Update zope-manager-users.md with addzopeuser script for docker setups #1869
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -107,3 +107,45 @@ When you run the script, if the user already exists: | |
| Maybe the user already exists and nothing is done then. | ||
| Or the implementation does not give info when it succeeds. | ||
| ``` | ||
| ### `addzopeuser` script in dockerized setup | ||
|
|
||
| #### Prerequisites | ||
| - A running docker swarm stack from the full featured docker based Plone Volto deployment | ||
| - Created by current Cookieplone project template including backend, frontend, postgres, traefik, varnish: | ||
|
|
||
| #### Create a new Zope Manager User with a non existing user-ID | ||
|
|
||
| - Enter the host via ssh as root | ||
| - list the running containers: docker ps | ||
| - enter a shell in the first backend container listed: `docker exec -it [[4-digitPartOfID]] bash` | ||
| - run command in the app folder: `./docker-entrypoint.sh bin/addzopeuser -c /app/etc/relstorage.conf userid password` | ||
|
There was a problem hiding this comment. The conf file can also be zope.conf or zeo.conf depending on the configuration. I submitted plone/plone-backend#175 which will make it so you can just run |
||
|
|
||
| Response: `User userid created` | ||
| The user is now available in the ZMI root at at /acl_users/users/manage_users | ||
|
|
||
| #### Hown to access the ZMI root from via basicauth and the new user | ||
| In the Volto page root use the url `/ClassicUI/aq_parent/acl_users/users/manage_users` | ||
|
There was a problem hiding this comment. This is a path, not a URL. It's relative to the hostname where the Docker container is served via Traefik. |
||
|
|
||
| ##### Notes on permissions | ||
|
|
||
| - Check permissions in the ZMI root at `/acl_users/manage_access` and search for userid | ||
| - In Volto from the browser use the url `/ClassicUI/aq_parent/acl_users/manage_access` | ||
|
|
||
| The new user has `Manager` role, but not `Owner` role and no `Take ownership` permission | ||
| - You can add the Owner role in the ZMI root manually, but only as the original `admin` user. | ||
|
There was a problem hiding this comment. Honestly I've never noticed this or run into a situation where it was necessary for a new Manager user to have the Owner role on the Zope root. It feels like unnecessary information. It's also nothing unique to using this script within the docker container. |
||
|
|
||
| ####` Remark on httpauth challenges for the ZMI `admin user in Cookieplone based Volto and ClassicUI projects using Traefik | ||
|
|
||
| The original cookieplone-template `project` in the above full setup includes a traefik middleware `mw-backend-auth` in the `docker-compose.yaml` `service -> backend -> labels` section. This basic httpauth overrides the ZMI httpauth for the original admin user-id. | ||
|
There was a problem hiding this comment. Can we remove this, given the solution that was merged in plone/cookieplone-templates#154? |
||
|
|
||
| ```{note} | ||
| To change the Traefik middleware basicauth password edit the yaml file in devops/stacks/[hosturl].yml named after the hostname and follow the instructions in the comments for `mw-backend-auth` to create a proper hash and redeploy the project. | ||
|
There was a problem hiding this comment. This is a different topic which should be covered in docs about the Docker stack included in the cookieplone templates, not in this chapter about Zope Manager users. |
||
| ``` | ||
|
|
||
| ```{important} | ||
| Test the resulting logins in fresh incognito windows! | ||
| ``` | ||
|
|
||
| in the ZMI root | ||
| at the Plonelogin | ||
| How this has impact on the Plone Volto login needs testing in your particular setup. | ||
|
There was a problem hiding this comment. I'm not sure what these notes are about |
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"with a non existing user-ID" is a bit confusing here. This addzopeuser command is the same as the one mentioned above, it's just a different procedure for running it inside the Docker container. so we can copy some of the same explanations from above about how it behaves if the user already exists.