Create individual user accounts instead of sharing ocdskfp #142
Comments
|
jpmckinney
changed the title
|
ocdskfs was already no longer shared (no authorized_keys argument in its create_user macro call). |
|
@RobHooper On the new server, Kingfisher Summarize will have a command-line tool at Instead of giving everyone access to the The I don't know enough about sudo configuration, but is there a way to allow other users to run Update: I guess another option is to set each user's .pgpass file (handy for the user, so they don't need to enter their password when logged in). I think the only remaining issue is that Summarize will try to read the wrong logging.json file. I'll think about adding an option that sets a fixed path for that file. Edit: Okay, that's what I did. Nevermind! |
|
Issue open as have to document how to run Kingfisher Process as a non-owner. |
Rename: - ocdskfs: collect (to match registry, in order to avoid confusion) - ocdskfp: summarize - collect: incremental - ocdskingfishercollect: kingfisher-collect (directory) or kingfisher_collect (database) - ocdskingfisherprocess: kingfisher_process - ocdskingfisherscrape: kingfisher-collect - ocdskingfisherviews: kingfisher-summarize - OCDS_KINGFISHER_SCRAPE_*: OCDS_KINGFISHER_COLLECT_* Salt/Pillar: - Move data support-related commands, Python packages, SQL extensions and reference schema to kingfisher/init.sls - Create individual users, and remove access to general user #142 - Create .pgpass files for the individual users - collect: Give deployer user access to the FILES_STORE directory - process: Set ENABLE_CHECKER - summarize: Change .env to world-readable (contains no secrets) - summarize: Set KINGFISHER_SUMMARIZE_LOGGING_JSON in .env - summarize: summary_view_1_2_research schema was deleted - Use contents key for .pgpass files Docs: - Remove Kingfisher Process v1-specific documentation
|
Added documentation to bullet list in #402 |
Presently, unless analysts are diligent in naming and organizing files and directories and tmux sessions to include their name, it takes some effort to determine to whom files and sessions belong. If each user had their own account, this would be easy without extra steps.
Since we changed how users interact with Scrapyd, the only remaining use case for
ocdskfsis to read the Scrapyd log files from the command-line. However, the files are world readable, so any user can access these.The
ocdskfpuser is presently used to activate a virtual environment and run Kingfisher Process and Views commands. We can look into a different deployment pattern so that individual users can run these commands without having multiple instances of the apps.The text was updated successfully, but these errors were encountered: