Open alanbchristie opened 4 months ago
Needs someone to test it.
@alanbchristie says this work is done, but it is not deployed and needs testing
@alanbchristie has not verified this for the one private target (Lizbe's).
@phraenquex says we no longer need to support private legacy targets (especially if there's only one target).
@alanbchristie to clean up Frank's credentials from the legacy code. Then move to production.
For the record ... in order to disable ISPyB connections in the legacy stack we simply have to remove any definition of the Pod environment variable ISPYB_HOST
. If not defined the get_remote_conn()
function will not create a connection (nor try to communicate with ISPyB (MySQL).
Importantly
SECURITY_CONNECTOR
must be defined asssh_ispyb
to force remote connections (which will not be made).
From Warren: -
The concern is where does this end? If it's simply accessing legacy data then we probably just need to...
security
modules that permit the new access mechanism (i.e. key-based SSH Tunnel and "service account"). This will be delicate work, as the code in the V2 stack has undergone numerous structural changes.ConfigMap
) to the stack.The V2 stack introduced a number of variables in this area, which can have sensible defaults for the V1 stack: -
SECURITY_CONNECTOR_CACHE_MINUTES
PUBLIC_TAS_LIST
SSH_PRIVATE_KEY_FILENAME