On 5/8/05, Bob Proulx <bob@proulx.com> wrote:
> Jim Burton wrote:
> > I've also been asked to set up this scenario in our web shop but the
> > live webservers are outside the firewall with no chance of tunneling
> > etc so update or deploy are no use. So I'm thinking we need a
> > post-commit hook that uses FTP to move the updated files across. Can
> > you point me to an example of something similar?
>
> It would be useful to show us a simple diagram or discription of what
> is allowed from where to where. Until then I will assume the
> following:
>
> | |
> +------+ |F| +------+
> |svn | |i| |web |
> |server| |r| |server|
> +------+ |e| +------+
> |w|
> +------+ |a|
> |svn | |l|
> |client| |l|
> +------+ | |
>
> If you can ssh from svn server to web server then instead of ftp use
> ssh. ftp is not a secure protocol and you should avoid it in insecure
> environments. Use ssh instead. I recommend using 'rsync' over ssh.
>
> File post-commit:
>
> #!/bin/sh
> # Assume "/srv/www" is a working copy owned by a 'www-data' user
> # writable by the web server process. Could be located anywhere.
> cd /srv/www || exit 1
> svn update --quiet
> rsync -a --delete --exclude=.svn ./ webserver:/srv/www/
> exit 0
>
> Of course newer versions of rsync use ssh by default as the transport
> mechanism. If you are using an older version you would need to either
> use the '-e ssh' option or set 'export RSYNC_RSH=ssh' in the
> environment.
>
> You would need to ensure a passwordless ssh connection between
> svnserver and webserver. The following should have no output and
> return true for the 'www-data' user.
>
> ssh webserver true </dev/null
>
> Usually in the above type of script I would actually redirect all
> error output to a log file and I would have it automatically mail me
> any errors from the operation.
>
> Bob
>
Thanks Bob, this sounds like a good solution. You're right about the
arch. apart from that these are windows boxes...am I right in thinking
that cygwin is the way to go to set up ssh & rsync there? I've got a
feeling I might have a problem getting this past our MS-centric
admins, whilst ftp is already there so may end up with the less neat
option...
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@subversion.tigris.org
For additional commands, e-mail: users-help@subversion.tigris.org
Received on Sun May 8 21:25:54 2005