/docs/source/install.rst - Annotate - DjNRO - Greek Research and Technology Network's projects

root / docs / source / install.rst @ e5cbe795

History | View | Annotate | Download (12.3 kB)

1	e0184c36	Leonidas Poulopoulos	.. _install-label:
2	e0184c36	Leonidas Poulopoulos
3	e0184c36	Leonidas Poulopoulos	Installation/Configuration
4	b3081a11	Leonidas Poulopoulos	==========================
5	e0184c36	Leonidas Poulopoulos	.. contents::
6	e0184c36	Leonidas Poulopoulos
7	b3081a11	Leonidas Poulopoulos	.. attention::
8	b3081a11	Leonidas Poulopoulos	Installation instructions assume a clean Debian Wheezy with Django 1.4
9	b3081a11	Leonidas Poulopoulos
10	348febee	Leonidas Poulopoulos	Assuming that you have installed all the required packages as described in :ref:`require-label` you can install the djnro platform application.
11	e0184c36	Leonidas Poulopoulos
12	e0184c36	Leonidas Poulopoulos	Currently the source code is availiable at code.grnet.gr and can be cloned via git::
13	e0184c36	Leonidas Poulopoulos
14	348febee	Leonidas Poulopoulos	git clone https://code.grnet.gr/git/djnro
15	e0184c36	Leonidas Poulopoulos
16	50781337	Leonidas Poulopoulos	As with the majority of Django projects, settings.py has to be properly configured and then comes the population of the database. After git clone, copy settings.py.dist to settings.py::
17	e0184c36	Leonidas Poulopoulos
18	50781337	Leonidas Poulopoulos	cd djnro
19	50781337	Leonidas Poulopoulos	cp djnro/settings.py.dist djnro/settings.py
20	e0184c36	Leonidas Poulopoulos
21	5377fa47	Kroustouris Stauros
22	e0184c36	Leonidas Poulopoulos	Project Settings (settings.py)
23	e5cbe795	Kroustouris Stauros	^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
24	e5cbe795	Kroustouris Stauros	Settings.py file should not be edited, the variables that need to be altered are in local_settings.py.dist.
25	e5cbe795	Kroustouris Stauros	To set up Djnro one must copy local_settings.py.dist, to local_settings.py and alter the settings according to
26	e5cbe795	Kroustouris Stauros	the configuration of the host.
27	e0184c36	Leonidas Poulopoulos
28	e0184c36	Leonidas Poulopoulos	The following variables/settings need to be altered or set:
29	97801513	Stauros Kroustouris
30	e0184c36	Leonidas Poulopoulos	Set Admin contacts::
31	e0184c36	Leonidas Poulopoulos
32	e0184c36	Leonidas Poulopoulos	ADMINS = (
33	e0184c36	Leonidas Poulopoulos	('Admin', 'admin@example.com'),
34	e0184c36	Leonidas Poulopoulos	)
35	e0184c36	Leonidas Poulopoulos
36	e0184c36	Leonidas Poulopoulos	Set the database connection params::
37	e0184c36	Leonidas Poulopoulos
38	e0184c36	Leonidas Poulopoulos	DATABASES = {
39	e0184c36	Leonidas Poulopoulos	...
40	e0184c36	Leonidas Poulopoulos	}
41	e0184c36	Leonidas Poulopoulos
42	b3081a11	Leonidas Poulopoulos	For a production instance and once DEBUG is set to False set the ALLOWED_HOSTS::
43	b3081a11	Leonidas Poulopoulos
44	b3081a11	Leonidas Poulopoulos	ALLOWED_HOSTS = ['.example.com']
45	b3081a11	Leonidas Poulopoulos
46	e0184c36	Leonidas Poulopoulos	Set your timezone and Languages::
47	e0184c36	Leonidas Poulopoulos
48	e0184c36	Leonidas Poulopoulos	TIME_ZONE = 'Europe/Athens'
49	e0184c36	Leonidas Poulopoulos
50	e0184c36	Leonidas Poulopoulos	LANGUAGES = (
51	e0184c36	Leonidas Poulopoulos	('el', _('Greek')),
52	e0184c36	Leonidas Poulopoulos	('en', _('English')),
53	e0184c36	Leonidas Poulopoulos	)
54	e0184c36	Leonidas Poulopoulos
55	b3081a11	Leonidas Poulopoulos	Set your static root and url::
56	e0184c36	Leonidas Poulopoulos
57	b3081a11	Leonidas Poulopoulos	STATIC_ROOT = '/path/to/static'
58	b3081a11	Leonidas Poulopoulos	STATIC_URL = 'http://www.example.com/static'
59	b3081a11	Leonidas Poulopoulos
60	b3081a11	Leonidas Poulopoulos	Set the secret key::
61	b3081a11	Leonidas Poulopoulos
62	b3081a11	Leonidas Poulopoulos	SECRET_KEY = '<put something really random here, eg. %$#%@#$^2312351345#$%3452345@#$%@#$234#@$hhzdavfsdcFDGVFSDGhn>'
63	e0184c36	Leonidas Poulopoulos
64	e0184c36	Leonidas Poulopoulos	Django social auth needs changes in the Authentication Backends depending on which social auth you want to enable::
65	97801513	Stauros Kroustouris
66	e0184c36	Leonidas Poulopoulos	AUTHENTICATION_BACKENDS = (
67	97801513	Stauros Kroustouris	'djnro.djangobackends.shibauthBackend.shibauthBackend',
68	e0184c36	Leonidas Poulopoulos	...
69	e0184c36	Leonidas Poulopoulos	'django.contrib.auth.backends.ModelBackend',
70	e0184c36	Leonidas Poulopoulos	)
71	e0184c36	Leonidas Poulopoulos
72	e0184c36	Leonidas Poulopoulos	Set your template dirs::
73	e0184c36	Leonidas Poulopoulos
74	e0184c36	Leonidas Poulopoulos	TEMPLATE_DIRS = (
75	b3081a11	Leonidas Poulopoulos	"/example/templates",
76	e0184c36	Leonidas Poulopoulos	)
77	e0184c36	Leonidas Poulopoulos
78	e0184c36	Leonidas Poulopoulos	As the application includes a "Nearest Eduroam" functionality, world eduroam points are harvested via the eduroam.org kml file::
79	97801513	Stauros Kroustouris
80	e0184c36	Leonidas Poulopoulos	EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml'
81	e0184c36	Leonidas Poulopoulos
82	97801513	Stauros Kroustouris
83	5377fa47	Kroustouris Stauros	Depending on your AAI policy set an appropriate authEntitlement::
84	d11cbe98	Kroustouris Stauros
85	e0184c36	Leonidas Poulopoulos	SHIB_AUTH_ENTITLEMENT = 'urn:mace:example.com:pki:user'
86	e0184c36	Leonidas Poulopoulos
87	e0184c36	Leonidas Poulopoulos	Mail server parameters::
88	e0184c36	Leonidas Poulopoulos
89	e0184c36	Leonidas Poulopoulos	SERVER_EMAIL = "Example domain eduroam Service <noreply@example.com>"
90	e0184c36	Leonidas Poulopoulos	EMAIL_SUBJECT_PREFIX = "[eduroam] "
91	e0184c36	Leonidas Poulopoulos
92	e0184c36	Leonidas Poulopoulos	NRO contact mails::
93	e0184c36	Leonidas Poulopoulos
94	e0184c36	Leonidas Poulopoulos	NOTIFY_ADMIN_MAILS = ["mail1@example.com", "mail2@example.com"]
95	e0184c36	Leonidas Poulopoulos
96	b3081a11	Leonidas Poulopoulos	Set your cache backend (if you want to use one). For production instances you can go with memcached. For development you can switch to the provided dummy instance::
97	e0184c36	Leonidas Poulopoulos
98	5377fa47	Kroustouris Stauros
99	b3081a11	Leonidas Poulopoulos	CACHES = {
100	b3081a11	Leonidas Poulopoulos	'default': {
101	b3081a11	Leonidas Poulopoulos	'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
102	b3081a11	Leonidas Poulopoulos	'LOCATION': '127.0.0.1:11211',
103	b3081a11	Leonidas Poulopoulos	}
104	b3081a11	Leonidas Poulopoulos	}
105	e0184c36	Leonidas Poulopoulos
106	53b6f8a4	Leonidas Poulopoulos	Models Name_i18n and URL_i18n include a language choice field
107	53b6f8a4	Leonidas Poulopoulos	If languages are the same with LANGUAGES variable, simply do URL_NAME_LANGS = LANGUAGES else set your own::
108	53b6f8a4	Leonidas Poulopoulos
109	53b6f8a4	Leonidas Poulopoulos	URL_NAME_LANGS = (
110	53b6f8a4	Leonidas Poulopoulos	('en', 'English' ),
111	53b6f8a4	Leonidas Poulopoulos	('el', 'Ελληνικά'),
112	53b6f8a4	Leonidas Poulopoulos	)
113	53b6f8a4	Leonidas Poulopoulos
114	e0184c36	Leonidas Poulopoulos	NRO specific parameters. Affect html templates::
115	e0184c36	Leonidas Poulopoulos
116	e0184c36	Leonidas Poulopoulos	# Frontend country specific vars, eg. Greece
117	e0184c36	Leonidas Poulopoulos	NRO_COUNTRY_NAME = _('My Country')
118	97801513	Stauros Kroustouris	# Variable used by context_processor to display the "eduroam \| <country_code>" in base.html
119	e0184c36	Leonidas Poulopoulos	NRO_COUNTRY_CODE = 'gr'
120	e0184c36	Leonidas Poulopoulos	# main domain url used in right top icon, eg. http://www.grnet.gr
121	e0184c36	Leonidas Poulopoulos	NRO_DOMAIN_MAIN_URL = "http://www.example.com"
122	a280d3db	Leonidas Poulopoulos	# provider info for footer
123	a280d3db	Leonidas Poulopoulos	NRO_PROV_BY_DICT = {"name": "EXAMPLE DEV TEAM", "url": "http://devteam.example.com"}
124	e0184c36	Leonidas Poulopoulos	#NRO social media contact (Use: // to preserve https)
125	a280d3db	Leonidas Poulopoulos	NRO_PROV_SOCIAL_MEDIA_CONTACT = [
126	97801513	Stauros Kroustouris	{"url":"//soc.media.url", "icon":"icon.png", "name":"NAME1(eg. Facebook)"},
127	e0184c36	Leonidas Poulopoulos	{"url":"//soc.media.url", "icon":"icon.png", "name":"NAME2(eg. Twitter)"},
128	e0184c36	Leonidas Poulopoulos	]
129	e0184c36	Leonidas Poulopoulos	# map center (lat, lng)
130	e0184c36	Leonidas Poulopoulos	MAP_CENTER = (36.97, 23.71)
131	97801513	Stauros Kroustouris	#Helpdesk, used in base.html:
132	e0184c36	Leonidas Poulopoulos	NRO_DOMAIN_HELPDESK_DICT = {"name": _("Domain Helpdesk"), 'email':'helpdesk@example.com', 'phone': '12324567890', 'uri': 'helpdesk.example.com'}
133	e0184c36	Leonidas Poulopoulos
134	97801513	Stauros Kroustouris	Set the Realm country for REALM model::
135	e0184c36	Leonidas Poulopoulos
136	e0184c36	Leonidas Poulopoulos	#Countries for Realm model:
137	e0184c36	Leonidas Poulopoulos	REALM_COUNTRIES = (
138	e0184c36	Leonidas Poulopoulos	('country_2letters', 'Country' ),
139	e0184c36	Leonidas Poulopoulos	)
140	e0184c36	Leonidas Poulopoulos
141	e0184c36	Leonidas Poulopoulos	Shibboleth attribute MAP according to your AAI policy::
142	e0184c36	Leonidas Poulopoulos
143	e0184c36	Leonidas Poulopoulos	#Shibboleth attribute map
144	e0184c36	Leonidas Poulopoulos	SHIB_USERNAME = ['HTTP_EPPN']
145	e0184c36	Leonidas Poulopoulos	SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL']
146	e0184c36	Leonidas Poulopoulos	SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME']
147	e0184c36	Leonidas Poulopoulos	SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME']
148	e0184c36	Leonidas Poulopoulos	SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT']
149	e0184c36	Leonidas Poulopoulos
150	e0184c36	Leonidas Poulopoulos	Django Social Auth parameters::
151	e0184c36	Leonidas Poulopoulos
152	e0184c36	Leonidas Poulopoulos	TWITTER_CONSUMER_KEY = ''
153	e0184c36	Leonidas Poulopoulos	TWITTER_CONSUMER_SECRET = ''
154	d11cbe98	Kroustouris Stauros
155	e0184c36	Leonidas Poulopoulos	FACEBOOK_APP_ID = ''
156	e0184c36	Leonidas Poulopoulos	FACEBOOK_API_SECRET = ''
157	5377fa47	Kroustouris Stauros
158	e0184c36	Leonidas Poulopoulos	LINKEDIN_CONSUMER_KEY = ''
159	e0184c36	Leonidas Poulopoulos	LINKEDIN_CONSUMER_SECRET = ''
160	5377fa47	Kroustouris Stauros
161	e0184c36	Leonidas Poulopoulos	LINKEDIN_SCOPE = ['r_basicprofile', 'r_emailaddress']
162	e0184c36	Leonidas Poulopoulos	LINKEDIN_EXTRA_FIELD_SELECTORS = ['email-address', 'headline', 'industry']
163	e0184c36	Leonidas Poulopoulos	LINKEDIN_EXTRA_DATA = [('id', 'id'),
164	e0184c36	Leonidas Poulopoulos	('first-name', 'first_name'),
165	e0184c36	Leonidas Poulopoulos	('last-name', 'last_name'),
166	e0184c36	Leonidas Poulopoulos	('email-address', 'email_address'),
167	e0184c36	Leonidas Poulopoulos	('headline', 'headline'),
168	e0184c36	Leonidas Poulopoulos	('industry', 'industry')]
169	5377fa47	Kroustouris Stauros
170	e0184c36	Leonidas Poulopoulos	YAHOO_CONSUMER_KEY = ''
171	e0184c36	Leonidas Poulopoulos	YAHOO_CONSUMER_SECRET = ''
172	5377fa47	Kroustouris Stauros
173	e0184c36	Leonidas Poulopoulos	GOOGLE_SREG_EXTRA_DATA = []
174	5377fa47	Kroustouris Stauros
175	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_FORCE_POST_DISCONNECT = True
176	5377fa47	Kroustouris Stauros
177	e0184c36	Leonidas Poulopoulos	FACEBOOK_EXTENDED_PERMISSIONS = ['email']
178	5377fa47	Kroustouris Stauros
179	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/manage/'
180	e0184c36	Leonidas Poulopoulos	LOGIN_REDIRECT_URL = '/manage/'
181	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_INACTIVE_USER_URL = '/manage/'
182	5377fa47	Kroustouris Stauros
183	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_FORCE_POST_DISCONNECT = True
184	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_REDIRECT_IS_HTTPS = True
185	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_CREATE_USERS = True
186	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_FORCE_RANDOM_USERNAME = False
187	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_SANITIZE_REDIRECTS = False
188	5377fa47	Kroustouris Stauros
189	5377fa47	Kroustouris Stauros
190	5377fa47	Kroustouris Stauros
191	e0184c36	Leonidas Poulopoulos	SOCIAL_AUTH_PIPELINE = (
192	e0184c36	Leonidas Poulopoulos	'social_auth.backends.pipeline.social.social_auth_user',
193	e0184c36	Leonidas Poulopoulos	'social_auth.backends.pipeline.user.get_username',
194	e0184c36	Leonidas Poulopoulos	'social_auth.backends.pipeline.user.create_user',
195	e0184c36	Leonidas Poulopoulos	'social_auth.backends.pipeline.social.associate_user',
196	e0184c36	Leonidas Poulopoulos	'social_auth.backends.pipeline.social.load_extra_data',
197	e0184c36	Leonidas Poulopoulos	'social_auth.backends.pipeline.user.update_user_details',
198	e0184c36	Leonidas Poulopoulos	)
199	e0184c36	Leonidas Poulopoulos
200	b3081a11	Leonidas Poulopoulos	.. versionadded:: 0.9
201	b3081a11	Leonidas Poulopoulos
202	5377fa47	Kroustouris Stauros	Support for eduroam CAT can be set via the corresponding variables/dicts. Make sure to always include a 'production' instance record for CAT_INSTANCES and CAT_AUTH.
203	b3081a11	Leonidas Poulopoulos	What you really need to make CAT work is a CAT_API_KEY and the CAT_API_URL. The CAT_PROFILES_URL is the base url of the landing page where your institution users can download device profile configurations::
204	b3081a11	Leonidas Poulopoulos
205	b3081a11	Leonidas Poulopoulos	CAT_INSTANCES = (
206	b3081a11	Leonidas Poulopoulos	('production', 'Production Instance'),
207	b3081a11	Leonidas Poulopoulos	('testing', 'Testing Instance'),
208	b3081a11	Leonidas Poulopoulos	('dev1', 'Dev1 Instance'),
209	b3081a11	Leonidas Poulopoulos	)
210	5377fa47	Kroustouris Stauros
211	b3081a11	Leonidas Poulopoulos	CAT_AUTH = {
212	b3081a11	Leonidas Poulopoulos	'production':{"CAT_API_KEY":"<provided API key>",
213	b3081a11	Leonidas Poulopoulos	"CAT_API_URL":"https://cat-test.eduroam.org/test/admin/API.php",
214	b3081a11	Leonidas Poulopoulos	"CAT_PROFILES_URL":"https://cat-test.eduroam.org/test/admin/API.php",
215	b3081a11	Leonidas Poulopoulos	"CAT_FEDMGMT_URL":"https://cat.eduroam.org/admin/overview_federation.php"},
216	b3081a11	Leonidas Poulopoulos	'testing':{"CAT_API_KEY":"<provided API key>",
217	b3081a11	Leonidas Poulopoulos	"CAT_API_URL":"https://cat-test.eduroam.org/test/admin/API.php",
218	b3081a11	Leonidas Poulopoulos	"CAT_PROFILES_URL":"https://cat-test.eduroam.org/test/admin/API.php",
219	b3081a11	Leonidas Poulopoulos	"CAT_FEDMGMT_URL":"https://cat.eduroam.org/admin/overview_federation.php"},
220	b3081a11	Leonidas Poulopoulos	'dev1':{"CAT_API_KEY":"<provided API key>",
221	b3081a11	Leonidas Poulopoulos	"CAT_API_URL":"https://cat-test.eduroam.org/test/admin/API.php",
222	b3081a11	Leonidas Poulopoulos	"CAT_PROFILES_URL":"https://cat-test.eduroam.org/test/admin/API.php",
223	b3081a11	Leonidas Poulopoulos	"CAT_FEDMGMT_URL":"https://cat.eduroam.org/admin/overview_federation.php"},
224	b3081a11	Leonidas Poulopoulos	}
225	b3081a11	Leonidas Poulopoulos
226	b3081a11	Leonidas Poulopoulos	For more administrative info on eduroam CAT, you can visit: `A guide to eduroam CAT for federation administrators <https://confluence.terena.org/display/H2eduroam/A+guide+to+eduroam+CAT+for+federation+administrators>`_.
227	e0184c36	Leonidas Poulopoulos
228	e0184c36	Leonidas Poulopoulos	Database Sync
229	b3081a11	Leonidas Poulopoulos	^^^^^^^^^^^^^
230	e0184c36	Leonidas Poulopoulos
231	e0184c36	Leonidas Poulopoulos	Once you are done with settings.py run::
232	e0184c36	Leonidas Poulopoulos
233	e0184c36	Leonidas Poulopoulos	./manage.py syncdb
234	e0184c36	Leonidas Poulopoulos
235	e0184c36	Leonidas Poulopoulos	Create a superuser, it comes in handy. And then run south migration to complete::
236	e0184c36	Leonidas Poulopoulos
237	e0184c36	Leonidas Poulopoulos	./manage.py migrate
238	e0184c36	Leonidas Poulopoulos
239	e0184c36	Leonidas Poulopoulos	Now you should have a clean database with all the tables created.
240	e0184c36	Leonidas Poulopoulos
241	e0184c36	Leonidas Poulopoulos	Running the server
242	b3081a11	Leonidas Poulopoulos	^^^^^^^^^^^^^^^^^^
243	e0184c36	Leonidas Poulopoulos
244	e0184c36	Leonidas Poulopoulos	We suggest going via Apache with mod_wsgi. Below is an example configuration::
245	e0184c36	Leonidas Poulopoulos
246	1debb48b	Kroustouris Stauros	WSGIDaemonProcess djnro processes=3 threads=20 display-name=%{GROUP} python-path=/path/to/djnro/
247	348febee	Leonidas Poulopoulos	WSGIProcessGroup djnro
248	97801513	Stauros Kroustouris
249	e0184c36	Leonidas Poulopoulos	...
250	97801513	Stauros Kroustouris
251	e0184c36	Leonidas Poulopoulos	<VirtualHost *:443>
252	e0184c36	Leonidas Poulopoulos	ServerName example.com
253	e0184c36	Leonidas Poulopoulos	ServerAdmin admin@example.com
254	e0184c36	Leonidas Poulopoulos	ServerSignature On
255	97801513	Stauros Kroustouris
256	1debb48b	Kroustouris Stauros	<Files wsgi.py>
257	1debb48b	Kroustouris Stauros	Order deny,allow
258	1debb48b	Kroustouris Stauros	Allow from all
259	1debb48b	Kroustouris Stauros	</Files>
260	1debb48b	Kroustouris Stauros
261	1debb48b	Kroustouris Stauros
262	e0184c36	Leonidas Poulopoulos	SSLEngine on
263	e0184c36	Leonidas Poulopoulos	SSLCertificateFile ...
264	e0184c36	Leonidas Poulopoulos	SSLCertificateChainFile ...
265	e0184c36	Leonidas Poulopoulos	SSLCertificateKeyFile ...
266	97801513	Stauros Kroustouris
267	e0184c36	Leonidas Poulopoulos	# Shibboleth SP configuration
268	e0184c36	Leonidas Poulopoulos	ShibConfig /etc/shibboleth/shibboleth2.xml
269	e0184c36	Leonidas Poulopoulos	Alias /shibboleth-sp /usr/share/shibboleth
270	97801513	Stauros Kroustouris
271	e0184c36	Leonidas Poulopoulos	# Integration of Shibboleth into Django app:
272	97801513	Stauros Kroustouris
273	e0184c36	Leonidas Poulopoulos	<Location /login>
274	e0184c36	Leonidas Poulopoulos	AuthType shibboleth
275	e0184c36	Leonidas Poulopoulos	ShibRequireSession On
276	e0184c36	Leonidas Poulopoulos	ShibUseHeaders On
277	e0184c36	Leonidas Poulopoulos	require valid-user
278	e0184c36	Leonidas Poulopoulos	</Location>
279	97801513	Stauros Kroustouris
280	97801513	Stauros Kroustouris
281	e0184c36	Leonidas Poulopoulos	<Location /Shibboleth.sso>
282	e0184c36	Leonidas Poulopoulos	SetHandler shib
283	e0184c36	Leonidas Poulopoulos	</Location>
284	97801513	Stauros Kroustouris
285	97801513	Stauros Kroustouris
286	348febee	Leonidas Poulopoulos	Alias /static /path/to/djnro/static
287	1debb48b	Kroustouris Stauros	WSGIScriptAlias / /path/to/djnro/djnro/wsgi.py
288	cf115eda	Kroustouris Stauros	ErrorLog /var/log/apache2/error.log
289	cf115eda	Kroustouris Stauros	CustomLog /var/log/apache2/access.log combined
290	e0184c36	Leonidas Poulopoulos	</VirtualHost>
291	e0184c36	Leonidas Poulopoulos
292	e0184c36	Leonidas Poulopoulos	Info: It is strongly suggested to allow access to /admin\|overview\|alt-login ONLY from trusted subnets.
293	97801513	Stauros Kroustouris
294	e0184c36	Leonidas Poulopoulos	Once you are done, restart apache.
295	e0184c36	Leonidas Poulopoulos
296	e0184c36	Leonidas Poulopoulos	Initial Data
297	b3081a11	Leonidas Poulopoulos	^^^^^^^^^^^^
298	e0184c36	Leonidas Poulopoulos	What you really need in the first place is a Realm record along with one or more contacts related to that Realm. Go via the Admin interface, and add a Realm (remember to have set the REALM_COUNTRIES in settings.py).
299	e0184c36	Leonidas Poulopoulos	The approach in the application is that the NRO sets the environment for the local eduroam admins. Towards that direction, the NRO has to insert the initial data for his/her clients/institutions in the Institutions Model
300	e0184c36	Leonidas Poulopoulos
301	e0184c36	Leonidas Poulopoulos	Next Steps (Set your Logo)
302	b3081a11	Leonidas Poulopoulos	^^^^^^^^^^^^^^^^^^^^^^^^^^
303	97801513	Stauros Kroustouris	The majority of branding is done via the NRO variables in settings.py. You might also want to change the logo of the application. Inside the static/img/eduroam_branding folder you will find the xcf (Gimp) logo files logo_holder, logo small. Edit with Gimp according to your needs and save as logo_holder.png and logo_small.png inside the static/img folder. To change the domain logo on top right, replace the static/img/right_logo_small.png file with your own logo (86x40).
304	5377fa47	Kroustouris Stauros
305	5377fa47	Kroustouris Stauros	Upgrade Instructions
306	5377fa47	Kroustouris Stauros	^^^^^^^^^^^^^^^^^^^^
307	e5cbe795	Kroustouris Stauros	* Backup your settings.py file.
308	27ac0194	Kroustouris Stauros
309	e5cbe795	Kroustouris Stauros	* Copy loca_settings.py.dist to local_settings.py and fill the configuration according to the settings.py from your v0.8 instance.
310	0ab62c1a	Kroustouris Stauros
311	27ac0194	Kroustouris Stauros	* edit the apache configuration in order to work with the new location of wsgi and
312	27ac0194	Kroustouris Stauros	set the python-path attribute.
313	27ac0194	Kroustouris Stauros
314	27ac0194	Kroustouris Stauros	* remove old wsgi file '/path/to/djnro/apache/django.wsgi'
315	27ac0194	Kroustouris Stauros
316	e5cbe795	Kroustouris Stauros	* remove old settings.py.dist
317	e5cbe795	Kroustouris Stauros
318	d3c0ae1e	Kroustouris Stauros	* remove django-extensions from `INSTALLED_APPS`
319	d3c0ae1e	Kroustouris Stauros
320	d3c0ae1e	Kroustouris Stauros	* Add timeout in cache configuration
321	d3c0ae1e	Kroustouris Stauros
322	d3c0ae1e	Kroustouris Stauros	* Required packages:
323	d3c0ae1e	Kroustouris Stauros
324	d3c0ae1e	Kroustouris Stauros	* python-oauth2
325	d3c0ae1e	Kroustouris Stauros
326	d3c0ae1e	Kroustouris Stauros	* python-requests
327	d3c0ae1e	Kroustouris Stauros
328	d3c0ae1e	Kroustouris Stauros	* python-lxml
329	d3c0ae1e	Kroustouris Stauros
330	d3c0ae1e	Kroustouris Stauros	* python-yaml
331	d3c0ae1e	Kroustouris Stauros
332	d3c0ae1e	Kroustouris Stauros	* run manage.py migrate
333	d3c0ae1e	Kroustouris Stauros
334	0ab62c1a	Kroustouris Stauros
335	0ab62c1a	Kroustouris Stauros	Pip Support
336	0ab62c1a	Kroustouris Stauros	^^^^^^^^^^^^
337	0ab62c1a	Kroustouris Stauros	We have added a requirements.txt file, tested for django 1.4.5. You can use it
338	0ab62c1a	Kroustouris Stauros	with `pip install -r requirements.txt`.
339	d3c0ae1e	Kroustouris Stauros
340	d3c0ae1e	Kroustouris Stauros
341	d3c0ae1e	Kroustouris Stauros	Ldap Authentication
342	d3c0ae1e	Kroustouris Stauros	^^^^^^^^^^^^^^^^^^^
343	d3c0ae1e	Kroustouris Stauros	In case you want to use Ldap authentication::
344	6e7ad679	Kroustouris Stavros
345	d3c0ae1e	Kroustouris Stauros	AUTHENTICATION_BACKENDS = (
346	d3c0ae1e	Kroustouris Stauros	...,
347	d3c0ae1e	Kroustouris Stauros	'django_auth_ldap.backend.LDAPBackend',
348	d3c0ae1e	Kroustouris Stauros	...,
349	d3c0ae1e	Kroustouris Stauros	)
350	d3c0ae1e	Kroustouris Stauros
351	d3c0ae1e	Kroustouris Stauros	# LDAP CONFIG
352	5925e4b8	Kroustouris Stauros	import ldap
353	6e7ad679	Kroustouris Stavros	from django_auth_ldap.config import LDAPSearch, GroupOfNamesType
354	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_BIND_DN = ""
355	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_BIND_PASSWORD = ""
356	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_SERVER_URI = "ldap://foo.bar.org"
357	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_START_TLS = True
358	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_USER_SEARCH = LDAPSearch("ou=People, dc=bar, dc=foo",
359	d3c0ae1e	Kroustouris Stauros	ldap.SCOPE_SUBTREE, "(uid=%(user)s)")
360	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_USER_ATTR_MAP = {
361	d3c0ae1e	Kroustouris Stauros	"first_name":"givenName",
362	d3c0ae1e	Kroustouris Stauros	"last_name": "sn",
363	d3c0ae1e	Kroustouris Stauros	"email": "mail
364	d3c0ae1e	Kroustouris Stauros	}
365	d3c0ae1e	Kroustouris Stauros	# Set up the basic group parameters.
366	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_GROUP_SEARCH = LDAPSearch(
367	d3c0ae1e	Kroustouris Stauros	"ou=Groups,dc=foo,dc=bar,dc=org",ldap.SCOPE_SUBTREE, objectClass=groupOfNames"
368	d3c0ae1e	Kroustouris Stauros	)
369	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_GROUP_TYPE = GroupOfNamesType()
370	d3c0ae1e	Kroustouris Stauros	AUTH_LDAP_USER_FLAGS_BY_GROUP = {
371	d3c0ae1e	Kroustouris Stauros	"is_active": "cn=NOC, ou=Groups, dc=foo, dc=bar, dc=org",
372	d3c0ae1e	Kroustouris Stauros	"is_staff": "cn=staff, ou=Groups, dc=foo, dc=bar, dc=org",
373	d3c0ae1e	Kroustouris Stauros	"is_superuser": "cn=NOC, ou=Groups,dc=foo, dc=bar, dc=org"
374	d3c0ae1e	Kroustouris Stauros	}