How to combine boto with fabric

问题

I need to mention. I use Windows.

Now I know how to use boto. But I faced the problem that I can't run "sudo" based on boto.

status, stdout, stderr = ssh_client.run('sudo python killerparser.py')

The error is that sudo: sorry, you must have a tty to run sudo

And then I try to run it.

status, stdout, stderr = ssh_client.run('ssh -t localhost sudo python killerparser.py')

But now the error becomes 'Pseudo-terminal will not be allocated because stdin is not a terminal.\r\nHost key verification failed.'

I don't want to change user-data which is unsafe. So It comes up to the idea to use fabric. But how to define the host and key path? I think fabric is not object based which is really frustrating. My all code:

import boto.ec2
from boto.manage.cmdshell import sshclient_from_instance
from  fabric.api import env, run, cd, settings, sudo,hosts;

env.host = 'ec2-user@#.#.#.#'
env.user = "ec2-user"
env.key_filename = "D:\key.pem"
conn = boto.ec2.connect_to_region('us-east-1',aws_access_key_id="***",aws_secret_access_key="*")
instance = conn.get_all_instances(['***'])[0].instances[0]
ssh_client = sshclient_from_instance(instance,
                                     ssh_key_file='**',
                                     user_name='ec2-user')
sudo("cd ~");
sudo("python killerparser.py");

Now there is no error. But it can't execute the shell

The killerparser.py

import subprocess, signal,os;

for line in os.popen("ps ax | grep -i newLive.py"):
        if "grep" in line: continue;
        fields = line.split()
        pid = fields[0]
        os.kill(int(pid), signal.SIGKILL)
proc = subprocess.Popen('sudo python newLive.py 2>newLive.err', shell=True,
             stdin=None, stdout=None, stderr=None, close_fds=True)

回答1:

I disagree with two things you're doing. One: sudo python... No. Make that run as www-data or equivalent. Also, use supervisord and not what you're currently doing.

Shouldn't matter if you're on windows or not.. You're telling me this doesn't work for you?

fabfile.py:

import boto.ec2
from fabric.api import env, run, sudo, task

env.key_filename = "/PATH/TO/SSH/FILE.pem"
env.user = "ubuntu"

@task
def amazon(**kwargs):
    conn = boto.ec2.connect_to_region(
        'us-east-1',
        aws_access_key_id="*********",
        aws_secret_access_key="**************"
    )

    hosts = []
    for reservation in conn.get_all_instances():
        for instance in reservation.instances:
            # if filters were applied
            if kwargs:
                skip_instance = False
                for key, value in kwargs.items():
                    instance_value = getattr(instance, key)

                    # makes sure that `group` is handeled
                    if isinstance(instance_value, list):
                        new_value = []
                        for item in instance_value:
                            if isinstance(item, boto.ec2.group.Group):
                                new_value.append(item.name)
                            else:
                                new_value.append(item)
                        instance_value = new_value

                        if value not in instance_value:
                            skip_instance = True
                            break
                    else:
                        # every other single value gets handeled here
                        if instance_value != value:
                            skip_instance = True
                            break

                if skip_instance:
                    continue

            if instance.dns_name:
                hosts.append(instance.dns_name)
            elif instance.ip_address:
                hosts.append(instance.ip_address)

    env.hosts = hosts


@task
def whoami():
    run('whoami')
    sudo('whoami')

I added filters for you, just in case, you can run it as:

fab amazon whoami -- it will go through every single server in amazon and connect and run whoami commands.

fab amazon:ip_address=<IP OF AN INSTANCE YOU KNOW OF> whoami -- will only use the box whos ip matched on the filter. (It should work for every field in the instance in boto)

that one is just a gimmick, groups is the one "I" would use:

fab amazon:groups=<GROUP NAME FROM AMAZON> whoami -- will run whoami on all servers that matched said group name.

proof:

$ fab amazon:dns_name=******* whoami
[*******] Executing task 'whoami'
[*******] run: whoami
[*******] out: ubuntu
[*******] out: 

[*******] sudo: whoami
[*******] out: root
[*******] out: 


Done.
Disconnecting from *******... done.

and

$ fab amazon:groups=webservers whoami
[***1***] Executing task 'whoami'
[***1***] run: whoami
[***1***] out: ubuntu
[***1***] out: 

[***1***] sudo: whoami
[***1***] out: root
[***1***] out: 

... truncated...

[***4***] Executing task 'whoami'
[***4***] run: whoami
[***4***] out: ubuntu
[***4***] out: 

[***4***] sudo: whoami
[***4***] out: root
[***4***] out: 


Done.
Disconnecting from ***1***... done.
Disconnecting from ***2***... done.
Disconnecting from ***3***... done.
Disconnecting from ***4***... done.
Disconnecting from ***5***... done.
Disconnecting from ***6***... done.
Disconnecting from ***7***... done.

来源：https://stackoverflow.com/questions/34094758/how-to-combine-boto-with-fabric