Leginon

Looks like the whole HTTPS -> HTTP part may be a separate problem. I've moved the code to a space served by HTTP:


http://portal.nebiogrid.org/apps/myamiweb


but I'm getting the same error.

I'm going to investigate this HelpBalloon.js issue a bit more. Any suggestions on where PHP errors/logging would show up? I don't see anything in the apache logs (other than the HelpBalloon.js error mentioned in the original post).

Cheers,

Ian

Hi Ian!
To solve the above error, please open the file “/myamiweb/setup/template.inc”, remove lines from 12 to 28, but leave the line 15. Basically remove all the code for javascript.

I was going to use HelpBalloon.js to do dynamic documentation for the setup wizard, but it has not got implement yet. I am not sure why it shows error on your browser, because normally if there are any javascript missing files, the browsers just ignore it and won’t do the functionality. But good thing you catch this.

Thanks.
Eric

I just downloaded HelpBalloon.js from http://www.beauscott.com/2008/03/02/helpballoonjs-version-20/ and put it in the necessary location, and that got rid of that error message.

As for the bigger problem, it looks to me like there is a missing step for the web-based installation procedure: the user needs to do:


cp myamiweb/config.inc.php.template myamiweb/config.inc.php


I don't know if this will allow the web-based setup to work. Once I realized this file existed and read the instructions a little more carefully I decided just to do "manual" configuration by editing the config.inc.php file directly.

NOTE: The instructions say "strongly recommend you use the web interface the first time". Since this didn't work, and configuring the file manually did seem to work, I just skipped the web step. Then, on closer examination, I couldn't really do anything once I went to:

https://portal.nebiogrid.org/secure/apps/ami

I used phpMyAdmin to look at the DBs and discovered that they hadn't been initialized. It looks like the DB initialization is only possible through the web i/f. A note to this effect should be added to the manual config, or instructions on how to CLI init the DB should be provided.

I went through the web i/f from the start, but when I got to the "Database Initialization" section at this URL:

https://portal.nebiogrid.org/secure/apps/ami/setup/initDBTables.php

and then select "Next" to create the tables, I am redirected to:

https://portal.nebiogrid.org/secure/apps/ami/setup/setup/index.php

which does not exist (note the setup/setup). If I try fixing the URL, I'm just passed back to the start of the web i/f configuration.

Looking at the initDBTables.php I can see that the FORM POST goes to initTablesReport.php. Presumably what is happening is some kind of error which just kicks back a redirect to setup/index.php (in fact, I guess this is probably a default response, and since the "current" directory is already setup, it ends up in setup/setup). I have no idea how to effective debug this. The only thing I can point to is an error in the ssl_error.log which I think is completely unrelated:


File does not exist: /storage/data/web/secure/apps/ami/project/setup, referer: https://portal.nebiogrid.org/secure/apps/ami/index.php


I believe this is just from browsing to the main AMI web page:

https://portal.nebiogrid.org/secure/apps/ami

Suggestions on how to proceed with debugging this would be appreciated. I'd be happy to give you guys access to phpMyAdmin and the DB password if you have time to help.

Ian

Ok Ian, looks like the problem is that the web directory folder is named "ami" in your installation rather than "myamiweb".

We have a bit of code in leginon.inc that is expecting "myamiweb":

// loop through each parents folder until found the config.php file.
// stop the loop if outside the myamiweb main folder.

while($noConfigFile = !file_exists(getcwd()."/config.php")){

    if(!preg_match("/myamiweb/", getcwd()))
        break;
    chdir('..');
}

I would change the name of your folder to myamiweb.
You could edit the code, but then you would need to edit it again if you upgrade before we put a better solution in there for finding the config file. [UPDATE: we already changed this code in our development branch in r15218. Versions later than r15218 of Appion are not limited to "myamiweb".]

After changing the name, run the setup wizard again, making sure any references to "ami" have been changed to "myamiweb" if there are any. Then try the DB initialization again.

Just adding these notes from Ian to this thread:

What happened when you tried to run the setup wizard the first time?

I just stayed stuck on the first setup page. A few notes that may be
relevant:

• only runs over HTTPS
• "top" directory is /secure/apps/ami
• httpd server running as "webportal" user, not "apache" (I already
  discovered the hard way that this led to some other PHP problems --
  these may still persist). "webportal" is now in the "apache" group, and
  this solved at least some problems.

You're 30 minutes ahead of me. I was learning some PHP debugging skills and found that exact problem I was about to email to you. FWIW, the other places that seem to have existing references to myamiweb are:


config.php
setup/autoInstallSetup.php


I've now created everything necessary, as far as I can tell, and come to the end of the installation instructions, however it looks like anyone can access the system, including the setup:

https://portal.nebiogrid.org/secure/apps/ami/
https://portal.nebiogrid.org/secure/apps/ami/setup

How do I make it so there is user login?

How do I restrict "setup" only to administrators?

Even better, is there any way I can tie in Appion login to our existing LDAP user database?

Thanks,

Ian

Opps, we changed your config file to disable the login system while looking into the problem. Just run the setup wizard and make sure to select the option to Enable Login. You had it right the first time.

Appion does not provide a way to restrict access to the setup page, but users do need the database password to start it. Since the DB password is available in the config.php file, people who can read that file can find out the password. You could change the permissions on the Setup folder itself so that it can't be accessed, and only allow access when you need to use it.

Nothing in place yet for LDAP. Perhaps in the future.

OK, user login works, next round of questions:

1. I think there is a bug in this SQL command which I was told to run:

mysql> GRANT DELETE ON leginondb.ImageStatusData TO 'usr_object'@'portal.nebiogrid.org';
ERROR 1146 (42S02): Table 'leginondb.ImageStatusData' doesn't exist

The ImageStatusData table does not exist. Is this supposed to be "ImageCommentData"?

2. We can't have just any user register themselves with the system -- we need admins to be notified when a request is submitted, and the admin needs to approve the account.

3. Is it correct that regular users can't create a new project? It appears that only "administrators" can do this.

4. The [Appion Stats] link from the uploadimage.php page returns a "Permission Denied" message, even for administrator users:

https://portal.nebiogrid.org/secure/apps/ami/processing/procsummary.php?expId=

This could be because I haven't figured out how to configure "processing" correctly yet. (I haven't done the last step "Remote Processing").

5. It sounds like users need to have ssh access to the system where Appion is running, is that correct? Or is there a browser-only method for uploading files? We already have a strong WebDAV mechanism for users to get files to:

https://portal.nebiogrid.org/p/home/USERNAME

Is there some equivalent per-user (or per-project) location on the file system that Appion uses that we could link into? We could do our own custom work to setup the access controls to manage file upload/download. We'd want any processing to put files in the same per-user or per-project location.

Thanks for all your help! I'm excited we got this up and running (well, more or less) in 2 days.

Ian

1. I found references to ImageStatusData in the code. The table may not be created until everything is run, in which case the directions to grant privileges on it during installation are incorrect. I'll look into it further and let you know.

2. The way we have user privileges set up, all users belong to a group that has specific privileges to accesss data or tools. When a user registers, they are added to the group that has the least amount of privileges. From this group, they cannot access any admin tools and thay can't see any data that has not been specifically shared with them. When they look at the Project listing, they will see nothing and will not be allowed to create a new project. The Image Viewer will not list any projects or experiments.

For the user to have access to experiment data, the owner of the project must specifically share the project or specific experiments with the user.

3. Yes, only admin can create new projects. Here is some information on Groups: http://emg.nysbc.org/projects/appion/wiki/Groups
You bring up some good points. If only admin can add a new project, the admin has to collect all the info from someone who wants to start a project and enter it for them. Yuk.

At AMI we have a web form to submit a project. Once submitted, we are notified that it was created, but it is available right away. So, any one in our building could apply for an account, create a project, upload images and begin processing. Of course, they can only see their own data, and can only process on machines that they already have a password for.

We could certainly make some improvements in our user authentication, approval and privileges to make the system more flexible. I'll see what we can do short term, if you have any suggestions, feel free to share!

4. the appion stats link is not working in our dev version either. I'll log a bug for it.

5. I'll ask our expert on that and get back to you!

OK on number 5.
Yes, users need ssh access on the appion system. The command to upload images can be run from the browser, so there is no cut and paste into the terminal, but the user still needs to log into appion which will supply the username and password to log into the appion processing machine.

We need to use appion upload tool to make sure the database is updated with the information. Also, the upload tool copies the images to a new directory and renames the images to our naming format so that the original data is never touched by Appion processing routines.

You can configure where the uploaded images are copied to on a per user level.
Each user will need a copy of leginon.cfg in their home directory and the [Images] path needs to be set to your desired path.

[Images]
path: /home/amber/uploadedimages

I'm not sure how you would integrate webDAV, since we need to execute the upload procedure to update the database. Perhaps you could change the code to not copy images, just rename.

Regarding ImageStatusData, you can ignore it. The feature that used it has been disabled. I'll remove it from the documentation.