Task #11313
closed
Activate a LDAP slave at the GARR facility
Added by Andrea Dell'Amico almost 8 years ago.
Updated almost 8 years ago.
Assignee:
_InfraScience Systems Engineer
Category:
System Application
Infrastructure:
Production
Description
Some of the recent rstudio problems are attributable to long timeouts in the ldap connections. The local cache is not efficient enough to masque them, so a local ldap instance would be a more robust solution.
hostname and IP: ip-90-147-166-165.ct1.garrservices.it, 90.147.166.165. Private IP: 192.168.100.32
I'm not adding a hostname under the d4science.org domain right now, we cannot wait for a certificate.
- Status changed from New to In Progress
we have the new domains available for this kind of service. Why don't we use d4science.net? @tommaso.piccioli@isti.cnr.it, can you confirm that we can start using the .net domain?
- % Done changed from 0 to 30
Update: I tried in more than one way to add the consumer configuration to the GARR instance, but without success. I'll try again tomorrow, but the documentation is awful.
- % Done changed from 30 to 50
We have a working replica. I'm now going to reconfigure one of the rstudio servers and check if the setup works.
It works, with start_tls and not SSL, because the certificate does not match the hostname (we are using the private IP address).
I just committed all the configuration templates and tasks needed to setup a provider/consumer configuration. I chose to use the accesslog mode for the replica so that less information is sent to the consumers. That means however that under /var/lib/ldap/accesslog some new dbs are created. They store the changes from the main DB that the consumer uses to synchronise its data.
The accesslog files are checked once a day, and the files older than two days are pruned.
- % Done changed from 50 to 90
I also changed the r_connector playbook so that we can choose the correct parameters for the GARR instances. Next monday I'll distribute the new configurations on all the GARR rstudio servers.
- Status changed from In Progress to Closed
- % Done changed from 90 to 100
Done. The new ldap server now is used to authenticate all the rstudio GARR instances.
Also available in: Atom
PDF
Updated by 
Updated by 
