Univention Bugzilla – Bug 38547
App Appliances and UCS activation
Last modified: 2015-07-07 15:49:41 CEST
It is required that we inform the ISV if someone installed the App of the ISV. This also applies to the App appliances. After the installation / configuration of the App appliance, we should show a pop-up which points to the activation. After a few days (one or two) UMC should only allow to activate UCS. Once the system is activated, a notification should be sent to the ISV through our normal notification system.
(In reply to Stefan Gohmann from comment #0) > After the installation / configuration of the App appliance, we should show > a pop-up which points to the activation. After a few days (one or two) UMC > should only allow to activate UCS. We've discussed this issue and decided that it shouldn't be possible to use the system without the activation. We should do the following steps: - System setup has the possibility to insert an email address for the activation. At the end of the setup process, the activation request will be sent. At that point is the app already installed. That's already the case. - The activation must be finished before UCS or the app can be used. Therefore, we should redirect every http / https request to a license upload site. We should also prohibit the SSH access. - The license upload should offer the following parts: - upload a license - informations about the activation - insert an email address to request the activation again - describe the manual activation (register.ucs.com/es es should be the app id) if no internet connection is available - insert a text field if the license has to be insert manually - help button to send feedback to us - The welcome message (console and welcome screen) should describe the manual way to complete the activation. I'm not sure how often this will happen. Thus, we shouldn't spent to much time into this part.
I committed the current status of the package into our SVN repository. univention-system-activation (0.0.1-1): r61185 | Bug #38547: start to integrate license handling r61184 | Bug #38547: add javascript + css framework + Makefile r61183 | Bug #38547: adjust apache configuration r61182 | Bug #38547: add activation script, fix copyright and packages meta info r61181 | Bug #38547: remove obsolete test cases r61180 | Bug #38547: add new test cases for web service r61179 | Bug #38547: initial python service for importing licenses
Voilà, the last commits... univention-system-activation (0.0.1-1): r61256 | Bug #38547: clean up JS, fix license server, adjust build-dev target r61243 | Bug #38547: integrate UMC style files and tab button icons r61237 | Bug #38547: integrate license request r61236 | Bug #38547: use univention-ldapsearch to read the license information r61198 | Bug #38547: integrated license upload using sudo A little summary of current TODO points: * The JS integration needs to be improved and errors need to be prompted nicely * A starting hook script in univention-system-setup/cleanup-post.d/ is missing * The service will only be started if the UUID is not set in the license * The service needs to be stopped when a license has been uploaded successfully * CSS style needs some adaptations (+ clean up) * The error icon in the email input field is missing * Error tooltips in the email input are not styled * Link colors should be UMCish green * Some text adaptations need to be done + translations are missing * The firewall rules need to be integrated
(In reply to Alexander Kläser from comment #3) > [...] > A little summary of current TODO points: > [...] > * A starting hook script in univention-system-setup/cleanup-post.d/ is > missing > * The service will only be started if the UUID is not set in the license > * The service needs to be stopped when a license has been uploaded > successfully > [...] This has been implemented. univention-system-activation (0.0.1-1): r61258 | Bug #38547: manage starting/stopping of the service
(In reply to Alexander Kläser from comment #3) > * The firewall rules need to be integrated univention-system-activation (0.0.1-3) r61273
(In reply to Alexander Kläser from comment #3) > A little summary of current TODO points: > * The JS integration needs to be improved and errors need to be prompted > nicely Added error handling for the uploader r 61281|61281 univention-system-activation (0.0.1-4)
r61328 (In reply to Alexander Kläser from comment #3) > * The JS integration needs to be improved and errors need to be prompted > nicely Adapted the error messages during the upload process The error messages are now removed by the router, so it is also possible to navigate with the browser icons. > * CSS style needs some adaptations (+ clean up) > * The error icon in the email input field is missing Added the icon to css/icons Also removed categories.styl and added tab.styl instead Extended the style for a transition effect
61363 Still improving the animation and navigation Added a checkup for the start tab - check if a license is already requested Package: univention-system-activation Version: 0.0.1-6.4.201506181154
(In reply to Alexander Kläser from comment #3) > * CSS style needs some adaptations (+ clean up) > * The error icon in the email input field is missing > * Error tooltips in the email input are not styled > * Link colors should be UMCish green * Error icon already has been copied * Adapted the style of the error tooltips * As requested the link color is now green > * Some text adaptations need to be done Please give me feedback if the text changes are fine, so i would start the translations r61394 univention-system-activation (0.0.1-8)
@AlexKramer: I'll assign the bug to you.
(In reply to Alexander Kläser from comment #10) > @AlexKramer: I'll assign the bug to you. OK Adapted tab transition - feels more fluid right now r61399 univention-system-activation (0.0.1-9)
We need to include an additional request for the notification of the vendor. IMHO, this should be done via the browser (similar to the activation request to license.univention.de). Python code for that can be found in: > management/univention-management-console-module-appcenter/umc/python/appcenter/app_center.py → _send_information() @Dirk: Do you know whether a GET request will work out of the box? If a POST request is required, the same header as done in Bug 38682 needs to be implemented in the service, as well.
(In reply to Alexander Kläser from comment #12) > @Dirk: Do you know whether a GET request will work out of the box? If a POST > request is required, the same header as done in Bug 38682 needs to be > implemented in the service, as well. GET won't work, sorry.
(In reply to Dirk Wiesenthal from comment #13) > (In reply to Alexander Kläser from comment #12) > > @Dirk: Do you know whether a GET request will work out of the box? If a POST > > request is required, the same header as done in Bug 38682 needs to be > > implemented in the service, as well. > > GET won't work, sorry. :/ ... I opened Bug 38742 for this feature.
As discussed with Dirk and Alex, r61412 introduces a new feature for app appliances. The following UCRVs can be queried: appliance/apps/<appid>/version appliance/apps/<appid>/notifyVendor
(In reply to Alexander Kläser from comment #14) > (In reply to Dirk Wiesenthal from comment #13) > > (In reply to Alexander Kläser from comment #12) > > > @Dirk: Do you know whether a GET request will work out of the box? If a POST > > > request is required, the same header as done in Bug 38682 needs to be > > > implemented in the service, as well. > > > > GET won't work, sorry. > > :/ ... I opened Bug 38742 for this feature. Whoops. GET does work, my bad, sorry. No need to open a bug, just GET the data into the App Center server
r61424 fixed an issue with the umc link at the end of the wizard and extended the script, so the email from the system setup will be written into the entries.json file. univention-system-activation (0.0.1-10)
r61441 univention-system-activation (0.0.1-11) If the user provides an email address during system setup or on the first page of the activation wizard, it will be displayed inside the upload text.
r61480 univention-system-activation (0.0.1-12) Added a python script that send app info to the vendors Also adapted the transition from upload to finished and started the code clean up.
r61481 univention-system-activation (0.0.1-13) * Bug #38547: Use sshd/autostart instead of iptables to forbid ssh r61482 removed a line in postinst
r61502 univention-system-activation (0.0.1-15) * Bug #38547: Disable and enable upload button
(In reply to Alexander Kläser from comment #3) > * The firewall rules need to be integrated If the package is removed the ucr variable --force sshd/autostart will be unset and the ssh service will be started. r61506 univention-system-activation (0.0.1-16)
(In reply to Alexander Kläser from comment #3) > * CSS style needs some adaptations (+ clean up) done Revision 61509 übertragen. univention-system-activation (0.0.1-17) * Bug #38547: CSS and icon cleanup
(In reply to Alexander Kläser from comment #12) > We need to include an additional request for the notification of the vendor. > IMHO, this should be done via the browser (similar to the activation request > to license.univention.de). Python code for that can be found in: ATM I am using a python script for this, but it is true we need this to be done by the browser. r61511 univention-system-activation (0.0.1-18) * Bug #38547: Removed iptables, call notify_vendor, add feeback mail address
(In reply to Alexander Kramer from comment #22) > (In reply to Alexander Kläser from comment #3) > > * The firewall rules need to be integrated > > If the package is removed the ucr variable --force sshd/autostart will be > unset > and the ssh service will be started. > > > r61506 > univention-system-activation (0.0.1-16) As you described a login via console or KDM is still possible. I've removed the sshd autostart stuff and set the auth/*/user/root UCR variables to disallow the root login (r61518). It needs still to be tested.
I have addressed the remaining open issues. Installation notifications are now sent via JavaScript. I added translations and fixed their integration. I also spotted some other little issues that I fixed along the way. The only open point would be to adjust the wording w.r.t. "UCS" and "XXX Appliance with UCS", e.g., in the title of the site. Here and there, the wording is not consistent. The package is building. univention-system-activation (0.0.1-21): r61526 | Bug #38547: update changelog r61525 | Bug #38547: fix redirection to UMC r61524 | Bug #38547: added and fixed integration of translations r61523 | Bug #38547: send notification request to appcenter server via JavaScript r61522 | Bug #38547: some JS fine tuning r61521 | Bug #38547: move given email address into entries.json
I'll take the bug as Alex is not there next week.
New try. univention-system-activation (0.0.1-22): r61527 | Bug #38547: udpate UCR variable dependencies for entries.json
(In reply to Alexander Kläser from comment #26) > The only open point would be to adjust the wording w.r.t. "UCS" and "XXX > Appliance with UCS", e.g., in the title of the site. Here and there, the > wording is not consistent. We should use Univention App, for example: Welcome to the ownCloud 8 Univention App Activate the ownCloud 8 Univention App Some more tests: I've added a email address and the German text shows this: Eine Lizenzdatei wurde an your email address gesendet. Laden Sie die Lizenzdatei hoch, um Ihre UCS-Instanz zu aktivieren. Instead of "Die Aktivierung wird benötigt für die Nutzung des App Centers." we should write that the activation is required in order to use the ownCloud 8 Univention App.
One more text issue, instead of "Sie haben neue E-Mails!" we should use "Sie haben eine neue E-Mail!". Instead of "um Ihre UCS-Instanz zu aktivieren." please use "um Ihre ownCloud 8 Univention App zu aktivieren.".
I adjusted the texts and the wording. This should be fine now. univention-system-activation (0.0.1-23): r61606 | Bug #38547, Bug #38782: debian changelog r61605 | Bug #38547, Bug #38782: adjusted texts and wording
Package has build + YAML has been created. 2015-07-01-univention-system-activation.yaml: r61613 | Bug #38547: create YAML file
As discussed, I fixed the parsing of the email address from the setup profile file + allowed access for the welcome site (cf., Bug 37537). univention-system-activation (0.0.1-23): r61621 | Bug #38547: Allow access to /ucs-overview for welcome site r61620 | Bug #38547: adjust parsing setup profile for email address
YAML: OK Notification works. The activation works as described. A root login is not possible. If I upload an invalid license, I don't get any error message in the activation dialog, only a 404 (The requested URL /univention-management-console was not found on this server): Administrator@ucs-9408:~$ cat /var/log/univention/system-activation-error.log [Thu Jul 02 03:11:33 2015] [notice] Apache/2.2.22 (Univention) PHP/5.4.36-0.210.201502031505 mod_ssl/2.2.22 OpenSSL/1.0.1e mod_wsgi/3.3 Python/2.7.3 configured -- resuming normal operations [Thu Jul 02 03:11:35 2015] [error] [client ::1] File does not exist: /var/www/ucs-overview/js/welcome/en.json, referer: http://localhost/ucs-overview/welcome.html?lang=en_US&showDesktop=false&port=41121 [Thu Jul 02 03:11:35 2015] [error] [client ::1] File does not exist: /var/www/ucs-overview/js/ucs/en.json, referer: http://localhost/ucs-overview/welcome.html?lang=en_US&showDesktop=false&port=41121 [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] Failed to import the license:, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] E: Your system is configured to use the LDAP base DN, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] E: dc=owncloud87,dc=intranet, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] E: but the given license file was created for, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] E: dc=deadlock86,dc=intranet, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] , referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] Please reinstall your system with the LDAP base DN, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] matching your license file or get in contact with, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] Univention to request a new license file matching your, referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] system's LDAP base DN., referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] , referer: http://10.201.87.1/ [Thu Jul 02 03:11:50 2015] [error] [client 192.168.0.164] Command '['/usr/bin/sudo', '/usr/sbin/univention-license-import', '/var/cache/univention-system-activation/license.ldif']' returned non-zero exit status 1, referer: http://10.201.87.1/
(In reply to Stefan Gohmann from comment #34) > YAML: OK > > Notification works. > > The activation works as described. A root login is not possible. > > If I upload an invalid license, I don't get any error message in the > activation dialog, only a 404 (The requested URL > /univention-management-console was not found on this server): Oops... correct! I showed that the upload callback handler 'complete' may also be called upon an error. I adjusted the output of the backend wsgi service to always be a dict containing the field 'success'. I also spotted the following traceback when uploading some ODT document file (containing binary data): > Traceback (most recent call last):, referer: http://192.168.56.101/ > File "/usr/share/pyshared/univention/system_activation/wsgi.py", line 87, in application, referer: http://192.168.56.101/ > license_data = formdata.getvalue('license', '').replace(unichr(160), ' '), referer: http://192.168.56.101/ > File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode, referer: http://192.168.56.101/ > return codecs.utf_8_decode(input, errors, True), referer: http://192.168.56.101/ > UnicodeDecodeError: 'utf8' codec can't decode byte 0xab in position 10: invalid start byte, referer: http://192.168.56.101/ Replacing unichr() with chr() fixed this issue. univention-system-activation (0.0.1-25): r61675 | Bug #38547: adjust error handling and encoding issues
(In reply to Alexander Kläser from comment #35) > (In reply to Stefan Gohmann from comment #34) > > YAML: OK > > > > Notification works. > > > > The activation works as described. A root login is not possible. > > > > If I upload an invalid license, I don't get any error message in the > > activation dialog, only a 404 (The requested URL > > /univention-management-console was not found on this server): > > Oops... correct! I showed that the upload callback handler 'complete' may > also be called upon an error. I adjusted the output of the backend wsgi > service to always be a dict containing the field 'success'. I also spotted > the following traceback when uploading some ODT document file (containing > binary data): It works now.
r61691: univention-dvd * Add univention-system-activation and univention-welcome-screen to maintained (Bug #38547 and Bug #37537)
<http://errata.univention.de/ucs/4.0/231.html>