diff --git a/content/docs/Installation/Install_with_vpn/_index.md b/content/docs/Installation/Install_with_vpn/_index.md new file mode 100644 index 0000000..bdcc3aa --- /dev/null +++ b/content/docs/Installation/Install_with_vpn/_index.md @@ -0,0 +1,5 @@ +--- +title: Install with VPN +weight: 1 +--- +It is possible to install Glympse with a VPN connection. This allows for multi site connectivity and remote productions. \ No newline at end of file diff --git a/content/docs/Installation/Install_with_vpn/install_with_netbird.md b/content/docs/Installation/Install_with_vpn/install_with_netbird.md new file mode 100644 index 0000000..8481be6 --- /dev/null +++ b/content/docs/Installation/Install_with_vpn/install_with_netbird.md @@ -0,0 +1,44 @@ +--- +title: Install With Netbird +type: docs +prev: /docs +weight: 2 +--- +Insted of using Tailscale as your VPN options, it is possible to use Netbird istead. Netbird works in a very similar way to Tailscale however it can be completely selfhosted. This means you could run Netbird on a VPS for a few £ per month and have unlimited users accessing Glympse adn any other services you wish to include. + +The reasons for doing this are mainly for security purposes. It gives you a couple of options. First you can create a tunnel to your Glympse webUI from a cheap VPS. This hides your IP address and does not require you to open any ports in your firewall. You can also limit the traffic to only entering your Glympse WebUI contianer. + +Another option which is even more secure but has an additional cost, is you can require your users be on your tailnet. This would mean that there is zero access to Glympse from the internet, but your users who have the netbird client installed can access Glympse through the netbird VPN. + +Connecting your containers to Netbird uses the Netbird sidecar containers. To read more about how this works click [here](https://netbird.io/knowledge-hub). +## Install sidecar container +Adding a sidecar container to your Glympse compose file is pretty simple. first add the Netbird container to the top of your Glympse compose file: + +```yaml {filename="compose.yml"} +... + + glympse-nb: + image: netbirdio/netbird + container_name: glympse-nb + cap_add: + - net_admin + - sys_module + environment: + - NB_SETUP_KEY= + - NB_MANAGEMENT_URL= + hostname: glympse- + restart: unless-stopped + +... + +``` + +You then need to make a small tweak to your Glympse container's networking settings: + +```yaml {filename="compose.yml"} +... + network_mode: service:glympse-nb +... + +``` +This will tell your Glympse container to route it's traffic through the Netbird Container. \ No newline at end of file diff --git a/content/docs/Installation/Install_with_vpn/install_with_tailscale.md b/content/docs/Installation/Install_with_vpn/install_with_tailscale.md new file mode 100644 index 0000000..d95bcba --- /dev/null +++ b/content/docs/Installation/Install_with_vpn/install_with_tailscale.md @@ -0,0 +1,47 @@ +--- +title: Install With Tailscale +type: docs +prev: /docs +weight: 1 +--- +It is possible to use Tailscale as a private vpn proxy between all your Glympse containers. This connect nodes to nodes on other networks. + +The reasons for doing this are mainly for security purposes. It gives you a couple of options. First you can create a tunnel to your Glympse webUI from a cheap VPS. This hides your IP address and does not require you to open any ports in your firewall. You can also limit the traffic to only entering your Glympse WebUI contianer. + +Another option which is even more secure but has an additional cost, is you can require your users be on your tailnet. This would mean that there is zero access to Glympse from the internet, but your users who have tailscale installed can access Glympse through the tailscale VPN. + +## Install sidecar container +Connecting your containers to tailscale uses the tailscale sidecar containers. To read more about how this works click [here](https://tailscale.com/kb/1282/docker). + +Adding a sidecar container to your Glympse compose file is pretty simple. first add the Tailscale container to the top of your Glympse compose file: + +```yaml {filename="compose.yml"} +... + + glympse-ts: + image: tailscale/tailscale + container_name: glympse-ts + cap_add: + - net_admin + - sys_module + volumes: + - /dev/net/tun:/dev/net/tun + environment: + - TS_AUTHKEY= + - TS_STATE_DIR=/var/lib/tailscale + hostname: glympse- + restart: unless-stopped + +... + +``` + +You then need to make a small tweak to your Glympse container's networking settings: + +```yaml {filename="compose.yml"} +... + network_mode: service:glympse-ts +... + +``` +This will tell your Glympse container to route it's traffic through the Tailscale Container. \ No newline at end of file diff --git a/content/docs/Installation/wsl_install.md b/content/docs/Installation/wsl_install.md new file mode 100644 index 0000000..6c69327 --- /dev/null +++ b/content/docs/Installation/wsl_install.md @@ -0,0 +1,55 @@ +--- +title: Docker system setup on WSL for Windows +type: docs +next: docs/installation/services +next: docs/installation/install_glympse +--- + +Whilst it is possible to run docker desktop on Windows/MacOS. This may have some potential licensing costs. As such the below script will allow you to install docker and the requirements to run Glympse on Ubuntu on WSL. + +Open the windows terminal app and run the following commands. + +```powershell +# Install WSL +wsl --install +wsl --set-default-version 2 +# Install Ubuntu on WSL +wsl --install -d Ubuntu +``` + +The following commands need to be run from within the Ubuntu system. You can access this by typing `wsl -d Ubuntu` to enter a cmd prompt. + +```bash +#install the prerequisit dependancies +sudo apt install -y apt-transport-https ca-certificates curl software-properties-common +sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg +sudo echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null +curl -fsSL https://nvidia.github.io/libnvidia-container/gpgkey | sudo gpg --dearmor -o /usr/share/keyrings/nvidia-container-toolkit-keyring.gpg \ + && curl -s -L https://nvidia.github.io/libnvidia-container/stable/deb/nvidia-container-toolkit.list | \ + sed 's#deb https://#deb [signed-by=/usr/share/keyrings/nvidia-container-toolkit-keyring.gpg] https://#g' | \ + sudo tee /etc/apt/sources.list.d/nvidia-container-toolkit.list + + +# install docker and docker compose +sudo apt update +sudo apt install -y docker-ce + +sudo mkdir -p ~/.docker/cli-plugins/ +sudo curl -SL https://github.com/docker/compose/releases/download/v2.3.3/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose +sudo chmod +x ~/.docker/cli-plugins/docker-compose + +#Enable the nvidia runtime +sudo apt-get install -y nvidia-container-toolkit nvidia-utils-535-server +sudo nvidia-ctk runtime configure --runtime=docker +sudo systemctl restart docker + +#Optional step to allow you to run docker commands without root or sudo access +sudo usermod -aG docker ${USER} +su - ${USER} + +``` + + +You can check that your Nvidia GPU is working in WSL by typing `nvidia-smi`. + +You are now ready to install Glympse \ No newline at end of file diff --git a/content/docs/Setup/admin_frontend.md b/content/docs/Setup/admin_frontend.md index 10853da..97cbae0 100644 --- a/content/docs/Setup/admin_frontend.md +++ b/content/docs/Setup/admin_frontend.md @@ -36,7 +36,9 @@ This will export a json file containing the database entries for this production This will delete the production and all the clips associated with it. ## Manage Users + ### Edit Users +![Manage Users](/images/Manage_Users.png) Select a user from the dropdown menu and you can assign the user to a group. You can also deactivate the user which will keep the account but not allow the user to log in. Or you can delete the user which will delete their account completely. If the user was created by logging in via SSO, they will still be able to log in once they have been deleted. But they will have no permissions and won't be assigned to a group so will not have access to any productions. @@ -48,13 +50,15 @@ Clicking on the number beside their name at the top will enter the impersonation You can add a local user by clicking the blue + button at the top. ### Edit Group Permissions +![Manage Groups](/images/Manage_groups.png) When a base production is added, a new group of the same name will be created. From this page you can select a group and assign productions to it. Users assigned to this group will then be able to access these productions. You can add a new group by clicking the blue + button at the top right. -From this page you can +From this page you can add productions to a group. Adding a production to a group will give every user in that group access to all the productions in the group. + ## Settings This will open the django admin setting page. diff --git a/content/docs/Troubleshooting/_index.md b/content/docs/Troubleshooting/_index.md new file mode 100644 index 0000000..2c2d7dd --- /dev/null +++ b/content/docs/Troubleshooting/_index.md @@ -0,0 +1,42 @@ +--- +title: Troubleshooting +weight: 10 +--- + +If you should run into any problems here are some steps you can take to resolve them. + +## Clips Don't play +If clips don't play, all users can submit the roll to be retranscoded. This should be a self serve resolution. + +navigate to the roll that has issues, click file then request re-transcode. This will allow users to add a message as to why they are resubmitting the clips. + +Once submitted the roll will automatically be transcoded. This should fix most issues. + +## Glympse hasn't discovered new files +Anyone in the admin groups can navigate to a production and trigger a scan of the production files. + +Navigate to the production and click `scan files` +![Scan files](/images/scan_files.png) + +From the [Edit users](/docs/user_management/manage_users) page, it is possible to give users the ability to trigger a rescan or to trigger the transcoder for their projects. + +### Files are not found even after triggering a manual scan +If you have scanned the production but new files are not appearing, it may be that there was a sync issue with the file scanner and the database. + +Glympse keeps track of what files it has already discovered in a json format for each production. This allows it to skp over files it has previously scanned and only process newly discovered files. It is possible that if a file scan takes place whilst files are being copied that this may get out of sync. + +From the production page, if you hold the `alt` key you can Force Scan the files. This will delete the tracked state of the production and scan the entire production again. This will pick up any files that are not already in the database. + +Existing files inthe database will remain through this process so it is considered a safe opperation. However it will send all clips to be processed again. Exisiting clips should be skipped over as part of the processing. + +## Automatic tasks are not running +If the transcode or processing tasks are not running automatically, it is important to check that the celery beat worker is running. This is what keeps the scheduled tasks on schedule. IT is also important to check that there is only one instance of this running across your nodes. + +To check if it is running, on the container with the `ENABLE_CELERY_BEAT: yes` variable set, find the name of the container and enter the following command: `docker exec supervisorctl status` + +If everything is running correclty you should see the line: `celery_beat RUNNING pid 29, uptime 8 days, 20:41:58` + +If this is correct and the tasks are still not running, check the logs for any indication that the tasks are starting. You can also check the django admin page to check the last run time. + +![periodic tasks](/images/periodic_tasks.png) + diff --git a/content/docs/User_management/_index.md b/content/docs/User_management/_index.md new file mode 100644 index 0000000..dc3f02c --- /dev/null +++ b/content/docs/User_management/_index.md @@ -0,0 +1,18 @@ +--- +title: User Management / Permissions +weight: 8 +--- +Glympse uses groups to allocate permissions for productions. When you create a new Base Production a new group of the same name is created. For users to be able to access any project they will need to be added to the Base Production group. + +From there they will be able to access any Production assigned to a Base Production automatically. + +It is possible to create your own groups and assign one or more Base Productions to a group. This is useful for people who may be working across multiple productions. + +There are some managment/admin groups that are created automatically and these groups have permissions to view all productions. + + +{{< cards >}} + {{< card link="/docs/user_management/manage_users/" title="User Management" icon="user" >}} + {{< card link="/docs/user_management/manage_groups/" title="Group Documentation" icon="user-group" >}} +{{< /cards >}} + diff --git a/content/docs/User_management/manage_groups.md b/content/docs/User_management/manage_groups.md new file mode 100644 index 0000000..c6b3f5e --- /dev/null +++ b/content/docs/User_management/manage_groups.md @@ -0,0 +1,14 @@ +--- +title: Manage Groups +type: docs +weight: 2 +prev: /docs/User_management/manage_users +--- +![Manage Groups](/images/Manage_groups.png) +When a base production is added, a new group of the same name will be created. + +From this page you can select a group and assign productions to it. Users assigned to this group will then be able to access these productions. + +You can add a new group by clicking the blue + button at the top right. + +From this page you can add Base Production to a group, this will give every user in that group access to all the productions assigned to a Base Production. \ No newline at end of file diff --git a/content/docs/User_management/manage_users.md b/content/docs/User_management/manage_users.md new file mode 100644 index 0000000..d031258 --- /dev/null +++ b/content/docs/User_management/manage_users.md @@ -0,0 +1,20 @@ +--- +title: Manage Users +type: docs +next: /docs/User_management/manage_groups +prev: /docs/User_management/ +weight: 1 +--- + +![Manage Users](/images/Manage_Users.png) +Select a user from the dropdown menu and you can assign the user to a group. You can also deactivate the user which will keep the account but not allow the user to log in. Or you can delete the user which will delete their account completely. + +If the user was created by logging in via SSO, they will still be able to log in once they have been deleted. But they will have no permissions and won't be assigned to a group so will not have access to any productions. + +You can enable the ability for users to scan or start a production transcoder. They will only be able to scan or transcode the productions they have access to. + +Clicking on the number beside their name at the top will enter the impersonation for this user. This is useful if you need to check a user has the correct permissions. + +You can add a local user by clicking the blue + button at the top. + +This will bring up the new user modal. Add the required information and click submit. The user will be sent an email with their new account details and they will have been addd to the system. You can now add them to any groups they require. diff --git a/static/images/Manage_Users.png b/static/images/Manage_Users.png new file mode 100644 index 0000000..7b76f09 Binary files /dev/null and b/static/images/Manage_Users.png differ diff --git a/static/images/Manage_groups.png b/static/images/Manage_groups.png new file mode 100644 index 0000000..ddb465f Binary files /dev/null and b/static/images/Manage_groups.png differ diff --git a/static/images/periodic_tasks.png b/static/images/periodic_tasks.png new file mode 100644 index 0000000..7586221 Binary files /dev/null and b/static/images/periodic_tasks.png differ diff --git a/static/images/scan_files.png b/static/images/scan_files.png new file mode 100644 index 0000000..aa90500 Binary files /dev/null and b/static/images/scan_files.png differ