Opened 8 weeks ago

Closed 8 days ago

#3322 closed task (fixed)

Request for VM to certify GeoServer

Reported by: peterafrigis Owned by: sac-tickets@…
Priority: normal Milestone: Sysadmin Contract 2025-I (robe)
Component: SysAdmin Keywords:
Cc:

Description

Hi there

As per https://wiki.osgeo.org/wiki/OGC_Certification_Services, and on behalf of the GeoServer PSC, can I please request a VM to host a couple of GeoServer containers for the purposes of reviving CITE testing & certification?

Thank you

Peter

Change History (12)

comment:1 by robe, 8 weeks ago

Peter,

1) Can this wait till January? I haven't yet built new images yet for latest debian and Ubuntu and don't plan to before January

and I don't want to create a new OS Container or VM using an image that would need immediate upgrading next year.

If you can't wait perhaps we can find an existing VM to put it on that another project won't mind sharing.

2) What are the specs you need for this:

OS: We generally standardize on debian or ubuntu, installing another OS would take a bit longer

3) Anything else you need you can install yourself once we give you admin rights to the VM.

4) Our web apps all go thru an nginx proxy, so will need to know what domain addresses you need exposed for this along with ports the nginx proxy should listen for.

comment:2 by peterafrigis, 8 weeks ago

Hi Rob/robe

  1. Yes, of course, I can continue with my personal VPS for now. Do you have a target date in Jan?
  2. Ubuntu is perfect, something small: 2-4 cores, 2-4 GB RAM, 50 GB HDD
  3. Cool. Docker, PostGIS
  4. I think you would need to tell me what the domain name would be, but the host can be something like geoserver-cite, and you can expose any range of 5 consecutive ports, e.g. 8081 - 8085 that will be mapped to the containers.

My email address is gs at smythe/co/za for any credentials.

Thank you

Peter

comment:3 by robe, 7 weeks ago

Milestone: UnplannedSysadmin Contract 2025-I (robe)

I'm shooting for probably mid January. Might be able to get to it before then but can't promise.

For domain how about cite.geoserver.org?

comment:4 by peterafrigis, 7 weeks ago

Perfect, thank you Rob. Our next PSC meeting is 14 Jan, it would be lovely to show the progress then.

Peter

comment:5 by peterafrigis, 4 weeks ago

Hi Regina (sorry!), just checking in. I assume there's nothing further to report to the PSC this evening?

in reply to:  5 comment:6 by robe, 4 weeks ago

Replying to peterafrigis:

Hi Regina (sorry!), just checking in. I assume there's nothing further to report to the PSC this evening?

I'm working on #3340 which is to build the new base image for OSGeo future OS containers. After that building the VM for you should be quick. I'm shooting for sometime this week early next.

comment:7 by robe, 3 weeks ago

Resolution: fixed
Status: newclosed

I have this up now.

I gave @peterafrigis and @jive both sudo and docker rights.

I have http://geoserver-cite:8081 mapped to https://cite.geoserver.org

Our external nginx is taking care of the https, so port 8081 should just be running with http: protocol.

To access the server follow the directions here: https://wiki.osgeo.org/wiki/SAC_Service_Status#sshing_into_osgeo3_containers

You both should have access to the server.

The server is called geoserver-cite.

So for example to connect, I do this:

ssh robe@osgeo3-geoserver-cite

It is currently set to allow anyone in the shell group (which both of you are members of, to connect with password). If you want to close it off, you can add your ssh pub keys directly to the server, and change the /etc/ssh/sshd_config.d/60-cloudimg-settings.conf (set PasswordAuthentication no)

Specs of it are as follows:

Ubuntu 24.04.1 with Docker
4 vCPU
4GB ram
100GB disk

I didn't bother installing PostgreSQL/PostGIS since I figured you might want to run that using a PostGIS docker container of your choosing here - https://hub.docker.com/r/postgis/postgis

I'm going to close this out, but feel free to reopen if you run into issues.

comment:8 by peterafrigis, 3 weeks ago

Many thanks Regina, I am able to log into the geoserver-cite server

comment:9 by peterafrigis, 12 days ago

If possible, could you make peterafrigis a home directory on hop to facilitate jumping to geoserver-cite?

comment:10 by peterafrigis, 12 days ago

Resolution: fixed
Status: closedreopened

I have ​http://geoserver-cite:8081 mapped to ​https://cite.geoserver.org

Also, we need to host and expose a number of different GeoServer containers, so could you please map, say ​http://geoserver-cite:8081 to ​https://cite.geoserver.org:8081 all the way up to say 8089, for now? And https://cite.geoserver.org:443 can be closed off, if desired.

Thank you

Peter

comment:11 by robe, 11 days ago

Can we do subdomains instead, would be preferred over having to open up extra firewall ports.

So I'm thinking g1.cite.geoserver.org, g2.cite.geoserver.org, gn.cite.geoserver.org or even 8089.cite.geoserver.org

Could alternatively do subpaths like https://cite.geoserver.org/g1 etc, though I guess that might mess with your setup if it's expected to be sitting on root.

Also I had a misconfiguration so that might have caused the site not showing before. now I see a 404 page which I assume is expected.

comment:12 by robe, 8 days ago

Resolution: fixed
Status: reopenedclosed

@peterafrigis,

Note hearing back from you I went ahead with the following mappings. I haven't bothered doing an ssl for these additional ones since I wasn't sure if you wanted to stick with these names, let me know if you need that.

So mappings are as follows:

  • geoserver-cite:8081 -> cite.geoserver.org (both http and https)
  • geoserver-cite:8082 -> g2.cite.geoserver.org (only http)
  • geoserver-cite:8083 -> g3.cite.geoserver.org (only http)
  • geoserver-cite:8084 -> g4.cite.geoserver.org (only http)
  • geoserver-cite:8085 -> g5.cite.geoserver.org (only http)

I'm going to close this out. Feel free to reopen if you need further assistance.

Note: See TracTickets for help on using tickets.