About centralized

Centralized is a simple identity management system.
It’s features are:

• Identity management.
  
• Policy.
  
• Sourcing users from github, bitbucket and possibly others, please ask.

Centralized scope is defined such as:

• Only linux servers (While others *nix may work, please ask for support).
  
• SSH access management.
  
• Sudo access management.
  
• Creates users and user groups on servers.
  
• Restricts users once they are removed from your github or bitbucket team/organization.

Elements

Centralized is composed of the following:

• Service
• Connectors: (Connects to github or bitbucket and gets a list of users, pubkeys in your organization and injects them in centralized DB).
• Database: (Holds your data: users, servers, groups, roles, etc…)
• API: Allows you to manage access and sudo rules of different users to servers.
• Registration script (Allows servers to register to the service).
• centralized cron script, also called “daemon” (creates/disable users/groups/sudo access to servers).

The scripts running on your servers are python3 scripts, so you can access the code, patches welcome, so are questions, remarks or wishes.

Managed Systems

Let’s first define what is meant here.
Managed systems are computers running Linux (some other unixes may/should work, not confirmed) and for which users, groups, access and sudo rules are managed by centralized.

4 elements are needed on such server (config.ini, see "Run the service" section)

• A configuration file.
  
• A script to register the server to your organization in centralized.
  
• A cron script to update the managed system and reflect identities and credentials
  
• A cron entry to run the above mentioned script.

The 3 later elements are installed using an RPM or a DEB file. An ansible role is provided to ease the task.