<
rsync deployment, 2.0+
Documentation

Installation and configuration – FirstSpirit rsync deployment

Using rsync deployment, you can publish content created with FirstSpirit via the rsync protocol. Rsync deployment is already available in the FirstSpirit Cloud and can be used right away.

In FirstSpirit other content publishing options, besides the rsync functionality, include publishing content within local file systems or using FTP. These two methods are less convenient and secure than rsync:

  • After distributing content in local file systems, the content must be processed manually.
  • FTP is no longer considered secure enough and should only be used within local networks.

Both problems are solved by rsync deployment:

  • The rsync protocol uses the SSH protocol with public key authentication to secure the connection to target servers outside the FirstSpirit Cloud.
  • It can process large amounts of data efficiently and economically: if only a portion of the content has changed, the transfer will include just the necessary delta.

The target server needs to be able to accept SSH connections. The correct configuration and operation of the target server, however, strongly depends on its operating system.


rsync deployment task

To use the rsync functionality, you must add the rsync action in the ServerManager and configure the connection parameters.

  • As project admin, add the rsync deployment action in the ServerManager.
    ServerManager > Project > Properties > [Project selection] > Schedule management > [Edit schedule entry] > Actions tab > Add > Deployment over rsync

  • Configure the Connection Parameters area in the configuration window:

Mandatory fields:

  • Destination Host
  • Destination Path
  • SSH Username: username for login

SSH Key Management field

  • Enter the private SSH key for the connection under Key data as text.
    Note: After saving, the private SSH key is no longer visible in this window, but it is still available in the project data and project exports.

During file transmissions, the SSH key is handled as plain text. It cannot be protected with a passphrase. The private key's obfuscation does not provide complete protection. You can increase security by restricting the rights to your projects and, for example, limiting the user account's permissions on the target server to the rsync command.
In the Schedule management, you can individually configure rsync and SSH. You can use parameters in the UI, and also enter individual values in free text fields. The input values depend on the target server. You can find the appropriate documentation, for example, in the target server's man pages.

First connection

For a secure connection, the public key's fingerprint on an SSH server must be checked each time a connection is established. If a mismatch is detected, the connection is rejected. You must therefore save the fingerprint for each SSH server.

Thus, before establishing the first connection deactivate the corresponding parameter in the ssh area, establish a connection, and re-activate the parameter immediately afterwards. Repeat the steps for every first connection to a Cloud server:

  • Deactivate the Always verify remote host key [-oStrictHostKeyChecking=yes] checkbox.
  • Enter as free text in the Additional SSH options field:
    -oStrictHostKeyChecking=no
  • Execute the rsync action
    → The first connection to the cloud server is established and the fingerprint is stored for later connections.
  • Activate the Always verify remote host key [-oStrictHostKeyChecking=yes] checkbox and remove the -oStrictHostKeyChecking=no command in the Additional SSH options field.

Schedules in other projects can be used right away with StrictHostKeyChecking=yes.

Public SSH keys usually do not change. If a public SSH key needs to be replaced, e.g. when retiring old RSA keys, create a ticket with Crownpeak Support.


Deleting files

Several use cases for deleting files are realistic, e.g. fully synchronizing the file structures between the source and target server, or manually deleting directories or particular files on the target server.

To fully synchronize the file structures:

  • Activate the Delete extraneous files on destination path [--delete] checkbox in the rsync area.
    The checkbox is inactive by default.
    → When the rsync action is executed, directories and files are deleted if they exist on the target server but not on the source server.

To delete individual files:

  • Activate the Delete listed files in destination path checkbox in the delete files area.
  • Enter the delete command for your target system in the delete command field.
    E.g."rm" for Linux servers.
  • Create a .txt file - the deletion list - with the paths of the directories and files to be deleted.
  • Place the deletion list in the directory that you specified in the Destination path field in the Connection Parameters area.
  • Enter the file name including the file extension in the File name of delete-list field in the delete files area.
    E.g."deletelist.txt".
    → When the rsync action is executed, directories and files listed in the delete list are deleted.

The deletion list can be created, for example, by a special upstream action that reads the deletedPageInfo from the delta generation.
An error is displayed
  • if the Delete listed files in destination path checkbox is active, but no matching deletion list can be found in the directory that you have specified in the Destination path field in the Connection Parameters area.
  • if a file or directory listed in the deletion list cannot be found on the target server under the specified target path.