以不同用户身份运行部署任务 [英] Run deployment task as different users
问题描述
我有一个非常简单的Capistrano食谱,需要部署在一个非常复杂的硬件堆栈,我希望有人可以指出我错了什么。
我们的基础设施的安全性要求我:
- 使用网关
- 部署为用户除了我自己
所以,Capistrano需要:
- 通过网关连接到
authuser - 通过网关连接到应用服务器作为
authuser - 在应用服务器上部署文件作为
deployuser
我已经做了第1步和第2步没有问题,但重新:步骤3,它运行部署为 authuser 而不是 deployuser ,即使我将跑步者设置为 deployuser 。
这是deploy.rb文件的配置部分:
app =new-app
auth_user = authuser
deploy_user =deployuser
set:user,#{lexer_user}
set:gateway,#{auth_user} @< gateway ip address>
ssh_options [:forward_agent] = true
default_run_options [:pty] = true
#存储库设置
设置:应用程序#{app}
set:repository,git@github.com:#{auth_user} /#{app} .git
set:scm,:git
set:branch,master
set:deploy_via,:remote_cache
set:git_enable_submodules,1
#角色
set:admin_runner#{deploy_user}
set:runner, #{deploy_user}
role:web,#{auth_user} @< gateway ip address>
role:app,#{auth_user} @< gateway ip address>
role:db,#{auth_user} @< gateway ip address>
#位置
set:deploy_to,/ var / apps /#{app}
#TASKS ----------- --------------------------------------
...
任何想法可能会出错?
注意:我运行deploy:setup,这些命令以 authuser 的形式运行,只是当我做正常的部署时出现问题。
不幸的是,我无法解决问题,但是,我能够说服我的IT人员略微改变了设置,所以不再是一个问题。 / p>
还有一个关于这个问题的正在进行的对话: http://groups.google.com/group/capistrano/browse_thread/thread/42d0dfe5c0412ae
I have a very simple Capistrano recipe that needs to be deployed on a very complicated hardware stack and I was hoping someone could point out where I'm going wrong.
The security of our infrastructure requires that I:
- use a gateway
- deploy as a user other than myself
So, Capistrano needs to:
- connect through a gateway as
authuser - through the gateway connect to the app server as
authuser - deploy files on the app server as
deployuser
I've got it doing step 1 and 2 without issue, but re: step 3, it runs the deploy as authuser instead of deployuser even though I've set the runner as deployuser.
Here's the config portion of the deploy.rb file:
app = "new-app"
auth_user = "authuser"
deploy_user = "deployuser"
set :user, "#{lexer_user}"
set :gateway, "#{auth_user}@<gateway ip address>"
ssh_options[:forward_agent] = true
default_run_options[:pty] = true
# Repository setup
set :application, "#{app}"
set :repository, "git@github.com:#{auth_user}/#{app}.git"
set :scm, :git
set :branch, "master"
set :deploy_via, :remote_cache
set :git_enable_submodules, 1
# Roles
set :admin_runner, "#{deploy_user}"
set :runner, "#{deploy_user}"
role :web, "#{auth_user}@<gateway ip address>"
role :app, "#{auth_user}@<gateway ip address>"
role :db, "#{auth_user}@<gateway ip address>"
# Location
set :deploy_to, "/var/apps/#{app}"
# TASKS -------------------------------------------------
...
Any ideas what could be going wrong?
Notes: when I run deploy:setup, the commands are run as authuser, it's just when I do a normal deploy that things go wrong.
Unfortunately, I wasn't able to resolve the issue, however, I was able to convince my IT guy to change the setup slightly, so it's no longer an issue.
There is also an ongoing conversation regarding the problem here: http://groups.google.com/group/capistrano/browse_thread/thread/42d0dfe5c0412ae
这篇关于以不同用户身份运行部署任务的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
