Deploying to a DMZ

Currently I have been doing the usual cap deployments for a project to a
test environment as my app develops. Nothing exciting, but I have now
got to deploy it on a reasonable scale to a DMZ that has no access to
the git repo/ or any other nice things.

Anyone got 'best practice' for this situation, I can push to the DMZ
using ssh/scp etc, even rsync ... but rather than a cobbled together
approach, I would prefer good practice.

Thanks

I use a script that touches the local tmp/restart.txt (which, for me
anyway, causes the server to restart) then uses rsync to update the
server then using ssh run the remote command to precompile the assets.
For the actual file transfer rsync is amazingly fast (particularly if
the server is remote) as the connection is only made once.

If any gems have changed you will need to bundle install on the server
also, but I do this manually if required. Also if migrations have
been added then you will need to run the migrations.

For the rsync I have an ignore file containing:
.git
.gitignore
.rvmrc
.bundle
doc
log
db/schema.rb
tmp/cache
tmp/pids
tmp/sesssions
tmp/sockets
tmp/markup
test
spec
public/javascripts/all.js
public/assets
vendor/bundle
.bundle/config

I too will be interested to hear of other suggestions.

Colin

If I understand correctly, the root problem of the OP
is not being able to use standard capistrano recipes
since the production server (in the DMZ) cannot reach

the git repo that is inside the company firewall?

What I have done in such a scenario (where my production
server is at a hosting company) is to use standard
capistrano practice, but have a “production” branch of

the git repo on the production server. So the git checkout
on the production server is pulling from a “local” repo.

The top of my deploy.rb then becomes something like:

set :user, ‘vandenabeele’ # username on the production server

set :application, ‘flamjobs’ # app name
set :repository, ‘vandenabeele@xxx.yyy.zz:git/flamjobs.git’
set :branch, ‘production’

For that, I has set-up a “bare” repository in the directory

/home/vandenabeele/git/flamjobs.git

and I push into that from my dev machine before running
cap deploy (I could probably automate that too …).

HTH,

Peter

yes - I have thought of similar things, but just to clarify:
I cannot do a git pull from the DMZ inside the firewall as a deployment
method, I cannot compile locally on the DMZ machine, my test target is
the same OS as the test/dev envs, so compiled assets will work when
transferred directly.

The 'production branched' local repo may be my best approach though ...
I just think that others must have encountered this problem. Was always
surprised that cap didnt have some kind of push approach.

It actually does or at least did: https://groups.google.com/group/capistrano/browse_thread/thread/d00a703c99353567/642026e315d64461?hl=en

Best regards

Peter De Berdt

Peter De Berdt wrote in post #1049490:

It actually does or at least did:

https://groups.google.com/group/capistrano/browse_thread/thread/d00a703c99353567/642026e315d64461?hl=en

Best regards

Peter De Berdt

Yes - thats what I was looking for. Thanks, it works as described.