1
.. IVLE - Informatics Virtual Learning Environment
2
Copyright (C) 2007-2009 The University of Melbourne
4
.. This program is free software; you can redistribute it and/or modify
5
it under the terms of the GNU General Public License as published by
6
the Free Software Foundation; either version 2 of the License, or
7
(at your option) any later version.
9
.. This program is distributed in the hope that it will be useful,
10
but WITHOUT ANY WARRANTY; without even the implied warranty of
11
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12
GNU General Public License for more details.
14
.. You should have received a copy of the GNU General Public License
15
along with this program; if not, write to the Free Software
16
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
18
.. _ref-configuring-ivle:
24
This page describes the configuration of IVLE. This consists of populating the
25
:file:`ivle.conf` file and configuring Apache to serve the IVLE webapp and
26
Subversion repositories.
28
.. _ref-configuration-options:
33
Most of the configuration of IVLE is done by editing the file
34
:file:`ivle.conf`, located by default in :file:`/etc/ivle/ivle.conf`. These
35
settings are required as part of the :ref:`install process <ref-install>`,
36
though the :ref:`admin script <ref-admin-scripts>` :program:`ivle-config` can
37
be used to propagate most of these settings.
39
It uses the `ConfigObj`_ text format which is heavily based on the 'INI' text
40
format. Of particular note, lists with single items need to be terminated
41
with a ',' otherwise it will be treated as a list of characters (usually not
44
.. _ConfigObj: http://www.voidspace.org.uk/python/configobj.html
48
Configuration of URLs used by the IVLE webapp.
52
:type: string(default="/")
54
Path on HTTP server that IVLE is served from.
56
.. describe:: public_host
60
The server goes into "public mode" if the browser sends a request with
61
this host. This is for security reasons - we only serve public student
62
files on a separate domain to the main IVLE site.
63
Public mode does not use cookies, and serves only public content.
64
Private mode (normal mode) requires login, and only serves files relevant
65
to the logged-in user. e.g. 'public.ivle.org'
67
.. describe:: svn_addr
71
The base url for accessing subversion repositories. e.g.
76
Configuration for IVLE installation and data paths.
80
:type: string(default="/usr/local")
82
The prefix that is prepended to installation paths.
86
:type: string(default="/var/lib/ivle")
88
Directory where IVLE data such as user jails will be stored.
92
:type: string(default="/var/log/ivle")
94
Directory where IVLE log files such as :file:`ivle_error.log` will be
98
:type: string(default="${prefix}/share/ivle")
100
Directory where IVLE shared data such as ``usrmgt-server``,
101
``python-console`` and services will be installed.
105
:type: string(default="${prefix}/lib/ivle")
107
Directory where IVLE libraries such as ``trampoline`` and ``timount`` will
112
Configuration paths for user :ref:`Jails <ref-jail>`.
116
:type: string(default="${data}/jailmounts"))
118
Directory where complete jails will be mounted.
123
:type: string(default="${data}/jails")
125
Directory where user specific jail content will be stored.
127
.. describe:: template
129
:type: string(default="${src}/__base__")
131
Directory where template file system for each jail will be stored.
133
.. describe:: template_build
135
:type: string(default="${src}/__base_build__")
137
Directory where template file system will be built before being moved to
138
the ``template`` directory.
142
Configuration paths for Subversion repositories.
146
:type: string(default="${data}/svn")
148
Directory where Subversion data will be stored
152
:type: string(default="${base}/svn.conf")
154
Location of Subversion WebDAV AuthzSVNAccessFile configuration file for
155
user repositories will be stored.
157
.. describe:: group_conf
159
:type: string(default="${base}/svn-group.conf")
161
Location of Subversion WebDAV AuthzSVNAccessFile configuration file for
162
group repositories will be stored.
164
.. describe:: repo_path
166
:type: string(default="${base}/repositories")
168
Location where user and group repositories will be stored.
170
.. describe:: auth_ivle
172
:type: string(default="${base}/ivle.auth")
174
Location where Subversion WebDAV AuthUserFile password hash file will be
177
.. _ref-configuration-policy:
181
Site-specific policy decisions on permissions, etc. These modify the user
182
roles, as described in :ref:`ref-user-roles`.
184
.. describe:: tutors_can_enrol_students
186
:type: boolean(default=False)
188
If True, tutors can enrol any IVLE user as a student in a subject they are
189
tutoring. This is disabled by default, as it is generally considered
190
unnecessary for tutors to have such power.
192
.. describe:: tutors_can_edit_worksheets
194
:type: boolean(default=True)
196
If True, tutors can create and edit worksheets in a subject they are
197
tutoring, and can create and edit *any exercise in the system*. This is
198
turned on by default, but should be used carefully. Untrusted tutors could
199
create site-wide problems.
201
(The reason tutors can edit any exercise is because exercises are not
202
stored per-subject, so it isn't possible to limit them just to exercises
203
for a particular subject.)
207
Configuration of media serving.
209
.. describe:: version
211
:type: string(default=None)
213
Media files such as images, CSS and JavaScript are aggressively cached in
214
IVLE. If this value is set then IVLE will send media URLs containing this
215
version number and content will be served with an ``Expires`` header set a
216
year in the future. This means that the client should only request a media
217
URL once and use the cached copy from then on. This version number should
218
be incremented each time any media is changed (typically this should just
219
be set to the IVLE release number) so that updated media will be sent to
222
If not provided or set to :const:`None`, IVLE will use standard browser
227
Configuration details for external media dependencies used by IVLE.
231
:type: string(default="/usr/share/javascript/jquery")
233
Directory where jQuery library is installed.
238
Configuration for the PostgreSQL database that IVLE uses.
242
:type: string(default="localhost")
244
Hostname of database IVLE server.
248
:type: integer(default=5432)
250
Port the database runs on.
254
:type: string(default="ivle")
256
Name of the IVLE database on the database server.
258
.. describe:: username
262
Username which IVLE uses on the database server.
264
.. describe:: password
268
Password which IVLE uses for authentication with the database server.
272
Settings for configuring external user authentication with
273
:ref:`authentication modules <ref-auth-modules>` and automatic subject
274
enrollment with :ref:`subject pulldown modules
275
<ref-subject-pulldown-modules>`.
277
.. describe:: modules
279
:type: string_list(default=list())
281
List of :ref:`authentication modules <ref-auth-modules>` to attempt to
282
authenticate with if a user does not have a password set in the local
285
.. describe:: ldap_url
287
:type: string(default=None)
289
URL of the LDAP server to be used by authentication modules.
291
.. describe:: ldap_format_string
293
:type: string(default=None)
296
.. describe:: subject_pulldown_modules
298
:type: string_list(default=list())
300
List of :ref:`subject pulldown modules <ref-subject-pulldown-modules>` to
301
be checked when a user signs into IVLE to see what subjects a student is
306
Settings for the :ref:`User Management Server <ref-usrmgt-server>`.
310
:type: string(default="localhost")
312
The hostname where the User Management Server is running.
316
:type: integer(default=2178)
318
The port that the User Management Server is running on.
324
The shared secret used to secure communication between IVLE Web
325
Application and the User Management Server.
329
Options that control how the :ref:`Jail <ref-jail>` is built.
331
.. describe:: devmode
333
:type: boolean(default=False)
335
If set, copies IVLE files from the local machine into the jail rather than
336
installing them from a package.
340
If the Python site packages directory differs between the local
341
machine and the jail (such as if different versions of Python are
342
installed) you will need to supply the site packages to be installed
343
with the ``--python-site-packages`` option to ``ivle-buildjail``.
347
:type: string(default="hardy")
349
Which suite the jail will build with. This need not be the same as what
350
the local machine is running.
354
:type: string(default="http://archive.ubuntu.com/ubuntu")
356
The location of a HTTP mirror containing the specified suite.
358
.. describe:: extra_sources
360
:type: string_list(default=list())
362
A list of extra source locations to be added to the jail builder (such as
363
for site specific packages). For example, 'deb
364
http://ppa.launchpad.net/wgrant/ivle/ubuntu/ hardy main,'.
366
.. describe:: extra_packages
368
:type: string_list(default=list())
370
A list of extra packages to be installed in addition to the core packages
371
required for IVLE. For example, 'python-scipy, python-networkx,'
373
.. describe:: extra_keys
375
:type: string(default=None)
377
Any extra package signing keys to accept as correctly validate installed
378
packages. Typically used for validating ``extra_sources`` packages.
380
Keys can be provided in tripple quoted blocks. For multiple keys, simply
381
concatinate the key blocks. For example::
383
extra_keys = '''-----BEGIN PGP PUBLIC KEY BLOCK-----
386
mI0ESXMxaQEEAMdundmJeTMUcB6fRXGQ3WJH+5hlfj3ehurF3u0ubr4sQpxfJvl6/KV4UcOC
387
RvK4aufNInJxKrT6xvzdMNE9z5NO/ZVZdkr2NfcRO/0Yxgmaft9qjxfV+3NEBrvJkqm8ApVO
388
hsxFW6VWyeHBELSiNxNGToPp+2g3i5VAlWbtzaapABEBAAG0H0xhdW5jaHBhZCBQUEEgZm9y
389
IFdpbGxpYW0gR3JhbnSIRgQQEQIABgUCSXOMJAAKCRABz5LwpyR9xeXXAJ97VdeI3lLDvyM9
390
TLeb48Ylj8dWdQCfcOJDRGfjRu9PI2+ekIoV8TqaC0GItgQTAQIAIAUCSXMxaQIbAwYLCQgH
391
AwIEFQIIAwQWAgMBAh4BAheAAAoJECp86x2KYmtCEBED/0aRhr7wKmA/nyX2rUN/1dpyYT2T
392
khxJT0F7l91/PGRkLUdvcX81ceRcYeiiR1x8N1tL7pwrTWZwaQ/HTHF19ZAXjptnn8zaLKUc
393
VwhOrUdFE2FzNo42BWpXQAuJuBCG3DeIXDDuPRvtL+sx7h8PD/DlE5RsTaztkkbWdpkMtJp9
395
-----END PGP PUBLIC KEY BLOCK-----
396
-----BEGIN PGP PUBLIC KEY BLOCK-----
397
Version: GnuPG v1.4.9 (GNU/Linux)
399
mQGiBEFEnz8RBAC7LstGsKD7McXZgd58oN68KquARLBl6rjA2vdhwl77KkPPOr3O
400
YeSBH/voUsqausJfDNuTNivOfwceDe50lbhq52ODj4Mx9Jg+4aHn9fmRkIk41i2J
401
3hZiIGPACY/FsSlRq1AhBH2wZG1lQ45W/p77AeARRehYKJP9HY+1h/uihwCgrVE2
402
VzACJLuZWHbDsPoJaNQjiFcEAKbUF1rMyjd1xJM7bZeXbs8c+ohUo/ywSI/OIr8n
404
RwIbDAAKCRBAl26vQ30FtdxYAJsFjU+xbex7gevyGQ2/mhqidES4MwCggqQyo+w1
407
-----END PGP PUBLIC KEY BLOCK-----
413
User specific settings that are added to a user's :file:`ivle.conf` file
418
This should be in a user-specific place but since we're worried a user
419
may delete his/her .conf file, we put it here for now). These properties
420
**should not** be set in the server's :file:`/etc/ivle/ivle.conf`.
424
:type: string(default=None)
426
The login name of the user.
428
.. describe:: svn_pass
430
:type: string(default=None)
432
The key used to access repositories on the Subversion server.
437
Apache is used in IVLE for hosting of the IVLE web application and hosting
438
Subversion repositories over WebDAV. Typically the Subversion repository will
439
run on the Master server and the Web Application will be run on a collection
440
of slaves. It is also possible to combine the two function together to run as
446
The IVLE web application runs on Apache using ``mod_python``. An example
447
configuration is provided in the file :file:`examples/config/apache.conf`.
449
At minimum the following settings must be specified:
451
.. describe:: ServerName
453
Should be the formal hostname of the server, typically one that users will
454
use to access IVLE. For example, 'ivle.org'.
456
.. describe:: ServerAlias
458
Should be set to the value of ``[urls] public_host`` that is specified in
459
:file:`ivle.conf`. This is to ensure that Apache will correctly handle
460
requests for the public content.
462
.. describe:: SetHandler
464
Must be ``mod_python``
466
.. describe:: PythonHandler
468
Must be ``ivle.dispatch``
470
.. describe:: PythonOption mod_python.file_session.database_directory
472
Session directory for mod_python. This must be a shared directory between
473
all Slave servers, in particular when operating through a load balancer.
474
If not provided then users will encounter inconsistent behavior such as
475
being thrown back to the login screen after logging in.
477
Optional settings are:
479
.. describe:: PythonOption mod_python.session.cookie_name
481
The name to be set for cookies rather than the one automatically generated
482
by mod_python. For example, 'ivle'.
484
.. describe:: PythonDebug
486
If this option is set, any uncaught errors from mod_python will be sent to
487
the browser rather than being sent to the error log. It is recommended
488
that this setting is only used for development or debugging.
490
Subversion Repository
491
---------------------
492
IVLE also uses Apache to provide HTTP access to user's Subversion repositories
493
using ``mod_dav_svn``. Typically this is run on a single, stand alone server;
494
though it may be run in conjunction with the Web Application. An example
495
configuration is provided in the file :file:`examples/config/apache-svn.conf`.
496
IVLE will automatically generate password hash and repository permission files
497
that are used to control access to the repositories.
499
IVLE expects to find the paths ``users/`` and ``groups/`` at the URL provided
500
by the value of ``[urls] svn_addr`` set in :file:`ivle.conf`. Thus there
501
should be two ``Location`` clauses configured, one for users and one for
511
.. describe:: SVNParentPath
513
Directory where user repositories are stored. Should be the value of
514
``[path] [[svn]] repo_path`` in :file:`ivle.conf` with 'users' appended.
515
For example, '/var/lib/ivle/svn/repositories/users'.
517
.. describe:: AuthzSVNAccessFile
519
Location of the configuration file used to assign permissions to user
520
repositories. Should be the same value as ``[path] [[svn]] conf`` in
523
.. describe:: Require
525
Must be ``valid-user``
527
.. describe:: AuthType
531
.. describe:: AuthName
533
The name that should appear on authentication requests. For example, 'IVLE
534
Subversion repository'.
536
.. describe:: AuthUserFile
538
Location of the password hash file for Subversion users. Should be the
539
same as the value of ``[path] [[svn]] auth_ivle``. For example,
540
'/var/lib/ivle/svn/ivle.auth'.
549
.. describe:: SVNParentPath
551
Directory where user repositories are stored. Should be the value of
552
``[path] [[svn]] repo_path`` in :file:`ivle.conf` with 'groups' appended.
553
For example, '/var/lib/ivle/svn/repositories/groups'.
555
.. describe:: AuthzSVNAccessFile
557
Location of the configuration file used to assign permissions to group
558
repositories. Should be the same value as ``[path] [[svn]] group_conf`` in
561
.. describe:: Require
563
Must be ``valid-user``
565
.. describe:: AuthType
569
.. describe:: AuthName
571
The name that should appear on authentication requests. For example, 'IVLE
572
Subversion repository'.
574
.. describe:: AuthUserFile
576
Location of the password hash file for Subversion users. Should be the
577
same as the value of ``[path] [[svn]] auth_ivle``. For example,
578
'/var/lib/ivle/svn/ivle.auth'.