Description:

ThinDeployer 1.1.0

Thin Deployer=============[](https://travis-ci.org/riotkit-org/thin-deployer)[](https://codecov.io/gh/riotkit-org/thin-deployer)Securely runs your deployment commands triggered by a HTTP call.Example case:- POST an information to the /deploy/my-service- Do the git pull && ./deploy.shPIP: https://pypi.org/project/Thin-Deployer/Travis: https://travis-ci.org/riotkit-org/thin-deployerDocker: https://hub.docker.com/r/wolnosciowiec/thin-deployer/Free software-------------Created for an anarchist portal, with aim to propagate the freedom and grass-roots social movements where the human and it's needs is on first place, not the capital and profit.- https://wolnosciowiec.net- http://iwa-ait.org- http://zsp.net.plConfiguration-------------Default configuration path is ~/.deployer.yml, but can be specified with a switch `--configuration={{ file path }}`Example:```# service definition (and service name there)phpdenyhosts: # token used to authorize via "token" GET parameter, or "X-Auth-Token" header token: some-token-goes-here-use-only-at-least-64-characters-long-tokens # optional: support for notifying Slack and other messengers # with wolnosciowiec-notification-client use_notification: true notification_group: "logs" # working directory to be in to execute every command pwd: /var/www/app # could be empty, if not empty then the deploy will execute # only if the INCOMING REQUEST BODY will match this regexp # useful for example to deploy only from a proper branch request_regexp: "\"branch\": \"([production|stage]+)\"" # commands to execute in order commands: - git pull - composer install --no-dev# (...) there could be more service definitions```Installing via PIP------------------One of the ways, a traditional one is to install as a Python package on the host machine.```bashpip install Thin-Deployerthin-deployer --configuration=/etc/thin-deployer/.deployer.yml```Installing via Docker---------------------Modern and more secure way is to use a docker image to run the thin-deployer inside of an isolated container.```bashsudo docker run -p 8012:8012 -v ./deployer.yml:/root/.deployer.yml --rm --name thin-deployer wolnosciowiec/thin-deployer```Running dev environment-----------------------```make install_dependencies# simplest form with all default paramsmake run# or advanced with possibility to add commandline switchespython3 ./bin/deployer.py```##### Logging to fileUse `--log-file-prefix={{ path_to_log_file }}` switch to save logs to file.#### Changing port number and bind address- `--port={{ port_number }}` switch will change server listen port- `--listen={{ ip_addres }}` makes server listen to given address, defaults to 0.0.0.0Example request to trigger the deployment-----------------------------------------```POST /deploy/phpdenyhosts HTTP/1.1Host: localhost:8012X-Auth-Token: some-token-goes-here-use-only-at-least-64-characters-long-tokens```Example response----------------```{ "output": "Command \"ls -la /nonexisting\" failed, output: \"b''\""}```Headers:- X-Runs-As: UNIX username of a user on which privileges the server is working onDependencies------------- Python 3- python-yaml- Tornado Framework- py-healthcheck- [Wolnościowiec Notification server set up somewhere](https://github.com/Wolnosciowiec/wolnosciowiec-notification) (optionally - only for notifications)- [Wolnościowiec Notification Shell Client](https://github.com/Wolnosciowiec/wolnosciowiec-notification-shell-client) (optionally - only for notifications)Health checking---------------Service provides a simple monitoring endpoint at GET /technical/healthcheckAuthorization is done in two ways.Its up to you to use a preferred one in a request to the endpoint.- A header `X-Auth-Token` with a token as a value- Basic authorization data, login can be any, as a password please type the tokenExamples of headers:- Authorization: YWFhOnRlc3Q=- X-Auth-Token: test#### ConfigurationHealth check endpoint is configurable via environment variables.- `HC_TOKEN={{ token }}` health check access token- `HC_MIN_TOKEN_LENGTH={{ min_length }}` minimum length of a token in every service- `HC_MAX_DISK_USAGE={{ max_disk_usage_percentage }}` defaults to 90 (it's 90%), when disk usage is higher or equals to this value then an error will be reportedAlternatives------------- Webhook: https://github.com/adnanh/webhookNotifications-------------Each deployment can produce a notification with output, supported notification format is Slack/Mattermost (webhook url required)Good practices of securing the service--------------------------------------1. Its good to use long tokens2. Hide the service behind a load balancer with a request rate per second limited (to avoid brute force attacks)3. Optionally add a basic auth (this may impact usage of the service by external client applications)4. Use SSL behind load balancer when service is called from the internet

License

For personal and professional use. You cannot resell or redistribute these repositories in their original state.

Share

• Share on Facebook
• Share on Twitter