Commit ec3422de authored by Cédric BRINER's avatar Cédric BRINER Committed by Cédric BRINER
Browse files

add idp-tools.out

parent e4891341
RESTART_OTHER_DAEMON(True) Host(luniidplab2)
############################################################
DATE: 2017.10.06_14h12m_Friday
BRANCH: master
SYNC: from luniidplab1 to luniidplab2
GIT_HASH_VERSION_OF_SHIBBOLETH: 8d0d670b928a535881368fa8844b4039b96545ec
GIT_HASH_VERSION_OF_IDP_TOOLS: e48913415de68b55bc9942d1f41dc0f8382b6d1a
GIT_INFO_OF_SHIBBOLETH: fixed vulnerability of LDAP server SSL access and secured cookies (cf. 'Thomas Lengenhagger message of 2017.10.04 'Shibboleth IdP security advisory on LDAP server certificate validation') by Dominique Petitpierre (commit:8d0d670b928a535881368fa8844b4039b96545ec)
PREREQUESITE
------------
- dpkgs
- get with curl metadata-provider definitions from switch
 - switchaai : ok
 - interfederation : ok
 - aaitest : ok
- download attribute-filter for :
 - lab : ok
 - tst : ok
 - prd : ok
SHIBBOLETH-IDP
--------------
- keep a copy with rsync
- check if there is previous backup to remove
- /opt/backup-shibboleth-idp/2017.10.04_20h52m41s
 - remove placeholder _*_BRANCH if different from source:
 - not needed : ✔
- rsync /opt/shibboleth-idp/
sending incremental file list
cannot delete non-empty directory: sync_logs
_SYNC_HEADER
idp_ant.log
conf/
conf/attribute-filter-idp-lab.unige.ch.xml
conf/attribute-filter-idp-test.unige.ch.xml
conf/attribute-filter-unige.ch.xml
conf/metadata-provider-aaitest.xml
conf/metadata-provider-interfederation.xml
conf/metadata-provider-switchaai.xml
idp-tools_sync_logs/
idp-tools_sync_logs/luniidplab1_to_luniidplab2_2017.10.06_14h10m.txt.out
idp-tools_sync_logs/luniidplab1_to_luniidplab2_2017.10.06_14h11m.txt.out
idp-tools_sync_logs/luniidplab1_to_luniidplab2_2017.10.06_14h12m.txt.out
metadata/adfs2-metadata.xml
war/
webapp/index.jsp
webapp/WEB-INF/velocity-tools.xml
webapp/WEB-INF/web.xml
webapp/WEB-INF/lib/commons-beanutils-1.7.0.jar
webapp/WEB-INF/lib/commons-digester-1.8.jar
webapp/WEB-INF/lib/commons-logging-1.1.jar
webapp/WEB-INF/lib/jstl-1.2.jar
webapp/WEB-INF/lib/mfa-flows-1.0.0.jar
webapp/WEB-INF/lib/mysql-connector-java.jar
webapp/WEB-INF/lib/oro-2.0.8.jar
webapp/WEB-INF/lib/tinyradius-1.1.0.jar
webapp/WEB-INF/lib/velocity-tools-view-2.0.jar
webapp/css/consent.css
webapp/css/main.css
webapp/css/main_save20170613.css
webapp/images/3pRed.png
webapp/images/bottomcenter_lab.gif
webapp/images/bottomcenter_prod.gif
webapp/images/bottomcenter_test.gif
webapp/images/bottomleft_prod.gif
webapp/images/bottomleft_test.gif
webapp/images/bottomright_prod.gif
webapp/images/bottomright_test.gif
webapp/images/button-login.gif
webapp/images/dummylogo-mobile.png
webapp/images/dummylogo.png
webapp/images/fond.png
webapp/images/middleleft.gif
webapp/images/middleright.gif
webapp/images/switchaai-logo.png
webapp/images/topcenter.gif
webapp/images/topleft.gif
webapp/images/topright.gif
webapp/images/uni-logo-trans.gif
webapp/images/unigelogo.jpg
webapp/images/unigelogo.png
webapp/images/unigelogo_small.png
webapp/images/unigelogo_small_1.png
webapp/images/unigelogo_small_2.png
webapp/images/unigelogo_small_org.png
sent 76,171 bytes received 26,005 bytes 204,352.00 bytes/sec
total size is 54,838,601 speedup is 536.71
- credentials
- unige.environment.properties
- unige.instance.properties
- unige.federation.properties
- attribute-resolver-connectors.xml
nothing to do as we are on the same group
- change jdbc on global.xml
nothing to do as we are on the same group
- attribute-filter.xml
- chown tomcat7 /opt/shibboleth-idp/credentials/ as sealer needs it
- copy idp-rotate-sealer & rotate-sealer.sh: no need to copy idp-rotate-sealer
- manage sealers encryption keys
- sealer.kver : scp ok
- sealer.jks : scp ok
chown tomcat7 & chmod 600 of credentials/sealer.{jks,kver}
- profile.d/shibboleth-idp.sh : scp ok
MYSQL
-----
- mysql conf:
sending incremental file list
sent 263 bytes received 13 bytes 552.00 bytes/sec
total size is 6,499 speedup is 23.55
- debian.cnf must be the same by environment (lab,tst,prd):
ok, the debian.cnf are the same on host(luniidplab1) and host(luniidplab2)
- local.cnf:
ok, it exists
ok, local.cnf differs for 'server-id'
ok, local.cnf differs for 'auto_increment_offset'
show the diff for information .
3c3
< server-id=1
---
> server-id=2
6,8c6,7
< # increment offset for this server, next server would be 2
< auto_increment_offset = 1
< # log = /var/log/mysql/requests.log
---
> # increment offset for this server, next server would be 3
> auto_increment_offset = 2
- restart mysql:
mysql will not be restarted as the flag (RESTART_MYSQL) is set false
- test if credentials are good: ok
- test schema: ok
- crontab to dump daily mysql: - crontab to dump daily mysql : scp ok
APACHE
------
- rysnc idp.conf
sending incremental file list
sent 130 bytes received 12 bytes 284.00 bytes/sec
total size is 9,296 speedup is 65.46
-rsync key
sending incremental file list
sent 128 bytes received 12 bytes 280.00 bytes/sec
total size is 5,066 speedup is 36.19
-rsync cert
sending incremental file list
sent 216 bytes received 12 bytes 456.00 bytes/sec
total size is 14,417 speedup is 63.23
- apache SSLCertificate /etc/ssl/private/idp-lab.unige.ch.key : scp ok
- apache SSLCertificate /etc/ssl/certs/idp-lab.unige.ch.crt : scp ok
- apache SSLCertificate /etc/ssl/certs/idp-lab.unige.ch_chain.crt : scp ok
- rsync DocumentRoot
sending incremental file list
sent 234 bytes received 14 bytes 165.33 bytes/sec
total size is 508 speedup is 2.05
- configure modules
- mods-enabled/_unige.conf : scp ok
- mods-enabled/status.conf : scp ok
- mods-enabled/info.conf : scp ok
- mods-enabled/ssl.conf : scp ok
- enable modules
- info
- status
- ssl
- proxy_ajp
- configure conf (conf-available)
- conf-available/security.conf : scp ok
- enable conf
- security
- enable site
- idp-lab.unige.ch.conf
- restart apache
TOMCAT
------
- default/tomcat7 : scp ok
- tomcat idp.xml : scp ok
- tomcat7 server.xml : scp ok
- tomcat7 tomcat-users.xml : scp ok
- tomcat7 manager.xml : scp ok
 - tomcat7 in group ssl-cert:
Yes !
 - do link for /etc/tomcat7/server.xml credentials
- server.crt
- server_chain.crt
- server.key
- rebuild war (rebuild the war, stop tomcat, remove old war, start tomcat)
- rebuild the war itself
Warning: JAVA_HOME environment variable is not set.
If build fails because sun.* classes could not be found
you will need to set the JAVA_HOME environment variable
to the installation directory of java.
Rebuilding /opt/shibboleth-idp/war/idp.war ...
...done
BUILD SUCCESSFUL
Total time: 2 seconds
- stop service
- delete old war
- start service
TUNGSTEN
--------
- create user tungsten
- sync user
sending incremental file list
sent 387 bytes received 14 bytes 802.00 bytes/sec
total size is 7,777 speedup is 19.39
- generate ssh key
no need
- default lang : ok
- copy the sudo for tungsten :
output of sync follow:
sending incremental file list
sent 47 bytes received 12 bytes 118.00 bytes/sec
total size is 98 speedup is 1.66
- ensure cypher on sshd :
- restart ssh :
- wait until ssh is up again : 1 2 : ok
- create /opt/continuent :
- nothing to do
- chown /opt/continuent :
is not empty
- is a tungsten user on mysql : yes
- install tungsten itself :
ok, nothing to do as link (/opt/continuent/tungsten) exists
- profile.d/tungsten.sh : scp ok
- cron.d/tungsten_flush : scp ok
FIREWALL
--------
nothing done with idp-sync, skip it
GRAPHITE
--------
rsync virtualenv ve/graphite
sending incremental file list
sent 14,695 bytes received 43 bytes 29,476.00 bytes/sec
total size is 9,968,766 speedup is 676.40
- copy systemd service (/etc/systemd/system/graphite-idp-process-log)
nothing to do, they are the same
- check if the service is enabled: ok
- check if the service is started: ok
 - web-status-graphite
- rsync /usr/local/unige-web-status-graphite
sending incremental file list
sent 31,854 bytes received 146 bytes 64,000.00 bytes/sec
total size is 11,042,844 speedup is 345.09
- web-status-graphite.conf : scp ok
- web-status-graphite.service : scp ok
- systemctl daemon-reload
- enable web-status-graphite
- restart web-status-graphite
- status web-status-graphite
Running !
POST-SCRIPT
-----------
- copy idp-tools : scp ok
 - adjust /opt/shibboleth-idp/credentials/sealer.jks :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/credentials/sealer.kver :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/credentials/shib.idp.key.lab :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/credentials/shib.idp.key.prd :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/credentials/shib.idp.key.tst :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.environment.properties.lab :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.environment.properties.prd :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.environment.properties.tst :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.federation.properties.aaitest :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.federation.properties.switchaai :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.instance.properties.luniidplab1 :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.instance.properties.luniidplab2 :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.instance.properties.luniidpprd5 :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.instance.properties.luniidpprd6 :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.instance.properties.luniidptst5 :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/unige.instance.properties.luniidptst6 :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/credentials.properties :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/metadata-provider-aaitest.xml :  mod(maintained),  owner(modified)
 - adjust /opt/shibboleth-idp/conf/metadata-provider-gartner.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/metadata-provider-interfederation.xml :  mod(maintained),  owner(modified)
 - adjust /opt/shibboleth-idp/conf/metadata-provider-switchaai.xml :  mod(maintained),  owner(modified)
 - adjust /opt/shibboleth-idp/conf/metadata-provider-unige-adfs-klif.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/metadata-provider-unige.maps.arcgis.com.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/attribute-filter-idp-lab.unige.ch.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/attribute-filter-idp-test.unige.ch.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/conf/attribute-filter-unige.ch.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/metadata/metadata.aaitest.xml :  mod(maintained),  owner(maintained)
 - adjust /opt/shibboleth-idp/metadata/metadata.switchaai.xml : Not found !
date:2017.10.06_14h12m_Friday
END OF IDP-TOOLS SYNC
############################################################
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment