Instructions for NAASC Deployment of New Versions of ALMA Science Portal & Observing Tool

Science Portal

Instructions for version 3 of Plone

http://almasw.hq.eso.org/almasw/bin/view/Archive/PortalInstallationInstructions#Default_Plone_Installation

NRAO-Specific installation process

For quality assurance, we perform two-stage installation: first to a test server, then to the production server.

1. Login to host rhel-vmware-alma

2. cd /opt/services/src/repos/UserPortal.cvsimport

3. Login to CVS:

export CVSROOT=:pserver:readonly@almacm01.aoc.nrao.edu:2401/project2/CVS

cvs login

1read0nly

4. import the latest code from the ALMA CVS into GIT:

git cvsimport -v -d $CVSROOT -C . ARCHIVE/UserPortal

5. clone the JAO codebase into a local NRAO git repository using the current date:

cd /opt/services/src/repos/

git clone UserPortal.cvsimport UserPortal-2011-04-21 (or whatever is the current date)

cd UserPortal-2011-04-21

Install the portal to the test server

(Steps 0 through 2 are not applicable for NAASC)

0) Checkuot the UserPortal from the ALMA cvs: cvs co ARCHIVE/UserPortal

1) cd ARCHIVE/UserPortal

2) export PATH=/opsw/util/bin:$PATH

3) /opt/services/syncd/python-2.4.6/bin/python2.4 bootstrap.py (NOTE This should be a python of the 2.4 series, the latest is 2.4.6. Plone is not compatible to any later version)

(Step 4 not applicable for NAASC)

4) export ORACLE_HOME=/usr/lib/oracle/11.2/client64/lib/ export ORACLE_HOME=/opsw/util/oracle_instantclient (NOTE This obviously means that the Oracle instantclient has to be installed in that location! The installation of the Oracle instantclient is part of the NGAS installation. There is a script 'install_instantclient.sh) in the ARCHIVE/NGAS/Installation/ngasSys/common module which carries out the installation, but requires that the path /opsw/util exists. Depending on the architecture of the target OS, 32 or 64 bit, this script also requires the appropriate Oracle tar file, which can also be found in the same module under CVS)

(This is a work-around - it IS applicable for NAASC)

cp ../../repos/cx_Oracle-5.0.4-py2.4-linux-x86_64.egg eggs/

5) bin/buildout -N

(NOTE: You have to be on-line to perform the buildout, there are a lot of components downloaded from the web and then compiled and installed.


wait!! There will be a number of errors and warnings which can usually be ignored

At the end of a successful buildout you should see the following lines: ==

Installing omelette. omelette: (While processing egg cx-Oracle) Package 'cx_Oracle' is zipped. Skipping. omelette: (While processing egg elementtree) Package 'elementtree' is zipped. Skipping. omelette: (While processing egg demjson) Package 'demjson' is zipped. Skipping. omelette: (While processing egg simplejson) Package 'simplejson' is zipped. Skipping. omelette: (While processing egg python-openid) Package 'openid' is zipped. Skipping.

==

6) cp src/Extensions/* parts/instance/Extensions/.
(NOTE
This step will eventually be removed and the scripts installed during the buildout. If buildout is run again this step has to be repeated as well!)

===

Startup of the UserPortal on the test host

1. bin/instance fg

2. check for proper functioning by browsing to http://rhel-vmware-alma:9080/asa

3. setup NRAO logos

Installation on production host

1. login to jerrylee

2. clone the test installation from rhel-vmware-alma.

cd /opt/services/src/repos/

git clone ssh://ksharp@rhel-vmware-alma/opt/services/src/repos/UserPortal-2011-04-21

3. bin/buildout -N

4. cd UserPortal-2011-04-21

5. test the prod install on port 9080

bin/instance fg

test the site at http://jerrylee:9080/asa

stop the test instance

6. change the port number to 9081

vim ./parts/instance/etc/zope.conf

7. stop the old production service

sudo /etc/init.d/plone stop

8. unlink the old version

unlink /opt/services/UserPortal

9. link the new version

ln -s /opt/services/src/repos/UserPortal-2011-04-21 UserPortal

10. start the new production service

sudo /etc/init.d/plone start

Instructions from Alvaro Aguirre for version 4 of Plone:

######################################################################################### # I forgot to say.........To install the portal configurations go to Site Setup > Add-ons and activate the # 'ALMA Portal Policy 0.1', this will automatically configure ldap, oracle connection,registration, science queries, etc... ##########################################################################################

Hi guys,

I have uploaded to CVS, under ARCHIVE/SciencePortal the Plone 4 version of the SP/UP Portal.

Installation Instructions:

(I will upload these instructions on the wiki page. There is a README file with the instructions also)

Main Features:

- all general configuration in one file, buildout.cfg - cache support using varnish - ZODB backup support - Zeoserver (for load balancing) - pdf text indexing (soon Word) - production configuration - single sign out

Changelog:

- plone.app.ldap was totally removed due this was an unnecessary product. - collective.castle was removed and replaced with anz.casclient that has a better support for CAS 2.0, single sign out included. - The theme has not been installed yet, because plone 4 has a tableless theme that is a better start point to design a new theme from the scratch and I prefer to wait until we get the new requirements. - some very minor changes were necessary in some products because of python 2.6 and the new zope version used.

Pre-requisites:

OS: Red Hat Enterprise Linux Server release 5.6 (Tikanga) OS libraries: yum install libxml2-devel yum install libxslt2-devel yum install openssl yum install openssl-devel yum install openldap-devel yum install libjpeg-devel yum install zlib-devel yum install freetype-devel yum install pcre-devel yum install poppler-utils

Oracle Instant Client:

  1. Download from: http://www.oracle.com/technetwork/database/features/instant-client/index-100365.html
  2. unzip the client in some directory.
  3. Create symbolic links
      1. ln -s libocci.so.11.1 libocci.so
      2. ln -s libclntsh.so.11.1 libclntsh.so
  4. Set LD_LIBRARY_PATH pointing to the install client directory

The installation of the python libraries has been distributed in 3 levels, although everything (cx_oracle, ldap, etc) can be installed by buildout, I preferred to separate the installation by context.

ie:

Level 1: python + oracle support + ldap support + pil Level 2: sand-boxed python installation. Level 3: zope + plone + varnish

Installation Process:

  1. Python 2.6
      1. wget http://www.python.org/ftp/python/2.6.6/Python-2.6.6.tar.bz2
      2. tar -xvjf Python-2.6.6.tar.bz2
      3. cd Python-2.6.6
      4. ./configure --prefix=/your-preferred-directory/
      5. make
      6. make install
  2. PIL Installation
      1. wget http://effbot.org/downloads/Imaging-1.1.6.tar.gz
      2. tar xvfz Imaging-1.1.6.tar.gz
      3. cd Imaging-1.1.6
      4. /your-preferred-directory/bin/python setup.py install
  3. Easy Install
      1. wget http://peak.telecommunity.com/dist/ez_setup.py
      2. /your-preferred-directory/bin/python ez_setup.py
  4. Ldap
      1. /your-python/easy_install python-ldap
  5. Oracle
      1. export ORACLE_HOME=/oracle-install-client-directory/
      2. /your-python/easy_install cx_oracle
  6. Sandbox
      1. /your-python/easy_install virtualenv
  7. Create the specific environment for your installation
      1. your-preferred-directory/bin/virtualenv /home/scienceportal/zope/env1 (this is the directory where zope and plone will be finally installed)
      2. cd /home/scienceportal/zope/env1/
      3. source bin/activate (this activates the sandbox)
  8. Zope + Plone
      1. download the portal from ARCHIVE/SciencePortal
      2. python/bootstrap.py
      3. Edit the buildout.cfg file with the information for your specific ARC, please read the instructions in the buildout file.
      4. rubn/buildout
      5. have a coffee....

Starting the portal in production mode

After running buildout, Zope will be installed and a new Plone site called 'portal' will be automatically created.

To run zope execute: bin/plonectl start

This command will start 3 processes zeoserver at port 8082 client1 at port 8080 client2 at port 8081

You can see the portal going to:

http://:8080/portal

or

http://:8081/portal

If you want to use the varnish cache proxy execute

bin/varnish-instance

Varnish uses the port 9080, so you will access to the portal going to http://:9080/portal

Example: http://webdev.sco.alma.cl:9080/portal (visible only using JAO VPN)

Debug mode

To run the portal in debug mode, you have to start zeoserver instance executing:

bin/zeoserver start

then, start one of the clients in foreground mode

ex: bin/client1 fg

Future changes

- There will be other changes mainly related to specific ARC configurations (logos, links, theme,mailhost, etc). All these changes are configured using plone profiles.

Currently, in the asa.policy product exists one profile called 'default', but it will be necessary to split this profile in three different ones.

The idea is to do this after we are clear about the new requirements coming from the science portal WG.

- Sellenium tests will be added

Cheers, Alvaro.

Observing Tool

Downloading the OT Tool via FTP

cd /home/almascience.nrao.edu/content/almaot/

ksharp@trinity:~$ ftp ftp.roe.ac.uk

Connected to spider.roe.ac.uk.

220 (vsFTPd 2.0.7)

Name (ftp.roe.ac.uk:ksharp): anonymous

331 Please specify the password.

Password: ksharp@nrao.edu

230 Login successful.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp> cd pub

250 Directory successfully changed.

ftp> cd ab

250 Directory successfully changed.

ftp> bin

200 Switching to Binary mode.

ftp> get

(remote-file) almaot-cycle0rc4-for-na.tgz

(local-file) almaot-rc4.tgz

local: almaot-rc4.tgz remote: almaot-cycle0rc4-for-na.tgz

200 PORT command successful. Consider using PASV.

150 Opening BINARY mode data connection for almaot-cycle0rc4-for-na.tgz (521897055 bytes).

226 File send OK.

521897055 bytes received in 51.06 secs (9980.9 kB/s)

ftp> quit

221 Goodbye.

Un-tar the OT tool in place.

Code-signing the application files

This procedure must be performed by Mike Hatz or Josh Malone

Summary from Josh:

In order to run in Java's "tusted" domain, the ALMA OT needs to be signed. Currently, the OT is signed with an untrusted (self-signed) certificate from the "ALMA OT Group" in order to get Java to allow it to run in the trusted domain. (Note: the trust of the certificate and the trust of the code are different.) When running the OT, users are presented with a security warning and must elect to trust the OT code publisher manually.

The NRAO (NA ARC) is in the process of purchasing a Java code-signing certificate from a well-known certificate vendor. This certificate will allow NRAO to sign the OT's Java "jar" files so that an end-user's Java runtime will not present any security warnings and will trust the OT code without requiring confirmation from the end-user. It is my belief that each ARC that distributes the OT will need its own signing certificate corresponding to server name that hosts the OT downloads (In other words, the NRAO cannot sign an OT for any other ARC).

Once we have obtained this signing certificate, it will be necessary for the OT releases to be send to NRAO Charlottesville CIS so that a trusted sysadmin can sign the code prior to it being placed on the server for distribution. In order to protect the security and integrity of the signing model, only a limited number of trusted admins should be granted access to the signing certificate.

Although this places an additional step in the process of releasing a version of the OT, the process will be streamlined as much as possibly to avoid release delays. There will be no technical limit to the number of releases we can sign with the certificate, nor to the frequency of releases.

Once we have received the certificate and tested the signing and release process, more technical details will be provided.

-- KellySharp - 2011-04-06
Topic revision: r2 - 2011-04-21, KellySharp
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding NRAO Public Wiki? Send feedback