Repository files navigation

• deployr
• Installation & Dependencies
  • Source Installation go <= 1.11
  • Source installation go >= 1.12
• Overview
  • Authentication
  • Examples
  • File Globs
• Variables
  • Predefined Variables
• Template Expansion
• Missing Primitives?
  • Alternatives
• Github Setup

deployr is a simple utility which is designed to allow you to easily automate simple application-deployment via SSH.

The core idea behinddeployr is that installing (simple) software upon remote hosts frequently consists of a small number of steps:

• Uploading a small number of files, for example:
  • A binary application.
  • A configuration-file.
  • A systemd unit-file
  • etc.
• Running a small number of commands, some conditionally, for example:
  • Enable the systemd unit-file.
  • Start the service.

This is particularly true for golang-based applications which frequently consist of an single binary, a single configuration file, and an init-file to ensure the service can be controlled.

If you want to keep your deployment recipes automatable, and reproducible, then scripting them with a tool like this is ideal. (Though you might prefer something more popular & featureful such asansible,fabric,salt, etc.)

"Competing" systems tend to offer more facilities, such as the ability to add Unix users, setup MySQL database, add cron-entries, etc. Although it isn't impossible to do those things indeployr it is not as natural as other solutions. (For example you can add a cron-entry by uploading a file to/etc/cron.d/my-service, or you can add a user viaRun adduser bob 2>/dev/null.)

One obvious facility that most similar systems, such as ansible, offer is the ability to perform looping operations, and comparisons. We don't offer that and I'm not sure we ever will - even if we did add the ability to add cronjobs, etc.

In short think of this as an alternative to using a bash-script, which invokes scp/rsync/ssh. It is not going to compete with ansible, or similar. (Though it is reasonably close in spirit tofabric albeit with a smaller set of primitives.)

There are two ways to install this project from source, which depend on the version of thego version you're using.

If you're usinggo before 1.11 then the following command should fetch/updatedeployr, and install it upon your system:

 $ go get -u github.com/skx/deployr

If you're using a more recent version ofgo (which ishighly recommended), you need to clone to a directory which is not present upon yourGOPATH:

git clone https://github.com/skx/deployrcd deployrgo install

If you don't have a golang environment setup you should be able to download a binary for GNU/Linux fromour release page.

deployr has various sub-commands, the most useful is therun command whichallows you to execute a recipe-file:

$ deployr run [options] recipe1 recipe2 .. recipeN

Each specified recipe is parsed and the primitives inside them are then executed line by line. The following primitives/commands are available:

• CopyFile local/path remote/path
  • Copy the specified local file to the specified path on the remote system.
  • If the local & remote files were identical, such that no change was made, then this fact will be noted.
  • See later note on globs.
• CopyTemplate local/path remote/path
  • Copy the specified local file to the specified path on the remote system, expanding variables prior to running the copy.
  • If the local & remote files were identical, such that no change was made, then this fact will be noted.
  • See later note on globs.
• DeployTo [user@]hostname[:port]
  • Specify the details of the host to connect to, this is useful if a particular recipe should only be applied against a single host.
  • If you don't specify a target within your recipe itself you can instead pass it upon the command-line via the-target flag.
• IfChanged "Command"
  • TheCopyFile andCopyTemplate primitives record whether they made a change to the remote system.
  • TheIfChanged primitive will execute the specified command if the previous copy-operation resulted in the remote system being changed.
• Run "Command"
  • Run the given command (unconditionally) upon the remote-host.
• Set name "value"
  • Set the variable "name" to have the value "value".
  • Once set a variable can be used in the recipe, or as part of template-expansion.
• Sudo may be added as a prefix toRun andIfChanged.
  • If present this will ensure the specified command runs asroot.
  • The sudo example found beneathexamples/sudo/ demonstrates usage.

Public-Key authentication is only supported mechanism for connecting to a remote host, or remote hosts. There is zero support for authentication via passwords.

By default~/.ssh/id_rsa will be used as the key to connect with, but if you prefer you can specify a different private-key with the-identity flag to the run sub-command:

$ deployr run -identity ~/.ssh/host

In addition to using a key specified via the command-line deployr also supports the use ofssh-agent. Simply set the environmental-variableSSH_AUTH_SOCK to the path of your agent's socket.On Windows deployr supportspageant, which is a Windows-specific implementation of SSH Agent. If pageant is running, deployr will detect it and use it for authentication.

There are several examples included beneathexamples/, the shortest oneexamples/simple/ is a particularly good recipe to examine to get a feel for the system:

$ cd ./examples/simple/$ deployr run -target [user@]host.example.com[:port] ./deployr.recipe

For more verbose output the-verbose flag may be added:

$ cd ./examples/simple/$ deployr run -target [user@]host.example.com[:port] -verbose ./deployr.recipe

Some other flags are also available, consult "deployr help run" for details.

Both theCopyFile andCopyTemplate primitives allow the use of file-globs,which allows you to write a line like this:

CopyFile lib/systemd/system/* /lib/systemd/system/

Assuming you have the following input this will copy all the files, as youwould expect:

  ├── deploy.recipe  └── lib      └── systemd          └── system              ├── overseer-enqueue.service              ├── overseer-enqueue.timer              ├── overseer-worker.service              └── purppura-bridge.service

NOTE That this wildcard support isnot the same as a recursive copy,that is not supported.

TheIfChanged primitive will regard a previous copy operation as havingresulted in a change if any single file changes during the run of a copyoperation that involves a glob.

It is often useful to allow values to be stored in variables, for example if you're used to pulling a file from a remote host you might make the version of that release a variable.

Variables are defined with theSet primitive, which takes two arguments:

• The name of the variable.
• The value to set for that variable.
  • Values will be set as strings, in fact our mini-language only understands strings.

In the following example we declare the variable called "RELEASE" to have the value "1.2", and then use it in a command-execution:

Set RELEASE "1.2"Run "wget -O /usr/local/bin/app-${RELEASE} \       https://example.com/dist/app-${RELEASE}"

It is possible to override the value of a particular variable via a command-line argument, for example:

$ deployr run --set "ENVIRONMENT=PRODUCTION" ...

If you do this any attempt toSet the variable inside the recipe itself will be silently ignored. (i.e. A variable which is set on the command-line will become essentially read-only.) This is useful if you have a recipe where the only real difference is the set of configuration files, and the destination host. For example you could write all your copies like so:

## Lack of recursive copy is a pain here.# See:#   https://github.com/skx/deployr/issues/6#CopyFile files/${ENVIRONMENT}/etc/apache2.conf /etc/apache2/confCopyFile files/${ENVIRONMENT}/etc/redis.conf   /etc/redis/redis.conf..

Then have a tree of files:

  ├── files      ├── development      │   ├── apache2.conf      │   └── redis.conf      └── production          ├── apache2.conf          └── redis.conf

Another case where this come in handy is when dealing the secrets. Pass your secrets via command-line arguments instead of setting them in the recipe so you don't commit them by mistake, for example:

    $ deployr run --set "API_KEY=foobar" ...

Then use theAPI_KEY:

    Run "curl api.example.com/releases/latest -H 'Authorization: Bearer ${API_KEY}'"

In a CI environnement, use command-line arguments to retrieve environnement variables available in the CI.

    $ deployr run --set "RELEASE=$CI_COMMIT_TAG" ...

The following variables are defined by default:

• host
  • The host being deployed to.
• now
  • An instance of the golangtime object.
• port
  • The port used to connect to the remote host (22 by default).
• user
  • The username we login to the remote host as (root by default).

In addition to copying files literally from the local system to the remotehost it is also possible perform some limited template-expansion.

To copy a file literally you'd use theCopyFile primitive which copies thefile with no regards to the contents (handling binary content):

CopyFile local.txt /tmp/remote.txt

To copy a file with template-expansion you should use theCopyTemplate primitive instead:

CopyTemplate local.txt /tmp/remote.txt

The file being copied will then be processed with thetext/template librarywhich means you can access values like so:

## This is a configuration file blah.conf# We can expand variables like so:## Deployed version {{get "RELEASE"}} on Host:{{get "host"}}:{{get "port"}}# at {{now.UTC.Day}} {{now.UTC.Month}} {{now.UTC.Year}}#

In short you write{{get "variable-name-here"}} and the value of the variablewill be output inline.

Any variable defined withSet (or via a command-line argument) will be available to you, as well as thepredefined variables noted above.

If there are primitives you think would be useful to add then please dofile a bug.

There are many alternatives to this simple approach. The most obvious twowould be:

• ansible
  • Uses YAML to let you run commands on multiple remote hosts via SSH.
  • Very featureful, but also a bit hard to be readable due to the YAML use.
• fabric
  • Another Python-based project, which defines some simple primitive functions such asrun andput to run commands, and upload files respectively.

As a very simple alternative I put togethermarionette which allows running commands, and setting file-content, but this works on thelocal system only - no SSH involved.

For large-scale deployments you'll probably want to consider Puppet, Chef, or something more established and powerful. Still this system has its place.

This repository is configured to run tests upon every commit, and whenpull-requests are created/updated. The testing is carried out via.github/run-tests.sh which is used by thegithub-action-tester action.

Releases are automated in a similar fashion via.github/build,and thegithub-action-publish-binaries action.