[jira] [Updated] (VCL-1118) AD Join in a multi site domain
[ https://issues.apache.org/jira/browse/VCL-1118?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1118: Attachment: ad-multi-site.patch > AD Join in a multi site domain > -- > > Key: VCL-1118 > URL: https://issues.apache.org/jira/browse/VCL-1118 > Project: VCL > Issue Type: Bug > Components: vcld (backend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: ad-multi-site.patch > > > The current AD domain join process does a server less bind to delete the > computer object first and then immediately adds the computer object to AD. > For a multi site environment if the computer object deletion occurs on a > different domain controller than the domain controller where the computer > object addition takes place this can be problematic. After the inter site > replication completes in some cases the net effect will be computer object > deletion, which means that the VM will not have domain membership and so fail > user authentication and lose access to AD resources. > This patch provides the following updates to the active directory join process > - discover the VM's active directory site based on its public IP address. if > sites are not defined within active directory, use the default site that is > auto created by Active Directory (Default-First-Site-Name) > - delete the VM from a domain controller within its site. wait 20 seconds for > the intra site replication to complete > - join the VM to the same active directory domain controller that it was > deleted from in the previous step or to a domain controller within the VM's > active directory site. > added utility functions for converting dot decimal format ip information to > cidr (classless inter-domain routing) format. This is needed for VM active > directory site calculation, as the active directory sites are stored in cidr > format. currently, this supports IPV4 addresses only. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (VCL-1118) AD Join in a multi site domain
Junaid Ali created VCL-1118: --- Summary: AD Join in a multi site domain Key: VCL-1118 URL: https://issues.apache.org/jira/browse/VCL-1118 Project: VCL Issue Type: Bug Components: vcld (backend) Affects Versions: 2.5 Reporter: Junaid Ali The current AD domain join process does a server less bind to delete the computer object first and then immediately adds the computer object to AD. For a multi site environment if the computer object deletion occurs on a different domain controller than the domain controller where the computer object addition takes place this can be problematic. After the inter site replication completes in some cases the net effect will be computer object deletion, which means that the VM will not have domain membership and so fail user authentication and lose access to AD resources. This patch provides the following updates to the active directory join process - discover the VM's active directory site based on its public IP address. if sites are not defined within active directory, use the default site that is auto created by Active Directory (Default-First-Site-Name) - delete the VM from a domain controller within its site. wait 20 seconds for the intra site replication to complete - join the VM to the same active directory domain controller that it was deleted from in the previous step or to a domain controller within the VM's active directory site. added utility functions for converting dot decimal format ip information to cidr (classless inter-domain routing) format. This is needed for VM active directory site calculation, as the active directory sites are stored in cidr format. currently, this supports IPV4 addresses only. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (VCL-1116) use database hostnames for ad joined computers
[ https://issues.apache.org/jira/browse/VCL-1116?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16798406#comment-16798406 ] Junaid Ali commented on VCL-1116: - Added commit https://gitbox.apache.org/repos/asf?p=vcl.git;a=shortlog;h=refs/heads/VCL-1116_use_database_hostnames_for_ad_joined_computers > use database hostnames for ad joined computers > -- > > Key: VCL-1116 > URL: https://issues.apache.org/jira/browse/VCL-1116 > Project: VCL > Issue Type: Bug > Components: database, vcld (backend), web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > > Currently the VM's created use reverse DNS lookup to create their computer > hostnames. Also the DNS suffix is set to the name retrieved using the reverse > DNS lookup. For environments where the DNS domain does not match the active > directory domains this can cause issues with accessing Windows Distributed > File Shares (DFS). The windows client needs to use the same DNS suffix as the > active directory domain. > This fix creates a new column within the addomain table, so you can choose > when you want to enable this setting (default is disabled). The web frontend > has capability to toggle this setting within the ADDomain settings. > There is a secondary issue with the reboot subroutine where the SSH service > becomes available and the management node starts working on it, but then the > cygwin reset happens that causes intermittent SSH connection issues making > the process unreliable. Setting the SSHD service startup mode to manual for > all cases where cygwin reset will occur will overcome this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1115) VMware Windows UEFI Images
[ https://issues.apache.org/jira/browse/VCL-1115?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1115: Component/s: (was: web gui (frontend)) > VMware Windows UEFI Images > -- > > Key: VCL-1115 > URL: https://issues.apache.org/jira/browse/VCL-1115 > Project: VCL > Issue Type: New Feature > Components: database, vcld (backend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Minor > > Added support for creating Windows UEFI based images for VMware based VM's. > Added uefi field to image table to hold this information. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (VCL-1116) use database hostnames for ad joined computers
Junaid Ali created VCL-1116: --- Summary: use database hostnames for ad joined computers Key: VCL-1116 URL: https://issues.apache.org/jira/browse/VCL-1116 Project: VCL Issue Type: Bug Components: database, vcld (backend), web gui (frontend) Affects Versions: 2.5 Reporter: Junaid Ali Currently the VM's created use reverse DNS lookup to create their computer hostnames. Also the DNS suffix is set to the name retrieved using the reverse DNS lookup. For environments where the DNS domain does not match the active directory domains this can cause issues with accessing Windows Distributed File Shares (DFS). The windows client needs to use the same DNS suffix as the active directory domain. This fix creates a new column within the addomain table, so you can choose when you want to enable this setting (default is disabled). The web frontend has capability to toggle this setting within the ADDomain settings. There is a secondary issue with the reboot subroutine where the SSH service becomes available and the management node starts working on it, but then the cygwin reset happens that causes intermittent SSH connection issues making the process unreliable. Setting the SSHD service startup mode to manual for all cases where cygwin reset will occur will overcome this issue. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (VCL-1115) VMware Windows UEFI Images
[ https://issues.apache.org/jira/browse/VCL-1115?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16798402#comment-16798402 ] Junaid Ali commented on VCL-1115: - Added commit https://gitbox.apache.org/repos/asf?p=vcl.git;a=shortlog;h=refs/heads/VCL-1115_vmware_windows_uefi_images > VMware Windows UEFI Images > -- > > Key: VCL-1115 > URL: https://issues.apache.org/jira/browse/VCL-1115 > Project: VCL > Issue Type: New Feature > Components: database, vcld (backend), web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Minor > > Added support for creating Windows UEFI based images for VMware based VM's. > Added uefi field to image table to hold this information. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (VCL-1115) VMware Windows UEFI Images
Junaid Ali created VCL-1115: --- Summary: VMware Windows UEFI Images Key: VCL-1115 URL: https://issues.apache.org/jira/browse/VCL-1115 Project: VCL Issue Type: New Feature Components: database, vcld (backend), web gui (frontend) Affects Versions: 2.5 Reporter: Junaid Ali Added support for creating Windows UEFI based images for VMware based VM's. Added uefi field to image table to hold this information. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (VCL-1112) SSL Offload
[ https://issues.apache.org/jira/browse/VCL-1112?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16789819#comment-16789819 ] Junaid Ali commented on VCL-1112: - Added commit https://git-wip-us.apache.org/repos/asf?p=vcl.git;a=commit;h=eee98890a27232addbb1b61830343b0c617e001c > SSL Offload > --- > > Key: VCL-1112 > URL: https://issues.apache.org/jira/browse/VCL-1112 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) > Reporter: Junaid Ali >Priority: Minor > Attachments: vcl-load-balancer-ssl-offload.png > > > The VCL website currently enforces HTTPS for all URL's. This is a good > default. In cases where the SSL traffic is offloaded to an external device > (e.g. Load Balancer) the vcl website should not enforce HTTPS traffic. See > vcl-load-balancer-ssl-offload.png for details. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: Apache VCL Docker Based Development Environment
Hello VCL Developers, Here is the final article discussing setup of the management node daemon within docker container for development purposes. As always your feedback is most welcome. https://medium.com/@junaid.ali/apache-vcl-docker-based-development-environment-part-3-9837226f2116 Thank you. Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, 10W, 35st Street, Room # 7F7-1, Chicago, IL - 60616 On Wed, Feb 27, 2019 at 8:09 AM Josh Thompson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi Junaid, > > Thanks for writing these up and sharing them! They'll be really helpful > for > new contributors to set up development environments! > > Josh > > On Saturday, February 23, 2019 8:10:41 PM EST Junaid Ali wrote: > > Hello VCL Developers, > > This is the second article in the series that discusses setting up the > PHP > > development environment using Eclipse PDT with xdebug. > > > > > https://medium.com/@junaid.ali/apache-vcl-docker-based-development-environme > > nt-part-2-5abdbc8d73e6 > > > > Your comments and suggestions are most welcome. > > > > Thanks > > Junaid Ali > > Systems & Virtualization Engineer, > > Office of Technology Services/IIT, > > Chicago, IL - 60616 > > > > On Fri, Feb 22, 2019 at 11:10 AM Junaid Ali wrote: > > > Hello VCL Developers, > > > I've written an article about how to use docker for setting up a VCL > > > development environment. It is a first in a series of articles that > > > explain > > > setting but development environment for each VCL component (database, > > > website, management daemon) > > > > > > > https://medium.com/@junaid.ali/apache-vcl-docker-containers-fe06159d8f59 > > > > > > Your comments and suggestions are most welcome. > > > > > > Thanks. > > > > > > Junaid Ali > > > Systems & Virtualization Engineer, > > > Office of Technology Services/IIT, > > > Chicago, IL - 60616 > > - -- > - --- > Josh Thompson > VCL Developer > North Carolina State University > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. > -BEGIN PGP SIGNATURE- > > iF0EARECAB0WIQRMIdRtWXideTZDK31X8tBw1209AwUCXHaZ/gAKCRBX8tBw1209 > A8HqAJ9aM/4ixSemoIiUSIkvej6CHMvubwCfUD9/XWOX134te7Z5I8+EwjLSlrE= > =nZ0a > -END PGP SIGNATURE- > > > >
Re: Apache VCL Docker Based Development Environment
Hello VCL Developers, This is the second article in the series that discusses setting up the PHP development environment using Eclipse PDT with xdebug. https://medium.com/@junaid.ali/apache-vcl-docker-based-development-environment-part-2-5abdbc8d73e6 Your comments and suggestions are most welcome. Thanks Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, Chicago, IL - 60616 On Fri, Feb 22, 2019 at 11:10 AM Junaid Ali wrote: > Hello VCL Developers, > I've written an article about how to use docker for setting up a VCL > development environment. It is a first in a series of articles that explain > setting but development environment for each VCL component (database, > website, management daemon) > > https://medium.com/@junaid.ali/apache-vcl-docker-containers-fe06159d8f59 > > Your comments and suggestions are most welcome. > > Thanks. > > Junaid Ali > Systems & Virtualization Engineer, > Office of Technology Services/IIT, > Chicago, IL - 60616 > >
Apache VCL Docker Based Development Environment
Hello VCL Developers, I've written an article about how to use docker for setting up a VCL development environment. It is a first in a series of articles that explain setting but development environment for each VCL component (database, website, management daemon) https://medium.com/@junaid.ali/apache-vcl-docker-containers-fe06159d8f59 Your comments and suggestions are most welcome. Thanks. Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, Chicago, IL - 60616
PHP 5.6 End of Life
Hello VCL Developers, With PHP 5.6 End of Life (EOL) set for end of this year ( http://php.net/supported-versions.php) are there any plans to update the VCL front end to support newer versions of PHP? Thanks. Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, 10W, 35st Street, Room # 7F7-1, Chicago, IL - 60616
[jira] [Commented] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16474496#comment-16474496 ] Junaid Ali commented on VCL-1087: - Hi Josh, I've verified the VCL-1087_VCL_CAS_SSO branch from [https://github.com/apache/vcl] and it is working fine. Few observations: I had to manually download dojo library to /var/www/html/vcl/ & spyc-0.5.1 library to /var/www/html/vcl/.ht-inc Thanks. Junaid. > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 >Reporter: Junaid Ali >Priority: Major > Attachments: 0001-CAS-Authentication-Module.patch, Design document > for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1087: Attachment: 0001-CAS-Authentication-Module.patch > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-CAS-Authentication-Module.patch, Design document > for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1087: Attachment: (was: 0001-CAS-Authentication-Module.patch) > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-CAS-Authentication-Module.patch, Design document > for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1087: Attachment: 0001-CAS-Authentication-Module.patch > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-CAS-Authentication-Module.patch, Design document > for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1087: Attachment: (was: 0001-VCL-CAS-Authentication-support.patch) > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-CAS-Authentication-Module.patch, Design document > for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Comment Edited] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412229#comment-16412229 ] Junaid Ali edited comment on VCL-1087 at 4/5/18 7:48 PM: - Please find attached the VCL CAS SSO patch. This patch modifies/adds the following files: .ht-inc/authentication.php .ht-inc/conf-default.php .ht-inc/utils.php .ht-inc/authmethods/casauth.php (new) casauth/index.php (new) Below are details for each change: *.ht-inc/authentication.php* selectAuth() function modified to allow for directing CAS type authentication choices to the casauth.php authentication handler. *.ht-inc/conf-default.php* Added descriptive configuration options for add CAS paramters to authMechs array. *.ht-inc/utils.php* * getCryptKeyID() function was modified to add support for casauth URL's * curlDoSSLWebRequest() function added for performing web requests using PHP cURL library * vclAutoLoader() function was added to autoload VCL classes. This was added to resolve Class Not Found Errors caused by php-pear-CAS library using PHP class autoload functionality. *.ht-inc/authmethods/casauth.php* A new authentication handler that plug's into the conf.php configuration file and handles CAS related tasks, e.g. validating users, adding users to database, updating users in database, updating user group membership to a global group. The user group needs to be pre-created to make sure CAS authenticated users will get added to it. *casauth/index.php* This is a new web directory that handles CAS service validation tasks and consequent user logging in and redirection to homepage. *Note: You will need to install php-pear-CAS module on your Web Server.* was (Author: junaid.ali): Please find attached the VCL CAS SSO patch. This patch modifies/adds the following files: .ht-inc/authentication.php .ht-inc/conf-default.php .ht-inc/utils.php .ht-inc/authmethods/casauth.php (new) casauth/index.php (new) Below are details for each change: *.ht-inc/authentication.php* selectAuth() function modified to allow for directing CAS type authentication choices to the casauth.php authentication handler. *.ht-inc/conf-default.php* Added descriptive configuration options for add CAS paramters to authMechs array. *.ht-inc/utils.php* * getCryptKeyID() function was modified to add support for casauth URL's * curlDoSSLWebRequest() function added for performing web requests using PHP cURL library *.ht-inc/authmethods/casauth.php* A new authentication handler that plug's into the conf.php configuration file and handles CAS related tasks, e.g. validating users, adding users to database, updating users in database, updating user group membership to a global group. The user group needs to be pre-created to make sure CAS authenticated users will get added to it. *casauth/index.php* This is a new web directory that handles CAS service validation tasks and consequent user logging in and redirection to homepage. Note: You will need to install php-pear-CAS module. > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-CAS-Authentication-Module.patch, Design document > for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Commented] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16412229#comment-16412229 ] Junaid Ali commented on VCL-1087: - Please find attached the VCL CAS SSO patch. This patch modifies/adds the following files: .ht-inc/authentication.php .ht-inc/conf-default.php .ht-inc/utils.php .ht-inc/authmethods/casauth.php (new) casauth/index.php (new) Below are details for each change: *.ht-inc/authentication.php* selectAuth() function modified to allow for directing CAS type authentication choices to the casauth.php authentication handler. *.ht-inc/conf-default.php* Added descriptive configuration options for add CAS paramters to authMechs array. *.ht-inc/utils.php* * getCryptKeyID() function was modified to add support for casauth URL's * curlDoSSLWebRequest() function added for performing web requests using PHP cURL library *.ht-inc/authmethods/casauth.php* A new authentication handler that plug's into the conf.php configuration file and handles CAS related tasks, e.g. validating users, adding users to database, updating users in database, updating user group membership to a global group. The user group needs to be pre-created to make sure CAS authenticated users will get added to it. *casauth/index.php* This is a new web directory that handles CAS service validation tasks and consequent user logging in and redirection to homepage. > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-VCL-CAS-Authentication-support.patch, Design > document for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1087: Attachment: 0001-VCL-CAS-Authentication-support.patch > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: 0001-VCL-CAS-Authentication-support.patch, Design > document for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Updated] (VCL-1087) VCL CAS SSO
[ https://issues.apache.org/jira/browse/VCL-1087?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Junaid Ali updated VCL-1087: Description: This new feature will add [CAS|https://www.apereo.org/projects/cas] single sign on support to the VCL Website. (was: This new feature will add [CAS|[http|https://www.apereo.org/projects/cas]s://[www.apereo.org/projects/cas]|http://www.apereo.org/projects/cas]] single sign on support to the VCL Website.) > VCL CAS SSO > --- > > Key: VCL-1087 > URL: https://issues.apache.org/jira/browse/VCL-1087 > Project: VCL > Issue Type: New Feature > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Major > Attachments: Design document for adding CAS support to VCL.pdf > > > This new feature will add [CAS|https://www.apereo.org/projects/cas] single > sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
Re: VCL CAS SSO
Looks like the list server dropped the attachment. I've created a JIRA issue and attached the file to the issue. https://issues.apache.org/jira/browse/VCL-1087 Thanks. Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, 10W, 35st Street, Room # 7F7-1, Chicago, IL - 60616 On Tue, Mar 13, 2018 at 10:17 AM, Junaid Ali <alisy...@iit.edu> wrote: > Hello Josh, Joe, > Please find attached a high level design for adding CAS support to VCL. > Waiting for your input! > > Thanks. > > Junaid Ali > Systems & Virtualization Engineer, > Office of Technology Services/IIT, > 10W, 35st Street, Room # 7F7-1, > Chicago, IL - 60616 > > > > > On Mon, Mar 12, 2018 at 4:49 PM, Junaid Ali <alisy...@iit.edu> wrote: > >> Thanks for the information Josh and Joe. >> I'm working on a draft of the design, that I'll share soon for your >> reviews. >> >> Thanks. >> Junaid >> > >
[jira] [Created] (VCL-1087) VCL CAS SSO
Junaid Ali created VCL-1087: --- Summary: VCL CAS SSO Key: VCL-1087 URL: https://issues.apache.org/jira/browse/VCL-1087 Project: VCL Issue Type: New Feature Components: web gui (frontend) Affects Versions: 2.5 Reporter: Junaid Ali Attachments: Design document for adding CAS support to VCL.pdf This new feature will add [CAS|[http|https://www.apereo.org/projects/cas]s://[www.apereo.org/projects/cas]|http://www.apereo.org/projects/cas]] single sign on support to the VCL Website. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
RE: VCL CAS SSO
Thanks for the information Josh and Joe. I'm working on a draft of the design, that I'll share soon for your reviews. Thanks. Junaid
VCL CAS SSO
Hello VCL Developers, I'm looking into possible integration for adding CAS <https://www.apereo.org/projects/cas> SSO to VCL Website. I checked the available authentication methods and found LDAP & Shibboleth as support authentication providers. We are currently using Active directory backed LDAP. I was wondering if someone has already integrated CAS for VCL? If not, I was also interested in working on this new feature. Any guidance from the core developers would be much appreciated. Thanks. Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, 10W, 35st Street, Room # 7F7-1, Chicago, IL - 60616
[jira] [Commented] (VCL-1085) Configuring VCL Website to use custom port
[ https://issues.apache.org/jira/browse/VCL-1085?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16350923#comment-16350923 ] Junaid Ali commented on VCL-1085: - Verified with version 2.5. Testing included the below: * testsetup.php passes * login to the website works * browsed through menus in the management website and was able to open menus properly > Configuring VCL Website to use custom port > -- > > Key: VCL-1085 > URL: https://issues.apache.org/jira/browse/VCL-1085 > Project: VCL > Issue Type: Improvement > Components: web gui (frontend) >Affects Versions: 2.5 > Reporter: Junaid Ali >Priority: Minor > Attachments: website.patch > > > The current VCL website runs on default ports (80, 443). This fix adds > support for running the website on custom ports. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
[jira] [Created] (VCL-1085) Configuring VCL Website to use custom port
Junaid Ali created VCL-1085: --- Summary: Configuring VCL Website to use custom port Key: VCL-1085 URL: https://issues.apache.org/jira/browse/VCL-1085 Project: VCL Issue Type: Improvement Components: web gui (frontend) Affects Versions: 2.5 Reporter: Junaid Ali Attachments: website.patch The current VCL website runs on default ports (80, 443). This fix adds support for running the website on custom ports. -- This message was sent by Atlassian JIRA (v7.6.3#76005)
VCL Image Creation Error
Hello, I'm trying to use the vcl development code (svn revision # 1796184) running on Oracle Linux VM (version Red Hat Enterprise Linux Server release 7.3 (Maipo)) and having issues doing a centos 7 image capture. The VMHost is using vcenter version 6.0.0. The happens right after the VM shuts down and VMWare capture routine tries to "Tag the .vmx with the OS product name and architecture". The stack trace is available at https://pastebin.com/GnAt0wXv I have also tried updating the lib/VCL/Module/Provisioning/VMware/VMware.pm file by adding use VCL::Module::OS; but that still did not resolve the issue. # perl --version This is perl 5, version 16, subversion 3 (v5.16.3) built for x86_64-linux-thread-multi (with 34 registered patches, see perl -V for more detail) Any ideas what I'm missing here? Please let me know if you need any other information/clarification. Thanks. Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, 10W, 35st Street, Room # 7F7-1, Chicago, IL - 60616
Re: vcl database cleanup
Thanks for the info Josh. Let me know if you need any help refactoring. Thanks. Junaid. On Thu, Oct 20, 2016 at 8:18 AM, Josh Thompson <josh_thomp...@ncsu.edu> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Junaid, > > Good to hear from you - we've just been working on incorporating your AD > work > this week. Thanks for contributing it - sorry it's taken so long to > incorporate it. > > I'd recommend against cleaning out the user entries because they are tied > to > so many other table entries. If you have concerns of having old user data > in > there that could potentially be exposed in the event of a security breach, > I'd recommend to anonymize the unityid, firstname, lastname, preferredname, > and email fields for the old accounts. > > To help with the space usage, cleaning up the continuations and querylog > tables will be the most helpful. I'd actually recommend having a > maintenance > window once or twice a year to clean those tables. You can safely delete > any > entries from the continuations table with expiretime < NOW(). The querylog > table is never read from - it is only written to to allow for auditing in > the > event of a problem or security incident. All queries by the web frontend > that are INSERT, UPDATE, or DELETE are logged to the table. You can delete > as many entries from querylog as you'd like based on the timestamp. If you > know you'd never look at data in the querylog table, you can disable it by > setting QUERYLOGGING to 0 in conf.php (that may have been added in 2.4.2). > > That said, because the tables are in the innodb format, deleting entries > will > not decrease the amount of space consumed on disk. It will free up space > for > future database entries that will be added without increasing the disk > usage > further. It's kind of like a thin provisioned VM disk file. The only way > to > actually reclaim the space is to backup the database by dumping it, > deleting/recreating the database, and then doing a restore. You can also > reconfigure your database to use individual files per innodb table and then > run an optimize query on the table (which creates a new table, transfers > the > data, and deletes the old table). > > I hope that helps! > > Josh > > On Wednesday, October 19, 2016 3:22:44 PM Junaid Ali wrote: > > Hello, > > We are currently using vcl version 2.3.2 in our environment. We use > Active > > Directory for LDAP Authentication and user accounts get added to specific > > groups in VCL based on user access rights. Since its deployment, the VCL > > MySQL database has not been purged of historical data. Curerntly the > > querylog table is using 1.5 Gb and continuations table is using 750 Mb > > storage. We are interested in cleaning the user accounts that exist in > the > > database and are not active (during the current academic year). Is there > a > > recommended procedure for purging user accounts from the VCL database? I > > understand there is user data referenced in other VCL tables (e.g. log) > > that needs to be deleted before the actual user account can be purged. > > > > Thanks > > > > Junaid Ali > > Systems & Virtualization Engineer, > > Office of Technology Services/IIT, > > Chicago, IL - 60616 > - -- > - --- > Josh Thompson > VCL Developer > North Carolina State University > > my GPG/PGP key can be found at pgp.mit.edu > > All electronic mail messages in connection with State business which > are sent to or received by this account are subject to the NC Public > Records Law and may be disclosed to third parties. > -BEGIN PGP SIGNATURE- > Version: GnuPG v2 > > iEYEARECAAYFAlgIxEQACgkQV/LQcNdtPQO6IQCdHsj3kLw769IFH7c6zS/cHaI0 > t/8An13UtK+iT1wHCIV0NdW06Oss3Uau > =Yj8G > -END PGP SIGNATURE- > >
vcl database cleanup
Hello, We are currently using vcl version 2.3.2 in our environment. We use Active Directory for LDAP Authentication and user accounts get added to specific groups in VCL based on user access rights. Since its deployment, the VCL MySQL database has not been purged of historical data. Curerntly the querylog table is using 1.5 Gb and continuations table is using 750 Mb storage. We are interested in cleaning the user accounts that exist in the database and are not active (during the current academic year). Is there a recommended procedure for purging user accounts from the VCL database? I understand there is user data referenced in other VCL tables (e.g. log) that needs to be deleted before the actual user account can be purged. Thanks Junaid Ali Systems & Virtualization Engineer, Office of Technology Services/IIT, Chicago, IL - 60616
Re: vcld memory leak
Hi Andy, Thanks for the reply and the quick patch. I didn't receive any attachment. Can you please resend the attachment? Thanks. On Wed, Oct 8, 2014 at 12:44 PM, Andy Kurth andy_ku...@ncsu.edu wrote: The pids look correct. Is this host currently generating any of the 'Start tag expected...' error messages? If it is then something else may be wrong. If not, then if you see the error in the future I would again check the pids. It's pretty simple but tedious. In your file, the value in vmware-hostd.PID (2953236) should match the PID of the first hostd-worker process and the PPID of the other hostd-worker processes. The same goes for the other files and processes. I have updated the code in the repository to catch the error which caused the process to die over and over again. I also applied similar changes to the vSphere_SDK.pm file which shipped with 2.3.2 to the attached file. You can try to swap your current file: /usr/local/vcl/lib/VCL/Module/Provisioning/vSphere_SDK.pm ...with the attached file and restart the vcld service. I tested this on a simple reload and it worked. The updated file won't prevent the initial error from occurring but it will catch the problem so that the vcld process doesn't abruptly die and repeatedly retry. -Andy On Wed, Oct 8, 2014 at 12:35 PM, Junaid Ali alisy...@iit.edu wrote: Hi Andy, Thanks for the information. I was able to ssh into the vmhost and run the commands. It runs the vim-cmd commands without any errors. Attached are the PID from the files as well as ps command and they are consistent. So it may not be related to the PID mismatch. I looked back during the week of 9/3 when the original problem occurred and could not find anything out of place on the VMHost (please check attached pdf report from vcenter) or the management node. Thanks. Junaid. On Wed, Oct 8, 2014 at 9:18 AM, Andy Kurth andy_ku...@ncsu.edu wrote: There are probably 2 related problems -- (1) the health of the ESXi server and (2) the VCL code not handling all cases when the health of the host causes unexpected results. More below... On Tue, Oct 7, 2014 at 6:53 PM, Junaid Ali alisy...@iit.edu wrote: Hello, I've recently been hitting a memory leak with the vcl daemon (VCL version 2.3.2). The problem appears to be happening in the computer_not_being_used subroutine within new.pm (see attached log) The problem appears to start when during a reload there was an issue communicating with the VMWare server. This caused the VM to be left on the VMHost in a powered off state along with the deletion of the entries from the computerloadlog table *|6309|19812:19812|reload| CRITICAL * *|6309|19812:19812|reload| 2014-09-03 09:45:50|6309|19812:19812|reload|vcld:die_handler(639)|:1: parser error : Start tag expected, '' not found* *|6309|19812:19812|reload| Can't connect to vcl2:443 (Connection refused)* *|6309|19812:19812|reload| ^* *|6309|19812:19812|reload| ( 0) vcld, die_handler (line: 639)* *|6309|19812:19812|reload| (-1) LibXML.pm, (eval) (line: 378)* *|6309|19812:19812|reload| (-2) LibXML.pm, parse_string (line: 378)* *|6309|19812:19812|reload| (-3) VICommon.pm, (eval) (line: 2194)* *|6309|19812:19812|reload| (-4) VICommon.pm, request (line: 2194)* *|6309|19812:19812|reload| (-5) (eval 29660), RetrieveProperties (line: 172)* *|6309|19812:19812|reload| (-6) VICommon.pm, update_view_data (line: 1663)* *|6309|19812:19812|reload| (-7) VICommon.pm, get_view (line: 1512)* *|6309|19812:19812|reload| (-8) vSphere_SDK.pm, _get_file_info (line: 2471)* *|6309|19812:19812|reload| (-9) vSphere_SDK.pm, find_files (line: 2096)* *|6309|19812:19812|reload| (-10) VMware.pm, remove_existing_vms (line: 1594)* *|6309|19812:19812|reload| (-11) VMware.pm, load (line: 469)* *|6309|19812:19812|reload| (-12) new.pm http://new.pm, reload_image (line: 671)* *|6309|19812:19812|reload| (-13) new.pm http://new.pm, process (line: 291)* *|6309|19812:19812|reload| (-14) vcld, make_new_child (line: 571)* *2014-09-03 09:45:51|6309|19812:19812|reload|utils.pm: delete_computerloadlog_reservation(6396)|removing computerloadlog entries matching loadstate = begin* *2014-09-03 09:45:51|6309|19812:19812|reload|utils.pm: delete_computerloadlog_reservation(6443)|deleted rows from computerloadlog for reservation id=19812* Yes. We are seeing this more and more as of late on our ESXi 4.1 servers. This particular error only appears if you are using the vSphere SDK to manage the host. I believe the same underlying problem is described in the following issue if SSH and vim-cmd is used to manage the host: https://issues.apache.org/jira/browse/VCL-769 As a test on a server which is exhibiting the problem you described and to determine if the problems are related, please try to SSH in and run the following command: vim-cmd hostsvc/datastore/info If this displays an error
vcld memory leak
Hello,
I've recently been hitting a memory leak with the vcl daemon (VCL version
2.3.2). The problem appears to be happening in the computer_not_being_used
subroutine within new.pm (see attached log)
The problem appears to start when during a reload there was an issue
communicating with the VMWare server. This caused the VM to be left on the
VMHost in a powered off state along with the deletion of the entries from
the computerloadlog table
*|6309|19812:19812|reload| CRITICAL *
*|6309|19812:19812|reload| 2014-09-03
09:45:50|6309|19812:19812|reload|vcld:die_handler(639)|:1: parser error :
Start tag expected, '' not found*
*|6309|19812:19812|reload| Can't connect to vcl2:443 (Connection refused)*
*|6309|19812:19812|reload| ^*
*|6309|19812:19812|reload| ( 0) vcld, die_handler (line: 639)*
*|6309|19812:19812|reload| (-1) LibXML.pm, (eval) (line: 378)*
*|6309|19812:19812|reload| (-2) LibXML.pm, parse_string (line: 378)*
*|6309|19812:19812|reload| (-3) VICommon.pm, (eval) (line: 2194)*
*|6309|19812:19812|reload| (-4) VICommon.pm, request (line: 2194)*
*|6309|19812:19812|reload| (-5) (eval 29660), RetrieveProperties (line:
172)*
*|6309|19812:19812|reload| (-6) VICommon.pm, update_view_data (line: 1663)*
*|6309|19812:19812|reload| (-7) VICommon.pm, get_view (line: 1512)*
*|6309|19812:19812|reload| (-8) vSphere_SDK.pm, _get_file_info (line: 2471)*
*|6309|19812:19812|reload| (-9) vSphere_SDK.pm, find_files (line: 2096)*
*|6309|19812:19812|reload| (-10) VMware.pm, remove_existing_vms (line:
1594)*
*|6309|19812:19812|reload| (-11) VMware.pm, load (line: 469)*
*|6309|19812:19812|reload| (-12) new.pm http://new.pm, reload_image
(line: 671)*
*|6309|19812:19812|reload| (-13) new.pm http://new.pm, process (line:
291)*
*|6309|19812:19812|reload| (-14) vcld, make_new_child (line: 571)*
*2014-09-03
09:45:51|6309|19812:19812|reload|utils.pm:delete_computerloadlog_reservation(6396)|removing
computerloadlog entries matching loadstate = begin*
*2014-09-03
09:45:51|6309|19812:19812|reload|utils.pm:delete_computerloadlog_reservation(6443)|deleted
rows from computerloadlog for reservation id=19812*
Now when a new reservation comes in and the same vm is allocated for the
reservation, the computer_not_being_used subroutine calls the
$self-code_loop_timeout(sub{return !reservation_being_processed(@_)},
[$competing_reservation_id], $message, $total_wait_seconds,
$attempt_delay_seconds)) section (on line # 815 in new.pm) it receives a 0
from reservation_being_processed with message
*2014-10-07
11:45:54|8175|23084:23084|new|utils.pm:reservation_being_processed(8634)|computerloadlog
'begin' entry does NOT exist for reservation 19812 *
The vcl daemon thinks that the reload has completed. This causes the same
reservation to be processed over an over within computer_not_being_used
causing memory spike's and eventually killing that vcld thread.
Any ideas how the reservation_being_processed can handle the lack of
begin entries when used along with the code_loop_timeout from
computer_not_being_used or the DESTROY handler can make sure such
reservations are purged, so it doesn't cause this issue?
Please let me know if you need any further clarification.
Thanks.
--
Junaid Ali
|8175|23084:23084|new| WARNING
|8175|23084:23084|new| 2014-10-07
11:44:36|8175|23084:23084|new|new.pm:computer_not_being_used(736)|vcl-vm-33
state is reloading, checking if any conflicting reservations are active
|8175|23084:23084|new| ( 0) new.pm, computer_not_being_used (line: 736)
|8175|23084:23084|new| (-1) new.pm, computer_not_being_used (line: 821)
|8175|23084:23084|new| (-2) new.pm, computer_not_being_used (line: 821)
|8175|23084:23084|new| (-3) new.pm, process (line: 127)
|8175|23084:23084|new| (-4) vcld, make_new_child (line: 571)
|8175|23084:23084|new| (-5) vcld, main (line: 350)
2014-10-07
11:44:36|8175|23084:23084|new|new.pm:computer_not_being_used(742)|retrieving
info for reservations assigned to vcl-vm-33
2014-10-07 11:44:36|8175|23084:23084|new|utils.pm:get_user_info(7540)|UID value
is not configured for user mousa, setting UID to VCL user ID: mousa,
standalone: 1
2014-10-07 11:44:36|8175|23084:23084|new|utils.pm:get_user_info(7540)|UID value
is not configured for user mousa, setting UID to VCL user ID: mousa,
standalone: 1
2014-10-07
11:44:36|8175|23084:23084|new|utils.pm:get_connect_method_info(10059)|attempting
to retrieve connect method info:
|8175|23084:23084|new| imagerevision: 70 - vmwarewin7-IITWin7OTS137-v5
|8175|23084:23084|new| OS: 35 - vmwarewin7
|8175|23084:23084|new| OS type: 1 - windows
2014-10-07
11:44:36|8175|23084:23084|new|utils.pm:get_connect_method_info(10123)|RDP:
connectmethodid=2, OStypeid=1, OSid=NULL, imagerevisionid=NULL, disabled=0
2014-10-07 11:44:36|8175|23084:23084|new|utils.pm:get_user_info(7540)|UID value
is not configured for user vclreload, setting UID to VCL user ID: vclreload,
standalone: 1
2014-10-07 11:44:36|8175|23084:23084|new|utils.pm:get_user_info(7540)|UID value
[jira] [Created] (VCL-773) Dashboard View Update
Junaid Ali created VCL-773: -- Summary: Dashboard View Update Key: VCL-773 URL: https://issues.apache.org/jira/browse/VCL-773 Project: VCL Issue Type: Improvement Components: web gui (frontend) Affects Versions: 2.3.2 Reporter: Junaid Ali Priority: Trivial The current Dashboard page shows a list of Loading Reservations. This list does not show the User whose loading the reservation.This fix adds the details of the user (unityid@affiliation) to this section of the dashboard. -- This message was sent by Atlassian JIRA (v6.2#6252)
VCL Reclaim
Hello, When a user's reservation ends, the VM's are reloaded immediately with the next image. This includes hard powering off of the VM and any running user session is lost. We use Labstats to track application usage and user login times, that depends on a graceful logoff and shutdown of applications to record usage data. This hard powering off of the VM causes much of the LabStats data to be lost. Is there a way to hookup processes (e.g. unreserve) that run at the end of the reservation, maybe like an opposite of reserve() routine. Would there be enough interest in having this functionality in the core software, so we don't diverge from the community? FYI, we are using VCL 2.2 and plan on an upgrade to 2.3.2 this summer. Any thoughts? Junaid Ali
