diff options
author | Pavlos Ratis <dastergon@gentoo.org> | 2013-09-17 16:05:40 +0300 |
---|---|---|
committer | Pavlos Ratis <dastergon@gentoo.org> | 2013-09-17 16:05:40 +0300 |
commit | bf347945379722bddc565b411a79ecc0b62dc256 (patch) | |
tree | 25a0f0b9c4c0380d5740298f71745f7ce423cdc2 | |
parent | Merge pull request #91 from mgorny/ensure-credentials-cleaned_up-on-exception (diff) | |
download | identity.gentoo.org-bf347945379722bddc565b411a79ecc0b62dc256.tar.gz identity.gentoo.org-bf347945379722bddc565b411a79ecc0b62dc256.tar.bz2 identity.gentoo.org-bf347945379722bddc565b411a79ecc0b62dc256.zip |
add documentation
-rw-r--r-- | docs/source/Makefile | 153 | ||||
-rw-r--r-- | docs/source/conf.py | 242 | ||||
-rw-r--r-- | docs/source/credits.rst | 14 | ||||
-rw-r--r-- | docs/source/getting_started/index.rst | 9 | ||||
-rw-r--r-- | docs/source/getting_started/installation.rst | 304 | ||||
-rw-r--r-- | docs/source/getting_started/troubleshooting.rst | 16 | ||||
-rw-r--r-- | docs/source/getting_started/workflow.rst | 99 | ||||
-rw-r--r-- | docs/source/index.rst | 32 | ||||
-rw-r--r-- | docs/source/userguide/features.rst | 27 | ||||
-rw-r--r-- | docs/source/userguide/index.rst | 8 | ||||
-rw-r--r-- | docs/source/userguide/libraries.rst | 90 |
11 files changed, 994 insertions, 0 deletions
diff --git a/docs/source/Makefile b/docs/source/Makefile new file mode 100644 index 0000000..10274a8 --- /dev/null +++ b/docs/source/Makefile @@ -0,0 +1,153 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +help: + @echo "Please use \`make <target>' where <target> is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + -rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/Okupy.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/Okupy.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/Okupy" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/Okupy" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." diff --git a/docs/source/conf.py b/docs/source/conf.py new file mode 100644 index 0000000..7a88108 --- /dev/null +++ b/docs/source/conf.py @@ -0,0 +1,242 @@ +# -*- coding: utf-8 -*- +# +# Okupy documentation build configuration file, created by +# sphinx-quickstart on Tue Sep 17 15:27:37 2013. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys, os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +#sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ----------------------------------------------------- + +# If your documentation needs a minimal Sphinx version, state it here. +#needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.autodoc', 'sphinx.ext.viewcode'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'Okupy' +copyright = u'2013, Gentoo Identity team' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '0.1' +# The full version, including alpha/beta/rc tags. +release = '0.1' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + + +# -- Options for HTML output --------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'haiku' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# "<project> v<release> documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_domain_indices = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +#html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +#html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a <link> tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'Okupydoc' + + +# -- Options for LaTeX output -------------------------------------------------- + +latex_elements = { +# The paper size ('letterpaper' or 'a4paper'). +#'papersize': 'letterpaper', + +# The font size ('10pt', '11pt' or '12pt'). +#'pointsize': '10pt', + +# Additional stuff for the LaTeX preamble. +#'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass [howto/manual]). +latex_documents = [ + ('index', 'Okupy.tex', u'Okupy Documentation', + u'Gentoo Identity team', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# If true, show page references after internal links. +#latex_show_pagerefs = False + +# If true, show URL addresses after external links. +#latex_show_urls = False + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_domain_indices = True + + +# -- Options for manual page output -------------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('index', 'okupy', u'Okupy Documentation', + [u'Gentoo Identity team'], 1) +] + +# If true, show URL addresses after external links. +#man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------------ + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'Okupy', u'Okupy Documentation', + u'Gentoo Identity team', 'Okupy', 'One line description of project.', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +#texinfo_appendices = [] + +# If false, no module index is generated. +#texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +#texinfo_show_urls = 'footnote' diff --git a/docs/source/credits.rst b/docs/source/credits.rst new file mode 100644 index 0000000..b08b96c --- /dev/null +++ b/docs/source/credits.rst @@ -0,0 +1,14 @@ +Credits +======= +Gentoo Identity team +-------------------- +* Theo Chatzimichos <tampakrap> +* Michał Górny <mgorny> +* Pavlos Ratis <dastergon> + +Contributors +------------ +* Your name could be here. + +.. note:: + To contact Gentoo Identity team add '@gentoo.org' next to each nickname or send your email to <okupy AT gentoo DOT org>. diff --git a/docs/source/getting_started/index.rst b/docs/source/getting_started/index.rst new file mode 100644 index 0000000..a649f9e --- /dev/null +++ b/docs/source/getting_started/index.rst @@ -0,0 +1,9 @@ +Getting Started +=============== + +.. toctree:: + :maxdepth: 2 + + installation + workflow + troubleshooting diff --git a/docs/source/getting_started/installation.rst b/docs/source/getting_started/installation.rst new file mode 100644 index 0000000..1e650ee --- /dev/null +++ b/docs/source/getting_started/installation.rst @@ -0,0 +1,304 @@ +Installation +************ + +Basic Requirements +------------------ +You need `Python 2.7`_, `Django 1.6`_, `git`_, `virtualenv`_, `OpenLDAP`_, `Python-LDAP`_, `SQLite3`_, `Memcached`_ and a Unix like OS. + +.. _`Python 2.7`: http://docs.python.org/2/ +.. _`Django 1.6`: https://docs.djangoproject.com/en/1.6/ +.. _`git`: http://git-scm.com/ +.. _`virtualenv`: http://www.virtualenv.org/en/latest/ +.. _`OpenLDAP`: http://www.openldap.org/ +.. _`Python-LDAP`: http://www.python-ldap.org/ +.. _`SQLite3`: https://www.sqlite.org/ +.. _`Memcached`: http://memcached.org/ + +Development Environment +------------------------ + +Installing okupy by hand +~~~~~~~~~~~~~~~~~~~~~~~~ +* Clone somewhere the gentoo-identity-bootstrap repository:: + + git clone git://github.com/dastergon/gentoo-identity-bootstrap + +* Clone (in a different directory) the identity.gentoo.org repository:: + + git clone git://github.com/gentoo/identity.gentoo.org + +* Get the dependencies (choose one of the followings): + +* With pip: + + * Optional: setup virtualenv + * Install the dependencies:: + + pip install -r requirements/base.txt --use-mirrors + +* With setup.py + + * Optional: setup virtualenv + * Install the dependencies:: + + ./setup.py install + +Installing the Gentoo way +~~~~~~~~~~~~~~~~~~~~~~~~~ +* Add the ``okupy`` overlay:: + + layman -a okupy + +* Install the dependencies:: + + ACCEPT_KEYWORDS="**" emerge --onlydeps okupy + +Configuration +~~~~~~~~~~~~~ + +* Copy the sample settings files:: + + $ cd identity.gentoo.org + $ cp okupy/settings/development.py.sample okupy/settings/development.py + $ cp okupy/settings/local_settings.py.sample okupy/settings/local_settings.py + +* Edit ``development.py``: + + * In `STATICFILES_DIRS`, replace ``/path/to/gentoo-identity-bootstrap`` with the absolute path that you cloned the gentoo-identity-bootstrap repository earlier. + +* Edit ``local_settings.py``: + + #. Add **sqlite3** db (sufficient for testing) + #. Add LDAP configuration (if applicable) + #. Configure **Memcached** + #. Sync the database:: + + python manage.py syncdb + + +Production Environment +---------------------- +* Create the dedicated user that will run okupy:: + + useradd -m okupy + +* Perform the same setup as for Development environment (using the okupy user). + +uWSGI setup +~~~~~~~~~~~ + * Install ``www-servers/uwsgi`` with ``USE=python`` + * Copy /etc/conf.d/uwsgi to /etc/conf.d/uwsgi.okupy + * Put the following options in ``/etc/conf.d/uwsgi.okupy``:: + + UWSGI_SOCKET=/home/okupy/okupy.wsgi + UWSGI_LOG_FILE=/home/okupy/uwsgi.okupy.log + UWSGI_DIR=/home/okupy/identity.gentoo.org + UWSGI_USER=okupy + UWSGI_GROUP=okupy + # buffer-size is necessary to pass SSL certificates + UWSGI_EXTRA_OPTIONS='--buffer-size 65536 --plugins python27 --wsgi okupy.wsgi' + + * Symlink ``/etc/init.d/uwsgi.okupy`` to ``/etc/init.d/uwsgi``, and start it:: + + ln -s /etc/init.d/uwsgi.okupy /etc/init.d/uwsgi + /etc/init.d/uwsgi.okupy start + +NGINX setup +~~~~~~~~~~~ +* Install ``www-servers/nginx``:: + + emerge -av www-servers/nginx + +* Copy the server certificates and private keys to ``/etc/ssl/nginx/`` +* Concatenate all the allowed CA certificates for client auth:: + + cat /etc/ssl/* > /etc/ssl/nginx/all_certs.pem + +* Add the following options in ``/etc/nginx/nginx.conf``:: + + http { + ssl_session_cache shared:SSL:10m; + + upstream okupy { + # connect to uWSGI + server unix:///home/okupy/okupy.wsgi; + } + + server { + listen 0.0.0.0; + server_name identity.example.gr; + + access_log /var/log/nginx/localhost.access_log main; + error_log /var/log/nginx/localhost.error_log info; + + root /var/www/localhost/htdocs; + + # redirect all http traffic to https:// + location / { + rewrite ^ https://$http_HOST$request_uri permanent; + } + } + + server { + listen 0.0.0.0:443; + server_name identity.example.gr; + + ssl on; + # certificates for the main domain + ssl_certificate /etc/ssl/nginx/identity_example_gr_cacert.crt; + ssl_certificate_key /etc/ssl/nginx/identity_example_gr.key; + ssl_session_timeout 10m; + + access_log /var/log/nginx/localhost.ssl_access_log main; + error_log /var/log/nginx/localhost.ssl_error_log info; + + root /var/www/localhost/htdocs; + + location /static { + alias /home/identity/identity.gentoo.org/static; + } + + location / { + uwsgi_pass okupy; + include /etc/nginx/uwsgi_params; + } + } + + server { + listen 0.0.0.0:443; + server_name auth.identity.example.gr; + + ssl on; + # certificates for auth. subdomain + ssl_certificate /etc/ssl/nginx/auth_identity_example_gr_cacert.crt; + ssl_certificate_key /etc/ssl/nginx/auth_identity_example_gr.key; + ssl_client_certificate /etc/ssl/nginx/all_certs.pem; + + # verify_client == ask for user certificate + ssl_session_timeout 30s; + ssl_verify_client optional; + + access_log /var/log/nginx/localhost.ssl_access_log main; + error_log /var/log/nginx/localhost.ssl_error_log info; + + root /var/www/localhost/htdocs; + + location /static { + alias /home/identity/identity.gentoo.org/static; + } + + location / { + uwsgi_pass okupy; + include /etc/nginx/uwsgi_params; + + # pass certificate verification result + # and the certificate (so we could extract e-mails) + uwsgi_param SSL_CLIENT_VERIFY $ssl_client_verify; + uwsgi_param SSL_CLIENT_RAW_CERT $ssl_client_raw_cert; + } + } + } + +Additional +---------- + +virtualenv +~~~~~~~~~~ +* Install virtualenv (replace the following command with an equivalent in case you are working in a non-Gentoo distro):: + + emerge -av dev-python/virtualenv + virtualenv .virtualenv + source .virtualenv/bin/activate + +* The ``.virtualenv`` directory is already in ``.gitignore``, so please prefer this name. +* The ``deactivate`` command will exit the virtual environment. + +memcached +~~~~~~~~~ +* Copy ``/etc/conf.d/memcached`` to ``/etc/conf.d/memcached.okupy``:: + + cp /etc/conf.d/memcached /etc/conf.d/memcached.okupy + +* Symlink ``/etc/init.d/memcached.okupy`` to ``/etc/init.d/memcached``:: + + ln -s /etc/init.d/memcached /etc/init.d/memcached.okupy + +* Put the following data in ``/etc/conf.d/memcached.okupy``:: + + # The user that will be running okupy + MEMCACHED_RUNAS="okupy" + # disable TCP/IP + LISTENON="" + PORT="" + # enable UNIX socket (put correct path here as well) + MISC_OPTS="-s /home/okupy/memcached.sock" + +* Edit ``okupy/settings/local.py`` and put the same path in CACHES:: + + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': 'unix://home/okupy/memcached.sock', + } + } + + +* Start memcached:: + + /etc/init.d/memcached.okupy start + +openLDAP +~~~~~~~~ + +.. note:: + We have a testing instance on ldap://evidence.tamapkrap.gr + If you want to contribute, contact <okupy AT gentoo DOT org> to get the certificates and the rootDN credentials. + +* openLDAP Server + + (TODO) + +* OpenLDAP client only + + * Install OpenLDAP package:: + + USE="minimal" emerge -av openldap + + * Put the certificates in ``/etc/openldap/ssl`` + * Put the following content in ``/etc/openldap/ldap.conf``:: + + BASE dc=example, dc=gr + SIZELIMIT 0 + TIMELIMIT 10 + TLS_REQCERT demand + TLS_CACERT /etc/openldap/ssl/cacert.pem + TLS_CERT /etc/openldap/ssl/identity.example.gr.crt + TLS_KEY /etc/openldap/ssl/identity.example.gr.key + URI ldap://identity.example.gr + + * In ``settings/local.py``:: + + AUTH_LDAP_SERVER_URI = 'ldap://identity.example.gr' + AUTH_LDAP_CONNECTION_OPTIONS = { + ldap.OPT_X_TLS_DEMAND: False, + } + + AUTH_LDAP_BIND_DN = + AUTH_LDAP_BIND_PASSWORD = + + AUTH_LDAP_ADMIN_BIND_DN = '(the rootDN you got from example)' + AUTH_LDAP_ADMIN_BIND_PASSWORD = '(the rootpw you got from example)' + + AUTH_LDAP_USER_ATTR = 'uid' + AUTH_LDAP_USER_BASE_DN = 'ou=users,dc=example,dc=gr' + + AUTH_LDAP_PERMIT_EMPTY_PASSWORD = False + + AUTH_LDAP_START_TLS = True + + # objectClasses that are used by any user + AUTH_LDAP_USER_OBJECTCLASS = ['top', 'person', 'organizationalPerson', + 'inetOrgPerson', 'posixAccount', 'shadowAccount', 'ldapPublicKey', 'gentooGroup'] + # additional objectClasses that are used by developers + AUTH_LDAP_DEV_OBJECTCLASS = ['gentooDevGroup'] + diff --git a/docs/source/getting_started/troubleshooting.rst b/docs/source/getting_started/troubleshooting.rst new file mode 100644 index 0000000..b294efc --- /dev/null +++ b/docs/source/getting_started/troubleshooting.rst @@ -0,0 +1,16 @@ +Troubleshooting +=============== +In a python terminal:: + + import ldap + l = ldap.initialize('ldap://identity.example.gr') + l.start_tls_s() + l.simple_bind_s() + l.search_s('ou=users,dc=example,dc=gr', ldap.SCOPE_SUBTREE) + +In a ``./manage.py`` shell terminal:: + + from okupy.accounts.models import LDAPUser + users = LDAPUser.objects.all() + wolverine = LDAPUser.objects.get(username='wolverine') + diff --git a/docs/source/getting_started/workflow.rst b/docs/source/getting_started/workflow.rst new file mode 100644 index 0000000..b59eefe --- /dev/null +++ b/docs/source/getting_started/workflow.rst @@ -0,0 +1,99 @@ +Workflow +======== + +Commit and branches +------------------- +* Avoid creating new branches in the main repository, prefer to work on your fork instead. +* Never commit anything to master. +* Always submit a Pull Request instead. + +Pull Requests +------------- +* Pull Requests have to be reviewed by at least one other person and get his +1. +* travis-ci will run the tests against a submitted Pull Request, needless to say they should pass. + +Tests +----- +Categories +~~~~~~~~~~ +They are in ``okupy/tests`` directory, separated in four categories: + +* **Unit tests**: They test units. No http requests are allowed. They usually test models, forms, and custom classes/methods. They use django.test.unittest. +* **Integration tests**: They mostly involve http requests using Client(). Usually they test views. They use django.test.unittest. +* **Functional tests**: They usually test general functionality, as well as javascript. They work on a mocked up environment with no real database or LDAP server. They use selenium. +* **Acceptance tests**: They test general functionality, also with selenium, but run against a real environment. + +Try to submit unit and/or integration tests along with your code. + +Running the tests +~~~~~~~~~~~~~~~~~ +* The command to run the tests is:: + + python manage.py test --settings=okupy.tests.settings + +* There is a helper script in ``bin/`` directory:: + + bin/runtests -s + +Coverage report +--------------- +* You need to emerge ``dev-python/coverage`` or ``pip install coverage``. +* The command to run the tests then becomes:: + + coverage run manage.py test --settings=okupy.tests.settings + +* You need to run the following command then to get the report:: + + coverage report -m + +* Or by using the ``bin/runtests`` script, which will print the coverage report as well:: + + bin/runtests -s -c + +Flake8 report +~~~~~~~~~~~~~ +* You need to ``emerge dev-python/flake8`` or ``pip install flake8``. +* To run `flake8` the command is:: + + flake8 . --exclude=./okupy/tests/settings.py,./okupy/settings,setup.py + +* Using the ``bin/runtests`` script:: + + bin/runtests -s -f + +TDaemon +~~~~~~~ +If you're working with TDD_, you could use ``dev-python/tdaemon``, which runs the tests every time a filesystem action is performed under your identity.g.o checked out directory. + +* In order to run it, cd to your local identity.g.o dir and run:: + + tdaemon -t django --custom-args="--settings=okupy.tests.settings + +* Using the bin/runtests script:: + + bin/runtests -s -t + +* To trigger a tdaemon test run:: + + bin/trigger_tdaemon_run + +.. _TDD: https://en.wikipedia.org/wiki/Test-driven_development + +Settings +-------- +We split the settings file in the following modules: + +* **__init__.py**: Settings variables that are generic and static without depending if the environment is production or development. +* **production.py**: Settings variables that are bound to production environment. +* **development.py.sample**: Settings variables that are bound to development environment. They are provided through a sample file, since they could be different between various development environments. +* **local.py.sample**: Settings variables that need clarification in any environment. + +Tests have their own settings file under ``okupy/tests/settings.py`` + +External services +~~~~~~~~~~~~~~~~~ +* travis-ci.org_: Runs the tests after every commit, and against every Pull Request +* coveralls.io_: Gathers statistics about test coverage + +.. _travis-ci.org: https://travis-ci.org/ +.. _coveralls.io: https://coveralls.io/ diff --git a/docs/source/index.rst b/docs/source/index.rst new file mode 100644 index 0000000..122ebe2 --- /dev/null +++ b/docs/source/index.rst @@ -0,0 +1,32 @@ +.. doccy documentation master file, created by + sphinx-quickstart on Wed Sep 4 23:53:22 2013. + You can adapt this file completely to your liking, but it should at least + contain the root `toctree` directive. + +Welcome to okupy's documentation! +================================= + +**Gentoo Identity** (codename: Okupy) is a Django_ LDAP_ webUI and OpenID_ provider for the Gentoo_ Linux project. Okupy aims to allow Gentoo users and developers to configure easily their attributes from Gentoo’s LDAP server. + +.. _Django: http://www.djangoproject.com/ +.. _Gentoo: https://gentoo.org +.. _LDAP: https://en.wikipedia.org/wiki/OpenLDAP +.. _OpenID: http://openid.net/get-an-openid/what-is-openid/ + +Contents: + +.. toctree:: + :maxdepth: 2 + + getting_started/index + userguide/index + credits + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`modindex` +* :ref:`search` + diff --git a/docs/source/userguide/features.rst b/docs/source/userguide/features.rst new file mode 100644 index 0000000..63eff3d --- /dev/null +++ b/docs/source/userguide/features.rst @@ -0,0 +1,27 @@ +Features List +============= + +List of all current available features. + +Web interface +------------- + +Features in Identity web interface. + +Personal Information +~~~~~~~~~~~~~~~~~~~~ +* View Personal LDAP Attributes +* Edit Personal LDAP Attributes + +Lists +~~~~~~~~~ +* Developers List +* Former Developers List +* Gentoo Foundation Members + +Authentication +-------------- +* Classic Web Form Authentication +* `One Time Password (OTP) <https://en.wikipedia.org/wiki/One-time_password>`_ - Two Factor Authentication +* SSH Authentication +* SSL Certificate Authentication diff --git a/docs/source/userguide/index.rst b/docs/source/userguide/index.rst new file mode 100644 index 0000000..3ef3097 --- /dev/null +++ b/docs/source/userguide/index.rst @@ -0,0 +1,8 @@ +User's guide +=============== + +.. toctree:: + :maxdepth: 2 + + features + libraries diff --git a/docs/source/userguide/libraries.rst b/docs/source/userguide/libraries.rst new file mode 100644 index 0000000..449ff3b --- /dev/null +++ b/docs/source/userguide/libraries.rst @@ -0,0 +1,90 @@ +Libraries +========= + +Back-end +-------- + +Core +~~~~ +* `Python <http://python.org/>`_: + An interpreted, interactive, object-oriented programming language +* `Django <http://pypi.python.org/pypi/Django>`_: + High-level Python web framework + + +Authentication & Security +~~~~~~~~~~~~~~~~~~~~~~~~~ + +* `django-otp <https://pypi.python.org/pypi/django-otp>`_: + A pluggable framework for adding two-factor authentication to Django using one-time passwords. +* `paramiko <http://pypi.python.org/pypi/paramiko>`_: + SSH2 protocol library. +* `passlib <http://code.google.com/p/passlib/>`_: + Password hashing framework supporting over 20 schemes. +* `pycrypto <http://pypi.python.org/pypi/pycrypto>`_: + Python Cryptography Toolkit. +* `pyOpenSSL <http://pypi.python.org/pypi/pyOpenSSL>`_: + Python Interface to the OpenSSL library. +* `python-openid <http://pypi.python.org/pypi/python-openid>`_: + OpenID support for servers and consumers. + +LDAP +~~~~ + +* `django-auth-ldap <http://pypi.python.org/pypi/django-auth-ldap>`_: + Django LDAP authentication backend +* `django-ldapdb <https://github.com/tampakrap/django-ldapdb@okupy>`_: + LDAP database backend for Django. +* `python-ldap <http://pypi.python.org/pypi/python-ldap>`_: + Various LDAP-related Python modules + +Database +~~~~~~~~ + +* `SQLite3 <https://sqlite.org>`_: + SQLite: an SQL Database Engine in a C Library. + +Caching +~~~~~~~ + +* `django-compressor <http://pypi.python.org/pypi/django_compressor/>`_: + Allows to define regrouped/postcompiled content 'on the fly' inside of django template. +* `python-memcached <http://pypi.python.org/pypi/python-memcached>`_: + Pure Python memcached client. + +Testing +~~~~~~~ + +* `django-discover-runner <https://pypi.python.org/pypi/django-discover-runner>`_: + A Django test runner based on unittest2's test discovery. +* `mock <http://pypi.python.org/pypi/mock>`_: + A Python Mocking and Patching Library for Testing. +* `mockldap <https://pypi.python.org/pypi/mockldap>`_: + A simple mock implementation of python-ldap. + +Various +~~~~~~~ + +* `pytz <http://pypi.python.org/pypi/pytz>`_: + World timezone definitions for Python. +* `qrcode <https://pypi.python.org/pypi/qrcode/3.0>`_: + QR Code generator on top of PIL. + +Optional +~~~~~~~~ +* `MySQL <http://pypi.python.org/pypi/MySQL-python>`_: + Python interface to MySQL. +* `PostgreSQL <http://pypi.python.org/pypi/psycopg2>`_: + PostgreSQL database adapter for Python. + +Front-end +--------- +CSS +~~~ +* `Bootstrap <http://getbootstrap.com/>`_: + Sleek, intuitive, and powerful front-end framework for faster and easier web development. + +Javascript +~~~~~~~~~~ +* `jQuery <http://jquery.com/>`_: + The jQuery JavaScript library. |