Migrate LDAP web tools from old-web to new container

[strk]

I belive LDAP web tools are the only thing still on old-web. This ticket is to migrate them to another machine (secure? nginx?) so old-web container can be stopped and eventually retired.

[strk]

Ticket retargeted after milestone closed

[robe]

Milestone renamed

[robe]

Move these to next contract milestone

[robe]

I'd feel better if this weren't on secure and we have a separate container for it just cause I wanted to keep secure very bare bones since it's so critical. So I don't even want a webserver on it. Although I do like the idea of it all being self-contained all the ldap stuff so I'm a little torn.

[strk]

Ticket retargeted after milestone closed

[strk]

I'm working in an osgeo7-id-apache2 branch of ​https://git.osgeo.org/gitea/sac/ansible-deployment and I deployed it already on the osgeo7 id container, next step: enabling a staging domain for id.osgeo.org and proxy to the new container, to continue testing (time to get LDAP access for staging).

Biggest work is python3 compatibility, I only touched enough of the ldap/create script to make it render the form and perform checking, but I'm sure other scripts will need to be touched so full test of all operations will be needed.

[strk]

I've merged the code in the master branch, will remove other branches for now

[strk]

I've now deployed a ldap-web container on osgeo7 and manually added an nginx configuration to proxy staging.id.osgeo.org there. It takes a local alias to pointing that hostname to the osgeo7 IP in order to use, and accepting the invalid https certificate, but it's a way to see what works and what not.

[strk]

BTW: the ansible role was renamed to ldap-web so it doesn't sound odd to eventually deploy it to a staging machine.

[strk]

slowly getting better, next issue is figuring out how to install the LDAP credentials as there's currently no "official" place where such credentials are stored, so we need to find out a good strategy for deploying them

[strk]

One thing not to forget: add backup of the new ldap-web container in osgeo4 backup script

[strk]

Ok from what I can see the staging ldap web container seems to work, anyone up for testing it ?

[strk]

Backup script has been updated with ​https://git.osgeo.org/gitea/sac/ansible-deployment/commit/b2bf7057804d9cd3e405dffdd9f9259ab7ec40a3 (still not deployed at time of writing)

[robe]

I feel like we've tested enough can we just make it live. I'm not quite sure how to do that with ansible - (still need to get my dev setup). I can do manually?

e.g. rename staging-id to id and change nginx config on id.osgeo.org

[strk]

I will do it. There's no container renaming needed, just nginx config update, and is already under ansible.

[strk]

Ok one thing to do would be copying the pending users creation tokens from one container to the other, but unfortunately the format of the tokens was changed, in the python3, from binary to ascii (json) so that needs to be fixed somehow.

[strk]

I noticed the pending tokens where older than 15 days so I decided not to copy them over. So I've deployed the change ( ​https://git.osgeo.org/gitea/sac/ansible-deployment/commit/e8df47a667ff59496da9c1812b780fd38b6a4835 ) and we're then live.

Still todo:

• Deploy the update to the backup script on osgeo4
• Deploy the mantra (currently done manually)

[strk]

The backup script on osgeo4 was updated

[strk]

Mantra deployed as ​https://git.osgeo.org/gitea/sac/ansible-deployment/commit/4cdbf49d677fd15ab708f118845fe2f72926c79a -- closing this task as completed