Project

General

Profile

tickets #39872

Æ-DIR installation for PoC

Added by stroeder about 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Project work
Target version:
-
Start date:
2018-08-16
Due date:
% Done:

100%

Estimated time:

Description

For evaluating the proposal given in https://lists.opensuse.org/heroes/2018-07/msg00002.html some virtual server shall be set up.

signature.asc (833 Bytes) signature.asc kbabioch@suse.de, 2019-11-22 13:58

History

#1 Updated by stroeder about 3 years ago

There were two servers setup:
aedir1.infra.opensuse.org: A writeable Æ-DIR provider
aedir2.infra.opensuse.org: A read-only Æ-DIR consumer

See https://aedir1.infra.opensuse.org/docs.html#sys-arch for understanding the different server roles.

You can reach the web services: https://aedir1.infra.opensuse.org

Note that only three so-called Æ Admin accounts were created for stroeder, cboltz and @tampakrap.

root access is available for three SSH keys added by @tampakrap.

Two zones were added:

  1. mail for adding mail aliases

  2. infra for infrastructure administration

Please read the docs.

#2 Updated by stroeder about 3 years ago

You can find the ansible inventory, group vars etc. here: https://gitlab.infra.opensuse.org/stroeder/infra-ae-dir

#3 Updated by stroeder about 3 years ago

The AE-DIR test servers are now integrated with themselves (pam_mkhomedir not yet used here).

$ ssh msin@aedir2.infra.opensuse.org
Last login: Thu Aug 16 23:32:02 2018 from 192.168.252.241
Could not chdir to home directory /home/msin: No such file or directory
msin@aedir2:/> id
uid=30000(msin) gid=30000(ae-vgrp-msin) groups=30000(ae-vgrp-msin),9000(ae-vgrp-role-all),9001(ae-vgrp-role-login),9002(ae-vgrp-role-log),9003(ae-vgrp-role-setup),30007(ae-sys-admins)
msin@aedir2:/> sudo su -

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:

    #1) Respect the privacy of others.
    #2) Think before you type.
    #3) With great power comes great responsibility.

[sudo] password for msin: 
aedir2 (define_host_usage_in /etc/bash.bashrc.local):~ # id 
uid=0(root) gid=0(root) groups=0(root)

#4 Updated by stroeder over 2 years ago

FWIW: Test servers have been upgraded to ansible-ae-dir-server tag v0.6.1, mainly an upgrade due to new web2ldap release 1.4.0.

#5 Updated by stroeder over 2 years ago

FWIW: Test servers have been upgraded to ansible-ae-dir-server tag v0.6.4 and recent OpenLDAP and web2ldap packages.

#6 Updated by stroeder over 2 years ago

FWIW: Test servers have been upgraded to openSUSE Leap 15.1 based on ansible-ae-dir-server tag v0.7.2.

#7 Updated by stroeder almost 2 years ago

  • Private changed from Yes to No

Removed private flag to let others see this ticket.

#8 Updated by stroeder almost 2 years ago

Added Karol as Æ-Admin in PoC.

#9 Updated by stroeder almost 2 years ago

The Æ-DIR test systems were migrated to run all the Python stuff with Python 3.6. Python 2 was removed.
Some more recent package versions were needed which I provide in my own home repos already installed.

Unfortunately on aedir1.infra.o.o I had one issue which I could not resolve for now:
python3-salt requires the legacy package python3-pycrypto which conflicts with some modules needed by Æ-DIR requiring python3-pycryptodome. As a work-around I had to remove salt for now which is not a good solution of course.

#10 Updated by Pharaoh_Atem almost 2 years ago

For WebSSO stuff, could you try using Ipsilon with it? Ipsilon is not specifically tied to FreeIPA (unlike other alternatives), and it's packaged for openSUSE now: https://build.opensuse.org/package/show/home:Pharaoh_Atem:SUSE_Ipsilon/ipsilon

Once I'm happy with the packaging, I'll submit it to security:idm and maintain it there. That project is required as a repo dependency though (since python3-lasso and a few other things are there...)

#11 Updated by kbabioch@suse.de almost 2 years ago

Hi,

Am 22.11.19 um 14:46 schrieb admin@opensuse.org:

For WebSSO stuff, could you try using Ipsilon with it? Ipsilon is not specifically tied to FreeIPA (unlike other alternatives), and it's packaged for openSUSE now: https://build.opensuse.org/package/show/home:Pharaoh_Atem:SUSE_Ipsilon/ipsilon

Ipsilon is rather dead upstream:

https://pagure.io/ipsilon/commits/master

Last commit:

10 months ago

Best regards,

--
Karol Babioch kbabioch@suse.de
Project Manager Engineering Infrastructure

SUSE Software Solutions Germany GmbH
(HRB 36809, AG Nürnberg)
Geschäftsführer: Felix Imendörffer

#12 Updated by stroeder almost 2 years ago

Pharaoh_Atem wrote:

For WebSSO stuff, could you try

This ticket is solely about an Æ-DIR PoC installation. Feel free to help testing it.

But please add another ticket when suggesting/proposing/demanding anything about WebSSO.

Don't get me wrong: Of course I will help on Æ-DIR's side to help integrating a WebSSO solution once a decision is taken which that will be. But that's also a different story.

#13 Updated by Pharaoh_Atem almost 2 years ago

kbabioch@suse.de wrote:

Hi,

Am 22.11.19 um 14:46 schrieb admin@opensuse.org:

For WebSSO stuff, could you try using Ipsilon with it? Ipsilon is not specifically tied to FreeIPA (unlike other alternatives), and it's packaged for openSUSE now: https://build.opensuse.org/package/show/home:Pharaoh_Atem:SUSE_Ipsilon/ipsilon

Ipsilon is rather dead upstream:

https://pagure.io/ipsilon/commits/master

Last commit:

10 months ago

Those commits were merged only a few months ago. The pull request that those commits came from was merged 4 months ago: https://pagure.io/ipsilon/pull-request/313

It is not dead, but there hasn't been too much work needed lately. The big thing that happened recently was getting it working on Python 3. Nobody works on Ipsilon full-time, including myself. I'm the maintainer of the Ipsilon packages in Fedora and working on its packaging in openSUSE.

#14 Updated by lrupp over 1 year ago

  • Category set to Project work
  • Status changed from New to Closed
  • % Done changed from 60 to 100

Servers are.up and running, so the original topic of this issue is fixed. Therefor closing here. Please open new tickets, if needed.

Also available in: Atom PDF