At the moment we are rather fortunate in that we have managed to sidestep being tied to ip address management in the current codebase,
but because each SSL certificate can only be associated to one IP address/Port combination on a server we will have to keep track of them.

We have an ip_address field on hosting_server we aren't making use of at the moment, but unfortunately we will need to normalize the information more.

On the server add / edit forms, we will need to provide a mechanism to maintain a list of IP addresses associated to the server. When we do the subsequent server verify we will need to validate that these IP's actually point to the server. This might be complex in that we can only run remote SSH commands and do not have drush available on the remote server.

When the user enables SSH management on the site, we will need to do validation on the current target platform as to wether it has any unclaimed IP addresses available. We will need to do the same validation during migrate and clone commands, to ensure we can actually migrate a site while maintaining SSL.

Comments

adrian’s picture

adrian CreditAttribution: adrian commented
Status: Active » Needs work

i added the UI on the server form.

not doing any validation other than checking for real ip addresses.

http://skitch.com/vertice/dku2w/moya.local-t

not sure we can actually do validation for this. can anyone think of a way ?

anarcat’s picture

anarcat CreditAttribution: anarcat commented

We have _hosting_valid_ip() we can use to validate each IP address. Then we could check if the IP is actually local, but that's much harder as it varies amongst platforms. I wouldn't bother.

adrian’s picture

adrian CreditAttribution: adrian commented

i do use the valid ip test.

i dont check for uniqueness, because there are systems that allow the same ip on multiple servers.

for now we are trusting the admins to not break things i guess.

adrian’s picture

adrian CreditAttribution: adrian commented
Status: Needs work » Fixed

gonna consider this closed as there's nothing more left to do here.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

  • Commit 46e03aa on dev-dns, dev-features, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newsiteform, dev-nginx, dev-ssl, prod-koumbit, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-588728-views-integration, dev-1403208-new_roles, dev-helmo-3.x by adrian: 
    Introduce the IP address management UI and tables. #836166

  • Commit 46e03aa on dev-dns, dev-features, dev-log_directory, dev-migrate_aliases, dev-multiserver-install, dev-newsiteform, dev-nginx, dev-ssl, prod-koumbit, dev-ssl-ip-allocation-refactor, dev-1205458-move_sites_out_of_platforms, 7.x-3.x, dev-588728-views-integration, dev-1403208-new_roles, dev-helmo-3.x by adrian: 
    Introduce the IP address management UI and tables. #836166