Contents

  2. Contributed Patches
    1. MoinMoin
    2. External components
  3. Example Code
    1. using an helper function to convert an Active Directory login into a WikiName with LDAPAuth
  4. Docs
    1. Installing MoinMoin 1.9.x on Windows 2003/2008
      1. Basic installation (no authentication)
      2. Making IIS serve any WSGI App
      3. Prepare the configuration of your wiki farm
      4. Install the loader for the MoinMoin WSGI Application
      5. Finishing the layout
      6. Adding authentication using LDAP
    2. IIS Customizations: using HTTPS and an alias for your server
      1. Alias for you wiki
      2. HTTPS
    3. Debugging In MoinMoin under Windows
    4. message to me

Email: <dimitri AT SPAMFREE alussinan DOT org>

Contributed Patches

MoinMoin

External components

Example Code

using an helper function to convert an Active Directory login into a WikiName with LDAPAuth

   1 ## in farmconfig.py/wikiconfig.py:
   2 ## the helper function
   3     def getWikiNameFromLoginName(ldap_dict):
   4         gn = ldap_dict.get('givenName',[''])[0]
   5         sn = ldap_dict.get('sn',[''])[0]
   6 ## depending on your AD implementation of attributes use one of the following:
   7         return "%s%s" % (sn,gn)   
   8 ##      return "%s%s" % (gn,sn)   
   9 
  10     ldapAD = LDAPAuth(
  11         #server_uri=r'ldaps://domain.fqdn',
  12         server_uri=r'ldap://domain.fqdn',
  13 
  14         #bind_dn=r'%(username)s@domain.fqdn',
  15         #bind_pw=r'%(password)s',
  16         bind_dn=r'SomeServiceAccount@domain.fqdn',
  17         bind_pw=r'GuessIt!',
  18         base_dn='ou=UsersContainer,ou=SomeWhere,dc=domain,dc=fqdn',
  19         search_filter=r"(&(sAMAccountName=%(username)s)(memberOf=CN=SomeGroupForWikiAccess,ou=MyGroups,DC=domain,DC=fqdn))",
  20         givenname_attribute=r'givenName',
  21         surname_attribute=r'sn',
  22         email_attribute=r'mail',
  23         name_callback=getWikiNameFromLoginName,
  24         autocreate=True,
  25     )
  26     
  27     auth = [ldapAD]

Docs

Installing MoinMoin 1.9.x on Windows 2003/2008

  1. On UAC-capable and UAC-enabled Windows like Windows 2008R2, you should always issue these command from an elevated command prompt.
  2. Always right-click the cmd shortcut and Select "Run As administrator".
  3. If you are unsure whether your current command prompt is elevated you may look at window title which should start with "Administrator: Command Prompt"

Basic installation (no authentication)

  1. Take one of he following:
    • a Windows 2003 Standard Edition 32-bit Server with IIS Web Service, domain member if you need AD authentication
    • a Windows 2008R2 Standard Edition (64-bit) with the following role and role services:
      • IIS Web Services Role installed
      • IIS Role Services:
        • IIS 6.0 Metabase compatibility for ISAPI-WSGI to install
        • ISAPI Extensions for ISAPI-WSGI to run

  2. Download the latest Python 2.6.x from http://www.python.org/download/. Be sure to select the correct architecture. The 32-bit Python edition is named "Python 2.6.x Installer". The 64-bit edition is labeled as "Python 2.6.x x86-64 Installer".

  3. Install Python for all users, in %PROGRAMFILES%\Python26. There is no need for help file, nor test suite, nor build headers nor libraries. You may just include the two first items from the installer.

  4. add %PROGRAMFILES%\Python26 to the system path as it wasn't added by python installer already.

  5. add Win32 extensions for Python from http://sourceforge.net/projects/pywin32

    • You must download an executable that matches your python installation (Major.Minor) and your processor architecture. For python 2.6 you will end up with a file called pywin32-XXX.win32-py2.6.exe if you have selected a 32-bit Windows or pywin32-XXX.win-amd64-py2.6.exe for the 64-bit version.

  6. Download 7-zip from http://www.7-zip.org. Once again pick the appropriate architecture

    • Release 4.65 is known to work for untaring moimoin. Other unzip utilities have sometimes issues with tar files from the Unix world.
  7. install moinmoin-1.9.x by:
    • untaring it into a temp directory

    • running python setup.py install from the distribution: it will install MoinMoin into C:\Program Files\python26\Lib\Site-Packages\MoinMoin.

    • Alternatively to install MoinMoin in a Windows-Program-like directory, use python setup.py install --prefix="C:\Program Files\MoinMoin". Note the quotes when you have spaces in the directory name. If you choose this option, you must add that path to a new PYTHONPATH system variable.

  8. In the directory where you have untarred the MoinMoin distribution, run wikiserver.py and connect to http://localhost:8080 to check the basic MoinMoin install is working (no ldap, no plugin, no external webserver). Once launched, hit ctrl-break into the cmd window to stop the web server.


Making IIS serve any WSGI App

  1. install ISAPI-WSGI extension by running python setup.py install from the temporary directory you have extracted the archive. At this time, the distribution isapi_wsgi-0.4.2.win32.zip is located at http://code.google.com/p/isapi-wsgi/downloads. You can also specify an alternate directory to %PROGRAMFILES%\Python26\Lib\Site-Packages by using the --prefix option. At the time of this writing, using the zip file is mandatory as you cannot use the exe installer on a 64-bit platform.

  2. If you intend to use https to serve your wiki, be sure to have revision 0.4.2 or higher.
  3. Test WSGI served by IIS is working
    • Go to the directory where you have unpacked the ISAPI-WSGI archive
    • Go to the examples sub-directory

    • Run the following command: python demo.py install. You should have a message saying Installation complete. If you have an error message under Windows 2008, this means you have forgotten to install the Metabase compatibility role service.

    • Point your browser to http://localhost/isapi-wsgi-demo and check you've got a web page with some text. If you obtain a "HTTP Error 500.21 - Internal Server Error Handler AboMapperCustom-XXXXX has a bad module IsapiModule in its module list" message, you forgot to install the ISAPI extensions.

    • Once the test is successful, remove this test application by running python demo.py remove from the same directory where you ran the install command


    :) Congratulations, you have installed the gateway to serve any Python WSGI Application in IIS 6.0 or IIS 7.5. In the next section, let's make it serve our wiki farm.

Prepare the configuration of your wiki farm

  1. Create the wiki structure into the C: drive

    • create a C:/Wikis folder

    • create a C:/wikis/common folder

    • create a C:/wikis/common/user folder

    • create a C:/wikis/common/config folder

    • create a C:/wikis/<wikiname> folder per wiki in the farm

  2. check the farmconfig.py file in C:/Wikis/Common/config 

   1 # -*- coding: iso-8859-1 -*-
   2 
   3 """
   4     MoinMoin - example farm config
   5 
   6 	DJ / 1.0 / 08.04.2006 - Initial Release
   7 	DJ / 2.0 / 19.11.2009 - Rewrote for MoinMoin 1.8 as syntax changed after 1.5
   8 	DJ / 2.1 / 15.12.2009 - Changed wiki path, tested with 1.9
   9         DJ / 2.2 / 16.12.2009 - added authentication with LDAP under MoinMoin 1.9
  10 
  11    When used with ISAPI/WSGI under IIS, an iisreset must be issued
  12    for changes in this file to apply
  13 
  14 """
  15 
  16 # Wikis in your farm --------------------------------------------------
  17 wikis = [
  18     ("Wiki1",  r"^.*/wiki1.*$"),
  19     ("Wiki2",  r"^.*/wiki2.*$"),
  20 ]
  21 
  22 
  23 # Common configuration for all wikis ----------------------------------
  24 from MoinMoin.config.multiconfig import DefaultConfig
  25 import os.path
  26 
  27 # Automatically calculates path based on standard OEM structures, used by subwikis
  28 class ConfigPath(object):
  29 		# where are we...
  30 		ConfigDir = os.path.dirname( os.path.realpath( __file__ ) )
  31 		Root = os.path.dirname( os.path.realpath(  (ConfigDir + "\\..") ) )
  32 		Common = os.path.dirname( os.path.realpath(  (ConfigDir + "\\..\\common") ) )
  33 	
  34 class FarmConfig(DefaultConfig):
  35 
  36     # Critical setup  ---------------------------------------------------
  37 
  38     data_dir = './data/'	
  39     data_underlay_dir = ConfigPath.Common + '/underlay/'
  40     url_prefix_static = '/moin'  #create an alias in IIS, changed from /moin_static185 in ver 1.8.5
  41 
  42 
  43 
  44     # Mail --------------------------------------------------------------
  45 
  46     mail_smarthost = "smtp.somewhere.invalid"
  47     mail_from = "wiki@somewhere.invalid"
  48 
  49     # User interface ----------------------------------------------------
  50     navi_bar = [
  51         u'%(page_front_page)s',
  52         u'RecentChanges',
  53         u'FindPage',
  54         u'HelpContents',
  55     ]
  56 	
  57     # The default theme anonymous or new users get
  58     theme_default = 'sinorca4moin'
  59 
  60     # Authentication --- Valid for MoinMoin > 1.9
  61 
  62     ## Insert your LDAPAuth here...
  63 
  64     # a list of form field names to be disabled in the UserPreferences.
  65     user_form_disable = ['name', ]
  66  
  67     # a list of form field names to be removed from the UserPreferences.
  68     user_form_remove = ['password', 'password2', ]
  69 
  70 	
  71     # Language options --------------------------------------------------
  72 
  73     language_default = 'en'
  74 
  75     page_category_regex = ur'(?P<all>Category(?P<key>\S+))'
  76     page_dict_regex = ur'(?P<all>(?P<key>\S+)Dict)'
  77     page_group_regex = ur'(?P<all>(?P<key>\S+)Group)'
  78     page_template_regex = ur'(?P<all>(?P<key>\S+)Template)'
  79 
  80     # Content options ---------------------------------------------------
  81     show_hosts = 0
  82     show_interwiki = True
  83     logo_string = u''
  84 
  85     # Interwiki linking ----------------
  86     shared_intermap = ConfigPath.ConfigDir + '\\intermap.txt'
  87     user_homewiki = 'Wiki1'
  88     user_dir = ConfigPath.Common + '\\User'
  89     interwiki_preferred = ['Wiki1','Wiki2']
  90     trusted_wikis = [ 'Wiki1','Wiki2']
  91 
  92     # Valid for MoinMoin <= 1.9.0; to be changed after 1.9.0
  93     cookie_path = '/'
  94 
  95     # Permissions ---------------------
  96     superuser = [u"JohnDoe", ]
  97     acl_hierarchic = True
  98     acl_rights_before = u"AdminGroup:admin,read,write,delete,revert"
  99     acl_rights_default=u"Trusted:read,write,delete,revert Known:read,write,delete,revert ViewerGroup:read All:"
 100 
 101 
 102     # show_timings = True
 103     # Enable graphical charts, requires gdchart.
 104     #chart_options = {'width': 600, 'height': 300}
farmconfig.py

  1. create one file per wiki you want to host. Use the following attachment as a base for your work: testwiki.py

  2. For each wiki you create, you must have the following folder tree under data : pages, plugin (filled from distribution), dict, cache. eg.

    • C:/wikis/testwiki/data/cache: empty

    • C:/wikis/testwiki/data/dict: empty

    • C:/wikis/testwiki/data/pages: empty

    • C:/wikis/testwiki/data/plugins: copied from the \share\moin\data\plugin directory from the MoinMoin Installation.

    • Alternatively you can copy all these directories from the whole MoinMoin' distribution's tree \share\moin\data . Additional files are dummy place holders

  3. the SiteName in the py files should start with the prefix for your farm, eg. if you created a wf/site1 virtual directory and then a wf/site2, the site names should be wf/siteXX in the files.

Install the loader for the MoinMoin WSGI Application

  1. Add the C:\Wikis\common\config directory to a new PYTHONPATH variable

    • PYTHONPATH=C:\wikis\common\config If you don't do so, you need to add a sys.path.append directive in the files used for this web site. See help message in attachment for code.

  2. Copy the following wsgi loader to the %winDir%\system32\inetsrv. This will also create one virtual directory per wiki in the farm. 

       1 ## moinmoinloader19.py
   2 ##
   3 ## entry point between the ISAPI extension
   4 ## and the MoinMoin WSGI server
   5 ## using ISAPI WSGI
   6 ##
   7 ## MoinMoin:DimitriJanczak / 18.11.2009 / 1.0 - Initial release
   8 ## MoinMoin:DimitriJanczak / 15.12.2009 / 1.1 - adapted for MoinMoin 1.9
   9 ## MoinMoin:DimitriJanczak / 05.04.2010 / 1.2 - automated virtual dirs parameters by importing farmconfig 
  10 ## portions from the examples installed with ISAPI WSGI
  11 
  12 ## Import MoinMoin WSGI Server
  13 
  14 ## MoinMoin 1.6 to 1.8
  15 ## from MoinMoin.server.server_wsgi import moinmoinApp, WsgiConfig
  16 ## MoinMoin 1.9
  17 from MoinMoin.web.serving import make_application
  18 
  19 ## no longer needed in 1.9
  20 ##class Config(WsgiConfig):
  21 ##    pass
  22 ## config = Config() 
  23 
  24 ## import the ISAPI WSGI glue
  25 import isapi_wsgi
  26 
  27 # The entry points for the ISAPI extension.
  28 def __ExtensionFactory__():
  29     ## new way to instantiate in 1.9
  30     moinmoinApp = make_application(shared=True) 
  31     return isapi_wsgi.ISAPIThreadPoolHandler(moinmoinApp)
  32 
  33 	
  34 ## Installation code
  35 if __name__=='__main__':
  36     from isapi.install import *
  37 
  38     # If run from the command-line, install ourselves.
  39     params = ISAPIParameters()
  40 
  41     sm = [
  42         ScriptMapParams(Extension="*", Flags=0)
  43     ]
  44 
  45     # get the wikis list
  46     try:
  47         from farmconfig import wikis
  48     except ImportError:
  49         print "Update the PYTHONPATH variable with the directory where your farmconfig.py resides"
  50         print "or add the following code to this file if you do not want system-wide inclusion:"
  51         print "import sys"
  52         print "sys.path.append(r'C:\Path\ToFarmConfig')"
  53         raise
  54         
  55     # Create a Virtual Directory per wiki
  56     params.VirtualDirs = [	VirtualDirParameters(Name=wikiName,
  57                             Description = "ISAPI-WSGI gateway for %(wikiName)s " % { 'wikiName':wikiName } ,
  58                             ScriptMaps = sm,
  59                             ScriptMapUpdate = "replace" )
  60                             for (wikiName,_) in wikis ]					  
  61 
  62     HandleCommandLine(params)
    moinmoinloader19.py

    1. This version is designed for MoinMoin 1.9 and will not work for previous versions unless you edit the comments.

    2. Edit it if you need to install the wikis elsewhere than at root by changing the name attribute of the virtual directories.

  3. Run it as moinmoinloader.py install. This will create a _moinmoinloader.dll in the same directory.

    1. Under Windows 2003, as w3wp.exe, the IIS process, by default runs under the "Network Service" account, the dll should be placed in a directory where this account has right to access files. A way to do it is to run it in

    the inetsrv directory.

    1. If you run under a different Application Pool than the default, you must replace "Network Service" with the account you're using. In this case, that account must also have rights to execute the python program, the python scripts and on the C:\wikis hierarchy.
    1. You may name the loader filename as wish: if you rename the .py file as foobar.py the dll will be created as _foobar.dll
    2. Due to the used thread model, you must use iisreset when you modify a .py config file so your changes are propagated thru the recompilation into new .pyc files
    3. If you need to perform any change on the WWW bindings, run the .py file with moinmoinloader.py remove, make your changes, and re-run the file with the install parameter

  4. Go to http://localhost/<somewikiname> to check you have at least a python page. If you have a ConfigurationError it means the config files were not found:

    • Check the PYTHONPATH variable: in particular, if you have set it after IIS has started, you need to issue a iisreset

    • If you do not have nice layout, it is normal! see below.

  5. create with IIS Manager a new virtual directory for serving static contents. The name of the virtual directory is given by url_prefix_static in the .py file.

    • If you use the above .py files, the name is moin

    • For MoinMoin 1.9 using Python 2.6.x, you should point it to %PROGRAMFILES%\Python26\Lib\site-packages\MoinMoin\web\static\htdocs if you have installed MoinMoin in site-packages.

  6. Do not forget to replace the intermap.txt file with a line per wiki 

       1 ## Please edit system and help pages ONLY in the moinmaster wiki! For more
   2 ## information, please see MoinMaster:MoinPagesEditorGroup.
   3 ##master-page:None
   4 ##master-date:None
   5 #acl MoinPagesEditorGroup:read,write,delete,revert All:read
   6 #format plain
   7 #language en
   8 # MoinMoin master InterWiki list
   9 
  10 Wiki1 /wiki1/
  11 Wiki2 /wiki2/
    intermap.txt

Finishing the layout

  1. Replace underlay directory in C:/wikis/common subdirectory by the one found in wiki/underlay in the distribution tarball

  2. go to the LanguageSetup page as SuperUser to install the help (eg. English/allpages.zip)

  3. Add customizations:
    • themes
    • authentication modules
    • IIS customizations below if needed

Adding authentication using LDAP

  1. Install python-ldap for the matching version of python (official msi on www.python.org) if you intend to use LDAP queries
  2. If you forget this and use a LDAP authenticator you will receive 500/Web Server errors.
  3. use a LDAP authenticator object with bind credentials as a domain user, the user credentials do not seem to work. See Example Code

IIS Customizations: using HTTPS and an alias for your server

Alias for you wiki

  1. Add a Host Header Value to the IIS web site for your alias

hostheader.png

  1. Add the CNAME in your DNS Zone

HTTPS

  1. Create a self-signed certificate with SelfSSL from the IIS resource kit: http://www.iis.net/downloads/default.aspx?tabid=34&i=1352&g=6

The SelfSSL Command format should be:  selfssl /N:CN=mytestwiki.domain.fqdn,CN=mytestwiki,CN=myserver.domain.fdqn,CN=myserver /V:365 /P:443 , assuming your server is named myserver and you also want the https respond to the alias mytestwiki. The certificate is valid for 365 days and the default site (port 80) will listen on port 443 for https request.

  1. For ease of use, Put Self Signed certificate in Local Computer\Trusted CA store only if you intebd to do some tests locally for
  2. Require SSL in Directory Security

SSLDir.png

  1. Add a nice welcome page to the root of your IIS Web Site

  2. To have better performance when using encrypted pages, you may set EnableKernelSSL:DWord=1 in HKLM\system\CurrentControlSet\Http\parameters.

This will speed up https by letting the encryption/decryption routines be done in kernel mode instead of switching to user-land.

You need to restart the HTTP boot driver for the changes to happen (Beware of the dependencies to HTTP SSL, IIS Admin and web services)

  1. To make your users happy, replace the 403.4 Custom Error Page by

    The page must be viewed over a secure channel

    The page you are trying to access is secured with Secure Sockets Layer (SSL).
    403-4-Redirect.htm
  2. Replace the self-signed certificate by a production one.

Debugging In MoinMoin under Windows

  1. Set an environment variable in system called MOINLOGGINGCONF. Its value is a filename with path to a configuration file specifying log level, log filename and code parts to be logged. You may use a traditional IIS-oriented path

    e.g. %windir%\system32\logfiles\moinlogging.ini

moinloggingconf.png

  1. Create the file pointed at by this variable. You may take it from the sample in the distribution in wiki\config\logging.
  2. Do not forget if you take samples from the distribution tarball to change the Unix-like paths into Win32-like ones.

  3. Create a folder moin under %windir%\system32\logfiles

  4. Change the line to logfile=C:\windows\system32\logfiles\moin\moin.log. This is the example to debug authentication issues: 

       1 # This is a sample auth/session debug logging configuration.
   2 # If one encounters problem, one usually want to have lots of information -
   3 # but only from SOME parts of moin not from every part.
   4 # Thus we configure the root logger to use INFO loglevel and
   5 # some specific loggers to use DEBUG logging.
   6 
   7 [DEFAULT]
   8 # Logfile to create.
   9 # Make sure the running moin process has create/write rights there.
  10 logfile=C:\windows\system32\logfiles\moin\moin.log
  11 
  12 [loggers]
  13 keys=root,moin_auth,moin_session
  14 
  15 [handlers]
  16 keys=logfile
  17 
  18 [formatters]
  19 keys=logfile
  20 
  21 [logger_root]
  22 level=INFO
  23 handlers=logfile
  24 
  25 [logger_moin_auth]
  26 level=DEBUG
  27 handlers=logfile
  28 propagate=0
  29 qualname=MoinMoin.auth
  30 
  31 [logger_moin_session]
  32 level=DEBUG
  33 handlers=logfile
  34 propagate=0
  35 qualname=MoinMoin.session
  36 
  37 [handler_logfile]
  38 class=FileHandler
  39 formatter=logfile
  40 level=DEBUG
  41 args=('%(logfile)s', 'at')
  42 
  43 [formatter_logfile]
  44 format=%(asctime)s %(name)s %(levelname)s %(message)s
  45 datefmt=
  46 class=logging.Formatter
    moinlogging.ini

  5. You need to restart the ISAPI handler for this to work. Use the iisreset command for this.

message to me

...

CategoryHomepage

MoinMoin: DimitriJanczak (last edited 2010-08-13 10:14:03 by p4FF0BA22)