My firm manages a fairly large array of production servers across a number of servers. Our production server, by convention, only allow SSH access from a handful of gateway hosts. Most of these web servers run PHP projects which use rsync-based deployment scripts running on one main gateway host.
That said, we're building a couple of large applications using Django, and expecting to use Fabric to manage deployment. Fabric does not yet support SSH tunneling but it seems to be in their roadmap.
My options seem to be:
- Cast aside our gateway-host rule in favor of following Django deployment best practices.
- Roll my own Django deployment script in bash, install it on our gateway host, and trigger that from Fabric locally.
Perhaps I'm asking the wrong question here, and Fabric isn't the right choice, but it feels really natural and I would like to use it if possible.