Difference between revisions of "Nhmbif"

From nhm.sfs.gbif
Jump to: navigation, search
Line 23: Line 23:
 
* Upload the latest version of the .war file (ipt-x-x-x.war) using the tomcat web interface
 
* Upload the latest version of the .war file (ipt-x-x-x.war) using the tomcat web interface
 
** Alternatively, stop tomcat (<tt>service tomcat stop</tt>, copy the latest version of the IPT (ipt-x.x.x.war) to <tt>/var/lib/tomcat/webapps/ipt-sandbox.war</tt> and <tt>/var/lib/tomcat/webapps/ipt.war</tt> and restart tomcat (<tt>service tomcat start</tt>)
 
** Alternatively, stop tomcat (<tt>service tomcat stop</tt>, copy the latest version of the IPT (ipt-x.x.x.war) to <tt>/var/lib/tomcat/webapps/ipt-sandbox.war</tt> and <tt>/var/lib/tomcat/webapps/ipt.war</tt> and restart tomcat (<tt>service tomcat start</tt>)
* Follow the instructions at [https://data.gbif.no/ipt] and [https://data.gbif.no/ipt-sandbox] to complete the upgrade
+
* Follow the on-screen instructions [https://data.gbif.no/ipt] and [https://data.gbif.no/ipt-sandbox] to complete the upgrade
  
 
== Renewing SSL certificates ==
 
== Renewing SSL certificates ==

Revision as of 02:38, 2 April 2018

nhmbif is a virtual machine running RHEL 7.3

List of services

The following services are provided on nhmbif (incomplete list):

IPT upgrades

  • Make sure to back up the data directories – /site/gbif/ipt and /site/gbif/sandbox
  • Download the Latest version of the IPT
  • Upload the latest version of the .war file (ipt-x-x-x.war) using the tomcat web interface
    • Alternatively, stop tomcat (service tomcat stop, copy the latest version of the IPT (ipt-x.x.x.war) to /var/lib/tomcat/webapps/ipt-sandbox.war and /var/lib/tomcat/webapps/ipt.war and restart tomcat (service tomcat start)
  • Follow the on-screen instructions [1] and [2] to complete the upgrade

Renewing SSL certificates

We use dehydrated to renew the letsencrypt certificates for data.gbif.no. Everything should just happen automatically (on the 1st of every month), but if something goes wrong, simply run /opt/bin/renew to renew the certificates. This script will also concatenate privkey.pem and cert.pem so lighttpd can use the certificates. Remember to restart lighttpd!

Troubleshooting

Help, the IPT is down!!!

  • Is tomcat running? If not, do service tomcat start
  • Is lighttpd running? If not, do lighttpd -f /etc/lighttpd/lighttpd.conf

IPT/Tomcat is not allowed to write to the IPT data directory

Probably an SELinux thing - try the following:

  • grep tomcat /var/log/audit/audit.log | audit2allow -M ipt
  • semodule -i ipt.pp