infra-docs-fpo/modules/sysadmin_guide/pages/ipa.adoc

= IPA Infrastructure SOP

== Contact Information

Owner::
  Fedora Infrastructure Team

Contact::
  https://matrix.to/#/#admin:fedoraproject.org

Primary upstream contact::
  Alexander Bokovoy - FAS: abbra

Servers::
* ipa01.iad2.fedoraproject.org
* ipa02.iad2.fedoraproject.org
* ipa03.iad2.fedoraproject.org
* ipa01.stg.iad2.fedoraproject.org
* ipa02.stg.iad2.fedoraproject.org
* ipa03.stg.iad2.fedoraproject.org

URL::
* link:https://id.fedoraproject.org/ipa/ui
* link:https://id.stg.fedoraproject.org/ipa/ui

Purpose::
  IPA is used as Identity management server for Fedora users. It serves as backend for
  Fedora Account System.

== Description

link:https://www.freeipa.org/[IPA] is used as a backend LDAP database for handling the
user authentication inside Fedora Infrastructure.

== Known issues

Most issues regarding user data could be solved through web interface.

== Restarting

To restart the IPA service you simply need to ssh to any of the servers and issue an
`ipactl restart`.

== Configuration

Configuration is handled by the
link:https://pagure.io/fedora-infra/ansible/blob/5ad386ed6fb30484348848a354d4dfa6b7393f74/f/playbooks/groups/ipa.yml[ipa.yml]
playbook in Ansible. This playbook could also be used to reconfigure application,
if that becomes necessary.

== Common actions

This section describes some common actions done on IPA.

* xref:howtos:groups_in_fedora.adoc#_how_to_create_a_group[Creating group]
* xref:2-factor.adoc[Two factor authentication]
Add IPA SOP Signed-off-by: Michal Konecny <mkonecny@redhat.com> 2024-02-14 16:50:53 +01:00			`= IPA Infrastructure SOP`

			`== Contact Information`

			`Owner::`
			`Fedora Infrastructure Team`

			`Contact::`
			`https://matrix.to/#/#admin:fedoraproject.org`

			`Primary upstream contact::`
			`Alexander Bokovoy - FAS: abbra`

			`Servers::`
			`* ipa01.iad2.fedoraproject.org`
			`* ipa02.iad2.fedoraproject.org`
			`* ipa03.iad2.fedoraproject.org`
			`* ipa01.stg.iad2.fedoraproject.org`
			`* ipa02.stg.iad2.fedoraproject.org`
			`* ipa03.stg.iad2.fedoraproject.org`

			`URL::`
			`* link:https://id.fedoraproject.org/ipa/ui`
			`* link:https://id.stg.fedoraproject.org/ipa/ui`

			`Purpose::`
			`IPA is used as Identity management server for Fedora users. It serves as backend for`
			`Fedora Account System.`

			`== Description`

			`link:https://www.freeipa.org/[IPA] is used as a backend LDAP database for handling the`
			`user authentication inside Fedora Infrastructure.`

			`== Known issues`

			`Most issues regarding user data could be solved through web interface.`

			`== Restarting`

			`To restart the IPA service you simply need to ssh to any of the servers and issue an`
			`ipactl restart`.

			`== Configuration`

			`Configuration is handled by the`
			`link:https://pagure.io/fedora-infra/ansible/blob/5ad386ed6fb30484348848a354d4dfa6b7393f74/f/playbooks/groups/ipa.yml[ipa.yml]`
			`playbook in Ansible. This playbook could also be used to reconfigure application,`
			`if that becomes necessary.`

			`== Common actions`

			`This section describes some common actions done on IPA.`

			`* xref:howtos:groups_in_fedora.adoc#_how_to_create_a_group[Creating group]`
			`* xref:2-factor.adoc[Two factor authentication]`