Projects:Openbravo Appliance/Functional Specs

Contents 1 Introduction 2 Requirements/ Scope 3 Processes 3.1 As someone interested in Openbravo i want to easily try out Openbravo without going through any complicated installation process 3.2 As a system integrator I want install the Professional Appliance for the first time 3.3 As a system integrator I want to update the operating system stack to the latest version inside the same Ubuntu LTS release 3.4 As a system integrator I want to update the operating system stack next Ubuntu LTS release (when such is available) 3.5 As a system integrator I want to update Openbravo ERP to the latest version 3.6 As a system integrator I want to back up the Openbravo Installation 3.7 As a system integrator I want to restore Openbravo ERP from a backup 3.8 As a system integrator I want to customize the ERP 3.9 As a system integrator I want to clone the production system into a testing system 3.10 As a system integrator I want to securely access the machine through a terminal session 3.11 As a system integrator I want to manage public-keys to allow secure access to the machine through a terminal session 3.12 As a system integrator I want to install a SSL certificate for Openbravo ERP 3.13 As a system integrator I want to access the system and ERP logs 3.14 As a system integrator I want to access the database remotely and in a secure manner 3.15 I am a user of the old rPath Appliance and want to migrate to the new Openbravo Appliance 4 Comparison with the old rPath Appliance

Introduction

This document contains the functional specifications for the Openbravo Appliance. At the time of writing this document the product is already developed and implemented. So even though it might look crazy to write the design after the product is already on production, the main purpose is to retrofit it from the product itself, so that it is clear what needs to be tested during the QA cycles.

Requirements/ Scope

• Base system: Ubuntu Server 12.04 LTS (supported 5 years, optional upgrade every 2 years)
• The base-system (stack) is provided by Ubuntu. Applying stack updates, rollback, complete system-backup is out of the scope.
• based on LTS server it is assumed tha updates inside one LTS release can be applied safely to existing installs with minimal risk.
• PostgreSQL 9.1.x. Tomcat 6.0.x, OpenJDK 6 jdk.
• Support for Amazon EC2 images 32bit (x86) and 64bit (x86_64)
• Support for Installer (ISO-image) both 32bit (x86) and 64bit (x86_64) which can be used to install the system
• TODO: define support/testing of the ISO (what to we support for installation: qemu, kvm, xenserver, etc..)
• Directly usable VMware image without need of appliance installation process for easy testing of Openbravo by new users: 32bit (x86) image only
• This vmware image is only intended for testing, not for production installations
• Openbravo ERP updates managed by the ERP itself.
• Security is a high priority, so all passwords should be known by the system integrator and they should be set the first time the appliance is started.
• SSH must be secured with public-key authentication in the Amazon EC2 image
• SSH will allow password authentication by default after ISO installation & in the vmware image. This is done to facilitate easy testing / first time login.
• The user must be informed after every login (until done) that this should be reconfigured to only allow public-key authentication for improved security. The message must include link to documentation which explains how to do this.

Processes

As someone interested in Openbravo i want to easily try out Openbravo without going through any complicated installation process

• Install Vmware virtualization software
  • Use the VMware testing image provided and start it in the virtualization software

TODO: decide if done now or added later: TODO: decide if that should be improved (vdi file or even complete vbox machine definition)

Alternatively:

• Install Virtualbox virtualization software
  • Create a new virtual machine definition in virtualbox, for the virtual harddisk choose existing harddisk and select the vmdk-File inside the vmware image

In both cases:

• After the bootup sequence finishes the system will show needed information to the user on how to start using the system (including: IP, login-details, link to wiki documentation)
• The system will allow easy access via SSH using username/password to avoid the new user to need to know about public-key authentication for this testing use

As a system integrator I want install the Professional Appliance for the first time

Depending on the chosen appliance flavor the deployment will be different:

• Testing use of the Vmware image:
  • See above, process is same as in the section above
• ISO CD/DVD installation:
  • Start the machine with the CD/DVD inserted and reboot the machine.
  • Follow the instructions on screen.
• Amazon EC2:
  • Create a new security group.
  • Boot an instance of the AMI in that security group.

When not using EC2: additionally the SSH access should be reconfigured to only allow public key authentication.

As a system integrator I want to update the operating system stack to the latest version inside the same Ubuntu LTS release

The installation of stack updates needs to be managed by the standard Ubuntu mechanism for this. Documentation needs to be provided by Openbravo to help the user to do this.

As a system integrator I want to update the operating system stack next Ubuntu LTS release (when such is available)

Such an upgrade is only possible when the new LTS release is supported already by Openbravo. If this is not the case the upgrade must not be done as it will very likely break the system.

When the new LTS version is supported by Openbravo specific upgrade instructions will be written which are needed to be followed to ensure a working upgrade.

Alternatively a new system can be installed cleanly with the new LTS version and a Openbravo Appliance backup can be imported to move all th data from the older system.

As a system integrator I want to update Openbravo ERP to the latest version

The ERP is managed by using the Module Management Console (MMC), this is completely isolated from the stack updates.

As a system integrator I want to back up the Openbravo Installation

The appliance includes a backup mechanism that includes the following items:

• Openbravo ERP: source tree directory, database dump and Tomcat context.

It is possible to run a backup at any time manually, and also to schedule regular backups on a daily, weekly a monthly basis.

The backup system needs to be configured using the commandline interface.

The backups will always be stored locally. It is possible to select the number of backups to be kept.

The backup systems also support the following mechanisms to support copying the backups additionally to some other location

• Filesystem label (i.e. other local harddisk, separate EC2 volume, pen-drive)
• Amazon S3 (uploading of the backups to the Amazon s3 storage service)
• Custom scripts (user provided script called in the backup process which can implement any custom method)

Documentation will be provided for the advanced admin on how to write such a custom backup sync method.

As a system integrator I want to restore Openbravo ERP from a backup

Restoring Openbravo ERP from a previous backup is possible by calling the openbravo-restore script from the commandline.

As a parameter any of the backup files created by the backup mechanism needs to be provided.

That backup-file needs to be available in any location on the local system.

Retrieving the backup-file from any remote location and placing it in the local system is out of the scope here.

The restore script with stop the current installation, delete all current source-files, attachements & the database. After this it will proceed to restore the ERP from the backup and start the ERP again.

As a system integrator I want to customize the ERP

The ERP customization is out of the scope of the appliance. Starting from version 2.50 the ERP manages the customizations through modules, so this is the methiod that should be used by system integrators.

As a system integrator I want to clone the production system into a testing system

This can be achieves by using the backup mechanism. That is, by installing the appliance in the second system and restoring the backup there.

It should be noted that the backup only contains the ERP and no system configuration, so if needed any configuration of the stack (networking, backup, postgresql configuration) needs to be transferred manually.

As a system integrator I want to securely access the machine through a terminal session

On Amazon EC2: When starting an appliance for the first time in EC2 an ssh public-key can be added to the appliance. After that secure remote access via ssh using the openbravo username is possible.

Using the ISO/vmware images: After a new installatio the system allows remote ssh using the openbravo username and the standard openbravo password. For security reasons this should be directly change in one of the following two ways:

• Disable password authentication and switch to public-key authentication only (strongly recommended)
• Change the password to some secret value

As a system integrator I want to manage public-keys to allow secure access to the machine through a terminal session

First remote access to the system is provided as described in the previous section.

Additional authorized ssh public-keys can be managed using the standard linux mechanism.

That is by editing the /home/openbravo/.ssh/authorized_keys file and by adding 1 new line per authorized key in there.

The folder & file will be existing by default with the correct permissions so that the user does not need to create/adjust this.

As a system integrator I want to install a SSL certificate for Openbravo ERP

Documentation will be provided by Openbravo to aid the user to do the necessary configuration.

As a system integrator I want to access the system and ERP logs

Those log files are present in the usual location of a ubuntu system.

To aid the user in easy access of the typically needed logfiles the folder '/var/log/openbravo' is created and links to the mainly needed logfiles are placed within.

As a system integrator I want to access the database remotely and in a secure manner

No direct database is provided. The system is configued to only allow local acces from the server to the database. So a SSH tunnel should be used to forward the database port from the appliance to the system integrator's machine. So that the system integrator is able to access it as if it was local.

I am a user of the old rPath Appliance and want to migrate to the new Openbravo Appliance

First the usual process of doing any migration should be followed.

The migration should be first done in a test environment and the new system should be thoroughly tested. Only after this is ensured the real migration of the system should be done.

• To migrate the ERP a backup of the old rPath Appliance needs to be done using the web administration console.
• The new new Openbravo Appliance needs to be installed. It is strongly recommended to install this on a different server/virtual-machine (To still have the old system available in the meantime.
• The backup file needs to be transferred to the new server
• The backup needs to be restored in the server using the normal 'Restore a backup' functionality
• If any extra configuration outside of the ERP was done in the old server (backups, ssl configuration, special database configuration) then this configuration needs to be done again in the new system.

Comparison with the old rPath Appliance

• Stack updates are now provided directly by Ubuntu
• The web administration console is removed. It will be replaced by documentation explaining on how to do the relevant actions on the commandline.
• All deliverables besides ISO-images, vmware image, EC2 ami are not provided. The ISO Installer can be used to install the appliance on other systems instead of using the preinstalled images.

Category: Openbravo Development