diff --git a/docs/development/custom/integrating-services.md b/docs/development/custom/integrating-services.md index 39645bac..29ad0832 100644 --- a/docs/development/custom/integrating-services.md +++ b/docs/development/custom/integrating-services.md @@ -20,19 +20,21 @@ Typically a service will contain 5 key components: The architecture looks something like this: - urls -------▶ Views - ▲ | - | | - | ▼ - ServiceHook ----▶ Tasks ----▶ Manager - ▲ - | - | - AllianceAuth +```none + urls -------▶ Views + ▲ | + | | + | ▼ + ServiceHook ----▶ Tasks ----▶ Manager + ▲ + | + | + AllianceAuth - Where: - Module --▶ Dependency/Import + Where: + Module --▶ Dependency/Import +``` While this is the typical structure of the existing services modules, there is no enforcement of this structure and you are, effectively, free to create whatever architecture may be necessary. A service module need not even communicate with an external service, for example, if similar triggers such as validate_user, delete_user are required for a module it may be convenient to masquerade as a service. Ideally though, using the common structure improves the maintainability for other developers. @@ -40,27 +42,31 @@ While this is the typical structure of the existing services modules, there is n In order to integrate with Alliance Auth service modules must provide a `services_hook`. This hook will be a function that returns an instance of the `services.hooks.ServiceHook` class and decorated with the `@hooks.registerhook` decorator. For example: - @hooks.register('services_hook') - def register_service(): - return ExampleService() +```python +@hooks.register('services_hook') +def register_service(): + return ExampleService() +``` This would register the ExampleService class which would need to be a subclass of `services.hooks.ServiceHook`. :::{important} - The hook **MUST** be registered in ``yourservice.auth_hooks`` along with any other hooks you are registering for Alliance Auth. +The hook **MUST** be registered in ``yourservice.auth_hooks`` along with any other hooks you are registering for Alliance Auth. ::: A subclassed `ServiceHook` might look like this: - class ExampleService(ServicesHook): - def __init__(self): - ServicesHook.__init__(self) - self.urlpatterns = urlpatterns - self.service_url = 'http://exampleservice.example.com' +```python +class ExampleService(ServicesHook): + def __init__(self): + ServicesHook.__init__(self) + self.urlpatterns = urlpatterns + self.service_url = 'http://exampleservice.example.com' - """ - Overload base methods here to implement functionality - """ + """ + Overload base methods here to implement functionality + """ +``` ### The ServiceHook class @@ -70,9 +76,9 @@ You will need to subclass `services.hooks.ServiceHook` in order to provide imple Instance Variables: -- [self.name](#self-name) -- [self.urlpatterns](#self-url-patterns) -- [self.service_ctrl_template](#self-service-ctrl-template) +- [self.name](#selfname) +- [self.urlpatterns](#selfurlpatterns) +- [self.service_ctrl_template](#selfservice_ctrl_template) Properties: @@ -87,8 +93,6 @@ Functions: - [update_groups](#update_groups) - [update_groups_bulk](#update_groups_bulk) - [update_all_groups](#update_all_groups) -- [service_enabled_members](#service_enabled_members) -- [service_enabled_blues](#service_enabled_blues) - [service_active_for_user](#service_active_for_user) - [show_service_ctrl](#show_service_ctrl) - [render_service_ctrl](#render_service_ctrl) @@ -101,18 +105,20 @@ Internal name of the module, should be unique amongst modules. You should define all of your service URLs internally, usually in `urls.py`. Then you can import them and set `self.urlpatterns` to your defined urlpatterns. - from . import urls - ... - class MyService(ServiceHook): - def __init__(self): - ... - self.urlpatterns = urls.urlpatterns +```python +from . import urls +... +class MyService(ServiceHook): + def __init__(self): + ... + self.urlpatterns = urls.urlpatterns +``` All of your apps defined urlpatterns will then be included in the `URLconf` when the core application starts. #### self.service_ctrl_template -This is provided as a courtesy and defines the default template to be used with [render_service_ctrl](#render-service-ctrl). You are free to redefine or not use this variable at all. +This is provided as a courtesy and defines the default template to be used with [render_service_ctrl](#render_service_ctrl). You are free to redefine or not use this variable at all. #### title @@ -134,10 +140,12 @@ Validate the users service account, deleting it if they should no longer have ac An implementation will probably look like the following: - def validate_user(self, user): - logger.debug('Validating user %s %s account' % (user, self.name)) - if ExampleTasks.has_account(user) and not self.service_active_for_user(user): - self.delete_user(user, notify_user=True) +```python +def validate_user(self, user): +logger.debug('Validating user %s %s account' % (user, self.name)) +if ExampleTasks.has_account(user) and not self.service_active_for_user(user): + self.delete_user(user, notify_user=True) +``` No return value is expected. @@ -206,37 +214,39 @@ Should the service be shown for the given `user` with the given `state`? The `us Usually you wont need to override this function. -For more information see the [render_service_ctrl](#render-service-ctrl) section. +For more information see the [render_service_ctrl](#render_service_ctrl) section. #### render_service_ctrl `def render_services_ctrl(self, request):` -Render the services control row. This will be called for all active services when a user visits the `/services/` page and [show_service_ctrl](#show-service-ctrl) returns `True` for the given user. +Render the services control row. This will be called for all active services when a user visits the `/services/` page and [show_service_ctrl](#show_service_ctrl) returns `True` for the given user. It should return a string (usually from `render_to_string`) of a table row (``) with 4 columns (``). Column #1 is the service name, column #2 is the users username for this service, column #3 is the services URL, and column #4 is the action buttons. You may either define your own service template or use the default one provided. The default can be used like this example: - def render_services_ctrl(self, request): - """ - Example for rendering the service control panel row - You can override the default template and create a - custom one if you wish. - :param request: - :return: - """ - urls = self.Urls() - urls.auth_activate = 'auth_example_activate' - urls.auth_deactivate = 'auth_example_deactivate' - urls.auth_reset_password = 'auth_example_reset_password' - urls.auth_set_password = 'auth_example_set_password' - return render_to_string(self.service_ctrl_template, { - 'service_name': self.title, - 'urls': urls, - 'service_url': self.service_url, - 'username': 'example username' - }, request=request) +```python +def render_services_ctrl(self, request): + """ + Example for rendering the service control panel row + You can override the default template and create a + custom one if you wish. + :param request: + :return: + """ + urls = self.Urls() + urls.auth_activate = 'auth_example_activate' + urls.auth_deactivate = 'auth_example_deactivate' + urls.auth_reset_password = 'auth_example_reset_password' + urls.auth_set_password = 'auth_example_set_password' + return render_to_string(self.service_ctrl_template, { + 'service_name': self.title, + 'urls': urls, + 'service_url': self.service_url, + 'username': 'example username' + }, request=request) +``` the `Urls` class defines the available URL names for the 4 actions available in the default template: @@ -293,3 +303,9 @@ You should have a look through some of the other service modules before you get ## Testing You will need to add unit tests for all aspects of your service module before it is accepted. Be mindful that you don't actually want to make external calls to the service so you should mock the appropriate components to prevent this behavior. + +```{eval-rst} +.. autoclass:: allianceauth.services.hooks.ServicesHook + :members: + :undoc-members: +``` diff --git a/docs/development/custom/logging.md b/docs/development/custom/logging.md index bd6d8a81..b2526c17 100644 --- a/docs/development/custom/logging.md +++ b/docs/development/custom/logging.md @@ -1,7 +1,9 @@ # Logging from Custom Apps + Alliance Auth provides a logger for use with custom apps to make everyone's life a little easier. ## Using the Extensions Logger + AllianceAuth provides a helper function to get the logger for the current module to reduce the amount of code you need to write. @@ -15,19 +17,28 @@ This works by creating a child logger of the extension logger which propagates a to the parent (extensions) logger. ## Changing the Logging Level + By default, the extension logger's level is set to `DEBUG`. To change this, uncomment (or add) the following line in `local.py`. ```python LOGGING['handlers']['extension_file']['level'] = 'INFO' ``` + *(Remember to restart your supervisor workers after changes to `local.py`)* This will change the logger's level to the level you define. Options are: *(all options accept entries of levels listed below them)* + * `DEBUG` * `INFO` * `WARNING` * `ERROR` * `CRITICAL` + +```{eval-rst} +.. automodule:: allianceauth.services.hooks.get_extension_logger + :members: + :undoc-members: +``` diff --git a/docs/development/custom/menu-hooks.md b/docs/development/custom/menu-hooks.md index 2bae5ebc..08515888 100644 --- a/docs/development/custom/menu-hooks.md +++ b/docs/development/custom/menu-hooks.md @@ -4,10 +4,10 @@ The menu hooks allow you to dynamically specify menu items from your plugin app To register a MenuItemHook class you would do the following: -```Python +```python @hooks.register('menu_item_hook') def register_menu(): - return MenuItemHook('Example Item', 'glyphicon glyphicon-heart', 'example_url_name',150) + return MenuItemHook('Example Item', 'fas fa-users fa-fw', 'example_url_name',150) ``` The `MenuItemHook` class specifies some parameters/instance variables required for menu item display. @@ -41,13 +41,14 @@ A list of views or namespaces the link should be highlighted on. See [django-nav This is a great feature to signal the user, that he has some open issues to take care of within an app. For example Auth uses this feature to show the specific number of open group request to the current user. :::{hint} - Here is how to stay consistent with the Auth design philosophy for using this feature: - 1. Use it to display open items that the current user can close by himself only. Do not use it for items, that the user has no control over. - 2. If there are currently no open items, do not show a badge at all. +Here is how to stay consistent with the Auth design philosophy for using this feature: + +1. Use it to display open items that the current user can close by himself only. Do not use it for items, that the user has no control over. +2. If there are currently no open items, do not show a badge at all. ::: To use it set count the `render()` function of your subclass in accordance to the current user. Here is an example: -```Python +```python def render(self, request): # ... self.count = calculate_count_for_user(request.user) diff --git a/docs/development/custom/url-hooks.md b/docs/development/custom/url-hooks.md index ffe8fdf3..907f0c73 100644 --- a/docs/development/custom/url-hooks.md +++ b/docs/development/custom/url-hooks.md @@ -19,8 +19,8 @@ In addition is it possible to make views public. Normally, all views are automat An app can opt-out of this feature by adding a list of views to be excluded when registering the URLs. See the `excluded_views` parameter for details. :::{note} - Note that for a public view to work, administrators need to also explicitly allow apps to have public views in their AA installation, by adding the apps label to ``APPS_WITH_PUBLIC_VIEWS`` setting. -``` +Note that for a public view to work, administrators need to also explicitly allow apps to have public views in their AA installation, by adding the apps label to ``APPS_WITH_PUBLIC_VIEWS`` setting. +::: ## Examples diff --git a/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md b/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md index 0396a6e6..c5f91a73 100644 --- a/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md +++ b/docs/development/dev_setup/aa-dev-setup-wsl-vsc-v2.md @@ -7,7 +7,7 @@ The main benefit of this setup is that it runs all services and code in the nati In addition all tools described in this guide are open source or free software. :::{hint} - This guide is meant for development purposes only and not for installing AA in a production environment. For production installation please see chapter **Installation**. +This guide is meant for development purposes only and not for installing AA in a production environment. For production installation please see chapter **Installation**. ::: ## Overview @@ -25,8 +25,8 @@ The development environment consists of the following components: We will use the build-in Django development web server, so we don't need to setup a WSGI server or a web server. :::{note} - This setup works with both WSL 1 and WSL 2. However, due to the significantly better performance we recommend WSL 2. -``` +This setup works with both WSL 1 and WSL 2. However, due to the significantly better performance we recommend WSL 2. +::: ## Requirement @@ -37,19 +37,14 @@ The only requirement is a PC with Windows 10 and Internet connection in order to ### Windows Subsystem for Linux - Install from here: [Microsoft docs](https://docs.microsoft.com/en-us/windows/wsl/install-win10) - - Choose Ubuntu 18.04. LTS or higher ### Visual Studio Code - Install from here: [VSC Download](https://code.visualstudio.com/Download) - - Open the app and install the following VSC extensions: - - Remote WSL - - Connect to WSL. This will automatically install the VSC server on the VSC server for WSL - - Once connected to WSL install the Python extension on the WSL side ## Setting up WSL / Linux @@ -71,18 +66,18 @@ sudo apt-get install gettext Next we need to install Python and related development tools. -:::{hint} -::: - :::{note} - Should your Ubuntu come with a newer version of Python we recommend to still setup your dev environment with the oldest Python 3 version currently supported by AA (e.g Python 3.8 at this time of writing) to ensure your apps are compatible with all current AA installations - You an check out this `page `_ on how to install additional Python versions on Ubuntu. +Should your Ubuntu come with a newer version of Python we recommend to still setup your dev environment with the oldest Python 3 version currently supported by AA (e.g Python 3.8 at this time of writing) to ensure your apps are compatible with all current AA installations +You an check out this `page `_ on how to install additional Python versions on Ubuntu. - If you install a different python version from the default you need to adjust some of the commands below to install appopriate versions of those packages for example using Python 3.8 you might need to run the following after using the setup steps for the repository mentioned in the AskUbuntu post above: +If you install a different python version from the default you need to adjust some of the commands below to install appopriate versions of those packages for example using Python 3.8 you might need to run the following after using the setup steps for the repository mentioned in the AskUbuntu post above: - `sudo apt-get install python3.8 python3.8-dev python3.8-venv python3-setuptools python3-pip python-pip` +```shell +sudo apt-get install python3.8 python3.8-dev python3.8-venv python3-setuptools python3-pip python-pip ``` +::: + Use the following command to install Python 3 with all required libraries with the default version: ```shell @@ -110,8 +105,8 @@ sudo apt-get install mysql-server mysql-client libmysqlclient-dev ``` :::{note} - We chose to use MySQL instead of MariaDB, because the standard version of MariaDB that comes with this Ubuntu distribution will not work with AA. -``` +We chose to use MySQL instead of MariaDB, because the standard version of MariaDB that comes with this Ubuntu distribution will not work with AA. +::: We need to apply a permission fix to mysql or you will get a warning with every startup: @@ -146,17 +141,17 @@ sudo mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql -u root mysql ``` :::{note} - If your WSL does not have an init.d service, it will not automatically start your services such as MySQL and Redis when you boot your Windows machine and you have to manually start them. For convenience we recommend putting these commands in a bash script. Here is an example: - - :: - - #/bin/bash - # start services for AA dev - sudo service mysql start - sudo redis-server --daemonize yes +If your WSL does not have an init.d service, it will not automatically start your services such as MySQL and Redis when you boot your Windows machine and you have to manually start them. For convenience we recommend putting these commands in a bash script. Here is an example: +```shell +#/bin/bash +# start services for AA dev +sudo service mysql start +sudo redis-server --daemonize yes ``` +::: + ### Setup dev folder on WSL Setup your folders on WSL bash for your dev project. Our approach will setup one AA project with one venv and multiple apps running under the same AA project, but each in their own folder and git. @@ -177,7 +172,7 @@ Following this approach you can also setup additional AA projects, e.g. aa-dev-2 Create the root folder `aa-dev`. :::{hint} - The folders `venv` and `myauth` will be created automatically in later steps. Please do not create them manually as this would lead to errors. +The folders `venv` and `myauth` will be created automatically in later steps. Please do not create them manually as this would lead to errors. ::: ### Setup virtual Python environment for aa-dev @@ -237,7 +232,7 @@ For the Eve Online related setup you need to create a SSO app on the developer s Open your local Django settings with VSC. The file is under `myauth/myauth/settings/local.py` :::{hint} - There are two Django settings files: ``base.py`` and ``local.py``. The base settings file is controlled by the AA project and may change at any time. It is therefore recommended to only change the local settings file. +There are two Django settings files: ``base.py`` and ``local.py``. The base settings file is controlled by the AA project and may change at any time. It is therefore recommended to only change the local settings file. ::: ```python @@ -308,15 +303,15 @@ python manage.py runserver Once running you can access your auth site on the browser under `http://localhost:8000`. Or the admin site under `http://localhost:8000/admin` :::{hint} - You can start your AA server directly from a terminal window in VSC or with a VSC debug config (see chapter about debugging for details). +You can start your AA server directly from a terminal window in VSC or with a VSC debug config (see chapter about debugging for details). ::: :::{note} - **Debug vs. Non-Debug mode** - Usually it is best to run your dev AA instance in debug mode, so you get all the detailed error messages that helps a lot for finding errors. But there might be cases where you want to test features that do not exist in debug mode (e.g. error pages) or just want to see how your app behaves in non-debug / production mode. +**Debug vs. Non-Debug mode** +Usually it is best to run your dev AA instance in debug mode, so you get all the detailed error messages that helps a lot for finding errors. But there might be cases where you want to test features that do not exist in debug mode (e.g. error pages) or just want to see how your app behaves in non-debug / production mode. - When you turn off debug mode you will see a problem though: Your pages will not render correctly. The reason is that Django will stop serving your static files in production mode and expect you to serve them from a real web server. Luckily, there is an option that forces Django to continue serving your static files directly even when not in debug mode. Just start your server with the following option: ``python manage.py runserver --insecure`` -``` +When you turn off debug mode you will see a problem though: Your pages will not render correctly. The reason is that Django will stop serving your static files in production mode and expect you to serve them from a real web server. Luckily, there is an option that forces Django to continue serving your static files directly even when not in debug mode. Just start your server with the following option: ``python manage.py runserver --insecure`` +::: ### Celery diff --git a/docs/development/tech_docu/celery.md b/docs/development/tech_docu/celery.md index 18a2bcd9..42b27cc2 100644 --- a/docs/development/tech_docu/celery.md +++ b/docs/development/tech_docu/celery.md @@ -15,8 +15,8 @@ Alliance Auth is an online web application and as such the user expects fast and As a rule of thumb we therefore recommend to use celery tasks for every process that can take longer than 1 sec to complete (also think about how long your process might take with large amounts of data). :::{note} - Another solution for dealing with long response time in particular when loading pages is to load parts of a page asynchronously, for example with AJAX. -``` +Another solution for dealing with long response time in particular when loading pages is to load parts of a page asynchronously, for example with AJAX. +::: ### Recurrence @@ -39,7 +39,7 @@ Please use the following approach to ensure your tasks are working properly with Here is an example implementation of a task: -```Python +```python import logging from celery import shared_task @@ -53,7 +53,7 @@ def example(): This task can then be started from any another Python module like so: -```Python +```python from .tasks import example example.delay() @@ -79,7 +79,7 @@ However, many long running tasks consist of several smaller processes that need Example implementation for a celery chain: -```Python +```python import logging from celery import shared_task, chain @@ -106,11 +106,11 @@ In this example we fist add 10 example tasks that need to run one after the othe The list of task signatures is then converted to a chain and started asynchronously. :::{hint} - In our example we use ``si()``, which is a shortcut for "immutable signatures" and prevents us from having to deal with result sharing between tasks. +In our example we use ``si()``, which is a shortcut for "immutable signatures" and prevents us from having to deal with result sharing between tasks. - For more information on signature and work flows see the official documentation on `Canvas `_. +For more information on signature and work flows see the official documentation on `Canvas `_. - In this context please note that Alliance Auth currently only supports chaining, because all other variants require a so called results back, which Alliance Auth does not have. +In this context please note that Alliance Auth currently only supports chaining, because all other variants require a so called results back, which Alliance Auth does not have. ::: ## How can I define periodic tasks for my app? @@ -119,7 +119,7 @@ Periodic tasks are normal celery tasks which are added the scheduler for periodi Example setting: -```Python +```python CELERYBEAT_SCHEDULE['structures_update_all_structures'] = { 'task': 'structures.tasks.update_all_structures', 'schedule': crontab(minute='*/30'), @@ -149,23 +149,23 @@ In Alliance Auth we have defined task priorities from 0 - 9 as follows: ``` :::{warning} - Please make sure to use task priorities with care and especially do not use higher priorities without a good reason. All apps including Alliance Auth share the same task queues, so using higher task priorities excessively can potentially prevent more important tasks (of other apps) from completing on time. +Please make sure to use task priorities with care and especially do not use higher priorities without a good reason. All apps including Alliance Auth share the same task queues, so using higher task priorities excessively can potentially prevent more important tasks (of other apps) from completing on time. - You also want to make sure to run use lower priorities if you have a large amount of tasks or long running tasks, which are not super urgent. (e.g. the regular update of all Eve characters from ESI runs with priority 7) +You also want to make sure to run use lower priorities if you have a large amount of tasks or long running tasks, which are not super urgent. (e.g. the regular update of all Eve characters from ESI runs with priority 7) ::: :::{hint} - If no priority is specified all tasks will be started with the default priority, which is 5. +If no priority is specified all tasks will be started with the default priority, which is 5. ::: To run a task with a different priority you need to specify it when starting it. Example for starting a task with priority 3: -```Python +```python example.apply_async(priority=3) ``` :::{hint} - For defining a priority to tasks you can not use the convenient shortcut ``delay()``, but instead need to start a task with ``apply_async()``, which also requires you to pass parameters to your task function differently. Please check out the `official docs `_ for details. +For defining a priority to tasks you can not use the convenient shortcut ``delay()``, but instead need to start a task with ``apply_async()``, which also requires you to pass parameters to your task function differently. Please check out the `official docs `_ for details. ::: ## What special features should I be aware of? @@ -179,18 +179,18 @@ Celery-once is a celery extension "that allows you to prevent multiple execution We use a custom backend for celery_once in Alliance Auth defined [here](https://gitlab.com/allianceauth/allianceauth/-/blob/master/allianceauth/services/tasks.py#L14) You can import it for use like so: -```Python +```python from allianceauth.services.tasks import QueueOnce ``` An example of AllianceAuth's use within the `@sharedtask` decorator, can be seen [here](https://gitlab.com/allianceauth/allianceauth/-/blob/master/allianceauth/services/modules/discord/tasks.py#L62) in the discord module You can use it like so: -```Python +```python @shared_task(bind=True, name='your_modules.update_task', base=QueueOnce) ``` -Please see the [official documentation](hhttps://pypi.org/project/celery_once/) of celery-once for details. +Please see the [official documentation](https://pypi.org/project/celery_once/) of celery-once for details. ### task priorities diff --git a/docs/features/apps/autogroups.md b/docs/features/apps/autogroups.md index 387feaff..5bcb335f 100644 --- a/docs/features/apps/autogroups.md +++ b/docs/features/apps/autogroups.md @@ -1,9 +1,5 @@ # Auto Groups -:::{note} - New in 2.0 -``` - Auto groups allows you to automatically place users of certain states into Corp or Alliance based groups. These groups are created when the first user is added to them and removed when the configuration is deleted. ## Installation @@ -19,16 +15,13 @@ When you create an autogroup config you will be given the following options: ![Create Autogroup page](/_static/images/features/apps/autogroups/group-creation.png) :::{warning} - After creating a group you wont be able to change the Corp and Alliance group prefixes, name source and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these you will have to create a new autogroup config. +After creating a group you wont be able to change the Corp and Alliance group prefixes, name source and the replace spaces settings. Make sure you configure these the way you want before creating the config. If you need to change these you will have to create a new autogroup config. ::: + - States selects which states will be added to automatic Corp/Alliance groups - - Corp/Alliance groups checkbox toggles Corp/Alliance autogroups on or off for this config. - - Corp/Alliance group prefix sets the prefix for the group name, e.g. if your Corp was called `MyCorp` and your prefix was `Corp`, your autogroup name would be created as `Corp MyCorp`. This field accepts leading/trailing spaces. - - Corp/Alliance name source sets the source of the Corp/Alliance name used in creating the group name. Currently the options are Full name and Ticker. - - Replace spaces allows you to replace spaces in the autogroup name with the value in the Replace spaces with field. This can be blank. ## Permissions diff --git a/docs/features/apps/fleetactivitytracking.md b/docs/features/apps/fleetactivitytracking.md index c7e69810..d34c3794 100644 --- a/docs/features/apps/fleetactivitytracking.md +++ b/docs/features/apps/fleetactivitytracking.md @@ -22,7 +22,6 @@ Users do not require any permissions to interact with FAT Links created. +=======================================+==================+==========================================================================+ | auth.fleetactivitytracking | None | Create and Modify FATLinks | +---------------------------------------+------------------+--------------------------------------------------------------------------+ -| auth.fleetactivitytracking_statistics | None | Can view detailed statistics for corp models and other characters. | +| auth.fleetactivitytracking_statistics | None | Can view detailed statistics for corp models and other characters. | +---------------------------------------+------------------+--------------------------------------------------------------------------+ - ``` diff --git a/docs/features/core/admin_site.md b/docs/features/core/admin_site.md index f28ef28f..bf5756e9 100644 --- a/docs/features/core/admin_site.md +++ b/docs/features/core/admin_site.md @@ -11,8 +11,9 @@ You can open the admin site by clicking on "Admin" in the drop down menu for a u For small to medium size alliances it is often sufficient to have no more then two superuser admins (admins that also are superusers). Having two admins usually makes sense, so you can have one primary and one backup. :::{warning} - Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges. +Superusers have read & write access to everything on your AA installation. Superusers also automatically have all permissions and therefore access to all features of your apps. Therefore we recommend to be very careful to whom you give superuser privileges. ::: + ## Setup for large installations For large alliances and coalitions you may want to have a couple of administrators to be able to distribute and handle the work load. However, having a larger number of superusers may be a security concern. @@ -25,14 +26,15 @@ To create a staff admin you need to do two things: 1. Give the user permissions for admin tasks :::{note} - Note that staff admins have the following limitations: +Note that staff admins have the following limitations: - - Can not promote users to staff - - Can not promote users to superuser - - Can not add/remove permissions for users, groups and states +- Can not promote users to staff +- Can not promote users to superuser +- Can not add/remove permissions for users, groups and states - These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions. -``` +These limitations exist to prevent staff admins to promote themselves to quasi superusers. Only superusers can perform these actions. + +::: ### Staff property @@ -40,7 +42,7 @@ Access to the admin site is restricted. Users needs to have the `is_staff` prope process will automatically have access to the admin site. :::{hint} - Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions. +Without any permissions a "staff user" can open the admin site, but can neither view nor edit anything except for viewing the list of permissions. ::: ### Permissions for common admin tasks diff --git a/docs/features/core/groups.md b/docs/features/core/groups.md index 2de54a61..ced1f32c 100644 --- a/docs/features/core/groups.md +++ b/docs/features/core/groups.md @@ -45,14 +45,13 @@ When a group is restricted only superuser admins can directly add or remove them ```{eval-rst} .. _ref-reserved-group-names: ``` - ## Reserved group names When using Alliance Auth to manage external services like Discord, Auth will automatically duplicate groups on those services. E.g. on Discord Auth will create roles of the same name as groups. However, there may be cases where you want to manage groups on external services by yourself or by another bot. For those cases you can define a list of reserved group names. Auth will ensure that you can not create groups with a reserved name. You will find this list on the admin site under groupmanagement. :::{note} - While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability. -``` +While this feature can help to avoid naming conflicts with groups on external services, the respective service component in Alliance Auth also needs to be build in such a way that it knows how to prevent these conflicts. Currently only the Discord and Teamspeak3 services have this ability. +::: ## Managing groups @@ -102,7 +101,7 @@ GROUPMANAGEMENT_AUTO_LEAVE = True :::{note} Before you set `GROUPMANAGEMENT_AUTO_LEAVE = True`, make sure there are no pending leave requests, as this option will hide the "Leave Requests" tab. -``` +::: ## Settings @@ -126,8 +125,8 @@ In order to join a group other than a public group, the permission `groupmanagem When a user loses this permission, they will be removed from all groups _except_ Public groups. :::{note} - By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information. -``` +By default, the ``groupmanagement.request_groups`` permission is applied to the ``Member`` group. In most instances this, and perhaps adding it to the ``Blue`` group, should be all that is ever needed. It is unsupported and NOT advisable to apply this permission to a public group. See #697 for more information. +::: Group Management should be mostly done using group leaders, a series of permissions are included below for thoroughness: diff --git a/docs/features/services/discord.md b/docs/features/services/discord.md index 0ffed134..04db3374 100644 --- a/docs/features/services/discord.md +++ b/docs/features/services/discord.md @@ -35,7 +35,7 @@ CELERYBEAT_SCHEDULE['discord.update_all_usernames'] = { :::{note} You will have to add most the values for these settings, e.g. your Discord server ID (aka guild ID), later in the setup process. -``` +::: ### Creating a Server @@ -48,9 +48,8 @@ Now retrieve the server ID [following this procedure.](https://support.discord.c Update your auth project's settings file, inputting the server ID as `DISCORD_GUILD_ID` :::{note} - If you already have a Discord server skip the creation step, but be sure to retrieve the server ID -``` - +If you already have a Discord server skip the creation step, but be sure to retrieve the server ID +::: ### Registering an Application Navigate to the [Discord Developers site.](https://discord.com/developers/applications/me) Press the plus sign to create a new application. @@ -106,14 +105,13 @@ Second, it is possible to exclude Discord roles from being managed by Auth at al To exclude roles from being managed by Auth you only have to add them to the list of reserved group names in Group Management. :::{note} - Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted. -``` +Role names on Discord are case sensitive, while reserved group names on Auth are not. Therefore reserved group names will cover all roles regardless of their case. For example if you have reserved the group name "alpha", then the Discord roles "alpha" and "Alpha" will both be persisted. +::: ```{eval-rst} .. seealso:: For more information see :ref:`ref-reserved-group-names`. ``` - ## Tasks The Discord service contains a number of tasks that can be run to manually perform updates to all users. @@ -134,10 +132,9 @@ Name Description `update_all` Update groups, nicknames, usernames of all users ======================== ==================================================== ``` - :::{note} - Depending on how many users you have, running these tasks can take considerable time to finish. You can calculate roughly 1 sec per user for all tasks, except update_all, which needs roughly 3 secs per user. -``` +Depending on how many users you have, running these tasks can take considerable time to finish. You can calculate roughly 1 sec per user for all tasks, except update_all, which needs roughly 3 secs per user. +::: ## Settings @@ -159,7 +156,6 @@ Name Description `DISCORD_TASKS_MAX_RETRIES` max retries of tasks after an error occurred `3` =================================== ============================================================================================= ======= ``` - ## Permissions To use this service, users will require some of the following. @@ -171,7 +167,6 @@ To use this service, users will require some of the following. | discord.access_discord | None | Can Access the Discord Service | +---------------------------------------+------------------+--------------------------------------------------------------------------+ ``` - ## Troubleshooting ### "Unknown Error" on Discord site when activating service diff --git a/docs/features/services/mumble.md b/docs/features/services/mumble.md index d38503f4..30ca32e0 100644 --- a/docs/features/services/mumble.md +++ b/docs/features/services/mumble.md @@ -3,16 +3,19 @@ Mumble is a free voice chat server. While not as flashy as TeamSpeak, it has all the functionality and is easier to customize. And is better. I may be slightly biased. :::{note} - Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor. -``` +Note that this guide assumes that you have installed Auth with the official :doc:`/installation/allianceauth` guide under ``/home/allianceserver`` and that it is called ``myauth``. Accordingly it assumes that you have a service user called ``allianceserver`` that is used to run all Auth services under supervisor. +::: :::{warning} - This guide is currently for Ubuntu only. +This guide is currently for Ubuntu only. ::: ## Installations ### Installing Mumble Server +::::{tabs} +:::{group-tab} Ubuntu 2004, 2204 + The mumble server package can be retrieved from a repository, which we need to add: ```shell @@ -29,6 +32,10 @@ Now three packages need to be installed: sudo apt-get install python-software-properties mumble-server libqt5sql5-mysql ``` +::: +:::: + + ### Installing Mumble Authenticator Next, we need to download the latest authenticator release from the [authenticator repository](https://gitlab.com/allianceauth/mumble-authenticator). diff --git a/docs/features/services/nameformats.md b/docs/features/services/nameformats.md index e995b8e2..3a007137 100644 --- a/docs/features/services/nameformats.md +++ b/docs/features/services/nameformats.md @@ -29,10 +29,9 @@ Currently the following services support custom name formats: | Xenforo | Username | ``{character_name}`` | +-------------+-----------+-------------------------------------+ ``` - :::{note} - It's important to note here, before we get into what you can do with a name formatter, that before the generated name is passed off to the service to create an account it will be sanitized to remove characters (the letters and numbers etc.) that the service cannot support. This means that, despite what you configured, the service may display something different. It is up to you to test your formatter and understand how your format may be disrupted by a certain services sanitization function. -``` +It's important to note here, before we get into what you can do with a name formatter, that before the generated name is passed off to the service to create an account it will be sanitized to remove characters (the letters and numbers etc.) that the service cannot support. This means that, despite what you configured, the service may display something different. It is up to you to test your formatter and understand how your format may be disrupted by a certain services sanitization function. +::: ## Available format data @@ -71,9 +70,9 @@ Some examples of strings you could use: ``` :::{important} - For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter it wont retroactively alter the format of users names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply. +For most services, name formats only take effect when a user creates an account. This means if you create or update a name formatter it wont retroactively alter the format of users names. There are some exceptions to this where the service updates nicknames on a periodic basis. Check the service's documentation to see which of these apply. ::: :::{important} - You must only create one formatter per service per state. E.g. don't create two formatters for Mumble for the Member state. In this case one of the formatters will be used and it may not be the formatter you are expecting. +You must only create one formatter per service per state. E.g. don't create two formatters for Mumble for the Member state. In this case one of the formatters will be used and it may not be the formatter you are expecting: ::: diff --git a/docs/features/services/openfire.md b/docs/features/services/openfire.md index 6fb345cd..7477bffb 100644 --- a/docs/features/services/openfire.md +++ b/docs/features/services/openfire.md @@ -23,23 +23,37 @@ BROADCAST_SERVICE_NAME = "broadcast" Openfire require a Java 8 runtime environment. -Ubuntu 1804, 2004, 2204: +::::{tabs} +:::{group-tab} Ubuntu 2004, 2204 ```shell sudo apt-get install openjdk-11-jre ``` -Centos 7: +::: +:::{group-tab} CentOS 7 ```shell sudo yum install java-11-openjdk java-11-openjdk-devel ``` -Centos Stream 8, Stream 9: +::: +:::{group-tab} CentOS Stream 8 + ```shell sudo dnf install java-11-openjdk java-11-openjdk-devel ``` +::: +:::{group-tab} CentOS Stream 9 + +```shell +sudo dnf install java-11-openjdk java-11-openjdk-devel +``` + +::: +:::: + ## Setup ### Download Installer @@ -51,31 +65,40 @@ On your PC, navigate to the [Ignite Realtime downloads section](https://www.igni Retrieve the file location by copying the URL from the “click here” link, depending on your browser you may have a Copy Link or similar option in your right click menu. In the console, ensure you’re in your user’s home directory: + ```shell cd ~ ``` Download and install the package, replacing the URL with the latest you got from the Openfire download page earlier -Ubuntu 1804, 2004, 2204: +::::{tabs} +:::{group-tab} Ubuntu 2004, 2204 -```shell -wget https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire_4.7.2_all.deb +::: +:::{group-tab} CentOS 7 +wget dpkg -i openfire_4.7.2_all.deb -``` - -Centos 7, Stream 8, Stream 9: - -```shell -wget https://www.igniterealtime.org/downloadServlet?filename=openfire/openfire-4.7.2-1.noarch.rpm +::: +:::{group-tab} CentOS Stream 8 +wget yum install -y openfire-4.7.2-1.noarch.rpm -``` +::: +:::{group-tab} CentOS Stream 9 +wget +yum install -y openfire-4.7.2-1.noarch.rpm +::: +:::: + ### Create Database Performance is best when working from a SQL database. If you installed MySQL or MariaDB alongside your auth project, go ahead and create a database for Openfire: ```shell mysql -u root -p +``` + +```sql create database alliance_jabber; grant all privileges on alliance_jabber . * to 'allianceserver'@'localhost'; exit; @@ -83,7 +106,7 @@ exit; ### Web Configuration -The remainder of the setup occurs through Openfire’s web interface. Navigate to http://example.com:9090, or if you’re behind CloudFlare, go straight to your server’s IP:9090. +The remainder of the setup occurs through Openfire’s web interface. Navigate to , or if you’re behind CloudFlare, go straight to your server’s IP:9090. Select your language. I sure hope it’s English if you’re reading this guide. diff --git a/docs/features/services/permissions.md b/docs/features/services/permissions.md index c4ad73e7..2f809e70 100644 --- a/docs/features/services/permissions.md +++ b/docs/features/services/permissions.md @@ -7,7 +7,7 @@ In the past, access to services was dictated by a list of settings in `settings. Instead of granting access to services by the previous rigid structure, access to services is now granted by the built in Django permissions system. This means that service access can be more granular, allowing only certain states, certain groups, for instance Corp CEOs, or even individual user access to each enabled service. :::{important} - If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member. +If you grant access to an individual user, they will have access to that service regardless of whether or not they are a member. ::: Each service has an access permission defined, named like `Can access the service`. @@ -19,7 +19,7 @@ A user can be granted the same permission from multiple sources. e.g. they may h ## Removing access :::{danger} - Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service. +Access removal is processed immediately after removing a permission from a user or group. If you remove access from a large group, such as Member, it will immediately remove all users from that service. ::: When you remove a service permission from a user, a signal is triggered which will activate an immediate permission check. For users this will trigger an access check for all services. For groups, due to the potential extra load, only the services whose permissions have changed will be verified, and only the users in that group. diff --git a/docs/features/services/smf.md b/docs/features/services/smf.md index 1999dc80..96ce7c42 100644 --- a/docs/features/services/smf.md +++ b/docs/features/services/smf.md @@ -11,6 +11,7 @@ SMF requires PHP installed in your web server. Apache has `mod_php`, NGINX requi ## Prepare Your Settings In your auth project's settings file, do the following: + - Add `'allianceauth.services.modules.smf',` to your `INSTALLED_APPS` list - Append the following to the bottom of the settings file: @@ -31,8 +32,7 @@ DATABASES['smf'] = { ### Download SMF -Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at http://www.simplemachines.org/download/index.php/latest/install/. Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser you may have a Copy Link or similar option in your right click menu. - +Using your browser, you can download the latest version of SMF to your desktop computer. All SMF downloads can be found at SMF Downloads. The latest recommended version will always be available at . Retrieve the file location from the hyperlinked box icon for the zip full install, depending on your browser you may have a Copy Link or similar option in your right click menu. Download using wget, replacing the URL with the URL for the package you just retrieved @@ -41,11 +41,13 @@ wget https://download.simplemachines.org/index.php?thanks;filename=smf_2-1-2_ins ``` This needs to be unpackaged. Unzip it, replacing the file name with that of the file you just downloaded + ```shell unzip smf_2-1-2_install.zip ``` Now we need to move this to our web directory. Usually `/var/www/forums`. + ```shell mv smf /var/www/forums ``` @@ -56,19 +58,18 @@ Apache: `chown -R www-data:www-data /var/www/forums` Nginx: `chown -R nginx:nginx /var/www/forums` :::{tip} - - Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions try it instead. -.. +Nginx: Some distributions use the ``www-data:www-data`` user:group instead of ``nginx:nginx``. If you run into problems with permissions try it instead. ::: ### Database Preparation SMF needs a database. Create one: + ```shell mysql -u root -p ``` -```mysql +```sql create database alliance_smf; grant all privileges on alliance_smf . * to 'allianceserver'@'localhost'; exit; @@ -81,7 +82,8 @@ Enter the database information into the `DATABASES['smf']` section of your auth Your web server needs to be configured to serve SMF. A minimal Apache config might look like: -```apache + +```ini ServerName forums.example.com DocumentRoot /var/www/forums @@ -92,7 +94,8 @@ A minimal Apache config might look like: ```` A minimal Nginx config might look like: -```nginx + +```ini server { listen 80; server_name forums.example.com; @@ -108,7 +111,8 @@ server { include fastcgi_params; } } -```` +``` + Enter the web address to your forums into the `SMF_URL` setting in your auth project's settings file. ### Web Install @@ -120,6 +124,7 @@ Click on the `Install` tab. All the requirements should be met. Press `Start Install`. Under Database Settings, set the following: + - Database Type is `MySQL` - Database Server Hostname is `127.0.0.1` - Database Server Port is left blank diff --git a/docs/features/services/teamspeak3.md b/docs/features/services/teamspeak3.md index fed2b60e..559301bc 100644 --- a/docs/features/services/teamspeak3.md +++ b/docs/features/services/teamspeak3.md @@ -38,7 +38,7 @@ To install we need a copy of the server. You can find the latest version from th Download the server, replacing the link with the link you got earlier. -```bash +```shell cd ~ wget https://files.teamspeak-services.com/releases/server/3.13.7/teamspeak3-server_linux_amd64-3.13.7.tar.bz2 ``` diff --git a/docs/installation/allianceauth.md b/docs/installation/allianceauth.md index e672f356..62bd523d 100644 --- a/docs/installation/allianceauth.md +++ b/docs/installation/allianceauth.md @@ -32,13 +32,7 @@ It is recommended to ensure your OS is fully up to date before proceeding. We ma ```shell sudo apt-get update -``` - -```shell sudo apt-get upgrade -``` - -```shell sudo do-dist-upgrade ``` @@ -47,9 +41,6 @@ sudo do-dist-upgrade ```shell yum install epel-release -``` - -```shell sudo yum upgrade ``` @@ -58,13 +49,7 @@ sudo yum upgrade ```shell sudo dnf config-manager --set-enabled powertools -``` - -```shell sudo dnf install epel-release epel-next-release -``` - -```shell sudo yum upgrade ``` @@ -73,13 +58,7 @@ sudo yum upgrade ```shell sudo dnf config-manager --set-enabled crb -``` - -```shell sudo dnf install epel-release epel-next-release -``` - -```shell sudo yum upgrade ``` @@ -96,13 +75,7 @@ Install Python 3.11 and related tools on your system. ```shell sudo add-apt-repository ppa:deadsnakes/ppa -``` - -```shell sudo apt-get update -``` - -```shell sudo apt-get install python3.11 python3.11-dev python3.11-venv ``` @@ -110,31 +83,13 @@ sudo apt-get install python3.11 python3.11-dev python3.11-venv :::{group-tab} CentOS 7, Stream 8, Stream 9 We need to build Python from source -```shell +```bash cd ~ -``` - -```shell sudo yum install gcc openssl-devel bzip2-devel libffi-devel wget -``` - -```shell wget https://www.python.org/ftp/python/3.11.5/Python-3.11.5.tgz -``` - -```shell tar xvf Python-3.11.5.tgz -``` - -```shell cd Python-3.11.5/ -``` - -```shell ./configure --enable-optimizations --enable-shared -``` - -```shell sudo make altinstall ``` @@ -219,9 +174,6 @@ sudo yum install gcc gcc-c++ unzip git redis curl bzip2-devel openssl-devel libf ```shell sudo systemctl enable redis.service -``` - -```shell sudo systemctl start redis.service ``` @@ -234,9 +186,6 @@ sudo dnf install gcc gcc-c++ unzip git redis curl bzip2-devel openssl-devel libf ```shell sudo systemctl enable redis.service -``` - -```shell sudo systemctl start redis.service ``` @@ -249,9 +198,6 @@ sudo dnf install gcc gcc-c++ unzip git redis curl bzip2-devel openssl-devel libf ```shell sudo systemctl enable redis.service -``` - -```shell sudo systemctl start redis.service ``` @@ -285,7 +231,7 @@ mysql_tzinfo_to_sql /usr/share/zoneinfo | sudo mysql -u root mysql :::{note} You may see errors when you add the timezone tables. To make sure that they were correctly added run the following commands and check for the ``time_zone`` tables -```bash +```shell mysql -u root -p use mysql; show tables; @@ -476,7 +422,7 @@ python /home/allianceserver/myauth/manage.py check :::{hint} If you are using root, ensure the allianceserver user has read/write permissions to this directory before proceeding:: -``` +```shell chown -R allianceserver:allianceserver /home/allianceserver/myauth ``` @@ -511,7 +457,7 @@ The default configuration is good enough for most installations. Additional info :::{note} You will need to exit the allianceserver user back to a user with sudo capabilities to install supervisor:: -```bash +```shell exit ``` diff --git a/docs/installation/apache.md b/docs/installation/apache.md index d94503c3..e590980f 100644 --- a/docs/installation/apache.md +++ b/docs/installation/apache.md @@ -130,7 +130,7 @@ a2dissite 000-default.conf ## Sample Config File -```conf +```ini ServerName auth.example.com @@ -168,7 +168,7 @@ It's 2018 - there's no reason to run a site without SSL. The EFF provides free, After acquiring SSL the config file needs to be adjusted. Add the following lines inside the `` block: -```conf +```ini RequestHeader set X-FORWARDED-PROTOCOL https RequestHeader set X-FORWARDED-SSL On ``` diff --git a/docs/installation/gunicorn.md b/docs/installation/gunicorn.md index a2697164..524d3bf7 100644 --- a/docs/installation/gunicorn.md +++ b/docs/installation/gunicorn.md @@ -7,16 +7,16 @@ If you find Apache's `mod_wsgi` to be a headache or want to use NGINX (or some o Check out the full [Gunicorn docs](http://docs.gunicorn.org/en/latest/index.html). :::{note} - The page contains additional steps on how to setup and configure Gunicorn that are not required for users who decide to stick with the default Gunicorn configuration as described in the main installation guide for AA. -``` +The page contains additional steps on how to setup and configure Gunicorn that are not required for users who decide to stick with the default Gunicorn configuration as described in the main installation guide for AA. +::: ## Setting up Gunicorn :::{note} - If you're using a virtual environment, activate it now:: - sudo su allianceserver - source /home/allianceserver/venv/auth/bin/activate -``` +If you're using a virtual environment, activate it now:: + sudo su allianceserver + source /home/allianceserver/venv/auth/bin/activate +::: Install Gunicorn using pip @@ -47,6 +47,7 @@ autostart=true autorestart=true stopsignal=INT ``` + - `[program:gunicorn]` - Change `gunicorn` to whatever you wish to call your process in Supervisor. - `user = allianceserver` - Change to whatever user you wish Gunicorn to run as. You could even set this as allianceserver if you wished. I'll leave the question security of that up to you. - `directory=/home/allianceserver/myauth/` - Needs to be the path to your Alliance Auth project. @@ -79,6 +80,7 @@ Following this guide, you are running with a virtual environment. Therefore you' e.g. `command=/path/to/venv/bin/gunicorn myauth.wsgi` The example config is using the myauth venv from the main installation guide: + ```ini command=/home/allianceserver/venv/auth/bin/gunicorn myauth.wsgi ``` diff --git a/docs/installation/nginx.md b/docs/installation/nginx.md index ee31c250..2c5a52b4 100644 --- a/docs/installation/nginx.md +++ b/docs/installation/nginx.md @@ -22,7 +22,6 @@ Nginx is lightweight for a reason. It doesn't try to do everything internally an +-----------+----------------------------------------+ | mod_wsgi | Gunicorn or other external WSGI server | +-----------+----------------------------------------+ - ``` Your .htaccess files won't work. Nginx has a separate way of managing access to folders via the server config. Everything you can do with htaccess files you can do with Nginx config. [Read more on the Nginx wiki](https://www.nginx.com/resources/wiki/start/topics/examples/likeapache-htaccess/) @@ -34,7 +33,6 @@ Install Nginx via your preferred package manager or other method. If you need he Nginx needs to be able to read the folder containing your auth project's static files. `chown -R nginx:nginx /var/www/myauth/static`. :::{tip} - Some specific distros may use ``www-data:www-data`` instead of ``nginx:nginx``, causing static files (images, stylesheets etc) not to appear. You can confirm what user Nginx will run under by checking either its base config file ``/etc/nginx/nginx.conf`` for the "user" setting, or once Nginx has started ``ps aux | grep nginx``. Adjust your chown commands to the correct user if needed. ::: @@ -43,24 +41,41 @@ You will need to have [Gunicorn](gunicorn.md) or some other WSGI server setup fo ## Install -Ubuntu 1804, 2004, 2204: +::::{tabs} +:::{group-tab} Ubuntu 2004, 2204 + ```shell sudo apt-get install nginx ``` -CentOS 7 +::: +:::{group-tab} CentOS 7 + ```shell sudo yum install nginx ``` -CentOS Stream 8, Stream 9: +::: +:::{group-tab} CentOS Stream 8 + ```shell sudo dnf install nginx ``` +::: +:::{group-tab} CentOS Stream 9 + +```shell +sudo dnf install nginx +``` + +::: +:::: + Create a config file in `/etc/nginx/sites-available` (`/etc/nginx/conf.d` on CentOS) and call it `alliance-auth.conf` or whatever your preferred name is. Create a symbolic link to enable the site (not needed on CentOS): + ```shell ln -s /etc/nginx/sites-available/alliance-auth.conf /etc/nginx/sites-enabled/ ``` @@ -69,8 +84,7 @@ ln -s /etc/nginx/sites-available/alliance-auth.conf /etc/nginx/sites-enabled/ Copy this basic config into your config file. Make whatever changes you feel are necessary. - -``` +```ini server { listen 80; listen [::]:80; @@ -106,7 +120,7 @@ With [Let's Encrypt](https://letsencrypt.org/) offering free SSL certificates, t Your config will need a few additions once you've got your certificate. -``` +```ini listen 443 ssl http2; # Replace listen 80; with this listen [::]:443 ssl http2; # Replace listen [::]:80; with this @@ -122,7 +136,7 @@ Your config will need a few additions once you've got your certificate. If you want to redirect all your non-SSL visitors to your secure site, below your main configs `server` block, add the following: -``` +```ini server { listen 80; listen [::]:80; diff --git a/docs/installation/upgrade_python.md b/docs/installation/upgrade_python.md index 919d80f6..c88112c5 100644 --- a/docs/installation/upgrade_python.md +++ b/docs/installation/upgrade_python.md @@ -5,8 +5,8 @@ This guide describes how to upgrade an existing Alliance Auth (AA) installation This guide shares many similarities with the Alliance Auth install guide, but it is targeted towards existing installs needing to update. :::{note} - This guide will upgrade the software components only but not change any data or configuration. -``` +This guide will upgrade the software components only but not change any data or configuration. +::: ## Install a new Python version @@ -14,59 +14,67 @@ To run AA with a newer Python 3 version than your system's default you need to i To install other Python versions than those included with your distribution, you need to add a new installation repository. Then you can install the specific Python 3 to your system. -Ubuntu 1804, 2004: :::{note} Ubuntu 2204 ships with Python 3.10 already -``` - -```shell -sudo add-apt-repository ppa:deadsnakes/ppa -``` - -```shell -sudo apt-get update -``` - -```shell -sudo apt-get install python3.10 python3.10-dev python3.10-venv -``` - -CentOS 7: -We need to build Python from source +::: Centos Stream 8/9: :::{note} - A Python 3.9 Package is available for Stream 8 and 9. You _may_ use this instead of building your own package. But our documentation will assume Python3.10 and you may need to substitute as neccessary - sudo dnf install python39 python39-devel -``` +A Python 3.9 Package is available for Stream 8 and 9. You _may_ use this instead of building your own package. But our documentation will assume Python3.11 and you may need to substitute as neccessary +sudo dnf install python39 python39-devel +::: + +::::{tabs} +:::{group-tab} Ubuntu 2004, 2204 ```shell +sudo add-apt-repository ppa:deadsnakes/ppa +sudo apt-get update +sudo apt-get install python3.11 python3.11-dev python3.11-venv +``` + +::: +:::{group-tab} CentOS 7 + +```bash cd ~ -``` - -```shell sudo yum install gcc openssl-devel bzip2-devel libffi-devel wget -``` - -```shell -wget https://www.python.org/ftp/python/3.10.5/Python-3.10.5.tgz -``` - -```shell -tar xvf Python-3.10.5.tgz -``` - -```shell -cd Python-3.10.5/ -``` - -```shell +wget https://www.python.org/ftp/python/3.11.5/Python-3.11.5.tgz +tar xvf Python-3.11.5.tgz +cd Python-3.11.5/ ./configure --enable-optimizations --enable-shared -``` - -```shell sudo make altinstall ``` + +::: +:::{group-tab} CentOS Stream 8 + +```bash +cd ~ +sudo yum install gcc openssl-devel bzip2-devel libffi-devel wget +wget https://www.python.org/ftp/python/3.11.5/Python-3.11.5.tgz +tar xvf Python-3.11.5.tgz +cd Python-3.11.5/ +./configure --enable-optimizations --enable-shared +sudo make altinstall +``` + +::: +:::{group-tab} CentOS Stream 9 + +```bash +cd ~ +sudo yum install gcc openssl-devel bzip2-devel libffi-devel wget +wget https://www.python.org/ftp/python/3.11.5/Python-3.11.5.tgz +tar xvf Python-3.11.5.tgz +cd Python-3.11.5/ +./configure --enable-optimizations --enable-shared +sudo make altinstall +``` + +::: +:::: + ## Preparing your venv Before updating your venv it is important to make sure that your current installation is stable. Otherwise your new venv might not be consistent with your data, which might create problems. @@ -74,9 +82,10 @@ Before updating your venv it is important to make sure that your current install Start by navigating to your main project folder (the one that has `manage.py` in it). If you followed the default installation the path is: `/home/allianceserver/myauth` :::{note} - If you installed Alliance Auth under the allianceserver user, as reccommended. Remember to switch users for easier permission management:: +If you installed Alliance Auth under the allianceserver user, as reccommended. Remember to switch users for easier permission management:: - sudo su allianceserver +```bash +sudo su allianceserver ``` Activate your venv: @@ -134,6 +143,7 @@ python manage.py migrate ```shell python manage.py collectstatic ``` + ### Restart and final check Do a final restart of your AA supervisors and make sure your installation is still running normally. @@ -166,10 +176,10 @@ At this point we recommend creating a list of the additional packages that you n - Additional tools you are using (e.g. flower, django-extensions) :::{hint} - While `requirements.txt` will contain a complete list of your packages, it will also contain many packages that are automatically installed as dependencies and don't need be manually reinstalled. +While `requirements.txt` will contain a complete list of your packages, it will also contain many packages that are automatically installed as dependencies and don't need be manually reinstalled. ::: :::{note} - Some guide on the Internet will suggest to use use the requirements.txt file to recreate a venv. This is indeed possible, but only works if all packages can be installed from PyPI. Since most community apps are installed directly from repos this guide will not follow that approach. +Some guide on the Internet will suggest to use use the requirements.txt file to recreate a venv. This is indeed possible, but only works if all packages can be installed from PyPI. Since most community apps are installed directly from repos this guide will not follow that approach. ::: Leave the venv and shutdown all AA services: @@ -190,10 +200,10 @@ mv /home/allianceserver/venv/auth /home/allianceserver/venv/auth_old ## Create your new venv -Now let's create our new venv with Python 3.10 and activate it: +Now let's create our new venv with Python 3.11 and activate it: ```shell -python3.10 -m venv /home/allianceserver/venv/auth +python3.11 -m venv /home/allianceserver/venv/auth ``` ```shell diff --git a/docs/maintenance/apps.md b/docs/maintenance/apps.md index a9ce6101..99f4bc5a 100644 --- a/docs/maintenance/apps.md +++ b/docs/maintenance/apps.md @@ -14,9 +14,8 @@ Your auth project is just a regular Django project - you can add in [other Djang The following instructions will explain how you can remove an app properly fom your Alliance Auth installation. :::{note} - We recommend following these instructions to avoid dangling foreign keys or orphaned Python packages on your system, which might cause conflicts with other apps down the road. - -``` +We recommend following these instructions to avoid dangling foreign keys or orphaned Python packages on your system, which might cause conflicts with other apps down the road. +::: ### Step 1 - Removing database tables diff --git a/docs/maintenance/tuning/celery.md b/docs/maintenance/tuning/celery.md index 759e163f..0d8b2cd4 100644 --- a/docs/maintenance/tuning/celery.md +++ b/docs/maintenance/tuning/celery.md @@ -1,12 +1,13 @@ # Celery :::{hint} - Most tunings will require a change to your supervisor configuration in your `supervisor.conf` file. Note that you need to restart the supervisor daemon in order for any changes to take effect. And before restarting the daemon you may want to make sure your supervisors stop gracefully:(Ubuntu): +Most tunings will require a change to your supervisor configuration in your `supervisor.conf` file. Note that you need to restart the supervisor daemon in order for any changes to take effect. And before restarting the daemon you may want to make sure your supervisors stop gracefully:(Ubuntu): - :: +```bash +supervisor stop myauth: +systemctl supervisor restart +``` - supervisor stop myauth: - systemctl supervisor restart ::: ## Task Logging @@ -28,10 +29,9 @@ command=/home/allianceserver/venv/auth/bin/celery -A myauth worker -l info Celery workers often have memory leaks and will therefore grow in size over time. While the Alliance Auth team is working hard to ensure Auth is free of memory leaks some may still be cause by bugs in different versions of libraries or community apps. It is therefore good practice to enable features that protect against potential memory leaks. :::{hint} - The 256 MB limit is just an example and should be adjusted to your system configuration. We would suggest to not go below 128MB though, since new workers start with around 80 MB already. Also take into consideration that this value is per worker and that you may have more than one worker running in your system. +The 256 MB limit is just an example and should be adjusted to your system configuration. We would suggest to not go below 128MB though, since new workers start with around 80 MB already. Also take into consideration that this value is per worker and that you may have more than one worker running in your system. ::: - ### Supervisor It is also possible to configure your supervisor to monitor and automatically restart programs that exceed a memory threshold. @@ -75,7 +75,7 @@ process_name=%(program_name)s_%(process_num)02d This number will be multiplied by your concurrency setting, -``` +```math numprocs * concurency = workers ``` @@ -89,11 +89,11 @@ command=... -p worker_00=256MB -p worker_01=256MB -p worker_02=256MB ``` :::{hint} - You will want to experiment with different settings to find the optimal. One way to generate task load and verify your configuration is to run a model update with the following command: +You will want to experiment with different settings to find the optimal. One way to generate task load and verify your configuration is to run a model update with the following command: - :: - - celery -A myauth call allianceauth.eveonline.tasks.run_model_update +```bash +celery -A myauth call allianceauth.eveonline.tasks.run_model_update +``` ::: @@ -106,14 +106,14 @@ This can be achieved by the setting the concurrency parameter of the celery work ``` :::{hint} - The optimal number will hugely depend on your individual system configuration and you may want to experiment with different settings to find the optimal. One way to generate task load and verify your configuration is to run a model update with the following command: +The optimal number will hugely depend on your individual system configuration and you may want to experiment with different settings to find the optimal. One way to generate task load and verify your configuration is to run a model update with the following command: - :: - - celery -A myauth call allianceauth.eveonline.tasks.run_model_update +```bash +celery -A myauth call allianceauth.eveonline.tasks.run_model_update +``` ::: :::{hint} - The optimal number of concurrent workers will be different for every system and we recommend experimenting with different figures to find the optimal for your system. Note, that the example of 10 threads is conservative and should work even with smaller systems. +The optimal number of concurrent workers will be different for every system and we recommend experimenting with different figures to find the optimal for your system. Note, that the example of 10 threads is conservative and should work even with smaller systems. ::: diff --git a/docs/maintenance/tuning/redis.md b/docs/maintenance/tuning/redis.md index 2c912cfd..abd21434 100644 --- a/docs/maintenance/tuning/redis.md +++ b/docs/maintenance/tuning/redis.md @@ -2,7 +2,7 @@ ## Compression -Cache compression can help tame the memory usage of specialised installation configurations and Community Apps that heavily utilize Redis. +Cache compression can help tame the memory usage of specialised installation configurations and Community Apps that heavily utilize Redis, in exchange for increased CPU utilization. Various compression algorithms are supported, with various strengths. Our testing has shown that lzma works best with our use cases. You can read more at [Django-Redis Compression Support](https://github.com/jazzband/django-redis#compression-support)