You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "Douglas McClusky (JIRA)" <ji...@apache.org> on 2014/10/03 16:25:33 UTC
[jira] [Updated] (VCL-786) Making configuration more
machine-manageable
[ https://issues.apache.org/jira/browse/VCL-786?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Douglas McClusky updated VCL-786:
---------------------------------
Priority: Minor (was: Major)
> Making configuration more machine-manageable
> --------------------------------------------
>
> Key: VCL-786
> URL: https://issues.apache.org/jira/browse/VCL-786
> Project: VCL
> Issue Type: Improvement
> Components: vcld (backend)
> Reporter: Douglas McClusky
> Priority: Minor
>
> You can change the php code that is intended to be edited by users into a machine-readable data standard, to allow easier manipulation via scripts and configuration management tools. For example, conf.php could look like this:
> ==========================================================
> {noformat}
> <?php
> /*
> Licensed to the Apache Software Foundation (ASF) under one or more
> contributor license agreements. See the NOTICE file distributed with
> this work for additional information regarding copyright ownership.
> The ASF licenses this file to You under the Apache License, Version 2.0
> (the "License"); you may not use this file except in compliance with
> the License. You may obtain a copy of the License at
> http://www.apache.org/licenses/LICENSE-2.0
> Unless required by applicable law or agreed to in writing, software
> distributed under the License is distributed on an "AS IS" BASIS,
> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
> See the License for the specific language governing permissions and
> limitations under the License.
> */
> $yaml = <<EOD
> ---
> CONSTANTS:
> ONLINEDEBUG: 1
> ################ Things in this section must be modified #####################
> BASEURL: https://myserver.mydomain/vcl
> SCRIPT: /index.php
> HELPURL: https://myserver.mydomain/help/
> HELPEMAIL: help@place.com
> ERROREMAIL: help@place.com
> ENVELOPESENDER: help@place.com
> COOKIEDOMAIN: .mydomain
> HOMEURL: http://myserver.mydomain/
> DEFAULTLOCALE: en_US
> ####################### end required modifications ###########################
> DEFAULTGROUP: adminUsers
> DEFAULT_AFFILID: 1
> DAYSAHEAD: 4
> DEFAULT_PRIVNODE: 2
> MAXVMLIMIT: 100
> SCHEDULER_ALLOCATE_RANDOM_COMPUTER: 0
> PRIV_CACHE_TIMEOUT: 15
> MIN_BLOCK_MACHINES: 1
> MAX_BLOCK_MACHINES: 70
> DOCUMENTATIONURL: https://cwiki.apache.org/VCLDOCS/
> USEFILTERINGSELECT: 1
> FILTERINGSELECTTHRESHOLD: 1000
> DEFAULTTHEME: default
> HELPFAQURL: http://vcl.example.org/help-faq/
> ALLOWADDSHIBUSERS: 0
>
> default_timezone: America/New_York
> initialize:
> ENABLE_ITECSAUTH: 0 # use ITECS accounts (also called "Non-NCSU" accounts)
> xmlrpcBlockAPIUsers:
> - 3
> clickThroughText: "<center><h2>Installer Agreement</h2></center>
> <p>As the creator of the VCL image, you are responsible for understanding and
> complying with the terms and conditions of the license agreement(s) for all
> software installed within the VCL image.</p>
> <p>Please note that many licenses for instructional use do not allow research
> or other use. You should be familiar with these license terms and
> conditions, and limit the use of your image accordingly.</p>
> %s
> <p>** If you have software licensing questions or would like assistance
> regarding specific terms and conditions, please contact
> <a href=mailto:></a>.</p>"
> authMechs:
> Local Account:
> type: local
> affiliationid: 1
> help: "Only use Local Account if there are no other options"
> # "Shibboleth (UNC Federation)":
> # type: redirect
> # URL: https://federation.northcarolina.edu/wayf/wayf_framed.php?fed=FED_SHIB_UNC_DEV&version=dropdown&entityID=https%3A%2F%2Fvcl.ncsu.edu%2Fsp%2Fshibboleth&return=http%3A%2F%2Fvcl.ncsu.edu%2FShibboleth.sso%2FDS%3FSAMLDS%3D1%26target%3Dhttp%3A%2F%2Fvcl.ncsu.edu%2Fscheduling%2Fshibauth%2F
> # affiliationid: 0 # this should always be 0 for Shibboleth authentication
> # help: "Use Shibboleth (UNC Federation) if you are from a University in the UNC system and do not see another method specifically for your university"
> # EXAMPLE1 LDAP" => array("type" => "ldap",
> # server: ldap.example.com # hostname of the ldap server
> # binddn: dc=example,dc=com # base dn for ldap server
> # userid: %s@example.com # this is what we add to the actual login id to authenticate a user via ldap
> # # use a '%s' where the actual login id will go
> # # for example1: 'uid=%s,ou=accounts,dc=example,dc=com'
> # # example2: '%s@example.com'
> # # example3: '%s@ad.example.com'
> # unityid: samAccountName # ldap field that contains the user's login id
> # firstname: givenname # ldap field that contains the user's first name
> # lastname: sn # ldap field that contains the user's last name
> # email: mail # ldap field that contains the user's email address
> # defaultemail: @example.com # if for some reason an email address may not be returned for a user, this is what
> # # can be added to the user's login id to send mail
> # masterlogin: vcluser # privileged login id for ldap server
> # masterpwd: ********* # privileged login password for ldap server
> # affiliationid: 3 # id from affiliation id this login method is associated with
> # lookupuserbeforeauth: 0 # set this to 1 to have VCL use masterlogin to lookup the full DN of the user
> # # and use that for the ldap bind to auth the user instead of just using the userid
> # # field from above
> # lookupuserfield: '' # if lookupuserbeforeauth is set to 1, this is the attribute to use to search in ldap
> # # for the user. Typically either 'cn', 'uid', or 'samaccountname'
> # help: "Use EXAMPLE1 LDAP if you are using an EXAMPLE1 account" # message to be displayed on login page about when
> # # to use this login mechanism*/
> affilValFunc: []
> affilValFuncArgs: []
> addUserFunc: []
> addUserFuncArgs: []
> updateUserFunc: []
> updateUserFuncArgs: []
> findAffilFuncs:
> - testGeneralAffiliation
> EOD;
> # parse yaml configuration
> $parsed = yaml_parse($yaml);
> # use define to set constants
> foreach($parsed["CONSTANTS"] as $key => $val) {
> define($key, $val);
> }
> # initialize variables
> foreach($parsed["initialize"] as $key => $val) {
> $$key = $val;
> }
> date_default_timezone_set($parsed["default_timezone"]);
> @require_once(".ht-inc/secrets.php");
> foreach($authMechs as $key => $item) {
> if($item['type'] == 'ldap') {
> $affilValFunc[$item['affiliationid']] = 'validateLDAPUser';
> $affilValFuncArgs[$item['affiliationid']] = $key;
> $addUserFunc[$item['affiliationid']] = 'addLDAPUser';
> $addUserFuncArgs[$item['affiliationid']] = $key;
> $updateUserFunc[$item['affiliationid']] = 'updateLDAPUser';
> $updateUserFuncArgs[$item['affiliationid']] = $key;
> }
> elseif($item['type'] == 'local') {
> $affilValFunc[$item['affiliationid']] = create_function('', 'return 0;');
> $addUserFunc[$item['affiliationid']] = create_function('', 'return NULL;');
> $updateUserFunc[$item['affiliationid']] = create_function('', 'return NULL;');
> }
> }
> #require_once(".ht-inc/authmethods/itecsauth.php");
> #require_once(".ht-inc/authmethods/ldapauth.php");
> #require_once(".ht-inc/authmethods/shibauth.php");
> ?>
> {noformat}
> =========================================================
> It might be useful also to move the comments and examples to a section above the yaml config, so they don't get lost when the config is manipulated by parsers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)