How we supposed to deploy on private premises with Pipelines?

zaitsxl June 21, 2016

Hi,

 

in various manuals you take Python product as example and you use PyPi to publish artifact. However that is not the only case that can occur. We have PHP application and we want to deploy directly to our private cloud, like we used to do with Bamboo. Exposing FTP is not an option since it's a nice security breach. What can you advise?

 

Regards,

Alexander

6 answers

1 vote
Victor Chavez June 13, 2020

We are using Bitbucket pipelines for our repositories, Pull Request, reviews, you know the usual, and pre-flight builds before merging into master. We are using Azure Pipelines to deploy to on-prem and to Azure as well as AWS. 2 tools but the job gets done nicely. 

1 vote
zaitsxl July 20, 2016

Hi,

 

thanx for your reply. All suggested approaches assume some service (SSH, SCP, FTP, etc.) should be exposed to outside. That is a security breach. For publicly available webserver using POST is relatively fine, however some servers are not supposed to be available from outside at all.

Let me explain what we expected. For example in Bamboo Cloud build agents were inside the same private network with target servers and so they could access them directly. I tried to build my own container with OpenVPN client built in and connected to our premise on container startup. That however didn't work since running OpenVPN in a container needs escalated privileges and you obviously do not provide those.

So is there any way to use Pipelines safely?

 

Regards,

Alexander

0 votes
Helder Dias October 22, 2018

Is there any form of an agent to be ran on the private network  (like Azure DevOps) so that i don't need to expose any kind of port to the internet from my infrastructure ?

0 votes
Deleted user December 14, 2017

I'm looking for this as well.

0 votes
zaitsxl November 8, 2016

Hi,

so no suggestions or recommendations?

Regards,

Alxander

0 votes
evzijst
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
June 22, 2016

We don't recommend any particular approach, but a typical way of pushing something into your own (Internet exposed) server would be to have a webserver with some form of authentication that you can POST to from within the Pipelines container. You can make the credentials available to the container through the use of Pipelines variables.

If you want something SSH based, you could SCP the files directly.

Suggest an answer

Log in or Sign up to answer
TAGS
AUG Leaders

Atlassian Community Events