[Freeipa-devel] [PATCH] jderose 026 ipa-server-install now renders UI assets

Mon, 02 Nov 2009 13:28:30 -0800 

This patch changes ipa-server-install so that it renders the UI assets
(CSS and JavaScript) and puts them in /var/cache/ipa/assets.  It also
adds the appropriate Apache config and serves the assets
from /ipa-assets/.  The assets are accessed using SSL, but there's no
reason to protect them with Kerberos.

This patch will require some SELinux config changes, but I'll let
someone more experienced make these changes (I just saw Rob raise his
hand!).  I've just been testing with `setenforce permissive`.

I've been beating up on these changes on and off for the last week and
feel pretty confident they wont break anything.  For more info on the
approach I'm taking for asset management and use of the "Expires"
header, see:

    http://jderose.fedorapeople.org/assets/current/apidoc/



>From e20083bf71c8ca70625306ff8e12d49fe92c5529 Mon Sep 17 00:00:00 2001
From: Jason Gerard DeRose <jder...@redhat.com>
Date: Mon, 2 Nov 2009 14:16:27 -0700
Subject: [PATCH] ipa-server-install now renders UI assets

---
 install/Makefile.am              |    3 +++
 install/conf/ipa.conf            |    9 +++++++++
 install/tools/ipa-server-install |   34 ++++++++++++++++++++++++++--------
 ipa.spec.in                      |    1 +
 ipalib/constants.py              |    3 +--
 ipaserver/__init__.py            |    9 +++++----
 6 files changed, 45 insertions(+), 14 deletions(-)

diff --git a/install/Makefile.am b/install/Makefile.am
index e57818c..1966585 100644
--- a/install/Makefile.am
+++ b/install/Makefile.am
@@ -17,10 +17,13 @@ install-exec-local:
 	chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
 	mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/sessions
 	chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/sessions
+	mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/assets
+	chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/assets
 
 uninstall-local:
 	-rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore
 	-rmdir $(DESTDIR)$(localstatedir)/lib/ipa
+	-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/assets
 	-rmdir $(DESTDIR)$(localstatedir)/cache/ipa/sessions
 	-rmdir $(DESTDIR)$(localstatedir)/cache/ipa
 
diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 032be20..b23fc02 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -64,6 +64,15 @@ Alias /ipa/crl "/var/lib/pki-ca/publish"
   PythonAutoReload Off
 </Location>
 
+Alias /ipa-assets/ "/var/cache/ipa/assets/"
+<Directory "/var/cache/ipa/assets">
+  Allow from all
+  AllowOverride None
+  Options Indexes FollowSymLinks
+  ExpiresActive On
+  ExpiresDefault A31536000
+</Directory>
+
 
 # Do no authentication on the directory that contains error messages
 <Directory "/usr/share/ipa/html">
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index d031638..ca33042 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -53,10 +53,13 @@ from ipapython import sysrestore
 from ipapython.ipautil import *
 from ipalib import api, util
 
+import ipawebui
+
 pw_name = None
 
 # Used to determine the the highest possible uid/gid
 MAXINT_32BIT = 2147483648
+ASSETS_DIR = '/var/cache/ipa/assets'
 
 def parse_options():
     namespace = random.randint(1000000, (MAXINT_32BIT - 1000000))
@@ -387,6 +390,15 @@ def uninstall(ca = False):
     fstore.restore_all_files()
     return 0
 
+
+def render_assets():
+    """
+    Render CSS and JavaScript assets.
+    """
+    ui = ipawebui.create_wsgi_app(api)
+    ui.render_assets()
+
+
 def main():
     global ds
     global pw_name
@@ -410,15 +422,17 @@ def main():
     global fstore
     fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore')
 
-    if options.uninstall:
-        api.bootstrap(in_server=True)
-    else:
+
+    cfg = dict(
+        in_server=True,
+        webui_assets_dir=ASSETS_DIR,
+    )
+    if not options.uninstall:
         if options.ca:
-            ca_type = 'dogtag'
+            cfg['ra_plugin'] = 'dogtag'
         else:
-            ca_type = 'selfsign'
-
-        api.bootstrap(in_server=True, ra_plugin=ca_type)
+            cfg['ra_plugin'] = 'selfsign'
+    api.bootstrap(**cfg)
     api.finalize()
 
     if options.uninstall:
@@ -440,7 +454,7 @@ def main():
     print "  * Create and configure an instance of Directory Server"
     print "  * Create and configure a Kerberos Key Distribution Center (KDC)"
     print "  * Configure Apache (httpd)"
-    print "  * Configure TurboGears"
+    print "  * Render web UI JavaScript and CSS assets"
     if options.setup_dns:
         print "  * Configure DNS (bind)"
     if not options.conf_ntp:
@@ -659,6 +673,9 @@ def main():
     # Create a kerberos instance
     krb = krbinstance.KrbInstance(fstore)
     krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password)
+    
+   # Render webui assets:
+    render_assets()
 
     # Create a HTTP instance
 
@@ -696,6 +713,7 @@ def main():
     fd.write("enable_ra=True\n")
     if options.ca:
         fd.write("ra_plugin=dogtag\n")
+    fd.write('webui_assets_dir=' + ASSETS_DIR + '\n')
     fd.close()
 
     # Apply any LDAP updates. Needs to be done after the configuration file
diff --git a/ipa.spec.in b/ipa.spec.in
index 87b5d3d..5c070b1 100644
--- a/ipa.spec.in
+++ b/ipa.spec.in
@@ -395,6 +395,7 @@ fi
 %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore
 %dir %{_localstatedir}/cache/ipa
 %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions
+%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/assets
 %attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd
 %{_mandir}/man1/ipa-replica-install.1.gz
 %{_mandir}/man1/ipa-replica-manage.1.gz
diff --git a/ipalib/constants.py b/ipalib/constants.py
index 72b02b0..0ace2a2 100644
--- a/ipalib/constants.py
+++ b/ipalib/constants.py
@@ -109,12 +109,11 @@ DEFAULT_CONFIG = (
     ('mount_xmlserver', 'xml'),
     ('mount_jsonserver', 'json'),
     ('mount_webui', 'ui/'),
-    ('mount_webui_assets', '_/'),
+    ('mount_webui_assets', '/ipa-assets/'),
 
     # WebUI stuff:
     ('webui_prod', True),
     ('webui_assets_dir', None),
-    ('webui_assets_dburi', None),
 
     # Debugging:
     ('verbose', False),
diff --git a/ipaserver/__init__.py b/ipaserver/__init__.py
index 678120b..1b62255 100644
--- a/ipaserver/__init__.py
+++ b/ipaserver/__init__.py
@@ -39,10 +39,11 @@ except ImportError:
     pass
 
 
-
-# This module is from paste:
+# START code from paste
+# Red Hat does not hold the copyright to the following code.  The following code
+# is from paste:
 #   http://pythonpaste.org/
-# Which in turn was based on Robert Brewer's:
+# Which in turn was based on Robert Brewer's modpython_gateway:
 #   http://projects.amor.org/misc/svn/modpython_gateway.py
 
 class InputWrapper(object):
@@ -185,7 +186,7 @@ class Handler(object):
             self.started = True
         self.request.write(data)
 
-# END module from paste
+# END code from paste
 
 
 def adapter(req, app):
-- 
1.6.3.3


_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to