Versions Compared

Old Version 55

changes.mady.by.user Tim Donohue

Saved on

compared with

New Version 56

changes.mady.by.user Tim Donohue

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update URLs to all be demo6.dspace.org

...

Info

This page contains information about how demo6.dspace.org server is setup/configured. This demodemo6.dspace.org server is managed jointly by the DSpace Committer Team. Any Committer can request server access.

If major issues occur or something needs to be installed requiring root access, contact Tim Donohue

...

Here's an overview of how everything is setup on the 'demodemo6.dspace.org' server:

Base Software

...

Contact Tim Donohue if you need any of these tasks performed.

Getting SSH access to

...

demo6.dspace.org

This is how you provide a DSpace Committer with command-line access to this server.

  1. Have Committer generate an SSH Key on their computer and send you their PUBLIC Key.
  2. Append their PUBLIC Key on the end of the 'dspace' user's ~/.ssh/authorized_keys file

    • NOTE: Please add a comment regarding who's key this is, so that it makes it easier to clean up later on. For example:

      Code Block
      # Tim Donohue's SSH Key
ssh-rsa ....


  3. They should now be able to connect as follows:

    Code Block
    ssh dspace@demodspace@demo6.dspace.org


Updating / Upgrading DSpace installation

...

In May/June 2015, we ran into several scenarios where users were logging in as a demo Admin account and promptly changing the email address associated with that account.  In order to avoid this, it is HIGHLY recommended to disable editing of email addresses on demodemo6.dspace.org.

Here's how it's done:

  • In Mirage2, the following jQuery can be added to the ~/dspace-src/dspace-xmlui-mirage2/src/main/webapp/xsl/core/page-structure.xsl:

    Code Block
    <xsl:template name="buildHead">
<head>
...

   <!-- CUSTOM FOR DEMO.DSPACE.ORG: Don't allow EPerson Emails to be edited, so no one can change default admin acct emails. -->
   <script type="text/javascript">
       jQuery(function() {
           // Change label for email field in "Edit E-Person"
           jQuery("label[for='aspect_administrative_eperson_EditEPersonForm_field_email_address']").text("Email Address (editing is disabled on demo.dspace.org)");
           // Make email field in "Edit E-Person" READ-ONLY
           jQuery("#aspect_administrative_eperson_EditEPersonForm_field_email_address").prop("readonly", true);
        });
   </script>
</head>
</xsl:template>


  • In JSPUI, the following jQuery can be added to the ~/dspace-src/dspace-jspui/src/main/webapp/layout/header-submission.jsp:

    Code Block
    <head>
...
   <!-- CUSTOM FOR DEMODEMO6.DSPACE.ORG: Don't allow EPerson Emails to be edited, so no one can change default admin acct emails. -->
   <script type="text/javascript">
       jQuery(function() {
           // Change label for email field in "Edit E-Person"
           jQuery("label[for='temail']").text("Email (editing disabled on demodemo6.dspace.org):");
           // Make email field in "Edit E-Person" READ-ONLY
           jQuery("#temail").prop("readonly", true);
       });
   </script>
</head>


...

JavaDocs page

  • The JavaDocs pages (http://demodemo6.dspace.org/javadocs/) are static pages served by Tomcat and are located at: ~/tomcat/webapps/javadocs/
  • These JavaDocs can be regenerated at any time by running the following (from the root source directory, [dspace-source] ):

    • mvn javadoc:aggregate

    • If you're generating javadoc of a snapshot version of DSpace, the above would fail. Use mvn install javadoc:aggregate && rm -rf ~/.m2/repository/org/dspace instead.
    • The "javadoc:aggregate" command generates a single set of javadocs which aggregate the APIs of all DSpace modules.  See http://maven.apache.org/plugins/maven-javadoc-plugin/plugin-info.html
    • The resulting javadoc is in [dspace-source]/target/site/apidocs. Upload it to dspace@demodspace@demo6.dspace.org:/home/dspace/tomcat/webapps/javadocs/[dspace-major-version]/.
    • NOTE: We've encountered some oddities with the results when this is run from demodemo6.dspace.org itself (the resulting CSS isn't applied).  So, it's recommended to run this command from your local machine.
      • It worked fine on 2 machines running Java 6, Maven 2.2.1 and 3.0.3, respectively. It didn't work on demo, which was running Java 7 and Maven 2.2.1.
      • Later, it worked fine on demo running Java 8u181 and Maven 3.3.9.

...

Obviously, you can get the latest information on the existing Cron jobs by logging into the demodemo6.dspace.org server and running:

...

  1. Install a fresh (empty) copy of DSpace on your local server.
  2. Configure it to have the same handle prefix as demodemo6.dspace.org (handle prefix: 10673) & setup an initial administrative user (ideally 'dspacedemo+admin@gmail.com' which is the Demo Administrator on demodemo6.dspace.org).

  3. Download the existing AIPs from this directory, e.g.

    Code Block
    scp dspace@demodspace@demo6.dspace.org:~/AIP-restore/* .


  4. Use the downloaded AIPs to "restore" content to your local server's empty DSpace, e.g.

    Code Block
    [dspace]/bin/dspace packager -r -a -f -t AIP -e [admin-email] -i 10673/0 /full/path/to/SITE@10673-0.zip


  5. Update your DSpace's content as you see fit (adding/removing/changing objects)

  6. Export a fresh set of AIPs, by performing a full SITE export e.g.

    Code Block
    [dspace]/bin/dspace packager -d -a -t AIP -e [admin-email] -i 10673/0 -o includeBundles=ORIGINAL,LICENSE -o passwords=true SITE@10673-0.zip
    • The above example just exports ORIGINAL & LICENSE bundles into AIPs, and also exports user passwords into AIPs (so that they can also be restored).

  7. Upload those newly updated AIPs to demodemo6.dspace.org, e.g.

    Code Block
    scp . dspace@demodspace@demo6.dspace.org:~/AIP-restore/
    • NOTE: Before putting them on demodemo6.dspace.org, you may want to do your own test restore using these AIPs, just to ensure there are no issues.

...

  1. First, copy all the AIPs to a shareable location.  Below, we chose /usr/share/dspace/AIP-restore folder:

    Code Block
    # Create share location
sudo mkdir -p /usr/share/dspace/AIP-restore

# Manually copy all existing AIPs over there (TODO: This should be automated or synced in future)
cd /usr/share/dspace/AIP-restore/
sudo cp ~dspace/AIP-restore/* .
sudo chown -R dspace:dspace /usr/share/dspace/AIP-restore/

# Add DSpace to www-data user group (to give Apache read access)
sudo usermod -a -G www-data dspace

# Give Apache group rights on directory
sudo chgrp www-data /usr/share/dspace/AIP-restore/
sudo chmod g+rxs /usr/share/dspace/AIP-restore/


  2. Next, update the Apache configuration for demodemo6.dspace.org to provide access to that shareable location:

    Code Block
    sudo nano /etc/apache2/sites-available/25-demodemo6.dspace.org.conf

## ADD THE FOLLOWING INTO THAT FILE (inside the <VirtualHost>)
<VirtualHost *:80>
  ...
  # Define path /aip to point at shareable AIP-restore location
  Alias "/aip" "/usr/share/dspace/AIP-restore"
  <Directory "/usr/share/dspace/AIP-restore">
    # Allow viewing file listing
    Options Indexes
    # Don't allow access to README, logs or parent link (..)
    IndexIgnore README* *.log ..
    # Allow access to all
    Order allow,deny
    Allow from all
  </Directory>
  # Don't proxy /aip paths to Tomcat
  ProxyPass /aip !
  ...
</VirtualHost>


  3. Reload Apache and test it out:

    Code Block
    sudo service apache2 reload


  4. Assuming everything works, here's a wget command that can be used to download the AIPs to a local computer 

    Code Block
    # This recursively downloads all files (except index.html file) into an "aip" directory
wget -r -np -nH -R "index.html*" --execute="robots=off" http://demodemo6.dspace.org/aip/


Reset "News" sections every night

...

Since people have been known to change our demo user passwords on this demodemo6.dspace.org server, we now reset them to the default password every hour.

...

In order to locate potential memory issues in DSpace, we've installed YourKit on demodemo6.dspace.org at ~/yjp/.

It can be accessed remotely so that we can perform various Java profiling tasks.

...

  • Download & Install YourKit Profiler. Put in your open source license key (available to all DSpace Committers).
  • Open up YourKit, select "Connect to remote application..." option.
  • Point it at "demodemo6.dspace.org:10001" and start doing some profiling!
  • If it's not running, start it using ~/yjp/bin/yjp.sh
  • If needed, logs are in ~/.yjp/log/

...

Code Block
# Latest install instructions available at: https://certbot.eff.org/lets-encrypt
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache
 
# register and request first certificate, but do not change Apache configuration (we'll do it manually)
sudo letsencrypt --apache certonly

Enter email address (used for urgent notices and lost key recovery)
sysadmin@duraspace.org

Which names would you like to activate HTTPS for?
[*] demodemo6.dspace.org

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to sysadmin@duraspace.org.
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/demodemo6.dspace.org/fullchain.pem. Your cert will
   expire on 2017-01-04. To obtain a new version of the certificate in
   the future, simply run Let's Encrypt again.
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.
 
# replace self-signed certificates with Let's Encrypt certificates
sudo vim /etc/apache2/sites-enabled/25-ssl-demodemo6.dspace.org.conf
  ## SSL directives
  SSLEngine on
#  SSLCertificateFile      "/etc/ssl/certs/ssl-cert-snakeoil.pem"
#  SSLCertificateKeyFile   "/etc/ssl/private/ssl-cert-snakeoil.key"
#  SSLCACertificatePath    "/etc/ssl/certs"
  SSLCertificateFile    /etc/letsencrypt/live/demodemo6.dspace.org/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/live/demodemo6.dspace.org/privkey.pem
  SSLCACertificateFile  /etc/letsencrypt/live/demodemo6.dspace.org/fullchain.pem
 
# test renewal (dry run)
sudo letsencrypt renew --dry-run --agree-tos
 
# set up renewal from cron
sudo vim /etc/cron.d/certbot
 
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 */12 * * * root test -x /usr/bin/letsencrypt && perl -e 'sleep int(rand(3600))' && letsencrypt -n renew --agree-tos

...