Install the web gui

Install the turbogears web gui including an init script. This
patch includes a few related changes:

* create a production configuration
* rename the web gui startup scrip to ipa-webgui
* add an init script
* chkconfig on the ipa-webgui init script
* make the start script properly daemonize the app when not
  in a development directory.
* Install everything to the correct places (/usr/sbin/ipa-webgui
  and /usr/share/ipa/ipagui mainly).

There are some things still left to do:

* Sort out the logging - the config needs to be adjusted so
  that logging messages end up in /var/log.

ipa-python/ipaclient.py

@@ -21,7 +21,8 @@
 #!/usr/bin/python
 
 import sys
-sys.path.append("/usr/share/ipa")
+if "/usr/share/ipa" not in sys.path:
+    sys.path.append("/usr/share/ipa")
 
 from ipaserver import funcs
 import ipa.rpcclient as rpcclient

ipa-server/Makefile

@@ -1,4 +1,4 @@
-SUBDIRS=ipa-install xmlrpc-server ipa-kpasswd ipa-slapi-plugins
+SUBDIRS=ipa-install xmlrpc-server ipa-kpasswd ipa-slapi-plugins ipa-gui
 
 SHAREDIR=$(DESTDIR)/usr/share/ipa
 PYTHONDIR=$(SHAREDIR)/ipaserver

ipa-server/freeipa-server.spec

@@ -1,6 +1,6 @@
 Name:           freeipa-server
 Version:        0.4.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        FreeIPA authentication server
 
 Group:          System Environment/Base
@@ -42,7 +42,9 @@ rm -rf %{buildroot}
 %defattr(-,root,root,-)
 %{_sbindir}/ipa-server-install
 %{_sbindir}/ipa_kpasswd
+%{_sbindir}/ipa-webgui
 %attr(755,root,root) %{_initrddir}/ipa-kpasswd
+%attr(755,root,root) %{_initrddir}/ipa-webgui
 
 %dir %{_usr}/share/ipa
 %{_usr}/share/ipa/*
@@ -53,6 +55,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
+- Package ipa-webgui
+
 * Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
 - Added support for libipa-dna-plugin
 

ipa-server/freeipa-server.spec.in

@@ -1,6 +1,6 @@
 Name:           freeipa-server
 Version:        VERSION
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        FreeIPA authentication server
 
 Group:          System Environment/Base
@@ -42,7 +42,9 @@ rm -rf %{buildroot}
 %defattr(-,root,root,-)
 %{_sbindir}/ipa-server-install
 %{_sbindir}/ipa_kpasswd
+%{_sbindir}/ipa-webgui
 %attr(755,root,root) %{_initrddir}/ipa-kpasswd
+%attr(755,root,root) %{_initrddir}/ipa-webgui
 
 %dir %{_usr}/share/ipa
 %{_usr}/share/ipa/*
@@ -53,6 +55,9 @@ rm -rf %{buildroot}
 
 
 %changelog
+* Tue Sep 25 2007 Karl MacMillan <kmacmill@redhat.com> - 0.4.0-2
+- Package ipa-webgui
+
 * Fri Sep 7 2007 Karl MacMillan <kmacmill@redhat.com> - 0.3.0-1
 - Added support for libipa-dna-plugin
 

ipa-server/ipa-gui/Makefile

@@ -0,0 +1,39 @@
+SHAREDIR=$(DESTDIR)/usr/share/ipa
+SBINDIR=$(DESTDIR)/usr/sbin
+INITDIR = $(DESTDIR)/etc/rc.d/init.d
+
+IPAGUI_SUBDIRS=config forms helpers templates
+STATIC_SUBDIRS=css images javascript
+
+all: ;
+
+install:
+	-mkdir -p $(SHAREDIR)/ipagui
+	install -m 644 ipagui/*.py $(SHAREDIR)/ipagui
+
+	-mkdir -p $(SHAREDIR)/ipa_gui.egg-info
+	install -m 644 ipa_gui.egg-info/* $(SHAREDIR)/ipa_gui.egg-info
+
+	@for subdir in $(IPAGUI_SUBDIRS); do \
+		mkdir -p $(SHAREDIR)/ipagui/$$subdir; \
+		install -m 644 ipagui/$$subdir/*.py $(SHAREDIR)/ipagui/$$subdir; \
+	done
+
+	install -m 644 ipagui/config/*.cfg $(SHAREDIR)/ipagui/config
+
+	-mkdir -p $(SHAREDIR)/ipagui/static
+	@for subdir in $(STATIC_SUBDIRS); do \
+		mkdir -p $(SHAREDIR)/ipagui/static/$$subdir; \
+		install -m 644 ipagui/static/$$subdir/* $(SHAREDIR)/ipagui/static/$$subdir; \
+	done
+
+	install -m 644 ipa-webgui.cfg $(SHAREDIR)
+
+	install -m 755 ipa-webgui $(SBINDIR)
+
+	-mkdir -p $(INITDIR)
+	install -m 755 ipa-webgui.init $(INITDIR)/ipa-webgui
+
+clean:
+	find . -name "*.pyc" -exec rm -f {} \;
+	find . -name "*~" -exec rm -f {} \;

ipa-server/ipa-gui/ipa-webgui

@@ -0,0 +1,99 @@
+#! /usr/bin/python -E
+#
+# Copyright (C) 2007  Red Hat
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; version 2 only
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+#
+
+import os, sys
+
+def daemonize():
+    pid = os.fork()
+    if pid != 0:
+        os._exit(0)
+    # become session leader
+    os.setsid()
+    
+    # fork again to reparent to init
+    pid = os.fork()
+    if pid != 0:
+        os._exit(0)
+
+    os.chdir("/")
+    os.umask(0)
+
+    import resource
+    maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
+    if (maxfd == resource.RLIM_INFINITY):
+        maxfd = 1024
+      
+    # close all file descriptors
+    for fd in range(0, maxfd):
+        try:
+            os.close(fd)
+        except OSError:
+            pass
+
+    # stdin
+    os.open("/dev/null", os.O_RDWR)
+    # stdout
+    os.open("/dev/null", os.O_RDWR)
+    # stderr
+    os.open("/dev/null", os.O_RDWR)
+
+# To make development easier, we detect if we are in the development
+# environment to load a different configuration and avoid becoming
+# a daemon
+devel = False
+if os.path.exists(os.path.join(os.path.dirname(__file__), "Makefile")):
+    devel = True
+
+if not devel:
+    sys.path.append("/usr/share/ipa/")
+
+# this must be after sys.path is changed to work correctly
+import pkg_resources
+pkg_resources.require("TurboGears")
+pkg_resources.require("ipa_gui")
+
+
+from turbogears import update_config, start_server
+import cherrypy
+cherrypy.lowercase_api = True
+
+# Load the config - look for a local file first for development
+# and then the system config file
+if devel:
+    update_config(configfile="dev.cfg",
+                  modulename="ipagui.config")
+else:
+    update_config(configfile="/usr/share/ipa/ipa-webgui.cfg",
+                  modulename="ipagui.config.app")
+
+from ipagui.controllers import Root
+
+if not devel:
+    try:
+        daemonize()
+    except Exception, e:
+        sys.stderr.write("error becoming daemon: " + str(e))
+        sys.exit(1)
+
+start_server(Root())
+
+
+    
+        
+        

ipa-server/ipa-gui/ipa-webgui.cfg

@@ -0,0 +1,97 @@
+[global]
+# DATABASE
+
+# no database for ipa-webgui since everything is stored in LDAP
+
+# IDENTITY
+
+# Our our sqlobject-derived proxy provider
+identity.provider='proxyprovider'
+
+# the first thing checked on any request. We want to short-circuit this
+# as early as possible
+identity.source = 'visit'
+
+# Turn on identity and visit (visit is required for identity)
+identity.on=True
+identity.failure_url="/loginfailed"
+visit.on=True
+visit.manager='proxyvisit'
+
+# SERVER
+
+server.environment="production"
+autoreload.package="ipagui"
+autoreload.on = False
+
+# Sets the number of threads the server uses
+server.thread_pool = 10
+
+# if this is part of a larger site, you can set the path
+# to the TurboGears instance here
+# server.webpath=""
+
+# Set to True if you are deploying your App behind a proxy
+# e.g. Apache using mod_proxy
+# base_url_filter.on = False
+
+# Set to True if your proxy adds the x_forwarded_host header
+# base_url_filter.use_x_forwarded_host = True
+
+# If your proxy does not add the x_forwarded_host header, set
+# the following to the *public* host url.
+# (Note: This will be overridden by the use_x_forwarded_host option
+# if it is set to True and the proxy adds the header correctly.
+# base_url_filter.base_url = "http://www.example.com"
+
+# Set to True if you'd like to abort execution if a controller gets an
+# unexpected parameter. False by default
+# tg.strict_parameters = False
+
+# LOGGING
+# Logging configuration generally follows the style of the standard
+# Python logging module configuration. Note that when specifying
+# log format messages, you need to use *() for formatting variables.
+# Deployment independent log configuration is in ipagui/config/log.cfg
+[logging]
+
+[[formatters]]
+[[[message_only]]]
+format='*(message)s'
+
+[[[full_content]]]
+format='*(asctime)s *(name)s *(levelname)s *(message)s'
+
+[[handlers]]
+[[[debug_out]]]
+class='StreamHandler'
+level='DEBUG'
+args='(sys.stdout,)'
+formatter='full_content'
+
+[[[access_out]]]
+class='StreamHandler'
+level='INFO'
+args='(sys.stdout,)'
+formatter='message_only'
+
+[[[error_out]]]
+class='StreamHandler'
+level='ERROR'
+args='(sys.stdout,)'
+
+[[loggers]]
+[[[ipagui]]]
+level='DEBUG'
+qualname='ipagui'
+handlers=['debug_out']
+
+[[[allinfo]]]
+level='INFO'
+handlers=['debug_out']
+
+[[[access]]]
+level='INFO'
+qualname='turbogears.access'
+handlers=['access_out']
+propagate=0

ipa-server/ipa-gui/ipa-webgui.init

@@ -0,0 +1,71 @@
+#!/bin/sh
+#
+# ipa-webgui    This starts and stops ipa-webgui
+#
+# chkconfig:   - 36 64
+# description: ipa-webgui IPA Web User Interface
+# processname: /usr/sbin/ipa-webgui
+# configdir:   /etc/sysconfig/ipa-webgui
+#
+
+# Source function library.
+if [ -f /etc/rc.d/init.d/functions ] ; then
+. /etc/rc.d/init.d/functions
+fi
+# Source networking configuration.
+if [ -f /etc/sysconfig/network ] ; then
+. /etc/sysconfig/network
+fi
+
+# Check that networking is up.
+if [ "${NETWORKING}" = "no" ]
+then
+    echo "Networking is down"
+    exit 0
+fi
+
+NAME="ipa-webgui"
+
+start() {
+	echo -n $"Starting $NAME: "
+	daemon $NAME
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$NAME || \
+	   RETVAL=1
+	return $RETVAL
+}	
+
+stop() {
+	echo -n $"Shutting down $NAME: "
+	killproc $NAME
+	RETVAL=$?
+	echo
+	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$NAME
+	return $RETVAL
+}	
+
+restart() {
+	stop
+	start
+}	
+
+case "$1" in
+  start)
+  	start
+	;;
+  stop)
+  	stop
+	;;
+  restart)
+  	restart
+	;;
+  condrestart)
+  	[ -f /var/lock/subsys/$NAME ] && restart || :
+	;;
+  *)
+	echo $"Usage: $0 {start|stop|restart|condrestart}"
+	exit 2
+esac
+
+exit $?

ipa-server/ipa-gui/ipa_gui.egg-info/SOURCES.txt

@@ -1,4 +1,5 @@
 README.txt
+ipa-webgui
 setup.py
 start-ipagui.py
 ipa_gui.egg-info/PKG-INFO
@@ -19,6 +20,7 @@ ipagui/proxyvisit.py
 ipagui/release.py
 ipagui/config/__init__.py
 ipagui/forms/__init__.py
+ipagui/forms/group.py
 ipagui/forms/user.py
 ipagui/helpers/__init__.py
 ipagui/helpers/userhelper.py

ipa-server/ipa-gui/ipa_gui.egg-info/entry_points.txt

@@ -1,6 +1,6 @@
 
     [turbogears.identity.provider]
     proxyprovider = ipagui.proxyprovider:ProxyIdentityProvider
-
     [turbogears.visit.manager]
     proxyvisit = ipagui.proxyvisit:ProxyVisitManager
+    

ipa-server/ipa-gui/sample-prod.cfg

@@ -1,38 +1,31 @@
 [global]
-# This is where all of your settings go for your production environment.
-# You'll copy this file over to your production server and provide it
-# as a command-line option to your start script.
-# Settings that are the same for both development and production
-# (such as template engine, encodings, etc.) all go in 
-# ipagui/config/app.cfg
-
 # DATABASE
 
-# pick the form for your database
-# sqlobject.dburi="postgres://username@hostname/databasename"
-# sqlobject.dburi="mysql://username:password@hostname:port/databasename"
-# sqlobject.dburi="sqlite:///file_name_and_path"
+# no database for ipa-webgui since everything is stored in LDAP
 
-# If you have sqlite, here's a simple default to get you started
-# in development
-sqlobject.dburi="sqlite://%(current_dir_uri)s/devdata.sqlite"
+# IDENTITY
 
+# Our our sqlobject-derived proxy provider
+identity.provider='proxyprovider'
 
-# if you are using a database or table type without transactions
-# (MySQL default, for example), you should turn off transactions
-# by prepending notrans_ on the uri
-# sqlobject.dburi="notrans_mysql://username:password@hostname:port/databasename"
-
-# for Windows users, sqlite URIs look like:
-# sqlobject.dburi="sqlite:///drive_letter:/path/to/file"
+# the first thing checked on any request. We want to short-circuit this
+# as early as possible
+identity.source = 'visit'
 
+# Turn on identity and visit (visit is required for identity)
+identity.on=True
+identity.failure_url="/loginfailed"
+visit.on=True
+visit.manager='proxyvisit'
 
 # SERVER
 
 server.environment="production"
+autoreload.package="ipagui"
+autoreload.on = False
 
 # Sets the number of threads the server uses
-# server.thread_pool = 1
+server.thread_pool = 10
 
 # if this is part of a larger site, you can set the path
 # to the TurboGears instance here
@@ -66,7 +59,7 @@ server.environment="production"
 
 [[[access_out]]]
 # set the filename as the first argument below
-args="('server.log',)"
+args="('ipa-webgui',)"
 class='FileHandler'
 level='INFO'
 formatter='message_only'
@@ -74,11 +67,11 @@ formatter='message_only'
 [[loggers]]
 [[[ipagui]]]
 level='ERROR'
-qualname='ipagui'
-handlers=['error_out']
+qualname='ipa-webgui'
+handlers=['debug_out']
 
 [[[access]]]
 level='INFO'
-qualname='turbogears.access'
+qualname='ipa-webgui.access'
 handlers=['access_out']
 propagate=0

ipa-server/ipa-gui/setup.py

@@ -19,30 +19,10 @@ setup(
     install_requires = [
         "TurboGears >= 1.0.2.2",
     ],
-    scripts = ["start-ipagui.py"],
     zip_safe=False,
     packages=find_packages(),
     package_data = find_package_data(where='ipagui',
                                      package='ipagui'),
-    keywords = [
-        # Use keywords if you'll be adding your package to the
-        # Python Cheeseshop
-        
-        # if this has widgets, uncomment the next line
-        # 'turbogears.widgets',
-        
-        # if this has a tg-admin command, uncomment the next line
-        # 'turbogears.command',
-        
-        # if this has identity providers, uncomment the next line
-        # 'turbogears.identity.provider',
-    
-        # If this is a template plugin, uncomment the next line
-        # 'python.templating.engines',
-        
-        # If this is a full application, uncomment the next line
-        # 'turbogears.app',
-    ],
     classifiers = [
         'Development Status :: 3 - Alpha',
         'Operating System :: OS Independent',

ipa-server/ipa-gui/start-ipagui.py

@@ -1,25 +0,0 @@
-#!/usr/bin/python
-import pkg_resources
-pkg_resources.require("TurboGears")
-
-from turbogears import update_config, start_server
-import cherrypy
-cherrypy.lowercase_api = True
-from os.path import *
-import sys
-
-# first look on the command line for a desired config file,
-# if it's not on the command line, then
-# look for setup.py in this directory. If it's not there, this script is
-# probably installed
-if len(sys.argv) > 1:
-    update_config(configfile=sys.argv[1], 
-        modulename="ipagui.config")
-elif exists(join(dirname(__file__), "setup.py")):
-    update_config(configfile="dev.cfg",modulename="ipagui.config")
-else:
-    update_config(configfile="prod.cfg",modulename="ipagui.config")
-
-from ipagui.controllers import Root
-
-start_server(Root())

ipa-server/ipa-install/ipa-server-install

@@ -370,7 +370,13 @@ def main():
     krb.restart()
 
     # Allow apache to connect to the turbogears web gui
-    run(["/usr/sbin/setsebool", "httpd_can_network", "true"])
+    run(["/usr/sbin/setsebool", "-P", "httpd_can_network_connect", "true"])
+
+    # Start the web gui
+    run(["/sbin/service", "ipa-webgui", "start"])
+
+    # Set the web gui to start on boot
+    run(["/sbin/chkconfig", "ipa-webgui", "on"])
 
     # Restart apache
     run(["/sbin/service", "httpd", "restart"])