Hi Jamis,
I have another feature request for you. I have a deployment where I
have a series of tasks that get executed on various machines, but I
need to login to those machines with public key auth with different
user ids. In this particular scenario, using sudo does not really work
as needed. What I want to do is something like:
run "some_command", :as => 'root'
which temporarily changes the 'user' variable for the duration of the
execution of the task.
I accomplish this by aliasing the run method as follows:
module CapistranoExt
class Configuration
module Actions
module Invocation
def self.append_features(base)
super
base.extend(ClassMethods)
base.class_eval do
alias_method_chain :run, :user
end
end
module ClassMethods
end
# TODO: this really only works if the authentication method is
# publickey, since the password is cached from a call to the
# proc to read it. Need to have a mechanism to cache that per
# user, and set it appropriately in here (if we need to
support
# this mechanism with password-based auth).
def run_with_user(cmd, options={}, &block)
u = fetch(:user)
as = options.delete(:as) || u
begin
set :user, as
run_without_user(cmd, options, &block)
ensure
set :user, u
end
end
end
end
end
end
This also requires a change to the following method in connections.rb
(from Cap 2.0.100):
def safely_establish_connection_to(server, failures=nil)
if fetch(:ssh_options)[:no_session_cache]
sessions[server].close if sessions[server]
sessions[server] = connection_factory.connect_to(server)
else
sessions[server] ||= connection_factory.connect_to(server)
end
rescue Exception => err
raise unless failures
failures << { :server => server, :error => err }
end
Then I set ssh_options[:no_session_cache] to true in my cap deployment
file, and everything works fine.
Per my comments in the code, there is a problem in that this only
works for non-password auth for now, since the password is obtained in
a Proc and I did not add code to cache it per user. This could
probably be done with a few more additions.
It's probably a little inefficient. I looked to see if there was a way
to drop the session only if the username had changed, but I don't
think net/ssh exposes that field.
Anyway, if you think you'd be willing to add something like this, I
could probably clean it up and just give you a patch.
Thanks,
Joe
--~--~---------~--~----~------------~-------~--~----~
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/capistrano
-~----------~----~----~----~------~----~------~--~---
