Versions Compared

Old Version 1

changes.mady.by.user Markus Krogh

Saved on

compared with

New Version Current

changes.mady.by.user Markus Krogh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This guide is written for Ubuntu 18.04 and python3.

NEO4J database

The official neo4j installation guide for version 3.x is the reference for this part.

...

Code Block
$ sudo service nginx restart

 

SAML SP

If you want to set up NOCLook as a SAML SP you need to install the following packages and Python modules.

Code Block
$ sudo apt-get install libffi-dev xmlsec1
$ sudo -u ni -i
$ sudo vim /var/opt/norduni/norduni/src/niweb/.env

# Add
SAML_ENABLED=true
# Set the login url to point to your IDP
LOGIN_URL=/saml2/login/?idp=https://idp.nordu.net/idp/shibboleth
# If you want to disable normal django login then add
DJANGO_LOGIN_DISABLED=true

...

You need to configure djangosaml2 to use local metadata, and you will have to add the meta-dataupdater to cron, preferably by creating a cron.d file as that runs it as the ni user. Once an hour is reasonable, once a day can be ok, once a week might be tiresome when a cert is rolled.

Upgrade from NI 3 to 3.3

There is not a lot that needs to be done when updating from 3 to 3.3, mostly you need to update your `.env` config. 

Follow the General Upgrade NI guide, only be aware that you should nuke your `urls.py`. 

Python2 if needed

Moving forward NI will be python 3 focused, but for now it should still work with python 2. One thing you need to do to have python2 support is install the requirements in `requirements/py2.txt` by running:

Code Block
$ sudo -u ni -i
# Activate virtual env
$ . norduni_environment/bin/activate
# Install python dependencies
$ pip install -r norduni/requirements/py2.txt

General Upgrade NI

Customising look and feel

It is now possible to change some of the NI styling.

In .env you can set the following:

Code Block
# Displayed where it would normally say NORDUnet (e.g. on the front page)
BRAND=NORDUnet


# Displayed just above the NOCLook text in the logo
LOGO_SUBTEXT=DEV
# Change the logo color
LOGO_COLOR='#e67528'


# Change link colors
LINK_COLOR='#e67528'
LINK_HOVER='#71360a'

Upgrade from NI 3 to 3.3

There is not a lot that needs to be done when updating from 3 to 3.3, mostly you need to update your `.env` config. 

After updating .env follow the General Upgrade NI guide, only be aware that you should nuke your `urls.py`. 

Python2 if needed

Moving forward NI will be python 3 focused, but for now it should still work with python 2. One thing you need to do to have python2 support is install the requirements in `requirements/py2.txt` by running:

Code Block
$ sudo -u ni -i
# Activate virtual env
Code Block
# In norduni directory as the NI user
$ sudo -u ni -i
$ cd norduni
$ git stash
$ git pull origin master
$ git stash pop
# You might get conflict e.g. in urls.py
# Resolve it and run git reset
$ rm -r src/niweb/norduniclient
 
# Delete old virtualenv and create a new
$ cd ..
$ rm -r norduni_environment
$ virtualenv norduni_environment
$ . norduni_environment/bin/activate
$# pipInstall install -U pippython dependencies
$ pip install -U -r norduni/requirements/prodpy2.txt
# If running python 2.7 also run
$ pip install -r norduni/requirements/py2.txt
 
# update norduni/src/niweb/.env to have:
	NEO4J_USERNAME=neo4j
    NEO4J_PASSWORD=your_awesome_password
    NEO4J_RESOURCE_URI=bolt://localhost:7687
# If you have saml enabled you need to add the following to norduni/src/niweb/apps/saml2auth/config.py
# Just beside the key_file and cert_file entries.
	'encryption_keypairs': [{
        'key_file': path.join(BASEDIR, 'sp-key.pem'),  # private part
        'cert_file': path.join(BASEDIR, 'sp-cert.pem'),  # public part
    }],
 
# finally run migrate and collect statics
$ python norduni/src/niweb/manage.py migrate --settings=niweb.settings.prod
$ python norduni/src/niweb/manage.py collectstatic --settings=niweb.settings.prod

Then you can restart uwsgi.

Code Block
$ rm -r /tmp/django_cache
$ sudo service uwsgi restart

 

Troubleshooting

If you run into problems you can use `python src/niweb/manage.py -h` to see if there are errors.

...

General Upgrade NI

Code Block
# In norduni directory as the NI user
$ sudo -u ni -i
$ cd norduni
$ git stash
$ git pull origin master
$ git stash pop
# You might get conflict e.g. in urls.py
# Resolve it and run git reset
$ rm -r src/niweb/norduniclient
 
# Delete old virtualenv and create a new
$ cd ..
$ rm -r norduni_environment
$ virtualenv norduni_environment
$ . norduni_environment/bin/activate
$ pip install -U pip
$ pip install -U -r norduni/requirements/prod.txt
# If running python 2.7 also run
$ pip install -r norduni/requirements/py2.txt
 
# update norduni/src/niweb/.env to have:
	NEO4J_USERNAME=neo4j
    NEO4J_PASSWORD=your_awesome_password
    NEO4J_RESOURCE_URI=bolt://localhost:7687
# If you have saml enabled you need to add the following to norduni/src/niweb/apps/saml2auth/config.py
# Just beside the key_file and cert_file entries.
	'encryption_keypairs': [{
        'key_file': path.join(BASEDIR, 'sp-key.pem'),  # private part
        'cert_file': path.join(BASEDIR, 'sp-cert.pem'),  # public part
    }],
 
# finally run migrate and collect statics
$ python norduni/src/niweb/manage.py migrate --settings=niweb.settings.prod
$ python norduni/src/niweb/manage.py collectstatic --settings=niweb.settings.prod

Then you can restart uwsgi.

Code Block
$ rm -r /tmp/django_cache
$ sudo service uwsgi restart

Troubleshooting

If you run into problems you can use `python src/niweb/manage.py -h` to see if there are errors.

  • `AttributeError: 'NoneType' object has no attribute 'session'` is caused by wrong credentials (or missing configuration there of)
  • `ImportError: cannot import name contextmanager` or `ImportError: cannot import name IntegrityError` - you need to delete `src/niweb/norduniclient`
  • `ImportError: No module named django.core.exceptions` (you need to source your virtual environment)
  • `ImportError: No module named neo4j.v1.exceptions` - Problems with virtualenv installed dependencies, delete your virtualenv and install again
  • `neo4j.exceptions.AuthError: The client is unauthorized due to authentication failure.` - your password contains some characters that got mangled, e.g. # or @, remove 
  • `IOError: [Errno 13] Permission denied: '/tmp/django_cache/'` - the directory is probably owned by ni user, and not www-data, which uwsgi runs as. Remove the dir, and restart uwsgi

Example configs

.env

Code Block
# Neo4j settings
NEO4J_RESOURCE_URI=bolt://localhost:7687
NEO4J_MAX_DATA_AGE=24
NEO4J_MAX_POOL_SIZE=50
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=<%= $neo4j_password %>

# Report settings
REPORTS_TO=<%= $reports_to %>
# Optional CC and BCC and EXTRA_REPORT_TO
REPORTS_CC=<%= $reports_cc %>
REPORTS_BCC=<%= $reports_bcc %>
EXTRA_REPORT_TO=<%= $extra_reports_to %>


SECURITY_REPORTS_TO=<%= $security_reports_to %>

# Database settings
DB_ENGINE=django.db.backends.postgresql_psycopg2
DB_NAME=norduni
DB_USER=ni
DB_PASSWORD=<%= $postgres_password %>
DB_HOST=localhost
DB_PORT=5432

# Cache settings
CACHE_BACKEND=django.core.cache.backends.filebased.FileBasedCache
CACHE_LOCATION=/tmp/django_cache

# General settings
ALLOWED_HOSTS=<%= $server_name %> <%= $allowed_hosts %> localhost


# If using sentry
SENTRY_DSN=<%= $sentry_dsn %>

DEFAULT_FROM_EMAIL=django@<%= $server_name %>
EMAIL_HOST=localhost
#EMAIL_HOST_PASSWORD=
#EMAIL_HOST_USER=
#EMAIL_PORT=

# Secret key
SECRET_KEY=<%= $secret_key %>

# Google apis key
GOOGLE_MAPS_API_KEY=<%= $google_api_key %>

# Login
# if $saml_enabled:
LOGIN_URL=/saml2/login/?idp=https://idp.nordu.net/idp/shibboleth
SAML_ENABLED=true


# if $django_login_disabled
DJANGO_LOGIN_DISABLED=true


# Branding
BRAND=SUNET
LOGO_SUBTEXT=SUNET
LOGO_COLOR='#e67528'
LINK_COLOR='#e67528'
LINK_HOVER='#71360a'

...