mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2025-07-08 20:10:17 +02:00
begin docs for new authenticator
This commit is contained in:
parent
7559b7ac09
commit
498b876572
@ -6,25 +6,25 @@ Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all
|
||||
|
||||
## Configuring Auth
|
||||
|
||||
In your auth project's settings file (`aa-docker/conf/local.py`), do the following:
|
||||
In your auth project's settings file (`myauth/settings/local.py`), do the following:
|
||||
|
||||
- Add `'allianceauth.services.modules.mumble',` to `INSTALLED_APPS` in your `local.py`
|
||||
- Append the following to your auth project's settings file:
|
||||
- Add `'allianceauth.services.modules.mumble',` to your `INSTALLED_APPS` list
|
||||
- Set `MUMBLE_URL` to the public address of your mumble server. Do not include any leading `http://` or `mumble://`.
|
||||
|
||||
Example config:
|
||||
|
||||
```python
|
||||
# Installed apps
|
||||
INSTALLED_APPS += [
|
||||
# ...
|
||||
'allianceauth.services.modules.mumble'
|
||||
# ...
|
||||
]
|
||||
|
||||
# Mumble Configuration
|
||||
MUMBLE_URL = "mumble.example.com"
|
||||
```
|
||||
|
||||
Add the following lines to your `.env` file
|
||||
|
||||
```env
|
||||
# Mumble
|
||||
MUMBLE_SUPERUSER_PASSWORD = superuser_password
|
||||
MUMBLE_ICESECRETWRITE = icesecretwrite
|
||||
MUMBLE_SERVERPASSWORD = serverpassword
|
||||
```
|
||||
|
||||
Finally, restart your stack and run migrations
|
||||
|
||||
```shell
|
||||
@ -33,16 +33,29 @@ docker compose exec allianceauth_gunicorn bash
|
||||
auth migrate
|
||||
```
|
||||
|
||||
## Configuring Authenticator
|
||||
|
||||
The Authenticator is configured via Django Admin, visit `/admin/mumble/mumbleserverserver/` in
|
||||
|
||||
Name: TEST
|
||||
Host IP Address: 127.0.0.1
|
||||
Endpoint IP Address: 127.0.0.1
|
||||
Port: 6502
|
||||
ICE Secret: ICESECRETWRITE
|
||||
Watchdog Interval: 30
|
||||
Slice: MumbleServer.ice (Mumble >=1.5.17)
|
||||
Virtual Servers: 1
|
||||
|
||||
Enable EVE Avatars
|
||||
|
||||
Reject Unauthenticated
|
||||
ID Offset: 1000000000
|
||||
Idler Handler:
|
||||
|
||||
## Docker Installations
|
||||
|
||||
### Installing Mumble and Authenticator
|
||||
|
||||
Inside your `aa-docker` directory, clone the authenticator to a sub directory as follows
|
||||
|
||||
```shell
|
||||
git clone https://gitlab.com/allianceauth/mumble-authenticator.git
|
||||
```
|
||||
|
||||
Add the following to your `docker-compose.yml` under the `services:` section
|
||||
|
||||
```docker
|
||||
@ -66,27 +79,16 @@ Add the following to your `docker-compose.yml` under the `services:` section
|
||||
max-size: "10Mb"
|
||||
max-file: "5"
|
||||
|
||||
mumble-authenticator:
|
||||
build:
|
||||
context: .
|
||||
dockerfile: ./mumble-authenticator/Dockerfile
|
||||
restart: always
|
||||
volumes:
|
||||
- ./mumble-authenticator/authenticator.py:/authenticator.py
|
||||
- ./mumble-authenticator/authenticator.ini.docker:/authenticator.ini
|
||||
environment:
|
||||
- MUMBLE_SUPERUSER_PASSWORD=${MUMBLE_SUPERUSER_PASSWORD}
|
||||
- MUMBLE_CONFIG_ice="tcp -h 127.0.0.1 -p 6502"
|
||||
- MUMBLE_CONFIG_icesecretwrite=${MUMBLE_ICESECRETWRITE}
|
||||
- MUMBLE_CONFIG_serverpassword=${MUMBLE_SERVERPASSWORD}
|
||||
depends_on:
|
||||
- mumble-server
|
||||
- auth_mysql
|
||||
logging:
|
||||
driver: "json-file"
|
||||
options:
|
||||
max-size: "10Mb"
|
||||
max-file: "5"
|
||||
allianceauth_mumble_authenticator:
|
||||
container_name: allianceauth_mumble_authenticator
|
||||
<<: [*allianceauth-base]
|
||||
entrypoint: [
|
||||
"python",
|
||||
"manage.py",
|
||||
"mumble_authenticator",
|
||||
"--server_id=1"
|
||||
]
|
||||
|
||||
```
|
||||
|
||||
## Permissions
|
||||
|
@ -49,26 +49,6 @@ sudo yum install mumble-server
|
||||
:::
|
||||
::::
|
||||
|
||||
### Installing Mumble Authenticator
|
||||
|
||||
Next, we need to download the latest authenticator release from the [authenticator repository](https://gitlab.com/allianceauth/mumble-authenticator).
|
||||
|
||||
```shell
|
||||
git clone https://gitlab.com/allianceauth/mumble-authenticator /home/allianceserver/mumble-authenticator
|
||||
```
|
||||
|
||||
We will now install the authenticator into your Auth virtual environment. Please make sure to activate it first:
|
||||
|
||||
```shell
|
||||
source /home/allianceserver/venv/auth/bin/activate
|
||||
```
|
||||
|
||||
Install the python dependencies for the mumble authenticator. Note that this process can take 2 to 10 minutes to complete.
|
||||
|
||||
```shell
|
||||
pip install -r requirements.txt
|
||||
```
|
||||
|
||||
## Configuring Mumble Server
|
||||
|
||||
Mumble ships with a configuration file that needs customization. By default, it's located at `/etc/mumble-server.ini`. Open it with your favorite text editor:
|
||||
@ -102,66 +82,6 @@ sudo service mumble-server restart
|
||||
|
||||
That's it! Your server is ready to be connected to at example.com:64738
|
||||
|
||||
## Configuring Mumble Authenticator
|
||||
|
||||
The ICE authenticator lives in the mumble-authenticator repository, cd to the directory where you cloned it.
|
||||
|
||||
Make a copy of the default config:
|
||||
|
||||
```shell
|
||||
cp authenticator.ini.example authenticator.ini
|
||||
```
|
||||
|
||||
Edit `authenticator.ini` and change these values:
|
||||
|
||||
- `[database]`
|
||||
- `user =` your allianceserver MySQL user
|
||||
- `password =` your allianceserver MySQL user's password
|
||||
- `[ice]`
|
||||
- `secret =` the `icewritesecret` password set earlier
|
||||
|
||||
Test your configuration by starting it:
|
||||
|
||||
```shell
|
||||
python /home/allianceserver/mumble-authenticator/authenticator.py
|
||||
```
|
||||
|
||||
And finally, ensure the allianceserver user has read/write permissions to the mumble authenticator files before proceeding:
|
||||
|
||||
```shell
|
||||
sudo chown -R allianceserver:allianceserver /home/allianceserver/mumble-authenticator
|
||||
```
|
||||
|
||||
The authenticator needs to be running 24/7 to validate users on Mumble. This can be achieved by adding a section to your auth project's supervisor config file like the following example:
|
||||
|
||||
```ini
|
||||
[program:authenticator]
|
||||
command=/home/allianceserver/venv/auth/bin/python authenticator.py
|
||||
directory=/home/allianceserver/mumble-authenticator
|
||||
user=allianceserver
|
||||
stdout_logfile=/home/allianceserver/myauth/log/authenticator.log
|
||||
stderr_logfile=/home/allianceserver/myauth/log/authenticator.log
|
||||
autostart=true
|
||||
autorestart=true
|
||||
startsecs=10
|
||||
priority=996
|
||||
```
|
||||
|
||||
In addition, we'd recommend adding the authenticator to Auth's restart group in your supervisor conf. For that, you need to add it to the group line as shown in the following example:
|
||||
|
||||
```ini
|
||||
[group:myauth]
|
||||
programs=beat,worker,gunicorn,authenticator
|
||||
priority=999
|
||||
```
|
||||
|
||||
To enable the changes in your supervisor configuration, you need to restart the supervisor process itself. And before we do that, we are shutting down the current Auth supervisors gracefully:
|
||||
|
||||
```shell
|
||||
sudo supervisor stop myauth:
|
||||
sudo systemctl restart supervisor
|
||||
```
|
||||
|
||||
## Configuring Auth
|
||||
|
||||
In your auth project's settings file (`myauth/settings/local.py`), do the following:
|
||||
@ -187,10 +107,57 @@ Finally, run migrations and restart your supervisor to complete the setup:
|
||||
|
||||
```shell
|
||||
python /home/allianceserver/myauth/manage.py migrate
|
||||
supervisorctl restart myauth:
|
||||
```
|
||||
|
||||
## Configuring Authenticator
|
||||
|
||||
The Authenticator is configured via Django Admin, visit `/admin/mumble/mumbleserverserver/` in
|
||||
|
||||
Name: TEST
|
||||
Host IP Address: 127.0.0.1
|
||||
Endpoint IP Address: 127.0.0.1
|
||||
Port: 6502
|
||||
ICE Secret: ICESECRETWRITE
|
||||
Watchdog Interval: 30
|
||||
Slice: MumbleServer.ice (Mumble >=1.5.17)
|
||||
Virtual Servers: 1
|
||||
|
||||
Enable EVE Avatars
|
||||
|
||||
Reject Unauthenticated
|
||||
ID Offset: 1000000000
|
||||
Idler Handler:
|
||||
|
||||
## Running Authenticator
|
||||
|
||||
The authenticator needs to be running 24/7 to validate users on Mumble. This can be achieved by adding a section to your auth project's supervisor config file like the following example:
|
||||
|
||||
```ini
|
||||
[program:authenticator]
|
||||
command=/home/allianceserver/venv/auth/bin/python manage.py mumble_authenticator
|
||||
directory=/home/allianceserver/myauth/
|
||||
stdout_logfile=/home/allianceserver/myauth/log/authenticator.log
|
||||
stderr_logfile=/home/allianceserver/myauth/log/authenticator.log
|
||||
autostart=true
|
||||
autorestart=true
|
||||
startsecs=10
|
||||
priority=996
|
||||
```
|
||||
|
||||
In addition, we'd recommend adding the authenticator to Auth's restart group in your supervisor conf. For that, you need to add it to the group line as shown in the following example:
|
||||
|
||||
```ini
|
||||
[group:myauth]
|
||||
programs=beat,worker,gunicorn,authenticator
|
||||
priority=999
|
||||
```
|
||||
|
||||
To enable the changes in your supervisor configuration, you need to restart the supervisor process itself. And before we do that, we are shutting down the current Auth supervisors gracefully:
|
||||
|
||||
```shell
|
||||
supervisorctl restart myauth:
|
||||
sudo supervisor stop myauth:
|
||||
sudo systemctl restart supervisor
|
||||
```
|
||||
|
||||
## Permissions
|
||||
|
Loading…
x
Reference in New Issue
Block a user