root / docs / source / install.rst @ 53b6f8a4
History | View | Annotate | Download (7.9 kB)
1 |
.. _install-label: |
---|---|
2 |
|
3 |
Installation/Configuration |
4 |
========================================================================= |
5 |
.. contents:: |
6 |
|
7 |
Assuming that you have installed all the required packages as described in :ref:`require-label` you can install the djnro platform application. |
8 |
|
9 |
Currently the source code is availiable at code.grnet.gr and can be cloned via git:: |
10 |
|
11 |
git clone https://code.grnet.gr/git/djnro |
12 |
|
13 |
As with the majority of Django projects, settings.py has to be properly configured and then comes the population of the database. |
14 |
|
15 |
* Copy the urls.py.dist to urls.py |
16 |
* Copy the settings.py.dist to settings.py |
17 |
* Copy the apache/django.wsgi.dist to apache/django.wsgi and *edit* according to your needs. |
18 |
|
19 |
Project Settings (settings.py) |
20 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
21 |
|
22 |
The following variables/settings need to be altered or set: |
23 |
|
24 |
Set Admin contacts:: |
25 |
|
26 |
ADMINS = ( |
27 |
('Admin', 'admin@example.com'), |
28 |
) |
29 |
|
30 |
Set the database connection params:: |
31 |
|
32 |
DATABASES = { |
33 |
... |
34 |
} |
35 |
|
36 |
Set your timezone and Languages:: |
37 |
|
38 |
TIME_ZONE = 'Europe/Athens' |
39 |
|
40 |
LANGUAGES = ( |
41 |
('el', _('Greek')), |
42 |
('en', _('English')), |
43 |
) |
44 |
|
45 |
Set your static url:: |
46 |
|
47 |
STATIC_URL = '/example/static' |
48 |
|
49 |
Django social auth needs changes in the Authentication Backends depending on which social auth you want to enable:: |
50 |
|
51 |
AUTHENTICATION_BACKENDS = ( |
52 |
'djnro.djangobackends.shibauthBackend.shibauthBackend', |
53 |
... |
54 |
'django.contrib.auth.backends.ModelBackend', |
55 |
) |
56 |
|
57 |
Set your template dirs:: |
58 |
|
59 |
TEMPLATE_DIRS = ( |
60 |
"/example/templates" |
61 |
# Put strings here, like "/home/html/django_templates" or "C:/www/django/templates". |
62 |
# Always use forward slashes, even on Windows. |
63 |
# Don't forget to use absolute paths, not relative paths. |
64 |
) |
65 |
|
66 |
As the application includes a "Nearest Eduroam" functionality, world eduroam points are harvested via the eduroam.org kml file:: |
67 |
|
68 |
EDUROAM_KML_URL = 'http://monitor.eduroam.org/kml/all.kml' |
69 |
|
70 |
Depending on your AAI policy set an appropriate authEntitlement |
71 |
|
72 |
SHIB_AUTH_ENTITLEMENT = 'urn:mace:example.com:pki:user' |
73 |
|
74 |
Mail server parameters:: |
75 |
|
76 |
SERVER_EMAIL = "Example domain eduroam Service <noreply@example.com>" |
77 |
EMAIL_SUBJECT_PREFIX = "[eduroam] " |
78 |
|
79 |
NRO contact mails:: |
80 |
|
81 |
NOTIFY_ADMIN_MAILS = ["mail1@example.com", "mail2@example.com"] |
82 |
|
83 |
Set your cache backend (if you want to use one):: |
84 |
|
85 |
|
86 |
CACHE_BACKEND = 'memcached://127.0.0.1:11211/?timeout=5184000' |
87 |
|
88 |
Models Name_i18n and URL_i18n include a language choice field |
89 |
If languages are the same with LANGUAGES variable, simply do URL_NAME_LANGS = LANGUAGES else set your own:: |
90 |
|
91 |
URL_NAME_LANGS = ( |
92 |
('en', 'English' ), |
93 |
('el', 'Ελληνικά'), |
94 |
) |
95 |
|
96 |
NRO specific parameters. Affect html templates:: |
97 |
|
98 |
# Frontend country specific vars, eg. Greece |
99 |
NRO_COUNTRY_NAME = _('My Country') |
100 |
# Variable used by context_processor to display the "eduroam | <country_code>" in base.html |
101 |
NRO_COUNTRY_CODE = 'gr' |
102 |
# main domain url used in right top icon, eg. http://www.grnet.gr |
103 |
NRO_DOMAIN_MAIN_URL = "http://www.example.com" |
104 |
# developer info for footer |
105 |
NRO_DEV_BY_DICT = {"name": "EXAMPLE DEV TEAM", "url": "http://devteam.example.com"} |
106 |
#NRO social media contact (Use: // to preserve https) |
107 |
NRO_DEV_SOCIAL_MEDIA_CONTACT = [ |
108 |
{"url":"//soc.media.url", "icon":"icon.png", "name":"NAME1(eg. Facebook)"}, |
109 |
{"url":"//soc.media.url", "icon":"icon.png", "name":"NAME2(eg. Twitter)"}, |
110 |
] |
111 |
# map center (lat, lng) |
112 |
MAP_CENTER = (36.97, 23.71) |
113 |
#Helpdesk, used in base.html: |
114 |
NRO_DOMAIN_HELPDESK_DICT = {"name": _("Domain Helpdesk"), 'email':'helpdesk@example.com', 'phone': '12324567890', 'uri': 'helpdesk.example.com'} |
115 |
|
116 |
Set the Realm country for REALM model:: |
117 |
|
118 |
#Countries for Realm model: |
119 |
REALM_COUNTRIES = ( |
120 |
('country_2letters', 'Country' ), |
121 |
) |
122 |
|
123 |
Shibboleth attribute MAP according to your AAI policy:: |
124 |
|
125 |
#Shibboleth attribute map |
126 |
SHIB_USERNAME = ['HTTP_EPPN'] |
127 |
SHIB_MAIL = ['mail', 'HTTP_MAIL', 'HTTP_SHIB_INETORGPERSON_MAIL'] |
128 |
SHIB_FIRSTNAME = ['HTTP_SHIB_INETORGPERSON_GIVENNAME'] |
129 |
SHIB_LASTNAME = ['HTTP_SHIB_PERSON_SURNAME'] |
130 |
SHIB_ENTITLEMENT = ['HTTP_SHIB_EP_ENTITLEMENT'] |
131 |
|
132 |
Django Social Auth parameters:: |
133 |
|
134 |
TWITTER_CONSUMER_KEY = '' |
135 |
TWITTER_CONSUMER_SECRET = '' |
136 |
|
137 |
FACEBOOK_APP_ID = '' |
138 |
FACEBOOK_API_SECRET = '' |
139 |
|
140 |
LINKEDIN_CONSUMER_KEY = '' |
141 |
LINKEDIN_CONSUMER_SECRET = '' |
142 |
|
143 |
LINKEDIN_SCOPE = ['r_basicprofile', 'r_emailaddress'] |
144 |
LINKEDIN_EXTRA_FIELD_SELECTORS = ['email-address', 'headline', 'industry'] |
145 |
LINKEDIN_EXTRA_DATA = [('id', 'id'), |
146 |
('first-name', 'first_name'), |
147 |
('last-name', 'last_name'), |
148 |
('email-address', 'email_address'), |
149 |
('headline', 'headline'), |
150 |
('industry', 'industry')] |
151 |
|
152 |
YAHOO_CONSUMER_KEY = '' |
153 |
YAHOO_CONSUMER_SECRET = '' |
154 |
|
155 |
GOOGLE_SREG_EXTRA_DATA = [] |
156 |
|
157 |
SOCIAL_AUTH_FORCE_POST_DISCONNECT = True |
158 |
|
159 |
FACEBOOK_EXTENDED_PERMISSIONS = ['email'] |
160 |
|
161 |
SOCIAL_AUTH_LOGIN_REDIRECT_URL = '/manage/' |
162 |
LOGIN_REDIRECT_URL = '/manage/' |
163 |
SOCIAL_AUTH_INACTIVE_USER_URL = '/manage/' |
164 |
|
165 |
SOCIAL_AUTH_FORCE_POST_DISCONNECT = True |
166 |
SOCIAL_AUTH_REDIRECT_IS_HTTPS = True |
167 |
SOCIAL_AUTH_CREATE_USERS = True |
168 |
SOCIAL_AUTH_FORCE_RANDOM_USERNAME = False |
169 |
SOCIAL_AUTH_SANITIZE_REDIRECTS = False |
170 |
|
171 |
|
172 |
|
173 |
SOCIAL_AUTH_PIPELINE = ( |
174 |
'social_auth.backends.pipeline.social.social_auth_user', |
175 |
'social_auth.backends.pipeline.user.get_username', |
176 |
'social_auth.backends.pipeline.user.create_user', |
177 |
'social_auth.backends.pipeline.social.associate_user', |
178 |
'social_auth.backends.pipeline.social.load_extra_data', |
179 |
'social_auth.backends.pipeline.user.update_user_details', |
180 |
) |
181 |
|
182 |
|
183 |
Database Sync |
184 |
^^^^^^^^^^^^^^^^ |
185 |
|
186 |
Once you are done with settings.py run:: |
187 |
|
188 |
./manage.py syncdb |
189 |
|
190 |
Create a superuser, it comes in handy. And then run south migration to complete:: |
191 |
|
192 |
./manage.py migrate |
193 |
|
194 |
Now you should have a clean database with all the tables created. |
195 |
|
196 |
Running the server |
197 |
^^^^^^^^^^^^^^^^^^^ |
198 |
|
199 |
We suggest going via Apache with mod_wsgi. Below is an example configuration:: |
200 |
|
201 |
WSGIDaemonProcess djnro processes=3 threads=20 display-name=%{GROUP} |
202 |
WSGIProcessGroup djnro |
203 |
|
204 |
... |
205 |
|
206 |
<VirtualHost *:443> |
207 |
ServerName example.com |
208 |
ServerAdmin admin@example.com |
209 |
ServerSignature On |
210 |
|
211 |
SSLEngine on |
212 |
SSLCertificateFile ... |
213 |
SSLCertificateChainFile ... |
214 |
SSLCertificateKeyFile ... |
215 |
|
216 |
# Shibboleth SP configuration |
217 |
ShibConfig /etc/shibboleth/shibboleth2.xml |
218 |
Alias /shibboleth-sp /usr/share/shibboleth |
219 |
|
220 |
# Integration of Shibboleth into Django app: |
221 |
|
222 |
<Location /login> |
223 |
AuthType shibboleth |
224 |
ShibRequireSession On |
225 |
ShibUseHeaders On |
226 |
require valid-user |
227 |
</Location> |
228 |
|
229 |
|
230 |
<Location /Shibboleth.sso> |
231 |
SetHandler shib |
232 |
</Location> |
233 |
|
234 |
|
235 |
Alias /static /path/to/djnro/static |
236 |
WSGIScriptAlias / /path/to/djnro/apache/django.wsgi |
237 |
</VirtualHost> |
238 |
|
239 |
*Info*: It is strongly suggested to allow access to /admin|overview|alt-login *ONLY* from trusted subnets. |
240 |
|
241 |
Once you are done, restart apache. |
242 |
|
243 |
Initial Data |
244 |
^^^^^^^^^^^^^^^^ |
245 |
What you really need in the first place is a Realm record along with one or more contacts related to that Realm. Go via the Admin interface, and add a Realm (remember to have set the REALM_COUNTRIES in settings.py). |
246 |
The approach in the application is that the NRO sets the environment for the local eduroam admins. Towards that direction, the NRO has to insert the initial data for his/her clients/institutions in the *Institutions* Model |
247 |
|
248 |
Next Steps (Set your Logo) |
249 |
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
250 |
The majority of branding is done via the NRO variables in settings.py. You might also want to change the logo of the application. Inside the static/img/eduroam_branding folder you will find the xcf (Gimp) logo files logo_holder, logo small. Edit with Gimp according to your needs and save as logo_holder.png and logo_small.png inside the static/img folder. To change the domain logo on top right, replace the static/img/right_logo_small.png file with your own logo (86x40). |