Re: The GNOME Infrastructure is now powered by FreeIPA!

2014-10-11 Thread Andrea Veri 
2014-10-10 22:57 GMT+02:00 Sébastien Wilmet swil...@gnome.org:
 Hi,

 Thank you for the migration!

 On Tue, Oct 07, 2014 at 11:28:44AM +0200, Andrea Veri wrote:
 If you are interested in receiving or keeping using your
 people.gnome.org's webspace please mail accounts AT gnome DOT org
 stating so.

 Why not documenting how to access people.gnome.org on the wiki? So all
 people that already have a personal web space can keep using it.

 (I've asked for a people.gnome.org web space this monday, so of course
 I'm still interested in using it..).

There you go. [1]

The page has been added as a link at [2].

[1] https://wiki.gnome.org/AccountsTeam/AccessingPersonalWebspace
[2] https://wiki.gnome.org/AccountsTeam/NewAccounts


-- 
Cheers,

Andrea

Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors member,
GNOME Foundation Membership  Elections Committee Chairman

Homepage: http://www.gnome.org/~av
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

Re: The GNOME Infrastructure is now powered by FreeIPA!

2014-10-11 Thread Andrea Veri 
2014-10-11 2:14 GMT+02:00 Alexandre Franke alexandre.fra...@gmail.com:
 On Fri, Oct 10, 2014 at 10:57 PM, Sébastien Wilmet swil...@gnome.org wrote:
 On Tue, Oct 07, 2014 at 11:28:44AM +0200, Andrea Veri wrote:
 If you are interested in receiving or keeping using your
 people.gnome.org's webspace please mail accounts AT gnome DOT org
 stating so.

 Why not documenting how to access people.gnome.org on the wiki? So all
 people that already have a personal web space can keep using it.

 (I've asked for a people.gnome.org web space this monday, so of course
 I'm still interested in using it..).

 Now that we have an owncloud instance, there's an overlap. Is there
 still a good reason to keep using people.g.o instead of owncloud?

The Owncloud istance is currently only available to Foundation members
while theoretically anyone with a Git / Master account with a good
rationale can request access to people.gnome.org.

I personally still find scping a file to my public_html directory
faster and easier when I have a file or two to share on the fly.


-- 
Cheers,

Andrea

Debian Developer,
Fedora / EPEL packager,
GNOME Infrastructure Team Coordinator,
GNOME Foundation Board of Directors member,
GNOME Foundation Membership  Elections Committee Chairman

Homepage: http://www.gnome.org/~av
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

Re: The GNOME Infrastructure is now powered by FreeIPA!

2014-10-11 Thread Sébastien Wilmet 
On Sat, Oct 11, 2014 at 11:42:52AM +0200, Andrea Veri wrote:
 There you go. [1]
 
 The page has been added as a link at [2].
 
 [1] https://wiki.gnome.org/AccountsTeam/AccessingPersonalWebspace
 [2] https://wiki.gnome.org/AccountsTeam/NewAccounts

Thanks!
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

Re: The GNOME Infrastructure is now powered by FreeIPA!

2014-10-10 Thread Sébastien Wilmet 
Hi,

Thank you for the migration!

On Tue, Oct 07, 2014 at 11:28:44AM +0200, Andrea Veri wrote:
 If you are interested in receiving or keeping using your 
 people.gnome.org's webspace please mail accounts AT gnome DOT org 
 stating so.

Why not documenting how to access people.gnome.org on the wiki? So all
people that already have a personal web space can keep using it.

(I've asked for a people.gnome.org web space this monday, so of course
I'm still interested in using it..).

Sébastien
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

Re: The GNOME Infrastructure is now powered by FreeIPA!

2014-10-10 Thread Alexandre Franke 
On Fri, Oct 10, 2014 at 10:57 PM, Sébastien Wilmet swil...@gnome.org wrote:
 On Tue, Oct 07, 2014 at 11:28:44AM +0200, Andrea Veri wrote:
 If you are interested in receiving or keeping using your
 people.gnome.org's webspace please mail accounts AT gnome DOT org
 stating so.

 Why not documenting how to access people.gnome.org on the wiki? So all
 people that already have a personal web space can keep using it.

 (I've asked for a people.gnome.org web space this monday, so of course
 I'm still interested in using it..).

Now that we have an owncloud instance, there's an overlap. Is there
still a good reason to keep using people.g.o instead of owncloud?

-- 
Alexandre Franke
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

Re: The GNOME Infrastructure is now powered by FreeIPA!

2014-10-10 Thread Sriram Ramkrishna 
Andrea,

Thank you for all you and Patrick's hard work on getting this done!  Awesome!
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mailman/listinfo/desktop-devel-list

The GNOME Infrastructure is now powered by FreeIPA!

2014-10-07 Thread Andrea Veri 
As preannounced at [1] the GNOME Infrastructure switched to a new 
Account Management System which is reachable at https://account.gnome.org.

All the details will follow.


Introduction
--

It's been a while since someone actually touched the underlaying 
authentication infrastructure that powers the GNOME machines. The very 
first setup was originally configured by Jonathan Blandford (jrb) who 
configured an OpenLDAP istance with several customized schemas. 
(pServer fields in the old CVS days, pubAuthorizedKeys and GNOME 
modules related fields in recent times)

While OpenLDAP-server was living on the GNOME machine called clipboard 
(aka ldap.gnome.org) the clients were configured to synchronize users, 
groups, passwords through the nslcd daemon. After several years Jeff 
Schroeder joined the Sysadmin Team and during one cold evening (date 
is Tue, February 1st 2011) spent some time configuring SSSD to replace 
the nslcd daemon which was missing one of the most important SSSD 
features: caching. What surely convinced Jeff to adopt SSSD (a very 
new but promising sofware at that time as the first release happened 
right before 2010's Christmas) and as the commit log also states (New 
sssd module for ldap information caching) was SSSD's caching feature. 

It was enough for a certain user to log in once and the 
'/var/lib/sss/db' directory was populated with its login information 
preventing the LDAP daemon in charge of picking up login details (from 
the LDAP server) to query the LDAP server itself every single time a 
request was made against it. This feature has definitely helped in 
many occasions especially when the LDAP server was down for a 
particular reason and sysadmins needed to access a specific machine or 
service: without SSSD this wasn't ever going to work and sysadmins 
were probably going to be locked out from the machines they were used 
to manage. (except if you still had '/etc/passwd', '/etc/group' and 
'/etc/shadow' entries as fallback)

Things were working just fine except for a few downsides that appeared 
later on:

 1. the web interface (view) on our LDAP user database was managed by 
Mango, an outdated tool which many wanted to rewrite in Django 
that slowly became a huge dinosaur nobody ever wanted to look into again
 2. the Foundation membership information were managed through a MySQL 
database, so two databases, two sets of users unrelated to each other
 3. users were not able to modify their own account information on 
their own but even a single e-mail change required them to mail 
the GNOME Accounts Team which was then going to authenticate their request 
and finally update the account.

Today's infrastructure changes are here to finally say the issues 
outlined at (1, 2, 3) are now fixed.


What has changed?
--

The GNOME Infrastructure is now powered by Red Hat's FreeIPA which 
bundles several FOSS softwares into one big bundle all surrounded by 
an easy and intuitive web UI that will help users update their account 
information on their own without the need of the Accounts Team or any 
other administrative entity. Users will also find two custom fields on 
their Overview page, these being Foundation Member since and Last 
Renewed on date. As you may have understood already we finally 
managed to migrate the Foundation membership database into LDAP itself 
to store the information we want once and for all. As a side note it 
might be possible that some users that were Foundation members in the 
past won't find any detail stored on the Foundation fields outlined 
above. That is actually expected as we were able to migrate all the 
current and old Foundation members that had an LDAP account registered 
at the time of the migration. If that's your case and you still would 
like the information to be stored on the new setup please get in 
contact with the Membership Committee at membership-committee AT 
gnome DOT org stating so.


Where can I get my first login credentials?
--

Let's make a little distinction between users that previously had 
access to Mango (usually maintainers) and users that didn't. If you 
were used to access Mango before you should be able to login on the 
new Account Management System by entering your GNOME username and the 
password you were used to use for loggin in into Mango. (after loggin 
in the very first time you will be prompted to update your password, 
please choose a strong password as this account will be unique across 
all the GNOME Infrastructure)
 
If you never had access to Mango, you lost your password or the first 
time you read the word Mango on this post you thought why is he 
talking about a fruit now? you should be able to reset it by using 
the following command:

ssh -l yourgnomeuserid account.gnome.org

The command will start an SSH connection between you and 
account.gnome.org, once authenticated (with the SSH key you previously 
had registered on our Infrastructure) you will