Dex storage - mysql

Is the update_ood_portal script able to parse out storage option or only support sqlite? I like to use mysql based on recommendations from dex:

verstion: ood 1.8

type: mysql
config:
database: dex_db
user: dex_user
password: password;)

edit: version packaged is 2.24, only supports sqlite & postgresql. Like use pgsql if possible

ref: Dex

Best regards,
Jesse Waters
Corvid Technologies

@jesse.waters I looked into this and right now there’s only support for the SQLite adapter in the portal generator for Dex. It’s a good idea that we don’t restrict this and I’ve opened up a ticket on GitHub here Add support for overriding storage connector in Dex · Issue #1140 · OSC/ondemand · GitHub to track progress on adding upstream support for this:

Here’s exactly where the storage config is generated:

A quick solution to get this working now is to manually modify the Dex generator at /opt/ood/ood-portal-generator/lib/ood_portal_generator/dex.rb with something like this:

@dex_config[:storage] = {
  type: 'postgres',
  config: {
    database: 'dex_db',
    user: 'dex',
    password: 'hunter2',
    ssl: {
      mode: 'verify-ca',
      caFile: '/etc/dex/postgres.ca'
    }
  }
}

Thanks for the quick response. As a side question are most people using sqlite as dex’s storage? How has its performance been for multiple concurrent sessions? Any best practice suggestions?

Thanks again,
Jesse

@jesse.waters We don’t use Dex at OSC, I’m not sure about the usage metrics out there! Maybe @jeff.ohrstrom or @tdockendorf can answer? Dex was a nice upgrade from the previous default we provided (Basic HTTP Authentication)

But SQLite is awesome, battle tested and used around OnDemand for managing application state https://osc.github.io/ood-documentation/master/architecture.html#container-context

The health of any system running OnDemand is almost always going to be a function of disk throughput / availability. Be that NFS or local SSDs.

What are you guys using at OSC for authentication? Basic Auth with Pam and or sssd? I want to hit our internal IDM (ipa), and am not interested in any federated services like google, microsoft.

Thanks for your time and best regards,
Jesse

@jesse.waters We use Keycloak at OSC. Though, Dex is a great IDP and you can go as simple or as complex with the configuration as you want.

Also to give you an update on overriding the Dex storage config, it’s possible now. Support changing Dex storage by treydock · Pull Request #1143 · OSC/ondemand · GitHub was merged into master and will be available in the next patch release!