Maintenance

SlipStream, as for every service, needs proper care and feeding! This chapter provides some information about best practices for this service.

Activity Overview

When logged in as an administrator, you can get an overview of all running deployments and virtual machines by visiting the dashboard. Just click on the “dashboard” icon at the top of the page.

Log Files

The Web service log files are located in /opt/slipstream/server/logs. For the API Service, they are located in /var/log/slipstream/ssclj. (The configuration of API Service logging is driven by /opt/slipstream/ssclj/resources/log4j.properties) These are named by date and rotated daily (or when the service is restarted). You should regularly review errors in the log to see if there are configuration or resource problems.

Database Backups

The real value of a SlipStream instance is in the defined images and deployments. These and a full history are kept in the HSQLDB database. This database should be backed up regularly to avoid having any of this valuable information lost.

Maintenance mode

SlipStream can be set in maintenance mode to prevent users to access it and to display an explanatory message instead. Moreover the properly HTTP code (503) will be returned so that search engines can handle that case correctly.

Enabling

To enable the maintenance mode, edit the file /etc/nginx/conf.d/slipstream-extra/maintenance.map.

# This file define which IPs will receive an error page which explain that the application is in maintenance.
# 0 - Maintenance disabled
# 1 - Maintenance enabled
# One IP per line

default  0;

# Localhost
"~^127\.[0-9]+\.[0-9]+\.[0-9]+$" 0;

# Autoconfig IPs
# "~^169\.254\.[0-9]+\.[0-9]+$"  0;

# Private subnets
# "~^10\.[0-9]+\.[0-9]+\.[0-9]+$"  0;
# "~^192\.168\.[0-9]+\.[0-9]+$"    0;
# "~^172\.(1[6-9]|2[0-9]|3[0-1])\.[0-9]+\.[0-9]+$"  0;

On this file, you can define which IPs are affected or not by the maintenance mode. On the original file above, everybody (default) will be affected by the maintenance mode if you set it to 1 but SlipStream can still be accessed from localhost (~^127\.[0-9]+\.[0-9]+\.[0-9]+$) if you keep it to 0.

Then execute the following command:

$ service nginx reload

Disabling

To disable the maintenance mode, you have to set default and all custom IPs to 0. And then reload nginx (see command above).

Customize error pages

All error pages are static files that you can find in /opt/slipstream/server/webapps/slipstream.war/static-content/error/

Authentication keys

Certificates for generation of authentication tokens are not password-protected. The new unencrypted certificates are by default generated under /etc/slipstream/auth as part of the post-install script of slipstream-ssclj RPM. Next time when RPM gets updated the files will not be overwritten.

Regeneration of Authentication keys

The authentication keys can be regenerated at any time. Check /opt/slipstream/ssclj/bin/generate-auth-keys.sh script for the details.

Only one service ssclj.service requires private key for encrypting the authentication token. All other services require only public key for decryption. Locations of both can be configured in their respective systemd configuration files or in the respective /etc/default/<service> files.

After the new keys are generated and/or their locations are updated in the configuration files, restart the following services:

systemctl restart ssclj slipstream ss-pricing