UPDATE ......From Tuesday 8 April 2025 we have changed the way that Single Sign-on works on this wiki. Please see here for more information:
Update
# NREN Compendium
* [Getting started](#getting-started)
* [Test](#test)
* [LocaleApp](#localeapp)
* [Deployment](#deployment)
## Getting started
### Ruby version
We're currently using version 2.1.1.
#### RVM
Update to the latest version and install ruby 2.0 and the latest bundler:
rvm get latest
rvm install ruby-2.1.1
rvm use --create 2.1.1@compendium
gem install bundler
#### Rbenv
Update to the latest version and install ruby 2.0 and the latest bundler:
brew update # update brew's formulas
brew upgrade rbenv # upgrade to the latest rbenv
brew upgrade ruby-build # upgrade to the latest ruby build
rbenv install 2.1.1
rbenv shell 2.1.1
gem install bundler
### QT
We're using WebKit in our test suite. So we need to install QT in order to compile WebKit:
brew update
brew install qt5
If you get this error installing capybara-webkit: `An error occurred while installing capybara-webkit (1.11.1), and Bundler cannot continue.`, follow these steps:
edit your `.bashrc` or equivalent if you use zsh and remove any export paths to qt, then:
```
brew uninstall qt@5.5
gem uninstall capybara-webkit
brew install qt@5.5
echo 'export PATH="$(brew --prefix qt@5.5)/bin:$PATH"' >> ~/.bashrc
(start a new shell)
bundle install
```
### PostgreSQL
We're using PostgreSQL version 9.2.4. Update brew to install the latest version:
brew update
brew install postgresql
Follow brew's steps to create the default database and make postgres autoload on system startup.
### Database
Create the correct users and databases:
psql -h localhost postgres -c "create user compendium with password 'compendium' CREATEDB"
When asked for a password, use the following command instead and use `compendium` as the password:
createuser -P -S -d -R -l -e compendium
### Node.js
We need Node.js and NPM for some tooling. Install it using brew:
brew install node
### Source
git clone git@github.com:zilverline/terena.git
cd terena
### Local dependencies
Install the local gems and node dependencies. **You must run these
commands from the `compendium` root directory!**
npm install
bundle install
### Setup the database schema and seed data
rake db:create db:migrate
RAILS_ENV=test rake db:migrate
### Running the server
You're now ready to run the project:
rails server
## Test
Run the complete test suite with:
rake spec
Run only the integration tests:
rake integration_spec
## LocaleApp
We use LocaleApp to manage static content. The translation files are hosted at [http://www.localeapp.com/projects/6559](http://www.localeapp.com/projects/6559).
To update the local translation files, run:
bundle exec localeapp pull # or alias this as 'belp'
## Deployment
### Available environments
* Integration: `git clone gitolite@molotov.terena.org:compendium-int` - https://molotov.terena.org/
Basic authentication: compendium - koffie-laptop-kauwgom
* Acceptance: `git clone gitolite@molotov.terena.org:compendium-acc` - https://compendium.terena.org/
Basic authentication: compendium - koffie-laptop-kauwgom
### Setup environment
Install dependencies (latest versions):
* Git
* Apache
* Passenger
* Ruby 2.0.0-p353
* Postgresql
* Gitolite
* RVM (may be installed globally)
* node & npm (Install from source! See [https://gist.github.com/dwayne/2983873](https://gist.github.com/dwayne/2983873))
Create a `compendium` user (without a password). Add this user to the following groups: `rvm` and `www-data`.
Configure gitolite:
dpkg-reconfigure gitolite
Use all the default configuration values except for the public key. You can enter a public ssh key for the admin user. This setup will create an admin repo with admin only access.
Clone this admin repo:
git clone gitolite@molotov.terena.org:gitolite-admin
Make changes to the configuration. See Gitolite's [documentation](https://github.com/sitaramc/gitolite) for configuration details. Make sure you add all the public keys you want to give access to the new repositories, including the keys of the newly created `compendium` user and the Jenkins build server.
Add sudo rights for the `gitolite` and `compendium` user. Edit `/etc/sudoers` and add the following snippit:
gitolite ALL=(compendium) NOPASSWD: ALL
compendium ALL=(postgres) NOPASSWD: ALL
This allows the `gitolite` user to execute commands as the `compendium` user, without a password. And it allows the `compendium` user to execute commands as the `postgres` user. Again without a password.
Configure a post-receive hook at `/var/lib/gitolite/repositories/${REPO_NAME}.git/hooks/post-receive`. The code for this script is in [script/integration/git/hooks/post-receive](script/integration/git/hooks/post-receive). Make sure this file is owned bij de `gitolite` user and can be executed (`chmod +x`).
Clone the newly created repo in the web directory (as the `compendium` user):
cd /pub/www/
git clone gitolite@molotov.terena.org:${REPO_NAME}
Configure an Apache Virtual Host. The configuration can be found in [script/integration/apache/vhost](script/integration/apache/vhost).
Reload Apache and enjoy!
#### SAML
Install the apache authentication module:
apt-get install libapache2-mod-auth-mellon
a2enmod auth_mellon
Generate certificates:
openssl req -new -newkey rsa:2048 -days 3650 -nodes -x509 -keyout sp.key -out sp.crt
Move certificates to `/etc/apache/mellon/`:
mkdir /etc/apache/mellon
mv sp.crt sp.key ~/etc/apache/mellon/
Save contents of [https://login.terena.org/wayf/saml2/idp/metadata.php](https://login.terena.org/wayf/saml2/idp/metadata.php) to `/etc/apache/mellon/idp.xml`.
Add the following to the vhost config:
<Location />
MellonEnable "info"
MellonSecureCookie On
MellonSessionDump Off
MellonSamlResponseDump Off
MellonEndpointPath "/mellon"
MellonSPPrivateKeyFile /etc/apache2/mellon/sp.key
MellonSPCertFile /etc/apache2/mellon/sp.crt
MellonIdPMetadataFile /etc/apache2/mellon/idp.xml
</Location>
Restart apache and enjoy!
You can now open `https://#{APP_HOST}/login` and you'll be redirected to the login page of TERENA.
## KPI Spider
To fetch the KPI information for the services matrix, you can run
`rake servicematrix:import_kpis`. This should be installed as a cron
tab or some other scheduler on the production machine.