SSH with steroid, infrastructure as files and history.

61d3027 go.mod: set minimum Go to 1.18 and update all dependencies

~shulhan pushed to ~shulhan/awwan git

2 months ago

faf1005 all: restructure the documents

~shulhan pushed to ~shulhan/awwan git

3 months ago
// SPDX-FileCopyrightText: 2019 M. Shulhan <ms@kilabit.info>
// SPDX-License-Identifier: GPL-3.0-or-later
= awwan
Shulhan <ms@kilabit.info>
11 Aug 2021
:url-godoc: https://pkg.go.dev/git.sr.ht/~shulhan/awwan

image:https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square[GoDoc, link={url-godoc}]

==  NAME

awwan - Configuration management software, infrastructure as file and
directory layout.


awwan <command> <arguments>

command = "local" | "play" | "serve"

arguments = <script> <line-start> [line-end] | <workspace>


`awwan` is command-line interface to execute multiple lines of command in
the local or remote server using shell or SSH.


Do you have a collection of shell scripts to manage one more similar server?
Do you ever want to execute only part of your script?
Are you get tired with learning others syntax and tools for provisioning
your own server, while you need is a handful of shell script?

If yes, awwan is the right tools for you.


The awwan tool have three commands: local, play, or serve.

The "local" command execute the script in local environment, your host
machine, using shell.
The "play" command execute the script in remote environment using SSH.
The "serve" command run the web-user interface using <workspace> directory as
base directory.

The "local" and "play" command has the same arguments,

	(local | play) <script> <line-start> [line-end]

The <script> argument is the path to the awwan script file.

The <line-start> argument is line start number.
Its define the line number in the script where awwan start execution.

The <line-end> argument define the line number in the script where awwan
stop executing the script, or "-" to set to the last line.
If not defined then its equal to the line start, which means awwan execute
only single line.

The "serve" command have only single argument,

    serve <workspace>

The <workspace> argument is the awwan workspace directory that contains the
.ssh directory.

Here is some examples of how to execute script,

* Execute only line 5 of "script.aww" on local system,
$ awwan local myserver/script.aww 5

* Execute line 5 until line 10 of "script.aww" on remote server known as
$ awwan play myserver/script.aww 5 10

* Execute line 5 until last line of "script.aww" on remote server known as
$ awwan play cloud/myserver/script.aww 5 -

* Serve the directory "work" as base directory for awwan workspace,
$ awwan serve ./work
--- BaseDir: ./work
--- Starting HTTP server at


The awwan script is similar to shell script.
Each line started with '#' is a comment, except for special, magic words.
Each statement, either in local or remote, is executed using "sh -c".

There are five magic words in the script: `#require:`, `#get:`, `#get!`,
`#put:`, and `#put!`.

Magic word `#require:` ensure that the statement after it always executed even
if its skipped by line-start number argument.
For example, given following script with line number

1: #require: echo a
2: echo b
3: #require: echo c
4: echo d

Executing "awwan local script.aww 2", always execute line number 1 `echo a`,
so the output would be


Executing "awwan local script.aww 4", always execute line number 1 and 3, so
the output would be


Magic word `#get:` copy file from remote server to your local file system.
For example,

#get: /etc/os-release os-release

Magic word `#get!` copy file from remote server, that can be accessed only by
using sudo, to your local file.
For example,

#get! /etc/nginx/ssl/my.crt server.crt

Magic word `#put:` copy file from your local to remote server.
For example,

#put: /etc/locale.conf /tmp/locale.conf

Magic word `#put!` copy file from your local system to remote server using
For example,

#put! /etc/locale.conf /etc/locale.conf

Here is an example of script that install Nginx on remote Arch Linux server
using configuration from your local computer,

sudo pacman -Sy --noconfirm nginx
sudo systemctl enable nginx

#put! {{.ScriptDir}}/etc/nginx/nginx.conf /etc/nginx/

sudo systemctl restart nginx
sudo systemctl status nginx


The environment file is a file named `awwan.env` that contains variables using
the form "key=value" that can be used for templating.

When executing the script, `awwan` read environment files in the current
directory, and in each sub-directory, until the script directory.

The environment file use the ini file format,

[section "subsection"]
key = value

We will explain how to use and get the environment variables below.


Template file is any text or script files that dynamically generated using
values from variables defined in environment files.

There are six global variables that shared to all template or script files,

* `.BaseDir` contains the absolute path of current directory
* `.ScriptDir` contains the relative path to script directory
* `.SSHKey` contains the value of "IdentityFile" in SSH configuration
* `.SSHUser` contains the value of "User" in SSH configuration
* `.SSHHost` contains the value of "Host" in SSH configuration
* `.SSHPort` contains the value of "Port" in SSH configuration

To get the value wrap the variable using '{{}}' for example,

#put! {{.BaseDir}}/templates/etc/hosts /etc/
#put! {{.ScriptDir}}/etc/hosts /etc/

scp -i {{.SSHKey}} src {{.SSHUser}}@{{.SSHHost}}:{{.SSHPort}}/dst

To get the value of variable in environment file you put the string ".Val"
followed by section, subsection and key names, each separated by colon ":".
If no subsection exist you can leave it empty.

You can put the variable inside the script or in the file that you want to

For example, given the following environment file,

user = arch

[whitelist "ip"]
alpha =
beta  =

* `{{.Val "all::user"}}` result to "arch" (without double quote), and
* `{{.Val "whitelist:ip:alpha"}}` result to ""
  (without double quote)


After we learn about the command, script, variables, and templating; we need
to explain some file and directory structure that required by `awwan` so it
can connect to the SSH server.

To be able to connect to the remote SSH server, `awwan` need to know the
remote host name, remote user, and location of private key file.
All of this are derived from ssh_config(5) file in the current directory and
in the user's home directory.

The remote host name is derived from directory name of the script file.
It is matched with `Host` or `Match` section in the ssh_config(5) file.

For example, given the following directory structure,

+-- .ssh/
|   |
|   --- config
+-- development
    --- script.aww

If we execute the "development/script.aww", awwan search for the Host that
match with "development" in current ".ssh/config" or in "~/.ssh/config".


To give you the taste of the idea, we will show you an example using the
working directory $WORKDIR as our base directory.

Let say that we have the working remote server named "myserver" at IP address
"" using username "arch" on port "2222".

In the $WORKDIR, create directory ".ssh" and "config" file,

$ mkdir -p .ssh
$ cat > .ssh/config <<EOF
Host myserver
	User arch
	Port 2222
	IdentityFile .ssh/myserver

Still in the $WORKDIR, create  the environment file "awwan.env"

$ cat > awwan.env <<EOF
user = arch
host = myserver

[whitelist "ip"]
alpha =
beta  =

Inside the $WORKDIR we create the directory that match with our server name
and a script file "test.aww",

$ mkdir -p myserver
$ cat > myserver/test.aww <<EOF
echo {{.Val "all::host"}}`
#put: {{.ScriptDir}}/test /tmp/
cat /tmp/test

and a template file "test",

$ cat > myserver/test <<EOF
Hi {{.Val "all::user"}}!

When executed from start to end like these,

$ awwan play myserver/test.aww 1 -

it prints the following output to terminal,

>>> arch@ 1: echo myserver

test                                                  100%    9     0.4KB/s   00:00
>>> arch@ 3: cat /tmp/test

Hi arch!

That's it.

==  FAQ

Since this software is working in progress, there are many things that we have
in mind, but can't put it to code, yet.

===  Workspace structure

Beside ".ssh" directory and directory as host name, `awwan` did not require
any other special directory but we really recommend that you use sub directory
to group several nodes on several cloud services.
For example, if you use cloud services with several nodes inside it, we
recommend the following directory structures,


The `<cloud-service>` is the name of your remote server, it could be "AWS",
"GCP", "DO", and others.
The `<project-name>` is your account ID in your cloud service or your project
The `<service-name>` is a group of several nodes, for example "development",
"staging", "production".
The `<node-name>` is name of your node, each node should have one single

Here is an example of directory structures,

├── commons
├── gcp
│   ├── development
│   │   └── vm
│   │       ├── www
│   │       │   └── etc
│   │       │       ├── my.cnf.d
│   │       │       ├── nginx
│   │       │       ├── php
│   │       │       │   └── php-fpm.d
│   │       │       └── systemd
│   │       │           └── system
│   │       │               └── mariadb.service.d
│   │       └── ci
│   └── production
│       └── vm
│           └── www
│               └── etc -> ../../../development/vm/www//etc
└── templates
    ├── etc
    │   ├── pacman.d
    │   └── ssh
    └── home

The `commons` directory contains common script that can be executed in any

The `templates` directory contains common templates that can be used by any

The `gcp` directory is cloud service with two accounts "development" and
"production", and the rest are node names and templates used in that node.

=== What happened if two variables declared inside two environment files?

When executing the script `awwan` merge the variables from current directory
with variables from script directory.
Any keys that are duplicate will be merged and the last one overwrite the
previous one.

=== Use case of magic command `#require:`

The magic command `#require:` is added to prevent running local command using
different project or configuration.

The use case was derived from experience with `gcloud` and `kubectl` commands.
When you have more than one projects in GCP, you need to make sure that the
command that you run is using correct configuration.

Here is the example of deploying Cloud Functions using local awwan script,

1: #require: gcloud config configurations activate {{.Val "gcloud::config"}}
4: ## Create PubSub topic.
6: gcloud pubsub topics create {{.Val "CloudFunctions:log2slack:pubsub_topic"}}
8: ## Create Logger Sink to Route the log to PubSub topic.
10: gcloud logging sinks create {{.Val "CloudFunctions:log2slack:pubsub_topic"}} \
11:	pubsub.googleapis.com/projects/{{.Val "gcloud::project"}}/topics/{{.Val "CloudFunctions:log2slack:pubsub_topic"}} \
12:	--log-filter=severity>=WARNING
14: ## Create Cloud Functions to forward log to Slack.
16: gcloud functions deploy Log2Slack \
17:	--source {{.ScriptDir}} \
18:	--entry-point Log2Slack \
19:	--runtime go113 \
20:	--trigger-topic {{.Val "CloudFunctions:log2slack:pubsub_topic"}} \
21:	--set-env-vars SLACK_WEBHOOK_URL={{.Val "slack::slack_webhook_url"}} \
22:	--ingress-settings internal-only \
23:	--max-instances=5
25: ## Test the chains by publishing a message to Topic...
27: gcloud pubsub topics \
28:	publish {{.Val "CloudFunctions:log2slack:pubsub_topic"}} \
29:	--message='Hello World!'

When executing statement at line number 6, 10, 16 or 27 we need to make sure
that it always using the correct environment "gcloud::config",

$ awwan local awwan/playground/CloudFunctions/log2slack/local.deploy.aww 27
2020/06/04 01:48:38 >>> loading "/xxx/awwan.env" ...
2020/06/04 01:48:38 >>> loading "/xxx/awwan/dev/awwan.env" ...
2020/06/04 01:48:38 --- require 2: gcloud config configurations activate dev

Activated [dev].
2020/06/04 01:48:38 >>> local 29: gcloud pubsub topics publish logs
--message='Hello World!'

==  BUGS

Known bugs,

* Executing script start with line number contains "#require:" is not
  executing the required statement.


The source codes for this software project can be viewed at
https://sr.ht/~shulhan/awwan/ .

For request of features and/or bugs report please submitted through web at
https://todo.sr.ht/~shulhan/awwan .


This project require git, GNU make, Go compiler, and TypeScript compiler.

Steps to build from source,

    $ git clone --recurse-submodules git@git.sr.ht:~shulhan/awwan
    $ make

To run development server that watch changes on _www, run

    $ make serve-dev


Copyright (C) 2019-2022 M. Shulhan <ms@kilabit.info>

This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by the Free
Software Foundation, either version 3 of the License, or any later version.

This program is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with
this program.
If not, see <http://www.gnu.org/licenses/>.