7:20 p.m.
On 17-05-19 22:27, Maciej Delmanowski wrote:
On maj 17, Imre Jonk wrote:
> Ah, I figured that debops-contrib was for roles that were not yet
> included in DebOps but might be in the future (like
> debops-contrib.dropbear_initramfs). I'll make the PRs directly to
> debops/debops then.
Thid only had merit when DebOps roles were in separate git repositories. Now,
you can just fork the DebOps monorepo, create your own branch and put the
roles there. It's very easy to keep your changed updated with the main project
by fetching new changes from master and rebasing your branch on top of them.
Check. Will the non-commercial roles currently in debops-contrib (like
debops-contrib.dropbear_initramfs) be merged into debops master?
>> For this you probably have to build the nginx .deb package
from source to
>> include the LDAP support, correct? Now that nginx modules are in separate
>> packages in Debian, I wonder when LDAP support will be available in the
>> distribution itself. I'm not sure why it's not there yet, licensing? Lack
of
>> manpower or interest?
> Nope :)
> Nginx in Debian 9 has the PAM module compiled in. Otherwise I probably
> wouldn't have been able to write this role this quick, I'm pretty lazy
> when it comes to software. I just take whatever is in Debian stable,
> with the occasional backports package or Docker image.
Interesting, I only came across nginx with LDAP setups that use the custom
LDAP module, and I hadn't considered the PAM route, which probably is more
universal anyway. I'll have to check that out.
I still have to look at enforcing different authorization rules for
nginx (DNS-UI) PAM users. All system users now also pass nginx
authentication, and the other way around. DNS-UI uses php-ldap to solve
LDAP group authorization in an application-specific way though.
Tere are many changes related to LDAP support in DebOps. Most of the
code from
'debops.auth' role has been ripped out and moved to other roles,
'debops.slapd' role was rewritten from scratch, and there's new
'debops.ldap'
role which will be used to add support for LDAP to many DebOps roles. I hope
that you will like it. :-)
I'm currently working on updating the 'debops.users' role and moving the
management of sysadmin accounts to a new 'debops.system_users' role which will
integrate with the LDAP support. After finishing these, I plan to make a new
DebOps release so there's something tagged. Probably a week or two from now.
I red it on the list. Sounds good! We've only been using v0.8.1 roles
until now, so that means that I'll have to get some work done to get our
infrastructure ready for the next tag :)
You should work against the 'master' branch, of course.
Perhaps a separate
development environment is in order. :)
Yeah, I guess now's a really good time to build a proper development
environment for that.
Cheers,
Imre