- Automatic Login
- Add a custom location in EnginFrame File Manager
- Multi-Factor-Authentication (MFA) for EnginFrame
- EnginFrame SSO and MFA with OKTA
- Add a custom location in EnginFrame File Manager
- Extend the administration rights to other users
- Session cleanup
- Minimizing the built-in account locking mechanism
- Output size of this service exceeds the maximum limit defined in EnginFrame configuration
EnginFrame is a very powerful HPC and visualization session management portal. In this section we want to highlight some of the features and configuration options of EnginFrame.
A powerful overview of EnginFrame customization options can be found in the Technology Showcase available from the startpage of EnginFrame as administrator user.
Automatic Login
The steps to scrape data from Enginframe through curl are the following:
- Get JSESSIONID cookie end CSRF token
- Make login (use a license)
- Retrieve data
- Make log out (to release the license)
The following script implements these steps:
#!/bin/bash
workdir='/tmp/'
curl="curl --silent --insecure \
--cookie $workdir/cookies.txt \
--cookie-jar $workdir/cookies.txt"
endpoint='http://localhost:8080'
user='efadmin'
password='123456'
function session {
$curl --junk-session-cookies "$endpoint/enginframe/admin/com.enginframe.admin.xml" > /dev/null
$curl -X POST \
-H "Referer: $endpoint/enginframe" \
-H "FETCH-CSRF-TOKEN: 1" \
"$endpoint/enginframe/CsrfGuardServlet" | awk -F ':' '{print $1"=" $2}' > $workdir/csrftoken
}
function login {
$curl -X POST \
-H "Referer: $endpoint/enginframe" \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en,it;q=0.5' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Upgrade-Insecure-Requests: 1' \
--data "_username=$user" \
--data "_password=$password" \
--data 'submit=Login' \
--data $(< $workdir/csrftoken) \
"$endpoint/enginframe/admin/com.enginframe.admin.xml?_uri=//com.enginframe.admin/server.load" > /dev/null
}
function logout {
$curl \
-H "Referer: $endpoint/enginframe" \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en,it;q=0.5' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Upgrade-Insecure-Requests: 1' \
"$endpoint/enginframe/admin/com.enginframe.admin.xml?_uri=//com.enginframe.system/logout" > /dev/null
}
function license_status {
$curl -X POST \
-H "Referer: $endpoint/enginframe" \
-H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
-H 'Accept-Language: en,it;q=0.5' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-H 'Upgrade-Insecure-Requests: 1' \
--data "$(< $workdir/csrftoken)" \
"$endpoint/enginframe/admin/com.enginframe.admin.xml?_uri=//com.enginframe.admin/view.license.usage"
}
session
login
license_status
logout
To get human readable results install w3m
package and pipe the output of the script to:
w3m -dump -T text/html
To extract only the numbers you need you can use xmllint
with an XPath expression.
Add a custom location in EnginFrame File Manager
To add a custom file manager location in “Files” page, proceed as follows:
- Identify the plugin you’re using. E.g. applications, views or demo
You can also check it by looking at the browser url: it is the string immediately following EnginFrame root context (default: /enginframe), e.g. /enginframe/applications - Log into EnginFrame server node
- Change directory to $EF_ROOT/plugins/applications (or your plugin folder), bin subdirectory
- Create a file named
fm.browse.ui
with the following contents:
#!/bin/bash
newFilesLocation=/tmp
newFileslabel="Temporary folder"
source "${EF_ROOT}/plugins/ef/conf/ef.xmlns.conf"
source "${EF_ROOT}/plugins/ef/lib/xmlfuncs"
printf '<ef:ui-configure-widget ui="hydrogen" id="fm-browse" %s %s %s>\n' \
"${EF_XMLNS_ef}" "${EF_XMLNS_hy}" "${EF_XMLNS_efactions}"
vroot=$("${EF_ROOT}/plugins/fm/bin/fm.vroot.create" "${FM_BROWSE_SPOOLER}" 'fm' "file://${newFilesLocation}")
printf '<hy:add-vroot id="%s">\n' "${vroot}"
printf '<hy:label>%s</hy:label>\n' "$(ef_xml_escape_content --input "${newFileslabel}")"
printf '</hy:add-vroot>\n'
printf '</ef:ui-configure-widget>\n'
- You can customize the first 2 parameters, the new filesystem location and the associated label in Files page
- Give fm.browse.ui executable permissions:
chmod +x fm.browse.ui
Multi-Factor-Authentication (MFA) for EnginFrame
EnginFrame SSO and MFA with OKTA
The AWS team has created a guide how to integrate EnginFrame with OKTA to provide Single-Sign-On and MFA.
Add a custom location in EnginFrame File Manager
To add a custom file manager location in “Files” page, proceed as follows:
- Identify the plugin you’re using. E.g. applications, views or demo
You can also check it by looking at the browser url: it is the string immediately following EnginFrame root context (default: /enginframe), e.g. /enginframe/applications - Log into EnginFrame server node
- Change directory to EF_ROOT/plugins/applications (or your plugin folder), bin subdirectory
- Create a file named fm.browse.ui with the following contents
#!/bin/bash
newFilesLocation=/tmp
newFileslabel="Temporary folder"
source "${EF_ROOT}/plugins/ef/conf/ef.xmlns.conf"
source "${EF_ROOT}/plugins/ef/lib/xmlfuncs"
printf '<ef:ui-configure-widget ui="hydrogen" id="fm-browse" %s %s %s>\n' \
"${EF_XMLNS_ef}" "${EF_XMLNS_hy}" "${EF_XMLNS_efactions}"
vroot=$("${EF_ROOT}/plugins/fm/bin/fm.vroot.create" "${FM_BROWSE_SPOOLER}" 'fm' "file://${newFilesLocation}")
printf '<hy:add-vroot id="%s">\n' "${vroot}"
printf '<hy:label>%s</hy:label>\n' "$(ef_xml_escape_content --input "${newFileslabel}")"
printf '</hy:add-vroot>\n'
printf '</ef:ui-configure-widget>\n'
- You can customize the first 2 parameters, the new filesystem location and the associated label in Files page
- Give fm.browse.ui executable permissions
Some content is inspired by NICE Support articles.
Extend the administration rights to other users
Add the new user in the EF_ADMIN
variable:
EF_ADMIN=efadmin,nakagami
You need to do that in two files:
$EF_ROOT/enginframe/conf/enginframe/server.conf
$EF_ROOT/enginframe/conf/enginframe/agent.conf
Replace $EF_ROOT with the base address of your EnginFrame setup.
The you need to restart the service:
systemctl restart enginframe
Session cleanup
To clean persistent of the damaged user, please follow the below steps:
- Identify all files from the damaged user. As example, the use will be “nisp”.
ls /opt/nice/enginframe/{repository,sessions,spoolers}/nisp/
Note: Replace the path with your real EnginFrame path. - Stop the EF systemd service:
systemctl stop enginframe
- Backup and remove all files and directories found in the previous step.
- Backup the below files and replace them with original files from fresh users (usually located in
/etc/skel
directory):.bashrc
.bash_profile
.profile
- Then start the EnginFrame again:
systemctl stop enginframe
Minimizing the built-in account locking mechanism
Edit the file /opt/nice/enginframe/conf/enginframe/server.conf and set these parameters to mitigate your locking account problem:
ef.account.lockout.after.attempts=1000 # Set an high value
ef.account.lockout.time.admins=0 # Zero disable the lockout for admins
ef.account.lockout.time.users=1 # Minimum time is 1 minute
Then restart the EnginFrame service:
systemctl restart enginframe
Output size of this service exceeds the maximum limit defined in EnginFrame configuration
Please edit your $EF_ROOT/conf/server.conf file and increase the maximum limit:
ef.output.limit=52428800
Then you need to restart EnginFrame service:
systemctl stop enginframe
systemctl start enginframe