Deploying ndg_oauth with mod_wsgi

Instructions for deploying an example client, authorisation server and resource server (with PySAML2 SP). Platform is Ubuntu 11.10

mod_wsgi

Ubuntu provides a package for this but it is built against Python 2.6 whereas the default system Python is 2.7. Download and install against the 2.7 version to be safe.

1. Install pre-requisites:

   apt-get install
   

2. Download and build

   wget http://modwsgi.googlecode.com/files/mod_wsgi-3.4.tar.gz
   tar zxvf mod_wsgi-3.4.tar.gz
   cd mod_wsgi-3.4
   ./configure
   

Python environment

1. Prerequisites

   apt-get install python-setuptools python-virtualenv xmlsec1
   

2. Make virtualenv in some suitable location e.g.

   sudo virtualenv /usr/local/contrail_faas
   

3. Make a requirements text file

   cat > /usr/local/contrail_faas/requirements.txt << EOF
   ndg_oauth_client
   ndg_oauth_server
   argparse
   Beaker
   decorator
   Genshi
   httplib2
   ndg-httpsclient
   Paste
   PasteDeploy
   PasteScript
   pyasn1
   pyOpenSSL
   pysaml2
   python-memcached
   repoze.who
   repoze.who.deprecatedplugins
   WebOb
   wsgiref
   zope.interface
   EOF
   

4. Activate environment and install packages

   . /usr/local/contrail_faas/bin/activate
   pip install -r requirements.txt
   

Python Configuration files

1. Make directories for the python client and server copying the bearer token example directories given in the respective packages - ndg.oauth.client.examples.bearer_tok and ndg.oauth.server.examples.bearer_tok.
2. Add in the additional config needed for the PySAML2 SP:

Create WSGI scripts

1. Scripts dir

   mkdir /var/www/wsgi-scripts/
   

2. Client script

   cat /var/www/wsgi-scripts//oauth-client.wsgi << EOF
   ALLDIRS = [
       '/usr/local/contrail_faas/lib/python2.7/site-packages',
       '/usr/local/contrail_faas/oauth_client'
   ]
   
   import sys 
   import site 
   
   # Remember original sys.path.
   prev_sys_path = list(sys.path) 
   
   # Add each new site-packages directory.
   for directory in ALLDIRS:
     site.addsitedir(directory)
   
   # Reorder sys.path so new directories at the front.
   new_sys_path = [] 
   for item in list(sys.path): 
       if item not in prev_sys_path: 
           new_sys_path.append(item) 
           sys.path.remove(item) 
   sys.path[:0] = new_sys_path 
   
   from paste.deploy import loadapp
   from logging.config import fileConfig
   config_filepath = '/usr/local/contrail_faas/oauth_client/bearer_tok_client_app.ini'
   fileConfig(config_filepath)
   application = loadapp('config:%s' % config_filepath)
   EOF
   

3. Server script

   cat /var/www/wsgi-scripts/oauth-server.wsgi 
   ALLDIRS = [
       '/usr/local/contrail_faas/lib/python2.7/site-packages',
       '/usr/local/contrail_faas/oauth_server'
   ]
   
   import sys 
   import site 
   
   # Remember original sys.path.
   prev_sys_path = list(sys.path) 
   
   # Add each new site-packages directory.
   for directory in ALLDIRS:
     site.addsitedir(directory)
   
   # Reorder sys.path so new directories at the front.
   new_sys_path = [] 
   for item in list(sys.path): 
       if item not in prev_sys_path: 
           new_sys_path.append(item) 
           sys.path.remove(item) 
   sys.path[:0] = new_sys_path 
   
   from paste.deploy import loadapp
   from logging.config import fileConfig
   config_filepath = '/usr/local/contrail_faas/oauth_server/bearer_tok_server_app.ini'
   fileConfig(config_filepath)
   application = loadapp('config:%s' % config_filepath)