~azzar1/unity/add-show-desktop-key : contents of platform/README at revision 442

~azzar1/unity/add-show-desktop-key : (revision 442)

README for the Informatics Virtual Learning Environment

The IVLE back end consists of the following pieces:

1. A lighttpd instance for the sandboxed execution of students' python code.

2. An apache (2.2) instance for managing a set of subversion (SVN) repositories
   (one per student).

3. A chroot jail per student which contains the following:
    a. A minimal standard environment containing a standard set of directories
       and hard links to a standard set of files (binaries, libraries, python
       code).
    b. A working copy (checked out version) of the student's SVN repository.
       This may include branches for submission and public access, though
       initially, it will only include the trunk.
    c. A working directory into which the student's programs may write files.

4. A SVN hook to automatically update the repository of a student when [s]he
   commits a change to his/her repository.

Authentication & Authorization
==============================

Authentication is to be done against centaur (the IS LDAP server), however
apache 2.2 cannot connect to it because the CA issued by IS is incorrect. If
there is a way to work around this, we don't know it at the moment. Until
we are able to use LDAP (or Active Directory), the configuration of the web
servers uses a password file located in the config directory.

Filesystem Layout
=================

The installation of the informatics infrastructure is rooted at
    /home/informatics/
with the following subdirectories:

/home/informatics/config
    All the configuration files - apache, lighttpd, etc.

/home/informatics/bin
    All the executables (i.e. scripts!).

/home/informatics/config/jail
    A directory containing all the template files and directories
    for creating a user's jail. The process of creating a jail copies
    the directory structure, then hard-links all the files.

/home/informatics/jails
    The directory containing for each student a chroot jail.

/home/informatics/jails/<name>
    The jail for the named student.

/home/informatics/jails/<name>/home/<name>/svn/trunk
    The working copy of his/her SVN repository for the named student.

/home/informatics/jails/<name>/home/<name>/svn/public
    The published work of the named student (does not require aaa)

/home/informatics/jails/<name>/home/<name>/svn/submitted
    The submitted work for the named student.

/home/informatics/jails/<name>/run
    The starting working directory when the named student's python
    scripts are run.

/home/informatics/www
    The root directory for the www view of things.

/home/informatics/www/home/<name>
    A symbolic link to /home/informatics/jails/<name>/home/<name>/svn/trunk.
    This allows the CGI module to see the python scripts for the named user.
    Access to this via the web is restricted to *authenticated* users.

/home/informatics/www/public/<name>
    A symbolic link to /home/informatics/jails/<name>/home/<name>/svn/public.
    This allows the CGI module to see the python scripts for the named user.
    This {will be,is} where the published work for the named student will be
    located.

Adding New Users
================

TODO - automate all this.

1. Create a subversion respository by adding
    [jdoe:/]
    jdoe=rw
  to the /home/informatics/config/svn-authz file.

2. Create a chroot jail (using the mkJail.sh script).

3. Initialize the svn repository with the commands
    cd /home/informatics/jails/jdoe/home/jdoe
    mkdir svn
    cd svn
    svn co <url to repository>/jdoe
    cd jdoe
    svn mkdir trunk
    svn ci

4. Create the symlinks so that the webserver can find the python code:
    cd /home/informatics/www
    ln -s /home/informatics/jails/jdoe/home/jdoe/svn/jdoe/trunk jdoe

5. Add authentication with htpasswd:
    htpasswd -m /home/informatics/config/digest jdoe


3 by drtomc A README file describing sundry bits of the platform infrastructure.	1	README for the Informatics Virtual Learning Environment
	2
	3	The IVLE back end consists of the following pieces:
	4
	5	1. A lighttpd instance for the sandboxed execution of students' python code.
	6
	7	2. An apache (2.2) instance for managing a set of subversion (SVN) repositories
	8	(one per student).
	9
	10	3. A chroot jail per student which contains the following:
	11	a. A minimal standard environment containing a standard set of directories
	12	and hard links to a standard set of files (binaries, libraries, python
	13	code).
	14	b. A working copy (checked out version) of the student's SVN repository.
	15	This may include branches for submission and public access, though
	16	initially, it will only include the trunk.
	17	c. A working directory into which the student's programs may write files.
	18
	19	4. A SVN hook to automatically update the repository of a student when [s]he
	20	commits a change to his/her repository.
	21
	22	Authentication & Authorization
	23	==============================
	24
	25	Authentication is to be done against centaur (the IS LDAP server), however
	26	apache 2.2 cannot connect to it because the CA issued by IS is incorrect. If
	27	there is a way to work around this, we don't know it at the moment. Until
	28	we are able to use LDAP (or Active Directory), the configuration of the web
	29	servers uses a password file located in the config directory.
	30
	31	Filesystem Layout
	32	=================
	33
	34	The installation of the informatics infrastructure is rooted at
	35	/home/informatics/
	36	with the following subdirectories:
	37
	38	/home/informatics/config
	39	All the configuration files - apache, lighttpd, etc.
	40
	41	/home/informatics/bin
	42	All the executables (i.e. scripts!).
	43
	44	/home/informatics/config/jail
	45	A directory containing all the template files and directories
	46	for creating a user's jail. The process of creating a jail copies
	47	the directory structure, then hard-links all the files.
	48
	49	/home/informatics/jails
	50	The directory containing for each student a chroot jail.
	51
	52	/home/informatics/jails/<name>
	53	The jail for the named student.
	54
	55	/home/informatics/jails/<name>/home/<name>/svn/trunk
	56	The working copy of his/her SVN repository for the named student.
	57
	58	/home/informatics/jails/<name>/home/<name>/svn/public
	59	The published work of the named student (does not require aaa)
	60
	61	/home/informatics/jails/<name>/home/<name>/svn/submitted
	62	The submitted work for the named student.
	63
	64	/home/informatics/jails/<name>/run
65	The starting working directory when the named student's python
66	scripts are run.
67
68	/home/informatics/www
69	The root directory for the www view of things.
70
71	/home/informatics/www/home/<name>
72	A symbolic link to /home/informatics/jails/<name>/home/<name>/svn/trunk.
73	This allows the CGI module to see the python scripts for the named user.
74	Access to this via the web is restricted to authenticated users.
75
76	/home/informatics/www/public/<name>
77	A symbolic link to /home/informatics/jails/<name>/home/<name>/svn/public.
78	This allows the CGI module to see the python scripts for the named user.
79	This {will be,is} where the published work for the named student will be
80	located.
4 by drtomc Add info about how to add a user.	81
	82	Adding New Users
	83	================
	84
	85	TODO - automate all this.
	86
	87	1. Create a subversion respository by adding
	88	[jdoe:/]
	89	jdoe=rw
	90	to the /home/informatics/config/svn-authz file.
	91
	92	2. Create a chroot jail (using the mkJail.sh script).
	93
	94	3. Initialize the svn repository with the commands
	95	cd /home/informatics/jails/jdoe/home/jdoe
	96	mkdir svn
	97	cd svn
	98	svn co <url to repository>/jdoe
	99	cd jdoe
	100	svn mkdir trunk
	101	svn ci
	102
	103	4. Create the symlinks so that the webserver can find the python code:
	104	cd /home/informatics/www
	105	ln -s /home/informatics/jails/jdoe/home/jdoe/svn/jdoe/trunk jdoe
	106
	107	5. Add authentication with htpasswd:
	108	htpasswd -m /home/informatics/config/digest jdoe
	109