...
This guide is written for Ubuntu 18.04 and python3.
NEO4J database
The official neo4j installation guide for version 3.x is the reference for this part.
...
Code Block |
---|
$ sudo service nginx restart |
SAML SP
If you want to set up NOCLook as a SAML SP you need to install the following packages and Python modules.
Code Block |
---|
$ sudo apt-get install libffi-dev xmlsec1 $ sudo -u ni -i $ sudo vim /var/opt/norduni/norduni/src/niweb/.env # Add SAML_ENABLED=true # Set the login url to point to your IDP LOGIN_URL=/saml2/login/?idp=https://idp.nordu.net/idp/shibboleth # If you want to disable normal django login then add DJANGO_LOGIN_DISABLED=true |
...
You need to configure djangosaml2 to use local metadata, and you will have to add the meta-dataupdater to cron, preferably by creating a cron.d file as that runs it as the ni user. Once an hour is reasonable, once a day can be ok, once a week might be tiresome when a cert is rolled.
Upgrade from NI 3 to 3.3
There is not a lot that needs to be done when updating from 3 to 3.3, mostly you need to update your `.env` config.
Follow the General Upgrade NI guide, only be aware that you should nuke your `urls.py`.
Python2 if needed
Moving forward NI will be python 3 focused, but for now it should still work with python 2. One thing you need to do to have python2 support is install the requirements in `requirements/py2.txt` by running:
Code Block |
---|
$ sudo -u ni -i
# Activate virtual env
$ . norduni_environment/bin/activate
# Install python dependencies
$ pip install -r norduni/requirements/py2.txt |
General Upgrade NI
Customising look and feel
It is now possible to change some of the NI styling.
In .env you can set the following:
Code Block |
---|
# Displayed where it would normally say NORDUnet (e.g. on the front page)
BRAND=NORDUnet
# Displayed just above the NOCLook text in the logo
LOGO_SUBTEXT=DEV
# Change the logo color
LOGO_COLOR='#e67528'
# Change link colors
LINK_COLOR='#e67528'
LINK_HOVER='#71360a' |
Upgrade from NI 3 to 3.3
There is not a lot that needs to be done when updating from 3 to 3.3, mostly you need to update your `.env` config.
After updating .env follow the General Upgrade NI guide, only be aware that you should nuke your `urls.py`.
Python2 if needed
Moving forward NI will be python 3 focused, but for now it should still work with python 2. One thing you need to do to have python2 support is install the requirements in `requirements/py2.txt` by running:
Code Block |
---|
$ sudo -u ni -i
# Activate virtual env |
Code Block |
# In norduni directory as the NI user $ sudo -u ni -i $ cd norduni $ git stash $ git pull origin master $ git stash pop # You might get conflict e.g. in urls.py # Resolve it and run git reset $ rm -r src/niweb/norduniclient # Delete old virtualenv and create a new $ cd .. $ rm -r norduni_environment $ virtualenv norduni_environment $ . norduni_environment/bin/activate $# pipInstall install -U pippython dependencies $ pip install -U -r norduni/requirements/prodpy2.txt # If running python 2.7 also run $ pip install -r norduni/requirements/py2.txt # update norduni/src/niweb/.env to have: NEO4J_USERNAME=neo4j NEO4J_PASSWORD=your_awesome_password NEO4J_RESOURCE_URI=bolt://localhost:7687 # If you have saml enabled you need to add the following to norduni/src/niweb/apps/saml2auth/config.py # Just beside the key_file and cert_file entries. 'encryption_keypairs': [{ 'key_file': path.join(BASEDIR, 'sp-key.pem'), # private part 'cert_file': path.join(BASEDIR, 'sp-cert.pem'), # public part }], # finally run migrate and collect statics $ python norduni/src/niweb/manage.py migrate --settings=niweb.settings.prod $ python norduni/src/niweb/manage.py collectstatic --settings=niweb.settings.prod |
Then you can restart uwsgi.
Code Block |
---|
$ rm -r /tmp/django_cache
$ sudo service uwsgi restart |
Troubleshooting
If you run into problems you can use `python src/niweb/manage.py -h` to see if there are errors.
...
|
General Upgrade NI
Code Block |
---|
# In norduni directory as the NI user
$ sudo -u ni -i
$ cd norduni
$ git stash
$ git pull origin master
$ git stash pop
# You might get conflict e.g. in urls.py
# Resolve it and run git reset
$ rm -r src/niweb/norduniclient
# Delete old virtualenv and create a new
$ cd ..
$ rm -r norduni_environment
$ virtualenv norduni_environment
$ . norduni_environment/bin/activate
$ pip install -U pip
$ pip install -U -r norduni/requirements/prod.txt
# If running python 2.7 also run
$ pip install -r norduni/requirements/py2.txt
# update norduni/src/niweb/.env to have:
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=your_awesome_password
NEO4J_RESOURCE_URI=bolt://localhost:7687
# If you have saml enabled you need to add the following to norduni/src/niweb/apps/saml2auth/config.py
# Just beside the key_file and cert_file entries.
'encryption_keypairs': [{
'key_file': path.join(BASEDIR, 'sp-key.pem'), # private part
'cert_file': path.join(BASEDIR, 'sp-cert.pem'), # public part
}],
# finally run migrate and collect statics
$ python norduni/src/niweb/manage.py migrate --settings=niweb.settings.prod
$ python norduni/src/niweb/manage.py collectstatic --settings=niweb.settings.prod |
Then you can restart uwsgi.
Code Block |
---|
$ rm -r /tmp/django_cache
$ sudo service uwsgi restart |
Troubleshooting
If you run into problems you can use `python src/niweb/manage.py -h` to see if there are errors.
- `AttributeError: 'NoneType' object has no attribute 'session'` is caused by wrong credentials (or missing configuration there of)
- `ImportError: cannot import name contextmanager` or `ImportError: cannot import name IntegrityError` - you need to delete `src/niweb/norduniclient`
- `ImportError: No module named django.core.exceptions` (you need to source your virtual environment)
- `ImportError: No module named neo4j.v1.exceptions` - Problems with virtualenv installed dependencies, delete your virtualenv and install again
- `neo4j.exceptions.AuthError: The client is unauthorized due to authentication failure.` - your password contains some characters that got mangled, e.g. # or @, remove
- `IOError: [Errno 13] Permission denied: '/tmp/django_cache/'` - the directory is probably owned by ni user, and not www-data, which uwsgi runs as. Remove the dir, and restart uwsgi
Example configs
.env
Code Block |
---|
# Neo4j settings
NEO4J_RESOURCE_URI=bolt://localhost:7687
NEO4J_MAX_DATA_AGE=24
NEO4J_MAX_POOL_SIZE=50
NEO4J_USERNAME=neo4j
NEO4J_PASSWORD=<%= $neo4j_password %>
# Report settings
REPORTS_TO=<%= $reports_to %>
# Optional CC and BCC and EXTRA_REPORT_TO
REPORTS_CC=<%= $reports_cc %>
REPORTS_BCC=<%= $reports_bcc %>
EXTRA_REPORT_TO=<%= $extra_reports_to %>
SECURITY_REPORTS_TO=<%= $security_reports_to %>
# Database settings
DB_ENGINE=django.db.backends.postgresql_psycopg2
DB_NAME=norduni
DB_USER=ni
DB_PASSWORD=<%= $postgres_password %>
DB_HOST=localhost
DB_PORT=5432
# Cache settings
CACHE_BACKEND=django.core.cache.backends.filebased.FileBasedCache
CACHE_LOCATION=/tmp/django_cache
# General settings
ALLOWED_HOSTS=<%= $server_name %> <%= $allowed_hosts %> localhost
# If using sentry
SENTRY_DSN=<%= $sentry_dsn %>
DEFAULT_FROM_EMAIL=django@<%= $server_name %>
EMAIL_HOST=localhost
#EMAIL_HOST_PASSWORD=
#EMAIL_HOST_USER=
#EMAIL_PORT=
# Secret key
SECRET_KEY=<%= $secret_key %>
# Google apis key
GOOGLE_MAPS_API_KEY=<%= $google_api_key %>
# Login
# if $saml_enabled:
LOGIN_URL=/saml2/login/?idp=https://idp.nordu.net/idp/shibboleth
SAML_ENABLED=true
# if $django_login_disabled
DJANGO_LOGIN_DISABLED=true
# Branding
BRAND=SUNET
LOGO_SUBTEXT=SUNET
LOGO_COLOR='#e67528'
LINK_COLOR='#e67528'
LINK_HOVER='#71360a' |
...