Review for new rbac_playbook
Tim Flink
tflink at redhat.com
Wed Jun 25 18:23:21 UTC 2014
On Mon, 09 Jun 2014 17:37:06 +0200
Michael Scherer <misc at zarb.org> wrote:
> Le lundi 09 juin 2014 à 08:44 -0600, Tim Flink a écrit :
>
> > The QA devel folks use phabricator and phabricator supports git repo
> > hosting (through http(s) and ssh). In order to support git over ssh
> > while keeping user information in phabricator (username, ssh key for
> > git, repo permissions etc.), it uses a short-circuited ssh daemon
> > that uses phabricator for auth instead of system accounts
> > (restricted to git commands, though). Git repos on alternate ports
> > is a bit of a pain, so to support git+ssh on port 22 I change the
> > real ssh daemon (that can do more than git) to an alternate port.
>
> What about having the real sshd listening on one ip ( if possible, a
> rfc1918 one in the VPN ) and git from phabricator on a second ?
I can't think of any reason why that wouldn't work but I don't see
what's wrong with just using an alternate port instead of adding a
second IP.
I don't have a strong opinion on the exact setup as long as
the external port 22 is handled by phabricator and the machine remains
manageable through ansible without too many odd workarounds.
Tim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20140625/e4e41421/attachment.sig>
More information about the infrastructure
mailing list