Difference between revisions of "Improvements/CentOS-RedHat support/Installation"
(3 intermediate revisions by 2 users not shown) | |||
Line 126: | Line 126: | ||
<li><p>Forensic tools repo</p> | <li><p>Forensic tools repo</p> | ||
<pre>sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</pre></li> | <pre>sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</pre></li> | ||
+ | <li><p>clamAV ( tested with version 0.99.2.01.el7 )<br> | ||
+ | archivematica uses clamdscan (with "d"). Note that Clamd is a daemon that runs in the background and is called by clamdscan. This saves lots of time on scanning. Clamscan (without "d") is the "one off" version of this. It doesn't use clamd and therefore must load the virus database every time it runs. Also note that clamAV requires certain amount of RAM to run, in our tests it didn't run on a VM with 512M (check /var/log/messages if suspecting low memory, the OOM killer will log messages there when killing clamAV</p> | ||
+ | <ul> | ||
+ | <li>Install EPEL repo | ||
+ | <pre># yum install epel-release</pre> | ||
+ | <li>Install clamAV packages | ||
+ | <pre># yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd</pre> | ||
+ | <li>edit /etc/freshclam.conf to comment out/remove "Example" line | ||
+ | <li>Run freshclam to retrieve virus database | ||
+ | <pre># freshclam</pre> | ||
+ | <li>edit /etc/sysconfig/freshclam to comment out the FRESHCLAM_DELAY=disabled-warn (to allow /etc/cron.d/clamav-update update the virus database) | ||
+ | <li>edit etc/clamd.d/scan.conf to comment out/remove "Example" line (add a "#" to comment out), and uncomment the "TCPSocket 3310" and "TCPAddr 127.0.0.1" lines (remove the "#") | ||
+ | <li>enable clamdscan@service | ||
+ | <pre>systemctl enable clamd@scan</pre> | ||
+ | <li>start clamdscan@service | ||
+ | <pre>systemctl start clamd@scan</pre> | ||
+ | <li> symlink /etc/clamd.d/scan.conf to /etc/clamd.conf (clamdscan expects the config file there) | ||
+ | <pre># ln -s /etc/clamd.d/scan.conf /etc/clamd.conf</pre> | ||
+ | <li> Check that clamdscan is working with user archivematica | ||
+ | <pre># sudo -u archivematica clamdscan - < /var/archivematica/sharedDirectory/currentlyProcessing/.gitignore | ||
+ | stream: OK | ||
+ | |||
+ | ----------- SCAN SUMMARY ----------- | ||
+ | Infected files: 0 | ||
+ | Time: 0.003 sec (0 m 0 s)</pre> | ||
+ | (If the archivematica user does not have access to the socket will get an error "ERROR: Could not lookup : Servname not supported for ai_socktype") | ||
+ | </ul> | ||
<li><p>Then, install the package:</p> | <li><p>Then, install the package:</p> | ||
<pre>sudo -u root yum install -y archivematica-mcp-client</pre></li> | <pre>sudo -u root yum install -y archivematica-mcp-client</pre></li> | ||
<li><p>The MCP Client expect some programs in certain paths, so we put things in place:</p> | <li><p>The MCP Client expect some programs in certain paths, so we put things in place:</p> | ||
− | <pre> | + | <pre> |
sudo ln -s /usr/bin/7za /usr/bin/7z</pre></li> | sudo ln -s /usr/bin/7za /usr/bin/7z</pre></li> | ||
<li><p>After that, we can enable and start services</p> | <li><p>After that, we can enable and start services</p> | ||
Line 150: | Line 177: | ||
* In RHEL 7 , you might need to enable repo rhel-7-server-eus-optional-rpms with | * In RHEL 7 , you might need to enable repo rhel-7-server-eus-optional-rpms with | ||
<pre> | <pre> | ||
− | subscription-manager repos --enable rhel-7-server-eus-optional-rpms | + | sudo subscription-manager repos --enable rhel-7-server-eus-optional-rpms |
</pre> | </pre> | ||
* If you find a bug, please let us know [https://github.com/artefactual-labs/am-packbuild/issues here] | * If you find a bug, please let us know [https://github.com/artefactual-labs/am-packbuild/issues here] |
Latest revision as of 16:31, 15 February 2017
IMPORTANT NOTE These instructions will create an installation of a QA version of Archivematica and is not recommended for production use yet.
Quick install using Vagrant[edit]
This method will have you up and running in no time, using a virtual machine provisioned with vagrant.
First, clone the am-packbuild repo:
git clone https://github.com/artefactual-labs/am-packbuild/
cd into the rpm-testing directory
cd am-packbuild/rpm-testing/
run vagrant
vagrant up
After the install, the Archivematica Dashboard will be avaliable on port 81 of the vagrant deployed box, and the Storage Service, in port 8001.
You can log in the vm over ssh running vagrant ssh
Step by step Install[edit]
Prerequisites[edit]
Extra repos[edit]
Some repositories need to be installed in order to fullfill the installation procedure:
Extra packages for enterprise linux
sudo yum install -y epel-release
Elasticsearch
sudo -u root rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/elasticsearch.repo [elasticsearch-1.7] name=Elasticsearch repository for 1.7 packages baseurl=https://packages.elastic.co/elasticsearch/1.7/centos gpgcheck=1 gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch enabled=1 EOF'
Archivematica
sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica.repo [archivematica] name=archivematica baseurl=https://packages.archivematica.org/1.5.x/centos gpgcheck=0 enabled=1 EOF'
Service depencencies.[edit]
Common services like elasticsearch, mariadb and gearmand should be installed and enabled before the archivematica install. It can be done with:
sudo -u root yum install -y java-1.8.0-openjdk-headless elasticsearch mariadb-server gearmand sudo -u root systemctl enable elasticsearch sudo -u root systemctl start elasticsearch sudo -u root systemctl enable mariadb sudo -u root systemctl start mariadb sudo -u root systemctl enable gearmand sudo -u root systemctl start gearmand
Installing Archivematica Storage Service[edit]
First, we install the packages:
sudo -u root yum install -y python-pip archivematica-storage-service
After the package is installed, we need to populate the sqlite database, and collect some static files used by django. Those tasks must be run as “archivematica” user.
sudo -u archivematica bash -c " \ set -a -e -x source /etc/sysconfig/archivematica-storage-service cd /usr/share/archivematica/storage-service /usr/lib/python2.7/archivematica/storage-service/bin/python manage.py migrate /usr/lib/python2.7/archivematica/storage-service/bin/python manage.py collectstatic --noinput ";
And now, we enable and start the archivematica-storage-service and it’s nginx frontend
sudo -u root systemctl enable archivematica-storage-service sudo -u root systemctl start archivematica-storage-service sudo -u root systemctl enable nginx sudo -u root systemctl start nginx
The storage service will be avaliable at http://<ip>:8001
Installing Archivematica Dashboard and MCP Server[edit]
First, install the pacakges:
sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard
Create user and mysql database with:
sudo -H -u root mysql -hlocalhost -uroot -e "DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;" sudo -H -u root mysql -hlocalhost -uroot -e "CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';" sudo -H -u root mysql -hlocalhost -uroot -e "GRANT ALL ON MCP.* TO 'archivematica'@'localhost';"
And as archivematica user, run migrations:
sudo -u archivematica bash -c " \ set -a -e -x source /etc/sysconfig/archivematica-dashboard cd /usr/share/archivematica/dashboard /usr/lib/python2.7/archivematica/dashboard/bin/python manage.py syncdb --noinput ";
Start and enable services:
sudo -u root systemctl enable archivematica-mcp-server sudo -u root systemctl start archivematica-mcp-server sudo -u root systemctl enable archivematica-dashboard sudo -u root systemctl start archivematica-dashboard
Reload nginx in order to load the dashboard config file:
sudo -u root systemctl reload nginx
The dashboard will be avaliable at http://ip:81
Installing Archivematica MCP Client[edit]
First, we need to add some extra repos with the MCP Client dependencies:
Archivematica supplied external packages:
sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica-extras.repo [archivematica-extras] name=archivematica-extras baseurl=https://packages.archivematica.org/1.5.x/centos-extras gpgcheck=0 enabled=1 EOF'
Nux multimedia repo
sudo rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
Forensic tools repo
sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm
clamAV ( tested with version 0.99.2.01.el7 )
archivematica uses clamdscan (with "d"). Note that Clamd is a daemon that runs in the background and is called by clamdscan. This saves lots of time on scanning. Clamscan (without "d") is the "one off" version of this. It doesn't use clamd and therefore must load the virus database every time it runs. Also note that clamAV requires certain amount of RAM to run, in our tests it didn't run on a VM with 512M (check /var/log/messages if suspecting low memory, the OOM killer will log messages there when killing clamAV- Install EPEL repo
# yum install epel-release
- Install clamAV packages
# yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
- edit /etc/freshclam.conf to comment out/remove "Example" line
- Run freshclam to retrieve virus database
# freshclam
- edit /etc/sysconfig/freshclam to comment out the FRESHCLAM_DELAY=disabled-warn (to allow /etc/cron.d/clamav-update update the virus database)
- edit etc/clamd.d/scan.conf to comment out/remove "Example" line (add a "#" to comment out), and uncomment the "TCPSocket 3310" and "TCPAddr 127.0.0.1" lines (remove the "#")
- enable clamdscan@service
systemctl enable clamd@scan
- start clamdscan@service
systemctl start clamd@scan
- symlink /etc/clamd.d/scan.conf to /etc/clamd.conf (clamdscan expects the config file there)
# ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
- Check that clamdscan is working with user archivematica
# sudo -u archivematica clamdscan - < /var/archivematica/sharedDirectory/currentlyProcessing/.gitignore stream: OK ----------- SCAN SUMMARY ----------- Infected files: 0 Time: 0.003 sec (0 m 0 s)
(If the archivematica user does not have access to the socket will get an error "ERROR: Could not lookup : Servname not supported for ai_socktype")
- Install EPEL repo
Then, install the package:
sudo -u root yum install -y archivematica-mcp-client
The MCP Client expect some programs in certain paths, so we put things in place:
sudo ln -s /usr/bin/7za /usr/bin/7z
After that, we can enable and start services
sudo -u root systemctl enable archivematica-mcp-client sudo -u root systemctl start archivematica-mcp-client sudo -u root systemctl enable fits-nailgun sudo -u root systemctl start fits-nailgun
Finalizing Installation[edit]
The dashboard will be available on port 81, and the storage service on port 8001. You will need to complete the installation by opening up the dashboard in a web browser, and filling in the form you are presented with. On the 2nd page of the installer, you are asked for information about the storage service. You will need to log into the storage service and find the api key that was generated for your user (in admin->users).
Configuration[edit]
Each service have a configuration file in /etc/sysconfig/archivematica-packagename
Known bugs / Caveats[edit]
- If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
- In RHEL 7 , you might need to enable repo rhel-7-server-eus-optional-rpms with
sudo subscription-manager repos --enable rhel-7-server-eus-optional-rpms
- If you find a bug, please let us know here