diff --git a/defaults/main/ood_portal.yml b/defaults/main/ood_portal.yml index 167a9af..dffc639 100644 --- a/defaults/main/ood_portal.yml +++ b/defaults/main/ood_portal.yml @@ -60,6 +60,8 @@ user_map_match: '.*' # map_fail_uri: /register pun_stage_cmd: "sudo {{ ood_base_dir }}/nginx_stage/sbin/nginx_stage" +# pun_pre_hook_root_cmd: null +# pun_pre_hook_exports: null # node_uri: '/node' # rnode_uri: '/rnode' diff --git a/molecule/default/fixtures/config/ood_portal.yml.custom.httpd b/molecule/default/fixtures/config/ood_portal.yml.custom.httpd index cc6ea7e..1c39b73 100644 --- a/molecule/default/fixtures/config/ood_portal.yml.custom.httpd +++ b/molecule/default/fixtures/config/ood_portal.yml.custom.httpd @@ -263,6 +263,21 @@ pun_socket_root: "/var/run/ondemand-nginx" # Default: 5 (only try 5 times) pun_max_retries: 5 +# The PUN pre hook command to execute as root +# +# Example: +# pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook' +# Default: null (do not run any PUN pre hook as root) +pun_pre_hook_root_cmd: '/opt/site/site_pre_hook' + +# Comma separated list of environment variables to pass from the apache context +# into the PUN pre hook. Defaults to null so nothing is exported. +# +# Example: +# pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +# Default: null (pass nothing) +pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' + # # Support for OpenID Connect # diff --git a/molecule/default/fixtures/config/ood_portal.yml.custom.httpd24-httpd b/molecule/default/fixtures/config/ood_portal.yml.custom.httpd24-httpd index 88cca37..72e9daa 100644 --- a/molecule/default/fixtures/config/ood_portal.yml.custom.httpd24-httpd +++ b/molecule/default/fixtures/config/ood_portal.yml.custom.httpd24-httpd @@ -263,6 +263,21 @@ pun_socket_root: "/var/run/ondemand-nginx" # Default: 5 (only try 5 times) pun_max_retries: 5 +# The PUN pre hook command to execute as root +# +# Example: +# pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook' +# Default: null (do not run any PUN pre hook as root) +pun_pre_hook_root_cmd: '/opt/site/site_pre_hook' + +# Comma separated list of environment variables to pass from the apache context +# into the PUN pre hook. Defaults to null so nothing is exported. +# +# Example: +# pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +# Default: null (pass nothing) +pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' + # # Support for OpenID Connect # diff --git a/molecule/default/fixtures/config/ood_portal.yml.default.httpd b/molecule/default/fixtures/config/ood_portal.yml.default.httpd index 4c248df..6936c2c 100644 --- a/molecule/default/fixtures/config/ood_portal.yml.default.httpd +++ b/molecule/default/fixtures/config/ood_portal.yml.default.httpd @@ -262,6 +262,21 @@ pun_socket_root: "/var/run/ondemand-nginx" # Default: 5 (only try 5 times) pun_max_retries: 5 +# The PUN pre hook command to execute as root +# +# Example: +# pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook' +# Default: null (do not run any PUN pre hook as root) +# pun_pre_hook_root_cmd: null + +# Comma separated list of environment variables to pass from the apache context +# into the PUN pre hook. Defaults to null so nothing is exported. +# +# Example: +# pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +# Default: null (pass nothing) +# pun_pre_hook_exports: null + # # Support for OpenID Connect # diff --git a/molecule/default/fixtures/config/ood_portal.yml.default.httpd24-httpd b/molecule/default/fixtures/config/ood_portal.yml.default.httpd24-httpd index 3eec5ed..2732d5c 100644 --- a/molecule/default/fixtures/config/ood_portal.yml.default.httpd24-httpd +++ b/molecule/default/fixtures/config/ood_portal.yml.default.httpd24-httpd @@ -262,6 +262,21 @@ pun_socket_root: "/var/run/ondemand-nginx" # Default: 5 (only try 5 times) pun_max_retries: 5 +# The PUN pre hook command to execute as root +# +# Example: +# pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook' +# Default: null (do not run any PUN pre hook as root) +# pun_pre_hook_root_cmd: null + +# Comma separated list of environment variables to pass from the apache context +# into the PUN pre hook. Defaults to null so nothing is exported. +# +# Example: +# pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +# Default: null (pass nothing) +# pun_pre_hook_exports: null + # # Support for OpenID Connect # diff --git a/molecule/default/vars/portal.yml b/molecule/default/vars/portal.yml index f63144a..937ad67 100644 --- a/molecule/default/vars/portal.yml +++ b/molecule/default/vars/portal.yml @@ -11,6 +11,8 @@ httpd_access_log: 'custom_defined_access.log' httpd_logformat: '"%O %h \"%{Referer}i\" \"%r\" %v \"%{User-Agent}i\" %{SSL_PROTOCOL}x %T %>s"' security_csp_frame_ancestors: http://my.proxy.server.edu security_strict_transport: true +pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +pun_pre_hook_root_cmd: '/opt/site/site_pre_hook' ood_auth_openidc: OIDCSessionMaxDuration: 28888 diff --git a/molecule/src-build/fixtures/config/ood_portal.yml.apache2 b/molecule/src-build/fixtures/config/ood_portal.yml.apache2 index 61fe31d..4b8f0e8 100644 --- a/molecule/src-build/fixtures/config/ood_portal.yml.apache2 +++ b/molecule/src-build/fixtures/config/ood_portal.yml.apache2 @@ -262,6 +262,21 @@ pun_socket_root: "/var/run/ondemand-nginx" # Default: 5 (only try 5 times) pun_max_retries: 5 +# The PUN pre hook command to execute as root +# +# Example: +# pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook' +# Default: null (do not run any PUN pre hook as root) +# pun_pre_hook_root_cmd: null + +# Comma separated list of environment variables to pass from the apache context +# into the PUN pre hook. Defaults to null so nothing is exported. +# +# Example: +# pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +# Default: null (pass nothing) +# pun_pre_hook_exports: null + # # Support for OpenID Connect # diff --git a/molecule/templates/fixtures/ood-portal.conf.custom.httpd b/molecule/templates/fixtures/ood-portal.conf.custom.httpd index a91f427..f26a374 100644 --- a/molecule/templates/fixtures/ood-portal.conf.custom.httpd +++ b/molecule/templates/fixtures/ood-portal.conf.custom.httpd @@ -47,7 +47,10 @@ # SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage" - + # Run a root level pre hook before starting nginx + SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "/opt/site/site_pre_hook" + # Environment variables to export to the PUN pre hook. + SetEnv OOD_PUN_PRE_HOOK_EXPORTS "OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL" # # Below is used for sub-uri's this Open OnDemand portal supports diff --git a/molecule/templates/fixtures/ood-portal.conf.custom.httpd24-httpd b/molecule/templates/fixtures/ood-portal.conf.custom.httpd24-httpd index 8f49321..a2160b2 100644 --- a/molecule/templates/fixtures/ood-portal.conf.custom.httpd24-httpd +++ b/molecule/templates/fixtures/ood-portal.conf.custom.httpd24-httpd @@ -47,7 +47,10 @@ # SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage" - + # Run a root level pre hook before starting nginx + SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "/opt/site/site_pre_hook" + # Environment variables to export to the PUN pre hook. + SetEnv OOD_PUN_PRE_HOOK_EXPORTS "OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL" # # Below is used for sub-uri's this Open OnDemand portal supports diff --git a/molecule/templates/fixtures/ood-portal.conf.default.httpd b/molecule/templates/fixtures/ood-portal.conf.default.httpd index 59f4d69..2840d23 100644 --- a/molecule/templates/fixtures/ood-portal.conf.default.httpd +++ b/molecule/templates/fixtures/ood-portal.conf.default.httpd @@ -46,7 +46,6 @@ SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage" - # # Below is used for sub-uri's this Open OnDemand portal supports # diff --git a/molecule/templates/fixtures/ood-portal.conf.default.httpd24-httpd b/molecule/templates/fixtures/ood-portal.conf.default.httpd24-httpd index b91cbe1..6577236 100644 --- a/molecule/templates/fixtures/ood-portal.conf.default.httpd24-httpd +++ b/molecule/templates/fixtures/ood-portal.conf.default.httpd24-httpd @@ -46,7 +46,6 @@ SetEnv OOD_PUN_STAGE_CMD "sudo /opt/ood/nginx_stage/sbin/nginx_stage" - # # Below is used for sub-uri's this Open OnDemand portal supports # diff --git a/templates/ood-portal.conf.j2 b/templates/ood-portal.conf.j2 index b8aa4cf..dec5c59 100644 --- a/templates/ood-portal.conf.j2 +++ b/templates/ood-portal.conf.j2 @@ -115,6 +115,14 @@ Listen {{ addr }} # SetEnv OOD_PUN_STAGE_CMD "{{ pun_stage_cmd }}" +{% if pun_pre_hook_root_cmd is defined %} + # Run a root level pre hook before starting nginx + SetEnv OOD_PUN_PRE_HOOK_ROOT_CMD "{{ pun_pre_hook_root_cmd }}" +{% if pun_pre_hook_exports is defined %} + # Environment variables to export to the PUN pre hook. + SetEnv OOD_PUN_PRE_HOOK_EXPORTS "{{ pun_pre_hook_exports }}" +{% endif %} +{%- endif -%} {% if httpd_extra is defined %} # diff --git a/templates/ood_portal.yml.j2 b/templates/ood_portal.yml.j2 index 49332c3..c09dd15 100644 --- a/templates/ood_portal.yml.j2 +++ b/templates/ood_portal.yml.j2 @@ -308,6 +308,25 @@ pun_socket_root: "{{ pun_socket_root }}" # Default: 5 (only try 5 times) pun_max_retries: {{ pun_max_retries }} +# The PUN pre hook command to execute as root +# +# Example: +# pun_pre_hook_root_cmd: '/opt/hpc-site/ood_pun_prehook' +# Default: null (do not run any PUN pre hook as root) +{% if rnode_uri is defined %}pun_pre_hook_root_cmd: '{{ pun_pre_hook_root_cmd }}' +{% else %}# pun_pre_hook_root_cmd: null +{% endif %} + +# Comma separated list of environment variables to pass from the apache context +# into the PUN pre hook. Defaults to null so nothing is exported. +# +# Example: +# pun_pre_hook_exports: 'OIDC_ACCESS_TOKEN,OIDC_CLAIM_EMAIL' +# Default: null (pass nothing) +{% if pun_pre_hook_exports is defined %}pun_pre_hook_exports: '{{ pun_pre_hook_exports }}' +{% else %}# pun_pre_hook_exports: null +{% endif %} + # # Support for OpenID Connect #