No categories assigned

BlueSpice Operating Manual

Objective[edit | edit source]

The objective of this operating manual is to enable you to run BlueSpice smoothly and successfully in your IT environment. It aims to answer your questions as deciders, IT auditors and server administrators, such as:

  • Where do I get information about BlueSpice and its development?
  • What do I have to consider when operating BlueSpice?
  • How do I backup and monitor BlueSpice?

The most current version can be found at https://wiki.bluespice.com . This manual is designed to provide general information. Feel free to copy it over to your local BlueSpice and amend it according to your process and documentation requirements. Since the IT environment can change over time through updates and restructuring, it is advisable to check the information in the operating manual for being up-to-date.

The structure of this manual is based on the recommendations of the German Federal Office for Information Security, which can be found here.

Overview[edit | edit source]

System overview[edit | edit source]

BlueSpice is a webbased client-server application. On the server side, it uses a web server (Apache, IIS, Nginx), the script language PHP, a database (MySQL or MariaDB), a JAVA application server (Tomcat or Jetty), Elasticsearch, and a NodeJS service (Parsoid). There are several binaries required on the server, such as phantomJS and Imagemagick.

BlueSpice can be run in a distributed environment. All services can be put on individual servers (web server + PHP, database, application server, Elasticsearch). A common scenario is to scale the web server and PHP horizontally.

Typically, inhouse deployments of BlueSpice consist of a production environment and a corresponding test environment. In scenarios with elevated SLAs, an additional QA environment is used as an intermediary before production.

Owners, responsible persons and contacts[edit | edit source]

BlueSpice is developed and maintained by

Hallo Welt! GmbH
Maximilianstraße 9
93047 Regensburg
https://www.hallowelt.com

For technical questions, please contact Hallo Welt! GmbH support at support@hallowelt.com.

For questions about your contract, please contact the Hallo Welt! GmbH sales team at sales@hallowelt.com .

Operating times[edit | edit source]

Typically, BlueSpice instances run 24/7. Operations are managed by the organization's IT department or their service providers. Hallo Welt! provides support and guidance during their office hours (8am - 6pm CET/CEST).

System and version history[edit | edit source]

All BlueSpice versions are documented in the BlueSpice helpdesk: https://en.wiki.bluespice.com/wiki/Setup:Release_History

All changes can be retraced in our current and archived release notes: https://en.wiki.bluespice.com/wiki/Setup:Release_Notes

Documentation[edit | edit source]

BlueSpice maintains an online documentation which is continuously kept up to date: https://en.wiki.bluespice.com

There is also a user manual: https://en.wiki.bluespice.com/wiki/UserManual:User_Manual_Introduction

Administration is documented here: https://en.wiki.bluespice.com/wiki/UserManual:Admin_Manual_Introduction

In addition, there is a community forum: https://sourceforge.net/p/bluespice/_list/tickets

News about the product can be found in our blog: https://bluespice.com/category/news-know-how/

Also, BlueSpice maintains a newsletter. Sign up here: https://bluespice.com/

For more information, follow us on Twitter: https://twitter.com/BlueSpiceTweets

Installation manual Windows/Linux (including upgrade instructions)[edit | edit source]

BlueSpice maintains an online installation manual: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide

System architecture and interfaces[edit | edit source]

The following section gives an overview of the components of BlueSpice and how they interact with each other and the environment.

System integration[edit | edit source]

BlueSpice is a web application which can be integrated with your IT environment, most notably LDAP and email.

drawio: BlueSpice system architecture high level

Server architecture[edit | edit source]

Internally, BlueSpice has several components which are responsible for parts of the functionality.

drawio: BlueSpice system architecture server

Vertically distributed architecture[edit | edit source]

For simple scaling, some services can be externalized to other physical or virtual servers.

drawio: BlueSpice system architecture server distributed simple

Horizontally distributed architecture[edit | edit source]

For high traffic or high availability demands, BlueSpice can be set up to scale horizontally.

drawio: BlueSpice system architecture server distributed horizontally

Components and responsibilities[edit | edit source]

Servers, operating system, licenses and software infrastructure are typically managed by your organization's IT.

Hallo Welt! typically manages the application and required components.

There may be special contractual agreements.

External interfaces (to other organizations)[edit | edit source]

Technically, BlueSpice can be set up to operate completely self-contained (contact our support if you have questions about your instance). On the server, no external sources are queried. In the standard installation, there are content modules which draw data from external sources on the client side (browser):

  • draw.io: The diagram tool is loaded directly from draw.io. All content remains on the BlueSpice wiki.
  • maps: Embedded maps are collected from Google or OpenStreetMap.
  • widgets: The purpose of widgets is to display content from public sources like YouTube.

On the organizational side, the team of Hallo Welt! GmbH typically provides 3rd level support for subscribed BlueSpice instances. Hallo Welt! GmbH teams up with the internal IT of the organization as well as with IT infrastructure providers of our customers.

IT internal interfaces[edit | edit source]

A standard BlueSpice installation connects to the following services in order to be fully functional:

  • User directory: BlueSpice can be configured to authenticate against a company user directory (typically Active Directory). The protocols used are LDAP and SAML.
  • Email: BlueSpice needs to be connected to an email server in order to send notifications.

API[edit | edit source]

BlueSpice comes with an API interface.

Installation and system requirements[edit | edit source]

System requirements[edit | edit source]

The current system requirements are documented here: https://en.wiki.bluespice.com/wiki/Setup:System_requirements

Software catalogue[edit | edit source]

All BlueSpice components are listed in the software catalogue: https://en.wiki.bluespice.com/wiki/Setup:Software_Catalogue

Changes in configuration[edit | edit source]

Changes in configuration can occur in minor and major releases. Please consider the upgrade information provided here: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide/Upgrade

Start and interrupt the service[edit | edit source]

Startup[edit | edit source]

In order to start up BlueSpice, all the required services need to be running. Please make sure you start the services in the order given here:

Database

  • Linux: service mysql start OR systemctl start mysql
  • Windows: services.msc

Application server (Tomcat or Jetty)

  • Linux: service jetty9 start OR systemctl start jetty9
  • Windows: services.msc

Elasticsearch

  • Linux: service elasticsearch start OR systemctl start elasticsearch
  • Windows: services.msc

Parsoid

  • Linux: pm2 start /opt/parsoid/bin/server.js OR systemctl start parsoid
  • Windows: services.msc

Web server

  • Linux: service apache2 start OR systemctl start apache2
  • Windows: services.msc

Shutdown[edit | edit source]

In order to shut down BlueSpice, all the required services need to be stopped. Please make sure you stop the services in the order given here:

Web server

  • Linux: service apache2 stop OR systemctl stop apache2
  • Windows: services.msc

Parsoid

  • Linux: pm2 stop /opt/parsoid/bin/server.js OR systemctl stop parsoid
  • Windows: services.msc

Application server (Tomcat or Jetty)

  • Linux: service jetty9 stop OR systemctl stop jetty9
  • Windows: services.msc

Elasticsearch

  • Linux: service elasticsearch stop OR systemctl stop elasticsearch
  • Windows: services.msc

Database

  • Linux: service mysql stop OR systemctl stop mysql
  • Windows: services.msc

Configuration changes[edit | edit source]

After changes to the configuration, the service with the changed configuration needs to be restarted.

Webserver

Parsoid

  • Linux: pm2 restart /opt/parsoid/bin/server.js
  • Windows: services.mmc

Application server (Tomcat or Jetty)

Elasticsearch

Database

  • Linux: service mysql restart OR systemctl restart mysql
  • Windows: services.mmc

Unplanned server outage[edit | edit source]

Identify which service is not running and restart this service.

Standard operations[edit | edit source]

User management[edit | edit source]

Recurring background tasks[edit | edit source]

BlueSpice is set up to conduct some tasks in the background. These are

  • maintenance/runJobs.php

For details see: https://en.wiki.bluespice.com/wiki/Setup:Installation_Manual/Optimization/Cronjobs

Backup[edit | edit source]

Detailed backup instructions can be found here: https://en.wiki.bluespice.com/wiki/Setup:Installation_Guide/Advanced/Backup

Monitoring[edit | edit source]

Apart from the common parameters to monitor (disk space, CPU load, memory usage), the following services can be monitored for availability:

  • Web server: ping the login page of the wiki: <wiki_url>/Special:Login
  • Database: check database connectivity with username and password authentication.
  • Parsoid: check port 8000 connectivity via 127.0.0.1
  • Elasticsearch: check port 9200 connectivity via 127.0.0.1

If any of those services is not available, BlueSpice is either not operational or experiencing functional restrictions.

Diagnostics[edit | edit source]

In case of errors, please consider the error logs. These are:

  • In the web browser, open the console and check for JavaScript errors
  • For the web server, check the web server's error log and php error log.

Troubleshooting[edit | edit source]

If one or more services are not working:

  • Check the available system resources, in particular the free disk space
  • Restart all services

If the problem persists, contact BlueSpice support.

Key performance indicators[edit | edit source]

Server[edit | edit source]

Standard parameters for servers apply:

  • Disk space < 80% usage
  • CPU load should not peak to 100% for more than 1s
  • Load average should not be more than CPU core count
  • Average memory usage should not exceed 90%
  • For GNU/Linux systems, try to avoid high swap space usage.

For a standard server sizing (4 cores, 8 GB ram), the number of average simultaneous users is optimized for 25 per server. This means, one server can handle about 125 concurrent users.

The php error log should not report any FATAL or WARNING messages

Client[edit | edit source]

The reference page Special:Version should load under 4s without browser cache and under 2.5s with browser cache enabled.

Known restrictions[edit | edit source]

Functional restrictions[edit | edit source]

This is now services map onto BlueSpice functionality:

  • Web server: required for BlueSpice basic operations
  • Database: required for BlueSpice basic operations
  • Tomcat: required for PDF and VisualDiff
  • Elasticsearch: required for ExtendedSearch and various title select boxes. Will fallback to standard MediaWiki search if not available.
  • PhantomJS: required for rendering article preview images.
  • Parsoid: required for VisualEditor. Note: in BlueSpice 4.0 this is no longer required.

All services other than web server and database are optional. If not present, the named functionality will not be available.

Technical restrictions[edit | edit source]

Updates of major and minor level might require a system downtime due to database migration operations.

Resource related restrictions[edit | edit source]

Response times are dependent on the server resources, foremost CPU power.

The number of concurrent users a server can handle is directly related to server memory size and CPU power.

Please note: we strongly recommend having a separate testing system. This can be used for update/upgrade preparation, debugging and collecting sizing information. If no testing system is present, occasional downtimes may occur when debugging and maintenance operations are conducted.

Archiving and deletion of data[edit | edit source]

Variable data (Strongly growing data)[edit | edit source]

The following locations store variable data, which is not recoverable in case of data loss, and must be backed up regularly:

  • The database stores most data of BlueSpice, including articles, users and action logs.
  • The images folder stores all uploaded files.

There is some secondary data stored in Elasticsearch (for BlueSpice Social and Statistics). This data can be fully recovered from the primary data stored in the database.

Master data (Slowly growing data)[edit | edit source]

The following locations store master data, which requires considerable effort to recover in case of data loss and should be backed up regularly:

  • Configuration:
    • LocalSettings.php and LocalSettings.BlueSpice.local.php contain the basic configuration including sitename, security keys and database access.
    • settings.d folder contains information about activated extensions.
    • extensions/BlueSpiceFoundation/config folder holds information about namespace setup and permission configuration.
  • Templates and skins
    • extensions/BlueSpiceFoundation/data folder holds PDF templates.

Log files and error files[edit | edit source]

  • Php error log: /var/log/php-fpm.log (Only for php-fpm service)
  • Apache access log: /var/log/apache2/*access.log
  • Apache error logs: /var/log/apache2/*error.log (Also includes PHP errors)
  • Browser console
  • Parsoid log: pm2 logs OR /var/log/parsoid.log(systemd and init.d)
  • Elasticsearch: /var/log/elasticsearch/
  • Tomcat: By default logging is turned of. Depending on system, logging can be enabled via configuration XML files.
  • Windows event log: MS Windows logs are not txt format. Access is possible via Event Viewer

Security and compliance[edit | edit source]

Internet access[edit | edit source]

For standard operations, BlueSpice does not require Internet access. BlueSpice does not make any outgoing calls. See section External interfaces for details.

In our default setup, the client will access draw.io for editing diagrams. Here, only application data is loaded from the site. No content data will be passed on to draw.io. On request, Hallo Welt! can install an on-premise version of draw.io (additional charges apply).

Auxiliary service data access[edit | edit source]

Tomcat, Elasticsearch and PhantomJS will receive data from BlueSpice core components. They are agnostic to access rights and do have full access to all data stored on BlueSpice. It is therefore recommended to restrict access to these services to localhost or the web server's IP address. In case Hallo Welt! performs the installation, this is the default setup. No external access to these services shall be permitted.

Privacy[edit | edit source]

GDPR compliancy is handled by BlueSpice Privacy Center. More information can be found here: https://en.wiki.bluespice.com/wiki/Manual:Extension/BlueSpicePrivacy

Legal information[edit | edit source]

For all legal information, including the Subscription contract, GDPR information and DPA, Anti Bribery Policy and Software catalogue, please refer to the BlueSpice homepage: https://bluespice.com/legal-documents-and-guidelines/

Attachments

Discussions