Closed Bug 1554199 Opened 6 years ago Closed 3 years ago

Create an `hg-http-server` Ansible role for setup of HTTP based authentication

Categories

(Developer Services :: Mercurial: hg.mozilla.org, task)

task
Not set
normal

Tracking

(Not tracked)

RESOLVED INACTIVE

People

(Reporter: sheehan, Unassigned)

References

Details

Our current Ansible setup for the master (hgssh) servers on hg.mozilla.org involves two Ansible roles, hg-ssh and hg-ssh-server.

hg-ssh-server installs the SSH components needed for SSH access from the public internet using our SSH model. It includes things like pash, our ldap lookup utilities and creates scm_* groups. It is a dependency of hg-ssh.

hg-ssh includes most of the code related to running the master write server on hgmo. As outlined in bug 1554194, this role should probably be renamed to hg-master or something similar. All of the code in this Ansible role will be needed on the new SSO authenticated server.

To install SSO authentication around our existing application code, we need to create a new Ansible role similar in nature to hg-ssh-server that specifically handles the authentication based infrastructure for the master server. We can apply this new role first, and apply the hg-ssh role on top of it. As part of this work, hg-ssh-master must be removed as a dependency of hg-ssh.

Most of the content of this new role will be a port of the proof-of-concept Docker containers found in the "federated Mercurial" repo.

Blocks: 1554230
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → INACTIVE
You need to log in before you can comment on or make changes to this bug.