Versions Compared

Old Version 21

changes.mady.by.user Markus Krogh

Saved on

compared with

New Version Current

changes.mady.by.user Markus Krogh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Configure NOCLook

Code Block
$ cd /var/opt/norduni/norduni/src/niweb/
$ cp dotenv .env
$ vi .env

...

Code Block
# To make it easier for yourself set DJANGO_SETTINGS_MODULE=niweb.settings.prod in your bashprofile/bashrc
$ cd /var/opt/norduni/norduni/src/niweb
$ python manage.py migrate
$ python manage.py collectstatic
$ python manage.py runserver
$ rm -r /tmp/django_cache

Create local superuser

Code Block
$ python manage.py createsuperuser

...

Code Block
$ sudo vi /etc/uwsgi/apps-available/noclook.ini
 
The following configuration should be a good start.
 
[uwsgi]
# Django-related settings
plugins = python
protocol = uwsgi
# the base directory (full path)
chdir           = /var/opt/norduni/norduni/src/niweb/
# Django's wsgi file
wsgi-file       = /var/opt/norduni/norduni/src/niweb/niweb/wsgi.py
env             = DJANGO_SETTINGS_MODULE=niweb.settings.prod
# the virtualenv (full path)
home            = /var/opt/norduni/norduni_environment
# logging
daemonize       = /var/log/uwsgi/app/noclook.log
# process-related settings
# master
master          = true
# maximum number of worker processes
processes       = 5
#threads        = 2
max-requests    = 5000
# the socket (use the full path to be safe
socket          = 127.0.0.1:8001
# clear environment on exit
vacuum          = true

Link the configuration in to the correct directory.

Code Block
$ sudo ln -s /etc/uwsgi/apps-available/noclook.ini /etc/uwsgi/apps-enabled/noclook.ini

Make temp dir and log dir writable by the uwsgi user (www-data on ubuntu)

Code Block
sudo chown -R ni:www-data /tmp/django_cache
sudo chmod -R g+w /tmp/django_cache
  
sudo chown -R ni:www-data /var/opt/norduni/norduni/src/niweb/logs/
sudo chmod -R g+w /var/opt/norduni/norduni/src/niweb/logs/

# for now we run uwsgi in lazy-apps, due to neo4j session problems
lazy-apps       = true
# less noisy uwsgi logs (especially with sentry)
ignore-sigpipe = true
ignore-write-errors = true
disable-write-exception = true

Link the configuration in to the correct directory.Finally restart uwsgi

Code Block
$ sudo ln service-s /etc/uwsgi restart

 

NGINX

Setup new dhparam file 2048 should suffice, but if you like you can go with 4096 instead:

Code Block
$ sudo openssl dhparam -out /etc/ssl/dhparams.pem 2048

Configure nginx.

/apps-available/noclook.ini /etc/uwsgi/apps-enabled/noclook.ini

Make temp dir and log dir writable by the uwsgi user (www-data on ubuntu)

Code Block
sudo chown -R ni:www-data /tmp/django_cache
sudo chmod -R g+rw /tmp/django_cache
  
sudo chown -R ni:www-data /var/opt/norduni/norduni/src/niweb/logs/
sudo chmod -R g+w /var/opt/norduni/norduni/src/niweb/logs/

Finally restart uwsgi

Code Block
$ sudo service uwsgi restart

 

NGINX

Setup new dhparam file 2048 should suffice, but if you like you can go with 4096 instead:

Code Block
$ sudo openssl dhparam -out /etc/ssl/dhparams.pem 2048

Configure nginx.

Code Block
$ sudo vi /etc/nginx/sites-available/default
 
# The following configuration should be a good start.
# Remember certificates or 
# sudo openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ni_nordu_net.key -out /etc/ssl/certs/ni_nordu_net.crt
 
upstream django {   
    server 127.0.0.1:8001; # for a web port socket
Code Block
$ sudo vi /etc/nginx/sites-available/default
 
# The following configuration should be a good start.
# Remember certificates or 
# sudo openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/ni_nordu_net.key -out /etc/ssl/certs/ni_nordu_net.crt
 
upstream django {   
    server 127.0.0.1:8001; # for a web port socket
}
 
server {
    listen         80;
    listen         [::]:80;
    server_name    ni.nordu.net;
    return         301 https://$server_name$request_uri;
}
 
server {
    listen 443         80;
    listen [::]:443 default ipv6only=on; ## listen for ipv6
  [::]:80;
  ssl on;
 server_name   ssl_certificate /etc/ssl/certs/ni_nordu_net.crtni.nordu.net;
    ssl_certificate_key /etc/ssl/private/ni_nordu_net.key;
 
return      #   301 https://cipherli.st$server_name$request_uri;
}
 
server {
    ssl_prefer_server_ciphers onlisten 443;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;listen [::]:443 default ipv6only=on; ## listen for ipv6
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" on;
    ssl_session_cache shared:SSL:10m;
    ssl_ecdh_curve secp384r1certificate /etc/ssl/certs/ni_nordu_net.crt;
    ssl_certificate_dhparamkey /etc/ssl/dhparams.pem/private/ni_nordu_net.key;
 
    
    server_name ni.nordu.net# https://cipherli.st
    ssl_prefer_server_ciphers on;
 
   ssl_protocols location /static/ {TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
   alias   ssl_session_cache shared:SSL:10m;
    ssl_ecdh_curve secp384r1;
    ssl_dhparam /varetc/opt/norduni/norduni/src/niweb/niweb/static/ssl/dhparams.pem;
     
   autoindex    on;server_name ni.nordu.net;
 
    location /static/ {
        alias         /var/opt/norduni/norduni/src/niweb/niweb/static/;
        autoindex    on;
        access_log   off;
        expires      30d;
    }
 
    location / {
        include     /etc/nginx/uwsgi_params;
        proxy_set_header   Host                 $host;
        proxy_set_header   X-Real-IP            $remote_addr;
        proxy_set_header   X-Forwarded-For      $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto    $scheme;
        proxy_redirect     off;
        uwsgi_pass  django;
    }  
}

...

  1. Stop neo4j service if running
  2. Remove data/databases/graph.db in 3.2 `sudo rm -r /var/lib/neo4j/data/databases/graph.db/`
  3. Enable data migration in neo4j.conf `dbms.allow_format_migration=true` (should probably be disabled after first migration is done)
  4. Import database from 2.x `sudo -u neo4j neo4j-admin import --mode=database --database=graph.db --from=/var/opt/neo4j-community-2.1.8/data/graph.db/``
  5. Set default admin `sudo -u neo4j neo4j-admin set-default-admin neo4j`
  6. Set password `sudo -u neo4j neo4j-admin set-initial-password your_awesome_password`
  7. Start neo4j service `sudo Start neo4j service `sudo service neo4j start`
    1.  you can follow along in `logs/neo4j.log`

...

Code Block
# In norduni directory as the NI user
$ sudo -u ni -i
$ cd norduni
$ git stash
$ git pull origin master
$ git stash apply
$# rmYou -r src/niweb/norduniclient
 
# Delete old might get conflict e.g. in urls.py
# Resolve it and run git reset
$ rm -r src/niweb/norduniclient
 
# Delete old virtualenv and create a new
$ cd ..
$ rm -r norduni_environment
$ virtualenv norduni_environment
$ . norduni_environment/bin/activate
$ pip instalinstall -U pip
$ pip install -U -r norduni/requirements/prod.txt
 
# update norduni/src/niweb/.env to If running python 2.7 also run
$ pip install -r norduni/requirements/py2.txt
 
# update norduni/src/niweb/.env to have:
	NEO4J_USERNAME=neo4j
    NEO4J_PASSWORD=your_awesome_password
    NEO4J_RESOURCE_URI=bolt://localhost:7687

Then you can restart uwsgi.

Troubleshooting

...


# If you have saml enabled you need to add the following to norduni/src/niweb/

...

apps/saml2auth/config.py
# Just beside the key_file and cert_file entries.
	'encryption_keypairs': [{
        'key_file': path.join(BASEDIR, 'sp-key.pem'),  # private part
        'cert_file': path.join(BASEDIR, 'sp-cert.pem'),  # public part
    }],
 
# finally run migrate and collect statics
$ python norduni/src/niweb/manage.py migrate --settings=niweb.settings.prod
$ python norduni/src/niweb/manage.py collectstatic --settings=niweb.settings.prod

Then you can restart uwsgi.

Code Block
$ rm -r /tmp/django_cache
$ sudo service uwsgi restart

 

Troubleshooting

If you run into problems you can use `python src/niweb/manage.py -h` to see if there are errors.

  • `AttributeError: 'NoneType' object has no attribute 'session'` is caused by wrong credentials (or missing configuration there of)
  • `ImportError: cannot import name contextmanager` or `ImportError: cannot import name IntegrityError` - you need to delete `src/niweb/norduniclient`
  • `ImportError: No module named django.core.exceptions` (
  • `AttributeError: 'NoneType' object has no attribute 'session'` is caused by wrong credentials (or missing configuration there of)
  • `ImportError: cannot import name contextmanager` or `ImportError: cannot import name IntegrityError` - you need to delete `src/niweb/norduniclient`
  • `ImportError: No module named django.core.exceptions` (you need to source your virtual environment)`ImportError: No module named neo4j.v1.exceptions` - Problems with virtualenv installed dependencies, delete your virtualenv and install again
  • `ImportError: No module named neo4j.v1.exceptions` - Problems with virtualenv installed dependencies, delete your virtualenv and install again
  • `neo4j.exceptions.AuthError: The client is unauthorized due to authentication failure.` - your password contains some characters that got mangled, e.g. # or @, remove 
  • `IOError: [Errno 13] Permission denied: '/tmp/django_cache/'` - the directory is probably owned by ni user, and not www-data, which uwsgi runs as. Remove the dir, and restart uwsgi