Task #11313
closed
Activate a LDAP slave at the GARR facility
100%
Description
Some of the recent rstudio problems are attributable to long timeouts in the ldap connections. The local cache is not efficient enough to masque them, so a local ldap instance would be a more robust solution.
Updated by Andrea Dell'Amico over 7 years ago
hostname and IP: ip-90-147-166-165.ct1.garrservices.it, 90.147.166.165. Private IP: 192.168.100.32
Updated by Andrea Dell'Amico over 7 years ago
I'm not adding a hostname under the d4science.org domain right now, we cannot wait for a certificate.
Updated by Andrea Dell'Amico over 7 years ago
- Status changed from New to In Progress
Updated by Pasquale Pagano over 7 years ago
we have the new domains available for this kind of service. Why don't we use d4science.net? @tommaso.piccioli@isti.cnr.it, can you confirm that we can start using the .net domain?
Updated by Andrea Dell'Amico over 7 years ago
- % Done changed from 0 to 30
Update: I tried in more than one way to add the consumer configuration to the GARR instance, but without success. I'll try again tomorrow, but the documentation is awful.
Updated by Andrea Dell'Amico over 7 years ago
- % Done changed from 30 to 50
We have a working replica. I'm now going to reconfigure one of the rstudio servers and check if the setup works.
Updated by Andrea Dell'Amico over 7 years ago
It works, with start_tls and not SSL, because the certificate does not match the hostname (we are using the private IP address).
Updated by Andrea Dell'Amico over 7 years ago
I just committed all the configuration templates and tasks needed to setup a provider/consumer configuration. I chose to use the accesslog mode for the replica so that less information is sent to the consumers. That means however that under /var/lib/ldap/accesslog some new dbs are created. They store the changes from the main DB that the consumer uses to synchronise its data.
The accesslog files are checked once a day, and the files older than two days are pruned.
Updated by Andrea Dell'Amico over 7 years ago
- % Done changed from 50 to 90
I also changed the r_connector playbook so that we can choose the correct parameters for the GARR instances. Next monday I'll distribute the new configurations on all the GARR rstudio servers.
Updated by Andrea Dell'Amico over 7 years ago
- Status changed from In Progress to Closed
- % Done changed from 90 to 100
Done. The new ldap server now is used to authenticate all the rstudio GARR instances.
