我在我们的域内构建了服务器(它需要如此,因为它还与域中的其他盒子进行通信),以及位于 DMZ 中的网络服务器。
作为我们构建脚本的一部分,我想使用 Nant 复制任务将网站部署到 DMZ 中的网络服务器。 问题是,Nant 是从 TeamCity 调用的,TeamCity 在构建服务器上的系统帐户下运行,并且我无法找到让构建服务器系统帐户访问 DMZ Web 服务器目录的方法。 (无论如何,这可能不是一个好主意)。
无论如何,有没有告诉 Nant 在不同的 Windows 用户下运行特定任务,或者是否有其他解决方案来解决我的问题?
编辑:我遇到的另一项限制是我无法创建新的域帐户(嗯,至少在没有经过审批流程的情况下不能创建)。 我可以创建本地计算机帐户,但在这种情况下,runas 似乎无法跨 DMZ 工作。
I have build server inside our domain (and it needs to be because it also talks to other boxes in the domain), and a webserver that is in the DMZ.
As part of our build scripts, I would like to deploy websites to the webserver in the DMZ, using the Nant copy task. The problem is, that Nant is invoked from TeamCity which runs under the System account on the build server, and there is no way that I can find to give the build server system account access to the DMZ webserver directories. (It probably isn't a good idea anyway).
Is there anyway to tell Nant to run a specific task under a different windows user, or is there another solution to my problem?
Edit: One other restriction I am running under is that I can't create new domain accounts (well, at least not without going through an approval process). I can create local machine accounts, but in that case, it doesn't seem that runas will work across the DMZ.
发布评论
评论(2)
可能有几个选项:
(安全复制)任务由 NAntContrib 提供。希望这能提供一点帮助。 祝你好运!
A couple options might be:
<scp> (secure copy) task provided by NAntContrib.<exec> task to call an ftp program, that places the files up on the DMZ.Hopefully this provides a little help. Good luck!
您可以使用 powershell 远程处理从构建服务器中提取版本。 与使用文件副本等推送版本相比,服务器更不容易受到攻击。
我正在使用一个自定义应用程序来执行此操作,该应用程序登录到 teamcity 并下载工件,然后使用 powershell 在本地进行部署。
you could use powershell remoting to pull releases from the build server. The server would be less vulnerable than if you were to use a push release like a file copy.
I'm doing this with a custom app that logs into teamcity and downloads artifacts and then deploys using powershell locally.