Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • update-appmonitor
2 results
Compare
user avatar
update readme
Hahn Axel (hahn) authored
7a7945ae
History
user avatar 7a7945ae
History
Name Last commit Last update
hooks/templates
public_html
shellscripts
.gitignore
__activate_later__.gitlab-ci.yml
readme.md
readme.md

CI Package Server

A sattelite system of the CI server to deliver built packages in other networks. The file access is protected with a dynamic authorization to prevent public access.

An example client was coded in Bash (using curl)

SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg

License

GNU GPL 3.0

Requirements

  • Webserver with xsentfile module
  • Set filepath to [approot]/packages
  • Rewrite rule for [ur]/packages/
  • an account to receive packages from ci server with ssh

Installation on server

Xsentfile module

On Apache Webserver install xentfile module.

i.e. on CentOS

yum install mod_xsendfile

Configuration of vhost

In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute path on your websever.

Redirect all requests to /packages/[whatever] to /packages/index.php

Ecample snippet


    XSendFile On
    XSendFilePath "/var/www/cipkg.example.com/packages/"

    <Location "/packages">

        RewriteEngine on
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ index.php [QSA,L]

    </Location>

Configuration of secret on server

if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist. set a secret behind key apikey.

return array(
    // define a secret aka pi key
    'apikey'=>'our-package-server-secret',
    
    // local directory of synched ci packages
    'packagedir'=>dirname(__DIR__).'/packages',

    // allow directory listing when accessing a path of a package
    'showdircontent'=>true,
);

Prepare receive of packages

  • Create an deployment account package server that can be used to be connected via SSH by the ci server
  • add the public key of www-data of the ci server into /home/deployment/.ssh/authorized keys
  • Set permissions that the deployment user can write into /var/www/cipkg.example.com/packages/ and the user of the webeservice can read it chown deployment:apache /var/www/cipkg.example.com/packages/ and chmod 750 /var/www/cipkg.example.com/packages/

Ci server: add a sync target

TODO

Installation of a client

This repo comes with a bash script. It is not a must to use it. The communication is via https. Have a look to the source to see the creation of the authorization string. It can be adapted in other clients too.

On a target system with your application you need a bash shell and curl.

Copy the files from [approot]/shellscripts/ somewhere in a project related directory.

Copy getfile.sh.cfg.dist to getfile.sh.cfg and setup values:

IMLCI_PKG_SECRET=our-package-server-secret
IMLCI_URL=https://cipkg.example.com
IMLCI_PHASE=preview
IMLCI_PROJECT=myproject-id

Remark: using the cfg file is optional. It countains default values. all values can be set by command line parameters.

Usage of getfile.sh:

SYNTAX:

  getfile.sh [OPTIONS]

OPTIONS:

  -d          enable debug infos
  -e PHASE    phase; overrides env variable IMLCI_PHASE
  -f FILE     filename to get (without path); overrides env variable IMLCI_FILE
  -o OUTFILE  optional output file
  -p PROJECT  ci project id; overrides env variable IMLCI_PROJECT
  -s SECRET   override secret in IMLCI_PKG_SECRET
  -u URL      URL of iml ci server without trailing /; overrides env variable IMLCI_URL

VALUES:
  
  PHASE       is a phase of the ci server; one of preview|stage|live
  FILE        is a filename without path that was created by ci server.
  OUTFILE     Output file. It can countain a path. If none is given the filename
              will be taken from FILE and stored in current directory
  PROJECT     project id of the ci server
  SECRET      secret to access project data on package server. Your given secret
              must match the secret on package server to get access to any url.

DEFAULTS:

  You don't need to set all values by command line. Use a config to set defaults
  ./getfile.sh.cfg

EXAMPLES:

  If url, secret, project and phase are set in the config you can operate by
  setting the filename to request.

  getfile.sh -f FILE 
    downloads FILE to the current dir.

  getfile.sh -f FILE -o my-own-filename.tgz 
    downloads FILE as my-own-filename.tgz

  getfile.sh -f ALL 
    there is a special file ALL; it fetches all filenames by executing a directory 
    listing and then downloads all remote files with their original name

  getfile.sh -f '' 
    empty file = directory listing of all your project files
 
  getfile.sh -p '' 
    empty project = directory listing of all projects with current phase

  Remark: The directory listing can be turned off on the package server and
  results in a 403 status.