn_onlyto True, causing Fabric to continue execution even when commands encounter error conditions.
env.pool_size, which specifies how many processes to run concurrently during parallel execution.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Ubuntu Online Summit
- Devuan Beta Release
- The Qt Company's Qt Start-Up
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- May 2016 Issue of Linux Journal
- The US Government and Open-Source Software
- The Death of RoboVM
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- BitTorrent Inc.'s Sync
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide