Skip to content
Snippets Groups Projects
Commit 3729e881 authored by Hahn Axel (hahn)'s avatar Hahn Axel (hahn)
Browse files

update docs

parent 5ca03454
Branches
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docs/10_Installation.md 0 → 100644
+ 95
0
View file @ 3729e881
# Installation on server
## Xsentfile module
On Apache Webserver install xsendfile module.
i.e. on CentOS
`yum install mod_xsendfile`
## Configuration of vhost
In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute
path on your websever.
Redirect all requests to /packages/[whatever] to /packages/index.php
Example snippet
```text
XSendFile On
XSendFilePath "/var/www/cipkg.example.com/packages/"
<Location "/packages">
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</Location>
```
## Configuration of a secret on server
if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist.
set a secret behind key apikey.
It means: this is a shared secret between this server and all your application servers.
It is not realized yet to use a secret per application.
```php
$approot=dirname(__DIR__);
return array(
// define a secret aka api key
'apikey'=>'our-package-server-secret',
// packages to deliver where files from ci server are synched
'packagedir'=>$approot.'/packages',
// max age of request ... client and server need to be in sync
'maxage'=>60,
// force that a hash can be used only once
// a side effect is that fast repeat or simultanius requests
// will be denied.
'onetimesecret'=>true,
// filesize of lock file with stored hashed before starting garbage collection
// 10.000 byte are reached after 114 req
'maxlockfilesize'=>10000,
// tmp dir to store used hashes
'tmpdir'=>$approot.'/tmp',
// allow directory listing when accessing a path of a package
// true is required to fetch all packages
'showdircontent'=>true,
);
```
## Prepare receive of packages
* Create an deployment account package server that can be used to be connected
via SSH by the ci server
* add the public key of www-data of the ci server into
/home/deployment/.ssh/authorized keys
* Set permissions that the deployment user can write into
/var/www/cipkg.example.com/packages/
and the user of the webeservice can read it
`chown deployment:apache /var/www/cipkg.example.com/packages/` and
`chmod 750 /var/www/cipkg.example.com/packages/`
## Ci server: add a sync target
TODO
In the config of CI web server add a sync target. Use
* the deployment user as ssh
* the fqdn as hostname
* the defined *packagedir* in your inc_config.php as target directory
docs/20_Usage.md 0 → 100644
+ 35
0
View file @ 3729e881
## Getting files
An example client to access files from this package server is available
as bash script (using curl).
See deployment project <https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client>
The download script is bin/getfile.sh.
## How does it work?
TODO: needs to be completed.
Each request to localhost/packages/ is secured.
A request will be rejected in the following cases:
* no authentication was used
* a wrong authentication was used
* an old timestamp was used (maybe the time on client or server are not synced)
* a hashed key was used twice
If a request was OK the file will be delivered.
Possible GET requests are:
* show names of phases (preview|stage|live) (1)
* show products (1)
* show files of a product (1)
* get a single file
(1) only if *showdircontent* is set to true.
If a valid request came in then the hash will be written to `[approot]/tmp/used_hashes.txt`.
This file will be cleaned up if reaching the defined file size with value of *maxlockfilesize*.
docs/_index.md 0 → 100644
+ 51
0
View file @ 3729e881
# CI Package Server
A sattelite system of the CI server to deliver built packages in other
networks. The file access is protected with a dynamic authorization to
prevent public access.
An example client was coded in Bash (using curl)
SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg
DOCS: https://os-docs.iml.unibe.ch/ci-pkg/
```mermaid
graph LR
CI(CI<br>deployment<br>web gui) --> |Build| PkgDir
PkgDir[Package<br>dir]
PkgDir --> |rsync| Pkg1
PkgDir --> |rsync| Pkg2
PkgDir --> |rsync| Pkg3
subgraph Package server
Pkg1
end
Pkg1(CI package<br>server 1) --> |secure<br>download| DeployClient
Pkg2(CI package<br>server N)
Pkg3(Puppet master)
DeployClient --> |installs| ApplicationA(Application A)
DeployClient --> |installs| ApplicationB(Application B)
```
This project is related to
* CI deployment web gui https://git-repo.iml.unibe.ch/iml-open-source/imldeployment
* Deployment client https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client
## License
GNU GPL 3.0
## Requirements
* Webserver with xsentfile module
* PHP 8
* Set filepath to [approot]/packages
* Rewrite rule for [ur]/packages/
* an account to receive packages from ci server with ssh
docs/config.json 0 → 100644
+ 25
0
View file @ 3729e881
{
"title": "CI Package server",
"author": "Axel Hahn",
"tagline": "Package server for secure downloads.",
"ignore": {
"files": ["30_PHP-client/Plugins/Checks/_skeleton.md"],
"folders": ["99_Not_Ready"]
},
"html": {
"auto_toc": true,
"auto_landing": false,
"date_modified": false,
"jump_buttons": true,
"edit_on_github_": "iml-it/__PROJECT__/tree/master/docs",
"edit_on": {
"name": "Gitlab",
"basepath": "https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg/tree/master/docs"
},
"links": {
"Git Repo": "https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg.git"
},
"theme": "daux-blue",
"search": true
}
}
\ No newline at end of file
docs/style.css 0 → 100644
+ 176
0
View file @ 3729e881
/*
patch css elements of daux.io blue theme
version 2022-04-22
*/
/* ---------- vars ---------- */
:root{
/* background colors */
--bg:none;
--bg-body: #fff;
--bg-navlinkactive:#f4f4f4;
--bg-navlinkactive: linear-gradient(-90deg,rgba(0,0,0,0), rgba(40,60,80,0.05) 30%);
--bg-pre:#f8f8f8;
--bg-toc: #fff;
/* foreground colors */
--color: #234;
--navlinkactive:#f33;
--title: #aaa;
--link:#12a;
--toclink:rgba(40,60,80,0.8);
--h1: rgba(40,60,80,0.8);
--h1-bottom: 1px solid rgba(40,60,80,0.1);
--h2: rgba(40,60,80,0.5);
--h3: rgba(40,60,80,0.3);
}
/* ---------- tags ---------- */
a.Brand::before {
background: rgb(255,0,51);
color: #fff;
font-family: arial;
font-weight: bold;
padding: 0.5em 0.3em;
content: 'IML';
margin-right: 0.4em;
}
body, *{color: var(--color);}
body{background: var(--bg-body);}
a{color: var(--link);}
a:hover{opacity: 0.7;}
h1>a{ color:var(--title);}
_h1:nth-child(1){position: fixed; background: var(--bg); box-shadow: 0 0 1em #ccc; padding: 0 1em}
h1:nth-child(1)>a{ color:var(--navlinkactive); }
.s-content h1{color: var(--h1); font-size: 200%; font-weight:bold; margin-top: 2em; border-bottom: var(--h1-bottom);}
.s-content h2{color: var(--h2); font-size: 160%; }
.s-content h3{color: var(--h3); font-size: 140%; }
.s-content h4{margin: 0; font-size: 100%; text-align: center; background-color: rgba(0,0,0,0.05);padding: 0.3em;}
.s-content pre{
background: var(--bg-pre);
}
/* ---------- classes ---------- */
.required{color:#a42;}
.optional{color:#888;}
/* ----- top left */
.Brand,
.Columns__left {
background: var(--bg);
border-right: 0px solid #e7e7e9;
color: var(--color);
}
.Brand{font-size: 200%;
background_: linear-gradient(-10deg,#fff 50%, #ddd);
background: var(--bg);
}
.Columns__right__content {
background: var(--bg);
}
/* ----- Navi left */
.Nav a:hover{
background: none;
color: var(--navlinkactive) !important;
}
.Nav__item--active {
border-right_: 0.3em solid var(--navlinkactive);
}
.Nav__item--active > a{
background: var(--bg-navlinkactive);
color: var(--navlinkactive);
}
.Nav .Nav .Nav__item--active a {
color: var(--navlinkactive);
}
.Nav .Nav .Nav__item a {
opacity: 1;
}
.Nav__item--open > a {
background-color: var(--bg);
}
.Nav a[href*="__Welcome"]{
background: url("/icons/house.png") no-repeat 10px 4px ;
padding-left: 40px;
}
.Nav a[href*="__How_does_it_work"]{
background: url("/icons/light-bulb.png") no-repeat 10px 4px ;
padding-left: 40px;
}
/* ---------- classes ---------- */
/* FIX smaller fnt size in tables */
.s-content table {
font-size: 1em;
}
/* TOC */
@media(min-width:1700px){
.TableOfContentsContainer{
position: fixed;
right: 2em;
top: 1em;
}
}
.TableOfContentsContainer{
border-top-left-radius: 1em;
background-color: var(--bg-toc);
border-left: 2px solid rgba(0,0,0,0.05);
padding: 0em;
}
.TableOfContentsContainer__content {
border: none;
font-size: 0.5em;
}
ul.TableOfContents ul{
list-style-type: none;
padding-left: 1em;
}
.TableOfContentsContainer a{ color:var(--toclink);}
.TableOfContentsContainer__content > .TableOfContents > li + li {
border-top: none;
}
.TableOfContentsContainer__content > .TableOfContents > li {
border-bottom: 1px dashed #ddd;
}
/* pager - prev .. next */
.s-content{
margin-bottom: 6em;
}
.Pager{
border-top: 1px dashed #aaa; margin: 0; padding: 1em;
}
.Pager a{
color:var(--navlinkactive);
}
readme.md
+ 9
85
View file @ 3729e881
......@@ -4,94 +4,18 @@ A sattelite system of the CI server to deliver built packages in other
networks. The file access is protected with a dynamic authorization to
prevent public access.
An example client was coded in Bash (using curl)
SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg
## License
GNU GPL 3.0
## Requirements
* Webserver with xsentfile module
* Set filepath to [approot]/packages
* Rewrite rule for [ur]/packages/
* an account to receive packages from ci server with ssh
## Installation on server
### Xsentfile module
On Apache Webserver install xsendfile module.
i.e. on CentOS
`yum install mod_xsendfile`
### Configuration of vhost
In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute
path on your websever.
Redirect all requests to /packages/[whatever] to /packages/index.php
An example client was coded in Bash (using curl).
This project is related to
Example snippet
* CI deployment web gui https://git-repo.iml.unibe.ch/iml-open-source/imldeployment
* Deployment client https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client
```text
XSendFile On
XSendFilePath "/var/www/cipkg.example.com/packages/"
<Location "/packages">
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</Location>
```
### Configuration of secret on server
if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist.
set a secret behind key apikey.
```php
return array(
// define a secret aka pi key
'apikey'=>'our-package-server-secret',
// local directory of synched ci packages
'packagedir'=>dirname(__DIR__).'/packages',
// allow directory listing when accessing a path of a package
'showdircontent'=>true,
);
```
### Prepare receive of packages
* Create an deployment account package server that can be used to be connected
via SSH by the ci server
* add the public key of www-data of the ci server into
/home/deployment/.ssh/authorized keys
* Set permissions that the deployment user can write into
/var/www/cipkg.example.com/packages/
and the user of the webeservice can read it
`chown deployment:apache /var/www/cipkg.example.com/packages/` and
`chmod 750 /var/www/cipkg.example.com/packages/`
## Ci server: add a sync target
TODO
## Getting files
SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg
An example client to access files from this package server is available
as bash script (using curl).
You can read the docs online: https://os-docs.iml.unibe.ch/ci-pkg/
Or have a look to the [docs](docs/) subdirectory.
See deployment project <https://git-repo.iml.unibe.ch/iml-open-source/imldeployment-client>
## License
The download script is bin/getfile.sh.
\ No newline at end of file
GNU GPL 3.0
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment