Page MenuHomePhabricator
Create Task
Maniphest T8206

Make authorize-user part of bastion deployment
Closed, ResolvedPublic
Actions

Revisions and Commits

Restricted Diffusion Commit
Restricted Diffusion Commit

Related Objects
Search...

Event Timeline

epriestley created this task.May 15 2015, 1:47 AM
epriestley raised the priority of this task from to Normal.
epriestley updated the task description. (Show Details)
epriestley added a project: Phacility.
epriestley moved this task to Do After Launch on the Phacility board.
epriestley added a subscriber: epriestley.
epriestley added a parent task: T8210: Phacility Cluster: Bastion host stopped responding.May 15 2015, 1:10 PM
epriestley mentioned this in T8210: Phacility Cluster: Bastion host stopped responding.May 15 2015, 2:51 PM
epriestley added a commit: Restricted Diffusion Commit.May 15 2015, 3:21 PM
epriestley added a commit: Restricted Diffusion Commit.May 15 2015, 4:56 PM
epriestley closed this task as Resolved.May 15 2015, 5:42 PM
epriestley claimed this task.

Deploying a bastion host now synchronizes account, key and sudoer state automatically.

The bin/remote authorize command is now obsolete.

I've updated the documentation.

(As a bonus, it looks like I fixed that prompting for new config file stuff, too.)

epriestley added a comment.May 15 2015, 5:45 PM

I also realigned the use of DNS. We now use:

  • bastion.phacility.net: Internal service. TTL 30s.
  • bastion-external.phacility.net: External service. TTL 30s.

This is more flexible and consistent than the old approach, and has a 90% shorter TTL.

chad awarded a token.May 15 2015, 6:14 PM
Phabricator · Built by Phacility