"Seegrid will be due for a migration to confluence on the 1st of August. Any update on or after the 1st of August will NOT be migrated"

Vocabulary Service 3.0 deployment


Role: SISSVoc30Deployer

Introduction

This page outlines the procedures for obtaining the Vocabulary Service and Sesame triplestore and deploying it on a remote DEBIAN server

Prerequisites

  • Tomcat 5.5 or 6
  • Apache 2

Getting the WAR packages

Download Sesame Server and Workbench

We are using Sesame server 2.6.10 from http://www.openrdf.org/ as backend for our Vocabulary Service and Sesame Workbench to import and modify vocabularies in the Sesame Server.

Download SISSVoc

Obtain the Vocabulary Service:

Deploy WAR files to remote linux server

  • Get WinSCP 4.x and install it
  • Place WAR files on Tomcat container of remote server
    • Open WinSCP.
    • Log into the target host.
    • Place WAR files inside Tomcat's webapp dir -
      • DEBIAN: under /var/lib/tomcat6/webapps
  • If you don't have autodeployment enabled, restart Tomcat.

Configure services

Tomcat and Sesame Server:

  • Create directory: /var/lib/tomcat6/data
  • Change permission of the just created data directory
    • chown tomcat6:tomcat6 /var/lib/tomcat6/data
  • Edit /etc/default/tomcat6:
    • Add to JAVA_OPTS: -Dinfo.aduna.platform.appdata.basedir=/var/lib/tomcat6/data
  • In /etc/apache2/sites-enabled/000-default add in the VirtualHost section:
ProxyPass /openrdf-workbench ajp://localhost:8009/openrdf-workbench
ProxyPassReverse /openrdf-workbench ajp://localhost:8009/openrdf-workbench
ProxyPass /openrdf-sesame ajp://localhost:8009/openrdf-sesame
ProxyPassReverse /openrdf-sesame ajp://localhost:8009/openrdf-sesame
ProxyPass /sissvoc ajp://localhost:8009/sissvoc
ProxyPassReverse /sissvoc ajp://localhost:8009/sissvoc

  • By default the Sesame Server there is no security at all. With regards to securing the Sesame server endpoint we have used the following recipe
    • edit the apache config (/etc/apache2/sites-enabled/000-default)
  # Regular expression to match everything that is a sub folder ignoring query string
  # More info - http://www.openrdf.org/doc/sesame2/system/ch08.html#d0e179
  # Example here using authentication against open ldap, please change accordingly to suit your environment 

  <LocationMatch /openrdf-sesame/repositories/*>
         # Authentication
         AuthName testGroup
         AuthType Basic
         AuthBasicProvider ldap
         AuthLDAPURL "ldap://ldapserver/dc=example,dc=org,dc=au?uid?sub"
         AuthLDAPGroupAttribute memberUid
         AuthLDAPGroupAttributeIsDN off

        # Allow on HTTP GET
        <LimitExcept GET>
            require ldap-group cn=testGroup,ou=Groups,dc=example,dc=org,dc=au
        </LimitExcept>
   </LocationMatch>


For more information on Sesame Server Security : BasicSecurityInSesame

Load ELDA Configuration Into SISSvoc Service

The sissvoc web archive is packaged with example ELDA configuration files. These are located in the webapps/sissvoc/resources/ directory.

You will need to liase with the SISSVoc30Manager to obtain any new Linked Data API (LDA) Specification to add to the service with the following instructions:

Edit the webapps/sissvoc/WEB-INF/web.xml and find the servlet configuration
<servlet>
  <servlet-name>loader-init</servlet-name>
  <servlet-class>com.epimorphics.lda.routing.Loader</servlet-class>
  <init-param>
    <param-name>com.epimorphics.api.initialSpecFile</param-name>
    <param-value>./resources/siss-default/config/SISSvoc3-template-ELDAConfig.ttl,./resources/ics/config/InternationalStratigraphicChart2009-ELDAConfig.ttl</param-value>
  </init-param>
  <load-on-startup>1</load-on-startup>
</servlet>

The example configuration ./resources/siss-default/config/SISSvoc3-template-ELDAConfig.ttl,./resources/ics/config/InternationalStratigraphicChart2009-ELDAConfig.ttl= may be replaced with a comma separated list of LDA specification files you wish to load.

Once you have altered WEB-INF/web.xml, you will need to reload the SISSVoc web app or restart Tomcat.

sudo service tomcat6 restart

Test the Vocabulary Service

Open the Vocabulary Service to test your installation & configuration Open the Sesame Workbench of your installation:

there is no security at all: everybody can access all available Sesame repositories, can query them, add data, remove data, and even change the server configuration (e.g. creating new databases or removing existing ones). Clearly this is not a desirable setup for a server which is publicly accessible.
Topic revision: r22 - 16 Sep 2014, PeterTaylor
 

Current license: All material on this collaboration platform is licensed under a Creative Commons Attribution 3.0 Australia Licence (CC BY 3.0).