root / docs / source / install.rst @ 53b6f8a4
History | View | Annotate | Download (7.9 kB)
| 1 |
.. _install-label: |
|---|---|
| 2 |
|
| 3 |
Installation/Configuration |
| 4 |
========================================================================= |
| 5 |
.. contents:: |
| 6 |
|
| 7 |
Assuming that you have installed all the required packages as described in :ref:`require-label` you can install the djnro platform application. |
| 8 |
|
| 9 |
Currently the source code is availiable at code.grnet.gr and can be cloned via git:: |
| 10 |
|
| 11 |
git clone https://code.grnet.gr/git/djnro |
| 12 |
|
| 13 |
As with the majority of Django projects, settings.py has to be properly configured and then comes the population of the database. |
| 14 |
|
| 15 |
* Copy the urls.py.dist to urls.py |
| 16 |
* Copy the settings.py.dist to settings.py |
| 17 |
* Copy the apache/django.wsgi.dist to apache/django.wsgi and *edit* according to your needs. |
| 18 |
|
| 19 |
Project Settings (settings.py) |
| 20 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 21 |
|
| 22 |
The following variables/settings need to be altered or set: |
| 23 |
|
| 24 |
Set Admin contacts:: |
| 25 |
|
| 26 |
ADMINS = ( |
| 27 |
('Admin', 'admin@example.com'),
|
| 28 |
) |
| 29 |
|
| 30 |
Set the database connection params:: |
| 31 |
|
| 32 |
DATABASES = {
|
| 33 |
... |
| 34 |
} |
| 35 |
|
| 36 |
Set your timezone and Languages:: |
| 37 |
|
| 38 |
TIME_ZONE = 'Europe/Athens' |
| 39 |
|
| 40 |
LANGUAGES = ( |
| 41 |
('el', _('Greek')),
|
| 42 |
('en', _('English')),
|
| 43 |
) |
| 44 |
|
| 45 |
Set your static url:: |
| 46 |
|
| 47 |
STATIC_URL = '/example/static' |
| 48 |
|
| 49 |
Django social auth needs changes in the Authentication Backends depending on which social auth you want to enable:: |
| 50 |
|
| 51 |
AUTHENTICATION_BACKENDS = ( |
| 52 |
'djnro.djangobackends.shibauthBackend.shibauthBackend', |
| 53 |
... |
| 54 |
'django.contrib.auth.backends.ModelBackend', |
| 55 |
) |
| 56 |
|
| 57 |
Set your template dirs:: |
| 58 |
|
| 59 |
TEMPLATE_DIRS = ( |
| 60 |
"/example/templates" |
| 61 |
# Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". |
| 62 |
# Always use forward slashes, even on Windows. |
| 63 |
# Don't forget to use absolute paths, not relative paths. |
| 64 |
) |
| 65 |
|
| 66 |
As the application includes a "Nearest Eduroam" functionality, world eduroam points are harvested via the eduroam.org kml file:: |
| 67 |
|
| 68 |
EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml' |
| 69 |
|
| 70 |
Depending on your AAI policy set an appropriate authEntitlement |
| 71 |
|
| 72 |
SHIB_AUTH_ENTITLEMENT = 'urn:mace:example.com:pki:user' |
| 73 |
|
| 74 |
Mail server parameters:: |
| 75 |
|
| 76 |
SERVER_EMAIL = "Example domain eduroam Service <noreply@example.com>" |
| 77 |
EMAIL_SUBJECT_PREFIX = "[eduroam] " |
| 78 |
|
| 79 |
NRO contact mails:: |
| 80 |
|
| 81 |
NOTIFY_ADMIN_MAILS = ["mail1@example.com", "mail2@example.com"] |
| 82 |
|
| 83 |
Set your cache backend (if you want to use one):: |
| 84 |
|
| 85 |
|
| 86 |
CACHE_BACKEND = 'memcached://127.0.0.1:11211/?timeout=5184000' |
| 87 |
|
| 88 |
Models Name_i18n and URL_i18n include a language choice field |
| 89 |
If languages are the same with LANGUAGES variable, simply do URL_NAME_LANGS = LANGUAGES else set your own:: |
| 90 |
|
| 91 |
URL_NAME_LANGS = ( |
| 92 |
('en', 'English' ),
|
| 93 |
('el', 'Ελληνικά'),
|
| 94 |
) |
| 95 |
|
| 96 |
NRO specific parameters. Affect html templates:: |
| 97 |
|
| 98 |
# Frontend country specific vars, eg. Greece |
| 99 |
NRO_COUNTRY_NAME = _('My Country')
|
| 100 |
# Variable used by context_processor to display the "eduroam | <country_code>" in base.html |
| 101 |
NRO_COUNTRY_CODE = 'gr' |
| 102 |
# main domain url used in right top icon, eg. http://www.grnet.gr |
| 103 |
NRO_DOMAIN_MAIN_URL = "http://www.example.com" |
| 104 |
# developer info for footer |
| 105 |
NRO_DEV_BY_DICT = {"name": "EXAMPLE DEV TEAM", "url": "http://devteam.example.com"}
|
| 106 |
#NRO social media contact (Use: // to preserve https) |
| 107 |
NRO_DEV_SOCIAL_MEDIA_CONTACT = [ |
| 108 |
{"url":"//soc.media.url", "icon":"icon.png", "name":"NAME1(eg. Facebook)"},
|
| 109 |
{"url":"//soc.media.url", "icon":"icon.png", "name":"NAME2(eg. Twitter)"},
|
| 110 |
] |
| 111 |
# map center (lat, lng) |
| 112 |
MAP_CENTER = (36.97, 23.71) |
| 113 |
#Helpdesk, used in base.html: |
| 114 |
NRO_DOMAIN_HELPDESK_DICT = {"name": _("Domain Helpdesk"), 'email':'helpdesk@example.com', 'phone': '12324567890', 'uri': 'helpdesk.example.com'}
|
| 115 |
|
| 116 |
Set the Realm country for REALM model:: |
| 117 |
|
| 118 |
#Countries for Realm model: |
| 119 |
REALM_COUNTRIES = ( |
| 120 |
('country_2letters', 'Country' ),
|
| 121 |
) |
| 122 |
|
| 123 |
Shibboleth attribute MAP according to your AAI policy:: |
| 124 |
|
| 125 |
#Shibboleth attribute map |
| 126 |
SHIB_USERNAME = ['HTTP_EPPN'] |
| 127 |
SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL'] |
| 128 |
SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME'] |
| 129 |
SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME'] |
| 130 |
SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT'] |
| 131 |
|
| 132 |
Django Social Auth parameters:: |
| 133 |
|
| 134 |
TWITTER_CONSUMER_KEY = '' |
| 135 |
TWITTER_CONSUMER_SECRET = '' |
| 136 |
|
| 137 |
FACEBOOK_APP_ID = '' |
| 138 |
FACEBOOK_API_SECRET = '' |
| 139 |
|
| 140 |
LINKEDIN_CONSUMER_KEY = '' |
| 141 |
LINKEDIN_CONSUMER_SECRET = '' |
| 142 |
|
| 143 |
LINKEDIN_SCOPE = ['r_basicprofile', 'r_emailaddress'] |
| 144 |
LINKEDIN_EXTRA_FIELD_SELECTORS = ['email-address', 'headline', 'industry'] |
| 145 |
LINKEDIN_EXTRA_DATA = [('id', 'id'),
|
| 146 |
('first-name', 'first_name'),
|
| 147 |
('last-name', 'last_name'),
|
| 148 |
('email-address', 'email_address'),
|
| 149 |
('headline', 'headline'),
|
| 150 |
('industry', 'industry')]
|
| 151 |
|
| 152 |
YAHOO_CONSUMER_KEY = '' |
| 153 |
YAHOO_CONSUMER_SECRET = '' |
| 154 |
|
| 155 |
GOOGLE_SREG_EXTRA_DATA = [] |
| 156 |
|
| 157 |
SOCIAL_AUTH_FORCE_POST_DISCONNECT = True |
| 158 |
|
| 159 |
FACEBOOK_EXTENDED_PERMISSIONS = ['email'] |
| 160 |
|
| 161 |
SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/manage/' |
| 162 |
LOGIN_REDIRECT_URL = '/manage/' |
| 163 |
SOCIAL_AUTH_INACTIVE_USER_URL = '/manage/' |
| 164 |
|
| 165 |
SOCIAL_AUTH_FORCE_POST_DISCONNECT = True |
| 166 |
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True |
| 167 |
SOCIAL_AUTH_CREATE_USERS = True |
| 168 |
SOCIAL_AUTH_FORCE_RANDOM_USERNAME = False |
| 169 |
SOCIAL_AUTH_SANITIZE_REDIRECTS = False |
| 170 |
|
| 171 |
|
| 172 |
|
| 173 |
SOCIAL_AUTH_PIPELINE = ( |
| 174 |
'social_auth.backends.pipeline.social.social_auth_user', |
| 175 |
'social_auth.backends.pipeline.user.get_username', |
| 176 |
'social_auth.backends.pipeline.user.create_user', |
| 177 |
'social_auth.backends.pipeline.social.associate_user', |
| 178 |
'social_auth.backends.pipeline.social.load_extra_data', |
| 179 |
'social_auth.backends.pipeline.user.update_user_details', |
| 180 |
) |
| 181 |
|
| 182 |
|
| 183 |
Database Sync |
| 184 |
^^^^^^^^^^^^^^^^ |
| 185 |
|
| 186 |
Once you are done with settings.py run:: |
| 187 |
|
| 188 |
./manage.py syncdb |
| 189 |
|
| 190 |
Create a superuser, it comes in handy. And then run south migration to complete:: |
| 191 |
|
| 192 |
./manage.py migrate |
| 193 |
|
| 194 |
Now you should have a clean database with all the tables created. |
| 195 |
|
| 196 |
Running the server |
| 197 |
^^^^^^^^^^^^^^^^^^^ |
| 198 |
|
| 199 |
We suggest going via Apache with mod_wsgi. Below is an example configuration:: |
| 200 |
|
| 201 |
WSGIDaemonProcess djnro processes=3 threads=20 display-name=%{GROUP}
|
| 202 |
WSGIProcessGroup djnro |
| 203 |
|
| 204 |
... |
| 205 |
|
| 206 |
<VirtualHost *:443> |
| 207 |
ServerName example.com |
| 208 |
ServerAdmin admin@example.com |
| 209 |
ServerSignature On |
| 210 |
|
| 211 |
SSLEngine on |
| 212 |
SSLCertificateFile ... |
| 213 |
SSLCertificateChainFile ... |
| 214 |
SSLCertificateKeyFile ... |
| 215 |
|
| 216 |
# Shibboleth SP configuration |
| 217 |
ShibConfig /etc/shibboleth/shibboleth2.xml |
| 218 |
Alias /shibboleth-sp /usr/share/shibboleth |
| 219 |
|
| 220 |
# Integration of Shibboleth into Django app: |
| 221 |
|
| 222 |
<Location /login> |
| 223 |
AuthType shibboleth |
| 224 |
ShibRequireSession On |
| 225 |
ShibUseHeaders On |
| 226 |
require valid-user |
| 227 |
</Location> |
| 228 |
|
| 229 |
|
| 230 |
<Location /Shibboleth.sso> |
| 231 |
SetHandler shib |
| 232 |
</Location> |
| 233 |
|
| 234 |
|
| 235 |
Alias /static /path/to/djnro/static |
| 236 |
WSGIScriptAlias / /path/to/djnro/apache/django.wsgi |
| 237 |
</VirtualHost> |
| 238 |
|
| 239 |
*Info*: It is strongly suggested to allow access to /admin|overview|alt-login *ONLY* from trusted subnets. |
| 240 |
|
| 241 |
Once you are done, restart apache. |
| 242 |
|
| 243 |
Initial Data |
| 244 |
^^^^^^^^^^^^^^^^ |
| 245 |
What you really need in the first place is a Realm record along with one or more contacts related to that Realm. Go via the Admin interface, and add a Realm (remember to have set the REALM_COUNTRIES in settings.py). |
| 246 |
The approach in the application is that the NRO sets the environment for the local eduroam admins. Towards that direction, the NRO has to insert the initial data for his/her clients/institutions in the *Institutions* Model |
| 247 |
|
| 248 |
Next Steps (Set your Logo) |
| 249 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 250 |
The majority of branding is done via the NRO variables in settings.py. You might also want to change the logo of the application. Inside the static/img/eduroam_branding folder you will find the xcf (Gimp) logo files logo_holder, logo small. Edit with Gimp according to your needs and save as logo_holder.png and logo_small.png inside the static/img folder. To change the domain logo on top right, replace the static/img/right_logo_small.png file with your own logo (86x40). |