2020-08-21 - System Operations and Management SIG Agenda and Notes
Date
Attendees
- Philip Robinson
- Tod Olson
- Former user (Deleted)
- Anton Emelianov (Deactivated)
- Brandon Tharp
- Catherine Smith
- jroot
- Michelle Suranofsky
- spampell
Goals
Discussion items
Time | Item | Who | Notes |
---|---|---|---|
5 | Welcome | Ingolf | |
27 | SAML SSO authentication | There is still the need for discussion. Which strategy are we going to go / recommend ? https://discuss.folio.org/t/saml-sso-features-and-strategy/2891 Meeting Notes: Goals: Participate in Campus SSO authentication; right now: authentication = authorization; maybe it is O.K. because we have permissions. Goal: Be federation aware. If you are in OpenAthens. Does the project want to have a model that is maintaining authentication and authorization ? Or do we want to rely on a 3rd party feature. Everyone runs either nginx od Apache. Possibly use mod_apache. Shibboleth SAML integration with Apache is quite robust. There is an option for nginx; this is more convoluted and quite fragile. In a perfect world we could use Apache mod_saml; but most people use nginx. Need a tradeoff between development and deployment practice. Folio trusts the identity of the users that login in from the Discovery layer. The Discovery has proven access of the user, already. Most (or all) implemeters use NGINX, none is known to use Apache. What are the real deployment needs from this groups's perspective ? Let's not discuss the implementation details here. Who uses CSO ? Michelle at Lehigh has moved to use SAML. There's a package called pac4j. There is a Shibboleth plugin for nginx: https://github.com/nginx-shib/nginx-http-shibboleth . It is somewhat unstable. It looks like it is in fairly active development. It might not be a bad idea to see what happens.
There is another ticket for seeding identities from an IdM. Stephen: Most people rely on an external identity provider. "Staff" are all patrons, anyway, in Folio. Tod is asking for Feedback on the discuss post. | |
27 | Automatic migration tests for Goldenrod | - FOLIO-2662Getting issue details... STATUS Can we draw conclusions ? I think we need to document this for a broader audience, if a viable procedure is being established. E.g. "Load PostgreSQL extensions in the public schema of each RMB module's database" or "deploy the "create-upgrade-diku/tamu" K8s Job to the appropriate upgrade testing namespace" Update/Notes: For the most part, most of the problems are closed. Anton, Bug Fest team, POs and others helped a lot as we ran into problems. There are a few outstanding issues during upgrades, e.g. something in We still need the documentation for migrations See also Q2 2020 (Goldenrod) Release Notes, actions you need to take before upgrade are spelled out, there's a table with functional areas and action required. There is no guaranteed set of layers. There are some baselines: things that you have to upgrade first. Things are documented in the "Action required" column of the Release Notes. | |
Topics for next meetings | Ingolf |
|