comparison doc/admin_guide.txt @ 7045:ca90f7270cd4 issue2550923_computed_property

merge from main tip. This should fix test failure in Markdown2TestCase.test_string_markdown_code_block_attribute by merging html diff method used in tests.
author John Rouillard <rouilj@ieee.org>
date Mon, 07 Nov 2022 22:58:38 -0500
parents 9ff091537f43
children f72ce883e677
comparison
equal deleted inserted replaced
6638:e1588ae185dc 7045:ca90f7270cd4
1 .. meta:: 1 .. meta::
2 :description language=en: 2 :description:
3 How to administer, backup, upgrade a Roundup installation. 3 How to administer, backup, upgrade a Roundup installation.
4 System and user security, configuring web compression, 4 System and user security, configuring web compression,
5 documentation on using roundup-server and running 5 documentation on using roundup-server and running
6 roundup-admin. 6 roundup-admin.
7 7
17 ========================== 17 ==========================
18 18
19 There's two "installations" that we talk about when using Roundup: 19 There's two "installations" that we talk about when using Roundup:
20 20
21 1. The installation of the software and its support files. This uses the 21 1. The installation of the software and its support files. This uses the
22 standard Python mechanism called "distutils" and thus Roundup's core code, 22 standard Python mechanism called "setuptools" and thus Roundup's core code,
23 executable scripts and support data files are installed in Python's 23 executable scripts and support data files are installed in Python's
24 directories. On Windows, this is typically: 24 directories. On Windows, this is typically:
25 25
26 Scripts 26 Scripts
27 ``<python dir>\scripts\...`` 27 ``<python dir>\scripts\...``
179 Specifies a template used for displaying the tracker index when 179 Specifies a template used for displaying the tracker index when
180 multiple trackers are being used. It is processed by TAL and 180 multiple trackers are being used. It is processed by TAL and
181 the variable "trackers" is available to the template and is a 181 the variable "trackers" is available to the template and is a
182 dict of all configured trackers. 182 dict of all configured trackers.
183 **ssl** 183 **ssl**
184 Enables the use of SSL to secure the connection to the roundup-server. 184 Enables use of SSL to secure the connection to the
185 roundup-server. In most cases, you will want to run a
186 real web server (Apache, Nginx) as a proxy to
187 roundup-server running without SSL. The real web server
188 can filter/rate limit/firewall requests to roundup-server.
185 If you enable this, ensure that your tracker's config.ini specifies 189 If you enable this, ensure that your tracker's config.ini specifies
186 an *https* URL. 190 an *https* URL. See roundup-server.1 man page for
191 additional information.
187 **pem** 192 **pem**
188 If specified, the SSL PEM file containing the private key and certificate. 193 If specified, the SSL PEM file containing the private key and certificate.
194 The file must include both the private key and certificate with appropriate
195 headers (e.g. ``-----BEGIN PRIVATE KEY-----``,
196 ``-----END PRIVATE KEY-----`` and
197 ``-----BEGIN CERTIFICATE-----``,
198 ``-----END CERTIFICATE-----``.
189 If not specified, roundup will generate a temporary, self-signed certificate 199 If not specified, roundup will generate a temporary, self-signed certificate
190 for use. 200 for use.
191 **trackers** section 201 **trackers** section
192 Each line denotes a mapping from a URL component to a tracker home. 202 Each line denotes a mapping from a URL component to a tracker home.
193 Make sure the name part doesn't include any url-unsafe characters like 203 Make sure the name part doesn't include any url-unsafe characters like
314 324
315 All of the data that is indexed is in a single column, so when column 325 All of the data that is indexed is in a single column, so when column
316 specifiers are used they usually result in an error which is detected 326 specifiers are used they usually result in an error which is detected
317 and an enhanced error message is produced. 327 and an enhanced error message is produced.
318 328
319 Unlike the native, xapian and whoosh indexers, there are no stopwords, 329 Unlike the native, xapian and whoosh indexers there is no
320 and there is no limit to the length of terms that are indexed. Keeping 330 limit to the length of terms that are indexed. Also
321 these would break proximity and phrase searching. This may be helpful 331 stopwords are indexed but ignored when searching if they are
322 or problematic for your particular tracker. 332 the only word in the search. So a search for "the" will
333 return no results but "the book" will return
334 results. Pre-filtering the stopwords when indexing would
335 break proximity and phrase searching. This may be helpful or
336 problematic for your particular tracker.
323 337
324 To support the most languages available, the unicode61 tokenizer is 338 To support the most languages available, the unicode61 tokenizer is
325 used without porter stemming. Using the ``indexer_language`` setting 339 used without porter stemming. Using the ``indexer_language`` setting
326 to enable stemming for ``english`` is not available in this 340 to enable stemming for ``english`` is not available in this
327 implementation. Also ranking information is not used in this 341 implementation. Also ranking information is not used in this
441 the following SQL commands:: 455 the following SQL commands::
442 456
443 delete from __words; 457 delete from __words;
444 delete from __textids; 458 delete from __textids;
445 459
446 Note this deletes data from the tables and does *not* delete the 460 Note this deletes data from the tables and does *not* delete
447 table. 461 the table. This allows you to revert to Roundup's native
462 full text indexing on SQLite or Postgres. If you were to
463 delete the tables, Roundup will not recreate the
464 tables. Under PostgreSQL, you can use the ``truncate
465 <tablename>`` command if you wish.
466
467 Configuring Session Databases
468 =============================
469
470 The session and OTK (one time key) databases
471 store information about the operation of Roundup.
472 This ephemeral data:
473
474 * web login session keys,
475 * CSRF tokens,
476 * email password recovery one time keys,
477 * rate limiting data,
478 * ...
479
480 can be a performance bottleneck. It usually happens with
481 anydbm or SQLite backends. PostgreSQL and MySQL are
482 sufficiently powerful that they can handle the higher
483 transaction rates.
484
485 If you are using sqlite, you can choose to use the anydbm
486 database for session data. By default it will use additional
487 sqlite databases for storing the session and otk data.
488
489 The following table shows which primary databases support
490 different session database backends::
491
492
493 main\/ session>| anydbm | sqlite | redis | mysql | postgresql |
494 anydbm | D | | X | | |
495 sqlite | X | D | X | | |
496 mysql | | | | D | |
497 postgresql | | | | | D |
498 --------------------------------------------------------------+
499 D - default if unconfigured, X - compatible choice
500
501 The ``backend`` setting is in the tracker's ``config.ini``
502 file under the ``sessiondb`` section.
503
504 Using Redis for Session Databases
505 ---------------------------------
506
507 Redis is an in memory key/value data structure store.
508
509 You need to install the redis-py_ module from pypi. Then
510 install Redis using your package manager or by downloading
511 it from the Redis_ website.
512
513 You need to secure your redis instance. The data that
514 Roundup stores includes session cookies and other
515 authentication tokens. At minimum you should require a
516 password to connect to your redis database. Set
517 ``requirepass`` in ``redis.conf``. Then change the
518 ``redis_url`` in ``config.ini`` to use the password.
519
520
521 For example::
522
523 redis://:mypassword@localhost:7200/10
524
525 will connect to the redis instance running on localhost at
526 port 7200 using the password ``mypassword`` to open database
527 10. The ``redis_url`` setting can load a file to better
528 secure the url. If you are using redis 6.0 or newer, you can
529 specify a username/password and access control lists to
530 improv the security of your data. Another good alternative
531 is to talk to redis using a Unix domain socket.
532
533 If you are connecting to redis across the network rather
534 than on localhost, you should configure ssl/tls and use the
535 ``rediss`` scheme in the url along with the query
536 parameters::
537
538 ssl_cert_reqs=required&ssl_ca_certs=/path/to/custom/ca-cert
539
540 where you specify the file that can be used to validate the
541 SSL certificate. `Securing Redis`_ has more details.
542
543 .. _Redis: https://redis.io
544 .. _redis-py: https://pypi.org/project/redis/
545 .. _Securing Redis: https://redis.io/docs/manual/security/
546
448 547
449 Users and Security 548 Users and Security
450 ================== 549 ==================
451 550
452 Roundup holds its own user database which primarily contains a username, 551 Roundup holds its own user database which primarily contains a username,
472 571
473 In both cases, Roundup's behaviour when dealing with unknown users is 572 In both cases, Roundup's behaviour when dealing with unknown users is
474 controlled by Permissions defined in the "SECURITY SETTINGS" section of the 573 controlled by Permissions defined in the "SECURITY SETTINGS" section of the
475 tracker's ``schema.py`` module: 574 tracker's ``schema.py`` module:
476 575
477 Web Registration 576 Web Access and Register
478 If granted to the Anonymous Role, then anonymous users will be able to 577 If granted to the Anonymous Role, then anonymous users will be able to
479 register through the web. 578 register through the web.
480 Email Registration 579 Email Access and Register
481 If granted to the Anonymous Role, then email messages from unknown users 580 If granted to the Anonymous Role, then email messages from unknown users
482 will result in those users being registered with the tracker. 581 will result in those users being registered with the tracker.
483 582
484 More information about how to customise your tracker's security settings 583 More information about how to customise your tracker's security settings
485 may be found in the `customisation documentation`_. 584 may be found in the `customisation documentation`_.
554 653
555 654
556 Software Upgrade 655 Software Upgrade
557 ---------------- 656 ----------------
558 657
559 Always make a backup of your tracker before upgrading software. Steps you may 658 .. _make a backup: #tracker-backup
560 take: 659
660 Always `make a backup`_ of your tracker before upgrading software.
661 Steps you may take:
561 662
562 1. Install pytest and ensure that the unit tests run on your system 663 1. Install pytest and ensure that the unit tests run on your system
563 (using your preferred python version):: 664 (using your preferred python version)::
564 665
565 pip2 install pytest 666 pip2 install pytest
574 4. Stop the tracker web and email frontends. 675 4. Stop the tracker web and email frontends.
575 5. Install the new version of the software:: 676 5. Install the new version of the software::
576 677
577 python setup.py install 678 python setup.py install
578 679
579 6. Follow the steps in the `upgrading documentation`_ for the new version of 680 6. Follow the steps in the `upgrading documentation`_ for all the
580 the software in the copied. 681 versions between your original version and the new version.
581 682
582 Usually you will be asked to run `roundup_admin migrate` on your tracker 683 Usually you should run `roundup_admin -i <tracker_home> migrate`
583 before you allow users to start accessing the tracker. 684 on your tracker(s) before you allow users to start accessing the tracker.
584 685
585 It's safe to run this even if it's not required, so just get into the 686 It's safe to run this even if it's not required, so just get into the
586 habit. 687 habit.
587 7. Restart your tracker web and email frontends. 688 7. Restart your tracker web and email frontends.
588 689
589 If something bad happens, you may reinstate your backup of the tracker and 690 If something bad happens, you may reinstate your backup of the tracker and
590 reinstall the older version of the sofware using the same install command:: 691 reinstall the older version of the sofware using the same install command::
591 692
592 python setup.py install 693 python setup.py install
593
594 694
595 .. index:: database; convert from one database backend to another 695 .. index:: database; convert from one database backend to another
596 single: roundup-admin; import and export 696 single: roundup-admin; import and export
597 697
598 Migrating Backends 698 Migrating Backends

Roundup Issue Tracker: http://roundup-tracker.org/