Re: Review for new rbac_playbook

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 09 Jun 2014 17:37:06 +0200
Michael Scherer <misc@xxxxxxxx> wrote:

> Le lundi 09 juin 2014 à 08:44 -0600, Tim Flink a écrit :
> 
> > The QA devel folks use phabricator and phabricator supports git repo
> > hosting (through http(s) and ssh). In order to support git over ssh
> > while keeping user information in phabricator (username, ssh key for
> > git, repo permissions etc.), it uses a short-circuited ssh daemon
> > that uses phabricator for auth instead of system accounts
> > (restricted to git commands, though). Git repos on alternate ports
> > is a bit of a pain, so to support git+ssh on port 22 I change the
> > real ssh daemon (that can do more than git) to an alternate port.
> 
> What about having the real sshd listening on one ip ( if possible, a
> rfc1918 one in the VPN ) and git from phabricator on a second ?

I can't think of any reason why that wouldn't work but I don't see
what's wrong with just using an alternate port instead of adding a
second IP.

I don't have a strong opinion on the exact setup as long as
the external port 22 is handled by phabricator and the machine remains
manageable through ansible without too many odd workarounds.

Tim

Attachment: signature.asc
Description: PGP signature

_______________________________________________
infrastructure mailing list
infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/infrastructure

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux