Commits

Brent Tubbs  committed 8553003

minor pre-release cleanup

  • Participants
  • Parent commits 384f8b2

Comments (0)

Files changed (10)

 .*.swp
 .*.swo
 *~
-*.orig
-*.idea
 .DS_Store
 pip-log.txt
-build/*
-dist/*
-tmp/*
-run/*
-cumulous.egg-info/*
+roles/dashdev.yaml
+roles/dashprod.yaml
    ./manage.py mkpass to generate a password hash, then save it to settings.py.
 4. Use the 'silk push' command to put your dashboard on your server.
 
+If none of that made sense, you should start with the Silk_ readme.
+
 .. _Django: http://www.djangoproject.com/
 .. _Silk: http://bits.btubbs.com/silk-deployment/src

File dashproj/auth/backends.py

-
-#A simple settings.py-based backend so you can have a hard-coded password there for quick setup
+# A simple settings.py-based backend so you can have a hard-coded password hash
+# there for quick db-less setup
 from django.conf import settings
 from django.contrib.auth.models import get_hexdigest
 
 
 class SettingsBackend:
     def authenticate(self, username, password):
+        # Look for this user in settings.DASH_USERS
         try:
-            (hashtype, salt, digest) = settings.DASH_PASSWORD.split('$')
-        except ValueError:
+            (hashtype, salt, digest) = settings.DASH_USERS[username].split('$')
+        except KeyError: 
+            #if the user doesn't exist
             return None
-        
-        if username != settings.DASH_USERNAME or digest != get_hexdigest(hashtype, salt, password):
+        except ValueError: 
+            #if the user's password isn't formatted as hashtype$salt$digest
+            return None
+        if digest != get_hexdigest(hashtype, salt, password):
             return None
         #create a user object and return it.
         return SimpleUser(username)
 
     def get_user(self, username):
         """Return a SimpleUser if username matches settings.  Else None"""
-        if username == settings.DASH_USERNAME:
+        if username in settings.DASH_USERS:
             return SimpleUser(username)
         return None

File dashproj/dashapp/management/commands/mkpass.py

         #make the hash, and return it with hashtype and salt
         print '$'.join(['sha1', salt, get_hexdigest('sha1', salt, password)])
 
-        instructions = ("Save the string above to settings.DASH_PASSWORD "
+        instructions = ("Save the string above as a value in settings.DASH_USERS "
                         "to use it for DB-less login to your Silk dash.")
         print instructions

File dashproj/dashapp/views.py

 
     for thing in root_contents:
         fullpath = os.path.join(silk_root, thing)
+        #NOTE: though we're passing site.yaml into the template, it's better to rely on blame.yaml
+        #because site.yaml knows nothing about vars that have been overriden in the role config.
         sitefile = os.path.join(fullpath, 'site.yaml')
         if os.path.isdir(fullpath) and os.path.isfile(sitefile):
             #load that site's config file
             f = open(sitefile, 'r')
             txt = f.read()
             f.close()
-            data = yaml.safe_load(txt)
+            config = yaml.safe_load(txt)
             #load blame file
             try:
                 blamefile = os.path.join(fullpath, 'blame.yaml')
                 blame = yaml.safe_load(open(blamefile, 'r').read())
+                config.update(blame[1]['config'])
             except IOError:
                 blame = None
             #get proc state from supervisord
             try:
-                state = server.supervisor.getProcessInfo(data['site'])
+                state = server.supervisor.getProcessInfo(config['site'])
             except:
                 state = {'statename': 'PROCESS NOT FOUND'}
             
             sites.append({
-                'data': data,
+                'config': config,
                 'state': state,
                 'blame': blame,
             })
     'ngerror',
 )
 
+def _sitename_is_valid(sitename):
+    sitedirs = [x for x in os.listdir('/srv') if os.path.isdir(x) and not x.startswith('.')]
+    return sitename in sitedirs
+
 @login_required
 def logtail(request, site, log, lines):
     #only allow whitelisted log names
-    if log not in SILK_LOGS:
+    if log not in SILK_LOGS or not _sitename_is_valid(site):
         return HttpResponseNotFound('No log file for %s' % log)
     logfile = '/srv/%s/logs/%s.log' % (site, log)
     try:
         'site': site,
     }
     return response(request, context, 'blame.html')
-
-if __name__ == '__main__':
-    print _rpc_cmd('cms.yougov.net', 'stop')

File dashproj/local_settings.py

-import os
+import random
+
 from settings import *
+from silk.lib import get_site_root, get_config, get_role
 
-#set DEBUG according to environment var passed in from the role config
-DEBUG = int(os.environ.get('DJANGO_DEBUG', "0"))
-TEMPLATE_DEBUG = DEBUG
+# Randomize the secret key to reduce the risk of sites getting hacked because
+# they used the key from the public project source control.
+# You won't want to do this on a site that uses the secret key to create
+# registration confirmation tokens.  In that case, just make a new secret key
+# and save it in settings.py and be done with it.
+key_chars = 'abcdefghijklnopqrstuvwxyz0123456789!@#$%^&*()_+<>?"'
+SECRET_KEY = ''.join([random.choice(key_chars) for x in xrange(50)])
+
+# Have silk load the config from blame.yaml or role file
+# Depending on whether we've been deployed or not
+site_root = get_site_root(__file__)
+role = get_role()
+site_config = get_config(site_root, role)
+
+# Add all items in app_config to this settings module.
+# This means that settings from the yaml config may override things set in 
+# settings.py or above this section of this file
+app_config = site_config['app_config']
+thismodule = sys.modules[__name__]
+for name, val in app_config.items():
+    setattr(thismodule, name, val)

File dashproj/settings.py

     'django.contrib.messages',
     'dashapp',
 )
+SESSION_ENGINE='django.contrib.sessions.backends.file'
 TEMPLATE_CONTEXT_PROCESSORS = (
     'django.core.context_processors.request',
     'django.core.context_processors.media',
 )
 LOGIN_URL = '/login/'
 
-DASH_USERNAME = "joe"
-# To generate a properly formatted password hash for using in DASH_PASSWORD,
-# use the ./manage.py mkpass command.
-DASH_PASSWORD = "!"
+# Dictionary of users:pwds for people who can log into the site through 
+# the SettingsBackend
+# To generate a properly formatted password hash, use the 
+# ./manage.py mkpass command.
+DASH_USERS = {
+    'put username here':'put password hash here',
+}

File dashproj/silk.db

Binary file modified.

File dashproj/urls.py

 from django.conf.urls.defaults import *
-
-# Uncomment the next two lines to enable the admin:
-# from django.contrib import admin
-# admin.autodiscover()
-
 urlpatterns = patterns('',
     (r'^$', 'dashproj.dashapp.views.dash', None, 'silk_dash'),
     (r'^login/$', 'django.contrib.auth.views.login', {'template_name': 'login.html'}, 'silk_login'),
     (r'^log/(.*?)/(.*?)/(.*?)$', 'dashproj.dashapp.views.logtail', None ,'silk_logtail'),
     (r'^blame/(.*?)$', 'dashproj.dashapp.views.blame', None ,'silk_blame'),
     (r'^action/(.*?)/(.*?)$', 'dashproj.dashapp.views.proc_control', None ,'silk_proc_control'),
-
-    # Uncomment the admin/doc line below to enable admin documentation:
-    # (r'^admin/doc/', include('django.contrib.admindocs.urls')),
-
-    # Uncomment the next line to enable the admin:
-    # (r'^admin/', include(admin.site.urls)),
 )
 apt_build_deps:
 #Python packages, generated by 'pip freeze | freeze2yaml'
 python_packages:
-- Django==1.2.3
+- Django==1.2.4
 - xmlrpclib
+- silk-deployment
+- django-debug-toolbar