Ancestors

Toot

Written by Andreas Gohr on 2024-12-28 at 19:09

[#]linux question. Is there a simple deployment tool that can do the following (for a single server and single project):

1. log in to a remote ssh server as user A

2. copy files from local to remote as user B (user A has sudo permissions)

3. copying should ideally using rsync (or similar) to only copy changes

4. run a command on the remote server as root (again via sudo)

5. everything should run through a single SSH connection, not multiple ones

6. all controlled via a simple config file?

7. no daemon (other than ssh) on the remote server

I feel like this should be possible, but I can't find anything simple (I don't want to learn a full blown multi-server deployment system)

=> More informations about this toot | More toots from splitbrain@octodon.social

Descendants

Written by Mike :nixos: on 2024-12-28 at 19:10

@splitbrain on any distro? This feels like it screams to be a #nixos flake

=> More informations about this toot | More toots from codemonkeymike@fosstodon.org

Written by Justinas on 2024-12-28 at 19:27

@splitbrain sounds like something like Fabric could suit you. https://www.fabfile.org/

Fabric is basically just ssh/scp and friends wrapped neatly in a Python "DSL".

Alternatively, maybe Ansible. While it is more of a tries-to-be-declarative provisioning tool, it can absolutely do the things you listed, as well as ad-hoc commands. I would say it is more complex than Fabric tho. https://docs.ansible.com/ansible/latest/command_guide/intro_adhoc.html

=> More informations about this toot | More toots from justinas@treehouse.systems

Written by Andreas Gohr on 2024-12-28 at 19:33

@justinas I really don't want to write Python for this. Ansible would probably the correct answer if I would need this for multiple servers and projects, but the learning curve is too steep for a one-off. Looks like I have to whip up my own bash script :-/

=> More informations about this toot | More toots from splitbrain@octodon.social

Written by joat on 2024-12-28 at 19:38

@splitbrain as an aside, I think requirement 5 is impossible because of 1 and 2... I don't think multiple users can multiplex on a single SSH connection. This feels like it's too complex for a simple bash script and too simple to be worth using Ansible or similar

=> More informations about this toot | More toots from joat@mastodon.scot

Written by Ben on 2024-12-28 at 20:10

@splitbrain is User B an account on the local system or the remote?

There's probably a way to set this up with https://just.systems - - especially a shebang recipe.

=> More informations about this toot | More toots from ben_zen@social.sdf.org

Written by Andreas Gohr on 2024-12-28 at 20:25

@ben_zen user b is remote. just looks interesting, but from what I understand it's more of a make replacement than something that inherently understands remote shell access and sudo mechanisms? I don't see the advantage over a bash script (for my usecase) then...

=> More informations about this toot | More toots from splitbrain@octodon.social

Written by Ben on 2024-12-28 at 20:44

@splitbrain

Mostly in being a sort of superior runner environment. I think scripting is your best option, honestly.

=> More informations about this toot | More toots from ben_zen@social.sdf.org

Written by Gareth on 2024-12-28 at 20:19

@splitbrain I know ansible can do what you want, not sure if it meets the “simple” criterion.

=> More informations about this toot | More toots from nomiddlename@theblower.au

Written by Johannes Kastl on 2024-12-28 at 20:56

@splitbrain Ansible?

But maybe you should rethink the process if it is too complicated?

=> More informations about this toot | More toots from johanneskastl@digitalcourage.social

Written by JaxxAI on 2024-12-28 at 20:56

@splitbrain The answer is Ansible. We use it every day. Or Puppet but that's a bit more involved but fantastic for autoscaling servers. But Ansible sounds like what you need.

=> More informations about this toot | More toots from JaxxAI@floss.social

Written by Stylus on 2024-12-28 at 22:53

@splitbrain rsync can accept a "--rsh=" argument. so something like rsync --rsh="ssh otherhost sudo -u user_b --" might work for step 2?

if you literally need everything to take place over one tcp connection, ssh has a connection sharing mode, see ControlMaster in ssh_config(5). You'd start the ssh master, then do the rsync over the existing connection, then do the root sudo over the existing connection, then shut down the master.

Another possibility, simpler as long as can use multiple separate tcp connections to the other system's ssh server, would just be to add user A's public key to the B & root accounts, so you can ssh userB@whatever and ssh root@whatever.

I hope maybe some of these ideas help you put together the script you need.

=> More informations about this toot | More toots from stylus@social.afront.org

Written by Madic on 2024-12-29 at 23:27

@splitbrain

You want ansible. It can do all that.

[#]linux

=> More informations about this toot | More toots from Madic@chaos.social

Written by Etam on 2024-12-30 at 20:44

@splitbrain

In general, the Ansible should be a good tool.

But

There is an issue between points 2 and 3. How would you do that just manually, without any deployment tools? You can either change the rules a bit and allow to log in directly as user B. Or, if it's doable, prepare your local files to have proper UID and GID set, so that they fit in place at the destination host.

If you can resolve this issue, I can prepare a minimal ansible script for you, that you can build on.

=> More informations about this toot | More toots from etam@im-in.space