entrouvert
/
hobo
16
0
Fork 0
Code Issues Pull Requests 18 Releases Activity

debian: Cut and update packaging with the last changes on master 

* migration to Django 1.7
 * use new settings.py environment variable
 * split in 4 packages : hobo, hobo-multitenant, hobo-agent and
   python-hobo

Closes #6458
This commit is contained in:
Jérôme Schneider 2015-02-10 14:46:26 +01:00 committed by Frédéric Péters
parent 0868128267
commit 45854deb8f
35 changed files with 1268 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
debian/agent/README.Debian vendored Normal file
View File

@ -0,0 +1,21 @@
Hobo agent for Debian
=====================
First step configure sudo
--------------------------
1. Edit your sudo configuration with sudoers
2. If you want to deploy wcs-au-quotidien add this line::
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_deploy
3. If you want to deploy Authentic 2 tenant add this line::
hobo-agent ALL=(authentic)NOPASSWD:/usr/bin/authentic2-multitenant-ctl deploy
4. If you want to deploy Combo tenant add this line::
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-multitenant-manage hobo_deploy
5. If you want to deploy Passerelle tenant add this line::
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-multitenant-manage hobo_deploy
Second step configure your agent
-------------------------------
1. Edit /etc/hobo-agent/settings.py (change BROKER_URL if distant)
2. Restart supervisor

25
debian/agent/hobo-agent.conf vendored Normal file
View File

@ -0,0 +1,25 @@
[program:hobo-agent]
command=celery worker --app=hobo.agent.worker --loglevel=INFO
environment=HOBO_AGENT_SETTINGS_FILE="/etc/hobo-agent/settings.py"
process_name=hobo-agent
user=hobo-agent
numprocs=1
stdout_logfile=/var/log/hobo-agent/stdout.log
stderr_logfile=/var/log/hobo-agent/stderr.log
autostart=true
autorestart=true
startsecs=10
; Need to wait for currently executing tasks to finish at shutdown.
; Increase this if you have very long running tasks.
stopwaitsecs = 600
; When resorting to send SIGKILL to the program to terminate it
; send SIGKILL to its whole process group instead,
; taking care of its children as well.
killasgroup=true
; if rabbitmq is supervised, set its priority higher
; so it starts first
priority=998

23
debian/agent/settings.py vendored Normal file
View File

@ -0,0 +1,23 @@
# AMQP message broker
# http://celery.readthedocs.org/en/latest/configuration.html#broker-url
# transport://userid:password@hostname:port/virtual_host
BROKER_URL = 'amqp://'
# It's possible to limit agents to particular applications, or particular
# hostnames, using the AGENT_HOST_PATTERNS configuration variable.
#
# The format is a dictionary with applications as keys and a list of hostnames as
# value. The hostnames can be prefixed by an exclamation mark to exclude them.
#
# AGENT_HOST_PATTERNS = {
# 'wcs': ['*.example.net', '! *.dev.example.net'],
# }
#
# Will limit wcs deployments to *.example.net hostnames, while excluding
# *.dev.example.net.
AGENT_HOST_PATTERNS = None
WCS_MANAGE_COMMAND = 'sudo -u wcs-au-quotidien /usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg'
AGENT_AUTHENTIC_COMMAND = 'sudo -u authentic /usr/bin/authentic2-multitenant-ctl deploy'
COMBO_MANAGE_COMMAND = 'sudo -u combo /usr/bin/combo-multitenant-manage'
PASSERELLE_MANAGE_COMMAND = 'sudo -u passerelle /usr/bin/passerelle-multitenant-manage'

4
debian/agent/sudo-hobo-agent vendored Normal file
View File

@ -0,0 +1,4 @@
hobo-agent ALL=(wcs-au-quotidien)NOPASSWD:/usr/sbin/wcsctl -f /etc/wcs/wcs-au-quotidien.cfg hobo_deploy
hobo-agent ALL=(authentic)NOPASSWD:/usr/bin/authentic2-multitenant-ctl hobo_deploy
hobo-agent ALL=(combo)NOPASSWD:/usr/bin/combo-multitenant-manage hobo_deploy
hobo-agent ALL=(passerelle)NOPASSWD:/usr/bin/passerelle-multitenant-manage hobo_deploy

46
debian/control vendored
View File

@ -1,14 +1,48 @@
Source: hobo
Maintainer: Frederic Peters <fpeters@entrouvert.com>
Maintainer: Jérôme Schneider <jschneider@entrouvert.com>
Section: python
Priority: optional
Build-Depends: python-setuptools (>= 0.6b3), python-all (>= 2.6.6-3), debhelper (>= 7)
Standards-Version: 3.9.1
X-Python-Version: >= 2.7
Package: python-hobo
Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, python-celery (>= 3.1.13)
Recommends: python-django (>= 1.7), python-gadjo, python-django-mellon (>= 1.2.11)
Description: Entr'ouvert Remote Deployment python module
Package: hobo
Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, python-django, python-gadjo,
python-entrouvert (>= 6.2.0), python-django-allauth-authentic2, python-django-south,
python-celery (>= 3.1.13), python-django-mellon (>= 1.2.7)
Recommends: python-django-tenant-schemas
Description: Portail admin
Depends: python-hobo (= ${binary:Version}),
rabbitmq-server (>= 3.3),
erlang-nox (>= 1:17.1),
python-django (>= 1.7),
python-gadjo,
python-django-mellon (>= 1.2.11),
gunicorn
Recommends: nginx
Description: Rapid Remote Deployment Daemon
Warning install blinding edge : https://www.rabbitmq.com/install-debian.html
Package: hobo-multitenant
Architecture: all
Depends: python-hobo (= ${binary:Version}),
python-django-tenant-schemas,
python-psycopg2,
rabbitmq-server (>= 3.3),
erlang-nox (>= 1:17.1),
python-django (>= 1.7),
python-gadjo,
python-django-mellon (>= 1.2.11),
gunicorn
Recommends: nginx, postgresql
Description: Multitenant Rapid Remote Deployment Daemon
Warning install blinding edge : https://www.rabbitmq.com/install-debian.html
Package: hobo-agent
Architecture: all
Depends: python-hobo (= ${binary:Version}),
sudo, supervisor
Description: Rapid Remote Deployment Agent

4
debian/hobo-agent.dirs vendored Normal file
View File

@ -0,0 +1,4 @@
/etc/hobo-agent
/var/log/hobo-agent
/etc/sudoers.d
/etc/supervisor/conf.d

3
debian/hobo-agent.install vendored Normal file
View File

@ -0,0 +1,3 @@
debian/agent/settings.py /etc/hobo-agent
debian/agent/hobo-agent.conf /etc/supervisor/conf.d
debian/agent/sudo-hobo-agent /etc/sudoers.d

36
debian/hobo-agent.postinst vendored Normal file
View File

@ -0,0 +1,36 @@
#! /bin/sh
set -e
NAME="hobo-agent"
USER=$NAME
GROUP=$NAME
case "$1" in
configure)
# make sure the administrative user exists
if ! getent passwd $USER >/dev/null; then
adduser --disabled-password --quiet --system \
--no-create-home --home /nonexistent \
--gecos "$NAME software user" --group $GROUP
fi
# ensure dirs ownership
chown $USER:$GROUP /var/log/$NAME
invoke-rc.d supervisor restart
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

8
debian/hobo-multitenant.dirs vendored Normal file
View File

@ -0,0 +1,8 @@
/etc/hobo-multitenant
/var/lib/hobo-multitenant/collected-static
/var/lib/hobo-multitenant/locale
/var/lib/hobo-multitenant/media
/var/lib/hobo-multitenant/static
/var/lib/hobo-multitenant/templates
/var/lib/hobo-multitenant/tenants
/var/log/hobo-multitenant

2
debian/hobo-multitenant.docs vendored Normal file
View File

@ -0,0 +1,2 @@
debian/multitenant/README.Debian
debian/rabbitmq/rabbitmq.config.example

194
debian/hobo-multitenant.init vendored Normal file
View File

@ -0,0 +1,194 @@
#!/bin/sh
### BEGIN INIT INFO
# Provides: hobo-multitenant
# Required-Start: $network $local_fs
# Required-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Portail admin
# Description: Portail admin
### END INIT INFO
# Author: Entr'ouvert <info@entrouvert.com>
PATH=/sbin:/usr/sbin:/bin:/usr/bin
DESC="Portail admin"
NAME=hobo-multitenant
DAEMON=/usr/bin/gunicorn
RUN_DIR=/run/$NAME
PIDFILE=$RUN_DIR/$NAME.pid
LOG_DIR=/var/log/$NAME
SCRIPTNAME=/etc/init.d/$NAME
BIND=unix:$RUN_DIR/$NAME.sock
WORKERS=5
TIMEOUT=10
HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
MANAGE_SCRIPT="/usr/bin/$NAME-manage"
USER=$NAME
GROUP=$NAME
# Exit if the package is not installed
[ -x $DAEMON ] || exit 0
# Read configuration variable file if it is present
[ -r /etc/default/$NAME ] && . /etc/default/$NAME
DAEMON_ARGS=${DAEMON_ARGS:-"--pid $PIDFILE \
--user $USER --group $GROUP \
--daemon \
--access-logfile $LOG_DIR/gunicorn-access.log \
--log-file $LOG_DIR/gunicorn-error.log \
--bind=$BIND \
--workers=$WORKERS \
--worker-class=sync \
--timeout=$TIMEOUT \
--name $NAME \
hobo.wsgi:application"}
# Load the VERBOSE setting and other rcS variables
. /lib/init/vars.sh
# Define LSB log_* functions.
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
. /lib/lsb/init-functions
# Create /run directory
if [ ! -d $RUN_DIR ]; then
install -d -m 755 -o $USER -g $GROUP $RUN_DIR
fi
# environment for wsgi
export HOBO_SETTINGS_FILE
#
# Function that starts the daemon/service
#
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
start-stop-daemon --start --quiet --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
#
# Function that stops the daemon/service
#
do_stop()
{
# Return
# 0 if daemon has been stopped
# 1 if daemon was already stopped
# 2 if daemon could not be stopped
# other if a failure occurred
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE
RETVAL="$?"
[ "$RETVAL" = 2 ] && return 2
# Wait for children to finish too if this is a daemon that forks
# and if the daemon is only ever run from this initscript.
# If the above conditions are not satisfied then add some other code
# that waits for the process to drop all resources that could be
# needed by services started subsequently. A last resort is to
# sleep for some time.
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
[ "$?" = 2 ] && return 2
# Many daemons don't delete their pidfiles when they exit.
rm -f $PIDFILE
return "$RETVAL"
}
#
# Function that sends a SIGHUP to the daemon/service
#
do_reload() {
#
# If the daemon can reload its configuration without
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON`
return 0
}
do_migrate() {
log_action_msg "Applying new migrations .."
su $USER -p -c "$MANAGE_SCRIPT migrate_tenants"
log_action_msg ".. done"
}
do_collectstatic() {
log_action_msg "Collect static files.."
su $USER -p -c "$MANAGE_SCRIPT collectstatic --noinput"
log_action_msg ".. done"
}
case "$1" in
start)
log_daemon_msg "Starting $DESC " "$NAME"
do_migrate
do_collectstatic
do_start
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $DESC" "$NAME"
do_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
status)
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
;;
reload|force-reload)
#
# If do_reload() is not implemented then leave this commented out
# and leave 'force-reload' as an alias for 'restart'.
#
log_daemon_msg "Reloading $DESC" "$NAME"
do_collectstatic
do_migrate
do_reload
log_end_msg $?
;;
restart|force-reload)
#
# If the "reload" option is implemented then remove the
# 'force-reload' alias
#
log_daemon_msg "Restarting $DESC" "$NAME"
do_stop
case "$?" in
0|1)
do_migrate
do_collectstatic
do_start
case "$?" in
0) log_end_msg 0 ;;
1) log_end_msg 1 ;; # Old process is still running
*) log_end_msg 1 ;; # Failed to start
esac
;;
*)
# Failed to stop
log_end_msg 1
;;
esac
;;
*)
echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2
exit 3
;;
esac

4
debian/hobo-multitenant.install vendored Normal file
View File

@ -0,0 +1,4 @@
debian/multitenant/hobo-multitenant-manage /usr/bin
debian/multitenant/settings.py /etc/hobo-multitenant
debian/multitenant/debian_config.py /usr/lib/hobo-multitenant
debian/multitenant/nginx-example.conf /usr/share/doc/hobo-multitenant

4
debian/postinst → debian/hobo-multitenant.postinst vendored
View File

@ -2,10 +2,9 @@
set -e
NAME="hobo"
NAME="hobo-multitenant"
USER=$NAME
GROUP=$NAME
MANAGE="python /usr/lib/$NAME/manage.py --config=/usr/lib/$NAME/debian_config.py"
CONFIG_DIR="/etc/$NAME"
case "$1" in
@ -20,7 +19,6 @@ case "$1" in
# ensure dirs ownership
chown $USER:$GROUP /var/log/$NAME
chown $USER:$GROUP /var/lib/$NAME/collected-static
chown $USER:$GROUP /var/lib/$NAME/media
chown $USER:$GROUP /var/lib/$NAME/tenants
# create a secret file
SECRET_FILE=$CONFIG_DIR/secret

2
debian/dirs → debian/hobo.dirs vendored
View File

@ -1,9 +1,7 @@
/etc/hobo
/usr/lib/hobo
/var/lib/hobo/collected-static
/var/lib/hobo/locale
/var/lib/hobo/media
/var/lib/hobo/static
/var/lib/hobo/templates
/var/lib/hobo/tenants
/var/log/hobo

3
debian/hobo.docs vendored Normal file
View File

@ -0,0 +1,3 @@
debian/rabbitmq/rabbitmq.config.example
debian/server/nginx-example.conf
debian/server/README.Debian

25
debian/init.d → debian/hobo.init vendored
View File

@ -23,9 +23,8 @@ BIND=unix:$RUN_DIR/$NAME.sock
WORKERS=5
TIMEOUT=10
DJANGO_SETTINGS_MODULE=$NAME.tenant_settings
DJANGO_CONFIG_FILE=/usr/lib/$NAME/debian_config.py
MANAGE_SCRIPT="python /usr/lib/$NAME/manage.py --config=$DJANGO_CONFIG_FILE"
HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
MANAGE_SCRIPT="/usr/bin/$NAME-manage"
USER=$NAME
GROUP=$NAME
@ -60,14 +59,8 @@ if [ ! -d $RUN_DIR ]; then
install -d -m 755 -o $USER -g $GROUP $RUN_DIR
fi
# environment for wsgi & settings
export DJANGO_SETTINGS_MODULE
export DJANGO_CONFIG_FILE
# multitenant mode
if [ "x$DJANGO_SETTINGS_MODULE" = "x$NAME.tenant_settings" ]; then
TENANT_BASE=/var/lib/$NAME/tenants
MANAGE_SCRIPT="$MANAGE_SCRIPT --multitenant"
fi
# environment for wsgi
export HOBO_SETTINGS_FILE
#
# Function that starts the daemon/service
@ -120,19 +113,13 @@ do_reload() {
# restarting (for example, when it is sent a SIGHUP),
# then implement that here.
#
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON`
return 0
}
do_migrate() {
log_action_msg "Applying new migrations .."
if [ "x$TENANT_BASE" != "x" ]; then
su $USER -p -c "$MANAGE_SCRIPT create_schema"
su $USER -p -c "$MANAGE_SCRIPT sync_schemas --noinput"
su $USER -p -c "$MANAGE_SCRIPT migrate_schemas --noinput"
else
su $USER -p -c "$MANAGE_SCRIPT syncdb --migrate --noinput"
fi
su $USER -p -c "$MANAGE_SCRIPT migrate --noinput"
log_action_msg ".. done"
}

4
debian/hobo.install vendored Normal file
View File

@ -0,0 +1,4 @@
debian/server/hobo-manage /usr/bin
debian/server/settings.py /etc/hobo
debian/server/debian_config.py /usr/lib/hobo
debian/server/nginx-example.conf /usr/share/doc/hobo

45
debian/hobo.postinst vendored Normal file
View File

@ -0,0 +1,45 @@
#! /bin/sh
set -e
NAME="hobo"
USER=$NAME
GROUP=$NAME
CONFIG_DIR="/etc/$NAME"
case "$1" in
configure)
# make sure the administrative user exists
if ! getent passwd $USER >/dev/null; then
adduser --disabled-password --quiet --system \
--no-create-home --home /var/lib/$NAME \
--gecos "$NAME software user" --group $GROUP
fi
# ensure dirs ownership
chown $USER:$GROUP /var/log/$NAME
chown $USER:$GROUP /var/lib/$NAME/collected-static
chown $USER:$GROUP /var/lib/$NAME/media
# create a secret file
SECRET_FILE=$CONFIG_DIR/secret
if [ ! -f $SECRET_FILE ]; then
echo -n "Generating Django secret..." >&2
cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE
chown root:$GROUP $SECRET_FILE
chmod 0440 $SECRET_FILE
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
#DEBHELPER#
exit 0

18
debian/idp-metadata.xml vendored
View File

@ -1,18 +0,0 @@
<?xml version="1.0"?>
<ns0:EntityDescriptor xmlns:ns0="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ns1="http://www.w3.org/2000/09/xmldsig#" entityID="http://www.identity-hub.com/idp/saml2/metadata"><ns0:IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><ns0:KeyDescriptor><ns1:KeyInfo><ns1:X509Data><ns1:X509Certificate>MIIDIzCCAgugAwIBAgIJANUBoick1pDpMA0GCSqGSIb3DQEBBQUAMBUxEzARBgNV
BAoTCkVudHJvdXZlcnQwHhcNMTAxMjE0MTUzMzAyWhcNMTEwMTEzMTUzMzAyWjAV
MRMwEQYDVQQKEwpFbnRyb3V2ZXJ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEAvxFkfPdndlGgQPDZgFGXbrNAc/79PULZBuNdWFHDD9P5hNhZn9Kqm4Cp
06Pe/A6u+g5wLnYvbZQcFCgfQAEzziJtb3J55OOlB7iMEI/T2AX2WzrUH8QT8NGh
ABONKU2Gg4XiyeXNhH5R7zdHlUwcWq3ZwNbtbY0TVc+n665EbrfV/59xihSqsoFr
kmBLH0CoepUXtAzA7WDYn8AzusIuMx3n8844pJwgxhTB7Gjuboptlz9Hri8JRdXi
VT9OS9Wt69ubcNoM6zuKASmtm48UuGnhj8v6XwvbjKZrL9kA+xf8ziazZfvvw/VG
Tm+IVFYB7d1x457jY5zjjXJvNysoowIDAQABo3YwdDAdBgNVHQ4EFgQUeF8ePnu0
fcAK50iBQDgAhHkOu8kwRQYDVR0jBD4wPIAUeF8ePnu0fcAK50iBQDgAhHkOu8mh
GaQXMBUxEzARBgNVBAoTCkVudHJvdXZlcnSCCQDVAaInJNaQ6TAMBgNVHRMEBTAD
AQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAy8l3GhUtpPHx0FxzbRHVaaUSgMwYKGPhE
IdGhqekKUJIx8et4xpEMFBl5XQjBNq/mp5vO3SPb2h2PVSks7xWnG3cvEkqJSOeo
fEEhkqnM45b2MH1S5uxp4i8UilPG6kmQiXU2rEUBdRk9xnRWos7epVivTSIv1Ncp
lG6l41SXp6YgIb2ToT+rOKdIGIQuGDlzeR88fDxWEU0vEujZv/v1PE1YOV0xKjTT
JumlBc6IViKhJeo1wiBBrVRIIkKKevHKQzteK8pWm9CYWculxT26TZ4VWzGbo06j
o2zbumirrLLqnt1gmBDvDvlOwC/zAAyL4chbz66eQHTiIYZZvYgy</ns1:X509Certificate></ns1:X509Data></ns1:KeyInfo></ns0:KeyDescriptor><ns0:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://www.identity-hub.com/idp/saml2/artifact" index="1" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.identity-hub.com/idp/saml2/slo" ResponseLocation="http://www.identity-hub.com/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.identity-hub.com/idp/saml2/slo" ResponseLocation="http://www.identity-hub.com/idp/saml2/slo_return" /><ns0:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="http://www.identity-hub.com/idp/saml2/slo/soap" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="http://www.identity-hub.com/idp/saml2/sso" /><ns0:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="http://www.identity-hub.com/idp/saml2/sso" /></ns0:IDPSSODescriptor></ns0:EntityDescriptor>

5
debian/install vendored
View File

@ -1,5 +0,0 @@
debian/hobo-manage /usr/bin
debian/config.py /etc/hobo
debian/idp-metadata.xml /etc/hobo
debian/debian_config.py /usr/lib/hobo
debian/nginx-example.conf /usr/share/doc/hobo

29
debian/multitenant/README.Debian vendored Normal file
View File

@ -0,0 +1,29 @@
Hobo multitenant server for Debian
==================================
First step: configure rabbitmq
------------------------------
1. Copy /usr/share/doc/hobo-multitenant/rabbitmq.config.example into /etc/rabbitmq/rabbitmq.config
2. Edit your /etc/rabbitmq/rabbitmq.config and change ssl certificates
3. Restart rabbitmq : service rabbitmq-server restart
4. Create your rabbitmq user::
rabbitmqctl change_password hobo <your password>
5. Add hobo user permission::
rabbitmqctl set_permissions hobo ".*" ".*" ".*"
Second step: create your tenant
------------------------------
hobo-multitenant-manage create_tenant <your hostname>
Third step: configure nginx
---------------------------
1. Copy /usr/share/doc/hobo/nginx-example.conf into /etc/nginx/sites-available/<your hostname>
2. Edit /etc/nginx/sites-available/<your hostname>
3. Enable your nginx vhost::
cd /etc/nginx/sites-enabled
ln -s ../sites-available/<your hostname>
3. Reload nginx

55
debian/multitenant/debian_config.py vendored Normal file
View File

@ -0,0 +1,55 @@
# This file is sourced by "execfile" from hobo.settings
import os
ETC_DIR = '/etc/hobo-multitenant'
VAR_DIR = '/var/lib/hobo-multitenant'
STATIC_ROOT = os.path.join(VAR_DIR, 'collected-static')
STATICFILES_DIRS = (os.path.join(VAR_DIR, 'static'),) + STATICFILES_DIRS
TEMPLATE_DIRS = (os.path.join(VAR_DIR, 'templates'),) + TEMPLATE_DIRS
LOCALE_PATHS = (os.path.join(VAR_DIR, 'locale'),) + LOCALE_PATHS
DATABASES = {
'default': {
'ENGINE': 'tenant_schemas.postgresql_backend',
'NAME': 'hobo_multitenant'
}
}
INSTALLED_APPS += ('mellon',)
TENANT_BASE = os.path.join(VAR_DIR, 'tenants')
TENANT_MODEL = 'multitenant.Tenant'
TENANT_TEMPLATE_DIRS = (TENANT_BASE,)
SHARED_APPS = (
'hobo.multitenant',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.messages',
'django.contrib.sessions',
'django.contrib.staticfiles',
'django.contrib.admin',
)
TENANT_APPS = INSTALLED_APPS
INSTALLED_APPS = ('hobo.multitenant',) + INSTALLED_APPS
DATABASE_ROUTERS = (
'tenant_schemas.routers.TenantSyncRouter',
)
TEMPLATE_LOADERS = ('hobo.multitenant.template_loader.FilesystemLoader',) + global_settings.TEMPLATE_LOADERS
TEMPLATE_CONTEXT_PROCESSORS = ('django.core.context_processors.request',) + TEMPLATE_CONTEXT_PROCESSORS
MIDDLEWARE_CLASSES = (
'hobo.multitenant.middleware.TenantMiddleware',
'hobo.middleware.settings.MellonSettingsMiddleware',
) + MIDDLEWARE_CLASSES
DEFAULT_FILE_STORAGE = 'hobo.multitenant.storage.TenantFileSystemStorage'
execfile(os.path.join(ETC_DIR, 'settings.py'))

26
debian/multitenant/hobo-multitenant-manage vendored Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
NAME=hobo-multitenant
MANAGE="/usr/lib/hobo/manage.py"
# load Debian default configuration
export HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
# check user
if test x$1 = x"--forceuser"
then
shift
elif test $(id -un) != "$NAME"
then
echo "error: must use $0 with user ${NAME}"
exit 1
fi
if test $# -eq 0
then
python ${MANAGE} help
exit 1
fi
python ${MANAGE} "$@"

51
debian/multitenant/nginx-example.conf vendored Normal file
View File

@ -0,0 +1,51 @@
server {
listen 443;
server_name hobo.example.org;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location ~ ^/static/(.+)$ {
root /;
try_files /var/lib/hobo-multitenant/tenants/$host/$1
/var/lib/hobo-multitenant/collected-static/$1
=404;
}
location / {
proxy_pass http://unix:/var/run/hobo-multitenant/hobo-multitenant.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Protocol ssl;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name hobo.example.org;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location ~ ^/static/(.+)$ {
root /;
try_files /var/lib/hobo-multitenant/tenants/$host/$1
/var/lib/hobo-multitenant/collected-static/$1
=404;
}
location / {
proxy_pass http://unix:/var/run/hobo-multitenant/hobo-multitenant.sock;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

44
debian/multitenant/settings.py vendored Normal file
View File

@ -0,0 +1,44 @@
# Configuration for hobo.
# You can override Hobo default settings here
# Hobo is a Django application: for the full list of settings and their
# values, see https://docs.djangoproject.com/en/1.7/ref/settings/
# For more information on settings see
# https://docs.djangoproject.com/en/1.7/topics/settings/
# WARNING! Quick-start development settings unsuitable for production!
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/
# This file is sourced by "execfile" from /usr/lib/hobo-multitenant/debian_config.py
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = file('/etc/hobo-multitenant/secret').read()
# SECURITY WARNING: don't run with debug turned on in production!
DEBUG = False
TEMPLATE_DEBUG = False
ADMINS = (
# ('User 1', 'watchdog@example.net'),
# ('User 2', 'janitor@example.net'),
)
# ALLOWED_HOSTS must be correct in production!
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
ALLOWED_HOSTS = [
'*',
]
# Databases
# Default: a local database named "hobo"
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
# Warning: don't change ENGINE
# DATABASES['default']['NAME'] = 'hobo'
# DATABASES['default']['USER'] = 'hobo'
# DATABASES['default']['PASSWORD'] = '******'
# DATABASES['default']['HOST'] = 'localhost'
# DATABASES['default']['PORT'] = '5432'
LANGUAGE_CODE = 'fr-fr'
TIME_ZONE = 'Europe/Paris'

1
debian/python-hobo.dirs vendored Normal file
View File

@ -0,0 +1 @@
/usr/lib/hobo

2
debian/python-hobo.docs vendored Normal file
View File

@ -0,0 +1,2 @@
COPYING
README

1
debian/python-hobo.install vendored Normal file
View File

@ -0,0 +1 @@
usr/lib/

591
debian/rabbitmq/rabbitmq.config.example vendored Normal file
View File

@ -0,0 +1,591 @@
%% -*- mode: erlang -*-
%% ----------------------------------------------------------------------------
%% RabbitMQ Sample Configuration File.
%%
%% See http://www.rabbitmq.com/configure.html for details.
%% ----------------------------------------------------------------------------
[
%% http://www.rabbitmq.com/ssl.html
%% Disable SSLv3.0 and TLSv1.0 support. (BEAST / POODLE)
{ssl, [{versions, ['tlsv1.2', 'tlsv1.1']}]},
{rabbit,
[%%
%% Network Connectivity
%% ====================
%%
%% By default, RabbitMQ will listen on all interfaces, using
%% the standard (reserved) AMQP port.
%%
%% {tcp_listeners, [5672]},
%% To listen on a specific interface, provide a tuple of {IpAddress, Port}.
%% For example, to listen only on localhost for both IPv4 and IPv6:
%%
{tcp_listeners, [{"127.0.0.1", 5672},
{"::1", 5672}]},
%% SSL listeners are configured in the same fashion as TCP listeners,
%% including the option to control the choice of interface.
%%
{ssl_listeners, [5671]},
%% {ssl_allow_poodle_attack, true},
%% Maximum time for AMQP 0-8/0-9/0-9-1 handshake (after socket connection
%% and SSL handshake), in milliseconds.
%%
%% {handshake_timeout, 10000},
%% Log levels (currently just used for connection logging).
%% One of 'info', 'warning', 'error' or 'none', in decreasing order
%% of verbosity. Defaults to 'info'.
%%
%% {log_levels, [{connection, info}]},
%% Set to 'true' to perform reverse DNS lookups when accepting a
%% connection. Hostnames will then be shown instead of IP addresses
%% in rabbitmqctl and the management plugin.
%%
{reverse_dns_lookups, false},
%%
%% Security / AAA
%% ==============
%%
%% The default "guest" user is only permitted to access the server
%% via a loopback interface (e.g. localhost).
%%{loopback_users, [<<"guest">>]},
%%
%% Uncomment the following line if you want to allow access to the
%% guest user from anywhere on the network.
%% {loopback_users, []},
%% Configuring SSL.
%% See http://www.rabbitmq.com/ssl.html for full documentation.
%%
%% {ssl_options, [{cacertfile, "/path/to/testca/cacert.pem"},
%% {certfile, "/path/to/server/cert.pem"},
%% {keyfile, "/path/to/server/key.pem"},
%% {verify, verify_peer},
%% {fail_if_no_peer_cert, false}]},
{ssl_options, [{certfile, "/etc/ssl/certs/ssl-cert-snakeoil.pem"},
{keyfile, "/etc/ssl/private/ssl-cert-snakeoil.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}]}
%% Choose the available SASL mechanism(s) to expose.
%% The two default (built in) mechanisms are 'PLAIN' and
%% 'AMQPLAIN'. Additional mechanisms can be added via
%% plugins.
%%
%% See http://www.rabbitmq.com/authentication.html for more details.
%%
%% {auth_mechanisms, ['PLAIN', 'AMQPLAIN']},
%% Select an authentication database to use. RabbitMQ comes bundled
%% with a built-in auth-database, based on mnesia.
%%
%% {auth_backends, [rabbit_auth_backend_internal]},
%% Configurations supporting the rabbitmq_auth_mechanism_ssl and
%% rabbitmq_auth_backend_ldap plugins.
%%
%% NB: These options require that the relevant plugin is enabled.
%% See http://www.rabbitmq.com/plugins.html for further details.
%% The RabbitMQ-auth-mechanism-ssl plugin makes it possible to
%% authenticate a user based on the client's SSL certificate.
%%
%% To use auth-mechanism-ssl, add to or replace the auth_mechanisms
%% list with the entry 'EXTERNAL'.
%%
%% {auth_mechanisms, ['EXTERNAL']},
%% The rabbitmq_auth_backend_ldap plugin allows the broker to
%% perform authentication and authorisation by deferring to an
%% external LDAP server.
%%
%% For more information about configuring the LDAP backend, see
%% http://www.rabbitmq.com/ldap.html.
%%
%% Enable the LDAP auth backend by adding to or replacing the
%% auth_backends entry:
%%
%% {auth_backends, [rabbit_auth_backend_ldap]},
%% This pertains to both the rabbitmq_auth_mechanism_ssl plugin and
%% STOMP ssl_cert_login configurations. See the rabbitmq_stomp
%% configuration section later in this fail and the README in
%% https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl for further
%% details.
%%
%% To use the SSL cert's CN instead of its DN as the username
%%
%% {ssl_cert_login_from, common_name},
%% SSL handshake timeout, in milliseconds.
%%
%% {ssl_handshake_timeout, 5000},
%%
%% Default User / VHost
%% ====================
%%
%% On first start RabbitMQ will create a vhost and a user. These
%% config items control what gets created. See
%% http://www.rabbitmq.com/access-control.html for further
%% information about vhosts and access control.
%%
%% {default_vhost, <<"/">>},
%% {default_user, <<"guest">>},
%% {default_pass, <<"guest">>},
%% {default_permissions, [<<".*">>, <<".*">>, <<".*">>]},
%% Tags for default user
%%
%% For more details about tags, see the documentation for the
%% Management Plugin at http://www.rabbitmq.com/management.html.
%%
%% {default_user_tags, [administrator]},
%%
%% Additional network and protocol related configuration
%% =====================================================
%%
%% Set the default AMQP heartbeat delay (in seconds).
%%
%% {heartbeat, 600},
%% Set the max permissible size of an AMQP frame (in bytes).
%%
%% {frame_max, 131072},
%% Set the max permissible number of channels per connection.
%% 0 means "no limit".
%%
%% {channel_max, 128},
%% Customising Socket Options.
%%
%% See (http://www.erlang.org/doc/man/inet.html#setopts-2) for
%% further documentation.
%%
%% {tcp_listen_options, [binary,
%% {packet, raw},
%% {reuseaddr, true},
%% {backlog, 128},
%% {nodelay, true},
%% {exit_on_close, false}]},
%%
%% Resource Limits & Flow Control
%% ==============================
%%
%% See http://www.rabbitmq.com/memory.html for full details.
%% Memory-based Flow Control threshold.
%%
%% {vm_memory_high_watermark, 0.4},
%% Fraction of the high watermark limit at which queues start to
%% page message out to disc in order to free up memory.
%%
%% {vm_memory_high_watermark_paging_ratio, 0.5},
%% Set disk free limit (in bytes). Once free disk space reaches this
%% lower bound, a disk alarm will be set - see the documentation
%% listed above for more details.
%%
%% {disk_free_limit, 50000000},
%% Alternatively, we can set a limit relative to total available RAM.
%%
%% {disk_free_limit, {mem_relative, 1.0}},
%%
%% Misc/Advanced Options
%% =====================
%%
%% NB: Change these only if you understand what you are doing!
%%
%% To announce custom properties to clients on connection:
%%
%% {server_properties, []},
%% How to respond to cluster partitions.
%% See http://www.rabbitmq.com/partitions.html for further details.
%%
%% {cluster_partition_handling, ignore},
%% Make clustering happen *automatically* at startup - only applied
%% to nodes that have just been reset or started for the first time.
%% See http://www.rabbitmq.com/clustering.html#auto-config for
%% further details.
%%
%% {cluster_nodes, {['rabbit@my.host.com'], disc}},
%% Set (internal) statistics collection granularity.
%%
%% {collect_statistics, none},
%% Statistics collection interval (in milliseconds).
%%
%% {collect_statistics_interval, 5000},
%% Explicitly enable/disable hipe compilation.
%%
%% {hipe_compile, true},
%% Timeout used when waiting for Mnesia tables in a cluster to
%% become available.
%%
%% {mnesia_table_loading_timeout, 30000}
]},
%% ----------------------------------------------------------------------------
%% Advanced Erlang Networking/Clustering Options.
%%
%% See http://www.rabbitmq.com/clustering.html for details
%% ----------------------------------------------------------------------------
{kernel,
[%% Sets the net_kernel tick time.
%% Please see http://erlang.org/doc/man/kernel_app.html and
%% http://www.rabbitmq.com/nettick.html for further details.
%%
%% {net_ticktime, 60}
]},
%% ----------------------------------------------------------------------------
%% RabbitMQ Management Plugin
%%
%% See http://www.rabbitmq.com/management.html for details
%% ----------------------------------------------------------------------------
{rabbitmq_management,
[%% Pre-Load schema definitions from the following JSON file. See
%% http://www.rabbitmq.com/management.html#load-definitions
%%
%% {load_definitions, "/path/to/schema.json"},
%% Log all requests to the management HTTP API to a file.
%%
%% {http_log_dir, "/path/to/access.log"},
%% Change the port on which the HTTP listener listens,
%% specifying an interface for the web server to bind to.
%% Also set the listener to use SSL and provide SSL options.
%%
%% {listener, [{port, 12345},
%% {ip, "127.0.0.1"},
%% {ssl, true},
%% {ssl_opts, [{cacertfile, "/path/to/cacert.pem"},
%% {certfile, "/path/to/cert.pem"},
%% {keyfile, "/path/to/key.pem"}]}]},
{listener, [{port, 15672},
{ssl, true},
{ssl_opts, [{certfile, "/etc/ssl/certs/ssl-cert-snakeoil.pem"},
{keyfile, "/etc/ssl/private/ssl-cert-snakeoil.key"},
{versions, ['tlsv1.2', 'tlsv1.1']}]}]}
%% One of 'basic', 'detailed' or 'none'. See
%% http://www.rabbitmq.com/management.html#fine-stats for more details.
%% {rates_mode, basic},
%% Configure how long aggregated data (such as message rates and queue
%% lengths) is retained. Please read the plugin's documentation in
%% http://www.rabbitmq.com/management.html#configuration for more
%% details.
%%
%% {sample_retention_policies,
%% [{global, [{60, 5}, {3600, 60}, {86400, 1200}]},
%% {basic, [{60, 5}, {3600, 60}]},
%% {detailed, [{10, 5}]}]}
]},
%% ----------------------------------------------------------------------------
%% RabbitMQ Shovel Plugin
%%
%% See http://www.rabbitmq.com/shovel.html for details
%% ----------------------------------------------------------------------------
{rabbitmq_shovel,
[{shovels,
[%% A named shovel worker.
%% {my_first_shovel,
%% [
%% List the source broker(s) from which to consume.
%%
%% {sources,
%% [%% URI(s) and pre-declarations for all source broker(s).
%% {brokers, ["amqp://user:password@host.domain/my_vhost"]},
%% {declarations, []}
%% ]},
%% List the destination broker(s) to publish to.
%% {destinations,
%% [%% A singular version of the 'brokers' element.
%% {broker, "amqp://"},
%% {declarations, []}
%% ]},
%% Name of the queue to shovel messages from.
%%
%% {queue, <<"your-queue-name-goes-here">>},
%% Optional prefetch count.
%%
%% {prefetch_count, 10},
%% when to acknowledge messages:
%% - no_ack: never (auto)
%% - on_publish: after each message is republished
%% - on_confirm: when the destination broker confirms receipt
%%
%% {ack_mode, on_confirm},
%% Overwrite fields of the outbound basic.publish.
%%
%% {publish_fields, [{exchange, <<"my_exchange">>},
%% {routing_key, <<"from_shovel">>}]},
%% Static list of basic.properties to set on re-publication.
%%
%% {publish_properties, [{delivery_mode, 2}]},
%% The number of seconds to wait before attempting to
%% reconnect in the event of a connection failure.
%%
%% {reconnect_delay, 2.5}
%% ]} %% End of my_first_shovel
]}
%% Rather than specifying some values per-shovel, you can specify
%% them for all shovels here.
%%
%% {defaults, [{prefetch_count, 0},
%% {ack_mode, on_confirm},
%% {publish_fields, []},
%% {publish_properties, [{delivery_mode, 2}]},
%% {reconnect_delay, 2.5}]}
]},
%% ----------------------------------------------------------------------------
%% RabbitMQ Stomp Adapter
%%
%% See http://www.rabbitmq.com/stomp.html for details
%% ----------------------------------------------------------------------------
{rabbitmq_stomp,
[%% Network Configuration - the format is generally the same as for the broker
%% Listen only on localhost (ipv4 & ipv6) on a specific port.
%% {tcp_listeners, [{"127.0.0.1", 61613},
%% {"::1", 61613}]},
%% Listen for SSL connections on a specific port.
%% {ssl_listeners, [61614]},
%% Additional SSL options
%% Extract a name from the client's certificate when using SSL.
%%
%% {ssl_cert_login, true},
%% Set a default user name and password. This is used as the default login
%% whenever a CONNECT frame omits the login and passcode headers.
%%
%% Please note that setting this will allow clients to connect without
%% authenticating!
%%
%% {default_user, [{login, "guest"},
%% {passcode, "guest"}]},
%% If a default user is configured, or you have configured use SSL client
%% certificate based authentication, you can choose to allow clients to
%% omit the CONNECT frame entirely. If set to true, the client is
%% automatically connected as the default user or user supplied in the
%% SSL certificate whenever the first frame sent on a session is not a
%% CONNECT frame.
%%
%% {implicit_connect, true}
]},
%% ----------------------------------------------------------------------------
%% RabbitMQ MQTT Adapter
%%
%% See http://hg.rabbitmq.com/rabbitmq-mqtt/file/stable/README.md for details
%% ----------------------------------------------------------------------------
{rabbitmq_mqtt,
[%% Set the default user name and password. Will be used as the default login
%% if a connecting client provides no other login details.
%%
%% Please note that setting this will allow clients to connect without
%% authenticating!
%%
%% {default_user, <<"guest">>},
%% {default_pass, <<"guest">>},
%% Enable anonymous access. If this is set to false, clients MUST provide
%% login information in order to connect. See the default_user/default_pass
%% configuration elements for managing logins without authentication.
%%
%% {allow_anonymous, true},
%% If you have multiple chosts, specify the one to which the
%% adapter connects.
%%
%% {vhost, <<"/">>},
%% Specify the exchange to which messages from MQTT clients are published.
%%
%% {exchange, <<"amq.topic">>},
%% Specify TTL (time to live) to control the lifetime of non-clean sessions.
%%
%% {subscription_ttl, 1800000},
%% Set the prefetch count (governing the maximum number of unacknowledged
%% messages that will be delivered).
%%
%% {prefetch, 10},
%% TCP/SSL Configuration (as per the broker configuration).
%%
%% {tcp_listeners, [1883]},
%% {ssl_listeners, []},
%% TCP/Socket options (as per the broker configuration).
%%
%% {tcp_listen_options, [binary,
%% {packet, raw},
%% {reuseaddr, true},
%% {backlog, 128},
%% {nodelay, true}]}
]},
%% ----------------------------------------------------------------------------
%% RabbitMQ AMQP 1.0 Support
%%
%% See http://hg.rabbitmq.com/rabbitmq-amqp1.0/file/default/README.md
%% for details
%% ----------------------------------------------------------------------------
{rabbitmq_amqp1_0,
[%% Connections that are not authenticated with SASL will connect as this
%% account. See the README for more information.
%%
%% Please note that setting this will allow clients to connect without
%% authenticating!
%%
%% {default_user, "guest"},
%% Enable protocol strict mode. See the README for more information.
%%
%% {protocol_strict_mode, false}
]},
%% ----------------------------------------------------------------------------
%% RabbitMQ LDAP Plugin
%%
%% See http://www.rabbitmq.com/ldap.html for details.
%%
%% ----------------------------------------------------------------------------
{rabbitmq_auth_backend_ldap,
[%%
%% Connecting to the LDAP server(s)
%% ================================
%%
%% Specify servers to bind to. You *must* set this in order for the plugin
%% to work properly.
%%
%% {servers, ["your-server-name-goes-here"]},
%% Connect to the LDAP server using SSL
%%
%% {use_ssl, false},
%% Specify the LDAP port to connect to
%%
%% {port, 389},
%% LDAP connection timeout, in milliseconds or 'infinity'
%%
%% {timeout, infinity},
%% Enable logging of LDAP queries.
%% One of
%% - false (no logging is performed)
%% - true (verbose logging of the logic used by the plugin)
%% - network (as true, but additionally logs LDAP network traffic)
%%
%% Defaults to false.
%%
%% {log, false},
%%
%% Authentication
%% ==============
%%
%% Pattern to convert the username given through AMQP to a DN before
%% binding
%%
%% {user_dn_pattern, "cn=${username},ou=People,dc=example,dc=com"},
%% Alternatively, you can convert a username to a Distinguished
%% Name via an LDAP lookup after binding. See the documentation for
%% full details.
%% When converting a username to a dn via a lookup, set these to
%% the name of the attribute that represents the user name, and the
%% base DN for the lookup query.
%%
%% {dn_lookup_attribute, "userPrincipalName"},
%% {dn_lookup_base, "DC=gopivotal,DC=com"},
%% Controls how to bind for authorisation queries and also to
%% retrieve the details of users logging in without presenting a
%% password (e.g., SASL EXTERNAL).
%% One of
%% - as_user (to bind as the authenticated user - requires a password)
%% - anon (to bind anonymously)
%% - {UserDN, Password} (to bind with a specified user name and password)
%%
%% Defaults to 'as_user'.
%%
%% {other_bind, as_user},
%%
%% Authorisation
%% =============
%%
%% The LDAP plugin can perform a variety of queries against your
%% LDAP server to determine questions of authorisation. See
%% http://www.rabbitmq.com/ldap.html#authorisation for more
%% information.
%% Set the query to use when determining vhost access
%%
%% {vhost_access_query, {in_group,
%% "ou=${vhost}-users,ou=vhosts,dc=example,dc=com"}},
%% Set the query to use when determining resource (e.g., queue) access
%%
%% {resource_access_query, {constant, true}},
%% Set queries to determine which tags a user has
%%
%% {tag_queries, []}
]}
].

4
debian/rules vendored
View File

@ -4,12 +4,12 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
BUILD_DIR = debian/hobo
PYTHON_HOBO_DIR=$(CURDIR)/debian/python-hobo
%:
dh $@ --with python2
override_dh_install:
dh_install
mv $(BUILD_DIR)/usr/bin/manage.py $(BUILD_DIR)/usr/lib/hobo/manage.py
mv $(CURDIR)/debian/tmp/usr/bin/manage.py $(PYTHON_HOBO_DIR)/usr/lib/hobo/manage.py

23
debian/server/README.Debian vendored Normal file
View File

@ -0,0 +1,23 @@
Hobo server for Debian
=====================
First step: configure rabbitmq
------------------------------
1. Copy /usr/share/doc/hobo/rabbitmq.config.example into /etc/rabbitmq/rabbitmq.config
2. Edit your /etc/rabbitmq/rabbitmq.config and change ssl certificates
3. Restart rabbitmq : service rabbitmq-server restart
4. Create your rabbitmq user::
rabbitmqctl change_password hobo <your password>
5. Add hobo user permission::
rabbitmqctl set_permissions hobo ".*" ".*" ".*"
Second step: configure nginx
----------------------------
1. Copy /usr/share/doc/hobo/nginx-example.conf into /etc/nginx/sites-available/<your hostname>
2. Edit /etc/nginx/sites-available/<your hostname>
3. Enable your nginx vhost::
cd /etc/nginx/sites-enabled
ln -s ../sites-available/<your hostname>
3. Reload nginx

13
debian/debian_config.py → debian/server/debian_config.py vendored
View File

@ -9,8 +9,6 @@ STATIC_ROOT = os.path.join(VAR_DIR, 'collected-static')
STATICFILES_DIRS = (os.path.join(VAR_DIR, 'static'),) + STATICFILES_DIRS
TEMPLATE_DIRS = (os.path.join(VAR_DIR, 'templates'),) + TEMPLATE_DIRS
LOCALE_PATHS = (os.path.join(VAR_DIR, 'locale'),) + LOCALE_PATHS
TENANT_BASE = os.path.join(VAR_DIR, 'tenants')
TENANT_TEMPLATE_DIRS = (TENANT_BASE,)
DATABASES = {
'default': {
@ -20,14 +18,5 @@ DATABASES = {
}
INSTALLED_APPS += ('mellon',)
AUTHENTICATION_BACKENDS = ( 'mellon.backends.SAMLBackend',)
LOGIN_URL = '/accounts/mellon/login'
LOGOUT_URL = '/accounts/mellon/logout'
MELLON_PUBLIC_KEYS = [os.path.join(ETC_DIR, 'cert.pem')]
MELLON_PRIVATE_KEY = os.path.join(ETC_DIR, 'key.cert')
MELLON_IDENTITY_PROVIDERS = [
{'METADATA': os.path.join(ETC_DIR, 'idp-metadata.xml'),
'GROUP_ATTRIBUTE': 'role'},
]
execfile(os.path.join(ETC_DIR, 'config.py'))
execfile(os.path.join(ETC_DIR, 'settings.py'))

5
debian/hobo-manage → debian/server/hobo-manage vendored
View File

@ -1,7 +1,10 @@
#!/bin/sh
NAME=hobo
MANAGE="/usr/lib/$NAME/manage.py --multitenant --config=/usr/lib/${NAME}/debian_config.py"
MANAGE="/usr/lib/hobo/manage.py"
# load Debian default configuration
export HOBO_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py
# check user
if test x$1 = x"--forceuser"

12
debian/nginx-example.conf → debian/server/nginx-example.conf vendored
View File

@ -1,13 +1,13 @@
server {
listen 443;
server_name hobo.dev.fr;
server_name hobo.example.org;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
access_log /var/log/nginx/hobo.dev.fr-access.log combined;
error_log /var/log/nginx/hobo.dev.fr-error.log;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location /static {
alias /var/lib/hobo/collected-static;
@ -26,10 +26,10 @@ server {
server {
listen 80;
server_name hobo.dev.fr;
server_name hobo.example.org;
access_log /var/log/nginx/hobo.dev.fr-access.log combined;
error_log /var/log/nginx/hobo.dev.fr-error.log;
access_log /var/log/nginx/hobo.example.org-access.log combined;
error_log /var/log/nginx/hobo.example.org-error.log;
location /static {
alias /var/lib/hobo/collected-static;

19
debian/config.py → debian/server/settings.py vendored
View File

@ -27,19 +27,18 @@ ADMINS = (
# ALLOWED_HOSTS must be correct in production!
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
ALLOWED_HOSTS = [
'hobo.example.net',
'hobo.example.net.',
'.hobo.example.net',
'.hobo.example.net.',
'*',
]
# Hobo use a postgresql database
# Hobo use a postgresql database by default
# Default: a local database named "hobo"
# DATABASES['default']['name'] = 'hobo'
# DATABASES['default']['user'] = 'hobo'
# DATABASES['default']['password'] = '******'
# DATABASES['default']['host'] = 'localhost'
# DATABASES['default']['port'] = '5432'
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases
# DATABASES['default']['ENGINE'] = 'django.db.backends.postgresql_psycopg2'
# DATABASES['default']['NAME'] = 'hobo'
# DATABASES['default']['USER'] = 'hobo'
# DATABASES['default']['PASSWORD'] = '******'
# DATABASES['default']['HOST'] = 'localhost'
# DATABASES['default']['PORT'] = '5432'
LANGUAGE_CODE = 'fr-fr'
TIME_ZONE = 'Europe/Paris'