Viewer is broken
If the site works but the viewer is broken, it is either an issue with the code (check chf-sufia for recent commits or changes) or it may be an issue with the system.
Right now the viewer's data is stored entirely in Amazon S3 buckets. If the viewer is broken something may be wrong with them.
- Go to https://status.aws.amazon.com/ and check for the S3 bucket health in the N. Virginia region. If they show as unhealthy, the issue is an AWS-wide problem. This also means derived image downloads will be broken likely.
- If S3 Oregon is healthy and we can ask curators to pause adding new works, we can switch to our backup
- Go to ansible's code. We will be changing the value for dzi_s3_bucket in local_env.yml, which is called dzi_bucket
- The dzi bucker variable can be found in group_vars/SERVICE_LEVEL (prod)
- Switch the value of
dzi_bucket
tochf-derivatives-backup
- Remind curators not to make new works, the backup bucket does not sync new added items to the normal bucket. If someone adds a new object, the object(s) will need to have their tiles remade in the normal bucket.
- Either run the ansible update-box command manually, or wait ~10 minutes for the change to be pushed out.
- The new bucket will allow the viewer to work
- Switch back to the old bucket when S3 N. Virginia is back to normal.
- If S3 Oregon is also unhealthy, AWS is having problems and we can't easily fix it.
- If S3 Oregon is healthy and we can ask curators to pause adding new works, we can switch to our backup
- If the S3 bucket for N. Virginia shows as healthy, it may be a configuration issue.
- The CORS configuration needs to be set to allow requests from other domains. Currently we allow requests from any site and it should be:
- <?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<MaxAgeSeconds>43200</MaxAgeSeconds>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>
- <?xml version="1.0" encoding="UTF-8"?>
- There should also be a bucket policy that allows access to the objects, objects often have a unique policy to allow access, but the Bucket policy confirms that access is allowed and a missing object permission doesn't break something. The policy should be:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Add Permission to access from staging",
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::chf-dzi-production/*"
}
]
}
- If both of these are accurate then it is not a policy issue.
- The CORS configuration needs to be set to allow requests from other domains. Currently we allow requests from any site and it should be:
- If it is not an AWS outage or a policy issue, it is probably a code issue.