openstack team mailing list archive

[Sean Dague <sean@xxxxxxxxx>]

On 04/04/2013 05:31 PM, Jeremy Stanley wrote:
> On 2013-04-04 22:11:10 +0100 (+0100), Daniel P. Berrange wrote:
> [...]
> > I don't know how hard it would be for OpenStack Infrastructure team
> > to officially make Gerrit available via port 443, in addition to the
> > normal SSH port.
>
> We'd need to use different hostnames mapped to different IP
> addresses since 443/tcp is already in use on review.openstack.org
> for, well, HTTPS (the availability of fancy proxies which can
> differentiate SSH from SSL/TLS notwithstanding--do those exist?).
>
> The bigger question is whether it's worth the effort to maintain a
> workaround like that... are there companies who want their employees
> contributing to OpenStack development but won't grant those same
> developers access to our code review system over the Internet? If
> so, maybe some brave soul will take pity on them and set up a TCP
> bounce proxy somewhere on port 443 to forward to port 29418 on our
> Gerrit server for Git+SSH access on an alternate address and port. I
> don't think that would need any sort of buy-off from our
> Infrastructure Team (we can discuss if someone's actually interested
> in setting it up), but probably wouldn't be "official" all the same.

I'm with Jeremy, I think putting work arrounds into infrastructure to 
deal with companies setting up their networks in completely 
uncollaborative ways, is just a slipperly slope to craziness.

It's probably worth documenting the services one needs to be able to 
effectively collaborate with the community on a wiki, to give folks 
something to take back to their IT depts and say "punch these holes, 
otherwise we can't do our jobs". A page on openstack.org about that 
would probably give them more leverage than figuring it out themselves.

	-Sean

--
Sean Dague
http://dague.net