Execution Server Configuration (2.X)

Execution Server Configuration

The execution server configuration is set in the file "/ etc/vpl/vpl-jail-system.conf ". The configuration file can contain blank lines and comments (lines beginning with #) and parameters of form "PARAMETER=VALUE" (No space allowed). The accepted parameters are:

JAILPATH Specifies the directory where the jail runtime file system is located. Default: "/jail "

MIN_PRISONER_UGID : Sets the first valid UID/GID for use as a temporary user. Default: 10000

MAX_PRISONER_UGID : Sets the last valid UID/GID for use as a temporary user. Default: 20000

MAXTIME : Maximum execution time in seconds for any request. Default 600

MAXFILESIZE : Maximum size in bytes of any new file. Default 64,000,000 .

MAXMEMORY : Maximum size in bytes of memory used by a task. Default 2000000000.

MAXPROCESSES : Maximum number of processes to run simultaneously on a task. Default 500

CONTROLPATH : Directory where the system stores information about requests in progress. Default "/var/vpl -jail-system"

TASK_ONLY_FROM : IPs or networks (type A, B or C ) from which execution requests are accepted. You can set multiple separated by spaces.  If this property is not set the server will accept requests from any machine that set the correct URLPATH. Default not set.

IP Format: Numeric notation . Example: 127.0.1.1

Network Format : Numeric notation by a period. Example: 10.1.

INTERFACE : Sets server IP that should be used to provide the service. By default the service is served on all server IPs.

PORT: Sets the server port number for http and ws. Default 80.

SECURE_PORT : Sets the server port number for https and wss. Default 443.

URLPATH: Represents the PATH expected in execution requests. It acts as a password, if the URL PATH in the execution request does not match, the request is rejected. By default "/"

Since version 2.1

FIREWALL: The service configures the linux firewall (iptables) when is started or stopped. This parameter accept numeric values from 0 to 4, this values represent the level of protection:
0: No firewall
1: Allow only incoming requests to the execution service, the outgoing requests are unlimited.
2: Allow only incoming requests to the execution service, the outgoing requests are limited to DNS and ports 80/443 (http), the superuser requests are unlimited.
3: Allow only incoming requests to the execution service, the outgoing requests are forbidden, the superuser requests are unlimited..
4: Allow only incoming requests to the execution service, the outgoing requests are forbidden.

If you want to update/upgrade your system and you are using firewall level 4 then you must first stop the vpl-jail-service.
The default value for this parameter is 0.

Since version 2.2

ENVPATH: This parameter set the value of the PATH environment variable to be used in the jail. This parameter removes problems with software that need a different PATH. By default, the jail system uses the value of the PATH of the root user. Also it is needed in OSes, like RedHat and related, where common users use a different PATH that root user. If you are using this type of OS you must take the value of the PATH enviroment variable of a common user (echo $PATH) and copy it here.

Updating/installing software

Never add manually files or folders to the jail folder. To upgrade or install new software into your execution server, just upgrade/install normally your software and restart the service.