Hostea
/
july-mvp
3
2
Fork 0
Code Issues 6 Pull Requests Projects Releases Wiki Activity

Operations: dynamic website #35

New Issue
Closed
opened 2022-05-16 11:54:05 +00:00 by dachary · 7 comments
dachary commented 2022-05-16 11:54:05 +00:00
Owner

Create a Enough playbook to deploy the dynamic part of Hostea based on Django

Create a Enough playbook to deploy the dynamic part of Hostea based on Django
dachary added the
operations
 label 2022-05-16 11:54:05 +00:00
dachary self-assigned this 2022-05-16 11:54:05 +00:00
dachary added a new dependency 2022-05-16 11:57:12 +00:00
#11 Billing : payment system
dachary commented 2022-06-15 10:01:08 +00:00
Poster
Owner

@realaravinth I'll make a playbook in Enough to deploy the dashboard. I'll deploy it in a dedicated virtual machine as per the documentation. With monitoring and tests limited to verifying it shows a page. Does that sound like a sensible first step ?

@realaravinth I'll make a playbook in Enough to deploy [the dashboard](https://gitea.hostea.org/Hostea/dashboard). I'll deploy it in a dedicated virtual machine as per [the documentation](https://gitea.hostea.org/Hostea/dashboard/src/branch/master/docs). With monitoring and tests limited to verifying it shows a page. Does that sound like a sensible first step ?
dachary added spent time 2022-06-15 10:01:12 +00:00
10min
dachary commented 2022-06-15 16:37:02 +00:00
Poster
Owner

I went ahead and here is the first implementation merged, working with minimal tests:

https://lab.enough.community/main/infrastructure/-/merge_requests/540

I went ahead and here is the first implementation merged, working with minimal tests: https://lab.enough.community/main/infrastructure/-/merge_requests/540
👍 1
dachary added spent time 2022-06-15 16:37:15 +00:00
6h
realaravinth commented 2022-06-17 06:43:06 +00:00
Owner

@dachary the dashboard isn't complete yet, I am yet to load and configure OIDC library into the dashboard.

As you might be aware, in order to setup OIDC integration, a set of credentials need to be configured with the OIDC provider during runtime by the sysadmin and that should be made available to the client. django-oauth-toolkit exposes a management command to do that with the following interface:

12:02:40 (venv) atm@lab oidc-demo → python manage.py createapplication --help
usage: manage.py createapplication [-h] [--client-id CLIENT_ID] [--user USER]
                                   [--redirect-uris REDIRECT_URIS] [--client-secret CLIENT_SECRET]
                                   [--name NAME] [--skip-authorization] [--algorithm ALGORITHM] [--version]
                                   [-v {0,1,2,3}] [--settings SETTINGS] [--pythonpath PYTHONPATH]
                                   [--traceback] [--no-color] [--force-color] [--skip-checks]
                                   client_type authorization_grant_type

Shortcut to create a new application in a programmatic way

positional arguments:
  client_type           The client type, can be confidential or public
  authorization_grant_type
                        The type of authorization grant to be used

options:
  -h, --help            show this help message and exit
  --client-id CLIENT_ID
                        The ID of the new application
  --user USER           The user the application belongs to
  --redirect-uris REDIRECT_URIS
                        The redirect URIs, this must be a space separated string e.g 'URI1 URI2'
  --client-secret CLIENT_SECRET
                        The secret for this application
  --name NAME           The name this application
  --skip-authorization  If set, completely bypass the authorization form, even on the first use of the
                        application
  --algorithm ALGORITHM
                        The OIDC token signing algorithm for this application (e.g., 'RS256' or 'HS256')
  --version             Show program's version number and exit.
  -v {0,1,2,3}, --verbosity {0,1,2,3}
                        Verbosity level; 0=minimal output, 1=normal output, 2=verbose output, 3=very
                        verbose output
  --settings SETTINGS   The Python path to a settings module, e.g. "myproject.settings.main". If this isn't
                        provided, the DJANGO_SETTINGS_MODULE environment variable will be used.
  --pythonpath PYTHONPATH
                        A directory to add to the Python path, e.g. "/home/djangoprojects/myproject".
  --traceback           Raise on CommandError exceptions.
  --no-color            Don't colorize the command output.
  --force-color         Force colorization of the command output.
  --skip-checks         Skip system checks.

I initially proposed that I will create an endpoint for dynamic client registration, do you think that is still requred?

12:12:23 (venv) atm@lab oidc-demo → python manage.py createapplication --name demo-oidc-app --user 1 --client-id 22500acb0bcfcba137d6b8ae96d3f2 --client-secret 296055337620b0e443ad24a32cb675 --algorithm HS256 --skip-authorization --redirect-uris http://example.org/uri1  confidential authorization-code
@dachary the dashboard isn't complete yet, I am yet to load and configure OIDC library into the dashboard. As you might be aware, in order to setup OIDC integration, a set of credentials need to be configured with the OIDC provider during runtime by the sysadmin and that should be made available to the client. `django-oauth-toolkit` exposes a management command to do that with the following interface: ```bash 12:02:40 (venv) atm@lab oidc-demo → python manage.py createapplication --help usage: manage.py createapplication [-h] [--client-id CLIENT_ID] [--user USER] [--redirect-uris REDIRECT_URIS] [--client-secret CLIENT_SECRET] [--name NAME] [--skip-authorization] [--algorithm ALGORITHM] [--version] [-v {0,1,2,3}] [--settings SETTINGS] [--pythonpath PYTHONPATH] [--traceback] [--no-color] [--force-color] [--skip-checks] client_type authorization_grant_type Shortcut to create a new application in a programmatic way positional arguments: client_type The client type, can be confidential or public authorization_grant_type The type of authorization grant to be used options: -h, --help show this help message and exit --client-id CLIENT_ID The ID of the new application --user USER The user the application belongs to --redirect-uris REDIRECT_URIS The redirect URIs, this must be a space separated string e.g 'URI1 URI2' --client-secret CLIENT_SECRET The secret for this application --name NAME The name this application --skip-authorization If set, completely bypass the authorization form, even on the first use of the application --algorithm ALGORITHM The OIDC token signing algorithm for this application (e.g., 'RS256' or 'HS256') --version Show program's version number and exit. -v {0,1,2,3}, --verbosity {0,1,2,3} Verbosity level; 0=minimal output, 1=normal output, 2=verbose output, 3=very verbose output --settings SETTINGS The Python path to a settings module, e.g. "myproject.settings.main". If this isn't provided, the DJANGO_SETTINGS_MODULE environment variable will be used. --pythonpath PYTHONPATH A directory to add to the Python path, e.g. "/home/djangoprojects/myproject". --traceback Raise on CommandError exceptions. --no-color Don't colorize the command output. --force-color Force colorization of the command output. --skip-checks Skip system checks. ``` I initially proposed that I will create an endpoint for dynamic client registration, do you think that is still requred? ```bash 12:12:23 (venv) atm@lab oidc-demo → python manage.py createapplication --name demo-oidc-app --user 1 --client-id 22500acb0bcfcba137d6b8ae96d3f2 --client-secret 296055337620b0e443ad24a32cb675 --algorithm HS256 --skip-authorization --redirect-uris http://example.org/uri1 confidential authorization-code ```
dachary commented 2022-06-17 06:52:05 +00:00
Poster
Owner

I'm not sure to understand what you're asking, sorry. If you need the playbook to do something different, like calling python manage.py createapplication, let me know and I'll do the change.

I'm not sure to understand what you're asking, sorry. If you need the playbook to do something different, like calling `python manage.py createapplication`, let me know and I'll do the change.
realaravinth commented 2022-06-17 07:08:34 +00:00
Owner

Apologies, I understand how confusing my comment is :)

I will document this process soon and ping you.

Apologies, I understand how confusing my comment is :) I will document this process soon and ping you.
realaravinth commented 2022-06-17 10:04:38 +00:00
Owner

@dachary: what sort of controls does enough expose(proxied via the dashboard, of course) to the Gitea admin?

For instance, do they get to:

  1. Create new instance
  2. Delete existing instance
  3. View resource Usage
  4. Choose to choose instance specifications(storage, memory, CPU)
  5. Configure a custom domain

Please add any other functionality that will be exposed and need to be in MVP and related links, if any.

I'm working on instance creation web interfaces(coudln't make any progress with enough libvirt, will circle back to setting up enough with OpenStack)

@dachary: what sort of controls does enough expose(proxied via the dashboard, of course) to the Gitea admin? For instance, do they get to: 1. Create new instance 2. Delete existing instance 3. View resource Usage 4. Choose to choose instance specifications(storage, memory, CPU) 5. Configure a custom domain Please add any other functionality that will be exposed and need to be in MVP and related links, if any. I'm working on instance creation web interfaces(coudln't make any progress with enough libvirt, will circle back to setting up enough with OpenStack)
dachary commented 2022-06-17 10:22:38 +00:00
Poster
Owner

For instance, do they get to:

  1. Create new instance

Yes.

  1. Delete existing instance

Yes.

  1. View resource Usage

No. That will be available via grafana dashboards deployed with monitoring. But it's not deployed for the MVP.

  1. Choose to choose instance specifications(storage, memory, CPU)

Yes.

  1. Configure a custom domain

No.

Please add any other functionality that will be exposed and need to be in MVP and related links, if any.

It's pretty much all of it.

> For instance, do they get to: > > 1. Create new instance Yes. > 2. Delete existing instance Yes. > 3. View resource Usage No. That will be available via grafana dashboards deployed with monitoring. But it's not deployed for the MVP. > 4. Choose to choose instance specifications(storage, memory, CPU) Yes. > 5. Configure a custom domain No. > > Please add any other functionality that will be exposed and need to be in MVP and related links, if any. It's pretty much all of it.
👍 1
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
master
Labels
Clear labels   
User Research

User Research   
backend

devops / backend   
billing
   
frontend

frontend / website   
gitpad
   
operations
   
post-mvp

was unable to implement during mvp time period, but needs to be implemented after MVP deadline   
priority-1

Highest priority   
priority-2

Second from top priority level   
priority-3

Lowest priority   
shared hosting
No Label
User Research
backend
billing
frontend
gitpad
operations
post-mvp
priority-1
priority-2
priority-3
shared hosting
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
dachary
2 Participants
Notifications
Total Time Spent: 6 hours 10 minutes
dachary
6 hours 10 minutes
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Depends on
#11 Billing : payment system
Hostea/july-mvp
Reference: Hostea/july-mvp#35
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?