def reconfigure_nginx(self, instance_name):
self.buildout.cfgfile = self.config.oauth.cfg_file
self.buildout.folder = '{}/{}'.format(
self.config.instances_root,
instance_name
)
instance = self.get_instance(instance_name)
self.set_instance(
name=instance_name,
index=instance['port_index']
)
yield step_log('Backing up current configuration')
yield self.backup_nginx_configuration()
yield step_log('Creating nginx entry for oauth')
yield self.create_oauth_nginx_entry()
yield step_log('Testing new nginx configuration')
status = self.test_nginx()
if status[0] == 0:
self.recover_nginx_configuration()
yield status
yield step_log('Reloading nginx')
yield self.reload_nginx()
def upgrade(self, instance_name, logecho=None):
self.buildout.cfgfile = self.config.max.cfg_file
self.buildout.logecho = logecho
self.buildout.folder = '{}/{}'.format(
self.config.instances_root,
instance_name
)
self.set_instance(
name=instance_name,
)
yield step_log('Updating buildout')
yield self.update_buildout()
yield step_log('Executing buildout')
yield self.execute_buildout(update=True)
yield step_log('Changing permissions')
yield self.set_filesystem_permissions()
# yield step_log('Reloading max')
yield self.reload_instance()
yield step_log('Checking running version')
yield self.check_version()
def add_users(self, branch, usersfile):
if self.config.readonly:
yield error_log('This LDAP is configured as read-only')
self.set_branch(branch)
self.connect(auth=False)
self.authenticate(
username=self.effective_admin_dn,
password=self.effective_admin_password)
try:
users = read_users_file(usersfile, required_fields=['username', 'fullname', 'password'])
except Exception as exc:
error_message = 'Error parsing users file {}: {{}}'.format(usersfile)
yield raising_error_log(error_message.format(exc.message))
try:
self.check_users(users)
except Exception as exc:
yield raising_error_log(exc.message)
yield step_log('Creating {} users '.format(len(users)))
for count, user in enumerate(users, start=1):
if not user:
yield error_log('Error parsing user at line #{}'.format(count))
continue
try:
self.add_ldap_user(**user)
yield success_log('User {} created'.format(user['username']))
except ldap.ALREADY_EXISTS:
yield error_log('User {} already exists'.format(user['username']))
except Exception as exc:
yield error_log('Error creating user {}: {}'.format(user['username']), exc.__repr__())
self.disconnect()
def new_instance(
self, instance_name, environment, mountpoint, title, language, ldap_branch, ldap_password, logecho
):
environment = self.get_environment(environment)
site = Plone(environment, mountpoint, instance_name, title, language, logecho)
yield step_log("Creating Plone site")
yield site.create(packages=["genweb.core:default"])
yield step_log("Setting up homepage")
yield site.setup_homepage()
yield step_log("Setting up ldap")
yield site.setup_ldap(branch=ldap_branch, password=ldap_password)
def remove_allowed_ip(self, instance_name, existing_ip):
instance = self.get_instance(instance_name)
self.set_instance(
name=instance_name,
index=instance['port_index']
)
self.buildout.folder = '{}/{}'.format(
self.config.instances_root,
instance_name
)
yield step_log('Backing up current configuration')
yield self.backup_nginx_configuration()
yield step_log('Adding new allowed ip')
yield self.remove_bypass_allowed_ip(existing_ip)
yield step_log('Creating nginx entry for oauth')
yield self.create_oauth_nginx_entry()
yield step_log('Testing new nginx configuration')
status = self.test_nginx()
if status[0] == 0:
yield self.recover_nginx_configuration()
yield status
yield step_log('Commiting to local branch')
yield self.commit_local_changes(message='Removed allowed ip')
yield step_log('Changing permissions')
yield self.set_filesystem_permissions()
yield step_log('Reloading nginx')
yield self.reload_nginx()
def new_instance(self, instance_name, port_index, ldap_branch=None, logecho=None):
self.buildout.cfgfile = self.config.oauth.cfg_file
self.buildout.logecho = logecho
self.buildout.folder = '{}/{}'.format(
self.config.instances_root,
instance_name
)
self.set_instance(
name=instance_name,
index=port_index,
ldap=ldap_branch if ldap_branch is not None else instance_name
)
yield step_log('Cloning buildout')
yield self.clone_buildout()
yield step_log('Bootstraping buildout')
yield self.bootstrap_buildout()
yield step_log('Configuring customizeme.cfg')
yield self.configure_instance()
yield step_log('Configuring mongoauth.cfg')
yield self.configure_mongoauth()
yield step_log('Configuring ldap.ini')
yield self.configure_ldap()
yield step_log('Creating nginx entry for oauth')
yield self.create_oauth_nginx_entry()
yield step_log('Executing buildout')
yield self.execute_buildout()
yield step_log('Commiting to local branch')
yield self.commit_local_changes()
yield step_log('Changing permissions')
yield self.set_filesystem_permissions()
yield step_log('Adding instance to supervisor config')
yield self.configure_supervisor()
def new_instance(
self,
instance_name,
environment,
mountpoint,
title,
language,
max_name,
max_direct_url,
oauth_name,
ldap_branch,
ldap_password,
logecho,
):
environment = self.get_environment(environment)
site = UlearnSite(environment, mountpoint, instance_name, title, language, logecho)
yield step_log("Creating Plone site")
yield site.create(packages=["ulearn.core:default"])
yield step_log("Setting up homepage")
yield site.setup_homepage()
yield step_log("Setting up ldap")
yield site.setup_ldap(ldap_branch, self.config.ldap)
yield step_log("Setting up max")
yield site.setup_max(max_name, oauth_name, ldap_branch)
yield step_log("Rebuilding catalog")
yield site.rebuild_catalog()
yield step_log("Setting up nginx entry @ {}".format(self.config.prefe_server))
yield self.setup_nginx(site, max_direct_url)
def test(self, instance_name, username, password):
instance = self.get_instance(instance_name)
try:
yield step_log('Testing oauth server @ {}'.format(instance['server']['dns']))
yield message_log('Checking server health')
try:
status = requests.get(instance['server']['dns'], verify=True).status_code
except requests.exceptions.SSLError:
yield error_log('SSL certificate verification failed')
yield message_log('Continuing test without certificate check')
try:
status = requests.get(instance['server']['dns'], verify=False).status_code
except requests.ConnectionError:
yield raising_error_log('Connection error, check nginx is running, and dns resolves as expected.')
except:
yield raising_error_log('Unknown error trying to access oauth server. Check params and try again')
else:
if status == 500:
yield raising_error_log('Error on oauth server, Possible causes:\n - ldap configuration error (bad server url?)\n - Mongodb configuration error (bad replicaset name or hosts list?)\nCheck osiris log for more information.')
elif status == 502:
yield raising_error_log('Server not respoding at {}. Check that:\n - osiris process is running\n - nginx upstream definition is pointing to the right host:port.'.format(instance['server']['dns']))
elif status == 504:
yield raising_error_log('Gateway timeout. Probably oauth server is giving timeout trying to contact ldap server')
elif status == 404:
yield raising_error_log('There\'s no oauth server at {}. Chech there\'s an nginx entry for this server.'.format(instance['server']['dns']))
elif status != 200:
yield raising_error_log('Server {} responded with {} code. Check osiris logs.'.format(instance['server']['dns'], status))
yield message_log('Retrieving token for "{}"'.format(username))
token = self.get_token(instance['server']['dns'], username, password)
succeeded_retrieve_token = token is not None
if not succeeded_retrieve_token:
yield raising_error_log('Error retreiving token. Check username/password and try again')
yield message_log('Checking retreived token')
succeeded_check_token = self.check_token(instance['server']['dns'], username, token)
if not succeeded_check_token:
yield raising_error_log('Error retreiving token')
if succeeded_check_token and succeeded_retrieve_token:
yield success_log('Oauth server check passed')
else:
yield raising_error_log('Oauth server check failed')
except StepError as error:
yield error_log(error.message)
def batch_subscribe_users(self, instance, subscriptionsfile):
site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"])
try:
communities = read_subscriptions_file(subscriptionsfile, required_fields=["owners", "readers", "editors"])
except Exception as exc:
error_message = "Error parsing subscriptionsfile file {}: {{}}".format(subscriptionsfile)
yield raising_error_log(error_message.format(exc.message))
for community in communities:
yield step_log("Subscribing users to {}".format(community["url"]))
succeeded = site.subscribe_users(**community)
if not succeeded.get("error", False):
yield success_log(succeeded["message"])
else:
yield error_log(succeeded["message"])
def add_instance(self, **configuration):
token = self.get_token(
configuration['oauthserver']['server']['dns'],
configuration['restricted_user'],
configuration['restricted_user_password']
)
try:
yield step_log('Adding entry')
yield self.add_entry(
language=configuration['language'],
name=configuration['name'],
hashtag=configuration['hashtag'],
server=configuration['maxserver']['server']['dns'],
restricted_user=configuration['restricted_user'],
restricted_user_token=token
)
except StepError as error:
yield error_log(error.message)
def batch_add_users(self, instance, usersfile):
site = UlearnSite(self.get_environment(instance["environment"]), instance["mountpoint"], instance["plonesite"])
try:
users = read_users_file(usersfile, required_fields=["username", "fullname", "email", "password"])
except Exception as exc:
error_message = "Error parsing users file {}: {{}}".format(usersfile)
yield raising_error_log(error_message.format(exc.message))
try:
self.check_users(users)
except Exception as exc:
yield raising_error_log(exc.message)
yield step_log("Creating {} users ".format(len(users)))
for count, user in enumerate(users, start=1):
if not user:
yield error_log("Error parsing user at line #{}".format(count))
continue
succeeded = site.add_user(**user)
if not succeeded.get("error", False):
yield success_log(succeeded["message"])
else:
yield error_log(succeeded["message"])
def new_instance(self, instance_name, port_index, oauth_instance=None, logecho=None, rabbitmq_url=None):
self.buildout.cfgfile = self.config.max.cfg_file
self.buildout.logecho = logecho
self.buildout.folder = '{}/{}'.format(
self.config.instances_root,
instance_name
)
self.set_instance(
name=instance_name,
index=port_index,
oauth=oauth_instance if oauth_instance is not None else instance_name,
)
yield step_log('Cloning buildout')
yield self.clone_buildout()
yield step_log('Bootstraping buildout')
yield self.bootstrap_buildout()
yield step_log('Configuring customizeme.cfg')
yield self.configure_instance()
yield step_log('Configuring mongoauth.cfg')
yield self.configure_mongoauth()
yield step_log('Executing buildout')
yield self.execute_buildout()
yield step_log('Adding indexes to mongodb')
yield self.set_mongodb_indexes()
yield step_log('Configuring default permissions settings')
yield self.configure_max_security_settings()
yield step_log('Creating nginx entry for max')
yield self.create_max_nginx_entry()
yield step_log('Commiting to local branch')
yield self.commit_local_changes()
yield step_log('Changing permissions')
yield self.set_filesystem_permissions()
yield step_log('Adding instance to supervisor config')
yield self.configure_supervisor()
def reload_nginx_configuration(self):
yield step_log('Reloading nginx configuration')
yield message_log('Testing configuration')
yield self.test_nginx()
yield self.reload_nginx()
