Once in a while, we get support requests from content managers to give their users privileges to publish using neb.
neb publish sends a request to
cnx-press in order to publish content
on legacy.
Content managers are mostly using content01.cnx.org, content02.cnx.org, content03.cnx.org etc.
Devops create new users for them on the servers following this wiki page.
In order to publish using neb, the user needs to have the Maintainer role
on legacy (and in the database).
You can ask the user to run
neb ping <server> -u <username> -p <password>
in order to check whether they have the right credentials and whether the user has permission to publish.
Example outputs:
Bad credentials:
{"messages": [{"id": 5, "message": "Unauthorized", "error": "Nothing to see here."}]}
Publishing not allowed:
{"messages": [{"id": 5, "message": "Unauthorized", "error": "Nothing to see here."}]}
The user has permission to publish on this server.
Server error (status code: 500)
Internal Server Error
The server encountered an unexpected internal server error
(generated by waitress)
If neb ping is returning server error, you will need to look at the logs on
the server.
ssh into the server and check that press is running:
sudo supervisorctl status
it should show:
...
press:press-0 RUNNING pid ...
press_worker:press_celery_worker0-0 RUNNING pid ...
...
If they are not running, you can do this to start them:
sudo supervisorctl start press: # to start press
sudo supervisorctl start press_worker: # to start press_worker
If everything is running, you'll need to look at the logs to figure out what is wrong:
sudo less /var/log/supervisor/press*
Check that the user is able to use the username and password to log in to the legacy site.
If the user is able to use the same password to log in to the legacy site but
neb ping is returning "Bad credentials", it's possible that the password hash
in the database is empty.
To check, ssh into the server, do:
PGHOST=localhost psql -U rhaptos repository
select * from persons;
^ Or filter by username by doing select * from persons where personid = 'xxx';
Check that the passwd field is not empty.
If it is empty, you will need to run update_users_passwds_roles.py:
cd /var/lib/cnx/cnx-buildout
bin/instance run scripts/update_users_passwds_roles.py
Check the persons table again, the passwd field should not be empty
anymore.
Ask the user to do neb ping again to confirm it's working.
Check what roles a user has on legacy:
-
Log in to the legacy site, e.g. https://legacy-content01.cnx.org
-
Click on "Site Setup" at the top right corner
-
Under "Plone Configuration", click on "Users and Groups Administration"
-
In the "User Search" form, click on "Show all" or search for the specific user.
-
See if the user has the "Maintainer" checkbox checked.
-
If it is not checked, you can add the role on that page.
You can ask devops to add a user for you on that server.
Devops would run addRhaptosUser.zctl which contains code to enable all role checkboxes.
Then you can add the Maintainer role to the user that needs it.
If the legacy site is showing that the user has the "Maintainer" role, but neb ping is saying that the user cannot publish...
It's possible that the postgresql database is out of sync, you can check that
by sshing into the server and then:
PGHOST=localhost psql -U rhaptos repository
select * from persons;
Or filter by username by doing select * from persons where personid = 'xxx';
You should see "Maintainer" in the groups field.
If you don't see that, you will need to run update_users_passwds_roles.py:
cd /var/lib/cnx/cnx-buildout
bin/instance run scripts/update_users_passwds_roles.py
Check the persons table again, the groups field should have "Maintainer" in
it.
Ask the user to do neb ping again to confirm it's working.