tickets #39872
closedÆ-DIR installation for PoC
100%
Description
For evaluating the proposal given in https://lists.opensuse.org/heroes/2018-07/msg00002.html some virtual server shall be set up.
Files
Updated by stroeder over 6 years ago
There were two servers setup:
aedir1.infra.opensuse.org: A writeable Æ-DIR provider
aedir2.infra.opensuse.org: A read-only Æ-DIR consumer
See https://aedir1.infra.opensuse.org/docs.html#sys-arch for understanding the different server roles.
You can reach the web services: https://aedir1.infra.opensuse.org
Note that only three so-called Æ Admin accounts were created for @stroeder, @cboltz and @tampakrap.
root access is available for three SSH keys added by @tampakrap.
Two zones were added:
mail for adding mail aliases
infra for infrastructure administration
Please read the docs.
Updated by stroeder over 6 years ago
You can find the ansible inventory, group vars etc. here: https://gitlab.infra.opensuse.org/stroeder/infra-ae-dir
Updated by stroeder over 6 years ago
The AE-DIR test servers are now integrated with themselves (pam_mkhomedir not yet used here).
$ ssh msin@aedir2.infra.opensuse.org
Last login: Thu Aug 16 23:32:02 2018 from 192.168.252.241
Could not chdir to home directory /home/msin: No such file or directory
msin@aedir2:/> id
uid=30000(msin) gid=30000(ae-vgrp-msin) groups=30000(ae-vgrp-msin),9000(ae-vgrp-role-all),9001(ae-vgrp-role-login),9002(ae-vgrp-role-log),9003(ae-vgrp-role-setup),30007(ae-sys-admins)
msin@aedir2:/> sudo su -
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for msin:
aedir2 (define_host_usage_in /etc/bash.bashrc.local):~ # id
uid=0(root) gid=0(root) groups=0(root)
Updated by stroeder almost 6 years ago
FWIW: Test servers have been upgraded to ansible-ae-dir-server tag v0.6.1, mainly an upgrade due to new web2ldap release 1.4.0.
Updated by stroeder almost 6 years ago
FWIW: Test servers have been upgraded to ansible-ae-dir-server tag v0.6.4 and recent OpenLDAP and web2ldap packages.
Updated by stroeder over 5 years ago
FWIW: Test servers have been upgraded to openSUSE Leap 15.1 based on ansible-ae-dir-server tag v0.7.2.
Updated by stroeder about 5 years ago
- Private changed from Yes to No
Removed private flag to let others see this ticket.
Updated by stroeder about 5 years ago
The Æ-DIR test systems were migrated to run all the Python stuff with Python 3.6. Python 2 was removed.
Some more recent package versions were needed which I provide in my own home repos already installed.
Unfortunately on aedir1.infra.o.o I had one issue which I could not resolve for now:
python3-salt requires the legacy package python3-pycrypto which conflicts with some modules needed by Æ-DIR requiring python3-pycryptodome. As a work-around I had to remove salt for now which is not a good solution of course.
Updated by Pharaoh_Atem about 5 years ago
For WebSSO stuff, could you try using Ipsilon with it? Ipsilon is not specifically tied to FreeIPA (unlike other alternatives), and it's packaged for openSUSE now: https://build.opensuse.org/package/show/home:Pharaoh_Atem:SUSE_Ipsilon/ipsilon
Once I'm happy with the packaging, I'll submit it to security:idm and maintain it there. That project is required as a repo dependency though (since python3-lasso and a few other things are there...)
Updated by kbabioch@suse.de about 5 years ago
- File signature.asc signature.asc added
Hi,
Am 22.11.19 um 14:46 schrieb admin@opensuse.org:
For WebSSO stuff, could you try using Ipsilon with it? Ipsilon is not specifically tied to FreeIPA (unlike other alternatives), and it's packaged for openSUSE now: https://build.opensuse.org/package/show/home:Pharaoh_Atem:SUSE_Ipsilon/ipsilon
Ipsilon is rather dead upstream:
https://pagure.io/ipsilon/commits/master
Last commit:
10 months ago
Best regards,
--
Karol Babioch kbabioch@suse.de
Project Manager Engineering Infrastructure
SUSE Software Solutions Germany GmbH
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer
Updated by stroeder about 5 years ago
Pharaoh_Atem wrote:
For WebSSO stuff, could you try
This ticket is solely about an Æ-DIR PoC installation. Feel free to help testing it.
But please add another ticket when suggesting/proposing/demanding anything about WebSSO.
Don't get me wrong: Of course I will help on Æ-DIR's side to help integrating a WebSSO solution once a decision is taken which that will be. But that's also a different story.
Updated by Pharaoh_Atem almost 5 years ago
kbabioch@suse.de wrote:
Hi,
Am 22.11.19 um 14:46 schrieb admin@opensuse.org:
For WebSSO stuff, could you try using Ipsilon with it? Ipsilon is not specifically tied to FreeIPA (unlike other alternatives), and it's packaged for openSUSE now: https://build.opensuse.org/package/show/home:Pharaoh_Atem:SUSE_Ipsilon/ipsilon
Ipsilon is rather dead upstream:
https://pagure.io/ipsilon/commits/master
Last commit:
10 months ago
Those commits were merged only a few months ago. The pull request that those commits came from was merged 4 months ago: https://pagure.io/ipsilon/pull-request/313
It is not dead, but there hasn't been too much work needed lately. The big thing that happened recently was getting it working on Python 3. Nobody works on Ipsilon full-time, including myself. I'm the maintainer of the Ipsilon packages in Fedora and working on its packaging in openSUSE.
Updated by lrupp almost 5 years ago
- Category set to Project work
- Status changed from New to Closed
- % Done changed from 60 to 100
Servers are.up and running, so the original topic of this issue is fixed. Therefor closing here. Please open new tickets, if needed.