Difference between revisions of "Platform Team/Server Kit/sugar-server"

From Sugar Labs
Jump to navigation Jump to search
Line 8: Line 8:
  
 
The list of services that sugar-server provides. Each service has a described interface to understand how it interact with clients. The counterpart for these interfaces is the [[Sugar_Server_Kit/sugar-client|sugar-client]] with a [[Sugar_Server_Kit/Client_API|Client API]] it provides for clients, e.g., Sugar Shell.
 
The list of services that sugar-server provides. Each service has a described interface to understand how it interact with clients. The counterpart for these interfaces is the [[Sugar_Server_Kit/sugar-client|sugar-client]] with a [[Sugar_Server_Kit/Client_API|Client API]] it provides for clients, e.g., Sugar Shell.
+
 
 +
If particular service supports RESTfull interface, the HTTP server is started on {{Code|host}} with {{Code|httpd-port}} port. The content of requests and replies is being transfered using dictionaries in JSON notation.
 +
 
 +
The resulting dictionary on success, will contain predefined keys:
 +
 
 +
* {{Code|success: OK}};
 +
 
 +
The resulting dictionary on fails, will contain:
 +
 
 +
* {{Code|success: ERR}};
 +
* {{Code|error}}, error message.
 +
 
 
=== id ===
 
=== id ===
  
Provide Sugar users registration on a school server. After being registered, Sugar on users side will setup interaction with a school server, such as:
+
Provide Sugar users registration on a school server. After being registered, Sugar on users side will setup interaction with a school server. See [[Sugar_Server_Kit/sugar-client|sugar-client]] project for details from client point of view.
  
* Setup jabber sever location,
+
Interface:
* url to backup or restore Journal,
 
* update native packages.
 
  
Interface:
+
GET '''/client/status'''?uuid=''UUID''
 +
 
 +
Get information about client's status on a server.
 +
 
 +
The resulting dictionary, contains:
 +
 
 +
* {{Code|stamp}}, client needs to keep this value to detect the moment when it needs to process re-registration on a server, i.e., when the next {{Code|stamp}} will be different to previously kept one;
 +
 
 +
POST '''/client/register'''
  
Service is listening {{Code|--id-port}} port on the {{Code|--host}} host to serve XML-RPC requests. There is only one RPC function:
+
Process registration on the server.
  
''dict'' '''register'''(''str'' serial, ''str'' nickname, ''str'' uuid, ''str'' pubkey)
+
The input dictionary, contains:
  
Where {{Code|pubkey}} is a SSH DSS public key without the {{Code|ssh-dss }} prefix.
+
* {{Code|uuid}}, required user UUID;
 +
* {{Code|nickname}}, optional client nick name;
 +
* {{Code|serial}}, optional serial number of user's hardware;
 +
* {{Code|pubkey}}, required only if user wants to process Journal backup, a SSH DSS public key without the {{Code|ssh-dss }} prefix.
  
The resulting dictionary on success, contains:
+
The resulting dictionary, contains:
  
* {{Code|success: OK}};
+
* {{Code|config}} a dictionary of values that are mapped 1:1 as configuration options of the [[Sugar_Server_Kit/sugar-client|sugar-client]] utility. The particular set of keys are details of implementations and processed only internally;
* {{Code|config}} key with a dictionary of values that are mapped 1:1 as configuration options of the sugar-client utility. The particular set of keys are details of implementations and processed only internally;
 
 
* [http://wiki.laptop.org/go/School_server OLPC XS] backwards compatibility keys that are not being processed by sugar-client: {{Code|backupurl}}, {{Code|jabberserver}}, {{Code|backuppath}}.
 
* [http://wiki.laptop.org/go/School_server OLPC XS] backwards compatibility keys that are not being processed by sugar-client: {{Code|backupurl}}, {{Code|jabberserver}}, {{Code|backuppath}}.
  
The resulting dictionary on fails, contains:
+
''dict'' '''register'''(''str'' serial, ''str'' nickname, ''str'' uuid, ''str'' pubkey)
  
* {{Code|success: ERR}};
+
Backward compatibility, with OLPC's XS, RPC function to serve registration requests. The resulting data is the same as for RESTfull registration interface. The XML-RPM service will be listening {{Code|8080}} port on the {{Code|--host}} host.
* {{Code|error}} key with error message.
 
  
 
=== backup ===
 
=== backup ===
  
Process backup and restore for students' Journals. The service is listenning for HTTP requests that client send before starting backup. If server accepts requests, clients start Rsync'ing Journal data via SSH.
+
Process backup and restore for students' Journals. The service is accepting RESTfull requests that clients send before starting backup process. If server accepts requests, clients start Rsync'ing Journal data via SSH. The Rsync url needs to be gotten while registration via Id service and will be used without any modification on the client side, i.e., the process is fully server driven.
  
 
Note, this backup functionality does not compatible with client tools that work with OLPC XS. The problem is that these tools construct backup url on a client side (using only server host name from backup url given after registration on a server) with relying that every client has its own system user on a server side. That doesn't work with new backup functionality where there is only one system user on a server side and authorisation happens on SSH level (using {{Code|command}} option in {{Code|~/.ssh/authorized_keys}} file).
 
Note, this backup functionality does not compatible with client tools that work with OLPC XS. The problem is that these tools construct backup url on a client side (using only server host name from backup url given after registration on a server) with relying that every client has its own system user on a server side. That doesn't work with new backup functionality where there is only one system user on a server side and authorisation happens on SSH level (using {{Code|command}} option in {{Code|~/.ssh/authorized_keys}} file).
Line 44: Line 62:
 
Interface:
 
Interface:
  
From {{Code|--httpd-port}} on {{Code|--host}} host, service is processing HTTP requests for url:
+
  GET '''/client/backup'''?uuid=''UUID''
 
 
  /backup/uuid/available/''uuid''
 
  
As a result, service returns following HTTP codes:
+
Check if client can start transfering Journal files using.
  
* {{Code|200}}, if backup can be started;
+
The resulting dictionary, contains:
* {{Code|403}}, registration was not processed;
 
* {{Code|503}}, if backup cannot be started right now and client needs to retry in some time later;
 
* Various error codes on fails with error message as HTML content.
 
  
If backup is available, client will start transfering Journal files using Rsync url that was gotten while registration via Id service. The Rsync url is used without any modification on the client side, i.e., the process is fully server driven.
+
* {{Code|accepted}}, if {{Code|True}}, clients can start backup process.
  
 
=== activation ===
 
=== activation ===

Revision as of 16:15, 2 November 2011

Summary

The core Sugar Server Kit component.

The singular program requires only Python, and obvious dependencies like coreutils, to allow all its services to function properly. It provides basic sugar related services, and uses one CLI tool to manage all its functionality.

Services

The list of services that sugar-server provides. Each service has a described interface to understand how it interact with clients. The counterpart for these interfaces is the sugar-client with a Client API it provides for clients, e.g., Sugar Shell.

If particular service supports RESTfull interface, the HTTP server is started on host with httpd-port port. The content of requests and replies is being transfered using dictionaries in JSON notation.

The resulting dictionary on success, will contain predefined keys:

  • success: OK;

The resulting dictionary on fails, will contain:

  • success: ERR;
  • error, error message.

id

Provide Sugar users registration on a school server. After being registered, Sugar on users side will setup interaction with a school server. See sugar-client project for details from client point of view.

Interface:

GET /client/status?uuid=UUID

Get information about client's status on a server.

The resulting dictionary, contains:

  • stamp, client needs to keep this value to detect the moment when it needs to process re-registration on a server, i.e., when the next stamp will be different to previously kept one;
POST /client/register

Process registration on the server.

The input dictionary, contains:

  • uuid, required user UUID;
  • nickname, optional client nick name;
  • serial, optional serial number of user's hardware;
  • pubkey, required only if user wants to process Journal backup, a SSH DSS public key without the ssh-dss prefix.

The resulting dictionary, contains:

  • config a dictionary of values that are mapped 1:1 as configuration options of the sugar-client utility. The particular set of keys are details of implementations and processed only internally;
  • OLPC XS backwards compatibility keys that are not being processed by sugar-client: backupurl, jabberserver, backuppath.
dict register(str serial, str nickname, str uuid, str pubkey)

Backward compatibility, with OLPC's XS, RPC function to serve registration requests. The resulting data is the same as for RESTfull registration interface. The XML-RPM service will be listening 8080 port on the --host host.

backup

Process backup and restore for students' Journals. The service is accepting RESTfull requests that clients send before starting backup process. If server accepts requests, clients start Rsync'ing Journal data via SSH. The Rsync url needs to be gotten while registration via Id service and will be used without any modification on the client side, i.e., the process is fully server driven.

Note, this backup functionality does not compatible with client tools that work with OLPC XS. The problem is that these tools construct backup url on a client side (using only server host name from backup url given after registration on a server) with relying that every client has its own system user on a server side. That doesn't work with new backup functionality where there is only one system user on a server side and authorisation happens on SSH level (using command option in ~/.ssh/authorized_keys file).

Interface:

GET /client/backup?uuid=UUID

Check if client can start transfering Journal files using.

The resulting dictionary, contains:

  • accepted, if True, clients can start backup process.

activation

This service is intended to process anti-thief requests XO laptops send to the server during the boot process.

Interface:

Service is listening --activation-port port on the --host host to process TCP requests. If sent data starts from serial number, the service will reply with:

  • STOLEN text if serial number is stated as stolen;
  • lease content found for serial number;
  • UNKNOWN for errors.

keyring

Keyring service is needed to work with activation one. It signs delegated leases for activation requests if pre-existed leases weren't found.

Interface:

There is no public interface, the service is being used internally by sugar-server.

Requires

  • bios-crypto
    bios-crypto client utilities are being used in anti-thief support and should be installed only if sign service is being used.

Configuration

By default, configuration occurs based on several sources (sorted by applied order):

  • /etc/sugar-server.conf system-wide configuration file,
  • ~/.config/sugar-server/config user-wide configuration file,
  • sugar-server's command-line arguments.

Configuration files contain option names equal to command-line arguments. To get the current configuration, call:

sugar-server config

See sugar-server-templates sources for an example.

Getting involved

  • Report on bugs.
  • Read the HACKING file to know how to contribute with code.

Resources