Commit e23f8536 authored by Birin Sanchez's avatar Birin Sanchez

Update setup instructions. Add basic LDAP instructions. Update location of data

files for built Python package.
Signed-off-by: Birin Sanchez's avatarBirin Sanchez <birin.sanchez@puri.sm>
parent e0d2f66c
# Install OpenLDAP and LDAP utilities
```
sudo apt-get install slapd ldap-utils
```
Debian package manager will create a new DB for you with the top entry being you domainname broken up in domain components. For the domain 'example.com' this will be `dc=example,dc=com`. The package manager will also ask to set the admin password for the DB. This password should be the same you have set in the secret.ini config file.
You can check that LDAP service is working by listing the entries created by the installation:
```
ldapsearch -H ldap://localhost -b "dc=example,dc=com" -D "cn=admin,dc=example,dc=com" -W
```
If the above command does not succeed you can check the details of the DB created using this command:
```
sudo cat /etc/ldap/slapd.d/cn\=config/olcDatabase\=\{1\}mdb.ldif
```
`olcSuffix` value is your top entry and what should be used for `-b` parameter in the ldapsearch command. `olcRootDN` value should be used for `-D` parameter. The `-W` tells ldapsearch to prompt for password.
Modify the `reg_bases.ldif` to match your domain values and add the LDAP entries that will hold the groups and the people:
```
ldapadd -H ldap://localhost -D "cn=admin,dc=example,dc=com" -W -f ~/reg_bases.ldif
```
This gives you a very basic LDAP environment suitable for development. Remember to set `AUTH_LDAP_START_TLS=False` in config.ini as this LDAP server has not been configured for TLS communication.
......@@ -37,62 +37,105 @@ Other versions and alternatives may work but are untested.
Setup
-----
* Install Debian packages (`apt install libsasl2-dev libldap2-dev...`)
* Install Debian packages:
```
$ sudo apt-get install python3-pip virtualenv libsasl2-dev libldap2-dev
```
* Create installation folders:
* `/opt/purist/middleware/` (code)
* `/opt/purist/middleware_virtualenv/` (Python environment)
* `/etc/opt/purist/middleware/` (configuration)
* `/var/opt/purist/middleware/static/` (data and static web files)
* `/var/log/purist/middleware/` (logs)
* Populate brand data (if it doesn't already exist):
* Create `/var/opt/purist/brand/` (shared data and static web files)
* Populate `brand` folder
* `chown --recursive www-data:www-data /var/opt/purist`
* Copy project code:
* Copy code into `/opt/purist/middleware/`
* `chown --recursive www-data:www-data /opt/purist`
* `/var/opt/purist/brand/` (shared data and static web files)
* `/var/opt/purist/downloads` (downloads area)
```
$ sudo sh -c 'for i in /opt/purist/middleware/ \
/opt/purist/middleware_virtualenv/ \
/etc/opt/purist/middleware/ \
/var/log/purist/middleware/ \
/var/opt/purist/middleware/static/ \
/var/opt/purist/brand/ \
/var/opt/purist/downloads; do mkdir -p $i; done'
```
* Populate brand data (if is not populated already)
* Set up virtualenv:
* Create virtualenv (`virtualenv /opt/purist/middleware_virtualenv --python=python3`)
* `cd /opt/purist/middleware`
* Activate virtualenv (`source ../account_virtualenv/bin/activate`)
* Install Python packages (`pip install --requirement requirements.txt`)
* Confirm packages by comparing `pip freeze` output with `requirements.txt`
* Deactivate virtualenv (`deactivate`)
* Complete Django settings:
* `cp ./conf/etc/config.ini /etc/opt/purist/middleware/`
* `cp ./conf/etc/secret.ini /etc/opt/purist/middleware/`
* Fill in settings
* Create virtualenv (`sudo virtualenv /opt/purist/middleware_virtualenv --python=python3`)
* Become root `sudo -i`
* Activate virtualenv (`source /opt/purist/middleware_virtualenv/bin/activate`)
* Install LDH from PyPI (`pip install ldh_middleware`)
* Copy sample config files to their respective locations:
```
cp $VIRTUAL_ENV/usr/share/ldh_middleware/conf/middleware/config.ini /etc/opt/purist/middleware/
cp $VIRTUAL_ENV/usr/share/ldh_middleware/conf/middleware/secret.ini /etc/opt/purist/middleware/
cp $VIRTUAL_ENV/usr/share/ldh_middleware/conf/middleware/link_profile.strict.yml /etc/opt/purist/middleware/
```
* Modify those files to fit your site needs. You will need to set `DEBUG_ALL_ACCESS=False` in config.ini if your OpenVPN is not fully configured. You can generate a good `DJANGO_SECRET_KEY` in secret.ini using the command `openssl rand -hex 48`.
* Run initial setup:
* Activate virtualenv (`source ../account_virtualenv/bin/activate`)
* `./manage.py collectstatic`
* `./manage.py migrate`
* `./manage.py createsuperuser`
* When prompted, enter the credentials of your LDAP superuser /
account manager
* `ldh_middleware collectstatic`
* `ldh_middleware migrate`
* Create the superuser. This requires a working LDAP configuration/environment. You can get a basic LDAP server running following instructions in [BASIC_LDAP.md](BASIC_LDAP.md). Once you have a working LDAP server you can run:
* `ldh_middleware createsuperuser`
* Deactivate virtualenv (`deactivate`)
* Hook up Nginx:
* `cp ./config/nginx/purist_middleware /etc/nginx/available_sites/`
* Update `server_name` value
* `cd /etc/nginx/sites-enabled`
* `ln --symbolic ../sites-available/purist_middleware`
* Hook up uWSGI:
* `sudo apt install uwsgi uwsgi-emperor uwsgi-plugin-python3`
* `cp ./conf/uwsgi_emperor_vassals/purist_middleware.ini /etc/uwsgi-emperor/vassals/`
* Hook up Supervisor (supervisord):
* `sudo apt install supervisor`
* `cp ./conf/supervisord/purist_middleware_monitor.conf /etc/supervisor/conf.d/`
* Restart services:
* `sudo service rabbitmq-server restart`
* `sudo service uwsgi-emperor restart`
* `sudo service nginx restart`
* `sudo service supervisor restart`
* Check logs:
* `/var/log/nginx/access.log`
* `/var/log/nginx/error.log`
* `/var/log/purist/middleware/beat.log`
* `/var/log/supervisor/supervisord.log`
* `/var/log/uwsgi/emperor.log`
* `/var/log/uwsgi/app/purist_middleware.log`
* Exit root user (`exit`)
* Install and configure Supervisor:
* Supervisor will spawn a Celery worker, therefore we need a working RabbitMQ server. You can install a basic RabbitMQ server in Debian running: `sudo apt-get install rabbitmq-server`.
* Install Supervisor, copy the config file and restart it:
```
sudo apt-get install supervisor
sudo cp /opt/purist/middleware_virtualenv/usr/share/ldh_middleware/conf/supervisor/purist_middleware_monitor.conf /etc/supervisor/conf.d/
sudo systemctl restart supervisor
```
* You should see some activity on the celery log file in /var/log/purist/middleware/beat.log
* Install and configure uWSGI:
```
sudo apt-get install uwsgi uwsgi-emperor uwsgi-plugin-python3
sudo cp /opt/purist/middleware_virtualenv/usr/share/ldh_middleware/conf/uwsgi_emperor_vassals/purist_middleware.ini /etc/uwsgi-emperor/vassals/
sudo chown www-data:www-data /var/log/uwsgi/app
sudo chown --recursive www-data:www-data /var/opt/purist
sudo systemctl restart uwsgi-emperor
```
* You should see some activity on the vassal log: /var/log/uwsgi/app/purist_middleware.log
* Install and configure Nginx:
```
sudo apt-get install nginx
sudo cp /opt/purist/middleware_virtualenv/usr/share/ldh_middleware/conf/nginx/purist_middleware /etc/nginx/sites-available/
```
* Modify `/etc/nginx/available_sites/purist_middleware` file changing `server_name` values accordingly. You will also need a working SSL certificate for your host. Once you have that enable the site:
```
sudo ln --symbolic /etc/nginx/sites-available/purist_middleware /etc/nginx/sites-enabled/
sudo systemctl restart nginx
```
Now point your web browser to https://example.com (obviously replacing example.com by your domain) and you should see LDH up and running. Try to login with the super user you created with `ldh_middleware createsuperuser`.
If the site does not work check the logs for errors:
* `/var/log/nginx/access.log`
* `/var/log/nginx/error.log`
* `/var/log/purist/middleware/beat.log`
* `/var/log/supervisor/supervisord.log`
* `/var/log/uwsgi/emperor.log`
* `/var/log/uwsgi/app/purist_middleware.log`
For more options and details see
<https://docs.djangoproject.com/en/1.11/#the-development-process>
......
Category One:
Section1: https://example.com/link1
Section2: https://example.com/link2
Section3: https://example.com/link3
\ No newline at end of file
# Replace the 'dc=example,dc=com' lines below by your domain name
# An organizational unit to store groups
dn: ou=groups,dc=example,dc=com
objectclass:organizationalunit
ou: groups
description: just groups
# An organizational unit to store people
dn: ou=people,dc=example,dc=com
objectclass:organizationalunit
ou: people
description: just people
......@@ -18,6 +18,7 @@ stderr_logfile=/var/log/purist/middleware/beat.log
autostart=true
autorestart=true
startsecs=10
environment=VIRTUAL_ENV=/opt/purist/middleware_virtualenv
; if rabbitmq is supervised, set its priority higher
; so it starts first
......
......@@ -38,12 +38,15 @@ install_requires =
woocommerce==1.2.1
[options.data_files]
etc/opt/purist/middleware =
usr/share/ldh_middleware/conf/middleware =
conf/etc/config.ini
conf/etc/secret.ini
etc/nginx/available_sites =
conf/etc/link_profile.strict.yml
usr/share/ldh_middleware/conf/nginx =
conf/nginx/purist_middleware
etc/uwsgi-emperor/vassals =
usr/share/ldh_middleware/conf/uwsgi_emperor_vassals =
conf/uwsgi_emperor_vassals/purist_middleware.ini
etc/supervisor/conf.d =
usr/share/ldh_middleware/conf/supervisor =
conf/supervisord/purist_middleware_monitor.conf
usr/share/ldh_middleware/conf/ldap =
conf/ldap/reg_bases.ldif
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment