« back to all changes in this revision
Viewing changes to doc/dev/architecture.rst
- browse files at revision 1336
- compare with another revision
- compare with revision 1197
- download diff
- download tarball
- view history from revision 1336
- Committer: David Coles
- Date: 2009-12-07 02:42:51 UTC
- Revision ID: coles.david@gmail.com-20091207024251-40n3a8kesfml1l03
Subversion developer documentation
- files modified:
- doc/dev/architecture.rst
added
removed
doc/dev/architecture.rst
72
72
73
73
.. _Genshi: http://genshi.edgewall.org/
74
74
75
76
.. _ref-jail:
77
75
78
Jail System
76
79
===========
77
80
86
89
87
90
To each user, it appears that they have their own private Unix filesystem
88
91
containing software, libraries and a home directory to do with what they
89
please. This is mainly done by the setuid root program ``trampoline`` (See
90
:file:`bin/trampoline/trampoline.c`) which mounts the users home directory,
91
sets up the users environment, jumps into the user's jail using the
92
:manpage:`chroot(2)` system call and finally drops privileges to the desired
93
user and group.
92
please. This is mainly done by the setuid root program ``trampoline`` which
93
mounts the users home directory, sets up the users environment, jumps into the
94
user's jail using the :manpage:`chroot(2)` system call and finally drops
95
privileges to the desired user and group.
94
96
95
97
To prevent abuse, ``trampoline`` can only be used by root or one of the uids
96
98
specified when trampoline is built by ``setup.py build`` (defaults to UID 33,
97
99
www-data on Debian systems). Since it's one of two C programs involved in IVLE
98
and runs setuid root it is rather secuity sensative.
100
and runs setuid root it is rather security sensitive.
101
102
.. seealso:: Source code :file:`bin/trampoline/trampoline.c`
103
99
104
100
105
Base Image Generation
101
106
---------------------
131
136
directories to be accessible from another location in the file system. By
132
137
carefully bind-mounting the jail image as read-only and then bind-mounting the
133
138
user's :file:`/home` and :file:`/tmp` directory data over the top, we create a
134
jail with only three bind mounts and at virtually no filesystem overhead.
139
jail with only three bind mounts and at virtually no file system overhead.
135
140
136
141
.. note::
137
142
IVLE has historically used numerous solutions to this problem, which are
180
185
than the real memory used. For this reason :const:`RLIMIT_AS` is currently set
181
186
very large.
182
187
188
189
.. ref-python-console
190
183
191
Python Console
184
192
==============
185
193
192
200
193
201
.. _JSON: http://json.org
194
202
203
204
.. _ref-usermgt-server:
205
195
206
User Management Server
196
207
======================
197
208
204
215
* Creating group Subversion repositories.
205
216
* Rebuilding Subversion authorization files.
206
217
207
Communication with the Server is done using the `Chat Protocol`_. To prevent
208
unauthorized use, communication with the User Management Server requires that
209
a *shared secret* be used to communicate with the server. This secret is
210
stored in the `magic` variable in the `[usrmgt]` section of
218
Communication with the Server is done using the `Chat Protocol <ref-chat>`_.
219
To prevent unauthorized use, communication with the User Management Server
220
requires that a *shared secret* be used to communicate with the server. This
221
secret is stored in the `magic` variable in the `[usrmgt]` section of
211
222
:file:`/etc/ivle/ivle.conf`.
212
223
213
224
The User Management Server is called almost exclusively from the
214
225
:mod:`ivle.webapp.userservice` module.
215
226
216
See :file:`services/usrmgt-server` for details.
227
.. seealso:: Source code :file:`services/usrmgt-server`
228
229
.. _ref-chat:
217
230
218
231
Chat Protocol
219
232
=============
220
233
221
234
**Chat** is our JSON_-based client/server communication protocol used in
222
communicating to `Python Console`_ processes and `User Management Server`_.
223
Since it is JSON-based it can be called from either Python or JavaScript.
235
communicating to `Python Console <ref-python-console>`_ processes and `User
236
Management Server <ref-usrmgt-server>`_. Since it is JSON-based it can be
237
called from either Python or JavaScript.
224
238
225
239
Protocol
226
240
--------
256
270
exception and :const:`TRACEBACK` is a string of the traceback generated by the
257
271
server's exception handler.
258
272
259
See :file:`ivle/chat.py` for details.
273
.. seealso:: Source code :file:`ivle/chat.py`
260
274
261
275
262
276
Version Control
263
277
===============
264
278
279
Along with traditional file system access, IVLE allows users to version their
280
files using Subversion_. Much like how Subversion workspaces are used on a
281
standard desktop, workspaces are checked out into users home directories where
282
they can be manipulated through a series of AJAX requests to the
283
``fileservice`` app.
284
285
Like all other user file system actions, version control actions need to be
286
executed inside the user's :ref:`jail <ref-jail>`. Requests are made to the
287
``fileservice`` app in :mod:`ivle.webapp.fileservice` which then calls the
288
``fileservice`` CGI script using ``trampoline``. This script is simply a
289
wrapper around :mod:`ivle.fileservice_lib` which actually contains the code to
290
handle each of the actions.
291
292
Manipulation of the Subversion workspaces is done using the pysvn_ library.
293
294
.. _Subversion: http://subversion.tigris.org/
295
.. _pysvn: http://pysvn.tigris.org/
296
297
298
Repositories
299
------------
300
301
Each user is allocated a Subversion repository when their :ref:`Jail
302
<ref-jail>` is created by the :ref:`User Management Server
303
<ref-usermgt-server>`. Repository are stored in the location specified by
304
``[paths] [[svn]] repo_path`` in :file:`/etc/ivle/ivle.conf` (by default
305
:file:`/var/lib/ivle/svn/repositories/`). User repositories are stored in the
306
:samp:`users/{USERNAME}/` subdirectory and group repositories in
307
:samp:`groups/{SUBJECT}_{YEAR}_{SEMESTER}_{GROUP}`.
308
309
.. warning::
310
311
While it would be possible to give users direct access to their repository
312
using Subversion's file backend, this would allow users to potentially
313
modify the history of any repository that they had access to. To ensure
314
repository integrity, all Subversion interaction must be done remotely.
315
316
317
Subversion WebDAV
318
-----------------
319
320
These repositories are served by Apache using ``mod_dav_svn`` allowing access
321
over Subversion's WebDAV HTTP or HTTPS backends. Users are authenticated using
322
a randomly generated key which is stored in the database and is made available
323
to each user inside their Jail (``svn_pass`` property inside
324
:file:`/home/.ivle.conf`). This key is automatically provided when doing
325
Subversion actions, but can be manually entered when accessing a users
326
repository from an external Subversion client such as with :samp:`svn checkout
327
{svn_addr}/users/{USERNAME}/ workspace`.
328
329
Repository permissions for ``AuthzSVNAccessFILE`` are automatically generated
330
and placed in the file located at ``[paths] [[svn]] conf`` for user
331
repositories and ``[paths] [[svn]] group_conf`` for group repositories. User
332
authentication keys for ``AuthUserFile`` are stored in the file located at
333
``[path] [[svn]] auth_ivle``. These will be regenerated each time user or
334
group repository settings change.
335
336
265
337
Worksheets
266
338
==========
267
339
Loggerhead is a web-based interface for Breezy
Version: 2.0.1