You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@vcl.apache.org by "Douglas McClusky (JIRA)" <ji...@apache.org> on 2014/10/03 16:23:33 UTC

[jira] [Created] (VCL-786) Making configuration more machine-manageable

Douglas McClusky created VCL-786:
------------------------------------

             Summary: Making configuration more machine-manageable
                 Key: VCL-786
                 URL: https://issues.apache.org/jira/browse/VCL-786
             Project: VCL
          Issue Type: Improvement
          Components: vcld (backend)
            Reporter: Douglas McClusky


You can change the php code that is intended to be edited by users into a machine-readable data standard, to allow easier manipulation via scripts and configuration management tools.  For example, conf.php could look like this:

==========================================================
{noformat}

<?php
/*
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
*/

$yaml = <<EOD
---
CONSTANTS:
  ONLINEDEBUG: 1
################   Things in this section must be modified #####################
  BASEURL: https://myserver.mydomain/vcl
  SCRIPT: /index.php
  HELPURL: https://myserver.mydomain/help/
  HELPEMAIL: help@place.com
  ERROREMAIL: help@place.com
  ENVELOPESENDER: help@place.com
  COOKIEDOMAIN: .mydomain
  HOMEURL: http://myserver.mydomain/
  DEFAULTLOCALE: en_US
#######################   end required modifications ###########################
  DEFAULTGROUP: adminUsers
  DEFAULT_AFFILID: 1
  DAYSAHEAD: 4 
  DEFAULT_PRIVNODE: 2
  MAXVMLIMIT: 100
  SCHEDULER_ALLOCATE_RANDOM_COMPUTER: 0
  PRIV_CACHE_TIMEOUT: 15
  MIN_BLOCK_MACHINES: 1
  MAX_BLOCK_MACHINES: 70
  DOCUMENTATIONURL: https://cwiki.apache.org/VCLDOCS/
  USEFILTERINGSELECT: 1
  FILTERINGSELECTTHRESHOLD: 1000
  DEFAULTTHEME: default
  HELPFAQURL: http://vcl.example.org/help-faq/
  ALLOWADDSHIBUSERS: 0 
  
default_timezone: America/New_York

initialize:
  ENABLE_ITECSAUTH: 0     # use ITECS accounts (also called "Non-NCSU" accounts)
  xmlrpcBlockAPIUsers: 
    - 3
  clickThroughText: "<center><h2>Installer Agreement</h2></center>
<p>As the creator of the VCL image, you are responsible for understanding and 
complying with the terms and conditions of the license agreement(s) for all 
software installed within the VCL image.</p>

<p>Please note that many licenses for instructional use do not allow research 
or other use. You should be familiar with these license terms and 
conditions, and limit the use of your image accordingly.</p>

%s

<p>** If you have software licensing questions or would like assistance 
regarding specific terms and conditions, please contact 
<a href=mailto:></a>.</p>"
  authMechs: 
    Local Account: 
      type: local
      affiliationid: 1
      help: "Only use Local Account if there are no other options"
#    "Shibboleth (UNC Federation)": 
#      type: redirect
#      URL: https://federation.northcarolina.edu/wayf/wayf_framed.php?fed=FED_SHIB_UNC_DEV&version=dropdown&entityID=https%3A%2F%2Fvcl.ncsu.edu%2Fsp%2Fshibboleth&return=http%3A%2F%2Fvcl.ncsu.edu%2FShibboleth.sso%2FDS%3FSAMLDS%3D1%26target%3Dhttp%3A%2F%2Fvcl.ncsu.edu%2Fscheduling%2Fshibauth%2F
#      affiliationid: 0 # this should always be 0 for Shibboleth authentication
#      help: "Use Shibboleth (UNC Federation) if you are from a University in the UNC system and do not see another method specifically for your university"
#    EXAMPLE1 LDAP" => array("type" => "ldap",
#      server: ldap.example.com   # hostname of the ldap server
#      binddn: dc=example,dc=com  # base dn for ldap server
#      userid: %s@example.com     # this is what we add to the actual login id to authenticate a user via ldap
#                                 #    use a '%s' where the actual login id will go
#                                 #    for example1: 'uid=%s,ou=accounts,dc=example,dc=com'
#                                 #        example2: '%s@example.com'
#                                 #        example3: '%s@ad.example.com'
#      unityid: samAccountName    # ldap field that contains the user's login id
#      firstname: givenname       # ldap field that contains the user's first name
#      lastname: sn               # ldap field that contains the user's last name
#      email: mail                # ldap field that contains the user's email address
#      defaultemail: @example.com # if for some reason an email address may not be returned for a user, this is what
#                                 #    can be added to the user's login id to send mail
#      masterlogin: vcluser       # privileged login id for ldap server
#      masterpwd: *********       # privileged login password for ldap server
#      affiliationid: 3           # id from affiliation id this login method is associated with
#      lookupuserbeforeauth: 0    # set this to 1 to have VCL use masterlogin to lookup the full DN of the user
#                                 #   and use that for the ldap bind to auth the user instead of just using the userid
#                                 #   field from above
#      lookupuserfield: ''        # if lookupuserbeforeauth is set to 1, this is the attribute to use to search in ldap
#                                 #   for the user.  Typically either 'cn', 'uid', or 'samaccountname'
#      help: "Use EXAMPLE1 LDAP if you are using an EXAMPLE1 account" # message to be displayed on login page about when
#                                                                     #   to use this login mechanism*/
  affilValFunc: []
  affilValFuncArgs: []
  addUserFunc: []
  addUserFuncArgs: []
  updateUserFunc: []
  updateUserFuncArgs: []
  findAffilFuncs:
    - testGeneralAffiliation
EOD;

# parse yaml configuration
$parsed = yaml_parse($yaml);

# use define to set constants
foreach($parsed["CONSTANTS"] as $key => $val) {
  define($key, $val);
}

# initialize variables
foreach($parsed["initialize"] as $key => $val) {
  $$key = $val;
}

date_default_timezone_set($parsed["default_timezone"]);

@require_once(".ht-inc/secrets.php");

foreach($authMechs as $key => $item) {
	if($item['type'] == 'ldap') {
		$affilValFunc[$item['affiliationid']] = 'validateLDAPUser';
		$affilValFuncArgs[$item['affiliationid']] = $key;
		$addUserFunc[$item['affiliationid']] = 'addLDAPUser';
		$addUserFuncArgs[$item['affiliationid']] = $key;
		$updateUserFunc[$item['affiliationid']] = 'updateLDAPUser';
		$updateUserFuncArgs[$item['affiliationid']] = $key;
	}
	elseif($item['type'] == 'local') {
		$affilValFunc[$item['affiliationid']] = create_function('', 'return 0;');
		$addUserFunc[$item['affiliationid']] = create_function('', 'return NULL;');
		$updateUserFunc[$item['affiliationid']] = create_function('', 'return NULL;');
	}
}

#require_once(".ht-inc/authmethods/itecsauth.php");
#require_once(".ht-inc/authmethods/ldapauth.php");
#require_once(".ht-inc/authmethods/shibauth.php");
?>

{noformat}
=========================================================

It might be useful also to move the comments and examples to a section above the yaml config, so they don't get lost when the config is manipulated by parsers.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)