Kyle Isom
0cada7e64e
- Replace internal/auth with mcdsl/auth - Replace internal/config with mcdsl/config (embed config.Base) - Replace internal/webserver/csrf.go with mcdsl/csrf - Use mcdsl/web for session cookies and template rendering - Use mcdsl/httpserver for server setup and StatusWriter - Remove direct mcias client library dependency - Update .golangci.yaml to v2 format (formatters section) Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.2 KiB
1.2 KiB
Runbook
Service Overview
mcat is a web application for testing MCIAS login policies. It runs a TLS web server that lets users log in via MCIAS with a configurable service name and tag set.
Health Check
- Open
https://<host>:8443/loginin a browser. - If the login form renders, the service is healthy.
Common Operations
Start
systemctl start mcat
Stop
systemctl stop mcat
View Logs
journalctl -u mcat -f
Run Locally
make mcat
./mcat server --config srv/mcat.toml
Configuration
Config file: /srv/mcat/mcat.toml
After changing config, restart the service:
systemctl restart mcat
TLS Certificate Renewal
- Replace
/srv/mcat/certs/cert.pemand/srv/mcat/certs/key.pem. - Restart:
systemctl restart mcat.
MCIAS Unreachable
If MCIAS is down, logins and token validation will fail. Users will see generic error messages. Check MCIAS connectivity:
curl -k https://<mcias-host>:8443/v1/health
Escalation
If the issue is not covered above, check MCIAS logs and status. mcat has no local state — all authentication is delegated to MCIAS.