Operations grimoire/Orbeon
Orbeon Forms CE is deployed to provide XForms builder and runner facilities. It allows to build a form, fill it or read forms.
Orbeon Forms is deployed on the Docker PaaS and can be accessed at https://forms.nasqueron.org/
Currently in testing mode, it's deployed to Dwellers. If it has been moved elsewhere and this page is not up-to-date, any "dwellers" occurence in procedures below should be replaced by "docker-002" or any other server name.
Concepts
Orbeon Forms is divided in several applications:
- Form Runner (/fr) allows you to "run" forms: fill a form, read form replies
- Form Builder allows you to build form
A form on Orbeon Forms can be accessed:
- directly on the form runner
- by creating a form on the webpage, and posting result to the form runner
- by creating a form on the webpage, and posting result to the persistence API to directly store data
Publish a form
An access to the form builder is required. Browse:
- https://forms.nasqueron.org/orbeon/fr/orbeon/builder/new to create a new form
- https://forms.nasqueron.org/orbeon/fr/orbeon/builder/summary to view and edit current forms
Forms source code should be published to forms repository under <application name>/<form name>.xml (without nasqueron- prefix for app name), so we can recreate them if we reinstall Orbeon Forms.
Authentication
Users are configured at Tomcat level. To add an user:
- Provide Vault credential
- Create Vault credential under ops/secrets/nasqueron/orbeon/users/
- Add that credential in pillar/credentials/vault.sls
- Deploy new Vault policy
sudo salt-call --local state.sls_id salt-node-dwellers roles/vault/policies
- Declare the user in Tomcat configuration
- Edit pillar/paas/docker/dwellers/orbeon.sls
- Deploy it with
salt dwellers state.sls_id /srv/orbeon/nasqueron_forms/conf/tomcat-users.xml roles/paas-docker/containers/orbeon
, wherenasqueron_forms
is the name of our forms.nasqueron.orf instance - Restart container:
docker restart nasqueron_forms
Authentication is known to be rather buggy:
- if you login at form runner level (e.g. /fr/admin), you can be unlogged at builder level
- if you login from login form, you'll get a 403
- if you login from builder, it can't tell you something is wrong
Configuration known issues:
- If you got a 408 you accessed yourself /fr/login, but web.xml needs to be configured with a <login-config> block using the FORM auth method (that's the default Orbeon web.xml)
- To enable login/logout menu, you need to add
<property as="xs:boolean" name="oxf.fr.authentication.user-menu.enable" value="true" />
to properties-local.xml