lib-sftp creation of ansible managed server

pulibrary / ops-catchall

Operations Catch All

0 stars 0 forks source link

lib-sftp creation of ansible managed server #4

Open kayiwa opened 2 years ago

kayiwa commented 2 years ago

We need an SFTP server that allows service connections. These connections allow us to manage jobs using the lib_jobs repo (these were formerly rake tasks on someone's laptop). Use cases are documented here. They include:

processing HR files for new hire access to library resources
data dumps from Alma for bibdata

This ticket lists what the lib-sftp servers is expected to do from an automation perspective, when and where.

Expected paths

All account connections should use the directory /alma, including service accounts and individual accounts.

Service accounts that need to connect to lib-sftp:

[ ] ftp definition on alma
[ ] lib-jobs
[ ] aspace
[ ] bibdata

Individual accounts that need to connect to sftp

[x] users (netids from Active Directory)
[x] alma user
[ ] others TBD

kayiwa commented 2 years ago

make AD users have r/w

kayiwa commented 2 years ago

Acceptance Criteria for user ssh/sftp

try to log in to the vm with ssh -v pu.win.princeton.edu\\<netid>@lib-sftp-staging1.princeton.edu

This should fail until you run:

ansible-playbook -v playbooks/lib_sftp.yml -e ad_user=netid@pu.win.princeton.edu

Make another attempt to log in.

christinach commented 2 years ago

when I run ansible-playbook -v playbooks/lib_sftp.yml -e ad_user=cc62@pu.win.princeton.edu it fails with fatal: [lib-sftp-staging1.princeton.edu]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"lib-sftp-staging1.princeton.edu\". Make sure this host can be reached over ssh: no such identity: /Users/cc62/.ssh/id_ed25519: No such file or directory\r\npulsys@lib-sftp-staging1.princeton.edu: Permission denied (publickey,password).\r\n", "unreachable": true}

sorry about that. I'd forgotten to add all our keys to the pulsys user.

christinach commented 2 years ago

@kayiwa applied an update. I was able to run the playbook successfully and then ssh and login.

acozine commented 2 years ago

This is a separate service from the SFTP server for ProQuest. The ProQuest one lives in the cloud. This one lives on-prem.

kayiwa commented 2 years ago

created an almasftp user service account for auth.

leefaisonr commented 1 year ago

We are experiencing this bug with the Jammy Jellyfish images: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1934997

acozine commented 3 months ago