第2回 SSH 公開éµã®è¨ç½®
2008/03/25
今回㯠Capistrano を使ã†ãŸã‚ã®å‰ææ¡ä»¶ã®ä¸€ã¤ã§ã‚ã‚‹ SSH ã«ã¤ã„ã¦ã€‚
本番サーãƒã¯ç”¨æ„ã•ã‚Œã¦ã„ã‚‹ã¨ã„ã†å‰æã ã‹ã‚‰ã€ã‚ãªãŸã¯æ—¢ã« SSH ã§æœ¬ç•ªã‚µãƒ¼ãƒã«ãƒã‚°ã‚¤ãƒ³ã§ãã‚‹ã¯ãšã 。ã—ã‹ã—ã€SSH ã®å…¬é–‹éµã‚’作ã£ã¦æœ¬ç•ªã‚µãƒ¼ãƒã«è¨ç½®ã—ã¦ã‚ã‚‹ã ã‚ã†ã‹ã€‚ã‚‚ã—ã¾ã ãªã‚‰ã€ãã“ã‹ã‚‰ä½œæ¥é–‹å§‹ã 。
ãŸã ã—ã€Windows ã‹ã‚‰ Capistrano を使ã†ãŸã‚ã®ã‚»ãƒƒãƒˆã‚¢ãƒƒãƒ—方法ã«ã¤ã„ã¦ã¯ã€æ¬¡å›žï¼ˆç¬¬3回 Windows 㧠Capistrano)ã§èª¬æ˜Žã™ã‚‹ã€‚
ã¾ãšã€SSH ã®å…¬é–‹éµã‚’作る。
% ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/kuroda/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/kuroda/.ssh/id_rsa. Your public key has been saved in /home/kuroda/.ssh/id_rsa.pub. The key fingerprint is: a3:ed:8b:aa:6d:6c:92:16:70:6b:1d:51:3a:24:6f:b9 kuroda@desktop
次ã«ã€å…¬é–‹éµã‚’本番サーãƒã«ã‚³ãƒ”ーã™ã‚‹ã€‚本番サーãƒã®ãƒ‰ãƒ¡ã‚¤ãƒ³åã‚’ alpha.oiax.jp ã¨ã—よã†ã€‚
% scp .ssh/id_rsa.pub alpha.oiax.jp:~ [email protected]'s password:
本番サーãƒã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ã€‚ãªãŠã€ä»Šå¾Œã¯ãƒãƒ¼ã‚«ãƒ«ãƒ›ã‚¹ãƒˆã§ä½œæ¥ã™ã‚‹ã¨ãã®ãƒ—ãƒãƒ³ãƒ—ト㯠% ã§ã€ãƒªãƒ¢ãƒ¼ãƒˆãƒ›ã‚¹ãƒˆï¼ˆæœ¬ç•ªã‚µãƒ¼ãƒï¼‰ã§ä½œæ¥ã™ã‚‹ã¨ãã®ãƒ—ãƒãƒ³ãƒ—ト㯠$ ã§è¡¨ã™ã“ã¨ã«ã™ã‚‹ã€‚
% ssh alpha.oiax.jp Password:
最åˆã« app ユーザーを作る。
% sudo /usr/sbin/useradd -m app
ã“れ㯠Rails アプリケーションをデプãƒã‚¤ãƒ¡ãƒ³ãƒˆã—èµ·å‹•ã™ã‚‹ãŸã‚ã®å°‚用ユーザーã§ã‚る。もã—ã€ã™ã§ã«ã“ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼åãŒä»–ã®ç›®çš„ã§ä½œã‚‰ã‚Œã¦ã„ãŸã‚‰ã€rails ãªã©ã®åˆ¥ã®åå‰ã‚’é¸ã¶ã€‚ãªãŠã€é–‹ç™ºè€…個人ã®ã‚¢ã‚«ã‚¦ãƒ³ãƒˆï¼ˆä¾‹ãˆã°ã€kuroda)ã§ãƒ‡ãƒ—ãƒã‚¤ãƒ¡ãƒ³ãƒˆã™ã‚‹æ–¹æ³•ã‚‚ã‚ã‚‹ãŒã€è¤‡æ•°äººã§é–‹ç™ºã—ã¦ã„ã‚‹å ´åˆã¯ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®ãƒ‘ーミッションã«é–¢ä¿‚ã™ã‚‹ã‚„ã‚„ã“ã—ã„å•é¡Œã«éé‡ã—ã‚„ã™ã„ã®ã§å°‚用ã®ãƒ¦ãƒ¼ã‚¶ãƒ¼ã‚’作るã“ã¨ã‚’ãŠå‹§ã‚ã™ã‚‹ã€‚
ã¾ãš ~/.ssh ã«å…¬é–‹éµã‚’è¨ç½®ã™ã‚‹ã€‚
$ mkdir -m 700 .ssh $ cat id_rsa.pub >> .ssh/authorized_keys
続ã„㦠/home/app/.ssh ã«å…¬é–‹éµã‚’è¨ç½®ã™ã‚‹ã€‚
$ sudo -u app mkdir -m 700 /home/app/.ssh $ sudo -u app touch /home/app/.ssh/authorized_keys $ sudo sh -c "cat id_rsa.pub >> /home/app/.ssh/authorized_keys"
ãƒã‚°ã‚¢ã‚¦ãƒˆã™ã‚‹ã€‚
$ exit
パスフレーズを繰り返ã—入力ã™ã‚‹æ‰‹é–“ã‚’çœããŸã„人ã¯ã€æ¬¡ã®ã‚ˆã†ã«ã—㦠ssh-agent ã«ç§˜å¯†éµã‚’記憶ã•ã›ã‚‹ã€‚
% ssh-agent bash % ssh-add Enter passphrase for /home/kuroda/.ssh/id_rsa: Identity added: /home/kuroda/.ssh/id_rsa (/home/kuroda/.ssh/id_rsa)
公開éµã§æœ¬ç•ªã‚µãƒ¼ãƒã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ã€‚
% ssh alpha.oiax.jp $ exit
ãƒã‚°ã‚¤ãƒ³æ™‚ã«ãƒ‘スワードを尋ãられãªã‘ã‚Œã°ã€OKã 。
次ã«ã€app ユーザーã§ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ã€‚
% ssh [email protected] $ exit
ã“ã¡ã‚‰ã‚‚パスワードã®å…¥åŠ›ãªã—ã§ãƒã‚°ã‚¤ãƒ³ã§ãã‚‹ã¯ãšã 。
ã§ã¯ã€Capistrano を試ã—ã¦ã¿ã‚ˆã†ã€‚
ãƒãƒ¼ã‚«ãƒ«ãƒ›ã‚¹ãƒˆã®é©å½“ãªãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ã€æ¬¡ã®ã‚ˆã†ãªå†…容をæŒã¤ãƒ†ã‚ストファイル Capfile を作æˆã™ã‚‹ã€‚æ‹¡å¼µåã¯ä»˜ã‘ãªã„ã“ã¨ã€‚ã¾ãŸã€'kuroda' ã®éƒ¨åˆ†ã¯ã€ãƒªãƒ¢ãƒ¼ãƒˆãƒ›ã‚¹ãƒˆã« SSH ã§ãƒã‚°ã‚¤ãƒ³ã™ã‚‹ãƒ¦ãƒ¼ã‚¶ãƒ¼åを指定ã—ã€'alpha.oiax.jp' ã¯ã€å®Ÿéš›ã®ãƒªãƒ¢ãƒ¼ãƒˆãƒ›ã‚¹ãƒˆã®åå‰ã§ç½®ãæ›ãˆã‚‹ã“ã¨ã€‚
set :user, 'kuroda' task :stamp, :hosts => "alpha.oiax.jp" do run "touch /home/kuroda/touched" end
ã“ã‚Œã§ã€alpha.oiax.jp ã«ãƒã‚°ã‚¤ãƒ³ã—ã¦ã€ã‚³ãƒžãƒ³ãƒ‰ touch /home/kuroda/touched を実行ã™ã‚‹ã‚¿ã‚¹ã‚¯ stamp を定義ã—ãŸã“ã¨ã«ãªã‚‹ã€‚Unix コマンド㮠touch ã¯ã€ãƒ•ã‚¡ã‚¤ãƒ«ã®ã‚¿ã‚¤ãƒ スタンプを更新ã™ã‚‹ã‚‚ã®ã ãŒã€ãƒ•ã‚¡ã‚¤ãƒ«ãŒãªã‘ã‚Œã°æ–°è¦ã«ä½œæˆã—ã¦ãれる。
stamp タスクを実行ã™ã‚‹ã«ã¯ã€Capfile ã‚’ä¿å˜ã—ãŸãƒ‡ã‚£ãƒ¬ã‚¯ãƒˆãƒªã«ç§»å‹•ã—ã¦ã€cap stamp ã¨å…¥åŠ›ã™ã‚‹ã€‚
% cap stamp
* executing `stamp'
* executing "touch /home/kuroda/touched"
servers: ["alpha.oiax.jp"]
[alpha.oiax.jp] executing command
command finished
本番サーãƒã§çµæžœã‚’確èªã™ã‚‹ã€‚
$ pwd /home/kuroda $ la -l touched -rw-r--r-- 1 kuroda kuroda 5 Mar 24 22:58 touched
stamp タスクを実行ã™ã‚‹ã¾ã§ã¯å˜åœ¨ã—ãªã‹ã£ãŸ touched ファイルãŒç”Ÿæˆã•ã‚ŒãŸã€‚
[改訂] 2008/05/17 ユーザー app ã§ãƒªãƒ¢ãƒ¼ãƒˆãƒ›ã‚¹ãƒˆã«ãƒã‚°ã‚¤ãƒ³ã™ã‚‹æ–¹å¼ã«åˆã‚ã›ã¦è¨˜è¿°ã‚’ä¿®æ£ã€‚
