From c648281a1b1c237c76870fe83a9472c4129452b7 Mon Sep 17 00:00:00 2001
From: Christian Dresen <c.dresen@fh-muenster.de>
Date: Thu, 18 Aug 2016 19:20:20 +0200
Subject: [PATCH] Added config.ini
---
www/Dockerfile | 2 +
www/conf/config.example.ini | 22 +++++++
www/nginx/nginx_warpinfra.conf | 2 +-
www/nginx/uwsgi.ini | 2 +-
www/run_dev.sh | 3 +-
www/run_prod.sh | 1 +
www/web/warpzone/settings.py | 107 ++++++++++++---------------------
7 files changed, 67 insertions(+), 72 deletions(-)
create mode 100644 www/conf/config.example.ini
diff --git a/www/Dockerfile b/www/Dockerfile
index a35c6c9..b912afc 100644
--- a/www/Dockerfile
+++ b/www/Dockerfile
@@ -32,6 +32,8 @@ RUN pip3 install \
RUN ln -s /opt/nginx/nginx_warpinfra.conf /etc/nginx/sites-enabled/
RUN rm /etc/nginx/sites-enabled/default
+RUN mkdir /opt/socket/
+
COPY misc/ldapdb_base.py /usr/local/lib/python2.7/dist-packages/ldapdb/backends/ldap/base.py
COPY misc/entrypoint.sh /opt/entrypoint.sh
diff --git a/www/conf/config.example.ini b/www/conf/config.example.ini
new file mode 100644
index 0000000..8748096
--- /dev/null
+++ b/www/conf/config.example.ini
@@ -0,0 +1,22 @@
+[debug]
+DEBUG = true
+
+[security]
+SECRET_KEY = '4m4c(_$ubwued9p-insp!950g&r0yu851bp287$2a3ydj^y=0='
+PW_RESET_TOKEN_LIFETIME = 5
+
+[ldap]
+LDAP_HOST = ldap
+LDAP_BIND_DN = cn=admin,dc=warpzone,dc=ms
+LDAP_PASSWORD = k7dAw8j2
+
+LDAP_USER_SEARCH_PATH = ou=users,dc=warpzone,dc=ms
+LDAP_GROUP_SEARCH_PATH = dc=warpzone,dc=ms
+LDAP_USER_SEARCH_FILTER = (uid=%(user)s)
+
+LDAP_GROUP_IS_ACTIVE = cn=active,ou=groups,dc=warpzone,dc=ms
+LDAP_GROUP_IS_STAFF = cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms
+LDAP_GROUP_SUPERUSER = cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms
+
+[misc]
+LOG_PATH = /var/log/
\ No newline at end of file
diff --git a/www/nginx/nginx_warpinfra.conf b/www/nginx/nginx_warpinfra.conf
index d5bb926..2c993ba 100644
--- a/www/nginx/nginx_warpinfra.conf
+++ b/www/nginx/nginx_warpinfra.conf
@@ -1,5 +1,5 @@
upstream django {
- server unix:///tmp/warpinfra.sock;
+ server unix:///opt/socket/warpinfra.sock;
}
server {
diff --git a/www/nginx/uwsgi.ini b/www/nginx/uwsgi.ini
index cac057f..756e891 100644
--- a/www/nginx/uwsgi.ini
+++ b/www/nginx/uwsgi.ini
@@ -4,7 +4,7 @@ module=warpzone.wsgi:application
master=True
pidfile=/tmp/warpinfra.pid
vacuum=True
-socket=/tmp/warpinfra.sock
+socket=/opt/socket/warpinfra.sock
max-requests=5000
daemonize=/var/log/uwsgi.log
processes = 10
diff --git a/www/run_dev.sh b/www/run_dev.sh
index 48e1990..b32520a 100644
--- a/www/run_dev.sh
+++ b/www/run_dev.sh
@@ -6,7 +6,8 @@ docker rm warpinfra
docker run \
-v $SCRIPTPATH/web:/opt/warpinfra \
- -v $SCRIPTPATH/nginx:/opt/nginx \
+ -v $SCRIPTPATH/nginx:/opt/nginx \
+ -v $SCRIPTPATH/conf/config.example.ini:/etc/warpinfra/config.ini \
--link ldap-service:ldap \
--name warpinfra \
-p 8000:443 \
diff --git a/www/run_prod.sh b/www/run_prod.sh
index 1a0869b..d9cb938 100644
--- a/www/run_prod.sh
+++ b/www/run_prod.sh
@@ -8,6 +8,7 @@ docker rm warpinfra
docker run \
--link ldap-service:ldap \
--name warpinfra \
+ --volume /tmp/warpinfra:/opt/socket \
-p 8000:443 \
-itd \
warpinfra
diff --git a/www/web/warpzone/settings.py b/www/web/warpzone/settings.py
index 9b68203..8e41ed5 100644
--- a/www/web/warpzone/settings.py
+++ b/www/web/warpzone/settings.py
@@ -1,49 +1,43 @@
-"""
-Django settings for FlagHunter project.
+import os
+import ldap
+import logging
+import configparser
+from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
-Generated by 'django-admin startproject' using Django 1.8.3.
+BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
-For more information on this file, see
-https://docs.djangoproject.com/en/1.8/topics/settings/
-For the full list of settings and their values, see
-https://docs.djangoproject.com/en/1.8/ref/settings/
-"""
+# READ FROM CONFIG FILE
+config = configparser.RawConfigParser()
+config.read('/etc/warpinfra/config.ini')
-#
-# MAIN TO DO LIST
-#
-# ToDo: Add Content Security Policy
-# ToDo: Fix UTF-8 for all Strings
+# LDAP
+LDAP_HOST = "ldap://"+config.get('ldap','LDAP_HOST')
+LDAP_BIND_DN = config.get('ldap','LDAP_BIND_DN')
+LDAP_PASSWORD = config.get('ldap','LDAP_PASSWORD')
+LDAP_USER_SEARCH_PATH = config.get('ldap','LDAP_USER_SEARCH_PATH')
+LDAP_GROUP_SEARCH_PATH = config.get('ldap','LDAP_GROUP_SEARCH_PATH')
+LDAP_USER_SEARCH_FILTER = config.get('ldap','LDAP_USER_SEARCH_FILTER')
-# Build paths inside the project like this: os.path.join(BASE_DIR, ...)
-import os
-import ldap
-from django_auth_ldap.config import LDAPSearch, GroupOfNamesType, PosixGroupType
-import logging
-
-BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
+LDAP_GROUP_IS_ACTIVE = config.get('ldap','LDAP_GROUP_IS_ACTIVE')
+LDAP_GROUP_IS_STAFF = config.get('ldap','LDAP_GROUP_IS_STAFF')
+LDAP_GROUP_SUPERUSER = config.get('ldap','LDAP_GROUP_SUPERUSER')
+# SECURITY
+PW_RESET_TOKEN_LIFETIME = config.get('security','PW_RESET_TOKEN_LIFETIME')
+SECRET_KEY = config.get('security','SECRET_KEY')
-# Quick-start development settings - unsuitable for production
-# See https://docs.djangoproject.com/en/1.8/howto/deployment/checklist/
+# DEBUG
+DEBUG = config.getboolean('debug','DEBUG')
-# SECURITY WARNING: keep the secret key used in production secret!
-SECRET_KEY = '4m4c(_$ubwued9p-insp!950g&r0yu851bp287$2a3ydj^y=0='
-
-# SECURITY WARNING: don't run with debug turned on in production!
-DEBUG = True
MEDIA_ROOT = 'templates/media/'
MEDIA_URL = '/media/'
ALLOWED_HOSTS = []
-
-# Application definition
-
INSTALLED_APPS = (
'django.contrib.admin',
'django.contrib.auth',
@@ -107,9 +101,9 @@ DATABASES = {
},
'ldap': {
'ENGINE': 'ldapdb.backends.ldap',
- 'NAME': 'ldap://ldap/',
- 'USER': 'cn=admin,dc=warpzone,dc=ms',
- 'PASSWORD': 'k7dAw8j2',
+ 'NAME': LDAP_HOST,
+ 'USER': LDAP_BIND_DN,
+ 'PASSWORD': LDAP_PASSWORD
}
}
DATABASE_ROUTERS = ['ldapdb.router.Router']
@@ -117,13 +111,9 @@ DATABASE_ROUTERS = ['ldapdb.router.Router']
# https://docs.djangoproject.com/en/1.8/topics/i18n/
LANGUAGE_CODE = 'en-us'
-
TIME_ZONE = 'Europe/Berlin'
-
USE_I18N = True
-
USE_L10N = True
-
USE_TZ = False
@@ -142,38 +132,31 @@ AUTHENTICATION_BACKENDS = (
# AUTH LDAP SETTINGS
#
-#AUTH_LDAP_SERVER_URI = "ldap://s1.dyhost.de"
-AUTH_LDAP_SERVER_URI = "ldap://ldap"
-
-AUTH_LDAP_BIND_DN = "cn=admin,dc=warpzone,dc=ms"
-AUTH_LDAP_BIND_PASSWORD = "k7dAw8j2"
+AUTH_LDAP_SERVER_URI = LDAP_HOST
+AUTH_LDAP_BIND_DN = LDAP_BIND_DN
+AUTH_LDAP_BIND_PASSWORD = LDAP_PASSWORD
-
-AUTH_LDAP_USER_SEARCH_PATH = "ou=users,dc=warpzone,dc=ms"
-AUTH_LDAP_USER_SEARCH_FILTER = "(uid=%(user)s)"
-
-AUTH_LDAP_USER_SEARCH = LDAPSearch(AUTH_LDAP_USER_SEARCH_PATH,
- ldap.SCOPE_SUBTREE, AUTH_LDAP_USER_SEARCH_FILTER)
+AUTH_LDAP_USER_SEARCH = LDAPSearch(LDAP_USER_SEARCH_PATH,
+ ldap.SCOPE_SUBTREE, LDAP_USER_SEARCH_FILTER)
AUTH_LDAP_USER_ATTR_MAP = {"first_name": "givenName", "last_name": "sn", "email": "mail"}
AUTH_LDAP_PROFILE_ATTR_MAP = {"home_directory": "homeDirectory"}
-AUTH_LDAP_GROUP_SEARCH_PATH = "dc=warpzone,dc=ms"
-AUTH_LDAP_GROUP_SEARCH = LDAPSearch(AUTH_LDAP_GROUP_SEARCH_PATH,
+
+AUTH_LDAP_GROUP_SEARCH = LDAPSearch(LDAP_GROUP_SEARCH_PATH,
ldap.SCOPE_SUBTREE, "(objectClass=posixGroup)"
)
AUTH_LDAP_GROUP_TYPE = PosixGroupType()
+
AUTH_LDAP_USER_FLAGS_BY_GROUP = {
- "is_active": "cn=active,ou=groups,dc=warpzone,dc=ms",
- "is_staff": ["cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms",
- "cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms"],
- "is_superuser": "cn=superuser,ou=groups,ou=warpauth,ou=infrastructure,dc=warpzone,dc=ms"
+ "is_active": LDAP_GROUP_IS_ACTIVE,
+ "is_staff": [LDAP_GROUP_IS_STAFF, LDAP_GROUP_SUPERUSER],
+ "is_superuser": LDAP_GROUP_SUPERUSER
}
AUTH_LDAP_FIND_GROUP_PERMS = True
-
AUTH_LDAP_CACHE_GROUPS = True
AUTH_LDAP_GROUP_CACHE_TIMEOUT = 10
@@ -185,20 +168,6 @@ hdlr.setFormatter(formatter)
logger.addHandler(hdlr)
logger.setLevel(logging.DEBUG)
-logger1 = logging.getLogger('main')
-hdlr = logging.FileHandler('/tmp/main.log')
-formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s')
-hdlr.setFormatter(formatter)
-logger1.addHandler(hdlr)
-logger1.setLevel(logging.DEBUG)
-
-#
-# MISC
-#
-
-# Lifetime of Password Reset Token in Minutes
-PW_RESET_TOKEN_LIFETIME = 5
-
STATIC_URL = '/static/'
STATIC_ROOT = os.path.join(BASE_DIR, "static")
--
GitLab