HajTex_living_with_keycloak/docker/compose/scp_git_bridge/README.md

2.8 KiB

If the user logs in via git (in the moment on port 993, please don't forget to allow port 993 via ufw allow 993), the projects for that user are automatically updated.

Every 5 minutes, cron checks the userdata base of overleaf and new user from the database are created.

Get the ssh keys for a user

git clone ssh://[USERNAME]@[FQDN]:[PORT]/sshkey.git

e.g.

git clone ssh://davrot@uni-bremen.de@psintern.neuro.uni-bremen.de:993/sshkey.git

Get the project list for a user

git clone ssh://[USERNAME]@[FQDN]:[PORT]/projects.git

e.g.

git clone ssh://davrot@uni-bremen.de@psintern.neuro.uni-bremen.de:993/projects.git

Get a project

git clone ssh://[USERNAME]@[FQDN]:[PORT]/[PROJECT_ID].git

e.g.

git clone ssh://davrot@uni-bremen.de@psintern.neuro.uni-bremen.de:993/6759fdf66ca7b8bc5b81b184.git

On the one side this backup container communicates with the user via git and with the overleaf server via docker socket.

Don't forget the crontab entry for host:

# m h  dom mon dow   command
*/5 * * * * sh /docker/compose/hajtex_sshd/exec_update_userlist.sh

Otherwise, login will fail without the user directories. You can also run it manually:

sh /docker/compose/hajtex_sshd/exec_update_userlist.sh

Port 993

If you don't like port 993 you can change the compose.yaml

    ports:
      - 993:22

accordingly. But don't forget you firewall:

ufw allow 993:22

ssh / scp / git-shell authentification against KeyCloak

Create the client in keycloak:

urn:ietf:wg:oauth:2.0:oob

A


B


C


Update files/config.toml

Change clientsecret and the endpoint.

realm = "master"
endpoint = "https://psintern.neuro.uni-bremen.de/sso/"
clientid = "linux-ssh"
clientsecret = "REDACTED"
clientscope = "openid"

Create image:

>> make_image.sh

Change the name of the HajTex server container:

Default is "/overleafserver"

If your installation is different then change in the files download_files.py, auth_against_docker.py and update_userlist.py modifiy the line accordingly:

container_name: str = "/overleafserver",

Files

  • Dockerfile

    Dockerfile for creating the container image

  • compose.yaml

    Compose file to start the container

  • crontab_host.txt

    This needs to be placed into the crontab of the host

  • down.sh

    For stoping the container

  • exec.sh

    For entering the container for an interactive session

  • init.sh

    Init script that is ran during starting the container. The make_image.sh places it into the container.

  • logs.sh

    Shows the logs of the running container

  • make_image.sh

    Needs to be run for generating the container image

  • exec_update_userlist.sh

    Is run by the cron to update the user basis in the container based on the overleaf user database