Running production OJS site with Git for Dummies (like me)

Hi to all git users,

Since PKP is not doing patch upgrades anymore, I am planning to move our production serve to use git. There are some instructions on how to use git in the pkp wiki, but these are more from the viewpoint of development (the instructions there actually do not mention the use branches at all, which for me is the easiest way to manage my pr’s http://blog.scottlowe.org/2015/01/27/using-fork-branch-git-workflow/).

What I would like to scratch together are simple instructions on how to maintain and upgrade production OJS site with git. This is what I have so far.

I would like to hear if someone is already running a production with git and maybe some experiences on good workflows or suggestions/answers to the workflow described below?

Installing and running production OJS with git

Installing git and composer

Git

https://git-scm.com/book/en/v2/Getting-Started-Installing-Git

Composer

curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/local/bin --filename=composer

Installing OJS

Clone OJS, fetch pkp-lib and checkout the most recent stable branch
git clone https://github.com/pkp/ojs.git # creates a new folder calls “ojs”, you should rename this (for example public_html) or edit server settings to correspond to this folder
cd ojs
git submodule update --init --recursive
git checkout ojs-some-stable-branch

Get composer dependencies and checkout the same branch from pkp-lib as above
cd lib/pkp
composer update
git checkout ojs-some-stable-branch
cd ../..

Create config.inc
cp config.TEMPLATE.inc.php config.inc.php

Change ownership for some folders/files
chown -R apache:apache public # apache:apache part depends on the os
chown -R apache:apache cache
chown apache:apache config.inc.php

Create files dir
cd .. # move outside the ojs folder
mkdir files
chown apache:apache files

Visit the site with a borwser and install OJS

Questions:

  • Have you first created an own fork, or do you just clone the ojs.git from PKP?
  • Do you have your repository in Github?

Upgrading OJS

This is all I have right now and this is the part that is also not documented at the moment.

git rebase --onto <new-release-tag> <previous-release-tag>

php tools/upgrade.php upgrade

Questions:

  • How do you handle config.inc.php, public-folder contents, own plugins, changes in the core code? Is using rebase enough?
5 Likes

You forgot to mention that most of those commands need to be executed with root-rights (as in sudo).

I want to add that this way everytime you make changes to your files (as in updates or adding a new installation) you’ll be forced to update the user rights. You can also just set the guid flag and then use ACL to set a standard. You can also add several users to the user group apache (or equivalent in your os, like www-data in Debian) so that by default every new file has the correct user rights and you don’t need sudo/root access to modify anything.

usermod -a -G <apache user group> <username> # adds <username> to <apache user group>
mkdir /<path of your installation> # create folder
chgrp <apache user group> /<path of your installation> # change ownership to <apache user group>
chmod -R g+rwx /<path of your installation> # change rights for group owner
chmod -R g+s /<path of you installation> # set guid bit
setfacl -d -m g::rwx /<path of your installation> # set ACL default for group owner to read-write-execute
setfacl -d -m o::rx /<path of your installation> # set ACL default for others to read execute

If I haven’t missed anything this should set default access rights to the specified folder in a way that the apache user group will be able to access those files. So after executing those commands you can clone the repository into that folder and they are by default accessible by Apache via group ownership and you won’t need sudo anymore to make changes in that folder. If another user needs access as well, just add that user to as well.

1 Like

Thanks!

So you are basically giving the whole ojs folder to the apache user? I have usually just given access to public, cache and files.

agreed, that’s pretty wide open. I usually leave the ownership to the account, and group set to the apache user, and make it group writeable, but only those folders strictly required. If you’re running in a suphp environment, the php will not execute if it’s not owned by the user account it is trying to run within.

Thanks mate.
Was looking for this solution.
But I need solutions for shared server.

Regards
Anupent

Hi all,

We prefer a solution that runs PHP scripts under your user account (rather than the apache user). This will require a CGI or FastCGI configuration, as opposed to mod_php, which always runs as the apache user.

In this case it’s possible to have your scripts etc. belong to a normal user, and to never need su/sudo in the course of regular operations. And correspondingly it means you don’t have to reset permissions every time you edit something.

mod_php is easy to set up and performs well, but it you’re running on a shared server, it’s hard to make it secure, since all applications execute under the same user account.

Regards,
Alec Smecher
Public Knowledge Project Team

In this case, yes. But you can also remove or alter default ACL settings for specific folders after cloning OJS into your folder.

I don’t really see the point in excluding specific folders as the sensitive data (passwords) are stored in config.inc.php, which is secured itself. Basically all the other files are publicly available on git so I don’t really see the point. But you could also use a .htaccess file to block other folders.

I was working in something similar for my OJS Dockerfiles.

Please, notice it won’t work for OJS 3.1.0 unless you include node.js support.

https://pkp.sfu.ca/wiki/index.php?title=Github_Documentation_for_PKP_Contributors#Install_Node_dependencies

Cheers,
m.

2 Likes

I am trying to use Git but with your comment I understand… my problem is I did not install node.js

After git pull and composer dependencies, try with this:

$ npm install
$ npm run build
$ npm run dev   # avoid this on production environments.

I didn’t check but it’s supposed to work.

Cheers,
m.

1 Like

Hi @ajnyga, @asmecher

If I use Git for desktop and maintain it in my computer, can I make a package like PKP team does for the release?

Regards,

Hi @anupent,

We use tools/buildpkg.sh to build our .tar.gz files from the git repository.

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like

Hi @asmecher,

I run bash command as in this pastebin and I get a lot of responses which looks good but I do not find a .tar.gz file. Can you let me know what I am doing wrong and what exactly I need to do to package the files from the git repo.

https://pastebin.com/3jMfiabS

Best regards,

Hi @anupent,

That’s a shell script, not PHP code – run it without using the PHP interpreter.

Regards,
Alec Smecher
Public Knowledge Project Team

Thanks @asmecher,
I got a tar.gz package of 23 MB. Will install in localhost later.

Best regards,

I’d also like to generate a package using buildpkg.sh tool, but I don’t know what to use as argument? I tried “master”, “3.1.0.1”, but I’m getting a git error: Cloning git://github.com/pkp/ojs.git and checking out tag ... fatal: Too many arguments.

What are you using as arguments for buildpkg.sh?

Hi @AlesKladnik
Hope this helps,

image

It gives a file ojs-master.tar.gz 23MB in size.

Best regards,

Nice, thanks man! bash buildpkg.sh master master worked, got the package.

Did you have to upgrade the database to use that build? I’m currently running 3.1.0-1

Cheers, Ales
`

I am not sure but I feel running upgrade won’t harm anything. (Need confirmation). Tagging @asmecher here.

Hi all,

If you’ve built a package from the master branch, that’ll be the as-yet-unreleased version that will become OJS 3.1.1 shortly. However, this code hasn’t been completed, and you may run into the occasional issue. I’d suggest taking a full backup of your system, and note that we may not be able to support issues that arise from using pre-release code.

Regards,
Alec Smecher
Public Knowledge Project Team

1 Like