Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • update-appmonitor
2 results
Compare
user avatar
first workking client donwloading a single file
Hahn Axel (hahn) authored
c044de71
History
user avatar c044de71
History
Name Last commit Last update
hooks/templates
public_html
shellscripts
.gitignore
__activate_later__.gitlab-ci.yml
readme.md
readme.md

CI Package Server

A sattelite system of the CI server to deliver built packages in other networks. The file access is protected with a dynamic authorization to prevent public access.

An example client was coded in Bash (using curl)

SOURCE https://git-repo.iml.unibe.ch/iml-open-source/ci-pkg

License

GNU GPL 3.0

Requirements

  • Webserver with xsentfile module
  • Set filepath to [approot]/packages
  • Rewrite rule for [ur]/packages/
  • an account to receive packages from ci server with ssh

Installation on server

Xsentfile module

On Apache Webserver install xentfile module.

i.e. on CentOS

yum install mod_xsendfile

Configuration of vhost

In the Apache vhost for cipkg server set the XSendFilePath - it is an absolute path on your websever.

Redirect all requests to /packages/[whatever] to /packages/index.php

Ecample snippet


    XSendFile On
    XSendFilePath "/var/www/cipkg.example.com/packages/"

    <Location "/packages">

        <Location "/packages">
        RewriteEngine on
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteRule ^(.*)$ index.php [QSA,L]

    </Location>

Configuration of secret on server

if [approot]/public_html/ copy inc_config.php.dist to inc_config.php.dist. set a secret behind key apikey.

return array(
    'apikey'=>'our-package-server-secret',
    'cutfromrequest'=>'^/packages',
    'packagedir'=>dirname(__DIR__).'/packages',
);

Prepare receive of packages

  • Create an deployment account package server that can be used to be connected via SSH by the ci server
  • add the public key of www-data of the ci server into /home/deployment/.ssh/authorized keys
  • Set permissions that the deployment user can write into /var/www/cipkg.example.com/packages/ and the user of the webeservice can read it chown deployment:apache /var/www/cipkg.example.com/packages/ and chmod 750 /var/www/cipkg.example.com/packages/

Ci server: add a sync target

TODO

Installation of a client

This repo comes with a bash script. It is not a must to use it. The communication is via https. Have a look to the source to see the creation of the authorization string. It can be adapted in other clients too.

On a target system with your application you need a bash shell and curl.

Copy the files from [approot]/shellscripts/ somewhere in a project related directory.

Copy getfile.sh.cfg.dist to getfile.sh.cfg and setup values:

# ----------------------------------------------------------------------
# defaults 
# ----------------------------------------------------------------------

IMLCI_PKG_SECRET=our-package-server-secret
IMLCI_URL=https://cipkg.example.com
IMLCI_PHASE=preview
IMLCI_PROJECT=myproject-id
IMLCI_FILE=

Remark: using the cfg file is optional. It countains default values. all values can be set by command line parameters.

Usage of getfile.sh:

SYNTAX:
  -d          enable debug infos
  -e PHASE    phase; overrides env variable IMLCI_PHASE
  -f FILE     filename to get; overrides env variable IMLCI_FILE
  -o OUTFILE  optional output file; default; given filename in current directory
  -p PROJECT  ci project id; overrides env variable IMLCI_PROJECT
  -s SECRET   override secret in IMLCI_PKG_SECRET
  -u URL      URL of iml ci server without trailing /; overrides env variable IMLCI_URL

DEFAULTS:
  You don't need to set all values by command line. Use a config to set defaults
  ./getfile.sh.cfg

EXAMPLES:
  getfile.sh -u https://ci.example.com -f [FILE]