EF Tips and Tricks

EnginFrame is a very powerful HPC and visualization session management portal. In this section we want to highlight some of the features and configuration options of EnginFrame.

A powerful overview of EnginFrame customization options can be found in the Technology Showcase available from the startpage of EnginFrame as administrator user.

Automatic Login

The steps to scrape data from Enginframe through curl are the following:

  1. Get JSESSIONID cookie end CSRF token
  2. Make login (use a license)
  3. Retrieve data
  4. Make log out (to release the license)

The following script implements these steps:

#!/bin/bash

workdir='/tmp/'

curl="curl --silent --insecure \
       --cookie $workdir/cookies.txt \
       --cookie-jar $workdir/cookies.txt"

endpoint='http://localhost:8080'

user='efadmin'
password='123456'

function session {
   $curl --junk-session-cookies "$endpoint/enginframe/admin/com.enginframe.admin.xml" > /dev/null
   $curl -X POST \
       -H "Referer: $endpoint/enginframe" \
       -H "FETCH-CSRF-TOKEN: 1" \
       "$endpoint/enginframe/CsrfGuardServlet" | awk -F ':' '{print $1"=" $2}' > $workdir/csrftoken
}

function login {
   $curl -X POST \
       -H "Referer: $endpoint/enginframe" \
       -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
       -H 'Accept-Language: en,it;q=0.5' \
       -H 'Content-Type: application/x-www-form-urlencoded' \
       -H 'Upgrade-Insecure-Requests: 1' \
       --data "_username=$user" \
       --data "_password=$password" \
       --data 'submit=Login' \
       --data $(< $workdir/csrftoken) \
       "$endpoint/enginframe/admin/com.enginframe.admin.xml?_uri=//com.enginframe.admin/server.load" > /dev/null
}

function logout {
   $curl \
       -H "Referer: $endpoint/enginframe" \
       -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
       -H 'Accept-Language: en,it;q=0.5' \
       -H 'Content-Type: application/x-www-form-urlencoded' \
       -H 'Upgrade-Insecure-Requests: 1' \
       "$endpoint/enginframe/admin/com.enginframe.admin.xml?_uri=//com.enginframe.system/logout"  > /dev/null
}

function license_status {
   $curl -X POST \
       -H "Referer: $endpoint/enginframe" \
       -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
       -H 'Accept-Language: en,it;q=0.5' \
       -H 'Content-Type: application/x-www-form-urlencoded' \
       -H 'Upgrade-Insecure-Requests: 1' \
       --data "$(< $workdir/csrftoken)" \
       "$endpoint/enginframe/admin/com.enginframe.admin.xml?_uri=//com.enginframe.admin/view.license.usage"
}

session
login
license_status
logout

To get human readable results install w3m package and pipe the output of the script to:

w3m -dump  -T text/html

To extract only the numbers you need you can use xmllint with an XPath expression.

Add a custom location in EnginFrame File Manager

To add a custom file manager location  in “Files” page, proceed as follows:

  1. Identify the plugin you’re using. E.g. applications, views or demo
    You can also check it by looking at the browser url: it is the string immediately following EnginFrame root context (default: /enginframe), e.g. /enginframe/applications
  2. Log into EnginFrame server node
  3. Change directory to $EF_ROOT/plugins/applications (or your plugin folder), bin subdirectory
  4. Create a file named fm.browse.ui with the following contents:
#!/bin/bash
newFilesLocation=/tmp
 
newFileslabel="Temporary folder"
 
source "${EF_ROOT}/plugins/ef/conf/ef.xmlns.conf"
source "${EF_ROOT}/plugins/ef/lib/xmlfuncs"
 
printf '<ef:ui-configure-widget ui="hydrogen" id="fm-browse" %s %s %s>\n' \
        "${EF_XMLNS_ef}" "${EF_XMLNS_hy}" "${EF_XMLNS_efactions}"
 
vroot=$("${EF_ROOT}/plugins/fm/bin/fm.vroot.create" "${FM_BROWSE_SPOOLER}" 'fm' "file://${newFilesLocation}")
 
printf '<hy:add-vroot id="%s">\n' "${vroot}"
 
printf '<hy:label>%s</hy:label>\n' "$(ef_xml_escape_content --input "${newFileslabel}")"
 
printf '</hy:add-vroot>\n'
printf '</ef:ui-configure-widget>\n'
  1. You can customize the first 2 parameters, the new filesystem location and the associated label in Files page 
  2. Give fm.browse.ui executable permissions:
    chmod +x fm.browse.ui

Multi-Factor-Authentication (MFA) for EnginFrame

EnginFrame SSO and MFA with OKTA

The AWS team has created a guide how to integrate EnginFrame with OKTA to provide Single-Sign-On and MFA.

Add a custom location in EnginFrame File Manager

To add a custom file manager location  in “Files” page, proceed as follows:

  1. Identify the plugin you’re using. E.g. applications, views or demo
    You can also check it by looking at the browser url: it is the string immediately following EnginFrame root context (default: /enginframe), e.g. /enginframe/applications
  2. Log into EnginFrame server node
  3. Change directory to EF_ROOT/plugins/applications (or your plugin folder), bin subdirectory
  4. Create a file named fm.browse.ui with the following contents
#!/bin/bash
newFilesLocation=/tmp
 
newFileslabel="Temporary folder"
 
source "${EF_ROOT}/plugins/ef/conf/ef.xmlns.conf"
source "${EF_ROOT}/plugins/ef/lib/xmlfuncs"
 
printf '<ef:ui-configure-widget ui="hydrogen" id="fm-browse" %s %s %s>\n' \
        "${EF_XMLNS_ef}" "${EF_XMLNS_hy}" "${EF_XMLNS_efactions}"
 
vroot=$("${EF_ROOT}/plugins/fm/bin/fm.vroot.create" "${FM_BROWSE_SPOOLER}" 'fm' "file://${newFilesLocation}")
 
printf '<hy:add-vroot id="%s">\n' "${vroot}"
 
printf '<hy:label>%s</hy:label>\n' "$(ef_xml_escape_content --input "${newFileslabel}")"
 
printf '</hy:add-vroot>\n'
printf '</ef:ui-configure-widget>\n'
  1. You can customize the first 2 parameters, the new filesystem location and the associated label in Files page 
  2. Give fm.browse.ui executable permissions

Some content is inspired by NICE Support articles.

Extend the administration rights to other users

Add the new user in the EF_ADMIN variable:

EF_ADMIN=efadmin,nakagami

You need to do that in two files:

$EF_ROOT/enginframe/conf/enginframe/server.conf
$EF_ROOT/enginframe/conf/enginframe/agent.conf

Replace $EF_ROOT with the base address of your EnginFrame setup.

The you need to restart the service:

systemctl restart enginframe

Session cleanup

To clean persistent of the damaged user, please follow the below steps:

  • Identify all files from the damaged user. As example, the use will be “nisp”.
    ls /opt/nice/enginframe/{repository,sessions,spoolers}/nisp/

    Note: Replace the path with your real EnginFrame path.
  • Stop the EF systemd service:
    systemctl stop enginframe
  • Backup and remove all files and directories found in the previous step.
  • Backup the below files and replace them with original files from fresh users (usually located in /etc/skel directory):
    • .bashrc
    • .bash_profile
    • .profile
  • Then start the EnginFrame again:
    systemctl stop enginframe

Minimizing the built-in account locking mechanism

Edit the file  /opt/nice/enginframe/conf/enginframe/server.conf and set these parameters to mitigate your locking account problem:

ef.account.lockout.after.attempts=1000  # Set an high value
ef.account.lockout.time.admins=0        # Zero disable the lockout for admins
ef.account.lockout.time.users=1         # Minimum time is 1 minute

Then restart the EnginFrame service:

systemctl restart enginframe

Output size of this service exceeds the maximum limit defined in EnginFrame configuration

Please edit your $EF_ROOT/conf/server.conf file and increase the maximum limit:

ef.output.limit=52428800

Then you need to restart EnginFrame service:

systemctl stop enginframe
systemctl start enginframe