Info |
---|
title | Editor's "To Do" list |
---|
|
- consolidate software checklist
- create and edit sub pages
- verify installation steps
- work on XACML Policy section
- make separate page? (expect Islandora to be installed)
- work on order of operations
|
On This Page
...
Pre-installation Software Checklist
Fedora requires must have the following to be set-up and running prior to beginning your installation:
...
- $FEDORA_HOME/tomcat/logs/catalina.out should contain no errors.
- View your Fedora instance through a web browser:
Setting XACML Policies
...
Install required polices, remove some restrictive policies.
- First stop your Fedora instance by running:$FEDORA_HOME/tomcat/bin/shutdown.sh
Remove they deny-purge policies:
Code Block |
---|
language | bash |
---|
title | Command Line to remove "deny-purge" policies |
---|
|
$ rm -v /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-purge-* |
Create a folder for islandora specific policiesNavigate to the Fedora "repository-policies" directory:
Code Block |
---|
language | bash |
---|
title | Command Line to create islandora specific policies |
---|
|
$ mkdircd /usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora |
Download / Clone the Islandora specific XACML policies from the Islandora GitHub XACML Policies repoThen copy all the policies included with islandora into the newly created "islandora" folder located here "/usr/local/fedora/data/fedora-xacml-policies/repository-policies/":
Code Block |
---|
|
$ cpgit -vclone https:/var/www/islandora/sites/all/modules/islandora/policies/* github.com/Islandora/islandora-xacml-policies.git islandora |
The Islandora XACML policies should now be located in "/usr/local/fedora/data/fedora-xacml-policies/repository-policies
...
title | Islandora Install Location |
---|
...
/islandora"
...
These policies will be located in the policies folder of the islandora module. There should be at least these 4 policies:
- permit-apim-to-authenticated-user.xml
- permit-getDatastream-unrestricted.xml
- permit-getDatastreamHistory-unrestricted.xml
- permit-upload-to-authenticated-user.xml
...
Code Block |
---|
|
/usr/local/fedora/data/fedora-xacml-policies/repository-policies/
├── default
│ ├── deny-apim-if-not-localhost.xml
│ ├── deny-inactive-or-deleted-objects-or-datastreams-if-not-administrator.xml
│ ├── deny-policy-management-if-not-administrator.xml
│ ├── deny-reloadPolicies-if-not-localhost.xml
│ ├── deny-unallowed-file-resolution.xml
│ ├── permit-anything-to-administrator.xml
│ ├── permit-apia-unrestricted.xml
│ ├── permit-dsstate-check-unrestricted.xml
│ ├── permit-oai-unrestricted.xml
│ ├── permit-serverStatus-unrestricted.xml
│ └── readme.txt
└── islandora
├── permit-apim-to-authenticated-user.xml
├── permit-getDatastreamHistory-unrestricted.xml
├── permit-getDatastream-unrestricted.xml
└── permit-upload-to-authenticated-user.xml
|
11. Navigate to $FEDORA
Adjusting access for more than "localhost"
Install required polices, remove some restrictive policies.
- Open the $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml
...
- in your favorite editor
Locate the text:
Code Block |
---|
|
<AttributeValue DataType="<a href=" |
...
http://www.w3.org/2001/XMLSchema#string" |
...
>http://www.w3.org/2001/XMLSchema#string</a>">127.0.0. |
...
Duplicate this line for every IP address you wish to access Fedora from (i.e. your Islandora Drupal server, your desktop computer, etc).
For example
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">127.0.0.1</AttributeValue>
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">192.168.56.1</AttributeValue> |
...
Note |
---|
The Fedora default XACML policies can be restored to their default state at any time by simply removing the 'default' directory, and stopping/starting Fedora. Always backup your polices first before doing this! |
...
Start up Fedora by using the startup command from step 8:
Code Block |
---|
$FEDORA_HOME/tomcat/bin/startup.sh |
...
- Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.
14. For information on using Fedora, make use of the tutorials at the Fedora Commons site.