infra/codestorage/hg-ssh
infra/codestorage/hg-ssh/Dockerfile
Update to broadcast pushes to all our web frontends. We'll need dig, so install that when we apt-get. Fix a typo in the hashbang line for create_user.sh Add an hgrc file that goes in /etc/mercurial/hgrc to add the changegroup.fe_publish hook to all our repos. Basically, any time we get a change on disk, that automatically gets propagated out to all the frontend using our post-commit-broadcast.sh script. Write the aforementioned post-commit-broadcast.sh script. This basically finds the repo we're in (by stripping known prefixes), then uses dig to compile a list of web frontends. Finally, for each web frontend, we do an hg push over http. Not so hard, but it means all our web frontends are kept recent. This has a few shortcomings. I don't think it will work when starting a new repo; I think we need to wait for hg-repo-sync to back that up, then the web frontend to pull from backups. Another possibility is that we push, then stand up a new front end before the push makes it into the backups. The frontend then won't have that push until it pulls again from backups. These are rare, minutes-long windows where we're out of sync, so I'm really ok with these failure modes.
| paddy@1 | 1 FROM secondbit/hg-repo-sync |
| paddy@1 | 2 MAINTAINER Paddy "<paddy@secondbit.org>" |
| paddy@0 | 3 |
| paddy@0 | 4 ADD create_user.sh /usr/local/bin/helpers/create_user.sh |
| paddy@0 | 5 RUN chmod +x /usr/local/bin/helpers/create_user.sh |
| paddy@1 | 6 ADD run.sh /usr/local/bin/helpers/run-ssh.sh |
| paddy@1 | 7 RUN chmod +x /usr/local/bin/helpers/run-ssh.sh |
| paddy@1 | 8 ADD pullkeys.sh /usr/local/bin/helpers/pullkeys.sh |
| paddy@1 | 9 RUN chmod +x /usr/local/bin/helpers/pullkeys.sh |
| paddy@2 | 10 ADD post-commit-broadcast.sh /usr/local/bin/helpers/broadcast-to-frontends.sh |
| paddy@2 | 11 RUN chmod +x /usr/local/bin/helpers/broadcast-to-frontends.sh |
| paddy@2 | 12 |
| paddy@2 | 13 ADD hgrc /etc/mercurial/hgrc |
| paddy@0 | 14 |
| paddy@0 | 15 RUN mkdir /var/run/sshd |
| paddy@0 | 16 |
| paddy@0 | 17 # install required packages |
| paddy@0 | 18 RUN apt-get -y update |
| paddy@2 | 19 RUN apt-get -y install openssh-server dnsutils |
| paddy@0 | 20 |
| paddy@0 | 21 #ADD sshd_config /etc/ssh/sshd_config |
| paddy@0 | 22 RUN sed -ri 's/session required pam_loginuid.so/session optional pam_loginuid.so/g' /etc/pam.d/sshd |
| paddy@0 | 23 RUN sed -ri 's/#PasswordAuthentication yes/PasswordAuthentication no/g' /etc/ssh/sshd_config |
| paddy@0 | 24 RUN sed -ri 's/PermitRootLogin without-password/PermitRootLogin no/g' /etc/ssh/sshd_config |
| paddy@0 | 25 |
| paddy@0 | 26 EXPOSE 22 |
| paddy@0 | 27 |
| paddy@1 | 28 CMD ["/usr/local/bin/helpers/run-ssh.sh"] |