...
- NB! Be extremely careful if using copy-paste! Also note that wiki page may eat some specific chars.
2 Required sofware
Install them in that order. You can find them from /usr/ports.
| Panel |
|---|
unmigrated-wiki-markup |
|---|
lang/perl5.14
lang/python27
www/apache22
databases/postgresql91-server
\
[ databases/postgresql91-contrib <\- optional, but may become handy \ ]
java/openjdk6
www/tomcat7
devel/apache-ant
www/mod_jk
devel/maven3
shells/bash |
3 Configuration rollercoaster
...
| Panel |
|---|
tcsh# grep AllowGroups /etc/ssh/sshd_config
AllowGroups wheel tcsh# mkdir /var/log/apache2
tcsh# chown www /var/log/apache2
tcsh# mkdir -p /data/home/www
tcsh# pw usermod www -d /data/home/www
tcsh# echo "exit" > /data/home/www/.login
tcsh# chsh -s /bin/sh www |
Several scripts from dspace are using "/bin/bash". To make them happy:
...
Some lines are omitted from output. Also configure "apache22/extra/httpd-mpm.conf" and "httpd-default.conf" to suit You. Also don't forget apache certificates.
| Panel |
|---|
unmigrated-wiki-markup |
|---|
*tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/httpd.conf*
/*/
LoadModule rewrite_module libexec/apache22/mod_rewrite.so
LoadModule jk_module module libexec/apache22/mod_jk.so
/*/
ErrorLog "/var/log/apache2/httpd-error.log"
/*/
CustomLog "\
CustomLog "|/usr/local/sbin/rotatelogs \ -l /var/log/apache2/httpd-access_%Y-%m-%d.log 86400" combined
/*/
Include etc/apache22/extra/httpd-mpm.conf
Include etc/apache22/extra/httpd-default.conf
Include etc/apache22/extra/httpd-ssl.conf
/*/
Include etc/apache22/Includes/*.conf
NameVirtualHost \ *:80
<IfModule jk_module>
# relative path to
# relative path to /usr/local
JkWorkersFile
JkWorkersFile etc/apache22/workers.properties
JkShmFile
JkShmFile /var/run/jk-runtime-status
JkLogLevel error
JkLogFile /var/
JkLogLevel error
JkLogFile /var/log/apache2/mod_jk.log
</IfModule>
<VirtualHost \ *:80>
ServerName dspace.example.com
DocumentRoot
DocumentRoot /usr/local/www/apache22/data
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
</IfModule>
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
RewriteCond [http://%]| Wiki Markup |
|---|
\{HTTP_HOST\}%\{REQUEST_URI\}
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/* localhost-worker
</IfModule>
RewriteEngine On
RewriteRule ^/$ /xmlui/ [PT]
RewriteRule ^/$ /solr/ [PT]
RewriteRule ^/$ /oai/ [PT]
RewriteCond http://%{HTTP_HOST}%{REQUEST_URI} (.*)-login(.*) \ [OR\]
RewriteCond [http://%]| Wiki Markup |
|---|
\]
RewriteCond http://%{HTTP_HOST\}%\{REQUEST_URI\} (.*)/register(.*) \ [OR\]
RewriteCond []
RewriteCond http://%]{HTTP_HOST}%{REQUEST_URI} (.*)/forgot(.*)
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
#
CustomLog "|/usr/local/sbin/rotatelogs -l /var/log/apache2/dspace.example.com-access-%Y-%m-%d.log 86400" combined
ErrorLog /var/log/apache2/dspace.example.com-error.log
</VirtualHost>unmigrated-wiki-markup *tcsh# egrep \ -v "#\|"^$ /usr/local/etc/apache22/extra/httpd-ssl.conf*
Listen 443
/*/
<VirtualHost \ _default_:443>
ServerName dspace.example.com:443
ServerAdmin hostmaster@example.com
DocumentRoot "/usr/local/www/apache22/data"
<IfModule jk_module>
JkMount /xmlui localhost-worker
JkMount /xmlui/\* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/\* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/\* localhost-worker
RewriteEngine On
RewriteRule \^/$ /xmlui/ \[PT\]
RewriteRule \^/$ /solr/ \[PT\]
RewriteRule \^/$ /oai/ \[PT\]
</IfModule>
ErrorLog "\
JkMount /xmlui localhost-worker
JkMount /xmlui/* localhost-worker
JkMount /solr localhost-worker
JkMount /solr/* localhost-worker
JkMount /oai localhost-worker
JkMount /oai/* localhost-worker
RewriteEngine On
RewriteRule ^/$ /xmlui/ [PT]
RewriteRule ^/$ /solr/ [PT]
RewriteRule ^/$ /oai/ [PT]
</IfModule>
ErrorLog "|/usr/local/sbin/rotatelogs /var/log/apache2/https-error-%Y-%m-%d.log 5M"
TransferLog "\|/usr/local/sbin/rotatelogs /var/log/apache2/https-access-%Y-%m-%d.log 86400"
/*/
SSLCertificateFile "/usr/local/etc/apache22/certs/dspace.example.com.crt"
SSLCertificateKeyFile "/usr/local/etc/apache22/certs/dspace.example.com.key"
SSLCertificateChainFile "/usr/local/etc/apache22/certs/dspace-bundle.example.com.crt"
/*/
<Directory "/data/dspace/webapps/xmlui">
SSLOptions \+StdEnvVars \+ExportCertData
SSLOptions +StdEnvVars +ExportCertData
</Directory> |
4 Install Dspace
| Panel |
|---|
tcsh# mkdir /data/dspace
tcsh# cd /data
* tcsh# fetch -o dspace-1.8.1-src-release.tar.gz *http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download\* (http://sourceforge.net/projects/dspace/files/DSpace%20Stable/1.8.1/dspace-1.8.1-src-release.tar.gz/download*)
tcsh# tar xzf dspace-1.8.1-src-release.tar.gz
tcsh# cd /data/dspace-1.8.1-src-release/dspace/config/ |
...
Open /data/dspace-1.8.1-src-release/dspace/config/dspace.cfg and make Your changes:
| Code Blockpanel |
|---|
|
dspace.dir = /data/dspace
dspace.hostname
= dspace.example.com
dspace.baseUrl
= [http://dspace.example.com ]
dspace.url
= ${dspace.baseUrl}/xmlui
dspace.name
= Dspace at Example.Com
db.name
= postgres
db.url
= jdbc:postgresql://localhost:5432/dspacedb
db.driver
= org.postgresql.Driver
db.username
= dspace
db.password
= s0mepw
db.maxconnections
= 30
db.maxwait
= 5000
db.maxidle
= \ -1
db.statementpool
= true
mail.server
= smtp.example.com
mail.server.port
= 25
mail.from.address
= dspace-noreply@example.com
feedback.recipient
= dspace-help@example.com
mail.admin
= dspace-help@example.com
alert.recipient
= postmaster@example.com
registration.notify
= dspace-help@example.com
mail.charset
= UTF-8
mail.allowed.referrers
= localhost,dspace.example.com
mail.server.disabled
= false
default.language
= en_US
assetstore.dir
= ${dspace.dir}/assetstore
log.init.config
= ${dspace.dir}/config/log4j.properties
log.dir
= /var/log/apache2/
search.dir
= ${dspace.dir}/search
/*/
handle.canonical.prefix
= [http://hdl.handle.net/ ]
handle.prefix
= 12345
handle.dir
= ${dspace.dir}/handle-server
/*/
upload.max
= 536870912
default.locale
= en
xmlui.supported.locales
= en
xmlui.force.ssl
= true
xmlui.user.registration=false
|
Configure LDAP module. As i'm writing its not possible to configure multiple ldap servers in order to achieve failover (eg. ldap://ldapserver1 ldapserver2/?blah?blah).
| Code Blockpanel |
|---|
|
* tcsh# egrep \ -v "# \|"^$ modules/authentication-ldap.cfg *
enable
= true
autoregister
= true
provider_url
= ldaps://myldap.example.com/
id_field
= uid
object_context
= ou=people,dc=example,dc=com
search_context
= ou=people,dc=example,dc=com
email_field
= mail
surname_field
= sn
givenname_field
= givenName
phone_field
= telephoneNumber
search_scope
= 2
search.user
= cn=ldap-bind,cn=Users,dc=example,dc=com
search.password
= s0mepw2
netid_email_domain
= @example.com
|
As You can see, i'm using LDAPS. We'll be back to it later on.
Following command fetches software from internet in order to build dspace. This soft will be placed under $HOME/.m2/ directory. In my case /root/.m2/. If You want to, You can build dspace as "www" user. I'm doing it as root.
| Code Blockpanel |
|---|
|
* tcsh# /data/dspace-1.8.1-src-release *
*
tcsh#
mvn package *
*
tcsh#
cd /data/dspace-1.8.1-src-release/dspace/target/dspace-1.8.1-build/ *
*
tcsh#
ant fresh_install *
|
As looking from my notes there was an issue with creating PostgreSQL database (PL/pgSQL related). Seems that following helped out. However - i can't verify or confirm it at the moment.
| Code Blockpanel |
|---|
|
_ tcsh# dropdb \ -U pgsql dspacedb_
_tcsh# createdb \dspacedb
tcsh# createdb -U pgsql \ -O dspace \ -E UNICODE dspacedb _
_
tcsh#
psql \ -h localhost \ -U dspace \ -f /data/dspace-1.8.1-src-release/dspace/etc/postgres/database_schema.sql dspacedb _
|
And finally set proper permissons:
| Code Blockpanel |
|---|
|
* tcsh# chown \ -R www:www /data/dspace *
|
Just in case verify /data/dspace/config/log4j.properties doesn't bug You. Remove unneeded "/" There may be 3 erratic lines like this one:
| Code Blockpanel |
|---|
|
/var/log/apache2/ */ *cocoon.log
|
Also verify that /data/dspace/config/modules/authentication.cfg and authentication-ldap.cfg are correct.
Since i like to keep all dspace related things in one place and i have pretty small /usr/local:
| Code Blockpanel |
|---|
|
* tcsh# mkdir \ -p /data/dspace/tc-webinf/work/upload-dir *
*
tcsh#
mkdir \ -p /data/dspace/tc-webinf/work/cache-dir *
*
tcsh#
chown \ -R www:www /data/dspace/tc-webinf *
*tcsh# grep dspace /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties *
org.apache.cocoon.uploads.directory=/data/dspace/tc-webinf/work/upload-dir
org.apache.cocoon.cache.directory=/data/dspace/tc-webinf/work/cache-dir
org.apache.cocoon.work.directory=/data/dspace/tc-webinf/work/
|
Don't forget thisone if You upgraded Your dspace - cocoon may fill /usr/local.
If needed, configure OAI also: /data/dspace/config/oaicat.properties:
| Code Blockpanel |
|---|
|
/*/
Crosswalks.mods=org.dspace.app.oai.PluginCrosswalk
Crosswalks.mets=org.dspace.app.oai.PluginCrosswalk
Crosswalks.qdc=org.dspace.app.oai.PluginCrosswalk
|
Set up crontabs. PATH is required.
...
Now install certificates required to use LDAPS. Make sure that You have JAVA_HOME set:
| Code Blockpanel |
|---|
|
* tcsh# set JAVA_HOME=/usr/local/openjdk6 *
*
tcsh#
echo $JAVA_HOME *
/usr/local/openjdk6
*
tcsh#
keytool \ -import \ -file /tmp/myldap-clients.example.com.crt \ -alias myldap.example.com \ -keystore $JAVA_HOME/jre/lib/security/cacerts *
Enter
keystore password: 'changeit' <\- by default without <- by default without '-es \!
/*/
Trust
this certificate? \ [no \]: *yes*
Certificate was added to keystore
*tcsh# keytool \-list \-keystore yes
Certificate was added to keystore
tcsh# keytool -list -keystore $JAVA_HOME/jre/lib/security/cacerts *
*
tcsh#
rm \ -f /tmp/ olpmyldap- wild-clients.example.com.crt *
|
5 Handle
If You are using "handle" also, then:
| Panel |
|---|
tcsh# /data/dspace/bin/dspace make-handle-config /data/dspace/handle-server |
Create /usr/local/etc/rc.d/handle with following content. This script runs handle service as "www" user.
| Panel |
|---|
#!/bin/sh
#
# PROVIDE: handle
# REQUIRE: NETWORKING tomcat7
# KEYWORD: shutdown
#
# handle_server_enable="YES"
# . /etc/rc.subr name="handle_server"
start_cmd="${name}_start"
stop_cmd="${name}_stop"
rcvar=`set_rcvar` command="/data/dspace/bin/start-handle-server"| Wiki Markup |
|---|
handle_server_start()
{
if \[ \-x $\{command\} \]; then
{
if [ -x ${command} ]; then
pid="`ps \ -axuwww \ | grep \ -v grep \ | grep handle-server \ | nawk '\{ print $2 \ }'`"
if \[ "$\{pid\}"X = "X" \]; then
su - www \-c $\{command\}
else
echo "Handle server is already running."
fi
fi
}
handle_server_stop()
{
pid="`ps \-axuwww \| grep \-v grep \| grep handle-server \| nawk '\{ print $2 \}'`"
if \[ "$\{pid\}"X \!= "X" \]; then
pid_owner="`ps \-axu \|grep \-v grep \| grep \-w $pid \|nawk '\{ print $1 \}'`"
if \[ "$\{pid_owner\}" = "www" \]; then
kill \-15 $\{pid\}
sleep 1
fi
else
echo "Handle server is not running?"
fi
}
\# set "
if [ "${pid}"X = "X" ]; then
su - www -c ${command}
else
echo "Handle server is already running."
fi
fi
}
handle_server_stop()
{
pid="`ps -axuwww | grep -v grep | grep handle-server | nawk '{ print $2 }'`"
if [ "${pid}"X != "X" ]; then
pid_owner="`ps -axu |grep -v grep | grep -w $pid |nawk '{ print $1 }'`"
if [ "${pid_owner}" = "www" ]; then
kill -15 ${pid}
sleep 1
fi
else
echo "Handle server is not running?"
fi
}
# set defaults handle_server_enable=${handle_server_enable:-"NO"}
load_rc_config "${name}" run_rc_command "$1" |
6 Clean up and daemons startup
| Code Blockpanel |
|---|
|
* tcsh# cd /data/dspace-1.8.1-src-release *
*
tcsh#
mvn clean *
*
tcsh#
rm \ -r /root/.m2 *
|
Enable all required services at startup - /etc/rc.conf. Once again pay attention to UTF and make sure that "-Xmx" and "-Xms" are at least 512M and both do have same values!
| Code Blockpanel |
|---|
|
apache22_enable="YES"
tomcat7_enable="YES"
tomcat7_java_opts="-Xmx512M
\ -Xms512M \ -XX:MaxPermSize=128M \ -Dfile.encoding=UTF-8"
tomcat7_catalina_log=">>
/var/log/apache2/catalina-`date \ +%Y-%m-%d`.log 2>&1"
tomcat7_catalina_tmpdir="/tmp"
handle_server_enable="YES"
postgresql_enable="YES"
postgresql_data="/data/pgsql"
|
| Code Blockpanel |
|---|
|
* tcsh# sync; sync; reboot *
|
7 Final notes
- If You should later on upgrade "openjdk", then You need to import LDAP certificate again - you'll lose it!
- If You should upgrade mod_jk port, then dont forget to uncomment "#LoadModule jk_module.... " line!
- After dspace upgrade dont forget cocoon: /data/dspace/webapps/xmlui/WEB-INF/cocoon/properties/core.properties
- Implement backups and monitoring!
- Implement firewall. If using pf:
...