Commit c091dd37 authored by Marc Betoule's avatar Marc Betoule
Browse files

Update doc for pipeweb behing apache, add autostart functionnality

parent ace424e5
...@@ -1034,9 +1034,10 @@ Pipeline(pipedot, codedir=, prefix=, env=MyEnvironment) ...@@ -1034,9 +1034,10 @@ Pipeline(pipedot, codedir=, prefix=, env=MyEnvironment)
** Launching pipeweb behind apache ** Launching pipeweb behind apache
Pipeweb use the cherrypy web framework server and can be run behind an Pipeweb use the cherrypy web framework server and can be run behind an
apache webserver which brings essentially two advantages: apache web server which brings essentially two advantages:
- access to *_mod apache facilities (https, gzip, authentication facilities ...). - access to *_mod apache facilities (https, gzip, authentication facilities ...).
- faster static files serving (the pipelet appli actually use quite few of them so the actual gain is marginal). - faster static files serving (the pipelet application actually use
quite few of them so the actual gain is marginal).
There is actually several way of doing so, the [[http://tools.cherrypy.org/wiki/BehindApache][cherrypy]] documentation There is actually several way of doing so, the [[http://tools.cherrypy.org/wiki/BehindApache][cherrypy]] documentation
giving hints about each. We describe here an example case using giving hints about each. We describe here an example case using
...@@ -1049,10 +1050,10 @@ mod_rewrite and virtual hosting. ...@@ -1049,10 +1050,10 @@ mod_rewrite and virtual hosting.
=sudo a2enmod proxy= =sudo a2enmod proxy=
=sudo a2enmod proxy_http= =sudo a2enmod proxy_http=
2. We then configure apache to rewrite request to the cherrypy apps 2. We then configure apache to rewrite request to the cherrypy
except for the static files of the application that will be served application except for the static files of the application that
directly. Here is a sample configuration file for a dedicated will be served directly. Here is a sample configuration file for a
virtual host named pipeweb with pipelet installed under dedicated virtual host named pipeweb with pipelet installed under
=/usr/local/lib/python2.6/dist-packages/=. =/usr/local/lib/python2.6/dist-packages/=.
#+begin_src apache #+begin_src apache
<VirtualHost pipeweb:80> <VirtualHost pipeweb:80>
...@@ -1072,8 +1073,96 @@ mod_rewrite and virtual hosting. ...@@ -1072,8 +1073,96 @@ mod_rewrite and virtual hosting.
specified address and port: specified address and port:
=pipeweb start -H 127.0.0.1= =pipeweb start -H 127.0.0.1=
There is also some possibility to start the application on demand
using a cgi script like:
#+begin_src python
#!/usr/local/bin/python
print "Content-type: text/html\r\n"
print """<html><head><META HTTP-EQUIV="Refresh" CONTENT="1; URL=/"></head><body>Restarting site ...<a href="/">click here<a></body></html>"""
import os
os.system('pipeweb start -H 127.0.0.1')
#+end_src
To have it executed when the proxy detect the absence of the application:
#+begin_src apache
<VirtualHost pipeweb:80>
#...
ScriptAliasMatch ^/pipeweb_autostart\.cgi$ /usr/local/bin/pipeweb_autostart.cgi
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !pipeweb_autostart\.cgi$
RewriteRule ^/static/(.*) /usr/local/lib/python2.6/dist-packages/pipelet/static/$1 [L]
RewriteCond %{SCRIPT_FILENAME} !pipeweb_autostart\.cgi$
RewriteRule ^(.*) http://127.0.0.1:8080$1 [proxy]
ErrorDocument 503 /pipeweb_autostart.cgi
#...
</VirtualHost>
#+end_src
You may want to adjust ownership and suid of the
=pipeweb_autostart.cgi= script so that it executes with the correct
rights.
Pipeweb handles access rights using per pipeline ACL registered in the
database file. It support Basic and Digest http authentication. When
deploying the pipeweb interface in a production environment, one may
want to defer a part of the authorization process to external and
potentially more secure systems. The pipeweb behavior in term of
authorization is controlled by the =-A= option that accept the
following arguments:
- =Digest= (default) Authenticate users via HTTP Digest authentication
according to the user:passwd list stored in the database.
- =Basic= Authenticate users via HTTP Basic (clear text)
authentication according to the user:passwd list stored in the
database.
- =ACL= Check the access rights of otherwise authenticated users
according to the user list stored in the database.
- =None= Do no check. (Defer the whole authentication/authorization
process to the proxy.)
Here is a complete configuration sample making of https, basic
authentication, and per pipeline ACL to secure data browsing.
#+begin_src apache
<VirtualHost _default_:443>
ServerAdmin pipeweb_admin@localhost
DocumentRoot /usr/local/lib/python2.6/dist-packages/pipelet
# ErrorLog /some/custom/error_file.log
# CustomLog /some/custom/access_file.log common
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# This handles authentication and access to the index page
# Access right checking to the various registered pipelines
# is left to pipeweb
<Location />
#Replace with Any suitable authentication system
AuthName "pipeweb"
AuthType Basic
AuthUserFile /etc/apache2/pipelet.pwd
require valid-user
</Location>
ScriptAliasMatch ^/pipeweb_autostart\.cgi$ /usr/local/bin/pipeweb_autostart.cgi
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !pipeweb_autostart\.cgi$
RewriteRule ^/static/(.*) /usr/local/lib/python2.6/dist-packages/pipelet/static/$1 [L]
RewriteCond %{SCRIPT_FILENAME} !pipeweb_autostart\.cgi$
RewriteRule ^(.*) http://127.0.0.1:8080$1 [proxy]
ErrorDocument 503 /pipeweb_autostart.cgi
</VirtualHost>
#+end_src
And the corresponding cgi script:
#+begin_src python
#!/usr/local/bin/python
print "Content-type: text/html\r\n"
print """<html><head><META HTTP-EQUIV="Refresh" CONTENT="1; URL=/"></head><body>Restarting site ...<a href="/">click here<a></body></html>"""
import os
os.system('pipeweb start -H 127.0.0.1 -A ACL')
#+end_src
When deploying the pipeweb interface in a production environment, one may want
* The Pipelet actors * The Pipelet actors
This section document the code for developers. The code documentation This section document the code for developers. The code documentation
......
...@@ -17,7 +17,6 @@ def check_access(auth_type, access_level): ...@@ -17,7 +17,6 @@ def check_access(auth_type, access_level):
auth_type: either 'None', 'ACL', 'Basic', 'Digest' auth_type: either 'None', 'ACL', 'Basic', 'Digest'
access_level: the required access level. access_level: the required access level.
""" """
cherrypy.log.error('auth_type:%s'%auth_type)
realm = "pipeweb" realm = "pipeweb"
if auth_type == 'None': if auth_type == 'None':
#No autorization check required #No autorization check required
...@@ -41,7 +40,6 @@ def check_access(auth_type, access_level): ...@@ -41,7 +40,6 @@ def check_access(auth_type, access_level):
return False return False
password = dic.get(ah["username"], None) password = dic.get(ah["username"], None)
encrypt = lambda x:x encrypt = lambda x:x
cherrypy.log.error('password:%s'%password)
if cherrypy.lib.httpauth.checkResponse(ah, password, method=cherrypy.request.method, if cherrypy.lib.httpauth.checkResponse(ah, password, method=cherrypy.request.method,
encrypt=encrypt, realm=realm): encrypt=encrypt, realm=realm):
cherrypy.request.login = ah["username"] cherrypy.request.login = ah["username"]
......
...@@ -805,7 +805,10 @@ def start(config, config_file): ...@@ -805,7 +805,10 @@ def start(config, config_file):
from cherrypy.process.plugins import Daemonizer, PIDFile from cherrypy.process.plugins import Daemonizer, PIDFile
cherrypy.config.update(config) cherrypy.config.update(config)
cherrypy.config.update(config_file) cherrypy.config.update(config_file)
cherrypy.tree.mount(PipeIndex(),"",config) app = cherrypy.tree.mount(PipeIndex(),"",config)
if hasattr(app, 'toolboxes'):
# CherryPy 3.1+
app.toolboxes['pipeauth'] = auth.pipeauth
d = Daemonizer(cherrypy.engine) d = Daemonizer(cherrypy.engine)
d.subscribe() d.subscribe()
p = PIDFile(cherrypy.engine, config['global']['server.pidfile']) p = PIDFile(cherrypy.engine, config['global']['server.pidfile'])
......
#!/usr/bin/python
print "Content-type: text/html\r\n"
print """<html><head><META HTTP-EQUIV="Refresh" CONTENT="1; URL=/"></head><body>Restarting site ...<a href="/">click here<a></body></html>"""
import os
os.system('pipeweb start -H 127.0.0.1')
...@@ -13,5 +13,5 @@ setup(name='pipelet', ...@@ -13,5 +13,5 @@ setup(name='pipelet',
'pipelet.pipeline','pipelet.tracker', 'pipelet.repository', 'pipelet.launchers', 'pipelet.pipeline','pipelet.tracker', 'pipelet.repository', 'pipelet.launchers',
'pipelet.task', 'pipelet.utils', 'pipelet.web'], 'pipelet.task', 'pipelet.utils', 'pipelet.web'],
package_data={'pipelet': ['static/*']}, package_data={'pipelet': ['static/*']},
scripts=['scripts/pipeweb', 'scripts/pipeutils', 'scripts/pipeletd'] scripts=['scripts/pipeweb', 'scripts/pipeutils', 'scripts/pipeletd', 'scripts/pipeweb_autostart.cgi']
) )
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment