Re: [Archivesspace_Users_Group] Diagnosing issues with ArchivesSpace

[Peter Heiner]

Michael Smith wrote on 2023-05-23 23:52:45:
> Our team has been facing recurring issues with our ArchivesSpace setup since
> October last year, which we've been unable to fully resolve despite
> concerted efforts.

Could pretty much be a description of our team up until very recently, when a
team member was finally able to hook the application up with Datadog's tracing
facilities.

We're currently running 3.1.1 with a standalone Solr 7.7.3 and MariaDB 10.4.24
on Ubuntu 20.04/22.04 servers.

> The primary problem involves intermittent system slowdowns and shutdowns,
> requiring frequent reboots to regain functionality. This occurs on average
> 3-4 times weekly but can sometimes be more frequent. This issue is affecting
> multiple teams across our organization.

Using the tracing facilities mentioned above we've found that the object
resolver in Archivesspace does not deduplicate the object tree properly and as
a result a resource we had with over 1100 event links produced a 130MB+ JSON
object and was subsequently parsed into 1.3GB of Ruby data and due to a quirk
of rendering all this was done twice. We reported this on Github
(https://github.com/archivesspace/archivesspace/issues/2993) 3 weeks ago.
The events were not very important to our archivists, so we ended up deleting
them.

We've also found that search is also suboptimal for us. Searches are taking
exponentially longer with every added term and for every search thousands of
requests are made to populate the 'Found in' column of the results. We're on
an old version of Solr and are using a fairly old schema, so we want to
upgrade both before we report this issue.

We've also noticed that database queries trying to update the archivesspace
software agent's system_mtime are failing and we've found that the row has not
been updated since we switched from 2.8.1 to 3.1.1. Possibly linked to this...

> The most common symptom of our problem that we are seeing now looks to be a
> connection pool leak where what looks like indexer threads are holding
> connections in a closed wait state and preventing them from being used for
> other requests.  This leads to the main page timing out and staff seeing 504
> errors, when unresponsive in this manner we usually restart the application.

...our main problem: users are unable to save records due to the updates
timing out waiting for locks. Looking at the database processlist we've
observed 2-3 instances of identical update queries in different sessions and
on the tracing level the queries retry several times before failing on their
LIMIT 1 clause, as there are no rows to update. We don't fully understand this
problem yet, but seeing your message this might be because we don't see
indexer threads in the traces, as they're on a different host.

> Some of the things we’ve attempted so far,
> 
>   *   changed default config settings for indexer records per thread, thread
>   count and solr timeout to 10, 2 & 300


>   *   modified archivesspace.sh to increase memory available
>   (ASPACE_JAVA_XMX="-Xmx35g")

We're on 56GB of heap now. We have ~3.2 million objects in the database across
~30 repositories, I believe this to be one of the larger installations of AS
out there.

>   *   disabled both PUI and PUI indexer

We've been actually thinking of doing this, we currently have the indexer on a
separate host. Does disabling the indexers impact visibility of changes in any
way for you?

> Any advice with further diagnosis / troubleshooting would be appreciated. If
> you need additional information about our setup or the issues we're
> encountering, please let us know.

Our colleague has written a trivial plugin that enables Datadog tracing and
telemetry and it has been, excuse the phrasing, instrumental. He also made it
public, the brilliant bloke (use the log-scope branch for now):
https://gitlab.developers.cam.ac.uk/lib/dev/ams/aspace-datadog

Hope that helps,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] External Solr - Memory Allocation?

[Peter Heiner]

Joshua D. Shaw wrote on 2023-01-26 23:02:10:
> Thanks, Blake!
> 
> I'm running default config values for the AS log levels so they are all set 
> to 'debug'. I took a closer look, and the timeout message happens exactly 
> after the timeout amount I set (as you'd expect). Interestingly, Solr is in 
> the middle of deleting documents when it goes silent
> 
> I, [2023-01-26T09:18:40.357101 #78764]  INFO -- : Thread-3384: Deleted 100 
> documents: #
> 
>  40 minutes pass with all the other AS log chatter ...
> 
> E, [2023-01-26T09:58:40.400971 #78764] ERROR -- : Thread-3384: 
> SolrIndexerError when deleting records: Timeout error with  POST {}
> I, [2023-01-26T09:58:40.410522 #78764]  INFO -- : Thread-3384: Deleted 100 
> documents: #
> 
> This continuing delete phase goes on for a bit until it stops logging batch 
> deletes.
> 
> I, [2023-01-26T09:59:11.734200 #78764]  INFO -- : Thread-3384: Deleted 9 
> documents: #
> 
>  40 minutes pass with all the other AS log chatter ... And then the 
> commit error pops up
> 
> E, [2023-01-26T10:39:11.746166 #78764] ERROR -- : Thread-3384: 
> SolrIndexerError when committing:
> Timeout error with  POST {"commit":{"softCommit":false}}.
> 
> Then after some more time
> 
> I, [2023-01-26T11:06:35.678926 #78764]  INFO -- : Thread-3384: Deleted 186992 
> documents: #
> 
>  This all seems to indicate to me that the commit phase is taking an 
> inordinate amount of time (almost 2 hours - maybe that's what I need to set 
> the timeout to?). After that, the indexer starts the 2nd repo

We're experiencing the exact same issue at least in the largest of our 30-odd
repositories:

I, [2023-01-28T07:24:48.015356 #2036632]  INFO -- : Thread-2006: Staff Indexer 
[2023-01-28 07:24:48 +] ~~~ Indexed 536300 of 587664 archival_object 
records in repository CUL
E, [2023-01-28T07:25:47.217953 #2036632] ERROR -- : Thread-2016: 
SolrIndexerError when committing: 
Timeout error with  POST {"commit":{"softCommit":false}}.

We've had this problem from the start but were unable to dig deeper because
our in-house monitoring wasn't granular or even capable enough. Our crude
solution was using an external Solr since 2.5 and an external indexer since
around 2.7, and periodic restarts out of hours, but we've started getting
problems despite that. Our Solr is allocated 6GB of memory and timeout is set
to 1200 seconds, but the problem is that searches in AS fail during the wait
and that makes AS unusable, so we're reluctant to increase that.

Why does one even have to run a periodic indexer? Aren't there guarantees in
the system that updates are seen through to the index in realtime, do bulk
updates not trigger a refresh of updated records selectively? Reading the code
seems to suggest that updates are queued until processed, does AS need a more
durable queue?

Thanks,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] ASpace database issues

[Peter Heiner]

Matthew Adair wrote on 2023-01-18 14:23:14:
> Version 2.5.2 of ASpace.  Version 8.0.30 of MySQL

A couple of versions prior to yours MySQL started explicitly reporting
'utf8mb3' where in the past it would say 'utf8'. That's because 'utf8' is
currently an alias for 'utf8mb3' and they want to deprecate 'utf8mb3' and make
'utf8' an alias of 'utf8mb4' instead.
ASpace 2.5.2 only recognises 'utf8' as an UTF-8 character set, this was fixed
in ASpace 2.7.1. I would consider upgrading to a more recent version if
possible.

> We get the following error in the log file:
> "The following MySQL database tables are not set to use UTF-8 for their
> character encoding:"
> and then it lists all of the database tables, and fails with an unable to
> connect to database error
> 
> Encoding on the database and all of the tables are utf8mb3_general_ci

Short of the ASpace upgrade (or a database downgrade that might be even more
painful) the correct solution is to convert table data to 'utf8mb4', see
https://dev.mysql.com/doc/refman/8.0/en/charset-unicode-conversion.html
for details on how to do that.

Hope that helps,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] AWS/Linux/Solr

[Peter Heiner]

Kyle Breneman wrote on 2022-11-04 12:39:13:
> Thanks for your assistance, Don.  Yes, I did install Solr on the box.  I 
> created directories and put the ArchivesSpace configset in place, as per 
> instructions.
> 
> What is giving me fits is that the command to start Solr isn’t working for 
> me, and I’m not sure why.  My working assumption is that I’m missing 
> something very simple.

It looks like you need to give the bin/solr script execute permissions:

chmod +x /opt/solr-8.10.0/bin/solr

Hope that helps,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Vagrant: "unable to connect to backend" error

[Peter Heiner]

We just had a similar issue where we had to upgrade MySQL Connector/J to be
able to successfully connect to a database that has been upgraded from MariaDB
10.2 to 10.4.

The symptom was AS being unable to connect to the database and it logging a
'communications link failure' error.

We'd previously been using version 8.0.23 of the connector and
were only able to connect after an upgrade to 8.0.29.

Hope that helps,
p

Mark Cyzyk wrote on 2022-06-11 17:08:30:
> All,
> 
> I am trying to duplicate our Archivesspace production app in a local Vagrant
> box.
> 
> I am getting an "unable to connect to backend" error when it boots.
> 
> I've checked to make sure the database is indeed present.
> 
> I've checked permissions for the "archivesspace" user to the "archivesspace"
> DB:
> 
>MariaDB [archivesspace]> SHOW GRANTS for archivesspace@localhost;
>
> +--+
>| Grants for archivesspace@localhost |
>
> +--+
>| GRANT USAGE ON *.* TO `archivesspace`@`localhost` IDENTIFIED
>BY PASSWORD '*2C2611CEB83E695935FB2CA67F9EE3D56514F1CC' |
>| GRANT ALL PRIVILEGES ON `archivesspace`.* TO
>`archivesspace`@`localhost` WITH GRANT
>OPTION   |
>
> +--+
>2 rows in set (0.000 sec)
> 
>MariaDB [archivesspace]>
> 
> 
> Then I do same for 127.0.0.1:
> 
>MariaDB [archivesspace]> SHOW GRANTS for archivesspace@127.0.0.1;
>
> +--+
>| Grants for archivesspace@127.0.0.1 |
>
> +--+
>| GRANT USAGE ON *.* TO `archivesspace`@`127.0.0.1` IDENTIFIED
>BY PASSWORD '*2C2611CEB83E695935FB2CA67F9EE3D56514F1CC' |
>| GRANT ALL PRIVILEGES ON `archivesspace`.* TO
>`archivesspace`@`127.0.0.1` WITH GRANT
>OPTION   |
>
> +--+
>2 rows in set (0.000 sec)
> 
>MariaDB [archivesspace]>
> 
> 
> I AM able to restore into the "archivesspace" database with:
> 
>sudo mysql -u archivesspace -pREDACTED archivesspace <
>/vagrant/archivesspace_CURRENT.sql
> 
> 
> The connect string in my config.rb file:
> 
>AppConfig[:db_url] =
>
> "jdbc:mysql://localhost:3306/archivesspace?user=archivesspace=REDACTED=true=UTF-8"
> 
> 
> And yet I get the "unable to connect to backend" error.  No fair!
> 
> Advice in previous posts down through the years suggested this was a
> permissions problem, or running MySQL on something other than
> localhost/127.0.0.1, but I think what I've done above rules this out.
> 
> Are there other reasons why I might be getting the "unable to connect to
> backend" error?
> 
> Advice appreciated!
> 
> Mark
> 
> PS: I don't think this is relevant to the connection issue, but here are the
> permissions I've set on the file system:
> 
>vagrant@vagrant:/usr/share/archivesspace$ ls -la
>total 84
>drwxr-xr-x  16 archivesspace archivesspace 4096 Jun 11 18:59 .
>drwxr-xr-x 122 root  root  4096 Jun 11 18:59 ..
>-rwxr-xr-x   1 archivesspace archivesspace  813 Jun 11 18:54
>archivesspace.bat
>-rwxr-xr-x   1 archivesspace archivesspace 5364 Jun 11 18:53
>archivesspace.sh
>drwxr-xr-x   4 archivesspace archivesspace 4096 Jun 11 18:53
>clustering
>drwxr-xr-x   2 archivesspace archivesspace 4096 Jun 11 21:05 config
>-rwxr-xr-x   1 archivesspace archivesspace  665 Jun 11 18:53 COPYING
>drwxr-xr-x   9 archivesspace archivesspace 4096 Jun 11 18:59 data
>drwxr-xr-x  14 archivesspace archivesspace 4096 Jun 11 18:54 docs
>drwxr-xr-x   9 archivesspace archivesspace 4096 Jun 11 18:54 gems
>drwxr-xr-x   8 archivesspace archivesspace 4096 Jun 11 18:54
>launcher
>drwxr-xr-x   2 archivesspace archivesspace 4096 Jun 11 18:59 lib
>drwxr-xr-x   4 archivesspace archivesspace 4096 Jun 11 18:53 locales
>drwxr-xr-x   2 archivesspace archivesspace 4096 Jun 11 18:59 logs
>drwxr-xr-x  22 archivesspace archivesspace 4096 Jun 11 18:54 plugins
>-rwxr-xr-x   1 archivesspace archivesspace 2326 Jun 11 18:53
>README.md
>drwxr-xr-x  12 archivesspace archivesspace 4096 Jun 11 18:53 reports
>drwxr-xr-x   3 archivesspace archivesspace 4096 Jun 11 

Re: [Archivesspace_Users_Group] Problems with oauth plugin

[Peter Heiner]

This looks like it's failing while trying to download the Okta SAML IdP 
metadata. If you do an

openssl s_client -connect :443

from the host you'll get copious amounts of debugging output that should get 
you started.

HTH,
p


From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
 on behalf of Tom 
Hanstra 
Sent: 02 June 2022 14:37
To: Archivesspace Users Group 
Subject: Re: [Archivesspace_Users_Group] Problems with oauth plugin

Thanks, Blake. Unfortunately, that did not do it. The install script works but 
we still get this complaint about the certificate verification:

I'm attaching the entire error as a separate file. Perhaps someone with more 
Ruby understanding will see something in there that I have not. If I could 
figure out what certificate/file it is looking at, perhaps I could track this 
down. Or maybe it is a red herring and there is something else going on in 
there.

Tom

On Wed, Jun 1, 2022 at 5:10 PM Blake Carver 
mailto:blake.car...@lyrasis.org>> wrote:
You might try this branch, there was a weird issue with that for a while, I 
think maybe this fixed that?
https://github.com/lyrasis/aspace-oauth/tree/unlock-address

This was the only change
https://github.com/lyrasis/aspace-oauth/pull/23/files

That was a while back, so things may have changed since on some of those gems.

From: 
archivesspace_users_group-boun...@lyralists.lyrasis.org
 
mailto:archivesspace_users_group-boun...@lyralists.lyrasis.org>>
 on behalf of Tom Hanstra mailto:hans...@nd.edu>>
Sent: Wednesday, June 1, 2022 2:22 PM
To: Archivesspace Users Group 
mailto:archivesspace_users_group@lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] Problems with oauth plugin

I'm having some problems with our Authentication with OKTA which I'm trying to 
understand.

Because of the problems, I've tried reinstalling the oauth plugin completely. 
The first problem I ran into was that the current download of:

https://github.com/lyrasis/aspace-oauth.git

Had a Gemfile containing the line:

gem 'addressable',   '2.8.0'

This caused some gem issues with our 2.81. version of ArchivesSpace because 
2.8.0 was evidently newer than the 2.7.0 version that is in the gems directory. 
I'm not savvy enough with Ruby to know how to deal with that so I simply 
updated the aspace-oauth Gemvile to read:

gem 'addressable',   '2.7.0'

Not sure if that is legit or not. But it allowed the initialize-plugin script 
to work.

But I'm still running into what was actually the original error we are getting. 
In the archivesspace.out file, we see this error:


INFO: An exception happened during JRuby-Rack startup
certificate verify failed
--- System
jruby 9.2.12.0 (2.5.7) 2020-07-01 db01a49ba6 OpenJDK 64-Bit Server VM 
25.312-b07 on 1.8.0_312-b07 +jit [linux-x86_64]
Time: 2022-06-01 13:57:45 -0400
Server: jetty/8.1.5.v20120716
jruby.home: uri:classloader://META-INF/jruby.home

--- Context Init Parameters:
jruby.max.runtimes = 1
jruby.min.runtimes = 1
public.root = /
rails.env = production

--- Backtrace
OpenSSL::SSL::SSLError: certificate verify failed
 connect at 
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1002
do_start at 
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:924
   start at 
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:913
 request at 
uri:classloader:/META-INF/jruby.home/lib/ruby/stdlib/net/http.rb:1465

[and a lot more 

Re: [Archivesspace_Users_Group] Browser Access Not Working

[Peter Heiner]

Heidi R. Pettitt wrote on 2022-05-12 15:02:30:
> Hi All,
> 
> The issue I'm having is I'm trying to access ArchivesSpace through a web 
> browser by typing in Http://IP Address of my Archives Space server:8080.  
> This is supposed to bring me to an Archives Space login in web page but it 
> says it is unable to connect.  When I enter the command netstat -an -p tcp | 
> find "8080" at a command prompt, it is not showing anything which means port 
> 8080 is not listening.  I don't know what to do to get port 8080 to listen.

The intended effect of the command you posted is to search for the string
8080 anywhere in the output of the netstat command, however, on a Posix system
'find' searches for files, you'd want 'grep' to filter netstat's piped output.

In any case, 'unable to connect' means that the connection could not be
established, so netstat output is unlikely to be helpful. Verify each
component of the full URL: scheme, IP address and port.

Hope that helps,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Help: Does ASpace support Okta/SSO/SAML?

[Peter Heiner]

Cambridge University Libraries use the aspace-oauth plugin with the SAML
provider.

We chose SAML over LDAP because our directory doesn't allow anonymous binds
and ArchivesSpace requires a separate bind DN which I was not too keen on
having. SAML was not particularly easy to set up, we've seen some quirks like
it not being able to use our IdP's metadata autoconfiguration and us having to
add config items that would be available from said metadata, but it can be
made to work with some trial and error. 

The separate login link in the header that aspace-oauth creates felt pretty
clunky, so we have also modified the main app page in our local plugin to take
the user directly to the SSO login page unless a specific URL parameter is
set.

Sadly, only the database is supported for authorisation, none of those
fancy-schmancy SAML attributes or Oauth2 claim shenanigans from the early 21st
century.

p

Jerry Boggio wrote on 2022-03-14 14:45:01:
> Resubmitting as it appears my original question was kicked back.
> 
> Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info 
> Management | 781-271-2719
> 
> From: Jerry Boggio 
> Sent: Monday, March 14, 2022 10:28 AM
> To: archivesspace_users_group-requ...@lyralists.lyrasis.org
> Subject: Help: Does ASpace support Okta/SSO/SAML?
> 
> Hi Everyone;
> 
> Could someone please tell us if ArchivesSpace supports Okta, SSO (Single Sign 
> On), and/or SAML (Security Assertion Markup Language)? Are there other 
> security packages supported other than storing logon ID and password in the 
> MySQL database? If so, could you please pass on documentation?
> 
> Thank you!
> Gerard (Jerry) Boggio | MITRE Corporation | R124 - Collaboration & Info 
> Management | 781-271-2719
> 

> ___
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group@lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Implementing a standalone Solr instance

[Peter Heiner]

Zhang, Bin wrote on 2022-01-07 05:14:57:
> Where do I find the “Archivesspace solr configuration files”?  I can find
> the “solr directory” mentioned in the instruction anywhere in our installed
> ArchivesSpace instance.

It's not in the distribution, but in the source tree on Github:
https://github.com/archivesspace/archivesspace/tree/master/solr

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Advice on what to look for in AS logs after printing error?

[Peter Heiner]

Kyle Breneman wrote on 2022-01-05 17:36:41:
> Thank you for that reminder, Blake!  Another question: the print action was
> being run from the following pages.  Wouldn't clicking the AS print button
> itself register in the logs?  If so, how could I efficiently find those
> lines?
> 
> https://archivesspace.ubalt.edu/repositories/2/resources/92
> 
> https://archivesspace.ubalt.edu/repositories/2/resources/126
> 
> https://archivesspace.ubalt.edu/repositories/2/resources/21

For the click you should see a POST request to the URI + '/pdf'.

If you have a webserver in front of ArchivesSpace you may be dealing with the
backend request timing out on trying to print large collections, which will
show up in the webserver logs as HTTP error 504.

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] API-only users?

[Peter Heiner]

Andrew Morrison wrote on 2021-12-14 13:27:13:
> Does anyone know if there is a way set up an ArchivesSpace user so they can
> query the API but they are blocked from logging-in to the staff interface?

My understanding is that this is not possible.

ArchivesSpace does not expose any way to limit users to API or UI access only,
neither using its permissions model or the authentication source used. It also
cannot make authorisation decisions on information provided by the backend as
it is commonly done, among others, using LDAP group membership information.

This means that once you can authenticate, you get access based on whatever
permissions are assigned to your user in the database.

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

[Peter Heiner]

While ArchivesSpace itself might not be vulnerable, those who run an extrrnal 
Solr instance should be aware that it itself may be, see 
https://solr.apache.org/security.html#apache-solr-affected-by-apache-log4j-cve-2021-44228
 for more information and some possible workarounds.

p

From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
 on behalf of Tom 
Hanstra 
Sent: 11 December 2021 13:21
To: Archivesspace Users Group 
Subject: [Archivesspace_Users_Group] log4j vulnerability in ArchivesSpace?

There is a lot of buzz right now about the log4j exploit being used against 
Java applications. Does anyone know if ArchivesSpace is vulnerable to these 
exploits?

Tom
--
Tom Hanstra
Sr. Systems Administrator
hans...@nd.edu

[https://docs.google.com/uc?export=download=1GFX1KaaMTtQ2Kg2u8bMXt1YwBp96bvf0=0B7APN9POn6xAQ244WWFYMFU3aVJwZ0lxbmVHK3FxNXlCd0RRPQ]
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Implementing a standalone Solr instance

[Peter Heiner]

Hi Kyle,

We at the Cambridge University Library have been running an external Solr
instance since the early days of our deployment.
We use Puppet for configuration management of our local VM stack and the
module we use is https://forge.puppetlabs.com/modules/landcareresearch/solr.

We currently store over 13K resources comprised of over 900K archival objects
across 30 repositories, the number of attached notes is well above 2.2M.
It's important to note that our initial archival object count was over 700K, I
believe we were fairly large scale users even initially.

Our production Solr currently has just under 3 million documents in the index.
Availability and performance of Solr is, in our experience, the single most
common cause of ArchivesSpace downtime, ahead of Java memory leakage, planned
maintenance due to upgrades, and database or network failures.

For our scale and use, especially while we were in the migration phase
occasionally bringing in hundreds of thousands of archival objects, we have
found that indexing threads could also interfere with interactive use of the
site and after some unsuccessful attempts at fixing this by altering the
indexer thread count we have split the indexer off to another VM. Our Ops team
have recently identified and fixed issues with our VM infrastructure, so we're
waiting for more monitoring data to confirm whether we still need this, but I
imagine having Solr, AS, and the indexer on the same VM might hurt
performance.

Hope that helps,
p

Kyle Breneman wrote on 2021-12-03 16:50:29:
> Here at the University of Baltimore, we are working to stand up our own 
> external Solr installation in preparation for ArchivesSpace's move away from 
> bundled Solr.  Campus IT is asking me whether or not we should install Solr 
> on the same server we're using to host ArchviesSpace.  I see that 
> ArchivesSpace officially has no 
> opinion on this matter (See under 
> "Will you have strict requirements for how to deploy Solr?").
> 
> Does anyone on this list have a recommendation about whether an external 
> instance of Solr should be installed on the same server as ArchivesSpace, or 
> on its own separate server?  I don't see that it makes much difference, but I 
> am also not experienced in managing servers, or in administering Solr.
> 
> Kyle Breneman
> Integrated Digital Services Librarian
> The University of Baltimore
> kbrene...@ubalt.edu
> I believe in freedom of thought and
> freedom of speech. Do you?
> 

> ___
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group@lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Optimistic locking error

[Peter Heiner]

Hi Patrick,

What does
SELECT * FROM `user` WHERE ((`id` = 113) AND (`lock_version` = 1271));
say?

p


From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
 on behalf of 
Galligan, Patrick 
Sent: 02 December 2021 16:57
To: Archivesspace Users Group 
Subject: [Archivesspace_Users_Group] Optimistic locking error


Hi all,



I’m trying to diagnose and fix a warning I’m seeing in our AS log files every 
12 or 13 seconds:



Got an optimistic locking error when updating user: Attempt to update object 
did not result in a single row modification (SQL: UPDATE `user` SET 
`system_mtime` = '2021-12-02 16:52:37', `user_mtime` = '2021-12-02 16:52:37', 
`lock_version` = 1272 WHERE ((`id` = 113) AND (`lock_version` = 1271)) LIMIT 1)



I can delete the user, but if I remake it with the same username, the warning 
comes back. If I leave the user open for editing, I get the “This record has 
been updated by another user. Please refresh the page to access the latest 
version,” message in the UI.



Any idea how to fix this issue? I’d prefer to be able to keep the username the 
same. I’m not sure why the system thinks there are two different lock versions 
associated with the record.



Thanks,

Patrick Galligan

Rockefeller Archive Center
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Jetty out of date - critical vulnerability

[Peter Heiner]

Christine Di Bella wrote on 2021-10-27 20:04:00:
> Given the sensitivity, we maintain security issues in a non-public JIRA.

This effectively prevents the community from getting involved and even to look
for possible mitigations on their own. At the very least, could the links
mentioned that describe the vulnerability be posted to the list, please?

Thanks,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] error - agent table is full

[Peter Heiner]

Hi Sean,

This is a MySQL error relating to either the database server running out of 
disk space or the database hitting the maximum autoextend size, see
https://stackoverflow.com/questions/730579/1114-hy000-the-table-is-full

p


From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
 on behalf of Parke, 
Sean 
Sent: 24 September 2021 11:58
To: Archivesspace Users Group 
Subject: [Archivesspace_Users_Group] error - agent table is full


Hello,



When I try to create a new agent record, I get the error message “translation 
missing: en.no key - translation missing: 
en.validation_errors.database_integrity_constraint_conflict__java__javasql__sqlexception__the_table__agent_person__is_full”



Anyone know how to address this? We are still on version 2.3.0



Thanks,



Sean Parke

University Archivist

University of Hartford

Archives & Special Collections

spa...@hartford.edu

(He/Him/His)


___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Add a static web page to ArchivesSpace PUI?

[Peter Heiner]

Hi all,

While this will probably solve Amy's problem, it may not be a good idea for a 
busy site to use the whole RoR stack to do this.
It would probably be better to use Middlemanto generate static pages using the 
AS partials and serve them using Apache or similar.

p

From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
 on behalf of Kara 
Hart 
Sent: 21 September 2021 16:07
To: Archivesspace Users Group 
; Amy Winter 

Subject: Re: [Archivesspace_Users_Group] Add a static web page to ArchivesSpace 
PUI?

Hi Amy, I still have a copy of the original I can share with you.

Kara

~ Kara S. Hart

Systems Librarian - Library & Technology Services
-
Wellesley College


On Mon, Sep 20, 2021 at 6:13 PM Amy Winter 
mailto:amywin...@unm.edu>> wrote:

Does anyone know where I could get a copy of the plugin/template to add a 
static page, referred to in the 2019 post from James, below.  The repo is gone 
and not in the Wayback Machine either:  https://github.com/hudmol/static_pages



I can’t find any other reference to this in the list archives or on Google.



Thanks for any help,



Amy E. Winter

Library Information Technology

University of New Mexico

505.277.1233





[Archivesspace_Users_Group] Add a static web page to ArchivesSpace PUI?

James Bullen james at hudmol.com 

Mon Oct 28 18:02:16 EDT 2019

  *   Previous message: [Archivesspace_Users_Group] Add a static web page to 
ArchivesSpace PUI? 

  *   Next message: [Archivesspace_Users_Group] Add a static web page to 
ArchivesSpace PUI? 

  *   Messages sorted by: [ date 
]
 [ thread 
]
 [ subject 
]
 [ author 
]



Hi Kara,



This seemed like a useful thing that I don’t think exists yet, so I made a 
plugin to do it:



https://github.com/hudmol/static_pages 



Maybe it can be a useful starting point.





Cheers,

James







> On Oct 28, 2019, at 3:52 PM, Kara Hart  wellesley.edu>
>  wrote:

>

> Hi all,

> I want to be able to add static web pages to ArchivesSpace.  I'd like to 
> incorporate the header, top nav, and footer and be able to just add what I 
> want in the middle.  I'm basically hoping to create general FAQ, search help, 
> about pages that live in my ArchivesSpace local plugin.  Is this possible?

>

> I did find a way to add a page by putting a .html doc into 
> /archivesspace/plugins/local/public/assets, but I have to manually copy in 
> the head, navigation, header, and footer, which is obviously not ideal for 
> updating and probably other reasons.

>

> If there isn't a way to do this, where is the proper place to suggest this 
> enhancement?  Should I create a new feature request in Jira the project ANW? 
> (https://archivesspace.atlassian.net/projects/ANW/issues/?filter=allissues&= 
> )

>

> Thanks for any help,

> Kara

>

>

> ~~~ Kara S. Hart

> Systems Librarian - Library & Technology Services - Wellesley College

>

>

> !DSPAM:5db7471d288581084719066! 
> ___

> Archivesspace_Users_Group mailing list

> Archivesspace_Users_Group at 
> lyralists.lyrasis.org

> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

>

>

> !DSPAM:5db7471d288581084719066!



___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] API output - extra unicode

[Peter Heiner]

Hi Tom,

The AS API is UTF-8 by default and AS tries to make sure your database is set 
up correctly, too, by checking the database/table encodings. As a data point, 
with dozens of migrations making millions of calls to the AS API and sending 
data in both directions I've yet to come across a single instance of AS 
inserting spurious characters into API responses, but I've had plenty of 
encoding issues in the same migrations on the data/database level. I'm fairly 
confident you'll find the source of those characters if you look at the raw 
data.

p


From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
 on behalf of Tom 
Hanstra 
Sent: 03 September 2021 18:09
To: Archivesspace Users Group 
Subject: Re: [Archivesspace_Users_Group] API output - extra unicode

Brian (and others),

The data in the database should be UTF-8 as far as I can tell. So, I think this 
has to be happening at the API export level. Is there anything specific that 
needs to be done to have the API know that this is UTF-8 data?

Tom

On Fri, Sep 3, 2021 at 11:42 AM Brian Harrington 
mailto:brian.harring...@lyrasis.org>> wrote:

Hi Tom,



In my experience \u00c3 appearing in anything is almost always a sign of 
encoding issues.  I would make sure that everything is UTF-8 all the way 
through.



Brian



From: 
mailto:archivesspace_users_group-boun...@lyralists.lyrasis.org>>
 on behalf of Tom Hanstra mailto:hans...@nd.edu>>
Reply-To: Archivesspace Users Group 
mailto:archivesspace_users_group@lyralists.lyrasis.org>>
Date: Friday, September 3, 2021 at 11:06 AM
To: Archivesspace Users Group 
mailto:archivesspace_users_group@lyralists.lyrasis.org>>
Subject: [Archivesspace_Users_Group] API output - extra unicode



On our local version of ArchivesSpace, we are testing API output and are 
finding that we are getting extra Unicode characters on export. It looks like 
the data is right in the database, but doesn't quite come out right from the 
API extract. It looks like there is an extra unicode character added (in some 
of the code we reviewed, this was either \u00c3 or \u00a2).



Where might we have something set incorrectly?  Where might the extra data be 
coming from or have been introduced along the way?



Thanks,

Tom



--

Tom Hanstra

Sr. Systems Administrator

hans...@nd.edu



[Image removed by sender.]

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group


--
Tom Hanstra
Sr. Systems Administrator
hans...@nd.edu

[https://docs.google.com/uc?export=download=1GFX1KaaMTtQ2Kg2u8bMXt1YwBp96bvf0=0B7APN9POn6xAQ244WWFYMFU3aVJwZ0lxbmVHK3FxNXlCd0RRPQ]
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] logrotate and "binary" logs

[Peter Heiner]

> On Tue, 2021-06-15 at 08:42 +0000, Peter Heiner wrote:
> > > $ file as-log.out
> > > as-log.out: data
> > This looks like the file utility was unable to determine the type of
> > as-log.out. As it should normally be able to identify all types emitted
> > by logrotate, this suggests to me that the actual file it was ran on is
> > corrupt.
> I'm not sure about corrupt, but I won't rule it out. I'm not sure
> because `cat`, `tail`, and some other utilities seem to work correctly
> (but maybe they're more forgiving?). Thanks for the suggestion!

If other utilities work well with the file, meaning for example that less
or tail do not complain that the file may be binary, then I wouldn't worry
too much about it.
It's also possible for different contents in the file to yield different 
results.
Identifying log files certainly seems capricious on my laptop:

[ph448@sparkly log]$ file pacman.log 
pacman.log: Unicode text, UTF-8 text
[ph448@sparkly log]$ file xdm.log
xdm.log: ASCII text
[ph448@sparkly log]$ file Xorg.0.log
Xorg.0.log: JSON data

All 3 files are plaintext logs. 

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] logrotate and "binary" logs

[Peter Heiner]

$ file as-log.out
as-log.out: data
This looks like the file utility was unable to determine the type of 
as-log.out. As it should normally be able to identify all types emitted by 
logrotate, this suggests to me that the actual file it was ran on is corrupt.
archivesspace/logs/archivesspace.out {
This may be a result of pasting, but AFAIK logrotate requires an absolute path.
   compress
This will default to gzip compression, with an extension '..gz' added 
to the filename. Normally, you would use the z* utilities (zcat, zless, zmore, 
zgrep, zdiff) to handle rotated logs as these will also handle uncompressed 
streams. I note that the filename above does not have the usual extension, but 
this may also be a result of pasting/obfuscation.

You should be able to run logrotate -d  and see all actions that 
would be performed according to configfile.

p

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Trouble with creating a Docker container

[Peter Heiner]

I'm attempting to create a Docker container for ArchivesSpace and I cannot seem 
to get it to connect to my MySQL container. I'm still very new to Docker, so 
I'm sure there is a step in the process I am missing. My repo is here: 
https://github.com/pshowell23/aspace-docker
 and the error I keep getting is attached.

Sorry to be a bother, but I just don't understand where I've gone wrong. I 
tried adding environment variables in the docker-compose file and I've tried 
changing the config.rb file.
'localhost', the hostname for the IP address '127.0.0.1', is meaningless in a 
container, you can't connect to it. What's more, MySQL's convention is that 
'localhost' does not mean a TCP connection, but a UNIX socket connection, which 
will not work either. The solution is to use the hostname of the database 
container from the compose file in the connection string:

AppConfig[:db_url] = 
"jdbc:mysql://aspace_data:3306/archivesspace?user=as=as123=true=UTF-8"

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Spreadsheet imports locking up database

[Peter Heiner]

James Bullen wrote on 2021-06-06 11:35:03:

> Bulk update operations usually run in database transactions. This is great 
> because it guarantees that the database will be in a consistent state when 
> the job completes - if it succeeds then all of the updates are applied, if it 
> fails then none of the updates are applied.
> 
> The price for this guarantee is that any affected records are locked until 
> the job completes.

Thanks for your response. I generally agree with your points but have mine to 
make.
One is that the consistency unit here need not be the entire job, it is 
sufficient to isolate a single line, and I would normally expect the database 
to cope fine with such a workload.
Secondly, if I read my database output correctly, in this case the problem is 
not a wholly isolated bulk update but unnecessary table scans occurring for 
each line that make the database hold a lock for several seconds instead of 
milliseconds. I've yet to understand the purpose of the subnote_metadata table 
and why the delete is taking place, but we did notice that the query tried IDs 
that were not in the database.
In any case, it should be possible to unroll the subquery or provide optimiser 
hints for the bottleneck to go away.

> We recently implemented the ability to submit import jobs to be run after 
> hours for a client to work around this.

We were thinking of a similar workaround, do you have anything you could share 
with us?

Thanks,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

[Archivesspace_Users_Group] Spreadsheet imports locking up database

[Peter Heiner]

Dear list users,

The Cambridge University Library AS instance has recently been hit with severe 
performance issues while users were running spreadsheet imports to add archival 
objects, details are in 
https://github.com/archivesspace/archivesspace/issues/2275; the summary is that 
a DELETE query with a dependent subquery running for every line of the 
spreadsheet input seems to make concurrent database access near impossible.

Has anyone else experienced anything similar? Us using MariaDB instead of MySQL 
might well be the cause, but I'd like confirmation before work is scheduled to 
migrate the database that this will indeed help. If you're using spreadsheet 
imports, we'd be grateful if you could let us know either on or off list 
whether you use MySQL or MariaDB and if you had any problems with the migration 
queries hogging the database.

Thanks,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Indexed - but still some issues

[Peter Heiner]

Indeed, -Xss is the stack size, this amount gets allocated for each thread
created. I believe the default is 1MB. A general rule of thumb is to increase
it conservatively if you get a stack overflow error in the app.

p

Trevor Thornton wrote on 2021-03-25 16:59:00:
> I may not be understanding it completely, but from what I've read 256k is
> typical for a 64-bit JVM. Given that, 2m is comparatively big. 1g is 500
> times the default, which seems excessively big.
> 
> On Wed, Mar 24, 2021 at 3:06 PM Tom Hanstra  wrote:
> 
> > My understand/reading regarding this setting is that it is the thread size
> > for Java, and has to be big enough to handle the work but cannot be too big
> > either. The default of 2m seems very low. I have been working with the 1g
> > size lately but am not sure that is optimal either. I'd be curious to know
> > if there are optimal numbers that people have found useful.
> >
> > Tom
> >
> > On Wed, Mar 24, 2021 at 12:55 PM Trevor Thornton 
> > wrote:
> >
> >> I'm doing this exact thing right now and I wanted to confirm that the 'g'
> >> here shouldn't be an 'm':
> >> ASPACE_JAVA_XSS="-Xss1g"
> >>
> >> The default looks to be:
> >> ASPACE_JAVA_XSS="-Xss2m"
> >>
> >> https://github.com/archivesspace/archivesspace/blob/master/launcher/archivesspace.sh#L105
> >>
> >> On Wed, Mar 24, 2021 at 11:43 AM Tom Hanstra  wrote:
> >>
> >>> Hmmm. So I finally tracked the issue down to my Java settings. For some
> >>> reason, before/during indexing, Java settings of:
> >>>
> >>> ASPACE_JAVA_XMX="-Xmx8192m"
> >>> ASPACE_JAVA_XSS="-Xss4g"
> >>>
> >>> worked fine. But, once indexing was complete, those settings were
> >>> somehow unusable. Staff connection would not work, searches failed, etc.
> >>>
> >>> But when I crank down the thread size to:
> >>>
> >>>ASPACE_JAVA_XMX="-Xmx8192m"
> >>>ASPACE_JAVA_XSS="-Xss1g"
> >>>
> >>> everything goes back to working. There was a server reboot in there as
> >>> well as numerous restarts with config.rb changes and that was the only
> >>> change that I found could address the issues. Through a number of 
> >>> restarts,
> >>> there was nothing in the logs to indicate the issue. Finally got an error
> >>> that suggested Java space issues and tried the lower value and things now
> >>> work (as far as I've tested at least).
> >>>
> >>> Quite a journey so far...
> >>>
> >>> Tom
> >>>
> >>>
> >>> On Wed, Mar 24, 2021 at 9:54 AM Peter Heiner  wrote:
> >>>
> >>>> Tom Hanstra wrote on 2021-03-24 09:25:24:
> >>>> > So, I am now further than I've been yet, at least based upon the
> >>>> logs. But
> >>>> > I still have something not working properly, because when I do a
> >>>> search and
> >>>> > find output, nothing is coming up when I try to look at the found
> >>>> record. I
> >>>> > get the error:
> >>>> >
> >>>> > *We're sorry, but something went wrong.*
> >>>> >
> >>>> > When I've seen that in other applications, it has been a rails issue.
> >>>> Not
> >>>> > sure if that is what is happening here as well.
> >>>>
> >>>> This error should have a corresponding event with at least WARNING
> >>>> level in
> >>>> the frontend/public log (depending on which gave you the error) that
> >>>> you can
> >>>> correlate by event time.
> >>>>
> >>>> > Also, the "Found In" links for the records come back with:
> >>>> >
> >>>> > *The record you've tried to access does not exist or may have been
> >>>> > removed.The record you've tried to access does not exist or may have
> >>>> been
> >>>> > removed.*
> >>>>
> >>>> This would point to the fact that your database and index are not in
> >>>> sync.
> >>>> Given your struggles with indexing I'm starting to wonder if you're
> >>>> reading
> >>>> from the Solr instance you're writing to.
> >>>>
> >>>> p
> >>>>
> >>>> 

Re: [Archivesspace_Users_Group] Indexed - but still some issues

[Peter Heiner]

Tom Hanstra wrote on 2021-03-24 09:25:24:
> So, I am now further than I've been yet, at least based upon the logs. But
> I still have something not working properly, because when I do a search and
> find output, nothing is coming up when I try to look at the found record. I
> get the error:
> 
> *We're sorry, but something went wrong.*
> 
> When I've seen that in other applications, it has been a rails issue. Not
> sure if that is what is happening here as well.

This error should have a corresponding event with at least WARNING level in
the frontend/public log (depending on which gave you the error) that you can
correlate by event time.
 
> Also, the "Found In" links for the records come back with:
> 
> *The record you've tried to access does not exist or may have been
> removed.The record you've tried to access does not exist or may have been
> removed.*

This would point to the fact that your database and index are not in sync.
Given your struggles with indexing I'm starting to wonder if you're reading
from the Solr instance you're writing to.

p

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] MySQL connector question

[Peter Heiner]

Neal, Rick wrote on 2020-10-09 11:47:06:
> I checked my CLASSPATH but found it was empty.  My java is using
> /bin/java.  Could my issues simply be that the CLASSPATH is empty?  Do
> I want to add java to the CLASSPATH by doing this: export
> CLASSPATH=/bin/java and then test to see if everything just starts
> working?

I realise capitalising 'classpath' was a mistake. Some Java apps'
startup scripts make use of this, others use the java binary's -cp or
-classpath flag directly. ArchivesSpace's classpath does not include
system directories like /usr/share/java where the mysql-connector-java
package puts its files. You need to copy or link the connector found in
/usr/share/java/mysql-connector-java-8.0.12.jar to the main
archivesspace/lib directory.

p

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] MySQL connector question

[Peter Heiner]

Neal, Rick wrote on 2020-10-09 11:18:00:
> I am continuing to troubleshoot our mysql issue and have a question about the 
> mysql connector.
> 
> My operating system is RHEL 7.
> MySQL version is:  mysql-community 5.6.49-2.el7
> 
> The instructions sent me to:  https://dev.mysql.com/downloads/connector/j/
> 
> I downloaded:  mysql-connector-java-8.0.21-1.el7.noarch.rpm
> 
> I did a little searching and found that the mysql-community repo has this one 
> available:  mysql-connector-odbc.x86_64 8.0.21-1.el7
> 
> My question is that since I installed mysql from a mysql-community repo 
> should I use the mysql-connector-odbc file from that same repo?  Does it 
> matter which one?

You need mysql-connector-java, I believe the one you downloaded should
be fine. It should be sufficient t have it somewhere in your CLASSPATH.

p

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] MySQL issue

[Peter Heiner]

Neal, Rick wrote on 2020-10-08 12:55:39:
> I then SHOW GRANTS;
> 
> It only lists the grants for the root user.  Nothing about the archivesspace 
> database or user.

Plain SHOW GRANTS operates on the current user, root in your case. You
need to use SHOW GRANTS FOR 'username'@'host';

p

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Aspace-Oauth SAML configuration

[Peter Heiner]

philip.webs...@sheffield.ac.uk wrote on 2020-10-06 17:44:51:
> Hi,
> 
> I'm trying to set up the Aspace-Oauth plugin on ArchivesSpace 2.8.0 to
> enable SAML logins via our institutional IDP. So far, I've managed to get
> the plugin linked to our dev IDP and configured to download the SAML
> metadata. Our IT department has requested that all security assertions are
> at least signed, and preferably encrypted.
> 
> I've also generated a private key and certificate using the commands listed
> in the README.md file in the github repo
> (https://github.com/lyrasis/aspace-oauth).
> 
> openssl genrsa -out rsaprivkey.pem 2048
> 
> openssl req -new -x509 -key rsaprivkey.pem -out rsacert.pem

You can reuse the web server certificate if you already have one.

> 
> The documentation is quite sparse, and doesn't really explain what to do
> next. The config sample given in the README.md has the following parameters
> defined in the example:
> 
> # OPTIONAL: for encrypted assertions
> 
>   :certificate=> "PUBLIC CERT",
> 
>   :private_key=> "PRIVATE KEY",
> 
>  
> 
> What are the expected values for "PUBLIC CERT" and "PRIVATE KEY"? Should
> these be the paths of the rsaprivkey.pem and rsacert.pem files, or am I
> expected to paste the ASCII contents of the .pem files straight into the
> config file?

Both ArchivesSpace and OmniAuth documentation is very sparse but
OmniAuth's own Ruby tests suggest that you need to paste the contents.

> Once this is set up, I also have to define the name identifier format. The
> default setting in the config is 
> 
> "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", and further down
> there is 
> 
> email: ["urn:oid:0.9.2342.19200300.100.1.3"]. I do want to populate the
> email field in the user records in ArchiveSpace's database, but at my
> institution we prefer to use eduPersonPrincipalName
> (urn:oid:1.3.6.1.4.1.5923.1.1.1.6) as an identifier instead of email
> address.
> 
> 
> Hopefully, ArchivesSpace Oauth will support this, and I assume I can just
> substitute "eduPersonPrincipalName" in place of "emailAddress" in the config
> file.

Yes, this should work with any unique attribute. 

> The README.md file also refers to some 'project documentation', but I
> haven't been able to find this anywhere on the community documentation. Is
> there any other documentation other than the README, and if so, where is it?
> 
>  
> 
> Once this is all set up, I'll have to send some metadata to our IT
> department. I'm hoping that there is an endpoint somewhere that I can point
> a browser at and get the generated metadata for the service, so I can just
> pass that on. Again, it's not clear if such a thing exists - or how I'd go
> about accessing it.
 
OmniAuth docs at
https://github.com/omniauth/omniauth-saml/blob/master/README.md#sp-metadata
suggest the URL will be /auth/saml/metadata on your server.

I am really looking forward to hearing how this worked out, adding SAML
authentication is something I'm trying to schedule for one of my next
sprints.

p

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Containerised ArchivesSpace in production

[Peter Heiner]

Joshua D. Shaw wrote on 2020-09-29 13:25:43:
> I've created a git repo that describes our Docker setup. I hope it'll
> be enough to get people going, but please feel free to send me an
> email with questions.
> 
> https://github.com/dartmouth-dltg/aspace-docker

Thanks for this. How do you run your containers, do you use an
orchestrator like Docker Swarm or Kubernetes in production?

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Permission denied question

[Peter Heiner]

Neal, Rick wrote on 2020-09-30 20:19:08:
> YES!  We moved from RHEL 6 to RHEL 7.

On RHEL you may have to issue a

setsebool -P httpd_can_network_connect 1

as root to allow Apache to be able to connect to the network and act as
a proxy. I don't think much of the defaults have changed between the
two, so my second best guess will be Location blocks in the config if
this does not work.

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Permission denied question

[Peter Heiner]

Neal, Rick wrote on 2020-09-30 19:48:29:
> Blake,
> 
> I just copied my mysq-connector over to the new server (version 2.5.2) from 
> the old server (version 2.5.0) when I installed AS.   That file is:  
> mysql-connector-java-5.1.24.jar.  Should I have used a different file and, if 
> so, where do I get it from?
> 
> These are the only lines uncommented in config.rb:
> AppConfig[:db_url] = 
> "jdbc:mysql://localhost:3306/archivesspace?user=deputydog=secretsquirrel=true=UTF-8"
> AppConfig[:oai_repository_name] = 'ArchivesSpace OAI Provider'
> AppConfig[:oai_proxy_url] = 'http://aspace.richmond.edu:8082/'
> AppConfig[:oai_record_prefix] = 'oai:archivesspace'
> AppConfig[:oai_admin_email] = 'em...@school.edu'

The error message you got means Apache tried to pass the request on to
AS, but the configuration prevented it from doing that. This can happen
because of server defaults or settings within a Location block in the
Apache config. Does the new server have a different version of the OS or
a different distribution?

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

[Archivesspace_Users_Group] Containerised ArchivesSpace in production

[Peter Heiner]

Dear list,

For want of a better list to send this, I have a few questions regarding
running ArchivesSpace containerised. List archives suggest this has not
been brought up in a while and it was exactly a year ago that Laney
McGlohon added words to docs/user/docker.md reading 'Docker is not
supported as an install method'. Whilst I believe I have a pretty good
idea of at least some of the answers, I think it might be useful to know

 - if people run it in production using containers all the same;
 - what the developers think the obstacles are to it being supported as
   containerised workload;
 - what they think needs to happen for it to become supported;
 - what can the community do to advance this.

I currently maintain several Docker-based development and staging
instances and several other systems including user training and
production systems that run bare, and it would be lovely to be able to
optimise the latter away, so my interest in this is not at all academic.

Thanks,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Survey on API usage

[Peter Heiner]

Dear Adrien,

Can you please send me the text?

Thanks,
p

Hilton, Adrien wrote on 2020-07-30 19:30:24:
> Apologies, the wiki page for background info is restricted, and permissions 
> are at a much higher level. If folks are interested, feel free to reach out 
> and I can share the text with you individually.
> 
> Best wishes,
> Adrien
> 
> From: archivesspace_users_group-boun...@lyralists.lyrasis.org 
>  On Behalf Of 
> Hilton, Adrien
> Sent: Thursday, July 30, 2020 1:58 PM
> To: Archivesspace Users Group 
> 
> Subject: [Archivesspace_Users_Group] Survey on API usage
> 
> Dear Colleagues,
> 
> At Harvard Library, our Library Technology Services unit is exploring how to 
> support usage of the ArchivesSpace API. We've compiled a brief survey that 
> we're hoping you can fill out. It will take about 20-30 minutes to complete. 
> Your responses will be incredibly useful in helping us to establish 
> sustainable models for maintenance and support.
> 
> https://docs.google.com/forms/d/e/1FAIpQLSd_-Tx8xllx-vvVrTgBHKGhQ3XvgxZriZ_dni_bbJugHBoX1A/viewform?usp=sf_link
> 
> You can find background information about the project here: 
> https://wiki.harvard.edu/confluence/pages/viewpage.action?pageId=254280364
> 
> Responses by August 14th would be wonderful!
> 
> Thanks in advance,
> Adrien
> 

> ___
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group@lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] Error updating resource records through API

[Peter Heiner]

Huebschen, Alan M wrote on 2020-04-17 14:26:24:
> I've been attempting to update existing resource records through the API, the 
> records already exist and I'm trying to upload modified versions of the JSON 
> but I'm getting an error in response.
> 
> 'error': 'The record you tried to update has been modified since you fetched 
> it.'

To update a record, you first need to fetch it to get its lock_version.
The API will only allow updates to a resource with a lock_version
greater than the one stored in the database, so you'll need to post your
data including lock_version+1.

Hope that helps,
p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] RuntimeError: Schema Info Mismatch

[Peter Heiner]

Apologies for sending HTML mail to the list, I have failed to set my
GMail up correctly. Reproducing in plain text for convenience.

On 10 Dec 2019 21:42, "Boggio, Jerry"  wrote:

> Could someone please provide more information on the meaning of this
> message? In particular, what is represented by the “Expected” and
> “received” values?
>
> RuntimeError: Schema Info Mismatch. Expected 97, received 120 for
> ASPACE version v2.3.0

This means that the database has at some point been updated using
ArchivesSpace 2.6.0 (you can find the corresponding schema version
number in the release notes), but a version 2.3.0 instance has now been
started over it. This happened to me some time ago when I updated a
symlink pointing to my current installation to point to the new version
but configuration management has reset it to point to the old
one.

Generally, I would recommend moving forward with the application
version and not back with the database version, even if there are
facilities to do the latter.

p
___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

Re: [Archivesspace_Users_Group] RuntimeError: Schema Info Mismatch

[Peter Heiner]

On 10 Dec 2019 21:42, "Boggio, Jerry"  wrote:

Could someone please provide more information on the meaning of this message? In particular, what is represented by the “Expected” and “received” values?
 
RuntimeError: Schema Info Mismatch. Expected 97, received 120 for ASPACE version v2.3.0This means that the database has at some point been updated using ArchivesSpace 2.6.0 (you can find the corresponding schema version number in the release notes), but a version 2.3.0 instance has now been started over it. This happened to me some time ago when I updated a symlink pointing to my current installation to point to the new version but configuration management has reset it to point to the old one.Generally, I would recommend moving forward with the application version and not back with the database version, even if there are facilities to do the latter.p___
Archivesspace_Users_Group mailing list
Archivesspace_Users_Group@lyralists.lyrasis.org
http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group