The OpenQuake Engine server supports authentication provided by Django and its backends.
Create a /usr/share/openquake/engine/local_settings.py and add:
LOCKDOWN = TrueUpgrade the database to host users and sessions:
$ cd /usr/share/openquake/engine
$ sudo -u openquake oq webui migrate Add a new local superuser:
$ cd /usr/share/openquake/engine
$ sudo -u openquake oq webui createsuperuserWhen running the OpenQuake Engine from sources the local_settings.py file must be located under openquake/server/local_settings.py and oq commands must be as current user (without sudo).
if, for any reason, the oq command isn't available in the path you can use the following syntax:
$ python3 -m openquake.server.manage <subcommand> Users can be part of groups. Members of the same group can have access to any calculation and output produced by any member of that group; only the owner of a calculation can delete it.
Users and group can be managed via the Django admin interface, available at /admin when LOCKDOWN is enabled.
Authentication can rely on system users through PAM, the Pluggable Authentication Module. To use this feature python-pam and django-pam extensions must be installed and activated. To activate them copy openquake/server/local_settings.py.pam to openquake/server/local_settings.py and restart the WebUI service.
This feature is available on Linux only and the WebUI process owner must be member of the shadow group.
Mapping of unix groups isn't supported at the moment.
On a production system nginx + gunicorn is the recommended software stack to run the WebUI.
gunicorn can be installed either via pip or via the system packager (apt, yum, ...). When using python-oq-libs for RedHat or Debian gunicorn is already provided.
gunicorn must be started in the openquake/server directory with the following syntax:
gunicorn -w N wsgi:applicationwhere N is the number of workers, which is usually equal to (CPU threads)*2.
gunicorn is usually managed by the OS init system. See an example for systemd.
gunicorn does not serve static content itself thus a frontend like nginx is needed.
To the previous created openquake/server/local_settings.py add:
STATIC_ROOT = '/var/www/webui'then collect static files:
$ sudo oq webui collectstaticnginx must be configured to act as a reverse proxy for gunicorn and to provide static content. A sample configuration file is provided.
If you need help or have questions/comments/feedback for us, you can:
- Subscribe to the OpenQuake users mailing list: https://groups.google.com/g/openquake-users
- Contact us on IRC: irc.freenode.net, channel #openquake