Versions Compared

Old Version 20

changes.mady.by.user Daniela Bourges-Waldegg

Saved on

compared with

New Version 21

changes.mady.by.user Daniela Bourges-Waldegg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
JAVA_OPTS="-XX:PermSize=64M \-XX:MaxPermSize=256M \-Xmx1024m"

Add the following two system properties to file conf/catalina.properties under the CATALINA_HOME directory -- the same directory where you'll find server.xml. The value for both of these properties is the absolute path of the repository home directory. In this example, it is /opt/eaglei/repo:

...

Code Block
....(ONLY DO THIS when ALREADY running Apache Derby\!) 
export DERBY_HOME=my-derby-installation-toplevel 

...

Code Block
....(ONLY DO THIS when ALREADY running Apache Derby\!)
setenv DERBY_HOME my-derby-installation-toplevel 

...

Code Block
...service invocation examples:

2011-01-27 14:28:06,483 T=http-8443-1 DEBUG org.eaglei.repository.servlet.RepositoryServlet - ============== Ending Request /repository/update (2,159 mSec elapsed)

2011-01-27 14:27:58,023 T=http-8443-1 DEBUG org.eaglei.repository.servlet.RepositoryServlet - ============== Ending Request /repository/workflow/push (1,763 mSec elapsed)

... (internal query example\:)

2011-04-15 14:13:28,383 T=http-8443-1 DEBUG org.eaglei.repository.util.SPARQL - SPARQL Query executed by org.eaglei.repository.model.User:findAll at line 227 in elapsed time (mSec) 15

...

Given a dump created in e.g. ${DUMPDIR}, to restore this dump on a newly-created, empty, repository, use these commands: (where ${REPOSITORY} is URL prefix of the repo)

Code Block
curl \-D - \-s \-S \-u ADMIN:PASSWORD \-F type=user \-F format=application/x-trig \
\-F content=@${DUMPDIR}/users.trig \-F duplicate=replace \
\-F transform=no ${REPOSITORY}/repository/import
Code Block
curl \-s \-S \-D - \-u ADMIN:PASSWORD \-F action=replace \-F all= \
\-F "content=@${DUMPDIR}/resources.trig;type=application/x-trig" \
${REPOSITORY}/repository/graph

...

Code Block
make-snapshot.sh ADMIN PASSWORD [https://localhost:8443] "daily_cron_`date \+%u`"

move-everything.sh: Copying Everything Between Repositories or Files

...

Code Block
Usage: move-everything.sh [\--version|--version] \[ \-f \| \--force \] \
[\-exclude-users user,user,..|-exclude-users user,user,..] [-nousers]
from-username from-password from-repo-URL \
to-username to-password to-repo-URL

...

Code Block
Usage: move-everything.sh [\--version|--version] \[ \-f \| \--force \] \
[\-exclude-users user,user,..|-exclude-users user,user,..] [-nousers]
\--from-snapshot directory \--from-prefix from-prefix \
to-username to-password to-repo-URL

...

Code Block
make-snapshot bigbird PASSWORD [https://harvard.eagle-i.net] \
harvard.monday


move-everything.sh \-f \
\--from-snapshot harvard.monday \
\--from-prefix [http://harvard.eagle-i.net/i/] \
bigbird PASSWORD [https://localhost:8443]

...

Code Block
Usage: move-resources [-verbose] [-replace]
[\--type published|workspace]{ --file source-file --prefix uri-prefix | --source source-repo-url 
	--user login:password --graph src-graph-URI }
dest-repo-url dest-login:dest-password dest-graph-URI



(options may be abbreviated to first letter, e.g. \-f)

By default it adds data to the destination graph, --replace changes that to replacing the entire graph.

...

Here is an example command, it copies from the Published graph on qa.harvard to an "Experimental" graph on the local repo (on https://localhost:8443)

Code Block
move-resources \-s [https://qa.harvard.eagle-i.net:8443] \-u bert:ernie \
\-g [http://eagle-i.org/ont/repo/1.0/NG_Published] [https://localhost:8443] \
root:password [http://eagle-i.org/ont/repo/1.0/NG_Experimental]



Moved 4694 data statements and 322 metadata statements.

...

  1. Shut down tomcat. This is major surgery, and tomcats don't like to be vivisected no matter how much more satisfying you may find it.
  2. Disable Java Security -- alternately, you could try to configure all the authorization grants to give the repository webapp access to the filesystem and property resources it needs, but I found it much easier to just disable java security. DO NOT RUN THE TOMCAT PROCESS AS ROOT if you do this, but you should not be running it as root in any case. That's just insane.
    1. Edit the file /etc/init.d/tomcat6 and change the following variable to look like this:
      Code Block
      TOMCAT6_SECURITY=no
  3. Install Derby jars: ONLY IF DERBY IS NOT ALREADY INSTALLED IN THE COMMON AREA OF YOUR TOMCAT. If another webapp is already using Derby, they should share that version.
    1. Find the Derby jars in the lib/ subdirectory under where you installed the create-user.sh script.
    2. Copy them to the Tomcat common library directory:
      Code Block
      cp ${REPO-ZIP-DIR}/lib/derby\* /usr/share/tomcat6/lib/
  4. Install the webapp: First, get rid of any existing root webapp, then copy in the webapp (ROOT.war file from your installation kit) and be sure it is readable by the tomcat6 user:
    Code Block
    rm /var/lib/tomcat6/webapps/ROOT*cp ROOT.war /var/lib/tomcat6/webapps/ROOT.war
  5. Install cached webapp context: This is VERY IMPORTANT, and the Tomcat docs does not even mention it, but without it your server will be mysteriously broken. The file /etc/tomcat6/Catalina/localhost/ROOT.xml must be a copy of your app's context.xml. Redo this command after installing every new ROOT.war:
    Code Block
    mkdir \-p /etc/tomcat6/Catalina/localhost
unzip \-p /var/lib/tomcat6/webapps/ROOT.war META-INF/context.xml > /etc/tomcat6/Catalina/localhost/ROOT.xml
  6. Add System Properties: Be sure you have added system properties to the file /etc/tomcat6/catalina.properties e.g.
    Code Block
    org.eaglei.repository.home = /opt/eaglei/repoderby.system.home = /opt/eaglei/repo
    ...of course, the value of these properties will be your Repository Home Directory path.
  7. Start up Tomcat:
    Code Block
    sudo /etc/init.d/tomcat6 start
  8. Troubleshooting: If there are problems, check the following places for logs (because packaged apps make everything so much easier):
    • /var/log/daemon.log - really dire tomcat problems and stdout/stderr go to syslog
    • /var/log/tomcat6/* - normal catalina logging
    • ${REPOSITORY_HOME}/logs/repository.log - default repo log file in release 1.1; under 1.0 the filename was default.log.

...

  1. Discover your machine's primary IP address and set the ADDR shell variable: (Note that this assumes eth0 is your primary network interface --use ifconfig -a to see them all)
    Code Block
    ADDR=`ifconfig eth0 \| perl \-ne 'print "$1\n" if m/\sinet addr\:(\d+\.\d+\.\d+\.\d+)\s/;'`
  2. Run these iptables commands to redirect all port 80 requests to port 8080.
    Code Block
    iptables \-t nat \-A OUTPUT \-d localhost \-p tcp \--dport 80 \-j REDIRECT \--to-ports 8080
iptables \-t nat \-A OUTPUT \-d $ADDR \-p tcp \--dport 80 \-j REDIRECT \--to-ports 8080
iptables \-t nat \-A PREROUTING \-d $ADDR \-p tcp \--dport 80 \-j REDIRECT \--to-ports 8080
  3. (If using SSL) Run these iptables commands to redirect all port 443 requests to port 8443.
    Code Block
    iptables \-t nat \-A OUTPUT \-d localhost \-p tcp \--dport 443 \-j REDIRECT \--to-ports 8443
iptables \-t nat \-A OUTPUT \-d $ADDR \-p tcp \--dport 443 \-j REDIRECT \--to-ports 8443
iptables \-t nat \-A PREROUTING \-d $ADDR \-p tcp \--dport 443 \-j REDIRECT \--to-ports 8443
  4. Save the rules in the canonical place to be reloaded on boot:
    Code Block
    iptables-save > /etc/iptables.rules
  5. Create a script to be run by the network startup infrastructure that will reload the iptables whenever the network is configured on:
    Code Block
    cat << EOF > /etc/network/if-pre-up.d/iptablesload
\#\!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0
EOF
  6. Test by accessing your server both locally and remotely by the port-80 URL. Then reboot the machine and try it again to be sure the iptables commands are run correctly on boot.

...

  1. Run this iptables command to redirect all port 80 requests to port 8080.
    Code Block
    /sbin/iptables \-t nat \-I PREROUTING \-p tcp \--dport 80 \-j REDIRECT \--to-port 8080
  2. Save the rules in the canonical place to be reloaded on boot:
    Code Block
    /sbin/iptables-save
  3. Update the startup settings so iptables will run upon reboot:
    Code Block
    chkconfig \--level 35 iptables on
  4. Test by accessing your server both locally and remotely by the port-80 URL. Then reboot the machine and try it again to be sure the iptables commands are run correctly on boot.

...

Typical command to make a backup, in TriG format to a file, e.g. all-dump.trig (here highlighted in yellow) from a server running locally on port 80. In practice, you'll probably need to change all the highlighted parts, such as the username:password login credentials, and the hostname in the target URL if not running locally.

Code Block
curl \-G \-X GET \-s \-S \-u username:password \-o all-dump.trig \-d all \
\--write-out 'status=%{http_code}, %{time_total}sec\n' \
\-d format=application/x-trig [https://localhost:8443/repository/graph]

...

Warning
titleWARNING

this replaces the entire contents of the repository!

Code Block
curl \-s \-S \-u username:password \-F action=replace \-F all= \
\--write-out 'status=%{http_code}, %{time_total}sec\n' \
\-F 'content=@all-dump.trig;type=application/x-trig' [https://localhost:8443/repository/graph]

...

Now run a command like this to export the accounts into the file all-users.trig

Code Block
curl \-s \-S \-u username:password \-G \-d type=user \-d format=application/x-trig \
\--write-out 'status=%{http_code}\n' \
\-o all-users.trig [https://hostname:8443/repository/export]

Note that you have to change the hostname and possibly the login. If there are accounts you do not want in the export, add an exclude argument to filter them out, with a space-separated list, e.g.

Code Block
.... \-d 'exclude=frankenstein moreau lizardo' ....

...

You can start with a newly-created repository which needs to have user accounts added. It only has the initial administrator login, e.g. bigbird. Use the import service to add users from the file you created in step 0. The following command adds all of the accounts except bigbird (since it already exists), and aborts without changing anything if there are already duplicates of any of the users on the destination repo. It will print "status=200" on success.

Code Block
curl \-s \-S \-u username:password \-F type=user \-F format=application/x-trig \
\-F transform=yes \--write-out 'status=%{http_code}\n' \
\-F exclude=bigbird \
\-F content=@all-users.trig [https://hostname:8443/repository/import]

...

The easiest way to test the existence and details of a user is with the /whoami service. It does not show roles, however, you'll have to go to the repository administrative UI for that (or take it on faith). For example, after restoring users including curator, this is how you'd check that curator exists:

Code Block
curl \-s \-S \-u curator:password \-G \-d format=text/plain [https://hostname:8443/repository/whoami]

...

To export property grants, plug those URIs into the following command (you need to replace italicized words):

Code Block
curl \-G \-k \-u ADMIN:PASSWORD \-d type=grant \-d "include=HIDE,CONTACT" \
\-d format=application/x-trig [https://localhost:8443/repository/export]

This writes a record of grants to the standard output. Since the URIs are the same between other repositories running the same data model, you should be able to import them with the command (shows standard input in the example):

code
Code Block
curl \-k \-u ADMIN:PASSWORD \-F type=grant \
-F duplicate=abort \-F transform=no \-F content=@- \
\-F format=application/x-trig [https://localhost:8443/repository/import]
Code Block
Code Block
Code Block