Update zope-manager-users.md with addzopeuser script for docker setups #1869
Conversation
|
@acsr would you please request a review from someone who has knowledge of this scenario? The technical content is outside my knowledge and experience. I can do English and MyST grammar and syntax, but that's about it. Thank you! |
| - A running docker swarm stack from the full featured docker based Plone Volto deployment | ||
| - Created by current Cookieplone project template including backend, frontend, postgres, traefik, varnish: | ||
|
|
||
| #### Create a new Zope Manager User with a non existing user-ID |
There was a problem hiding this comment.
"with a non existing user-ID" is a bit confusing here. This addzopeuser command is the same as the one mentioned above, it's just a different procedure for running it inside the Docker container. so we can copy some of the same explanations from above about how it behaves if the user already exists.
| The user is now available in the ZMI root at at /acl_users/users/manage_users | ||
|
|
||
| #### Hown to access the ZMI root from via basicauth and the new user | ||
| In the Volto page root use the url `/ClassicUI/aq_parent/acl_users/users/manage_users` |
There was a problem hiding this comment.
This is a path, not a URL. It's relative to the hostname where the Docker container is served via Traefik.
| - In Volto from the browser use the url `/ClassicUI/aq_parent/acl_users/manage_access` | ||
|
|
||
| The new user has `Manager` role, but not `Owner` role and no `Take ownership` permission | ||
| - You can add the Owner role in the ZMI root manually, but only as the original `admin` user. |
There was a problem hiding this comment.
Honestly I've never noticed this or run into a situation where it was necessary for a new Manager user to have the Owner role on the Zope root. It feels like unnecessary information. It's also nothing unique to using this script within the docker container.
|
|
||
| ####` Remark on httpauth challenges for the ZMI `admin user in Cookieplone based Volto and ClassicUI projects using Traefik | ||
|
|
||
| The original cookieplone-template `project` in the above full setup includes a traefik middleware `mw-backend-auth` in the `docker-compose.yaml` `service -> backend -> labels` section. This basic httpauth overrides the ZMI httpauth for the original admin user-id. |
There was a problem hiding this comment.
Can we remove this, given the solution that was merged in plone/cookieplone-templates#154?
| The original cookieplone-template `project` in the above full setup includes a traefik middleware `mw-backend-auth` in the `docker-compose.yaml` `service -> backend -> labels` section. This basic httpauth overrides the ZMI httpauth for the original admin user-id. | ||
|
|
||
| ```{note} | ||
| To change the Traefik middleware basicauth password edit the yaml file in devops/stacks/[hosturl].yml named after the hostname and follow the instructions in the comments for `mw-backend-auth` to create a proper hash and redeploy the project. |
There was a problem hiding this comment.
This is a different topic which should be covered in docs about the Docker stack included in the cookieplone templates, not in this chapter about Zope Manager users.
|
|
||
| in the ZMI root | ||
| at the Plonelogin | ||
| How this has impact on the Plone Volto login needs testing in your particular setup. |
There was a problem hiding this comment.
I'm not sure what these notes are about
| - Enter the host via ssh as root | ||
| - list the running containers: docker ps | ||
| - enter a shell in the first backend container listed: `docker exec -it [[4-digitPartOfID]] bash` | ||
| - run command in the app folder: `./docker-entrypoint.sh bin/addzopeuser -c /app/etc/relstorage.conf userid password` |
There was a problem hiding this comment.
The conf file can also be zope.conf or zeo.conf depending on the configuration. I submitted plone/plone-backend#175 which will make it so you can just run ./docker-entrypoint.sh addzopeuser userid password -- but that won't be available until it's merged and the next Plone 6.1.x image is released.
|
@davisagli I moved over all my notes from the closed PR as a first step. I fully agree that there are duplicate informations and some stuff can be moved to the deployment Troubleshooting FAQ. I need to review your comments in detail later and I therefore changed this PR into draft status. I am also happy to see progress in other changes making some of the remarks obsolete. |
This makes it easier to run the addzopeuser script with the correct conf. Relevant to plone/documentation#1869
This makes it easier to run the addzopeuser script with the correct conf. Relevant to plone/documentation#1869
…#178) This makes it easier to run the addzopeuser script with the correct conf. Relevant to plone/documentation#1869
Moved my notes from the original Pull Request #1703 related to ticket #1702
📚 Documentation preview 📚: https://plone6--1869.org.readthedocs.build/