@@ -625,8 +625,6 @@ jobs and resources and efficient data access services:
625625 --public_fqdn=www.migrid.org \
626626 --mig_cert_fqdn=dk-cert.migrid.org \
627627 --ext_cert_fqdn= \
628- --mig_oid_fqdn=dk-ext.migrid.org \
629- --ext_oid_fqdn=dk-oid.migrid.org \
630628 --sid_fqdn=dk-sid.migrid.org \
631629 --io_fqdn=dk-io.migrid.org \
632630 --user=mig --group=mig \
@@ -643,8 +641,7 @@ jobs and resources and efficient data access services:
643641 --hgweb_scripts=/usr/share/doc/mercurial-common/examples \
644642 --trac_admin_path=/usr/bin/trac-admin \
645643 --trac_ini_path=/home/mig/mig/server/trac.ini \
646- --public_http_port=80 --mig_cert_port=443 --mig_oid_port=443 \
647- --ext_oid_port=443 --sid_port=443 \
644+ --public_http_port=80 --mig_cert_port=443 --sid_port=443 \
648645 --enable_jobs=True --enable_resources=True \
649646 --enable_ftps=True --enable_sftp_subsys=True \
650647 --enable_webdavs=True --enable_transfers=True \
@@ -658,7 +655,7 @@ jobs and resources and efficient data access services:
658655 --short_title=MiG
659656
660657or a similar setup with vhost-specific certificates from LetsEncrypt,
661- additional web apps and OpenID on CentOS:
658+ additional web apps and OpenID 2.0 + Connect on CentOS:
662659./generateconfs.py --source=. --destination=generated-confs \
663660 --destination_suffix="_svn$(svnversion -n ~/)" \
664661 --base_fqdn=migrid.org \
@@ -667,7 +664,6 @@ additional web apps and OpenID on CentOS:
667664 --mig_cert_fqdn=dk-cert.migrid.org \
668665 --ext_cert_fqdn= \
669666 --mig_oid_fqdn=dk-ext.migrid.org \
670- --ext_oid_fqdn=dk-oid.migrid.org \
671667 --ext_oidc_fqdn=dk-oidc.migrid.org \
672668 --sid_fqdn=dk-sid.migrid.org \
673669 --io_fqdn=dk-io.migrid.org \
@@ -688,9 +684,8 @@ additional web apps and OpenID on CentOS:
688684 --trac_ini_path=/home/mig/mig/server/trac.ini \
689685 --public_http_port=80 --public_https_port=443 \
690686 --ext_cert_port=443 --mig_oid_port=443 \
691- --ext_oid_port=443 -- ext_oidc_port=443 --sid_port=443 \
687+ --ext_oidc_port=443 --sid_port=443 \
692688 --mig_oid_provider=https://dk-ext.migrid.org/openid/ \
693- --ext_oid_provider=https://openid.ku.dk/ \
694689 --ext_oidc_provider_meta_url=https://id.ku.dk/nidp/oauth/nam/.well-known/openid-configuration \
695690 --ext_oidc_scope=AS_SIF-ERDA \
696691 --ext_oidc_client_name=erda_migrid-dk \
@@ -716,8 +711,8 @@ additional web apps and OpenID on CentOS:
716711 --daemon_pubkey_from_dns=True \
717712 --daemon_pubkey_md5='FILE::/etc/httpd/MiG-certificates/combined.pub.md5' \
718713 --daemon_pubkey_sha256='FILE::/etc/httpd/MiG-certificates/combined.pub.sha256' \
719- --signup_methods="extoid migoid migcert extoidc " \
720- --login_methods="extoid migoid migcert extoidc " \
714+ --signup_methods="extoidc migoid migcert" \
715+ --login_methods="extoidc migoid migcert" \
721716 --distro=centos --skin=migrid-basic \
722717 --default_menu="home files submitjob jobs vgrids account settings setup logout" \
723718 --user_menu="sharelinks people cloud crontab transfers runtimeenvs resources peers downloads docs dashboard migadmin" \
@@ -754,7 +749,8 @@ additional web apps and OpenID on CentOS:
754749
755750and a storage-only setup with CentOS 7.x, apache 2.4, WSGI (default web),
756751optimized SFTP, WebDAVS FTPS, Data Transfers, external Seafile integration,
757- local OpenID login and added Jupyter+cloud integration for data analysis:
752+ local OpenID login, external OpenID Connect login and added Jupyter+cloud
753+ integration for data analysis:
758754./generateconfs.py --source=. --destination=generated-confs \
759755 --destination_suffix="_svn$(svnversion -n ~/)" \
760756 --base_fqdn=erda.dk \
@@ -764,7 +760,6 @@ local OpenID login and added Jupyter+cloud integration for data analysis:
764760 --mig_cert_fqdn= \
765761 --ext_cert_fqdn=cert.erda.dk \
766762 --mig_oid_fqdn=ext.erda.dk \
767- --ext_oid_fqdn=oid.erda.dk \
768763 --ext_oidc_fqdn=oidc.erda.dk \
769764 --sid_fqdn=sid.erda.dk \
770765 --io_fqdn=io.erda.dk \
@@ -788,9 +783,8 @@ local OpenID login and added Jupyter+cloud integration for data analysis:
788783 --trac_admin_path='' --trac_ini_path='' \
789784 --public_http_port=80 --public_https_port=443 \
790785 --ext_cert_port=443 --mig_oid_port=443 \
791- --ext_oid_port=443 -- ext_oidc_port=443 --sid_port=443 \
786+ --ext_oidc_port=443 --sid_port=443 \
792787 --mig_oid_provider=https://ext.erda.dk/openid/ \
793- --ext_oid_provider=https://openid.ku.dk/ \
794788 --ext_oidc_provider_meta_url=https://id.ku.dk/nidp/oauth/nam/.well-known/openid-configuration \
795789 --ext_oidc_scope=AS_SIF-ERDA \
796790 --ext_oidc_client_name=erda \
@@ -819,8 +813,8 @@ local OpenID login and added Jupyter+cloud integration for data analysis:
819813 --daemon_pubkey_from_dns=True \
820814 --daemon_pubkey_md5='FILE::/etc/httpd/MiG-certificates/combined.pub.md5' \
821815 --daemon_pubkey_sha256='FILE::/etc/httpd/MiG-certificates/combined.pub.sha256' \
822- --signup_methods="extoid migoid extcert extoidc " \
823- --login_methods="extoid migoid extcert extoidc " \
816+ --signup_methods="extoidc migoid extcert" \
817+ --login_methods="extoidc migoid extcert" \
824818 --distro=centos --skin=erda-ucph-science \
825819 --vgrid_label=Workgroup --apache_worker_procs=2048 \
826820 --davs_port=8020 --openid_port=8001 \
@@ -854,90 +848,6 @@ local OpenID login and added Jupyter+cloud integration for data analysis:
854848 --crypto_salt="FILE::/home/mig/state/secrets/crypto_salt.hex" \
855849 --secscan_addr="130.226.158.3 130.225.213.72 192.38.10.137"
856850
857- and a similar setup with CentOS 7.x, apache 2.4, WSGI (default web),
858- optimized SFTP, WebDAVS, FTPS, job execution, Jupyter integration, previews and
859- local OpenID login and support for legacy sftp clients:
860- ./generateconfs.py --source=. --destination=generated-confs \
861- --destination_suffix="_svn$(svnversion -n ~/)" \
862- --base_fqdn=idmc.dk \
863- --public_fqdn=www.idmc.dk \
864- --mig_cert_fqdn= \
865- --ext_cert_fqdn=cert.idmc.dk \
866- --mig_oid_fqdn=ext.idmc.dk \
867- --ext_oid_fqdn=oid.idmc.dk \
868- --sid_fqdn=sid.idmc.dk \
869- --io_fqdn=io.idmc.dk \
870- --user=mig --group=mig \
871- --apache_version=2.4 \
872- --apache_etc=/etc/httpd \
873- --apache_run=/var/run/httpd \
874- --apache_lock=/var/lock/subsys/httpd \
875- --apache_log=/var/log/httpd \
876- --openssh_version=7.3 \
877- --mig_code=/home/mig/mig \
878- --mig_state=/home/mig/state \
879- --mig_certs=/etc/httpd/MiG-certificates \
880- --hg_path=/usr/bin/hg \
881- --hgweb_scripts=/usr/share/doc/mercurial-2.6.2 \
882- --trac_admin_path='' --trac_ini_path='' \
883- --public_http_port=80 --public_https_port=443 \
884- --ext_cert_port=443 --mig_oid_port=443 \
885- --ext_oid_port=443 --sid_port=443 \
886- --mig_oid_provider=https://ext.idmc.dk/openid/ \
887- --ext_oid_provider=https://openid.ku.dk/ \
888- --enable_openid=True --enable_sftp_subsys=True \
889- --enable_davs=True --enable_ftps=True \
890- --enable_transfers=True --enable_gravatars=True \
891- --enable_jobs=True --enable_resources=True \
892- --enable_events=True --enable_cracklib=True \
893- --enable_notify=True --enable_preview=True \
894- --enable_workflows=True --enable_freeze=False \
895- --enable_vhost_certs=True --enable_verify_certs=True \
896- --enable_jupyter=True --enable_migadmin=True \
897- --jupyter_services='DAG.https://dag002.science DAG.https://dag003.science DAG.https://dag004.science DAG.https://dag005.science DAG.https://dag006.science DAG.https://dag007.science DAG.https://dag008.science DAG.https://dag009.science DAG.https://dag010.science DAG.https://dag203.science DAG.https://dag204.science MODI.https://dag100.science' \
898- --jupyter_services_desc="{'DAG': '/home/mig/state/wwwpublic/dag_desc.html', 'MODI': '/home/mig/state/wwwpublic/modi_desc.html'}" \
899- --enable_peers=True --peers_mandatory=True \
900- --peers_explicit_fields='full_name email' \
901- --peers_contact_hint='employed at UCPH and authorized to invite external users' \
902- --user_clause=User --group_clause=Group \
903- --listen_clause='#Listen' \
904- --serveralias_clause='#ServerAlias' --alias_field=email \
905- --dhparams_path=~/certs/dhparams.pem \
906- --daemon_keycert=~/certs/combined.pem \
907- --daemon_pubkey=~/certs/combined.pub \
908- --daemon_pubkey_from_dns=False \
909- --daemon_show_address=io.idmc.dk \
910- --signup_methods="extoid migoid extcert" \
911- --login_methods="extoid migoid extcert" \
912- --distro=centos --skin=idmc-basic \
913- --vgrid_label=Workgroup --apache_worker_procs=512 \
914- --wsgi_procs=25 --sftp_subsys_auth_procs=25 \
915- --sftp_max_sessions=16 \
916- --davs_port=8020 --openid_port=8001 \
917- --default_menu="home files submitjob jobs vgrids jupyter account settings setup logout" \
918- --user_menu="sharelinks people cloud crontab transfers runtimeenvs resources downloads peers docs migadmin" \
919- --collaboration_links="default advanced" \
920- --default_vgrid_links="files web" \
921- --advanced_vgrid_links="files web scm workflows monitor" \
922- --smtp_sender="Do Not Reply <
[email protected] >" \
923- --support_email="IDMC Support <
[email protected] >" \
924- --admin_email="IDMC Info <
[email protected] >" --log_level=info \
925- --title="Imaging Data Management Center" \
926- --short_title="IDMC" \
927- --external_doc=https://www.idmc.dk \
928- --mig_oid_title="Non-KU/UCPH" --ext_oid_title="KU/UCPH" \
929- --auto_add_oid_user=True --auto_add_cert_user=True \
930- --auto_add_filter_fields=full_name --auto_add_filter_method=skip \
931- --io_account_expire=True \
932- --password_policy="MODERN:12" \
933- --password_legacy_policy=MEDIUM \
934- --peers_permit="role:.*(vip|tap)" \
935- --vgrid_creators="role:.*(vip|tap)" \
936- --status_system_match="IDMC ERDA ALL" \
937- --digest_salt="FILE::/home/mig/state/secrets/digest_salt.hex" \
938- --crypto_salt="FILE::/home/mig/state/secrets/crypto_salt.hex" \
939- --secscan_addr="130.226.158.3 130.225.213.72 192.38.10.137"
940-
941851Finally a storage-only with CentOS 7.x, apache 2.4, WSGI (default web),
942852optimized SFTP, WebDAVS, strict access control and extensive logging to comply
943853with the General Data Protection Regulation (GDPR) imposed by EU:
0 commit comments