[Zope-dev] Reporting X-FORWARDED-FOR into the log ( REMOTE_ADDR )
I have a Zope server behind a proxy server, this proxy enables de X-FORWARDED-FROM that contains the real ip of the client that is connected. I want to log this variable but I cannot find the way to do it. Can anyone to help me? Thanks. __ Yahoo! lanza su nueva tecnología de búsquedas ¿te atreves a comparar? http://busquedas.yahoo.es ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
Local roles are acquired from ancestors. While this is not bad for e.g. a Manager local role, its conceptual usefulness is in great doubt for e.g. the Owner role. It is very unclear why an Owner of a folder should automatically be an Owner of all its content. I therefore propose to make acquisition of local roles customizable. I see two potential variants: 1. objects get a boolean flag __ac_acquire_local_roles__ with default value True which allows acquisition of all local roles. 2. objects get a dictionary __ac_acquire_local_roles__ mapping role names to a boolean which allows acquisition for the respective role. Of course, the second variant provides more fine grained control and will require a more complex UI. The change would affect the methods allowed and getRolesInContext. of AccessControl.User.BasicUser and would require new methods in AccessControl.Role.RoleManager to read and modify the new __ac_acquire_local_roles__. Moreover, I propose to change the local role management pages. When setting local roles, information about acquired local role definitions is very helpful. I therefore propose to display this information on the local role edit page. I even would prefer a much more drastic change for both local role management and permission-role-map management: a compact look only overview mapping roles to users and permission to roles, respectively, with links to a page to edit the association of a single role or permission, respectively. Something like: Role| acquire | locally assigned users| ancestor assigned users - Owner | no | dieter| admin, dieter - Manager | yes| dieter| admin - The Role column is a link to a page to edit acquire and locally assigned users for the respective role. Advantages: * more natural behaviour for roles like Owner * access restricted sub-sites would be much easier to implement * more informative management pages Risks: * Classes deriving from AccessControl.BasicUser may have overridden allowed and getRolesInContext. Such overridden methods would not interpret __ac_acquire_local_roles__ until adapted. Fortunately, it is not very likely that these two methods are overridden. * Local roles get a bit more complex. However, explicit acquisition control is already used for the permission role mapping. Thus, users could recognize the same concept. * The 2.8/2.9 edition of the Zope Book would need to be adapted. If there is interest, I could implement the changes and provide patches against the Zope SVN version. However, I do not have write permissions to the repository. This means, someone else would need to make the actual checkins. BTW: Almost surely, I will implement the proposed change in our private Zope copy and use it in one of our projects. This means, I could provide production experience for the change in some months. -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
I would very much apreciate such an enhancment. so ++1 I would like to see where a role was assigned. And If I can express yet an other wish: I would very much like to have a way to see what the settings for a particular User is. And where the settings for a given permissions have come from. Robert Dieter Maurer wrote: Local roles are acquired from ancestors. While this is not bad for e.g. a Manager local role, its conceptual usefulness is in great doubt for e.g. the Owner role. It is very unclear why an Owner of a folder should automatically be an Owner of all its content. I therefore propose to make acquisition of local roles customizable. I see two potential variants: 1. objects get a boolean flag __ac_acquire_local_roles__ with default value True which allows acquisition of all local roles. 2. objects get a dictionary __ac_acquire_local_roles__ mapping role names to a boolean which allows acquisition for the respective role. Of course, the second variant provides more fine grained control and will require a more complex UI. The change would affect the methods allowed and getRolesInContext. of AccessControl.User.BasicUser and would require new methods in AccessControl.Role.RoleManager to read and modify the new __ac_acquire_local_roles__. Moreover, I propose to change the local role management pages. When setting local roles, information about acquired local role definitions is very helpful. I therefore propose to display this information on the local role edit page. I even would prefer a much more drastic change for both local role management and permission-role-map management: a compact look only overview mapping roles to users and permission to roles, respectively, with links to a page to edit the association of a single role or permission, respectively. Something like: Role| acquire | locally assigned users| ancestor assigned users - Owner | no | dieter| admin, dieter - Manager | yes| dieter| admin - The Role column is a link to a page to edit acquire and locally assigned users for the respective role. Advantages: * more natural behaviour for roles like Owner * access restricted sub-sites would be much easier to implement * more informative management pages Risks: * Classes deriving from AccessControl.BasicUser may have overridden allowed and getRolesInContext. Such overridden methods would not interpret __ac_acquire_local_roles__ until adapted. Fortunately, it is not very likely that these two methods are overridden. * Local roles get a bit more complex. However, explicit acquisition control is already used for the permission role mapping. Thus, users could recognize the same concept. * The 2.8/2.9 edition of the Zope Book would need to be adapted. If there is interest, I could implement the changes and provide patches against the Zope SVN version. However, I do not have write permissions to the repository. This means, someone else would need to make the actual checkins. BTW: Almost surely, I will implement the proposed change in our private Zope copy and use it in one of our projects. This means, I could provide production experience for the change in some months. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
Hi all, On OSX 10.3 (Pahter), Python 2.3.4, Zope 2.7.1, I'm frequently seeing this.. 2004-07-22T14:00:24 ERROR(200) ZODB Couldn't load state for 16ad Traceback (most recent call last): File /usr/local/zope/zope271/lib/python/ZODB/Connection.py, line 559, in setstate p, serial = self._storage.load(oid, self._version) File /usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py, line 755, in load self._cache.store(oid, p, s, v, pv, sv) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line 601, in store self._store(oid, p, s, version, pv, sv) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line 631, in _store f.seek(self._pos) AttributeError: 'NoneType' object has no attribute 'seek' It's intermittent at first, then back-to-back. Following thread leads me to look for memory shortage. But I'd expect a different message in that case. http://www.mail-archive.com/[EMAIL PROTECTED]/msg15039.html This thread seems to suggest such messages (in different context) can be ignored. But I can't do that. This is a symptom of a bigger problem. http://mail.zope.org/pipermail/zope/2001-August/097300.html Has anyone seen this in these circumstances? --r. Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
Chris Withers wrote at 2004-7-21 16:44 +0100: Brad Clements wrote: I have set the SAPDB timeout to 32400 seconds. Unless you have an extremely heavily loaded Zope, that's too low, and may be causing you problems... That is the maximum allowed value in dbmgui. My point is that unless you implement a connection pool model independent of Zope's threading, you WILL run into problems if you have ANY kind of timeout where the DA isn't smnart enough to reconnect connections that have closed... All DA's I saw up to now, do a reconnect. But this is *WRONG -- as part of a transaction may have been lost. After reconnecting, they should raise an exception derived from ConflictError and let the complete request retry. -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
I have seen this as well but I haven't been able to pin it down. On Thu, 2004-07-22 at 16:16, Russ Ferriday wrote: Hi all, On OSX 10.3 (Pahter), Python 2.3.4, Zope 2.7.1, I'm frequently seeingthis.. 2004-07-22T14:00:24 ERROR(200) ZODB Couldn't load state for16ad Traceback (most recent call last): File /usr/local/zope/zope271/lib/python/ZODB/Connection.py, line559, in setstate p, serial = self._storage.load(oid, self._version) File /usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py, line755, in load self._cache.store(oid, p, s, v, pv, sv) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line601, in store self._store(oid, p, s, version, pv, sv) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line631, in _store f.seek(self._pos) AttributeError: 'NoneType' object has no attribute 'seek' It's intermittent at first, then back-to-back. Following thread leads me to look for memory shortage. But I'd expecta different message in that case. http://www.mail-archive.com/[EMAIL PROTECTED]/msg15039.html This thread seems to suggest such messages (in different context) canbe ignored. But I can't do that. This is a symptom of a bigger problem. http://mail.zope.org/pipermail/zope/2001-August/097300.html Has anyone seen this in these circumstances? --r. Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com __ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
Thanks, Chris. We're fronting two Zopes with Pound for load balancing. I can't see there would be any connection with this error. But I mention it in case there's a pattern. Also, the database came from 2.7.0 and an earlier python. This looks like resource starvation to me. The servers run for an hour or two this problems shows up, becoming worse for a while, then we need a restart. I'm try to debug it tomorrow. What would you look for? Any tips for resource monitoring? --r. On 22 Jul 2004, at 21:49, Chris McDonough wrote: I have seen this as well but I haven't been able to pin it down. On Thu, 2004-07-22 at 16:16, Russ Ferriday wrote: Hi all, On OSX 10.3 (Pahter), Python 2.3.4, Zope 2.7.1, I'm frequently seeingthis.. 2004-07-22T14:00:24 ERROR(200) ZODB Couldn't load state for16ad Traceback (most recent call last): File /usr/local/zope/zope271/lib/python/ZODB/Connection.py, line559, in setstate p, serial = self._storage.load(oid, self._version) File /usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py, line755, in load self._cache.store(oid, p, s, v, pv, sv) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line601, in store self._store(oid, p, s, version, pv, sv) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line631, in _store f.seek(self._pos) AttributeError: 'NoneType' object has no attribute 'seek' It's intermittent at first, then back-to-back. Following thread leads me to look for memory shortage. But I'd expecta different message in that case. http://www.mail-archive.com/[EMAIL PROTECTED]/msg15039.html This thread seems to suggest such messages (in different context) canbe ignored. But I can't do that. This is a symptom of a bigger problem. http://mail.zope.org/pipermail/zope/2001-August/097300.html Has anyone seen this in these circumstances? --r. Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com __ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
On Thu, 2004-07-22 at 18:51, Russ Ferriday wrote: Thanks, Chris. We're fronting two Zopes with Pound for load balancing. I can't seethere would be any connection with this error. But I mention it incase there's a pattern. Well, I am too in this particular case, but I doubt the frontend matters too much here. Also, the database came from 2.7.0 and an earlier python. FTR that's also the case for me as well, but again I don't think that matters here. This lookslike resource starvation to me. The servers run for an hour or twothis problems shows up, becoming worse for a while, then we need arestart. I think the problem is related to ZEO client storage cache flips. I found an error in the log near the time of the None has no attribute seek symptom indicating that the Zope process tried to flip a ZEO cache file (by creating a new file) but UNIX file system permissions apparently prevented it. But then I turned off persistent ZEO client cachefile storage (but omitting the zeo-client-name parameter from zope.conf), believing this would be a workaround, but it hasn't been. I gave up at that point and that's where I am now. I'm try to debug it tomorrow. What would you look for? Any tips forresource monitoring? I think it's resource-related only tangentially; it's a genuine bug that only happens intermittently. My theory is that it will happen as often as a Zope client's ZEO client storage needs to flip its cache file. The cache file is only flipped when it exceeds a certain size and it only exceeds a certain size after a certain pattern of usage causes it to do so (lots of loads from the database of new items, typically). It would be nice if you could confirm this. Reading the Zope event log file of the client that generated the error would be a good start. - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
[Chris McDonough] ... I think the problem is related to ZEO client storage cache flips. Me too. The 3.2 ZEO cache alternates between two cache files, in the two-element list self._f. Both elements are initialized to None, and the index of the current file in use (0 or 1) is in self._current. There's an implicit assumption throughout the code that self._f[self._current] is always an actual file object, but the flip logic is excruciating and that global invariant certainly isn't self-evident. I found an error in the log near the time of the None has no attribute seek symptom indicating that the Zope process tried to flip a ZEO cache file (by creating a new file) but UNIX file system permissions apparently prevented it. This was a traceback ending somewhere in ClientCache.checkSize()? That's where a cache flip happens. It changes its idea of self._current (from 0 to 1 or from 1 to 0) *before* making sure there's an actual file object in the other self._f slot. So, e.g., if self._f started life as [good_file_object, None] and self._current started at 0, and it came time for a cache flip, and a new file object couldn't be created in self._f[1], self._current would end up as 1 anyway, pointing to None. But this code gives me a headache, and I'm not sure that can actually happen (despite that I hear you guys saying it is wink). But then I turned off persistent ZEO client cachefile storage (but omitting the zeo-client-name parameter from zope.conf), believing this would be a workaround, but it hasn't been. I gave up at that point and that's where I am now. Did you continue to get errors in the log near cache-flip times? I don't see a way for checkSize() to screw up unless an unexpected exception is raised. ... My theory is that it will happen as often as a Zope client's ZEO client storage needs to flip its cache file. The cache file is only flipped when it exceeds a certain size and it only exceeds a certain size after a certain pattern of usage causes it to do so (lots of loads from the database of new items, typically). It appears that once self._f[self._current] is None, all future attempts by ZEO to store into its client cache will fail the same way. So I'd be even more surprised if you saw just one of these occur. It would be nice if you could confirm this. Reading the Zope event log file of the client that generated the error would be a good start. The log is everything here. The ZEO client cache logs most relevant messages at info level, producing msgs starting with ZEC. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
I agree with you, technically it is not in line with Dieter's proposal. But locically. Whenever I come accross one I have to deal with the other. And I never said, that we have to add all the information to one single table.. As you said, it is not really hard to write the code for a task as I propoaed. It is the fact that there is no easy way to get at this (badly needed) information that is anoying. Robert Andreas Jung wrote: --On Donnerstag, 22. Juli 2004 21:35 Uhr +0200 robert rottermann [EMAIL PROTECTED] wrote: I would like to see where a role was assigned. And If I can express yet an other wish: I would very much like to have a way to see what the settings for a particular User is. And where the settings for a given permissions have come from. Your problem is mainly a problem of visualization. and at least not directly related to Dieters proposal. For a project I wrote a UI where you can see for a given object in the ZODB hierarchy which permission/role settings are defined above in the tree and which subobjects override the settings. The code for doing this is not really a problem. The problem is how to put these informations in a UI. Given the nature of the problem one would really need a 3D display..maybe 4D :-) Andreas Jung zopyx.com - Software Development and Consulting Andreas Jung ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
