Fork me on GitHub

Fabric

发表于 | 分类于 | | 阅读次数   |   字数统计: 3,422(字)   |   阅读时长: 17(分)

Fabric简介

  Fabric是一个Python库,可以通过SSH在多个host上批量执行任务。你可以编写任务脚本,然后通过Fabric在本地就可以使用SSH在大量远程服务器上自动运行。这些功能非常适合应用的自动化部署,或者执行系统管理任务。
官网 中文站点

Fabric常用环境变量

fabric的环境变量有很多,存放在一个字典中,fabric.state.env,而它包含在fabric.api中,为了方便,我们一般使用env来指代环境变量。env环境变量可以控制很多fabric的行为,一般通过env.xxx可以进行设置。
fabric默认使用本地用户通过ssh进行连接远程机器,不过你可以通过env.user变量进行覆盖。当你进行ssh连接时,fabric会让你交互的让你输入远程机器密码,如果你设置了env.password变量,则就不需要交互的输入密码。

常用的环境变量

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
>>> import fabric.api
>>> for i in fabric.api.env:
...     print(i)
...
disable_known_hosts     # 默认是false,如果是true,则会跳过用户知道的hosts文件
effective_roles
tasks
linewise
show
password          # 定义密码
key_filename
abort_on_prompts
skip_unknown_tasks
reject_unknown_hosts
skip_bad_hosts                  # 默认false,为ture时,会导致fab跳过无法连接的主机
use_ssh_config
roledefs          # 定义角色分组,例如:区分DB主机与web主机
gateway          # 定义网关(中转,堡垒机)IP
gss_auth
keepalive
eagerly_disconnect
rcfile
path_behavior
hide
sudo_prefix
lcwd
no_agent
forward_agent
remote_interrupt
port          # 定义目标主机的端口
shell
version
use_exceptions_for
connection_attempts
hosts      # 定义目标主机
gss_deleg
cwd
abort_exception
real_fabfile
passwords      # 与password功能一致,区别在于不同主机不同密码的应用场景
sudo_password
host_string
shell_env
always_use_pty
colorize_errors
exclude_hosts   # 排除指定主机
all_hosts
sudo_prompt
again_prompt
echo_stdin
user        # 定义ssh使用哪个用户登录远程主机
gss_kex
command_timeout
path
local_user
combine_stderr
command_prefixes
dedupe_hosts
warn_only
no_keys
sudo_passwords
roles
fabfile
use_shell
host
pool_size
system_known_hosts
prompts
output_prefix
command
timeout        # 默认10 网络连接的超时时间
default_port
ssh_config_path
parallel
sudo_user
ok_ret_codes

Fabric执行模式

执行策略:fabric默认是单一的,串行的执行函数,虽然有一个paralle模式可供你选择。默认的行为遵循以下优先级规则:
1、一个task列表被创建,通过命令行传递给fab
2、针对每一个task,都有一个主机列表通过变量设置
3、task列表按顺序执行每个task在主机列表中的主机上执行一遍
4、如果主机列表为空,则默认在本地执行,也是执行一次

Fabric常用API

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
[root@bogon fabric]# python
Python 2.6.6 (r266:84292, Jul 23 2015, 14:41:34)
[GCC 4.4.7 20120313 (Red Hat 4.4.7-11)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import tab
>>> import fabric.api
>>> for i in dir(fabric.api):
...     print(i)
...
__builtins__
__doc__
__file__
__name__
__package__
abort
cd                 # 切换远程目录
env
execute
fastprint
get              # 从远程主机下载文件到本地
hide
hosts
lcd              # 切换本地目录
local           # 执行本地命令
open_shell
output
parallel
path
prefix
prompt          # 获取用户输入信息
put               # 上传本地文件到远程主机
puts
quiet
reboot
remote_tunnel
require
roles
run                    # 执行远程命令
runs_once          # 函数修饰符 标识的函数只会执行一次,不收多台主机影响
serial
settings
shell_env
show
sudo              # sudo方式执行远程命令
task              # 函数修饰符,标识的函数为fab可以调用
warn
warn_only
with_settings

API应用场景案例
案例1:同时查看本地及远程主机信息
案例2:动态获取远程目录列表
案例3:网关模式文件的上传与下载

Fabric安装及使用

Fabric安装

1
2
3
4
pip install fabric
easy_install fabric
or
源码安装

fab命令默认被安装到Python的目录下,需要创建软链接

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
[root@saltstack ~]# find / -type f -name "fab"
/usr/local/python2.7.10/bin/fab
[root@saltstack ~]# ln -s /usr/local/python2.7.10/bin/fab /usr/bin/fab
[root@saltstack fabric]# fab -h
Usage: fab [options] <command>[:arg1,arg2=val2,host=foo,hosts='h1;h2',...] ...

Options:
  -h, --help            show this help message and exit
  -d NAME, --display=NAME print detailed info about command NAME
  -F FORMAT, --list-format=FORMAT formats --list, choices: short, normal, nested
  -I, --initial-password-prompt  Force password prompt up-front
  --initial-sudo-password-prompt  Force sudo password prompt up-front
  -l, --list            print list of possible commands and exit                   # 显示一个脚本中可用的task(命令)
  --set=KEY=VALUE,...   comma separated KEY=VALUE pairs to set Fab env vars
  --shortlist           alias for -F short --list
  -V, --version         show program's version number and exit
  -a, --no_agent        don't use the running SSH agent
  -A, --forward-agent   forward local agent to remote end
  --abort-on-prompts    abort instead of prompting (for password, host, etc)
  -c PATH, --config=PATH specify location of config file to use
  --colorize-errors     Color error output
  -D, --disable-known-hosts  do not load user known_hosts file
  -e, --eagerly-disconnect disconnect from hosts as soon as possible
  -f PATH, --fabfile=PATH  python module file to import, e.g. '../other.py'   # 指定入口文件,fab默认入口文件是:fabfile/fabfile.py
  -g HOST, --gateway=HOST  gateway host to connect through      # 指定网关(中转)设备,比如堡垒机环境,填写堡垒机IP即可
  --gss-auth            Use GSS-API authentication
  --gss-deleg           Delegate GSS-API client credentials or not
  --gss-kex             Perform GSS-API Key Exchange and user authentication
  --hide=LEVELS         comma-separated list of output levels to hide
  -H HOSTS, --hosts=HOSTS   comma-separated list of hosts to operate on      # 指定host,支持多host逗号分开
  -i PATH               path to SSH private key file. May be repeated.
  -k, --no-keys         don't load private key files from ~/.ssh/
  --keepalive=N         enables a keepalive every N seconds
  --linewise            print line-by-line instead of byte-by-byte
  -n M, --connection-attempts=M make M attempts to connect before giving up
  --no-pty              do not use pseudo-terminal in run/sudo
  -p PASSWORD, --password=PASSWORD  password for use with authentication and/or sudo
  -P, --parallel        default to parallel execution method    # 以异步并行方式运行多主机任务,默认是串行
  --port=PORT           SSH connection port
  -r, --reject-unknown-hosts   reject unknown hosts
  --sudo-password=SUDO_PASSWORD  password for use with sudo only
  --system-known-hosts=SYSTEM_KNOWN_HOSTS  load system known_hosts file before reading user known_hosts
  -R ROLES, --roles=ROLES comma-separated list of roles to operate on    # 指定role,支持多个,即以角色名区分不同业务组设备
  -s SHELL, --shell=SHELL  specify a new shell, defaults to '/bin/bash -l -c'
  --show=LEVELS         comma-separated list of output levels to show
  --skip-bad-hosts      skip over hosts that can't be reached
  --skip-unknown-tasks  skip over unknown tasks
  --ssh-config-path=PATH   Path to SSH config file
  -t N, --timeout=N     set connection timeout to N seconds    # 设置设备连接超时时间(秒)
  -T N, --command-timeout=N  set remote command timeout to N seconds   # 设置远程主机命令执行超时时间(秒)
  -u USER, --user=USER  username to use when connecting to remote hosts  
  -w, --warn-only       warn, instead of abort, when commands fail     # warn_only,默认是碰到异常直接abort退出,该设置为发出告警,但不退出
  -x HOSTS, --exclude-hosts=HOSTS  comma-separated list of hosts to exclude
  -z INT, --pool-size=INT  number of concurrent processes to use in parallel mode

Fabric应用案例

案例1:本地执行一组操作

直接用命令行的形式执行远程命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@bogon fabric]# fab -p 'strong' -H 192.168.80.128 -- 'uname -m'
[192.168.80.128] Executing task '<remainder>'
[192.168.80.128] run: uname -m
[192.168.80.128] out: i686
[192.168.80.128] out:


Done.
Disconnecting from 192.168.80.128... done.

[root@saltstack fabric]# cat fabric_8.py
#!/usr/bin/env python
# coding:utf-8

from fabric.api import local

def prepare_deploy():
    local("./manage.py test my_app")
    local("git add -p && git commit")
    local("git push")

[root@saltstack fabric]# fab -f fabric_8.py prepare_deploy     # 报错是因为测试环境不足所致
[localhost] local: ./manage.py test my_app
/bin/sh: ./manage.py: 没有那个文件或目录

Fatal error: local() encountered an error (return code 127) while executing './manage.py test my_app'

Aborting.

案例2:远程查看服务器类型

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
[root@saltstack fabric]# cat fabric_1.py
#!/usr/bin/env python
# coding:utf-8

from fabric.api import run

def host_type():
    run('uname -s')

# 注:fabfile.py为fab默认识别的文件名,如果不是该文件名需要使用-f参数说明要执行的文件名
[root@saltstack fabric]# fab -H localhost -f fabric_1.py host_type
[localhost] Executing task 'host_type'
[localhost] run: uname -s
[localhost] out: Linux
[localhost] out:


Done.
Disconnecting from localhost... done.

案例3:远程传递参数(本地执行原理一致)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@saltstack fabric]# cat fabric_2.py
#!/usr/bin/env python
# coding:utf-8

from fabric.api import run

def host_type(name):
    run('uname -s')
    print("Hello %s !!!" % name)

[root@saltstack fabric]# fab -H localhost -f fabric_2.py host_type:name=mads
[localhost] Executing task 'host_type'
[localhost] run: uname -s
[localhost] out: Linux
[localhost] out:

Hello mads !!!

Done.
Disconnecting from localhost... done.

案例4:多台服务器批量执行相同的操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
[root@saltstack fabric]# cat fabric_3.py
#!/usr/bin/env python
# coding:utf-8

from fabric.api import run,cd,env,hosts
env.hosts=['192.168.20.140:22','172.16.1.150:22']   # env.hosts=['user@ip:port',] ssh要用到的参数格式
env.password='strong'

def host_type():
    with cd('/tmp/'):
        run('du -ksh *')

[root@saltstack fabric]# fab -f fabric_3.py host_type
[192.168.20.140:22] Executing task 'host_type'
[192.168.20.140:22] run: du -ksh *
[192.168.20.140:22] out: 36K    hsperfdata_rundeck
[192.168.20.140:22] out: 8.0K   pip-3wB4vO-unpack
[192.168.20.140:22] out: 4.0K   rundeck
[192.168.20.140:22] out: 4.0K   yum_save_tx-2016-07-30-20-49HgACou.yumtx
[192.168.20.140:22] out:

[172.16.1.150:22] Executing task 'host_type'
[172.16.1.150:22] run: du -ksh *
[172.16.1.150:22] out: 4.0K     uname.txt
[172.16.1.150:22] out:


Done.
Disconnecting from 172.16.1.150... done.
Disconnecting from 192.168.20.140... done.

案例5:多台服务器混合,需要在不同服务器进行不同操作时

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
[root@saltstack fabric]# cat fabric_4.py
#!/usr/bin/env python
# coding:utf-8

from fabric.api import env,roles,run,execute

env.roledefs = {
'server1': ['[email protected]:22',],
'server2': ['[email protected]:22', ]
}

env.password = 'strong'
@roles('server1')
def task1():
    run('ls /home/ -l | wc -l')

@roles('server2')
def task2():
    run('du -sh /home')

def test():               # 调节主机组和主机组执行操作的顺序
    execute(task2)
    execute(task1)

[root@saltstack fabric]# fab -f fabric_4.py test
[[email protected]:22] Executing task 'task2'
[[email protected]:22] run: du -sh /home
[[email protected]:22] out: 4.0K        /home
[[email protected]:22] out:

[[email protected]:22] Executing task 'task1'
[[email protected]:22] run: ls /home/ -l | wc -l
[[email protected]:22] out: 3
[[email protected]:22] out:


Done.
Disconnecting from 172.16.1.150... done.
Disconnecting from 172.16.1.140... done.

Fabric扩展

扩展1:打印颜色

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@saltstack fabric]# cat fabric_5.py
#!/usr/bin/env python
# coding:utf-8

from fabric.colors import *

def show():
    print green('success')
    print red('fail')
    print yellow('yellow')

[root@saltstack fabric]# fab -f fabric_5.py show
success
fail
yellow

Done.

效果图:

扩展2:错误及异常

默认,一组命令,上一个命令执行失败后,不会接着往下执行,失败后也可以进行不一样的处理,详解文档
默认情况

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
[root@saltstack fabric]# cat fabric_6.py
#!/usr/bin/env python
# coding:utf-8

#from fabric.api import run
from fabric.api import local

def host_type():
    local('uname -s')
    local('tt')
    local('hostname')

[root@saltstack fabric]# fab -H localhost -f fabric_6.py host_type
[localhost] Executing task 'host_type'
[localhost] local: uname -s
Linux
[localhost] local: tt
/bin/sh: tt: command not found

Fatal error: local() encountered an error (return code 127) while executing 'tt'

Aborting.
# 注:由于tt执行报错,后面的hostname命令没有被执行

[root@saltstack fabric]# cat fabric_7.py
#!/usr/bin/env python
# coding:utf-8

from __future__ import with_statement
from fabric.api import local, settings, abort
from fabric.colors import *
from fabric.contrib.console import confirm

def host_type():
    local('uname -s')
    with settings(warn_only=True):
        result = local('tt', capture=True)
    if result.failed and not confirm(red("tt cmd failed. Continue anyway?")):
        abort("Aborting at user request.")
    local('hostname')
[root@saltstack fabric]# fab -H localhost -f fabric_7.py host_type
[localhost] Executing task 'host_type'
[localhost] local: uname -s
Linux
[localhost] local: tt

Warning: local() encountered an error (return code 127) while executing 'tt'

tt cmd failed. Continue anyway? [Y/n] y        # 判断上一步执行有无异常,异常给予提示,确认是否继续
[localhost] local: hostname
saltstack

Done.

扩展3:密码管理

1)Fabric既支持ssh公钥认证也支持管理密码的机制
2)Fabric的密码管理机制提供了两层密码。如果你的server有相同的密码,可以在env.password中设置默认的密码;如果server密码不同,还可以在env.passwords中设置(host,password)对,为每个server设置单独的ssh密码。

Fabric小结

  使用Fabric,你可以管理一系列host的SSH连接(包括主机名,用户,密码),定义一系列的任务函数,然后灵活的指定在哪些host上执行哪些任务。这非常使用于需要管理大量host的场景,比如运维,私有云管理,应用自动化部署等。
  本文只是一篇入门文档,远没有体现出Fabric的强大。实际上,Fabric还包括大量的功能,比如Role的定义,远程交互及异常处理,并发执行,文件操作等,并且不仅仅局限于命令行方式,可以在你的应用中调用Fabric。
  希望本文能够引起你对Fabric的兴趣,并在你的实际应用中解决问题。

======================================================
希望各位朋友支持一下

本文作者:dongsheng
本文地址https://mds1455975151.github.io/archives/6a4f7595.html
版权声明:转载请注明出处!

坚持技术分享,您的支持将鼓励我继续创作!