server administration for 1U rack server placed in intranet: how to deploy web application and update the server without internet connection?

Question

A MNC sales department hired my services as a software consultant to build them a web application.

This web app generates excel files based on their internal business processes.

This web application is done, and I told them I need to deploy this in a server.

Their IT department is based in another country and we spent 6 months getting the permission for a server. After much paperwork and red tape, we still see no sign of a server anywhere.

Our workaround is that the sales department will buy a 1U server on my recommendations. The sales department also secured a place in a lab on the same floor as their offices. The lab head allows us to place a 1U rack server inside.

However, we have 2 issues that I am not in the best position to answer. So I am seeking the advice of server admin experts here.

1) the lab only allows the machines to be connected to their internal intranet. My web application which can be accessed via the web browser requires a url. I was thinking of getting a static IP address, so that the sales department can access via http://some-static-ip/webapp

This means we need to get the IT department to help us. After the last 6 months of red tape, the sales department is apprehensive about asking them for a static internal IP address.

Is there a workaround that we can do on our end to avoid asking the IT department for help?

UPDATE

I will take up @MichaelHampton advice and go above the IT department about the static IP address. My focus is now on the 2nd question.

2) Let's say we have managed to deploy my web application in this server that is placed within the intranet.

We need to regularly update the web application and the OS. (We are probably going to use ubuntu 12.04 server version)

There will be no internet connection for this server as the lab it will be in is only connected to the internal network.

My code is placed on github, I am already prepared to go down every once a month to update the code base for the web app using a thumb drive.

However, I do not know what I can do to update the OS without internet access.

Is there a hardware/software solution I can consider to overcome this? I believe I can convince the sales department to pay for such a solution if it makes sense.

E.g., I buy some kind of mobile broadband dongle I can attach to the server?

Whenever I go down to the lab, I need to unhook the server from the internal network, attach the dongle to the server so that the server now will have internet access via the dongle. I can then update the server OS and codebase easily.

After I am done, I will detach the dongle and then hook the server back to the internal network.

UPDATE

I would like to take any suggestions here for the 2nd question to the IT department or to the management above the IT department.

UPDATE1

WE eventually found a way with the IT team to allow server update by opening a connection via the proxy.

Thank you.

Answer 1

In answer to your first question, as Michael Hampton has suggested, you need to be getting a static IP through the IT group. For convenience sake, you should talk to them about getting a DNS record created as well, if possible. A memorable hostname for the server or application will make things easier for the users of the application.

In answer to your second question. For the OS, you can use apt-offline (documentation is here). You won't need to connect a 3G dongle to the server or disconnect anything, you just need a USB key. I'd be cautious about connecting 3G connections to systems in a lab environment, as you might be violating security controls in place for the lab environment.

First step, You'll need to head to the customer site and generate a signature file, which gives apt-offline a baseline to work from by cataloging the installed package versions on the machine. Save that signature file to a USB key and take it with you.

For example, to generate a signature file, and save it to a USB key mounted on /media/USB, you'd run apt-offline set /media/USB/updates.sig. You can replace updates.sig with any file name that makes it easy for you to identify the server the signature file represents.

Second step, Once you have the signature file, you can run apt-offline on a machine that has an internet connection, providing it the signature file, and it will download all required updates. apt-offline will product a zip file, which you can copy to your USB key.

To download packages required to update the server, based on a signature file on a USB key mounted on /media/USB named updates.sig, using five download threads (to speed things up), to a zip file on the same USB key names updates.zip, you'd run apt-offline get -t 5 --bundle /media/USB/updates.zip /media/USB/updates.sig.

Final step, You can then take the USB key containing the updates.zip file to the customer size, and on the ubuntu server, run apt-offline install /media/USB/updates.zip to install all of the updates form the USB key mounted on /media/USB, from the archive updates.zip. Once complete, don't forget to follow the first step again to generate a new signature file. This will just save you a trip to the customer site to generate a new signature file.

For updating your application, the easiest way (without knowing if you have a git repository on the server in the customer's lab) would be to export the latest code to an archive, from the git repository, using git archive. This is discussed in more depth here.

For example, the first step would be to archive a locally checked out copy of the code to a Bzip2 compressed tar archive, you'd run git archive master | bzip2 > /media/USB/latest-code.tar.bz2 from the repository directory. This would save the code to latest-code.tar.bz2 on a USB key mounted on /media/USB.

The second step would be, on the server on the customer's network, to take a backup of the old code, in case you need to back out your update. You can take a backup of the code, assuming it's stored in /var/www/application, by running tar cpjfv /media/USB/code-backup.tar.bz2 /var/www/application. This will create a Bzip2 compressed tar archive, preserve permissions, and save it to a file called code-backup.tar.bz2 on the USB key mounted on /media/USB.

Finally, You can then extract the archive containing the new code from the USB key using tar jxfv /media/USB/latest-code.tar.bz2. This would extract the contents of the latest-code.tar.bz2 archive from a USB key mounted on /media/USB into the current directory. Using the example from the previous step, you would use cd /var/www/application first, to change directory to the folder where the application is hosted first.

Hope that helps!