BlueSpice Operating Manual
- 1 Objective
- 2 Overview
- 3 System architecture and interfaces
- 4 Installation and system requirements
- 5 Start and interrupt the service
- 6 Standard operations
- 7 Key performance indicators
- 8 Known restrictions
- 9 Archiving and deletion of data
- 10 Security and compliance
The objective of this operating manual is to enable you to run BlueSpice smoothly and successfully in your IT environment. It aims to answer your questions as deciders, IT auditors and server administrators, such as:
- Where do I get information about BlueSpice and its development?
- What do I have to consider when operating BlueSpice?
- How do I backup and monitor BlueSpice?
The most current version can be found at https://wiki.bluespice.com . This manual is designed to provide general information. Feel free to copy it over to your local BlueSpice and amend it according to your process and documentation requirements. Since the IT environment can change over time through updates and restructuring, it is advisable to check the information in the operating manual for being up-to-date.
BlueSpice is a webbased client-server application. On the server side, it uses a web server (Apache, IIS, Nginx), the script language PHP, a database (MySQL or MariaDB), a JAVA application server (Tomcat or Jetty), Elasticsearch, and a NodeJS service (Parsoid). There are several binaries required on the server, such as phantomJS and Imagemagick.
BlueSpice can be run in a distributed environment. All services can be put on individual servers (web server + PHP, database, application server, Elasticsearch). A common scenario is to scale the web server and PHP horizontally.
Typically, inhouse deployments of BlueSpice consist of a production environment and a corresponding test environment. In scenarios with elevated SLAs, an additional QA environment is used as an intermediary before production.
Owners, responsible persons and contacts
BlueSpice is developed and maintained by
- Hallo Welt! GmbH
- Maximilianstraße 9
- 93047 Regensburg
For technical questions, please contact Hallo Welt! GmbH support at email@example.com.
For questions about your contract, please contact the Hallo Welt! GmbH sales team at firstname.lastname@example.org .
Typically, BlueSpice instances run 24/7. Operations are managed by the organization's IT department or their service providers. Hallo Welt! provides support and guidance during their office hours (8am - 6pm CET/CEST).
System and version history
All BlueSpice versions are documented in the BlueSpice helpdesk: https://en.wiki.bluespice.com/wiki/Setup:Release_History
All changes can be retraced in our current and archived release notes: https://en.wiki.bluespice.com/wiki/Setup:Release_Notes
BlueSpice maintains an online documentation which is continuously kept up to date: https://en.wiki.bluespice.com
There is also a user manual: https://en.wiki.bluespice.com/wiki/UserManual:User_Manual_Introduction
Administration is documented here: https://en.wiki.bluespice.com/wiki/UserManual:Admin_Manual_Introduction
In addition, there is a community forum: https://sourceforge.net/p/bluespice/_list/tickets
News about the product can be found in our blog: https://bluespice.com/category/news-know-how/
Also, BlueSpice maintains a newsletter. Sign up here: https://bluespice.com/
For more information, follow us on Twitter: https://twitter.com/BlueSpiceTweets
Installation manual Windows/Linux (including upgrade instructions)
BlueSpice maintains an online installation manual: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide
System architecture and interfaces
The following section gives an overview of the components of BlueSpice and how they interact with each other and the environment.
BlueSpice is a web application which can be integrated with your IT environment, most notably LDAP and email.
Internally, BlueSpice has several components which are responsible for parts of the functionality.
Vertically distributed architecture
For simple scaling, some services can be externalized to other physical or virtual servers.
Horizontally distributed architecture
For high traffic or high availability demands, BlueSpice can be set up to scale horizontally.
Components and responsibilities
Servers, operating system, licenses and software infrastructure are typically managed by your organization's IT.
Hallo Welt! typically manages the application and required components.
There may be special contractual agreements.
External interfaces (to other organizations)
Technically, BlueSpice can be set up to operate completely self-contained (contact our support if you have questions about your instance). On the server, no external sources are queried. In the standard installation, there are content modules which draw data from external sources on the client side (browser):
- draw.io: The diagram tool is loaded directly from draw.io. All content remains on the BlueSpice wiki.
- maps: Embedded maps are collected from Google or OpenStreetMap.
- widgets: The purpose of widgets is to display content from public sources like YouTube.
On the organizational side, the team of Hallo Welt! GmbH typically provides 3rd level support for subscribed BlueSpice instances. Hallo Welt! GmbH teams up with the internal IT of the organization as well as with IT infrastructure providers of our customers.
IT internal interfaces
A standard BlueSpice installation connects to the following services in order to be fully functional:
- User directory: BlueSpice can be configured to authenticate against a company user directory (typically Active Directory). The protocols used are LDAP and SAML.
- Email: BlueSpice needs to be connected to an email server in order to send notifications.
BlueSpice comes with an API interface.
- For instructions on how to handle the API, see here: https://www.mediawiki.org/wiki/API:Main_page
- For a comprehensive list of API modules, see here: https://en.wiki.bluespice.com/w/api.php
Installation and system requirements
The current system requirements are documented here: https://en.wiki.bluespice.com/wiki/Setup:System_requirements
All BlueSpice components are listed in the software catalogue: https://en.wiki.bluespice.com/wiki/Setup:Software_Catalogue
Changes in configuration
Changes in configuration can occur in minor and major releases. Please consider the upgrade information provided here: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide/Upgrade
Start and interrupt the service
In order to start up BlueSpice, all the required services need to be running. Please make sure you start the services in the order given here:
service mysql startOR
systemctl start mysql
Application server (Tomcat or Jetty)
service jetty9 startOR
systemctl start jetty9
service elasticsearch startOR
systemctl start elasticsearch
pm2 start /opt/parsoid/bin/server.jsOR
systemctl start parsoid
service apache2 startOR
systemctl start apache2
In order to shut down BlueSpice, all the required services need to be stopped. Please make sure you stop the services in the order given here:
service apache2 stopOR
systemctl stop apache2
pm2 stop /opt/parsoid/bin/server.jsOR
systemctl stop parsoid
Application server (Tomcat or Jetty)
service jetty9 stopOR
systemctl stop jetty9
service elasticsearch stopOR
systemctl stop elasticsearch
service mysql stopOR
systemctl stop mysql
After changes to the configuration, the service with the changed configuration needs to be restarted.
service apache2 restart
pm2 restart /opt/parsoid/bin/server.js
Application server (Tomcat or Jetty)
service jetty9 restart
service elasticsearch restart
service mysql restartOR
systemctl restart mysql
Unplanned server outage
Identify which service is not running and restart this service.
- All users are managed in the application. For details, see https://en.wiki.bluespice.com/wiki/Manual:Extension/BlueSpiceUserManager
Recurring background tasks
BlueSpice is set up to conduct some tasks in the background. These are
Detailed backup instructions can be found here: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide/Advanced/Backup
Apart from the common parameters to monitor (disk space, CPU load, memory usage), the following services can be monitored for availability:
- Web server: ping the login page of the wiki: <wiki_url>/Special:Login
- Database: check database connectivity with username and password authentication.
- Parsoid: check port 8000 connectivity via 127.0.0.1
- Elasticsearch: check port 9200 connectivity via 127.0.0.1
If any of those services is not available, BlueSpice is either not operational or experiencing functional restrictions.
In case of errors, please consider the error logs. These are:
- For the web server, check the web server's error log and php error log.
If one or more services are not working:
- Check the available system resources, in particular the free disk space
- Restart all services
If the problem persists, contact BlueSpice support.
Key performance indicators
Standard parameters for servers apply:
- Disk space < 80% usage
- CPU load should not peak to 100% for more than 1s
- Load average should not be more than CPU core count
- Average memory usage should not exceed 90%
- For GNU/Linux systems, try to avoid high swap space usage.
For a standard server sizing (4 cores, 8 GB ram), the number of average simultaneous users is optimized for 25 per server. This means, one server can handle about 125 concurrent users.
The php error log should not report any FATAL or WARNING messages
The reference page Special:Version should load under 4s without browser cache and under 2.5s with browser cache enabled.
This is now services map onto BlueSpice functionality:
- Web server: required for BlueSpice basic operations
- Database: required for BlueSpice basic operations
- Tomcat: required for PDF and VisualDiff
- Elasticsearch: required for ExtendedSearch and various title select boxes. Will fallback to standard MediaWiki search if not available.
- PhantomJS: required for rendering article preview images.
- Parsoid: required for VisualEditor. Note: in BlueSpice 4.0 this is no longer required.
All services other than web server and database are optional. If not present, the named functionality will not be available.
Updates of major and minor level might require a system downtime due to database migration operations.
Response times are dependent on the server resources, foremost CPU power.
The number of concurrent users a server can handle is directly related to server memory size and CPU power.
Please note: we strongly recommend having a separate testing system. This can be used for update/upgrade preparation, debugging and collecting sizing information. If no testing system is present, occasional downtimes may occur when debugging and maintenance operations are conducted.
Archiving and deletion of data
Variable data (Strongly growing data)
The following locations store variable data, which is not recoverable in case of data loss, and must be backed up regularly:
- The database stores most data of BlueSpice, including articles, users and action logs.
- The images folder stores all uploaded files.
There is some secondary data stored in Elasticsearch (for BlueSpice Social and Statistics). This data can be fully recovered from the primary data stored in the database.
Master data (Slowly growing data)
The following locations store master data, which requires considerable effort to recover in case of data loss and should be backed up regularly:
- LocalSettings.php and LocalSettings.BlueSpice.local.php contain the basic configuration including sitename, security keys and database access.
- settings.d folder contains information about activated extensions.
- extensions/BlueSpiceFoundation/config folder holds information about namespace setup and permission configuration.
- Templates and skins
- extensions/BlueSpiceFoundation/data folder holds PDF templates.
Log files and error files
- Php error log:
/var/log/php-fpm.log(Only for php-fpm service)
- Apache access log:
- Apache error logs:
/var/log/apache2/*error.log(Also includes PHP errors)
- Browser console
- Parsoid log:
/var/log/parsoid.log(systemd and init.d)
- Tomcat: By default logging is turned of. Depending on system, logging can be enabled via configuration XML files.
- Windows event log: MS Windows logs are not txt format. Access is possible via Event Viewer
Security and compliance
For standard operations, BlueSpice does not require Internet access. BlueSpice does not make any outgoing calls. See section External interfaces for details.
In our default setup, the client will access draw.io for editing diagrams. Here, only application data is loaded from the site. No content data will be passed on to draw.io. On request, Hallo Welt! can install an on-premise version of draw.io (additional charges apply).
Auxiliary service data access
Tomcat, Elasticsearch and PhantomJS will receive data from BlueSpice core components. They are agnostic to access rights and do have full access to all data stored on BlueSpice. It is therefore recommended to restrict access to these services to localhost or the web server's IP address. In case Hallo Welt! performs the installation, this is the default setup. No external access to these services shall be permitted.
GDPR compliancy is handled by BlueSpice Privacy Center. More information can be found here: https://en.wiki.bluespice.com/wiki/Manual:Extension/BlueSpicePrivacy
For all legal information, including the Subscription contract, GDPR information and DPA, Anti Bribery Policy and Software catalogue, please refer to the BlueSpice homepage: https://bluespice.com/legal-documents-and-guidelines/