Le 2010-11-17 à 10:12, Kieran Kelleher a écrit :
> Hi Per and David,
>
> Well, my situation currently is to not manually log-in remotely anywhere.
> this is completely scripted, and I can see that you are not doing any chown
> and chmod since I guess apache is owner of the app dir and so on, so maybe I
> just need to deploy as appserver..... actually, taking a look at Pascal's
> wodeploy file for some tips, I can see direction to the solution:
> http://wiki.objectstyle.org/confluence/download/attachments/8226365/wodeploy.pl?version=1&modificationDate=1289875458621
>
> Pascal is using appserver user to do the remote deployment (he copies to tmp,
> unarchives, moves to app dir and he sets no ownership or permissions in his
> script on the app bundle. For WSR, he is doing a chmod -R o+r,o+x.
>
>
> OK, so Pascal, some questions for you about your wodeploy.pl script
> environment I think :-)
>
> 1) what is the chmod (750?) on your server WebObjects Applications Dir?
Permissions are 755, owner is appserver, group is appserveradm
> 2) What is your chmod on your bundle before copying to the remote server?
Permissions are 750, group have to be appserveradm
> 3) In Linux, are you using the /home/appserver/.ssh/ as a location for the
> auth keys for appserver?
Yes, in the authorized_keys
> 4) Since appserver has no home dir on OS X, how does one set up auth keys
> there for appserver?
I think it have a home, but appserver doesn't have a shell. So I had to give a
shell to appserver.
> 5) Is some special config setting needed to allow appserver to have ssj
> keypair remote login even though the account has no password by default?
Not a problem, you can use ssh keys even if you don't know the password of the
user.
> -Kieran
>
>
>
>
> On Nov 17, 2010, at 9:19 AM, David Avendasora wrote:
>
>> Hi Kieran,
>>
>> We are deploying on linux and use the "apache" user instead of appserver so
>> things are a little different, but here's how I do it right now:
>>
>> I use scp to copy the files to the server's /tmp directory (I'm switching to
>> having hudson do this step automatically)
>>
>> I then ssh into the box as my regular user and then "sudo su - apache" to
>> switch to being the correct user
>>
>> I then copy the tar files from the /tmp directory to my "releases"
>> directory, untar them and then link to extracted .woa files
>>
>> Here's the commands:
>>
>> cd ${HUDSON_HOME}/jobs/
>>
>> scp
>> TotalViewAdminD2W/lastSuccessful/archive/Projects/Application/dist/TotalViewAdminD2W-Application.tar.gz
>> [email protected]:/tmp/
>>
>> scp
>> TotalViewAdminD2W/lastSuccessful/archive/Projects/Application/dist/TotalViewAdminD2W-WebServerResources.tar.gz
>> [email protected]:/tmp/
>>
>> ssh [email protected]
>>
>> sudo su - apache
>>
>> mkdir
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/releases/TotalViewAdminD2W/2010-11-15-12-04-36/
>>
>> cp /tmp/TotalViewAdminD2W-Application.tar.gz
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/releases/TotalViewAdminD2W/2010-11-15-12-04-36/
>>
>> tar -xzf
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/releases/TotalViewAdminD2W/2010-11-15-12-04-36/TotalViewAdminD2W-Application.tar.gz
>> -C
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/releases/TotalViewAdminD2W/2010-11-15-12-04-36/
>>
>> mkdir
>> /data/app/apache-wo-2.2.4/htdocs/WebObjects/releases/TotalViewAdminD2W/2010-11-15-12-04-36/
>>
>> cp /tmp/TotalViewAdminD2W-WebServerResources.tar.gz
>> /data/app/apache-wo-2.2.4/htdocs/WebObjects/releases/TotalViewAdminD2W/2010-11-15-12-04-36/
>>
>> tar -xzf
>> /data/app/apache-wo-2.2.4/htdocs/WebObjects/releases/TotalViewAdminD2W/2010-11-15-12-04-36/TotalViewAdminD2W-WebServerResources.tar.gz
>> -C
>> /data/app/apache-wo-2.2.4/htdocs/WebObjects/releases/TotalViewAdminD2W/2010-11-15-12-04-36/
>>
>> STOP APP
>>
>> rm
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/TotalViewAdminD2W.woa
>>
>> ln -s
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/releases/TotalViewAdminD2W/2010-11-15-12-04-36/TotalViewAdminD2W.woa/
>> /data/servers/wo-totalview/Local/Library/WebObjects/Applications/
>>
>> rm /data/app/apache-wo-2.2.4/htdocs/WebObjects/TotalViewAdminD2W.woa
>>
>> ln -s
>> /data/app/apache-wo-2.2.4/htdocs/WebObjects/releases/TotalViewAdminD2W/2010-11-15-12-04-36/TotalViewAdminD2W.woa
>> /data/app/apache-wo-2.2.4/htdocs/WebObjects/
>>
>> RESTART APP
>>
>>
>>
>>
>>
>> On Nov 17, 2010, at 9:03 AM, Kieran Kelleher wrote:
>>
>>> Hi all,
>>>
>>> Like many of you, I have custom scripts that use ssh to deploy woa apps.
>>> Scripts issue remote commands via ssh and script exec user's id_dsa has
>>> corresponding id_dsa.pub in the remote server's auth keys for admin and
>>> root. The problem is that root (apparently) is needed to set the chown on
>>> the woa bundles to appserver:appserveradm, however I would like to get away
>>> from needing root user remote ssh commands for security reasons.
>>>
>>> Assuming you all use chown of appserver:appserveradm and chmod of 550 on
>>> your deployed woa bundles (are you?), then the question is with respect to
>>> non-interactive, passwordless, secure remote deployment (copy, untar,
>>> chown, chmod) of WOAs, what user/ssh setup are you all using besides
>>> r...@remote, or is r...@remote the only way?
>>>
>>> Regards, Kieran
>>>
>>> PS.
>>> I deploy to OS X client, OS X Server and Centos Linux
>>> _______________________________________________
>>> Do not post admin requests to the list. They will be ignored.
>>> Webobjects-deploy mailing list ([email protected])
>>> Help/Unsubscribe/Update your Subscription:
>>> http://lists.apple.com/mailman/options/webobjects-deploy/webobjects%40avendasora.com
>>>
>>> This email sent to [email protected]
>>>
>>>
>>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Webobjects-deploy mailing list ([email protected])
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/webobjects-deploy/probert%40macti.ca
>
> This email sent to [email protected]
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-deploy mailing list ([email protected])
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/webobjects-deploy/archive%40mail-archive.com
This email sent to [email protected]
