|
|
| Line 1: |
Line 1: |
| A Balrog deployment consists of multiple servers and many consumers of various types. This page documents all of the systems involved and their interactions. Below is a description showing the interactions between the different systems.
| | #REDIRECT [https://mana.mozilla.org/wiki/display/websites/aus4.mozilla.org mana.mozilla.org] |
| | |
| = Servers =
| |
| == Admin node ==
| |
| The admin node is a single instance of [https://github.com/mozilla/balrog/blob/master/admin.wsgi the admin wsgi application]. It is the only part of the system that has a read-write connection to the database. The admin node requires that the web server or load balancer authenticate users and forward the user information through REMOTE_USER. The application then checks the user against its own ACLs to verify that that account is allowed to make the request.
| |
| | |
| IT knows this as "aus4-admin".
| |
| | |
| == Public nodes ==
| |
| Public nodes handle incoming update requests from Firefox and other applications through [https://github.com/mozilla/balrog/blob/master/balrog.wsgi the public wsgi application]. They have a read-only connection to the database. No authentication is required to access them.
| |
| | |
| IT knows these as "aus4".
| |
| | |
| = Clients =
| |
| == Build slaves ==
| |
| Build slaves make requests to the admin node to submit data about nightly or release builds. They connect over SSL and authenticate using the "stage-ffxbld" or "ffxbld" LDAP account and password. They make PUT requests to the /releases/:name/builds/:platform/:locale endpoint and submit a small bundle of JSON data that describes a build. These accounts only have access to do this specific operation, enforced by Balrog through its own ACLs.
| |
| | |
| Build slaves also make requests to the public nodes when running some verification tests.
| |
| | |
| == Humans ==
| |
| Humans have access to the admin node for various things including viewing data for debugging or other purposes and manipulating update paths (eg, to make a new release live). Humans generally have the "admin" ACL, meaning that there's no limitations on what they can do. Like build slaves, humans authenticate over SSL with their LDAP account.
| |
| | |
| == Firefox and other applications ==
| |
| Firefox and other applications periodically make a request to Balrog's public interface for an update. A [[Balrog/Workflow | more detailed description of this process is available]].
| |