Setting up generic propagation

Owned by Aneta Houdková
Last updated: Apr 02, 2024
2 min read

How to set up generic json propagation.

1. The requestor prepares the server

Ask the requestor to prepare his server following the instructions https://servicedesk-muni.atlassian.net/wiki/spaces/services/pages/963379315/Just-in-case+provisioning+and+deprovisioning+Perun+IdM+propagation

Tell the requestor service’s name: “generic_json_gen”.

The requestor needs the service’s name when preparing the slave script:

Install packages for the services you require by running dnf install perun-slave-process-[service-name]. (How to install Perun slave scripts on RPM based systems - Perun - Documentation (atlassian.net))

Install perun-slave-base package and then packages for the services you require by running apt install perun-slave-process-[service-name]. (How to install Perun slave scripts on DEB based systems - Perun - Documentation (atlassian.net))

2. Get the information you need

The requestor must provide the following information:

  1. List of entities he needs

  2. Server address, user’s name, port.

  3. Scope of members who will be propagated

  4. List of the facility managers

3. Map the attributes

Map the entities the requestor requires to the Perun attributes. e. g.
UČO = urn:perun:user:attribute-def:def:login-namespace:mu

4. Create Service

Name

generic_json_*

Use the prefix generic_json_ when creating a generic service, e. g. generic_json_threatdetection

Description

Describe the purpose for which the service is used, e. g. generic json used for threat detection by the cybersecurity team at ICS.

Delay

Leave the default settings (10).

Recurrence

Leave the default settings (2).

Script path
./generic_json_gen

Status

Switch on if the requestor has preppared his server.

5. Add Required attributes of the service

In addition to the mapped attributes, that were requested by the requestor, add UUID of the entity the service will operate with, e. g.

urn:perun:facility:attribute-def:core:uuidcontent_copy

urn:perun:user:attribute-def:core:uuid

etc.

6. Create Facility

Name

Name of the facility should be the same as the given server name. If only IP address of the server is provided, come up with a nice name of the facility. e. g. ICS_cybersecurity_threat_detection

If a name of the facility is created (the server’s name is not used) the requestor has to add the facility name to the server’s whitelist.

Description

e. g. threat detection by ICS cybersecurity team
--> Create and Configure

Owners

At MU instance are not used

Hosts

Represents address of the server (IP address or server’s name)

Services

Add the service you have created before.

Configure destination

Type: user@host:port

(If you only use "guest", you won't be able to change it in the future.)

(Default: root, port 22)

Managers

Add the list of the given managers.

7. Create resource

8. Add group(s) to the resource

9. Force the propagation

Facility - Service status - tick the appropriate checkbox - Force propagation

 

Support: perun@cesnet.cz