Fedora, along with Drupal, is one of the core technologies behind Islandora. This chapter will cover the basic steps for installing Fedora - for more information, please see the FedoraCommons documentation.
Fedora is available under the terms of the Apache License and has a very active open source community producing additional tools, applications and utilities. Islandora currently uses Fedora version 3.4.2.
Pre-installation software checklist
Fedora requires the following to be set-up and running prior to beginning your installation:
- Java SE Development Kit (JDK) 6
- A database: Installed for Drupal. Consult the Fedora installation guide for notes on running other databases.
- An application server: Fedora includes the Tomcat Application Server. Consult the Fedora installation guide for notes on running other application servers.
Installation Steps
1. Download the Fedora Repository software.
2. Read through the online guide to ensure the pre-installation system pre-requisites are met.
3. Prepare your local environment variables by modifying the .bash_profile or .profile file in the home directory of the fedora user.
Fedora will need to be given variables to find the main fedora directory, the main tomcat directory, and the location of your Java installation (JDK 6).
The following example assumes Java is installed in /opt/java and Fedora is installed in /usr/local/fedora:
PATH=/opt/java/bin:$PATH:$HOME/bin
export FEDORA_HOME=/usr/local/fedora
export CATALINA_HOME=/usr/local/fedora/tomcat
export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=128m -Djavax.net.ssl.trustStore=/usr/local/fedora/server/truststore
-Djavax.net.ssl.trustStorePassword=tomcat"
export JAVA_HOME=/opt/java
4. Before beginning your Fedora installation, create a database for Fedora to use (In the install.properties file example that follows the database is called fedora3. This is referenced as part of the value string for database.jdbcURL). This is not the same database that you used for your Drupal installation.
5. To start the installer, navigate to the directory where the install file (fcrepo-installer-3.4.2.jar) was downloaded and run the following command:
java -jar fcrepo-installer-3.4.2.jar
6. Select the CUSTOM INSTALL.
7. The Fedora installer script will ask you a series of questions (Source: Installation and Configuration Guide - Fedora 3.4 Documentation):
Servlet Container
The installer will automatically configure and deploy to Tomcat 5.0.x, 5.5.x, and 6.0.x servlet containers. However, if an existing Tomcat installation (as opposed to the Tomcat bundled with the installer) was selected, the installer will not overwrite your existing server.xml, but rather, place a modified copy at FEDORA_HOME/install so that you may review it before before installing it yourself.
Other servlet containers will require manual deployment of the war files located at FEDORA_HOME/install.
Application Server Context
The installer provides the option to enter an application server context name under which Fedora will be deployed. The context name defaults to Fedora (resulting in http[s]://host:port/fedora), however any other valid context name can be supplied. The installer will name the resulting war file according to the supplied context name (defaults to fedora.war). Please ensure that the servlet container configuration reflects the name of the Fedora context name in case it needs to be configured explicitly. For further details see Alternative Webapp Context Configuration.
SSL
Configuring SSL support for Fedora's API-M interface is an optional feature. It strongly recommended for production environments if Fedora is exposed to unsecured applications and users. However, if your installation is within a managed data center with firewall services, you may choose to provide SSL using a software or hardware front-end instead. For example, a reverse proxy implemented using the Apache HTTP Server and hiding Fedora generally provides better SSL performance.
If the Tomcat servlet container is selected, the installer will configure server.xml for you. However, as noted above, if an existing Tomcat installation was selected, the installer will not overwrite your existing server.xml.
Please consult your servlet container's documentation for certificate generation and installation. (In particular, the example certificate provided by the installer for Tomcat should not be used in a production environment).
If Fedora is configured to use SSL, the JAVA_OPTS environment variable must include the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword properties. The value of javax.net.ssl.trustStore should be the location of the truststore file and the value of javax.net.ssl.trustStorePassword is the password for the keystore. The following values may be used with the sample keystore included with the installer:
-Djavax.net.ssl.trustStore=$FEDORA_HOME/server/truststore -Djavax.net.ssl.trustStorePassword=tomcat
FeSL
The Fedora Security Layer is an experimental feature introduced from Fedora 3.3. FeSL Authentication is now the default authentication mechanism, however Fesl Authorization is still considered experimental. Enabling FeSL Authorization will disable the legacy policy enforcement. See FeSL Installation for more information about FeSL requirements that must be satisfied prior to installation.
Resource Index
If the Resource Index is enabled, Fedora will use Mulgara as its underlying triplestore, with full-text indexing disabled.
Messaging
If Messaging is enabled, Fedora will create and send a message via JMS whenever an API-M method is called.
Once the script has collected your answers and configured Fedora on your system, the values are written to the install.properties file located in $FEDORA_HOME/install.
An output of a sample install.properties file is included here to guide you through the installation. To use this file, copy the full contents of the textbox below into a text editor, change the database name, database user, database password and database port number to match your database configuration, and save the edited file as install.properties to the same directory where the fcrepo jar is stored. Fedora can now be installed by entering sudo java -jar fcrepo-installer-3.4.2.jar install.properties
An example of an install.properties file (specific to an OSX environment):
#Install Options
#Wed Mar02 15:58:59 AST2011
keystore.file=included
ri.enabled=true
messaging.enabled=true
apia.auth.required=false
database.jdbcDriverClass=com.mysql.jdbc.Driver
tomcat.ssl.port=8443
ssl.available=true
database.jdbcURL=jdbc:mysql://localhost:8889/fedora_database_name?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true
messaging.uri=vm:(broker:(tcp://localhost:61616))
database.password=fedora_db_password
database.mysql.driver=included
database.username=fedora_db_user
fesl.authz.enabled=false
tomcat.shutdown.port=8005
deploy.local.services=true
xacml.enabled=true
database.mysql.jdbcDriverClass=com.mysql.jdbc.Driver
tomcat.http.port=8080
fedora.serverHost=localhost
database=mysql
database.driver=included
fedora.serverContext=fedora
llstore.type=akubra-fs
tomcat.home=/usr/local/fedora/tomcat
fesl.authn.enabled=false
database.mysql.jdbcURL=jdbc:mysql://localhost:8889/fedora_database_name?useUnicode\=true&characterEncoding\=UTF-8&autoReconnect\=true
fedora.home=/usr/local/fedora
install.type=custom
servlet.engine=included
apim.ssl.required=false
fedora.admin.pass=fedoraAdmin
apia.ssl.required=false
8. Once the installation script has completed and Fedora is installed, you should start your Fedora instance by running:
$FEDORA_HOME/tomcat/bin/startup.sh
9. To verify that Fedora has successfully started:
a. $FEDORA_HOME/tomcat/logs/catalina.out should contain no errors.
b. View your Fedora instance through a web browser: http://localhost:8080/fedora/
10. Stop your Fedora instance by running:$FEDORA_HOME/tomcat/bin/shutdown.sh
11. Navigate to $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default and create a file with the following xml -
<?xml version="1.0" encoding="UTF-8"?>
<Policy xmlns="urn:oasis:names:tc:xacml:1.0:policy"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
PolicyId="permit-apim-to-authenticated"
RuleCombiningAlgId="urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable">
<Description>note that other policies may provide exceptions to this broad policy. This policy assumes api-m users have to be authenticated</Description>
<Target>
<Subjects>
<AnySubject/>
</Subjects>
<Resources>
<AnyResource/>
</Resources>
<Actions>
<Action>
<ActionMatch MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">urn:fedora:names:fedora:2.1:action:api-m</AttributeValue>
<ActionAttributeDesignator DataType="http://www.w3.org/2001/XMLSchema#string"
AttributeId="urn:fedora:names:fedora:2.1:action:api"/>
</ActionMatch>
</Action>
</Actions>
</Target>
<Rule RuleId="1" Effect="Permit"/>
</Policy>
Save as permit-apim-to-authenticated.xml.
11. Restart Fedora by using the startup command from step 8:
$FEDORA_HOME/tomcat/bin/startup.sh
12. Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.
13. For information on using Fedora, make use of the tutorials at the Fedora Commons site.
5 Comments
Zachary Howarth
Some notes:
David Wilcox
Thanks for the notes, Zach:
1. I'll add some clarification of this point to the instructions
2. So should the user start Fedora after installing it using the install.properties file, then create permit-apim-to-authenticated.xml and restart Fedora?
3. After deleting the denial policy did you still have to add permit-apim-to-authenticated.xml ?
Zachary Howarth
2. I'm pretty sure the best instructions are to:
3. First I tried just adding the permit policy as stated. No go. Then I deleted the denial policy and was successful. So I can't confidently answer that question just yet, but maybe if I get a chance I can try deleting the permit-apim policy and see if I can still access.
Jonathan Green
It might be worth noting here that the resource index has to be enabled to use Islandora and that messaging has to be enabled to use gsearch/microservices.
Unknown User (daniel-dgi)
Was running through this installation and only hiccup I had was mentioned by Zachary. The example install.properties file is geared towards OSX and uses port 8889 for mysql. If you're on Linux, the port is most likely 3306. You can verify your mysql port by looking in /etc/mysql/my.cnf.