Uploaded image for project: 'Ansible Automation Platform RFEs'
  1. Ansible Automation Platform RFEs
  2. AAPRFE-1811

Automatically migrate LDAP configuration when upgrading from AAP 2.4 to 2.5

XMLWordPrintable

    • False
    • Hide

      None

      Show
      None
    • False
    • Feature Refinement
    • 2.5

      1. What is the nature and description of the request?

      Given the introduction of the Automation Gateway in the newest 2.5 version, all the authentication/authorization configuration goes through it, which, I guess, it's the reason for the following statement in the official documentation (https://docs.redhat.com/en/documentation/red_hat_ansible_automation_platform/2.5/html-single/access_management_and_authentication/index#controller-set-up-LDAP):

      "Migration of LDAP authentication settings are not supported for 2.4 to 2.5 in the platform UI. If you are upgrading from Ansible Automation Platform 2.4 to 2.5, be sure to save your authentication provider data before upgrading."

      The problem is that this new process of not allowing an automatic migration of the LDAP configuration during the upgrade process in any way poses different other issues, like the following ones:

      https://issues.redhat.com/browse/AAPRFE-1809

      https://issues.redhat.com/browse/AAP-36380

      In addition, for a production environment, depending on the size of the environment and the number of users registered, this could be a "no-go" for an upgrade.

      1. Why does the customer need this? (List the business requirements here)

      Depending on the customer LDAP configuration in place before the upgrade, doing a manual process of backing up their whole configuration and having to apply it manually all over again, or even worst, not being aware of this and having to configure all over from scratch, it's a huge blocker. The process should be seamless for the user as it has been so far in previous updates/upgrades. Adding a new step of configuration post-upgrade, specially like this, that impacts directly customer authentication, authorization, permission, etc., is very cumbersome.

      1. How would you like to achieve this? (List the functional requirements here)

      I don't possess enough expertise in the current AAP 2.5 architecture to describe the detailed steps for a new process or architecture, but in general terms, I'd expect some sort of automation to migrate and integrate the previous LDAP configuration to the new Automation Gateway, and therefore AAP 2.5 as a whole, during the upgrade process through new playbooks, I guess, or even through the UI after the upgrade finishes.

      1. List any affected known dependencies: Doc, UI etc..

      UI, Doc, Automation Gateway, Automation Controller, upgrade playbooks and external LDAP identity provider.

      1. Github Link if any

              dysilva Dylan Silva
              rhn-support-alolivei Alexon Ferreira de Oliveira
              Votes:
              2 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: