Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

lib-sftp creation of ansible managed server #4

Open
2 of 7 tasks
kayiwa opened this issue Aug 2, 2022 · 8 comments
Open
2 of 7 tasks

lib-sftp creation of ansible managed server #4

kayiwa opened this issue Aug 2, 2022 · 8 comments
Assignees
@acozine

Comments

@kayiwa
Copy link
Member

kayiwa commented Aug 2, 2022
edited
Loading

We need an SFTP server that allows service connections. These connections allow us to manage jobs using the lib_jobs repo (these were formerly rake tasks on someone's laptop). Use cases are documented here. They include:

  • processing HR files for new hire access to library resources
  • data dumps from Alma for bibdata

This ticket lists what the lib-sftp servers is expected to do from an automation perspective, when and
where.

Expected paths

All account connections should use the directory /alma, including service accounts and individual accounts.

Service accounts that need to connect to lib-sftp:

  • ftp definition on alma
  • lib-jobs
  • aspace
  • bibdata

Individual accounts that need to connect to sftp

  • users (netids from Active Directory)
  • alma user
  • others TBD
@kayiwa
Copy link
Member Author

kayiwa commented Aug 25, 2022

make AD users have r/w

@kayiwa
Copy link
Member Author

kayiwa commented Sep 21, 2022
edited
Loading

Acceptance Criteria for user ssh/sftp

try to log in to the vm with ssh -v pu.win.princeton.edu\\<netid>@lib-sftp-staging1.princeton.edu

This should fail until you run:

ansible-playbook -v playbooks/lib_sftp.yml -e [email protected]

Make another attempt to log in.

@christinach
Copy link
Member

christinach commented Sep 21, 2022
edited by kayiwa
Loading

when I run ansible-playbook -v playbooks/lib_sftp.yml -e [email protected] it fails with
fatal: [lib-sftp-staging1.princeton.edu]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"lib-sftp-staging1.princeton.edu\". Make sure this host can be reached over ssh: no such identity: /Users/cc62/.ssh/id_ed25519: No such file or directory\r\[email protected]: Permission denied (publickey,password).\r\n", "unreachable": true}

sorry about that. I'd forgotten to add all our keys to the pulsys user.

@christinach
Copy link
Member

@kayiwa applied an update. I was able to run the playbook successfully and then ssh and login.

@acozine
Copy link
Contributor

acozine commented Sep 22, 2022
edited
Loading

This is a separate service from the SFTP server for ProQuest. The ProQuest one lives in the cloud. This one lives on-prem.

@kayiwa
Copy link
Member Author

kayiwa commented Sep 26, 2022

created an almasftp user service account for auth.

@christinach christinach mentioned this issue Nov 14, 2022
Closed
@acozine acozine self-assigned this Feb 14, 2023
@leefaisonr
Copy link
Contributor

We are experiencing this bug with the Jammy Jellyfish images: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1934997

@acozine
Copy link
Contributor

acozine commented Jul 8, 2024

Related to pulibrary/princeton_ansible#4938

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@acozine acozine

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kayiwa @acozine @christinach @leefaisonr