Here is a deployment script that can be run from Jenkins.
It establishes VPN connections, creates SSH tunnels and copies the WAR file to remote server. At the end the WAR is verified and a deployment script is executed.
The 192.168.0.2 is the server that gives access to other machines. The target tomcat server is 192.168.0.3, but it can be accessed only from 192.168.0.2.
The deploy.sh is responsible to stop tomcat server, delete the old artifact and start the tomcat server.
#!/bin/bash now="$(date +'%Y%m%d%H%M')" yes | cp /opt/hudson/jobs/WAR/lastSuccessful/archive/target/app.war ./app.war cksumline=`cksum ./app.war` fileChkSum=$(echo "$cksumline" | awk '{print $1}') fileSize=$(echo "$cksumline" | awk '{print $2}') #echo "Local Checksum:$fileChkSum" #echo "Local FileSize:$fileSize" sudo pon vpn-conn1 echo VPN connected sleep 10 echo Creating tunnel sshpass -p $pass ssh -f -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no user@192.168.0.2 -L 1234:192.168.0.3:22 'sleep 30' & sleep 10 echo Tunnel created echo Copyng WAR file... sshpass -p $pass scp -oStrictHostKeyChecking=no -P 1234 ./app.war user@localhost:webapps/app.war.$now echo WAR file copied. cksumline2=`sshpass -p $pass ssh -oStrictHostKeyChecking=no -p 1234 user@localhost cksum webapps/app.war.$now` echo "Checksum execution on remote machine: $cksumline2" fileChkSum2=$(echo "$cksumline2" | awk '{print $1}') fileSize2=$(echo "$cksumline2" | awk '{print $2}') if [[ "$fileChkSum" != "$fileChkSum2" ]]; then echo "Checksum differs! local: $fileChkSum, remote: $fileChkSum2" sudo poff vpn-conn1 echo VPN disconnected exit -1 fi if [[ "$fileSize" != "$fileSize2" ]]; then echo "Size differs! local: $fileSize, remote: $fileSize2" sudo poff vpn-conn1 echo VPN disconnected exit -1 fi sshpass -p $pass ssh -oStrictHostKeyChecking=no -p 1234 user@localhost cp webapps/app.war.$now webapps/app.war sshpass -p $pass ssh -oStrictHostKeyChecking=no -p 1234 user@localhost ./deploy.sh sudo poff vpn-conn1 echo VPN disconnected