Task #536
closed
Thredds: tomcat runs as root
100%
Description
The tomcat on "thredds.d4science.org" has been installed under the user tomcat but it runs as root. Now it is configured to run under the port 80. I guess, it runs as root because thredds needs to run under the port 80.
We should try to install a nginx as frontend (as done for geoservers) and change the tomcat port to 8080. Do you think is possible to do it in the next relese?
Related issues
Updated by Andrea Dell'Amico over 9 years ago
- Related to Task #183: tomcat running as root user under port 80 added
Updated by Andrea Dell'Amico over 9 years ago
As usual, I'd prefer to automate all the VM configuration. Is it possible? Is there a devel instance where we can test the new configuration?
Updated by Roberto Cirillo over 9 years ago
Andrea Dell'Amico wrote:
As usual, I'd prefer to automate all the VM configuration. Is it possible? Is there a devel instance where we can test the new configuration?
Unfortunately there isn't a dev instance for thredds
Updated by Andrea Dell'Amico over 9 years ago
Is it possibile to create one and perform some basic tests on it?
Updated by Roberto Cirillo over 9 years ago
Andrea Dell'Amico wrote:
Is it possibile to create one and perform some basic tests on it?
I guess it is possible. Gianpaolo Coro could you help us and tell us what is the minimum set of resources for a minimal thredds installation in dev, please?
Updated by Gianpaolo Coro over 9 years ago
Thredds is an old service installation that needs larger file system capacity with respect to other services. It needs to store geospatial files locally to the FS and publishes them as maps.
Currently, there is only one service instance running, because at "that time" we had not enough space to create two machines. Thredds hosts especially environmental maps (and thus files) which need to be both on dev and prod environments.
The best could be to replicate the Thredds machine, creating a dev machine hosting the same files as the current machine.
Please, note that one geospatial file (NetCDF, GeoTiff, ASC) could be as large as 10 GBs.
Updated by Andrea Dell'Amico over 9 years ago
Gianpaolo Coro wrote:
Thredds is an old service installation that needs larger file system capacity with respect to other services. It needs to store geospatial files locally to the FS and publishes them as maps.
Currently, there is only one service instance running, because at "that time" we had not enough space to create two machines. Thredds hosts especially environmental maps (and thus files) which need to be both on dev and prod environments.The best could be to replicate the Thredds machine, creating a dev machine hosting the same files as the current machine.
Please, note that one geospatial file (NetCDF, GeoTiff, ASC) could be as large as 10 GBs.
Well, it could be temporary. So we could rsync (or get from a backup) the data on a storage disk and mount it on a new machine, that would be deployed in a way similar to the geoservers: recent distribution, newer tomcat, firewall rules, etc.
Updated by Andrea Dell'Amico over 9 years ago
- Assignee changed from Andrea Dell'Amico to _InfraScience Systems Engineer
The configuration with tomcat running as an unprivileged user has been successfully tested in dev, see #740
Updated by Tommaso Piccioli over 9 years ago
- Status changed from New to In Progress
I'm going to install a new production host configured as the dev one, then we will switch to it the production environment.
Updated by Tommaso Piccioli over 9 years ago
- Assignee changed from _InfraScience Systems Engineer to Gianpaolo Coro
thredds-p-d4s.d4science.org up and running, tomcat instance on port 8180 running with gcube user and nginx proxy on port 80
thredds must be configured
Updated by Gianpaolo Coro over 9 years ago
- Related to Task #1283: Thredds layers colors not visualised on GisViewer added
Updated by Gianpaolo Coro over 9 years ago
First, I would like to finish the configuration in the development enviroment for the related ticket #1283. I will then report it to the new service before deploying it in prod.
Updated by Gianpaolo Coro over 9 years ago
- Assignee changed from Gianpaolo Coro to Roberto Cirillo
The Thredds instance thredds-p-d4s.d4science.org has been configured and the catalog can be accessed here
http://thredds-p-d4s.d4science.org/thredds/catalog/public/netcdf/catalog.html
I configured the web application and cleaned-up the content folder under /data/content/
Next actions should be:
@roberto.cirillo@isti.cnr.it to update and check the GHN running on that machine endowed with DataTransfer
@tommaso.piccioli@isti.cnr.it to (i) align the "/data/content/thredds/public/netcdf/" folder on thredds-p-d4s to the corresponding folder on thredds.d4science, (ii) assign the name thredds.d4science as alias to thredds-p-d4s
@gianpaolo.coro@isti.cnr.it double-check the consistency of layers display and use of data by computations
Updated by Roberto Cirillo about 9 years ago
- Status changed from In Progress to Closed
Updated by Andrea Dell'Amico about 9 years ago
- Related to Task #2946: Install ganglia and the local nagios checks on thredds-p-d4s.d4science.org added
Updated by Andrea Dell'Amico about 9 years ago
- Status changed from Closed to In Progress
It seems that the switch did not happen, the old machine is still active.
Updated by Roberto Cirillo about 9 years ago
Could anyone add another user called gcube1 on thredds-p-d4s?
The gcube user is used by tomcat. I think it's better to have a separated user dedicated to the ghn
Updated by Tommaso Piccioli about 9 years ago
The ghn will be installed with the user gcube, as it is on the dev machine thredds-d-d4s.d4science.org
Updated by Roberto Cirillo about 9 years ago
- Status changed from In Progress to Feedback
- Assignee changed from Roberto Cirillo to Gianpaolo Coro
The data-transfer service has been installed (under gcube user) and it is running on devsec scope for testing purpose.
Now the tomcat is running on port 8180, the ghn is running on port 8080
Updated by Gianpaolo Coro about 9 years ago
Tests for this issue are quite long and require attention. I'm currently managing more urgent issues, whose tickets have been indicated as having very high priority (updating Readme files in 120 components of mine). I will go back to this issue asap.
Updated by Gianpaolo Coro about 9 years ago
- Assignee changed from Gianpaolo Coro to Andrea Dell'Amico
The thredds-p-d4s.d4science.org installation works very well. It can be substituted to thredds.d4science.org in the prod. environment, after assigning this alias to that machine.
Please, be sure that the RAM enhancements just requested for the other thredds machines have been applied also to thredds-p-d4s.d4science.org. The previous thredds.d4science.org machine can be dismissed after aligning the /data/content/thredds/public/netcdf/ folders with the new machine's.
Updated by Andrea Dell'Amico almost 9 years ago
- Assignee changed from Andrea Dell'Amico to Tommaso Piccioli
Updated by Roberto Cirillo almost 9 years ago
Any update on this?
The new vm should be in production in the next week otherwise we have to postpone again this activity
Updated by Roberto Cirillo almost 9 years ago
- Status changed from Feedback to In Progress
The new VM has been deployed in production
Updated by Roberto Cirillo almost 9 years ago
- Status changed from In Progress to Closed
