a. Installing Fedora

On This Page

Fedora, along with Drupal, is one of the core technologies behind Islandora. This chapter will cover the basic steps for installing Fedora - for more information, please see the FedoraCommons documentation.

Fedora is available under the terms of the Apache License and has a very active open source community producing additional tools, applications and utilities. Islandora currently uses Fedora version 3.7.

Pre-installation Software Checklist

Fedora must have the following to be set-up and running prior to beginning your installation:

• Java SE Development Kit (JDK) 6/7.
  • You can also see Installing Java SE 7 jdk for a quick installation instruction.
• A database: Installed for Fedora. This is typically some version of MySQL. Consult the Fedora installation and configuration page for notes on running other databases.
  • See Setting up a MySQL Database for Fedora for information on configuring the database for Fedora.
• An application server: Fedora includes the Tomcat Application Server. Consult the Fedora installation and configuration page for notes on running other application servers.

Installation Steps

1. Download the latest release of Fedora from Fedora Commons (3.5, 3.6.2, and 3.7.0 have been tested for use with Islandora).
2. Read through Fedora's Installation and Configuration page to ensure the pre-installation system pre-requisites are met. Actually running the installer is done later.

3. Prepare your local environment variables by modifying the .bash_profile or .profile file in the home directory of the fedora user.

 Fedora will need to be given variables to find the main fedora directory, the main tomcat directory, and the location of your Java installation (JDK 6/7). An example set of [Unix/Linux] environment variables are given here.
   
   The following example assumes Java is installed in /usr/lib/jvm/java-7-oracle and Fedora is installed in /usr/local/fedora:

   PATH=/opt/java/bin:$PATH:$HOME/bin
   export FEDORA_HOME=/usr/local/fedora
   export CATALINA_HOME=/usr/local/fedora/tomcat
   export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=128m -Djavax.net.ssl.trustStore=/usr/local/fedora/server/truststore
   -Djavax.net.ssl.trustStorePassword=tomcat"
   export JAVA_HOME=/usr/lib/jvm/java-7-oracle
   export JRE_HOME=/usr/lib/jvm/java-7-oracle/jre
   export KAKADU_LIBRARY_PATH=/usr/local/djatoka/lib/Linux-x86-64
   

4. Before beginning your Fedora installation, create a database for Fedora to use. This is not the same database that you used for your Drupal installation.
5. Start the installer, navigate to the directory where you downloaded the install file (for Fedora 3.7.0, the installer is called: fcrepo-installer-3.7.0.jar) and do one of the following methods:

    

   1. CUSTOM INSTALL - Manually:

      1. Run the following command:

         Command Line for "CUSTOM INSTALL - Manually" of Fedora Commons

         $ java -jar fcrepo-installer-[version number].jar
         [note: 'version number' will vary depending on the version you've downloaded]

      2. Select the CUSTOM INSTALL.

         Selecting "CUSTOM INSTALL"

         It is important to select the Custom Install as it will enable the resource index by default, which is the backbone of Islandora's collection views and other functionality.

      3. The Fedora installer will prompt you for responses to a series of questions. Answer these questions according to the following "install.properties":

         Example "install.properties" for an OS X Environment

         Installation type - custom
         home directory - /usr/local/fedora
         Password - [fedora_password]
         server host - localhost [could be a domain name etc depending on your environment]
         app server context - default
         API-A - default false
         ssl avail - true
         ssl required for api-a - default false
         ssl required for api-m - false
         servlet included - default included
         tomcat home -default
         tomcat http port - 8080 default
         tomcat shutdown - 8005 default
         tomcat ssl - 8443 default
         keystore file - included
         databse - mysql
         mysql driver - default
         database username - [fedora_database_user]
         database password - [password]
         jdbc url - default
         jdbc class- default
         Enable FESL authn - true
         Enable FESL authz - false
         policy enforcement - true
         low level storage - default akubra-fs
         resource index - true
         messaging - true
         messaging provider - default
         deploy local services - true

         Details about the CUSTOM INSTALL questions

         (Source: Installation and Configuration Guide - Fedora 3.7 Documentation)

         Servlet Container

         The installer will automatically configure and deploy to Tomcat 6.0.x and 7.0.x servlet containers. However, if an existing Tomcat installation (as opposed to the Tomcat bundled with the installer) was selected, the installer will not overwrite your existing server.xml, but rather, place a modified copy at FEDORA_HOME/install so that you may review it before before installing it yourself.

         Other servlet containers will require manual deployment of the war files located at FEDORA_HOME/install.

         Application Server Context

         The installer provides the option to enter an application server context name under which Fedora will be deployed. The context name defaults to Fedora (resulting in http[s]://host:port/fedora), however any other valid context name can be supplied. The installer will name the resulting war file according to the supplied context name (defaults to fedora.war). Please ensure that the servlet container configuration reflects the name of the Fedora context name in case it needs to be configured explicitly. For further details see Alternative Webapp Context Configuration.

         SSL

         Configuring SSL support for Fedora's API-M interface is an optional feature. It strongly recommended for production environments if Fedora is exposed to unsecured application and users. However, if your installation is within a managed data center with firewall services, you may choose to provide SSL using a software or hardware front-end instead. For example, a reverse proxy implemented using the Apache HTTP Server and hiding Fedora generally provides better SSL performance.

         If the Tomcat servlet container is selected, the installer will configure server.xml for you. However, as noted above, if an existing Tomcat installation was selected, the installer will not overwrite your existing server.xml.

         Please consult your servlet container's documentation for certificate generation and installation. (In particular, the example certificate provided by the installer for Tomcat should not be used in a production environment).

         If Fedora is configured to use SSL, the JAVA_OPTS environment variable must include the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties. The value of javax.net.ssl.trustStore should be the location of the truststore file and the value of javax.net.ssl.trustStorePassword is the password for the keystore. The following values may be used with the sample keystore included with the installer:

         -Djavax.net.ssl.trustStore=$FEDORA_HOME/server/truststore -Djavax.net.ssl.trustStorePassword=tomcat
         
         

         FeSL

         The Fedora Security Layer is an experimental feature introduced from Fedora 3.3. FeSL consists of two separate components, which can be selected independently during the installation: FeSL Authentication and FeSL Authorisation.

         FeSL Authentication is now the default authentication mechanism, however Fesl Authorization is still considered experimental. FeSL Authorization is a replacement for the legacy XACML policy enforcement, so you should not enable XACML policy enforcement if you are going to use FeSL Authorization, as this will provide an alternative XACML policy enforcement engine. See FeSL Installation for more information about FeSL requirements that must be satisfied prior to installation.

         Resource Index

         If the Resource Index is enabled, Fedora will use Mulgara as its underlying triplestore, with full-text indexing disabled.

         Messaging
         If Messaging is enabled, Fedora will create and send a message via JMS whenever an API-M method is called.

         Once the script has collected your answers and configured Fedora on your system, the values are written to the "install.properties" file and will have a final location in $FEDORA_HOME/install.

          

   2. CUSTOM INSTALL - Automated
      1. Create an "install.properties" file, similar to the 'Example "install.properties"' referenced above.

          

         To create this file:
         1. copy the full contents of the textbox above into a text editor
         2. where applicable change the database name, database user, database password and database port number, and server host to match your database configuration (these items are noted in square brackets)
         3. save the edited file as install.properties to the same directory where the fcrepo ".jar" is stored.

             

      2. Install Fedora by entering:

         Command Line for "CUSTOM INSTALL - Automated" of Fedora Commons

         java -jar fcrepo-installer-[version number].jar install.properties
         [note: 'version number' will vary depending on the version you've downloaded]

Checking Fedora Commons Installation

Once the installation script has completed and Fedora is installed, you need to: start your Fedora instance by running:

$FEDORA_HOME/tomcat/bin/startup.sh

To verify that Fedora has successfully started:

1. $FEDORA_HOME/tomcat/logs/catalina.out should contain no errors.
2. View your Fedora instance through a web browser:
   • http://localhost:8080/fedora/
   • or
   • https://[yourdomain]:8443/fedora

Setting XACML Policies

Install required polices, remove some restrictive policies.

1. First stop your Fedora instance by running:$FEDORA_HOME/tomcat/bin/shutdown.sh

2. Remove they deny-purge policies:

   Command Line to remove "deny-purge" policies

   $ rm -v /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-purge-*

3. Navigate to the Fedora "repository-policies" directory:

   Command Line to create islandora specific policies

   $ cd /usr/local/fedora/data/fedora-xacml-policies/repository-policies/

4. Download / Clone the Islandora specific XACML policies from the Islandora GitHub XACML Policies repo

   $ git clone https://github.com/Islandora/islandora-xacml-policies.git islandora

The Islandora XACML policies should now be located in "/usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora". There should be at least these 4 policies:

• permit-apim-to-authenticated-user.xml
• permit-getDatastream-unrestricted.xml
• permit-getDatastreamHistory-unrestricted.xml
• permit-upload-to-authenticated-user.xml

A standard installation's XACML policy directory structure should look like this:

/usr/local/fedora/data/fedora-xacml-policies/repository-policies/
├── default
│   ├── deny-apim-if-not-localhost.xml
│   ├── deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml
│   ├── deny-policy-management-if-not-administrator.xml
│   ├── deny-reloadPolicies-if-not-localhost.xml
│   ├── deny-unallowed-file-resolution.xml
│   ├── permit-anything-to-administrator.xml
│   ├── permit-apia-unrestricted.xml
│   ├── permit-dsstate-check-unrestricted.xml
│   ├── permit-oai-unrestricted.xml
│   ├── permit-serverStatus-unrestricted.xml
│   └── readme.txt
└── islandora
    ├── permit-apim-to-authenticated-user.xml
    ├── permit-getDatastreamHistory-unrestricted.xml
    ├── permit-getDatastream-unrestricted.xml
    └── permit-upload-to-authenticated-user.xml

Adjusting access for more than "localhost"

Install required polices, remove some restrictive policies.

1. Open the $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml in your favorite editor

2. Locate the text:

   &lt;AttributeValue DataType="<a href="http://www.w3.org/2001/XMLSchema#string">http://www.w3.org/2001/XMLSchema#string</a>"&gt;127.0.0.1&lt;/AttributeValue&gt;

3. Duplicate this line for every IP address you wish to access Fedora from (i.e. your Islandora Drupal server, your desktop computer, etc).
   For example

   <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">127.0.0.1</AttributeValue>
   <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">192.168.56.1</AttributeValue>

   The Fedora default XACML policies can be restored to their default state at any time by simply removing the 'default' directory, and stopping/starting Fedora. Always backup your polices first before doing this!

4. Start up Fedora by using the startup command from step 8:

   $FEDORA_HOME/tomcat/bin/startup.sh

5. Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.

For information on using Fedora, make use of the tutorials at the Fedora Commons site.