1
.. IVLE - Informatics Virtual Learning Environment
2
Copyright (C) 2007-2009 The University of Melbourne
4
.. This program is free software; you can redistribute it and/or modify
5
it under the terms of the GNU General Public License as published by
6
the Free Software Foundation; either version 2 of the License, or
7
(at your option) any later version.
9
.. This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
14
.. You should have received a copy of the GNU General Public License
15
along with this program; if not, write to the Free Software
16
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18
.. _ref-configuring-ivle:
24
This page describes the configuration of IVLE. This consists of populating the
25
:file:`ivle.conf` file and configuring Apache to serve the IVLE webapp and
26
Subversion repositories.
28
.. _ref-configuration-options:
33
Most of the configuration of IVLE is done by editing the file
34
:file:`ivle.conf`, located by default in :file:`/etc/ivle/ivle.conf`. These
35
settings are required as part of the :ref:`install process <ref-install>`,
36
though the :ref:`admin script <ref-admin-scripts>` :program:`ivle-config` can
37
be used to propagate most of these settings.
39
It uses the `ConfigObj`_ text format which is heavily based on the 'INI' text
40
format. Of particular note, lists with single items need to be terminated
41
with a ',' otherwise it will be treated as a list of characters (usually not
44
.. _ConfigObj: http://www.voidspace.org.uk/python/configobj.html
48
Configuration of URLs used by the IVLE webapp.
52
:type: string(default="/")
54
Path on HTTP server that IVLE is served from.
56
.. describe:: public_host
60
The server goes into "public mode" if the browser sends a request with
61
this host. This is for security reasons - we only serve public student
62
files on a separate domain to the main IVLE site.
63
Public mode does not use cookies, and serves only public content.
64
Private mode (normal mode) requires login, and only serves files relevant
65
to the logged-in user. e.g. 'public.ivle.org'
67
.. describe:: svn_addr
71
The base url for accessing subversion repositories. e.g.
76
Configuration for IVLE installation and data paths.
80
:type: string(default="/usr/local")
82
The prefix that is prepended to installation paths.
86
:type: string(default="/var/lib/ivle")
88
Directory where IVLE data such as user jails will be stored.
92
:type: string(default="/var/log/ivle")
94
Directory where IVLE log files such as :file:`ivle_error.log` will be
98
:type: string(default="${prefix}/share/ivle")
100
Directory where IVLE shared data such as ``usrmgt-server``,
101
``python-console`` and services will be installed.
105
:type: string(default="${prefix}/lib/ivle")
107
Directory where IVLE libraries such as ``trampoline`` and ``timount`` will
112
Configuration paths for user :ref:`Jails <ref-jail>`.
116
:type: string(default="${data}/jailmounts"))
118
Directory where complete jails will be mounted.
123
:type: string(default="${data}/jails")
125
Directory where user specific jail content will be stored.
127
.. describe:: template
129
:type: string(default="${src}/__base__")
131
Directory where template file system for each jail will be stored.
133
.. describe:: template_build
135
:type: string(default="${src}/__base_build__")
137
Directory where template file system will be built before being moved to
138
the ``template`` directory.
142
Configuration paths for Subversion repositories.
146
:type: string(default="${data}/svn")
148
Directory where Subversion data will be stored
152
:type: string(default="${base}/svn.conf")
154
Location of Subversion WebDAV AuthzSVNAccessFile configuration file for
155
user repositories will be stored.
157
.. describe:: group_conf
159
:type: string(default="${base}/svn-group.conf")
161
Location of Subversion WebDAV AuthzSVNAccessFile configuration file for
162
group repositories will be stored.
164
.. describe:: repo_path
166
:type: string(default="${base}/repositories")
168
Location where user and group repositories will be stored.
170
.. describe:: auth_ivle
172
:type: string(default="${base}/ivle.auth")
174
Location where Subversion WebDAV AuthUserFile password hash file will be
179
Site-specific policy decisions on permissions, etc.
181
.. describe:: tutors_can_enrol_students
183
:type: boolean(default=False)
185
If True, tutors can enrol any IVLE user as a student in a subject they are
186
tutoring. This is disabled by default, as it is generally considered
187
unnecessary for tutors to have such power.
189
.. describe:: tutors_can_edit_worksheets
191
:type: boolean(default=True)
193
If True, tutors can create and edit worksheets in a subject they are
194
tutoring, and can create and edit *any exercise in the system*. This is
195
turned on by default, but should be used carefully. Untrusted tutors could
196
create site-wide problems.
198
(The reason tutors can edit any exercise is because exercises are not
199
stored per-subject, so it isn't possible to limit them just to exercises
200
for a particular subject.)
204
Configuration of :ref:`media serving <ref-media-serving>`.
206
.. describe:: version
208
:type: string(default=None)
210
Media files such as images, CSS and JavaScript are aggressively cached in
211
IVLE. If this value is set then IVLE will send media URLs containing this
212
version number and content will be served with an ``Expires`` header set a
213
year in the future. This means that the client should only request a media
214
URL once and use the cached copy from then on. This version number should
215
be incremented each time any media is changed (typically this should just
216
be set to the IVLE release number) so that updated media will be sent to
219
If not provided or set to :const:`None`, IVLE will use standard browser
224
Configuration details for external media dependencies used by IVLE.
228
:type: string(default="/usr/share/javascript/jquery")
230
Directory where jQuery library is installed.
235
Configuration for the PostgreSQL database that IVLE uses.
239
:type: string(default="localhost")
241
Hostname of database IVLE server.
245
:type: integer(default=5432)
247
Port the database runs on.
251
:type: string(default="ivle")
253
Name of the IVLE database on the database server.
255
.. describe:: username
259
Username which IVLE uses on the database server.
261
.. describe:: password
265
Password which IVLE uses for authentication with the database server.
269
Settings for configuring external user authentication with
270
:ref:`authentication modules <ref-auth-modules>` and automatic subject
271
enrollment with :ref:`subject pulldown modules
272
<ref-subject-pulldown-modules>`.
274
.. describe:: modules
276
:type: string_list(default=list())
278
List of :ref:`authentication modules <ref-auth-modules>` to attempt to
279
authenticate with if a user does not have a password set in the local
282
.. describe:: ldap_url
284
:type: string(default=None)
286
URL of the LDAP server to be used by authentication modules.
288
.. describe:: ldap_format_string
290
:type: string(default=None)
293
.. describe:: subject_pulldown_modules
295
:type: string_list(default=list())
297
List of :ref:`subject pulldown modules <ref-subject-pulldown-modules>` to
298
be checked when a user signs into IVLE to see what subjects a student is
303
Settings for the :ref:`User Management Server <ref-usrmgt-server>`.
307
:type: string(default="localhost")
309
The hostname where the User Management Server is running.
313
:type: integer(default=2178)
315
The port that the User Management Server is running on.
321
The shared secret used to secure communication between IVLE Web
322
Application and the User Management Server.
326
Options that control how the :ref:`Jail <ref-jail>` is built.
328
.. describe:: devmode
330
:type: boolean(default=False)
332
If set, copies IVLE files from the local machine into the jail rather than
333
installing them from a package.
337
If the Python site packages directory differs between the local
338
machine and the jail (such as if different versions of Python are
339
installed) you will need to supply the site packages to be installed
340
with the ``--python-site-packages`` option to ``ivle-buildjail``.
344
:type: string(default="hardy")
346
Which suite the jail will build with. This need not be the same as what
347
the local machine is running.
351
:type: string(default="http://archive.ubuntu.com/ubuntu")
353
The location of a HTTP mirror containing the specified suite.
355
.. describe:: extra_sources
357
:type: string_list(default=list())
359
A list of extra source locations to be added to the jail builder (such as
360
for site specific packages). For example, 'deb
361
http://ppa.launchpad.net/wgrant/ivle/ubuntu/ hardy main,'.
363
.. describe:: extra_packages
365
:type: string_list(default=list())
367
A list of extra packages to be installed in addition to the core packages
368
required for IVLE. For example, 'python-scipy, python-networkx,'
370
.. describe:: extra_keys
372
:type: string(default=None)
374
Any extra package signing keys to accept as correctly validate installed
375
packages. Typically used for validating ``extra_sources`` packages.
377
Keys can be provided in tripple quoted blocks. For multiple keys, simply
378
concatinate the key blocks. For example::
380
extra_keys = '''-----BEGIN PGP PUBLIC KEY BLOCK-----
383
mI0ESXMxaQEEAMdundmJeTMUcB6fRXGQ3WJH+5hlfj3ehurF3u0ubr4sQpxfJvl6/KV4UcOC
384
RvK4aufNInJxKrT6xvzdMNE9z5NO/ZVZdkr2NfcRO/0Yxgmaft9qjxfV+3NEBrvJkqm8ApVO
385
hsxFW6VWyeHBELSiNxNGToPp+2g3i5VAlWbtzaapABEBAAG0H0xhdW5jaHBhZCBQUEEgZm9y
386
IFdpbGxpYW0gR3JhbnSIRgQQEQIABgUCSXOMJAAKCRABz5LwpyR9xeXXAJ97VdeI3lLDvyM9
387
TLeb48Ylj8dWdQCfcOJDRGfjRu9PI2+ekIoV8TqaC0GItgQTAQIAIAUCSXMxaQIbAwYLCQgH
388
AwIEFQIIAwQWAgMBAh4BAheAAAoJECp86x2KYmtCEBED/0aRhr7wKmA/nyX2rUN/1dpyYT2T
389
khxJT0F7l91/PGRkLUdvcX81ceRcYeiiR1x8N1tL7pwrTWZwaQ/HTHF19ZAXjptnn8zaLKUc
390
VwhOrUdFE2FzNo42BWpXQAuJuBCG3DeIXDDuPRvtL+sx7h8PD/DlE5RsTaztkkbWdpkMtJp9
392
-----END PGP PUBLIC KEY BLOCK-----
393
-----BEGIN PGP PUBLIC KEY BLOCK-----
394
Version: GnuPG v1.4.9 (GNU/Linux)
396
mQGiBEFEnz8RBAC7LstGsKD7McXZgd58oN68KquARLBl6rjA2vdhwl77KkPPOr3O
397
YeSBH/voUsqausJfDNuTNivOfwceDe50lbhq52ODj4Mx9Jg+4aHn9fmRkIk41i2J
398
3hZiIGPACY/FsSlRq1AhBH2wZG1lQ45W/p77AeARRehYKJP9HY+1h/uihwCgrVE2
399
VzACJLuZWHbDsPoJaNQjiFcEAKbUF1rMyjd1xJM7bZeXbs8c+ohUo/ywSI/OIr8n
401
RwIbDAAKCRBAl26vQ30FtdxYAJsFjU+xbex7gevyGQ2/mhqidES4MwCggqQyo+w1
404
-----END PGP PUBLIC KEY BLOCK-----
410
User specific settings that are added to a user's :file:`ivle.conf` file
415
This should be in a user-specific place but since we're worried a user
416
may delete his/her .conf file, we put it here for now). These properties
417
**should not** be set in the server's :file:`/etc/ivle/ivle.conf`.
421
:type: string(default=None)
423
The login name of the user.
425
.. describe:: svn_pass
427
:type: string(default=None)
429
The key used to access repositories on the Subversion server.
434
Apache is used in IVLE for hosting of the IVLE web application and hosting
435
Subversion repositories over WebDAV. Typically the Subversion repository will
436
run on the Master server and the Web Application will be run on a collection
437
of slaves. It is also possible to combine the two function together to run as
443
The IVLE web application runs on Apache using ``mod_python``. An example
444
configuration is provided in the file :file:`examples/config/apache.conf`.
446
At minimum the following settings must be specified:
448
.. describe:: ServerName
450
Should be the formal hostname of the server, typically one that users will
451
use to access IVLE. For example, 'ivle.org'.
453
.. describe:: ServerAlias
455
Should be set to the value of ``[urls] public_host`` that is specified in
456
:file:`ivle.conf`. This is to ensure that Apache will correctly handle
457
requests for the public content.
459
.. describe:: SetHandler
461
Must be ``mod_python``
463
.. describe:: PythonHandler
465
Must be ``ivle.dispatch``
467
.. describe:: PythonOption mod_python.file_session.database_directory
469
Session directory for mod_python. This must be a shared directory between
470
all Slave servers, in particular when operating through a load balancer.
471
If not provided then users will encounter inconsistent behavior such as
472
being thrown back to the login screen after logging in.
474
Optional settings are:
476
.. describe:: PythonOption mod_python.session.cookie_name
478
The name to be set for cookies rather than the one automatically generated
479
by mod_python. For example, 'ivle'.
481
.. describe:: PythonDebug
483
If this option is set, any uncaught errors from mod_python will be sent to
484
the browser rather than being sent to the error log. It is recommended
485
that this setting is only used for development or debugging.
487
Subversion Repository
488
---------------------
489
IVLE also uses Apache to provide HTTP access to user's Subversion repositories
490
using ``mod_dav_svn``. Typically this is run on a single, stand alone server;
491
though it may be run in conjunction with the Web Application. An example
492
configuration is provided in the file :file:`examples/config/apache-svn.conf`.
493
IVLE will automatically generate password hash and repository permission files
494
that are used to control access to the repositories.
496
IVLE expects to find the paths ``users/`` and ``groups/`` at the URL provided
497
by the value of ``[urls] svn_addr`` set in :file:`ivle.conf`. Thus there
498
should be two ``Location`` clauses configured, one for users and one for
508
.. describe:: SVNParentPath
510
Directory where user repositories are stored. Should be the value of
511
``[path] [[svn]] repo_path`` in :file:`ivle.conf` with 'users' appended.
512
For example, '/var/lib/ivle/svn/repositories/users'.
514
.. describe:: AuthzSVNAccessFile
516
Location of the configuration file used to assign permissions to user
517
repositories. Should be the same value as ``[path] [[svn]] conf`` in
520
.. describe:: Require
522
Must be ``valid-user``
524
.. describe:: AuthType
528
.. describe:: AuthName
530
The name that should appear on authentication requests. For example, 'IVLE
531
Subversion repository'.
533
.. describe:: AuthUserFile
535
Location of the password hash file for Subversion users. Should be the
536
same as the value of ``[path] [[svn]] auth_ivle``. For example,
537
'/var/lib/ivle/svn/ivle.auth'.
546
.. describe:: SVNParentPath
548
Directory where user repositories are stored. Should be the value of
549
``[path] [[svn]] repo_path`` in :file:`ivle.conf` with 'groups' appended.
550
For example, '/var/lib/ivle/svn/repositories/groups'.
552
.. describe:: AuthzSVNAccessFile
554
Location of the configuration file used to assign permissions to group
555
repositories. Should be the same value as ``[path] [[svn]] group_conf`` in
558
.. describe:: Require
560
Must be ``valid-user``
562
.. describe:: AuthType
566
.. describe:: AuthName
568
The name that should appear on authentication requests. For example, 'IVLE
569
Subversion repository'.
571
.. describe:: AuthUserFile
573
Location of the password hash file for Subversion users. Should be the
574
same as the value of ``[path] [[svn]] auth_ivle``. For example,
575
'/var/lib/ivle/svn/ivle.auth'.
added
removed
doc/man/config.rst
