Time
S
Nick
Message
03:45 jri joined #dataverse
07:13 jri joined #dataverse
07:48 poikilotherm joined #dataverse
09:30 arahmati joined #dataverse
09:31 arahmati
ik wil graag meer informatie over functionaliteit, veiligheid en opslagcapaciteit van dataverse. thanks
10:40 pdurbin
opslag
10:47 poikilotherm joined #dataverse
10:51 pdurbin
veilig
10:52 poikilotherm
Mornin pdurbin :-)
11:02 pdurbin
poikilotherm: mornin! Did you see I gave you a shout out at https://scholar.harvard.edu/pdurbin/blog/2019/jupyter-notebooks-and-crazy-ideas-for-dataverse ? :)
11:02 pdurbin
xarthisius: screenshots of launching a Jupyter Notebook from Dataverse using Whole Tale ^^
11:07 poikilotherm
Shout? Nope
11:11 pdurbin
A shout out. A mention.
11:11 pdurbin
I guess it was more of a mention than a shout out. I *should* have given you a shout out.
11:15 pdurbin
I did say to whoever would listen that we should have tried to figure out a way to fund your travel to #dataverse2019.
11:30 poikilotherm
Ah I'm honored :-)
11:30 poikilotherm
Thank you :-)
11:30 poikilotherm
Nice mention in the who's who :-D
11:30 poikilotherm
I like your idea about having a board for the installations
11:31 poikilotherm
Thinking about using No. 4 I created for testing for FZJ...
11:31 poikilotherm
Would that make sense?
11:33 pdurbin
poikilotherm: yes! Did you see the tweet by Sebastian from QDR? Check this out: https://twitter.com/adam42smith/status/1143233533139390465
11:33 poikilotherm
YEah, I saw it in my timeline
11:34 poikilotherm
Now after reading your slides, it makes all sense :D
11:34 pdurbin
This is why I transcribed my talk. :)
11:34 poikilotherm
And I saw the chat logs, mentioning No 5
11:34 pdurbin
Thanks for reading my blog post!
11:35 poikilotherm
Your ideas are not as crazy as your title suggests...
11:37 pdurbin
:)
11:37 pdurbin
crazy is relative, I guess :)
11:37 poikilotherm
visionary?
11:38 pdurbin
signs of an addled brain?
11:38 pdurbin
too much coffee?
11:39 poikilotherm
You know what a crazy idea is? Trying to run Dataverse on the RPi4
11:41 pdurbin
Heh. That was in the Nextcloud talk. The founder came!
11:43 poikilotherm
Hey, read that on Twitter :-)
11:43 poikilotherm
Another crazy german guy :-D
11:43 pdurbin
Frank: https://groups.google.com/d/msg/dataverse-community/A5l4P9xKwYI/uOervjaZBgAJ
11:44 pdurbin
nice guy
11:45 poikilotherm
Phil, may I interrupt? My boss just send me an email about his need for an appropriate contact at IQSS regarding a possible hackothon/conference/whatever
11:45 poikilotherm
Who should I name?
11:45 pdurbin
Danny.
11:45 poikilotherm
Alright!
11:46 pdurbin
Rumor has it there will be a little Dataverse conference in January in Norway.
11:46 poikilotherm
Oh nice
11:47 poikilotherm
Norway is at least not as far away as US
11:47 poikilotherm
But January... Meh, that going to be _COLD_
11:48 poikilotherm
I just send my boss https://projects.iq.harvard.edu/dannybrooke
11:48 poikilotherm
-d +t
11:49 pdurbin
yeah, and dark. but visible northern lights
11:50 pdurbin
sounds like it'll be a small meeting though
11:50 poikilotherm
We'll see :-)
11:51 pdurbin
!
11:51 pdurbin
:)
11:52 poikilotherm
Mind if I switch to another topic?
11:52 pdurbin
go for it
11:53 poikilotherm
We had a meeting with some people from our campus last Wednesday about the auth thing for our installation.
11:54 poikilotherm
Looks like we were not able to convince them to use ORCID only
11:54 poikilotherm
:-/
11:54 pdurbin
ok
11:54 poikilotherm
So, I need to get sth. together. And as always, I would like to do it right, hoping other might have a benefit, too
11:56 poikilotherm
I thought about a bit back and forth, and try to get an issue togheter. But before I write that, I would like to share it here to see, if some people think this might be sth. to think of more...
11:56 poikilotherm
+worth
11:57 poikilotherm
Maybe this is also sth. for the community call, but I dunno when I can make it next time
11:58 poikilotherm
Shall I continue?
11:58 poikilotherm
(With details)
11:59 pdurbin
Sorry, I was adding links to my blog post. Sure, please keep going. Are you thinking of adding a 6th auth option?
11:59 poikilotherm
Not necessarily
12:00 poikilotherm
Currently, there are already present: local, SAML and Oauth2
12:01 poikilotherm
What I would like to see discussed is support for integration of an IDM
12:01 pdurbin
IDM?
12:01 poikilotherm
Mostly using it as an auth proxy
12:01 poikilotherm
Identity Management System
12:02 poikilotherm
Sth. easier to setup for different scenarios, but of course optional
12:02 pdurbin
What's an open source example of an IDM I could install?
12:02 poikilotherm
Integratable into other things, too, like integrations for Dataverse needing authn/z
12:03 poikilotherm
Currently I am aware of Gluu, Unity IDM, Dex
12:03 poikilotherm
FreeIPA
12:03 pdurbin
Ok, I've heard of Gluu and FreeIPA. Actually I used FreeIPA back when it was Netscape Directory Server, if it's the one I'm thinking of.
12:04 poikilotherm
Ideally, it shouldn't matter that much which one you choose, as there are some of those out in the wilds already
12:04 pdurbin
I'm thinking of https://en.wikipedia.org/wiki/389_Directory_Server which is part of FreeIPA.
12:05 poikilotherm
Yeah, most of the IDMs also have options to attach ldap directories
12:05 poikilotherm
Those packages I mentioned are on different levels of what they provide, how they store things, etc
12:06 pdurbin
sure
12:06 poikilotherm
Dex is a very minimal thing, Unity IDM mostly targeted at proxying, Gluu and FreeIPA full blown stuff with directories etc
12:06 poikilotherm
I came across Unity when I looked at B2ACCESS
12:07 poikilotherm
https://www.unity-idm.eu/
12:07 poikilotherm
https://eudat.eu/sites/default/files/b2access-oct2015.png
12:08 pdurbin
oh good, it's open source: https://github.com/unity-idm/unity
12:08 poikilotherm
Of course :-D
12:08 poikilotherm
You asked me to provide examples of OSS IDMs ;-)
12:08 pdurbin
nice diagram
12:09 pdurbin
I'm a little confused though. You're shopping for an IDM? Most orgs already have one. Or several. :)
12:09 poikilotherm
Disclaimer: b2access is a service run by FZJ being part of EUDAT/EOSC... However, the underlying tech is OSS
12:09 poikilotherm
Yeah, we don't.
12:10 poikilotherm
We have an Active Directory
12:10 poikilotherm
But that does not count as an IDM to me ;-)
12:10 poikilotherm
Also there is a SAML IdP
12:10 poikilotherm
Based on AD
12:10 poikilotherm
Still no IDM ;-)
12:10 pdurbin
AD counts for a lot of orgs. :)
12:10 poikilotherm
Yeah :-D
12:11 pdurbin
and there's stuff about ADFS in the Dataverse guides
12:11 poikilotherm
Shure.
12:11 poikilotherm
This still needs Shibboleth
12:11 pdurbin
yeah
12:11 poikilotherm
SAML...
12:11 pdurbin
yeah
12:12 poikilotherm
What I like about the mentioned IDMs is the capability to be used with OAuth2/Open ID Connect AND saml etc
12:12 poikilotherm
They are translators between those worlds
12:12 poikilotherm
Kind of a single point of contact
12:13 poikilotherm
But offering lots of options for authn/z
12:13 poikilotherm
https://github.com/orgs/IQSS/projects/5
12:13 poikilotherm
Ups
12:13 poikilotherm
Wrong windows
12:13 poikilotherm
-s
12:15 pdurbin
Yeah, SAML is the main way to integrate with Dataverse. The OAuth providers are pull request based.
12:15 poikilotherm
Yeah.
12:16 poikilotherm
I was thinking that it might offer a lot of new options for integrations, user management, authentication via different providers but same user, etc. when an IDM could be integrated with Dataverse. Again: as an option for larger use cases
12:17 poikilotherm
Or where people need special handling of stuff etc
12:17 pdurbin
Sure. Early on I investigated a few options. Before I went with mod_shib and shibd. I can go look up what I wrote back then if you're curious.
12:19 pdurbin
"Dataverse Shibboleth/SAML Design Document" https://docs.google.com/document/d/1y2axfd_ScmXVICFlV8AuPDdp5xHwTag54pUpVefzs5g/edit?usp=sharing
12:19 poikilotherm
Couldn't hurt to take a look :-D
12:19 pdurbin
I looked at OpenAM, for example.
12:21 pdurbin
I was pretty focused on SAML/Shibboleth back then. I wasn't thinking much about OAuth2.
12:22 pdurbin
The GitHub issue is five years old: https://github.com/IQSS/dataverse/issues/791
12:23 poikilotherm
Yeah, the world changed a bit since that time :-D
12:23 pdurbin
yeah
12:24 pdurbin
Have you looked at https://github.com/IQSS/dataverse/blob/v4.15/doc/Architecture/auth.md ?
12:26 poikilotherm
Now I did :-D
12:27 poikilotherm
I was thinking that IDMs should be fairly easy to integrate via OA2/OIDC already being present
12:27 pdurbin
Michael Bar-Sinai made all those diagrams. He and I talked through all the auth stuff before we (mostly he) wrote the code.
12:28 poikilotherm
(And about the docs: was this intentionally not part of the guides?)
12:28 pdurbin
I think Michael prefers markdown to rst.
12:28 pdurbin
might be nice to move it into the guides
12:28 patrick33 joined #dataverse
12:28 poikilotherm
:-D
12:28 pdurbin
hi there patrick33
12:29 poikilotherm
Maybe there is a markdown parser for RSt?
12:29 poikilotherm
;-)
12:29 pdurbin
maybe
12:29 pdurbin
I've made peace with rst.
12:29 patrick33
Hi. I struggle to configure Shibboleth... After authenticating with my instution I'm redirected to a page "account information" with no information
12:30 patrick33
ling to Log In still appears...
12:30 poikilotherm
https://www.sphinx-doc.org/en/master/usage/markdown.html
12:30 patrick33
On the Glassfish server I have an error "The SAML assertion "Shib-Identity-Provider" was null
12:31 patrick33
Any idea ?
12:31 pdurbin
"Shib-Identity-Provider" is one of the required attributes: http://guides.dataverse.org/en/4.15/installation/shibboleth.html#shibboleth-attributes
12:32 pdurbin
It should come across as something like "Identity Provider: https://idp.testshib.org/idp/shibboleth " ... that's from the https://dataverse.example.edu/Shibboleth.sso/Session eample at http://guides.dataverse.org/en/4.15/installation/shibboleth.html#exchange-metadata-with-your-identity-provider
12:33 pdurbin
patrick33: maybe you can email your "/Shibboleth.sso/Session" output to support
12:34 patrick33
Here is the output:
12:35 patrick33
givenName: 1 value(s)
12:35 patrick33
I will send the full output by email
12:35 pdurbin
perfect
12:35 pdurbin
emailing that address will create a ticket number to track too
12:39 patrick33
Done !
12:40 pdurbin
patrick33: thanks, I see it at https://help.hmdc.harvard.edu/Ticket/Display.html?id=277872
12:41 pdurbin
and the screenshot is nice. thank you
12:42 pdurbin
looks like you're using dataverse-ansible. good
12:44 pdurbin
"Identity Provider" is in your Session output. Huh.
12:44 patrick33
yes. I used it to configure without SSL. Nevertheless, I used the templates to configure shibd ans ssl
12:44 patrick33
Seems like
12:45 patrick33
environment variables are not transmitted to Glassfish
12:45 pdurbin
Was the shib user created? Do you see the user in the superuser dashboard?
12:46 patrick33
No. It isn't. Only the admin user
12:47 pdurbin
That's what I figured. It sounds like you're seeing an error about a null required value in server.log. Null identity provider.
12:48 donsizemore joined #dataverse
12:48 patrick33
I don't find a mention af this user in the documentation.
12:49 pdurbin
patrick33: if you want to try to hack on the code, here is where "Shib-Identity-Provider" is defined: https://github.com/IQSS/dataverse/blob/v4.15/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibUtil.java#L25
12:54 patrick33
Sorry, but I don't understand. Is it impossible to make it work without hacking the code ? How do other institution to connect to Shibboleth ?
12:56 pdurbin
No, you shouldn't have to hack on the code. It should just work and does for dozens of installations. I'm just saying if you're a developer and want to troubleshoot, that's the code in question.
12:57 pdurbin
I see you're running Dataverse 4.15 and I don't think we touched this code at all. I don't think anyone is running it in production yet. It was released recently.
12:57 pdurbin
donsizemore: want to upgrade to Dataverse 4.15 and see if shib still works? :)
12:58 patrick33
Can you tell me more about rhe "shib" user ?
13:00 pdurbin
patrick33: sure. You can tell if a user is shib or non-shib from the user dashboard or from http://phoenix.dataverse.org/schemaspy/latest/tables/authenticateduserlookup.html
13:02 patrick33
(unfortunately I'm not a developper)
13:04 pdurbin
patrick33: I think I found some debugging you can try to turn up for me: https://github.com/IQSS/dataverse/blob/v4.15/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibUtil.java#L366
13:05 pdurbin
Let's try something similar to http://guides.dataverse.org/en/4.15/developers/debugging.html#logging
13:06 pdurbin
./asadmin set-log-levels edu.harvard.iq.dataverse.authorization.providers.shib.ShibUtil=FINE
13:06 pdurbin
I *think* that's right.
13:06 pdurbin
The goal is to print out the attributes to server.log
13:06 patrick33
done: edu.harvard.iq.dataverse.api.Datasets package set with log level FINE.These logging levels are set for server. Command set-log-levels executed successfully.
13:07 patrick33
glassfish restarting
13:07 pdurbin
cool
13:08 pdurbin
is there now additional debugging output in server.log?
13:09 patrick33
No :-(
13:11 pdurbin
Hmm, I hope I gave you the right package name.
13:11 pdurbin
patrick33: oh, it looks like you set logging for "Datasets"
13:11 pdurbin
I'd like you to set logging for ShibUtil.
13:11 pdurbin
(and they're in different packages)
13:11 patrick33
Sorry. I made a mistake.
13:12 patrick33
(reused a command in history on a different package)
13:13 donsizemore
@pdurbin i do want to upgrade to dataverse and i do want for shib to continue working =)
13:13 donsizemore
@pdurbin though at the moment i only have two shib-enabled hosts and i need to keep them at parity
13:13 pdurbin
donsizemore: I don't think we touched that code so please don't worry. :)
13:13 donsizemore
@pdurbin wait. harvard isn't on 4.15 yet?
13:14 pdurbin
nope, not even demo
13:14 pdurbin
donsizemore: by the way, I gave you, Jon, and Thu-Mai shout outs in my blog post: https://groups.google.com/d/msg/dataverse-community/lktk-artKjQ/xzCpfGf7BwAJ :)
13:15 donsizemore
@pdurbin i can upgrade our test host with thu-mai and jon's approval. we want to upgrade anyway, and we'll find out pretty quickly whether shib is happy?
13:16 pdurbin
Might be a good data point. Longer term it would be great to be able to test this from Jenkins somehow.
13:16 pdurbin
patrick33: any luck getting more output from ShibUtil?
13:16 donsizemore
@pdurbin i could ask our identity management folks about setting up the jenkins server as an SP
13:19 patrick33
I get this message : Shibboleth dev mode has not been configured. Returning a sane default: PRODUCTION
13:19 pdurbin
sounds like progress :)
13:19 donsizemore
@pdurbin just asked permission to upgrade our test host, which we'll want to do anyway
13:21 pdurbin
patrick33: but that's coming from https://github.com/IQSS/dataverse/blob/v4.15/src/main/java/edu/harvard/iq/dataverse/authorization/providers/shib/ShibServiceBean.java#L82 ... ShibServiceBean and I'd like you to get more output from ShibUtil please.
13:21 pdurbin
donsizemore: great
13:23 patrick33
Ouch ! This has a side effect !
13:24 patrick33
When I select my institution on the login page, It proposes me to create an account for Alejandro Verkroost
13:24 patrick33
is it hardcoded ?
13:27 pdurbin
no... nothing is hard coded... that's really weird
13:27 pdurbin
there shouldn't be any side effect
13:32 patrick33
How to send you the output of server.log because I have no account on help.hmdc.harvard.edu to update the case
13:40 pdurbin_m joined #dataverse
13:41 pdurbin_m
patrick33: please just email the same address. someone will merge the tickets
13:51 patrick33
Is it possible to downgrade just by undeploying dataverse on glassfish ?
13:58 pdurbin_m joined #dataverse
13:58 poikilotherm
patrick33: most likely the answer is "no", because of the database migrations.
13:58 pdurbin_m
patrick33: no. The database schema is always changing.
13:59 poikilotherm
What pdurbin_m says
13:59 pdurbin_m
poikilotherm: what you say. I'm at the gym. :)
14:00 * poikilotherm
sees pdurbin doing one handed push ups - one hand on the floor, one typing on the phone
14:00 poikilotherm
Go Phil, go! :-D
14:01 pdurbin_m
heh
14:03 poikilotherm
Answers are going to take long. One char per push up. Thats already 55 pushups for your last answer... :-D
14:06 pdurbin_m
:)
14:06 patrick33
Thank you for your help. I guess the problem comes from the demo status of 4.15. I will snapshot the server and reinstall from scratch with 4.14
14:10 pdurbin_m
patrick33: fingers crossed
14:10 pdurbin_m
again, I don't think we touched the shib code in 4.15
14:10 pdurbin_m
donsizemore: you'll let us know if we broke something :)
14:11 patrick33
Each time I refresh the screen, I get another user name to create... I saw smthg in the log about a test idp
14:12 xarthisius
pdurbin_m: nice transcript! Thanks for using WT for you live demo! :)
14:12 poikilotherm
patrick33 what IdP are you using?
14:12 poikilotherm
How did you configure your Shib?
14:13 poikilotherm
Are you using some kind of federation like eduGain/Incommon or other AAI?
14:13 patrick33
https://idp.uclouvain.be/idp/shibboleth
14:14 poikilotherm
Greetings from Jülich, DE to Louvain :-)
14:14 patrick33
Greetings !
14:15 poikilotherm
Ok, thanks for the metadata. Are you sure you used that in your SP config?
14:15 pdurbin_m
xarthisius: if you listen to the audio you'll hear enthusiast applause :)
14:16 patrick33
Yes. It is in the output of Shibboleth.sso/Session
14:16 patrick33
And we see the exchange of information on the idp server
14:17 poikilotherm
Ok, good to know.
14:17 patrick33
From the idp server, everything worked fine
14:17 poikilotherm
Could you try to configure your SP to use some test IdP?
14:17 poikilotherm
So we can see if this is reproducible
14:17 patrick33
I could do that tommorrow because I rebuilded already the sp
14:18 patrick33
I see strange things in the server.log
14:19 patrick33
Couldn't find an affiliation from https://idp.lemon.com/idp/shibboleth |#]
14:20 patrick33
Couldn't find an affiliation from https://idp.1231.com/idp/shibboleth |#
14:20 poikilotherm
You might try with https://samltest.id or similar
14:20 patrick33
no user found using sadie.white
14:21 poikilotherm
WTF?
14:21 patrick33
I never configured those idp's
14:21 poikilotherm
There is definitly sth. wrong...
14:22 poikilotherm
When you configured your Shib with exactly one IdP, it should not talk to others
14:22 patrick33
[#|2019-06-25T15:22:52.456+0200|INFO|glassfish 4.1|edu.harvard.iq.dataverse.authorization.AuthenticationServiceBean|_ThreadID=47;_ThreadName=jk-connector(1);_TimeMillis=1561468972456;_LevelValue=800;| no user found using alejandro.verkroost
14:22 patrick33
Yes. We always use the same shibboleth2 for all the servers of the university.
14:22 poikilotherm
Could you please monitor your access log to see where those requests are coming from?
14:22 patrick33
*shibboleth2.xml
14:23 poikilotherm
Is your installation public already?
14:25 donsizemore
@patrick33 any chance I can see your (redacted) shibboleth2.xml? dls
14:26 patrick33
I should ask the shibboleth administrator
14:26 patrick33
It's public.
14:27 poikilotherm
Are you re-using a Shibd for your SP already in use for other things?
14:27 poikilotherm
Or is this a single purpose "apache proxy + shibd only for Dataverse" setup?
14:28 patrick33
We have several implementations of apache in front of a glassfish or tomcat. It works ok.
14:29 patrick33
but the server with problems is dedicated to dataverse. So shibd is only used for dataverse
14:29 poikilotherm
Err. Ok. This makes troubleshooting more like a P&P adventure.
14:30 poikilotherm
Hmm.
14:31 poikilotherm
To ensure I got it right
14:31 poikilotherm
You have a apache reverse proxy with mod_shib and a shibd which is solely in use for Dataverse?
14:31 poikilotherm
It does not see traffic for other sites
14:32 poikilotherm
And you are sure there is no public access from users, bots, scripts whatever except for your own request you are doing by yourself
14:32 patrick33
all the requests are from our network (in fact, the dataverse instance cannot be joigned from outside his network before the installation is finished)
14:34 patrick33
I must go. Thanks again for your help. Stay tuned tomorrow. Regards. Patrick
14:34 poikilotherm
Ok cu
14:35 poikilotherm
I'll be around at 9:00 European Summer time
14:35 poikilotherm
(CEST)
14:48 pdurbin
ah summer time
14:48 pdurbin
xarthisius: I might have a favor to ask. Or at least an idea for you. :)
14:51 donsizemore
mmm, European Summer time.
14:52 pdurbin
donsizemore: I minted a cert and emailed it to Slava, by the way
14:57 pdurbin
"setting returned: RANDOM"
14:57 pdurbin
definitely something weird going on in Patrick's config
14:59 pdurbin
I wonder if he was playing with ":DebugShibAccountType" http://guides.dataverse.org/en/4.15/developers/remote-users.html
15:02 pdurbin
because when you use RANDOM like that, users are pulled from https://randomuser.me
15:03 pdurbin
via its API : https://github.com/IQSS/dataverse/blob/v4.15/src/main/java/edu/harvard/iq/dataverse/authorization/AuthTestDataServiceBean.java#L31
16:19 jri joined #dataverse
17:15 donsizemore
@pdurbin this RANDOM settings seems very useful for april 1st
17:16 pdurbin
heh
17:21 pdurbin
donsizemore: should we talk a little more about https://github.com/IQSS/dataverse-ansible/pull/76 ?
17:23 donsizemore
@pdurbin i think we'd want to keep -b and -K with explanation, and tag -e as optional, with explanation. maybe a bulleted list of suggested options?
17:23 donsizemore
@pdurbin i can work on that if you'd like
17:24 pdurbin
Hmm. How about two versions. A quick start for newbies like me and a later section than explains what -b and -K do. Also, I'm trying without "export ANSIBLE_ROLES_PATH=." and it seems like the quickstart doesn't need that line.
17:25 donsizemore
@pdurbin that and the export-local dealy could become optional depending on need
17:26 pdurbin
Do you mean "--connection=local"? I seem to need that or I get errors.
17:27 donsizemore
@pdurbin you and dunlap ran into that, if i've used it recently i don't remember it. but i'm happy to take a whack at README.md if you'd like
17:28 pdurbin
Well, I'm happy with my version. It works. I guess what I'm suggesting is that my version could be the quickstart at the top. And you could put whatever advanced stuff under it. In a different section.
17:28 pdurbin
Maybe we keep the "Usage" heading as yours. I could add a "Quickstart" heading above it.
17:28 donsizemore
makes perfect sense
17:29 pdurbin
Ok, I'll make a new pull request.
17:39 pdurbin
done
17:52 donsizemore
approved =) i'll add in an explanatory table or something
17:53 pdurbin
awesome. thanks. next question. should able to run my ansible-playbook command over and over or will it break something. what's that fancy word?
17:53 pdurbin
Is dataverse-ansible idempotent?
17:54 donsizemore
no. dataverse-ansible is merely a wrapper for the dataverse installer, which is itself not idempotent
17:54 pdurbin
ok, that's what I figured, thanks
17:55 donsizemore
we can start dropping in semaphores to make it idempotent, but the dataverse installer itself insists on postgres-admin and a squeaky-clean DB
17:56 donsizemore
i think we'd be opening up a ton of failure points with low potential gain given the heterogenous nature of even dataverse upgrades
17:56 pdurbin
yeah
17:57 donsizemore
yes, ansible roles /should/ be idempotent. but many open source programs also aim for full POSIX compliance...
17:58 pdurbin
:)
17:59 pdurbin
How to do you feel about a config option that runs this? curl -X PUT -d true http://localhost:8080/api/admin/settings/:AllowApiTokenLookupViaApi
18:01 donsizemore
fine by me. easy switch to add
18:02 donsizemore
i meant to check on the status of the api_test_suite in dataverse-ansible, but i remember wanting to get it working *outside* of ansible first...
18:05 pdurbin
I just opened an issue for that api token thing: https://github.com/IQSS/dataverse-ansible/issues/80
18:06 pdurbin
yeah, let's circle back to the test suite. phoenix found a bug yesterday so even though he wants to retire I won't let him, yet
18:06 donsizemore
writing my README explanation, then apitokenlookup, then back to test suite =)
18:07 pdurbin
awesome :)
18:07 pdurbin
see, I don't even need a board, you're so fast :)
18:07 donsizemore
you can drag stuff onto project 5
18:08 pdurbin
:)
18:09 pdurbin
good progress on payara 5 yesterday
18:24 jturitto joined #dataverse
18:24 jturitto left #dataverse
18:30 donsizemore
@pdurbin so, the role already pulls and sets the root user's api token for its sample data run. this API token lookup is just a standalone setting you want turned on via group_var switch?
18:31 pdurbin
yep, exactly
18:31 pdurbin
We built this for OSF originally.
18:32 pdurbin
They wanted a way to get a user's API token based on a username and password.
18:32 pdurbin
Maybe we shouldn't have added it, but we did.
18:32 pdurbin
At least it's off by default. :)
18:35 donsizemore
so, what's the relation of your script to the setting? (all ansible will do is set this to true, yes?)
18:36 pdurbin
I'm creating sample data using pyDataverse. Like my Open Source at Harvard dataset. To create anything I need an API token.
18:37 pdurbin
And I'm not on the server running Dataverse.
18:39 donsizemore
testing now
18:45 pdurbin
cool
18:45 pdurbin
I think I'll try to rewrite my scripty from bash to pyDataverse
18:45 pdurbin
there's a nice generic "get_request" function
18:56 pdurbin
I'm using it here: https://github.com/IQSS/dataverse-sample-data/commit/4c85a6a
18:57 donsizemore
you gots two pull requests
18:58 pdurbin
Looking. Why did you add an "@" before "dataverse/defaults/main.yml"?
19:04 donsizemore
doesn't it require the @ to read in JSON /YAML ?
19:04 donsizemore
you can pass key-values at the CLI , but to read in a file you need the @
19:11 pdurbin
It works fine without the @.
19:12 donsizemore
ah, ok.
19:12 pdurbin
so can we take it out? :)
19:13 donsizemore
as long as it works
19:16 pdurbin
trying it again now with no @ on 80_allow_api_token_lookup and allow_lookup set to true
19:26 pdurbin
seems to work fine with no @
19:35 donsizemore
bah. stupid table!
19:35 pdurbin
heh
19:36 donsizemore
i'll fix both
19:36 pdurbin
thanks
19:36 pdurbin
I merged the api token one. Thanks!
19:42 sachaj joined #dataverse
19:47 pdurbin
sachaj: hi! I gotta run but maybe you met donsizemore last week.
20:26 sachaj
hi phil, i only just briefly met don as I was leaving. just testing out the chat room here.
20:32 pdurbin_m joined #dataverse
20:33 pdurbin_m
sachaj: this chat room has issues: https://github.com/IQSS/chat.dataverse.org/issues :)
20:52 pdurbin
but I hope you enjoy it :)
20:54 donsizemore
oh... duh. @pdurbin i had RST in mind instead of MD. hence the table silliness
20:54 pdurbin
ah
20:54 pdurbin
I hate messing with tables in both rst and markdown.
