Page MenuHomePhabricator

Closed, ResolvedPublic


Writing things down makes me feel very important

Revisions and Commits

Event Timeline

I'm probably going to break all repositories momentarily. If I do, I'll try to fix them.

This sort of works now. The 002 node is live, just not reachable yet. Some weird stuff I hit:

  • I wasn't fiddling with security.require-https properly, so the service was redirecting and dropping headers/parameters. If the X-Phabricator-Cluster header is present, we could fail with a useful message instead of redirecting.
  • sudo permission for SSH for proxying on web/ssh nodes, kind of hard to auto-detect this.

Logged-out users can't browse diffusion: ERR-INVALID-SESSION: Session key is not present.

(I'm just guessing it has something to do with this, because ops)

epriestley added a revision: Restricted Differential Revision.Apr 13 2016, 1:20 PM
  • D15695 should fix logged-out users.
  • D15696 + D15697 should smooth out security.require-https for intracluster requests.
epriestley added a commit: Restricted Diffusion Commit.Apr 14 2016, 12:06 PM

Every service on secure is now supported by a redundant version in a separate AWS availability zone. Failover wouldn't be completely clean/automatic, but we could lose either node with zero data loss, and would have a very short path to promoting the remaining node as a full master.

(Technically, Drydock only has only one sbuild node and one saux node, so this isn't entirely true if you want to split hairs, but those services are nonessential in this configuration.)