[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Problem with git repo and ssh



Hello everyone.

I have some problem with ssh access to the gears git repo, but let me first describe my slightly strange setup.

I only have 1 public IP address so what I have done is configured a dedicated machine as a apache reverseproxy as follows (the example is for http, have same for https):
RewriteCond %{HTTP_HOST} ^$ [OR]
RewriteCond %{HTTP_HOST} ^<openshift subdomain>$
RewriteRule ^/?(.*) http://<broker ip>/$1 [L,P]
RewriteCond %{HTTP_HOST} ^.*\.<openshift subdomain>$
RewriteRule ^/?(.*) http://%{HTTP_HOST}/$1 [L,P]
RewriteCond %{HTTP_HOST} !^.*\.<openshift subdomain>$
RewriteRule ^/?(.*) http://%{HTTP_HOST}/$1 [L,R=404]

The external DNS points *..<openshift subdomain> to the public IP and the reverse webproxy is using the internal openshift DNS as resolver.
I know there will be some performance issues later on with a DNS query for each request.

The problem is when I want to update my gears git repo's, for that I need to be able to talk with the node running the gear and that is not possible (the clients can only talk with the webproxy machine).
Have anyone of you written a plugin to either distribute the openshift guest account creation or add the local users in a LDAP directory?
Is it possible to change the repo URI from ssh to http(s)?

The next step is to mount /var/lib/openshift from webproxy on each machine with the node role.
I know this isn't either best practice but the webproxy needs to be able to access the git repo directory.
Another solution might be to use an external git service like github or gitlab, but the problem with user information (username, uid, $HOME) will still be a nut to crack,
and then we need to create all repo's dynamic and probably a lot of other issues as well.

The users we aiming for is mainly our developers that doesn't want or can setup ssh/ssh-agent forwardings just to check in some code, they are used with continious integration
and would probably expect the new lab/test/dev environment with openshift will be easy to work with.

//Robert
-- 
Robert Soderlund


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]