Upload via SSH on server in VPN

Answered

Permanently deleted user

Created July 03, 2020 17:51

Hi there.

I am deploying a web application on the production server using Teamcity. One of the build steps is uploading the necessary files on the prod server. Everything is working as expected, but now we put the application server in a private network accessible via VPN. Once this happened, of course the SSH upload step in the Teamcity configuration is failing due to not being able to connect to the server anymore.

Is there a way to configure the Teamcity agent to connect to a server in a private network?

If not, how should I approach the problem?

Thank you!

2 comments

Fedor Rumyantsev

Created July 06, 2020 10:45

Hello Diana,

Unfortunately, there is no built-in logic to handle the VPN connection from agent side. Still, there are two options I could think of:
1) you may configure a VPN connection to auto-reconnect, store the credentials for private network auth on the agent side and run the SSH upload as usual.
It is probably the easiest solution, but this could be a security violation depending on your security policy (as agent will always be connected to the private network).

2) you may also use a custom command line script which would start VPN, then SSH into application server, upload files, cease the SSH connection and close out the VPN connection. For example, with openvpn you could do this (found at https://unix.stackexchange.com/questions/360610/how-to-connect-and-disconnect-an-openvpn-connection-in-a-bash-script):

#!/bin/bash
sudo systemctl start openvpn@vpnname # (step 1)
# RUN THE TASK AFTER THE CONNECTION (step 2)
sudo systemctl stop openvpn@vpnname # (step 3)

You may include the whole logic into the script, or add a step which will initiate a connection before SSH upload and another to close it out afterwards.