Application servers can be configured so that only members of certain teams can login to the application server.
This is useful if the application server has SSH-access to provisioning servers where only specific people or teams should be able to execute actions from.
This feature can be enabled through a configuration file on the application server. Multiple servers can have the same name so that further configuration clustered instances have the same configuration.
Open /opt/infraxys/config/env for editing.
export SERVER_NAME="INFRAXYS-PROD";
export SERVER_REQUIRES_TEAM="true";
SERVER_NAME: a recognizable name for the server, like SALES-PROD, FINANCE-DEV, or just PROD, DEV, … for smaller organizations.
SERVER_REQUIRES_TEAM: “true” or “false”. Set to “true” to enable this feature.
ONLY ADMINISTRATORS OF THE ROOT-PROJECT WILL BE ABLE TO LOGIN TO THIS APPLICATION SERVER INITIALLY!!!
When an Infraxys application server starts, it will check if the SERVER_NAME is already registered in the database. If it isn’t, it will add itself. Otherwise, if SERVER_REQUIRES_TEAM is true, it will only allow members of the registered teams to login.
Only administrators of the root-project are allowed to grant and revoke teams to login through the current application server. To allow a team of any project to login, do the following:
To see if the current application server is team-protected and to see the list of teams that have access to the current application server: