1554231 - Repurpose hgssh3 for use as hgsso1

Status: RESOLVED INACTIVE

(Developer Services :: Mercurial: configwizard, task)

Description

[Connor Sheehan [:sheehan]]

Once we have integrated the HTTP based authentication endpoint into our test suite and verified that everything is working as intended, we will need to create a production node using the new code. Previously we discussed re-purposing hgssh3 as "hgsso1" and deploying the HTTP push endpoint there. Once we have this rolled out, a small group of devs will have access to it for testing (including a pen-test). After confirming the node is secure and is working correctly, we will make a public announcement requesting interested parties use the new HTTP based auth as a "beta" group. Eventually the "beta" will become the standard and the hgssh nodes will be torn down, becoming "hgsso2", etc.

Before we start tackling this work, we will also need to come up with a way to differentiate traffic that is intended for the master servers from traffic intended for the mirrors. Previously we used the application layer protocol (HTTP or SSH) to split the traffic, but this will obviously not be possible once we use HTTP everywhere. Using Authorization headers would work, but there may be some complications with regard to replication and the replicatedserved repoview.