Bug 661137 - Luci configuration files are fragmented into luci.ini and who.ini which is not desired wrt maintainability
Summary: Luci configuration files are fragmented into luci.ini and who.ini which is no...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: luci
Version: 14
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jan Pokorný [poki]
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 660446
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-12-07 21:35 UTC by Jan Pokorný [poki]
Modified: 2010-12-13 19:36 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-13 19:36:00 UTC
Type: ---


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 660446 0 medium CLOSED Luci package neither well maintainable wrt external files (cross-references, values integrity etc.) nor it forms compact... 2021-02-22 00:41:40 UTC

Internal Links: 660446

Description Jan Pokorný [poki] 2010-12-07 21:35:25 UTC
It would be good to have these two config. files merged into single
one.  Aside better maintainability, there would be benefit of having
secret for auth_tkt authentication plugin automatically generated
as it already happens with beaker.session.secret -- during "make-config"
stage ("paster make-config") that serves to generate final configuration
file from template.  This would left luci totally independent on tools
like sed (which still prevents a bit from self-sufficient native Python
package).

Comment 1 Jan Pokorný [poki] 2010-12-07 22:40:04 UTC
Commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=cd04ae0682f6955cf00474bc3f43e0ff6141d59d addresses this bug.

Comment 2 Jan Pokorný [poki] 2010-12-08 09:23:06 UTC
Note: this was fixed in the context of work on pkg-update upstream
      branch which means the fix ties closely to the major change
      brought from this branch into main-line upstream code
      in connection with bug #660446

Comment 3 Jan Pokorný [poki] 2010-12-08 09:51:26 UTC
To test that nothing went wrong with this change, only test that logging
into luci works as before (i.e. access granted for correct login/password and
forbidden for incorrect login/password). Additionally, it might be good to
check that repoze.who middleware configuration now present in luci.ini
(/var/lib/luci/etc/luci.ini) is effectively taken into account by this
"modify and see the change in behaviour" sequence:

1. if you were logged into luci previously, first log out properly
2. stop luci service
3. edit /var/lib/luci/etc/luci.ini as shown:

--- listing start ---

# ===========================================================================
# REPOZE.WHO CONFIGURATION
# ===========================================================================

(...)

[identifiers]
plugins =
    basicauth;browser
    auth_tkt

(...)

[challengers]
plugins =
    basicauth;browser

(...)

# ---------------------------------------------------------------------------

[plugin:basicauth]
use = repoze.who.plugins.basicauth:make_plugin

(...)

--- listing end ---

4. restart the luci
5. open respective address in web browser -- now the way of logging in should
   be different ("oldschool" modal HTTP authentication dialog shown on behalf
   of the browser rather then the dialog shown on behalf of the starting page
   included directly in this page)

Comment 4 Jan Pokorný [poki] 2010-12-08 09:57:13 UTC
Another thing good to check is that "secret" value under
[plugin:auth_tkt] section in "repoze.who" part of configuration
in /var/lib/luci/etc/luci.ini contains some a (pseudo)random value.

Please note that this configuration file is created upon first
"service luci start" so do not expect this file to be there in
advance (this change was introduced with solution of bug #660446).

Comment 5 Jan Pokorný [poki] 2010-12-08 19:24:50 UTC
Additionally, commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=ae84a337104049517a82a54b4bd89cc223f9cde3 removed now unneeded who config file.


Note You need to log in before you can comment on or make changes to this bug.