Commit 134e03c2 authored by Christos Stavrakakis's avatar Christos Stavrakakis
Browse files

Improve settings related to ASTAKOS url

Rename 'PITHOS_AUTHENTICATION_URL' setting to 'ASTAKOS_URL'. Also remove
'PITHOS_AUTHENTICATION_USERS' from docs (it was removed from code in
commit 8df4fae).

Modify 'ASTAKOS_URL' to point to the node hosting the Astakos service
instead of im endpoint, i.e. rename from
'accounts.example.org/im/authenticate' to 'accounts.example.org'.
parent da54e986
......@@ -847,12 +847,11 @@ this options:
.. code-block:: console
PITHOS_BACKEND_DB_CONNECTION = 'postgresql://synnefo:example_passw0rd@node1.example.com:5432/snf_pithos'
ASTAKOS_URL = 'https://node1.example.com/'
PITHOS_BACKEND_DB_CONNECTION = 'postgresql://synnefo:example_passw0rd@node1.example.com:5432/snf_pithos'
PITHOS_BACKEND_BLOCK_PATH = '/srv/pithos/data'
PITHOS_AUTHENTICATION_URL = 'https://node1.example.com/im/authenticate'
PITHOS_AUTHENTICATION_USERS = None
PITHOS_SERVICE_TOKEN = 'pithos_service_token22w=='
PITHOS_USER_CATALOG_URL = 'https://node1.example.com/user_catalogs'
......@@ -878,9 +877,8 @@ the pithos+ backend data. Above we tell pithos+ to store its data under
``/srv/pithos/data``, which is visible by both nodes. We have already setup this
directory at node1's "Pithos+ data directory setup" section.
The ``PITHOS_AUTHENTICATION_URL`` option tells to the pithos+ app in which URI
is available the astakos authentication api. If not set, pithos+ tries to
authenticate using the ``PITHOS_AUTHENTICATION_USERS`` user pool.
The ``ASTAKOS_URL`` option tells to the pithos+ app in which URI
is available the astakos authentication api.
The ``PITHOS_SERVICE_TOKEN`` should be the Pithos+ token returned by running on
the Astakos node (node1 in our case):
......@@ -1705,14 +1703,14 @@ Edit ``/etc/synnefo/20-snf-cyclades-app-api.conf``:
.. code-block:: console
ASTAKOS_URL = 'https://node1.example.com/im/authenticate'
ASTAKOS_URL = 'https://node1.example.com/'
# Set to False if astakos & cyclades are on the same host
CYCLADES_PROXY_USER_SERVICES = False
The ``ASTAKOS_URL`` denotes the authentication endpoint for Cyclades and is set
to point to Astakos (this should have the same value with Pithos+'s
``PITHOS_AUTHENTICATION_URL``, setup :ref:`previously <conf-pithos>`).
``ASTAKOS_URL``, setup :ref:`previously <conf-pithos>`).
.. warning::
......
......@@ -59,7 +59,7 @@ In `/etc/synnefo/cyclades.conf` add:
GANETI_DISK_TEMPLATES = ('blockdev', 'diskless', 'drbd', 'file', 'plain',
'rbd', 'sharedfile', 'ext')
ASTAKOS_URL = 'https://accounts.example.com/im/authenticate'
ASTAKOS_URL = 'https://accounts.example.com/'
SECRET_ENCRYPTION_KEY= "oEs0pt7Di1mkxA0P6FiK"
......
......@@ -57,8 +57,7 @@ In `/etc/synnefo/pithos.conf` add:
.. code-block:: console
PITHOS_AUTHENTICATION_URL = 'https:/accounts.example.com/im/authenticate'
PITHOS_AUTHENTICATION_USERS = None
ASTAKOS_URL = 'https:/accounts.example.com/'
PITHOS_USER_CATALOG_URL = 'https://accounts.example.com/user_catalogs'
PITHOS_USER_FEEDBACK_URL = 'https://accounts.example.com/feedback'
PITHOS_USER_LOGIN_URL = 'https://accounts.example.com/login'
......
......@@ -110,7 +110,7 @@
#DEFAULT_GANETI_DISK_TEMPLATE = 'drbd'
#
## The URL of an astakos instance that will be used for user authentication
#ASTAKOS_URL = 'https://astakos.okeanos.grnet.gr/im/authenticate'
#ASTAKOS_URL = 'https://accounts.example.org/'
#
## Key for password encryption-decryption. After changing this setting, synnefo
## will be unable to decrypt all existing Backend passwords. You will need to
......
......@@ -110,7 +110,7 @@ GANETI_DISK_TEMPLATES = ('blockdev', 'diskless', 'drbd', 'file', 'plain',
DEFAULT_GANETI_DISK_TEMPLATE = 'drbd'
# The URL of an astakos instance that will be used for user authentication
ASTAKOS_URL = 'https://astakos.okeanos.grnet.gr/im/authenticate'
ASTAKOS_URL = 'https://accounts.example.org/'
# Key for password encryption-decryption. After changing this setting, synnefo
# will be unable to decrypt all existing Backend passwords. You will need to
......
......@@ -184,12 +184,13 @@ def user_for_token(token, authentication_url, usage=False):
def get_user(
request,
authentication_url='http://127.0.0.1:8000/im/authenticate',
astakos_url='http://127.0.0.1:8000/im/authenticate',
fallback_token=None,
usage=False):
request.user = None
request.user_uniq = None
authentication_url = astakos_url + "im/authenticate"
# Try to find token in a parameter or in a request header.
user = user_for_token(
request.GET.get('X-Auth-Token'), authentication_url,
......@@ -236,8 +237,7 @@ class UserCache(object):
def __init__(self, astakos_url, astakos_token, split=100):
self.astakos_token = astakos_token
self.astakos_url = astakos_url
self.user_catalog_url = astakos_url.replace("im/authenticate",
"service/api/user_catalogs")
self.user_catalog_url = astakos_url + "service/api/user_catalogs"
self.users = {}
self.split = split
......
......@@ -30,7 +30,7 @@ Configure in ``settings.py`` or a ``.conf`` file in ``/etc/synnefo`` if using sn
=============================== ================================================================ ============================================================
Name Default value Description
=============================== ================================================================ ============================================================
PITHOS_AUTHENTICATION_URL \https://<astakos.host>/im/authenticate/ Astakos Authentication URL
ASTAKOS_URL \https://<astakos.host>/ Astakos Authentication URL
PITHOS_ASTAKOS_COOKIE_NAME _pithos2_a Cookie name to retrieve fallback token
PITHOS_BACKEND_DB_MODULE pithos.backends.lib.sqlalchemy
PITHOS_BACKEND_DB_CONNECTION sqlite:////tmp/pithos-backend.db SQLAlchemy database connection string
......
#PITHOS_AUTHENTICATION_URL = 'https://accounts.example.synnefo.org/im/authenticate/'
#ASTAKOS_URL = 'https://accounts.example.synnefo.org/'
# Cookie name to search for fallback token
#PITHOS_ASTAKOS_COOKIE_NAME = '_pithos2_a'
......
......@@ -40,7 +40,8 @@ from django.utils.http import parse_etags
from django.utils.encoding import smart_str
from django.views.decorators.csrf import csrf_exempt
from snf_django.lib.astakos import get_user, get_uuids as _get_uuids
from django.conf import settings
from snf_django.lib.astakos import get_uuids as _get_uuids
from snf_django.lib import api
from snf_django.lib.api import faults
......@@ -61,7 +62,7 @@ from pithos.api.util import (
)
from pithos.api.settings import (UPDATE_MD5, TRANSLATE_UUIDS,
SERVICE_TOKEN, AUTHENTICATION_URL)
SERVICE_TOKEN)
from pithos.backends.base import (
NotAllowedError, QuotaError, ContainerNotEmpty, ItemNotExists,
......@@ -77,10 +78,8 @@ logger = logging.getLogger(__name__)
def get_uuids(names):
try:
uuids = _get_uuids(SERVICE_TOKEN, names,
url=AUTHENTICATION_URL.replace(
'im/authenticate',
'service/api/user_catalogs'))
url = settings.ASTAKOS_URL + "/service/api/user_catalogs"
uuids = _get_uuids(SERVICE_TOKEN, names, url=url)
except Exception, e:
logger.exception(e)
return {}
......
#coding=utf8
from django.conf import settings
AUTHENTICATION_URL = getattr(settings, 'PITHOS_AUTHENTICATION_URL',
'https://accounts.example.synnefo.org/im/authenticate/')
ASTAKOS_URL = AUTHENTICATION_URL.replace("im/authenticate/", "")
COOKIE_NAME = getattr(settings, 'PITHOS_ASTAKOS_COOKIE_NAME', '_pithos2_a')
# SQLAlchemy (choose SQLite/MySQL/PostgreSQL).
......
......@@ -59,7 +59,6 @@ from pithos.api.settings import (BACKEND_DB_MODULE, BACKEND_DB_CONNECTION,
QUOTAHOLDER_POOLSIZE,
BACKEND_QUOTA, BACKEND_VERSIONING,
BACKEND_FREE_VERSIONING, BACKEND_POOL_SIZE,
AUTHENTICATION_URL,
COOKIE_NAME, USER_CATALOG_URL,
RADOS_STORAGE, RADOS_POOL_BLOCKS,
RADOS_POOL_MAPS, TRANSLATE_UUIDS,
......@@ -1003,7 +1002,8 @@ def update_response_headers(request, response):
def get_pithos_usage(token):
"""Get Pithos Usage from astakos."""
user_info = user_for_token(token, AUTHENTICATION_URL, usage=True)
astakos_url = settings.ASTAKOS_URL + "im/authenticate"
user_info = user_for_token(token, astakos_url, usage=True)
usage = user_info.get("usage", [])
for u in usage:
if u.get('name') == 'pithos+.diskspace':
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment