GOV.UK Fabric scripts
Python Shell Makefile
Latest commit 48d9618 Apr 27, 2017 @dwhenry dwhenry committed on GitHub Merge pull request #243 from alphagov/upgrade-paramiko
Upgrade paramiko
Permalink
Failed to load latest commit information.
bin Validate that there is a GITHUB_ACCESS_TOKEN set Dec 6, 2016
.gitignore Ignore sqlite files Dec 6, 2016
.travis.yml Output versions of libraries used in testing Feb 11, 2016
Makefile Fix F403 lint errors Mar 10, 2016
README.md Fix a small typo Feb 23, 2017
app.py Fix lint/syntax errors Feb 8, 2016
apt.py Remove unused import Mar 14, 2016
bundler.py Add task to blank bundler config Apr 18, 2017
cache.py Use curl --fail to determine purge failures Sep 16, 2016
campaigns.py Add fabric task to clear cached templates Apr 12, 2017
cdn.py Update assets domain May 31, 2016
elasticsearch.py Wrappers around rummager snapshot/restore tasks Mar 17, 2016
fabfile.py Fix registration of tasks. Apr 26, 2017
incident.py Fix F403 lint errors Mar 10, 2016
locksmith.py Locksmith Endpoint Mar 15, 2017
logstream.py Fix F403 lint errors Mar 10, 2016
mapit.py Test MapIt with unique urls Jul 20, 2016
mongo.py Extend mongo healthcheck timeout for restarts to 10s Apr 27, 2016
mysql.py Fix F403 lint errors Mar 10, 2016
nagios.py Fix F403 lint errors Mar 10, 2016
nginx.py Fix F403 lint errors Mar 10, 2016
ntp.py Fix F403 lint errors Mar 10, 2016
performanceplatform.py Make line more readable Oct 7, 2015
postgresql.py Add task to push Postgres backups May 10, 2016
puppet.py Add fab task to check puppet version and last run Dec 6, 2016
rabbitmq.py Fix F403 lint errors Mar 10, 2016
rbenv.py Add rbenv script Jan 17, 2017
requirements.txt Upgrade paramiko Apr 27, 2017
requirements_for_tests.txt Pin pep8 to 1.6.2 Jan 26, 2016
rkhunter.py Add a task to update the rkhunter files Sep 6, 2016
statsd.py Fix F403 lint errors Mar 10, 2016
util.py Fix util.rake and whitehall.unarchive_content Mar 19, 2015
vm.py Fix F403 lint errors Mar 10, 2016
vpn.py Add task to failover to use DR VPN Apr 12, 2017
whitehall.py Remove the 'unarchive content' task for Whitehall Mar 11, 2016

README.md

GOV.UK Fabric Scripts

Fabric is a command-line tool for application deployment and systems administration tasks. It allows the user to run commands across a server farm.

Local usage and environment setup

The tool is intended to be configured and run on your local workstation/laptop. You should use virtualenv to create an isolated Python environment.

To install pip, virtualenv and set up the environment:

$ sudo easy_install pip
$ sudo pip install virtualenv
$ mkdir ~/venv
$ virtualenv ~/venv/fabric-scripts

To enable the virtual environment for this session (you will need to do this for each new terminal window):

$ . ~/venv/fabric-scripts/bin/activate

Setup

To install the dependencies:

$ pip install -Ur requirements.txt

NB: if you get a "pip: command not found" error, run this first:

$ sudo easy_install pip

Configure it (see the fabric documentation for more examples),

$ echo 'user = jimbob' >> ~/.fabricrc

Commands

You can view a list of the available tasks:

$ fab -l

And execute against an environment and set of hosts like so:

$ fab integration all hosts
...
$ fab integration class:frontend do:'uname -a'
$ fab integration class:cache,bouncer do:uptime
...

Targetting groups of machines

Fabric tasks can be run on groups of machines in a variety of different ways.

By puppet class:

# target all machines that have the 'govuk::safe_to_reboot::yes' class
$ fab integration puppet_class:govuk::safe_to_reboot::yes do:'uname -a'

By numeric machine suffix:

# target all machines that end in '2'
$ fab integration numbered:2 do:'uname -a'

By node type (as defined in puppet):

# target all 'frontend' machines
$ fab integration node_type:frontend do:'uname -a'

By the node name:

# target just one node
$ fab production -H backend-3.backend do:'uname -a'

Remote usage (legacy)

It was previously possible to use these scripts from the jumpboxes via the govuk_fab wrapper. This is no longer supported as it relied on SSH agent forwarding, which is a Bad Thing because other people with root access to that jumpbox would be able to re-use any of the private keys in your agent.

You should convert to the [local usage](#Local usage) method described above and ensure that you do not have the following option anywhere in your ~/.ssh/config:

ForwardAgent yes

Syncing postgres machines

An example:

fab <env> -H '<src_db>' postgresql.sync:<db_name>,<dst_db> -A

the -A must be specified to forward the agent

This will sync the specified database <db_name> from the machine with the hostname of <src_db> to the machine with hostaname <dst_db>. It will destroy data on the destination db.