While working on deploying a web-application recently, I needed to transfer a ‘build artifact’ (fancy name for a .tgz
) from a Continuous Integration server to an RPM repository server.
We already have an existing RPM repository server that uses Apache, and once my tarball was in the correct location, it would be available over HTTP for all to consume.
Cutting to the chase – What is the simplest way by which I could automatically transfer a ~20 MiB file from one CentOS host to another?
I didn’t want to install an FTP server or any extra Apache module on the existing RPM host that would then support multi-part file uploads.
The quickest solution, it seemed was an scp
or an rsync
.
So, how would this CI host be authorized to open an SSH tunnel to the web-server?
Where would the identity key reside? There is no elaborate keyserver in this ecosystem.
I decided to the transfer the responsibility of protecting the system from the identity key to the remote host’s operating system.
A new user called tarballs on the RPM repository host with its HOME
set to /var/www/html/tarballs
, and set its SHELL
to rbash
.