Discussion:
[Fab-user] Problems with 'git pull' and key authentication through Cron Jobs
Manuel Gonzalez
2014-03-24 13:34:58 UTC
Permalink
Hi Everyone,


I have a simple method in a fabfile.py:

def pull_beta():
with cd(env.code_dir_beta):
run("git pull origin master")


The remote server need a passphrase to unlock the key for ~/.ssh/id_rsa, so
for it, I am forwarding my local key authentication to the server with the
option: env.forward_agent = True. Also I have the line: env.host_string
= '***@thehost.com, because my local user is not the same in the
remote server.

The pull work fine if I run it by hand in the terminal. The key forward do
his job. The problem is when I try automate this task through a cron job.
The pull does not work, seems like the key forward does not work.

I did a lot of test without success. I try remove the option for forward
my local key and set a user and password with env, but seems there are not
an option yet for tell Fabric the password for other than sudo prompts. I
read it here:
http://lists.nongnu.org/archive/html/fab-user/2010-06/msg00000.html .

My entry for the cron job is:

30 1 * * * /usr/bin/fab -f /home/manuel/www/web.local/fabfile.py pull_beta

I try remove also without sucess (and removed the option env.forward_agent
= True from the fabfile.py ):

30 1 * * * /usr/bin/fab -A -i ~/.ssh/id_rsa -f
/home/manuel/www/web.local/fabfile.py pull_beta


Note, the remote server does not has Fabric install.


Thanks for any tips.
Jeff Forcier
2014-03-25 18:39:26 UTC
Permalink
Hi Manuel,

The problem here is (probably) that your cron job has no agent to
forward - cron jobs run in a very limited environment that looks
nothing like a regular user's login environment.

You'll need to find some way of getting your remote server access to a
key it can use to talk to your Git host - a passphraseless "for
headless tooling" key pair, or an IP whitelist on your Git host, or
whatever.

This isn't something we can necessarily help with though as it is not
Fabric specific :) Good luck!

-Jeff
Post by Manuel Gonzalez
Hi Everyone,
run("git pull origin master")
The remote server need a passphrase to unlock the key for ~/.ssh/id_rsa, so
for it, I am forwarding my local key authentication to the server with the
option: env.forward_agent = True. Also I have the line: env.host_string =
remote server.
The pull work fine if I run it by hand in the terminal. The key forward do
his job. The problem is when I try automate this task through a cron job.
The pull does not work, seems like the key forward does not work.
I did a lot of test without success. I try remove the option for forward my
local key and set a user and password with env, but seems there are not an
option yet for tell Fabric the password for other than sudo prompts. I read
http://lists.nongnu.org/archive/html/fab-user/2010-06/msg00000.html .
30 1 * * * /usr/bin/fab -f /home/manuel/www/web.local/fabfile.py pull_beta
I try remove also without sucess (and removed the option env.forward_agent =
30 1 * * * /usr/bin/fab -A -i ~/.ssh/id_rsa -f
/home/manuel/www/web.local/fabfile.py pull_beta
Note, the remote server does not has Fabric install.
Thanks for any tips.
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org
Manuel Gonzalez
2014-03-25 18:48:34 UTC
Permalink
Thank you for your answer Jeff. I will find another approach.
Post by Jeff Forcier
Hi Manuel,
The problem here is (probably) that your cron job has no agent to
forward - cron jobs run in a very limited environment that looks
nothing like a regular user's login environment.
You'll need to find some way of getting your remote server access to a
key it can use to talk to your Git host - a passphraseless "for
headless tooling" key pair, or an IP whitelist on your Git host, or
whatever.
This isn't something we can necessarily help with though as it is not
Fabric specific :) Good luck!
-Jeff
Post by Manuel Gonzalez
Hi Everyone,
run("git pull origin master")
The remote server need a passphrase to unlock the key for ~/.ssh/id_rsa,
so
Post by Manuel Gonzalez
for it, I am forwarding my local key authentication to the server with
the
env.host_string =
Post by Manuel Gonzalez
remote server.
The pull work fine if I run it by hand in the terminal. The key forward
do
Post by Manuel Gonzalez
his job. The problem is when I try automate this task through a cron
job.
Post by Manuel Gonzalez
The pull does not work, seems like the key forward does not work.
I did a lot of test without success. I try remove the option for
forward my
Post by Manuel Gonzalez
local key and set a user and password with env, but seems there are not
an
Post by Manuel Gonzalez
option yet for tell Fabric the password for other than sudo prompts. I
read
Post by Manuel Gonzalez
http://lists.nongnu.org/archive/html/fab-user/2010-06/msg00000.html .
30 1 * * * /usr/bin/fab -f /home/manuel/www/web.local/fabfile.py
pull_beta
Post by Manuel Gonzalez
I try remove also without sucess (and removed the option
env.forward_agent =
Post by Manuel Gonzalez
30 1 * * * /usr/bin/fab -A -i ~/.ssh/id_rsa -f
/home/manuel/www/web.local/fabfile.py pull_beta
Note, the remote server does not has Fabric install.
Thanks for any tips.
_______________________________________________
Fab-user mailing list
https://lists.nongnu.org/mailman/listinfo/fab-user
--
Jeff Forcier
Unix sysadmin; Python/Ruby engineer
http://bitprophet.org
Loading...