add functionality for pun_pre_hook (#108)

defaults/main/ood_portal.yml

@@ -60,6 +60,8 @@ user_map_match: '.*'
 # map_fail_uri: /register
 
 pun_stage_cmd: "sudo {{ ood_base_dir }}/nginx_stage/sbin/nginx_stage"
+# pun_pre_hook_root_cmd: null
+# pun_pre_hook_exports: null
 
 # node_uri: '/node'
 # rnode_uri: '/rnode'

molecule/default/fixtures/config/ood_portal.yml.custom.httpd

@@ -263,6 +263,21 @@ pun_socket_root: "/var/run/ondemand-nginx"
 # Default: 5 (only try 5 times)
 pun_max_retries: 5
 
+# The PUN pre hook command to execute as root
+#
+# Example:
+#    pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook'
+# Default: null (do not run any PUN pre hook as root)
+pun_pre_hook_root_cmd: '/opt/site/site_pre_hook'
+
+# Comma separated list of environment variables to pass from the apache context
+# into the PUN pre hook. Defaults to null so nothing is exported.
+#
+# Example:
+#    pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+# Default: null (pass nothing)
+pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+
 #
 # Support for OpenID Connect
 #

molecule/default/fixtures/config/ood_portal.yml.custom.httpd24-httpd

@@ -263,6 +263,21 @@ pun_socket_root: "/var/run/ondemand-nginx"
 # Default: 5 (only try 5 times)
 pun_max_retries: 5
 
+# The PUN pre hook command to execute as root
+#
+# Example:
+#    pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook'
+# Default: null (do not run any PUN pre hook as root)
+pun_pre_hook_root_cmd: '/opt/site/site_pre_hook'
+
+# Comma separated list of environment variables to pass from the apache context
+# into the PUN pre hook. Defaults to null so nothing is exported.
+#
+# Example:
+#    pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+# Default: null (pass nothing)
+pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+
 #
 # Support for OpenID Connect
 #

molecule/default/fixtures/config/ood_portal.yml.default.httpd

@@ -262,6 +262,21 @@ pun_socket_root: "/var/run/ondemand-nginx"
 # Default: 5 (only try 5 times)
 pun_max_retries: 5
 
+# The PUN pre hook command to execute as root
+#
+# Example:
+#    pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook'
+# Default: null (do not run any PUN pre hook as root)
+# pun_pre_hook_root_cmd: null
+
+# Comma separated list of environment variables to pass from the apache context
+# into the PUN pre hook. Defaults to null so nothing is exported.
+#
+# Example:
+#    pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+# Default: null (pass nothing)
+# pun_pre_hook_exports: null
+
 #
 # Support for OpenID Connect
 #

molecule/default/fixtures/config/ood_portal.yml.default.httpd24-httpd

@@ -262,6 +262,21 @@ pun_socket_root: "/var/run/ondemand-nginx"
 # Default: 5 (only try 5 times)
 pun_max_retries: 5
 
+# The PUN pre hook command to execute as root
+#
+# Example:
+#    pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook'
+# Default: null (do not run any PUN pre hook as root)
+# pun_pre_hook_root_cmd: null
+
+# Comma separated list of environment variables to pass from the apache context
+# into the PUN pre hook. Defaults to null so nothing is exported.
+#
+# Example:
+#    pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+# Default: null (pass nothing)
+# pun_pre_hook_exports: null
+
 #
 # Support for OpenID Connect
 #

molecule/default/vars/portal.yml

@@ -11,6 +11,8 @@ httpd_access_log: 'custom_defined_access.log'
 httpd_logformat: '"%O %h \"%{Referer}i\" \"%r\" %v \"%{User-Agent}i\" %{SSL_PROTOCOL}x %T %>s"'
 security_csp_frame_ancestors: http://my.proxy.server.edu
 security_strict_transport: true
+pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+pun_pre_hook_root_cmd: '/opt/site/site_pre_hook'
 
 ood_auth_openidc:
   OIDCSessionMaxDuration: 28888

molecule/src-build/fixtures/config/ood_portal.yml.apache2

@@ -262,6 +262,21 @@ pun_socket_root: "/var/run/ondemand-nginx"
 # Default: 5 (only try 5 times)
 pun_max_retries: 5
 
+# The PUN pre hook command to execute as root
+#
+# Example:
+#    pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook'
+# Default: null (do not run any PUN pre hook as root)
+# pun_pre_hook_root_cmd: null
+
+# Comma separated list of environment variables to pass from the apache context
+# into the PUN pre hook. Defaults to null so nothing is exported.
+#
+# Example:
+#    pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+# Default: null (pass nothing)
+# pun_pre_hook_exports: null
+
 #
 # Support for OpenID Connect
 #

molecule/templates/fixtures/ood-portal.conf.custom.httpd

@@ -47,7 +47,10 @@
   #
   SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
 
-
+  # Run a root level pre hook before starting nginx
+  SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "/opt/site/site_pre_hook"
+  # Environment variables to export to the PUN pre hook.
+  SetEnv OOD_PUN_PRE_HOOK_EXPORTS "OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL"
 
   #
   # Below is used for sub-uri's this Open OnDemand portal supports

molecule/templates/fixtures/ood-portal.conf.custom.httpd24-httpd

@@ -47,7 +47,10 @@
   #
   SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
 
-
+  # Run a root level pre hook before starting nginx
+  SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "/opt/site/site_pre_hook"
+  # Environment variables to export to the PUN pre hook.
+  SetEnv OOD_PUN_PRE_HOOK_EXPORTS "OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL"
 
   #
   # Below is used for sub-uri's this Open OnDemand portal supports

molecule/templates/fixtures/ood-portal.conf.default.httpd

@@ -46,7 +46,6 @@
   SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
 
 
-
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #

molecule/templates/fixtures/ood-portal.conf.default.httpd24-httpd

@@ -46,7 +46,6 @@
   SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage"
 
 
-
   #
   # Below is used for sub-uri's this Open OnDemand portal supports
   #

templates/ood-portal.conf.j2

@@ -115,6 +115,14 @@ Listen {{ addr }}
   #
   SetEnv OOD_PUN_STAGE_CMD "{{ pun_stage_cmd }}"
 
+{% if pun_pre_hook_root_cmd is defined %}
+  # Run a root level pre hook before starting nginx
+  SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "{{ pun_pre_hook_root_cmd }}"
+{% if pun_pre_hook_exports is defined %}
+  # Environment variables to export to the PUN pre hook.
+  SetEnv OOD_PUN_PRE_HOOK_EXPORTS "{{ pun_pre_hook_exports }}"
+{% endif %}
+{%- endif -%}
 
 {% if httpd_extra is defined %}
   #

templates/ood_portal.yml.j2

@@ -308,6 +308,25 @@ pun_socket_root: "{{ pun_socket_root }}"
 # Default: 5 (only try 5 times)
 pun_max_retries: {{ pun_max_retries }}
 
+# The PUN pre hook command to execute as root
+#
+# Example:
+#    pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook'
+# Default: null (do not run any PUN pre hook as root)
+{% if rnode_uri is defined %}pun_pre_hook_root_cmd: '{{ pun_pre_hook_root_cmd }}'
+{% else %}# pun_pre_hook_root_cmd: null
+{% endif %}
+
+# Comma separated list of environment variables to pass from the apache context
+# into the PUN pre hook. Defaults to null so nothing is exported.
+#
+# Example:
+#    pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL'
+# Default: null (pass nothing)
+{% if pun_pre_hook_exports is defined %}pun_pre_hook_exports: '{{ pun_pre_hook_exports }}'
+{% else %}# pun_pre_hook_exports: null
+{% endif %}
+
 #
 # Support for OpenID Connect
 #