def reconfigure_nginx(self, instance_name): self.buildout.cfgfile = self.config.oauth.cfg_file self.buildout.folder = '{}/{}'.format( self.config.instances_root, instance_name ) instance = self.get_instance(instance_name) self.set_instance( name=instance_name, index=instance['port_index'] ) yield step_log('Backing up current configuration') yield self.backup_nginx_configuration() yield step_log('Creating nginx entry for oauth') yield self.create_oauth_nginx_entry() yield step_log('Testing new nginx configuration') status = self.test_nginx() if status[0] == 0: self.recover_nginx_configuration() yield status yield step_log('Reloading nginx') yield self.reload_nginx()
def upgrade(self, instance_name, logecho=None): self.buildout.cfgfile = self.config.max.cfg_file self.buildout.logecho = logecho self.buildout.folder = '{}/{}'.format( self.config.instances_root, instance_name ) self.set_instance( name=instance_name, ) yield step_log('Updating buildout') yield self.update_buildout() yield step_log('Executing buildout') yield self.execute_buildout(update=True) yield step_log('Changing permissions') yield self.set_filesystem_permissions() #Â yield step_log('Reloading max') yield self.reload_instance() yield step_log('Checking running version') yield self.check_version()
def add_users(self, branch, usersfile): if self.config.readonly: yield error_log('This LDAP is configured as read-only') self.set_branch(branch) self.connect(auth=False) self.authenticate( username=self.effective_admin_dn, password=self.effective_admin_password) try: users = read_users_file(usersfile, required_fields=['username', 'fullname', 'password']) except Exception as exc: error_message = 'Error parsing users file {}: {{}}'.format(usersfile) yield raising_error_log(error_message.format(exc.message)) try: self.check_users(users) except Exception as exc: yield raising_error_log(exc.message) yield step_log('Creating {} users '.format(len(users))) for count, user in enumerate(users, start=1): if not user: yield error_log('Error parsing user at line #{}'.format(count)) continue try: self.add_ldap_user(**user) yield success_log('User {} created'.format(user['username'])) except ldap.ALREADY_EXISTS: yield error_log('User {} already exists'.format(user['username'])) except Exception as exc: yield error_log('Error creating user {}: {}'.format(user['username']), exc.__repr__()) self.disconnect()
def new_instance( self, instance_name, environment, mountpoint, title, language, ldap_branch, ldap_password, logecho ): environment = self.get_environment(environment) site = Plone(environment, mountpoint, instance_name, title, language, logecho) yield step_log("Creating Plone site") yield site.create(packages=["genweb.core:default"]) yield step_log("Setting up homepage") yield site.setup_homepage() yield step_log("Setting up ldap") yield site.setup_ldap(branch=ldap_branch, password=ldap_password)
def remove_allowed_ip(self, instance_name, existing_ip): instance = self.get_instance(instance_name) self.set_instance( name=instance_name, index=instance['port_index'] ) self.buildout.folder = '{}/{}'.format( self.config.instances_root, instance_name ) yield step_log('Backing up current configuration') yield self.backup_nginx_configuration() yield step_log('Adding new allowed ip') yield self.remove_bypass_allowed_ip(existing_ip) yield step_log('Creating nginx entry for oauth') yield self.create_oauth_nginx_entry() yield step_log('Testing new nginx configuration') status = self.test_nginx() if status[0] == 0: yield self.recover_nginx_configuration() yield status yield step_log('Commiting to local branch') yield self.commit_local_changes(message='Removed allowed ip') yield step_log('Changing permissions') yield self.set_filesystem_permissions() yield step_log('Reloading nginx') yield self.reload_nginx()
def new_instance(self, instance_name, port_index, ldap_branch=None, logecho=None): self.buildout.cfgfile = self.config.oauth.cfg_file self.buildout.logecho = logecho self.buildout.folder = '{}/{}'.format( self.config.instances_root, instance_name ) self.set_instance( name=instance_name, index=port_index, ldap=ldap_branch if ldap_branch is not None else instance_name ) yield step_log('Cloning buildout') yield self.clone_buildout() yield step_log('Bootstraping buildout') yield self.bootstrap_buildout() yield step_log('Configuring customizeme.cfg') yield self.configure_instance() yield step_log('Configuring mongoauth.cfg') yield self.configure_mongoauth() yield step_log('Configuring ldap.ini') yield self.configure_ldap() yield step_log('Creating nginx entry for oauth') yield self.create_oauth_nginx_entry() yield step_log('Executing buildout') yield self.execute_buildout() yield step_log('Commiting to local branch') yield self.commit_local_changes() yield step_log('Changing permissions') yield self.set_filesystem_permissions() yield step_log('Adding instance to supervisor config') yield self.configure_supervisor()
def new_instance( self, instance_name, environment, mountpoint, title, language, max_name, max_direct_url, oauth_name, ldap_branch, ldap_password, logecho, ): environment = self.get_environment(environment) site = UlearnSite(environment, mountpoint, instance_name, title, language, logecho) yield step_log("Creating Plone site") yield site.create(packages=["ulearn.core:default"]) yield step_log("Setting up homepage") yield site.setup_homepage() yield step_log("Setting up ldap") yield site.setup_ldap(ldap_branch, self.config.ldap) yield step_log("Setting up max") yield site.setup_max(max_name, oauth_name, ldap_branch) yield step_log("Rebuilding catalog") yield site.rebuild_catalog() yield step_log("Setting up nginx entry @ {}".format(self.config.prefe_server)) yield self.setup_nginx(site, max_direct_url)
def test(self, instance_name, username, password): instance = self.get_instance(instance_name) try: yield step_log('Testing oauth server @ {}'.format(instance['server']['dns'])) yield message_log('Checking server health') try: status = requests.get(instance['server']['dns'], verify=True).status_code except requests.exceptions.SSLError: yield error_log('SSL certificate verification failed') yield message_log('Continuing test without certificate check') try: status = requests.get(instance['server']['dns'], verify=False).status_code except requests.ConnectionError: yield raising_error_log('Connection error, check nginx is running, and dns resolves as expected.') except: yield raising_error_log('Unknown error trying to access oauth server. Check params and try again') else: if status == 500: yield raising_error_log('Error on oauth server, Possible causes:\n - ldap configuration error (bad server url?)\n - Mongodb configuration error (bad replicaset name or hosts list?)\nCheck osiris log for more information.') elif status == 502: yield raising_error_log('Server not respoding at {}. Check that:\n - osiris process is running\n - nginx upstream definition is pointing to the right host:port.'.format(instance['server']['dns'])) elif status == 504: yield raising_error_log('Gateway timeout. Probably oauth server is giving timeout trying to contact ldap server') elif status == 404: yield raising_error_log('There\'s no oauth server at {}. Chech there\'s an nginx entry for this server.'.format(instance['server']['dns'])) elif status != 200: yield raising_error_log('Server {} responded with {} code. Check osiris logs.'.format(instance['server']['dns'], status)) yield message_log('Retrieving token for "{}"'.format(username)) token = self.get_token(instance['server']['dns'], username, password) succeeded_retrieve_token = token is not None if not succeeded_retrieve_token: yield raising_error_log('Error retreiving token. Check username/password and try again') yield message_log('Checking retreived token') succeeded_check_token = self.check_token(instance['server']['dns'], username, token) if not succeeded_check_token: yield raising_error_log('Error retreiving token') if succeeded_check_token and succeeded_retrieve_token: yield success_log('Oauth server check passed') else: yield raising_error_log('Oauth server check failed') except StepError as error: yield error_log(error.message)
def batch_subscribe_users(self, instance, subscriptionsfile): site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"]) try: communities = read_subscriptions_file(subscriptionsfile, required_fields=["owners", "readers", "editors"]) except Exception as exc: error_message = "Error parsing subscriptionsfile file {}: {{}}".format(subscriptionsfile) yield raising_error_log(error_message.format(exc.message)) for community in communities: yield step_log("Subscribing users to {}".format(community["url"])) succeeded = site.subscribe_users(**community) if not succeeded.get("error", False): yield success_log(succeeded["message"]) else: yield error_log(succeeded["message"])
def add_instance(self, **configuration): token = self.get_token( configuration['oauthserver']['server']['dns'], configuration['restricted_user'], configuration['restricted_user_password'] ) try: yield step_log('Adding entry') yield self.add_entry( language=configuration['language'], name=configuration['name'], hashtag=configuration['hashtag'], server=configuration['maxserver']['server']['dns'], restricted_user=configuration['restricted_user'], restricted_user_token=token ) except StepError as error: yield error_log(error.message)
def batch_add_users(self, instance, usersfile): site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"]) try: users = read_users_file(usersfile, required_fields=["username", "fullname", "email", "password"]) except Exception as exc: error_message = "Error parsing users file {}: {{}}".format(usersfile) yield raising_error_log(error_message.format(exc.message)) try: self.check_users(users) except Exception as exc: yield raising_error_log(exc.message) yield step_log("Creating {} users ".format(len(users))) for count, user in enumerate(users, start=1): if not user: yield error_log("Error parsing user at line #{}".format(count)) continue succeeded = site.add_user(**user) if not succeeded.get("error", False): yield success_log(succeeded["message"]) else: yield error_log(succeeded["message"])
def new_instance(self, instance_name, port_index, oauth_instance=None, logecho=None, rabbitmq_url=None): self.buildout.cfgfile = self.config.max.cfg_file self.buildout.logecho = logecho self.buildout.folder = '{}/{}'.format( self.config.instances_root, instance_name ) self.set_instance( name=instance_name, index=port_index, oauth=oauth_instance if oauth_instance is not None else instance_name, ) yield step_log('Cloning buildout') yield self.clone_buildout() yield step_log('Bootstraping buildout') yield self.bootstrap_buildout() yield step_log('Configuring customizeme.cfg') yield self.configure_instance() yield step_log('Configuring mongoauth.cfg') yield self.configure_mongoauth() yield step_log('Executing buildout') yield self.execute_buildout() yield step_log('Adding indexes to mongodb') yield self.set_mongodb_indexes() yield step_log('Configuring default permissions settings') yield self.configure_max_security_settings() yield step_log('Creating nginx entry for max') yield self.create_max_nginx_entry() yield step_log('Commiting to local branch') yield self.commit_local_changes() yield step_log('Changing permissions') yield self.set_filesystem_permissions() yield step_log('Adding instance to supervisor config') yield self.configure_supervisor()
def reload_nginx_configuration(self): yield step_log('Reloading nginx configuration') yield message_log('Testing configuration') yield self.test_nginx() yield self.reload_nginx()