3. File locations#
This section lists relevant directories and files. Configuration file must not be edited by hand. All configuration is done either through the app settings in the UCS app center or through the UCS@school ID Connector HTTP API.
Nothing needs to be backed up and restored before and after an app update, because all important data is persisted in files on volumes mounted from the UCS host into the docker container.
3.1. Log files#
/var/log/univention/ucsschool-id-connector
is a volume mounted into the docker container,
so it can be accessed from the host.
The directory contains:
http.log
: log of the HTTP-API (both ASGI server and API application)queues.log
: log of the queue management daemonOld versions of above log files with timestamps appended to the file name. Log file rotation happens on Mondays and 15 copies are kept.
Log output can also be seen running:
$ docker logs <container name>
3.3. Queue files#
The LDAP listener process on the UCS host creates a JSON file
for each creation/modification/move/deletion of a user object.
Those JSON files are written to
/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/listener
.
That is the directory of the in queue.
The process handling the in queue copies files from there to a directory
for each school authority that it can associate with the user account in the file.
Each out queue handles a directory below
/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/out_queues
.
When a school authority configuration is deleted, its associated queue directory is moved to
/var/lib/univention-appcenter/apps/ucsschool-id-connector/data/out_queues_trash
.
3.4. Token signature key#
The key with which the JWTs are signed is in the file
/var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/tokens.secret
.
The file is created by the apps join script (see Install above).
3.5. SSL certificates for Kelvin client plugin#
The plugin that connects to the Kelvin API on the school authority side looks for and stores
SSL certificates as
/var/lib/univention-appcenter/apps/ucsschool-id-connector/conf/ssl_certs/HOSTNAME
.
In case the certificate cannot be downloaded automatically, it can be saved there manually.
3.6. Volumes#
The following directories are mounted from the host into the container:
/var/lib/univention-appcenter/listener
/var/log/univention/ucsschool-id-connector