Octopus Deploy and VPN - octopus-deploy

Does anyone know if its possible to deploy to a server in a VPN using Octopus Deploy?
If the tentacle is on the server in the VPN is there a way Octopus Deploy to connect/disconnect to a VPN?
Cheers
UPDATE
We think we've found a work around by:
Installing a tentacle on the same server as our Octopus is running on, then adding a first step that executes a Powershell script to create the VPN connection.
The next step is then deploying the NuGet package to the tentacle server within the VPN.
The final step is another Powershell script executed on the same tentacle server as the first step to close the connection
Early tests seem to show this works!
Kudos to my colleague Rachel for coming up with it!

There's no way to do this at the moment short of establishing the VPN connection yourself and then triggering the Octopus deployment using Octo.exe, followed by disconnecting.
In future it would be nice to have support for opening a VPN connection within Octopus. Is your VPN session established using the Windows remote access server components (i.e., would a toolkit like http://dotras.codeplex.com/ be able to open the connection?) or is it through some custom software?

You could use Hamachi for VPN - I decided to place any servers which are targets for deployment into a Hamachi group.
It's really simple to use and probably only useful for those who are not governed by strict IT policies etc.
But probably good for most.
See https://secure.logmein.com/products/hamachi/download.aspx

Related

Azure DevOps Pipeline connect to VPN using command line

We have CD pipelines set up in Azure to deploy to App Services and all works well but we want to add a stage to automate out Cypress test process. The problem we have is our test environment is only accessible via VPN which is fine from local machines as we run the VPN client.
Does anyone know how to include a command within the Yaml pipeline to establish a VPN connection from the pipeline host which would allow our Cypress tests to run? I'm assuming this would require a command line connection script.
We are using a Pritunl VPN server which accepts OpenVPN connections.
Thanks.
This opens up a conversation around storing the secret and the infrastructure you have to allow that VPN client in. Azure pipelines can run arbitrary commands, but you'll need to inject the VPN secrets/key, which without strong security oversight you can have some major issues down the line.
I'd take a step back and revisit your options here, maybe build the test/ environment in azure, so you don't have to worry about this?

How to login to Jenkins from any network

I’m an absolute beginner when it comes to setting up a Jenkins environment but I have just installed Jenkins on a MAC v10.15.5 using home-brew and would like the capability to:
Open a web browser
Login to Jenkins from any machine on any network
Trigger a job.
I’m able to do this using a different machine on the same network but unable to do this using a machine on a different network. I changed the "httpListenAddress" value within the jenkins-lts.plist file to 0.0.0.0 to allow the web interface to be accessible from anywhere as mentioned at https://www.macminivault.com/installing-jenkins-on-macos/ but apart from that I’m not sure where to go from here.
I’ve heard about Apache Tomcat but not sure if it's necessary for what I need to do. If anyone can provide instructions / safe approaches about how to login to the Jenkins environment on my MAC from any network that would be appreciated.
To get jenkins web interface use $JENKINS_HOST_IP:8080 (by default jenkins uses port 8080) and then make first-run-configure.
Login to Jenkins from any machine on any network - it depends on network topology, what is used in your organisation. So, to reach jenkins host from any network where should be allowed traffic from/into network where jenkins host is placed.
Trigger a job - where are a lot of triggers you can use. Take a look at official documentation here

Bypass IP restriction SSH

I have a Laravel app with CI/CD setup at BuddyWorks which lets you create deployment pipelines.
I want to use SSH action to run some config scripts (artisan...) after uploading the source code.
Unfortunately, it turned out that SSH connectivity to the hosting server is restricted to my home country, ergo can’t use BuddyWorks to do the job for me. The hosting company refused my request to whitelist BuddyWorks IP’s.
So here am, looking for a solution to bypass restriction.
Currently, I’m investigating SSH reverse for , but not sure I’m on good path.
Any help would be appreciated!
I ended up writing a small http->ssh proxy server with basic authentication which receives commands from pipeline via post requests and connects to the host server via ssh, executes the commands and logs to slack.

What build servers can function with workers behind NAT?

I am looking for build servers, continuous integration of automation servers that can have clients (workers) that are behind NAT and that require non-root access on the clients.
This means that the worked is the one connecting to the server and asking for new jobs and not the opposite.
I am aware that it should be possible to setup VPNs or reverse ssh solutions but this is outside the scope of this question. I'm just looking for simple setups.
Here is what Jenkins documentation says about accessing slaves behind a firewall. I never tried running slaves behind a firewall myself, though.
If you decide to go with JNLP you'll need to think about how to start (or, more importantly, restart) your slaves when they go down (in my experience a slave connection may break for no apparent reason every now and then). For example, we connect via VNC to a slave machine and restart the slave via a shortcut (that runs the slave headlessly).

CruiseControl Remote Dashboard Access

Sorry if this is kind of a noob question, but I'm just starting to use CruiseControl, and I'd like to allow access to the DashBoard from anywhere on the internet.
I can't find any documentation on how to do this. I'm running it off of a Windows machine, and I can start CC and view the DashBoard through http://localhost:8080/
Any ideas?
Update: I added a new Inbound rule for my machine on 8080, however http://canyouseeme.org/ says it's not open. Strange...
I don't think any special action is needed to allow external access, so I think your problem is more of a general web hosting problem than it is specific to CruiseControl. Here are a few things that might be worth looking at:
Make sure your firewall is not blocking access to the port.
Make sure your network's domain policy allows external access to your computer.
Are you starting CruiseControl from the command line or as a service? If starting from the command line, try starting it as a service and see if the results are different. How to do this depends on your system configuration, but usually, if you are using CruiseControl .NET, run the command net start "CruiseControl.Net Server". If you are using standard CruiseControl, run net start "CruiseControl Service".

Resources