Talk:Meza/Setup SAML authentication

This page used the Structured Discussions extension to give structured discussions. It has since been converted to wikitext, so the content and history here are only an approximation of what was actually displayed at the time these comments were made.

What to do when it is encrypted?

Latest comment: 7 years ago1 comment1 person in discussion

RESOLVED

secret.yml is no longer encrypted

The following discussion is closed. Please do not modify it. Subsequent comments should be made on the appropriate discussion page. No further edits should be made to this discussion.

My notes on editing the secret.yml config file based on the instruction here: https://www.mediawiki.org/wiki/Meza/Setup_SAML_authentication plus advice from James.

Step 1: Set secret config
1. run #tr -c -d '0-9a-zA-Z' </dev/urandom | dd bs=32 count=1 2>/dev/null;echo and paste the 32 character output to a scratch pad (notepad or whatever) as the salt code to be used below when needed
2. run #tr -c -d '0-9a-zA-Z' </dev/urandom | dd bs=16 count=1 2>/dev/null;echo and paste the 16 character output to a scratch pad (notepad or whatever) as the adminpassword to be used below when needed
3. discovered that /opt/conf-meza/monolith/secret.yml is encrypted, so the solution is provided to me as:
4. run meza_env=monolith to set the variable meza_env to monolith (my environment)
5. then run sudo ansible-vault edit "/opt/conf-meza/secret/$meza_env/secret.yml" --vault-password-file "/opt/conf-meza/users/meza-ansible/.vault-pass-$meza_env.txt" which will de-crypt the file secret.yml automatically launching it in readable text in the infamous "vi" editor.
6. Now to edit using the vi editor (vi notes)
  1. down arrow to the last character of the end of the and type a which will put you in "insert" mode and allow you to add new lines.
  2. copy the text from the SAML link above into the secret.yml file at the end (control-c to copy it from notepad and right-click to past it into "vi")
  3. cursor up to the line that reads: salt: <output of command from above> and replace the <output of command from above> with the salt code created above in step 1.1
  4. cursor down to the line that reads: adminpassword: <your strong password> and replace <your strong password> with the adminpassword created in step 1.2 above
  5. Type :wq to save and exit vi
  6. exiting vi from the ansible-vault edit command automatically re-encrypts the file
  7. you should now be back at the system cli
Step 2: Set public config
1. ... Revansx (talk) 18:26, 13 April 2018 (UTC)Reply

The discussion above is closed. Please do not modify it. No further edits should be made to this discussion.