4364 install prov flask

[pdurbin]

connects to #4364 As a Dataverse Installation Administrator, I want to set up the Provenance system to run alongside Dataverse so that researchers using my installation can track and view provenance

[coveralls]

Coverage increased (+0.0009%) to 12.856% when pulling 01bfa41 on 4364-install-prov-flask into 2baa606 on develop.

[pameyer]

Short version:

• cleaner separation between production build CPL RPM / production installation might be helpful (or existing separation clarified?). Possibly one script to setup the build VM/container, one to build the RPM, and one that installs and configures it?
• preferable to use apache or nginx over the flask development server in production

[pameyer]

It seems like it would be less complex to move these two files (possibly renamed if they're too DV specific) to the prov-cpl repo.

If not, it would probably be more consistent if these were moved to conf/ (rather than doc/); or we should move the docker-related stuff to a different directory with the idea of having all dev VM/containerization/etc living in one place.

[pdurbin]

I put files in doc to make them easily downloadable from Sphinx. If anything I would move more conf files under Sphinx when they are used as examples. "Download this file, edit it, etc."

We can certainly see if @jacksonokuhn would like to have Vagrant files in the prov-cpl repo. I didn't want to inhibit progress by making that a dependency. My goal was to unblock Dataverse developers who wanted to get started on prov related work and needed a prov system running on their laptops. Incremental progress. We can make improvements in the future.

[pameyer]

It would be good to mention which versions of ubuntu are expected to work. On version is mentioned below, but it might be clearer to move it to earlier in this section.

[pdurbin]

As someone who is relatively familiar with Vagrant, I would disagree with documenting the version of Ubuntu because what matters is the "base box" in the Vagrantfile. This is currently config.vm.box = "ubuntu/xenial64" which means 16.04 (the latest LTS as of this writing). Basically a comment here has the potential to get out of date. That said, I'm fine adding a comment if it's truly helpful.

[pameyer]

For consistency, it might be better to put these steps into a script that can be run from within the Vagrantfile. Manually editing the existing Vagrantfile might be simpler, but would also slow down automating things.

[pdurbin]

Maybe but I think @landreev and I are the only ones on the team who have ever built an RPM. I purposefully documented the steps in prose. I could see adding more automation once we've gotten more familiar with the process. Unfortunately, we can't use the HMDC Jenkins server to automate the RPM building because it's running el6 and there appear to be incompatibilities between el6 and el7. I left a comment about this at #4364 (comment) . For now the plan is the build this RPM in Vagrant and I don't want to be the only one who knows how. Note also that the version of the RPM matters. At this stage in the game, a human needs to make decisions about when to bump the version and when to get in touch with the upstream author about cutting a release, etc. It's complicated.

[pameyer]

Ok - I was reminded of the discussions we had in #4369 about documentation / scripts for "surgery" on dependencies, which was why I mentioned it.

[pameyer]

Using the flask development server in production is probably something we should avoid.

[pdurbin]

Huh. Sure enough http://flask.pocoo.org/docs/0.12/deploying/#deployment says, "While lightweight and easy to use, Flask’s built-in server is not suitable for production as it doesn’t scale well and by default serves only one request at a time." Do you have any suggestions on how to deploy a Flask app in a better way? Heads up to @jacksonokuhn about this.

[pameyer]

Apache / wsgi would be the way that I'd go; but there are other approaches.

[pameyer]

I'd suggest splitting these into build-provenance.sh and install-provenance.sh?

[pdurbin]

If anything, I might delete this script. It doesn't quite work, especially the part around postgresql-setup-conf.sql.

[pameyer]

That sounds like a way to reduce the confusion.

[pameyer]

Not returning when vagrant up was a little surprising to me. I'd agree about creating a cplrest user; even though it shouldn't matter inside a dev VM.

I also ran into the vagrant halt doesn't halt problem with this file; but that may be more related to my system than this Vagrantfile.

[pdurbin]

Interesting. I haven't run into problems with vagrant halt (or vagrant destroy). I know it's weird to run the service as the postgres user but like you said, this is a dev VM and doesn't really matter. For production I'm using the name @jacksonokuhn and I talked about (cplservice) but I'm open to changing it.

[pameyer]

cplservice for production sounds reasonable to me; but I'll defer to @jacksonokuhn . postgres for dev works (even if it's non-standard).

[pameyer]

guides.dataverse.org isn't currently available over https; distributing rpms over http is something that it's probably worth avoiding.

[pdurbin]

That's a fair point but no one has complained (that I'm aware of) about downloading the rapache RPM over plain HTTP: http://guides.dataverse.org/en/4.8.5/installation/r-rapache-tworavens.html#c-rapache

We did have a very security-minded individual take a look at our dev guide a couple years ago. You might enjoy reading through this comment, @pameyer: #2863 (comment)

[pameyer]

If I installed rapache, it would be an issue I'd raise.

[pameyer]

These checks failed when I ran them vagrant up; cpl-rest.py wasn't running; initial guess was cwd mismatch. Initial guess was incorrect; CPL module not installed in default python of cplsystem user.

[pdurbin]

As I mentioned above, the line about postgresql-setup-conf.sql isn't quite working. That's probably why the checks fail. The database user probably hasn't been created.

[pameyer]

I'm confused why this script would download a file from a repository that has already been cloned.

[pdurbin]

The postgres user doesn't have access to /home/vagrant which is where the git repo has been cloned.

[pdurbin]

Closing. As explained at #4364 (comment) the RPM will be built using a Vagrantfile in the prov-cpl repo. The RPM will likely be hosted as a binary uploaded to a release of that repo. Installation instructions will reside in the prov-cpl repo.