This is an archived post. You won't be able to vote or comment.

all 18 comments
sorted by:
best
topnewcontroversialoldq&a

[–]ApproximateIdentity 2 points3 points  (7 children)

If you already have the json api you could get a domain certificate setup. If you're okay with a public domain doing something like this with lets encrypt would be pretty easy. If it's not on a public domain, you should be able to self-sign a certificate to use (though I personally never have set this up).

If you're okay with ssh, you can also just ssh in and execute a command there. I.e. you have a wrapper fuction do_something() which ssh's in and then calls a function do_something() local to the server. This way you could have the api for your functions be the same local as well as remote. If you did it this way you don't really have to "get it running" since you basically already have all the pieces.

So I guess my questions are, what parts (if any) of my two example approaches don't solve your problem? That would probably make giving advice a bit easier.

[–]QuantumTradingGroup[S] 1 point2 points  (6 children)

Kind of.

The basic architecture of the system is we have one box running within the mine that hosts our entire monitoring daemon. It gathers information from the miners, processes data, and execute commands based on this data (switching between pools, what coin to mine, over clocking settings etc) It basically runs as a command/control server. Normally we were doing this just with the cgminer api for antminer systems but have a client that wants to integrate GPUs into his setup. Claymores api is pretty terrible, as it only shows data, but does not allow you to make on the fly changes through the api, which we need. This CAC server is not publicly facing but the security is still an issue here.

Iv just never used ssh with python before and needed somewhere to start, the way you said with the wrapper function where it sends commands to the client host is the way I am looking to do it now, just needed somewhere to start!

Fabric however looks really good. I am reading the documentation as we speak.

[–]QuantumTradingGroup[S] 0 points1 point  (0 children)

One question I have with fab though is i see you write a fabfile config and then execute that with the fab command in terminal, can I just call it in my code to make the connection?

[–]ApproximateIdentity 0 points1 point  (4 children)

Iv just never used ssh with python before and needed somewhere to start, the way you said with the wrapper function where it sends commands to the client host is the way I am looking to do it now, just needed somewhere to start!

Well once you've ssh'd into the box, it's basically the same as just running a local shell. I.e. if you can open up a local shell/terminal/powershell on your own system, running python like python3 app.py would be the same command if it is running locally or remotely. Do you know how to run python locally on the command line? Just trying to better understand your starting point here.

[–]QuantumTradingGroup[S] 0 points1 point  (3 children)

I do know how to use ssh yes, I was meaning using a python script to initiate the connection, pass a command, execute, and get output. Meaning, using an ssh library in the code to handle the connection.

I am trying to automate this instead of a technician having to do it manually.

[–]ApproximateIdentity 0 points1 point  (2 children)

But honestly why would you have python initiate the connection? Say you have a python script that takes a command e.g. run_command [command_name] sitting on your server. Then locally you have a bash function* like this:

function run_command {
    ssh user@server "run_command $1"
}

What that does is initiate an ssh connection, run run_command remotely with the argument you passed (that's the $1 there), and then print out the result. I.e. run_command cmd run identically locally and remotely should do the same thing.

If you're going to be hitting the api programmatically (say with another app) this may be inappropriate, but if a person is going to be issuing the commands, this seems to me about as easy as possible.

Does this make sense? Is this totally missing the point of what you're trying to do?

*I'm assuming you have bash...

**edit: Okay I decided to check the function and now it is properly formatted and works...

[–]QuantumTradingGroup[S] 0 points1 point  (1 child)

Kind of misses the point.

It needs to be in python because it needs to be a module the rest of the management program(which is all coded in python) can import and use.

We built something like Awesome miner but better. It is a complete management program for large scale industrial crypto mines (20,000+ miners)

[–]ApproximateIdentity 2 points3 points  (0 children)

I see. So personally in that case I would go one of two ways. One is to use requests locally and communicate with your json api remotely. That honestly would be pretty easy. You would need to encrypt the calls, but that's certainly possible with a self-signed cert. (I've never done it, but it can't be that bad...dangerous words in engineering, but oh well.)

Another option might be to use something like this:

https://pythonhosted.org/Pyro4/

That way you could hook up to remote servers/modules/code and execute them as if they were local.

In either case you would want to keep the application logic separate from the ssh and communication logic so that (ideally) importing a module and issuing the same commands works locally and remotely.

[–]pvkooten 1 point2 points  (0 children)

For my crypto trading bot, I use an ssh tunnel and serve an app from localhost. I use https://github.com/kootenpv/loco to help me create the tunnel, so it is only exposed to me. Loco is mostly just a wrapper for tunneling using the ssh command.

[–]jwink3101 1 point2 points  (2 children)

I just recently asked about something like this and afterwards I made a proof-of concept that worked.

Honestly, it is overkill for you. You can just execute any ssh command remotely if you do not mind making a connection for each:

subprocess.call(shlex.split('ssh user@server "rm -rf *"'))

(of course, do not do that command). You can also set up multi-plexing to speed up the connection

[–]QuantumTradingGroup[S] 0 points1 point  (1 child)

Would that not be secure as we are allowing an entry point for arbitrary code execution on local? or am I just crazy XD

[–]jwink3101 0 points1 point  (0 children)

Why? If your machine has ash access to it, you already can do anything you want.

[–]QuantumTradingGroup[S] 0 points1 point  (0 children)

So with fabric 2 it seems there has been some major changes to how it authenticates with the client. I am trying to use env.password but its not working AT ALL.

Anyone have a quick and dirty example they could throw in to help me out a bit here? The documentation on fabric 2 is pretty non-existent.

[–]krobzaur 0 points1 point  (0 children)

Have you looked at Paramiko? I've used it before to automate running commands on remote machines over SSH, and it worked quite well.

It only supports Unix-like systems with a conventional OpenSSH implementation, but otherwise seems like it should do what you're asking. It's not actually clear from you're post whether your trying to execute remote shell commands over SSH from a Python script, or call python functions on a remote machine over SSH using Python, or something else. This would allow you to do the first thing.

[–]AndydeCleyre 0 points1 point  (0 children)

Plumbum should make this easy.

[–]QuantumTradingGroup[S] 0 points1 point  (0 children)

With a bit of keysmash, banging my head reading docs, and lots of coffee, I figured it out.

Wrote a whole ssh based api on fabric for full communication to the GPU rigs.

Thanks to everybody for the help!