diff --git a/CONFIGURATION.md b/CONFIGURATION.md index 2ccd50f..18751be 100644 --- a/CONFIGURATION.md +++ b/CONFIGURATION.md @@ -1,20 +1,19 @@ # Configuration +All configuration information for both Teapot and StoRM WebDAV is contained in +the `config.ini` file. Please update this file as needed to meet your requirements. + ## Certificates Both Teapot and StoRM WebDAV servers require `SSL` certificates. Teapot requires -a certificate/key pair for the machine's DNS name to be added to +an appropriate server certificate/key pair for the machine to be added to `/var/lib/teapot/webdav`. The certificate should also be added to the system's trust store. To generate self-signed certificates for StoRM WebDAV and add them to the trust store, run `sudo /usr/share/teapot/self-signed-cert-gen.sh`. -In `teapot.py` line 945, uvicorn hostname needs to be replaced with the machine -DNS name, and paths to the certificate/key pair for that DNS name should be -added here. - -## Storm-webdav configuration +## Additional Storm-webdav configuration -Two main pieces of information are required to configure StoRM-WebDAV: +Two main pieces of additional information are required to configure StoRM-WebDAV: - Storage Areas (SA), which are folders assigned to each user - OIDC provider and identity mapping information @@ -47,9 +46,9 @@ For information on how to configure storage-areas, please refer to the ### OIDC provider and identity mapping information OIDC provider information used to authenticate users must be provided. See below -for information on where to change the OIDC provider information. For more -details on authentication to the storage areas, refer to the -[StoRM WebDAV Guidelines](https://github.com/italiangrid/storm-webdav/blob/master/doc/storage-area-configuration.md). +for information on where to change the OIDC provider information, besides the +changes already made in `config.ini` file. For more details on authentication to +the storage areas, refer to the [StoRM WebDAV Guidelines](https://github.com/italiangrid/storm-webdav/blob/master/doc/storage-area-configuration.md). To configure the OIDC provider information, make the following changes: @@ -59,8 +58,6 @@ To configure the OIDC provider information, make the following changes: modifying the `iss` information which stands for issuer. 3. Modify the OIDC providers that have access to the storage area by modifying the `org` information in `/usr/share/teapot/storage_element.properties`. -4. Modify the OIDC provider list in `teapot.py` under - `flaat.set_trusted_OP_list`. If no other way for mapping user's local and global identities is provided, the rudementary way is defined as explained next. The `user-mapping.csv` file is to diff --git a/README.md b/README.md index c7ee047..3a01c74 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ will start another StoRM-WebDAV server for that user in the same way. Teapot needs `Python3` to run, the specific distribution depends on the operating system. The required Python packages for installing Teapot are listed in the [requirements.txt](https://github.com/interTwin-eu/teapot/blob/main/requirements.txt) -file. Python packages that aren't provided in the rpm format are already included in Teapot's rpm file. +file. Python packages that aren't available in the rpm format are already included in Teapot's rpm file. To automatically generate self-signed certificate `openssl>3` is needed. Storm-webdav needs `java-11`. ### Installation & Configuration @@ -27,8 +27,7 @@ feel free to contact us and we’ll gladly provide you with one for your specifi To install teapot, first a user `teapot` must be created. To do that run `sudo adduser teapot`. -Please refer to [CONFIGURATION.md](https://github.com/interTwin-eu/teapot/blob/main/CONFIGURATION.md) for information on -how to configure Teapot. +Please refer to [CONFIGURATION.md](https://github.com/interTwin-eu/teapot/blob/main/CONFIGURATION.md) for information on how to configure Teapot and Storm-Webdav. ### Starting diff --git a/Service_Reference_Card.md b/Service_Reference_Card.md index 747099c..ce94bd9 100644 --- a/Service_Reference_Card.md +++ b/Service_Reference_Card.md @@ -12,12 +12,15 @@ start another StoRM-WebDAV server for that user in the same way. ## List of configuration files -All templates for configuration files are located in `/templates`. Teapot -configuration file can be found in `/etc/teapot/`. All configuration files for -StoRM-WebdDAV for each user are automatically generated in -`/var/lib/teapot/user-$USER/` when user sends its first request. To provide the -necessary information for configuration files and for more details on -configuration files, please refer to [CONFIGURATION.md](https://github.com/interTwin-eu/teapot/blob/main/CONFIGURATION.md). +The primary configuration for Teapot and Storm WebDAV can be found at +`/etc/teapot/config.ini`. All templates for configuration files for individual users +are located in `usr/share/teapot/templates`. All configuration files for +StoRM-WebdDAV's individual users are automatically generated in their user directories +as defined in `config.ini`, when a particular user sends its first request. To provide +the necessary information for configuration files and for more details on configuration +files, please refer to [CONFIGURATION.md](https://github.com/interTwin-eu/teapot/blob/main/CONFIGURATION.md). + +## Run setting `teapot.py` must be run as the `teapot` user, with the Python modules listed in `requirements.txt` and the sudoers permissions defined in the `templates/teapot` file. diff --git a/requirements.txt b/requirements.txt index 91b9586..b95eb86 100644 --- a/requirements.txt +++ b/requirements.txt @@ -7,4 +7,5 @@ uvicorn anyio asyncio psutil +configparser