23/03/17

Permalink 04:07:11 pm, by mholmes, 28 words, 3 views   English (CA)
Categories: Servers, Activity log; Mins. worked: 60

Server down issue

Our MySQL server was down ("too many connections"); spent some time reporting, investigating, and fielding and responding to queries from users. In the end a restart fixed it.

20/03/17

Permalink 05:21:32 pm, by mholmes, 25 words, 5 views   English (CA)
Categories: Servers, R & D, Activity log, Activity log, Documentation, Documentation; Mins. worked: 30

eXist deployment: tested development branch

Tested a build of the dev branch with my script and deployment stuff locally; all good, and the bug with the java client is fixed.

14/03/17

Permalink 02:37:49 pm, by mholmes, 20 words, 6 views   English (CA)
Categories: Servers, Activity log, Documentation; Mins. worked: 60

eXist deployment: added some hardening

Added a new transform of webapp/WEB-INF/web.xml to hide the REST interface from the public. Tested and working.

08/03/17

Permalink 02:46:07 pm, by mholmes, 429 words, 6 views   English (CA)
Categories: Servers, R & D, Activity log, Documentation; Mins. worked: 240

Multiple eXists side-by-side on subdomains with apache

I've successfully configured my local machine for testing purposes so that eXists can be configured and run alongside each other, available individually on port 8080, and proxied through apache on port 80. The details of the eXist build and configuration are best discovered in my scripts in the repo, but the local configuration details are:

In /etc/hosts:

127.0.2.1	graves2-internal.hcmc.uvic.ca
127.0.3.1	mapoflondon6-internal.hcmc.uvic.ca
127.0.4.1	mariage6-internal.hcmc.uvic.ca

In /etc/apache2/sites-enabled/graves2.conf (one example for graves2, others analogous):

<VirtualHost 127.0.2.1:80>
	ServerAdmin webmaster@localhost
	ServerName graves2-internal.hcmc.uvic.ca
	ServerAlias graves2
	ProxyRequests Off
	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>
	ProxyPreserveHost on
	ProxyPass / http://graves2-internal.hcmc.uvic.ca:8080/ nocanon
        ProxyPassReverse / http://graves2-internal.hcmc.uvic.ca:8080
        AllowEncodedSlashes NoDecode
</VirtualHost>

<VirtualHost [YOUR_REAL_IP_ADDRESS]:80>
	ServerAdmin webmaster@localhost
	ServerName graves2-internal.hcmc.uvic.ca
	ServerAlias graves2
	ProxyRequests Off
	<Proxy *>
		Order deny,allow
		Allow from all
	</Proxy>
	ProxyPreserveHost on
	ProxyPass / http://graves2-internal.hcmc.uvic.ca:8080/ nocanon
        ProxyPassReverse / http://graves2-internal.hcmc.uvic.ca:8080
        AllowEncodedSlashes NoDecode
</VirtualHost>

<VirtualHost 127.0.2.1:443>
        ServerAdmin webmaster@localhost
        ServerName graves2-internal.hcmc.uvic.ca
        ServerAlias test
        SSLEngine on
        SSLCertificateFile /etc/ssl/certs/spud.crt
        SSLCertificateKeyFile /etc/ssl/private/spud.key
        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>
        ProxyPreserveHost on
        ProxyPass / http://graves2-internal.hcmc.uvic.ca:8080/ nocanon
        ProxyPassReverse / http://graves2-internal.hcmc.uvic.ca:8080
        AllowEncodedSlashes NoDecode
</VirtualHost>

The one with an external ip address is optional, but needed if you want external hosts to be able to access the apps (based on their own hosts file being configured to point these domains at your ip). The third stanza allows HTTPS access; in fact Apache provides encryption, using the specified cert, but when it talks to eXist, it does that over an insecure local connection. If you try to have Apache from eXist's 8443 encrypted port for this, you'll get an error because eXist doesn't have a cert set up. You can still use the full :8443 port to access eXist directly over an encrypted connection. In both cases when using https, your browser will complain about a self-signed cert, of course.

With this approach, I've had Mariage, MoEML and Graves all running side-by-side on my machine. I've also finished and commented the script to roll out new eXists on Peach, and I'm waiting for RE to look it over before we actually test it. eXist 3.1 is out today and I built the latest dist from that tag.

07/03/17

Permalink 04:44:52 pm, by mholmes, 310 words, 20 views   English (CA)
Categories: Servers, R & D, Activity log, Activity log, Documentation; Mins. worked: 180

Setting up and testing Jetty/Apache config for Peach

This has been a relatively long process to figure out how best to configure a Jetty/eXist instance to run happily alongside others, on a test domain, and how to test that setup. This is what I've done:

  • Install apache locally from the repos.
  • Install mod_jk from the repos.
  • Turn on SSL (sudo a2enmod ssl) and set up a self-signed cert (lots of docs on this available).
  • Set up test domains in the local hosts file:
    127.0.0.1	localhost
    127.0.1.1	spud
    127.0.2.1	test-internal.hcmc.uvic.ca
    127.0.3.1	moeml-internal.hcmc.uvic.ca
    
  • Set up virtual domains in Apache -- example sites-enabled/test.conf:
    <VirtualHost 127.0.2.1:80>
    	ServerAdmin webmaster@localhost
    	ServerName test-internal.hcmc.uvic.ca
    	ServerAlias test
    	ProxyRequests Off
    	<Proxy *>
    		Order deny,allow
    		Allow from all
    	</Proxy>
    	ProxyPreserveHost on
    	ProxyPass / http://test-internal.hcmc.uvic.ca:8080/ nocanon
            ProxyPassReverse / http://test-internal.hcmc.uvic.ca:8080
            AllowEncodedSlashes NoDecode
    </VirtualHost>
    
    <VirtualHost 127.0.2.1:443>
            ServerAdmin webmaster@localhost
            ServerName test-internal.hcmc.uvic.ca
            ServerAlias test
            SSLEngine on
            SSLCertificateFile /etc/ssl/certs/spud.crt
            SSLCertificateKeyFile /etc/ssl/private/spud.key
            ProxyRequests Off
            <Proxy *>
                    Order deny,allow
                    Allow from all
            </Proxy>
            ProxyPreserveHost on
            ProxyPass / http://test-internal.hcmc.uvic.ca:8080/ nocanon
            ProxyPassReverse / http://test-internal.hcmc.uvic.ca:8080
            AllowEncodedSlashes NoDecode
    </VirtualHost>
    
  • In these four files in the Jetty instance:
    tools/jetty/etc/jetty-http.xml
    tools/jetty/etc/jetty-ssl.xml
    tools/jetty/etc/standalone-jetty-http.xml
    tools/jetty/etc/standalone-jetty-ssl.xml
    
    change the <Set name="host"> to <Set name="host">test-internal.hcmc.uvic.ca</Set>. (I think only the first two matter for our purposes, but it does no harm to change the others.)
  • Start the Jetty instance, and restart apache. Access the jetty app on test-internal.hcmc.uvic.ca.

I still have to test this with a second Jetty running side-by-side on a different domain; I'll do that tomorrow.

06/03/17

Permalink 12:38:43 pm, by Greg, 164 words, 27 views   English (CA)
Categories: Documentation, Announcements; Mins. worked: 0

Nougat on tablet

CyanogenMod has been replaced by LineageOS, and there is an unofficial Nougat ROM available.
To install it, hold the power, volume up AND volume down buttons simultaneously until you see the Google boot logo, then release the buttons.
Once you see the little droid dude lying down with his guts open, use the power button to select Recovery Mode and boot the tablet in to TWRP.

Once in TWRP, plug it in to your computer. It should find the tablet and mount it. Copy the zip file containing the ROM to the root of the drive (labelled 'Internal Storage'). Also copy in any other stuff that you can/must flash (like GApps).

In TWRP, select 'Install' and choose the ROM zip file and use the slider to indicate that you're serious.
Once flashed, run the 'Clear Dalvik cache' and go 'up' and run the install again, this time on the GApps image.
You should be able to boot in to the new OS now.

28/02/17

Permalink 09:06:51 am, by mholmes, 406 words, 21 views   English (CA)
Categories: Servers, R & D, Activity log, Documentation; Mins. worked: 180

eXist: making one app the root application

After some experimentation and some help from DW on the eXist list, I've managed to figure out the following steps for making your single app (MoEML or whatever) available as the root thing on th Jetty server (i.e. localhost:8080 if you're running it locally), while maintaining access to the other bits and pieces if necessary (the Dashboard, eXide, Monex or whatever else you need. These are the steps:

  • In tools/jetty/webapps/exist-webapp-context.xml, find the element <set name="contextPath"> and make sure it looks like this:
    <Set name="contextPath">/</Set>
    i.e. not /exist. It may be that way already, or it may be /exist.
  • In tools/jetty/standalone-webapps/exist-webapp-context.xml (same filename, different place), make the same change if required.
  • In tools/jetty/webapps/portal/WEB-INF/jetty-web.xml, find the same element and set it to the same thing (again, it may already be correct).
  • In webapp/WEB-INF/controller-config.xml, find this:
    <root pattern=".*" path="/"/>
    Comment it out and replace it with two lines like this:
      <!--<root pattern=".*" path="/"/>-->
      <root pattern="/apps/moeml/apps" path="xmldb:exist:///db/apps/"/>
      <root pattern="/" path="xmldb:exist:///db/apps/moeml/"/>
    
    Where "moeml" is the name of your app. The second line makes the other apps (dashboard etc.) available using the "apps" subfolder of the root (which means you can't have anything in your app's controller that handles an "apps" subfolder).

Note that this was done with a fresh build of eXist 3.0 from the develop branch yesterday, with no use of the installer. We've learned to steer clear of the installer.

I've now built all this into a set of files, configure_exist.sh/xml/xsl. The first is a bash script which expects the path to the eXist instance, and (optionally) the name of the app to make the root. The second is an ant script which is run by bash using the ant which is inside the tools folder of the eXist instance; this parses out what it needs to know, and runs XSLT transforms using the Saxon version which is in the lib/endorsed folder. This means that you can run this deployment script even where neither ant nor Saxon are installed (such as Peach). It has a fragile dependency on the version numbers in filenames of ant and Saxon, but those are easy to update.

27/02/17

Permalink 04:37:38 pm, by mholmes, 100 words, 23 views   English (CA)
Categories: Servers, R & D, Activity log, Documentation; Mins. worked: 120

eXist, CodeSharing and deployment configuration

I've worked the CodeSharing feature into the MoEML XAR today, deciding on having the build process for the XAR just check it out from GitHub and put the bits in the right place, with the controller.xql handling the rest. So far so good; then I set up controller-config.xml so that the root path goes to the MoEML webapp, and the other apps we want are available from there. However, the "root" right now is /exist, not /, and I can't find a way to change that. After trying everything I could think of, I've written to the eXist list.

23/02/17

Permalink 04:05:37 pm, by mholmes, 65 words, 30 views   English (CA)
Categories: Servers, R & D, Activity log, Documentation; Mins. worked: 90

Building a template for eXist deployment

Created a script in svn/hcmc/exist which cleans the git tree completely, builds exist, signs the jars, creates a fairly minimal dist, and builds a test instance with one of our own xars, then starts it for testing. All that remains to be done is figure out how to change the jetty.xml file and any oother conf files to add the required placeholders.

21/02/17

Permalink 10:39:28 am, by Greg, 260 words, 71 views   English (CA)
Categories: Announcements; Mins. worked: 0

Linux desktop power user tip

If you want to change the icon of a specific folder/file for some reason, you need to edit the gvfs metadata that is stored in a binary file.
This can be done using built-in gvfs methods like the following:

To get the current, custom icon value
# gvfs-info -a metadata::custom-icon ~/Desktop/foo (file:///home/yournamehere/Desktop/foo also works)

To set a custom icon
# gvfs-set-attribute ~/Desktop/foo metadata::custom-icon file:///usr/share/icons/Humanity/places/48/folder-music.svg

To reset icon to stock
# gvfs-set-attribute ~/Desktop/foo -t unset metadata::custom-icon

Unlike .desktop files, you cannot refer to a canonical FreeDesktop-type icon. You must use an explicit path to the icon you want to use.
NOTE: in a .desktop file you can ref the icon like ICON=folder-open and you'll get the icon theme's icon for folder-open. This icon will change with the theme.

Show other editable attributes for a file
gvfs-info -w ~/Desktop/foo

Which will return something like this
Settable attributes:
standard::symlink-target (bytestring)
time::access (uint64, Keep with file when moved)
time::access-usec (uint32, Keep with file when moved)
time::modified (uint64, Copy with file, Keep with file when moved)
time::modified-usec (uint32, Copy with file, Keep with file when moved)
unix::gid (uint32, Keep with file when moved)
unix::mode (uint32, Copy with file, Keep with file when moved)
unix::uid (uint32, Keep with file when moved)
Writable attribute namespaces:
metadata (string, Copy with file, Keep with file when moved)
xattr (string, Copy with file, Keep with file when moved)
xattr-sys (string, Keep with file when moved)

:: Next Page >>

Maintenance

This blog is the location for all work involving software and hardware maintenance, updates, installs, etc., both routine and urgent, in the server room, the labs and the R&D rooms.

Reports

Categories

March 2017
Sun Mon Tue Wed Thu Fri Sat
 << <   > >>
      1 2 3 4
5 6 7 8 9 10 11
12 13 14 15 16 17 18
19 20 21 22 23 24 25
26 27 28 29 30 31

XML Feeds