Simple TOML Name Service
port = 1104
include = "/etc/stns/conf.d/*"
module_path = "/usr/local/stns/modules.d"
load_module = "mod_stns_etcd.so"
allow_ips = ["10.0.0.1/24"]
# basic auth
[basic_auth]
user = "basic_user"
password = "basic_password"
# token auth
[token_auth]
tokens = ["xxxxxxx"]
# tls encrypt
[tls]
# ca = "/etc/stns/keys/ca.pem" # using only client authentication
cert = "/etc/stns/keys/server.crt"
key = "/etc/stns/keys/server.key"
[users.example]
id = 1001
group_id = 1001
directory = "/home/example" # default:/home/:user_name
shell = "/bin/bash" # default:/bin/bash
keys = ["ssh-rsa XXXXX…"]
link_users = ["foo"]
[groups.example]
id = 1001
users = ["example"]
[modules.etcd]
endpoints = ["http://127.0.0.1:2379"]
| Name | Description | Default |
|---|---|---|
| port | listen port | 1104 |
| include | include config directory | - |
| module_path | module include path | /usr/local/stns/modules.d |
| load_module | include module name | - |
| allow_ips | allow ip(subnet) list | - |
| basic_auth - user | basic authentication user(env:STNS_BASIC_AUTH_USER) | - |
| basic_auth - password | basic authentication password(env:STNS_BASIC_AUTH_PASSWORD) | - |
| token_auth - tokens | token authentication tokens(env:STNS_AUTH_TOKEN separator is ,) |
- |
| tls - ca | ca public key(use only client authentication) | - |
| tls - cert | server certificate | - |
| tls - key | server private key | - |
| ldap - base_dn | ldap server base dn | dc=stns,dc=local |
| redis - host | redis host name | - |
| redis - user | redis username | - |
| redis - password | redis password(env:STNS_REDIS_PASSWORD) | - |
| redis - ttl | redis ttl | - |
| redis - db | redis db id | - |
| Name | Description |
|---|---|
| id(※) | unique user id |
| group_id(※) | id of the group they belong |
| directory | home directory path |
| shell | default shell path |
| gecos | description |
| keys | public key list |
| link_users | merge public key from the specified user |
| password | password token |
link_users params is merge public key from the specified user
[users.example1]
keys = ["ssh-rsa aaa"]
link_users = ["example2"] ←
[users.example2]
keys = ["ssh-rsa bbb"]
$ /usr/lib/stns/stns-key-wrapper example1
ssh-rsa aaa
ssh-rsa bbb
$ /usr/lib/stns/stns-key-wrapper example2
ssh-rsa bbb
| Name | Description |
|---|---|
| id(※) | unique group id |
| users | user name of the members |
| link_groups | merge from belong to the other group users |
It can be used to represent the organizational structure
[groups.department]
users = ["user1"]
link_groups = ["division"]
[groups.division]
users = ["user2"]
$ curl http://stns.example.com/v1/groups?name=department
[{
…
"users": ["user1", "user2"]
}]
$ curl http://stns.example.com/v1/groups?name=division
[{
…
"users": ["user2"]
}]
| Name | Description | Type |
|---|---|---|
| endpoints | etcd urls | strings |
| user | etcd user | string |
| password | etcd password(env:STNS_ETCD_PASSWORD) | string |
| sync | sync config from toml file(exclude user password) | bool |
| Name | Description | Type | |
|---|---|---|---|
| read_capacity_units | table read capacity units | int | |
| write_capacity_units | table write capacity units | int | |
| user_table_name | user table name | string | |
| group_table_name | group table name | string | |
| sync | sync config from toml file(exclude user password) | bool |
The following environment variables need to be set
api_endpoint = "http://api01.example.com/v1"
http_proxy = "http://localhost:8080"
request_timeout = 3
request_retry = 1
request_locktime = 600
ssl_verify = true
# basic auth
user = "basic_user"
password = "basic_password"
# token auth
auth_token = "token"
query_wrapper = "/usr/local/bin/stns-query-wrapper"
chain_ssh_wrapper = "/usr/libexec/openssh/ssh-ldap-wrapper"
cache = true
cache_dir = "/var/cache/stns/"
cache_ttl = 600
negative_cache_ttl = 600
uid_shift = 2000
gid_shift = 2000
# tls client authentication
[tls]
ca = "/etc/stns/keys/ca.pem"
cert = "/etc/stns/keys/client.crt"
key = "/etc/stns/keys/client.key"
[cached]
enable = true
prefetch = true
| Name | Description | Default |
|---|---|---|
| api_endpoint | api endpoints | http://localhost:1104/v1 |
| request_timeout | http request timeout | 10 |
| request_retry | http request of retries | 3 |
| request_locktime | request lock when after request timeout | 60 |
| http_proxy | use http proxy | - |
| ssl_verify | verify certs | true |
| user | basic authentication user | - |
| password | basic authentication password | - |
| auth_token | token authentication token | - |
| query_wrapper | use it when acquiring information with arbitrary script | - |
| chain_ssh_wrapper | use to obtain public key from other than stns | - |
| cache | use request cache | true |
| cache_dir | save cache directory | /var/cache/stns |
| cache_ttl | cache ttl | 600 |
| negative_cache_ttl | cache ttl when resource notfound | 60 |
| uid_shift | user id shift from stns response user id | 0 |
| gid_shift | group id shift from stns response group id | 0 |
| tls - ca | ca certificate | (Depends on cURL) |
| tls - cert | client certificate | - |
| tls - key | client private key | - |
| cached - enable | enable cached | false |
| cached - prefetch | resource prefech inteval cache ttl | false |
This theme is a fork of Solo.