#2546: Migrate LDAP web tools from old-web to secure
---------------------------+---------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2020-II
Component: Systems Admin | Keywords:
---------------------------+---------------------------------------
I belive LDAP web tools are the only thing still on old-web. This ticket
is to migrate them to another machine (secure? nginx?) so old-web
container can be stopped and eventually retired.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+----------------------------------------
Reporter: strk | Owner: sac@…
Type: task | Status: new
Priority: normal | Milestone: Sysadmin Contract 2021-II
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+----------------------------------------
Comment (by robe):
I'd feel better if this weren't on secure and we have a separate container
for it just cause I wanted to keep secure very bare bones since it's so
critical. So I don't even want a webserver on it. Although I do like the
idea of it all being self-contained all the ldap stuff so I'm a little
torn.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:4>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Changes (by strk):
* owner: sac@… => strk
* status: new => assigned
Comment:
I'm working in an `osgeo7-id-apache2` branch of
https://git.osgeo.org/gitea/sac/ansible-deployment and I deployed it
already on the `osgeo7` `id` container, next step: enabling a staging
domain for id.osgeo.org and proxy to the new container, to continue
testing (time to get LDAP access for staging).
Biggest work is python3 compatibility, I only touched enough of the
ldap/create script to make it render the form and perform checking, but
I'm sure other scripts will need to be touched so full test of all
operations will be needed.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:6>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
I've merged the code in the master branch, will remove other branches for
now
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:7>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
I've now deployed a `ldap-web` container on osgeo7 and manually added an
nginx configuration to proxy `staging.id.osgeo.org` there. It takes a
local alias to pointing that hostname to the osgeo7 IP in order to use,
and accepting the invalid https certificate, but it's a way to see what
works and what not.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:8>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
BTW: the ansible role was renamed to `ldap-web` so it doesn't sound odd to
eventually deploy it to a staging machine.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:9>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
slowly getting better, next issue is figuring out how to install the LDAP
credentials as there's currently no "official" place where such
credentials are stored, so we need to find out a good strategy for
deploying them
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:10>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
One thing not to forget: add backup of the new `ldap-web` container in
osgeo4 backup script
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:11>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
Ok from what I can see the staging ldap web container seems to work,
anyone up for testing it ?
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:12>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
Backup script has been updated with https://git.osgeo.org/gitea/sac
/ansible-deployment/commit/b2bf7057804d9cd3e405dffdd9f9259ab7ec40a3 (still
not deployed at time of writing)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:13>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by robe):
I feel like we've tested enough can we just make it live. I'm not quite
sure how to do that with ansible - (still need to get my dev setup). I can
do manually?
e.g. rename staging-id to id and change nginx config on id.osgeo.org
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:14>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
I will do it. There's no container renaming needed, just nginx config
update, and is already under ansible.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:15>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
Ok one thing to do would be copying the pending users creation tokens from
one container to the other, but unfortunately the format of the tokens was
changed, in the python3, from binary to ascii (json) so that needs to be
fixed somehow.
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:16>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
I noticed the pending tokens where older than 15 days so I decided not to
copy them over.
So I've deployed the change ( https://git.osgeo.org/gitea/sac/ansible-
deployment/commit/e8df47a667ff59496da9c1812b780fd38b6a4835 ) and we're
then live.
Still todo:
- Deploy the update to the backup script on osgeo4
- Deploy the mantra (currently done manually)
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:17>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: assigned
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution:
Keywords: |
---------------------------+---------------------------------------
Comment (by strk):
The backup script on osgeo4 was updated
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:18>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.
#2546: Migrate LDAP web tools from old-web to new container
---------------------------+---------------------------------------
Reporter: strk | Owner: strk
Type: task | Status: closed
Priority: normal | Milestone: Sysadmin Contract 2022-I
Component: Systems Admin | Resolution: fixed
Keywords: |
---------------------------+---------------------------------------
Changes (by strk):
* status: assigned => closed
* resolution: => fixed
Comment:
Mantra deployed as https://git.osgeo.org/gitea/sac/ansible-
deployment/commit/4cdbf49d677fd15ab708f118845fe2f72926c79a -- closing this
task as completed
--
Ticket URL: <https://trac.osgeo.org/osgeo/ticket/2546#comment:19>
OSGeo <https://osgeo.org/>
OSGeo committee and general foundation issue tracker.