kopia lustrzana https://github.com/piku/piku
Installation instructions and SSH key helper
rodzic
289ec38e96
commit
86069f58cd
114
INSTALL.md
114
INSTALL.md
|
@ -4,18 +4,119 @@ These installation notes should cover most Debian Linux variants (on any archite
|
|||
|
||||
You can, however, run `piku` on any POSIX-like environment where you have Python, [uWSGI][uwsgi] and SSH.
|
||||
|
||||
_TODO: describe the overall installation process._
|
||||
For installation, you only require `root`/`sudo` access and the following two files:
|
||||
|
||||
* `piku.py`
|
||||
* `uwsgi-piku.dist`
|
||||
|
||||
Copy them across to the machine you'll be using as a server before you get started with the rest.
|
||||
|
||||
## Setting up the `piku` user (Debian Linux, any architecture)
|
||||
|
||||
_TODO: describe the need for a separate user and why it's configured this way._
|
||||
|
||||
If you're impatient, you need to make sure you have a `~/.ssh/authorized_keys` file that looks like this:
|
||||
`piku` requires a separate user account to run. To create a new user with the right group membership (we're using the built-in `www-data` group because it's generally thought of as a less-privileged group), enter the following commands:
|
||||
|
||||
```bash
|
||||
command="FINGERPRINT=<your SSH fingerprint, not used right now> NAME=default /home/piku/piku.py $SSH_ORIGINAL_COMMAND",no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding <your ssh key>
|
||||
sudo adduser --disabled-password --gecos 'PaaS access' --ingroup www-data piku
|
||||
```
|
||||
|
||||
This user _is not supposed to login to your system_. Instead, you'll interact with `piku` via SSH, and set things up by using `su`:
|
||||
|
||||
```bash
|
||||
sudo su - piku
|
||||
mkdir ~/.ssh
|
||||
chmod 700 ~/.ssh
|
||||
# now copy the piku script to this user account
|
||||
cp /tmp/piku.py .
|
||||
```
|
||||
|
||||
## Dependencies
|
||||
|
||||
Before running `piku` for the first time, you need to install the following Python packages at the system level:
|
||||
|
||||
```bash
|
||||
sudo pip install -U click virtualenv
|
||||
```
|
||||
|
||||
These may or may not be installed already (`click` usually isn't).
|
||||
|
||||
## Setting up SSH access
|
||||
|
||||
If you don't have an SSH public key (or never used one before), you need to create one. The following instructions assume you're running some form of UNIX on your own machine (Windows users should check the documentation for their SSH client, unless you have [Cygwin][cygwin] installed).
|
||||
|
||||
**On your own machine**, issue the `ssh-keygen` command and follow the prompts:
|
||||
|
||||
```bash
|
||||
$ ssh-keygen
|
||||
Generating public/private rsa key pair.
|
||||
Enter file in which to save the key (/home/youruser/.ssh/id_rsa):
|
||||
Created directory '/home/youruser/.ssh'.
|
||||
Enter passphrase (empty for no passphrase):
|
||||
Enter same passphrase again:
|
||||
Your identification has been saved in /home/youruser/.ssh/id_rsa.
|
||||
Your public key has been saved in /home/youruser/.ssh/id_rsa.pub.
|
||||
The key fingerprint is:
|
||||
85:29:07:cb:de:ad:be:ef:42:65:00:c8:d2:6b:9e:ff youruser@yourlaptop.lan
|
||||
The key's randomart image is:
|
||||
+--[ RSA 2048]----+
|
||||
<...>
|
||||
+-----------------+
|
||||
```
|
||||
|
||||
## Adding the key to `piku`
|
||||
|
||||
Copy the resulting `id_rsa.pub` (or equivalent, just make sure it's the _public_ file) to your `piku` server and do the following:
|
||||
|
||||
```bash
|
||||
su - piku
|
||||
python piku.py setup:ssh /tmp/id_rsa.pub
|
||||
Adding key '85:29:07:cb:de:ad:be:ef:42:65:00:c8:d2:6b:9e:ff'.
|
||||
Setting '/home/piku/piku.py' as executable.
|
||||
```
|
||||
|
||||
Now if you look at `.ssh/authorized_keys`, you should see something like this:
|
||||
|
||||
```bash
|
||||
cat .ssh/authorized_keys
|
||||
command="FINGERPRINT=85:29:07:cb:de:ad:be:ef:42:65:00:c8:d2:6b:9e:ff NAME=default /home/piku/piku.py $SSH_ORIGINAL_COMMAND",no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhTYZi/qeJBKgU3naI8FNjQgeMYnMsEtqrOmUc4lJoPNH2qBUTNkzwThGqsBm2HNLPURWMiEifBqF+kRixMud67Co7Zs9ys7pwFXkJB9bbZasd2JCGfVZ4UYXHnvgejSWkLAV/4bObhsbP2vWOmbbm91Cwn+PGJgoiW08yrd45lsDmgv9cUAJS3e8LkgVELvIDg49yM5ArB88oxwMEoUgWU2OniHmH0o1zw5I8WXHRhHOjb8cGsdTYfXEizRKKRTM2Mu6dKRt1GNL0UbWi8iS3uJHGD3AcQ4ApdMl5X0gTixKHponStOrSMy19/ltuIy8Sjr7KKPxz07ikMYr7Vpcp youruser@yourlaptop.lan
|
||||
```
|
||||
|
||||
This line is what enables you to SSH (and perform `git` over SSH operations) to the `piku` user, restricting what can be done remotely and passing on to `piku` itself the commands you'll be issuing.
|
||||
|
||||
## Testing
|
||||
|
||||
From your machine, do:
|
||||
|
||||
```bash
|
||||
$ ssh piku@pi.lan
|
||||
Usage: piku.py [OPTIONS] COMMAND [ARGS]...
|
||||
|
||||
The smallest PaaS you've ever seen
|
||||
|
||||
Options:
|
||||
--help Show this message and exit.
|
||||
|
||||
Commands:
|
||||
apps List applications
|
||||
config Show application configuration
|
||||
config:get Retrieve a configuration setting
|
||||
config:live Show live configuration settings
|
||||
config:set Set a configuration setting
|
||||
deploy Deploy an application
|
||||
destroy Destroy an application
|
||||
disable Disable an application
|
||||
enable Enable an application
|
||||
git-hook INTERNAL: Post-receive git hook
|
||||
git-receive-pack INTERNAL: Handle git pushes for an app
|
||||
logs Tail an application log
|
||||
ps Show application worker count
|
||||
ps:scale Show application configuration
|
||||
restart Restart an application
|
||||
setup:ssh Set up a new SSH key
|
||||
Connection to pi.lan closed.
|
||||
```
|
||||
|
||||
And that's it, you're set. Now to configure [uWSGI][uwsgi], which is what `piku` relies upon to manage your apps at runtime.
|
||||
|
||||
## uWSGI Installation (Debian Linux variants, any architecture)
|
||||
|
||||
[uWSGI][uwsgi] can be installed in a variety of fashions. However, these instructions assume you're installing it from source, and as such may vary from system to system.
|
||||
|
@ -32,7 +133,7 @@ sudo pip install uwsgi
|
|||
sudo ln -s `which uwsgi` /usr/local/bin/uwsgi-piku
|
||||
|
||||
# set up our init script
|
||||
sudo cp uwsgi-piku.dist /etc/init.d/uwsgi-piku
|
||||
sudo cp /tmp/uwsgi-piku.dist /etc/init.d/uwsgi-piku
|
||||
sudo chmod +x /etc/init.d/uwsgi-piku
|
||||
sudo update-rc.d uwsgi-piku defaults
|
||||
sudo service uwsgi-piku start
|
||||
|
@ -67,3 +168,4 @@ _TODO: complete this._
|
|||
|
||||
[goarm]: http://dave.cheney.net/unofficial-arm-tarballs
|
||||
[uwsgi]: https://github.com/unbit/uwsgi
|
||||
[cygwin]: http://www.cygwin.com
|
|
@ -15,11 +15,11 @@ From the bottom up:
|
|||
- [ ] Proxy deployments to other nodes (build on one box, deploy to many)
|
||||
- [ ] Support Clojure/Java deployments
|
||||
- [ ] CLI command documentation
|
||||
- [ ] Complete installation instructions (see `INSTALL.md` for a working draft)
|
||||
- [ ] Support barebones binary deployments
|
||||
- [ ] Sample Go app
|
||||
- [ ] Support Go deployments
|
||||
- [ ] Installation helper/SSH key add
|
||||
- [x] Complete installation instructions (see `INSTALL.md`, which also has a draft of Go installation steps)
|
||||
- [x] Installation helper/SSH key setup
|
||||
- [x] Worker scaling
|
||||
- [x] Remote CLI commands for changing/viewing applied/live settings
|
||||
- [x] Remote tailing of all logfiles for a single application
|
||||
|
|
27
piku.py
27
piku.py
|
@ -4,8 +4,8 @@ import os, sys, stat, re, shutil, socket
|
|||
from click import argument, command, group, option, secho as echo
|
||||
from collections import defaultdict, deque
|
||||
from glob import glob
|
||||
from os.path import abspath, basename, dirname, exists, getmtime, join, splitext
|
||||
from subprocess import call
|
||||
from os.path import abspath, basename, dirname, exists, getmtime, join, realpath, splitext
|
||||
from subprocess import call, check_output
|
||||
from time import sleep
|
||||
|
||||
# === Globals - all tweakable settings are here ===
|
||||
|
@ -57,6 +57,8 @@ def setup_authorized_keys(ssh_fingerprint, script_path, pubkey):
|
|||
# Restrict features and force all SSH commands to go through our script
|
||||
with open(authorized_keys, 'a') as h:
|
||||
h.write("""command="FINGERPRINT=%(ssh_fingerprint)s NAME=default %(script_path)s $SSH_ORIGINAL_COMMAND",no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding %(pubkey)s\n""" % locals())
|
||||
os.chmod(authorized_keys, stat.S_IRUSR | stat.S_IWUSR)
|
||||
|
||||
|
||||
|
||||
def parse_procfile(filename):
|
||||
|
@ -538,6 +540,27 @@ def deploy_app(app, settings):
|
|||
spawn_app(app, deltas)
|
||||
|
||||
|
||||
@piku.command("setup:ssh")
|
||||
@argument('public_key_file')
|
||||
def add_key(public_key_file):
|
||||
"""Set up a new SSH key"""
|
||||
|
||||
if exists(public_key_file):
|
||||
try:
|
||||
fingerprint = check_output('ssh-keygen -lf %s' % public_key_file, shell=True).split(' ',4)[1]
|
||||
if re.match('(([0-9a-f]{2}\:){16})', '%s:' % fingerprint):
|
||||
key = open(public_key_file).read().strip()
|
||||
echo("Adding key '%s'." % fingerprint, fg='white')
|
||||
this_script = realpath(__file__)
|
||||
setup_authorized_keys(fingerprint, this_script, key)
|
||||
# mark this script as executable (in case we were invoked via interpreter)
|
||||
if not(os.stat(this_script).st_mode & stat.S_IXUSR):
|
||||
echo("Setting '%s' as executable." % this_script, fg='yellow')
|
||||
os.chmod(realpath(this_script), os.stat(this_script).st_mode | stat.S_IXUSR)
|
||||
except:
|
||||
echo("Error: invalid public key file '%s'" % public_key_file, fg='red')
|
||||
|
||||
|
||||
@piku.command("logs")
|
||||
@argument('app')
|
||||
def tail_logs(app):
|
||||
|
|
Ładowanie…
Reference in New Issue