Reposado + Margarita + Apache walkthrough

2,392 views
Skip to first unread message

Joe Wollard

unread,
Feb 28, 2013, 11:13:24 PM2/28/13
to repo...@googlegroups.com
Hey folks,

Just sharing a walkthrough that I just finished. Feedback and corrections welcome!

Greg Neagle

unread,
Feb 28, 2013, 11:19:17 PM2/28/13
to repo...@googlegroups.com
Joe, this is great. I do want to point out that since Margarita is only an administrative front-end to Reposado, its needs are very, very modest, and it just run absolutely fine from Flask's built-in webserver.

So most people should be able to get away with running Margarita as-is.

This is in contrast to something like MunkiWebAdmin. It is not only an administrative front-end to Munki, it is also a reporting server. So unless you have a very small number of managed clients, the Django development webserver will fall over when clients start talking to it. This is why you need to use either the django-wsgi (CherryPy) server, or run it in Apache with mod-wsgi.

-Greg

--
You received this message because you are subscribed to the Google Groups "reposado" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reposado+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

Joe Wollard

unread,
Feb 28, 2013, 11:25:10 PM2/28/13
to repo...@googlegroups.com, repo...@googlegroups.com


On Feb 28, 2013, at 11:19 PM, Greg Neagle <greg....@disneyanimation.com> wrote:

Joe, this is great. I do want to point out that since Margarita is only an administrative front-end to Reposado, its needs are very, very modest, and it just run absolutely fine from Flask's built-in webserver.

Agreed. I thought about doing it on MWA instead for that very reason, but I was already in the process of setting up margarita so that's the topic I went with. I wouldn't mind doing one for MWA though. It might be beneficial to have something out there for both products since there are bound to be little differences here and there (flask vs django for starters).

Greg Neagle

unread,
Feb 28, 2013, 11:29:38 PM2/28/13
to repo...@googlegroups.com
On Feb 28, 2013, at 8:25 PM, Joe Wollard <joe.w...@gmail.com> wrote:



On Feb 28, 2013, at 11:19 PM, Greg Neagle <greg....@disneyanimation.com> wrote:

Joe, this is great. I do want to point out that since Margarita is only an administrative front-end to Reposado, its needs are very, very modest, and it just run absolutely fine from Flask's built-in webserver.

Agreed. I thought about doing it on MWA instead for that very reason, but I was already in the process of setting up margarita so that's the topic I went with. I wouldn't mind doing one for MWA though. It might be beneficial to have something out there for both products since there are bound to be little differences here and there (flask vs django for starters).

There is a walkthrough of setting up MunkiWebAdmin with Apache and mod-wsgi on CentOS/RHEL here: http://code.google.com/p/munki/wiki/MunkiWebAdminLinuxSetup

Joe Wollard

unread,
Feb 28, 2013, 11:36:05 PM2/28/13
to repo...@googlegroups.com
Yep, I've skimmed that but haven't tried to go through it. Most of my linux servers are Ubuntu Server virtual machines, simply due to the fact that I know the OS and I don't have to worry about licensing. Do you suppose those instructions translate to Ubuntu well enough or might it be worth while to investigate the differences in an Ubuntu environment? I'm guessing the big differences would almost entirely be the package managers.


--
You received this message because you are subscribed to the Google Groups "reposado" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reposado+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 



--
Joe Wollard

Timothy Sutton

unread,
Mar 1, 2013, 10:31:11 AM3/1/13
to repo...@googlegroups.com
The Linux instructions were assembled by Nate and for CentOS/RHEL, but they originally came from directions I wrote for Debian 6.

Besides the apache2/httpd package name difference (and possibly others), the only functional difference that Nate found that was required for his CentOS environment was making a socket directory for the wsgi app and setting the WGSISocketPrefix Apache directive:

https://code.google.com/p/munki/wiki/MunkiWebAdminLinuxSetup#Set_up_an_Apache_VirtualHost

Debian was more permissive and didn't require this, because the web user already had access to create the socket file, IIRC.

Besides that, the setups were identical. I have almost no experience with Ubuntu recently, but I'd guess it's almost if not identical to Debian as far as this stuff goes.


-Tim

Joe Wollard

unread,
Mar 1, 2013, 12:18:35 PM3/1/13
to repo...@googlegroups.com
Thanks for the follow up, Tim. Greg and I took this discussion offline since we were getting pretty far off of the topic of reposado and came to similar conclusions. Since I'm planning to migrate my Munki installation from OS X Server to an Ubuntu Server VM I volunteered to make notes of the differences and post them on Munki's project page if need be.

Greg Coan

unread,
Jan 24, 2014, 10:17:43 AM1/24/14
to repo...@googlegroups.com
Sorry to open an old topic - I was going through this recently on Ubuntu Server 12.0.4  -  I keep getting the following error:

apache2: Syntax error on line 237 of /etc/apache2/apache2.conf: Syntax error on line 17 of /etc/apache2/sites-enabled/000-default: Expected </VirtualHost> but saw </Directory>

Action 'configtest' failed.

The Apache error log may have more information.

   ...fail!

The stupid error seems to be telling me I have an open <VirtualHost> tag but I know I don't as I've used your example pretty much verbatim. Its driving me crazy :-)

Eric Bourguinat

unread,
Jan 24, 2014, 10:58:57 AM1/24/14
to repo...@googlegroups.com
Hi Greg. Try this:

    # Reposado
    Alias /content /usr/local/ASUS/www/content
    <Directory /usr/local/ASUS/www/content>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride None
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

    # Margarita
    Alias /static /usr/local/ASUS/margarita/static
    WSGIDaemonProcess margarita home=/usr/local/ASUS/margarita user=www-data group=www-data threads=5
    WSGIScriptAlias / /usr/local/ASUS/margarita/margarita.wsgi
    <Directory /usr/local/ASUS/margarita/static>
        WSGIProcessGroup margarita
        WSGIApplicationGroup %{GLOBAL}
        Require all granted
        Order allow,deny
        Allow from all
    </Directory>

Greg Coan

unread,
Jan 24, 2014, 12:01:13 PM1/24/14
to repo...@googlegroups.com
Eric,

Thanks so much!  Worked like a charm and I can now see the opening Directory tags that were missing.

Cheers!

Greg

Greg Coan

unread,
Jan 27, 2014, 8:01:45 AM1/27/14
to repo...@googlegroups.com
Well I spoke too soon .. having one last small problem.

If I manually start margarita.py it runs fine on port 8089 - I can see the entire webpage, see the updates, make a new branch, etc.

Trying to use default port with the VHost setup, all I see is the "new branch name" box and the Create New Branch button.  There is no header or anything else.  The branch creation also doesn't work.  Don't see any of the updates obviously.

Sure its something simple and/or wrong with my setup :-)

G

Eric Bourguinat

unread,
Jan 27, 2014, 8:26:05 AM1/27/14
to repo...@googlegroups.com
Hi Greg,

Why do you want to use default port with the vhost setup? Access to http://yourserveur.com:8089 seems to be ok.

Eric

Greg Coan

unread,
Jan 27, 2014, 9:09:12 AM1/27/14
to repo...@googlegroups.com
Hi Eric,

Mainly because I wanted to use the method suggested in the walkthrough - to make sure the Margarita webinterface is always on.

I'm kind of new to all of this on Linux - I suppose if I could use some other method to autostart the margarita.py instead of the WSGI method, I'd be fine with using port 8089 but I thought I'd try this way.  On my OSX server install of repo/marg i just used a launchdaemon.  

Basically I was looking to learn the "other method" (wsgi) so that's why I went that route.

Gretchen Kuwahara

unread,
Jan 27, 2014, 3:26:44 PM1/27/14
to repo...@googlegroups.com
I am interested in this so I can get .htaccess working and only allow authorized people to access the GUI.

Eric Bourguinat

unread,
Jan 29, 2014, 5:25:12 AM1/29/14
to repo...@googlegroups.com
Hi Greg,

OK.

For me the 2 methods work:
http://myserver.com:8089
and
http://myserver.com
on a Debian 7 server.

Take a look at your Apache logs (/var/log/apache2).

Eric

Kyle Vitale

unread,
Jan 29, 2014, 8:27:27 AM1/29/14
to repo...@googlegroups.com
Hi Greg,

Here are the Reposado and margarita sections from my apache setup. I used the same directions a couple months ago (before it was updated for 12.10), although I had modified it to use separate sites instead of one website because margarita had trouble loading (see comments on bottom of the reference site).

#Reposado
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
    DocumentRoot /usr/local/ASUS/www
    ServerName reposado.mydomain.org

    # Base configuration
    <Directory />
        Options FollowSymLinks Indexes MultiViews
        AllowOverride none
    </Directory>

    # Reposado Config
    <Directory /usr/local/ASUS/www/>
        Options FollowSymLinks Indexes MultiViews
        AllowOverride All
        RewriteEngine On
        Order allow,deny
        allow from all
    </Directory>

    # Logging
    ErrorLog ${APACHE_LOG_DIR}/reposado-error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/reposado-access.log combined
</VirtualHost>

#Margarita
<VirtualHost *:80>
   ServerName margarita.mydomain.org
   ServerAdmin webmaster@localhsot
   DocumentRoot /usr/local/ASUS/www

   #Base Configuration
   <Directory />
        Options Indexes FollowSymLinks
        AllowOverride AuthConfig
   </Directory>

    # Margarita
    Alias /static /usr/local/ASUS/margarita/static
    WSGIDaemonProcess margarita home=/usr/local/ASUS/margarita user=www-data group=www-data threads=5
    WSGIScriptAlias / /usr/local/ASUS/margarita/margarita.wsgi
    <Directory /usr/local/ASUS/margarita/>
        WSGIProcessGroup margarita
        WSGIApplicationGroup %{GLOBAL}
        Order deny,allow
        Allow from all
    </Directory>

    # Logging
    ErrorLog ${APACHE_LOG_DIR}/margarita-error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/margarita-access.log combined
</VirtualHost>

<Location "/usr/local/ASUS/margarita">
        AuthUserFile /etc/users
        AuthName "This is a protected area"
        AuthGroupFile /dev/null
        AuthType Basic
        Require valid-user
</Location>


--

Greg Coan

unread,
Jan 29, 2014, 9:05:56 AM1/29/14
to repo...@googlegroups.com

Thanks guys!

Mike Solin

unread,
Jan 30, 2014, 12:14:35 AM1/30/14
to repo...@googlegroups.com
Thanks for this, Kyle!  Trying to accomplish the same, but with OS X Server…seems a bit more complicated to use the built-in wsgi.  I’ll see if I can adapt your Apache config, I didn’t have much luck with Joe’s (though I appreciate the tutorial!).

quornicus

unread,
Jan 30, 2014, 5:34:02 PM1/30/14
to repo...@googlegroups.com
Mike-

I have Margarita running on OS X Server (v 3.0.2) as a wsgi web app . I can post the details if you’re still interested.

Malcolm

Steve Major

unread,
Jan 30, 2014, 6:01:41 PM1/30/14
to repo...@googlegroups.com
Count me in too. I was really close to getting this going on my own, but ran into something I couldn't get around and never got back to it. I'd love to see what I was doing wrong (and get this up and running).

quornicus

unread,
Jan 30, 2014, 10:51:23 PM1/30/14
to repo...@googlegroups.com
Well, here goes. This is how I got Margarita running as a wsgi web app in Server.app.

First, I based my approach to doing this on Brian Mickelson's writeup covering the implementation of munkiwebadmin as a wsgi webapp in OS X Server. Here's the link: http://fluffyquickness.com/2013/01/mwa-10-8-server/. The info most germane to setting up Margarita starts about a third of the way down the page. I've used what I learned there to set up a couple of other webapps, too, as it is generally useful knowledge.

So, if I remember correctly, this is what I did:

1. I created a service user, margarita (no home, /usr/bin/false shell, etc.). Margarita's pgid is a group called 'munki,' which I created earlier to manage application and software updates. The 'munki' group owns the entire margarita environment, but the margarita user exists only to own the wsgi process (see the supplementary httpd config file below). 

2. I set up a virtualenv, installed Flask therein, and then git-cloned the margarita files into the environment.

3. I created a file, margarita.wsgi, in my margarita directory. It looks like this:

  import sys

  EXTRA_DIR = "/path/to/margarita_env/margarita"
  FLASK_DIR = "/path/to/margarita_env/lib/python2.7/site-packages"

  if EXTRA_DIR not in sys.path:
    sys.path.append(EXTRA_DIR)

  if FLASK_DIR not in sys.path:
    sys.path.append(FLASK_DIR)

  from margarita import app as application

4. I created a webapp plist in /Library/Server/Web/Config/apache2/webapps. See the webapp.plist man page for details. My file looks like this:

  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
    <key>name</key>
    <string>my.orgs.identifier.margarita.plist</string>
    <key>displayName</key>
    <string>Margarita</string>
    <key>launchKeys</key>
    <array/>
    <key>proxies</key>
    <dict/>
    <key>installationIndicatorFilePath</key>
    <string>/path/to/margarita_env/margarita/margarita.py</string>
    <key>includeFiles</key>
    <array>
      <string>/Library/Server/Web/Config/apache2/httpd_margarita.conf</string>
    </array>
    <key>requiredModuleNames</key>
    <array>
      <string>wsgi_module</string>
    </array>
  </dict>
  </plist>

5. Notice the key 'includeFiles' and its value in the plist above. My supplementary config file (/Library/Server/Web/Config/apache2/httpd_margarita.conf) looks like this:

  WSGIScriptAlias / /path/to/margarita_env/margarita/margarita.wsgi
  WSGIDaemonProcess margarita home=/path/to/margarita_env/margarita user=margarita group=munki

  Alias /static/ /path/to/margarita_env/margarita/static/
  <Directory /path/to/margarita_env/margarita>
    WSGIProcessGroup margarita
    WSGIApplicationGroup %{GLOBAL}
    AuthName "Access to Margarita"
    AuthType Digest
    <Limit PUT DELETE PROPATCH PROPFIND MKCOL COPY MOVE LOCK UNLOCK>
      Require no-user
    </Limit>
    <Limit GET HEAD OPTIONS CONNECT POST>
      Require group staff
    </Limit>
  </Directory>

6. I then set up the margarita site in Server. Here's how I configured it:

  Domain Name: my.sites.name
  IP Address: any Port: 8001
  Store Site Files In: ***Here I just put the domain name of my server, as I didn't Server to generate canned pages. In other words, I lied to the machine. I hope this doesn't have repercussions later on.***
  Who Can Access: Anyone ***You'll notice in the supplementary httpd config that I do indeed limit access to members of the staff group. Because of my 'Site Files' ruse, Server.app thinks I have no folders to which I can deny or grant access.***
  
7. After a little while, or perhaps after restarting 'Websites,' Server picked up on the margarita webapp I had defined in steps two through five. I then edited my new site, clicked the 'Edit Advanced Settings...' button, and ticked the box for Margarita. Done.

I hope this helps.

By the way, thanks a million to Greg Neagle for sharing Reposado (and Munki), and to Jesse Peterson for writing Margarita. 

Malcolm 

On Jan 30, 2014, at 18:01, Steve Major <maj...@gmail.com> wrote:

Count me in too. I was really close to getting this going on my own, but ran into something I couldn't get around and never got back to it. I'd love to see what I was doing wrong (and get this up and running).

On Thursday, January 30, 2014 5:34:02 PM UTC-5, Ruben Kincaid wrote:
Mike-

I have Margarita running on OS X Server (v 3.0.2) as a wsgi web app . I can post the details if you’re still interested.

Malcolm
On Jan 30, 2014, at 0:14, Mike Solin <mi...@mikesolin.com> wrote:

Thanks for this, Kyle!  Trying to accomplish the same, but with OS X Server…seems a bit more complicated to use the built-in wsgi.  I’ll see if I can adapt your Apache config, I didn’t have much luck with Joe’s (though I appreciate the tutorial!).



--
You received this message because you are subscribed to the Google Groups "reposado" group.
To unsubscribe from this group and stop receiving emails from it, send an email to reposado+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

Mike Solin

unread,
Jan 31, 2014, 7:05:58 AM1/31/14
to repo...@googlegroups.com
Malcolm, thank you so much!  I’ll give this a try and report back.
Reply all
Reply to author
Forward
0 new messages