how to deploy a local development?

[ioiioi]

hi,

I encounter some problem when deploy a local development. OS : debian 6

$ sudo aptitude -t squeeze-backports install postgresql-9.1
$ sudo aptitude install redis-server
$ rvm install 1.9.2
$ bundle install
$ createdb descartes
$ bundle exec rake db:migrate:up
/home/chenrui/.rvm/gems/ruby-1.9.2-p320/gems/sequel-3.39.0/lib/sequel/adapters/postgres.rb:208: [BUG] Segmentation fault
ruby 1.9.2p320 (2012-04-20 revision 35421) [x86_64-linux]

-- control frame ----------
c:0063 p:---- s:0243 b:0243 l:000242 d:000242 CFUNC  :initialize
c:0062 p:---- s:0241 b:0241 l:000240 d:000240 CFUNC  :new
c:0061 p:0123 s:0237 b:0237 l:000236 d:000236 METHOD /home/chenrui/.rvm/gems/ruby-1.9.2-p320/gems/sequel-3.39.0/lib/sequel/adapters/postgres.rb:208
c:0060 p:0012 s:0229 b:0229 l:0022b8 d:000228 BLOCK  /home/chenrui/.rvm/gems/ruby-1.9.2-p320/gems/sequel-3.39.0/lib/sequel/database/misc.rb:70
c:0059 p:---- s:0226 b:0226 l:000225 d:000225 FINISH

so, I switch to 1.9.3

$ rvm install 1.9.3
$ rvm use 1.9.3
$ bundle install
$ bundle exec rake db:migrate:up   #It seem works
$ foreman start
08:53:53 web.1  | started with pid 16406
08:53:58 web.1  | /home/chenrui/descartes/config.ru:16:in `block in <main>': missing SESSION_SECRET (RuntimeError)

that problem is related to session_secret, and yes, I didn't configure yeah.

now, I got some question:

• does descartes compatible with 1.9.3 ? 1.9.2 doesn't work for me.
• where are the options? such as METRICS_UPDATE_INTERVAL/USE_SVG/GRAPH_TEMPLATE
• where is SESSION_SECRET option?
• do I have to config google OpenID or Github OAuth even running descartes on local host?

[obfuscurity]

• Yes, it's compatible with both 1.9.3. I routinely run it against 1.9.3 on my local development system and 1.9.2 with Heroku. Even though the 2nd migration attempt seemed to work, I would recommend migrating down and starting over again (bundle exec rake db:migrate:down).
• All of the environment variables you've mentioned are documented in the README. Please read the documentation and let me know if you still have questions about these settings.
• Yes, you need to use one of the OAuth providers. Descartes is designed as a multi-user system within a single "trust domain" (i.e. company or organization). These OAuth providers are a good alternative to designing and running our own authentication system internally.

[ioiioi]

Sorry, I am a newbie of descartes and its toolchains, I never touch them until two days ago, graphite and descartes is an amazing combination. really shock me!

I have get through the environment variables.

$ foreman start # is success

now, I encounter problem with github oauth

here is my topology:

PC <---> Graphite+descartes Server(192.168.33.83) <--> firewall(eg. 200.200.200.200) <--> Internet

here is the environment variables:

export METRICS_UPDATE_INTERVAL=1h
export SESSION_SECRET=qmcclab
export USE_SVG=false
export GRAPHITE_URL=http://192.168.33.83
export GRAPH_TEMPLATE=default
export OAUTH_PROVIDER=github
export GITHUB_CLIENT_ID=0e5f13d4a2c45421cb45
export GITHUB_CLIENT_SECRET=4ec2c4505f71cea4c8fb3847b3a20bdba43b0c2d
export GITHUB_ORG_ID=qmcclab

here is the github's application setting:

name : descartes
url: http://192.168.33.83:5000
callback url http://192.168.33.83:5000

when open the website http://192.168.33.83:5000 on firefox browser from PC, denied occur

here is the console output:

18:08:03 web.1  | 10.7.0.10 - - [18/Dec/2012 18:08:03] "GET /auth/github/callback?code=bb96db8ab
4010ac1683d&state=0c310a038f0a0dde73ead93fb2b73cd4c972b15b HTTP/1.1" 403 168 3.3582
18:08:03 web.1  | 10.7.0.10 - - [18/Dec/2012 18:08:03] "GET /_images/securocat.png HTTP/1.1" 302
 - 0.0018
18:08:03 web.1  | 10.7.0.10 - - [18/Dec/2012 18:08:03] "GET /auth/unauthorized HTTP/1.1" 302 - 0
.0013
18:08:03 web.1  | 10.7.0.10 - - [18/Dec/2012 18:08:03] "GET /auth/github HTTP/1.1" 302 - 0.0021
18:08:07 web.1  | 10.7.0.10 - - [18/Dec/2012 18:08:07] "GET /auth/github/callback?code=10c678ccf
85d3e53e42b&state=8a114d5cc1888485927ff0543021bc753716e4b9 HTTP/1.1" 403 168 3.3316

how to solve this problem?

[obfuscurity]

First, I would strongly suggest resetting your OAuth application client secret. You never want to share this information with anyone else.

Assuming you're a valid user within qmcclab, I don't see anything wrong with these settings.

@brntbeer, any ideas?

[ioiioi]

@obfuscurity hehe, I will do it later, after finishing solved this problem.

and, I haven't config graphite server, does it matter with github authentication?

another question, why drop htpasswd support #17? it's very useful for local usage, our production server didn't have Internet access.

[brntbeer]

hey @ioiioi, I've encountered something like this before. I tried to fire up in a local development and lo-and-behold i'm unauthorized. There are a few things you can do, from easiest to most annoying:

1. clear your cookies.
   • this happens often, especially when testing auth on descartes, so i recommend downloading something like Edit-This-Cookie. beautiful plugin from the chrome store.
2. Be sure to reset your user authentication for this account from your GitHub account page. This ensures the entire process goes through, not just the cookie.
3. Get new authentication credentials from GitHub
4. Ensure you have the correct version of sinatra_auth_github
   • You can double check this by doing a gem list -d sinatra_auth_github or something similar in your descartes/ project file. This last part is the reason why i was getting automatically rejected a bunch of times.

That's really all I can think of. I'm sure you've done some of these already. Just keep us posted, especially if you solve this...would be useful for people in the future I'm sure!

Also, graphite being configured shouldn't matter. Without a graphite server you should still be able to open the app up locally, I think.

[ioiioi]

@brntbeer hmm, I have been tried all of your suggestions, but failed.

• clear the firefox's cookies
• try chrome browser
• revoke the Authorized applications
• recreate application
• check sinatra_auth_giithub (result is 0.9.0)

maybe I should give google OpenID a try.

[brntbeer]

If you're checking against an organization ID (which it appears you are), you need to be a member of that organization to get authorized. Looking at https://github.com/qmcclab?tab=members, it appears you're not on the list. Is this an accident or are you a hidden member?

[ioiioi]

@brntbeer yes! you are my hero, I haven't publicize membership of ioiioi. I got it.

[brntbeer]

@ioiioi excellent! I didn't think publicized membership would matter (private vs public) just that you were a member. Glad it's working!

[dmourati]

Stuck here too. https://gist.github.com/4463411

Did all of the above, switched orgid between eyefi and dmourati-eyefi.

[brntbeer]

That's really strange @dmourati. The only thing i can notice between your problem and the previous one is public membership on the org: https://github.com/dmourati-eyefi?tab=members.

Could you do me a favor and add yourself as a public member, delete your cookies and go through the entire authorization process by revoking access to the app on your account page, just to be thorough!

Keep me posted.

[dmourati]

Working! I had to create the application under the organization context. Previously, I had been transferring apps.

Getting somewhere.