debian: Cut and update packaging with the last changes on master
* migration to Django 1.7 * use new settings.py environment variable * split in 4 packages : hobo, hobo-multitenant, hobo-agent and python-hobo Closes #6458
This commit is contained in:
parent
0868128267
commit
45854deb8f
|
@ -0,0 +1,21 @@
|
|||
Hobo agent for Debian
|
||||
=====================
|
||||
|
||||
First step configure sudo
|
||||
--------------------------
|
||||
|
||||
1. Edit your sudo configuration with sudoers
|
||||
2. If you want to deploy wcs-au-quotidien add this line::
|
||||
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_deploy
|
||||
3. If you want to deploy Authentic 2 tenant add this line::
|
||||
hobo-agent ALL=(authentic)NOPASSWD:/usr/bin/authentic2-multitenant-ctl deploy
|
||||
4. If you want to deploy Combo tenant add this line::
|
||||
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-multitenant-manage hobo_deploy
|
||||
5. If you want to deploy Passerelle tenant add this line::
|
||||
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-multitenant-manage hobo_deploy
|
||||
|
||||
Second step configure your agent
|
||||
-------------------------------
|
||||
|
||||
1. Edit /etc/hobo-agent/settings.py (change BROKER_URL if distant)
|
||||
2. Restart supervisor
|
|
@ -0,0 +1,25 @@
|
|||
[program:hobo-agent]
|
||||
command=celery worker --app=hobo.agent.worker --loglevel=INFO
|
||||
environment=HOBO_AGENT_SETTINGS_FILE="/etc/hobo-agent/settings.py"
|
||||
process_name=hobo-agent
|
||||
user=hobo-agent
|
||||
numprocs=1
|
||||
stdout_logfile=/var/log/hobo-agent/stdout.log
|
||||
stderr_logfile=/var/log/hobo-agent/stderr.log
|
||||
|
||||
autostart=true
|
||||
autorestart=true
|
||||
startsecs=10
|
||||
; Need to wait for currently executing tasks to finish at shutdown.
|
||||
; Increase this if you have very long running tasks.
|
||||
stopwaitsecs = 600
|
||||
|
||||
; When resorting to send SIGKILL to the program to terminate it
|
||||
; send SIGKILL to its whole process group instead,
|
||||
; taking care of its children as well.
|
||||
killasgroup=true
|
||||
|
||||
; if rabbitmq is supervised, set its priority higher
|
||||
; so it starts first
|
||||
priority=998
|
||||
|
|
@ -0,0 +1,23 @@
|
|||
# AMQP message broker
|
||||
# http://celery.readthedocs.org/en/latest/configuration.html#broker-url
|
||||
# transport://userid:password@hostname:port/virtual_host
|
||||
BROKER_URL = 'amqp://'
|
||||
|
||||
# It's possible to limit agents to particular applications, or particular
|
||||
# hostnames, using the AGENT_HOST_PATTERNS configuration variable.
|
||||
#
|
||||
# The format is a dictionary with applications as keys and a list of hostnames as
|
||||
# value. The hostnames can be prefixed by an exclamation mark to exclude them.
|
||||
#
|
||||
# AGENT_HOST_PATTERNS = {
|
||||
# 'wcs': ['*.example.net', '! *.dev.example.net'],
|
||||
# }
|
||||
#
|
||||
# Will limit wcs deployments to *.example.net hostnames, while excluding
|
||||
# *.dev.example.net.
|
||||
AGENT_HOST_PATTERNS = None
|
||||
|
||||
WCS_MANAGE_COMMAND = 'sudo -u wcs-au-quotidien /usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg'
|
||||
AGENT_AUTHENTIC_COMMAND = 'sudo -u authentic /usr/bin/authentic2-multitenant-ctl deploy'
|
||||
COMBO_MANAGE_COMMAND = 'sudo -u combo /usr/bin/combo-multitenant-manage'
|
||||
PASSERELLE_MANAGE_COMMAND = 'sudo -u passerelle /usr/bin/passerelle-multitenant-manage'
|
|
@ -0,0 +1,4 @@
|
|||
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_deploy
|
||||
hobo-agent ALL=(authentic)NOPASSWD:/usr/bin/authentic2-multitenant-ctl hobo_deploy
|
||||
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-multitenant-manage hobo_deploy
|
||||
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-multitenant-manage hobo_deploy
|
|
@ -1,14 +1,48 @@
|
|||
Source: hobo
|
||||
Maintainer: Frederic Peters <fpeters@entrouvert.com>
|
||||
Maintainer: Jérôme Schneider <jschneider@entrouvert.com>
|
||||
Section: python
|
||||
Priority: optional
|
||||
Build-Depends: python-setuptools (>= 0.6b3), python-all (>= 2.6.6-3), debhelper (>= 7)
|
||||
Standards-Version: 3.9.1
|
||||
X-Python-Version: >= 2.7
|
||||
|
||||
Package: python-hobo
|
||||
Architecture: all
|
||||
Depends: ${misc:Depends}, ${python:Depends}, python-celery (>= 3.1.13)
|
||||
Recommends: python-django (>= 1.7), python-gadjo, python-django-mellon (>= 1.2.11)
|
||||
Description: Entr'ouvert Remote Deployment python module
|
||||
|
||||
Package: hobo
|
||||
Architecture: all
|
||||
Depends: ${misc:Depends}, ${python:Depends}, python-django, python-gadjo,
|
||||
python-entrouvert (>= 6.2.0), python-django-allauth-authentic2, python-django-south,
|
||||
python-celery (>= 3.1.13), python-django-mellon (>= 1.2.7)
|
||||
Recommends: python-django-tenant-schemas
|
||||
Description: Portail admin
|
||||
Depends: python-hobo (= ${binary:Version}),
|
||||
rabbitmq-server (>= 3.3),
|
||||
erlang-nox (>= 1:17.1),
|
||||
python-django (>= 1.7),
|
||||
python-gadjo,
|
||||
python-django-mellon (>= 1.2.11),
|
||||
gunicorn
|
||||
Recommends: nginx
|
||||
Description: Rapid Remote Deployment Daemon
|
||||
Warning install blinding edge : https://www.rabbitmq.com/install-debian.html
|
||||
|
||||
Package: hobo-multitenant
|
||||
Architecture: all
|
||||
Depends: python-hobo (= ${binary:Version}),
|
||||
python-django-tenant-schemas,
|
||||
python-psycopg2,
|
||||
rabbitmq-server (>= 3.3),
|
||||
erlang-nox (>= 1:17.1),
|
||||
python-django (>= 1.7),
|
||||
python-gadjo,
|
||||
python-django-mellon (>= 1.2.11),
|
||||
gunicorn
|
||||
Recommends: nginx, postgresql
|
||||
Description: Multitenant Rapid Remote Deployment Daemon
|
||||
Warning install blinding edge : https://www.rabbitmq.com/install-debian.html
|
||||
|
||||
Package: hobo-agent
|
||||
Architecture: all
|
||||
Depends: python-hobo (= ${binary:Version}),
|
||||
sudo, supervisor
|
||||
Description: Rapid Remote Deployment Agent
|
||||
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
/etc/hobo-agent
|
||||
/var/log/hobo-agent
|
||||
/etc/sudoers.d
|
||||
/etc/supervisor/conf.d
|
|
@ -0,0 +1,3 @@
|
|||
debian/agent/settings.py /etc/hobo-agent
|
||||
debian/agent/hobo-agent.conf /etc/supervisor/conf.d
|
||||
debian/agent/sudo-hobo-agent /etc/sudoers.d
|
|
@ -0,0 +1,36 @@
|
|||
#! /bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
NAME="hobo-agent"
|
||||
USER=$NAME
|
||||
GROUP=$NAME
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
|
||||
# make sure the administrative user exists
|
||||
if ! getent passwd $USER >/dev/null; then
|
||||
adduser --disabled-password --quiet --system \
|
||||
--no-create-home --home /nonexistent \
|
||||
--gecos "$NAME software user" --group $GROUP
|
||||
fi
|
||||
# ensure dirs ownership
|
||||
chown $USER:$GROUP /var/log/$NAME
|
||||
|
||||
invoke-rc.d supervisor restart
|
||||
;;
|
||||
|
||||
abort-upgrade|abort-remove|abort-deconfigure)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "postinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
|
@ -0,0 +1,8 @@
|
|||
/etc/hobo-multitenant
|
||||
/var/lib/hobo-multitenant/collected-static
|
||||
/var/lib/hobo-multitenant/locale
|
||||
/var/lib/hobo-multitenant/media
|
||||
/var/lib/hobo-multitenant/static
|
||||
/var/lib/hobo-multitenant/templates
|
||||
/var/lib/hobo-multitenant/tenants
|
||||
/var/log/hobo-multitenant
|
|
@ -0,0 +1,2 @@
|
|||
debian/multitenant/README.Debian
|
||||
debian/rabbitmq/rabbitmq.config.example
|
|
@ -0,0 +1,194 @@
|
|||
#!/bin/sh
|
||||
### BEGIN INIT INFO
|
||||
# Provides: hobo-multitenant
|
||||
# Required-Start: $network $local_fs
|
||||
# Required-Stop:
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: Portail admin
|
||||
# Description: Portail admin
|
||||
### END INIT INFO
|
||||
|
||||
# Author: Entr'ouvert <info@entrouvert.com>
|
||||
|
||||
PATH=/sbin:/usr/sbin:/bin:/usr/bin
|
||||
DESC="Portail admin"
|
||||
NAME=hobo-multitenant
|
||||
DAEMON=/usr/bin/gunicorn
|
||||
RUN_DIR=/run/$NAME
|
||||
PIDFILE=$RUN_DIR/$NAME.pid
|
||||
LOG_DIR=/var/log/$NAME
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
BIND=unix:$RUN_DIR/$NAME.sock
|
||||
WORKERS=5
|
||||
TIMEOUT=10
|
||||
|
||||
HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
|
||||
MANAGE_SCRIPT="/usr/bin/$NAME-manage"
|
||||
|
||||
USER=$NAME
|
||||
GROUP=$NAME
|
||||
|
||||
# Exit if the package is not installed
|
||||
[ -x $DAEMON ] || exit 0
|
||||
|
||||
# Read configuration variable file if it is present
|
||||
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
|
||||
|
||||
DAEMON_ARGS=${DAEMON_ARGS:-"--pid $PIDFILE \
|
||||
--user $USER --group $GROUP \
|
||||
--daemon \
|
||||
--access-logfile $LOG_DIR/gunicorn-access.log \
|
||||
--log-file $LOG_DIR/gunicorn-error.log \
|
||||
--bind=$BIND \
|
||||
--workers=$WORKERS \
|
||||
--worker-class=sync \
|
||||
--timeout=$TIMEOUT \
|
||||
--name $NAME \
|
||||
hobo.wsgi:application"}
|
||||
|
||||
# Load the VERBOSE setting and other rcS variables
|
||||
. /lib/init/vars.sh
|
||||
|
||||
# Define LSB log_* functions.
|
||||
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
|
||||
. /lib/lsb/init-functions
|
||||
|
||||
# Create /run directory
|
||||
if [ ! -d $RUN_DIR ]; then
|
||||
install -d -m 755 -o $USER -g $GROUP $RUN_DIR
|
||||
fi
|
||||
|
||||
# environment for wsgi
|
||||
export HOBO_SETTINGS_FILE
|
||||
|
||||
#
|
||||
# Function that starts the daemon/service
|
||||
#
|
||||
do_start()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been started
|
||||
# 1 if daemon was already running
|
||||
# 2 if daemon could not be started
|
||||
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|
||||
|| return 1
|
||||
start-stop-daemon --start --quiet --exec $DAEMON -- \
|
||||
$DAEMON_ARGS \
|
||||
|| return 2
|
||||
}
|
||||
|
||||
#
|
||||
# Function that stops the daemon/service
|
||||
#
|
||||
do_stop()
|
||||
{
|
||||
# Return
|
||||
# 0 if daemon has been stopped
|
||||
# 1 if daemon was already stopped
|
||||
# 2 if daemon could not be stopped
|
||||
# other if a failure occurred
|
||||
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
|
||||
RETVAL="$?"
|
||||
[ "$RETVAL" = 2 ] && return 2
|
||||
# Wait for children to finish too if this is a daemon that forks
|
||||
# and if the daemon is only ever run from this initscript.
|
||||
# If the above conditions are not satisfied then add some other code
|
||||
# that waits for the process to drop all resources that could be
|
||||
# needed by services started subsequently. A last resort is to
|
||||
# sleep for some time.
|
||||
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
|
||||
[ "$?" = 2 ] && return 2
|
||||
# Many daemons don't delete their pidfiles when they exit.
|
||||
rm -f $PIDFILE
|
||||
return "$RETVAL"
|
||||
}
|
||||
|
||||
#
|
||||
# Function that sends a SIGHUP to the daemon/service
|
||||
#
|
||||
do_reload() {
|
||||
#
|
||||
# If the daemon can reload its configuration without
|
||||
# restarting (for example, when it is sent a SIGHUP),
|
||||
# then implement that here.
|
||||
#
|
||||
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON`
|
||||
return 0
|
||||
}
|
||||
|
||||
do_migrate() {
|
||||
log_action_msg "Applying new migrations .."
|
||||
su $USER -p -c "$MANAGE_SCRIPT migrate_tenants"
|
||||
log_action_msg ".. done"
|
||||
}
|
||||
|
||||
do_collectstatic() {
|
||||
log_action_msg "Collect static files.."
|
||||
su $USER -p -c "$MANAGE_SCRIPT collectstatic --noinput"
|
||||
log_action_msg ".. done"
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
log_daemon_msg "Starting $DESC " "$NAME"
|
||||
do_migrate
|
||||
do_collectstatic
|
||||
do_start
|
||||
case "$?" in
|
||||
0|1) log_end_msg 0 ;;
|
||||
2) log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
stop)
|
||||
log_daemon_msg "Stopping $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1) log_end_msg 0 ;;
|
||||
2) log_end_msg 1 ;;
|
||||
esac
|
||||
;;
|
||||
status)
|
||||
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
|
||||
;;
|
||||
reload|force-reload)
|
||||
#
|
||||
# If do_reload() is not implemented then leave this commented out
|
||||
# and leave 'force-reload' as an alias for 'restart'.
|
||||
#
|
||||
log_daemon_msg "Reloading $DESC" "$NAME"
|
||||
do_collectstatic
|
||||
do_migrate
|
||||
do_reload
|
||||
log_end_msg $?
|
||||
;;
|
||||
restart|force-reload)
|
||||
#
|
||||
# If the "reload" option is implemented then remove the
|
||||
# 'force-reload' alias
|
||||
#
|
||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
0|1)
|
||||
do_migrate
|
||||
do_collectstatic
|
||||
do_start
|
||||
case "$?" in
|
||||
0) log_end_msg 0 ;;
|
||||
1) log_end_msg 1 ;; # Old process is still running
|
||||
*) log_end_msg 1 ;; # Failed to start
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
# Failed to stop
|
||||
log_end_msg 1
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
debian/multitenant/hobo-multitenant-manage /usr/bin
|
||||
debian/multitenant/settings.py /etc/hobo-multitenant
|
||||
debian/multitenant/debian_config.py /usr/lib/hobo-multitenant
|
||||
debian/multitenant/nginx-example.conf /usr/share/doc/hobo-multitenant
|
|
@ -2,10 +2,9 @@
|
|||
|
||||
set -e
|
||||
|
||||
NAME="hobo"
|
||||
NAME="hobo-multitenant"
|
||||
USER=$NAME
|
||||
GROUP=$NAME
|
||||
MANAGE="python /usr/lib/$NAME/manage.py --config=/usr/lib/$NAME/debian_config.py"
|
||||
CONFIG_DIR="/etc/$NAME"
|
||||
|
||||
case "$1" in
|
||||
|
@ -20,7 +19,6 @@ case "$1" in
|
|||
# ensure dirs ownership
|
||||
chown $USER:$GROUP /var/log/$NAME
|
||||
chown $USER:$GROUP /var/lib/$NAME/collected-static
|
||||
chown $USER:$GROUP /var/lib/$NAME/media
|
||||
chown $USER:$GROUP /var/lib/$NAME/tenants
|
||||
# create a secret file
|
||||
SECRET_FILE=$CONFIG_DIR/secret
|
|
@ -1,9 +1,7 @@
|
|||
/etc/hobo
|
||||
/usr/lib/hobo
|
||||
/var/lib/hobo/collected-static
|
||||
/var/lib/hobo/locale
|
||||
/var/lib/hobo/media
|
||||
/var/lib/hobo/static
|
||||
/var/lib/hobo/templates
|
||||
/var/lib/hobo/tenants
|
||||
/var/log/hobo
|
|
@ -0,0 +1,3 @@
|
|||
debian/rabbitmq/rabbitmq.config.example
|
||||
debian/server/nginx-example.conf
|
||||
debian/server/README.Debian
|
|
@ -23,9 +23,8 @@ BIND=unix:$RUN_DIR/$NAME.sock
|
|||
WORKERS=5
|
||||
TIMEOUT=10
|
||||
|
||||
DJANGO_SETTINGS_MODULE=$NAME.tenant_settings
|
||||
DJANGO_CONFIG_FILE=/usr/lib/$NAME/debian_config.py
|
||||
MANAGE_SCRIPT="python /usr/lib/$NAME/manage.py --config=$DJANGO_CONFIG_FILE"
|
||||
HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
|
||||
MANAGE_SCRIPT="/usr/bin/$NAME-manage"
|
||||
|
||||
USER=$NAME
|
||||
GROUP=$NAME
|
||||
|
@ -60,14 +59,8 @@ if [ ! -d $RUN_DIR ]; then
|
|||
install -d -m 755 -o $USER -g $GROUP $RUN_DIR
|
||||
fi
|
||||
|
||||
# environment for wsgi & settings
|
||||
export DJANGO_SETTINGS_MODULE
|
||||
export DJANGO_CONFIG_FILE
|
||||
# multitenant mode
|
||||
if [ "x$DJANGO_SETTINGS_MODULE" = "x$NAME.tenant_settings" ]; then
|
||||
TENANT_BASE=/var/lib/$NAME/tenants
|
||||
MANAGE_SCRIPT="$MANAGE_SCRIPT --multitenant"
|
||||
fi
|
||||
# environment for wsgi
|
||||
export HOBO_SETTINGS_FILE
|
||||
|
||||
#
|
||||
# Function that starts the daemon/service
|
||||
|
@ -120,19 +113,13 @@ do_reload() {
|
|||
# restarting (for example, when it is sent a SIGHUP),
|
||||
# then implement that here.
|
||||
#
|
||||
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
|
||||
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON`
|
||||
return 0
|
||||
}
|
||||
|
||||
do_migrate() {
|
||||
log_action_msg "Applying new migrations .."
|
||||
if [ "x$TENANT_BASE" != "x" ]; then
|
||||
su $USER -p -c "$MANAGE_SCRIPT create_schema"
|
||||
su $USER -p -c "$MANAGE_SCRIPT sync_schemas --noinput"
|
||||
su $USER -p -c "$MANAGE_SCRIPT migrate_schemas --noinput"
|
||||
else
|
||||
su $USER -p -c "$MANAGE_SCRIPT syncdb --migrate --noinput"
|
||||
fi
|
||||
su $USER -p -c "$MANAGE_SCRIPT migrate --noinput"
|
||||
log_action_msg ".. done"
|
||||
}
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
debian/server/hobo-manage /usr/bin
|
||||
debian/server/settings.py /etc/hobo
|
||||
debian/server/debian_config.py /usr/lib/hobo
|
||||
debian/server/nginx-example.conf /usr/share/doc/hobo
|
|
@ -0,0 +1,45 @@
|
|||
#! /bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
NAME="hobo"
|
||||
USER=$NAME
|
||||
GROUP=$NAME
|
||||
CONFIG_DIR="/etc/$NAME"
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
|
||||
# make sure the administrative user exists
|
||||
if ! getent passwd $USER >/dev/null; then
|
||||
adduser --disabled-password --quiet --system \
|
||||
--no-create-home --home /var/lib/$NAME \
|
||||
--gecos "$NAME software user" --group $GROUP
|
||||
fi
|
||||
# ensure dirs ownership
|
||||
chown $USER:$GROUP /var/log/$NAME
|
||||
chown $USER:$GROUP /var/lib/$NAME/collected-static
|
||||
chown $USER:$GROUP /var/lib/$NAME/media
|
||||
# create a secret file
|
||||
SECRET_FILE=$CONFIG_DIR/secret
|
||||
if [ ! -f $SECRET_FILE ]; then
|
||||
echo -n "Generating Django secret..." >&2
|
||||
cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE
|
||||
chown root:$GROUP $SECRET_FILE
|
||||
chmod 0440 $SECRET_FILE
|
||||
fi
|
||||
;;
|
||||
|
||||
abort-upgrade|abort-remove|abort-deconfigure)
|
||||
;;
|
||||
|
||||
*)
|
||||
echo "postinst called with unknown argument \`$1'" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
exit 0
|
||||
|
|
@ -1,18 +0,0 @@
|
|||
<?xml version="1.0"?>
|
||||
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="http://www.identity-hub.com/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
|
||||
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
|
||||
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
|
||||
06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
|
||||
ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
|
||||
kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
|
||||
VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
|
||||
Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
|
||||
fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
|
||||
GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
|
||||
AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
|
||||
IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
|
||||
fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
|
||||
lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
|
||||
JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
|
||||
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://www.identity-hub.com/idp/saml2/artifact" index="1" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.identity-hub.com/idp/saml2/slo" ResponseLocation="http://www.identity-hub.com/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.identity-hub.com/idp/saml2/slo" ResponseLocation="http://www.identity-hub.com/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://www.identity-hub.com/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.identity-hub.com/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.identity-hub.com/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>
|
|
@ -1,5 +0,0 @@
|
|||
debian/hobo-manage /usr/bin
|
||||
debian/config.py /etc/hobo
|
||||
debian/idp-metadata.xml /etc/hobo
|
||||
debian/debian_config.py /usr/lib/hobo
|
||||
debian/nginx-example.conf /usr/share/doc/hobo
|
|
@ -0,0 +1,29 @@
|
|||
Hobo multitenant server for Debian
|
||||
==================================
|
||||
|
||||
First step: configure rabbitmq
|
||||
------------------------------
|
||||
|
||||
1. Copy /usr/share/doc/hobo-multitenant/rabbitmq.config.example into /etc/rabbitmq/rabbitmq.config
|
||||
2. Edit your /etc/rabbitmq/rabbitmq.config and change ssl certificates
|
||||
3. Restart rabbitmq : service rabbitmq-server restart
|
||||
4. Create your rabbitmq user::
|
||||
rabbitmqctl change_password hobo <your password>
|
||||
5. Add hobo user permission::
|
||||
rabbitmqctl set_permissions hobo ".*" ".*" ".*"
|
||||
|
||||
Second step: create your tenant
|
||||
------------------------------
|
||||
|
||||
hobo-multitenant-manage create_tenant <your hostname>
|
||||
|
||||
|
||||
Third step: configure nginx
|
||||
---------------------------
|
||||
|
||||
1. Copy /usr/share/doc/hobo/nginx-example.conf into /etc/nginx/sites-available/<your hostname>
|
||||
2. Edit /etc/nginx/sites-available/<your hostname>
|
||||
3. Enable your nginx vhost::
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s ../sites-available/<your hostname>
|
||||
3. Reload nginx
|
|
@ -0,0 +1,55 @@
|
|||
# This file is sourced by "execfile" from hobo.settings
|
||||
|
||||
import os
|
||||
|
||||
ETC_DIR = '/etc/hobo-multitenant'
|
||||
VAR_DIR = '/var/lib/hobo-multitenant'
|
||||
|
||||
STATIC_ROOT = os.path.join(VAR_DIR, 'collected-static')
|
||||
STATICFILES_DIRS = (os.path.join(VAR_DIR, 'static'),) + STATICFILES_DIRS
|
||||
TEMPLATE_DIRS = (os.path.join(VAR_DIR, 'templates'),) + TEMPLATE_DIRS
|
||||
LOCALE_PATHS = (os.path.join(VAR_DIR, 'locale'),) + LOCALE_PATHS
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
'ENGINE': 'tenant_schemas.postgresql_backend',
|
||||
'NAME': 'hobo_multitenant'
|
||||
}
|
||||
}
|
||||
|
||||
INSTALLED_APPS += ('mellon',)
|
||||
|
||||
TENANT_BASE = os.path.join(VAR_DIR, 'tenants')
|
||||
TENANT_MODEL = 'multitenant.Tenant'
|
||||
TENANT_TEMPLATE_DIRS = (TENANT_BASE,)
|
||||
|
||||
SHARED_APPS = (
|
||||
'hobo.multitenant',
|
||||
'django.contrib.auth',
|
||||
'django.contrib.contenttypes',
|
||||
'django.contrib.messages',
|
||||
'django.contrib.sessions',
|
||||
'django.contrib.staticfiles',
|
||||
'django.contrib.admin',
|
||||
)
|
||||
|
||||
TENANT_APPS = INSTALLED_APPS
|
||||
|
||||
INSTALLED_APPS = ('hobo.multitenant',) + INSTALLED_APPS
|
||||
|
||||
DATABASE_ROUTERS = (
|
||||
'tenant_schemas.routers.TenantSyncRouter',
|
||||
)
|
||||
|
||||
TEMPLATE_LOADERS = ('hobo.multitenant.template_loader.FilesystemLoader',) + global_settings.TEMPLATE_LOADERS
|
||||
|
||||
TEMPLATE_CONTEXT_PROCESSORS = ('django.core.context_processors.request',) + TEMPLATE_CONTEXT_PROCESSORS
|
||||
|
||||
MIDDLEWARE_CLASSES = (
|
||||
'hobo.multitenant.middleware.TenantMiddleware',
|
||||
'hobo.middleware.settings.MellonSettingsMiddleware',
|
||||
) + MIDDLEWARE_CLASSES
|
||||
|
||||
DEFAULT_FILE_STORAGE = 'hobo.multitenant.storage.TenantFileSystemStorage'
|
||||
|
||||
execfile(os.path.join(ETC_DIR, 'settings.py'))
|
|
@ -0,0 +1,26 @@
|
|||
#!/bin/sh
|
||||
|
||||
NAME=hobo-multitenant
|
||||
MANAGE="/usr/lib/hobo/manage.py"
|
||||
|
||||
# load Debian default configuration
|
||||
export HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
|
||||
|
||||
# check user
|
||||
if test x$1 = x"--forceuser"
|
||||
then
|
||||
shift
|
||||
elif test $(id -un) != "$NAME"
|
||||
then
|
||||
echo "error: must use $0 with user ${NAME}"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if test $# -eq 0
|
||||
then
|
||||
python ${MANAGE} help
|
||||
exit 1
|
||||
fi
|
||||
|
||||
python ${MANAGE} "$@"
|
||||
|
|
@ -0,0 +1,51 @@
|
|||
server {
|
||||
listen 443;
|
||||
server_name hobo.example.org;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
access_log /var/log/nginx/hobo.example.org-access.log combined;
|
||||
error_log /var/log/nginx/hobo.example.org-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/hobo-multitenant/tenants/$host/$1
|
||||
/var/lib/hobo-multitenant/collected-static/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/hobo-multitenant/hobo-multitenant.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-SSL on;
|
||||
proxy_set_header X-Forwarded-Protocol ssl;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
server_name hobo.example.org;
|
||||
|
||||
access_log /var/log/nginx/hobo.example.org-access.log combined;
|
||||
error_log /var/log/nginx/hobo.example.org-error.log;
|
||||
|
||||
location ~ ^/static/(.+)$ {
|
||||
root /;
|
||||
try_files /var/lib/hobo-multitenant/tenants/$host/$1
|
||||
/var/lib/hobo-multitenant/collected-static/$1
|
||||
=404;
|
||||
}
|
||||
|
||||
location / {
|
||||
proxy_pass http://unix:/var/run/hobo-multitenant/hobo-multitenant.sock;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,44 @@
|
|||
# Configuration for hobo.
|
||||
# You can override Hobo default settings here
|
||||
|
||||
# Hobo is a Django application: for the full list of settings and their
|
||||
# values, see https://docs.djangoproject.com/en/1.7/ref/settings/
|
||||
# For more information on settings see
|
||||
# https://docs.djangoproject.com/en/1.7/topics/settings/
|
||||
|
||||
# WARNING! Quick-start development settings unsuitable for production!
|
||||
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
|
||||
|
||||
# This file is sourced by "execfile" from /usr/lib/hobo-multitenant/debian_config.py
|
||||
|
||||
|
||||
# SECURITY WARNING: keep the secret key used in production secret!
|
||||
SECRET_KEY = file('/etc/hobo-multitenant/secret').read()
|
||||
|
||||
# SECURITY WARNING: don't run with debug turned on in production!
|
||||
DEBUG = False
|
||||
TEMPLATE_DEBUG = False
|
||||
|
||||
ADMINS = (
|
||||
# ('User 1', 'watchdog@example.net'),
|
||||
# ('User 2', 'janitor@example.net'),
|
||||
)
|
||||
|
||||
# ALLOWED_HOSTS must be correct in production!
|
||||
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
|
||||
ALLOWED_HOSTS = [
|
||||
'*',
|
||||
]
|
||||
|
||||
# Databases
|
||||
# Default: a local database named "hobo"
|
||||
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
|
||||
# Warning: don't change ENGINE
|
||||
# DATABASES['default']['NAME'] = 'hobo'
|
||||
# DATABASES['default']['USER'] = 'hobo'
|
||||
# DATABASES['default']['PASSWORD'] = '******'
|
||||
# DATABASES['default']['HOST'] = 'localhost'
|
||||
# DATABASES['default']['PORT'] = '5432'
|
||||
|
||||
LANGUAGE_CODE = 'fr-fr'
|
||||
TIME_ZONE = 'Europe/Paris'
|
|
@ -0,0 +1 @@
|
|||
/usr/lib/hobo
|
|
@ -0,0 +1,2 @@
|
|||
COPYING
|
||||
README
|
|
@ -0,0 +1 @@
|
|||
usr/lib/
|
|
@ -0,0 +1,591 @@
|
|||
%% -*- mode: erlang -*-
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ Sample Configuration File.
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/configure.html for details.
|
||||
%% ----------------------------------------------------------------------------
|
||||
[
|
||||
|
||||
%% http://www.rabbitmq.com/ssl.html
|
||||
%% Disable SSLv3.0 and TLSv1.0 support. (BEAST / POODLE)
|
||||
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
|
||||
|
||||
{rabbit,
|
||||
[%%
|
||||
%% Network Connectivity
|
||||
%% ====================
|
||||
%%
|
||||
|
||||
%% By default, RabbitMQ will listen on all interfaces, using
|
||||
%% the standard (reserved) AMQP port.
|
||||
%%
|
||||
%% {tcp_listeners, [5672]},
|
||||
|
||||
%% To listen on a specific interface, provide a tuple of {IpAddress, Port}.
|
||||
%% For example, to listen only on localhost for both IPv4 and IPv6:
|
||||
%%
|
||||
{tcp_listeners, [{"127.0.0.1", 5672},
|
||||
{"::1", 5672}]},
|
||||
|
||||
%% SSL listeners are configured in the same fashion as TCP listeners,
|
||||
%% including the option to control the choice of interface.
|
||||
%%
|
||||
{ssl_listeners, [5671]},
|
||||
%% {ssl_allow_poodle_attack, true},
|
||||
|
||||
%% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
|
||||
%% and SSL handshake), in milliseconds.
|
||||
%%
|
||||
%% {handshake_timeout, 10000},
|
||||
|
||||
%% Log levels (currently just used for connection logging).
|
||||
%% One of 'info', 'warning', 'error' or 'none', in decreasing order
|
||||
%% of verbosity. Defaults to 'info'.
|
||||
%%
|
||||
%% {log_levels, [{connection, info}]},
|
||||
|
||||
%% Set to 'true' to perform reverse DNS lookups when accepting a
|
||||
%% connection. Hostnames will then be shown instead of IP addresses
|
||||
%% in rabbitmqctl and the management plugin.
|
||||
%%
|
||||
{reverse_dns_lookups, false},
|
||||
|
||||
%%
|
||||
%% Security / AAA
|
||||
%% ==============
|
||||
%%
|
||||
|
||||
%% The default "guest" user is only permitted to access the server
|
||||
%% via a loopback interface (e.g. localhost).
|
||||
%%{loopback_users, [<<"guest">>]},
|
||||
%%
|
||||
%% Uncomment the following line if you want to allow access to the
|
||||
%% guest user from anywhere on the network.
|
||||
%% {loopback_users, []},
|
||||
|
||||
%% Configuring SSL.
|
||||
%% See http://www.rabbitmq.com/ssl.html for full documentation.
|
||||
%%
|
||||
%% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"},
|
||||
%% {certfile, "/path/to/server/cert.pem"},
|
||||
%% {keyfile, "/path/to/server/key.pem"},
|
||||
%% {verify, verify_peer},
|
||||
%% {fail_if_no_peer_cert, false}]},
|
||||
{ssl_options, [{certfile, "/etc/ssl/certs/ssl-cert-snakeoil.pem"},
|
||||
{keyfile, "/etc/ssl/private/ssl-cert-snakeoil.key"},
|
||||
{versions, ['tlsv1.2', 'tlsv1.1']}]}
|
||||
|
||||
%% Choose the available SASL mechanism(s) to expose.
|
||||
%% The two default (built in) mechanisms are 'PLAIN' and
|
||||
%% 'AMQPLAIN'. Additional mechanisms can be added via
|
||||
%% plugins.
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/authentication.html for more details.
|
||||
%%
|
||||
%% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']},
|
||||
|
||||
%% Select an authentication database to use. RabbitMQ comes bundled
|
||||
%% with a built-in auth-database, based on mnesia.
|
||||
%%
|
||||
%% {auth_backends, [rabbit_auth_backend_internal]},
|
||||
|
||||
%% Configurations supporting the rabbitmq_auth_mechanism_ssl and
|
||||
%% rabbitmq_auth_backend_ldap plugins.
|
||||
%%
|
||||
%% NB: These options require that the relevant plugin is enabled.
|
||||
%% See http://www.rabbitmq.com/plugins.html for further details.
|
||||
|
||||
%% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
|
||||
%% authenticate a user based on the client's SSL certificate.
|
||||
%%
|
||||
%% To use auth-mechanism-ssl, add to or replace the auth_mechanisms
|
||||
%% list with the entry 'EXTERNAL'.
|
||||
%%
|
||||
%% {auth_mechanisms, ['EXTERNAL']},
|
||||
|
||||
%% The rabbitmq_auth_backend_ldap plugin allows the broker to
|
||||
%% perform authentication and authorisation by deferring to an
|
||||
%% external LDAP server.
|
||||
%%
|
||||
%% For more information about configuring the LDAP backend, see
|
||||
%% http://www.rabbitmq.com/ldap.html.
|
||||
%%
|
||||
%% Enable the LDAP auth backend by adding to or replacing the
|
||||
%% auth_backends entry:
|
||||
%%
|
||||
%% {auth_backends, [rabbit_auth_backend_ldap]},
|
||||
|
||||
%% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
|
||||
%% STOMP ssl_cert_login configurations. See the rabbitmq_stomp
|
||||
%% configuration section later in this fail and the README in
|
||||
%% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
|
||||
%% details.
|
||||
%%
|
||||
%% To use the SSL cert's CN instead of its DN as the username
|
||||
%%
|
||||
%% {ssl_cert_login_from, common_name},
|
||||
|
||||
%% SSL handshake timeout, in milliseconds.
|
||||
%%
|
||||
%% {ssl_handshake_timeout, 5000},
|
||||
|
||||
%%
|
||||
%% Default User / VHost
|
||||
%% ====================
|
||||
%%
|
||||
|
||||
%% On first start RabbitMQ will create a vhost and a user. These
|
||||
%% config items control what gets created. See
|
||||
%% http://www.rabbitmq.com/access-control.html for further
|
||||
%% information about vhosts and access control.
|
||||
%%
|
||||
%% {default_vhost, <<"/">>},
|
||||
%% {default_user, <<"guest">>},
|
||||
%% {default_pass, <<"guest">>},
|
||||
%% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]},
|
||||
|
||||
%% Tags for default user
|
||||
%%
|
||||
%% For more details about tags, see the documentation for the
|
||||
%% Management Plugin at http://www.rabbitmq.com/management.html.
|
||||
%%
|
||||
%% {default_user_tags, [administrator]},
|
||||
|
||||
%%
|
||||
%% Additional network and protocol related configuration
|
||||
%% =====================================================
|
||||
%%
|
||||
|
||||
%% Set the default AMQP heartbeat delay (in seconds).
|
||||
%%
|
||||
%% {heartbeat, 600},
|
||||
|
||||
%% Set the max permissible size of an AMQP frame (in bytes).
|
||||
%%
|
||||
%% {frame_max, 131072},
|
||||
|
||||
%% Set the max permissible number of channels per connection.
|
||||
%% 0 means "no limit".
|
||||
%%
|
||||
%% {channel_max, 128},
|
||||
|
||||
%% Customising Socket Options.
|
||||
%%
|
||||
%% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
|
||||
%% further documentation.
|
||||
%%
|
||||
%% {tcp_listen_options, [binary,
|
||||
%% {packet, raw},
|
||||
%% {reuseaddr, true},
|
||||
%% {backlog, 128},
|
||||
%% {nodelay, true},
|
||||
%% {exit_on_close, false}]},
|
||||
|
||||
%%
|
||||
%% Resource Limits & Flow Control
|
||||
%% ==============================
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/memory.html for full details.
|
||||
|
||||
%% Memory-based Flow Control threshold.
|
||||
%%
|
||||
%% {vm_memory_high_watermark, 0.4},
|
||||
|
||||
%% Fraction of the high watermark limit at which queues start to
|
||||
%% page message out to disc in order to free up memory.
|
||||
%%
|
||||
%% {vm_memory_high_watermark_paging_ratio, 0.5},
|
||||
|
||||
%% Set disk free limit (in bytes). Once free disk space reaches this
|
||||
%% lower bound, a disk alarm will be set - see the documentation
|
||||
%% listed above for more details.
|
||||
%%
|
||||
%% {disk_free_limit, 50000000},
|
||||
|
||||
%% Alternatively, we can set a limit relative to total available RAM.
|
||||
%%
|
||||
%% {disk_free_limit, {mem_relative, 1.0}},
|
||||
|
||||
%%
|
||||
%% Misc/Advanced Options
|
||||
%% =====================
|
||||
%%
|
||||
%% NB: Change these only if you understand what you are doing!
|
||||
%%
|
||||
|
||||
%% To announce custom properties to clients on connection:
|
||||
%%
|
||||
%% {server_properties, []},
|
||||
|
||||
%% How to respond to cluster partitions.
|
||||
%% See http://www.rabbitmq.com/partitions.html for further details.
|
||||
%%
|
||||
%% {cluster_partition_handling, ignore},
|
||||
|
||||
%% Make clustering happen *automatically* at startup - only applied
|
||||
%% to nodes that have just been reset or started for the first time.
|
||||
%% See http://www.rabbitmq.com/clustering.html#auto-config for
|
||||
%% further details.
|
||||
%%
|
||||
%% {cluster_nodes, {['rabbit@my.host.com'], disc}},
|
||||
|
||||
%% Set (internal) statistics collection granularity.
|
||||
%%
|
||||
%% {collect_statistics, none},
|
||||
|
||||
%% Statistics collection interval (in milliseconds).
|
||||
%%
|
||||
%% {collect_statistics_interval, 5000},
|
||||
|
||||
%% Explicitly enable/disable hipe compilation.
|
||||
%%
|
||||
%% {hipe_compile, true},
|
||||
|
||||
%% Timeout used when waiting for Mnesia tables in a cluster to
|
||||
%% become available.
|
||||
%%
|
||||
%% {mnesia_table_loading_timeout, 30000}
|
||||
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% Advanced Erlang Networking/Clustering Options.
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/clustering.html for details
|
||||
%% ----------------------------------------------------------------------------
|
||||
{kernel,
|
||||
[%% Sets the net_kernel tick time.
|
||||
%% Please see http://erlang.org/doc/man/kernel_app.html and
|
||||
%% http://www.rabbitmq.com/nettick.html for further details.
|
||||
%%
|
||||
%% {net_ticktime, 60}
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ Management Plugin
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/management.html for details
|
||||
%% ----------------------------------------------------------------------------
|
||||
|
||||
{rabbitmq_management,
|
||||
[%% Pre-Load schema definitions from the following JSON file. See
|
||||
%% http://www.rabbitmq.com/management.html#load-definitions
|
||||
%%
|
||||
%% {load_definitions, "/path/to/schema.json"},
|
||||
|
||||
%% Log all requests to the management HTTP API to a file.
|
||||
%%
|
||||
%% {http_log_dir, "/path/to/access.log"},
|
||||
|
||||
%% Change the port on which the HTTP listener listens,
|
||||
%% specifying an interface for the web server to bind to.
|
||||
%% Also set the listener to use SSL and provide SSL options.
|
||||
%%
|
||||
%% {listener, [{port, 12345},
|
||||
%% {ip, "127.0.0.1"},
|
||||
%% {ssl, true},
|
||||
%% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"},
|
||||
%% {certfile, "/path/to/cert.pem"},
|
||||
%% {keyfile, "/path/to/key.pem"}]}]},
|
||||
{listener, [{port, 15672},
|
||||
{ssl, true},
|
||||
{ssl_opts, [{certfile, "/etc/ssl/certs/ssl-cert-snakeoil.pem"},
|
||||
{keyfile, "/etc/ssl/private/ssl-cert-snakeoil.key"},
|
||||
{versions, ['tlsv1.2', 'tlsv1.1']}]}]}
|
||||
|
||||
%% One of 'basic', 'detailed' or 'none'. See
|
||||
%% http://www.rabbitmq.com/management.html#fine-stats for more details.
|
||||
%% {rates_mode, basic},
|
||||
|
||||
%% Configure how long aggregated data (such as message rates and queue
|
||||
%% lengths) is retained. Please read the plugin's documentation in
|
||||
%% http://www.rabbitmq.com/management.html#configuration for more
|
||||
%% details.
|
||||
%%
|
||||
%% {sample_retention_policies,
|
||||
%% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]},
|
||||
%% {basic, [{60, 5}, {3600, 60}]},
|
||||
%% {detailed, [{10, 5}]}]}
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ Shovel Plugin
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/shovel.html for details
|
||||
%% ----------------------------------------------------------------------------
|
||||
|
||||
{rabbitmq_shovel,
|
||||
[{shovels,
|
||||
[%% A named shovel worker.
|
||||
%% {my_first_shovel,
|
||||
%% [
|
||||
|
||||
%% List the source broker(s) from which to consume.
|
||||
%%
|
||||
%% {sources,
|
||||
%% [%% URI(s) and pre-declarations for all source broker(s).
|
||||
%% {brokers, ["amqp://user:password@host.domain/my_vhost"]},
|
||||
%% {declarations, []}
|
||||
%% ]},
|
||||
|
||||
%% List the destination broker(s) to publish to.
|
||||
%% {destinations,
|
||||
%% [%% A singular version of the 'brokers' element.
|
||||
%% {broker, "amqp://"},
|
||||
%% {declarations, []}
|
||||
%% ]},
|
||||
|
||||
%% Name of the queue to shovel messages from.
|
||||
%%
|
||||
%% {queue, <<"your-queue-name-goes-here">>},
|
||||
|
||||
%% Optional prefetch count.
|
||||
%%
|
||||
%% {prefetch_count, 10},
|
||||
|
||||
%% when to acknowledge messages:
|
||||
%% - no_ack: never (auto)
|
||||
%% - on_publish: after each message is republished
|
||||
%% - on_confirm: when the destination broker confirms receipt
|
||||
%%
|
||||
%% {ack_mode, on_confirm},
|
||||
|
||||
%% Overwrite fields of the outbound basic.publish.
|
||||
%%
|
||||
%% {publish_fields, [{exchange, <<"my_exchange">>},
|
||||
%% {routing_key, <<"from_shovel">>}]},
|
||||
|
||||
%% Static list of basic.properties to set on re-publication.
|
||||
%%
|
||||
%% {publish_properties, [{delivery_mode, 2}]},
|
||||
|
||||
%% The number of seconds to wait before attempting to
|
||||
%% reconnect in the event of a connection failure.
|
||||
%%
|
||||
%% {reconnect_delay, 2.5}
|
||||
|
||||
%% ]} %% End of my_first_shovel
|
||||
]}
|
||||
%% Rather than specifying some values per-shovel, you can specify
|
||||
%% them for all shovels here.
|
||||
%%
|
||||
%% {defaults, [{prefetch_count, 0},
|
||||
%% {ack_mode, on_confirm},
|
||||
%% {publish_fields, []},
|
||||
%% {publish_properties, [{delivery_mode, 2}]},
|
||||
%% {reconnect_delay, 2.5}]}
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ Stomp Adapter
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/stomp.html for details
|
||||
%% ----------------------------------------------------------------------------
|
||||
|
||||
{rabbitmq_stomp,
|
||||
[%% Network Configuration - the format is generally the same as for the broker
|
||||
|
||||
%% Listen only on localhost (ipv4 & ipv6) on a specific port.
|
||||
%% {tcp_listeners, [{"127.0.0.1", 61613},
|
||||
%% {"::1", 61613}]},
|
||||
|
||||
%% Listen for SSL connections on a specific port.
|
||||
%% {ssl_listeners, [61614]},
|
||||
|
||||
%% Additional SSL options
|
||||
|
||||
%% Extract a name from the client's certificate when using SSL.
|
||||
%%
|
||||
%% {ssl_cert_login, true},
|
||||
|
||||
%% Set a default user name and password. This is used as the default login
|
||||
%% whenever a CONNECT frame omits the login and passcode headers.
|
||||
%%
|
||||
%% Please note that setting this will allow clients to connect without
|
||||
%% authenticating!
|
||||
%%
|
||||
%% {default_user, [{login, "guest"},
|
||||
%% {passcode, "guest"}]},
|
||||
|
||||
%% If a default user is configured, or you have configured use SSL client
|
||||
%% certificate based authentication, you can choose to allow clients to
|
||||
%% omit the CONNECT frame entirely. If set to true, the client is
|
||||
%% automatically connected as the default user or user supplied in the
|
||||
%% SSL certificate whenever the first frame sent on a session is not a
|
||||
%% CONNECT frame.
|
||||
%%
|
||||
%% {implicit_connect, true}
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ MQTT Adapter
|
||||
%%
|
||||
%% See http://hg.rabbitmq.com/rabbitmq-mqtt/file/stable/README.md for details
|
||||
%% ----------------------------------------------------------------------------
|
||||
|
||||
{rabbitmq_mqtt,
|
||||
[%% Set the default user name and password. Will be used as the default login
|
||||
%% if a connecting client provides no other login details.
|
||||
%%
|
||||
%% Please note that setting this will allow clients to connect without
|
||||
%% authenticating!
|
||||
%%
|
||||
%% {default_user, <<"guest">>},
|
||||
%% {default_pass, <<"guest">>},
|
||||
|
||||
%% Enable anonymous access. If this is set to false, clients MUST provide
|
||||
%% login information in order to connect. See the default_user/default_pass
|
||||
%% configuration elements for managing logins without authentication.
|
||||
%%
|
||||
%% {allow_anonymous, true},
|
||||
|
||||
%% If you have multiple chosts, specify the one to which the
|
||||
%% adapter connects.
|
||||
%%
|
||||
%% {vhost, <<"/">>},
|
||||
|
||||
%% Specify the exchange to which messages from MQTT clients are published.
|
||||
%%
|
||||
%% {exchange, <<"amq.topic">>},
|
||||
|
||||
%% Specify TTL (time to live) to control the lifetime of non-clean sessions.
|
||||
%%
|
||||
%% {subscription_ttl, 1800000},
|
||||
|
||||
%% Set the prefetch count (governing the maximum number of unacknowledged
|
||||
%% messages that will be delivered).
|
||||
%%
|
||||
%% {prefetch, 10},
|
||||
|
||||
%% TCP/SSL Configuration (as per the broker configuration).
|
||||
%%
|
||||
%% {tcp_listeners, [1883]},
|
||||
%% {ssl_listeners, []},
|
||||
|
||||
%% TCP/Socket options (as per the broker configuration).
|
||||
%%
|
||||
%% {tcp_listen_options, [binary,
|
||||
%% {packet, raw},
|
||||
%% {reuseaddr, true},
|
||||
%% {backlog, 128},
|
||||
%% {nodelay, true}]}
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ AMQP 1.0 Support
|
||||
%%
|
||||
%% See http://hg.rabbitmq.com/rabbitmq-amqp1.0/file/default/README.md
|
||||
%% for details
|
||||
%% ----------------------------------------------------------------------------
|
||||
|
||||
{rabbitmq_amqp1_0,
|
||||
[%% Connections that are not authenticated with SASL will connect as this
|
||||
%% account. See the README for more information.
|
||||
%%
|
||||
%% Please note that setting this will allow clients to connect without
|
||||
%% authenticating!
|
||||
%%
|
||||
%% {default_user, "guest"},
|
||||
|
||||
%% Enable protocol strict mode. See the README for more information.
|
||||
%%
|
||||
%% {protocol_strict_mode, false}
|
||||
]},
|
||||
|
||||
%% ----------------------------------------------------------------------------
|
||||
%% RabbitMQ LDAP Plugin
|
||||
%%
|
||||
%% See http://www.rabbitmq.com/ldap.html for details.
|
||||
%%
|
||||
%% ----------------------------------------------------------------------------
|
||||
|
||||
{rabbitmq_auth_backend_ldap,
|
||||
[%%
|
||||
%% Connecting to the LDAP server(s)
|
||||
%% ================================
|
||||
%%
|
||||
|
||||
%% Specify servers to bind to. You *must* set this in order for the plugin
|
||||
%% to work properly.
|
||||
%%
|
||||
%% {servers, ["your-server-name-goes-here"]},
|
||||
|
||||
%% Connect to the LDAP server using SSL
|
||||
%%
|
||||
%% {use_ssl, false},
|
||||
|
||||
%% Specify the LDAP port to connect to
|
||||
%%
|
||||
%% {port, 389},
|
||||
|
||||
%% LDAP connection timeout, in milliseconds or 'infinity'
|
||||
%%
|
||||
%% {timeout, infinity},
|
||||
|
||||
%% Enable logging of LDAP queries.
|
||||
%% One of
|
||||
%% - false (no logging is performed)
|
||||
%% - true (verbose logging of the logic used by the plugin)
|
||||
%% - network (as true, but additionally logs LDAP network traffic)
|
||||
%%
|
||||
%% Defaults to false.
|
||||
%%
|
||||
%% {log, false},
|
||||
|
||||
%%
|
||||
%% Authentication
|
||||
%% ==============
|
||||
%%
|
||||
|
||||
%% Pattern to convert the username given through AMQP to a DN before
|
||||
%% binding
|
||||
%%
|
||||
%% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},
|
||||
|
||||
%% Alternatively, you can convert a username to a Distinguished
|
||||
%% Name via an LDAP lookup after binding. See the documentation for
|
||||
%% full details.
|
||||
|
||||
%% When converting a username to a dn via a lookup, set these to
|
||||
%% the name of the attribute that represents the user name, and the
|
||||
%% base DN for the lookup query.
|
||||
%%
|
||||
%% {dn_lookup_attribute, "userPrincipalName"},
|
||||
%% {dn_lookup_base, "DC=gopivotal,DC=com"},
|
||||
|
||||
%% Controls how to bind for authorisation queries and also to
|
||||
%% retrieve the details of users logging in without presenting a
|
||||
%% password (e.g., SASL EXTERNAL).
|
||||
%% One of
|
||||
%% - as_user (to bind as the authenticated user - requires a password)
|
||||
%% - anon (to bind anonymously)
|
||||
%% - {UserDN, Password} (to bind with a specified user name and password)
|
||||
%%
|
||||
%% Defaults to 'as_user'.
|
||||
%%
|
||||
%% {other_bind, as_user},
|
||||
|
||||
%%
|
||||
%% Authorisation
|
||||
%% =============
|
||||
%%
|
||||
|
||||
%% The LDAP plugin can perform a variety of queries against your
|
||||
%% LDAP server to determine questions of authorisation. See
|
||||
%% http://www.rabbitmq.com/ldap.html#authorisation for more
|
||||
%% information.
|
||||
|
||||
%% Set the query to use when determining vhost access
|
||||
%%
|
||||
%% {vhost_access_query, {in_group,
|
||||
%% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
|
||||
|
||||
%% Set the query to use when determining resource (e.g., queue) access
|
||||
%%
|
||||
%% {resource_access_query, {constant, true}},
|
||||
|
||||
%% Set queries to determine which tags a user has
|
||||
%%
|
||||
%% {tag_queries, []}
|
||||
]}
|
||||
].
|
|
@ -4,12 +4,12 @@
|
|||
# Uncomment this to turn on verbose mode.
|
||||
#export DH_VERBOSE=1
|
||||
|
||||
BUILD_DIR = debian/hobo
|
||||
PYTHON_HOBO_DIR=$(CURDIR)/debian/python-hobo
|
||||
|
||||
%:
|
||||
dh $@ --with python2
|
||||
|
||||
override_dh_install:
|
||||
dh_install
|
||||
mv $(BUILD_DIR)/usr/bin/manage.py $(BUILD_DIR)/usr/lib/hobo/manage.py
|
||||
mv $(CURDIR)/debian/tmp/usr/bin/manage.py $(PYTHON_HOBO_DIR)/usr/lib/hobo/manage.py
|
||||
|
||||
|
|
|
@ -0,0 +1,23 @@
|
|||
Hobo server for Debian
|
||||
=====================
|
||||
|
||||
First step: configure rabbitmq
|
||||
------------------------------
|
||||
|
||||
1. Copy /usr/share/doc/hobo/rabbitmq.config.example into /etc/rabbitmq/rabbitmq.config
|
||||
2. Edit your /etc/rabbitmq/rabbitmq.config and change ssl certificates
|
||||
3. Restart rabbitmq : service rabbitmq-server restart
|
||||
4. Create your rabbitmq user::
|
||||
rabbitmqctl change_password hobo <your password>
|
||||
5. Add hobo user permission::
|
||||
rabbitmqctl set_permissions hobo ".*" ".*" ".*"
|
||||
|
||||
Second step: configure nginx
|
||||
----------------------------
|
||||
|
||||
1. Copy /usr/share/doc/hobo/nginx-example.conf into /etc/nginx/sites-available/<your hostname>
|
||||
2. Edit /etc/nginx/sites-available/<your hostname>
|
||||
3. Enable your nginx vhost::
|
||||
cd /etc/nginx/sites-enabled
|
||||
ln -s ../sites-available/<your hostname>
|
||||
3. Reload nginx
|
|
@ -9,8 +9,6 @@ STATIC_ROOT = os.path.join(VAR_DIR, 'collected-static')
|
|||
STATICFILES_DIRS = (os.path.join(VAR_DIR, 'static'),) + STATICFILES_DIRS
|
||||
TEMPLATE_DIRS = (os.path.join(VAR_DIR, 'templates'),) + TEMPLATE_DIRS
|
||||
LOCALE_PATHS = (os.path.join(VAR_DIR, 'locale'),) + LOCALE_PATHS
|
||||
TENANT_BASE = os.path.join(VAR_DIR, 'tenants')
|
||||
TENANT_TEMPLATE_DIRS = (TENANT_BASE,)
|
||||
|
||||
DATABASES = {
|
||||
'default': {
|
||||
|
@ -20,14 +18,5 @@ DATABASES = {
|
|||
}
|
||||
|
||||
INSTALLED_APPS += ('mellon',)
|
||||
AUTHENTICATION_BACKENDS = ( 'mellon.backends.SAMLBackend',)
|
||||
LOGIN_URL = '/accounts/mellon/login'
|
||||
LOGOUT_URL = '/accounts/mellon/logout'
|
||||
MELLON_PUBLIC_KEYS = [os.path.join(ETC_DIR, 'cert.pem')]
|
||||
MELLON_PRIVATE_KEY = os.path.join(ETC_DIR, 'key.cert')
|
||||
MELLON_IDENTITY_PROVIDERS = [
|
||||
{'METADATA': os.path.join(ETC_DIR, 'idp-metadata.xml'),
|
||||
'GROUP_ATTRIBUTE': 'role'},
|
||||
]
|
||||
|
||||
execfile(os.path.join(ETC_DIR, 'config.py'))
|
||||
execfile(os.path.join(ETC_DIR, 'settings.py'))
|
|
@ -1,7 +1,10 @@
|
|||
#!/bin/sh
|
||||
|
||||
NAME=hobo
|
||||
MANAGE="/usr/lib/$NAME/manage.py --multitenant --config=/usr/lib/${NAME}/debian_config.py"
|
||||
MANAGE="/usr/lib/hobo/manage.py"
|
||||
|
||||
# load Debian default configuration
|
||||
export HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
|
||||
|
||||
# check user
|
||||
if test x$1 = x"--forceuser"
|
|
@ -1,13 +1,13 @@
|
|||
server {
|
||||
listen 443;
|
||||
server_name hobo.dev.fr;
|
||||
server_name hobo.example.org;
|
||||
|
||||
ssl on;
|
||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||
|
||||
access_log /var/log/nginx/hobo.dev.fr-access.log combined;
|
||||
error_log /var/log/nginx/hobo.dev.fr-error.log;
|
||||
access_log /var/log/nginx/hobo.example.org-access.log combined;
|
||||
error_log /var/log/nginx/hobo.example.org-error.log;
|
||||
|
||||
location /static {
|
||||
alias /var/lib/hobo/collected-static;
|
||||
|
@ -26,10 +26,10 @@ server {
|
|||
|
||||
server {
|
||||
listen 80;
|
||||
server_name hobo.dev.fr;
|
||||
server_name hobo.example.org;
|
||||
|
||||
access_log /var/log/nginx/hobo.dev.fr-access.log combined;
|
||||
error_log /var/log/nginx/hobo.dev.fr-error.log;
|
||||
access_log /var/log/nginx/hobo.example.org-access.log combined;
|
||||
error_log /var/log/nginx/hobo.example.org-error.log;
|
||||
|
||||
location /static {
|
||||
alias /var/lib/hobo/collected-static;
|
|
@ -27,19 +27,18 @@ ADMINS = (
|
|||
# ALLOWED_HOSTS must be correct in production!
|
||||
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
|
||||
ALLOWED_HOSTS = [
|
||||
'hobo.example.net',
|
||||
'hobo.example.net.',
|
||||
'.hobo.example.net',
|
||||
'.hobo.example.net.',
|
||||
'*',
|
||||
]
|
||||
|
||||
# Hobo use a postgresql database
|
||||
# Hobo use a postgresql database by default
|
||||
# Default: a local database named "hobo"
|
||||
# DATABASES['default']['name'] = 'hobo'
|
||||
# DATABASES['default']['user'] = 'hobo'
|
||||
# DATABASES['default']['password'] = '******'
|
||||
# DATABASES['default']['host'] = 'localhost'
|
||||
# DATABASES['default']['port'] = '5432'
|
||||
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
|
||||
# DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'
|
||||
# DATABASES['default']['NAME'] = 'hobo'
|
||||
# DATABASES['default']['USER'] = 'hobo'
|
||||
# DATABASES['default']['PASSWORD'] = '******'
|
||||
# DATABASES['default']['HOST'] = 'localhost'
|
||||
# DATABASES['default']['PORT'] = '5432'
|
||||
|
||||
LANGUAGE_CODE = 'fr-fr'
|
||||
TIME_ZONE = 'Europe/Paris'
|
Loading…
Reference in New Issue