1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
README for the Informatics Virtual Learning Environment
The IVLE back end consists of the following pieces:
1. A lighttpd instance for the sandboxed execution of students' python code.
2. An apache (2.2) instance for managing a set of subversion (SVN) repositories
(one per student).
3. A chroot jail per student which contains the following:
a. A minimal standard environment containing a standard set of directories
and hard links to a standard set of files (binaries, libraries, python
code).
b. A working copy (checked out version) of the student's SVN repository.
This may include branches for submission and public access, though
initially, it will only include the trunk.
c. A working directory into which the student's programs may write files.
4. A SVN hook to automatically update the repository of a student when [s]he
commits a change to his/her repository.
Authentication & Authorization
==============================
Authentication is to be done against centaur (the IS LDAP server), however
apache 2.2 cannot connect to it because the CA issued by IS is incorrect. If
there is a way to work around this, we don't know it at the moment. Until
we are able to use LDAP (or Active Directory), the configuration of the web
servers uses a password file located in the config directory.
Filesystem Layout
=================
The installation of the informatics infrastructure is rooted at
/home/informatics/
with the following subdirectories:
/home/informatics/config
All the configuration files - apache, lighttpd, etc.
/home/informatics/bin
All the executables (i.e. scripts!).
/home/informatics/config/jail
A directory containing all the template files and directories
for creating a user's jail. The process of creating a jail copies
the directory structure, then hard-links all the files.
/home/informatics/jails
The directory containing for each student a chroot jail.
/home/informatics/jails/<name>
The jail for the named student.
/home/informatics/jails/<name>/home/<name>/svn/trunk
The working copy of his/her SVN repository for the named student.
/home/informatics/jails/<name>/home/<name>/svn/public
The published work of the named student (does not require aaa)
/home/informatics/jails/<name>/home/<name>/svn/submitted
The submitted work for the named student.
/home/informatics/jails/<name>/run
The starting working directory when the named student's python
scripts are run.
/home/informatics/www
The root directory for the www view of things.
/home/informatics/www/home/<name>
A symbolic link to /home/informatics/jails/<name>/home/<name>/svn/trunk.
This allows the CGI module to see the python scripts for the named user.
Access to this via the web is restricted to *authenticated* users.
/home/informatics/www/public/<name>
A symbolic link to /home/informatics/jails/<name>/home/<name>/svn/public.
This allows the CGI module to see the python scripts for the named user.
This {will be,is} where the published work for the named student will be
located.
Adding New Users
================
TODO - automate all this.
1. Create a subversion respository by adding
[jdoe:/]
jdoe=rw
to the /home/informatics/config/svn-authz file.
2. Create a chroot jail (using the mkJail.sh script).
3. Initialize the svn repository with the commands
cd /home/informatics/jails/jdoe/home/jdoe
mkdir svn
cd svn
svn co <url to repository>/jdoe
cd jdoe
svn mkdir trunk
svn ci
4. Create the symlinks so that the webserver can find the python code:
cd /home/informatics/www
ln -s /home/informatics/jails/jdoe/home/jdoe/svn/jdoe/trunk jdoe
5. Add authentication with htpasswd:
htpasswd -m /home/informatics/config/digest jdoe
|