Open kayiwa opened 2 years ago
make AD users have r/w
try to log in to the vm with ssh -v pu.win.princeton.edu\\<netid>@lib-sftp-staging1.princeton.edu
This should fail until you run:
ansible-playbook -v playbooks/lib_sftp.yml -e ad_user=netid@pu.win.princeton.edu
Make another attempt to log in.
when I run ansible-playbook -v playbooks/lib_sftp.yml -e ad_user=cc62@pu.win.princeton.edu
it fails with
fatal: [lib-sftp-staging1.princeton.edu]: UNREACHABLE! => {"changed": false, "msg": "Data could not be sent to remote host \"lib-sftp-staging1.princeton.edu\". Make sure this host can be reached over ssh: no such identity: /Users/cc62/.ssh/id_ed25519: No such file or directory\r\npulsys@lib-sftp-staging1.princeton.edu: Permission denied (publickey,password).\r\n", "unreachable": true}
sorry about that. I'd forgotten to add all our keys to the pulsys user.
@kayiwa applied an update. I was able to run the playbook successfully and then ssh and login.
This is a separate service from the SFTP server for ProQuest. The ProQuest one lives in the cloud. This one lives on-prem.
created an almasftp
user service account for auth.
We are experiencing this bug with the Jammy Jellyfish images: https://bugs.launchpad.net/ubuntu/+source/sssd/+bug/1934997
We need an SFTP server that allows service connections. These connections allow us to manage jobs using the
lib_jobs
repo (these were formerly rake tasks on someone's laptop). Use cases are documented here. They include:This ticket lists what the lib-sftp servers is expected to do from an automation perspective, when and where.
Expected paths
All account connections should use the directory
/alma
, including service accounts and individual accounts.Service accounts that need to connect to lib-sftp:
Individual accounts that need to connect to sftp