Difference between revisions of "Improvements/CentOS-RedHat support/Installation"

From Archivematica
Jump to navigation Jump to search
(Created page with "= Quick install using [https://www.vagrantup.com/ Vagrant] = This method will have you up and running in no time, using a virtual machine provisioned with vagrant. <ul> <li>...")
 
 
(15 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
'''IMPORTANT NOTE''' These instructions will create an installation of a QA version of Archivematica and is not recommended for production use yet.
 +
 
= Quick install using [https://www.vagrantup.com/ Vagrant] =
 
= Quick install using [https://www.vagrantup.com/ Vagrant] =
  
Line 21: Line 23:
 
=== Extra repos ===
 
=== Extra repos ===
  
Some repositories need to be installed in order to fullfill the instalation procedure:
+
Some repositories need to be installed in order to fullfill the installation procedure:
  
 
<ul>
 
<ul>
 
<li><p>Extra packages for enterprise linux</p>
 
<li><p>Extra packages for enterprise linux</p>
<pre>yum install -y epel-release</pre></li>
+
<pre>sudo yum install -y epel-release</pre></li>
 
<li><p>Elasticsearch</p>
 
<li><p>Elasticsearch</p>
 
<pre>sudo -u root rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
 
<pre>sudo -u root rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
Line 40: Line 42:
 
[archivematica]
 
[archivematica]
 
name=archivematica
 
name=archivematica
baseurl=https://packages.archivematica.org/1.x/centos
+
baseurl=https://packages.archivematica.org/1.5.x/centos
 
gpgcheck=0
 
gpgcheck=0
 
enabled=1
 
enabled=1
Line 82: Line 84:
 
<li><p>First, install the pacakges:</p>
 
<li><p>First, install the pacakges:</p>
 
<pre>sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard</pre></li>
 
<pre>sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard</pre></li>
<li><p>Create and populate the mysql database with:</p>
+
<li><p>Create user and mysql database with:</p>
 
<pre>sudo -H -u root mysql -hlocalhost -uroot -e &quot;DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;&quot;
 
<pre>sudo -H -u root mysql -hlocalhost -uroot -e &quot;DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;&quot;
 
sudo -H -u root mysql -hlocalhost -uroot -e &quot;CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';&quot;
 
sudo -H -u root mysql -hlocalhost -uroot -e &quot;CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';&quot;
sudo -H -u root mysql -hlocalhost -uroot -e &quot;GRANT ALL ON MCP.* TO 'archivematica'@'localhost';&quot;
+
sudo -H -u root mysql -hlocalhost -uroot -e &quot;GRANT ALL ON MCP.* TO 'archivematica'@'localhost';&quot;</pre></li>
sudo -H -u root mysql -hlocalhost -uroot MCP &lt; /usr/share/archivematica/MCPServer/mysql</pre></li>
 
 
<li><p>And as archivematica user, run migrations:</p>
 
<li><p>And as archivematica user, run migrations:</p>
 
<pre>sudo -u archivematica bash -c &quot; \
 
<pre>sudo -u archivematica bash -c &quot; \
Line 94: Line 95:
 
/usr/lib/python2.7/archivematica/dashboard/bin/python manage.py syncdb --noinput
 
/usr/lib/python2.7/archivematica/dashboard/bin/python manage.py syncdb --noinput
 
&quot;;
 
&quot;;
sudo -u root /usr/share/archivematica/MCPServer/mysql_dev.sh MCP</pre></li>
+
</pre></li>
 
<li><p>Start and enable services:</p>
 
<li><p>Start and enable services:</p>
 
<pre>sudo -u root systemctl enable archivematica-mcp-server
 
<pre>sudo -u root systemctl enable archivematica-mcp-server
Line 101: Line 102:
 
sudo -u root systemctl start archivematica-dashboard</pre></li>
 
sudo -u root systemctl start archivematica-dashboard</pre></li>
 
<li><p>Reload nginx in order to load the dashboard config file:<br />
 
<li><p>Reload nginx in order to load the dashboard config file:<br />
sudo -u root systemctl reload nginx</p></li></ul>
+
<pre>
 +
sudo -u root systemctl reload nginx
 +
</pre>
 +
</p></li></ul>
  
 
The dashboard will be avaliable at http://ip:81
 
The dashboard will be avaliable at http://ip:81
 +
 
== Installing Archivematica MCP Client ==
 
== Installing Archivematica MCP Client ==
  
 
<ul>
 
<ul>
 
<li><p>First, we need to add some extra repos with the MCP Client dependencies:</p></li>
 
<li><p>First, we need to add some extra repos with the MCP Client dependencies:</p></li>
 +
<li><p>Archivematica supplied external packages:</p>
 +
<pre>sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica-extras.repo
 +
[archivematica-extras]
 +
name=archivematica-extras
 +
baseurl=https://packages.archivematica.org/1.5.x/centos-extras
 +
gpgcheck=0
 +
enabled=1
 +
EOF'
 +
</pre></li>
 
<li><p>Nux multimedia repo</p>
 
<li><p>Nux multimedia repo</p>
<pre>   rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm</pre></li>
+
<pre>sudo rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm</pre></li>
 
<li><p>Forensic tools repo</p>
 
<li><p>Forensic tools repo</p>
<pre>   rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</pre></li>
+
<pre>sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</pre></li>
 +
<li><p>clamAV ( tested with version 0.99.2.01.el7 )<br>
 +
archivematica uses clamdscan (with "d"). Note that Clamd is a daemon that runs in the background and is called by clamdscan. This saves lots of time on scanning. Clamscan (without "d") is the "one off" version of this. It doesn't use clamd and therefore must load the virus database every time it runs. Also note that clamAV requires certain amount of RAM to run, in our tests it didn't run on a VM with 512M (check /var/log/messages if suspecting low memory, the OOM killer will log messages there when killing clamAV</p>
 +
  <ul>
 +
    <li>Install EPEL repo
 +
        <pre># yum install epel-release</pre>
 +
    <li>Install clamAV packages
 +
        <pre># yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd</pre>
 +
    <li>edit /etc/freshclam.conf to comment out/remove "Example" line
 +
    <li>Run freshclam to retrieve virus database
 +
        <pre># freshclam</pre>
 +
    <li>edit /etc/sysconfig/freshclam to comment out the FRESHCLAM_DELAY=disabled-warn (to allow /etc/cron.d/clamav-update update the virus database)
 +
    <li>edit etc/clamd.d/scan.conf to comment out/remove "Example" line (add a "#" to comment out), and uncomment the "TCPSocket 3310" and "TCPAddr 127.0.0.1" lines (remove the "#")
 +
    <li>enable clamdscan@service
 +
        <pre>systemctl enable clamd@scan</pre>
 +
    <li>start clamdscan@service
 +
        <pre>systemctl start clamd@scan</pre>
 +
    <li> symlink /etc/clamd.d/scan.conf to  /etc/clamd.conf (clamdscan expects the config file there)
 +
        <pre># ln -s /etc/clamd.d/scan.conf /etc/clamd.conf</pre>
 +
    <li> Check that clamdscan is working with user archivematica
 +
        <pre># sudo -u archivematica clamdscan - < /var/archivematica/sharedDirectory/currentlyProcessing/.gitignore
 +
stream: OK
 +
 
 +
----------- SCAN SUMMARY -----------
 +
Infected files: 0
 +
Time: 0.003 sec (0 m 0 s)</pre>
 +
(If the archivematica user does not have access to the socket will get an error "ERROR: Could not lookup : Servname not supported for ai_socktype")
 +
  </ul>
 
<li><p>Then, install the package:</p>
 
<li><p>Then, install the package:</p>
 
<pre>sudo -u root yum install -y archivematica-mcp-client</pre></li>
 
<pre>sudo -u root yum install -y archivematica-mcp-client</pre></li>
 
<li><p>The MCP Client expect some programs in certain paths, so we put things in place:</p>
 
<li><p>The MCP Client expect some programs in certain paths, so we put things in place:</p>
<pre>sudo cp /usr/bin/clamscan /usr/bin/clamdscan
+
<pre>
 
sudo ln -s /usr/bin/7za /usr/bin/7z</pre></li>
 
sudo ln -s /usr/bin/7za /usr/bin/7z</pre></li>
 
<li><p>After that, we can enable and start services</p>
 
<li><p>After that, we can enable and start services</p>
Line 122: Line 163:
 
sudo -u root systemctl enable fits-nailgun
 
sudo -u root systemctl enable fits-nailgun
 
sudo -u root systemctl start fits-nailgun</pre></li></ul>
 
sudo -u root systemctl start fits-nailgun</pre></li></ul>
 +
 +
== Finalizing Installation ==
 +
 +
The dashboard will be available on port 81, and the storage service on port 8001.  You will need to complete the installation by opening up the dashboard in a web browser, and filling in the form you are presented with.  On the 2nd page of the installer, you are asked for information about the storage service.  You will need to log into the storage service and find the api key that was generated for your user (in admin->users).
  
 
== Configuration ==
 
== Configuration ==
Line 130: Line 175:
  
 
* If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
 
* If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
 +
* In RHEL 7 , you might need to enable repo  rhel-7-server-eus-optional-rpms  with
 +
<pre>
 +
sudo subscription-manager repos --enable rhel-7-server-eus-optional-rpms
 +
</pre>
 
* If you find a bug, please let us know [https://github.com/artefactual-labs/am-packbuild/issues here]
 
* If you find a bug, please let us know [https://github.com/artefactual-labs/am-packbuild/issues here]

Latest revision as of 16:31, 15 February 2017

IMPORTANT NOTE These instructions will create an installation of a QA version of Archivematica and is not recommended for production use yet.

Quick install using Vagrant[edit]

This method will have you up and running in no time, using a virtual machine provisioned with vagrant.

  • First, clone the am-packbuild repo:

    git clone https://github.com/artefactual-labs/am-packbuild/
  • cd into the rpm-testing directory

    cd am-packbuild/rpm-testing/
  • run vagrant

    vagrant up

After the install, the Archivematica Dashboard will be avaliable on port 81 of the vagrant deployed box, and the Storage Service, in port 8001.

You can log in the vm over ssh running vagrant ssh

Step by step Install[edit]

Prerequisites[edit]

Extra repos[edit]

Some repositories need to be installed in order to fullfill the installation procedure:

  • Extra packages for enterprise linux

    sudo yum install -y epel-release
  • Elasticsearch

    sudo -u root rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
    sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/elasticsearch.repo
    [elasticsearch-1.7]
    name=Elasticsearch repository for 1.7 packages
    baseurl=https://packages.elastic.co/elasticsearch/1.7/centos
    gpgcheck=1
    gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    EOF'
  • Archivematica

    sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica.repo
    [archivematica]
    name=archivematica
    baseurl=https://packages.archivematica.org/1.5.x/centos
    gpgcheck=0
    enabled=1
    EOF'

Service depencencies.[edit]

Common services like elasticsearch, mariadb and gearmand should be installed and enabled before the archivematica install. It can be done with:

sudo -u root yum install -y java-1.8.0-openjdk-headless elasticsearch mariadb-server gearmand
sudo -u root systemctl enable elasticsearch
sudo -u root systemctl start elasticsearch
sudo -u root systemctl enable mariadb
sudo -u root systemctl start mariadb
sudo -u root systemctl enable gearmand
sudo -u root systemctl start gearmand

Installing Archivematica Storage Service[edit]

  • First, we install the packages:

    sudo -u root yum install -y python-pip archivematica-storage-service
  • After the package is installed, we need to populate the sqlite database, and collect some static files used by django. Those tasks must be run as “archivematica” user.

    sudo -u archivematica bash -c " \
    set -a -e -x
    source /etc/sysconfig/archivematica-storage-service
    cd /usr/share/archivematica/storage-service
    /usr/lib/python2.7/archivematica/storage-service/bin/python manage.py migrate
    /usr/lib/python2.7/archivematica/storage-service/bin/python manage.py collectstatic --noinput
    ";
  • And now, we enable and start the archivematica-storage-service and it’s nginx frontend

    sudo -u root systemctl enable archivematica-storage-service
    sudo -u root systemctl start archivematica-storage-service
    sudo -u root systemctl enable nginx
    sudo -u root systemctl start nginx

The storage service will be avaliable at http://<ip>:8001

Installing Archivematica Dashboard and MCP Server[edit]

  • First, install the pacakges:

    sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard
  • Create user and mysql database with:

    sudo -H -u root mysql -hlocalhost -uroot -e "DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
    sudo -H -u root mysql -hlocalhost -uroot -e "CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';"
    sudo -H -u root mysql -hlocalhost -uroot -e "GRANT ALL ON MCP.* TO 'archivematica'@'localhost';"
  • And as archivematica user, run migrations:

    sudo -u archivematica bash -c " \
    set -a -e -x
    source /etc/sysconfig/archivematica-dashboard
    cd /usr/share/archivematica/dashboard
    /usr/lib/python2.7/archivematica/dashboard/bin/python manage.py syncdb --noinput
    ";
    
  • Start and enable services:

    sudo -u root systemctl enable archivematica-mcp-server
    sudo -u root systemctl start archivematica-mcp-server
    sudo -u root systemctl enable archivematica-dashboard
    sudo -u root systemctl start archivematica-dashboard
  • Reload nginx in order to load the dashboard config file:

    sudo -u root systemctl reload nginx
    

The dashboard will be avaliable at http://ip:81

Installing Archivematica MCP Client[edit]

  • First, we need to add some extra repos with the MCP Client dependencies:

  • Archivematica supplied external packages:

    sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica-extras.repo
    [archivematica-extras]
    name=archivematica-extras
    baseurl=https://packages.archivematica.org/1.5.x/centos-extras
    gpgcheck=0
    enabled=1
    EOF'
    
  • Nux multimedia repo

    sudo rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
  • Forensic tools repo

    sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm
  • clamAV ( tested with version 0.99.2.01.el7 )
    archivematica uses clamdscan (with "d"). Note that Clamd is a daemon that runs in the background and is called by clamdscan. This saves lots of time on scanning. Clamscan (without "d") is the "one off" version of this. It doesn't use clamd and therefore must load the virus database every time it runs. Also note that clamAV requires certain amount of RAM to run, in our tests it didn't run on a VM with 512M (check /var/log/messages if suspecting low memory, the OOM killer will log messages there when killing clamAV

    • Install EPEL repo
      # yum install epel-release
    • Install clamAV packages
      # yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
    • edit /etc/freshclam.conf to comment out/remove "Example" line
    • Run freshclam to retrieve virus database
      # freshclam
    • edit /etc/sysconfig/freshclam to comment out the FRESHCLAM_DELAY=disabled-warn (to allow /etc/cron.d/clamav-update update the virus database)
    • edit etc/clamd.d/scan.conf to comment out/remove "Example" line (add a "#" to comment out), and uncomment the "TCPSocket 3310" and "TCPAddr 127.0.0.1" lines (remove the "#")
    • enable clamdscan@service
      systemctl enable clamd@scan
    • start clamdscan@service
      systemctl start clamd@scan
    • symlink /etc/clamd.d/scan.conf to /etc/clamd.conf (clamdscan expects the config file there)
      # ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
    • Check that clamdscan is working with user archivematica
      # sudo -u archivematica clamdscan - < /var/archivematica/sharedDirectory/currentlyProcessing/.gitignore
      stream: OK
      
      ----------- SCAN SUMMARY -----------
      Infected files: 0
      Time: 0.003 sec (0 m 0 s)

      (If the archivematica user does not have access to the socket will get an error "ERROR: Could not lookup : Servname not supported for ai_socktype")

  • Then, install the package:

    sudo -u root yum install -y archivematica-mcp-client
  • The MCP Client expect some programs in certain paths, so we put things in place:

    sudo ln -s /usr/bin/7za /usr/bin/7z
  • After that, we can enable and start services

    sudo -u root systemctl enable archivematica-mcp-client
    sudo -u root systemctl start archivematica-mcp-client
    sudo -u root systemctl enable fits-nailgun
    sudo -u root systemctl start fits-nailgun

Finalizing Installation[edit]

The dashboard will be available on port 81, and the storage service on port 8001. You will need to complete the installation by opening up the dashboard in a web browser, and filling in the form you are presented with. On the 2nd page of the installer, you are asked for information about the storage service. You will need to log into the storage service and find the api key that was generated for your user (in admin->users).

Configuration[edit]

Each service have a configuration file in /etc/sysconfig/archivematica-packagename

Known bugs / Caveats[edit]

  • If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
  • In RHEL 7 , you might need to enable repo rhel-7-server-eus-optional-rpms with
 sudo subscription-manager repos --enable rhel-7-server-eus-optional-rpms
  • If you find a bug, please let us know here