Files
@ e7d6373631c4
Branch filter:
Location: kallithea/docs/installation_iis.rst
e7d6373631c4
5.1 KiB
text/prs.fallenstein.rst
setup.py: support Paste 3.0.x
In a fresh virtualenv on the stable branch, pastescript 3.0.0 is installed
which depends on paste 3.0.x. Using this virtualenv to upgrade to the
default branch, using 'pip install --upgrade -e .' fails because on the
default branch, the paste version is restricted with '>= 2.0.3, < 3'.
Following error occurs:
pastescript 3.0.0 has requirement Paste>=3.0, but you'll have paste 2.0.3 which is incompatible.
...
Traceback (most recent call last):
File "<string>", line 1, in <module>
File ".../kallithea/kallithea-release/setup.py", line 160, in <module>
""",
File "/usr/lib64/python2.7/distutils/core.py", line 151, in setup
dist.run_commands()
File "/usr/lib64/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/setuptools/command/develop.py", line 36, in run
self.install_for_development()
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/setuptools/command/develop.py", line 117, in install_for_development
self.run_command('egg_info')
File "/usr/lib64/python2.7/distutils/cmd.py", line 326, in run_command
self.distribution.run_command(command)
File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/setuptools/command/egg_info.py", line 270, in run
ep.require(installer=installer)
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2307, in require
items = working_set.resolve(reqs, env, installer)
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/pkg_resources/__init__.py", line 854, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.VersionConflict: (Paste 2.0.3 (.../kallithea/venv/kallithea-release/lib/python2.7/site-packages), Requirement.parse('Paste>=3.0'))
The '< 3' restriction is introduced with commit
e1ab826131334150b1f003e26de3207c34fc6e67 in January 2017, at which point
2.0.3 was the latest version. Version 3.0.0 was introduced in October 2018.
Paste has a new maintainer and moved to github, after years of
inactivity (March 2016 -> Oct 2018). There have AFAICS not been
incompatible changes. This analysis is based on:
- the news file: https://pythonpaste.readthedocs.io/en/latest/news.html
- the commit message of the 3.0.0 release:
(https://github.com/cdent/paste/commit/9ceef07267ba83ea5c00533f85f9edf9ba38cd71)
"This is for the sake of getting something out there, including
fixes to get stuff working with Python 3.7."
- and a walk through the commits since 2.0.3 on github
(https://github.com/cdent/paste/commits/master).
In a fresh virtualenv on the stable branch, pastescript 3.0.0 is installed
which depends on paste 3.0.x. Using this virtualenv to upgrade to the
default branch, using 'pip install --upgrade -e .' fails because on the
default branch, the paste version is restricted with '>= 2.0.3, < 3'.
Following error occurs:
pastescript 3.0.0 has requirement Paste>=3.0, but you'll have paste 2.0.3 which is incompatible.
...
Traceback (most recent call last):
File "<string>", line 1, in <module>
File ".../kallithea/kallithea-release/setup.py", line 160, in <module>
""",
File "/usr/lib64/python2.7/distutils/core.py", line 151, in setup
dist.run_commands()
File "/usr/lib64/python2.7/distutils/dist.py", line 953, in run_commands
self.run_command(cmd)
File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/setuptools/command/develop.py", line 36, in run
self.install_for_development()
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/setuptools/command/develop.py", line 117, in install_for_development
self.run_command('egg_info')
File "/usr/lib64/python2.7/distutils/cmd.py", line 326, in run_command
self.distribution.run_command(command)
File "/usr/lib64/python2.7/distutils/dist.py", line 972, in run_command
cmd_obj.run()
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/setuptools/command/egg_info.py", line 270, in run
ep.require(installer=installer)
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2307, in require
items = working_set.resolve(reqs, env, installer)
File ".../kallithea/venv/kallithea-release/lib/python2.7/site-packages/pkg_resources/__init__.py", line 854, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.VersionConflict: (Paste 2.0.3 (.../kallithea/venv/kallithea-release/lib/python2.7/site-packages), Requirement.parse('Paste>=3.0'))
The '< 3' restriction is introduced with commit
e1ab826131334150b1f003e26de3207c34fc6e67 in January 2017, at which point
2.0.3 was the latest version. Version 3.0.0 was introduced in October 2018.
Paste has a new maintainer and moved to github, after years of
inactivity (March 2016 -> Oct 2018). There have AFAICS not been
incompatible changes. This analysis is based on:
- the news file: https://pythonpaste.readthedocs.io/en/latest/news.html
- the commit message of the 3.0.0 release:
(https://github.com/cdent/paste/commit/9ceef07267ba83ea5c00533f85f9edf9ba38cd71)
"This is for the sake of getting something out there, including
fixes to get stuff working with Python 3.7."
- and a walk through the commits since 2.0.3 on github
(https://github.com/cdent/paste/commits/master).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 | .. _installation_iis:
=====================================================================
Installing Kallithea on Microsoft Internet Information Services (IIS)
=====================================================================
The following is documented using IIS 7/8 terminology. There should be nothing
preventing you from applying this on IIS 6 well.
.. note::
Installing Kallithea under IIS can enable Single Sign-On to the Kallithea
web interface from web browsers that can authenticate to the web server.
(As an alternative to IIS, SSO is also possible with for example Apache and
mod_sspi.)
Mercurial and Git do however by default not support SSO on the client side
and will still require some other kind of authentication.
(An extension like hgssoauthentication_ might solve that.)
.. note::
For the best security, it is strongly recommended to only host the site over
a secure connection, e.g. using TLS.
Prerequisites
-------------
Apart from the normal requirements for Kallithea, it is also necessary to get an
ISAPI-WSGI bridge module, e.g. isapi-wsgi.
Installation
------------
The following assumes that your Kallithea is at ``c:\inetpub\kallithea``, and
will be served from the root of its own website. The changes to serve it in its
own virtual folder will be noted where appropriate.
Application pool
^^^^^^^^^^^^^^^^
Make sure that there is a unique application pool for the Kallithea application
with an identity that has read access to the Kallithea distribution.
The application pool does not need to be able to run any managed code. If you
are using a 32-bit Python installation, then you must enable 32-bit program in
the advanced settings for the application pool; otherwise Python will not be able
to run on the website and neither will Kallithea.
.. note::
The application pool can be the same as an existing application pool,
as long as the Kallithea requirements are met by the existing pool.
ISAPI handler
^^^^^^^^^^^^^
The ISAPI handler can be generated using::
kallithea-cli iis-install -c my.ini --virtualdir=/
This will generate a ``dispatch.py`` file in the current directory that contains
the necessary components to finalize an installation into IIS. Once this file
has been generated, it is necessary to run the following command due to the way
that ISAPI-WSGI is made::
python2 dispatch.py install
This accomplishes two things: generating an ISAPI compliant DLL file,
``_dispatch.dll``, and installing a script map handler into IIS for the
``--virtualdir`` specified above pointing to ``_dispatch.dll``.
The ISAPI handler is registered to all file extensions, so it will automatically
be the one handling all requests to the specified virtual directory. When the website starts
the ISAPI handler, it will start a thread pool managed wrapper around the
middleware WSGI handler that Kallithea runs within and each HTTP request to the
site will be processed through this logic henceforth.
Authentication with Kallithea using IIS authentication modules
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The recommended way to handle authentication with Kallithea using IIS is to let
IIS handle all the authentication and just pass it to Kallithea.
.. note::
As an alternative without SSO, you can also use LDAP authentication with
Active Directory, see :ref:`ldap-setup`.
To move responsibility into IIS from Kallithea, we need to configure Kallithea
to let external systems handle authentication and then let Kallithea create the
user automatically. To do this, access the administration's authentication page
and enable the ``kallithea.lib.auth_modules.auth_container`` plugin. Once it is
added, enable it with the ``REMOTE_USER`` header and check *Clean username*.
Finally, save the changes on this page.
Switch to the administration's permissions page and disable anonymous access,
otherwise Kallithea will not attempt to use the authenticated user name. By
default, Kallithea will populate the list of users lazily as they log in. Either
disable external auth account activation and ensure that you pre-populate the
user database with an external tool, or set it to *Automatic activation of
external account*. Finally, save the changes.
The last necessary step is to enable the relevant authentication in IIS, e.g.
Windows authentication.
Troubleshooting
---------------
Typically, any issues in this setup will either be entirely in IIS or entirely
in Kallithea (or Kallithea's WSGI middleware). Consequently, two
different options for finding issues exist: IIS' failed request tracking which
is great at finding issues until they exist inside Kallithea, at which point the
ISAPI-WSGI wrapper above uses ``win32traceutil``, which is part of ``pywin32``.
In order to dump output from WSGI using ``win32traceutil`` it is sufficient to
type the following in a console window::
python2 -m win32traceutil
and any exceptions occurring in the WSGI layer and below (i.e. in the Kallithea
application itself) that are uncaught, will be printed here complete with stack
traces, making it a lot easier to identify issues.
.. _hgssoauthentication: https://bitbucket.org/domruf/hgssoauthentication
|