Skip to content
Permalink
Browse files
Update for May 2020 online training
Update for the May 2020 online training. Includes an upgrade to
Shibboleth IdP version 4.0 and COmanage Registry upgrade to 3.2.4.
  • Loading branch information
skoranda committed Apr 30, 2020
1 parent ed9ad38 commit 800579c6db4c9358595e9cefb5bc1661f039a2f8
@@ -6,4 +6,5 @@ share
ssh_config
ssh_mux*
ec2.py
.vault_pass.txt
.*.swp
@@ -67,24 +67,21 @@ cd comanage-registry-training-deployment
virtualenv -p python3.7 ./
source bin/activate
pip install --upgrade pip
pip install git+https://github.com/ansible/ansible.git@devel
pip install ansible==2.9.6
pip install boto
pip install boto3
wget https://raw.githubusercontent.com/ansible/ansible/devel/contrib/inventory/ec2.py
chmod 755 ec2.py
cp /path/to/AWS-Trng-1.pem .
```

Some ansible files are encrypted using `ansible-vault`. When running
a playbook ansible needs to be able to find the password for the
vault.

Create a file outside of the clone of this repository to hold
the vault password, e.g.
Create a file to hold the vault password, e.g.

```
touch ~/.vault_pass.txt
chmod 600 ~/.vault_pass.txt
touch ./.vault_pass.txt
chmod 600 ./.vault_pass.txt
```
Find the vault password from and enter it into the file you just created.

@@ -96,21 +93,23 @@ to set up the environment:
```
cd comanage-registry-training-deployment
source bin/activate
export ANSIBLE_CONFIG=`pwd`/ansible.cfg
export ANSIBLE_INVENTORY=`pwd`/aws_ec2.yml
export ANSIBLE_SSH_ARGS="-F `pwd`/ssh_config -C -o ControlMaster=auto -o ControlPersist=3600s"
export ANSIBLE_VAULT_PASSWORD_FILE=`pwd`/.vault_pass.txt
export AWS_ACCESS_KEY_ID='XXXXXXXX'
export AWS_SECRET_ACCESS_KEY='XXXXXXXX'
export ANSIBLE_VAULT_PASSWORD_FILE=~/.vault_pass.txt
export AWS_REGION=us-west-2
rm ./ssh_mux_*
kill $SSH_AGENT_PID
unset SSH_AUTH_SOCK
eval `ssh-agent -s`
ssh-add ./AWS-Trng-1.pem
```

## Configuration

Most of the configurable details, including the number of training nodes to
deploye, are set in the file
deploy, are set in the file

```
vars/global.yml
@@ -124,7 +123,7 @@ Review that file before running the playbook.
To provision the infrastructure execute the playbook:

```
ansible-playbook -i ./ec2.py comanage_registry_training.yml
ansible-playbook comanage_registry_training.yml
```

## SSH Access
@@ -213,3 +212,18 @@ https://registry2.comanage.incommon.training
```

for node 2, and so on.

## Interference from existing SSH agent

If you find that your existing SSH agent is interfering with the SSH connections
used by ansible, it might help to start with a fresh agent when you begin your
work for the say:

```
cd comanage-registry-training-deployment
rm ./ssh_mux_*
kill $SSH_AGENT_PID
unset SSH_AUTH_SOCK
eval `ssh-agent -s`
ssh-add ./AWS-Trng-1.pem
```
@@ -0,0 +1,12 @@
---
plugin: aws_ec2
regions:
- us-west-2
keyed_groups:
- prefix: tag
key: tags
hostnames:
- private-ip-address
compose:
public_fqdn: tags.public_fqdn
private_fqdn: tags.private_fqdn
@@ -7,5 +7,5 @@
tasks:

- name: Set FQDN for node
command: "hostnamectl set-hostname {{ ec2_tag_private_fqdn }}"
when: ansible_facts['nodename'] != ec2_tag_private_fqdn
command: "hostnamectl set-hostname {{ private_fqdn }}"
when: ansible_facts['nodename'] != private_fqdn
@@ -65,7 +65,7 @@
comment: COmanage Training User
uid: 2000
home: /home/training
password: "$6$bvMJpaKk$glM0iapwOVJFiN7//FY9PdXLIs3sGPUkOODrQgXAaCIXP/P6kly9ZucehBryh2j10giTuNmuosQcepZ2a103T."
password: "$6$Vi9PQcxYJ.VBZ$RD.yWppXJUvqTBcicu4V1VTwcfpILQ6fisdXbl1VRwezpPr88p5ufW8fL4lmoVKgyGVgFIOQt1LL3Z0KlEOvK/"
shell: /bin/bash
group: training
append: yes
@@ -6,32 +6,26 @@

<AttributeDefinition id="uid" xsi:type="Simple">
<InputDataConnector ref="LDAP" attributeNames="uid"/>
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
<InputAttributeDefinition ref="uid"/>
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="mail" xsi:type="Simple">
<InputDataConnector ref="LDAP" attributeNames="mail"/>
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="givenName" xsi:type="Simple">
<InputDataConnector ref="LDAP" attributeNames="givenName"/>
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="sn" xsi:type="Simple">
<InputDataConnector ref="LDAP" attributeNames="sn"/>
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
</AttributeDefinition>

<AttributeDefinition id="displayName" xsi:type="Simple">
<InputDataConnector ref="LDAP" attributeNames="cn"/>
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
</AttributeDefinition>

<DataConnector id="LDAP" xsi:type="LDAPDirectory"

0 comments on commit 800579c

Please sign in to comment.