[ci skip] Autodoc commit for 2aac218a0ef3453badffddcd9c4d20b768404d58.

latest/_sources/authentication/oidc.rst.txt

@@ -12,7 +12,7 @@ The following prerequisites need to be satisfied:
 
 .. note::
 
-   OnDemand repos provide the ``httpd24-mod_auth_openidc`` RPM for RHEL 7 and CentOS 7 as it must be built against SCL Apache. The OnDemand repos also have the ``mod_auth_openidc`` RPM for RHEL 8 and Rocky 8 that are newer than what the OS provides to make use of some newer features.
+   The OnDemand repos have the ``mod_auth_openidc`` RPM for RHEL 8 and Rocky 8 that are newer than what the OS provides to make use of some newer features.
 
 The following is an example :program:`ood-portal-generator` configuration file:
 

latest/_sources/authentication/shibboleth.rst.txt

@@ -47,12 +47,12 @@ such:
    logout_redirect: /Shibboleth.sso/Logout?return=https%3A%2F%2Fidp.my-center.edu%2Fidp%2Fprofile%2FLogout
 
    # Capture system user name from authenticated user name
-   user_map_cmd: "/opt/ood/ood_auth_map/bin/ood_auth_map.regex --regex='^(\\w+)@my-center.edu'"
+   user_map_match: '([^@]+)@my-center.edu'
 
 
 In the example above:
 
-- The ``user_map_cmd`` uses regular expressions to map the authenticated user
+- The ``user_map_match`` uses regular expressions to map the authenticated user
   ``[email protected]`` to their system user name ``bob``.
 - The ``RequestHeader`` settings are used to strip private session information
   from being sent to the backend web servers.

latest/_sources/customizations.rst.txt

@@ -7,6 +7,37 @@ Customizations
   Check out the :ref:`pun-environment` for an overview of how environment variables can be
   added.
 
+.. _disabling_applications:
+
+Disabling applications
+----------------------
+
+OnDemand is comprised of a few components. Each of which you can disable or limit
+access by simply changing the file permissions of the application.
+
+All the applications OnDemand installs are located in `/var/www/ood/apps/sys`.
+So, for example, if you wished to disable the file browser you would simply
+change it's directory to 700 so it's unreadable by regular users.
+
+When this directory is unreadable by regular users, the functionality
+it provides will be disabeled.
+
+.. code-block:: sh
+
+  sudo chmod 700 /var/www/ood/apps/sys/files
+
+Alternatively, if you wished to limit acess you can do so through group
+permissions. For example, if you wanted to limit access to the file browser
+to only memebers in the Unix group ``staff``, you would simply apply the
+applicable file permission such that anonymous users cannot access the
+directory while members of the ``staff`` Unix group can.
+
+.. code-block:: sh
+
+  sudo chmod 750 /var/www/ood/apps/sys/files
+  sudo chown root:staff /var/www/ood/apps/sys/files
+
+
 Announcements
 -------------
 

latest/_sources/how-tos/debug/debug-apache.rst.txt

@@ -23,13 +23,6 @@ Restart services
 
    .. tabs::
 
-      .. tab:: RHEL/CentOS 7
-
-        .. code-block:: sh
-
-          sudo systemctl try-restart httpd24-httpd
-
-
       .. tab:: RHEL/Rocky 8 & 9
 
          .. code-block:: sh
@@ -61,12 +54,6 @@ Or you're using the wrong hostname in your browser.
 
    .. tabs::
 
-      .. tab:: RHEL/CentOS 7
-
-        .. code-block:: sh
-
-          sudo /opt/rh/httpd24/root/sbin/httpd -S
-
       .. tab:: RHEL/Rocky 8 & 9
 
          .. code-block:: sh

latest/_sources/how-tos/monitoring/prometheus.rst.txt

@@ -33,20 +33,13 @@ For yum/dnf based systems the `ondemand_exporter`_ can be installed via RPM.
 
 The RPM will install the following files that should work out of the box:
 
-- **RHEL/CentOS 7 only**: /opt/rh/httpd24/root/etc/httpd/conf.d/ondemand_exporter.conf
 - **RHEL/Rocky/AlmaLinux 8 & 9 only**: /etc/httpd/conf.d/ondemand_exporter.conf
 - /etc/sudoers.d/ondemand_exporter
 
 Ensure that the new Apache configuration is loaded by restarting Apache
 
 .. tabs::
 
-   .. tab:: RHEL/CentOS 7
-
-      .. code-block:: sh
-
-         sudo systemctl restart httpd24-httpd
-
    .. tab:: RHEL/Rocky/Alma Linux 8 & 9
 
       .. code-block:: sh
@@ -82,13 +75,6 @@ Check for the `ondemand_exporter Latest Release`_ version number.  Replace ``VER
 
 .. tabs::
 
-   .. tab:: RHEL/CentOS 7
-
-      .. code-block:: sh
-
-         sudo install -o root -g root -m 0440 /tmp/${ARCHIVE}/files/apache.conf /opt/rh/httpd24/root/etc/httpd/conf.d/ondemand_exporter.conf
-         sudo systemctl restart httpd24-httpd
-
    .. tab:: RHEL/Rocky/Alma Linux 8 & 9
 
       .. code-block:: sh

latest/_sources/installation.rst.txt

@@ -6,7 +6,7 @@ Installation
 The OnDemand host machine needs to be setup *similarly* to a login node. This
 means that it will need:
 
-- RedHat/CentOS 7+ or Ubuntu 20.04-22.04 or Debian 12 or Amazon Linux 2023
+- RedHat/RockyLinux/AlmaLinux 8+ or Ubuntu 20.04-22.04 or Debian 12 or Amazon Linux 2023
 - the resource manager (e.g., Torque, Slurm, or LSF) client binaries and
   libraries used by the batch servers installed
 - configuration on both OnDemand node **and batch servers** to be able to

latest/_sources/installation/install-software.rst.txt

@@ -33,13 +33,6 @@ Some operating systems use `Software Collections`_ to satisfy these.
 
 .. tabs::
 
-   .. tab:: CentOS 7
-
-      .. code-block:: sh
-
-         sudo yum install centos-release-scl epel-release
-
-
    .. tab:: RockyLinux/Alma Linux 8
 
       .. code-block:: sh
@@ -79,14 +72,6 @@ Some operating systems use `Software Collections`_ to satisfy these.
 
    .. tabs::
 
-      .. tab:: RedHat/CentOS 7
-
-         .. code-block:: sh
-
-            sudo yum install https://yum.osc.edu/ondemand/{{ ondemand_version }}/ondemand-release-web-{{ ondemand_version }}-1.el7.noarch.rpm
-
-            sudo yum install ondemand
-
       .. tab:: RedHat/Rocky Linux/AlmaLinux 8
 
          .. code-block:: sh
@@ -149,14 +134,6 @@ Some operating systems use `Software Collections`_ to satisfy these.
 
    .. tabs::
 
-      .. tab:: RHEL/CentOS 7
-
-        .. code-block:: sh
-
-          sudo systemctl start httpd24-httpd
-          sudo systemctl enable httpd24-httpd
-
-
       .. tab:: RHEL/Rocky 8 & 9
 
          .. code-block:: sh

latest/_sources/installation/resource-manager/test.rst.txt

@@ -22,18 +22,6 @@ configuration files.
 
 #. We will now list all available tasks that we can run:
 
-   .. rubric:: If your operating system is CentOS 7 or RHEL 7, run this command:
-
-   .. code-block:: sh
-
-      scl enable ondemand -- bin/rake -T test:jobs
-      # rake test:jobs           # Test all clusters
-      # rake test:jobs:cluster1  # Test the cluster: cluster1
-      # rake test:jobs:cluster2  # Test the cluster: cluster2
-
-
-   .. rubric:: Otherwise, run this command:
-
    .. code-block:: sh
 
       source /opt/ood/ondemand/enable

latest/_sources/reference/files/nginx-stage-yml.rst.txt

@@ -788,16 +788,12 @@ Configuration Options
         min_uid: 1000
 
    Example
-     Using CentOS 6
+     Define new minimum UID
 
      .. code-block:: yaml
 
         min_uid: 500
 
-   .. note::
-
-      For RHEL6 and CentOS 6 the user id's begin at ``500``.
-
 .. _disabled_shell:
 
 .. describe:: disabled_shell (String)

latest/_sources/reference/files/ood-portal-yml.rst.txt

@@ -73,7 +73,8 @@ Configure General Options
 
         .. code-block:: yaml
 
-          servername: "class.my-cool-site.example.edu"
+          server_aliases: 
+             - "class.my-cool-site.example.edu"
 
 .. describe:: proxy_server (String, null)
 
@@ -1262,4 +1263,4 @@ to ``null`` will disable this feature.
           dex: false
 
 .. _auth_openidc.conf: https://github.com/zmartzone/mod_auth_openidc/blob/master/auth_openidc.conf
-.. _documentation on lua patterns: https://www.lua.org/manual/5.1/manual.html#5.4.1
+.. _documentation on lua patterns: https://www.lua.org/manual/5.1/manual.html#5.4.1

latest/_sources/reference/files/submit-yml/basic-bc-options.rst.txt

@@ -235,7 +235,7 @@ Basic Batch Connect Options
           # careful now, we can't override run_file or we have to
           # change it here too!  This also doesn't account for timeout,
           # if it's provided.
-          IMAGE=/opt/images/centos7.sif
+          IMAGE=/opt/images/el9.sif
           singularity exec -p $IMAGE /bin/bash script.sh
 
 .. describe:: script_file (String, "./script.sh")

latest/_sources/requirements.rst.txt

@@ -17,7 +17,6 @@ At this time OnDemand only supports the following operating systems and architec
    :header: "","x86_64","aarch64/arm64","ppc64le"
    :stub-columns: 1
 
-   "RedHat/CentOS 7",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`✅`
    "RedHat/Rocky Linux/AlmaLinux 8",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`✅`
    "RedHat/Rocky Linux/AlmaLinux 9",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`✅`
    "Ubuntu 20.04",:raw-html:`✅`,:raw-html:`✅`,:raw-html:`❌`

latest/_sources/security.rst.txt

@@ -7,6 +7,9 @@ Introduction
 ------------
 This document details the security framework for Open OnDemand, providing essential information that administrators need to know for secure deployment and operation.
 
+.. note::
+  If you're here to report a vulerability, you may refer to :ref:`vulnerability-management`.
+
 Considerations
 --------------
 This section outlines key security advantages and areas for vigilance within the Open OnDemand environment.
@@ -32,14 +35,8 @@ that some centers may want to change or disable altogether.
 - **File Access**: OnDemand lets users navigate the file system. While file permissions
   limit what a user can view and navigate to, some centers may want to limit this even further.
   One option is to :ref:`set-file-allowlist` to limit what directories users may navigate to.
-
-
-Additional Information
-----------------------
-
-- **Vulnerability Management**: Active management of security weaknesses includes regular updates and patches. Detailed processes and current security advisories are available at :ref:`vulnerability-management`.
-
-- **Security Audits**: The platform undergoes periodic security audits by Trusted CI, the NSF Cybersecurity Center of Excellence. Summaries of these audits are available, with the latest report accessible `here <https://openondemand.org/sites/default/files/documents/Trusted%20CI%20Open%20OnDemand%20Engagement%20Final%20Report%20-%20REDACTED%20FOR%20PUBLIC%20RELEASE%20210712_0.pdf>`_.
+  Additionally, you may want to disable or limit access to the application. You can do this
+  through :ref:`disabling_applications`.
 
 Conclusion
 ----------

latest/authentication/oidc.html

@@ -229,7 +229,7 @@
 </ul>
 <div class="admonition note">
 <p class="admonition-title">Note</p>
-<p>OnDemand repos provide the <code class="docutils literal notranslate"><span class="pre">httpd24-mod_auth_openidc</span></code> RPM for RHEL 7 and CentOS 7 as it must be built against SCL Apache. The OnDemand repos also have the <code class="docutils literal notranslate"><span class="pre">mod_auth_openidc</span></code> RPM for RHEL 8 and Rocky 8 that are newer than what the OS provides to make use of some newer features.</p>
+<p>The OnDemand repos have the <code class="docutils literal notranslate"><span class="pre">mod_auth_openidc</span></code> RPM for RHEL 8 and Rocky 8 that are newer than what the OS provides to make use of some newer features.</p>
 </div>
 <p>The following is an example <strong class="program">ood-portal-generator</strong> configuration file:</p>
 <div class="highlight-yaml notranslate"><div class="highlight"><pre><span></span><span class="c1"># /etc/ood/config/ood_portal.yml</span><span class="w"></span>

latest/authentication/overview.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/overview/configure-authentication.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/overview/configure-logout.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/overview/map-user.html

@@ -129,7 +129,6 @@
 <li class="toctree-l1 current"><a class="reference internal" href="../../security.html">Security</a><ul class="current">
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#introduction">Introduction</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#considerations">Considerations</a></li>
-<li class="toctree-l2"><a class="reference internal" href="../../security.html#additional-information">Additional Information</a></li>
 <li class="toctree-l2"><a class="reference internal" href="../../security.html#conclusion">Conclusion</a></li>
 <li class="toctree-l2 current"><a class="reference internal" href="../../security.html#relevant-references">Relevant References</a><ul class="current">
 <li class="toctree-l3"><a class="reference internal" href="../../security/vulnerability-management.html">Vulnerability Management</a></li>

latest/authentication/shibboleth.html

@@ -261,12 +261,12 @@
 <span class="nt">logout_redirect</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">/Shibboleth.sso/Logout?return=https%3A%2F%2Fidp.my-center.edu%2Fidp%2Fprofile%2FLogout</span><span class="w"></span>
 
 <span class="c1"># Capture system user name from authenticated user name</span><span class="w"></span>
-<span class="nt">user_map_cmd</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/opt/ood/ood_auth_map/bin/ood_auth_map.regex</span><span class="nv"> </span><span class="s">--regex=&#39;^(\\w+)@my-center.edu&#39;&quot;</span><span class="w"></span>
+<span class="nt">user_map_match</span><span class="p">:</span><span class="w"> </span><span class="s">&#39;([^@]+)@my-center.edu&#39;</span><span class="w"></span>
 </pre></div>
 </div>
 <p>In the example above:</p>
 <ul class="simple">
-<li><p>The <code class="docutils literal notranslate"><span class="pre">user_map_cmd</span></code> uses regular expressions to map the authenticated user
+<li><p>The <code class="docutils literal notranslate"><span class="pre">user_map_match</span></code> uses regular expressions to map the authenticated user
 <code class="docutils literal notranslate"><span class="pre">bob&#64;my-center.edu</span></code> to their system user name <code class="docutils literal notranslate"><span class="pre">bob</span></code>.</p></li>
 <li><p>The <code class="docutils literal notranslate"><span class="pre">RequestHeader</span></code> settings are used to strip private session information
 from being sent to the backend web servers.</p></li>