Refine our web space some more so that everything we reference is in /ipa

UI: /ipa/ui XML-RPC: /ipa/xml errors: /ipa/errors config: /ipa/config I had to hardcode that URI into the CSS pages but TurboGears handles the rest of the translations with tg.url(). Added a version to ipa.conf and ipa-rewrite.conf so we can update them in the future if needed with ipa-upgradeconfig 440443
2025-02-25 18:55:28 -06:00 · 2008-05-07 09:33:00 -04:00
parent 5ad2af3429
commit 8e7561cff6
12 changed files with 171 additions and 47 deletions
--- a/ipa-python/rpcclient.py
+++ b/ipa-python/rpcclient.py
@@ -38,7 +38,7 @@ class RPCClient:
    def server_url(self, server):
        """Build the XML-RPC server URL from our configuration"""
-        url = "https://" + server + "/ipaxml"
+        url = "https://" + server + "/ipa/xml"
        if self.verbose:
            print "Connecting to IPA server: %s" % url
        return url
--- a/ipa-server/Makefile.am
+++ b/ipa-server/Makefile.am
@@ -14,6 +14,10 @@ SUBDIRS =			\
 	man			\
 	$(NULL)
 sbin_SCRIPTS =			\
 	ipa-upgradeconfig	\
 	$(NULL)
 install-exec-local:
 	mkdir -p $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
 	chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
@@ -35,6 +39,7 @@ EXTRA_DIST =			\
 	HACKING			\
 	NEWS			\
 	ChangeLog		\
 	$(sbin_SCRIPTS)		\
 	$(NULL)
 DISTCLEANFILES =		\
--- a/ipa-server/ipa-gui/ipa_webgui.cfg
+++ b/ipa-server/ipa-gui/ipa_webgui.cfg
@@ -29,11 +29,11 @@ server.thread_pool = 10
 # if this is part of a larger site, you can set the path
 # to the TurboGears instance here
-server.webpath="/ipa"
+server.webpath="/ipa/ui"
 # Set to True if you are deploying your App behind a proxy
 # e.g. Apache using mod_proxy
-# base_url_filter.on = False
+base_url_filter.on = True
 # Set to True if your proxy adds the x_forwarded_host header
 # base_url_filter.use_x_forwarded_host = True
--- a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
+++ b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css
@@ -40,10 +40,10 @@
  text-decoration: underline;
 }
 .sortasc {
-  background-image: url(/static/images/up.gif) !important;
+  background-image: url(/ipa/ui/static/images/up.gif) !important;
 }
 .sortdesc {
-  background-image: url(/static/images/down.gif) !important;
+  background-image: url(/ipa/ui/static/images/down.gif) !important;
 }
 .warning_message {
--- a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
+++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css
@@ -1,19 +1,19 @@
 /* object h1 styles */
-#details h1.overview { background-image: url('/static/images/objects/object-overview.png'); }
+#details h1.overview { background-image: url('/ipa/ui/static/images/objects/object-overview.png'); }
-#details h1.accesscontrol { background-image: url('/static/images/objects/object-accesscontrol.png'); }
+#details h1.accesscontrol { background-image: url('/ipa/ui/static/images/objects/object-accesscontrol.png'); }
-#details h1.user { background-image: url('/static/images/objects/object-user.png'); }
+#details h1.user { background-image: url('/ipa/ui/static/images/objects/object-user.png'); }
-#details h1.usergroup { background-image: url('/static/images/objects/object-usergroup.png'); }
+#details h1.usergroup { background-image: url('/ipa/ui/static/images/objects/object-usergroup.png'); }
-#details h1.content-overview { background-image: url('/static/images/objects/object-content.png'); }
+#details h1.content-overview { background-image: url('/ipa/ui/static/images/objects/object-content.png'); }
-#details h1.channel { background-image: url('/static/images/objects/object-channel.png'); }
+#details h1.channel { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); }
-#details h1.channel-new { background-image: url('/static/images/objects/object-channel.png'); }
+#details h1.channel-new { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); }
-#details h1.channels { background-image: url('/static/images/objects/object-channels.png'); }
+#details h1.channels { background-image: url('/ipa/ui/static/images/objects/object-channels.png'); }
-#details h1.media { background-image: url('/static/images/objects/object-media.png'); }
+#details h1.media { background-image: url('/ipa/ui/static/images/objects/object-media.png'); }
-#details h1.system { background-image: url('/static/images/objects/object-system.png'); }
+#details h1.system { background-image: url('/ipa/ui/static/images/objects/object-system.png'); }
-#details h1.virtualsystem { background-image: url('/static/images/objects/object-virtualsystem.png'); }
+#details h1.virtualsystem { background-image: url('/ipa/ui/static/images/objects/object-virtualsystem.png'); }
-#details h1.policy { background-image: url('/static/images/objects/object-policy.png'); }
+#details h1.policy { background-image: url('/ipa/ui/static/images/objects/object-policy.png'); }
--- a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css
+++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css
@@ -12,7 +12,7 @@ html, body {
 }
 body {
-  background-image:		url('/static/images/template/background.png');
+  background-image:		url('/ipa/ui/static/images/template/background.png');
  background-repeat:		repeat-x;
  background-color:		#f9f9f9;
  margin:			0px;
@@ -45,7 +45,7 @@ td, th {
  float:			left;
  margin-top:			-10px;
-  background:			url('/static/images/branding/logo.png') no-repeat;
+  background:			url('/ipa/ui/static/images/branding/logo.png') no-repeat;
 }
 #content {
@@ -53,7 +53,7 @@ td, th {
  min-height:			100%;
  background-color:		#f9f9f9;
-  background-image:		url('/static/images/template/background-content.png');
+  background-image:		url('/ipa/ui/static/images/template/background-content.png');
  background-repeat:		repeat-x;
 }
@@ -95,7 +95,7 @@ div#search {
  margin: 			0px;
  clear:			both;
-  background-image:		url('/static/images/template/background-navbar.png');
+  background-image:		url('/ipa/ui/static/images/template/background-navbar.png');
  background-repeat:		repeat-x;
 }
@@ -121,7 +121,7 @@ div#search {
 }
 #navbar .active {
-  background-image:		url('/static/images/template/background-navbar-active.png');
+  background-image:		url('/ipa/ui/static/images/template/background-navbar-active.png');
  height:			70px;
  width:			116px;
@@ -156,7 +156,7 @@ div#search {
  border:			1px solid #aaa;
  background-color:		#ccc;
-  background-image:		url('/static/images/template/background-sidebar.png');
+  background-image:		url('/ipa/ui/static/images/template/background-sidebar.png');
  background-repeat:		repeat-y;
 }
@@ -477,7 +477,7 @@ div.instructions {
  padding-top: 2ex;
  width: 40%;
  float: right;
-  background-image:     url('/static/images/template/background-search.png');
+  background-image:     url('/ipa/ui/static/images/template/background-search.png');
  background-repeat:        repeat-y;
  background-color: white;
 } 
--- a/ipa-server/ipa-gui/ipagui/templates/master.kid
+++ b/ipa-server/ipa-gui/ipagui/templates/master.kid
@@ -24,13 +24,13 @@
    <title py:replace="''">Your title goes here</title>
    <meta py:replace="item[:]"/>
    <style type="text/css" media="all">
-    @import "/static/css/style_platform.css";
+    @import "${tg.url('/static/css/style_platform.css')}";
-    @import "/static/css/style_platform-objects.css";
+    @import "${tg.url('/static/css/style_platform-objects.css')}";
-    @import "/static/css/style_freeipa.css";
+    @import "${tg.url('/static/css/style_freeipa.css')}";
    </style>
-    <script type="text/javascript" charset="utf-8" src="/static/javascript/prototype.js"></script>
+    <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/prototype.js')}"></script>
-    <script type="text/javascript" charset="utf-8" src="/static/javascript/scriptaculous.js?load=effects"></script>
+    <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/scriptaculous.js?load=effects')}"></script>
-    <script type="text/javascript" charset="utf-8" src="/static/javascript/ipautil.js"></script>
+    <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/ipautil.js')}"></script>
 </head>
 <body py:match="item.tag=='{http://www.w3.org/1999/xhtml}body'" py:attrs="item.items()">
--- a/ipa-server/ipa-server.spec.in
+++ b/ipa-server/ipa-server.spec.in
@@ -1,6 +1,6 @@
 Name:           ipa-server
 Version:        VERSION
-Release:        1%{?dist}
+Release:        2%{?dist}
 Summary:        IPA authentication server
 Group:          System Environment/Base
@@ -93,6 +93,7 @@ fi
 /bin/chown apache /var/log/ipa_error.log
 /bin/chmod 600 /var/log/ipa_error.log
 restorecon /var/log/ipa_error.log
 /usr/sbin/ipa-upgradeconfig
 %preun
 if [ $1 = 0 ]; then
@@ -118,6 +119,7 @@ fi
 %{_sbindir}/ipactl
 %{_sbindir}/ipa_kpasswd
 %{_sbindir}/ipa_webgui
 %{_sbindir}/ipa-upgradeconfig
 %attr(755,root,root) %{_initrddir}/ipa_kpasswd
 %attr(755,root,root) %{_initrddir}/ipa_webgui
@@ -166,6 +168,9 @@ fi
 %{_mandir}/man1/ipa-server-install.1.gz
 %changelog
 * Tue May  5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2
 - Add ipa-upgradeconfig command and run it at post
 * Thu Apr  3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1
 - Version bump for release
--- a/ipa-server/ipa-upgradeconfig
+++ b/ipa-server/ipa-upgradeconfig
@@ -0,0 +1,112 @@
 #!/usr/bin/python
 #
 # Upgrade configuration files to a newer template.
 import sys
 try:
    from ipa import ipautil
    import krbV
    import re
    import os
    import shutil
    import fileinput
 except ImportError:
    print >> sys.stderr, """\
 There was a problem importing one of the required Python modules. The
 error was:
    %s
 """ % sys.exc_value
    sys.exit(1)
 def backup_file(filename, ext):
    """Make a backup of filename using ext as the extension. Do not overwrite
       previous backups."""
    if not os.path.isabs(filename):
        raise ValueError("Absolute path required")
    backupfile = filename + ".bak"
    (reldir, file) = os.path.split(filename)
    while os.path.exists(backupfile):
        backupfile = backupfile + "." + str(ext)
    shutil.copy2(filename, backupfile)
 def update_conf(sub_dict, filename, template_filename):
    template = ipautil.template_file(template_filename, sub_dict)
    fd = open(filename, "w")
    fd.write(template)
    fd.close()
 def find_hostname():
    """Find the hostname currently configured in ipa-rewrite.conf"""
    filename="/etc/httpd/conf.d/ipa-rewrite.conf"
    if os.path.exists(filename):
        pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*"
        p = re.compile(pattern)
        for line in fileinput.input(filename):
            if p.search(line):
                fileinput.close()
                return p.search(line).group(1)
        fileinput.close()
    return None
 def find_version(filename):
    """Find the version of a configuration file"""
    if os.path.exists(filename):
        pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*"
        p = re.compile(pattern)
        for line in fileinput.input(filename):
            if p.search(line):
                fileinput.close()
                return p.search(line).group(1)
        fileinput.close()
        # no VERSION found
        return 0
    else:
        return -1
 def upgrade(sub_dict, filename, template):
    old = int(find_version(filename))
    new = int(find_version(template))
    if old < 0:
        print "%s not found." % filename
        sys.exit(1)
    if new < 0:
        print "%s not found." % template
    if old < new:
        backup_file(filename, new)
        update_conf(sub_dict, filename, template)
        print "Upgraded %s to version %d" % (filename, new)
 def main():
    try:
        krbctx = krbV.default_context()
    except krbV.Krb5Error, e:
        print "Unable to get default kerberos realm: %s" % e[1]
        sys.exit(1)
    fqdn = find_hostname()
    if fqdn is None:
        print "Unable to determine hostname from ipa-rewrite.conf"
        sys.exit(1)
    sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn }
    upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf")
    upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf")
 try:
    if __name__ == "__main__":
        sys.exit(main())
 except SystemExit, e:
    sys.exit(e)
 except KeyboardInterrupt, e:
    sys.exit(1)
--- a/ipa-server/xmlrpc-server/ipa-rewrite.conf
+++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf
@@ -1,9 +1,11 @@
 # VERSION 1 - DO NOT REMOVE THIS LINE
 RewriteEngine on
 # By default forward all requests to /ipa. If you don't want IPA
 # to be the default on your web server comment this line out. You will
 # need to modify ipa_webgui.cfg as well.
-RewriteRule ^/$$ https://$FQDN/ipa [L,NC,R=301]
+RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301]
 # Redirect to the fully-qualified hostname. Not redirecting to secure
 # port so configuration files can be retrieved without requiring SSL.
--- a/ipa-server/xmlrpc-server/ipa.conf
+++ b/ipa-server/xmlrpc-server/ipa.conf
@@ -1,3 +1,6 @@
 #
 # VERSION 1 - DO NOT REMOVE THIS LINE
 #
 # LoadModule auth_kerb_module modules/mod_auth_kerb.so
 ProxyRequests Off
@@ -17,7 +20,7 @@ AddType application/java-archive        jar
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  Require valid-user
-  ErrorDocument 401 /errors/unauthorized.html
+  ErrorDocument 401 /ipa/errors/unauthorized.html
  RewriteEngine on
  Order deny,allow
  Allow from all
@@ -28,20 +31,17 @@ AddType application/java-archive        jar
 </Proxy>
 # The URI's with a trailing ! are those that aren't handled by the proxy
-ProxyPass /ipa http://localhost:8080/ipa
+ProxyPass /ipa/ui http://localhost:8080/ipa/ui
-ProxyPassReverse /ipa http://localhost:8080/ipa
+ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui
 # Configure the XML-RPC service
-Alias /ipaxml "/usr/share/ipa/ipaserver/XMLRPC"
+Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC"
 # This is where we redirect on failed auth
-Alias /errors "/usr/share/ipa/html"
+Alias /ipa/errors "/usr/share/ipa/html"
 # For the MIT Windows config files
-Alias /config "/usr/share/ipa/html"
+Alias /ipa/config "/usr/share/ipa/html"
 # So we don't have to hardcode a path into the CSS
 Alias /static "/usr/share/ipa/ipagui/static"
 <Directory "/usr/share/ipa/ipaserver">
  AuthType Kerberos
@@ -53,7 +53,7 @@ Alias /static "/usr/share/ipa/ipagui/static"
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  Require valid-user
-  ErrorDocument 401 /errors/unauthorized.html
+  ErrorDocument 401 /ipa/errors/unauthorized.html
  SetHandler mod_python
  PythonHandler ipaxmlrpc
@@ -84,7 +84,7 @@ Alias /static "/usr/share/ipa/ipagui/static"
  Krb5KeyTab /etc/httpd/conf/ipa.keytab
  KrbSaveCredentials on
  Require valid-user
-  ErrorDocument 401 /errors/unauthorized.html
+  ErrorDocument 401 /ipa/errors/unauthorized.html
 </Directory>
 #Alias /ipatest "/usr/share/ipa/ipatest"
@@ -99,7 +99,7 @@ Alias /static "/usr/share/ipa/ipagui/static"
 #  Krb5KeyTab /etc/httpd/conf/ipa.keytab
 #  KrbSaveCredentials on
 #  Require valid-user
-#  ErrorDocument 401 /errors/unauthorized.html
+#  ErrorDocument 401 /ipa/errors/unauthorized.html
 #
 #  SetHandler mod_python
 #  PythonHandler test_mod_python
--- a/ipa-server/xmlrpc-server/unauthorized.html
+++ b/ipa-server/xmlrpc-server/unauthorized.html
@@ -5,12 +5,12 @@
 <p>
 Unable to verify your Kerberos credentials. Please make sure
 that you have valid Kerberos tickets (obtainable via kinit), and that you
-have <a href="/errors/ssbrowser.html">configured your
+have <a href="/ipa/errors/ssbrowser.html">configured your
 browser correctly</a>. If you are still unable to access
 the IPA Web interface, please contact the helpdesk on for additional assistance.
 </p>
 <p>
-Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>.
+Import the <a href="/ipa/errors/ca.crt">IPA Certificate Authority</a>.
 </p>
 <p>
 <script type="text/javascript">
@@ -19,7 +19,7 @@ Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>.
  {
    document.write("<p>You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.</p>");
    document.write("<p>You <strong>must</strong> reload this page after importing the Certificate Authority for the automatic settings to work</p>");
-    document.write("<object data=\"jar:/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object");
+    document.write("<object data=\"jar:/ipa/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object");
  }
 </script>
 </p>