GOV.UK Fabric scripts
Python Shell Makefile
Latest commit 48d9618 Apr 27, 2017 @dwhenry dwhenry committed on GitHub Merge pull request #243 from alphagov/upgrade-paramiko
Upgrade paramiko
Failed to load latest commit information.
bin Validate that there is a GITHUB_ACCESS_TOKEN set Dec 6, 2016
.gitignore Ignore sqlite files Dec 6, 2016
.travis.yml Output versions of libraries used in testing Feb 11, 2016
Makefile Fix F403 lint errors Mar 10, 2016 Fix a small typo Feb 23, 2017 Fix lint/syntax errors Feb 8, 2016 Remove unused import Mar 14, 2016 Add task to blank bundler config Apr 18, 2017 Use curl --fail to determine purge failures Sep 16, 2016 Add fabric task to clear cached templates Apr 12, 2017 Update assets domain May 31, 2016 Wrappers around rummager snapshot/restore tasks Mar 17, 2016 Fix registration of tasks. Apr 26, 2017 Fix F403 lint errors Mar 10, 2016 Locksmith Endpoint Mar 15, 2017 Fix F403 lint errors Mar 10, 2016 Test MapIt with unique urls Jul 20, 2016 Extend mongo healthcheck timeout for restarts to 10s Apr 27, 2016 Fix F403 lint errors Mar 10, 2016 Fix F403 lint errors Mar 10, 2016 Fix F403 lint errors Mar 10, 2016 Fix F403 lint errors Mar 10, 2016 Make line more readable Oct 7, 2015 Add task to push Postgres backups May 10, 2016 Add fab task to check puppet version and last run Dec 6, 2016 Fix F403 lint errors Mar 10, 2016 Add rbenv script Jan 17, 2017
requirements.txt Upgrade paramiko Apr 27, 2017
requirements_for_tests.txt Pin pep8 to 1.6.2 Jan 26, 2016 Add a task to update the rkhunter files Sep 6, 2016 Fix F403 lint errors Mar 10, 2016 Fix util.rake and whitehall.unarchive_content Mar 19, 2015 Fix F403 lint errors Mar 10, 2016 Add task to failover to use DR VPN Apr 12, 2017 Remove the 'unarchive content' task for Whitehall Mar 11, 2016

GOV.UK Fabric Scripts

Fabric is a command-line tool for application deployment and systems administration tasks. It allows the user to run commands across a server farm.

Local usage and environment setup

The tool is intended to be configured and run on your local workstation/laptop. You should use virtualenv to create an isolated Python environment.

To install pip, virtualenv and set up the environment:

$ sudo easy_install pip
$ sudo pip install virtualenv
$ mkdir ~/venv
$ virtualenv ~/venv/fabric-scripts

To enable the virtual environment for this session (you will need to do this for each new terminal window):

$ . ~/venv/fabric-scripts/bin/activate


To install the dependencies:

$ pip install -Ur requirements.txt

NB: if you get a "pip: command not found" error, run this first:

$ sudo easy_install pip

Configure it (see the fabric documentation for more examples),

$ echo 'user = jimbob' >> ~/.fabricrc


You can view a list of the available tasks:

$ fab -l

And execute against an environment and set of hosts like so:

$ fab integration all hosts
$ fab integration class:frontend do:'uname -a'
$ fab integration class:cache,bouncer do:uptime

Targetting groups of machines

Fabric tasks can be run on groups of machines in a variety of different ways.

By puppet class:

# target all machines that have the 'govuk::safe_to_reboot::yes' class
$ fab integration puppet_class:govuk::safe_to_reboot::yes do:'uname -a'

By numeric machine suffix:

# target all machines that end in '2'
$ fab integration numbered:2 do:'uname -a'

By node type (as defined in puppet):

# target all 'frontend' machines
$ fab integration node_type:frontend do:'uname -a'

By the node name:

# target just one node
$ fab production -H backend-3.backend do:'uname -a'

Remote usage (legacy)

It was previously possible to use these scripts from the jumpboxes via the govuk_fab wrapper. This is no longer supported as it relied on SSH agent forwarding, which is a Bad Thing because other people with root access to that jumpbox would be able to re-use any of the private keys in your agent.

You should convert to the [local usage](#Local usage) method described above and ensure that you do not have the following option anywhere in your ~/.ssh/config:

ForwardAgent yes

Syncing postgres machines

An example:

fab <env> -H '<src_db>' postgresql.sync:<db_name>,<dst_db> -A

the -A must be specified to forward the agent

This will sync the specified database <db_name> from the machine with the hostname of <src_db> to the machine with hostaname <dst_db>. It will destroy data on the destination db.