[Assorted-commits] SF.net SVN: assorted:[949] sharing-gateway

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Revision: 949
          http://assorted.svn.sourceforge.net/assorted/?rev=949&view=rev
Author:   yangzhang
Date:     2008-08-28 06:52:50 +0000 (Thu, 28 Aug 2008)

Log Message:
-----------
added sharing gateway!

Added Paths:
-----------
    sharing-gateway/
    sharing-gateway/trunk/
    sharing-gateway/trunk/README
    sharing-gateway/trunk/src/
    sharing-gateway/trunk/src/gateway.py

Added: sharing-gateway/trunk/README
===================================================================

--- sharing-gateway/trunk/README	                        (rev 0)
+++ sharing-gateway/trunk/README	2008-08-28 06:52:50 UTC (rev 949)
@@ -0,0 +1,158 @@
+Overview
+--------
+
+This is a simple tool for managing a collection of file shares/networks (FTP,
+SSH, SMB/CIFS, etc.), conglomerating them into a single unified "gateway" that
+can then be re-exported.
+
+Part of this acts like `mount -a` in mounting/unmounting a set of filesystems,
+but features:
+
+- YAML configuration file format
+- can handle hostnames instead of IPs for CIFS shares
+- can create the mountpoint directories
+
+The rest of this is mostly documentation on how to configure your own servers
+to do what you want.
+
+Setup
+-----
+
+Requirements:
+
+- Python
+- Python YAML
+
+### Web Frontend
+
+#### Create certificates
+
+The following is a summary of [Creating Certificate Authorities and self-signed
+SSL certificates].
+
+[Creating Certificate Authorities and self-signed SSL certificates]: http://www.tc.umn.edu/~brams006/selfsign.html
+
+Generate a CA:
+
+  openssl genrsa -des3 -out ca.key 4096
+  openssl req -new -x509 -days 3650 -key ca.key -out ca.crt
+
+Generate a certificate-signing request (CSR), using your server domain name as
+the "common name" when prompted for it:
+
+  openssl genrsa -des3 -out server.key 4096
+  openssl req -new -key server.key -out server.csr
+
+Sign the certificate with the CA:
+
+  openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey ca.key -set_serial 01 -out server.crt
+
+Examine what you have so far:
+
+  openssl rsa -noout -text -in server.key
+  openssl req -noout -text -in server.csr
+  openssl rsa -noout -text -in ca.key
+  openssl x509 -noout -text -in ca.crt
+
+Create insecure version of the key, so that you don't need to enter a password
+when you start Apache:
+
+  openssl rsa -in server.key -out server.key.insecure
+  mv server.key server.key.secure
+  mv server.key.insecure server.key
+
+Secure the keys:
+
+  chmod 600 *.key
+  sudo chown root *.key
+
+By now you should have the following files; make all the .key files accessible
+only to root!
+
+- ca.crt
+- ca.key
+- server.crt
+- server.csr
+- server-insecure.key
+- server.key
+
+Allow users to download and install ca.crt, then you're set!
+
+#### Configure Apache for SSL
+
+[Setting up SSL: Ubuntu and Apache 2] is the continuation of the above guide.  The following is the summary.
+
+[Setting up SSL: Ubuntu and Apache 2]: http://www.tc.umn.edu/~brams006/selfsign_ubuntu.html
+
+Duplicate the `default` site in `/etc/apache2/sites-available/` as site `ssl`
+and edit it so that the argument to the `NameVirtualHost` and `VirtualHost`
+elements are `*:443` instead of `*`.  This causes this host to be effective
+only on that port (`NameVirtualHost` and `VirtualHost` are always paired up).
+Lastly, adjust the root directory to be something like `/var/www-ssl/` instead
+of `/var/www/`.
+
+Insert the following incantation under `VirtualHost`, pointing to wherever you
+put your certificates:
+
+  SSLEngine On
+  SSLCertificateFile      /etc/apache2/ssl/server.crt
+  SSLCertificateKeyFile   /etc/apache2/ssl/server.key
+  SSLCertificateChainFile /etc/apache2/ssl/ca.crt
+  SSLCACertificateFile    /etc/apache2/ssl/ca.crt
+
+Verify that a configuration file has `Listen 443`.  Now, enable the SSL module
+and the site we just configured, and reload Apache:
+
+  sudo a2enmod ssl
+  sudo a2ensite ssl
+  sudo service apache2 reload
+
+If you see a warning about Apache being forced to resolve for its domain name,
+you may get rid of it by providing the domain name explicitly in `apache2.conf`
+with `ServerName www.mydomain.com`.
+
+Test out the site by going to <https://www.mydomain.com/>.
+
+Finally, make the CA certificate available to the world:
+
+  sudo ln -s /etc/apache2/ssl/ca.crt /var/www/
+
+Have your users visit <http://www.mydomain.com/ca.crt> to install your CA
+certificate first---thereafter, they will encounter no warnings about visiting
+your SSL sites.
+
+#### Configure Authentication
+
+Add something like the following to your `ssl` site configuration:
+
+  <Directory /var/www-ssl/gw/>
+    AuthType Basic
+    AuthName "Login Required"
+    AuthUserFile /var/www-ssl/gw/.htpasswd
+    Require Valid-User
+  </Directory>
+
+Now create the `.htpasswd` file:
+
+  sudo mkdir /var/www-ssl/gw/
+  sudo htpasswd -c /var/www-ssl/gw/.htpasswd gw
+  sudo service apache2 reload
+
+#### Web Gateway
+
+Now simply create symlink to our gateway directory in `/var/www-ssl/`:
+
+  ln -s /path/to/gateway/ /var/www-ssl/gw/raw
+
+<https://www.mydomain.com/gw/> should now show you the gateway!
+
+### FTP Frontend
+
+The FTP frontend means your users need to know how to use FTP, but there are
+numerous benefits that come from using an FTP client, including:
+
+- batch downloads of directory trees
+- FTP filesystems exist (in GNOME VFS, FUSE, etc.)
+- uploads
+
+The FTP server we'll use is ProFTPD.

Added: sharing-gateway/trunk/src/gateway.py
===================================================================
--- sharing-gateway/trunk/src/gateway.py	                        (rev 0)
+++ sharing-gateway/trunk/src/gateway.py	2008-08-28 06:52:50 UTC (rev 949)
@@ -0,0 +1,52 @@
+#!/usr/bin/env python
+
+'Manage a sharing gateway: enable/disable sharing networks.'
+
+from __future__ import with_statement
+from commons.startup import run_main
+from commons.structs import structs2dicts, dicts2structs
+from optparse import OptionParser
+from os import system
+from path import path
+from socket import gethostbyname
+from subprocess import Popen
+import yaml
+
+class my_exception( Exception ): pass
+
+def run( cmd ):
+  p = Popen( cmd )
+  if p.wait() != 0:
+    raise my_exception( 'command failed with error code %s: %s' % ( p.returncode, cmd ) )
+
+def main( argv ):
+  parser = OptionParser( usage = '%prog [OPTIONS] start | stop' )
+  parser.add_option( '-c', '--config',
+          default = '/etc/sharing-gateway.yaml',
+          help = 'the YAML configuration file to read from' )
+  opts, args = parser.parse_args( argv )
+
+  cmd = args[-1]
+  with file( opts.config ) as f: cfg = dicts2structs( yaml.load( f ) )
+  mountdir = path( cfg.gateway.mountdir )
+
+  if cmd == 'start':
+    for s in cfg.shares:
+      if s.type == 'cifs':
+        d = structs2dicts( s )
+        d[ 'ip' ] = gethostbyname( s.host )
+        mountpt = mountdir / s.name
+        run( [ 'sudo', 'mkdir', '-p', mountpt ] )
+        run( 'sudo mount -t cifs -o'.split() +
+             [ 'user=%(user)s,pass=%(pass)s,ip=%(ip)s' % d, s.share, mountpt ] )
+      else:
+        raise my_exception( 'unknown share type: %s' % s.type )
+  elif cmd == 'stop':
+    for s in cfg.shares:
+      mountpt = mountdir / s.name
+      run( [ 'sudo', 'umount', mountpt ] )
+      run( [ 'sudo', 'rmdir', mountpt ] )
+  else:
+    raise my_exception( 'unknown command: %s' % cmd )
+
+run_main()


Property changes on: sharing-gateway/trunk/src/gateway.py
___________________________________________________________________
Added: svn:executable
   + *


This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.


