Every time fabric runs, it asks for root password, can it be sent along same for automated proposes.
fab staging test
fab -h will show you all the options, you can also read them here.
In particular, and I quote,
-p PASSWORD, --password=PASSWORD
Sets env.password to the given string; it will then be used as the default password when making SSH connections or calling the sudo program.
I know you've asked about password but wouldn't it better to configure the system so that you can doing fabric (i.e. SSH) without password?
For this, on local machine do:
ssh-keygenand agree with all defaults (if you have no reasons do otherwise)cat ~/.ssh/id_rsa.puband copy that key
On remote machine:
mkdir ~/.ssh && chmod 700 ~/.sshtouch ~/.ssh/authorized_keys2 && chmod 600 ~/.ssh/authorized_keys2- Paste copied key into
authorized_keys2
From now your remote machine “trusts” your local machine and allows logging it in without password. Handy.
You can also set passwords on a per host basis. It wasn't obvious to me, so here it goes for anyone looking for this:
from fabric import env
env.hosts = ['user1@host1:port1', 'user2@host2.port2']
env.passwords = {'user1@host1:port1': 'password1', 'user2@host2.port2': 'password2'}
Fabric caches used passwords in the env.passwords dictionary. It sets this cache using the full hosts string as key of that dictionary and the password as the value. If you set this dictionary yourself before executing any task, Fabric won't ask for them at all.
Just to add for anyone who winds up here from a search, you can specify the -I option when running fab for it to prompt you for a default password to use. This way it won't be visible in your command history
example:
$ fab -I my_task
Initial value for env.password:
One way to do this without putting the password in the process list (commands show up in ps aux) is to put it in the fabfile.py like so:
from fabric.context_managers import env
env.password = 'PASSWORD'
Put that before anything that goes to the remote system and it won't ask for a password anymore.
It's also possible to set ssh password in connect_args
conn = Connection(
"{username}@{ip}:{port}".format(
username=username,
ip=ip,
port=port,
),
connect_kwargs={"password": password},
)
It is possible to store the password securely in the operating system keyring service with the keyring module, the password can then be automatically retrieved and used in fabfile.py.
You first need to store the password in the keyring, for example using the Python shell:
>>> import keyring
>>> keyring.set_password('some-host', 'some-user', 'passwd')
Then you can use it in fabfile.py, for example with Fabric 2:
from fabric import task
import keyring
@task
def restart_apache(connection):
connection.config.sudo.password = keyring.get_password(connection.host, 'some-user')
connection.sudo('service apache2 restart')
来源:https://stackoverflow.com/questions/2339735/fabric-password