remosh

Remote execution engine with less than 100 lines of code.

For CI integration with f. ex GitHub Webhooks, run a given command on some server on every push.

Just make a file in the following format:

<id>: <command>

And do a POST with the given id to run the command, eg with the file:

secretpassword: sudo /bin/update-server

The following request will trigger the update-server script:

POST localhost?id=secretpassword

Granted that the user running remosh has the privileges to do so, naturally.

Installation

From PyPI:

$ pip install remosh

Start the service:

$ remosh <file-to-read-commands-from>

You might want to put that into an Upstart job or similar.

Tips

You might want remosh to run commands as sudo, but giving the user running the service free access to any sudo command is not a good idea. There's no known security issues with remosh, but play it on the safe side. Create an unprivileged user remosh, create an upstart job ala this:

# Put this in /etc/init/remosh.conf
description "Remosh job config"

start on startup
stop on runlevel [016]

setgid remosh
setuid remosh

respawn

exec remosh /etc/remosh_commands -l /var/log/remosh.log

And then create a sudoers file for remosh, ala this:

# Put this in /etc/sudoers.d/remosh
Cmnd_Alias      COMMANDS = /bin/update-server, /usr/bin/apt-get update, <..>

# User alias specification
remosh ALL = NOPASSWD: COMMANDS

Now the remosh user can execute the listed commands with password-less sudo.