Page MenuHomePhabricator
Differential D11158

Add `bin/almanac register` to associate a host with an Almanac device and trust it
ClosedPublic
Actions

Authored by epriestley on Jan 2 2015, 8:20 PM.
Tags
None
Referenced Files
F14073952: D11158.diff
Thu, Nov 21, 3:33 AM
Unknown Object (File)
Sun, Nov 17, 9:39 AM
Unknown Object (File)
Sat, Nov 16, 3:53 AM
Unknown Object (File)
Sun, Nov 10, 2:03 PM
Unknown Object (File)
Wed, Oct 30, 11:49 PM
Unknown Object (File)
Tue, Oct 22, 11:39 PM
Unknown Object (File)
Oct 17 2024, 7:12 AM
Unknown Object (File)
Oct 15 2024, 3:35 AM
View All Files
Subscribers
epriestley

Details

Reviewers
btrahan
Maniphest Tasks
T2783: Make working-copy operations service-oriented
Commits
Restricted Diffusion Commit
rPc84b9d408cb5: Add `bin/almanac register` to associate a host with an Almanac device and trust…
Summary

Ref T2783. This is basically a more refined version of D10400, which churned a bit on things like SSH key storage, the actual way the signing protocol shook out, etc.

  • When Phabricator tries to make an intra-cluster service call as the omnipotent user, sign it with the host's device key.
  • Add bin/almanac register to say "this host is X device, identified by private key Y". This stores the keypair locally, adds the public key to Almanac, and trusts it.

Net effect is that once a host has been registered, the daemons can make calls to other nodes as the omnipotent user. This is primarily necessary so they can access repository API methods on remote hosts.

Test Plan
  • Ran bin/almanac register with various valid and invalid inputs.
  • Verified keys get generated/added/stored properly.
  • Made a device-signed cluster Conduit call.
  • Made a normal old user-signed cluster Conduit call.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 26777.Jan 2 2015, 8:20 PM
epriestley retitled this revision from to Add `bin/almanac register` to associate a host with an Almanac device and trust it.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: btrahan.
epriestley added a task: T2783: Make working-copy operations service-oriented.
Herald added a subscriber: epriestley. · View Herald TranscriptJan 2 2015, 8:20 PM
btrahan accepted this revision.Jan 2 2015, 10:14 PM
btrahan edited edge metadata.
This revision is now accepted and ready to land.Jan 2 2015, 10:14 PM
joshuaspence mentioned this in T6853: "Open Revisions Affecting These Files" should weight severity of changes.Jan 2 2015, 10:14 PM
Closed by commit rPc84b9d408cb5: Add `bin/almanac register` to associate a host with an Almanac device and trust… (authored by epriestley, committed by epriestley). · Explain WhyJan 2 2015, 11:13 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
4 lines
conf/
keys/
src/
4 lines
applications/
almanac/
management/
190 lines
util/
12 lines
diffusion/
query/
55 lines

Diff 26799

View Options

.gitignore

Loading...
View Options

conf/keys/.keep

Loading...
View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/almanac/management/AlmanacManagementRegisterWorkflow.php

Loading...
View Options

src/applications/almanac/util/AlmanacKeys.php

Loading...
View Options

src/applications/diffusion/query/DiffusionQuery.php

Loading...
Phabricator · Built by Phacility