deployer icon indicating copy to clipboard operation
deployer copied to clipboard

Published 20 hours ago verified publisher icon REBELinBLUE

Suggestion - Be able to manage servers and use key per server

Open cfpinto opened this issue 7 years ago • 14 comments

In controlled environments, it's useful to be able to reuse server setting.

What do you think?

cfpinto avatar Mar 08 '17 15:03 cfpinto

It is something a few people have asked for, something I want to look into but it will require quite a bit of refactoring at present

REBELinBLUE avatar Mar 10 '17 14:03 REBELinBLUE

Maybe it's possible to store the settings and then use some kind of hook to create the servers. This way you wouldn't have to refactor it all.

The SSL keys is another think that might be worth looking into using just the one. What was the logic behind using a unique key per project?

cfpinto avatar Mar 10 '17 16:03 cfpinto

Security, if a key gets exposed you'd only need to invalidate it on one server rather than possibly dozens if they were all sharing the same key.

However, you can provide your own key to use instead from the "SSH Key" tab when creating a project. A key manager is also on the list of improvements (I have a branch I started a long time ago but I want to get all tests written before I do any more new features)

REBELinBLUE avatar Mar 10 '17 18:03 REBELinBLUE

Yeah I use same server for a number of projects so I have to keep adding it to new projects.

What about using the template section to add servers in? Maybe select server on project creation?

bbashy avatar Mar 10 '17 20:03 bbashy

In my experience rarely one app runs on one server. If one key gets exposed the most likely is that it's in use on several servers. For me particularly the least servers I have running an app is 2. If a key got exposed I would still have to go through several servers to delete it.

Do you mind if I have a go on changing it to make it the admin choice to use a generic key, a key per server or current behavior?

cfpinto avatar Mar 15 '17 08:03 cfpinto

Feel free. As I said, you can currently provide your own SSH key when you set up a project from the SSH key tab. Take a look at the features/key-manager branch, I had started on a feature to allow this so there is a section in the admin tools to show a list of keys and which projects they are used on, and was planning to change the project management so when you create it you get a list of existing keys you can use, the option to generate a new key and the option to enter your own key. It is next on my list of things to work on after I finish the test coverage (currently at 93%, not much more to go...)

REBELinBLUE avatar Mar 15 '17 10:03 REBELinBLUE

I'm having some time off next week, I'll look into it then.

Cheers

cfpinto avatar Mar 16 '17 08:03 cfpinto

I've looked into your feature branch, but at the moment it's so far behind master that merge is causing to many conflicts in to many key peaces of code. What do you think about a complete rewrite?

cfpinto avatar Apr 10 '17 18:04 cfpinto

that is a fair point. Probably easier yeah, don't think there was much there to begin with

REBELinBLUE avatar Apr 11 '17 19:04 REBELinBLUE

I've split this feature in 2.

  1. Server manger
  2. Key manager

for the first one I've pretty much finished. I haven't run any of the automation tools neither have build tests. Will do both before the pull request.

Feel free to browse around https://github.com/cfpinto/deployer/tree/feature/server_manager

cfpinto avatar Apr 12 '17 01:04 cfpinto

👍 I shall take a look

REBELinBLUE avatar Apr 12 '17 20:04 REBELinBLUE

You know you've committed the .idea folder right?

REBELinBLUE avatar Apr 12 '17 20:04 REBELinBLUE

Yeah, it was really late last night. I've removed already

cfpinto avatar Apr 12 '17 20:04 cfpinto

Looks good.

REBELinBLUE avatar Apr 12 '17 21:04 REBELinBLUE