Portail d’administration
Go to file
Frédéric Péters 5264b1c6e0 misc: allow journald logging of unicode strings (#30890) 2019-02-25 21:43:40 +01:00
debian debian: configure journald filters and formatter (#30613) 2019-02-14 15:22:56 +01:00
hobo misc: allow journald logging of unicode strings (#30890) 2019-02-25 21:43:40 +01:00
tests tests: don't make theme_base go through dedicated hobo code path 2019-02-08 15:09:48 +01:00
tests_authentic settings loaders: provide A2_IDP_OIDC_JWKSET to authentic (#25686) 2018-09-06 13:10:06 +02:00
tests_multipublik tests: don't use theme settings loaders in multipublik tests 2018-11-12 22:11:08 +01:00
tests_multitenant misc: look for portal agent associated to user OU when in Authentic (#29658) 2019-02-06 10:30:11 +01:00
tests_passerelle set TENANT_BASE to a non exisiting path (#22892) 2018-03-30 10:25:46 +02:00
.gitignore gitignore: ignore local_settings.py 2015-02-12 10:19:05 +01:00
COPYING initial commit with copying 2014-03-24 18:41:39 +01:00
Jenkinsfile use a Jenkinsfile (#29776) 2019-01-16 11:40:24 +01:00
MANIFEST.in misc: add a page to configure FranceConnect (#29642) 2019-01-18 08:44:06 +01:00
README misc: adapt to change in wcsctl path (#18011) 2017-08-16 16:07:23 +02:00
config_example.py settings: use a single settings.py file 2015-02-09 15:55:38 +01:00
getlasso.sh use tox for running tests 2015-12-17 11:23:20 +01:00
jenkins.sh jenkins.sh: add -r to rm htmlcov (#29776) 2019-01-17 09:32:12 +01:00
manage.py settings: use a single settings.py file 2015-02-09 15:55:38 +01:00
merge-coverage.py add merge-coverage script (#8425) 2015-10-05 21:18:30 +02:00
merge-junit-results.py add merge-junit-results script (#8425) 2015-10-05 21:18:54 +02:00
requirements.txt general: add support for prometheus stats (#19766) 2018-02-14 11:54:23 +01:00
setup.py misc: update setup.py for Python 3 and PEP 440 (#29420) 2019-01-03 14:46:29 +01:00
tox.ini use a Jenkinsfile (#29776) 2019-01-16 11:40:24 +01:00

README

Hobo
====

Administration portal to configure and deploy applications.


Installation
------------

Dependencies can be installed with pip,

 $ pip install -r requirements.txt

It's then required to get the database configured (./manage.py syncdb); by
default it will create a db.sqlite3 file.

Hobo can then be run like typical django applications (./manage.py runserver),
it will communicate to deployment agents using Celery and expects a running
RabbitMQ server running on localhost.

The agent in charge of deploying application can then be run on the application
servers, for example:

  celery --app=hobo.agent.worker worker --loglevel=info

The agent will use settings from the file declared in the HOBO_AGENT_SETTINGS_FILE
environment variable (examples in hobo/agent/worker/settings.py)


Configuration
-------------

Hobo server configuration take place in hobo/settings.py, which import local
settings from the file declared in the HOBO_SETTINGS_FILE environment variable.

Adapt BROKER_URL if RabbitMQ doesn't run on localhost.

Some applications may support deployments templates, they can be specified in
the configuration with the SERVICE_TEMPLATES variable.

  SERVICE_TEMPLATES = {
        'wcs': [('export-auquo-light.wcs', u'Au quotidien light'),
                ('export-auquo.wcs', u'Au quotidien'),
                ('export-demo.wcs', u'Démo au quotidien')
                ],
  }


Agent configuration
-------------------

Agent configuration take place in hobo/agent/worker/settings.py, which import
local settings from the file declared in the HOBO_AGENT_SETTINGS_FILE
environment variable.

It's possible to limit agents to particular applications, or particular
hostnames, using the AGENT_HOST_PATTERNS configuration variable.

The format is a dictionary with applications as keys and a list of hostnames as
value. The hostnames can be prefixed by an exclamation mark to exclude them.

  AGENT_HOST_PATTERNS = {
     'wcs': ['*.example.net', '!  *.dev.example.net'],
  }

Will limit wcs deployments to *.example.net hostnames, while excluding
*.dev.example.net.


Usage
-----

Go to environment settings, pick a service, fill its name and URL, and watch it
being deployed.  Successfully deployed services will add a link to their
administration pages on the homepage.


Environment
-----------

An Hobo agent is a class defined in `hobo.agent.worker.services` and derived from
`BaseService`. For each service in the environment dictionary sent by the hobo
portal, it's instantiated with the key `base_url`, `title` and `secret_key` of
the service. If the `base_url` matches the `AGENT_HOST_PATTERNS` locally
defined, the `execute()` method of the instant is called, passing it the full
environment dictionary.

The environment dictionary contains services for this particular agent and all
other services defined on the portal. The `execute()` method should only create
a tenant for the service whose `base_url` was passed to constructor. All other
informations are only for defining links with other services. The schema of the
dictionary is::

    {
        'timestamp': <current_time_as_an_unix_timestamp>,
        'users': [
            {
                'username': 'john.doe',
                'first_name': 'John',
                'last_name': 'Doe',
                'email': 'john.doe@example.com',
                'password': '<django-compatible-hashed-password>',
            }
        ],
        'services': [
           {
                'service-id': 'authentic' / 'wcs' / 'passerelle',
                'service-label': 'Authentic' / 'w.c.s.' / 'Passerelle',
                'title': 'name of service,
                'secret_key': '..', # base secret for Django applications or other needs
                'base_url': 'base url of the service',
                'saml-sp-metadata-url': '...',
                'template_name': 'demo', # name of the template bundle to use
                'variables': {
                    'variable-1': 'value-of-variable-1'
                }
           }
        ],
        'fields': [
           {
               'disabled': boolean,
               'name': unique identifier (e.g. 'first_name'),
               'label': '..' (e.g. 'First Name'),
               'kind': 'title' / 'string' / 'email',
               'asked_on_registration': boolean,
               'user_editable': boolean,
               'required': boolean,
               'user_visible': boolean,
               'order': 1
           },
        ],
        'variables': {
            'variable-1': 'value-of-variable-1'
        }
    }

Agents
------

 - w.c.s.

w.c.s. instances will be deployed using "/usr/bin/wcsctl" by default, this
command can be adapted in the WCS_MANAGE_COMMAND setting. It should be run
with the same rights as the wcs process (redefine the command to use sudo
if necessary).

Template keys defined in SERVICE_TEMPLATES have to map wcs skeleton sites
(created from settings / export) stored in /var/lib/wcs/skeletons (the exact
directory may vary according to the wcs configuration).

 - authentic2

authentic2 instances will be deployed using
"/usr/bin/authentic2-multitenant-manage" by default, this command can be
adapted in the AUTHENTIC_MANAGE_COMMAND setting.  It should be run with the
same rights as the authentic2 process (redefine the command to use sudo if
necessary).

The agent also provide a commands to import roles from w.c.s named
import-wcs-roles. It computes the web-service credentials from the hobo.json
and use the email of the oldest superuser. Cron job can be created for calling
this command when regular synchronization of roles with your w.c.s.  instances
is needed. The sole option named "--delete" indicate if you want to delete
stale roles, default is to not delete them.  

Tests
-----

For testing hobo server, do in a virtualenv:

   pip install pytest pytest-django

   DJANGO_SETTINGS_MODULE=hobo.settings HOBO_SETTINGS_FILE=tests/settings.py py.tests tests

For testing multitenant framework, do in a virtualenv:

   pip install pytest pytest-django memcached mock .

   cd tests_multitenant ; PYTHONPATH=. DJANGO_SETTINGS_MODULE=settings py.test .