Skip to main content

The CLI for Sym

Project description

sym-cli

Sym CLI

Usage

Login

sym login --email rick@symops.io --org sym

Or, to run interactively: sym login

Currently, this saves the email and org name to a local configuration file that defaults to $HOME/.config/sym/config.yml. Currently, this does NOT do any kind of validation or communication with the rest of the platform. This location can be tweaked by editing the XDG_CONFIG_HOME environment variable (replaces $HOME/.config).

Resources

sym resources

Once you run sym login, you can see the resource groups available by running sym resources.

Currently, this is based on a hard-coded list of resource groups defined in params.py. If logged in using a sym email address, then there will be exactly one resource available: test.

SSH

sym ssh RESOURCE INSTANCE

Initializes an SSH connection to an instance in the resource group.

sym ssh test i-01073e9d0438334fc

Creates an SSH connection to an instance i-01073e9d0438334fc. In order to create this connection, Sym first attempts a login via SAML using saml2aws (or aws-okta as a fallback) for the currently logged in user (the email address in config.yml set via sym login). This may require MFA.

sym --saml-client=aws-profile ssh PROFILE INSTANCE

Write Creds

sym write-creds test --profile PROFILE

It can be convenient to save temporary credentials for a sym resource into an AWS profile. Then the AWS profile can be used for other commands (with sym or other tools).

Exec

sym exec test -- COMMAND

You can use sym to execute a command or script using the credentials for the resource group.

Similar to other commands, you can use an AWS profile instead of a sym resource group:

sym --saml-client=aws-profile exec PROFILE -- COMMAND

Ansible Playbook

sym ansible-playbook test -i ec2.py docker_test.yml

There are several useful environment variables that can help with debugging:

  • SYM_LOG_DIR: Set to a directory (i.e. /tmp/sym/test) to accumulate logs from sym commands.
  • SYM_DEBUG: Set to true to turn on verbose logging from ansible and ssh

Like other commands, you can use an AWS profile instead of a sym resource group:

sym --saml-client=aws-profile ansible-playbook PROFILE -i ec2.py docker_test.yml

Send Command

As of 0.0.45, the default implementation for Ansible to communicate with EC2 instances is via SSM using send command. To do this, we ship an implementation of ansible's connection API in our Sym CLI, and that location is provided as a connection plugin argument to ansible. We provide options to that plugin implementation to manage the connection and associated dependencies (s3 bucket for copying files over to the instance, etc).

This behavior can be enabled/disabled with a flag: --send-command/--no-send-command. --send-command is not required since it is the default. Alternatively it can be toggled using the SYM_SEND_COMMAND environment variable.

SSH

When send command is not used, then ansible falls back to the normal behavior - initiating an SSM session and then opening an SSH tunnel with that session. When using SSH with sym ansible-playbook, sym will force ansible to use openssh instead of a built-in Paramiko implementation that is sometimes used, but was found to be buggy with SSM.

When using SSH, ansible needs to decide whether to persist SSH sessions, which is important for performance, but on some versions of OpenSSH and aws-cli can be unreliable. The mechanism for persisting sessions is SSH control master persistence. Sym has the following behavior:

  • If the version of OpenSSH on the local machine is lower than a min version (currently 8.1+), then it will disable control master by default; otherwise, it will enable it by default.
  • Control master can be explicitly enabled/disabled with the --control-master/--no-control-master flag, or the SYM_USE_CONTROL_MASTER env var.
  • Control master (and compression) will be automatically disabled if SYM_DEBUG or --debug are set.

Doctor

sym doctor test --mode=ansible --inventory=test/integration/docker-ansible-ld/sym/ec2.py

Use doctor to run checks against the current environment and collect all the logs (sym, ansible, ssh, etc.) from the local environment and remote instances.

Project details


Release history Release notifications | RSS feed

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

sym-cli-0.0.46.tar.gz (56.8 kB view details)

Uploaded Source

Built Distribution

sym_cli-0.0.46-py3-none-any.whl (79.8 kB view details)

Uploaded Python 3

File details

Details for the file sym-cli-0.0.46.tar.gz.

File metadata

  • Download URL: sym-cli-0.0.46.tar.gz
  • Upload date:
  • Size: 56.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/46.4.0 requests-toolbelt/0.9.1 tqdm/4.50.0 CPython/3.8.5

File hashes

Hashes for sym-cli-0.0.46.tar.gz
Algorithm Hash digest
SHA256 87402163c767b048fc1e0636bed6e330dca1b79a75ab87cdf853e0c32b78a1ff
MD5 1811176c023bd666e3dac194f49d061a
BLAKE2b-256 ed4da6c601767a9584e3e99c2575cc41cc929e3bb3b01275a54b05e034a13f91

See more details on using hashes here.

File details

Details for the file sym_cli-0.0.46-py3-none-any.whl.

File metadata

  • Download URL: sym_cli-0.0.46-py3-none-any.whl
  • Upload date:
  • Size: 79.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/46.4.0 requests-toolbelt/0.9.1 tqdm/4.50.0 CPython/3.8.5

File hashes

Hashes for sym_cli-0.0.46-py3-none-any.whl
Algorithm Hash digest
SHA256 26e36a59679430656765f7df05eb751aed4258a7d006da9c0953fe70a45de5f4
MD5 58f38bdd1f95ae73a44a1b1b3fdcfb6d
BLAKE2b-256 3dba1364244f1dc01720700dae3233d804155b8d2235bf6191d53472b79d9d2c

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page