Pallet Multiuser Configuration
The last time we talked about Pallet we described using a pallet.clj file in concert with Leiningen to bring up remote servers, configure web applications, and deploy new version of web applications. We glossed over the details required for sharing deploys amongst a group of developers, i.e. allowing multiple developers to deploy to the same web server. These details were obviously prerequisites for a workable infrastructure system. Accordingly, below we describe how we are currently handling multi-user deploys and how we would prefer to handle them.
Current approach to multi-user deploys
There are two main changes we made to accommodate multi-user deploys:
- Set a specific admin user when creating the server and starting the web app process
- Ensure deploys are performed as this user
To handle the first, pallet.crate.automated-admin-user provides the automated-admin-user function, which is passed to a plan-fn in the bootstrap phase and takes a username argument. Similarly the app-deploy/server-spec takes a {:user "[username]"} key-value pair to set the user which will run the web application.
To handle the second requirement, deploying to the server as a specific user, there are a number of options. The sub-optimal route we have chosen for now is to use the global .pallet/config.clj file to set the pallet admin username and the paths to ssh keys. We also played around with a script to su into an account named after the admin user and deploy as that user. The benefit of this is that a developer does not rely on any files outside of the repo. However we think this benefit is outweighed by the detriment of having an unnecessary user on the developer’s system and the potential security vulnerabilities.
Preferred approach to multi-user deploys
Ideally, we would like a way to make a change to our pallet.clj script that sets the admin user used in deploys. We tried binding the *admin-user* dynamic var, and passing the :user key to various operations, but to no avail. If any Pallet users, like real-life users, have insight into configuring the admin user, please let us know!