Bastion host to run customed deploy tasks

[Mason Leung]

Hi,

We use capistrano to deploy scala app (we also have rails apps, so capistrano is our standardized deploy tool).  This (both ruby and scala) works fine when deploy from our laptop to the ec2 instances directly.  However, we are experimenting with deploy using a bastion host.  Using http://www.randomerrata.com/articles/2015/deploying-via-a-bastion-host-with-capistrano-3/ as a reference, the Rails apps were deployed correctly without issue (from laptop using agent forward to bastion host, and deploy onto the ec2 instance).   However, the scala app deploy has customized deploy tasks like

  task :update_code do

    sudo "mkdir -p #{release_path}"

    sudo "curl -sS -o #{release_path}/app1.zip --user #{artifactory_credentials} -g '#{release_url}'"

    sudo "unzip -d #{release_path} #{release_path}/app1.zip"

    sudo "chmod a+x #{release_path}/run_server"

    sudo "ln -sfn #{deploy_to}/shared/log #{release_path}/logs"

  end  

When deploy from laptop, the instance that runs the scala app is only accessible through the bastion host, capistrano doesn't know that ip.  We end up getting 

    2016-03-28 15:36:52 servers: ["10.0.1.97"]

    [10.0.1.97] 2016-03-28 15:36:52 executing command

*** [err :: 10.0.1.97] 2016-03-28 15:36:52 sudo: unable to resolve host ip-10-0-1-97

Versions:

Capistrano is definitely able to use the bastion host if we used the build-in deploy tasks.  For customized tasks, how can we instruct capistrano to use the bastion host?

thanks,

-mason

[Lee Hambley]

The code you posted is for Capistrano 2.x, hence the article you referred to for Capistrano 3.x will not apply.

For both versions of Capistrano that guide is misleading and inaccurate. You should simply define the bastion host in your system .ssh configuration as you would if using regular SSH. You should then use the host aliases `my-server-via-bastion-host` which are defied in your system config in your Capistrano recipes.

You might want to check this file in to your repository, so you don't need to instruct everyone on your team to maintain the same file. In Capistrano 3, where the underlying system is managed by SSHKit automatically https://github.com/capistrano/sshkit#tunneling-and-other-related-ssh-themes. In Capistrano 2.x I'm afraid I don't know how to do it, but probably you have to use Net:SSH directly, or at least tell it which non-standard paths to use to look for SSH config. 

Lee Hambley

http://lee.hambley.name/

+49 (0) 170 298 5667

--
You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/f06e26fa-c9c2-4b87-a641-f8f6e4aaeeda%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.