Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

upgrade sftp servers to jammy #4938

Closed
3 of 6 tasks
kayiwa opened this issue May 13, 2024 · 8 comments
Closed
3 of 6 tasks

upgrade sftp servers to jammy #4938

kayiwa opened this issue May 13, 2024 · 8 comments
Assignees
@kayiwa
Labels
maintenance Operations pulls issues into the Operations ZenHub board

Comments

@kayiwa
Copy link
Member

kayiwa commented May 13, 2024
edited
Loading

What maintenance needs to be done?

We need to upgrade our sftp servers to jammy jellyfish

Level of urgency

  • High
  • Moderate
  • Low

Why is this maintenance needed?

  • When we attempted to set these servers up the SSSD software would not work with Active Directory. The software seems to be broken again (on focal). While the machine is bound to Active Directory. It is unable to actually authenticate successfully

Acceptance criteria

  • Ansible playbook runs and sets up and endpoint
  • All users can authenticate with AD users getent passwd netid provides the Active Directory UID/GID
  • Document how to reset a re-bind to Active Directory

Implementation notes, if any
@acozine acozine mentioned this issue May 13, 2024
Closed
@kayiwa
Copy link
Member Author

kayiwa commented May 13, 2024

related to #4879

@kayiwa kayiwa mentioned this issue Jun 16, 2024
Closed
@acozine acozine mentioned this issue Jul 8, 2024
Closed
7 tasks
@kayiwa kayiwa mentioned this issue Nov 5, 2024
Merged
@kayiwa
Copy link
Member Author

kayiwa commented Nov 13, 2024

Ensure that SSSD_AD tests stop the playbook from running with useful information. #5511 (comment)

@kayiwa
Copy link
Member Author

kayiwa commented Nov 25, 2024

Blocked by this SNow ticket

christinach added a commit that referenced this issue Dec 10, 2024
@christinach @sandbergja @rladdusaw
Comment out deploy_id_rsa_private_key in bibdata commons so that we c…
0487809 
…an run the bibdata playbook successfully

See related sftp ticket: #4938

Co-authored-by: Jane Sandberg <[email protected]>
Co-authored-by: Ryan Laddusaw <[email protected]>
@christinach christinach mentioned this issue Dec 10, 2024
Merged
sandbergja added a commit that referenced this issue Dec 10, 2024
@christinach @sandbergja @rladdusaw
Comment out deploy_id_rsa_private_key in bibdata commons so that we c…
21125f1 
…an run the bibdata playbook successfully (#5617)

See related sftp ticket: #4938

Co-authored-by: Jane Sandberg <[email protected]>
Co-authored-by: Ryan Laddusaw <[email protected]>
@kayiwa
Copy link
Member Author

kayiwa commented Dec 23, 2024

Add active directory certs. New adventure

@kayiwa kayiwa self-assigned this Jan 2, 2025
@kayiwa kayiwa added the Operations pulls issues into the Operations ZenHub board label Jan 2, 2025
@kayiwa kayiwa mentioned this issue Jan 3, 2025
Merged
@acozine
Copy link
Contributor

acozine commented Jan 3, 2025

See also notes in this private gdoc.

@kayiwa
Copy link
Member Author

kayiwa commented Jan 6, 2025
edited by VickieKarasic
Loading

  • grab MAC address of lib-sftp-test2
  • wipe out lib-sftp-test2
  • register machine on Active Directory (delete or reset)
  • run lib-sftp --limit lib-sftp-test2.princeton.edu
  • create private/pub keys on almasftp (user on prod) copy public keys to (test2 vm)
    • rsync contents of /alma/* lib-sftp-test2:/alma --exclude='aspace'
  • create private/pub keys on lib-aspacesftp (user or prod) copy public keys to (test2 vm)
    • rsync contents of /alma/aspace/* lib-sftp-test2:/alma/aspace

Once DACS signs off on downtime (possibly repeat rsyncs)

  • power off current lib-sftp-prod1 (name it lib-sftp-prod1-focal - on vsphere prod)
  • grab the MAC address
  • create new rocky vm call it lib-sftp-prod1 (use MAC address from above)
  • follow steps for new VM
  • register machine on Active Directory (delete or reset)
  • run lib-sftp --limit lib-sftp-prod1.princeton.edu -e runtime_env=production
  • create private/pub keys on almasftp (user on test2) copy public keys to (prodvm)
    • rsync contents of /alma (except aspace) from lib-sftp-test2 to lib-sftp-prod1
  • create private/pub keys on lib-aspacesftp (user on test2) copy public keys to (prodvm)
    • rsync contents of /alma/aspace from lib-sftp-test2 to lib-sftp-prod1

@VickieKarasic
Copy link
Contributor

VickieKarasic commented Jan 8, 2025
edited by kayiwa
Loading

Next steps:

  • After this is complete, we need to adjust the time from CST to EST on lib-sftp-prod1 
    timedatectl list-timezones
timedatectl list-timezones | grep America
sudo timedatectl set-timezone America/New_York
  • Update almasftp user password to password manager, ansible vault
    • Re-run lib-sftp.yml playbook

@kayiwa
Copy link
Member Author

kayiwa commented Jan 9, 2025

closed by #5686

@kayiwa kayiwa closed this as completed Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kayiwa kayiwa

Labels
maintenance Operations pulls issues into the Operations ZenHub board
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kayiwa @acozine @VickieKarasic