diff --git a/debian/README.Debian b/debian/README.Debian new file mode 100644 index 00000000..94c637f7 --- /dev/null +++ b/debian/README.Debian @@ -0,0 +1,21 @@ +Passerelle server for Debian +============================ + +Create a tenant +--------------- + + $ passerelle-manage create_tenant foo.passerelle.example.org + +Configure nginx +--------------- + +1. Copy /usr/share/doc/passerelle/nginx-example.conf to /etc/nginx/sites-available/passerelle.conf: + # cp /usr/share/doc/passerelle/nginx-example.conf /etc/nginx/sites-available/passerelle.conf + +2. Edit /etc/nginx/sites-available/passerelle.conf + +3. Enable nginx passerelle site: + # ln -s ../sites-available/passerelle.conf /etc/nginx/sites-enabled/ + +4. Reload nginx: + # service nginx restart diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..c8ff47b4 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +passerelle (0.0-1) unstable; urgency=low + + * Initial release + + -- Jérôme Schneider Thu, 13 Jun 2013 12:29:42 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 00000000..45a4fb75 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +8 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..897e4040 --- /dev/null +++ b/debian/control @@ -0,0 +1,40 @@ +Source: passerelle +Section: python +Priority: optional +Maintainer: Thomas NOËL +Build-Depends: debhelper (>= 8.0.0), + python-django, + python-setuptools (>= 0.6b3), + python-all (>= 2.6.6-3) +Standards-Version: 3.9.6 +Homepage: https://dev.entrouvert.org/projects/passerelle +X-Python-Version: >= 2.7 + +Package: python-passerelle +Architecture: all +Depends: ${python:Depends}, + ${misc:Depends}, + python-django (>= 1.7), + python-gadjo, + python-django-jsonresponse, + python-django-model-utils, + python-requests, + python-setuptools, + python-django-jsonfield, +Recommends: python-soappy, python-phpserialize +Suggests: python-sqlalchemy, python-mako +Description: Uniform access to multiple data sources and services (Python module) + +Package: passerelle +Architecture: all +Depends: ${misc:Depends}, adduser, + python-passerelle (= ${binary:Version}), + python-hobo, + python-django-tenant-schemas, + python-psycopg2, + python-memcache, + python-django-mellon, + gunicorn +Recommends: nginx, postgresql, memcached +Description: Uniform access to multiple data sources and services + diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..f8259931 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,18 @@ +Files: debian/* +Copyright: 2015 Thomas NOËL +License: GPL-2+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see + . + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". diff --git a/debian/debian_config.py b/debian/debian_config.py new file mode 100644 index 00000000..8ddb79fb --- /dev/null +++ b/debian/debian_config.py @@ -0,0 +1,89 @@ +# This file is sourced by "execfile" from passerelle.settings + +import os + +from django.conf import global_settings + +PROJECT_NAME = 'passerelle' + +DEBUG = False +TEMPLATE_DEBUG = False + +ADMINS = ( + ('root', 'root@localhost'), +) + +# SECURITY WARNING: keep the secret key used in production secret! +SECRET_KEY = file('/etc/%s/secret' % PROJECT_NAME).read() + +# SAML2 authentication +INSTALLED_APPS += ('mellon',) + +ETC_DIR = '/etc/%s' % PROJECT_NAME +VAR_DIR = '/var/lib/%s' % PROJECT_NAME + +STATIC_ROOT = os.path.join(VAR_DIR, 'collectstatic') + +DATABASES = { + 'default': { + 'ENGINE': 'tenant_schemas.postgresql_backend', + 'NAME': PROJECT_NAME, + } +} + +DATABASE_ROUTERS = ( + 'tenant_schemas.routers.TenantSyncRouter', +) + +TENANT_BASE = os.path.join(VAR_DIR, 'tenants') +TENANT_MODEL = 'multitenant.Tenant' + +SHARED_APPS = ( + 'hobo.multitenant', + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.messages', + 'django.contrib.sessions', + 'django.contrib.staticfiles', + 'django.contrib.admin', +) + +TENANT_APPS = INSTALLED_APPS + +INSTALLED_APPS = ('hobo.multitenant', 'hobo.agent.common') + INSTALLED_APPS + +TEMPLATE_LOADERS = ( + 'hobo.multitenant.template_loader.FilesystemLoader', +) + global_settings.TEMPLATE_LOADERS +TENANT_TEMPLATE_DIRS = (TENANT_BASE,) +TEMPLATE_CONTEXT_PROCESSORS = ( + 'django.core.context_processors.request', +) + global_settings.TEMPLATE_CONTEXT_PROCESSORS + +MIDDLEWARE_CLASSES = ( + 'hobo.multitenant.middleware.TenantMiddleware', +) + MIDDLEWARE_CLASSES + + +DEFAULT_FILE_STORAGE = 'hobo.multitenant.storage.TenantFileSystemStorage' + +# SAML2: search IdP in +MELLON_ADAPTER = ('hobo.multitenant.mellon.MellonAdapter',) + +CACHES = { + 'default': { + 'BACKEND': 'hobo.multitenant.cache.TenantCache', + 'REAL_BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '127.0.0.1:11211', + } +} + + +# HTTPS +CSRF_COOKIE_SECURE = True +SESSION_COOKIE_SECURE = True + +# Mail +EMAIL_SUBJECT_PREFIX = '[%s] ' % PROJECT_NAME + +execfile(os.path.join(ETC_DIR, 'settings.py')) diff --git a/debian/nginx-example.conf b/debian/nginx-example.conf new file mode 100644 index 00000000..552b631b --- /dev/null +++ b/debian/nginx-example.conf @@ -0,0 +1,39 @@ +server { + listen 443; + server_name *.passerelle.example.org; + + ssl on; + ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; + ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; + + access_log /var/log/nginx/passerelle.example.org-access.log combined; + error_log /var/log/nginx/passerelle.example.org-error.log; + + location ~ ^/static/(.+)$ { + root /; + try_files /var/lib/passerelle/tenants/$host/static/$1 + /var/lib/passerelle/collectstatic/$1 + =404; + } + + location / { + proxy_pass http://unix:/run/passerelle/passerelle.sock; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-SSL on; + proxy_set_header X-Forwarded-Protocol ssl; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +} + +server { + listen 80; + server_name *.passerelle.example.org; + + access_log /var/log/nginx/passerelle.example.org-access.log combined; + error_log /var/log/nginx/passerelle.example.org-error.log; + + return 301 https://$host$request_uri; +} + diff --git a/debian/passerelle-manage b/debian/passerelle-manage new file mode 100755 index 00000000..12c80538 --- /dev/null +++ b/debian/passerelle-manage @@ -0,0 +1,26 @@ +#!/bin/sh + +NAME=passerelle +MANAGE="/usr/lib/passerelle/manage.py" + +# load Debian default configuration +export PASSERELLE_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py + +# check user +if test x$1 = x"--forceuser" +then + shift +elif test $(id -un) != "$NAME" +then + echo "error: must use $0 with user ${NAME}" + exit 1 +fi + +if test $# -eq 0 +then + python ${MANAGE} help + exit 1 +fi + +python ${MANAGE} "$@" + diff --git a/debian/passerelle.dirs b/debian/passerelle.dirs new file mode 100644 index 00000000..728a2da0 --- /dev/null +++ b/debian/passerelle.dirs @@ -0,0 +1,5 @@ +/etc/passerelle +/usr/lib/passerelle +/var/lib/passerelle/collectstatic +/var/lib/passerelle/tenants +/var/log/passerelle diff --git a/debian/passerelle.docs b/debian/passerelle.docs new file mode 100644 index 00000000..c8ba92f4 --- /dev/null +++ b/debian/passerelle.docs @@ -0,0 +1,2 @@ +debian/nginx-example.conf +debian/README.Debian diff --git a/debian/passerelle.init b/debian/passerelle.init new file mode 100755 index 00000000..45d28687 --- /dev/null +++ b/debian/passerelle.init @@ -0,0 +1,194 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: passerelle +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Passerelle server +# Description: Passerelle provides an uniform access to multiple data sources and services. +### END INIT INFO + +# Author: Jérôme Schneider + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=Passerelle +NAME=passerelle +DAEMON=/usr/bin/gunicorn +RUN_DIR=/run/$NAME +PIDFILE=$RUN_DIR/$NAME.pid +LOG_DIR=/var/log/$NAME +SCRIPTNAME=/etc/init.d/$NAME +BIND=unix:$RUN_DIR/$NAME.sock +WORKERS=5 +TIMEOUT=30 + +PASSERELLE_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py +MANAGE_SCRIPT="/usr/bin/$NAME-manage" + +USER=$NAME +GROUP=$NAME + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +DAEMON_ARGS=${DAEMON_ARGS:-"--pid $PIDFILE \ +--user $USER --group $GROUP \ +--daemon \ +--access-logfile $LOG_DIR/gunicorn-access.log \ +--log-file $LOG_DIR/gunicorn-error.log \ +--bind=$BIND \ +--workers=$WORKERS \ +--worker-class=sync \ +--timeout=$TIMEOUT \ +--name $NAME \ +$NAME.wsgi:application"} + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Create /run directory +if [ ! -d $RUN_DIR ]; then + install -d -m 755 -o $USER -g $GROUP $RUN_DIR +fi + +# environment for wsgi +export PASSERELLE_SETTINGS_FILE + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` + return 0 +} + +do_migrate() { + log_action_msg "Applying new migrations .." + su $USER -p -c "$MANAGE_SCRIPT migrate_schemas" + log_action_msg ".. done" +} + +do_collectstatic() { + log_action_msg "Collect static files.." + su $USER -p -c "$MANAGE_SCRIPT collectstatic --noinput" + log_action_msg ".. done" +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + do_migrate + do_collectstatic + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + log_daemon_msg "Reloading $DESC" "$NAME" + do_collectstatic + do_migrate + do_reload + log_end_msg $? + ;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_migrate + do_collectstatic + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac + diff --git a/debian/passerelle.install b/debian/passerelle.install new file mode 100644 index 00000000..f1373093 --- /dev/null +++ b/debian/passerelle.install @@ -0,0 +1,3 @@ +debian/passerelle-manage /usr/bin +debian/debian_config.py /usr/lib/passerelle +debian/settings.py /etc/passerelle diff --git a/debian/passerelle.postinst b/debian/passerelle.postinst new file mode 100644 index 00000000..c70d8a32 --- /dev/null +++ b/debian/passerelle.postinst @@ -0,0 +1,45 @@ +#! /bin/sh + +set -e + +NAME="passerelle" +USER=$NAME +GROUP=$NAME +CONFIG_DIR="/etc/$NAME" + +case "$1" in + configure) + + # make sure the administrative user exists + if ! getent passwd $USER >/dev/null; then + adduser --disabled-password --quiet --system \ + --no-create-home --home /var/lib/$NAME \ + --gecos "Passerelle user" --group $USER + fi + # ensure dirs ownership + chown $USER:$GROUP /var/log/$NAME + chown $USER:$GROUP /var/lib/$NAME/collectstatic + chown $USER:$GROUP /var/lib/$NAME/tenants + # create a secret file + SECRET_FILE=$CONFIG_DIR/secret + if [ ! -f $SECRET_FILE ]; then + echo -n "Generating Django secret..." >&2 + cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE + chown root:$GROUP $SECRET_FILE + chmod 0440 $SECRET_FILE + echo "done" >&2 + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 + diff --git a/debian/pydist-overrides b/debian/pydist-overrides new file mode 100644 index 00000000..cf35c895 --- /dev/null +++ b/debian/pydist-overrides @@ -0,0 +1,2 @@ +jsonfield python-django-jsonfield +django-jsonresponse python-django-jsonresponse diff --git a/debian/python-passerelle.dirs b/debian/python-passerelle.dirs new file mode 100644 index 00000000..afe0cdd2 --- /dev/null +++ b/debian/python-passerelle.dirs @@ -0,0 +1 @@ +/usr/lib/passerelle diff --git a/debian/python-passerelle.docs b/debian/python-passerelle.docs new file mode 100644 index 00000000..df15c73b --- /dev/null +++ b/debian/python-passerelle.docs @@ -0,0 +1,2 @@ +README +LICENSE diff --git a/debian/python-passerelle.install b/debian/python-passerelle.install new file mode 100644 index 00000000..0c08527d --- /dev/null +++ b/debian/python-passerelle.install @@ -0,0 +1,2 @@ +usr/bin/manage.py /usr/lib/passerelle +usr/lib/python2*/*-packages diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..de1bd885 --- /dev/null +++ b/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ --with python2 diff --git a/debian/settings.py b/debian/settings.py new file mode 100644 index 00000000..6e7117ca --- /dev/null +++ b/debian/settings.py @@ -0,0 +1,55 @@ +# Configuration for passerelle. +# You can override Passerelle default settings here + +# Passerelle is a Django application: for the full list of settings and their +# values, see https://docs.djangoproject.com/en/1.7/ref/settings/ +# For more information on settings see +# https://docs.djangoproject.com/en/1.7/topics/settings/ + +# WARNING! Quick-start development settings unsuitable for production! +# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ + +# This file is sourced by "execfile" from /usr/lib/passerelle/debian_config.py + +# SECURITY WARNING: don't run with debug turned on in production! +#DEBUG = False +#TEMPLATE_DEBUG = False + +#ADMINS = ( +# ('User 1', 'poulpe@example.org'), +# ('User 2', 'janitor@example.net'), +#) + +# ALLOWED_HOSTS must be correct in production! +# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts +ALLOWED_HOSTS = ['*'] + +# If a tenant doesn't exist, the tenant middleware raise a 404 error. If you +# prefer to redirect to a specific site, use: +# TENANT_NOT_FOUND_REDIRECT_URL = 'http://www.example.net/' + +# Database +# Warning: don't change ENGINE, it must be 'tenant_schemas.postgresql_backend' +#DATABASES['default']['NAME'] = 'passerelle' +#DATABASES['default']['USER'] = 'passerelle' +#DATABASES['default']['PASSWORD'] = '******' +#DATABASES['default']['HOST'] = 'localhost' +#DATABASES['default']['PORT'] = '5432' + +LANGUAGE_CODE = 'fr-fr' +TIME_ZONE = 'Europe/Paris' + +# Email configuration +#EMAIL_SUBJECT_PREFIX = '[passerelle] ' +#SERVER_EMAIL = 'root@passerelle.example.org' +#DEFAULT_FROM_EMAIL = 'webmaster@passerelle.example.org' + +# SMTP configuration +#EMAIL_HOST = 'localhost' +#EMAIL_HOST_USER = '' +#EMAIL_HOST_PASSWORD = '' +#EMAIL_PORT = 25 + +# HTTPS +#CSRF_COOKIE_SECURE = True +#SESSION_COOKIE_SECURE = True