Integrate production OpenQA instance with accounts.rockylinux.org #6

New Issue

tcooper · 2023-01-21T05:07:47Z

tcooper commented

2023-01-21 05:07:47 +00:00

OpenQA supports either OpenID or OAuth2 for authentication (http://open.qa/docs/#authentication) and we would like to use one of those methods (your choice) to integrate with Rocky Account Services and require assistance of infra to get this setup.

neil self-assigned this 2023-01-21 06:13:59 +00:00

neil commented

2023-01-21 06:17:59 +00:00

Configured DNS for openqa.rockylinux.org to proxy to aws instance via cloudflare
setup LetsEncrypt to provision certificate for host
added authentication configuration (below) to point to Ipsilon

[auth]
method = OpenID

[openid]
provider = https://accounts.rockylinux.org/idp/
httpsonly = 1

Also needed to grant self and trevor admin rights in the database.

$ sudo -u postgres psql openqa

openqa=# BEGIN;
openqa=# UPDATE users SET is_admin = 1, is_operator = 1 WHERE id IN (3,4);
openqa=# COMMIT;

* Configured DNS for openqa.rockylinux.org to proxy to aws instance via cloudflare * setup LetsEncrypt to provision certificate for host * added authentication configuration (below) to point to Ipsilon ``` [auth] method = OpenID [openid] provider = https://accounts.rockylinux.org/idp/ httpsonly = 1 ``` Also needed to grant self and trevor admin rights in the database. ``` $ sudo -u postgres psql openqa openqa=# BEGIN; openqa=# UPDATE users SET is_admin = 1, is_operator = 1 WHERE id IN (3,4); openqa=# COMMIT; ```

tcooper referenced this issue

2023-01-21 16:01:34 +00:00

Provide DNS and SSL certificate for production OpenQA instance #5

tcooper commented

2023-01-21 16:04:33 +00:00

Verified DNS, SSL and OpenID setup is complete. Thank you.

tcooper closed this issue

2023-01-21 16:13:19 +00:00

Sign in to join this conversation.