Nextcloud Notes

(new) Nextcloud on a self-hosted Ubuntu VM https://vbiostat2.app.vumc.org

Fixing ldap configuration

On 12/1/2020, I changed my ePassword. Unfortunately the LDAP authentication for Nextcloud used my account credentials to access VUMC LDAP. How did I get out of this mess?

Same on 12/1/2021

Log on to biostatnextcloud.emp.vumc.io
cd /var/www/html
sudo -u www-data php occ ldap:show-config --show-password
sudo -u www-data php occ ldap:set-config s01 ldapAgentPassword *************
sudo -u www-data php occ ldap:test-config s01

KVM commands

virt-manager  #  desktop user interface for managing virtual machines through libvirt
virsh nodeinfo  # information about the host computer
virsh list --all
virsh start nextcloud
virsh shutdown nextcloud
virsh dominfo nextcloud
virsh domblklist nextcloud  # information about virtual disks

Transfer to new Nextcloud instance

On old server...

  • Look at www-nextcloud/config/config.php to get database host, database name, and database admin username & password
  • Set Nextcloud instance to maintenance mode (edit www-nextcloud/config/config.php)
  • Use rsync to make a copy of the Nextcloud directory tree
rsync -Aavx www-nextcloud/ www-nextcloud-dirbkp_`date +"%Y%m%d"`/
  • Make a dump of the database. Notice that we are placing the dump in the copy of the Nextcloud directory tree that we made in the previous step.
mysqldump --single-transaction -h localhost -u oc_admin -p????????? nextcloud > www-nextcloud-dirbkp_`date +"%Y%m%d"`/www-nextcloud-sqlbkp_`date +"%Y%m%d"`.bak
  • Take Nextcloud out of maintenance mode (edit www-nextcloud/config/config.php)
  • Make compressed archive
tar -zcvf www-nextcloud-dirbkp_`date +"%Y%m%d"`.tar.gz www-nextcloud-dirbkp_`date +"%Y%m%d"`
  • copy archive to new server
scp www-nextcloud-dirbkp_20200903.tar.gz dalep@biostatnextcloud.emp.vumc.io:/home/dalep/.

On new server...
systemctl stop snap.nextcloud.apache  # stop apache
cd ~
sudo vim /var/snap/nextcloud/current/nextcloud/config/config.php  # put server into maintenance mode
mkdir www-nextcloud
mv www-nextcloud-dirbkp_`date +"%Y%m%d"`.tar.gz www-nextcloud/
cd www-nextcloud/
tar -zxvf www-nextcloud-dirbkp_`date +"%Y%m%d"`.tar.gz
sudo mv /var/snap/nextcloud/common/nextcloud/data /var/snap/nextcloud/common/nextcloud/data.save
###sudo mkdir /var/snap/nextcloud/common/nextcloud/data ###gets recreated automatically since the nextcloud log lives in data/
cd www-nextcloud-dirbkp_`date +"%Y%m%d"`/
sudo rsync -Aaxv data/ /var/snap/nextcloud/common/nextcloud/data/
sudo chown -R root.root /var/snap/nextcloud/common/nextcloud/data/

###sudo cat /var/snap/nextcloud/current/nextcloud/config/config.php  # to see database password

###sudo nextcloud.mysql-client -h localhost -u nextcloud -p??? -e "DROP DATABASE nextcloud"
###sudo nextcloud.mysql-client -h localhost -u nextcloud -p??? -e "CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci"

###sudo nextcloud.mysql-client -h localhost -u nextcloud -p??? nextcloud < /home/dalep/www-nextcloud/www-nextcloud-dirbkp_`date +"%Y%m%d"`/www-nextcloud-sqlbkp_`date +"%Y%m%d"`.bak

systemctl start snap.nextcloud.apache  # start apache

sudo vim /var/snap/nextcloud/current/nextcloud/config/config.php  # put server into production mode

sudo nextcloud.occ files:scan --all

### Give it 10 minutes for everything to come up.  Collabora might get disabled; enable it.  When creating an .odt file - the file gets created but Collabora doesn't see to come up.  Closing and reopening the file usually brings up Collabora so it can be edited.

Misc notes

What do these do?
sudo -u www-data php occ files:scan --all
sudo -u www-data php occ files:scan-app-data
sudo -u www-data php occ files:cleanup
sudo -u www-data php occ db:add-missing-indices

scan files after a bulk transfer
sudo nextcloud.occ files:scan --all

Databases and tables on new server
dalep@biostatnextcloud:~$ sudo nextcloud.mysql-client
[sudo] password for dalep:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 45
Server version: 5.7.31 MySQL Community Server (GPL)

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| nextcloud          |
| performance_schema |
| sys                |
+--------------------+
5 rows in set (0.00 sec)

mysql> use nextcloud;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> show tables;
+-----------------------------+
| Tables_in_nextcloud         |
+-----------------------------+
| oc_accounts                 |
| oc_activity                 |
| oc_activity_mq              |
| oc_addressbookchanges       |
| oc_addressbooks             |
| oc_appconfig                |
| oc_authtoken                |
| oc_bruteforce_attempts      |
| oc_calendar_invitations     |
| oc_calendar_reminders       |
| oc_calendar_resources       |
| oc_calendar_resources_md    |
| oc_calendar_rooms           |
| oc_calendar_rooms_md        |
| oc_calendarchanges          |
| oc_calendarobjects          |
| oc_calendarobjects_props    |
| oc_calendars                |
| oc_calendarsubscriptions    |
| oc_cards                    |
| oc_cards_properties         |
| oc_collres_accesscache      |
| oc_collres_collections      |
| oc_collres_resources        |
| oc_comments                 |
| oc_comments_read_markers    |
| oc_credentials              |
| oc_dav_cal_proxy            |
| oc_dav_shares               |
| oc_deck_assigned_labels     |
| oc_deck_assigned_users      |
| oc_deck_attachment          |
| oc_deck_board_acl           |
| oc_deck_boards              |
| oc_deck_cards               |
| oc_deck_labels              |
| oc_deck_stacks              |
| oc_direct_edit              |
| oc_directlink               |
| oc_federated_reshares       |
| oc_file_locks               |
| oc_filecache                |
| oc_filecache_extended       |
| oc_files_trash              |
| oc_flow_checks              |
| oc_flow_operations          |
| oc_flow_operations_scope    |
| oc_group_admin              |
| oc_group_folders            |
| oc_group_folders_acl        |
| oc_group_folders_groups     |
| oc_group_folders_manage     |
| oc_group_folders_trash      |
| oc_group_user               |
| oc_groups                   |
| oc_jobs                     |
| oc_ldap_group_mapping       |
| oc_ldap_group_members       |
| oc_ldap_user_mapping        |
| oc_login_flow_v2            |
| oc_mail_accounts            |
| oc_mail_aliases             |
| oc_mail_attachments         |
| oc_mail_classifiers         |
| oc_mail_coll_addresses      |
| oc_mail_mailboxes           |
| oc_mail_messages            |
| oc_mail_recipients          |
| oc_migrations               |
| oc_mimetypes                |
| oc_mounts                   |
| oc_notes_meta               |
| oc_notifications            |
| oc_notifications_pushtokens |
| oc_oauth2_access_tokens     |
| oc_oauth2_clients           |
| oc_preferences              |
| oc_privacy_admins           |
| oc_properties               |
| oc_recent_contact           |
| oc_richdocuments_assets     |
| oc_richdocuments_direct     |
| oc_richdocuments_wopi       |
| oc_schedulingobjects        |
| oc_share                    |
| oc_share_external           |
| oc_storages                 |
| oc_systemtag                |
| oc_systemtag_group          |
| oc_systemtag_object_mapping |
| oc_talk_commands            |
| oc_talk_guests              |
| oc_talk_participants        |
| oc_talk_rooms               |
| oc_talk_signaling           |
| oc_text_documents           |
| oc_text_sessions            |
| oc_text_steps               |
| oc_trusted_servers          |
| oc_twofactor_backupcodes    |
| oc_twofactor_providers      |
| oc_user_transfer_owner      |
| oc_users                    |
| oc_vcategory                |
| oc_vcategory_to_object      |
| oc_webauthn                 |
| oc_whats_new                |
+-----------------------------+
107 rows in set (0.01 sec)

mysql>

Databases and tables on old server
bioapp@bio1000lp:~/www-nextcloud/config$ mysql --user oc_admin -p
Enter password:
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 755623
Server version: 5.5.65-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| nextcloud          |
| test               |
+--------------------+
3 rows in set (0.00 sec)

MariaDB [(none)]> use nextcloud;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [nextcloud]> show tables;
+-----------------------------+
| Tables_in_nextcloud         |
+-----------------------------+
| oc_accounts                 |
| oc_activity                 |
| oc_activity_mq              |
| oc_addressbookchanges       |
| oc_addressbooks             |
| oc_appconfig                |
| oc_authtoken                |
| oc_bruteforce_attempts      |
| oc_calendar_invitations     |
| oc_calendar_resources       |
| oc_calendar_rooms           |
| oc_calendarchanges          |
| oc_calendarobjects          |
| oc_calendarobjects_props    |
| oc_calendars                |
| oc_calendarsubscriptions    |
| oc_cards                    |
| oc_cards_properties         |
| oc_collres_accesscache      |
| oc_collres_collections      |
| oc_collres_resources        |
| oc_comments                 |
| oc_comments_read_markers    |
| oc_credentials              |
| oc_dav_shares               |
| oc_deck_assigned_labels     |
| oc_deck_assigned_users      |
| oc_deck_attachment          |
| oc_deck_board_acl           |
| oc_deck_boards              |
| oc_deck_cards               |
| oc_deck_labels              |
| oc_deck_stacks              |
| oc_directlink               |
| oc_federated_reshares       |
| oc_file_locks               |
| oc_filecache                |
| oc_files_trash              |
| oc_flow_checks              |
| oc_flow_operations          |
| oc_group_admin              |
| oc_group_folders            |
| oc_group_folders_acl        |
| oc_group_folders_groups     |
| oc_group_folders_manage     |
| oc_group_folders_trash      |
| oc_group_user               |
| oc_groups                   |
| oc_jobs                     |
| oc_ldap_group_mapping       |
| oc_ldap_group_members       |
| oc_ldap_user_mapping        |
| oc_login_flow_v2            |
| oc_migrations               |
| oc_mimetypes                |
| oc_mounts                   |
| oc_notifications            |
| oc_notifications_pushtokens |
| oc_oauth2_access_tokens     |
| oc_oauth2_clients           |
| oc_preferences              |
| oc_privacy_admins           |
| oc_properties               |
| oc_schedulingobjects        |
| oc_share                    |
| oc_share_external           |
| oc_storages                 |
| oc_systemtag                |
| oc_systemtag_group          |
| oc_systemtag_object_mapping |
| oc_trusted_servers          |
| oc_twofactor_backupcodes    |
| oc_twofactor_providers      |
| oc_users                    |
| oc_vcategory                |
| oc_vcategory_to_object      |
| oc_whats_new                |
+-----------------------------+
77 rows in set (0.00 sec)

MariaDB [nextcloud]>

/var/snap/nextcloud/current/
dalep@biostatnextcloud:~$ ls -la /var/snap/nextcloud/current/
total 32
drwxr-xr-x 8 root root 4096 Jul  1 15:49 .
drwxr-xr-x 5 root root 4096 Aug 13 20:48 ..
drwxr-xr-x 3 root root 4096 Jul  1 15:49 apache
drwx------ 4 root root 4096 Sep  4 18:12 certs
drwxr-x--- 6 root root 4096 Sep  4 18:11 mysql
drwxr-xr-x 4 root root 4096 Jul  1 15:49 nextcloud
drwxr-x--- 2 root root 4096 Jul  1 15:49 php
drwxr-x--- 2 root root 4096 Sep  4 18:41 redis
dalep@biostatnextcloud:~$
dalep@biostatnextcloud:~$ ls -la /var/snap/nextcloud/current/nextcloud/
total 16
drwxr-xr-x  4 root root 4096 Jul  1 15:49 .
drwxr-xr-x  8 root root 4096 Jul  1 15:49 ..
drwxr-xr-x  2 root root 4096 Sep  4 18:11 config
drwxr-x--- 12 root root 4096 Sep  4 18:12 extra-apps
dalep@biostatnextcloud:~$

/var/snap/nextcloud/common/
dalep@biostatnextcloud:~$ ls -la /var/snap/nextcloud/common/
total 16
drwxr-xr-x 4 root root 4096 Jul  1 18:01 .
drwxr-xr-x 5 root root 4096 Aug 13 20:48 ..
drwxr-xr-x 3 root root 4096 Jul  1 18:01 backups
drwxr-x--- 4 root root 4096 Jul  1 16:11 nextcloud
dalep@biostatnextcloud:~$
dalep@biostatnextcloud:~$ sudo ls -la /var/snap/nextcloud/common/nextcloud/
total 16
drwxr-x---  4 root root 4096 Jul  1 16:11 .
drwxr-xr-x  4 root root 4096 Jul  1 18:01 ..
drwxrwx--- 41 root root 4096 Aug 31 22:27 data
drwxr-x---  2 root root 4096 Sep  4 18:12 tmp
dalep@biostatnextcloud:~$

/snap/nextcloud/current/
dalep@biostatnextcloud:~$ ls -la /snap/nextcloud/current/
total 275
drwxr-xr-x 26 root root    490 Aug 12 01:01 .
drwxr-xr-x  4 root root   4096 Aug 13 20:48 ..
drwxr-xr-x  2 root root   1136 Aug 12 01:01 bin
drwxr-xr-x  2 root root     52 Aug 12 01:01 certbot_nextcloud_plugin
drwxr-xr-x  2 root root     87 Aug 12 01:00 cgi-bin
drwxr-xr-x  2 root root     79 Aug 12 01:00 conf
drwxr-xr-x  4 root root     39 Aug 12 01:01 config
drwxr-xr-x  2 root root     82 Aug 12 01:00 docs
drwxr-xr-x  3 root root    707 Aug 12 01:00 error
drwxr-xr-x 15 root root    248 May 27 19:15 etc
drwxr-xr-x  4 root root     60 Aug 12 01:00 fixes
drwxr-xr-x 13 root root    473 Aug 12 00:51 htdocs
drwxr-xr-x  3 root root   3187 Aug 12 01:00 icons
drwxr-xr-x  5 root root   1120 Aug 12 01:00 include
drwxr-xr-x  8 root root    285 Aug 12 01:00 lib
-rw-r--r--  1 root root 275393 Aug 12 00:36 LICENSE
drwxr-xr-x  2 root root      3 Aug 12 00:39 logs
drwxr-xr-x  3 root root     27 Aug 12 01:00 man
drwxr-xr-x  4 root root     56 Aug 12 01:01 meta
drwxr-xr-x  2 root root    709 Aug 12 01:00 modules
-rw-r--r--  1 root root    116 Aug 12 00:32 my.cnf
drwxr-xr-x  4 root root     37 Aug 12 01:00 php
-rw-r--r--  1 root root    587 Aug 12 00:36 README
-rw-r--r--  1 root root    269 Aug 12 00:32 setup.py
drwxr-xr-x 28 root root    745 Aug 12 01:00 share
drwxr-xr-x  4 root root     92 Aug 12 01:01 snap
drwxr-xr-x  2 root root     99 Aug 12 01:00 support-files
drwxr-xr-x  6 root root     86 May 27 19:15 usr
drwxr-xr-x  2 root root    211 Aug 12 01:01 utilities
drwxr-xr-x  5 root root     48 Aug 12 01:00 var

/snap/nextcloud/current/htdocs/
dalep@biostatnextcloud:~$ sudo ls -la /snap/nextcloud/current/htdocs/
total 80
drwxr-xr-x 13 root root   473 Aug 12 00:51 .
drwxr-xr-x 26 root root   490 Aug 12 01:01 ..
drwxr-xr-x 41 root root   929 Aug 12 01:00 3rdparty
drwxr-xr-x 43 root root  1212 Aug 12 01:00 apps
-rw-r--r--  1 root root 16522 Jul 15 20:22 AUTHORS
drwxr-xr-x  2 root root   116 Aug 12 01:00 config
-rw-r--r--  1 root root  3967 Jul 15 20:22 console.php
-rw-r--r--  1 root root 34520 Jul 15 20:22 COPYING
drwxr-xr-x 23 root root   522 Aug 12 01:00 core
-rw-r--r--  1 root root  5140 Jul 15 20:22 cron.php
-rw-r--r--  1 root root  3032 Jul 15 20:22 .htaccess
-rw-r--r--  1 root root   156 Jul 15 20:22 index.html
-rw-r--r--  1 root root  2960 Jul 15 20:22 index.php
drwxr-xr-x  6 root root   170 Aug 12 01:00 lib
-rw-r--r--  1 root root   283 Jul 15 20:22 occ
drwxr-xr-x  2 root root    32 Aug 12 01:00 ocm-provider
drwxr-xr-x  2 root root    64 Aug 12 01:00 ocs
drwxr-xr-x  2 root root    32 Aug 12 01:00 ocs-provider
-rw-r--r--  1 root root  3102 Jul 15 20:22 public.php
-rw-r--r--  1 root root  5332 Jul 15 20:22 remote.php
drwxr-xr-x  4 root root   142 Aug 12 01:00 resources
-rw-r--r--  1 root root    26 Jul 15 20:22 robots.txt
-rw-r--r--  1 root root  2379 Jul 15 20:22 status.php
drwxr-xr-x  3 root root    56 Aug 12 01:00 themes
drwxr-xr-x  2 root root    52 Aug 12 01:00 updater
-rw-r--r--  1 root root   101 Jul 15 20:22 .user.ini
-rw-r--r--  1 root root   362 Jul 15 20:29 version.php
dalep@biostatnextcloud:~$

Where are guest VM configuration files stored in KVM/Qumu? /etc/libvirt/qemu

Where is Nextcloud configuration file stored? /var/snap/nextcloud/current/nextcloud/config/config.php

virsh commands cheatsheep

virt-manager documentation

Nextcloud version is 19.0.1 as of 2020-08-25

Virtual disk size is 100GB as of 2020-08-25

SSH access to server host
  • biostat1553.dhcp.mc.vanderbilt.edu

SSH access to VM
  • biostatnextcloud.emp.vumc.io

URLs for Nextcloud instance

Network configuration for VM
       IP addr: 10.151.20.239
   subnet mask: 255.255.255.0
       gateway: 10.151.20.1
DC1 DNS server: 10.108.51.18
DC3 DNS server: 10.101.62.234

The server host is biostat1553. Running Ubuntu 18.04.5 LTS. This is a snap install of Nextcloud. When installing Ubuntu server, I checked "Nextcloud" as a snap to include. When I went to the VM with a web browser I was able to create an admin account and configure Nextcloud.

Group folders are enabled.

"Notes" app is enabled.

"LDAP user and group backend" app is enabled.

The Nextcloud VM is named "nextcloud".

The "nextcloud." commands are wrappers around occ commands. They are part of the snap "simplification".

Snappy Nextcloud on github

How to Install and Configure Nextcloud on Ubuntu 18.04 is a good resource.

Nextcloud on github

VM backup and restore

While logged on to the VM host machine biostat1553...

backup
  • shutdown vm to be backed up
    virsh shutdown nextcloud
  • wait for the shutdown to finish
    sleep 30s
  • make a copy of the configuration file in the backup location
    virsh dumpxml nextcloud > vmbackups/nextcloud.xml-backup20200825
  • copy the vm disk image to the backup location
    sudo cp -p /var/lib/libvirt/images/nextcloud.qcow2 vmbackups/nextcloud.qcow2-backup20200825
  • restart the vm
    virsh start nextcloud

restore
  • if necessary, undefine the vm (remove configuration)
    virsh undefine nextcloud
  • if necessary, delete the vm's current disk image file
    sudo rm /var/lib/libvirt/images/nextcloud.qcow2
  • define (create) a new VM using the saved configuration file
    virsh define --file vmbackups/nextcloud.xml-backup20200825
  • copy the saved vm disk image file back to the original location
    sudo  cp  vmbackups/nextcloud.qcow2-backup20200825 /var/lib/libvirt/images/nextcloud.qcow2
  • fix the ownership for the disk image file
    sudo chown libvirt-qemu.kvm /var/lib/libvirt/images/nextcloud.qcow2
  • start the restored vm
    virsh start nextcloud

(old) Nextcloud on the VUMC IT (locked down) VM

Pegasus ticket R00674175 was submitted 9/25/2020. It requests some software be installed as noted by Nextcloud v19 on the "Security & setup warnings" report.

How to use occ on the vm
bioapp@bio1000lp:~/www-nextcloud$ scl enable rh-php72 bash
bash-4.2$ php occ -V
Nextcloud 16.0.6'

URL: http://bio1000lp.hs.it.vumc.io
URL: https://vbiostat.app.vumc.org

Security scan of our Nextcloud instance: https://scan.nextcloud.com

bio1000lp.hs.it.vumc.io

Access to the site is enabled via a whitelist. No one can log on to the site unless they are a member of the biostatnextcloud active directory security group.

As of 2019/11/11 we are running Nextcloud 16.0.6.

I am having trouble with permissions and file ownership in the ~/www-nextcloud directory tree. Some files are being written with owner : -rw and group : -rw. Also, some files have ownership of apache:apache rather than bioapp:apache. When this happens Nextcloud throws a ??? error. I believe Nextcloud writes these files with these characteristics when a Nextcloud update is performed and, maybe when a new Apache process is started.

So far, I can issue the command chmod -R g+w ~/www-nextcloud/ to get things going.

bioapp@bio1000lp:~$ 
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-server.css’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-server.css.deps’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-css-variables.css’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/1abd-e05c-css-variables.css.deps’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming/6a15-e05c-theming.css’: Operation not permitted
chmod: changing permissions of ‘www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming/6a15-e05c-theming.css.deps’: Operation not permitted
bioapp@bio1000lp:~$ cd www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core/
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core$ ll
total 372
drwxrwxr-x  3 bioapp apache   4096 Nov 11 14:14 ./
drwxrwxr-x 15 bioapp apache    227 Nov  1 17:26 ../
-rw-r--r--  1 apache apache    961 Nov 11 14:14 1abd-e05c-css-variables.css
-rw-r--r--  1 apache apache    197 Nov 11 14:14 1abd-e05c-css-variables.css.deps
-rw-r--r--  1 apache apache    435 Nov 11 14:14 1abd-e05c-css-variables.css.gzip
-rw-r--r--  1 apache apache   1189 Nov 11 14:14 1abd-e05c-results.css
-rw-r--r--  1 apache apache    199 Nov 11 14:14 1abd-e05c-results.css.deps
-rw-r--r--  1 apache apache    504 Nov 11 14:14 1abd-e05c-results.css.gzip
-rw-r--r--  1 apache apache 137241 Nov 11 14:14 1abd-e05c-server.css
-rw-r--r--  1 apache apache    857 Nov 11 14:14 1abd-e05c-server.css.deps
-rw-r--r--  1 apache apache  19358 Nov 11 14:14 1abd-e05c-server.css.gzip
-rw-rw-r--  1 bioapp apache    961 Nov 11 13:24 1abd-fa2a-css-variables.css
-rw-rw-r--  1 bioapp apache    197 Nov 11 13:24 1abd-fa2a-css-variables.css.deps
-rw-rw-r--  1 bioapp apache    435 Nov 11 13:24 1abd-fa2a-css-variables.css.gzip
-rw-rw-r--  1 bioapp apache   1189 Nov 11 13:24 1abd-fa2a-results.css
-rw-rw-r--  1 bioapp apache    199 Nov 11 13:24 1abd-fa2a-results.css.deps
-rw-rw-r--  1 bioapp apache    504 Nov 11 13:24 1abd-fa2a-results.css.gzip
-rw-rw-r--  1 bioapp apache 137241 Nov 11 13:24 1abd-fa2a-server.css
-rw-rw-r--  1 bioapp apache    857 Nov 11 13:24 1abd-fa2a-server.css.deps
-rw-rw-r--  1 bioapp apache  19358 Nov 11 13:24 1abd-fa2a-server.css.gzip
drwxrwxr-x  2 bioapp bioapp      6 Nov 11 13:29 save/
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/core$ cd ~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming/
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming$ ll
total 12
drwxrwxr-x  2 bioapp apache 166 Nov 11 13:25 ./
drwxrwxr-x 15 bioapp apache 227 Nov  1 17:26 ../
-rw-r--r--  1 apache apache   0 Nov 11 13:25 6a15-e05c-theming.css
-rw-r--r--  1 apache apache   0 Nov 11 13:25 6a15-e05c-theming.css.deps
-rw-rw-r--  1 bioapp apache 967 Nov 11 13:24 6a15-fa2a-theming.css
-rw-rw-r--  1 bioapp apache 200 Nov 11 13:24 6a15-fa2a-theming.css.deps
-rw-rw-r--  1 bioapp apache 372 Nov 11 13:24 6a15-fa2a-theming.css.gzip
bioapp@bio1000lp:~/www-nextcloud/data/appdata_oc6xhh7jnpzb/css/theming$

ec2-user

Documentation

Email from Rasmussen, Justin D <justin.rasmussen@vumc.org> re log file location...
For application logs, we request the application owner configure Apache to store logs on /app001. Once you have Apache configured to place the logs on /app001, you will also need to configure it to use the bioapp user and group rather than Apache.

We also made sure to give you the ability to start/stop/restart Apache with the sudo commands. Use sudo systemctl start/stop/restart httpd. We’ve configured the permissions on our end to make sure bioapp is the user/group on that directory so Nextcloud shouldn’t be changing permissions like it has been.

Email from Nancy Williams re LDAP configuration...
Dale try this.

Host is ds.vanderbilt.edu
Port is 636
User DN = cn=<Resource Account VUnetID>,cn=users,dc=ds,dc=vanderbilt,dc=edu
Base DN = dc=ds,dc=vanderbilt,dc=edu

If you need LDAP SSL certs, see https://pegasus.mc.vanderbilt.edu/ViewKnowledge.aspx?id=13760.

Let me know how it goes.

Thank you,
Nancy Williams
System Analyst | Identity & Access Operations - Directory Services
Security Operations and Services | VUMC Enterprise Cybersecurity
Vanderbilt University Medical Center 
nancy.a.williams@vumc.org |615-343-5788 

Email from Andrew Roeder ...please submit us a request to have the apache user added to the bioapp group. Apache will then have write access to any files which the bioapp group has write access allowed.

You can then set 775 permissions on the nextcloud directory and files so apache can write there.

Email of 10/24/2019 “Brett, Mariadb was failing to start because it was not yet configured. I’ve applied our default configuration and Dale should be able to start the process now and it will run in /app001/mariadb as the bioapp user.

A database password can be set by the bioapp user as the default root password is blank per the documentation for MariaDB.

Please let Dale know he can contact us directly via email or ticket with questions or issues.”

Checking installed prerequisites...

-bash-4.2$ cat /etc/system-release
Red Hat Enterprise Linux Server release 7.7 (Maipo)

-bash-4.2$ php -v
PHP 7.2.10 (cli) (built: Nov  7 2018 05:32:35) ( NTS )

-bash-4.2$ mysql -V
mysql  Ver 15.1 Distrib 5.5.64-MariaDB, for Linux (x86_64) using readline 5.1

-bash-4.2$ apachectl -v
Server version: Apache/2.4.6 (Red Hat Enterprise Linux)
Server built:   Jun  9 2019 13:01:04

-bash-4.2$ apachectl -t -D DUMP_MODULES | grep 'php'
 php7_module (shared)

Since I don't have privileges to modify /var/www/
cd ~
unzip nextcloud-*.zip
mkdir -p www/html
cp -R nextcloud/ ~/www/html/
mkdir ~/www/html/nextcloud/data
chown -R apache:apache ~/www/html/nextcloud

cd /etc/httpd/conf.d/
touch nextcloud.conf

Contents of /etc/httpd/conf.d/nextcloud.conf
-bash-4.2$ cat /etc/httpd/conf.d/nextcloud.conf
<VirtualHost *:80>
  DocumentRoot /app001/www/html/nextcloud/
  ServerName  bio1000lp.hs.it.vumc.io

  <Directory "/app001/www/html/nextcloud/">
    Require all granted
    AllowOverride All
    Options FollowSymLinks MultiViews

    <IfModule mod_dav.c>
      Dav off
    </IfModule>

  </Directory>
</VirtualHost>

VUMC Virtual Machine

Monday, August 19, 2019 1:12 PM
The pilot host build for 1009565 - Biostatistics Nextcloud” Server Build has been completed.  By end of day, VEC SECURITY ENGINEERING AND OPERATIONS should complete the VPN SSH access to allow the members of GDN_BIO_Admins group, managed by Dale Plummer, to SSH to the host.

The AD group to permit access onto the host (bio_adm) is manageable by Dale Plummer.  Users added to that AD group have the ability to sudo to the bioapp application account ie "sudo su - bioapp".  Sudo functions within the application account can be viewed with the following command: "sudo -l bioapp".  Application related files should be stored in the /app001 volume on the host.

Additional work to the host should be requested through the Pegasus Request Management module using the VUMC IT LINUX - GENERAL REQUEST form.  Be sure to specify the host name where work is to be performed.  LTM work is requested using the Pegasus Request Management forms relating to VUMC IT LINUX - F5 LTM requests.  Applications must be fully configured before submitting requests for LTM work.  Requested packages or versions not available in Red Hat repositories will have to be installed by the customer within the application volume.

Additional work to the host should be requested through the Pegasus Request Management module using the VUMC IT LINUX - GENERAL REQUEST form.  Be sure to specify the host name where work is to be performed.  LTM work is requested using the Pegasus Request Management forms relating to VUMC IT LINUX - F5 LTM requests.  Applications must be fully configured before submitting requests for LTM work.  Requested packages or versions not available in Red Hat repositories will have to be installed by the customer within the application volume.

PROJECT
  • PV Actual Start: 8/14/2019
  • PV Requested start: 8/7/2019
  • PV Requested finish: 10/4/2019
  • Workgroup Assigned: 8/1/2019
  • Host build start: 8/14/2019
  • Host build finish: 8/19/2019
  • Dependent workgroup finish: Pending
  • Customer turn over: 8/19/2019
  • PV Scheduled Finish: 8/26/2019

HOST INFORMATION
  • Name: bio1000lp.hs.it.vumc.io
  • Address: 10.100.128.10

AD INFORMATION
  • Host access group: bio_adm
  • AD GID: 100232
  • Manager of AD group: Dale Plummer
  • Location: ou=AI Unix,ou=Information Management,ou=Organizational Units,dc=ds,dc=vanderbilt,dc=edu

APPLICATION ACCOUNT
  • Name: bioapp
  • UID/GID: 1639
  • Sudo group: bio_adm
  • Application account home directory: /app001
  • Application file directory: /app001

PEGASUS WORKGROUP
Topic revision: r24 - 01 Dec 2021, DalePlummer
 

This site is powered by FoswikiCopyright © 2013-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding Vanderbilt Biostatistics Wiki? Send feedback