[LON-CAPA-users] error on new course

Mueller, James A. mueller at pitt.edu
Sat Sep 17 21:49:52 EDT 2016


Stuart,
Whoa!  It is a library server?  Sounds like we need to have a talk with colleagues in the math department.
-Jim

On Sep 17, 2016, at 6:46 PM, Stuart Raeburn <raeburn at msu.edu<mailto:raeburn at msu.edu>> wrote:

Jim,

This problem is the result of the fact there are two users with the same username (for this "Domain Coordinator" account) in the pitt domain.

The home server for the original one is the physics server (pittphyast1).

That DC user must also have been assigned an authoring role at some point, and either your colleague was logged in as that user when authoring those resources, or a co-author role was assigned, and the co-author role was used when creating them.

More recently an identical username was assigned to a new user on the second library server/VM (pittmath2) added this summer (in Math) to the pitt LON-CAPA domain.

Ordinarily, LON-CAPA will prevent creation of duplicate usernames on different library servers in the same domain. However, there is an exception when make_domain_coordinator.pl is run from the command line.

My assumption is that make_domain_coordinator.pl was run on the new pittmath2 library server, and unfortunately the username chosen for the new Domain Coordinator was the same as the one which already existed on pittphyast1.

What happens then, when you attempt to browse this user's directory in /res/pitt/XXXXXX, is that LON-CAPA first checks the homeserver for the user, and it accepts the first "found" result, which comes from pittmath2. (The result is also cached in %homecache in an Apache child).

LON-CAPA then requests a directory listing from /home/httpd/html/res/pitt/XXXXXX on pittmath2, but finds nothing there - hence "Directory does not exist" is reported.

The same occurs when other servers (excluding pittphyast1) attempt to display published resources from /res/pitt/XXXXXX.

If the server doesn't already have the resources, then it will contact the author's homeserver to subscribe, and then, once subscribed, the content will be replicated from pittphyast1 to the other server.

In this case, though, it is contacts pittmath2 (the author's homeserver), but that server doesn't have the  content, so it can't be replicated.

The solution to this is for the system administrator in Math to use the command line on pittmath2 to:

(a) Run expire_DC_role.pl to expire the DC role for the XXXXXX:pitt user on pittmath2.

(b) Delete the XXXXXX user from /home/httpd/lonUsers/1/2/3/XXXXXX (where 1,2, and 3 are the first three characters in the XXXXXX username).

(c) Run make_domain_coordinator.pl on pittmath2, if a second Domain Coordinator account is needed, (or run add_domain_coordinator_privilege.pl on pittmath2 to assign a DC role to an existing user, for which pittmath2 is the home server).

After reload of the Apache web server on each of the LON-CAPA servers in the pitt domain, then the homeserver for the XXXXXX:pitt user will be correctly identified as pittphyast1, and the directory /res/pitt/XXXXXX will no longer be reported as non-existent, and content will be replicated from there to other servers hosting sessions for pitt users.


One thing I found in doing this was that the math IT person, has  moved the math server over to a vm on a machine in the universities  data center.  This allows them to use the university single login  rather than the local login that is used by the physics servers.

>From a technical standpoint it seems to me that use of Shibboleth authentication can easily be supported for all pitt users by requiring log-in to LON-CAPA via https://na01.safelinks.protection.outlook.com/?url=https%3a%2f%2fhomework2.math.pitt.edu&data=01%7c01%7cmueller%40pitt.edu%7c4260bde034454c7f01de08d3df4d1274%7c9ef9f489e0a04eeb87cc3a526112fd0d%7c1&sdata=C6u1nYdZCzayOdpgBWCkVqnuOx6nqeNaRPR4OJFWWnM%3d (which has Shibboleth installed) as long as the usernames used for users for whom pittphyast1 is the homeserver are standard Pitt Passport usernames. (For non-standard usernames the URL: /adm/login, i.e., non-SSO log-in, would need to be used).

>From a purely technical standpoint, it would make sense to make pittmath2 an access server, and also configure it as a LON-CAPA load balancer for the pitt domain.  If that were done, resources allocated to the VM could be reduced significantly.  If any users have been created on it in /home/httpd/lonUsers/pitt they could be moved to pittphyast1.

There may be other (non-technical) reasons why the two departments wish to run their own library servers within the pitt LON-CAPA domain, and LON-CAPA is also perfectly able to support that configuration (just don't duplicate usernames on the two library servers when creating users via the command line).


Stuart Raeburn
LON-CAPA Academic Consortium

Quoting "Mueller, James A." <mueller at pitt.edu<mailto:mueller at pitt.edu>>:

Stuart,
Thanks for the very detailed instructions.  I now have a related  problem and some understanding of what might have been the cause of  my problem before.

There are a set of .problem files that were written 7-8 years ago by  a professor who has since retired.  What is strange is that he did  not create these under his own author area but somehow in an area I  would associate with the domain coordinator  ?/res/pitt/XXXXXX?  where XXXXXX is the username for the domain coordinator.  Now we  have just been cloning the course every year, and that works fine  from the physics server, but they cannot be seen from the math  server.  Thus cloning failed when run from the math server.
Now that the course is set up, I see students who end up on the math  server still can?t view those problems.  From the physics server,  for students in my course, they click on the problem and all is  fine.  But if they are on the math access server, they see an error  message like ?Unable to find MeteoroidsInertial.problem?.
In addition, if as course coordinator I try to browse resources  (from either server), it shows and Area XXXXXX under /res/pitt, but  if I click on it, it says ?Directory does not exist?.  On the other hand, I can log into the library server, do an ls on that area  (/home/httpd/html/res/pitt/XXXXXX?) and see all the files.  So I  guess I need to copy all the .problem files over to a valid author  area (mine probably), republish them, and move the links in my  course to new versions of the problems for future terms.

One thing I found in doing this was that the math IT person, has  moved the math server over to a vm on a machine in the universities  data center.  This allows them to use the university single login  rather than the local login that is used by the physics servers.   Probably not a good idea to have the math access server run  differently from the physics access and library servers, so that is  something we should probably standardize in the near future.

-Jim


_______________________________________________
LON-CAPA-users mailing list
LON-CAPA-users at mail.lon-capa.org<mailto:LON-CAPA-users at mail.lon-capa.org>
https://na01.safelinks.protection.outlook.com/?url=http%3a%2f%2fmail.lon-capa.org%2fmailman%2flistinfo%2flon-capa-users&data=01%7c01%7cmueller%40pitt.edu%7c4260bde034454c7f01de08d3df4d1274%7c9ef9f489e0a04eeb87cc3a526112fd0d%7c1&sdata=gbXPa2gUmrGoJAhZ5pCjjdi%2b2f3dc%2bK859bpZ74rftA%3d

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.lon-capa.org/pipermail/lon-capa-users/attachments/20160918/f9c001a2/attachment-0001.html>


More information about the LON-CAPA-users mailing list