Changes between Version 6 and Version 7 of ServiceDeployment


Ignore:
Timestamp:
06/29/11 16:08:19 (13 years ago)
Author:
Dave Morris
Comment:

--

Legend:

Unmodified
Added
Removed
Modified

  • ServiceDeployment

    v6 v7  
    245245If the Apache web server is deployed on a separate machine, we can restrict access to the back-end JBoss/Tomcat web services to only allow connections from a limited set of machines.
    246246This will help to reduce the number of security vulnerabilities we are exposed to e.g. ticket:36.
     247
     248= Version control =
     249
     250At the moment, installing our deployment scripts relies on the target system having ssh access to our svn repository in order to checkout the current version of the scripts.
     251
     252Two problems with this. Firstly, we rely on using SSH agent forwarding to access the svn repository, which is a potential security issue. The second is that it is difficult to ensure that productions systems don't pick up experimental changes from svn. Although we could control the versioning using tags and branches in svn, it would be fragile and easy to make a mistake.
     253
     254A better solution would be to package our scripts as installable OS packages (rpm packages for Suse and RedHat, deb packages for Debian and Ubuntu).
     255That way the first step in the install process would be to add our own package repository to the OS package installer, and then we install specific versions of our packages using the native OS package install process to handle installation, dependencies and updates.