A Balrog deployment consists of multiple servers and many consumers of various types. This page documents all of the systems involved and their interactions. Below is a description showing the interactions between the different systems.

Servers

Admin node

The admin node is a single instance of the admin wsgi application. It is the only part of the system that has a read-write connection to the database. The admin node requires that the web server or load balancer authenticate users and forward the user information through REMOTE_USER. The application then checks the user against its own ACLs to verify that that account is allowed to make the request.

IT knows this as "aus4-admin".

Public nodes

Public nodes handle incoming update requests from Firefox and other applications through the public wsgi application. They have a read-only connection to the database. No authentication is required to access them.

IT knows these as "aus4".

Clients

Build slaves

Build slaves make requests to the admin node to submit data about nightly or release builds. They connect over SSL and authenticate using the "stage-ffxbld" or "ffxbld" LDAP account and password. They make PUT requests to the /releases/:name/builds/:platform/:locale endpoint and submit a small bundle of JSON data that describes a build. These accounts only have access to do this specific operation, enforced by Balrog through its own ACLs.

Build slaves also make requests to the public nodes when running some verification tests.

Humans

Humans have access to the admin node for various things including viewing data for debugging or other purposes and manipulating update paths (eg, to make a new release live). Humans generally have the "admin" ACL, meaning that there's no limitations on what they can do. Like build slaves, humans authenticate over SSL with their LDAP account.

Firefox and other applications

Firefox and other applications periodically make a request to Balrog's public interface for an update. A more detailed description of this process is available.