Infraxys architecture
Infraxys components
- MySQL database: Configuration information
- Vault: Docker container running HashiCorp Vault. Used to store secrets and variables.
- Application server: Tomcat running in a Docker container
- Provisioning server: Physical or virtual instance with Docker installed. Every action starts running on these servers.
- FluentD: Docker container for logging and auditing. Runs with every application server.
Security
Users are created at the project-level and see the project tree from this level if they are assigned the default UI. When a user or his project is assigned to the DirectUI, then nothing is visible and he’ll only be able to execute actions directly.
Authentication is done through Auth0 or using the local database. This can be configured through the administration console.
Users can login to all or only some application servers, so running code on specific provisioning servers can be blocked at this level already. Sys-admins configure the ssh-connection between an application server and provisioning servers.
Running code is always done in Docker containers on provisioning servers. These containers live during the execution of the code. No changes to the provisioning server can be made from these Docker containers.