0001-Multitenant-package.patch
debian/authentic2-multitenant-ctl | ||
---|---|---|
1 |
#!/bin/sh |
|
2 | ||
3 |
if [ "$(whoami)" != "authentic-multitenant" ]; then |
|
4 |
if which sudo; then |
|
5 |
if sudo -v -u authentic-multitenant; then |
|
6 |
sudo -u authentic-multitenant authentic2-multitenant-ctl --config /usr/lib/authentic2-multitenant/multitenant.py "$@" |
|
7 |
exit $? |
|
8 |
fi |
|
9 |
echo "You must run this script with authentic-multitenant user" |
|
10 |
exit 1 |
|
11 |
fi |
|
12 |
fi |
|
13 | ||
14 |
/usr/lib/authentic2/manage.py "$@" |
debian/authentic2-multitenant.dirs | ||
---|---|---|
1 |
etc/authentic2-multitenant |
|
2 |
usr/lib/authentic2-multitenant |
|
3 |
var/lib/authentic2-multitenant/tenants |
|
4 |
var/run/authentic2-multitenant |
|
5 |
var/log/authentic2-multitenant |
debian/authentic2-multitenant.docs | ||
---|---|---|
1 |
AUTHORS.txt |
|
2 |
COPYING |
|
3 |
README.rst |
debian/authentic2-multitenant.init | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
### BEGIN INIT INFO |
|
3 |
# Provides: authentic2-multitenant |
|
4 |
# Required-Start: $network $local_fs |
|
5 |
# Required-Stop: |
|
6 |
# Default-Start: 2 3 4 5 |
|
7 |
# Default-Stop: 0 1 6 |
|
8 |
# Short-Description: Authentic2 is a versatile identity provider |
|
9 |
# Description: Authentic2 is a versatile identity provider |
|
10 |
### END INIT INFO |
|
11 | ||
12 |
# Author: Serghei MIHAI <smihai@entrouvert.com> |
|
13 | ||
14 |
PATH=/sbin:/usr/sbin:/bin:/usr/bin |
|
15 |
DESC=authentic2 |
|
16 |
NAME=authentic2-multitenant |
|
17 |
DAEMON=/usr/bin/gunicorn |
|
18 |
PID_DIR=/var/run/$NAME |
|
19 |
CACHE_DIR=/var/cache/$NAME |
|
20 |
LOG_DIR=/var/log/$NAME |
|
21 |
PIDFILE=$PID_DIR/$NAME.pid |
|
22 |
SCRIPTNAME=/etc/init.d/$NAME |
|
23 |
BIND=unix:$RUN_DIR/$NAME.sock |
|
24 | ||
25 |
DJANGO_CONFIG_FILE='/usr/lib/${NAME}/multitenant.py' |
|
26 | ||
27 |
USER=authentic-multitenant |
|
28 |
GROUP=authentic-multitenant |
|
29 | ||
30 |
# Exit if the package is not installed |
|
31 |
[ -x $DAEMON ] || exit 0 |
|
32 | ||
33 |
# Read configuration variable file if it is present |
|
34 |
[ -r /etc/default/$NAME ] && . /etc/default/$NAME |
|
35 | ||
36 |
DAEMON_ARGS="--pid $PIDFILE \ |
|
37 |
--user $USER --group $GROUP \ |
|
38 |
--daemon \ |
|
39 |
--access-logfile $LOG_DIR/gunicorn-access.log \ |
|
40 |
--log-file $LOG_DIR/gunicorn-error.log \ |
|
41 |
--bind=$BIND \ |
|
42 |
--workers=10 \ |
|
43 |
--worker-class=sync \ |
|
44 |
--timeout=60 \ |
|
45 |
authentic2.wsgi:application" |
|
46 | ||
47 |
# Load the VERBOSE setting and other rcS variables |
|
48 |
. /lib/init/vars.sh |
|
49 | ||
50 |
# Define LSB log_* functions. |
|
51 |
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. |
|
52 |
. /lib/lsb/init-functions |
|
53 | ||
54 |
# Create pid directory |
|
55 |
if [ ! -d $PID_DIR ]; then |
|
56 |
install -d -m 755 -o $USER -g $GROUP $PID_DIR |
|
57 |
fi |
|
58 | ||
59 |
# Create cache directory |
|
60 |
if [ ! -d $CACHE_DIR ]; then |
|
61 |
install -d -m 755 -o $USER -g $GROUP $CACHE_DIR |
|
62 |
fi |
|
63 | ||
64 |
# |
|
65 |
# Function that starts the daemon/service |
|
66 |
# |
|
67 |
do_start() |
|
68 |
{ |
|
69 |
# Return |
|
70 |
# 0 if daemon has been started |
|
71 |
# 1 if daemon was already running |
|
72 |
# 2 if daemon could not be started |
|
73 |
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ |
|
74 |
|| return 1 |
|
75 |
start-stop-daemon --start --quiet --exec $DAEMON -- \ |
|
76 |
$DAEMON_ARGS \ |
|
77 |
|| return 2 |
|
78 |
} |
|
79 | ||
80 |
# |
|
81 |
# Function that stops the daemon/service |
|
82 |
# |
|
83 |
do_stop() |
|
84 |
{ |
|
85 |
# Return |
|
86 |
# 0 if daemon has been stopped |
|
87 |
# 1 if daemon was already stopped |
|
88 |
# 2 if daemon could not be stopped |
|
89 |
# other if a failure occurred |
|
90 |
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE |
|
91 |
RETVAL="$?" |
|
92 |
[ "$RETVAL" = 2 ] && return 2 |
|
93 |
# Wait for children to finish too if this is a daemon that forks |
|
94 |
# and if the daemon is only ever run from this initscript. |
|
95 |
# If the above conditions are not satisfied then add some other code |
|
96 |
# that waits for the process to drop all resources that could be |
|
97 |
# needed by services started subsequently. A last resort is to |
|
98 |
# sleep for some time. |
|
99 |
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON |
|
100 |
[ "$?" = 2 ] && return 2 |
|
101 |
# Many daemons don't delete their pidfiles when they exit. |
|
102 |
rm -f $PIDFILE |
|
103 |
return "$RETVAL" |
|
104 |
} |
|
105 | ||
106 |
# |
|
107 |
# Function that sends a SIGHUP to the daemon/service |
|
108 |
# |
|
109 |
do_reload() { |
|
110 |
# |
|
111 |
# If the daemon can reload its configuration without |
|
112 |
# restarting (for example, when it is sent a SIGHUP), |
|
113 |
# then implement that here. |
|
114 |
# |
|
115 |
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME |
|
116 |
return 0 |
|
117 |
} |
|
118 | ||
119 |
do_migrate() { |
|
120 |
log_action_msg "Applying new migrations .." |
|
121 |
su $USER -p -c "/usr/bin/authentic2-multitenant-ctl sync_schemas --noinput" |
|
122 |
su $USER -p -c "/usr/bin/authentic2-multitenant-ctl migrate_schemas --noinput" |
|
123 |
log_action_msg ".. done" |
|
124 |
} |
|
125 | ||
126 |
case "$1" in |
|
127 |
start) |
|
128 |
do_migrate |
|
129 |
log_daemon_msg "Starting $DESC " "$NAME" |
|
130 |
do_start |
|
131 |
case "$?" in |
|
132 |
0|1) log_end_msg 0 ;; |
|
133 |
2) log_end_msg 1 ;; |
|
134 |
esac |
|
135 |
;; |
|
136 |
stop) |
|
137 |
log_daemon_msg "Stopping $DESC" "$NAME" |
|
138 |
do_stop |
|
139 |
case "$?" in |
|
140 |
0|1) log_end_msg 0 ;; |
|
141 |
2) log_end_msg 1 ;; |
|
142 |
esac |
|
143 |
;; |
|
144 |
status) |
|
145 |
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? |
|
146 |
;; |
|
147 |
#reload|force-reload) |
|
148 |
# |
|
149 |
# If do_reload() is not implemented then leave this commented out |
|
150 |
# and leave 'force-reload' as an alias for 'restart'. |
|
151 |
# |
|
152 |
#log_daemon_msg "Reloading $DESC" "$NAME" |
|
153 |
#do_reload |
|
154 |
#log_end_msg $? |
|
155 |
#;; |
|
156 |
restart|force-reload) |
|
157 |
# |
|
158 |
# If the "reload" option is implemented then remove the |
|
159 |
# 'force-reload' alias |
|
160 |
# |
|
161 |
log_daemon_msg "Restarting $DESC" "$NAME" |
|
162 |
do_stop |
|
163 |
do_migrate |
|
164 |
case "$?" in |
|
165 |
0|1) |
|
166 |
do_start |
|
167 |
case "$?" in |
|
168 |
0) log_end_msg 0 ;; |
|
169 |
1) log_end_msg 1 ;; # Old process is still running |
|
170 |
*) log_end_msg 1 ;; # Failed to start |
|
171 |
esac |
|
172 |
;; |
|
173 |
*) |
|
174 |
# Failed to stop |
|
175 |
log_end_msg 1 |
|
176 |
;; |
|
177 |
esac |
|
178 |
;; |
|
179 |
*) |
|
180 |
echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 |
|
181 |
exit 3 |
|
182 |
;; |
|
183 |
esac |
|
184 |
debian/authentic2-multitenant.install | ||
---|---|---|
1 |
debian/conf/nginx-example.conf /etc/authentic2-multitenant |
|
2 |
debian/authentic2-multitenant-ctl /usr/bin |
|
3 |
debian/config.py /etc/authentic2-multitenant |
|
4 |
debian/multitenant.py /usr/lib/authentic2-multitenant |
debian/authentic2-multitenant.postinst | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# |
|
3 |
# Postinst script for authentic2 |
|
4 |
# |
|
5 | ||
6 |
set -e |
|
7 | ||
8 |
NAME=authentic2-multitenant |
|
9 |
AUTHENTIC_USER=authentic-multitenant |
|
10 |
AUTHENTIC_GROUP=authentic-multitenant |
|
11 |
AUTHENTIC_HOME=/var/lib/$NAME |
|
12 | ||
13 |
# source debconf stuff |
|
14 |
. /usr/share/debconf/confmodule |
|
15 | ||
16 |
case "$1" in |
|
17 |
configure) |
|
18 |
if ! getent group $AUTHENTIC_GROUP > /dev/null 2>&1; then |
|
19 |
echo -n "Adding group $AUTHENTIC_GROUP.." >&2 |
|
20 |
addgroup --quiet --system $AUTHENTIC_GROUP |
|
21 |
echo "..done" >&2 |
|
22 |
fi |
|
23 |
if ! getent passwd $AUTHENTIC_USER > /dev/null 2>&1; then |
|
24 |
echo -n "Adding user $AUTHENTIC_USER.." >&2 |
|
25 |
adduser --quiet --system --gecos "Pootle daemon" \ |
|
26 |
--ingroup $AUTHENTIC_GROUP \ |
|
27 |
--no-create-home --home $AUTHENTIC_HOME \ |
|
28 |
$AUTHENTIC_USER |
|
29 |
echo "..done" >&2 |
|
30 |
fi |
|
31 | ||
32 |
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP $AUTHENTIC_HOME \ |
|
33 |
$AUTHENTIC_HOME/tenants \ |
|
34 |
/var/run/$NAME \ |
|
35 |
/var/log/$NAME |
|
36 | ||
37 |
reconfigure|abort-upgrade|abort-remove|abort-deconfigure) |
|
38 |
;; |
|
39 | ||
40 |
*) |
|
41 |
echo "postinst called with unknown argument \`$1'" >&2 |
|
42 |
exit 1 |
|
43 |
;; |
|
44 |
esac |
|
45 | ||
46 |
exit 0 |
debian/conf/nginx-example.conf | ||
---|---|---|
14 | 14 |
} |
15 | 15 | |
16 | 16 |
location / { |
17 |
proxy_pass http://unix:/var/run/authentic2/authentic2.sock;
|
|
17 |
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
|
|
18 | 18 |
proxy_set_header Host $http_host; |
19 | 19 |
proxy_set_header X-Forwarded-SSL on; |
20 | 20 |
proxy_set_header X-Forwarded-Protocol ssl; |
... | ... | |
34 | 34 |
} |
35 | 35 | |
36 | 36 |
location / { |
37 |
proxy_pass http://unix:/var/run/authentic2/authentic2.sock;
|
|
37 |
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock;
|
|
38 | 38 |
proxy_set_header Host $http_host; |
39 | 39 |
} |
40 | 40 |
} |
debian/config.py | ||
---|---|---|
1 |
# Here your custom configuration. |
|
2 |
# Use it to declare new settings or overload existing ones |
|
3 | ||
4 |
# STATIC_ROOT='/var/lib/authentic2/static' |
|
5 | ||
6 |
# ALLOWED_HOSTS='*' |
|
7 | ||
8 |
# SAML_SIGNATURE_PUBLIC_KEY="" |
|
9 |
# SAML_SIGNATURE_PRIVATE_KEY="" |
|
10 | ||
11 |
# USE_MEMCACHED=yes # required python-memcache memcached |
|
12 | ||
13 |
# IDP_SAML2='yes' |
|
14 |
# IDP_OPENID='yes' # require package python-openid |
|
15 |
# IDP_CAS='yes' |
|
16 |
# AUTH_SAML2='yes' |
|
17 |
# AUTH_OPENID='yes' # require package python-openid |
|
18 |
# AUTH_SSL='yes' |
|
19 | ||
20 |
# Sentry / Raven configuration |
|
21 |
# RAVEN_CONFIG_DSN='' # require package python-raven |
|
22 | ||
23 |
# Email configuration |
|
24 |
# EMAIL_HOST = 'localhost' |
|
25 |
# EMAIL_PORT = 25 |
|
26 |
# EMAIL_SUBJECT_PREFIX='[Authentic2]' |
|
27 |
# SERVER_EMAIL='admin+authentic2@entrouvert.com' |
|
28 | ||
29 |
# complete database config |
|
30 |
# DATABASES = { |
|
31 |
# 'default': { |
|
32 |
# 'ENGINE': 'tenant_schemas.postgresql_backend', |
|
33 |
# 'HOST': 'localhost', |
|
34 |
# 'NAME': 'authentic', |
|
35 |
# 'PASSWORD': 'secret', |
|
36 |
# 'PORT': 5432 |
|
37 |
# } |
|
38 |
# } |
|
39 |
# or each param separately |
|
40 |
# DATABASES['default']['HOST'] = 'another host' |
|
41 |
# DATABASES['default']['PASSWORD'] = 'another secret' |
debian/control | ||
---|---|---|
43 | 43 |
It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) |
44 | 44 |
implementation of the Liberty Alliance specifications. |
45 | 45 | |
46 |
Package: authentic2-multitenant |
|
47 |
Architecture: all |
|
48 |
Pre-Depends: python-django (>= 1.5) |
|
49 |
Depends: ${misc:Depends}, adduser, |
|
50 |
python-authentic2 (= ${binary:Version}), python-psycopg2, |
|
51 |
python-django-tenant-schemas, |
|
52 |
python-entrouvert, |
|
53 |
gunicorn, dbconfig-common, |
|
54 |
debconf | debconf-2.0, ucf |
|
55 |
Recommends: postgresql-client |
|
56 |
Suggests: nginx |
|
57 |
Description: Multitenant versatile identity server Python module |
|
58 |
Authentic is a versatile identity provider aiming to address a broad |
|
59 |
range of needs, from simple to complex setups; it has support for many |
|
60 |
protocols and can bridge between them. |
|
61 |
. |
|
62 |
It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) |
|
63 |
implementation of the Liberty Alliance specifications. |
debian/multitenant.py | ||
---|---|---|
1 |
import os |
|
2 | ||
3 |
PROJECT_NAME = 'authentic2-multitenant' |
|
4 | ||
5 |
try: |
|
6 |
import entrouvert |
|
7 |
except ImportError: |
|
8 |
raise ImproperlyConfigured('python-entrouvert MUST be installed for the multitenant mode to work') |
|
9 | ||
10 |
VAR_DIR = os.path.join('/var/lib/', PROJECT_NAME) |
|
11 |
ETC_DIR = os.path.join('/etc', PROJECT_NAME) |
|
12 | ||
13 |
# SECURITY WARNING: don't run with debug turned on in production! |
|
14 |
DEBUG = False |
|
15 |
TEMPLATE_DEBUG = False |
|
16 | ||
17 |
INSTALLED_APPS += ('entrouvert.djommon.multitenant', ) |
|
18 | ||
19 |
TENANT_MODEL = 'multitenant.Tenant' |
|
20 |
TENANT_BASE = os.path.join(VAR_DIR, 'tenants') |
|
21 |
TENANT_TEMPLATE_DIRS = (TENANT_BASE,) |
|
22 |
TENANT_APPS = INSTALLED_APPS |
|
23 | ||
24 |
SHARED_APPS = ( |
|
25 |
'django.contrib.staticfiles', |
|
26 |
'django.contrib.auth', |
|
27 |
'django.contrib.contenttypes', |
|
28 |
'django.contrib.sessions', |
|
29 |
'django.contrib.messages', |
|
30 |
) |
|
31 | ||
32 |
TEMPLATE_LOADERS = ('entrouvert.djommon.multitenant.template_loader.FilesystemLoader',) + TEMPLATE_LOADERS |
|
33 | ||
34 |
TEMPLATE_CONTEXT_PROCESSORS = ('django.core.context_processors.request',) + TEMPLATE_CONTEXT_PROCESSORS |
|
35 | ||
36 |
MIDDLEWARE_CLASSES = ( |
|
37 |
'entrouvert.djommon.multitenant.middleware.TenantMiddleware', |
|
38 |
'entrouvert.djommon.multitenant.middleware.JSONSettingsMiddleware', |
|
39 |
'entrouvert.djommon.multitenant.middleware.PythonSettingsMiddleware', |
|
40 |
) + MIDDLEWARE_CLASSES |
|
41 | ||
42 |
DEFAULT_FILE_STORAGE = 'entrouvert.djommon.multitenant.storage.TenantFileSystemStorage' |
|
43 | ||
44 |
DATABASES = { |
|
45 |
'default': { |
|
46 |
'ENGINE': 'tenant_schemas.postgresql_backend', |
|
47 |
'NAME': PROJECT_NAME |
|
48 |
} |
|
49 |
} |
|
50 | ||
51 |
if os.path.exists(os.path.join(ETC_DIR, 'config.py')): |
|
52 |
execfile(os.path.join(ETC_DIR, 'config.py')) |
debian/rules | ||
---|---|---|
10 | 10 |
dh_install |
11 | 11 |
mv $(CURDIR)/debian/tmp/usr/bin/authentic2-ctl $(pythonauthentic2)/usr/lib/authentic2/manage.py |
12 | 12 |
install -m 755 -o root -g root debian/sql/syncdb.sh $(authentic2)/usr/share/dbconfig-common/scripts/authentic2/install/pgsql |
13 | ||
14 |
- |