Fedora, along with Drupal, MySQL, Solr and GSearch, is one of the core technologies behind Islandora. This chapter will cover the basic steps for installing Fedora - for more information, please see the FedoraCommons documentation.
Fedora is available under the terms of the Apache License and has a very active open source community producing additional tools, applications and utilities. Islandora currently uses Fedora version 3.8.1
NOTE: The recommendation is that for new installations you use Fedora 3.8.1 |
Fedora must have the following to be set-up and running prior to beginning your installation:
Prepare your local environment variables by modifying the /etc/profile.d/fedora-profile.sh of the system as the superuser performing the fedora installation ; instead of modifying the /etc/profile.d/fedora-profile.sh, you may create a file with the environment variables, and source it each time you open a new superuser shell to do the installation.
Fedora will need to be given variables to find the main fedora directory, the main tomcat directory, and the location of your Java installation (JDK 8). An example set of [Unix/Linux] environment variables are given here.
The following example assumes Java is installed in /usr/lib/jvm/java-8-oracle and Fedora is installed in /usr/local/fedora.
The above Fedora installer will bundle the Tomcat server in the default location (/usr/local/fedora/tomcat). That should be fine for a production environment. If you wish to install Tomcat on a different location you need to be familiar with that process, since we do not provide specific instructions for that. |
PATH=/opt/java/bin:$PATH:$HOME/bin export FEDORA_HOME=/usr/local/fedora export CATALINA_HOME=/usr/local/fedora/tomcat LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$CATALINA_HOME/lib export LD_LIBRARY_PATH export JAVA_OPTS="-Xms1024m -Xmx1024m -Djavax.net.ssl.trustStore=/usr/local/fedora/server/truststore -Djavax.net.ssl.trustStorePassword=tomcat" export JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64 export JRE_HOME=/usr/lib/jvm/java-8-openjdk-amd64/jre export J2SDKDIR=/usr/lib/jvm/java-8-openjdk-amd64 export J2REDIR=/usr/lib/jvm/java-8-openjdk-amd64/jre export KAKADU_LIBRARY_PATH=/usr/local/djatoka/lib/Linux-x86-64 |
Run the following command:
$ java -jar ./fcrepo-installer-3.8.1.jar |
Select the CUSTOM INSTALL.
It is important to select the Custom Install as it will enable the resource index by default, which is the backbone of Islandora's collection views and other functionality. |
The Fedora installer will prompt you for responses to a series of questions. Answer these questions according to the following example:
Installation type - custom home directory - /usr/local/fedora (default) Password - [fedora_password] server host - localhost (default) [could be a domain name etc depending on your environment] app server context - (default) API-A - false (default) ssl avail - true ssl required for api-a - false (default) ssl required for api-m - false servlet included - included (default) tomcat home -(default) tomcat http port - 8080 (default) tomcat shutdown - 8005 (default) tomcat ssl - 8443 (default) keystore file - included databse - mysql MySQL JDBC driver - (default) database username - fedoraAdmin database password - [password] jdbc url - (default) JDBC DriverClass - (default) Use upstream HTTP authentication - false Enable FESL authz - false policy enforcement - true low level storage - akubra-fs (default) Enable Resource Index - true Enable Messaging - true Messaging Provider URI - (default) deploy local services - true |
(Source: Installation and Configuration Guide - Fedora 3.8 Documentation) Servlet Container The installer will automatically configure and deploy to Tomcat 6.0.x and 7.0.x servlet containers. However, if an existing Tomcat installation (as opposed to the Tomcat bundled with the installer) was selected, the installer will not overwrite your existing Other servlet containers will require manual deployment of the war files located at Application Server Context The installer provides the option to enter an application server context name under which Fedora will be deployed. The context name defaults to Fedora (resulting in http[s]://host:port/fedora), however any other valid context name can be supplied. The installer will name the resulting war file according to the supplied context name (defaults to SSL Configuring SSL support for Fedora's API-M interface is an optional feature. It strongly recommended for production environments if Fedora is exposed to unsecured application and users. However, if your installation is within a managed data center with firewall services, you may choose to provide SSL using a software or hardware front-end instead. For example, a reverse proxy implemented using the Apache HTTP Server and hiding Fedora generally provides better SSL performance. If the Tomcat servlet container is selected, the installer will configure Please consult your servlet container's documentation for certificate generation and installation. (In particular, the example certificate provided by the installer for Tomcat should not be used in a production environment). If Fedora is configured to use SSL, the
FeSL The Fedora Security Layer is an experimental feature introduced from Fedora 3.3. FeSL consists of two separate components, which can be selected independently during the installation: FeSL Authentication and FeSL Authorisation. FeSL Authentication is now the default authentication mechanism, however Fesl Authorization is still considered experimental. FeSL Authorization is a replacement for the legacy XACML policy enforcement, so you should not enable XACML policy enforcement if you are going to use FeSL Authorization, as this will provide an alternative XACML policy enforcement engine. See FeSL Installation for more information about FeSL requirements that must be satisfied prior to installation. Resource Index If the Resource Index is enabled, Fedora will use Mulgara as its underlying triplestore, with full-text indexing disabled. Messaging |
Once the script has collected your answers and configured Fedora on your system, the values are written to the "install.properties" file and will have a final location in $FEDORA_HOME/install.
To create this file:
Install Fedora by entering:
java -jar fcrepo-installer-[version number].jar install.properties [note: 'version number' will vary depending on the version you've downloaded] |
Once the installation script has completed and Fedora is installed, you need to: start your Fedora instance by running:
# $FEDORA_HOME/tomcat/bin/startup.sh Using CATALINA_BASE: /usr/local/fedora/tomcat Using CATALINA_HOME: /usr/local/fedora/tomcat Using CATALINA_TMPDIR: /usr/local/fedora/tomcat/temp Using JRE_HOME: /usr Using CLASSPATH: /usr/local/fedora/tomcat/bin/bootstrap.jar |
To verify that Fedora has successfully started:
http://localhost:8080/fedora/
or
https://[yourdomain]:8443/fedora
3. You should see something like this:
Repository Information View
Repository Name: | Fedora Repository |
---|---|
Base URL: | http://localhost:8080/fedora |
Version: | 3.8.1 |
PID Namespace: | changeme |
PID Delimiter: | : |
Sample PID: | changeme:100 |
Retain PID Namespace: | * |
OAI Namespace: | example.org |
OAI Delimiter: | : |
Sample OAI Identifier: | oai:example.org:changeme:100 |
Sample Search URL: | http://localhost:8080/fedora/objects |
Sample Access URL: | http://localhost:8080/fedora/objects/demo:5 |
Sample OAI URL: | http://localhost:8080/fedora/oai?verb=Identify |
Admin Email: | bob@example.org |
Admin Email: | sally@example.org |
If you have problems accessing http://localhost:8080/fedora you may have to rebuild your database, in particular if you have dropped/recreated the fedora3 database a couple of times:
/usr/local/fedora/server/bin/fedora-rebuild.sh
Install required polices, remove some restrictive policies.
Remove the deny-purge policies:
$ rm -v /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-purge-* |
Navigate to the Fedora "repository-policies" directory:
$ cd /usr/local/fedora/data/fedora-xacml-policies/repository-policies/ |
Download / Clone the Islandora specific XACML policies from the Islandora GitHub XACML Policies repo
$ git clone https://github.com/Islandora/islandora-xacml-policies.git islandora |
Remove the anonymous-user policies:
$ rm -v /usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora/permit-apim-to-anonymous-user.xml $ rm -v /usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora/permit-upload-to-anonymous-user.xml |
The Islandora XACML policies should now be located in "/usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora". There should be remain only these 4 policies:
A standard installation's XACML policy directory structure should look like this:
/usr/local/fedora/data/fedora-xacml-policies/repository-policies/ ├── default │ ├── deny-apim-if-not-localhost.xml │ ├── deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml │ ├── deny-policy-management-if-not-administrator.xml │ ├── deny-reloadPolicies-if-not-localhost.xml │ ├── deny-unallowed-file-resolution.xml │ ├── permit-anything-to-administrator.xml │ ├── permit-apia-unrestricted.xml │ ├── permit-dsstate-check-unrestricted.xml │ ├── permit-oai-unrestricted.xml │ ├── permit-serverStatus-unrestricted.xml │ └── readme.txt └── islandora ├── permit-apim-to-authenticated-user.xml ├── permit-getDatastreamHistory-unrestricted.xml ├── permit-getDatastream-unrestricted.xml └── permit-upload-to-authenticated-user.xml |
Install required polices, remove some restrictive policies.
Locate the text:
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">127.0.0.1</AttributeValue> |
Duplicate this line for every IP address you wish to access Fedora from (i.e. your Islandora Drupal server, your desktop computer, etc).
For example
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">127.0.0.1</AttributeValue> <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">192.168.56.1</AttributeValue> |
The Fedora default XACML policies can be restored to their default state at any time by simply removing the 'default' directory, and stopping/starting Fedora. Always backup your polices first before doing this! |
Start up Fedora by using the startup command from step 8:
$FEDORA_HOME/tomcat/bin/startup.sh |
Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.
NOTE: If you can not access the above link for ingestion then something went wrong with your installation. Please retrace your steps carefully, and be sure not to miss anything. |
# $FEDORA_HOME/tomcat/bin/shutdown.sh # /etc/init.d/mysql stop # /usr/local # tar -cvzf fedora-milestone1.tar.gz fedora # cd /var/lib # tar -cvzf mysql-milestone1.tar.gz mysql # /etc/init.d/mysql start # $FEDORA_HOME/tomcat/bin/startup.sh |
sleep 10 # $FEDORA_HOME/tomcat/bin/startup.sh |
For information on using Fedora, make use of the tutorials at the Fedora Commons site.