Re: Advice on deploying wsgi app using jsonfas
On Mon, 30 Jun 2008 17:18:04 -0400 Robin Norwood <[EMAIL PROTECTED]> wrote: > Unable to write to session file /var/www/.fedora_session: [Errno 13] > Permission denied: '/var/www/.fedora_session' Ok, I think I figured this out a bit more. When Toshio gave me code to do the FAS stuff, he included a class called 'UserCache'. Setting this up is what was triggering the creation of the evil .fedora_session file. Just getting rid of the code that sets up the cache seems to be enough to get me working again, and users can still log in. I'm not sure what the performance implications are, but I can discuss with Toshio when he gets back. -RN -- Robin Norwood Red Hat, Inc. "The Sage does nothing, yet nothing remains undone." -Lao Tzu, Te Tao Ching ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Advice on deploying wsgi app using jsonfas
On Mon, 30 Jun 2008 16:34:27 -0500 (CDT) Mike McGrath <[EMAIL PROTECTED]> wrote: > On Mon, 30 Jun 2008, Robin Norwood wrote: > > > Hi, > > > > So I'm working to get amber packaged and deployable as a wsgi app > > so I can run a demo on publictest10. I've made pretty fair > > progress getting things up and running (on my local system first to > > make sure it works), but I've run into an issue. > > > > For the setup, I'm basically ripping off the way Ricky Zhou set up > > fas wholesale. I have an amber.conf file in /etc/httpd/conf.d, > > which refers to an amber.wsgi file. All of that seems to work > > fine. The problem happens when I try to connect. I get a 500 > > error with the following in httpd's error log: > > > > Unable to write to session file /var/www/.fedora_session: [Errno 13] > > Permission denied: '/var/www/.fedora_session' > > > > Well, it turns out that this is because my app is using jsonfas, > > which uses fedora.client.BaseClient. In fedora/client/__init__.py, > > I find: > > > > SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session') > > > > Which explains the error - my app is running under apache, and > > while /var/www is apache's homedir, apache can't write to that > > directory. > > > > So, as anyone else worked around this with another turbogears app > > running under wsgi and using jsonfas? Since turbogears and fas are > > both pretty common, it seems likely that someone here has already > > dealt with this. > > Does your application prompt users for their username and password or > does it have one listed in the configs somewhere to access fas? I'm > not familiar with the .fedora_session format, does it store everyone's > sessions? I believe it does. The way it seems to work is that I specify a user to connect to FAS in the config - this gets me a fas session. Then, the user enters a username/password from the web form, and jsonfas 'does magic' to authenticate the user. > I'm asuming that if someone had access to it they'd be able to become > whoever was logged in at that time. Probably to other applications as > well. I'd like to hear Toshio's advice on this, I believe he's the > primary architect of how .fedora_session should behave Yeah, Toshio is the one who set this up to begin with. I don't know if he's ever used this sort of setup under wsgi/httpd, though. -RN -- Robin Norwood Red Hat, Inc. "The Sage does nothing, yet nothing remains undone." -Lao Tzu, Te Tao Ching ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Re: Advice on deploying wsgi app using jsonfas
On Mon, 30 Jun 2008, Robin Norwood wrote: > Hi, > > So I'm working to get amber packaged and deployable as a wsgi app so I > can run a demo on publictest10. I've made pretty fair progress getting > things up and running (on my local system first to make sure it works), > but I've run into an issue. > > For the setup, I'm basically ripping off the way Ricky Zhou set up fas > wholesale. I have an amber.conf file in /etc/httpd/conf.d, which > refers to an amber.wsgi file. All of that seems to work fine. The > problem happens when I try to connect. I get a 500 error with the > following in httpd's error log: > > Unable to write to session file /var/www/.fedora_session: [Errno 13] > Permission denied: '/var/www/.fedora_session' > > Well, it turns out that this is because my app is using jsonfas, which > uses fedora.client.BaseClient. In fedora/client/__init__.py, I find: > > SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session') > > Which explains the error - my app is running under apache, and > while /var/www is apache's homedir, apache can't write to that > directory. > > So, as anyone else worked around this with another turbogears app > running under wsgi and using jsonfas? Since turbogears and fas are > both pretty common, it seems likely that someone here has already dealt > with this. Does your application prompt users for their username and password or does it have one listed in the configs somewhere to access fas? I'm not familiar with the .fedora_session format, does it store everyone's sessions? I'm asuming that if someone had access to it they'd be able to become whoever was logged in at that time. Probably to other applications as well. I'd like to hear Toshio's advice on this, I believe he's the primary architect of how .fedora_session should behave -Mike ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
Advice on deploying wsgi app using jsonfas
Hi, So I'm working to get amber packaged and deployable as a wsgi app so I can run a demo on publictest10. I've made pretty fair progress getting things up and running (on my local system first to make sure it works), but I've run into an issue. For the setup, I'm basically ripping off the way Ricky Zhou set up fas wholesale. I have an amber.conf file in /etc/httpd/conf.d, which refers to an amber.wsgi file. All of that seems to work fine. The problem happens when I try to connect. I get a 500 error with the following in httpd's error log: Unable to write to session file /var/www/.fedora_session: [Errno 13] Permission denied: '/var/www/.fedora_session' Well, it turns out that this is because my app is using jsonfas, which uses fedora.client.BaseClient. In fedora/client/__init__.py, I find: SESSION_FILE = path.join(path.expanduser('~'), '.fedora_session') Which explains the error - my app is running under apache, and while /var/www is apache's homedir, apache can't write to that directory. So, as anyone else worked around this with another turbogears app running under wsgi and using jsonfas? Since turbogears and fas are both pretty common, it seems likely that someone here has already dealt with this. Thanks, -RN -- Robin Norwood Red Hat, Inc. "The Sage does nothing, yet nothing remains undone." -Lao Tzu, Te Tao Ching ___ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list