Git Product home page Git Product logo

charm-userdir-ldap's Introduction

Install the Canonical userdir-ldap package and configure it for use with Canonical infra.

The default options should be fine for our normal use. The only one you may want to pay attention to is "users-to-migrate", which is a space-separated list of usernames whose ssh keys will be copied from ~/.ssh/authorized_keys to /etc/ssh/user-authorized_keys. By default this is just the ubuntu user, as without this Juju will break, but if you need to add others, this is the place to do it.

Units of the userdir-ldap charm can also be cascaded. Cascaded units will take userdata from their upstream userdir-ldap units. To do this a "server" application can be related to a "client" application via the udprovide and udconsume relations. The "server" unit will attempt to rsync userdata from userdb.internal for the related "client" units. Note that userdb.internal may be configured to only allow syncing of the "template-hostname" userdata. In this case, "client" units will only be able to get userdata for "template-hostname" as well. See the bundle in "./tests/functional/tests/bundles/bionic.yaml" for an example.

Design note: with cascaded userdir-ldap units, user data is coming into the "server" from userdb-host unit via two paths:

  • rsynced via ud-replicate, where ud-replicate will process userdata for local consumption

  • straight rsync, without postprocessing, where client units in turn will be able to ud-replicate from

charm-userdir-ldap's People

Contributors

hloeung avatar sabaini avatar chanchiwai-ray avatar vultaire avatar barryprice avatar faebd7 avatar xiywang avatar spads-spads avatar sudeephb avatar peppepetra avatar addyess avatar axinojolais avatar valexby avatar lamontj avatar mthaddon avatar cjwatson avatar jneo8 avatar

Watchers

avatar

charm-userdir-ldap's Issues

"python-hosts" missing dependency

On Jammy install fails with python_hosts module missing

2023-05-15 14:03:37 WARNING unit.ud-ldap-standalone/1.install logger.go:60 Traceback (most recent call last):
2023-05-15 14:03:37 WARNING unit.ud-ldap-standalone/1.install logger.go:60   File "/var/lib/juju/agents/unit-ud-ldap-standalone-1/charm/hooks/install.real", line 26, in <module>
2023-05-15 14:03:37 WARNING unit.ud-ldap-standalone/1.install logger.go:60     import utils
2023-05-15 14:03:37 WARNING unit.ud-ldap-standalone/1.install logger.go:60   File "/var/lib/juju/agents/unit-ud-ldap-standalone-1/charm/hooks/utils.py", line 23, in <module>
2023-05-15 14:03:37 WARNING unit.ud-ldap-standalone/1.install logger.go:60     from python_hosts.hosts import Hosts, HostsEntry
2023-05-15 14:03:37 WARNING unit.ud-ldap-standalone/1.install logger.go:60 ModuleNotFoundError: No module named 'python_hosts.hosts'
2023-05-15 14:03:37 ERROR juju.worker.uniter.operation runhook.go:180 hook "install" (via explicit, bespoke hook script) failed: exit status 1
2023-05-15 14:04:49 DEBUG unit.ud-ldap-standalone/1.install logger.go:60 Hit:1 http://security.ubuntu.com/ubuntu jammy-security InRelease

workaround is to run on the unit

pip install python-hosts

Imported from Launchpad using lp2gh.

  • date created: 2023-05-15T14:38:37Z

  • owner: peppepetra

  • assignee: None

  • the launchpad url

domain should default to a blank string, not "unset"

Seen in a recent deployment of userdir-ldap:

ud-replicate fails, unable to find the requested file:
makedb: cannot open input file `juju-751555-prod-error-tracker-cassandra-0/passwd.tdb': No such file or directory

/var/lib/misc/thishost is a symlink to $(hostname).None: "lrwxrwxrwx 1 root root 47 Jul 19 09:49 thishost -> juju-751555-prod-error-tracker-cassandra-0.None"

This can be seen in the Juju unit logs:

2023-07-19 09:49:07 DEBUG unit.userdir-ldap/9.juju-log server.go:325 setup_udldap, config: {...'ciphers': ',,', 'domain': None, ...}

Note that this is not a string value - it's showing up as "None", not "'None'".

juju config shows that this value is "unset":
domain:
description: Fallback domain when none present. This is mostly to work around
MAAS's failure to add DNS for LXC containers - LP#1274947.
source: unset
type: string

And after setting it explicitly to an empty string, things start working:
domain:
description: Fallback domain when none present. This is mostly to work around
MAAS's failure to add DNS for LXC containers - LP#1274947.
source: user
type: string
value: ""

2023-09-20 04:57:18 DEBUG unit.userdir-ldap/9.juju-log server.go:325 setup_udldap, config: {'...'ciphers': ',,', 'domain': '',...}

ubuntu@juju-751555-prod-error-tracker-cassandra-0:~$ sudo ud-replicate
receiving file list ... done
...
sent 13,031 bytes received 9,258 bytes 8,915.60 bytes/sec
total size is 1,494,751 speedup is 67.06

Imported from Launchpad using lp2gh.

  • date created: 2023-09-20T05:05:33Z

  • owner: jsimpso

  • assignee: None

  • the launchpad url

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.