Page MenuHomePhabricator

Allow cluster devices to SSH to one another without acting as a user

Authored by epriestley on Apr 19 2016, 1:28 PM.
Referenced Files
Unknown Object (File)
Fri, Aug 12, 3:18 AM
Unknown Object (File)
Thu, Aug 11, 1:25 PM
Unknown Object (File)
Wed, Aug 10, 11:40 AM
Unknown Object (File)
Mon, Aug 8, 11:20 PM
Unknown Object (File)
Fri, Aug 5, 4:07 AM
Unknown Object (File)
Wed, Aug 3, 6:00 AM
Unknown Object (File)
Tue, Jul 26, 11:08 AM
Unknown Object (File)
Tue, Jul 26, 9:52 AM



Ref T4292. When you run git fetch and connect to, say,, we'll look at the current version of the repository in other nodes in the cluster.

If has a newer version of the repository, we'll fetch that version first, then respond to your request.

To do this, we need to run git fetch ... and have that connect to the other host and be able to fetch data.

This change allows us to run PHABRICATOR_AS_DEVICE=1 git fetch ... to use device credentials to do this fetch. (Device credentials are already supported and used, they just always connect as a user right now, but these fetches should be doable without having a user. We will have a valid user when you run git fetch yourself, but we won't have one if the daemons notice that a repository is out of date and want to update it, so the update code should not depend on having a user.)

Test Plan
$ PHABRICATOR_AS_DEVICE=1 ./bin/ssh-connect
Warning: Permanently added '' (RSA) to the list of known hosts.
PTY allocation request failed on channel 0
phabricator-ssh-exec: Welcome to Phabricator.

You are logged in as device/

You haven't specified a command to run. This means you're requesting an interactive shell, but Phabricator does not provide an interactive shell over SSH.

Usually, you should run a command like `git clone` or `hg push` rather than connecting directly with SSH.

Supported commands are: conduit, git-lfs-authenticate, git-receive-pack, git-upload-pack, hg, svnserve.
Connection to closed.

Diff Detail

rP Phabricator
Lint Not Applicable
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Allow cluster devices to SSH to one another without acting as a user.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Apr 19 2016, 5:57 PM
This revision was automatically updated to reflect the committed changes.