Deployment system

Repository server

For each repository, delete all hooks/post-commit.tmpl, and create hooks/post-commit with content like the following:
#!/bin/sh /usr/bin/curl -X POST -H "X-Api-Key: yx1YQ58gYw2p84LYBe5EZYYvY9lBUMjW" --data "i_revision="${2} -m 20 https://dev.1024.info/studio/build-commit.html?s_repository=try > /dev/null 2>&1 &

Set execution mode on all those files.

Compilation server

Create a user
useradd compile
Set umask:
~/.bashrc
add the following line at the end of the file:
umask 027
Create an SSH key,
put public part into /home/compile/.ssh/authorized_keys file
Example:
from="91.246.226.251",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-rsa AAa+bMcd8XpUS4p/04w== deploy-try
private key save at KOINS.Studio under Contents - Deploy - Compilation servers
Provide access for the following IP addresses: dev.1024.info, office.1024.info, any IP addresses you may want to access from. The access may be needed to update compilation server software.
Revoke all privileges from group and other users:
chmod go-rwx -R .
install svn:
yum install svn
create .subversion directory:
su compile
svn ls svn+ssh://svn.1024.info/
this will likely ask you to specify a password, just press ctrl+c - we do not really want to connect, we just want to create .subversion directory structure
Install compilder core:
- Checkout compiler code from libs/amazon/compile
- Upload compiler code to compiler's home root (bin/ and core/ directories).
- Create manually directory structure under data/ directory.

Amazon static container

Create an S3 bucket. For example, wl-static
Create a CloudFront distribution. Use the following settings:
Minimum TTL: 31557600
Forward Query Strings: yes
Alternate Domain Names (CNAMEs): specify your name here
Create IAM group for compiler project:
{ "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::static.1024.info" ], "Effect": "Allow" }, { "Action": [ "s3:DeleteObject", "s3:GetObject", "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::static.1024.info/*" ], "Effect": "Allow" }, { "Action": [ "ec2:DescribeInstances", "ec2:DescribeSecurityGroups" ], "Resource": [ "*" ], "Effect": "Allow" } ] }
Create IAM group form compiler origin:
{ "Statement": [ { "Action": "*", "Effect": "Deny", "Resource": "*", "Condition": { "NotIpAddress": { "aws:SourceIp": [ "176.34.126.143" ] } } } ] }
Create an IAM user, add it to these two groups.
Create an Amazon account in KOINS.Studio.

Deployment instance

Create an apache user
useradd -g apache -m -N example.com
Set umask:
/home/example.com/.bashrc
add the following line at the end of the file:
umask 027
Create an SSH key for apache user,
put public part into /home/example.com/.ssh/authorized_keys file
Example:
from="10.*.*.*",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-rsa AAa+bMcd8XpUS4p/04w== deploy
private key save at KOINS.Studio under Contents - Deployment instances
to save the instance, you should also specify keys for control user, these keys are created later.
Revoke all privileges from group and other users:
chmod go-rwx -R .
Create a control user
useradd control
Set umask:
/home/control/.bashrc
add the following line at the end of the file:
umask 027
Create files:
~/bin/apache-restart.sh
/etc/init.d/httpd restart

~/bin/apache-reload.sh
/etc/init.d/httpd reload

~/bin/apc-flush.sh
/usr/bin/curl -s -H "Host: control" -m 20 http://127.0.0.1/apc.php

~/bin/ip-update.sh
/usr/bin/curl -s -m 240 "https://dev.1024.info/en-default/Studio/Ip/Bot/Update.json?s_password=12345&k_ip_bot=1" >/dev/null &

Set execution flag for these files:
chmod u+x *.sh
Create IP updater service:
/etc/init.d/wl-ip-update
chkconfig wl-ip-update on
#!/bin/bash # # /etc/rc.d/init.d/wl-ip-update # # chkconfig: 345 96 28 # description: Starts/Stops Selenium server # processname: wl-ip-update # /home/control/bin/ip-update.sh
Create files:
~/public_html/apc.php
<?php if($_SERVER['REMOTE_ADDR']!=='127.0.0.1') { echo 'Invalid remote host: '.$_SERVER['REMOTE_ADDR']."\n"; exit; } if(function_exists('apc_clear_cache')) { apc_clear_cache(); apc_clear_cache('user'); } if(function_exists('opcache_reset')) { $text_path = '../var/opcache-compile.var'; if(file_exists($text_path)) { $a_opcache_compile = unserialize(gzuncompress(file_get_contents($text_path))); array_map('opcache_invalidate',$a_opcache_compile); array_map('opcache_compile_file',$a_opcache_compile); unlink($text_path); } else { opcache_reset(); } } echo "ok\n"; ?>
Set owner:
chown control:apache /home/control
chown control:apache -R /home/control/public_html
Create a domain in Apache:
/etc/httpd/vhosts.d/control.conf
<VirtualHost *:80> ServerName control DocumentRoot /home/control/public_html/ ErrorLog /home/control/.apache/error.log CustomLog /home/control/.apache/access.log combined DirectoryIndex index.html index.php <Directory /home/control/public_html> Options -Indexes +IncludesNOEXEC -FollowSymLinks +ExecCGI Allow from 127.0.0.1 AllowOverride None </Directory> </VirtualHost>

Try how the domain works:
/etc/init.d/httpd reload
/home/control/bin/apc-flush.sh
You should see 'ok' in the result.
edit sudoers. For this, run:
visudo
and add the following lines at the end of the file:
control ALL = NOPASSWD: /home/control/bin/apache-restart.sh, NOPASSWD: /home/control/bin/apache-reload.sh Defaults:control !requiretty %apache ALL = (apache) NOPASSWD: /usr/bin/php Defaults:%apache !requiretty
Create an SSH key for control user,
put public part into /home/control/.ssh/authorized_keys file
Example:
from="10.*.*.*",no-port-forwarding,no-pty,no-agent-forwarding,no-X11-forwarding ssh-rsa AAa+bMcd8XpUS4p/04w== control
private key save at KOINS.Studio under Contents - Deployment instances
Revoke all privileges from group and other users:
chmod go-rwx -R .

Last modification: 16.05.19 10:30