Merge pull request #1 from GENI-NSF/master

update my local fork

.gitignore

@@ -1,5 +1,3 @@
-bin/geni-ch-githash
-
 # temporary/autosave editor files
 \#*#
 .#*

CHANGES.md

@@ -1,5 +1,141 @@
 # GENI Portal Release Notes
 
+# [Release 3.25](https://github.com/GENI-NSF/geni-portal/milestones/3.25)
+
+## Changes
+
+* None
+
+## Installation Notes
+
+* None
+
+# [Release 3.24](https://github.com/GENI-NSF/geni-portal/milestones/3.24)
+
+## Changes
+
+* Encode arguments when verifying a user
+  ([#1794](https://github.com/GENI-NSF/geni-portal/issues/1794))
+* Add .php to RSpec related redirects
+  ([#1797](https://github.com/GENI-NSF/geni-portal/issues/1797))
+* Fix a UTF-8 encoding error in geni-sync-wireless
+  ([#1799](https://github.com/GENI-NSF/geni-portal/issues/1799))
+* Fix exceptions when using `--user` arg to geni-sync-wireless
+  ([#1801](https://github.com/GENI-NSF/geni-portal/issues/1801))
+* Switch to vanilla Shibboleth EDS
+  ([#1802](https://github.com/GENI-NSF/geni-portal/issues/1802))
+
+## Installation Notes
+
+* Install Shibboleth EDS per INSTALL-centos.md
+* Update Shibboleth SP configuration to use new discovery page
+  portal-ds.php instead of the EDS page.
+
+# [Release 3.23](https://github.com/GENI-NSF/geni-portal/milestones/3.23)
+
+## Changes
+
+* Use configured from address in all portal emails
+  ([#1777](https://github.com/GENI-NSF/geni-portal/issues/1777))
+* Support migrating accounts from GPO IdP to NCSA IdP
+  ([#1786](https://github.com/GENI-NSF/geni-portal/issues/1786))
+
+## Installation Notes
+
+* In order to enable the account transfer functionality, add the
+  following new settings to /etc/geni-ch/settings.php. Adjust the
+  values to suit the environment.
+
+  ```
+  /* Username for IdP admin pages */
+  $idp_user = "scott";
+  /* Password for IdP admin pages */
+  $idp_pass = "tiger";
+  /* IdP host */
+  $idp_host = "idp.example.com";
+  ```
+
+# [Release 3.22](https://github.com/GENI-NSF/geni-portal/milestones/3.22)
+
+## Changes
+
+* Email Admins on Join Requests
+  ([#1672](https://github.com/GENI-NSF/geni-portal/issues/1672))
+* Use a placeholder ssh key in geni-sync-wireless
+  ([#1726](https://github.com/GENI-NSF/geni-portal/issues/1726))
+* Fix redirect on upload ssh key
+  ([#1778](https://github.com/GENI-NSF/geni-portal/issues/1778))
+* Remove githash file
+  ([#1781](https://github.com/GENI-NSF/geni-portal/issues/1781))
+
+## Installation Notes
+
+* None
+
+# [Release 3.21](https://github.com/GENI-NSF/geni-portal/milestones/3.21)
+
+## Changes
+
+* Set envelope sender to the portal's own email address
+  ([#1774](https://github.com/GENI-NSF/geni-portal/issues/1774))
+
+## Installation Notes
+
+* None
+
+# [Release 3.20](https://github.com/GENI-NSF/geni-portal/milestones/3.20)
+
+## Changes
+
+* Update packaging and cron documentation
+  ([#1765](https://github.com/GENI-NSF/geni-portal/issues/1765))
+* Switch to GitHub Flow
+  ([#1766](https://github.com/GENI-NSF/geni-portal/issues/1766))
+* Add cert and key to geni-sync-wireless call to sync one project
+  ([#1767](https://github.com/GENI-NSF/geni-portal/issues/1767))
+* Add from email address to settings instead of hard coded
+  ([#1769](https://github.com/GENI-NSF/geni-portal/issues/1769))
+
+## Installation Notes
+
+* Add `$portal_from_email` to `/etc/geni-ch/settings.php`
+
+# [Release 3.19](https://github.com/GENI-NSF/geni-portal/milestones/3.19)
+
+## Changes
+
+* Add CentOS 7 httpd config for OpenID
+  ([#1755](https://github.com/GENI-NSF/geni-portal/issues/1755))
+* Install Jacks icon file VM-noTxt-centered
+  ([#1756](https://github.com/GENI-NSF/geni-portal/issues/1756))
+* Make geni-fetch-aggmon request more data
+  ([#1762](https://github.com/GENI-NSF/geni-portal/issues/1762))
+
+## Installation Notes
+
+* None
+
+# [Release 3.18](https://github.com/GENI-NSF/geni-portal/milestones/3.18)
+
+## Changes
+
+* Rework the 'Join A Project' page for better privacy
+  ([#1743](https://github.com/GENI-NSF/geni-portal/issues/1743))
+* Remove cc to admins on self-asserted email address
+  ([#1744](https://github.com/GENI-NSF/geni-portal/issues/1744))
+* Use GENI Monitoring for Jacks AM status
+  ([#1747](https://github.com/GENI-NSF/geni-portal/issues/1747))
+* Change the Disk Image JSON URL for the Genidesktop
+  ([#1748](https://github.com/GENI-NSF/geni-portal/issues/1748))
+* Add Links to GENI monitoring on aggregate status pages
+  ([#1751](https://github.com/GENI-NSF/geni-portal/issues/1751))
+* Adopt unaffiliated identity provider for login
+  ([#1753](https://github.com/GENI-NSF/geni-portal/issues/1753))
+
+## Installation Notes
+
+* None
+
 # [Release 3.17](https://github.com/GENI-NSF/geni-portal/milestones/3.17)
 
 ## Changes

CONTRIBUTING.md

@@ -4,19 +4,24 @@ The GENI-NSF repositories are very much a community driven effort, and
 your contributions are critical. A big thank you to all our contributors!
 
 ## Mailing Lists
- * GENI Portal and Clearinghouse users may raise issues or get announcements on the general [GENI Users mailing list](https://groups.google.com/forum/#!forum/geni-users).
- * GENI developers discuss general GENI development on [email protected]. Subscribe here: http://lists.geni.net/mailman/listinfo/dev.
+
+* GENI experimenters can ask questions and get announcements on the
+  [GENI Users Google group](https://groups.google.com/forum/#!forum/geni-users).
+* Developers can discuss GENI development on the
+  [GENI Developers Google group](https://groups.google.com/forum/#!forum/geni-developers).
 
 ## General Guidelines
- - GENI-NSF projects follow the general [GitHub open source project guidelines](https://guides.github.com/activities/contributing-to-open-source/#contributing).
- - [Create a GitHub Issue](#reporting-issues) for any bug, feature, or enhancement you find or intend to address.
- - Submit enhancements or bug fixes using pull requests (see the [sample workflow below](#sample-contribution-workflow)).
- - GENI-NSF projects use the branching model found at
- http://nvie.com/posts/a-successful-git-branching-model/
-  - All work happens in issue-specific branches off of the `develop`
-  branch.
-   - For example, a branch for Issue 1234 might be named `tkt1234-my-feature`.
- - Note that all GENI-NSF code is released under the [GENI Public License](LICENSE.txt) and should include that license.
+
+* GENI-NSF projects follow the
+  [GitHub open source project guidelines](https://guides.github.com/activities/contributing-to-open-source/#contributing).
+* [Create a GitHub Issue](#reporting-issues) for any bug, feature, or
+  enhancement you find or intend to address.
+* Submit enhancements or bug fixes using pull requests
+  (see the [sample workflow below](#sample-contribution-workflow)).
+* GENI-NSF projects use the
+  [GitHub Flow](https://guides.github.com/introduction/flow/) branching model.
+* All GENI-NSF code is released under the [GENI Public License](LICENSE.txt)
+  and should include that license.
 
 ## Reporting Issues ##
  - Check [existing issues](https://github.com/GENI-NSF/geni-portal/issues) first to see if the issue has already been reported.
@@ -32,17 +37,15 @@ GENI Portal source code is available on [GitHub](https://github.com/GENI-NSF/gen
 
 ## Sample Contribution Workflow ##
  1. [Report the issue](#reporting-issues) or check issue comments for a suggested solution.
- 2. Create an issue-specific branch off of the `develop` branch in your [fork of the repository](http://guides.github.com/activities/forking/).
-  - Per the [branching model](http://nvie.com/posts/a-successful-git-branching-model/)
-  - E.G. `git checkout develop`, `git pull origin develop`, and then `git checkout -b tkt1234-my-feature`
+ 2. Create an issue-specific branch off of the `master` branch in your [fork of the repository](http://guides.github.com/activities/forking/).
  3. Develop your fix.
   - Follow the [code guidelines below](#code-style).
   - Reference the appropriate issue numbers in your commit messages.
   - Include the [GENI Public License](LICENSE.txt) and a copyright notice in any new source files.
   - All changes should be listed in the [CHANGES](CHANGES) file, with an issue number.
  4. Test your fix
  5. [Pull in any new changes](https://help.github.com/articles/syncing-a-fork) from the main repository ('upstream' repository).
- 6. [Submit a pull request](https://help.github.com/articles/using-pull-requests/) against the `develop` branch of the project repository.
+ 6. [Submit a pull request](https://help.github.com/articles/using-pull-requests/) against the `master` branch of the project repository.
  - In your pull request description, note what issue(s) your pull request addresses.
 
 ## Code Style ##

INSTALL-centos.md

@@ -4,7 +4,7 @@
 
 For installing the GENI Portal Software, shell windows on three servers are required:
 
- * The Portal host 
+ * The Portal host
  * The IdP host
  * The development host (from which the user can scp from/to the other hosts)
 
@@ -59,23 +59,45 @@ wget http://download.opensuse.org/repositories/security://shibboleth/CentOS_7/se
 sudo cp security\:shibboleth.repo /etc/yum.repos.d/
 ```
 
-Add GENI repository:
+Install the EPEL release
+
+The GENI software depends on
+[Fedora Extra Packages for Enterprise Linux (EPEL)](https://fedoraproject.org/wiki/EPEL)
+packages. To install EPEL:
 
 ```bash
-wget http://www.gpolab.bbn.com/experiment-support/gposw/centos/geni.repo
-sudo cp geni.repo /etc/yum.repos.d/
+sudo yum install -y epel-release
 ```
 
-Install GENI portal software
+Install GENI Tools
 
-These must be done separately in order to fullfill the geni-portal dependencies that are in the EPEL repository.
+GENI Tools RPMs are available on [GitHub](https://github.com).
+`yum` can download and install these RPMs.
 
-```bash
-sudo yum install -y epel-release
-sudo yum install -y --nogpgcheck geni-portal
+_N.B. The link in the example below may not be the latest RPM.
+You can find the URL of the latest RPM at_
+https://github.com/GENI-NSF/geni-tools/releases/latest
+
+```Shell
+sudo yum install -y \
+    https://github.com/GENI-NSF/geni-tools/releases/download/v2.9/geni-tools-2.9-1.el7.centos.noarch.rpm
+```
+
+Install GENI Portal software
+
+GENI Portal RPMs are available on [GitHub](https://github.com).
+`yum` can download and install these RPMs.
+
+_N.B. The link in the example below may not be the latest RPM.
+You can find the URL of the latest RPM at_
+https://github.com/GENI-NSF/geni-portal/releases/latest
 
+```Shell
+sudo yum install -y \
+    https://github.com/GENI-NSF/geni-portal/releases/download/v3.24/geni-portal-3.24-1.el7.centos.noarch.rpm
 ```
 
+
 ```bash
 # If there are updates on a development machine not in the RPM, do this:
 
@@ -108,25 +130,36 @@ sudo cp /tmp/hosts /etc/hosts
 ```
 
 
-# 3. Install Shibboleth Software 
+# 3. Install Shibboleth Software
 
-3a. Edit shibboleth attribute-map.xml
-```
-Edit /etc/shibboleth/attribute-map.xml and uncomment the block of <Attribute> entries
-below the "<!-- Examples of LDAP-based attributes, uncomment to use these ... -->
-```
+## 3a. Edit shibboleth attribute-map.xml
 
-3b. Install Embedded Discovery Service
-```bash
-cd /tmp
-wget https://github.com/GENI-NSF/geni-eds/releases/download/v1.1.0-geni.3/shibboleth-embedded-ds-1.1.0-geni.3.tar.gz
-tar xvfz shibboleth-embedded-ds-1.1.0-geni.3.tar.gz
-cd shibboleth-embedded-ds-1.1.0-geni.3
-sudo mkdir -p /var/www/eds
-sudo cp *.css *.js *.html *.gif *.png /var/www/eds
+Edit `/etc/shibboleth/attribute-map.xml` and uncomment the block
+of <Attribute> entries below the following line:
 
+    <!-- Examples of LDAP-based attributes, uncomment to use these ... -->
+
+## 3b. Install Embedded Discovery Service (EDS)
+```bash
+sudo yum install -y shibboleth-embedded-ds
 ```
 
+## 3c. Edit Shibboleth EDS Apache configuration
+
+There is a bug in the Shibboleth EDS configuration file for Apache on
+CentOS 7. In `/etc/httpd/conf.d/shibboleth-ds.conf`, change the line:
+
+    Allow from all
+
+To:
+
+    Require all granted
+
+## 3d. Edit Shibboleth EDS config file
+
+Edit the file `/etc/shibboleth-ds/idpselect_config.js` and set the
+`helpURL` to a valid web page or email link.
+
 # 4. Set up Variables
 ```bash
 sudo cp /usr/share/geni-ch/templates/parameters.json \
@@ -165,11 +198,11 @@ sudo service tomcat6 restart
 
 ```
 # On development host:
-scp $IDP_HOST:/opt/shibboleth-idp/metadata/idp-metadata.xml  /tmp/idp-metadata-$IDP_HOST.xml 
+scp $IDP_HOST:/opt/shibboleth-idp/metadata/idp-metadata.xml  /tmp/idp-metadata-$IDP_HOST.xml
 scp /tmp/idp-metadata-$IDP_HOST.xml $PORTAL_HOST:/tmp
 ```
 
-``` 
+```
 # On portal host:
 # Add host-specific extensions to IDP metadata for GENI logo, name, etc.
 sed -e "/<Extensions>/r /tmp/idp-metadata-extension.xml" /tmp/idp-metadata-$IDP_HOST.xml > /tmp/idp-metadata-$IDP_HOST.extended.xml
@@ -204,7 +237,44 @@ sudo cp /tmp/portal-*.pem /usr/share/geni-ch/portal
 sudo cp /tmp/km-*.pem /usr/share/geni-ch/km
 ```
 
-# 9. Restart HTTPD service
-```bash
+# 9. Disable HTTPD private tmp directory
+
+The portal uses /tmp to communicate between the portal and launched
+omni/stitcher commands. Depending on the installation, CentOS may enable
+a private /tmp directory for httpd which will hide the necessary files
+from launched omni/stitcher processes.
+
+To disable private tmp directory for httpd, edit the file:
+
+    /etc/systemd/system/multi-user.target.wants/httpd.service
+
+and set `PrivateTmp` to false:
+
+````
+PrivateTmp=false
+````
+
+# 10. Enable HTTPD and SHIBD services to start at boot time
+
+The following commands will enable the services to start at boot time:
+
+````sh
+sudo systemctl enable httpd.service
+
+sudo systemctl enable shibd.service
+````
+
+The following commands will verify that the services are set to start
+at boot time. These should report "enabled".
+
+````sh
+sudo systemctl is-enabled httpd.service
+
+sudo systemctl is-enabled shibd.service
+````
+
+# 11. Restart HTTPD service
+
+```sh
 sudo systemctl restart httpd.service
 ```