Thalia admin runbook
Things to do when setting up a new cluster:
- get the dns entry for subdomain
- get a Wild card certs
- Don't forget install the alfresco license
- have ops set up F5
Things to do when setting up thalia:
Setting up the Thalia UI and IME Servers:
A. Install ImageMagic on the server that will be running the Thalia UI and IME:
- go to www.imagemagick.org and get the source distribution:ImageMagick-6.3.2-9.tar.gz
- unzip and unstar ImageMagick-6.3.2.tar.gz and cd to ImageMagic-6.3.2 directory
- by default, the base installation directory is /usr/local. binary files go in /usr/local/bin and library files go in /usr/local/lib. If you want to specify an installation prefix other than /usr/local, youcan do it by specify the --prefix=PATH in step 4
- ./configure (specify the path here if necessary. Please note that the binary files should be in the system path)
- make install
- for more info, please refer to the Install-unix.txt in the package
- after installation, you should be able to type "convert" command and get the help page.
B. Install lazlo servlet on the server that will be running the Thalia UI and IME:
- Get the 4.0.2 version going to http://www.openlaszlo.org/archive. Choose the Servlet for 4.0.2.
- Can be installed via tomcat manager
- LPS_HOME must be set as an environment variable, so that the compiler can run. LPS_HOME should be set to the directory where the servlet was installed, e.g. /home/apache-5.5.23/webapps/openlaszlo-4.0.2-servlet
- For some reason, the compiler script (a file called lzc) is not executable when installed. It needs to be made executable by going into$LPS_HOME/WEB-INF/lps/server/bin and chmod 755 lzc.
C. create directory structure and change the owner to www:
/home/www/thalia/conf
/home/www/thalia/log
/home/www/thalia/bulkimage
/home/www/thalia/tmp
D. put thaliausers.xml in /home/www/thalia/conf. This file should contain info about system super users. The file should have the format:
<user-list>
<user><name>dongq</name>
<domain>ADMIN</domain>
<isAdmin>true</isAdmin>
</user>
<user><name>dracus</name>
<domain>ADMIN</domain>
<isAdmin>true</isAdmin>
</user>
</user-list>
The system super users can self-register in any domain by going to https://\[domain\].thalia.mit.edu/resttest.jsp and click on the super user self reg button.
E. upload the thalia war file onto the UI and IME server.
Customize the Alfresco Server:
1. Stop Alfresco server
2. put our custom model (includes thaliaModel.xml and thalia-model-context.mxl) in the extension folder
3. Edit permissionDefinitions.xml and add the Thalia permissionGroup definitions within the <permissionSet type="sys:base" expose="all"> block right
after <permissionGroup name="Execute" allowFullControl="false" expose="false"> <includePermissionGroup type="sys:base" permissionGroup="ExecuteContent" /> </permissionGroup>:
) Be certain not to split a block of code. It is located in directory:
/home/alfresco/tomcat/webapps/alfresco/WEB-INF/classes/alfresco/model
The additional block should be:
<permissionGroup name="ThaliaWrite" allowFullControl="false" expose="false">
<includePermissionGroup type="sys:base" permissionGroup="Write"/>
<includePermissionGroup type="sys:base" permissionGroup="Read"/>
<includePermissionGroup type="sys:base" permissionGroup="AddChildren"/>
<includePermissionGroup type="sys:base" permissionGroup="Delete"/>
<includePermissionGroup type="sys:base" permissionGroup="ExecuteContent"/>
</permissionGroup>
<permissionGroup name="ThaliaRead" allowFullControl="false" expose="false">
<includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
<includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
<includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
</permissionGroup>
<permissionGroup name="ThaliaDownload" allowFullControl="false" expose="false">
<includePermissionGroup type="sys:base" permissionGroup="ReadProperties"/>
<includePermissionGroup type="sys:base" permissionGroup="ReadChildren"/>
<includePermissionGroup type="sys:base" permissionGroup="ReadContent"/>
<includePermissionGroup type="sys:base" permissionGroup="ExecuteContent"/>
</permissionGroup>
4. edit contentModel.xml:
find <type name="cm:person"> block in the file
put <property name="cm:isAdmin">
<type>d:text</type>
</property>
Before the </properties> line
5. add the admin account specified by alfrescoAdmin in web.xml in Alfresco's authority-services-context.xml file.
6. change the default admin account password to the same as thaliaAdmin. Don't use the default admin password.
7. start Alfresco server
8. create the user specified by alfrescoAdmin and alfrescoAdminPwd in web.xml. This is our admin user.
9. create the user specified by alfrescoGuest and alfrescoGuestPwd in web.xml. This is our guest user (because the web service api doesn't support guest login).
10. Run the BuildThaliaDomain.jar library to create the domains. The syntax is $JAVA_HOME/bin/java -classpath ./lib -jar BuildThaliaDomain.jar [alfresco repository location] [admin passwd] [DOMAIN NAME]
For example, to create the TEST domain on isda-thalia6 do:
$JAVA_HOME/bin/java -classpath ./lib -jar BuildThaliaDomain.jar http://mv.ezproxy.com.ezproxyberklee.flo.org/alfresco adminpass TEST
Please be aware that the jar file was compiled using java6, so if the JAVA_HOME points to a location older than java6, it will not work.
You can run the jar file from any server to manage any domain in any alfresco repository. You just need to specify the alfresco repository address as the first argument. This utility also has a web interface.
11. set the domain specific metadata mapping
On both IME and Alfresco Server:
- run cronjob to rollover the log. The config file is /etc/roll-log.conf
/home/root/roll-log >> /loc/logs/roll-log.log 2>&1 & - run cronjob to clean up temporary files. The config file is /etc/cleansefiles.conf
/home/root/cleansefiles.py >> /loc/logs/rmoldfiles.log 2>&1 &
3. How to create a new super user:
Edit thaliausers.xml mentioned in step D of setting up thalia. Restart the ime. The new super user needs to self register to be a domain admin in a domain. Please refer to step D also.