Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 304680 Details for
Bug 440443
root everything IPA does under /ipa
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
version the changed configuration files as well
freeipa-13-webroot.patch (text/plain), 18.97 KB, created by
Rob Crittenden
on 2008-05-06 20:11:40 UTC
(
hide
)
Description:
version the changed configuration files as well
Filename:
MIME Type:
Creator:
Rob Crittenden
Created:
2008-05-06 20:11:40 UTC
Size:
18.97 KB
patch
obsolete
>From 6d5b150b44781f6069582e6b5d1952329e5b6c3a Mon Sep 17 00:00:00 2001 >From: Rob Crittenden <rcritten@redhat.com> >Date: Tue, 6 May 2008 16:18:18 -0400 >Subject: [PATCH] Refine our web space some more so that everything we reference is in /ipa > >UI: /ipa/ui >XML-RPC: /ipa/xml >errors: /ipa/errors >config: /ipa/config > >I had to hardcode that URI into the CSS pages but TurboGears handles the >rest of the translations with tg.url(). > >Added a version to ipa.conf and ipa-rewrite.conf so we can update them >in the future if needed with ipa-upgradeconfig > >440443 >--- > ipa-python/rpcclient.py | 2 +- > ipa-server/ipa-gui/ipa_webgui.cfg | 4 +- > .../ipa-gui/ipagui/static/css/style_freeipa.css | 4 +- > .../ipagui/static/css/style_platform-objects.css | 24 ++-- > .../ipa-gui/ipagui/static/css/style_platform.css | 14 ++-- > ipa-server/ipa-gui/ipagui/templates/master.kid | 12 +- > ipa-server/ipa-server.spec.in | 7 +- > ipa-server/xmlrpc-server/Makefile.am | 5 + > ipa-server/xmlrpc-server/ipa-rewrite.conf | 4 +- > ipa-server/xmlrpc-server/ipa-upgradeconfig | 112 ++++++++++++++++++++ > ipa-server/xmlrpc-server/ipa.conf | 24 ++-- > ipa-server/xmlrpc-server/unauthorized.html | 6 +- > 12 files changed, 171 insertions(+), 47 deletions(-) > create mode 100644 ipa-server/xmlrpc-server/ipa-upgradeconfig > >diff --git a/ipa-python/rpcclient.py b/ipa-python/rpcclient.py >index ecd42b9..5a95d83 100644 >--- a/ipa-python/rpcclient.py >+++ b/ipa-python/rpcclient.py >@@ -38,7 +38,7 @@ class RPCClient: > > def server_url(self, server): > """Build the XML-RPC server URL from our configuration""" >- url = "https://" + server + "/ipaxml" >+ url = "https://" + server + "/ipa/xml" > if self.verbose: > print "Connecting to IPA server: %s" % url > return url >diff --git a/ipa-server/ipa-gui/ipa_webgui.cfg b/ipa-server/ipa-gui/ipa_webgui.cfg >index 62d251c..f7dfb25 100644 >--- a/ipa-server/ipa-gui/ipa_webgui.cfg >+++ b/ipa-server/ipa-gui/ipa_webgui.cfg >@@ -29,11 +29,11 @@ server.thread_pool = 10 > > # if this is part of a larger site, you can set the path > # to the TurboGears instance here >-server.webpath="/ipa" >+server.webpath="/ipa/ui" > > # Set to True if you are deploying your App behind a proxy > # e.g. Apache using mod_proxy >-# base_url_filter.on = False >+base_url_filter.on = True > > # Set to True if your proxy adds the x_forwarded_host header > # base_url_filter.use_x_forwarded_host = True >diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css >index 5eafa9b..f56971b 100644 >--- a/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css >+++ b/ipa-server/ipa-gui/ipagui/static/css/style_freeipa.css >@@ -40,10 +40,10 @@ > text-decoration: underline; > } > .sortasc { >- background-image: url(/static/images/up.gif) !important; >+ background-image: url(/ipa/ui/static/images/up.gif) !important; > } > .sortdesc { >- background-image: url(/static/images/down.gif) !important; >+ background-image: url(/ipa/ui/static/images/down.gif) !important; > } > > .warning_message { >diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css >index bb9e805..51d5708 100644 >--- a/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css >+++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform-objects.css >@@ -1,19 +1,19 @@ > /* object h1 styles */ > >-#details h1.overview { background-image: url('/static/images/objects/object-overview.png'); } >+#details h1.overview { background-image: url('/ipa/ui/static/images/objects/object-overview.png'); } > >-#details h1.accesscontrol { background-image: url('/static/images/objects/object-accesscontrol.png'); } >+#details h1.accesscontrol { background-image: url('/ipa/ui/static/images/objects/object-accesscontrol.png'); } > >-#details h1.user { background-image: url('/static/images/objects/object-user.png'); } >-#details h1.usergroup { background-image: url('/static/images/objects/object-usergroup.png'); } >+#details h1.user { background-image: url('/ipa/ui/static/images/objects/object-user.png'); } >+#details h1.usergroup { background-image: url('/ipa/ui/static/images/objects/object-usergroup.png'); } > >-#details h1.content-overview { background-image: url('/static/images/objects/object-content.png'); } >-#details h1.channel { background-image: url('/static/images/objects/object-channel.png'); } >-#details h1.channel-new { background-image: url('/static/images/objects/object-channel.png'); } >-#details h1.channels { background-image: url('/static/images/objects/object-channels.png'); } >-#details h1.media { background-image: url('/static/images/objects/object-media.png'); } >+#details h1.content-overview { background-image: url('/ipa/ui/static/images/objects/object-content.png'); } >+#details h1.channel { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); } >+#details h1.channel-new { background-image: url('/ipa/ui/static/images/objects/object-channel.png'); } >+#details h1.channels { background-image: url('/ipa/ui/static/images/objects/object-channels.png'); } >+#details h1.media { background-image: url('/ipa/ui/static/images/objects/object-media.png'); } > >-#details h1.system { background-image: url('/static/images/objects/object-system.png'); } >-#details h1.virtualsystem { background-image: url('/static/images/objects/object-virtualsystem.png'); } >+#details h1.system { background-image: url('/ipa/ui/static/images/objects/object-system.png'); } >+#details h1.virtualsystem { background-image: url('/ipa/ui/static/images/objects/object-virtualsystem.png'); } > >-#details h1.policy { background-image: url('/static/images/objects/object-policy.png'); } >+#details h1.policy { background-image: url('/ipa/ui/static/images/objects/object-policy.png'); } >diff --git a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css >index 37f030a..9168bd1 100644 >--- a/ipa-server/ipa-gui/ipagui/static/css/style_platform.css >+++ b/ipa-server/ipa-gui/ipagui/static/css/style_platform.css >@@ -12,7 +12,7 @@ html, body { > } > > body { >- background-image: url('/static/images/template/background.png'); >+ background-image: url('/ipa/ui/static/images/template/background.png'); > background-repeat: repeat-x; > background-color: #f9f9f9; > margin: 0px; >@@ -45,7 +45,7 @@ td, th { > float: left; > margin-top: -10px; > >- background: url('/static/images/branding/logo.png') no-repeat; >+ background: url('/ipa/ui/static/images/branding/logo.png') no-repeat; > } > > #content { >@@ -53,7 +53,7 @@ td, th { > min-height: 100%; > > background-color: #f9f9f9; >- background-image: url('/static/images/template/background-content.png'); >+ background-image: url('/ipa/ui/static/images/template/background-content.png'); > background-repeat: repeat-x; > } > >@@ -95,7 +95,7 @@ div#search { > margin: 0px; > clear: both; > >- background-image: url('/static/images/template/background-navbar.png'); >+ background-image: url('/ipa/ui/static/images/template/background-navbar.png'); > background-repeat: repeat-x; > > } >@@ -121,7 +121,7 @@ div#search { > } > > #navbar .active { >- background-image: url('/static/images/template/background-navbar-active.png'); >+ background-image: url('/ipa/ui/static/images/template/background-navbar-active.png'); > height: 70px; > width: 116px; > >@@ -156,7 +156,7 @@ div#search { > > border: 1px solid #aaa; > background-color: #ccc; >- background-image: url('/static/images/template/background-sidebar.png'); >+ background-image: url('/ipa/ui/static/images/template/background-sidebar.png'); > background-repeat: repeat-y; > } > >@@ -477,7 +477,7 @@ div.instructions { > padding-top: 2ex; > width: 40%; > float: right; >- background-image: url('/static/images/template/background-search.png'); >+ background-image: url('/ipa/ui/static/images/template/background-search.png'); > background-repeat: repeat-y; > background-color: white; > } >diff --git a/ipa-server/ipa-gui/ipagui/templates/master.kid b/ipa-server/ipa-gui/ipagui/templates/master.kid >index ac85017..d8b3414 100644 >--- a/ipa-server/ipa-gui/ipagui/templates/master.kid >+++ b/ipa-server/ipa-gui/ipagui/templates/master.kid >@@ -24,13 +24,13 @@ > <title py:replace="''">Your title goes here</title> > <meta py:replace="item[:]"/> > <style type="text/css" media="all"> >- @import "/static/css/style_platform.css"; >- @import "/static/css/style_platform-objects.css"; >- @import "/static/css/style_freeipa.css"; >+ @import "${tg.url('/static/css/style_platform.css')}"; >+ @import "${tg.url('/static/css/style_platform-objects.css')}"; >+ @import "${tg.url('/static/css/style_freeipa.css')}"; > </style> >- <script type="text/javascript" charset="utf-8" src="/static/javascript/prototype.js"></script> >- <script type="text/javascript" charset="utf-8" src="/static/javascript/scriptaculous.js?load=effects"></script> >- <script type="text/javascript" charset="utf-8" src="/static/javascript/ipautil.js"></script> >+ <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/prototype.js')}"></script> >+ <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/scriptaculous.js?load=effects')}"></script> >+ <script type="text/javascript" charset="utf-8" src="${tg.url('/static/javascript/ipautil.js')}"></script> > </head> > > <body py:match="item.tag=='{http://www.w3.org/1999/xhtml}body'" py:attrs="item.items()"> >diff --git a/ipa-server/ipa-server.spec.in b/ipa-server/ipa-server.spec.in >index 4390dff..281fa07 100644 >--- a/ipa-server/ipa-server.spec.in >+++ b/ipa-server/ipa-server.spec.in >@@ -1,6 +1,6 @@ > Name: ipa-server > Version: VERSION >-Release: 1%{?dist} >+Release: 2%{?dist} > Summary: IPA authentication server > > Group: System Environment/Base >@@ -93,6 +93,7 @@ fi > /bin/chown apache /var/log/ipa_error.log > /bin/chmod 600 /var/log/ipa_error.log > restorecon /var/log/ipa_error.log >+/usr/sbin/ipa-upgradeconfig > > %preun > if [ $1 = 0 ]; then >@@ -118,6 +119,7 @@ fi > %{_sbindir}/ipactl > %{_sbindir}/ipa_kpasswd > %{_sbindir}/ipa_webgui >+%{_sbindir}/ipa-upgradeconfig > %attr(755,root,root) %{_initrddir}/ipa_kpasswd > %attr(755,root,root) %{_initrddir}/ipa_webgui > >@@ -166,6 +168,9 @@ fi > %{_mandir}/man1/ipa-server-install.1.gz > > %changelog >+* Tue May 5 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-2 >+- Add ipa-upgradeconfig command and run it at post >+ > * Thu Apr 3 2008 Rob Crittenden <rcritten@redhat.com> - 1.0.0-1 > - Version bump for release > >diff --git a/ipa-server/xmlrpc-server/Makefile.am b/ipa-server/xmlrpc-server/Makefile.am >index 49457ba..54df5ab 100644 >--- a/ipa-server/xmlrpc-server/Makefile.am >+++ b/ipa-server/xmlrpc-server/Makefile.am >@@ -4,6 +4,10 @@ SUBDIRS = \ > test \ > $(NULL) > >+sbin_SCRIPTS = \ >+ ipa-upgradeconfig \ >+ $(NULL) >+ > htmldir = $(IPA_DATA_DIR)/html > html_DATA = \ > ssbrowser.html \ >@@ -31,6 +35,7 @@ EXTRA_DIST = \ > README \ > $(app_DATA) \ > $(html_DATA) \ >+ $(sbin_SCRIPTS) \ > $(NULL) > > MAINTAINERCLEANFILES = \ >diff --git a/ipa-server/xmlrpc-server/ipa-rewrite.conf b/ipa-server/xmlrpc-server/ipa-rewrite.conf >index af3a3af..fc7ce68 100644 >--- a/ipa-server/xmlrpc-server/ipa-rewrite.conf >+++ b/ipa-server/xmlrpc-server/ipa-rewrite.conf >@@ -1,9 +1,11 @@ >+# VERSION 1 - DO NOT REMOVE THIS LINE >+ > RewriteEngine on > > # By default forward all requests to /ipa. If you don't want IPA > # to be the default on your web server comment this line out. You will > # need to modify ipa_webgui.cfg as well. >-RewriteRule ^/$$ https://$FQDN/ipa [L,NC,R=301] >+RewriteRule ^/$$ https://$FQDN/ipa/ui [L,NC,R=301] > > # Redirect to the fully-qualified hostname. Not redirecting to secure > # port so configuration files can be retrieved without requiring SSL. >diff --git a/ipa-server/xmlrpc-server/ipa-upgradeconfig b/ipa-server/xmlrpc-server/ipa-upgradeconfig >new file mode 100644 >index 0000000..2fa2901 >--- /dev/null >+++ b/ipa-server/xmlrpc-server/ipa-upgradeconfig >@@ -0,0 +1,112 @@ >+#!/usr/bin/python >+# >+# Upgrade configuration files to a newer template. >+ >+import sys >+try: >+ from ipa import ipautil >+ import krbV >+ import re >+ import os >+ import shutil >+ import fileinput >+except ImportError: >+ print >> sys.stderr, """\ >+There was a problem importing one of the required Python modules. The >+error was: >+ >+ %s >+""" % sys.exc_value >+ sys.exit(1) >+ >+def backup_file(filename, ext): >+ """Make a backup of filename using ext as the extension. Do not overwrite >+ previous backups.""" >+ if not os.path.isabs(filename): >+ raise ValueError("Absolute path required") >+ >+ backupfile = filename + ".bak" >+ (reldir, file) = os.path.split(filename) >+ >+ while os.path.exists(backupfile): >+ backupfile = backupfile + "." + str(ext) >+ >+ shutil.copy2(filename, backupfile) >+ >+def update_conf(sub_dict, filename, template_filename): >+ template = ipautil.template_file(template_filename, sub_dict) >+ fd = open(filename, "w") >+ fd.write(template) >+ fd.close() >+ >+def find_hostname(): >+ """Find the hostname currently configured in ipa-rewrite.conf""" >+ filename="/etc/httpd/conf.d/ipa-rewrite.conf" >+ if os.path.exists(filename): >+ pattern = "^[\s#]*.*https:\/\/([A-Za-z0-9\.\-]*)\/.*" >+ p = re.compile(pattern) >+ for line in fileinput.input(filename): >+ if p.search(line): >+ fileinput.close() >+ return p.search(line).group(1) >+ fileinput.close() >+ >+ return None >+ >+def find_version(filename): >+ """Find the version of a configuration file""" >+ if os.path.exists(filename): >+ pattern = "^[\s#]*VERSION\s+([0-9]+)\s+.*" >+ p = re.compile(pattern) >+ for line in fileinput.input(filename): >+ if p.search(line): >+ fileinput.close() >+ return p.search(line).group(1) >+ fileinput.close() >+ >+ # no VERSION found >+ return 0 >+ else: >+ return -1 >+ >+def upgrade(sub_dict, filename, template): >+ old = int(find_version(filename)) >+ new = int(find_version(template)) >+ >+ if old < 0: >+ print "%s not found." % filename >+ sys.exit(1) >+ >+ if new < 0: >+ print "%s not found." % template >+ >+ if old < new: >+ backup_file(filename, new) >+ update_conf(sub_dict, filename, template) >+ print "Upgraded %s to version %d" % (filename, new) >+ >+def main(): >+ try: >+ krbctx = krbV.default_context() >+ except krbV.Krb5Error, e: >+ print "Unable to get default kerberos realm: %s" % e[1] >+ sys.exit(1) >+ >+ fqdn = find_hostname() >+ >+ if fqdn is None: >+ print "Unable to determine hostname from ipa-rewrite.conf" >+ sys.exit(1) >+ >+ sub_dict = { "REALM" : krbctx.default_realm, "FQDN": fqdn } >+ >+ upgrade(sub_dict, "/etc/httpd/conf.d/ipa.conf", ipautil.SHARE_DIR + "ipa.conf") >+ upgrade(sub_dict, "/etc/httpd/conf.d/ipa-rewrite.conf", ipautil.SHARE_DIR + "ipa-rewrite.conf") >+ >+try: >+ if __name__ == "__main__": >+ sys.exit(main()) >+except SystemExit, e: >+ sys.exit(e) >+except KeyboardInterrupt, e: >+ sys.exit(1) >diff --git a/ipa-server/xmlrpc-server/ipa.conf b/ipa-server/xmlrpc-server/ipa.conf >index c08282e..1eca977 100644 >--- a/ipa-server/xmlrpc-server/ipa.conf >+++ b/ipa-server/xmlrpc-server/ipa.conf >@@ -1,3 +1,6 @@ >+# >+# VERSION 1 - DO NOT REMOVE THIS LINE >+# > # LoadModule auth_kerb_module modules/mod_auth_kerb.so > > ProxyRequests Off >@@ -17,7 +20,7 @@ AddType application/java-archive jar > Krb5KeyTab /etc/httpd/conf/ipa.keytab > KrbSaveCredentials on > Require valid-user >- ErrorDocument 401 /errors/unauthorized.html >+ ErrorDocument 401 /ipa/errors/unauthorized.html > RewriteEngine on > Order deny,allow > Allow from all >@@ -28,20 +31,17 @@ AddType application/java-archive jar > </Proxy> > > # The URI's with a trailing ! are those that aren't handled by the proxy >-ProxyPass /ipa http://localhost:8080/ipa >-ProxyPassReverse /ipa http://localhost:8080/ipa >+ProxyPass /ipa/ui http://localhost:8080/ipa/ui >+ProxyPassReverse /ipa/ui http://localhost:8080/ipa/ui > > # Configure the XML-RPC service >-Alias /ipaxml "/usr/share/ipa/ipaserver/XMLRPC" >+Alias /ipa/xml "/usr/share/ipa/ipaserver/XMLRPC" > > # This is where we redirect on failed auth >-Alias /errors "/usr/share/ipa/html" >+Alias /ipa/errors "/usr/share/ipa/html" > > # For the MIT Windows config files >-Alias /config "/usr/share/ipa/html" >- >-# So we don't have to hardcode a path into the CSS >-Alias /static "/usr/share/ipa/ipagui/static" >+Alias /ipa/config "/usr/share/ipa/html" > > <Directory "/usr/share/ipa/ipaserver"> > AuthType Kerberos >@@ -53,7 +53,7 @@ Alias /static "/usr/share/ipa/ipagui/static" > Krb5KeyTab /etc/httpd/conf/ipa.keytab > KrbSaveCredentials on > Require valid-user >- ErrorDocument 401 /errors/unauthorized.html >+ ErrorDocument 401 /ipa/errors/unauthorized.html > > SetHandler mod_python > PythonHandler ipaxmlrpc >@@ -84,7 +84,7 @@ Alias /static "/usr/share/ipa/ipagui/static" > Krb5KeyTab /etc/httpd/conf/ipa.keytab > KrbSaveCredentials on > Require valid-user >- ErrorDocument 401 /errors/unauthorized.html >+ ErrorDocument 401 /ipa/errors/unauthorized.html > </Directory> > > #Alias /ipatest "/usr/share/ipa/ipatest" >@@ -99,7 +99,7 @@ Alias /static "/usr/share/ipa/ipagui/static" > # Krb5KeyTab /etc/httpd/conf/ipa.keytab > # KrbSaveCredentials on > # Require valid-user >-# ErrorDocument 401 /errors/unauthorized.html >+# ErrorDocument 401 /ipa/errors/unauthorized.html > # > # SetHandler mod_python > # PythonHandler test_mod_python >diff --git a/ipa-server/xmlrpc-server/unauthorized.html b/ipa-server/xmlrpc-server/unauthorized.html >index cc53e33..6ba8a99 100644 >--- a/ipa-server/xmlrpc-server/unauthorized.html >+++ b/ipa-server/xmlrpc-server/unauthorized.html >@@ -5,12 +5,12 @@ > <p> > Unable to verify your Kerberos credentials. Please make sure > that you have valid Kerberos tickets (obtainable via kinit), and that you >-have <a href="/errors/ssbrowser.html">configured your >+have <a href="/ipa/errors/ssbrowser.html">configured your > browser correctly</a>. If you are still unable to access > the IPA Web interface, please contact the helpdesk on for additional assistance. > </p> > <p> >-Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>. >+Import the <a href="/ipa/errors/ca.crt">IPA Certificate Authority</a>. > </p> > <p> > <script type="text/javascript"> >@@ -19,7 +19,7 @@ Import the <a href="/errors/ca.crt">IPA Certificate Authority</a>. > { > document.write("<p>You can automatically configure your browser to work with Kerberos by importing the Certificate Authority above and clicking on the Configure Browser button.</p>"); > document.write("<p>You <strong>must</strong> reload this page after importing the Certificate Authority for the automatic settings to work</p>"); >- document.write("<object data=\"jar:/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object"); >+ document.write("<object data=\"jar:/ipa/errors/configure.jar!/preferences.html\" type=\"text/html\"><\/object"); > } > </script> > </p> >-- >1.5.3.3 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=304680">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 440443
:
300310
|
304680
|
304769