Capistranoï¼ˆã‚«ãƒ”ã‚¹ãƒˆãƒ©ãƒ¼ãƒŽï¼‰ã§ sudo ãŒä½¿ãˆãªã„å•é¡Œ

CapistranoのGetting Startedã‚’è¡Œãªã£ã¦ã„ã¦ã€sudo ãŒåˆ©ç”¨ã§ããªã„å•é¡Œã«ç›´é¢ã—ã¾ã—ãŸã€‚

å®Ÿè¡Œç’°å¢ƒ

Capisranoã‚’å®Ÿè¡Œã™ã‚‹ã‚µãƒ¼ãƒ

	OS		CentOS6
	OpenSSH		OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
	Ruby		ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
	rubygems		1.3.7
	Capistrano		2.9.0
	net-scp		1.0.4
	net-sftp		2.0.5
	net-ssh		2.2.1
	net-ssh-gateway		1.1.0
	highline		1.6.2

ãƒ‡ãƒ—ãƒã‚¤å¯¾è±¡ã‚µãƒ¼ãƒï¼ˆIP ã‚’ 192.168.100.200 ã¨ã—ã¾ã™ã€‚ï¼‰

	OS		CentOS6
	OpenSSH		OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
	Ruby		ruby 1.8.7 (2011-06-30 patchlevel 352) [i686-linux]
	rubygems		1.3.7

å†ç¾

% cap invoke COMMAND="df -h" HOSTS[email protected] SUDO=1
  * executing `invoke'
  * executing "sudo -p 'sudo password: ' df -h"
    servers: ["192.168.100.200"]
    [[email protected]] executing command
*** [err :: [email protected]] sudo
*** [err :: [email protected]] :
*** [err :: [email protected]] no tty present and no askpass program specified
*** [err :: [email protected]] 
    command finished in 53ms
failed: "sh -c 'sudo -p '\\''sudo password: '\\'' df -h'" on [email protected]

SUDO=1 ã‚’å¤–ã›ã°å®Ÿè¡Œå¯èƒ½ã§ã™ã€‚

% cap invoke COMMAND="df -h" HOSTS[email protected]
  * executing `invoke'
  * executing "df -h"
    servers: ["192.168.100.200"]
    [[email protected]] executing command
 ** [out :: [email protected]] Filesystem            Size  Used Avail Use% ãƒžã‚¦ãƒ³ãƒˆä½ç½®
 ** [out :: [email protected]] /dev/mapper/vg_testbudgearycontrol-lv_root
 ** [out :: [email protected]] 50G  3.3G   44G   8% /
 ** [out :: [email protected]] tmpfs                 2.0G     0  2.0G   0% /dev/shm
 ** [out :: [email protected]] /dev/sda1             485M   33M  427M   8% /boot
 ** [out :: [email protected]] /dev/mapper/vg_testbudgearycontrol-lv_home
 ** [out :: [email protected]] 92G  1.5G   86G   2% /home
    command finished in 48ms

ã¤ã¾ã‚Šã€ä¸‹è¨˜ã‚‚ã§ããªã„ã¨ã„ã†ã“ã¨ã€‚ä»®æƒ³ç«¯æœ«ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œãªã„ã‚ˆã†ã ã€‚

% ssh [email protected] 'sudo df -h'
sudo: no tty present and no askpass program specified

è§£æ±ºæ–¹æ³•1 : ä»®æƒ³ç«¯æœ«ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ãªã„ã®ã§ ssh -t ã‚’ã¤ã‘ã‚‹

æ™®é€šã®shell

ssh ã® -t ã‚ªãƒ—ã‚·ãƒ§ãƒ³ã¯å¼·åˆ¶çš„ã«ä»®æƒ³ç«¯æœ«ã‚’å‰²ã‚Šå½“ã¦ã‚‹ã€‚ä¸‹è¨˜ã¯ã€å®Ÿè¡Œçµæžœã€‚sudo ã‚’ã¤ã‘ã¦å®Ÿè¡ŒãŒå¯èƒ½ã€‚

ssh

% ssh -t [email protected] 'sudo df -h'
[sudo] password for hoge: 
Sorry, try again.
[sudo] password for hoge: 
Filesystem            Size  Used Avail Use% ãƒžã‚¦ãƒ³ãƒˆä½ç½®
/dev/mapper/vg_testbudgearycontrol-lv_root
                       50G  3.3G   44G   8% /
tmpfs                 2.0G     0  2.0G   0% /dev/shm
/dev/sda1             485M   33M  427M   8% /boot
/dev/mapper/vg_testbudgearycontrol-lv_home
                       92G  1.5G   86G   2% /home
Connection to 192.168.100.200 closed.

capistrano

ã¾ãšã€default_run_options[:pty]=true ãŒæ›¸ã‹ã‚ŒãŸ capfile ã‚’ç”¨æ„ã—ã¾ã™ã€‚

default_run_options[:pty]=true

capfileã‚’æŒ‡å®šã—ã¦å®Ÿè¡Œã—ã¾ã™ã€‚

% cap -f capfile invoke COMMAND="df -h" [email protected] SUDO=1
  * executing `invoke'
  * executing "sudo -p 'sudo password: ' df -h"
    servers: ["192.168.100.200"]
    [[email protected]] executing command
 ** [out :: [email protected]] Filesystem            Size  Used Avail Use% ãƒžã‚¦ãƒ³ãƒˆä½ç½®
 ** [out :: [email protected]] /dev/mapper/vg_testbudgearycontrol-lv_root
 ** [out :: [email protected]] 50G  3.4G   44G   8% /
 ** [out :: [email protected]] tmpfs                 2.0G     0  2.0G   0% /dev/shm
 ** [out :: [email protected]] /dev/sda1             485M   33M  427M   8% /boot
 ** [out :: [email protected]] /dev/mapper/vg_testbudgearycontrol-lv_home
 ** [out :: [email protected]] 92G  1.9G   85G   3% /home
    command finished in 70ms

è§£æ±ºæ–¹æ³•2 : Defaults visiblepw

sshd ã« Defaults visiblepw ã‚’è¨å®šã™ã‚Œã° ä»®æƒ³ç«¯æœ«ãªã—ã§ã‚‚ sudo ãŒè¨±å¯ã•ã‚Œã¾ã™ã€‚ãƒ‡ãƒ—ãƒã‚¤ã•ã‚Œã‚‹å´ã®ã‚µãƒ¼ãƒã§ visudo ã—ã¦ã€ä¸‹è¨˜ã®ã‚ˆã†ã«åŠ ãˆã¦ã€ssh ã‚’å†èµ·å‹•ã—ã¾ã™ã€‚

#
# Disable "ssh hostname sudo <cmd>", because it will show the password in clear.
#         You have to run "ssh -t hostname sudo <cmd>".
#
# Defaults    requiretty
Defaults visiblepw

ä¸Šè¨˜ã®ã¨ã“ã‚ã« ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãŒè¦‹ãˆã‚‹ã®ã§ ssh -t ä½¿ã£ã¦ãã ã•ã„ã¨æ›¸ã„ã¦ã‚ã‚Šã¾ã™ã‘ã©ã‚‚ãƒ»ãƒ»ãƒ»ã€‚

ssh

% ssh [email protected] 'sudo df -h'
[sudo] password for hoge: xxxxxxx            ##â†ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ä¸¸ã¿ãˆ
Filesystem            Size  Used Avail Use% ãƒžã‚¦ãƒ³ãƒˆä½ç½®
/dev/mapper/vg_testbudgearycontrol-lv_root
                       50G  3.3G   44G   8% /
tmpfs                 2.0G     0  2.0G   0% /dev/shm
/dev/sda1             485M   33M  427M   8% /boot
/dev/mapper/vg_testbudgearycontrol-lv_home
                       92G  1.5G   86G   2% /home

capistrano

Capistranoã®å ´åˆã¯ã€ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ã¯è¦‹ãˆã¾ã›ã‚“ããƒ»ãƒ»ã€‚

% cap invoke COMMAND="df -h" HOSTS[email protected] SUDO=1  
  * executing `invoke'
  * executing "sudo -p 'sudo password: ' df -h"
    servers: ["192.168.100.200"]
    [[email protected]] executing command
Password: 
 ** [out :: [email protected]] Filesystem            Size  Used Avail Use% ãƒžã‚¦ãƒ³ãƒˆä½ç½®
 ** [out :: [email protected]] /dev/mapper/vg_testbudgearycontrol-lv_root
 ** [out :: [email protected]] 50G  3.3G   44G   8% /
 ** [out :: [email protected]] tmpfs                 2.0G     0  2.0G   0% /dev/shm
 ** [out :: [email protected]] /dev/sda1             485M   33M  427M   8% /boot
 ** [out :: [email protected]] /dev/mapper/vg_testbudgearycontrol-lv_home
 ** [out :: [email protected]] 92G  1.5G   86G   2% /home
    command finished in 4008ms

ãŠã¾ã‘1 : sudoã§ç‰¹å®šã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãªã—ã§å®Ÿè¡Œã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹

ä¾‹ãˆã°ã€visudo ã§ä¸‹è¨˜ã®ã‚ˆã†ã«è¨å®šã—ã¦ã€sshd ã‚’ restart ã¾ã™ã€‚

%wheel        ALL=(ALL)       NOPASSWD: /bin/df

ä¸Šè¨˜ã ã¨ã€/bin/df ã‚³ãƒžãƒ³ãƒ‰ã¯ wheelã‚°ãƒ«ãƒ¼ãƒ—ãƒ¦ãƒ¼ã‚¶ã«æ‰€å±žã—ã¦ã„ã‚Œã° ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãªã—ã§ sudo å®Ÿè¡Œã§ãã¾ã™ã€‚sudo ã§å®Ÿè¡Œã—ãŸã„ã‚³ãƒžãƒ³ãƒ‰ãŒãŸãã•ã‚“ã‚ã‚‹å ´åˆã¯ä¸å‘ãã§ã™ãã€‚

ãŠã¾ã‘2 : sudo æ™‚ã® path

visudo ã§è¨å®šã‚’è¦‹ã‚‹ã¨ Defaults secure_path ã¨ã„ã†ã®ãŒã‚ã‚Šã¾ã™ã€‚ã“ã‚Œã¯ã€sudo æ™‚ã«ä¸‹è¨˜ã®ãƒ‘ã‚¹ãŒè¨å®šã•ã‚Œã¾ã™ãŒã€ä¾‹ãˆã°ã€gem ã‚³ãƒžãƒ³ãƒ‰ãŒ /usr/local/bin ã«ã‚ã£ãŸå ´åˆã¯ã€sudo æ™‚ã« gem ã‚³ãƒžãƒ³ãƒ‰ãŒä½¿ãˆãªã„ã¨ã„ã†ã“ã¨ã«ãªã£ã¦ã—ã¾ã„ã¾ã™ã€‚ãã®ãŸã‚ã€Default secure_pathã« pathã‚’åŠ ãˆã‚‹ã“ã¨ã§å¯¾å¿œã—ã¾ã™ã€‚

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin

â†“

Defaults    secure_path = /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin

å®Ÿè¡Œç’°å¢ƒ

å†ç¾

è§£æ±ºæ–¹æ³•1 : ä»®æƒ³ç«¯æœ«ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ãªã„ã®ã§ ssh -t ã‚’ã¤ã‘ã‚‹

æ™®é€šã®shell

ssh

capistrano

è§£æ±ºæ–¹æ³•2 : Defaults visiblepw

ssh

capistrano

ãŠã¾ã‘1 : sudoã§ç‰¹å®šã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãªã—ã§å®Ÿè¡Œã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹

ãŠã¾ã‘2 : sudo æ™‚ã® path

å†ç¾

è§£æ±ºæ–¹æ³•1 : ä»®æƒ³ç«¯æœ«ãŒå‰²ã‚Šå½“ã¦ã‚‰ã‚Œã¦ã„ãªã„ã®ã§ ssh -t ã‚’ã¤ã‘ã‚‹

æ™®é€šã®shell

ãŠã¾ã‘1 : sudoã§ç‰¹å®šã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ãƒ‘ã‚¹ãƒ¯ãƒ¼ãƒ‰ãªã—ã§å®Ÿè¡Œã§ãã‚‹ã‚ˆã†ã«ã™ã‚‹

ãŠã¾ã‘2 : sudo æ™‚ã® path