Create an `hg-http-server` Ansible role for setup of HTTP based authentication
Categories
(Developer Services :: Mercurial: hg.mozilla.org, task)
Tracking
(Not tracked)
People
(Reporter: sheehan, Unassigned)
References
Details
Our current Ansible setup for the master (hgssh) servers on hg.mozilla.org involves two Ansible roles, hg-ssh
and hg-ssh-server
.
hg-ssh-server
installs the SSH components needed for SSH access from the public internet using our SSH model. It includes things like pash
, our ldap
lookup utilities and creates scm_*
groups. It is a dependency of hg-ssh
.
hg-ssh
includes most of the code related to running the master write server on hgmo. As outlined in bug 1554194, this role should probably be renamed to hg-master
or something similar. All of the code in this Ansible role will be needed on the new SSO authenticated server.
To install SSO authentication around our existing application code, we need to create a new Ansible role similar in nature to hg-ssh-server
that specifically handles the authentication based infrastructure for the master server. We can apply this new role first, and apply the hg-ssh
role on top of it. As part of this work, hg-ssh-master
must be removed as a dependency of hg-ssh
.
Most of the content of this new role will be a port of the proof-of-concept Docker containers found in the "federated Mercurial" repo.
Reporter | ||
Updated•3 years ago
|
Description
•