Deploy
What is Deploy?
I developed Deploy mainly out of a need to deploy changes across multiple unix operating systems all at once. Capistrano looked nice, and gave me the initial idea for this, however by bundling “packages” together and deploying them, it allowed for a greater degree of flexibility. A deploy file could have anything from a simple script in it, do complicated logic to apply the change depending on the OS and/or install packages specific for that distro/os from within the deploy file.
Deploy SCPs deploy files to the hosts/groups and runs the deploy file. Deploy files are themselves designed to be completely self-sufficient, and as a result can be run outside of Deploy as well.
Installation
To install it’s pretty simple. The first thing you will need to do is download the zip file containing all of the files. When you unzip the package, you will see a deploy.bin file. This file will unpack itself into /opt and symlink the script into /usr/local/bin. Note that because of where it installs, you will need to run the installation as root. For the example below I am using sudo to gain that privilege.
user@linux:~> unzip deploy2.zip inflating: deploy.bin user@linux:~> sudo ./deploy.bin You are about to install Deploy. This script only needs to be run from the central distribution server. Press ENTER to continue or CNTRL+C to quit the install. NOTE: Installation options will be added at a later date. ---------------------------- Starting Installation ---------------------------- Unpacking into : /opt/deploy Linking /opt/deploy/bin/deploy.sh to /usr/local/bin/deploy ---------------------------- Installation Complete! ---------------------------- user@linux:~>
Also, to really get the most use out of Deploy, it’s highly recommended to install keychain in order to make the SSH Keypair that deploy relies on persistently authenticated in ssh-agent.
UPDATE: I found it actually quite difficult to find the latest source of keychain, so here is latest tarball as of writing.
Getting Started
There are 2 packages that come with the system. The demo package is mostly meant for use in testing the various systems you run across to make sure everything is working alright. The pubkey package is specifically designed to transfer your ssh public key across to all of the hosts so that you arent asked for a password every-time the system tries to connect.
Before we get too far, you will need to generate a DSA keypair so that we can populate it across your environment. If you plan on only using Deploy as an installation packer, then this is not needed however.
user@linux:~> ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/home/user/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/user/.ssh/id_dsa. Your public key has been saved in /home/user/.ssh/id_dsa.pub. The key fingerprint is: ce:0a:4f:62:7b:78:cf:c7:1d:25:f6:74:d1:69:2f:e3 user@linux user@linux:~>
The next step is to link keychain into the system. This may vary from Distro/OS, however this is how to globally load it for our host.
user@linux:~> echo "keychain" >> /etc/bash.bashrc user@linux:~> echo "source ~/.keychain/$HOSTNAME-sh" >> /etc/bash.bashrc
Now we are ready to build and deploy our first package!
Building and Deploying Your First Package
The first package we will be building is the pubkey package. This package should always be the package deployed to a new host, as it sets up the public/private keypair so that you will not need to type in the password to the host every time you deploy something.
- Change into the package directory
user@linux:~> cd /opt/deploy/pkgs/pubkey/deploy
- Next we need to copy the piblic key into the authorized_keys file.
user@linux:deploy> cat ~/.ssh/id_dsa.pub > authorized_keys
- Now we return to the pkgs directory.
user@linux:deploy> cd /opt/deploy/pkgs
- Next we build the deploy file.
user@linux:pkgs> deploy -g pubkey pubkey
- Lastly we deploy the file to a remote host. in this case serv1.
user@linux:pkgs> deploy -dh pubkey serv1 The authenticity of host 'serv1 (192.168.1.10)' can't be established. RSA key fingerprint is f0:f0:a0:04:10:c0:04:90:50:60:0b:08:06:0b:07:07. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'serv1,192.168.1.10' (RSA) to the list of known hosts. root@serv1's password: pubkey.deploy 100% 1996 2.0KB/s 00:00 root@serv1's password: deploy/ deploy/runme.sh deploy/authorized_keys SSH Profile Exists. Appending to the Authorized Keyfile... Deployment Complete!
If you noticed, it will ask for the remote server’s password twice. Once is to push the file, the second to run it. Once the pubkey package is deployed however, the remote server will trust the dsa key you generated and should not ask for your key password as long as you have a running ssh agent managing that key (hence the reason for keychain). If you try to deploy the demo package now, it should run without intervention.
user@linux:pkgs> deploy -g demo demo
Found 'deploy' directory in demo
Found package deployment script.
deploy/
deploy/runme.sh
deploy/file2
deploy/file1
deploy/file3
user@linux:pkgs> deploy -dh demo serv1
demo.deploy 100% 1043 1.0KB/s 00:00
deploy/
deploy/runme.sh
deploy/file2
deploy/file1
deploy/file3
==========File1 OK=============
Hostname : serv1
Operating System : SunOS serv1 5.8 Generic_108528-18 sun4u sparc SUNW,UltraAX-i2
==========File2 OK=============
==========File3 OK=============
Test Successful!