...
The didmos Core API server is installed as a python virtual environment and deployed as a mod_wsgi app in Apache webserver. The following locations of on the VM are used:
- Python Virtual environment: /opt/didmos2coreEnv
- Python application: /opt/didmos2core
- Configuration (Templates and default config): /opt/didmos2core/general and /opt/didmos2core/customer/customer_config
- Configuration (Overrides): /etc/didmos/core
- Logs: /var/log/didmos
- Apache config (mod_wsgi integration): /etc/apache2/sites-available/api-ssl.conf
- Apache logs: /var/log/apache2
Restarting the didmos Core API server is possible via the Apache webserver: systemctl {command} apache2 (e.g. restart).
Backups of LDAP database
The core data of a didmos system is stored in the LDAP server and therefore backups of the entire LDAP server should be done regularly.
This can be done in different ways:
- Full VM snapshot
- Backup of data folders
- /var/lib/ldap (mdb database)
- /etc/openldap/slapd.d (config)
- /MIGRATIONS (state of migrations)
- LDIF export
Note that in case of a docker deployment the folders are stored in docker volumes with the following names, which must be backed up:
- {project-name}-openldap-db
- {project-name}-openldap-config
- {project-name}-openldap-mig
didmos LUI
Docker
didmos LUI consists of the following Docker container:
...
didmos Auth consists of the following Docker container:
- {project-name}-auth
...
- {project-name}-mongo
In the -auth container Auth is running as a mod_wsgi application inside an Apache webserver.
The -mongo container is running a Mongodb for storage of the OIDC OP (i.e. registered clients, tokens).
The logs can be accessed via docker logs (see list of general commands).
...
The application is based on Satosa and most of the configuration in /etc/satosa follows the default Satosa configuration (see https://github.com/IdentityPython/SATOSA).
MongoDB is installed via the Ubuntu distribution during the initial Ansible setup (i.e. apt install mongodb).
- Stop/Start/Restart/Status: systemctl {command} mongodb
- Logs: /var/log/mongodb
Backups of MongoDB database
Persistent data from MongoDB should be backed up frequently, especially for the registered clients in the OIDC OP. Otherwise they have to be registered again in case of data loss.
Refer to https://docs.mongodb.com/manual/core/backups/ for general backup strategies.
Provisioner
Docker
didmos Provisioner consists of the following Docker containers:
...
Configuration is possible via docker environment variables (for supported parameters) but generally via file sin files in the volume.