SL7 Waklog

neilb/ / project, sl7upgrade

Having a look at apacheconf-waklog.h on DICE SL7. This is actually the first SL7 web server stuff I’ve looked at. So first of all I thought I should try getting a minimum SL7 apacheconf.h web server going.

I commandeered circlevm9, a vanilla SL7 server.h VM. And added

#include <dice/options/apacheconf.h>

After the profile pushed, and I ran updaterpms. om apacheconf start didn’t “just work”.

22/07/16 12:17:35: apache configuration has been modified
22/07/16 12:17:35: Syntax OK
22/07/16 12:17:35: Failed to reload httpd.service: Unit httpd.service is mas\
ked.
22/07/16 12:17:35: ** reload httpd: Fail

systemctl gave me a suggestion:


[circlevm9]root: systemctl status httpd
httpd.service
Loaded: masked (/etc/systemd/system/multi-user.target.wants httpd.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Warning: httpd.service changed on disk. Run 'systemctl daemon-reload' to reload units.

So I tried that:

[circlevm9]root: systemctl daemon-reload
[circlevm9]root: systemctl status httpd
httpd.service – The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: enabled)
Drop-In: /etc/systemd/system/httpd.service.d
└─waithttpd.conf
Active: inactive (dead)
Docs: man:httpd(8)
man:apachectl(8)

Now, after doing an ‘om apacheconf stop’, ‘om apacheconf start’ worked and left httpd process running with /var/www/html/ as the docroot, but with all access denied. I’m presuming a reboot would have had a similar affect.

I then added a simple vhost to open up access to /var/www/html/ so that I could dump stuff in their and convince myself the basics worked.

!apacheconf.vhosts               mADD(default)
apacheconf.vhostname_default     _default_
apacheconf.vhostdocroot_default  /var/www/html
apacheconf.vhostaccesslog_default   /var/lcfg/log/apacheconf.access
apacheconf.vhosterrorlog_default    /var/lcfg/log/apacheconf.error
!apacheconf.vhostverbatim_default   mADD(stuff)
apacheconf.vhostline_default_stuff  <Directory "<%apacheconf.vhostdocroot_default%>">¶\
  Options Indexes FollowSymLinks¶\
  Require all granted¶\
</Directory>

With that done, I was able to drop files into /var/www/html/ and they would be served. Equally I added some symlinks to other bits of the file system, and they were followed unless file permissions said otherwise. So a symlink to /afs/inf.ed.ac.uk/ showed the contents of publicly accessible stuff, but all other access was denied by ACLs.

So now I know if I add apacheconf-waklog.h and get it working, if they symlinks to AFS show more content, then httpd will have obtained the necessary AFS PTS tokens.

Neil

OpenAFS server

neilb/ / project, sl7upgrade

The work on the OpenAFS server for SL7 has been a tricky one, and still not fully resolved.

As a bit of background, in SL6 the single component, openafs, did both AFS client and server configuration for a host. With the switch to SL7, the MPU kindly decided to do the work for the AFS client on SL7 (and systemd), but this meant splitting the client side into a new component openafs_client, and some corresponding header files.

When starting work on the server side, I did consider (and indeed started) a new openafs_server component. However, I then decided this was going to lead to a lot of work changing the majority of existing headers and resources to the new named component, so after some discussion with Stephen, decided to make the existing openafs component “server only” for SL7 onwards.

This too has lead to some problems as both SL6 and SL7 machines included the openafs.h headers, but they have different meanings on the different platforms.

Fortunately most of the openafs.h headers just concern themselves with installing the actual openafs RPMs on the system. So some #ifdef guards for SL6 or 7 now make sure the right bits of -client or -server are further included, depending on what is needed for the machine.

There are still problems, such as the lcfg-openafs-client RPM depends on the lcfg-openafs RPM, the shared template file should be split. Also there is a common /etc/sysconfig/openafs file between client and server, both using template toolkit to maintain its content. This also needs to be split so that the client and server use different files. For the moment, we just state that for SL7 a server cannot also be a client. Which also means I need to make sure the localhome stuff works on SL7 servers.

Cosign and cron

neilb/ / edweb, project

Having got EdWeb working with EASE, I went back and tried it against our weblogin CoSign service, and that too works. My initial problems were probably the openldap issue that EASE had.

I’ve still not got a clear way to access a site as “admin” once EASE/Cosign is enabled, other than temporarily disabling the UoE LDAP and EASE modules, and reverting to the old way.

I’m looking at an “admin” site that uses basic auth, so I can sign in as “admin”, and though that has a slight success, it then fails with what looks like a failure to find “admin” in the LDAP and then extract an email address, and role information for him. I’m not sure if that should be considered a bug or not.

Also had a look at cron, has Kenny was having problems with the new scheduling on our test 1.10. A mail to UWS Tech suggests that using the wget and cron key is the way to do it, rather than using drush (which I’d been experimenting with).

 

EdWeb 1.10 and EASE

neilb/ / edweb, project

EdWeb 1.10

There have been a couple of updates since we last updated web.inf to 1.7, but each one has had issues which stopped us (and Maths) from upgrading.

http://dist.drupal.is.ed.ac.uk/project/uoe_distribution

But Mairi and co. have been very helpful in trying to solve the problems, and it now looks like we’re just about there, with the future 1.10 release addressing the problems, and including a Drupal security update.

The 1.10 will mean that our only local patch will be for the local search. I’ve created a new version of the patch, as the page template has changed, and though it does work, it’s introduced some extra white space I’m not happy about. However, Kenny’s happy to just apply that as it is for now, rather than delay 1.10 (when it appears).

EASE

I’ve also been looking at this again, and have made some progress. webtest.inf is now EASE authenticated, and after some problems with ldap binding to the IS server, it now seems to work for users who already have a local EdWeb account on the site (ie me).

https://www.wiki.ed.ac.uk/display/CSEDR/EdWeb+installation+hints

However it isn’t working for people who don’t have a local account, it is supposed to be created on the fly, but I’m getting error messages. Looking at those will be my next action. David McKain has given me some hopefully useful debugging options for LDAP in case LDAP is the issue:

(1) drush vset -y ldap_help_watchdog_detail 1

should turn logging on

(2) drush vdel -y ldap_help_watchdog_detail

should turn it off again

The log messages go into the Drupal watchdog table, aka the 'recent log messages'
report. You can view these either within the GUI, or using drush commands. Do
'drush help | grep watchdog' to see the drush commands.

I’m sure I’ve been here before

neilb/ / test

Just checking that iFriend me can post to my blog.

As a “contributer” I can create new posts, but not actually publish them.

 

var gaJsHost = ((“https:” == document.location.protocol) ? “https://ssl.” : “http://www.”);
document.write(unescape(“%3Cscript src='” + gaJsHost + “google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E”));

try {
// Informatics Tracker
var pageTracker = _gat._getTracker(“UA-220125-3”);
pageTracker._initData();
pageTracker._trackPageview();
// ed.ac.uk Tracker
var pageTracker_ed = _gat._getTracker(“UA-3415584-4”);
pageTracker_ed._setDomainName(“.ed.ac.uk”);
pageTracker_ed._setAllowHash(false);
pageTracker_ed._trackPageview();
} catch(err) {}

EdWeb 1.7

neilb/ / edweb

Last week EdWeb distro 1.7 was released. This week I tried installing it on webtest.inf, first as a fresh install (which gave and error) and secondly updating a clone of web.inf, which worked fine.

The failure, when doing a fresh install, was the same problem Craig had last week, this was my chance to see it for myself. The problem turned out to be a new test to make sure that the PHP variable max_exectution_time was suitably large, but using drush from the command line to install, then that var is set to “0” indicating unlimited.

I submitted the issue and patch via http://dist.drupal.is.ed.ac.uk/node/446 which will be incorporated into the next release. I tested the fix on their updated dev version.

The plan is to update web.inf.ed.ac.uk on Tuesday morning.

Kenny’s been asking again about EASE and restricted pages. I must have a look at that soon.

Unicode

neilb/ / Uncategorized

Really just so I remember what works for me. There are plenty of pages Google will find you, and mostly their suggestions work ie

CTRL-SHIFT-u <followed by hex code of the char you want and RETURN>

For most X applications, eg pidgin, browsers, etc that works, but not emacs or the command line.

For emacs CTRL-X 8 RETURN <then hex code> RETURN

 

EdWeb 1.6 update and banner

neilb/ / edweb

The first attempt to update a fresh copy of web.inf running on webtest.inf, didn’t work. And I got a strange PHP error. It looked like some issue with our content in the DB. A call was logged, but in the mean time they suggested it was our local theme. I doubted it, but I did try an update of webtest.inf with the web.inf data, but without our theme installed and one of the default edweb themes. Much to my chagrin, it did update. For completeness I took another fresh copy of web.inf, this time with our local theme still in use, and that too worked!

Since then I’ve tried several more times to get the update from 1.5 to 1.6 of the distro to fail, but it has not. I’ve let the web support people know via the unidesk ticket.

Hide Banner RFC

Stratos informed me that the next release of EdWeb will contain the ability to hide the banner image on certain pages. It will be configurable to hide on single pages, or complete (sub-)sites. And will be available to people with the CMS Operative role. This sounds ideal, and an improvement over my simple solution. This should mean our RFC for this can be shelved. Hopefully this change will be on central by the end of the year, and in the distro early next year.

 Change the way we apply our local theme

While testing the upgrade from 1.5 to 1.6, I tripped over the problem that you can’t edit and save the homepage content type, without picking an explicit colour theme. Unfortunately this then overrides our site wide local search and hidden banner theme. So the banner and Ed.ac.uk wide search re-appears. I’ve not found a way for our theme to trump the homepage selected theme, so I’ll probably have to look at not using a theme to override things, but just patch the EdWeb distro directly. A simple hack of replacing the shipped page.tpl.php, does indeed replace the the template, but things like:

 if( !theme_get_setting('uoe_localsearch_hidebanner')) {

Don’t read the local theme setting, so presumably they’ll all have to be patched into the shipped theme. More experimenting is required.

Neil

EdWeb update to 1.6

neilb/ / edweb

On Tuesday afternoon, and update to the EdWeb distro was released – 1.6. http://dist.drupal.is.ed.ac.uk/project/uoe_distribution, and the following day the site started warning us that there was an update available. So far, so good.

The following day I updated webtest.inf with a fresh copy of the live web.inf site, and did a diff of the code. It seemed mostly the latest updates to drupal core that we were missing, plus some other EdWeb changes, but it didn’t look like new functionality, and the release notes didn’t mention anything.

When I tried the recommended upgrade procedure using drush it seemed to go smoothly, more smoothly that previous updates, but the site is now broken, and all pages reporting the error:

Fatal error: Class name must be a valid object or a string in /disk/data/edweb/includes/common.inc on line 7998

More worrying, it also reports the same when doing drush commands, even drush status. I don’t really know what to do, so I’ve reported the problem to website.support@ed (UniDeskI151120-0697)  and given then copies of the site and DB before and after the update.

I suspect it is a problem with some content we have, rather than our local theme, as happened once before in the early days. Some simple debugging shows

$type_info = entity_get_info($entity_type);

Is returning an undefined value for something called “rules_config”, which seems to be a module used in the distro. My hope is that someone who knows will spot a problem with our DB, and give us some SQL to fix it.

In the meantime I’m going to revert webtest.inf back to the live web.inf, remove our local theme, and try the update again to see if that makes any difference.

Neil