Difference between revisions of "Improvements/CentOS-RedHat support/Installation"

From Archivematica
Jump to navigation Jump to search
 
(8 intermediate revisions by 2 users not shown)
Line 84: Line 84:
 
<li><p>First, install the pacakges:</p>
 
<li><p>First, install the pacakges:</p>
 
<pre>sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard</pre></li>
 
<pre>sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard</pre></li>
<li><p>Create and populate the mysql database with:</p>
+
<li><p>Create user and mysql database with:</p>
 
<pre>sudo -H -u root mysql -hlocalhost -uroot -e &quot;DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;&quot;
 
<pre>sudo -H -u root mysql -hlocalhost -uroot -e &quot;DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;&quot;
 
sudo -H -u root mysql -hlocalhost -uroot -e &quot;CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';&quot;
 
sudo -H -u root mysql -hlocalhost -uroot -e &quot;CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';&quot;
Line 102: Line 102:
 
sudo -u root systemctl start archivematica-dashboard</pre></li>
 
sudo -u root systemctl start archivematica-dashboard</pre></li>
 
<li><p>Reload nginx in order to load the dashboard config file:<br />
 
<li><p>Reload nginx in order to load the dashboard config file:<br />
sudo -u root systemctl reload nginx</p></li></ul>
+
<pre>
 +
sudo -u root systemctl reload nginx
 +
</pre>
 +
</p></li></ul>
  
 
The dashboard will be avaliable at http://ip:81
 
The dashboard will be avaliable at http://ip:81
Line 120: Line 123:
 
</pre></li>
 
</pre></li>
 
<li><p>Nux multimedia repo</p>
 
<li><p>Nux multimedia repo</p>
<pre>rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm</pre></li>
+
<pre>sudo rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm</pre></li>
 
<li><p>Forensic tools repo</p>
 
<li><p>Forensic tools repo</p>
<pre>rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</pre></li>
+
<pre>sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm</pre></li>
 +
<li><p>clamAV ( tested with version 0.99.2.01.el7 )<br>
 +
archivematica uses clamdscan (with "d"). Note that Clamd is a daemon that runs in the background and is called by clamdscan. This saves lots of time on scanning. Clamscan (without "d") is the "one off" version of this. It doesn't use clamd and therefore must load the virus database every time it runs. Also note that clamAV requires certain amount of RAM to run, in our tests it didn't run on a VM with 512M (check /var/log/messages if suspecting low memory, the OOM killer will log messages there when killing clamAV</p>
 +
  <ul>
 +
    <li>Install EPEL repo
 +
        <pre># yum install epel-release</pre>
 +
    <li>Install clamAV packages
 +
        <pre># yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd</pre>
 +
    <li>edit /etc/freshclam.conf to comment out/remove "Example" line
 +
    <li>Run freshclam to retrieve virus database
 +
        <pre># freshclam</pre>
 +
    <li>edit /etc/sysconfig/freshclam to comment out the FRESHCLAM_DELAY=disabled-warn (to allow /etc/cron.d/clamav-update update the virus database)
 +
    <li>edit etc/clamd.d/scan.conf to comment out/remove "Example" line (add a "#" to comment out), and uncomment the "TCPSocket 3310" and "TCPAddr 127.0.0.1" lines (remove the "#")
 +
    <li>enable clamdscan@service
 +
        <pre>systemctl enable clamd@scan</pre>
 +
    <li>start clamdscan@service
 +
        <pre>systemctl start clamd@scan</pre>
 +
    <li> symlink /etc/clamd.d/scan.conf to  /etc/clamd.conf (clamdscan expects the config file there)
 +
        <pre># ln -s /etc/clamd.d/scan.conf /etc/clamd.conf</pre>
 +
    <li> Check that clamdscan is working with user archivematica
 +
        <pre># sudo -u archivematica clamdscan - < /var/archivematica/sharedDirectory/currentlyProcessing/.gitignore
 +
stream: OK
 +
 
 +
----------- SCAN SUMMARY -----------
 +
Infected files: 0
 +
Time: 0.003 sec (0 m 0 s)</pre>
 +
(If the archivematica user does not have access to the socket will get an error "ERROR: Could not lookup : Servname not supported for ai_socktype")
 +
  </ul>
 
<li><p>Then, install the package:</p>
 
<li><p>Then, install the package:</p>
 
<pre>sudo -u root yum install -y archivematica-mcp-client</pre></li>
 
<pre>sudo -u root yum install -y archivematica-mcp-client</pre></li>
 
<li><p>The MCP Client expect some programs in certain paths, so we put things in place:</p>
 
<li><p>The MCP Client expect some programs in certain paths, so we put things in place:</p>
<pre>sudo cp /usr/bin/clamscan /usr/bin/clamdscan
+
<pre>
 
sudo ln -s /usr/bin/7za /usr/bin/7z</pre></li>
 
sudo ln -s /usr/bin/7za /usr/bin/7z</pre></li>
 
<li><p>After that, we can enable and start services</p>
 
<li><p>After that, we can enable and start services</p>
Line 145: Line 175:
  
 
* If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
 
* If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
 +
* In RHEL 7 , you might need to enable repo  rhel-7-server-eus-optional-rpms  with
 +
<pre>
 +
sudo subscription-manager repos --enable rhel-7-server-eus-optional-rpms
 +
</pre>
 
* If you find a bug, please let us know [https://github.com/artefactual-labs/am-packbuild/issues here]
 
* If you find a bug, please let us know [https://github.com/artefactual-labs/am-packbuild/issues here]

Latest revision as of 16:31, 15 February 2017

IMPORTANT NOTE These instructions will create an installation of a QA version of Archivematica and is not recommended for production use yet.

Quick install using Vagrant[edit]

This method will have you up and running in no time, using a virtual machine provisioned with vagrant.

  • First, clone the am-packbuild repo:

    git clone https://github.com/artefactual-labs/am-packbuild/
  • cd into the rpm-testing directory

    cd am-packbuild/rpm-testing/
  • run vagrant

    vagrant up

After the install, the Archivematica Dashboard will be avaliable on port 81 of the vagrant deployed box, and the Storage Service, in port 8001.

You can log in the vm over ssh running vagrant ssh

Step by step Install[edit]

Prerequisites[edit]

Extra repos[edit]

Some repositories need to be installed in order to fullfill the installation procedure:

  • Extra packages for enterprise linux

    sudo yum install -y epel-release
  • Elasticsearch

    sudo -u root rpm --import https://packages.elastic.co/GPG-KEY-elasticsearch
    sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/elasticsearch.repo
    [elasticsearch-1.7]
    name=Elasticsearch repository for 1.7 packages
    baseurl=https://packages.elastic.co/elasticsearch/1.7/centos
    gpgcheck=1
    gpgkey=https://packages.elastic.co/GPG-KEY-elasticsearch
    enabled=1
    EOF'
  • Archivematica

    sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica.repo
    [archivematica]
    name=archivematica
    baseurl=https://packages.archivematica.org/1.5.x/centos
    gpgcheck=0
    enabled=1
    EOF'

Service depencencies.[edit]

Common services like elasticsearch, mariadb and gearmand should be installed and enabled before the archivematica install. It can be done with:

sudo -u root yum install -y java-1.8.0-openjdk-headless elasticsearch mariadb-server gearmand
sudo -u root systemctl enable elasticsearch
sudo -u root systemctl start elasticsearch
sudo -u root systemctl enable mariadb
sudo -u root systemctl start mariadb
sudo -u root systemctl enable gearmand
sudo -u root systemctl start gearmand

Installing Archivematica Storage Service[edit]

  • First, we install the packages:

    sudo -u root yum install -y python-pip archivematica-storage-service
  • After the package is installed, we need to populate the sqlite database, and collect some static files used by django. Those tasks must be run as “archivematica” user.

    sudo -u archivematica bash -c " \
    set -a -e -x
    source /etc/sysconfig/archivematica-storage-service
    cd /usr/share/archivematica/storage-service
    /usr/lib/python2.7/archivematica/storage-service/bin/python manage.py migrate
    /usr/lib/python2.7/archivematica/storage-service/bin/python manage.py collectstatic --noinput
    ";
  • And now, we enable and start the archivematica-storage-service and it’s nginx frontend

    sudo -u root systemctl enable archivematica-storage-service
    sudo -u root systemctl start archivematica-storage-service
    sudo -u root systemctl enable nginx
    sudo -u root systemctl start nginx

The storage service will be avaliable at http://<ip>:8001

Installing Archivematica Dashboard and MCP Server[edit]

  • First, install the pacakges:

    sudo -u root yum install -y archivematica-common archivematica-mcp-server archivematica-dashboard
  • Create user and mysql database with:

    sudo -H -u root mysql -hlocalhost -uroot -e "DROP DATABASE IF EXISTS MCP; CREATE DATABASE MCP CHARACTER SET utf8 COLLATE utf8_unicode_ci;"
    sudo -H -u root mysql -hlocalhost -uroot -e "CREATE USER 'archivematica'@'localhost' IDENTIFIED BY 'demo';"
    sudo -H -u root mysql -hlocalhost -uroot -e "GRANT ALL ON MCP.* TO 'archivematica'@'localhost';"
  • And as archivematica user, run migrations:

    sudo -u archivematica bash -c " \
    set -a -e -x
    source /etc/sysconfig/archivematica-dashboard
    cd /usr/share/archivematica/dashboard
    /usr/lib/python2.7/archivematica/dashboard/bin/python manage.py syncdb --noinput
    ";
    
  • Start and enable services:

    sudo -u root systemctl enable archivematica-mcp-server
    sudo -u root systemctl start archivematica-mcp-server
    sudo -u root systemctl enable archivematica-dashboard
    sudo -u root systemctl start archivematica-dashboard
  • Reload nginx in order to load the dashboard config file:

    sudo -u root systemctl reload nginx
    

The dashboard will be avaliable at http://ip:81

Installing Archivematica MCP Client[edit]

  • First, we need to add some extra repos with the MCP Client dependencies:

  • Archivematica supplied external packages:

    sudo -u root bash -c 'cat << EOF > /etc/yum.repos.d/archivematica-extras.repo
    [archivematica-extras]
    name=archivematica-extras
    baseurl=https://packages.archivematica.org/1.5.x/centos-extras
    gpgcheck=0
    enabled=1
    EOF'
    
  • Nux multimedia repo

    sudo rpm -Uvh https://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
  • Forensic tools repo

    sudo rpm -Uvh https://forensics.cert.org/cert-forensics-tools-release-el7.rpm
  • clamAV ( tested with version 0.99.2.01.el7 )
    archivematica uses clamdscan (with "d"). Note that Clamd is a daemon that runs in the background and is called by clamdscan. This saves lots of time on scanning. Clamscan (without "d") is the "one off" version of this. It doesn't use clamd and therefore must load the virus database every time it runs. Also note that clamAV requires certain amount of RAM to run, in our tests it didn't run on a VM with 512M (check /var/log/messages if suspecting low memory, the OOM killer will log messages there when killing clamAV

    • Install EPEL repo
      # yum install epel-release
    • Install clamAV packages
      # yum install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd
    • edit /etc/freshclam.conf to comment out/remove "Example" line
    • Run freshclam to retrieve virus database
      # freshclam
    • edit /etc/sysconfig/freshclam to comment out the FRESHCLAM_DELAY=disabled-warn (to allow /etc/cron.d/clamav-update update the virus database)
    • edit etc/clamd.d/scan.conf to comment out/remove "Example" line (add a "#" to comment out), and uncomment the "TCPSocket 3310" and "TCPAddr 127.0.0.1" lines (remove the "#")
    • enable clamdscan@service
      systemctl enable clamd@scan
    • start clamdscan@service
      systemctl start clamd@scan
    • symlink /etc/clamd.d/scan.conf to /etc/clamd.conf (clamdscan expects the config file there)
      # ln -s /etc/clamd.d/scan.conf /etc/clamd.conf
    • Check that clamdscan is working with user archivematica
      # sudo -u archivematica clamdscan - < /var/archivematica/sharedDirectory/currentlyProcessing/.gitignore
      stream: OK
      
      ----------- SCAN SUMMARY -----------
      Infected files: 0
      Time: 0.003 sec (0 m 0 s)

      (If the archivematica user does not have access to the socket will get an error "ERROR: Could not lookup : Servname not supported for ai_socktype")

  • Then, install the package:

    sudo -u root yum install -y archivematica-mcp-client
  • The MCP Client expect some programs in certain paths, so we put things in place:

    sudo ln -s /usr/bin/7za /usr/bin/7z
  • After that, we can enable and start services

    sudo -u root systemctl enable archivematica-mcp-client
    sudo -u root systemctl start archivematica-mcp-client
    sudo -u root systemctl enable fits-nailgun
    sudo -u root systemctl start fits-nailgun

Finalizing Installation[edit]

The dashboard will be available on port 81, and the storage service on port 8001. You will need to complete the installation by opening up the dashboard in a web browser, and filling in the form you are presented with. On the 2nd page of the installer, you are asked for information about the storage service. You will need to log into the storage service and find the api key that was generated for your user (in admin->users).

Configuration[edit]

Each service have a configuration file in /etc/sysconfig/archivematica-packagename

Known bugs / Caveats[edit]

  • If IPv6 is disabled, Nginx may refuse to start. If that is the case make sure that the listen directives used under /etc/nginx are not using IPv6 addresses like [::]:80.
  • In RHEL 7 , you might need to enable repo rhel-7-server-eus-optional-rpms with
 sudo subscription-manager repos --enable rhel-7-server-eus-optional-rpms
  • If you find a bug, please let us know here