Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for mellon auth #135

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add support for mellon auth #135

wants to merge 3 commits into from

Conversation

bp85
Copy link

@bp85 bp85 commented Jul 11, 2023
edited
Loading

  • Add proxy_server configuration option for ood_portal.yml
  • Install apache packages required for mellon
  • creates a script to generate metadata and certs
  • Add mellon configs

@bp85
Copy link
Author

bp85 commented Jul 11, 2023

@treydock I've been using this in prod for well over an year, finally got around to push it upstream.

treydock
treydock reviewed Jul 28, 2023
View reviewed changes
templates/generate_ood_mellon_metadata.sh.erb
@@ -0,0 +1,22 @@
#!/usr/bin/env bash

MELLON_DIR="<%= scope['apache::params::httpd_dir'] -%>/mellon"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
MELLON_DIR="<%= scope['apache::params::httpd_dir'] -%>/mellon"
MELLON_DIR="<%= scope['apache::httpd_dir'] -%>/mellon"

Ensure use correct value is someone overrides

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also the defaults seem to have hardcoded paths while here it's based on Apache data. I think it would be best to define something like openondemand::mellon_dir and make that used as base directory for all these files and paths.

@treydock
Copy link
Collaborator

@bp85 Generally I don't recommend deploying things that require manual steps, that somewhat defeats the purpose of Puppet. I think one way to achieve full automation is this:

exec { '/usr/local/bin/mellon_ood_metadata.sh':
  creates => [
    "${apache::httpd_dir}/mellon/mellon.cert",
    "${apache::httpd_dir}/mellon/mellon.key",
    "${apache::httpd_dir}/mellon/mellon_metadata.xml",
  ],
  require => File['/usr/local/bin/mellon_ood_metadata.sh'],
  notify   => Class['apache::service'],
}

@treydock
Copy link
Collaborator

I also see some hardcoded paths for Mellon defaults while other places use variables from Apache module. I think all paths should be defined in init.pp , and referenced downstream in various places using maybe the mellon_merged_config variable. This helps ensure if someone changes a variable, for example in this module or Apache module, the things using that path will also reflect that change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@treydock treydock treydock left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@bp85 @treydock