Operations grimoire/Orbeon

Orbeon Forms CE is deployed to provide XForms builder and runner facilities. It allows to build a form, fill it or read forms.

Orbeon Forms is deployed on the Docker PaaS and can be accessed at https://forms.nasqueron.org/

Currently in testing mode, it's deployed to Dwellers. If it has been moved elsewhere and this page is not up-to-date, any "dwellers" occurence in procedures below should be replaced by "docker-002" or any other server name.

Concepts

Orbeon Forms is divided in several applications:

• Form Runner (/fr) allows you to "run" forms: fill a form, read form replies
• Form Builder allows you to build form

A form on Orbeon Forms can be accessed:

• directly on the form runner
• by creating a form on the webpage, and posting result to the form runner
• by creating a form on the webpage, and posting result to the persistence API to directly store data

Publish a form

An access to the form builder is required. Browse:

• https://forms.nasqueron.org/fr/orbeon/builder/new to create a new form
• https://forms.nasqueron.org/fr/orbeon/builder/summary to view and edit current forms

Forms source code should be published to forms repository under <application name>/<form name>.xml (without nasqueron- prefix for app name), so we can recreate them if we reinstall Orbeon Forms.

Authentication

Users are configured at Tomcat level. To add an user:

• Provide Vault credential
  1. Create Vault credential under ops/secrets/nasqueron/orbeon/users/
  2. Add that credential in pillar/credentials/vault.sls
  3. Deploy new Vault policy sudo salt-call --local state.sls_id salt-node-dwellers roles/vault/policies
• Declare the user in Tomcat configuration
  1. Edit pillar/paas/docker/dwellers/orbeon.sls
  2. Deploy it with salt dwellers state.sls_id /srv/orbeon/nasqueron_forms/conf/tomcat-users.xml roles/paas-docker/containers/orbeon, where nasqueron_forms is the name of our forms.nasqueron.orf instance
  3. Restart container: docker restart nasqueron_forms

Authentication is known to be rather buggy:

• if you login at form runner level (e.g. /fr/admin), you can be unlogged at builder level
• if you login from login form, you'll get a 403
• if you login from builder, it can't tell you something is wrong

Configuration known issues:

• If you got a 408 you accessed yourself /fr/login, but web.xml needs to be configured with a <login-config> block using the FORM auth method (that's the default Orbeon web.xml)
• To enable login/logout menu, you need to add <property as="xs:boolean" name="oxf.fr.authentication.user-menu.enable" value="true" /> to properties-local.xml