Coming back from GUADEC has never been easy, so much fun, so much great people to speak with and amazing talks to watch but this year has definitely been harder as I totally felt in love with the city that was hosting the event. Honestly speaking I’ve been amazed by how Strasbourg looks like: alsace houses and buildings are just delightful, the cathedral is stunning and people have been so welcoming during my whole stay. (cooks at the Canteen even prepared a few italian dishes and welcomed us in italian every time we were heading there…how cool is that?)
But let’s get back to our business now as I would probably never stop talking about Strasbourg and how great it was staying there! I did not have a personal talk this year but I presented the yearly Sysadmin Team report during the Foundation’s AGM. If you weren’t there all the slides are available here.
Apart from presenting what we did and what the changes we introduced on the GNOME Infrastructure were I participated to Patrick Uiterwijk’s talk about FedOAuth and all the upcoming changes that are planned on the infrastructure during the next months. If you were not able to attend Patrick’s talk this little resume should be for you:
- The GNOME Infrastructure currently has a lot of different user databases which implies different users and passwords across the services we host
- The Foundation’s database is currently MySQL-based while we do have LDAP in place for all our other needs already
- Some of the tools we do use for managing our LDAP istance are not being maintained properly
- Introduce FedOAuth, a SSO solution written and developed by Patrick Uiterwijk
- Unify the various databases and make sure our LDAP istance is used for authentication everywhere
- Remove Mango and configure FreeIPA
Benefits after the move:
- Users will be able to manage their accounts on their own, no more need to poke the accounts team for updating passwords, emails, SSH keys. The accounts team will still be around to adjust ACLs
- No more need for dozen of accounts, one for every single service we provide
- More freedom when managing sudo accesses and accounts on the various machines we manage, this will help new people contributing to the Sysadmin Team (Making our puppet repository public and introducing a GNOME Infrastructure Apprentice group for newcomers is something we will be seriously evaluating after the FreeIPA move)
Where we are now:
- Our SSO infrastructure is live at https://id.gnome.org
- Your OpenID URL is https://$GNOME_USERID.id.gnome.org
- Right now you can login with your GNOME account at the following services: l10n.gnome.org, opw.gnome.org. We are slowly migrating all the existing services to the new SSO infrastructure, please be patient and bear with us!
More information, slides and screenshots from Patrick’s talk are available here. Stay tuned and many thanks to the GNOME Foundation for sponsoring my travel and accomodation expenses!