OpenIO 7.2.0.
I have an OpenIO with keystone (queens) auth cluster.
By default any user can configure his own acls and public url.
I would like to restrict user only for read and write in containers and objects.
Apparently deny_host_headers can do the job in proxy-server.conf but it not seems to be working -> nothing append.
I didn't find any "super admin" acls.
Any idea ?
My proxy-server.conf ->
# OpenIO managed
[DEFAULT]
use_stderr = False
bind_ip = ip
bind_port = port
workers = 72
max_clients = 1024
user = openio
log_facility = /dev/log
log_header = true
log_level = INFO
log_name = OIO,OPENIO,oioswift,0
eventlet_debug = false
sds_namespace = OPENIO
sds_proxy_url = http://ip:port
sds_default_account = openio
sds_connection_timeout = 5
sds_read_timeout = 35
sds_write_timeout = 35
sds_pool_connections = 500
sds_pool_maxsize = 500
sds_max_retries = 0
sds_tls = False
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache bulk proxy-logging authtoken keystoneauth proxy-logging copy container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:healthcheck]
use = egg:oioswift#healthcheck
[filter:proxy-logging]
use = egg:swift#proxy_logging
access_log_headers = false
access_log_headers_only =
[filter:cache]
use = egg:swift#memcache
memcache_servers = ip:port
memcache_max_connections = 10
oio_cache = False
oio_cache_ttl = 0
[filter:bulk]
use = egg:swift#bulk
#[filter:tempurl]
#use = egg:swift#tempurl
#[filter:swift3]
#use = egg:swift3#swift3
#force_swift_request_proxy_log = True
#s3_acl = True
#check_bucket_owner = True
#location = us-east-1
#max_bucket_listing = 1000
#max_multi_delete_objects = 1000
#max_upload_part_num = 10000
#log_s3api_command = False
#bucket_db_enabled = True
#bucket_db_prefix = s3bucket:
#storage_domain = s3.openio.io
#bucket_db_master_name = OPENIO-master-1
#bucket_db_sentinel_hosts = ip:port
#[filter:tempauth]
#use = egg:oioswift#tempauth
#user_demo_demo = DEMO_PASS .admin
[filter:copy]
use = egg:oioswift#copy
object_post_as_copy = False
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:slo]
use = egg:oioswift#slo
max_manifest_segments = 10000
concurrency = 10
[filter:dlo]
use = egg:swift#dlo
[filter:versioned_writes]
use = egg:oioswift#versioned_writes
allow_versioned_writes = True
[app:proxy-server]
use = egg:oioswift#main
object_post_as_copy = False
allow_account_management = True
account_autocreate = True
sds_chunk_checksum_algo =
deny_host_headers = x-container-sync-key, x-container-sync-to, x-account-meta-temp-url-key, x-account-meta-temp-url-key-2, x-container-meta-temp-url-key, x-container-meta-temp-url-key-2, x-account-access-control
[filter:authtoken]
auth_type = password
#username = swift
username = user
project_name = user
region_name = region
user_domain_id = domain
memcache_secret_key = memcache_secret_key
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
insecure = True
cache = swift.cache
delay_auth_decision = True
token_cache_time = 300
auth_url = http://ip:port
include_service_catalog = False
www_authenticate_uri = http://ip:port
memcached_servers = ip:port
password = password
revocation_cache_time = 60
memcache_security_strategy = ENCRYPT
project_domain_id = dommain
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = role
reseller_admin_role = role
delay_auth_decision = False in authtoken section in proxy-server.conf file do the job.
delay_auth_decision : delay_auth_decision defaults to False, but leaving it as false will prevent other auth systems, staticweb, tempurl, formpost, and ACLs from working. This value must be explicitly set to True.
Now only files owners can view/create/edit containers/objects -> ACLs and sharing won't works.
I have been trying to dump my Kerberos database (ldap backend) using kdb5_util dump (filename), but I get:
kdb5_util load_dump version 6
kdb5_util: error performing Kerberos version 5 release 1.8 dump (Server error)
policy default 0 0 1 1 1 0 0 0 0
Kerberos KDC and Kadmin log has nothing, ldap.log gives
May 31 12:40:17 kdc slapd[28020]: connection_input: conn=1091 deferring operation: binding
Everything else works fine, creating, deleting, authentication of principals, no problem. Just dumping the DB fails. As far as I understand, the backend should not have any influence on the dump.
Any ideas how I can debug or fix this? What am I missing?
/etc/krb5.conf
[libdefaults]
default_realm = REALM.EXAMPLE.COM
kdc_timesync = 1
ccache_type = 4
forwardable = true
proxiable = true
[realms]
REALM.EXAMPLE.COM = {
kdc = kdc.realm.example.com
admin_server = kdc.realm.example.com
kpasswd_server = kdc.realm.example.com
}
[domain_realm]
.realm.example.com = REALM.EXAMPLE.COM
/etc/krb5kdc/kdc.conf
[realms]
REALM.EXAMPLE.COM = {
default_domain = realm.example.com
database_module = ldapconf
acl_file = /etc/krb5kdc/kadm5.acl
key_stash_file = /etc/krb5kdc/.master
max_life = 10h 0m 0s
max_renewable_life = 7d 0h 0m 0s
master_key_type = aes256-cts
supported_enctypes = aes256-cts-hmac-sha1-96:normal
#aes128-cts-hmac-sha1-96:normal arcfour-hmac:normal
default_principal_flags = +preauth
pkinit_identity = FILE:/etc/krb5kdc/kdc-cert.pem,/etc/krb5kdc/.kdc-key.pem
pkinit_anchors = FILE:/etc/krb5kdc/ca-cert.pem
dict_file = /root/bad_passwords.dict
}
[dbmodules]
ldapconf = {
db_library = kldap
ldap_kerberos_container_dn = "cn=kerberos,dc=realm,dc=example,dc=com"
ldap_kdc_dn = "cn=kerberos-kdc,dc=realm,dc=example,dc=com"
ldap_kadmind_dn = "cn=kerberos-admin,dc=realm,dc=example,dc=com"
ldap_servers = ldapi:///
ldap_service_password_file = /etc/krb5kdc/.service
}
[logging]
kdc = FILE:/var/log/kerberos/kdc.log
admin_server = FILE:/var/log/kerberos/kadmin.log
default = FILE:/var/log/kerberos/kerberos.log
Found the Problem after debugging at last:
The LDAP backend has a hard Size limit of 500 for search requests. With 501 Users that bit me in the backside!
Fix:
#
# remove sizelimit for ldap search
#
# apply with ldapmodify -Y EXTERNAL -H ldapi:/// -f sizelimit.ldif
#
dn: olcDatabase={1}hdb,cn=config
changetype: modify
add: olcLimits
olcLimits: dn.exact="cn=kerberos-admin,dc=realm,dc=example,dc=com" size=unlimited
Apply, restart slapd, and dump happily away
the systm version is WPNXM-0.8.6-Standard-Setup-php56-w64 . After I intalling php7.0.10_nts and when I change php version appear an error
problem with php7.0.10
Where is a problem ???
If you go to your php 7 folder (C:\server\bin\php) you will find that there are 2 php.ini files:
php.ini-development
php.ini-production
If you copy one of them with the name php.ini. this should fix it.
Edited:
You may need to change paths too like:
extension_dir = "ext"y
error_log = C:\server\logs\php_error.log
include_path = ".;C:\server\bin\php\pear"
upload_tmp_dir = C:\server\temp
;sendmail_path = "C:\server\bin\sendmail\sendmail.exe -t -i"
session.save_path = C:\server\temp
curl.cainfo =C:\server\bin\openssl\ca-bundle.crt
[Xdebug]
; activate remote debugging
xdebug.remote_enable = on
xdebug.remote_handler = dbgp
xdebug.remote_host = localhost
xdebug.remote_port = 9000
; profiler
xdebug.profiler_enable = 1
xdebug.profiler_enable_trigger = 0
xdebug.profiler_output_dir = "C:\server\logs"
xdebug.profiler_output_name = cachegrind.out.%t.%p
[Zend]
zend_extension=C:\server\bin\php\ext\php_opcache.dll
zend_extension=C:\server\bin\php\ext\php_xdebug.dll
I am getting the following problem with this plugin. using trac 0.12.5 on centos 5. the following log is from a comment. user responding is sharif.uddin, user created is jason. and user i am trying to cc to is ramy.
Trac[paradox:env] INFO: Reloading environment due to configuration change
Trac[paradox:env] INFO: -------------------------------- environment startup [Trac 0.12.5] --------------------------------
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.01 seconds
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.00 seconds
Trac[paradox:env] INFO: Reloading environment due to configuration change
Trac[paradox:env] INFO: -------------------------------- environment startup [Trac 0.12.5] --------------------------------
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.06 seconds
Trac[paradox:SmtpLdapEmailSender] INFO: Binding to LDAP as cn=Administrator,cn=Users,dc=domain,dc=com
Trac[paradox:SmtpLdapEmailSender] INFO: Updating list of recipients
Trac[paradox:SmtpLdapEmailSender] WARNING: Searching LDAP server ldap://echo.uk.domain.com for user jasona#DOMAIN.COM
Trac[paradox:SmtpLdapEmailSender] WARNING: Found e-mail address: Jason.Aftalion#domain.com
Trac[paradox:SmtpLdapEmailSender] WARNING: Searching LDAP server ldap://echo.uk.domain.com for user sharifu#DOMAIN.COM
Trac[paradox:SmtpLdapEmailSender] WARNING: Found e-mail address: Sharif.Uddin#domain.com
Trac[paradox:SmtpLdapEmailSender] WARNING: Searching LDAP server ldap://echo.uk.domain.com for user Ramy.Mahmoud#domain.com
Trac[paradox:notification] INFO: Sending notification through SMTP at hero.uk.domain.com:25 to ['Jason.Aftalion#domain.com', 'Sharif.Uddin#domain.com', u'Ramy.Mahmoud#domain.com', 'support#domain.com']
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.01 seconds
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.00 seconds
I have the following code for the plugin in site-packages
class SmtpLdapEmailSender(SmtpEmailSender):
implements(IEmailSender)
email_ldap_serveruri = Option('notification', 'email_ldap_serveruri', '',
"""AD LDAP Server to use for looking up e-mail addresses""")
email_ldap_port = IntOption('notification', 'email_ldap_port', 389, """AD LDAP Server port""")
email_ldap_binddn = Option('notification', 'email_ldap_binddn', '',
"""Bind DN for LDAP lookup. If not given, Kerberos auth will be used for current user""")
email_ldap_bindpw = Option('notification', 'email_ldap_bindpw', '', """Password for non-kerberos auth""")
email_ldap_basedn = Option('notification', 'email_ldap_basedn', '', """Base DN to use for LDAP searches""")
email_attr = 'mail'
def __init__(self):
self.log.warn("Initialising LDAP object with URI: ", self.email_ldap_serveruri)
self.ldap_conn=ldap.initialize(self.email_ldap_serveruri)
def send(self, from_addr, recipients, message):
#self.log.warn(recipients)
if self.email_ldap_binddn != None:
self.log.info("Binding to LDAP as " + self.email_ldap_binddn)
self.ldap_conn.bind_s(self.email_ldap_binddn, self.email_ldap_bindpw, ldap.AUTH_SIMPLE)
else:
self.log.info("Binding to LDAP with Kerberos")
self.ldap_conn.bind_s()
#Iterate through recipients, checking for correct e-mail addresses in LDAP
#Output in ldapRecipients
self.log.info("Updating list of recipients")
new_recipients = []
def isset(variable):
return variable in locals() or variable in globals()
for i, addr in enumerate(recipients):
self.log.warn("Searching LDAP server %s for user %s", self.email_ldap_serveruri, addr)
search_string = 'userPrincipalName=' + addr
result = self.ldap_conn.search_s(self.email_ldap_basedn, ldap.SCOPE_SUBTREE, search_string, [self.email_attr])
#result is formatted as a string (result) in a list of [attr values], in a dictionary of {attr_name=>attr_values}
#in a tuple of (DN, Entry), within a list of results. So result for principle name jasona#domain.com would be
#[('CN=Jason Aftalion,OU=TechSupport,OU=Woking,OU=Sites,DC=domain,DC=com', {'mail': ['Jason.Aftalion#domain.com']})]
#self.log.error(addr)
if len(result) > 0:
if result[0][1][self.email_attr][0]:
self.log.warn("Found e-mail address: " + result[0][1][self.email_attr][0])
new_recipients.append(result[0][1][self.email_attr][0])
else:
self.log.warn("Could not find e-mail address")
new_recipients.append(addr)
else:
new_recipients.append(addr)
new_recipients.append("support#domain.com")
#self.log.error(new_recipients)
return super(SmtpLdapEmailSender,self).send(from_addr, new_recipients, message)
Also when the email gets sent out there is no one on the to address. I think i need to add the u before the quites open on the email if you see the log line Trac[paradox:notification] INFO: Sending notification through SMTP at hero.uk.domain.com:25 to ['Jason.Aftalion#domian.com', 'Sharif.Uddin#domian.com', u'Ramy.Mahmoud#domain.com'] . ramy is the only one that appears in the email as it is placed on the cc section of the ini file.
UPDATE
[root#hero plugins]# easy_install http://trac-hacks.org/svn/announcerplugin/trunk
Downloading http://trac-hacks.org/svn/announcerplugin/trunk
Doing subversion checkout from http://trac-hacks.org/svn/announcerplugin/trunk to /tmp/easy_install-hkATrd/trunk
Processing trunk
Running setup.py -q bdist_egg --dist-dir /tmp/easy_install-hkATrd/trunk/egg-dist-tmp-dGEGqu
File "build/bdist.linux-i686/egg/announcer/opt/bitten/announce.py", line 71
yield
^
SyntaxError: invalid syntax
zip_safe flag not set; analyzing archive contents...
TracAnnouncer 1.0dev-r12503 is already the active version in easy-install.pth
Installed /usr/lib/python2.4/site-packages/TracAnnouncer-1.0dev_r12503-py2.4.egg
Processing dependencies for TracAnnouncer==1.0dev-r12503
Finished processing dependencies for TracAnnouncer==1.0dev-r12503
UPDATE 2
It installed successfully
easy_install http://trac-hacks.org/svn/announcerplugin/trunk
Downloading http://trac-hacks.org/svn/announcerplugin/trunk
Doing subversion checkout from http://trac-hacks.org/svn/announcerplugin/trunk to /tmp/easy_install-AGCmXH/trunk
Processing trunk
Running setup.py -q bdist_egg --dist-dir /tmp/easy_install-AGCmXH/trunk/egg-dist-tmp-6tmNSt
zip_safe flag not set; analyzing archive contents...
Removing TracAnnouncer 1.0dev-r12503 from easy-install.pth file
Adding TracAnnouncer 1.0dev-r13963 to easy-install.pth file
Installed /usr/lib/python2.4/site-packages/TracAnnouncer-1.0dev_r13963-py2.4.egg
Processing dependencies for TracAnnouncer==1.0dev-r13963
Finished processing dependencies for TracAnnouncer==1.0dev-r13963
I get following in log file now. I cannot install python 2.7
Trac[paradox:env] INFO: -------------------------------- environment startup [Trac 0.12.5] --------------------------------
Trac[paradox:loader] ERROR: Skipping "announcer.email_decorators = announcer.email_decorators":
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/Trac-0.12.5-py2.4.egg/trac/loader.py", line 68, in _load_eggs
entry.load(require=True)
File "/usr/lib/python2.4/site-packages/setuptools-0.6c11-py2.4.egg/pkg_resources.py", line 1954, in load
entry = __import__(self.module_name, globals(),globals(), ['__name__'])
File "build/bdist.linux-i686/egg/announcer/email_decorators.py", line 7, in ?
ImportError: No module named utils
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.66 seconds
local ini file
cat /data/intranet/html/trac/paradox/conf/trac.ini
# -*- coding: utf-8 -*-
[changeset]
max_diff_files = 0
[components]
acct_mgr.admin.accountmanageradminpanel = disabled
acct_mgr.api.accountmanager = disabled
acct_mgr.db.sessionstore = disabled
acct_mgr.guard.accountguard = disabled
acct_mgr.macros.accountmanagerwikimacros = disabled
acct_mgr.notification.accountchangelistener = disabled
acct_mgr.notification.accountchangenotificationadminpanel = disabled
acct_mgr.register.emailcheck = disabled
acct_mgr.register.emailverificationmodule = disabled
advancedworkflow.controller.ticketworkflowopownercomponent = disabled
advancedworkflow.controller.ticketworkflowopownerfield = disabled
advancedworkflow.controller.ticketworkflowopownerprevious = disabled
advancedworkflow.controller.ticketworkflowopresetmilestone = disabled
advancedworkflow.controller.ticketworkflowoprunexternal = disabled
advancedworkflow.controller.ticketworkflowopstatusprevious = disabled
advancedworkflow.controller.ticketworkflowoptriage = disabled
advancedworkflow.controller.ticketworkflowopxref = disabled
announcer.api.announcementsystem = enabled
announcer.api.subscriptionresolver = enabled
announcer.distributors.mail.emaildistributor = enabled
announcer.distributors.mail.sendmailemailsender = enabled
announcer.distributors.mail.smtpemailsender = enabled
announcer.email_decorators.announceremaildecorator = enabled
announcer.email_decorators.staticemaildecorator = enabled
announcer.email_decorators.threadingemaildecorator = enabled
announcer.email_decorators.ticketaddlheaderemaildecorator = enabled
announcer.email_decorators.ticketsubjectemaildecorator = enabled
announcer.email_decorators.wikisubjectemaildecorator = enabled
announcer.filters.defaultpermissionfilter = enabled
announcer.formatters.ticketformatter = enabled
announcer.formatters.wikiformatter = enabled
announcer.opt.subscribers.allticketsubscriber = enabled
announcer.opt.subscribers.generalwikisubscriber = enabled
announcer.opt.subscribers.joinablegroupsubscriber = enabled
announcer.opt.subscribers.ticketcomponentownersubscriber = enabled
announcer.opt.subscribers.ticketcomponentsubscriber = enabled
announcer.opt.subscribers.ticketcustomfieldsubscriber = enabled
announcer.opt.subscribers.userchangesubscriber = enabled
announcer.opt.subscribers.watchsubscriber = enabled
announcer.pref.announcerpreferences = enabled
announcer.pref.subscriptionmanagementpanel = enabled
announcer.producers.attachmentchangeproducer = enabled
announcer.producers.ticketchangeproducer = enabled
announcer.producers.wikichangeproducer = enabled
announcer.resolvers.defaultdomainemailresolver = enabled
announcer.resolvers.sessionemailresolver = enabled
announcer.resolvers.specifiedemailresolver = enabled
announcer.resolvers.specifiedxmppresolver = enabled
announcer.subscribers.carboncopysubscriber = enabled
announcer.subscribers.ticketownersubscriber = enabled
announcer.subscribers.ticketreportersubscriber = enabled
announcer.subscribers.ticketupdatersubscriber = enabled
spectrum.smtpldapemailsender.smtpldapemailsender = enabled
tracopt.mimeview.php.phprenderer = enabled
[header_logo]
alt =
link = http://intranet/trac/paradox/
src = common/trac_banner.png
[inherit]
file = /usr/share/trac/conf/trac.ini
[logging]
log_level = INFO
log_type = file
[project]
descr = Paradox replacement
name = Paradox
url = http://intranet/sidb
[ticket]
default_component = other
default_milestone = create/update project
default_version = v12
[ticket-workflow]
accept = new -> assigned
accept.operations = set_owner_to_self
accept.permissions = TICKET_MODIFY
leave = * -> *
leave.default = 1
leave.operations = leave_status
reassign = new,assigned,reopened -> new
reassign.operations = set_owner
reassign.permissions = TICKET_MODIFY
reopen = closed -> reopened
reopen.operations = del_resolution
reopen.permissions = TICKET_CREATE
resolve = new,assigned,reopened -> closed
resolve.operations = set_resolution
resolve.permissions = TICKET_MODIFY
[trac]
base_url = http://intranet/trac/paradox/
check_auth_ip = true
metanav = login,logout,settings,help,about
repository_dir = /data/subversion/paradox
[notification]
smtp_always_cc = Ramy.Mahmoud#domain.com
[announcer]
use_public_cc = true
global ini file
cat ../conf/trac.ini
[announcer]
use_public_cc = true
#admit_domains =
#always_notify_component_owner = true
#always_notify_owner = true
#always_notify_reporter = true
#always_notify_updater = true
#default_email_format = text/html
#email_address_resolvers = SpecifiedEmailResolver, SessionEmailResolver
#ignore_domains =
#mime_encoding = base64
#smtp_always_bcc =
#smtp_always_cc =
#smtp_default_domain =
#smtp_enabled = true
#smtp_from = trac-no-reply#domain.com
#smtp_from_name = Trac
#smtp_password =
#smtp_port = 25
#smtp_replyto = no-reply#domain.com
#smtp_server = hero
#smtp_subject_prefix = __default__
#smtp_timeout = 30
#smtp_user =
#t#icket_email_header_fields = owner, reporter, milestone, component, priority, severity.
#ticket_email_subject = Ticket #${ticket.id}: ${ticket['summary']}.
#ticket_subject_template = $prefix $ticket.id: $summary
#use_public_cc = false
#use_short_addr = false
#use_tls = false
#email_enabled = true
[notification]
always_notify_owner = false
always_notify_reporter = true
always_notify_updater = true
#mime_encoding = base64
#smtp_always_cc = sharifu#domain.com
#smtp_default_domain = domain.com
smtp_enabled = true
smtp_from = trac#domain.com
smtp_password =
smtp_port = 25
smtp_replyto = no-reply#domain.com
smtp_server = hero.uk.domain.com
smtp_subject_prefix = __default__
smtp_user =
use_public_cc = false
use_short_addr = false
use_tls = false
#ignore_domains = domain.com
email_sender=SmtpLdapEmailSender
email_ldap_serveruri = ldap://echo.uk.domain.com
email_ldap_port = 389
email_ldap_basedn = ou=Sites,dc=domain,dc=com
email_ldap_binddn = cn=Administrator,cn=Users,dc=domain,dc=com
email_ldap_bindpw = ****
[ldap]
enable = true
global_perms = true
host = echo
basedn = dc=domain,dc=com
user_rdn = ou=sites
group_rdn = cn=users
store_bind = true
bind_user = cn=Administrator,cn=users,dc=domain,dc=com
bind_passwd = ****
[trac]
base_url = http://intranet/trac/
#permission_store = LdapPermissionStore
[logging]
log_format = Trac[$(basename)s:$(module)s] $(levelname)s: $(message)s
log_type = syslog
log_level = WARN
[components]
webadmin.* = enabled
#ldapauth.* = enabled
#ldapplugin.* = enabled
#ldapplugin.api.ldappermissiongroupprovider = enabled
#ldapplugin.api.ldappermissionstore = disabled
ticketdelete.* = enabled
tracopt.ticket.deleter = enabled
tracwysiwyg.* = enabled
advancedworkflow.* = enabled
#tickettemplate.* = enabled
tracopt.ticket.commit_updater.committicketreferencemacro = enabled
tracopt.ticket.commit_updater.committicketupdater = enabled
ticketchangesets.* = enabled
ticketlog.* = enabled
#announcer.* = enabled
#announcer.api.announcementsystem = enabled
#announcer.distributors.mail.emaildistributor = enabled
#announcer.formatters.ticket.ticketformatter = enabled
#announcer.formatters.wiki.wikiformatter = enabled
#announcer.pref.announcerpreferences = enabled
#announcer.producers.attachment.attachmentchangeproducer = enabled
#announcer.producers.ticket.ticketchangeproducer = enabled
#announcer.producers.wiki.wikichangeproducer = enabled
#announcer.resolvers.sessionemail.sessionemailresolver = enabled
#announcer.subscribers.ticket_compat.carboncopysubscriber = enabled
#announcer.subscribers.ticket_compat.legacyticketsubscriber = enabled
#announcer.subscribers.ticket_components.ticketcomponentsubscriber = enabled
#announcer.subscribers.ticket_custom.ticketcustomfieldsubscriber = enabled
#announcer.subscribers.watch_users.userchangesubscriber = enabled
#announcer.subscribers.watchers.watchsubscriber = enabled
#[tickettemplate]
#field_list = summary, description, reporter, owner, priority, cc, milestone, component, version, type
#enable_custom = true
[ticket-changesets]
check_perms = true
collapsed = false
commands.close = close closed closes fix fixed fixes
commands.refs = addresses re references refs see
compact = true
envelope =
hide_when_none = false
notify = true
resolution = fixed
ticket_comments = true
[ticket]
commit_ticket_update_envelope = []
commit_ticket_update_commands.close =
commit_ticket_update_commands.refs = <ALL>
commit_ticket_update_check_perms = true
commit_ticket_update_notify = true
[ticketlog]
; optional: custom your log message pattern
log_pattern = \s*#%s\s+.*
; optional: set log message's max length, default is no limit
log_message_maxlength = 100
When i leave a comment i see the following extra bit in log file
Trac[paradox:api] ERROR: AnnouncementSystem failed.
Traceback (most recent call last):
File "build/bdist.linux-i686/egg/announcer/api.py", line 560, in _real_send
File "build/bdist.linux-i686/egg/announcer/api.py", line 311, in subscriptions
TypeError: itemgetter expected 1 arguments, got 4
QUESTION 2
Do emails notification not get sent out when adding attachments? i found the following in the log...
Trac[paradox:api] INFO: Synchronized '(default)' repository in 0.01 seconds
Trac[paradox:attachment] INFO: New attachment: ticket:48: RE Conversation with Ringo Au.msg by sharifu#DOMAIN.COM
Trac[paradox:api] ERROR: AnnouncementSystem failed.
Traceback (most recent call last):
File "build/bdist.linux-i686/egg/announcer/api.py", line 560, in _real_send
File "build/bdist.linux-i686/egg/announcer/api.py", line 311, in subscriptions
TypeError: itemgetter expected 1 arguments, got 4
I am using s3cmd to upload some stuff to a S3 bucket. The problem is, how do I feed some config vars to it, programmatically?
I am not using version 1.5, so I don't have the --access_key and --secret_key flags available. I only have --configure, which creates a config file interactively, and -c, which has to be fed a config file. But how do I actually build that config file? The config file built by --configure adds numerous options there; I only need to pass the access key and secret key to my s3cmd command.
I've been struggling with the same issue, but luckily, since I'm using docker I could generate the config file during the image build.
Dockerfile:
FROM ubuntu:xenial
ARG ACCESS_KEY
ARG SECRET_KEY
COPY template.s3cfg /tmp/template.s3cfg
RUN apt-get -y update; \
apt-get -y install python-setuptools wget gettext-base; \
wget http://netix.dl.sourceforge.net/project/s3tools/s3cmd/1.6.0/s3cmd-1.6.0.tar.gz; \
tar xvfz s3cmd-1.6.0.tar.gz; \
cd s3cmd-1.6.0; \
python setup.py install
RUN ACCESS_KEY=$ACCESS_KEY \
SECRET_KEY=$SECRET_KEY \
bash -c '/usr/bin/envsubst < "/tmp/template.s3cfg" > "/root/.s3cfg";'
CMD [<whatever you wanna run>]
template.s3cfg:
[default]
access_key = ${ACCESS_KEY}
access_token =
add_encoding_exts =
add_headers =
bucket_location = US
ca_certs_file =
cache_file =
check_ssl_certificate = True
check_ssl_hostname = True
cloudfront_host = cloudfront.amazonaws.com
default_mime_type = binary/octet-stream
delay_updates = False
delete_after = False
delete_after_fetch = False
delete_removed = False
dry_run = False
enable_multipart = True
encrypt = False
expiry_date =
expiry_days =
expiry_prefix =
follow_symlinks = False
force = False
get_continue = False
gpg_command = None
gpg_decrypt = %(gpg_command)s -d --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_encrypt = %(gpg_command)s -c --verbose --no-use-agent --batch --yes --passphrase-fd %(passphrase_fd)s -o %(output_file)s %(input_file)s
gpg_passphrase =
guess_mime_type = True
host_base = nyc3.digitaloceanspaces.com
host_bucket = %(bucket)s.nyc3.digitaloceanspaces.com
human_readable_sizes = False
invalidate_default_index_on_cf = False
invalidate_default_index_root_on_cf = True
invalidate_on_cf = False
kms_key =
limit = -1
limitrate = 0
list_md5 = False
log_target_prefix =
long_listing = False
max_delete = -1
mime_type =
multipart_chunk_size_mb = 15
multipart_max_chunks = 10000
preserve_attrs = True
progress_meter = True
proxy_host =
proxy_port = 0
put_continue = False
recursive = False
recv_chunk = 65536
reduced_redundancy = False
requester_pays = False
restore_days = 1
restore_priority = Standard
secret_key = ${SECRET_KEY}
send_chunk = 65536
server_side_encryption = False
signature_v2 = False
signurl_use_https = False
simpledb_host = sdb.amazonaws.com
skip_existing = False
socket_timeout = 300
stats = False
stop_on_error = False
storage_class =
urlencoding_mode = normal
use_http_expect = False
use_https = True
use_mime_magic = True
verbosity = WARNING
website_endpoint = http://%(bucket)s.s3-website-%(location)s.amazonaws.com/
website_error =
website_index = index.html
Now. When building the image, you simply specify the ACCESS_KEY and SECRET_KEY arguments, and you're good to go.
Surely, you can specify even more values that way. You could create a bash script, you can echo the config into the file so you wouldn't lose your currently existing profiles. You don't have use docker for it at all, that's just my use case.
Long story short: use envsubst.