[OT] - remote assistance software
by Damiano Venturin
I'm sorry for the OT but I thought that some of you could spare me tons
of time.
Do you know any very good open source software for remote assistance
that runs on debian (my side) and windows > 7 (customer side). I need to
be able to control kbd and mouse and see customer's screen.
Depending on price I definitely consider paid versions and I would avoid
any cloud service (unless there is no other valid option) that I can not
control.
Time ago I used the google chrome extension but last time I used it gave
me troubles and, in any case, I would definitely go for something more
professional.
Thanks!
--
Damiano Venturin
https://dam.venturin.net
3 years, 6 months
errors with ldap/init-directory
by Jan Kowalsky
Hi all,
since my first test with the debops_service_slapd role and an slapd
server worked at a first glance I now run into an error:
My proceeding was like:
Set up an slapd server with
debops bootstrap -l test-ldap.test.example.de
(-> put host in group debops_service_slapd)
debops -l test-ldap.test.example.de
slapd server is up and running and i can connect with ssl and the
cn=admin user via ldapsearch.
next step was:
debops ldap/init-directory -l test-ldap.test.example.de -vvv
and now I get:
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
task path:
/usr/local/share/debops/debops/ansible/roles/ldap/tasks/ldap_tasks.yml:6
The full traceback is:
Traceback (most recent call last):
File
"/tmp/ansible_ldap_entry_payload_ks3b4tbf/ansible_ldap_entry_payload.zip/ansible/module_utils/ldap.py",
line 66, in _connect_to_ldap
connection.start_tls_s()
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 864, in
start_tls_s
return self._ldap_call(self._l.start_tls_s)
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 329, in
_ldap_call
reraise(exc_type, exc_value, exc_traceback)
File "/usr/lib/python3/dist-packages/ldap/compat.py", line 44, in reraise
raise exc_value
File "/usr/lib/python3/dist-packages/ldap/ldapobject.py", line 313, in
_ldap_call
result = func(*args,**kwargs)
ldap.SERVER_DOWN: {'desc': "Can't contact LDAP server", 'errno': 22,
'info': 'Invalid argument'}
fatal: [test-ldap.test.example.de -> localhost]: FAILED! => changed=false
details: '{''desc'': "Can''t contact LDAP server", ''errno'': 22,
''info'': ''Invalid argument''}'
invocation:
module_args:
attributes: {}
bind_dn: cn=admin,dc=test,dc=example,dc=de
bind_pw: VALUE_SPECIFIED_IN_NO_LOG_PARAMETER
dn: cn=admin,dc=test,dc=example,dc=de
objectClass: null
params: null
server_uri: ldaps://test-ldap.test.example.de
start_tls: true
state: absent
validate_certs: true
msg: Cannot start TLS.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Error messages sounds like there is a problem with tls. But ldapsearch
with TLS seems to work and pki looks fine.
Any idea?
Kind regards
Jan
3 years, 8 months
Examples of existing infrastructures?
by listerin
hi everyone,
often, when researching / debugging debops specifics, I am confronted
with my inability to immediately grasp a certain role's importance in
the larger picture. E.g. right now I am redesigning my inital debops lab
to correctly implement LDAP. Before I did this, I redesigned it so I
could have all new machines directly provisioned by pxe/tftpd/preseed. I
mean, for me that's half the fun, debops has already taught me so much
of how a datacenter works internally, things, I couldn't even imagine
only half a year ago. Still, it's a hard learning curve.
As said, I'm rather new in all of this sysadmin stuff. Seeing example
code of how other people use debops in more fleshed out environment
would really interest me. I hope to gain answers to questions like
- How and especially in which order do you bootstrap/provision a
completely new environment? (e.g. on a hypervisor or a cloud provider)
- How are the roles separated onto different hosts? provisioning order,
network design, security zones, etc.
- How to work with jump hosts and ansible controllers?
- Do you include other tools? (e.g. terraform)
- How do you handle secrets?
And my initial question, which I have spent the evening pondering on:
how do I solve the problems of order? right now I want an ldap-joined
ansible controller, whose debian is preseeded by a PXE-Server, of course
provisioned by that same ansible controller :-)
tl;dr: I'd be really glad if somebody wants to share some of their
projects or point me to ressources that discuss more "meta" questions of
provisioning like the ones above.
thanks for debops, it's become my new favorite hobby
3 years, 8 months
Video call invitation on 2021-03-24
by Maciej Delmanowski
Hello everyone,
I'd like to invite you to a Jitsi meeting with other DebOps developers and users.
Meeting will happen in the https://meet.ypid.de/debops room, planned start is
on Wednesday, 24th March 2021, at 20:00 UTC. We will talk about current
project ideas and other things. :-) You can ask for help with any issues you
have with DebOps as well.
See you there,
Maciej
3 years, 9 months
questions on ldap and slapd role
by Jan Kowalsky
Hi all,
I go my first steps with slapd and ldap role. As far as I understood I
set up first an slapd server. This just installs openldap and configures
schema and admin users.
After running
debops service/slapd -l ldap.example.org
I end up with an running openldap and there are two passwords stored in
ansible/secret/slapd/credentials/
But with none of these passswords I can bind to the server:
/usr/bin/ldapsearch -H ldaps://ldap.example.org -D
"cn=admin,dc=example,dc=org" -b "dc=example,dc=org" -W
passwords are created here (roles/slapd/defaults/main.yml):
slapd__superuser_config_password: '{{ "{CRYPT}" + lookup("password",
secret + "/slapd/credentials/" + slapd__config_rootdn | to_uuid +
".password"+ " encrypt=sha512_crypt length=32") }}'
I understand: "DebOps uses the "to_uuid" Ansible filter to convert LDAP
Distinguished Names". Is there any possibility to convert uuids back to
ldap dn's to know which one is which?
My understanding is further that first steps for initialize the
directory works with
debops ldap/init-directory -l ldap.example.org
I get:
ldap.INVALID_CREDENTIALS: {'desc': 'Invalid credentials'}
Thanks for help and kind regards
Jan
3 years, 9 months
external certificate / symlinks / apache fails
by Florian Lohoff
Hi,
i am making my first steps with debops and try to setup a nextcloud.
I provided an external certificate in
ansible/secret/pki/realms/by-host/cloud.<dom.main>/
I can see those files end up on the tar in
/etc/pki/realms/domain
on the target. No when the apache role runs it fails because there is
no /etc/pkg/realms/domain/default.crt
I would have expected a default.crt/default.key to be symlinks to
the files in external.
root@cloud:/etc/pki/realms/domain# ls -la
total 32
drwxr-xr-x 8 root root 4096 Mar 9 12:46 .
drwxr-xr-x 3 root root 4096 Mar 9 11:31 ..
drwxr-x--- 2 root pki-acme 4096 Mar 9 11:31 acme
lrwxrwxrwx 1 root root 18 Mar 9 11:31 CA.crt -> public/trusted.pem
drwxr-xr-x 2 root root 4096 Mar 9 11:31 config
lrwxrwxrwx 1 root root 15 Mar 9 11:31 default.key -> private/key.pem
drwxr-xr-x 2 root root 4096 Mar 9 11:31 external
drwxr-xr-x 2 root root 4096 Mar 9 11:31 internal
drwxr-x--- 2 root ssl-cert 4096 Mar 9 11:31 private
drwxr-xr-x 2 root root 4096 Mar 9 11:31 public
lrwxrwxrwx 1 root root 18 Mar 9 11:31 trusted.crt -> public/trusted.pem
I am a bit puzzled on what little config detail i missed. I have
no inventory variables mentioning the external certificate. From
what i understand from the documentation its enough to drop it
into the hosts directory. OTOH the hostname matches the
debops.owncloud owncloud__fqdn.
Flo
--
Florian Lohoff f(a)zz.de
Any sufficiently advanced technology is indistinguishable from magic.
3 years, 9 months
