update for gn4
Closed this issue · 14 comments
cf georchestra/georchestra#3218 georchestra/geonetwork@dcc7507e and georchestra/geonetwork@7c47f10b
some properties needs to be added to geonetwork.properties to point at elasticsearch and kibana:
es.hostes.featureproxy.targeturikb.url
some new logging classes for log4j.xml ?
- https://github.com/georchestra/datadir/commits/gn4 is a branch with rss/microservices config
- https://github.com/georchestra/datadir/tree/georchestra-gn4-4.0.5 has some wip too :)
Here are my current modifications into docker-gn4 (not mentioning the config/ subdirectory being deleted):
diff --git a/geonetwork/geonetwork.properties b/geonetwork/geonetwork.properties
index c1ce10a..3ecd755 100644
--- a/geonetwork/geonetwork.properties
+++ b/geonetwork/geonetwork.properties
@@ -17,6 +17,15 @@ geonetwork.upload.dir=${geonetwork.dir}/data/upload/
geonetwork.formatter.dir=${geonetwork.dir}/data/formatter/
geonetwork.htmlcache.dir=${geonetwork.resources.dir}/htmlcache/
+# Map geOrchestra user role names to GeoNetwork user profiles.
+# Available GN profile names are:
+# Administrator, UserAdmin, Reviewer, Editor, RegisteredUser, Guest, Monitor
+geonetwork.profiles.default:RegisteredUser
+geonetwork.profiles.rolemappings.[ADMIN]=Administrator
+geonetwork.profiles.rolemappings.[REVIEWER]=Reviewer
+geonetwork.profiles.rolemappings.[EDITOR]=Editor
+geonetwork.profiles.rolemappings.[USER]=RegisteredUser
+
# database configuration
jdbc.host=database
jdbc.port=5432
@@ -68,3 +77,11 @@ ldap.sync.cron=0 * * * * ?
# then updates the validation table in the database, runs every 2 hours:
schematron.job.activated=true
schematron.job.cronExpression=0 0 0/2 * * ?
+
+# GN 4
+es.featureproxy.targeturi=http://localhost:9200/gn-features/{_}
+es.protocol=http
+es.port=9200
+es.host=elasticsearch
+kb.url=http://kibana:5601About the first chunk, it is related to @groldan current try to get rid of the LDAP
Fwiw, many more stuff are needed now that @groldan bits were merged, and documented nowhere but on https://github.com/georchestra/geonetwork/tree/a74f564bfc9e07988cb92dba6317a0c1ae3ffed6/georchestra-integration/georchestra-authnz#configuration and maybe other things are required from other modules ?
eg at least a58ea70 isnt present in the master branch of this repo. shows how much the non-docker case is untested/unmaintained.
among other changes needed https://github.com/georchestra/datadir/blob/master/geonetwork/log4j/log4j.xml#L4 tries to use org.apache.log4j.rolling.RollingFileAppender but this class isnt provided anymore with the same name in the log4j version shipped by gn4:
log4j:ERROR Could not create an Appender. Reported error follows.
java.lang.ClassNotFoundException: org.apache.log4j.rolling.RollingFileAppender
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1364)
at org.apache.catalina.loader.WebappClassLoaderBase.loadClass(WebappClassLoaderBase.java:1187)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:264)
at org.apache.log4j.helpers.Loader.loadClass(Loader.java:198)
the class is provided by the jar under a different name (without .rolling):
[29/11 14:14] root@demo.fluela:/etc/georchestra/geonetwork $unzip -l /srv/tomcat/georchestra/webapps/geonetwork/WEB-INF/lib/log4j-1.2.17.jar |grep Roll
5777 2012-05-06 13:00 org/apache/log4j/DailyRollingFileAppender.class
1813 2012-05-06 13:00 org/apache/log4j/RollingCalendar.class
4383 2012-05-06 13:00 org/apache/log4j/RollingFileAppender.class
related to GN4 logging, it also seems that <appender-ref ref="fileAppender" /> is needed for each logger entries in log4j.xml, otherwise logging goes ... i dunno where.
also getting many lines with this on /srv/tomcat/georchestra/logs/catalina.out, as if consoleAppender was hardcoded somewhere ?
log4j:ERROR Attempted to append to closed appender named [consoleAppender].
or maybe the previous work that had happened in gn 3.8 for loggin was dumped with gn4 ?
the wip diff i have, manually copypasted:
--- a/geonetwork/geonetwork.properties
+++ b/geonetwork/geonetwork.properties
+
+# GN 4
+es.featureproxy.targeturi=http://localhost:9200/gn-features/{_}
+es.protocol=http
+es.port=9200
+es.host=localhost
+kb.url=http://localhost:5601
+
+
+# Base URL for the console application REST API
+georchestra.console.url=http://localhost:8280
+
+# Group synchronization mode.
+# Defines whether to synchronize GeoNetwork Groups with Georchestra Organizations or Roles.
+# Allowed values are 'orgs' and 'roles'. Defaults to 'orgs', meaning each synchronized
+# User will be matched to one GeoNetwork Group, which in turn matches the user's organization.
+# A value of 'roles' means GeoNetwork Groups will be synchronized with Georchestra roles instead
+# of organizations, and Users will be synchronized so that they belong to all the Groups that match
+# its roles
+geonetwork.syncMode=orgs
+
+# If using 'roles' sync mode, a Java regular expression can be used to filter
+# which Georchestra roles are to be mapped to GeoNetwork groups. Only those role names
+# that march the regular expression will be mapped.
+geonetwork.syncRolesFilter=EL_(.*)
+
+# Map geOrchestra user role names to GeoNetwork user profiles.
+# Available GN profile names are:
+# Administrator, UserAdmin, Reviewer, Editor, RegisteredUser, Guest, Monitor
+geonetwork.profiles.default=RegisteredUser
+geonetwork.profiles.rolemappings.[GN_ADMIN]=Administrator
+geonetwork.profiles.rolemappings.[GN_REVIEWER]=Reviewer
+geonetwork.profiles.rolemappings.[GN_EDITOR]=Editor
+geonetwork.profiles.rolemappings.[GN_USER]=RegisteredUser
+
+geonetwork.scheduled.enabled=true
+# MILLISECONDS/SECONDS/MINUTES/HOURS
+geonetwork.scheduled.timeUnit = SECONDS
+geonetwork.scheduled.retryOnFailure = true
+geonetwork.scheduled.initialDelay = 10
+geonetwork.scheduled.retryDelay = 10
+geonetwork.scheduled.delayBetweenRuns = 60
--- a/geonetwork/log4j/log4j.xml
+++ b/geonetwork/log4j/log4j.xml
@@ -1,11 +1,11 @@
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration debug="false">
- <appender name="fileAppender" class="org.apache.log4j.rolling.RollingFileAppender">
+ <appender name="fileAppender" class="org.apache.log4j.RollingFileAppender">
...
...
+ <logger name="org.georchestra">
+ <level value="DEBUG"/>
+ <appender-ref ref="fileAppender" />
</logger>
--- a/security-proxy/headers-mapping.properties
+++ b/security-proxy/headers-mapping.properties
@@ -74,18 +74,9 @@ sec-lastname=sn
sec-tel=telephoneNumber
# datafeeder service specific headers:
-datafeeder.sec-firstname=base64:givenName
-datafeeder.sec-lastname=base64:sn
-datafeeder.sec-tel=base64:telephoneNumber
-datafeeder.sec-email=mail
-datafeeder.sec-address=base64:postalAddress
-datafeeder.sec-title=base64:title
-datafeeder.sec-notes=base64:knowledgeInformation
-datafeeder.sec-orgname=base64:org.o
-datafeeder.sec-org-linkage=base64:org.seeAlso.labeledURI
-datafeeder.sec-org-address:base64:org.seeAlso.postalAddress
-datafeeder.sec-org-category:base64:org.seeAlso.businessCategory
-datafeeder.sec-org-description:base64:org.seeAlso.description
-datafeeder.sec-org-notes:base64:org.seeAlso.knowledgeInformation
-
+datafeeder.send-json-sec-user=true
+datafeeder.send-json-sec-organization=true
+# geonetwork service specific headers:
+#send-json-sec-user tells the proxy to send the full user representation as Base64 encoded JSON in a `sec-user` request header
+geonetwork.send-json-sec-user=true
--- a/security-proxy/security-mappings.xml
+++ b/security-proxy/security-mappings.xml
@@ -27,6 +27,7 @@
<intercept-url pattern="/console/emailTemplates" access="ROLE_SUPERUSER,ROLE_ORGADMIN" />
<!-- /console/emailProxy is activated for members having the EMAILPROXY role -->
<intercept-url pattern="/console/emailProxy" access="ROLE_EMAILPROXY" />
+ <intercept-url pattern="/console/internal/.*" access="ROLE_SUPERUSER" />
<intercept-url pattern="/testPage" access="IS_AUTHENTICATED_FULLY" />
<intercept-url pattern=".*/ogcproxy/.*" access="ROLE_NO_ONE" />
<intercept-url pattern="/datafeeder/.*" access="IS_AUTHENTICATED_FULLY" />
maybe the logging bits are related to geonetwork/core-geonetwork#5826 ? pmauduit ?
no, the mentioned PR was to be able to externalize the configurations for log4j in the georchestra datadir, it had nothing to do with the log4j version in itself.
After having checked there are several different issues related to the logging:
- The datadir (and GN) still expects log4j1 configurations (either XML or properties file format)
- both log4j 1 and 2 are available in the classpath, which confused me in the first place
- after having run the ansible playbook, I can reproduce the error you encountered with the log4j configuration ; the classes are defined into a jar that should be in the classpath, but I cannot find it into WEB-INF/lib:
apache-log4j-extras-1.1.jar. I cannot find it in the docker image either, but surprisingly, it is present in my web/target/geonetwork/WEB-INF/lib directory (so last time I compiled a geonetwork, it was needed as a dependency).
I think that the log4j configuration issue can be easily fixed by explicitely adding the following dependency into the root pom of GN:
<dependency>
<groupId>log4j</groupId>
<artifactId>apache-log4j-extras</artifactId>
<version>${log4j.version}</version>
</dependency>
(after a rapid test, it also needs to be added into the web/pom.xml as well)
I think that the log4j configuration issue can be easily fixed by explicitely adding the following dependency into the root pom of GN:
<dependency> <groupId>log4j</groupId> <artifactId>apache-log4j-extras</artifactId> <version>${log4j.version}</version> </dependency>(after a rapid test, it also needs to be added into the web/pom.xml as well)
i think that was pmauduit/geonetwork@462af42 from georchestra/georchestra#1268 which got lost in the merge
Can we close this one nowadays ?