Request for 'nginx_stage force_stop -u USER' or similar

OSC / nginx_stage

[MOVED] Stages & controls the per-user NGINX environment

https://github.com/OSC/ondemand/tree/master/nginx_stage

MIT License

0 stars 1 forks source link

Request for 'nginx_stage force_stop -u USER' or similar #5

Closed dpjohnson closed 8 years ago

dpjohnson commented 8 years ago

This request is for a 'force_stop/force_clean' feature that would be used initially in conjunction with disabling workshop accounts. The user's shell would be set to /access/denied before forcing the stop and cleanup of the PUN. Any state should be removed, and if possible, SSO credentials should be invalidated.

nickjer commented 8 years ago

To force stop a user's PUN:

nginx_stage nginx --user=bob --signal=stop

This would need to be run after the shell is set to /access/denied. Also it will need to be run on every web node.

Note: nginx_stage will not start up the user's PUN by default if their shell is /access/denied. The default is seen here:

https://github.com/OSC/nginx_stage/blob/b7d28d3cac0ce9be42f9518d9d4ec944eb1aff04/config/nginx_stage.yml.example#L157-L161

and here

https://github.com/OSC/nginx_stage/blob/b7d28d3cac0ce9be42f9518d9d4ec944eb1aff04/lib/nginx_stage/configuration.rb#L359

nickjer commented 8 years ago

SSO credentials being invalidated will have to be handled by Apache and that is a fairly complicated matter.

dpjohnson commented 8 years ago

Thanks for the clarification, forgot about --signal. Let's talk more about invalidating SSO credentials as a separate issue. Should we close this issue, and open a separate one for SSO invalidation, or use this issue?

nickjer commented 8 years ago

Opened server-side cache invalidation portion of this issue in corresponding repo.