Thanks for your understanding.
I updated trunk with the shibboleth-related fixes (adding user.validated to the
database scripts, fixing the global scope of $addUserFuncArgs). I also took the
opportunity to update the updateShibUser function so that user.validated is set
to 1 whenever a user officially logs in through the standard Shibboleth
channels (which makes the 'user.validated' field work as intended).
Aaron C.
On May 31, 2012, at 12:32 PM, Aaron Peeler wrote:
> I can get the OS.pm module change.
>
> I also found a small change needed in the xCAT modules... nothing
> critical but would be helpful.
>
> Aaron P.
>
> On Thu, May 31, 2012 at 12:21 PM, Andy Kurth <andy_ku...@ncsu.edu> wrote:
>> I agree. I also found some issues with vSphere.pm connecting to
>> vCenter 5 yesterday. I would like to fix this for RC2.
>> -Andy
>>
>> On Thu, May 31, 2012 at 11:51 AM, Josh Thompson <josh_thomp...@ncsu.edu>
>> wrote:
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA1
>>>
>>> Aaron,
>>>
>>> You're not being a stick in the mud. I think it's great that you tested it
>>> well enough to find a few things that need to be corrected - that's the
>>> whole
>>> point of having a community vote to do a release. I definitely consider the
>>> Shibboleth issue big enough to cut a new RC (even though that requires a new
>>> vote).
>>>
>>> All,
>>>
>>> Aaron has some good points. I think we should fix the issues he mentioned
>>> and
>>> cut RC2 for 2.3. This isn't an official vote process, but please share any
>>> thoughts you have.
>>>
>>> Josh
>>>
>>> On Wednesday, May 30, 2012 9:41:12 PM Aaron Coburn wrote:
>>>> -1
>>>>
>>>> Sorry to a stick in the mud, guys, since I'd certainly like to see 2.3
>>>> released soon, but I encountered a few issues that I think should be fixed
>>>> before cutting the release.
>>>>
>>>> I installed the release candidate using a fresh database, testing against a
>>>> vCenter provisioning engine and Shibboleth authentication. I was using a
>>>> 64-bit Windows 7 image.
>>>>
>>>> The first issue I encountered was that each time the management node calls
>>>> 'get_file_contents', the contents of the target file are printed to the
>>>> log. This is generally not an issue, but when a slice of the registry is
>>>> retrieved, that amounted to ~30,000 lines in my logfile. And that happens
>>>> each time an image is reloaded. (Somehow I hadn't noticed this with the
>>>> code from about two weeks ago). I can certainly see the usefulness of this
>>>> during development, but I don't like the fact that this is the default
>>>> behavior for a release. For now, I would suggest modifying line 1789 of
>>>> OS.pm:
>>>>
>>>> - my ($exit_status, $output) = $self->execute($command);
>>>> + my ($exit_status, $output) = $self->execute($command, 0); # do not
>>>> print the cmd output to the log
>>>>
>>>> Later, it could be nice to make this somewhat more configurable.
>>>>
>>>>
>>>> Second, if the system is using Shibboleth it is not possible to handle
>>>> users
>>>> who have not previously logged in (i.e. adding someone to a group). There
>>>> are two bugs preventing this from working properly. First, if someone
>>>> enables ALLOWADDSHIBUSERS in conf.php but doesn't define a value in
>>>> $addUserFuncArgs (I would anticipate this to be what most people using Shib
>>>> would do, since there is no documentation about what that array is for),
>>>> the initGlobals() function does not properly populate the addUserFuncArgs
>>>> array. This can be fixed by adding $addUserFuncArgs to the list of 'global'
>>>> values on line 68 in utils.php -- the current code is just modifying a
>>>> local value, not the global one:
>>>>
>>>> - global $affilValFunc, $addUserFunc, $updateUserFunc;
>>>> + global $affilValFunc, $addUserFunc, $updateUserFunc, $addUserFuncArgs;
>>>>
>>>> Once that change is made, though, there is also a SQL query expecting a
>>>> 'validated' field in the users table. This field, however, does not exist.
>>>> It is in neither update-vcl.sql nor in vcl.sql:
>>>>
>>>> vcl.sql, line 1079:
>>>>
>>>> + `validated` tinyint(1) unsigned NOT NULL default '1',
>>>>
>>>> and update-vcl.sql, lines 827-
>>>>
>>>> + -- --------------------------------------------------------
>>>> +
>>>> + --
>>>> + -- Table structure for table `user`
>>>> + --
>>>> +
>>>> + CALL AddColumnIfNotExists('user', 'validated', "tinyint(1) unsigned NOT
>>>> NULL default '1'"); +
>>>>
>>>> Once these two changes are made, however, I am able to add shib users
>>>> exactly as the documentation suggests.
>>>>
>>>> Otherwise, everything else looks good.
>>>>
>>>>
>>>> Aaron
>>> - --
>>> - -------------------------------
>>> Josh Thompson
>>> VCL Developer
>>> North Carolina State University
>>>
>>> my GPG/PGP key can be found at pgp.mit.edu
>>>
>>> All electronic mail messages in connection with State business which
>>> are sent to or received by this account are subject to the NC Public
>>> Records Law and may be disclosed to third parties.
>>> -----BEGIN PGP SIGNATURE-----
>>> Version: GnuPG v2.0.17 (GNU/Linux)
>>>
>>> iEYEARECAAYFAk/Hk28ACgkQV/LQcNdtPQMnNACfayx6uWW+d3oQcM0Dn7NVuquQ
>>> aU0AnRBy8AXa+AA5riiVJEOdamd1UHhK
>>> =w8Kn
>>> -----END PGP SIGNATURE-----
>>>
>
>
>
> --
> Aaron Peeler
> Program Manager
> Virtual Computing Lab
> NC State University
>
> All electronic mail messages in connection with State business which
> are sent to or received by this account are subject to the NC Public
> Records Law and may be disclosed to third parties.
