Commit 1e7aa46c authored by Hanno Schlichting's avatar Hanno Schlichting

Update docs to refer only to WSGI setup.

parent 04ab51de
Running Zope in Debug Mode
==========================
A utility known as 'zopectl' is installed into generated instance homes.
If you wish to run Zope in debug mode, run zopectl in foreground mode::
$ bin/zopectl fg
You can also use it to inspect a Zope instance's running state via an
interactive Python interpreter by passing zopectl the 'debug' parameter on the
command line.
The 'top-level' Zope object (the root folder) will be bound to the name 'app'
within the interpreter. You can then use normal Python method calls against app
and use the Python interpreter normally to inspect results::
$ bin/zopectl debug
Starting debugger (the name "app" is bound to the top-level Zope object)
>>> app.keys()
['acl_users']
>>>
...@@ -33,11 +33,11 @@ available: ...@@ -33,11 +33,11 @@ available:
(gcc recommended). (gcc recommended).
Installing standalone Zope using zc.buildout Installing Zope using zc.buildout
-------------------------------------------- ---------------------------------
In this configuration, we use ``zc.buildout`` to install the Zope software, In this configuration, we use ``zc.buildout`` to install the Zope software,
but then generate server "instances" outside the buildout environment. and then generate a server "instance" inside the buildout environment.
Installing the Zope software Installing the Zope software
:::::::::::::::::::::::::::: ::::::::::::::::::::::::::::
...@@ -55,8 +55,8 @@ steps: ...@@ -55,8 +55,8 @@ steps:
On Linux, this can be done as follows:: On Linux, this can be done as follows::
$ wget https://pypi.python.org/packages/source/Z/Zope2/Zope2-<Zope version>.tar.gz $ wget https://pypi.python.org/packages/source/Z/Zope2/Zope2-<Zope version>.zip
$ tar xfvz Zope2-<Zope version>.tar.gz $ unzip xfvz Zope2-<Zope version>.zip
$ cd Zope2-<Zope version> $ cd Zope2-<Zope version>
$ /path/to/your/python bootstrap.py $ /path/to/your/python bootstrap.py
$ bin/buildout $ bin/buildout
...@@ -68,105 +68,15 @@ Creating a Zope instance ...@@ -68,105 +68,15 @@ Creating a Zope instance
Once you've installed Zope, you will need to create an "instance Once you've installed Zope, you will need to create an "instance
home". This is a directory that contains configuration and data for a home". This is a directory that contains configuration and data for a
Zope server process. The instance home is created using the Zope server process. The instance home is created using the
``mkzopeinstance`` script:: ``mkwsgiinstance`` script::
$ bin/mkzopeinstance $ bin/mkwsgiinstance -d .
You can specify the Python interpreter to use for the instance
explicitly::
$ bin/mkzopeinstance --python=$PWD/bin/zopepy
You will be asked to provide a user name and password for an You will be asked to provide a user name and password for an
administrator's account during ``mkzopeinstance``. To see the available administrator's account during ``mkwsgiinstance``. To see the available
command-line options, run the script with the ``--help`` option:: command-line options, run the script with the ``--help`` option::
$ bin/mkzopeinstance --help $ bin/mkwsgiinstance --help
.. note::
The traditional "inplace" build is no longer supported. If using
``mkzopeinstance``, always do so outside the buildout environment.
Creating a buildout-based Zope instance
---------------------------------------
Rather than installing Zope separately from your instance, you may wish
to use ``zc.buildout`` to create a self-contained environment, containing
both the Zope software and the configuration and data for your server.
This procedure involves the following steps:
- Create the home directory for the buildout, including
``etc``, ``log`` and ``var`` subdirectories.
- Fetch the buildout bootstrap script into the environment.
- Fetch the version file into the environment, for example:
https://raw.github.com/zopefoundation/Zope/master/versions.cfg
- Create a buildout configuration as follows:
.. topic:: buildout.cfg
:class: file
::
[buildout]
parts = instance
extends = versions.cfg
[instance]
recipe = zc.recipe.egg
eggs = Zope2
interpreter = py
scripts = runzope zopectl
initialization =
import sys
sys.argv[1:1] = ['-C',r'${buildout:directory}/etc/zope.conf']
This is the minimum but all the usual buildout techniques can be
used.
- Bootstrap the buildout
- Run the buildout
- Create a Zope configuration file. A minimal version would be:
.. topic:: etc/zope.cfg
:class: file
::
%define INSTANCE <path to your instance directory>
python $INSTANCE/bin/py[.exe on Windows]
instancehome $INSTANCE
.. highlight:: bash
An example session::
$ mkdir /path/to/instance
$ cd /path/to/instance
$ mkdir etc logs var
$ wget https://bootstrap.pypa.io/bootstrap-buildout.py
$ vi buildout.cfg
$ /path/to/your/python bootstrap-buildout.py
$ bin/buildout
$ cat eggs/Zope2--*/Zope2/utilities/skel/etc/zope.conf.in > etc/zope.conf
$ vi etc/zope.conf # replace <<INSTANCE_HOME>> with buildout directory
$ bin/zopectl fg
In the ``bin`` subdirectory of your instance directory, you will
find ``runzope`` and ``zopectl`` scripts that can be used as
normal.
You can use ``zopectl`` interactively as a command shell by just
calling it without any arguments. Try ``help`` there and ``help <command>``
to find out about additionally commands of zopectl. These commands
also work at the command line.
After installation, refer to :doc:`operation` for documentation on After installation, refer to :doc:`operation` for documentation on
configuring and running Zope. configuring and running Zope.
......
...@@ -38,24 +38,23 @@ Creating a Zope instance ...@@ -38,24 +38,23 @@ Creating a Zope instance
Once you've installed Zope, you will need to create an "instance Once you've installed Zope, you will need to create an "instance
home". This is a directory that contains configuration and data for a home". This is a directory that contains configuration and data for a
Zope server process. The instance home is created using the Zope server process. The instance home is created using the
``mkzopeinstance`` script: ``mkwsgiinstance`` script:
.. code-block:: sh .. code-block:: sh
$ bin/mkzopeinstance -d . $ bin/mkwsgiinstance -d .
You will be asked to provide a user name and password for an You will be asked to provide a user name and password for an
administrator's account during ``mkzopeinstance``. To see the available administrator's account during ``mkwsgiinstance``. To see the available
command-line options, run the script with the ``--help`` option: command-line options, run the script with the ``--help`` option:
.. code-block:: sh .. code-block:: sh
$ bin/mkzopeinstance --help $ bin/mkwsgiinstance --help
The `-d .` specifies the directory to create the instance home in. The `-d .` specifies the directory to create the instance home in.
If you follow the example and choose the current directory, you'll If you follow the example and choose the current directory, you'll
find the instances files in the subdirectories of the ``virtualenv``: find the instances files in the subdirectories of the ``virtualenv``:
- ``etc/`` will hold the configuration files. - ``etc/`` will hold the configuration files.
- ``log/`` will hold the log files.
- ``var/`` will hold the database files. - ``var/`` will hold the database files.
...@@ -15,4 +15,3 @@ case 'nobody' needs read and write permissions to the var directory. ...@@ -15,4 +15,3 @@ case 'nobody' needs read and write permissions to the var directory.
If you change the way you run Zope, you may need to modify the permissions If you change the way you run Zope, you may need to modify the permissions
of the directory and the files in it to allow Zope to read and write of the directory and the files in it to allow Zope to read and write
under its changed userid. under its changed userid.
Zope effective user support
===========================
.. note::
It is best practice to run Zope behind a reverse proxy like
Apache, Nginx or Varnish. In this case, you do not need to run
or install Zope with root privileges, since the reverse proxy
will bind to port 80 and proxy back all request to Zope running
on an unprivileged port.
Zope can bind its network service to low ports such as 21 (FTP) and
80 (HTTP). In order to bind to low ports, Zope must be started as
the root user. However, Zope will only run as root long enough to
bind to these low ports. It will then attempt to setuid to a less
privileged user.
You must specify the user to which Zope will attempt to setuid by
changing the 'effective-user' parameter in the zope.conf
configuration file to an existing username or UID. All runtime
files will be written as this user. If you do not specify an
'effective-user' in the configuration file, and you attempt to start
Zope, it will refuse to start.
Zope additionally emits a warning if you specify 'nobody' as the
'effective-user'. The rationale for this warning stems from the
fact that, historically, many other UNIX services dropped privileges
to the 'nobody' account after starting as root. Any security
defects in these services could cause someone to gain access as the
'nobody' account on your system. If someone was to gain control of
your 'nobody' account they could compromise your Zope files.
The most important thing to remember about effective user support is
that you don't have to start Zope as root unless you want to listen
for requests on low ports (ports beneath 1024). In fact, if you
don't have this need, you are much better off just starting Zope
under a dedicated user account.
Signals (POSIX only)
====================
Signals are a POSIX inter-process communications mechanism.
If you are using Windows then this documentation does not apply.
Zope responds to signals which are sent to the process id
specified in the file '$INSTANCE_HOME/var/Z2.pid'::
SIGHUP - close open database connections, then restart the server
process. A idiom for restarting a Zope server is:
kill -HUP `cat $INSTANCE_HOME/var/z2.pid`
SIGTERM - close open database connections then shut down. A common
idiom for shutting down Zope is:
kill -TERM `cat $INSTANCE_HOME/var/Z2.pid`
SIGINT - same as SIGTERM
SIGUSR1 - dump a stack trace of all threads to stdout. This can help
diagnosing `stuck` Zope processes if all threads are stuck.
SIGUSR2 - close and re-open all Zope log files (z2.log, event log,
detailed log.) A common idiom after rotating Zope log files
is:
kill -USR2 `cat $INSTANCE_HOME/var/z2.pid`
...@@ -5,13 +5,17 @@ Because Zope is managed through the web, user names and passwords must be ...@@ -5,13 +5,17 @@ Because Zope is managed through the web, user names and passwords must be
used to assure that only authorized people can make changes to a Zope used to assure that only authorized people can make changes to a Zope
installation. installation.
Adding Managers Adding Managers
--------------- ---------------
If you need to add a Manager to an existing Zope instance, you can do If you need to add a Manager to an existing Zope instance, you can do
this using `zopectl` as follows:: this using `addzope2user` as follows::
$ bin/addzope2user user password
The script expects to find the configuration file at ``etc/wsgi.conf``.
zopectl adduser `name` `password`
The Initial User The Initial User
---------------- ----------------
...@@ -21,66 +25,10 @@ normal managers of your Zope site. This is accomplished through the ...@@ -21,66 +25,10 @@ normal managers of your Zope site. This is accomplished through the
use of the 'inituser' file in the directory specified as the instance use of the 'inituser' file in the directory specified as the instance
home. home.
The first time Zope starts, it will detect The first time Zope starts, it will detect that no users have been
that no users have been defined in the root user folder. It will search defined in the root user folder. It will search for the 'inituser'
for the 'inituser' file and, if it exists, will add the user defined file and, if it exists, will add the user defined in the file to the
in the file to the root user folder. root user folder.
Normally, 'inituser' is created by the Zope install scripts. Either
the installer prompts for the password or a randomly generated
password is created and displayed at the end of the build script.
You can use the 'zpasswd.py' script to create 'inituser' yourself.
Execute 'zpasswd.py' like this::
python zpasswd.py inituser
The script will prompt you for the name, password, and allowed
domains. The default is to encode the password with SHA, so please
remember this password as there is no way to recover it (although
'zpasswd.py' lets you reset it.)
The Emergency User
------------------
In some situations you may need to bypass normal security controls
because you have lost your password or because the security settings
have been mixed up. Zope provides a facility called an "emergency
user" so that you can reset passwords and correct security
settings.
The emergency user password must be defined outside the application
user interface. It is defined in the 'access' file located
in the Zope directory. It should be readable only by the user
as which your web server runs.
To create the emergency user, use 'zpasswd.py' to create the
'access' file like this::
python zpasswd.py access
In order to provide a somewhat higher level of security, various
encoding schemes are supported which provide access to either SHA-1
encryption or the standard UNIX crypt facility if it has been compiled
into Python. Unless you have some special requirements (see below),
you should use the SHA-1 facility, which is the default.
Format of 'inituser' and 'access'
---------------------------------
A password file should consist of a single line of the form::
name:password
Note that you may also add an optional third component to the line in the
access file to restrict access by domain. For example, the line::
mario:nintendoRules:*.mydomain.com
in your 'access' file will only allow permit emergency user access
from `*.mydomain.com` machines. Attempts to access the system from
other domains will fail, even if the correct emergency user name
and password are used.
Please note that if you use the ZServer monitor capability, you will Normally, 'inituser' is created by the ``makewsgiinstance`` install
need to run with a clear text password. script.
Running Zope2 as a WSGI Application
===================================
This document assumes you have installed Zope and created a Zope
instance home via `mkzopeinstance`.
The default configuration includes a WSGI configuration using
a PasteDeploy configuration file.
Start the WSGI Server
---------------------
.. code-block:: sh
$ bin/runwsgi -v etc/zope.ini
Starting server in PID 24934.
serving on http://127.0.0.1:8080
...@@ -10,11 +10,7 @@ Contents: ...@@ -10,11 +10,7 @@ Contents:
INSTALL-buildout INSTALL-buildout
INSTALL-virtualenv INSTALL-virtualenv
operation operation
WSGI
USERS USERS
SECURITY SECURITY
SETUID
SIGNALS
DEBUGGING
maintenance maintenance
changes changes
...@@ -12,78 +12,50 @@ configured and operated the same way. ...@@ -12,78 +12,50 @@ configured and operated the same way.
Configuring Zope Configuring Zope
---------------- ----------------
Your instance's configuration is defined in its ``etc/zope.conf`` file. Your instance's configuration is defined in its ``etc/wsgi.conf``
Unless you created the file manually, that file should contain fully- and ``etc/zope.ini`` configuration files.
annotated examples of each directive.
You can also pass an explicit configuration file on the command line::
$ /path/to/zope/instance/bin/zopectl -c /tmp/other.conf show
...
Config file: /tmp/other.conf
When starting Zope, if you see errors indicating that an address is in When starting Zope, if you see errors indicating that an address is in
use, then you may have to change the ports Zope uses for HTTP or FTP. use, then you may have to change the ports Zope uses for HTTP.
The default HTTP and FTP ports used by Zope are The default HTTP port used by Zope is 8080. You can change the port
8080 and 8021 respectively. You can change the ports used by used by editing ./etc/zope.ini appropriately.
editing ./etc/zope.conf appropriately.
The section in the configuration file looks like this:: The section in the configuration file looks like this::
<http-server> [server:main]
# valid keys are "address" and "force-connection-close" use = egg:waitress#main
address 8080 host = 127.0.0.1
# force-connection-close on port = 8080
</http-server>
The address can just be a port number as shown, or a host:port
pair to bind only to a specific interface.
After making any changes to the configuration file, you need to restart any After making any changes to the configuration file, you need to restart any
running Zope server for the affected instance before changes are in effect. running Zope server for the affected instance before changes are in effect.
Running Zope in the Foreground Running Zope
------------------------------ ------------
To run Zope without detaching from the console, use:
To run Zope without detaching from the console, use the ``fg`` .. code-block:: sh
command (short for ``foreground``)::
$ /path/to/zope/instance/bin/zopectl fg $ bin/runwsgi -v etc/zope.ini
Starting server in PID 24934.
serving on http://127.0.0.1:8080
In this mode, Zope emits its log messages to the console, and does not In this mode, Zope emits its log messages to the console, and does not
detach from the terminal. This also automatically enables debug-mode. Do detach from the terminal.
not use this for production servers.
The runwsgi commands takes a PasteDeploy configuration file as its
argument. You can configure different WSGI capable servers,
the WSGI pipeline or logging configuration in this file.
Running Zope as a Daemon Running Zope as a Daemon
------------------------ ------------------------
Once an instance home has been created, the Zope server can now be Zope has no built-in support for running as a daemon any more. You can
started using this command:: use projects like supervisord to achieve this or use your operating
system's built-in process manager.
$ /path/to/zope/instance/bin/zopectl start
During startup, Zope emits log messages into
`/path/to/zope/instance/log/event.log`. You can examine it with the usual
tools (``cat``, ``more``, ``tail``, etc) and see if there are any errors
preventing Zope from starting.
.. note::
Running Zope as a daemon is not supported on Windows.
Integrating with System Startup
-------------------------------
zopectl can be linked as rc-script in the usual start directories
on linux or other System V unix variants.
You can use ``zopectl`` interactively as a command shell by just
calling it without any arguments. Try ``help`` there and ``help <command>``
to find out about additionally commands of zopectl. These commands
also work at the command line.
Logging In To Zope Logging In To Zope
...@@ -108,10 +80,6 @@ can navigate between Zope objects and on the right you can edit them ...@@ -108,10 +80,6 @@ can navigate between Zope objects and on the right you can edit them
by selecting different management functions with the tabs at the top by selecting different management functions with the tabs at the top
of the frame. of the frame.
If you haven't used Zope before, you should head to the Zope web
site and read some documentation. The Zope Documentation section is
a good place to start. You can access it at https://zope.readthedocs.io/
Troubleshooting Troubleshooting
--------------- ---------------
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment