Recently, I had to write a script to deploy a Grails application on a cluster of 7 servers without prompting for any kind of passwords. The load balancer was configured so as NOT to direct any request to the node, if the Apache process is not running on the server.
So, my script to do the deployment on all the servers one by one is very simple — (a) stop Apache (b) deploy new version of the app on Tomcat using deploy.sh script lying on the server (c) start Apache
SERVER_IPS="10.20.30.40 10.20.30.41 10.20.30.42" for i in `echo $SERVER_IPS` do echo "Deploying on Web Host $i" ssh applicationUser@$i "cd; apache2ctl stop; ./deploy.sh; sleep 30; apache2ctl start" done
The only hiccup is that the applicationUser does not have rights to start/stop Apache. After looking around for a while, I came to know about setuid which allow users to run an executable with the permissions of the executable’s owner or group.
So, all I had to do in order to allow applicationUser to bounce apache process is :
sudo u+s /usr/sbin/apache2 sudo u+s /usr/sbin/apache2ctl
I also had to set the trusted relationship between the production servers and my machine in order to allow password-less SSH login.
After I did the above steps, I could deploy my application to all nodes in the cluster with a single command.