Page MenuHomePhabricator
Create Task
Maniphest T10809

SVN service proxying in Phacility cluster can fail in a couple of ways
Closed, ResolvedPublic
Actions

Description

I think I narrowed the user report down to a couple of HA/repository service issues:

  • We currently mutate URIs when proxying, then mutate them again on the target. I think this previously worked, but removing callsigns changed the mutation/recognition algorithm. Instead, we should mutate only on the target.
  • The proxy hosts may need to execute svnserve to decode protocol frames, but this requires sudo access to svnserve.

Revisions and Commits

Restricted Diffusion Commit
rP Phabricator
D15712rPca6da4c2befe When proxying the SVN protocol, don't mutate URIs in protocol frames if we're…

Event Timeline

epriestley created this task.Apr 14 2016, 5:06 PM
Herald added subscribers: chad, eadler. · View Herald TranscriptApr 14 2016, 5:06 PM
epriestley added projects: Subversion, Diffusion.Apr 14 2016, 5:06 PM
epriestley added a revision: D15712: When proxying the SVN protocol, don't mutate URIs in protocol frames if we're an intracluster proxy.Apr 14 2016, 5:10 PM
epriestley added a commit: Restricted Diffusion Commit.Apr 14 2016, 5:12 PM
epriestley added a comment.Apr 14 2016, 5:14 PM

rCOREf9b858d57460 gives web nodes sudo access to svnserve when they're proxying SSH connections.

A possible alternate fix is to not require sudo, since we're just using svnserve to help us speak the protocol. That runs into some potential path/permissions type issues, though. Still, this may be simpler in the long run as third parties begin configuring clusters.

We could also learn to speak the protocol, but that's much messier since some of the protocol frames we need to speak announce server capabilities.

epriestley added a commit: rPca6da4c2befe: When proxying the SVN protocol, don't mutate URIs in protocol frames if we're….Apr 14 2016, 5:15 PM
epriestley closed this task as Resolved.Jun 5 2016, 10:24 PM

This has been live for some time and appears to have resolved the problems.

Herald added a subscriber: faulconbridge. · View Herald TranscriptJun 5 2016, 10:24 PM
Phabricator · Built by Phacility