5. Support#
5.1. UCS@school APIs#
The Provisioning API and Self-disclosure API are plugins for the UCS@school APIs app.
Restarting the app and thus the Provisioning API or Self-disclosure API:
univention-app restart ucsschool-apisThe logs for the UCS@school APIs app can be found in
/var/log/univention/ucsschool-apis/.http.logcontains the log entries of the app itself andopa.logcontains the logs of the integrated OPA service.As they use the Kelvin API, you should also check the Kelvin logs under
/var/log/univention/ucsschool-kelvin-rest-api/.The configuration directory for the UCS@school APIs App is
/etc/ucsschool/apis, wheresettings.jsonis the main configuration file. There you can find a list of activated plugins and configuration for the authentication of users.Plugins tend to create a subdirectory for their own specific configurations. The two configuration files for the Provisioning API and Self-disclosure API can both be found in
/etc/ucsschool/apis/id-broker/. They are automatically created by the joinscript of the respective plugins debian package as described in ID Broker Installation.For login related problems you can also check the Keycloak logs. Call
docker logs keycloakon thesso-brokersystems to inspect them.
5.2. Univention ID Broker Self-disclosure DB Builder#
The SDDB app uses app settings for configuration. To show the list of possible configurations, run the following command:
$ univention-app configure id-broker-sddb-builder --list
5.2.1. SDDB Command line interface#
The SDDB app provides a command line interface (CLI) to run a few
common tasks from the command line. It’s available inside the apps Docker
container. The log file for the CLI locates at
/var/log/univention/id-broker-sddb-builder/cli.log.
The CLI has five top level commands of which three have sub commands. Use
--help to explore how to use the commands:
sddb-builder --help
univention-app shell id-broker-sddb-builder
sddb-builder --help
Usage: sddb-builder [OPTIONS] COMMAND [ARGS]...
Manage the Self-disclosure database builders queues.
╭─ Options ──────────────────────────────────────────────────────────────────────────────╮
│ --json --no-json Enable JSON output. [default: no-json] │
│ --verbose --no-verbose Enable DEBUG level output, incl. │
│ possibly private data. │
│ [default: no-verbose] │
│ --trace --no-trace Enable TRACE level output, incl. │
│ possibly private data. │
│ [default: no-trace] │
│ --log-file TEXT Custom log file location. │
│ [default: │
│ /var/log/univention/id-broker-sddb-buil… │
│ --install-completion Install completion for the current │
│ shell. │
│ --show-completion Show completion for the current shell, │
│ to copy it or customize the │
│ installation. │
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Commands ─────────────────────────────────────────────────────────────────────────────╮
│ connection-tests Read configuration and verify connectivity to all databases. │
│ data Data related sub commands. See 'sddb-builder data --help' for │
│ details. │
│ queues Queuing related sub commands. See 'sddb-builder queues --help' for │
│ details. │
│ stats Statistics related sub commands. See 'sddb-builder stats --help' for │
│ details. │
│ version Print version of SDDB. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
sddb-builder queues --help
sddb-builder queues --help
Queuing related sub commands. See 'sddb-builder queues --help' for details.
╭─ Options ──────────────────────────────────────────────────────────────────────────────╮
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Commands ─────────────────────────────────────────────────────────────────────────────╮
│ append Append an item to a queue. │
│ bulk-append Append multiple items to a queue. │
│ flush Remove all items in the queue. │
│ length Print number of items in queue. │
│ rebuild-all-group Enqueue the rebuild of all group objects currently in the SDDB. │
│ rebuild-all-users Enqueue the rebuild of all user objects currently in the SDDB. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
sddb-builder stats --help
sddb-builder stats --help
Statistics related sub commands. See 'sddb-builder stats --help' for details.
╭─ Options ──────────────────────────────────────────────────────────────────────────────╮
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Commands ─────────────────────────────────────────────────────────────────────────────╮
│ consumed-items Print number of items consumed by hosts for each queue. │
│ conversion-errors Print number of errors encountered while converting data from │
│ source to target database (per consuming host). │
│ inconsistencies-found Print number of inconsistencies found in either the source or │
│ the target database. │
│ redis-info Print Redis statistics (JSON serializable). │
╰────────────────────────────────────────────────────────────────────────────────────────╯
sddb-builder queues append --help
You can also use the --help for sub commands:
sddb-builder queues append --help
Usage: sddb-builder queues append [OPTIONS] [QUEUE]:[regular|high|consistency]
ITEM_TYPE:{user|group|sp_mapping} ITEM
Append an item to a queue.
╭─ Arguments ────────────────────────────────────────────────────────────────────────────╮
│ queue [QUEUE]:[regular|high|consistenc The queue to append to. │
│ y] [default: regular] │
│ * item_type ITEM_TYPE:{user|group|sp_mapping What kind of object to enqueue. │
│ } [default: None] │
│ [required] │
│ * item TEXT The pseudonym, group oder user │
│ name to enqueue. Pseudonyms must │
│ be a pipe(|) concatenated string │
│ of service provider and │
│ pseudonym, e.g. │
│ 'itslearning|abcdef'. Use an │
│ empty string for service │
│ provider mapping ('sp_mapping'). │
│ [default: None] │
│ [required] │
╰────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Options ──────────────────────────────────────────────────────────────────────────────╮
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
sddb-builder queues bulk-append
Usage: sddb-builder queues bulk-append [OPTIONS]
[QUEUE]:[regular|high|consistency] ITEM
_TYPE:{user|group|sp_mapping|school|lda
p_filter} ITEMS...
Append multiple items to a queue.
╭─ Arguments ────────────────────────────────────────────────────────────────────────────╮
│ queue [QUEUE]:[regular|high|consistenc The queue to append to. │
│ y] [default: regular] │
│ * item_type ITEM_TYPE:{user|group|sp_mapping What kind of objects to enqueue. │
│ |school|ldap_filter} [default: None] │
│ [required] │
│ * items ITEMS... The pseudonyms, group, user, │
│ school names or LDAP filter to │
│ enqueue. Pseudonyms must be a │
│ pipe (|) concatenated string of │
│ service provider and pseudonym, │
│ e.g. 'itslearning|abcdef'. Use │
│ an empty string for service │
│ provider mapping ('sp_mapping'). │
│ LDAP filters must be surrounded │
│ by parenthesis. A school name │
│ means, that all users and groups │
│ of that school will be appended. │
│ Users school membership is │
│ determined using the 'schools' │
│ attribute. │
│ [default: None] │
│ [required] │
╰────────────────────────────────────────────────────────────────────────────────────────╯
╭─ Options ──────────────────────────────────────────────────────────────────────────────╮
│ --help Show this message and exit. │
╰────────────────────────────────────────────────────────────────────────────────────────╯
5.2.2. Examples for sddb-builder commands#
The following are a few examples how to use the CLI:
sddb-builder version
0.1.0
sddb-builder queues length regular
0
sddb-builder queues append regular group DEMOSCHOOL-Democlass
sddb-builder queues append regular user 'bettermarks|4dab8d9b-818a-47e5-8470-fa2bc15dc0db'
sddb-builder queues append regular sp_mapping ""
sddb-builder queues length regular
3
sddb-builder queues bulk-append regular school DEMOSCHOOL
sddb-builder queues length regular
8
sddb-builder stats redis-info
{
..
"uptime_in_days": 13,
"uptime_in_seconds": 1186463,
..
"used_memory_rss": 3682304,
"used_memory_rss_human": "3.51M",
..
}
5.2.3. SDDB REST API#
The Self-Disclosure API uses The REST API to schedule the high priority update
of users and groups in the Self-Disclosure Database in case a user asks for an
object which isn’t yet present in the Database. To add elements to the high
priority queue in the form of their pseudonym or entry_uuid, the
Self-Disclosure API offers the endpoints append and extend.
To get current information about the Self-Disclosure Database Builder in the
prometheus format, use the
metrics endpoint.
The log file for the REST API locate at
/var/log/univention/id-broker-sddb-builder/http.log.