How to deploy highly iterative updates

Question

I have a set of binary assets (swf files) each about 150Kb in size. I am developing them locally on my home computer and I want to periodically deploy them for review. My current strategy is:

1. Copy the .swf's into a transfer directory that is also a hg (mercurial) repo.
2. hg push the changes to my slicehost VPN
3. ssh onto my slicehost VPN
   • cd to my transfer directory and hg up
   • su www and cp the changed files into my public folder for viewing.

I would like to automate the process. Best case scenario is something close to:

1. Copy the .swf's into a "quick deploy" directory
2. Run a single local script to do all of the above.

I am interested in:

• advice on where to put passwords since I need to su www to transfer files into the public web directories.
• how the division of responsibility between local machine and server is handled.

I think using rsync is a better tool than hg since I don't really need a revision history of these types of changes. I can write this as a python script, a shell script or however is considered a best practice.

Eventually I would like to build this into a system that can handle my modest deployment needs. Perhaps there is an open-source deployment system that handles this and other types of situations? I'll probably roll-my-own for this current need but long term I'd like something relatively flexible.

Note: My home development computer is OS X and the target server is some recent flavour of Ubuntu. I'd prefer a python based solution but if this is best handled from the shell I have no problems putting it together that way.

Answer 1

to avoid su www I see two easy choices.

• make a folder writable to you and readable by www's group in some path that the web-server will be able to serve, then you can rsync to that folder from somewhere on your local machine.

• put your public ssh key in www's authorized_keys and rsync to the www user (a bit less security in some setups perhaps, but not much, and usually more convenient).

working around su www by putting your or its password in some file would seem far less secure.

A script to invoke "rsync -avz --partial /some/path www@server:some/other/path" should be quick to write in python (although I do not python well).

Answer 2

If you're at all comfortable in Python, I recommend Fabric for automated deployment scripts.

In addition to group permissions or ssh-ing as www (with key-based auth), a third solution to the permissions issue would be to add your user to /etc/sudoers and use sudo (you can specify the exact command your user is allowed to use sudo for, so you can make the security implications minimal).