[secaudit-blocking] No installation documentation #332
Comments
puiterwijk
changed the title
puiterwijk
changed the title
|
@puiterwijk we will get working on this ASAP. Note too, (while not documentation, i know), there is the vagrant setup that sets up a freeipa server, installs the freeipa-fas plugin to freeipa, then installs noggin. Note too there is an in-review PR here (#326) that makes the noggin flask app behave a little better. |
|
@ryanlerch Right. But note that if you decide the Vagrant setup is the official way of deploying, I'll have many complaints about insecure deployment practices 😀. That's why I want to see how you tell people to actually deploy it. |
|
@puiterwijk I don't think we'll document using Vagrant to deploy in production, with or without your comment 😉. Off the top of your head, are there any other gotchas? If we can avoid embarrassing ourselves upfront, I'm all for it. |
|
Some of the things you really want to point out:
And other things like those |
|
@nphilipp @puiterwijk Probably a good starting point for installation documentation would be the haphazard one I wrote for getting the system up and running for openSUSE infrastructure on COPR: https://copr.fedorainfracloud.org/coprs/ngompa/fedora-aaa/ |
|
Any updates on this? |
|
Yeah there is still no proper installation documentation, sadly. But all the steps and files we use in our Openshift deployment are publicly accessible (playbook, template). I know it's not ideal but it's there. Noggin is deployed in Openshift using the python s2i container, which runs gunicorn. It connects to IPA with a specific user that only has the necessary permissions (setup by this playbook). The |
|
We'll probably have classical setup information available soon too, it just takes some time to run through a setup and make it a thing. |
|
That's understandable. |
|
If it's an IPA cluster, then you only need one instance of Noggin. |
|
This issue has been sitting out for over a year. Is there any way someone could upload a rudimentary list of steps to install this product? We do not use Openshift and want to install this manually for our ipa cluster. |
|
I guess I could write up a guide for installing it the traditional way with the RPMs I made of this. The main reason I haven't done it yet is that I need to finish the work to update it to the latest stable version in Fedora. |
|
@Conan-Kudo That would much be appreciated. |
|
As I don't use Ansible much, I'm not sure I could help there, but at least I can document the manual setup process and someone can contribute Ansible stuff. As for an estimate, my priorities at the moment do not leave me a lot of time for this right now, but I'm hoping to come back to this in mid-December. |
|
Mid-December would be great. In terms of the Ansible installation, I would
say just leave a Todo in the documentation.
|
|
@Conan-Kudo Any updates? |
|
Life happened the past few months, but I'm coming back to this. |
|
@Conan-Kudo Did life get in the way again? |
|
@Cliftonz actually, in the process of testing it, I discovered that the deployment was broken and I'm trying to figure out why... 😕 |
|
Awesome! |
|
I've made some progress on this, I'm having @jonathanspw test out my draft before submitting it upstream. |
|
@Conan-Kudo updates? |
Source: https://src.fedoraproject.org/rpms/noggin/tree/main Thanks to Neal on this one. Fixes: #1289 #332 Signed-off-by: Aurélien Bompard <aurelien@bompard.org>
|
@abompard @Conan-Kudo I think this be closed now, correct? |
Part of secaudit #316, blocking.
The Installation documentation is absent, and doesn't contain any useful information in how to set up a production-grade setup of noggin.
The text was updated successfully, but these errors were encountered: