Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
On Jun 22, 2011, at 2:51 PM, Seth Graham wrote: On Jun 9, 2011, at 12:10 PM, Alex Dean wrote: I started off intending to allow per-view edit access, just like we allow per-cluster edit access for optional graphs. The complication is that each resource (a view or a cluster) in the ACL is only identified by a simple string. Thus you can't have a cluster and a view which share the same name - or, if you did you'd probably unwittingly be granting permissions you didn't mean to. I thought about introducing some kind of namespacing, and then just decided to punt until it was actually needed. So... maybe that time is now? :) Something like this wouldn't be too hard to implement: $acl-allowView( 'username', 'view-name', GangliaAcl::EDIT ); $acl-allowCluster( 'username', 'cluster-name', GangliaAcl::EDIT ); Please suggest alternate APIs here. That's just my initial brainstorm. I finally got a chance to sit down and poke at this. The good news is it's easy to implement a permissions system for adding graphs to an existing view. My method was to edit GangliaAcl.php to add an 'EDIT_VIEW' resource, and use the add() function along with a clustername to give a user view editing privileges. After updating the checkAccess() calls where appropriate in host_view.php and views.php, a user can add graphs to their view. That requires that the view name match the cluster name, right? Could you post your changes somewhere so we could see what you did? More complicated is the creation of the views themselves. Because views can have names without any relation to ganglia clusters, the ACL system won't work. I guess one could put in a restriction that a user can only create views with the same name of clusters they have edit permissions for, but that would limit them to owning a single view per cluster. (as an aside, is it intended that once a view is created, it cannot be removed via the web interface?) Probably more of an oversight. Patches welcome! :) The more I look at it, the more inclined I am to leave the configuration as it is. Every idea I come up with limits the flexibility of the Views or requires more acl maintenance in conf.php. I still want to take a stab at this, I just haven't had the time. Help me understand your use case better. You want to allow some non-admin users to edit a single view, right? Is there a case for limiting the visibility of a view, or are we only concerned with who can change a view? More generally, what permissions do we need? - view a view - create a view - edit a view - delete a view I'd say sensible defaulte are that admins can do all of these things for all views, and anonymous users can view all views which haven't been specifically hidden. alex -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
On Wed, 22 Jun 2011, Alex Dean wrote: (as an aside, is it intended that once a view is created, it cannot be removed via the web interface?) Probably more of an oversight. Patches welcome! :) Not an oversight :-). Just it hasn't been done yet. Also editing views. Other fixups. Vladimir -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
Skewed how ? Please describe and preferably include screenshots. Is the behavior correct under older web UI ? Vladimir On Wed, 22 Jun 2011, grace rante wrote: I'm seeing skewed graphs with my ganglia web 2.0 install very similar to this web demo: http://fjrkr5ab.joyent.us/ganglia-2.0/ Is there a known fix for it? thanks, gracie On Wed, Jun 1, 2011 at 8:08 AM, Vladimir Vuksan vli...@veus.hr wrote: Announcing Ganglia Web 2.0 Release Candidate 1. http://ganglia.info/?p=373 Vladimir -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Ganglia-general mailing list ganglia-gene...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
Your case certainly sounds like an interesting case and if you are willing to patch the code in such a way that retains current behavior and adds the new behavior we would be happy to commit it. None of this is set in stone. If something doesn't work we can and will change it. Vladimir On Thu, 9 Jun 2011 11:02:55 -0500, Seth Graham set...@fnal.gov wrote: On Jun 8, 2011, at 8:25 PM, Alex Dean wrote: Hi Seth. I'm just back from a week off the grid, and trying to get caught up on a mountain of electronic stuff. Here's my quick response. Please let me know if more explanation is required. Nope, the explanation makes sense. The only thing I was missing was detail about the philosophy behind the privileges system. Editing views is not per-cluster permission because views can contain graphs from many clusters. Currently, we only support a single 'edit' permission for all views. (A user can either edit all views, or can edit none.) You can't selectively grant edit permission on a single view. That restriction could possible be lifted in the future if there is demand for it. It's my primary motivation for updating to the new interface, actually. I don't know how typical my environment is, but I'm taking care of machines belonging to many different experiments. Users like to have their resources on their own web page, and not see nodes they don't care about. Traditionally I've dealt with this in gmetad.conf, moving machines between clusters or making new clusters based on the whims of scientists. It works, but is kind of a pain. Being able to set up admin accounts and let the users arrange things to taste via a web page would make everyone happy.. I don't have to babysit ganglia, and they don't have to wait for me to update ganglia. Fortunately, it's pretty easy to modify the access checks to allow this behavior, so if I'm a minority case, I can patch where needed. I just wasn't sure if I was using the ACL system properly. thanks -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Ganglia-general mailing list ganglia-gene...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
On Jun 9, 2011, at 11:02 AM, Seth Graham wrote: On Jun 8, 2011, at 8:25 PM, Alex Dean wrote: Hi Seth. I'm just back from a week off the grid, and trying to get caught up on a mountain of electronic stuff. Here's my quick response. Please let me know if more explanation is required. Nope, the explanation makes sense. The only thing I was missing was detail about the philosophy behind the privileges system. Editing views is not per-cluster permission because views can contain graphs from many clusters. Currently, we only support a single 'edit' permission for all views. (A user can either edit all views, or can edit none.) You can't selectively grant edit permission on a single view. That restriction could possible be lifted in the future if there is demand for it. It's my primary motivation for updating to the new interface, actually. Interesting. I started off intending to allow per-view edit access, just like we allow per-cluster edit access for optional graphs. The complication is that each resource (a view or a cluster) in the ACL is only identified by a simple string. Thus you can't have a cluster and a view which share the same name - or, if you did you'd probably unwittingly be granting permissions you didn't mean to. I thought about introducing some kind of namespacing, and then just decided to punt until it was actually needed. So... maybe that time is now? :) Something like this wouldn't be too hard to implement: $acl-allowView( 'username', 'view-name', GangliaAcl::EDIT ); $acl-allowCluster( 'username', 'cluster-name', GangliaAcl::EDIT ); Please suggest alternate APIs here. That's just my initial brainstorm. alex -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
Hi Seth. I'm just back from a week off the grid, and trying to get caught up on a mountain of electronic stuff. Here's my quick response. Please let me know if more explanation is required. If you want to allow a user to be able to edit views, you need to grant them edit permission on GangliaAcl::ALL_VIEWS. You can allow users to edit: - All views. $acl-allow( 'username', GangliaAcl::ALL_VIEWS, GangliaAcl::EDIT ); - Optional graphs for all clusters. $acl-allow( 'username', GangliaAcl::ALL_CLUSTERS, GangliaAcl::EDIT ); - Optional graphs for an individual cluster. $acl-allow( 'username', 'clustername', GangliaAcl::EDIT ); Editing views is not per-cluster permission because views can contain graphs from many clusters. Currently, we only support a single 'edit' permission for all views. (A user can either edit all views, or can edit none.) You can't selectively grant edit permission on a single view. That restriction could possible be lifted in the future if there is demand for it. Hope that helps. As I said, please let me know if further explanation is required. alex On Jun 7, 2011, at 8:20 PM, Vladimir Vuksan wrote: Sounds like a bug. We'll take a look. If you end up fixing it feel free to send us a patch. Thanks, Vladimir On Tue, 7 Jun 2011, Seth Graham wrote: I'm having some issues getting the user roles working as expected. The wiki instructs something like: $acl-addRole( $username, GangliaAcl::GUEST ); $acl-allow( $username, $cluster, GangliaAcl::EDIT ); Which does not result in the little blue + sign to be drawn next to graphs. From line 71 in host_view.php, there is this line: if(checkAccess(GangliaAcl::ALL_VIEWS, GangliaAcl::EDIT, $conf)) { Changing it to: if(checkAccess($clustername, GangliaAcl::EDIT, $conf)) { Allows the check to succeed, but I run into the same problem in views.php. What does the 'EDIT' role actually allow a user to edit, if not views? And is it possible to configure the interface to allow a user to only edit specific views? As configured now, it appears view editing is all or nothing. thanks, On Jun 1, 2011, at 10:08 AM, Vladimir Vuksan wrote: Announcing Ganglia Web 2.0 Release Candidate 1. http://ganglia.info/?p=373 Vladimir -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Ganglia-general mailing list ganglia-gene...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers
Re: [Ganglia-developers] [Ganglia-general] Announcing Ganglia Web 2.0RC1
Sounds like a bug. We'll take a look. If you end up fixing it feel free to send us a patch. Thanks, Vladimir On Tue, 7 Jun 2011, Seth Graham wrote: I'm having some issues getting the user roles working as expected. The wiki instructs something like: $acl-addRole( $username, GangliaAcl::GUEST ); $acl-allow( $username, $cluster, GangliaAcl::EDIT ); Which does not result in the little blue + sign to be drawn next to graphs. From line 71 in host_view.php, there is this line: if(checkAccess(GangliaAcl::ALL_VIEWS, GangliaAcl::EDIT, $conf)) { Changing it to: if(checkAccess($clustername, GangliaAcl::EDIT, $conf)) { Allows the check to succeed, but I run into the same problem in views.php. What does the 'EDIT' role actually allow a user to edit, if not views? And is it possible to configure the interface to allow a user to only edit specific views? As configured now, it appears view editing is all or nothing. thanks, On Jun 1, 2011, at 10:08 AM, Vladimir Vuksan wrote: Announcing Ganglia Web 2.0 Release Candidate 1. http://ganglia.info/?p=373 Vladimir -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Ganglia-general mailing list ganglia-gene...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-general -- EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev ___ Ganglia-developers mailing list Ganglia-developers@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ganglia-developers