I’m trying to customize the navbar to remove “Jobs, Clusters, Interactive Apps, My Interactive Sessions.” Eventually I want to put these back when compute resources become available in this environment, but we want to avoid confusing users for now. The critical part of OOD for us at the moment is the Files app, which has functionality duplicated by no other software I can find – the ability to impersonate users with PUNs is unique and incredibly useful. We have a use case where we have multiple scientific instruments not joined to any directory services and want to be able to put data via the web to a centralized research data system. Something like WinSCP is out because it encourages users to save passwords in the client (and web accessibility is in general much friendlier to the researchers we’re working with).
Per these instructions I added /etc/ood/config/apps/dashboard/initializers/ood.rb with NavConfig.categories_whitelist=true and NavConfig.categories=[“Files”] in it, but that doesn’t seem to have changed anything.
That should work. I’d restart your web server (at the top right) to make sure you get the most recent config.
I was able to widdle it down to this.
And looking at the code “My Interactive Sessions” will show up if you have app development enabled. So if you have a 2 or more machines for prod and dev/test then you can disable it in production and enable it elsewhere.
Set these 2 environment variables to get rid of the all apps link and to disable development (which shows “My Interactive Sessions”.
# in /etc/ood/config/apps/dashboard/env
SHOW_ALL_APPS_LINK=false
OOD_APP_DEVELOPMENT=false
(Actually: one other question: my LDAP logins work, but I can’t log out. Every time I try to log out it returns me to the dashboard with the same user logged in. How do I troubleshoot this?)
I don’t believe apache’s basic auth (which is what LDAP is) supports logouts.
And now that you remind me, htttd’s basic auth is not so secure, so we’d suggest running dex Open ID connector for additional security. We ship an ondemand-dex RPM and it can hook into your ldap. Though I believe it doesn’t support logout either (I seem to recall a forked version that does but it lacks other features?).
In any case, your authentication method needs to support logout for this feature to work. Though it seems like we always enable the link, so maybe we should allow for a configuration to remove it.
You are right! I’m using the ondemand-dex RPM in order to do my LDAP logins. It does seem to just be a matter of making a cookie go away, because if I open an incog window everything is fine and I get to log in again. My knowledge of this kind of thing is extremely small but I’d imagine there’s some way of coding the “Logout” link to tell the browser to forget the cookie?
As a side note, I thought your solution was going to work and marked it as the solution, but it doesn’t appear to have done anything either Other thoughts?
To the feature not working, I guess I’d make sure that ood.rb is world readable to be sure your unprivileged user can load it. And just to be clear - you’re restarting your webserver to see changes take affect?
As to dex and logouts if I search their code base it looks like it’s been suggested and may be worked on.
Other thoughts?