Enabling devops through Tcat permissions


In my previous post, I talked about what devops is and the need for devops tools around Tomcat. In this post, I want to go in depth around collaboration between devs and ops and how it applies to Tcat Server.

A key concept of the devops movement is that not only are there developers and operations, but there are also lots of people in between. Perhaps there is an ultimate authority on the operations team, but there are still many things you might want to enable developers or devops persons to do outside the operations team:

  • View the health of servers
  • Restart servers
  • View statistics about a server
  • Trigger a new deployment
  • Monitor alerts
  • Push builds to the Tcat repository for continuous deployment
A view of what a deployer sees.

A view of what a Deployer sees inside the console.

The way that Tcat tries to solve this problem is through it’s centralized management console. From here you can monitor and manage all your servers. Of course, you don’t want to give everyone access to everything, so we’ve added the ability to lock down the console at a high level of granularity.

Out of the box there are a number of defined user groups:

  • Administrators: these users have access to do everything inside the console.
  • Deployers: these users can only view deployments, deploy, undeploy and redeploy them.
  • Monitors: these users can view all the data inside Tcat, but they are not allowed to modify anything.
  • Server Administrators: these users can administer individual servers, but not administer the console itself (e.g. users and user groups)

In addition to these defined user groups, you can define new ones and even grant permissions on a per server group basis. For example, here is a Developer role which gives Developers access to only the Development server group:

Adding a user group which gives access to development servers.

Adding a user group which gives access to development servers.

You can see that on the left hand side you can grant permissions to do things like deploy applications. Then, with the right hand column you can grant permissions to specific server groups. In this case, I’ve granted all permissions to the Development group, but no permissions to any other group. This means that anyone in the Developer group can log in and monitor or manage any of the Development servers, but they can’t monitor or manage any other servers, like the ones in the production group.

I hope this allows you to see how you can easily collaborate on server management using Tcat Server. In my next post I’ll talk about how you can increase your agility through continuous deployment!

We'd love to hear your opinion on this post