Page MenuHomePhabricator

All deploys use specific keyholder key
ClosedPublic

Authored by thcipriani on Sep 28 2017, 3:27 PM.

Details

Reviewers
mmodell
demon
dduvall
Group Reviewers
Release-Engineering-Team
Commits
rMSCAcf383313c013: All deploys use specific keyholder key
Patch without arc
git checkout -b D796 && curl -L https://phabricator.wikimedia.org/D796?download=true | git apply
Summary

The alphabetical ordering of keys in ssh-agent affects the order in
which keys are offered to remotes. MaxAuthTries is an sshd setting that
will raise a "Too many authentication failures" error after it has been
offered more than MaxAuthTries keys.

The function get_keyholder_key seems to do the right thing in all
deployed repos including MediaWiki. I added the additional configuration
variable mediawiki_keyholder_key to allow us to set the key for scap2
deployments without having scap3 repos inherit the configuration.

Diff Detail

Repository
rMSCA Scap
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

thcipriani created this revision.Sep 28 2017, 3:27 PM
Restricted Application added a reviewer: Release-Engineering-Team. · View Herald TranscriptSep 28 2017, 3:27 PM
Restricted Application added a project: Release-Engineering-Team. · View Herald Transcript
mmodell accepted this revision.Sep 28 2017, 3:46 PM
This revision is now accepted and ready to land.Sep 28 2017, 3:46 PM

Tox fix for flake8

This revision was automatically updated to reflect the committed changes.