Fedora, along with Drupal, is one of the core technologies behind Islandora. This chapter will cover the basic steps for installing Fedora - for more information, please see the FedoraCommons documentation.
Fedora is available under the terms of the Apache License and has a very active open source community producing additional tools, applications and utilities. Islandora currently uses Fedora version 3.5.
Fedora requires the following to be set-up and running prior to beginning your installation:
1. Download the latest release of Fedora from Fedora Commons (3.5 is the latest tested for use with Islandora).
2. Read through the online guide to ensure the pre-installation system pre-requisites are met.
3. Prepare your local environment variables by modifying the .bash_profile or .profile file in the home directory of the fedora user. Fedora will need to be given variables to find the main fedora directory, the main tomcat directory, and the location of your Java installation (JDK 6).
The following example assumes Java is installed in /opt/java and Fedora is installed in /usr/local/fedora:
PATH=/opt/java/bin:$PATH:$HOME/bin export FEDORA_HOME=/usr/local/fedora export CATALINA_HOME=/usr/local/fedora/tomcat export JAVA_OPTS="-Xms1024m -Xmx1024m -XX:MaxPermSize=128m -Djavax.net.ssl.trustStore=/usr/local/fedora/server/truststore -Djavax.net.ssl.trustStorePassword=tomcat" export JAVA_HOME=/opt/java |
4. Before beginning your Fedora installation, create a database for Fedora to use. This is not the same database that you used for your Drupal installation.
5. To start the installer, navigate to the directory where the install file (fcrepo-installer-3.5.jar) was downloaded and run the following command:
java -jar fcrepo-installer-3.5.jar |
6. Select the CUSTOM INSTALL.
It is important to select the Custom Install as it will enable the resource index by default, which is the backbone of Islandora's collection views and other functionality. |
7. The Fedora installer script will ask you a series of questions:
(Source: Installation and Configuration Guide - Fedora 3.5 Documentation) Servlet Container The installer will automatically configure and deploy to Tomcat 6.0.x and 7.0.x servlet containers. However, if an existing Tomcat installation (as opposed to the Tomcat bundled with the installer) was selected, the installer will not overwrite your existing Other servlet containers will require manual deployment of the war files located at Application Server Context The installer provides the option to enter an application server context name under which Fedora will be deployed. The context name defaults to Fedora (resulting in http[s]://host:port/fedora), however any other valid context name can be supplied. The installer will name the resulting war file according to the supplied context name (defaults to SSL Configuring SSL support for Fedora's API-M interface is an optional feature. It strongly recommended for production environments if Fedora is exposed to unsecured application and users. However, if your installation is within a managed data center with firewall services, you may choose to provide SSL using a software or hardware front-end instead. For example, a reverse proxy implemented using the Apache HTTP Server and hiding Fedora generally provides better SSL performance. If the Tomcat servlet container is selected, the installer will configure Please consult your servlet container's documentation for certificate generation and installation. (In particular, the example certificate provided by the installer for Tomcat should not be used in a production environment). If Fedora is configured to use SSL, the
FeSL The Fedora Security Layer is an experimental feature introduced from Fedora 3.3. FeSL consists of two separate components, which can be selected independently during the installation: FeSL Authentication and FeSL Authorisation. FeSL Authentication is now the default authentication mechanism, however Fesl Authorization is still considered experimental. FeSL Authorization is a replacement for the legacy XACML policy enforcement, so you should not enable XACML policy enforcement if you are going to use FeSL Authorization, as this will provide an alternative XACML policy enforcement engine. See FeSL Installation for more information about FeSL requirements that must be satisfied prior to installation. Resource Index If the Resource Index is enabled, Fedora will use Mulgara as its underlying triplestore, with full-text indexing disabled. Messaging |
Once the script has collected your answers and configured Fedora on your system, the values are written to the install.properties file located in $FEDORA_HOME/install.
An output of a sample install.properties file is included here to guide you through the installation. To use this file, copy the full contents of the textbox below into a text editor, and where applicable change the database name, database user, database password and database port number, and server host to match your database configuration (these items are noted in square brackets), and save the edited file as install.properties to the same directory where the fcrepo jar is stored. Fedora can now be installed by entering
java -jar fcrepo-installer-3.5.jar install.properties |
An example of an install.properties file (specific to an OSX environment):
Installation type - custom home directory - /usr/local/fedora Password - [fedora_password] server host - localhost [could be a domain name etc depending on your environment] app server context - default API-A - default false ssl avail - true ssl required for api-a - default false ssl required for api-m - false servlet included - default included tomcat home -default tomcat http port - 8080 default tomcat shutdown - 8005 default tomcat ssl - 8443 default keystore file - included databse - mysql mysql driver - default database username - [fedora_database_user] database password - [password] jdbc url - default jdbc class- default Enable FESL authn - true Enable FESL authz - false policy enforcement - true low level storage - default akubra-fs resource index - true messaging - true messaging provider - default deploy local services - true |
8. Once the installation script has completed and Fedora is installed, you should start your Fedora instance by running:
$FEDORA_HOME/tomcat/bin/startup.sh |
9. To verify that Fedora has successfully started:
a. $FEDORA_HOME/tomcat/logs/catalina.out should contain no errors.
b. View your Fedora instance through a web browser: http://localhost:8080/fedora/ or http://[yourdomain]:8443/fedora
10. Install required polices, remove some restrictive policies.
First stop your Fedora instance by running:$FEDORA_HOME/tomcat/bin/shutdown.sh
Remove they deny-purge policies.
rm /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-purge-*
Create a folder for islandora specific policies.
cd /usr/local/fedora/data/fedora-xacml-policies/repository-policies/
mkdir islandora
Then copy all the policies included with islandora into the newly created "islandora" folder located here "/usr/local/fedora/data/fedora-xacml-policies/repository-policies/".
These policies will be located in the policies folder of the islandora module. There should be at least these 4 policies:
permit-apim-to-authenticated-user.xml
permit-getDatastream-unrestricted.xml
permit-getDatastreamHistory-unrestricted.xml
permit-upload-to-authenticated-user.xml
11. Navigate to $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml
Go to where you see <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">127.0.0.1</AttributeValue>
insert additional entries below for IPs that need to access fedora admin example your own machine or other admins. Also might want to add the systems actual IP Example:
<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">192.168.56.1</AttributeValue> |
12. Restart Fedora by using the startup command from step 8:
$FEDORA_HOME/tomcat/bin/startup.sh |
13. Access the Fedora Web Administrator: http://localhost:8080/fedora/admin and ensure you can ingest and purge objects.
14. For information on using Fedora, make use of the tutorials at the Fedora Commons site.
There are two global policies that block/override purge rights. This behaviour is correct as it assumes that items will be set to a status of "deleted" rather than being purged directly. By default it assumes that if an object or Datastream is set to active or inactive, then only the "administrator" role can purge. To resolve this, you can simply remove these policies in $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/:
|