1

The current network setup at my job has made it difficult to deploy Ruby web applications. We are running our production RHEL servers in an air gap network with no access to the public internet. My workstation is obviously able to transfer packages & files to the servers via SSH, but tools like RVM are almost impossible to install without direct internet access.

Gem dependencies are also horrible to deal with. This can be partially remedied with bundler, but if a gem relies on a package that needs to be compiled it won't work since I develop (and bundle) on OSX.

I have thought of a two possible solutions, but was wanting someone with more expertise to lend me some pointers. Here are my ideas:

  • Install the Ruby application on a local VM in my workstation. When everything has been set up, somehow take a diff of the file system (git maybe?) that will be transferred to the production server and extracted.
  • Setup a reverse SSH tunnel to gain internet access on the production server temporarily (is this even possible?).

Do either of these ideas sound viable? If so, which one would you recommend and how would I go about implementing it?

Thanks for the help!

John Jacquay
  • 11
  • 1
  • Regarding your tag "rhel6" a possible solution is to build a custom rpm for your application on your workstation/vm. This rpm can be installed without internet access. – deagh Apr 11 '14 at 14:34
  • 3
    An SSH tunnel would work, yes -- but check with your IT department's policies, if there's a reason that that system doesn't have internet access (note: that's not really an "air gap" if it's networked to other machines that do) then defeating those measures even temporarily may violate company policies and land you in real hot water... – Kromey Apr 11 '14 at 14:42
  • The custom RPM idea sounds like a great option, I'll give it a try. I found this article that gives more information: http://www.philandstuff.com/2012/06/06/rpm-ruby-and-bundler.html – John Jacquay Apr 11 '14 at 15:00
  • 1
    If you can open a tunnel to the Internet from these servers then they're not air-gapped. Perhaps I'm being a little pedantic here, but "air gap" means NO connection. >sigh – Evan Anderson Apr 11 '14 at 15:57

1 Answers1

0

I can think of two tools that would help you a lot.

  1. fpm - This will build an rpm from an arbitrary software tree.

  2. Omnibus - This tool is built to solve exactly the problem you are describing, installing a ruby app with all it's necessary dependencies.

https://github.com/jordansissel/fpm

https://github.com/opscode/omnibus-ruby

Fred the Magic Wonder Dog
  • 2,095
  • 12
  • 17