Azure DevOps Pipeline connect to VPN using command line - yaml

We have CD pipelines set up in Azure to deploy to App Services and all works well but we want to add a stage to automate out Cypress test process. The problem we have is our test environment is only accessible via VPN which is fine from local machines as we run the VPN client.
Does anyone know how to include a command within the Yaml pipeline to establish a VPN connection from the pipeline host which would allow our Cypress tests to run? I'm assuming this would require a command line connection script.
We are using a Pritunl VPN server which accepts OpenVPN connections.
Thanks.

This opens up a conversation around storing the secret and the infrastructure you have to allow that VPN client in. Azure pipelines can run arbitrary commands, but you'll need to inject the VPN secrets/key, which without strong security oversight you can have some major issues down the line.
I'd take a step back and revisit your options here, maybe build the test/ environment in azure, so you don't have to worry about this?

Related

Containerized Laravel application that connects to a remote database

Good day everyone, I have a Laravel application that is supposed to connect to a remote MYSQL database in production, and to ease deployment I am using docker. I have setup a GitHub actions workflow that is triggered when I push to master branch, the workflow essentially runs a couple of tests and then builds my app into an image and then pushes to docker hub.
To avoid database connection issues when composer dump-autoload is run during the build process, I allowed connection from any host (changed bind-address to 0.0.0.0 in mysql config) and also setup the mysql user to connect from any host. This seems to do the trick but my concern is obviously exposing my database service to the entire world. Fortunately its possible to setup my own dedicated server for Github actions, which means I can easily restrict my db service to that host. Would that be the Ideal solution or there is way to run the workflow without needing to connect to a database?.
Try to connect to remote database using an SSH Tunnel
ssh -N -L 3336:127.0.0.1:3306 [USER]#[REMOTE_SERVER_IP]
With this you do not need to publish MySQL to the world and could bind it to 127.0.0.1 on Remote host.

How to login to Jenkins from any network

I’m an absolute beginner when it comes to setting up a Jenkins environment but I have just installed Jenkins on a MAC v10.15.5 using home-brew and would like the capability to:
Open a web browser
Login to Jenkins from any machine on any network
Trigger a job.
I’m able to do this using a different machine on the same network but unable to do this using a machine on a different network. I changed the "httpListenAddress" value within the jenkins-lts.plist file to 0.0.0.0 to allow the web interface to be accessible from anywhere as mentioned at https://www.macminivault.com/installing-jenkins-on-macos/ but apart from that I’m not sure where to go from here.
I’ve heard about Apache Tomcat but not sure if it's necessary for what I need to do. If anyone can provide instructions / safe approaches about how to login to the Jenkins environment on my MAC from any network that would be appreciated.
To get jenkins web interface use $JENKINS_HOST_IP:8080 (by default jenkins uses port 8080) and then make first-run-configure.
Login to Jenkins from any machine on any network - it depends on network topology, what is used in your organisation. So, to reach jenkins host from any network where should be allowed traffic from/into network where jenkins host is placed.
Trigger a job - where are a lot of triggers you can use. Take a look at official documentation here

Bypass IP restriction SSH

I have a Laravel app with CI/CD setup at BuddyWorks which lets you create deployment pipelines.
I want to use SSH action to run some config scripts (artisan...) after uploading the source code.
Unfortunately, it turned out that SSH connectivity to the hosting server is restricted to my home country, ergo can’t use BuddyWorks to do the job for me. The hosting company refused my request to whitelist BuddyWorks IP’s.
So here am, looking for a solution to bypass restriction.
Currently, I’m investigating SSH reverse for , but not sure I’m on good path.
Any help would be appreciated!
I ended up writing a small http->ssh proxy server with basic authentication which receives commands from pipeline via post requests and connects to the host server via ssh, executes the commands and logs to slack.

MEAN stack click-to-deploy Google cloud platform

I'm trying to deploy a MEAN stack app on Google Cloud platform using their functionality "click-to-deploy". Once my VM is created, I can ssh to it, clone my git repository and run my server. My app is accessible at the given IP address on the right port. Everything works fine until I end my session which automatically stops my server. How can I make sure node will still be running afterwards ?
A better way to do it would have been to use the command forever start

Octopus Deploy and VPN

Does anyone know if its possible to deploy to a server in a VPN using Octopus Deploy?
If the tentacle is on the server in the VPN is there a way Octopus Deploy to connect/disconnect to a VPN?
Cheers
UPDATE
We think we've found a work around by:
Installing a tentacle on the same server as our Octopus is running on, then adding a first step that executes a Powershell script to create the VPN connection.
The next step is then deploying the NuGet package to the tentacle server within the VPN.
The final step is another Powershell script executed on the same tentacle server as the first step to close the connection
Early tests seem to show this works!
Kudos to my colleague Rachel for coming up with it!
There's no way to do this at the moment short of establishing the VPN connection yourself and then triggering the Octopus deployment using Octo.exe, followed by disconnecting.
In future it would be nice to have support for opening a VPN connection within Octopus. Is your VPN session established using the Windows remote access server components (i.e., would a toolkit like http://dotras.codeplex.com/ be able to open the connection?) or is it through some custom software?
You could use Hamachi for VPN - I decided to place any servers which are targets for deployment into a Hamachi group.
It's really simple to use and probably only useful for those who are not governed by strict IT policies etc.
But probably good for most.
See https://secure.logmein.com/products/hamachi/download.aspx

Resources