Allow cluster devices to SSH to one another without acting as a user
ClosedPublic
Actions

Authored by epriestley on Apr 19 2016, 1:28 PM.

Details

Reviewers

chad

Maniphest Tasks

T4292: Implement repository replication

Commits

rPc70f4815a958: Allow cluster devices to SSH to one another without acting as a user

Summary

Ref T4292. When you run git fetch and connect to, say, repo001.west.company.com, we'll look at the current version of the repository in other nodes in the cluster.

If repo002.east.company.com has a newer version of the repository, we'll fetch that version first, then respond to your request.

To do this, we need to run git fetch repo002.east.company.com ... and have that connect to the other host and be able to fetch data.

This change allows us to run PHABRICATOR_AS_DEVICE=1 git fetch ... to use device credentials to do this fetch. (Device credentials are already supported and used, they just always connect as a user right now, but these fetches should be doable without having a user. We will have a valid user when you run git fetch yourself, but we won't have one if the daemons notice that a repository is out of date and want to update it, so the update code should not depend on having a user.)

Test Plan

$ PHABRICATOR_AS_DEVICE=1 ./bin/ssh-connect local.phacility.com
Warning: Permanently added 'local.phacility.com' (RSA) to the list of known hosts.
PTY allocation request failed on channel 0
phabricator-ssh-exec: Welcome to Phabricator.

You are logged in as device/daemon.phacility.net.

You haven't specified a command to run. This means you're requesting an interactive shell, but Phabricator does not provide an interactive shell over SSH.

Usually, you should run a command like `git clone` or `hg push` rather than connecting directly with SSH.

Supported commands are: conduit, git-lfs-authenticate, git-receive-pack, git-upload-pack, hg, svnserve.
Connection to local.phacility.com closed.