How to use Nant/TeamCity to Deploy across DMZ?

Question

I have build server inside our domain (and it needs to be because it also talks to other boxes in the domain), and a webserver that is in the DMZ.

As part of our build scripts, I would like to deploy websites to the webserver in the DMZ, using the Nant copy task. The problem is, that Nant is invoked from TeamCity which runs under the System account on the build server, and there is no way that I can find to give the build server system account access to the DMZ webserver directories. (It probably isn't a good idea anyway).

Is there anyway to tell Nant to run a specific task under a different windows user, or is there another solution to my problem?

Edit: One other restriction I am running under is that I can't create new domain accounts (well, at least not without going through an approval process). I can create local machine accounts, but in that case, it doesn't seem that runas will work across the DMZ.

Answer 1

A couple options might be:

1. Use the Simple Command Runner to exec out to something like runas, specifying nant.exe running under a different user account.
2. Change the account in which the TeamCity server runs as; like a limited privileged user that has access to DMZ.
3. Attempt to use the <scp> (secure copy) task provided by NAntContrib.
4. Use the nant <exec> task to call an ftp program, that places the files up on the DMZ.

Hopefully this provides a little help. Good luck!

Answer 2

you could use powershell remoting to pull releases from the build server. The server would be less vulnerable than if you were to use a push release like a file copy.

I'm doing this with a custom app that logs into teamcity and downloads artifacts and then deploys using powershell locally.