Bug 661137
| Summary: | Luci configuration files are fragmented into luci.ini and who.ini which is not desired wrt maintainability | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Jan Pokorný [poki] <jpokorny> |
| Component: | luci | Assignee: | Jan Pokorný [poki] <jpokorny> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 14 | CC: | cfeist, fdinitto, rmccabe |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-12-13 19:36:00 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 660446 | ||
| Bug Blocks: | |||
Commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=cd04ae0682f6955cf00474bc3f43e0ff6141d59d addresses this bug. Note: this was fixed in the context of work on pkg-update upstream
branch which means the fix ties closely to the major change
brought from this branch into main-line upstream code
in connection with bug #660446
To test that nothing went wrong with this change, only test that logging
into luci works as before (i.e. access granted for correct login/password and
forbidden for incorrect login/password). Additionally, it might be good to
check that repoze.who middleware configuration now present in luci.ini
(/var/lib/luci/etc/luci.ini) is effectively taken into account by this
"modify and see the change in behaviour" sequence:
1. if you were logged into luci previously, first log out properly
2. stop luci service
3. edit /var/lib/luci/etc/luci.ini as shown:
--- listing start ---
# ===========================================================================
# REPOZE.WHO CONFIGURATION
# ===========================================================================
(...)
[identifiers]
plugins =
basicauth;browser
auth_tkt
(...)
[challengers]
plugins =
basicauth;browser
(...)
# ---------------------------------------------------------------------------
[plugin:basicauth]
use = repoze.who.plugins.basicauth:make_plugin
(...)
--- listing end ---
4. restart the luci
5. open respective address in web browser -- now the way of logging in should
be different ("oldschool" modal HTTP authentication dialog shown on behalf
of the browser rather then the dialog shown on behalf of the starting page
included directly in this page)
Another thing good to check is that "secret" value under [plugin:auth_tkt] section in "repoze.who" part of configuration in /var/lib/luci/etc/luci.ini contains some a (pseudo)random value. Please note that this configuration file is created upon first "service luci start" so do not expect this file to be there in advance (this change was introduced with solution of bug #660446). Additionally, commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=ae84a337104049517a82a54b4bd89cc223f9cde3 removed now unneeded who config file. |
It would be good to have these two config. files merged into single one. Aside better maintainability, there would be benefit of having secret for auth_tkt authentication plugin automatically generated as it already happens with beaker.session.secret -- during "make-config" stage ("paster make-config") that serves to generate final configuration file from template. This would left luci totally independent on tools like sed (which still prevents a bit from self-sufficient native Python package).