This patch changes ipa-server-install so that it renders the UI assets (CSS and JavaScript) and puts them in /var/cache/ipa/assets. It also adds the appropriate Apache config and serves the assets from /ipa-assets/. The assets are accessed using SSL, but there's no reason to protect them with Kerberos.
This patch will require some SELinux config changes, but I'll let someone more experienced make these changes (I just saw Rob raise his hand!). I've just been testing with `setenforce permissive`. I've been beating up on these changes on and off for the last week and feel pretty confident they wont break anything. For more info on the approach I'm taking for asset management and use of the "Expires" header, see: http://jderose.fedorapeople.org/assets/current/apidoc/
>From e20083bf71c8ca70625306ff8e12d49fe92c5529 Mon Sep 17 00:00:00 2001 From: Jason Gerard DeRose <jder...@redhat.com> Date: Mon, 2 Nov 2009 14:16:27 -0700 Subject: [PATCH] ipa-server-install now renders UI assets --- install/Makefile.am | 3 +++ install/conf/ipa.conf | 9 +++++++++ install/tools/ipa-server-install | 34 ++++++++++++++++++++++++++-------- ipa.spec.in | 1 + ipalib/constants.py | 3 +-- ipaserver/__init__.py | 9 +++++---- 6 files changed, 45 insertions(+), 14 deletions(-) diff --git a/install/Makefile.am b/install/Makefile.am index e57818c..1966585 100644 --- a/install/Makefile.am +++ b/install/Makefile.am @@ -17,10 +17,13 @@ install-exec-local: chmod 700 $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/sessions chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/sessions + mkdir -p $(DESTDIR)$(localstatedir)/cache/ipa/assets + chmod 700 $(DESTDIR)$(localstatedir)/cache/ipa/assets uninstall-local: -rmdir $(DESTDIR)$(localstatedir)/lib/ipa/sysrestore -rmdir $(DESTDIR)$(localstatedir)/lib/ipa + -rmdir $(DESTDIR)$(localstatedir)/cache/ipa/assets -rmdir $(DESTDIR)$(localstatedir)/cache/ipa/sessions -rmdir $(DESTDIR)$(localstatedir)/cache/ipa diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf index 032be20..b23fc02 100644 --- a/install/conf/ipa.conf +++ b/install/conf/ipa.conf @@ -64,6 +64,15 @@ Alias /ipa/crl "/var/lib/pki-ca/publish" PythonAutoReload Off </Location> +Alias /ipa-assets/ "/var/cache/ipa/assets/" +<Directory "/var/cache/ipa/assets"> + Allow from all + AllowOverride None + Options Indexes FollowSymLinks + ExpiresActive On + ExpiresDefault A31536000 +</Directory> + # Do no authentication on the directory that contains error messages <Directory "/usr/share/ipa/html"> diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index d031638..ca33042 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -53,10 +53,13 @@ from ipapython import sysrestore from ipapython.ipautil import * from ipalib import api, util +import ipawebui + pw_name = None # Used to determine the the highest possible uid/gid MAXINT_32BIT = 2147483648 +ASSETS_DIR = '/var/cache/ipa/assets' def parse_options(): namespace = random.randint(1000000, (MAXINT_32BIT - 1000000)) @@ -387,6 +390,15 @@ def uninstall(ca = False): fstore.restore_all_files() return 0 + +def render_assets(): + """ + Render CSS and JavaScript assets. + """ + ui = ipawebui.create_wsgi_app(api) + ui.render_assets() + + def main(): global ds global pw_name @@ -410,15 +422,17 @@ def main(): global fstore fstore = sysrestore.FileStore('/var/lib/ipa/sysrestore') - if options.uninstall: - api.bootstrap(in_server=True) - else: + + cfg = dict( + in_server=True, + webui_assets_dir=ASSETS_DIR, + ) + if not options.uninstall: if options.ca: - ca_type = 'dogtag' + cfg['ra_plugin'] = 'dogtag' else: - ca_type = 'selfsign' - - api.bootstrap(in_server=True, ra_plugin=ca_type) + cfg['ra_plugin'] = 'selfsign' + api.bootstrap(**cfg) api.finalize() if options.uninstall: @@ -440,7 +454,7 @@ def main(): print " * Create and configure an instance of Directory Server" print " * Create and configure a Kerberos Key Distribution Center (KDC)" print " * Configure Apache (httpd)" - print " * Configure TurboGears" + print " * Render web UI JavaScript and CSS assets" if options.setup_dns: print " * Configure DNS (bind)" if not options.conf_ntp: @@ -659,6 +673,9 @@ def main(): # Create a kerberos instance krb = krbinstance.KrbInstance(fstore) krb.create_instance(ds_user, realm_name, host_name, domain_name, dm_password, master_password) + + # Render webui assets: + render_assets() # Create a HTTP instance @@ -696,6 +713,7 @@ def main(): fd.write("enable_ra=True\n") if options.ca: fd.write("ra_plugin=dogtag\n") + fd.write('webui_assets_dir=' + ASSETS_DIR + '\n') fd.close() # Apply any LDAP updates. Needs to be done after the configuration file diff --git a/ipa.spec.in b/ipa.spec.in index 87b5d3d..5c070b1 100644 --- a/ipa.spec.in +++ b/ipa.spec.in @@ -395,6 +395,7 @@ fi %attr(700,root,root) %dir %{_localstatedir}/lib/ipa/sysrestore %dir %{_localstatedir}/cache/ipa %attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/sessions +%attr(700,apache,apache) %dir %{_localstatedir}/cache/ipa/assets %attr(700,root,root) %dir %{_localstatedir}/cache/ipa/kpasswd %{_mandir}/man1/ipa-replica-install.1.gz %{_mandir}/man1/ipa-replica-manage.1.gz diff --git a/ipalib/constants.py b/ipalib/constants.py index 72b02b0..0ace2a2 100644 --- a/ipalib/constants.py +++ b/ipalib/constants.py @@ -109,12 +109,11 @@ DEFAULT_CONFIG = ( ('mount_xmlserver', 'xml'), ('mount_jsonserver', 'json'), ('mount_webui', 'ui/'), - ('mount_webui_assets', '_/'), + ('mount_webui_assets', '/ipa-assets/'), # WebUI stuff: ('webui_prod', True), ('webui_assets_dir', None), - ('webui_assets_dburi', None), # Debugging: ('verbose', False), diff --git a/ipaserver/__init__.py b/ipaserver/__init__.py index 678120b..1b62255 100644 --- a/ipaserver/__init__.py +++ b/ipaserver/__init__.py @@ -39,10 +39,11 @@ except ImportError: pass - -# This module is from paste: +# START code from paste +# Red Hat does not hold the copyright to the following code. The following code +# is from paste: # http://pythonpaste.org/ -# Which in turn was based on Robert Brewer's: +# Which in turn was based on Robert Brewer's modpython_gateway: # http://projects.amor.org/misc/svn/modpython_gateway.py class InputWrapper(object): @@ -185,7 +186,7 @@ class Handler(object): self.started = True self.request.write(data) -# END module from paste +# END code from paste def adapter(req, app): -- 1.6.3.3
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel