SSH key passphrase with git pull using Fabric

StackOverflow https://stackoverflow.com/questions/12408130

Domanda

I'm trying to automate deployment of application using fabric.

The application code is hosted on GitHub and rolling out a new version is very straightforward - just do 'git pull' and that's it. The application is hosted on 100 servers, so I would like to automate deployment. Fabfile.py:

def deploy():
  code_path = '/home/myuser/myapp'
  with cd(code_path):
    run('git pull')
    run('git submodule update --init --recursive')

The problem is, on every git command I get a promt: Enter passphrase for key '/home/myuser/.ssh/id_rsa:

Is there a way to automatically input the passphrase? It's the same on every server and the same as sudo password

I've tried to fexpect library, but I'm wondering whether there is better (i.e. standard) way of doing it.

È stato utile?

Soluzione

You can also use a ssh key agent and use the agent forwarding. Always put a password on keys. Github has good docs on how to utilize this here.

Fabric should now also have agent forwarding ability. I've run into troubles with it in some corner cases, but gotten around them with an explicit local('ssh -A...) as a work around until the issue is resolved.

Altri suggerimenti

Although I consider ssh-aget forwarding described in the accepted answer to be a preferable solution (if you get it worked), but there is alternative to it, provided by Fabric itself:
Fabric has it's own "password" settings option (i.e. env.password entry). you can make fabric to automatically input the passphrase (and sudo passwod) if you set the env.password (see documentation):

password

Default: None

The default password used by the SSH layer when connecting to remote hosts, and/or when answering sudo prompts.

 

You can set password with it either of following options:

  • using env.password = 'PASSWORD' directly in code inside "fabfile.py",
  • in command line as an option to fab command, using -p PASSWORD or --password=PASSWORD (documentation).
  • As an another option you can put passwod=PASSWORD line in a ~/.fabricrc (documentation) which gets loaded before each fab command and neither command line option nor code change is required if you use this option.

Don't use pass phrases when making a key. Simply press enter and then again to confirm. You can also have more than one key. Some with passwords, some without.

Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top