diff options
Diffstat (limited to 'rpkid')
| -rw-r--r-- | rpkid/Makefile.in | 21 | ||||
| -rw-r--r-- | rpkid/portal-gui/Makefile.in | 82 | ||||
| -rw-r--r-- | rpkid/portal-gui/README | 214 | ||||
| -rw-r--r-- | rpkid/portal-gui/README.apache | 34 | ||||
| -rw-r--r-- | rpkid/portal-gui/apache/rpki.conf.in | 29 | ||||
| -rw-r--r-- | rpkid/portal-gui/apache/rpki.wsgi | 27 | ||||
| -rw-r--r-- | rpkid/portal-gui/media/img/my.png | bin | 0 -> 10307 bytes | |||
| -rw-r--r-- | rpkid/portal-gui/media/img/rpki.png | bin | 0 -> 28820 bytes | |||
| -rw-r--r-- | rpkid/portal-gui/templates/base.html | 24 | ||||
| -rw-r--r-- | rpkid/portal-gui/templates/registration/login.html | 26 |
10 files changed, 448 insertions, 9 deletions
diff --git a/rpkid/Makefile.in b/rpkid/Makefile.in index 317149fc..b474f606 100644 --- a/rpkid/Makefile.in +++ b/rpkid/Makefile.in @@ -41,12 +41,12 @@ SETUP_PY = \ POW_SO = rpki/POW/_POW.so SCRIPTS = rpki-sql-backup rpki-sql-setup rpki-start-servers irbe_cli irdbd myrpki \ - pubd rootd rpkid rpki/gui/scripts/rpkigui-load-csv rpki/gui/scripts/rpkigui-add-user \ - rpki/gui/scripts/rpkigui-response + pubd rootd rpkid portal-gui/rpkigui-load-csv portal-gui/rpkigui-add-user \ + portal-gui/rpkigui-response -AUX_SCRIPTS = rpki/gui/scripts/rpkigui-list-resources +AUX_SCRIPTS = portal-gui/rpkigui-list-resources -all: ${POW_SO} rpki/relaxng.py myrpki.rng ${SCRIPTS} ${AUX_SCRIPTS} rpki/gui/settings.py +all: ${POW_SO} rpki/relaxng.py myrpki.rng ${SCRIPTS} ${AUX_SCRIPTS} rpki/gui/settings.py rpki/gui/app/settings.py ${POW_SO}: ext/POW.c setup.py ${SETUP_PY} build_ext --inplace @@ -186,7 +186,6 @@ COMPILE_PYWRAP = AC_PYTHON_INTERPRETER='${PYWRAP}'; ${COMPILE_COMMON} COMPILE_SETTINGS = \ if test -r $@; then chmod u+w $@; else :; fi; \ AC_DATABASE_PATH='${localstatedir}/rpki/gui.db' \ - AC_TEMPLATE_DIR=${datarootdir}/rpki/gui/templates \ AC_SECRET_KEY='${SECRET_KEY}' \ AC_MYRPKI='${sbindir}/myrpki' \ AC_LOCALSTATEDIR='${localstatedir}' \ @@ -221,18 +220,22 @@ rootd: rootd.py rpkid: rpkid.py ${COMPILE_PYWRAP} -rpki/gui/scripts/rpkigui-list-resources: rpki/gui/scripts/list_resources.py +portal-gui/rpkigui-list-resources: portal-gui/list_resources.py ${COMPILE_PYTHON} -rpki/gui/scripts/rpkigui-load-csv: rpki/gui/scripts/load_csv.py +portal-gui/rpkigui-load-csv: portal-gui/load_csv.py ${COMPILE_PYTHON} -rpki/gui/scripts/rpkigui-add-user: rpki/gui/scripts/adduser.py +portal-gui/rpkigui-add-user: portal-gui/adduser.py ${COMPILE_PYTHON} -rpki/gui/scripts/rpkigui-response: rpki/gui/scripts/rpkigui-response.py +portal-gui/rpkigui-response: portal-gui/scripts/rpkigui-response.py ${COMPILE_PYTHON} rpki/gui/settings.py: ${srcdir}/rpki/gui/settings.py.in rm -f $@ ${COMPILE_SETTINGS} + +rpki/gui/app/settings.py: ${srcdir}/rpki/gui/app/settings.py.in + rm -f $@ + ${COMPILE_SETTINGS} diff --git a/rpkid/portal-gui/Makefile.in b/rpkid/portal-gui/Makefile.in new file mode 100644 index 00000000..c5b45b21 --- /dev/null +++ b/rpkid/portal-gui/Makefile.in @@ -0,0 +1,82 @@ +# $Id$ +# +# @configure_input@ + +abs_top_srcdir = @abs_top_srcdir@ +abs_top_builddir = @abs_top_builddir@ +srcdir=@srcdir@ +prefix=@prefix@ +exec_prefix=@exec_prefix@ +datarootdir=@datarootdir@ +datadir=@datadir@ +localstatedir=@localstatedir@ +sharedstatedir=@sharedstatedir@ +bindir=@bindir@ +sbindir=@sbindir@ +libexecdir=@libexecdir@ + +PYTHON=@PYTHON@ +WEBUSER=@WEBUSER@ +DJANGO_ADMIN=@DJANGO_ADMIN@ + +CONFDIR=$(localstatedir)/rpki/conf +DATABASE_PATH=$(localstatedir)/rpki/gui.db +INSTDIR=$(datarootdir)/rpki/gui +TEMPLATEDIR=$(INSTDIR)/templates + +# automatically built sources +BUILD=apache/rpki.conf + +all: $(BUILD) + +clean: + @true + +distclean: clean + rm -f $(BUILD) + rm -f Makefile + +edit = sed \ + -e 's|@INSTDIR[@]|$(INSTDIR)|g' + +apache/rpki.conf: $(srcdir)/apache/rpki.conf.in Makefile + $(edit) $@.in > $@ + +.PHONY: install-perms install-data install install-templates + +install-perms: + chown $(WEBUSER) `dirname $(DATABASE_PATH)` + chown $(WEBUSER) $(DATABASE_PATH) + mkdir -p $(CONFDIR) + chown -R $(WEBUSER) $(CONFDIR) + +install-apache: + install -d -m 755 $(INSTDIR)/apache + install -m 644 apache/rpki.conf $(INSTDIR)/apache + install -m 644 apache/rpki.wsgi $(INSTDIR)/apache + +install-templates: + install -d -m 755 $(TEMPLATEDIR)/myrpki + install -m 644 templates/base.html $(TEMPLATEDIR) + install -m 644 templates/myrpki/asn_view.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/child_view.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/conf_empty.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/conf_list.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/dashboard.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/parent_view.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/prefix_view.html $(TEMPLATEDIR)/myrpki + install -m 644 templates/myrpki/xml_import.html $(TEMPLATEDIR)/myrpki + install -d -m 755 $(TEMPLATEDIR)/registration + install -m 644 templates/registration/login.html $(TEMPLATEDIR)/registration + +install-data: $(BUILD) install-apache install-templates + mkdir -p `dirname $(DATABASE_PATH)` + $(DJANGO_ADMIN) syncdb --settings rpki.gui.settings + +install: install-data install-perms + +deinstall uninstall: + rm -r $(INSTDIR) + +test: + @true diff --git a/rpkid/portal-gui/README b/rpkid/portal-gui/README new file mode 100644 index 00000000..f3f1ebcd --- /dev/null +++ b/rpkid/portal-gui/README @@ -0,0 +1,214 @@ +$Id$ + +Portal GUI (web interface), written using the rpki Python libraries +and the Django web development framework. + +This is still in early development, but there's a lot of general +information about Django at http://www.djangoproject.com/ + +This package is an interface to rpkid and friends, so it assumes that +you'll be running rpkid. If you haven't already done so, you should +set up rpkid first; see ../rpkid/doc/Installation. + +=== Assumptions === + +This is a list of the assumptions the current portal-gui code makes: + +1) There will be at least one resource holder which runs rpkid. In +rpki parlance, it is "self-hosted." + +2) The myrpki.py command line tool will handle all the heavy lifting, +so it must be present on the installed system. + +3) There is a subdirectory for each resource holder served by the +portal-gui under ${localstatedir}/rpki/conf (typically this is +/usr/local/var/rpki/conf). Each subdirectory contains the files +associated with each resource holder (eg. rpki.conf, csv files). For +example, if the portal gui is configured to serve Alice, Bob and +Carol, the directory structure will look something like: + + /usr/local/var/rpki/conf/Alice/asns.csv + /usr/local/var/rpki/conf/Alice/bpki/ + /usr/local/var/rpki/conf/Alice/entitydb/ + /usr/local/var/rpki/conf/Alice/prefixes.csv + /usr/local/var/rpki/conf/Alice/roas.csv + /usr/local/var/rpki/conf/Alice/rpki.conf + + /usr/local/var/rpki/conf/Bob/asns.csv + /usr/local/var/rpki/conf/Bob/bpki/ + /usr/local/var/rpki/conf/Bob/entitydb/ + /usr/local/var/rpki/conf/Bob/prefixes.csv + /usr/local/var/rpki/conf/Bob/roas.csv + /usr/local/var/rpki/conf/Bob/rpki.conf + + /usr/local/var/rpki/conf/Carol/asns.csv + /usr/local/var/rpki/conf/Carol/bpki/ + /usr/local/var/rpki/conf/Carol/entitydb/ + /usr/local/var/rpki/conf/Carol/prefixes.csv + /usr/local/var/rpki/conf/Carol/roas.csv + /usr/local/var/rpki/conf/Carol/rpki.conf + +=== Prerequisites === + +- install Django + +First, you must install Django 1.2 or greater on your system (Django 1.1 may +work, but you will need to disable to CsrfMiddleware in settings.py). + +Fedora: yum install Django + +- the portal-gui must be run using Apache with mod_wsgi + +Fedora: yum install httpd mod_wsgi + +- for security, mod_ssl is recommended + +Fedora: yum install mod_ssl + +==== Installation === + +The portal-gui is configured and installed using the Makefile in the +top level directory of the rpki tools. + +At the end of the installation process, the django-admin.py script +will prompt you to create a superuser. You want to say "yes" to this +prompt. The superuser account can be named whatever you want. The +superuser account is not necessary, but is useful because you can use +Django's admin views (via the /admin/ URL) to inspect the portal-gui's +database directly, which may be useful for debugging. It also allows +you to log into any of the resource handle accounts served by the +portal-gui. (n.b. this superuser account should be different from +the user account for the resource handle that is self-hosted on your +rpkid). + +- configure Apache to serve the portal-gui + +See $top/portal-gui/README.apache + +=== rpkigui-list-resources helper script === + +The portal-gui does not directly talk to the rpkid server. Instead, +there is a command line script named "rpkigui-list-resources" which +talks to rpkid and updates the portal-gui database with information +that has changed. For testing purposes, this script can be run by +hand. However, for deployment you will need to set up a cron job to +run this script periodically. By default, this script is installed in +${libexecdir}, which is typically /usr/local/libexec. + +NOTE that "rpkigui-list-resources" *MUST* be run in the directory +where the rpki.conf for the resource handle that is self-hosting the +rpkid. Alternatively, you can set the $RPKI_CONF environment +variable to full pathname of the rpki.conf for the self-hosted +resource handle (However, in order for this to work, you need to +specify the full path name for "bpki_servers_directory" variable in +your rpki.conf.) + +The first time you invoke it, you may wish to use the -v option, which +puts rpkigui-list-resources into verbose mode, meaning it will display +progress information. Normally, this script is intended to be invoked +via cron, so it is silent unless an error occurs: + + /usr/local/libexec/rpkigui-list-resources -v + +You may wish to create a script which is invoked by cron: + + #!/bin/sh + + # self-host resource handle + self_handle=FOO + + # <directory containing rpki.conf for the self-hosted rpkid> + cd /usr/local/var/rpki/conf/$self_handle + + /usr/local/libexec/rpkigui-list-resources + +This script probably only needs to be run infrequently. It's sole +purpose is to query rpkid to ask what resources and children are +configured for each resource handle. This information does not change +often. + +=== Load existing data === + +If you already have delegated resources to children, or created ROAs +in the .csv files for the myrpki.py command line tool, you will want +to load the portal-gui with this information. There is a helper +script for doing this step. Simply chdir to the directory containing +your rpki.conf and .csv files and run: + + $ cd /usr/local/var/conf/<handle> + $ /usr/local/sbin/rpkigui-load-csv + +NOTE that you must run the "rpkigui-list-resources" script *prior* to +using "rpkigui-load-csv" or you will get errors because portal-gui +won't yet know about which handles it is serving. + +You should run "rpkigui-load-csv" in *EACH* of your directories for +each handle. + +=== Starting the Portal GUI === + +If you have configured Django to use Apache and mod_wsgi, you just +need to start your web server. + +Simply navigate to /rpki/ on your web server and you will be presented +with the portal-gui's login page. + +=== Creating Users === + +The portal-gui's security model allows the use of separate logins to +manage each resource handle. Each resource handle needs to be +configured to allow one or more users to manage it. This is +accomplished by using the "rpkigui-add-user" script that is installed +with the portal-gui in ${sbindir} (eg. /usr/local/sbin). + +To create users, run the "rpkigui-add-user" script. The script takes +three arguments: 1) the username for the new account, 2) the email +address for the human that owns the account, and 3) the handle of the +self-hosted resource holder who is hosting this user (for self-hosted +users, specify the same username for the "host handle"). + +Example: + + # /usr/local/sbin/rpkigui-add-user Dave nobody@example.com John + +=== Optional - Specify additional resource handles for a portal-gui user === + +You can configure which users are allowed to manage a particular +resource handle once you have performed the "rpkigui-list-resources" +step described above to populate the database: + + - navigate to http://<ip:port>/admin/app/conf/ + - log in as the portal-gui superuser using the password you + specified during the install step above + - click on the link for the handle you wish to change + - locate the "Owner" section + - select one or more users to manage the handle + - click on the "Save" button + +=== Debugging Tips === + +The portal-gui is still in development. As such, problems may arise. +Occasionally, portal-gui fails to appropriately validate data that it +puts into its Django db. This may cause exceptions to be thrown, as +the code assumes that data in the database is already valid. You can +delete specific data from the Django database using Django's built-in +admininstrative interface. It's available by navigating to the +/admin/app/ URL and logging in as the superuser account. Here you +will find a list of all the tables used by the portal-gui. + +If you are updating from the subversion repository, there may +occasionally be changes in the portal-gui's database schema that +require a complete reset of the database before it will function. +Don't worry about losing data, because rpkigui-list-resources and +rpkigui-load-csv can be run again to populate the database with your +data. + +Here are the steps for reseting to the initial state: + + $ django-admin.py reset --settings=rpki.gui.settings + + >>> answer "yes" to really reset it <<< + + $ cd /usr/local/var/rpki/conf/<directory containing rpki.conf for the self-hosted rpkid> + $ /usr/local/libexec/rpkigui-list-resources -v + $ /usr/local/libexec/rpkigui-load-csv diff --git a/rpkid/portal-gui/README.apache b/rpkid/portal-gui/README.apache new file mode 100644 index 00000000..2955061a --- /dev/null +++ b/rpkid/portal-gui/README.apache @@ -0,0 +1,34 @@ +$Id$ + +This file details how to configure apache+mod_wsgi to serve the +portal-gui. + +The web interface must be deployed to work with an existing web +server. Instructions for using Django with Apache and mod_wsgi can be +found at +http://docs.djangoproject.com/en/1.2/howto/deployment/modwsgi/#howto-deployment-modwsgi + +Setup +===== + +- Follow the steps in detailed in the $top/portal-gui/README file to + set up the portal-gui for the self-hosted resource handle that runs + rpkid. + +- After running "make" in $top/portal-gui, there will be a file named + $top/portal-gui/apache/rpki.conf. This is a configuration file for + Apache which does most of the work configuring the portal-gui to + run under mod_wsgi. + +You may need to edit the paths for Django if they are installed in a +different location on your host. Note that this is only necessary if +you wish to use the Django admin web console. The portal-gui itself +will operate correctly even if this path is wrong. + +NOTE: Apache loads the configuration files sorted alphabetically. +Thus, you need to ensure that your file is renamed as appropriate for +your environment. + + Fedora: + $ cp $top/portal-gui/apache/rpki.conf /etc/httpd/conf.d/wsgi-rpki.conf + $ service httpd restart diff --git a/rpkid/portal-gui/apache/rpki.conf.in b/rpkid/portal-gui/apache/rpki.conf.in new file mode 100644 index 00000000..3dc2974f --- /dev/null +++ b/rpkid/portal-gui/apache/rpki.conf.in @@ -0,0 +1,29 @@ +# $Id$ +# +# Sample apache configuration file for using the portal-gui with +# mod_wsgi + +# +# Configure the WSGI application to run as a separate process from the +# Apache daemon itself. +# +#WSGIDaemonProcess rpki processes=2 +#WSGIProcessGroup rpki + +# +# Defines the URL to the portal-gui +# +WSGIScriptAlias / @INSTDIR@/apache/rpki.wsgi +<Directory @INSTDIR@/rpkigui> +Order deny,allow +Allow from all +</Directory> + +# media for the /admin/ site +Alias /media/ /usr/lib/python2.6/site-packages/django/contrib/admin/media/ +<Directory /usr/lib/python2.6/site-packages/django/contrib/admin/media> +Order allow,deny +Allow from all +</Directory> + +# vim:ft=apache diff --git a/rpkid/portal-gui/apache/rpki.wsgi b/rpkid/portal-gui/apache/rpki.wsgi new file mode 100644 index 00000000..0a7797a7 --- /dev/null +++ b/rpkid/portal-gui/apache/rpki.wsgi @@ -0,0 +1,27 @@ +# $Id$ +""" +Copyright (C) 2010, 2011 SPARTA, Inc. dba Cobham Analytic Solutions + +Permission to use, copy, modify, and distribute this software for any +purpose with or without fee is hereby granted, provided that the above +copyright notice and this permission notice appear in all copies. + +THE SOFTWARE IS PROVIDED "AS IS" AND SPARTA DISCLAIMS ALL WARRANTIES WITH +REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +AND FITNESS. IN NO EVENT SHALL SPARTA BE LIABLE FOR ANY SPECIAL, DIRECT, +INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +PERFORMANCE OF THIS SOFTWARE. + + +This is an example wsgi application for use with mod_wsgi and apache. + +""" + +import os + +os.environ['DJANGO_SETTINGS_MODULE'] = 'rpki.gui.settings' + +import django.core.handlers.wsgi +application = django.core.handlers.wsgi.WSGIHandler() diff --git a/rpkid/portal-gui/media/img/my.png b/rpkid/portal-gui/media/img/my.png Binary files differnew file mode 100644 index 00000000..c4d1378e --- /dev/null +++ b/rpkid/portal-gui/media/img/my.png diff --git a/rpkid/portal-gui/media/img/rpki.png b/rpkid/portal-gui/media/img/rpki.png Binary files differnew file mode 100644 index 00000000..31351980 --- /dev/null +++ b/rpkid/portal-gui/media/img/rpki.png diff --git a/rpkid/portal-gui/templates/base.html b/rpkid/portal-gui/templates/base.html new file mode 100644 index 00000000..a096cdca --- /dev/null +++ b/rpkid/portal-gui/templates/base.html @@ -0,0 +1,24 @@ +<html> +<head> + <title>{% block title %}MyRPKI{% endblock %}</title> + {% block head %}{% endblock %} + <style type="text/css"> + {% block css %}{% endblock %} + </style> +</head> +<body> + <div id="header"> + <h1>RPKI Portal GUI</h1> + </div> + <div id="content"> + {% if user.is_authenticated %} + <span style="float: right; font-size: 80%;">Logged in as {{ user }} | + {% if user.is_staff %}<a href="/admin/">admin</a> |{% endif %} + <a href="{% url django.contrib.auth.views.logout %}">Log Out</a></span> + {% else %} + <span style="float: right; font-size: 80%;"><a href="{% url django.contrib.auth.views.login %}">Log In</a></span> + {% endif %} + {% block content %}{% endblock %} + </div> +</body> +</html> diff --git a/rpkid/portal-gui/templates/registration/login.html b/rpkid/portal-gui/templates/registration/login.html new file mode 100644 index 00000000..86b5392a --- /dev/null +++ b/rpkid/portal-gui/templates/registration/login.html @@ -0,0 +1,26 @@ +{% extends "base.html" %} + +{% block content %} + +{% if form.errors %} +<p>Your username and password didn't match. Please try again.</p> +{% endif %} + +<form method="post" action="{% url django.contrib.auth.views.login %}"> +<table> +<tr> + <td>{{ form.username.label_tag }}</td> + <td>{{ form.username }}</td> +</tr> +<tr> + <td>{{ form.password.label_tag }}</td> + <td>{{ form.password }}</td> +</tr> +</table> + +<input type="submit" value="login" /> +<input type="hidden" name="next" value="{{ next }}" /> +</form> + +{% endblock %} + |
