2014-11-18 13:59:21 +00:00
==== TODO ====
2014-05-08 16:59:35 +00:00
* scape strings before executing scripts in order to prevent exploits: django templates automatically scapes things. Most important is to ensuer that all escape ' to & quot
* Don't store passwords and other service parameters that can be changed by the services i.e. mailman, vps etc. Find an execution mechanism that trigger `change_password()`
* abort transaction on orchestration when `state == TIMEOUT` ?
* use format_html_join for orchestration email alerts
* enforce an emergency email contact and account to contact contacts about problems when mailserver is down
* add `BackendLog` retry action
* webmail identities and addresses
* Permissions .filter_queryset()
* env vars instead of multiple settings files: https://devcenter.heroku.com/articles/config-vars ?
2014-05-27 15:55:09 +00:00
* Log changes from rest api (serialized objects)
2014-07-11 14:48:46 +00:00
2014-07-18 15:32:27 +00:00
2014-07-24 09:53:34 +00:00
* backend logs with hal logo
2014-07-30 12:55:33 +00:00
* set_password orchestration method?
2014-08-22 15:31:44 +00:00
2014-08-29 16:13:34 +00:00
* LAST version of this shit http://wkhtmltopdf.org/downloads.html
2014-09-05 14:27:30 +00:00
* translations
2015-03-04 21:06:16 +00:00
from django.utils import translation
with translation.override('en'):
2014-09-06 10:56:30 +00:00
* help_text on readonly_fields specialy Bill.state. (eg. A bill is in OPEN state when bla bla )
2014-09-19 14:47:25 +00:00
* create log file at /var/log/orchestra.log and rotate
2014-09-22 15:59:53 +00:00
* order.register_at
@property
def register_on(self):
return order.register_at.date()
2014-09-23 16:23:36 +00:00
2014-09-26 15:05:20 +00:00
* mail backend related_models = ('resources__content_type') ??
2014-09-26 19:21:09 +00:00
* Domain backend PowerDNS Bind validation support?
* Maildir billing tests/ webdisk billing tests (avg metric)
2014-09-28 12:28:57 +00:00
2015-03-11 20:01:08 +00:00
* when using modeladmin to store shit like self.account, make sure to have a cleanslate in each request? no, better reuse the last one
2014-09-28 12:28:57 +00:00
2015-03-11 20:01:08 +00:00
* jabber with mailbox accounts (dovecot mail notification)
2014-09-28 12:28:57 +00:00
2014-11-16 18:39:31 +00:00
* rename accounts register to "account", and reated api and admin references
2014-09-28 12:28:57 +00:00
2014-09-29 12:22:45 +00:00
* Disable services is_active should be computed on the fly in order to distinguish account.is_active from service.is_active when reactivation.
* Perhaps it is time to create a ServiceModel ?
* prevent deletion of main user by the user itself
2015-03-11 20:01:08 +00:00
* AccountAdminMixin auto adds 'account__name' on searchfields
2014-09-30 09:49:07 +00:00
2014-09-30 16:39:47 +00:00
* Separate panel from server passwords? Store passwords on panel? set_password special backend operation?
2014-09-30 09:49:07 +00:00
* What fields we really need on contacts? name email phone and what more?
2014-09-30 14:46:29 +00:00
* Redirect junk emails and delete every 30 days?
2014-09-30 16:06:42 +00:00
2014-10-03 14:02:11 +00:00
* DOC: Complitely decouples scripts execution, billing, service definition
2014-10-01 16:42:40 +00:00
* delete main user -> delete account or prevent delete main user
2014-10-03 14:02:11 +00:00
2015-03-11 20:01:08 +00:00
2014-10-09 17:04:12 +00:00
* multiple domains creation; line separated domains
2014-10-10 14:39:46 +00:00
2015-03-11 20:01:08 +00:00
2014-10-14 13:50:19 +00:00
* init.d celery scripts
-# Required-Start: $network $local_fs $remote_fs postgresql celeryd
-# Required-Stop: $network $local_fs $remote_fs postgresql celeryd
2015-03-11 20:01:08 +00:00
2014-10-15 21:18:50 +00:00
* regenerate virtual_domains every time (configure a separate file for orchestra on postfix)
2014-10-15 12:47:28 +00:00
* update_fields=[] doesn't trigger post save!
2014-10-15 21:18:50 +00:00
2014-10-17 10:04:47 +00:00
* Backend optimization
* fields = ()
* ignore_fields = ()
* based on a merge set of save(update_fields)
2014-10-17 20:03:41 +00:00
2014-10-18 12:26:59 +00:00
* parmiko write to a channel instead of transfering files? http://sysadmin.circularvale.com/programming/paramiko-channel-hangs/
2014-10-20 19:22:18 +00:00
2014-10-23 15:38:46 +00:00
* proforma without billing contact?
2015-03-11 20:01:08 +00:00
* print open invoices as proforma?
2014-10-23 15:38:46 +00:00
* env ORCHESTRA_MASTER_SERVER='test1.orchestra.lan' ORCHESTRA_SECOND_SERVER='test2.orchestra.lan' ORCHESTRA_SLAVE_SERVER='test3.orchestra.lan' python manage.py test orchestra.apps.domains.tests.functional_tests.tests:AdminBind9BackendDomainTest
* ForeignKey.swappable
* Field.editable
* ManyToManyField.symmetrical = False (user group)
* REST PERMISSIONS
2014-10-24 10:16:46 +00:00
2014-11-13 16:40:42 +00:00
* caching based on "def text2int(textnum, numwords={}):"
2014-10-24 11:25:05 +00:00
2014-10-27 13:29:02 +00:00
* multiple files monitoring
2014-10-30 16:34:02 +00:00
2014-11-02 14:33:55 +00:00
* sync() ServiceController method that synchronizes orchestra and servers (delete or import)
2014-11-13 16:40:42 +00:00
* consider removing mailbox support on forward (user@pangea.org instead)
2014-11-05 21:29:14 +00:00
2014-11-02 14:33:55 +00:00
* Databases.User add reverse M2M databases widget (like mailbox.addresses)
2014-11-05 21:29:14 +00:00
* reconsider binding webapps to systemusers (pangea multiple users wordpress-ftp, moodle-pangea, etc)
2014-11-05 20:22:01 +00:00
* Secondary user home in /home/secondaryuser and simlink to /home/main/webapps/app so it can have private storage?
2014-11-12 16:33:40 +00:00
* Grant permissions to systemusers, the problem of creating a related permission model is out of sync with the server-side. evaluate tradeoff
2014-11-05 20:22:01 +00:00
* Make one dedicated CGI user for each account only for CGI execution (fpm/fcgid). Different from the files owner, and without W permissions, so attackers can not inject backdors and malware.
* In most cases we can prevent the creation of files for the CGI users, preventing attackers to upload and executing PHPShells.
* Make main systemuser able to write/read everything on its home, including stuff created by the CGI user and secondary users
* Prevent users from accessing other users home while at the same time allow access Apache/fcgid/fpm and secondary users (x)
* public_html/webapps directory with root owner and permissions
* resource min max allocation with validation
* mailman needs both aliases when address_name is provided (default messages and bounces and all)
2014-11-09 10:16:07 +00:00
* domain validation parse named-checzone output to assign errors to fields
* Directory Protection on webapp and use webapp path as base path (validate)
* User [Group] webapp/website option (validation) which overrides default mainsystemuser
2014-11-18 13:59:21 +00:00
* validate systemuser.home on server-side
2014-11-11 12:05:47 +00:00
* webapp backend option compatibility check?
2014-11-14 14:38:06 +00:00
2014-11-16 18:39:31 +00:00
* admin systemuser home/directory, add default home and empty directory with has_shell on admin
2014-11-18 13:59:21 +00:00
* Resource used_list_display=True, allocated_list_displat=True, allow resources to show up on list_display
2014-11-18 17:47:26 +00:00
2014-11-18 18:41:44 +00:00
* BackendLog.updated_at (tasks that run over several minutes when finished they do not appear first on the changelist) (like celery tasks.when)
2014-11-20 15:34:59 +00:00
* Periodic task for cleaning old monitoring data
* Create an admin service_view with icons (like SaaS app)
* Resource graph for each related object
2014-11-21 17:18:59 +00:00
2014-11-24 14:39:41 +00:00
2014-11-27 19:17:26 +00:00
* multitenant webapps modeled on WepApp -> name unique for all accounts
* webapp compat webapp-options
* webapps modeled on classes instead of settings?
2014-11-24 20:09:44 +00:00
2015-02-24 09:34:26 +00:00
* Service.account change and orders consistency
2014-11-24 20:09:44 +00:00
2014-11-27 19:17:26 +00:00
* Mix webapps type with backends (two for the price of one)
* Webapp options and type compatibility
2014-12-22 11:40:02 +00:00
* SaaS model splitted into SaaSUser and SaaSSite?
2014-11-27 19:17:26 +00:00
Multi-tenant WebApps
--------------------
* SaaS - Those apps that can't use custom domain
* WebApp - Those apps that can use custom domain
2015-02-24 09:34:26 +00:00
* prevent @pangea .org email addresses on contacts, enforce at least one email without @pangea .org
2014-12-22 11:40:02 +00:00
2015-03-02 10:37:25 +00:00
* forms autocomplete="off", doesn't work in chrome
2015-03-01 11:56:54 +00:00
ln -s /proc/self/fd /dev/fd
POST INSTALL
------------
* Generate a password-less ssh key, and copy it to the servers you want to orchestrate.
ssh-keygen
ssh-copy-id root@< server-address >
2015-03-11 16:32:33 +00:00
Php binaries should have this format: /usr/bin/php5.2-cgi
2015-03-04 21:06:16 +00:00
2015-03-11 16:32:33 +00:00
* logs on panel/logs/ ? mkdir ~webapps, backend post save signal?
* transaction fault tolerant on backend.execute()
2015-03-10 11:46:48 +00:00
* < IfModule security2_module > and other IfModule on backend SecRule
2015-03-11 20:01:08 +00:00
* Orchestra global search box on the header, based https://github.com/django/django/blob/master/django/contrib/admin/options.py#L866 and iterating over all registered services and inspectin its admin.search_fields
2015-03-25 17:04:44 +00:00
* contain error on plugin missing key (plugin dissabled): NOP, fail hard is better than silently, perhaps fail at starttime? apploading machinary
2015-03-12 14:05:23 +00:00
* contact.alternative_phone on a phone.tooltip, email:to
* better validate options and directives (url locations, filesystem paths, etc..)
2015-03-16 16:52:41 +00:00
* make sure that you understand the risks
2015-03-18 21:51:12 +00:00
* full support for deactivation of services/accounts
2015-03-25 17:04:44 +00:00
* Display admin.is_active (disabled account special icon and order by support)
2015-03-18 21:51:12 +00:00
2015-03-20 15:13:08 +00:00
* lock resource monitoring
* -EXecCGI in common CMS upload locations /wp-upload/upload/uploads
* cgi user / pervent shell access
* prevent stderr when users exists on backend i.e. mysql user create
* disable anonymized list options (mailman)
2015-03-23 15:36:51 +00:00
* tags = GenericRelation(TaggedItem, related_query_name='bookmarks')
* make home for all systemusers (/home/username) and fix monitors
* user provided crons
* ```< ?php
$moodle_host = $SERVER[‘ HTTP_HOST’ ];
require_once(‘ /etc/moodles/’ .$moodle_host.‘ config.php’ );``` moodle/drupla/php-list multi-tenancy
* make account available on all admin forms
* WPMU blog traffic
2015-03-25 15:45:04 +00:00
* normurlpath '' return '/'
2015-03-23 15:36:51 +00:00
* initial configuration of multisite sas apps with password stored in DATA
2015-03-25 15:45:04 +00:00
* webapps installation complete, passowrd protected
* saas.initial_password autogenerated (ok because its random and not user provided) vs saas.password /change_Form provided + send email with initial_password
* more robust backend error handling, continue executing but exit code > 0 if failure, replace exit_code=0; do_sometging || exit_code=1
* saas require unique emails? connect to backend server to find out because they change
* automaitcally set passwords and email users?
2015-03-25 17:04:44 +00:00
* website directives uniquenes validation on serializers
2015-03-25 15:45:04 +00:00
2015-03-23 15:36:51 +00:00