Public code for the FRAM data warehouse. Â Â https://www.nwfsc.noaa.gov/data
Project is organized as follows:
For instructions on creating/configuring the data warehouse DB see private project warehouse-internal.
A Makefile has been provided in the server/ project folder, to facilitate automated building of Python virtualenv and running the server. Virtualenv is constructed with the help of Continuum Analytics "Anaconda" Python distribution.
Powered by Anaconda
Makefile can be run on any system with:
- wget, make, bash, & tar (I used Debian Wheezy)
- postgresql-devel tools package
- libxml2-devel package
- libxslt-devel package
- xmlsec1-devel xmlsec1-openssl-devel libtool-ltdl-devel packages (per: xmlsec)
- java 8 (e.g.: openjdk-8-jre package)
Makefile target pretest requires additional commands:
- curl, zip
- Data source db backend connections must be configured via:
- server/db_config.ini
- see Production Installation, step #2.7.1 for details
- (Optional) The server port/interface may be configured via:
- server/server.ini
- Obtain needed modules via included server/requirements.txt
pip install --no-binary lxml,xmlsec -r build/server/requirements.txt
(Optional) Using Continuum Analytics Anaconda, a Python virtualenv may be constructed via Makefile default target (default target name: build).
cd server/
make
(Optional) Anacondas virtualenv will be constructed in server/build/. Virtualenv may be enabled and disabled via:
source build/miniconda3/bin/activate warehouse-env
source deactivate
- Run Python test cases via:
cd server/
python3 -m unittest discover
(Optional) Test cases may be started via the virtualenv with:
cd server/
make && make test
make test # retest, if virtualenv has already been built/requirements.txt unchanged
- Start the Warehouse HTTP server via:
cd server/
python3 server.py
(Optional) Server may be launched via virtualenv with:
cd server/
make && make run
make run # rerun, if virtualenv has already been built/requirements.txt unchanged
See warehouse-internal for job config settings & instructions on setup/installation of new Jenkins build jobs.
See: [Client API documentation](server/doc/Client API.md).
For an example of making an authenticated datawarehouse DB query through the API in typscript, see examples/exampleDataPull.ts
The service may be packaged for distribution/production installation via the Makefile package target:
cd server/
make && make package
Process for installing Warehouse service package on a CentOS 6 host:
See: deployment.md
The installed Warehouse server may be managed via Apache service: httpd.
sudo service httpd start
sudo service httpd stop
sudo service httpd status
Warehouse application will not begin running, until a page request for any API URL is made. This means the Pentaho ETL-scheduler subprocess will not start until after a URL request is made. The CSW subservice will not start until 6 minutes after the first URL request is made (after startup, PyCSW will periodically refresh its metadata cache every additional 6 minutes).
When NOAA incrementally updates LDAP server certificates, place the new issuing CA Root certificate in: server/api/auth/noaa-ldap-certs.crt
The warehouse .crt file may contain mulitple Root certificates, to support environments where a mix of certificates are being used concurrently & for seamless transition from the old certificates to the new certificates.
Remove all old certs from warehouse .crt file when server certificates have been fully decommissioned.
If the CA chain certs needed to verify LDAP server identity cannot be found, Service Unavailable
will be displayed to the user and warehouse will log:
WARNING:root:(LDAPSocketOpenError('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)',),)
WARNING:root:('unable to open socket', [(datetime.datetime(2017, 6, 13, 11, 1, 38, 39227), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)',), ('**EDIT:SERVER_IP1**', 636)), (datetime.datetime(2017, 6, 13, 11, 1, 38, 195164), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)',), ('**EDIT:SERVER_IP1**', 636))])
WARNING:root:('unable to open socket', [(datetime.datetime(2017, 6, 13, 11, 1, 38, 427809), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)',), ('**EDIT:SERVER_IP1**', 636)), (datetime.datetime(2017, 6, 13, 11, 1, 38, 634087), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)',), ('**EDIT:SERVER_IP2**', 636)), (datetime.datetime(2017, 6, 13, 11, 1, 38, 842860), <class 'ldap3.core.exceptions.LDAPSocketOpenError'>, LDAPSocketOpenError('socket ssl wrapping error: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:600)',), ('**EDIT:SERVER_IP3**', 636))])
-
The installed Warehouse server may be updated with a new application package via:
-
Specify currently installed version
read -p "Enter backup ID [e.g.: '1.1']: " WH_BACKUP_ID && CURRENT_WH_VER=${WH_BACKUP_ID}_$(date -I'minutes')
-
Back up installed Warehouse (DO NOT SKIP) & install new Warehouse scripts
mkdir -p /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER} mv -f /var/www/wsgi-scripts/warehouse/server /var/www/wsgi-scripts/warehouse/miniconda3 /var/www/wsgi-scripts/warehouse/Miniconda3-*-Linux-x86_64.sh /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/. # Untar install package tar xzf /path/to/warehouse-server.tgz --directory=/var/www/wsgi-scripts/warehouse # Reinstall Continuum Analytics Anaconda # back up package environment and clear Anaconda dir mv /var/www/wsgi-scripts/warehouse/miniconda3/envs /var/www/wsgi-scripts/warehouse/. rm -Rf /var/www/wsgi-scripts/warehouse/miniconda3 # run installer /var/www/wsgi-scripts/warehouse/Miniconda3-*-Linux-x86_64.sh -b -p /var/www/wsgi-scripts/warehouse/miniconda3 # replace package environment mv -f /var/www/wsgi-scripts/warehouse/envs /var/www/wsgi-scripts/warehouse/miniconda3/. # restore web group ownership chown -R :webdev_warehouse /var/www/wsgi-scripts/warehouse/* chmod -R o+rx /var/www/wsgi-scripts/warehouse/* # rebuild CentOS6 system library cache sudo ldconfig
-
Restore saved Warehouse configuration
- cp -f /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/server.ini /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/db_config.ini /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/db_dwsensitive.ini /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/db_dwsupport.ini /var/www/wsgi-scripts/warehouse/server/.
- UMASK_PREV=$(umask) && rm -f /var/www/wsgi-scripts/warehouse/server/openssl-keystore.jks; umask 0207 && cp -f /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/openssl-keystore.jks /var/www/wsgi-scripts/warehouse/server/. && umask ${UMASK_PREV} && chown apache:webdev_warehouse /var/www/wsgi-scripts/warehouse/server/openssl-keystore.jks
- UMASK_PREV=$(umask) && umask 077 && mkdir -p /var/www/wsgi-scripts/warehouse/server/api/auth/secrets && umask 0277 && cp -f /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/api/auth/secrets/saml-sp.key /var/www/wsgi-scripts/warehouse/server/api/auth/secrets/saml-sp.key && umask $UMASK_PREV && chown apache:webdev_warehouse /var/www/wsgi-scripts/warehouse/server/api/auth/secrets/saml-sp.key && chmod u-w /var/www/wsgi-scripts/warehouse/server/api/auth/secrets
- cp -f /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/server/admin/etl/pentaho/kettle.properties_ConnectionDetails /var/www/wsgi-scripts/warehouse/server/admin/etl/pentaho/.
-
-
Configure Apache static content
-
Specify currently installed version
-
Back up current content, for rollback
mkdir -p /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/app-warehouse mv -f /var/www/html/app-warehouse/* /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/app-warehouse/.
-
Deploy static content
-
Restore web group ownership
- chown -R :web_warehouse /var/www/html/app-warehouse/*
-
-
Configure Apache & reconfigure warehouse
-
Specify currently installed version
-
Back up config, for rollback
mkdir -p /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/etc/httpd/conf.d/ mkdir -p /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/etc/security/limits.d/ mv -f /etc/httpd/conf.d/wsgi.conf /etc/httpd/conf.d/wsgi-scripts.conf /etc/httpd/conf.d/wsgi-warehouse.conf /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/etc/httpd/conf.d/. mv -f /etc/security/limits.d/90-warehouse-nofile.conf /var/www/wsgi-scripts/warehouse/deploy_full_backup_${CURRENT_WH_VER}/etc/security/limits.d/.
-
Deploy httpd config files
-
copy templates:
sudo chown $USER /etc/security/limits.d cp /var/www/wsgi-scripts/warehouse/server/deploy/security/limits.d/* /etc/security/limits.d chmod o+r /etc/security/limits.d/* sudo chown -R root:root /etc/security/limits.d sudo chown $USER /etc/httpd/conf.d cp /var/www/wsgi-scripts/warehouse/server/deploy/httpd/conf.d/* /etc/httpd/conf.d/. sudo chown -R root:root /etc/httpd/conf.d
-
Update wsgi-warehouse.conf 'Listen' statement with Host IP & port virtualhost will run on - e.g.: Listen 10.0.80.120:80
-
Update wsgi-warehouse.conf VirtualHost directive with above IP+port - e.g.:
<VirtualHost 10.0.80.120:80>
-
Update wsgi-warehouse.conf VirtualHost directive with ServerName - e.g.: ServerName warehouse.nwfsc.noaa.gov:80
-
Update logging path in wsgi-warehouse.conf VirtualHost directive - e.g.: ErrorLog logs/warehouse_error_log - e.g.: CustomLog logs/warehouse_access_log combined\
-
-
Restart Apache server
- sudo service httpd restart
-
Test Warehouse web service operates
-
Remove settings+full backups (Optional)
-
Specify backup version to remove (e.g., for 'deploy_*_backup_1.1_2016-07-15T10:20-0700' enter '1.1')
read -p "Enter backup IDs to remove: " WH_BACKUP_ID
-
Delete rm -Rf /var/www/wsgi-scripts/warehouse/deploy_conf_backup_${WH_BACKUP_ID}* rm -Rf /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_BACKUP_ID}*
-
-
-
Archive currently installed Warehouse content
-
Enter a new archive ID
read -p "Enter backup ID [e.g.: '1.1']: " WH_BACKUP_ID && ROLLBACK_WH_VER=${WH_BACKUP_ID}_$(date -I'minutes')
-
Archive installed Warehouse
mkdir -p /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/app-warehouse mkdir -p /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/etc/httpd/conf.d/ mkdir -p /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/etc/security/limits.d/ mv -f /var/www/wsgi-scripts/warehouse/server /var/www/wsgi-scripts/warehouse/miniconda3 /var/www/wsgi-scripts/warehouse/Miniconda3-*-Linux-x86_64.sh /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/. mv -f /var/www/html/app-warehouse/* /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/app-warehouse/. mv -f /etc/httpd/conf.d/wsgi.conf /etc/httpd/conf.d/wsgi-scripts.conf /etc/httpd/conf.d/wsgi-warehouse.conf /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/etc/httpd/conf.d/. mv -f /etc/security/limits.d/90-warehouse-nofile.conf /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}/etc/security/limits.d/.
-
-
Restore backup of previosu Warehouse content
-
Enter ID of backup to restore
read -p "Enter backup ID: " WH_RESTORE_ID
-
Restore backup
cp -Rf /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_RESTORE_ID}*/server /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_RESTORE_ID}*/miniconda3 /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_RESTORE_ID}*/Miniconda3-*-Linux-x86_64.sh /var/www/wsgi-scripts/warehouse/. cp -Rf /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_RESTORE_ID}*/app-warehouse/* /var/www/html/app-warehouse/. cp -f /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_RESTORE_ID}*/etc/security/limits.d/90-warehouse-nofile.conf /etc/security/limits.d/. chmod o+r /etc/security/limits.d/* sudo chown -R root:root /etc/security/limits.d cp -f /var/www/wsgi-scripts/warehouse/deploy_full_backup_${WH_RESTORE_ID}*/etc/httpd/conf.d/* /etc/httpd/conf.d/. sudo chown -R root:root /etc/httpd/conf.d
-
-
Restart Apache server
- sudo service httpd restart
-
Test rollback
-
(Optional) delete archive of the rolled-back Warehouse
rm -Rf /var/www/wsgi-scripts/warehouse/rolled_back_full_${ROLLBACK_WH_VER}
To remove installed service:
#TBD
A Python unittest functional test suite has been provided, to test a running instance of the FRAM Data Warehouse.
In the future this suite may be migrated to a set of Selenium WebClient scripts+hosted Selenium web testing environment, expanded to perform DB integration testing, etc.
Copyright (C) 2015-2019 ERT Inc.