Note |
---|
This documentation is for Release 7.0 and above. For documentation on previous releases, please select from the options below.
|
These instructions provide a recipe for building your own all-in-one Avalon system from scratch on CentOS or Red Hat Enterprise Linux version 7.x. Please note that while an all-in-one installation as outlined here is certainly suitable for testing and demos, a single, all-in-one, server may not be suitable for production environments.
Table of Contents | ||
---|---|---|
|
Ready the Installation Environment
Info |
---|
The instructions below require being run as root unless specifically noted otherwise. |
Storage requirement
Avalon and components need about 20GB of disk space to install.
Open ports requirement
The Avalon Media System requires several ports to be open to client browsers.
Here are the port settings that will need to be configured:
...
The preferred method is to create a shell script that will do the work for you. Here is an example script that you should look through and customize as needed: avalon-iptables-config.sh
Warning |
---|
If you're connected over ssh, it might kick you off. |
Save your script to /etc/sysconfig/avalon-iptables-config.sh, make it executable and run it.
Code Block |
---|
chmod +x /etc/sysconfig/avalon-iptables-config.sh
/etc/sysconfig/avalon-iptables-config.sh |
If you run into connection issues you can disable the iptables, by running "service iptables stop". This will completely drop your firewall. When finished troubleshooting run "service iptables start".
Disable SELinux
Code Block |
---|
vim /etc/selinux/config #change the value of `SELINUX` from `enforcing` to `permissive` |
You may have to disable SELinux completely if there's Passenger installation problem
Info |
---|
vim /etc/selinux/config #change the value of `SELINUX` to `disabled` |
Reboot to apply change
Code Block |
---|
shutdown -r now |
Install EPEL
This package has libyaml-devel which is required by ruby and not provided by Redhat.
Code Block |
---|
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm |
Install development libraries and packages for building Ruby
Code Block |
---|
yum groupinstall "Development Tools"
yum install readline-devel zlib-devel libyaml-devel libffi-devel openssl-devel libxml2-devel libxslt-devel cmake |
Install Java 8
Code Block |
---|
yum install java-1.8.0-openjdk |
Main Components
MariaDB
Info | ||
---|---|---|
| ||
MariaDB is now the default database system for CentOS/RHEL7 and can be used interchangeably with MySql. MySql or PostgreSQL can be substituted if desired. |
Avalon uses MariaDB for storing search queries, user data and roles, and as a back end our encoding dashboard.
Install MariaDB server
Code Block |
---|
yum install mariadb-server
systemctl start mariadb |
Fedora Commons Repository
Tomcat
Fedora runs as a webapp in Tomcat
Install Apache Tomcat
Code Block | ||
---|---|---|
| ||
yum install tomcat
vim /etc/tomcat/server.xml #line 71, change the Tomcat connector port from 8080 to 8984
|
Add Tomcat manager user
By default, no user has access to the Tomcat Manager App. Define a user in /etc/tomcat/tomcat-users.xml
with access to the manager-gui role. Below is a very basic example.
Code Block |
---|
<tomcat-users>
<role rolename="manager-gui"/>
<user username="admin" password="<insert strong password here>" roles="manager-gui"/>
</tomcat-users> |
Create Fedora user and database
Enter the mariadb client
...
These instructions provide a recipe for building your own all-in-one Avalon system from scratch on CentOS or Red Hat Enterprise Linux version 7.x. Please note that while an all-in-one, single machine installation as outlined here is certainly suitable for testing and demos, production environments are typically implemented across multiple servers running the main components of the application.
Table of Contents | ||
---|---|---|
|
Ready the Installation Environment
Info |
---|
The instructions below require being run as root unless specifically noted otherwise. |
Storage requirement
Avalon and components need about 20GB of disk space to install.
Open ports requirement
The Avalon Media System requires several ports to be open to client browsers.
Here are the port settings that will need to be configured:
Port | Purpose | External? |
---|---|---|
80 | HTTP (Avalon) | Yes |
8983 | HTTP (Solr) | No |
8984 | HTTP (Fedora) | No |
8980 | HTTP (Nginx) | Yes |
The preferred method is to create a shell script that will do the work for you. Here is an example script that you should look through and customize as needed: avalon-iptables-config.sh
Warning |
---|
If you're connected over ssh, it might kick you off. |
Save your script to /etc/sysconfig/avalon-iptables-config.sh, make it executable and run it.
Code Block |
---|
chmod +x /etc/sysconfig/avalon-iptables-config.sh
/etc/sysconfig/avalon-iptables-config.sh |
If you run into connection issues you can disable the iptables, by running "service iptables stop". This will completely drop your firewall. When finished troubleshooting run "service iptables start".
Disable SELinux
Code Block |
---|
vim /etc/selinux/config #change the value of `SELINUX` from `enforcing` to `permissive` |
You may have to disable SELinux completely if there's Passenger installation problem
Info |
---|
vim /etc/selinux/config #change the value of `SELINUX` to `disabled` |
Reboot to apply change
Code Block |
---|
shutdown -r now |
Install EPEL
This package has libyaml-devel which is required by ruby and not provided by Redhat.
Code Block |
---|
yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm |
Install development libraries and packages for building Ruby
Code Block |
---|
yum groupinstall "Development Tools"
yum install readline-devel zlib-devel libyaml-devel libffi-devel openssl-devel libxml2-devel libxslt-devel cmake |
Install Java 8
Code Block |
---|
yum install java-1.8.0-openjdk |
Main Components
MariaDB
Info | ||
---|---|---|
| ||
MariaDB is now the default database system for CentOS/RHEL7 and can be used interchangeably with MySql. MySql or PostgreSQL can be substituted if desired. |
Avalon uses MariaDB for storing search queries, user data and roles, and as a back end our encoding dashboard.
Install MariaDB server
Code Block |
---|
yum install mariadb-server
systemctl start mariadb |
Fedora Commons Repository
Tomcat
Fedora runs as a webapp in Tomcat
Install Apache Tomcat
Code Block | ||
---|---|---|
| ||
yum install tomcat
vim /etc/tomcat/server.xml #line 71, change the Tomcat connector port from 8080 to 8984
|
Add Tomcat manager user
By default, no user has access to the Tomcat Manager App. Define a user in /etc/tomcat/tomcat-users.xml
with access to the manager-gui role. Below is a very basic example.
Code Block |
---|
<tomcat-users>
<role rolename="manager-gui"/>
<user username="admin" password="<insert strong password here>" roles="manager-gui"/>
</tomcat-users> |
Create Fedora user and database
Enter the mariadb client
Code Block |
---|
mysql mariadb> create database fcrepo CHARACTER SET utf8 COLLATE utf8_general_ci; mariadb> create user 'fcrepo'@'localhost' identified by '<fcrepo_password>'; mariadb> grant all privileges on fcrepo.* to 'fcrepo'@'localhost'; mariadb> create database rails CHARACTER SET utf8 COLLATE utf8_general_ci; mariadb> create user 'rails'@'localhost' identified by '<rails_pasword>'; mariadb> grant all privileges on rails.* to 'rails'@'localhost'; mariadb> flush privileges; |
Check your work and exit
...
Try it out on your local machine and on another machine. If you can't reach the app from another machine, your iptables1957955315 might need to be changed to allow access. If Fedora is not up, check the tomcat logs in /var/log/tomcat/. Catalina.out and localhost.<date>.log usually provide the best information.
...
Code Block |
---|
mkdir -p /tmp/avalon_solr/ wget https://raw.githubusercontent.com/avalonmediasystem/avalon/mastermain/solr/config/solrconfig.xml -O /tmp/avalon_solr/solrconfig.xml wget https://raw.githubusercontent.com/avalonmediasystem/avalon/mastermain/solr/config/schema.xml -O /tmp/avalon_solr/schema.xml su solr # Needs to run as solr user /opt/solr/bin/solr create_core -c avalon -d /tmp/avalon_solr exit |
...
Warning |
---|
If you enable SSL on Avalon server, you should also enable SSL on the streaming server to avoid Mixed content warning. |
FFmpeg & Mediainfo
Info | ||
---|---|---|
| ||
The following prebuilt binaries are provided by a third party. Proceed with caution. |
Download and install ffmpeg
...
(for transcoding & thumbnails)
Code Block |
---|
mkdir -p /tmp/ffmpeg && cd /tmp/ffmpeg curl https://johnvansickle.com/ffmpeg/releases/ffmpeg-release-amd64-static.tar.xz | tar xJ cp `find . -type f -executable` /usr/bin/ |
Install Mediainfo (for technical metadata)
Code Block |
---|
yum install mediainfo |
HTTPD
Install and start the httpd service.
...
Code Block |
---|
yum install ruby sqlite-devel # Needed to build Ruby using RVM. useradd avalon su - avalon curl -L https://get.rvm.io | bash -s stable --ruby=2.5.75 |
Source the RVM shell (as avalon user) or close the terminal and open it back up.
Code Block |
---|
source /home/avalon/.rvm/scripts/rvm rvm use 2.5.75 exit |
Install Passenger apache module requirements (as root)
Code Block |
---|
su - root yum install -y pygpgme curl yum install -y mod_passenger || yum-config-manager --enable cr && yum install -ycurl --fail -sSLo /etc/yum.repos.d/passenger.repo https://oss-binaries.phusionpassenger.com/yum/definitions/el-passenger.repo yum install mod_passenger || yum-config-manager --enable cr && yum install mod_passenger |
Create a virtual host for avalon
Code Block |
---|
wget --no-check-certificate https://raw.github.com/avalonmediasystem/config-files/mastermain/apache/20-avalon.conf -P /etc/httpd/conf.d/ vim /etc/httpd/conf.d/20-avalon.conf |
...
Code Block |
---|
SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:!RC4:+HIGH:+MEDIUM:-LOW |
Restart apache. With apache running, check passenger-status
...
Modify /etc/httpd/conf.d/passenger.conf
Code Block |
---|
PassengerRuby /home/avalon/.rvm/rubies/ruby-2.5.5/bin/ruby |
Validate passenger install and restart apache
Code Block |
---|
passenger-config validate-install systemctl start httpd su - avalon passenger-status |
Avalon
Grab Avalon code from github
Code Block |
---|
su - root git clone https://github.com/avalonmediasystem/avalon.git /var/www/avalon chown -R avalon:avalon /var/www/avalon/public/ |
...
Set rails environment to production, if it has not defaulted to this. On the first line of /var/www/avalon/config/environment.rb make sure it says 'production'
Code Block |
---|
ENV['RAILS_ENV'] ||= 'production' |
Configure database settings
Anchor | ||||
---|---|---|---|---|
|
Code Block |
---|
cd /var/www/avalon/config vim database.yml |
Replace database.yml with the correct values for your production environment
...
. Note that the pool setting should be equal or exceed the number of concurrent jobs in Sidekiq.
Code Block |
---|
production: adapter: mysql2 host: localhost database: rails username: rails password: rails pool: 520 timeout: 5000 |
Install the mysql2 adapter
...
Code Block |
---|
# as root
yum install nodejs # Javascript runtime
# as avalon
su - avalon
cd /var/www/avalon
gem install bundler
bundle install --with mysql production --without development test |
...
exit |
Finish configuring Avalon
Edit /var/www/avalon/config/solr.yml and /var/www/avalon/config/blacklight.yml
Code Block |
---|
# asproduction: root curl --silent --location httpsurl: http://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo yum install yarn # as avalon yarn install |
Finish configuring Avalon
...
localhost:8983/solr/avalon |
Edit /var/www/avalon/config/solrfedora.ymland /var/www/avalon/config/blacklight.yml
Code Block |
---|
production: url: http://localhost:8983/solr/avalon |
Edit /var/www/avalon/config/fedora.yml
Code Block |
---|
production: useruser: fedoraAdmin password: fedoraPasswordfedoraAdmin url: http://127.0.0.1:8984/fedora4/rest base_path: "" |
Create streaming directory
| ||
Code Block | ||
---|---|---|
# as root mkdir -p /var/www/avalon/config/settings avalon/derivatives
chown avalon:avalon /var/avalon/derivatives |
Info | ||
---|---|---|
| ||
Avalon settings now live in /var/www/avalon/config/settings.yml. The default values should be sufficient to start with. They can be selectively overwritten by creating a settings/<environment>.yml, or by using environment variables. Consult the config gem doc to understand how it works, or Avalon's documentation to customize this file for your installation. |
...
Code Block | ||
---|---|---|
| ||
streaming: server: :nginx http_base: 'http://localhost:8980/avalon' content_path: '/var/avalon/derivatives' |
Anchor | ||||
---|---|---|---|---|
|
Code Block |
---|
cd /var/www/avalon
export RAILS_ENV=production
rake secret |
grab the output of rake secret and add it to secrets.yml where instructedinstruSTDOUTSTDOUTSTDOUTcted.
More information: Configuration Files#config/secrets.yml
Create controlled_vocabulary.yml
Code Block |
---|
cp config/controlled_vocabulary.yml.example config/controlled_vocabulary.yml |
Create the database using rake
Code Block |
---|
# as avalon user
rake db:create |
If you get an error message saying that you can't connect to the database, take a look at this post and follow some of the troubleshooting steps.
...
Code Block |
---|
rake db:migrate |
Set rails environment to production, if it has not defaulted to this. On the first line of /var/www/avalon/config/environment.rb make sure it says 'production'
Code Block |
---|
ENV['RAILS_ENV'] ||= 'production' |
Sidekiq
Avalon uses Sidekiq for background processing, which relies on Redis as its key-value store.
Install Redis
Code Block |
---|
yum install redis |
Install Sidekiq
Code Block |
---|
# as root
wget https://raw.githubusercontent.com/mperham/sidekiq/master/examples/systemd/sidekiq.service -O /lib/systemd/system/sidekiq.service |
Edit the following lines in sidekiq.service
...
Install yarn and node modules
Code Block |
---|
# as root
curl --silent --location https://dl.yarnpkg.com/rpm/yarn.repo | sudo tee /etc/yum.repos.d/yarn.repo
yum install yarn
# as avalon
su - avalon
cd /var/www/avalon
yarn install |
Precompile assets
Code Block |
---|
# as avalon
RAILS_ENV=production bundle exec rake assets:precompile |
Restart Apache
Code Block |
---|
# as root systemctl startrestart sidekiq |
Sidekiq logs STDOUT.
Additional Configurations
...
httpd |
Install ImageMagick
Code Block |
---|
groupadd# -ras dropboxroot useraddyum -r avalondrop usermod -G dropbox avalon mkdir -p /srv/avalon/dropbox chown avalondrop:dropbox /srv/avalon/dropbox chmod 2775 /srv/avalon/dropbox |
Edit /etc/ssh/sshd_config
Code Block |
---|
# override default of no subsystems
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Match Group dropbox
ChrootDirectory /srv/avalon
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp |
Restart SSH
Code Block |
---|
service sshd restart |
Batch ingest
To manually start a batch ingest job, run as avalon user
Code Block |
---|
rake avalon:batch:ingest |
To make batch ingest run automatically whenever a manifest is present, you need to add a cron job. This cron job can be created by the whenever gem from reading config/schedule.rb
. To preview, run
Code Block |
---|
whenever |
this will translate content in schedule.rb
to cron job syntax. Once verified, run the following to write job to crontab
Code Block |
---|
whenever --update-crontab |
...
install imagemagick |
Sidekiq
Avalon uses Sidekiq for background processing, which relies on Redis as its key-value store.
Install Redis
Code Block |
---|
# as root
yum install redis
systemctl start redis |
Install Sidekiq
Code Block |
---|
# as root
wget https://raw.githubusercontent.com/mperham/sidekiq/main/examples/systemd/sidekiq.service -O /lib/systemd/system/sidekiq.service |
Edit the following lines in sidekiq.service
Code Block |
---|
WorkingDirectory=/var/www/avalon
ExecStart=/bin/bash -lc '/home/avalon/.rvm/gems/ruby-2.5.5/bin/bundle exec sidekiq -e production'
User=avalon
Group=avalon |
Code Block |
---|
# as root
systemctl start sidekiq |
Sidekiq logs to STDOUT.
Warning | ||
---|---|---|
| ||
When ingesting a media file, you may encounter an error message saying that file:///tmp/filename can’t be accessed or located. This may result from the protected temp file settings that are defaults in CentOS 7. Fix by changing “true” to “false” for PrivateTmp in these files in /usr/lib/systemd/system: sidekiq.service PrivateTmp=false |
Additional Configurations
Dropbox
Code Block |
---|
groupadd -r dropbox
useradd -r avalondrop
usermod -G dropbox avalon
mkdir -p /srv/avalon/dropbox
chown avalondrop:dropbox /srv/avalon/dropbox
chmod 2775 /srv/avalon/dropbox |
Edit /etc/ssh/sshd_config
Code Block |
---|
# override default of no subsystems
Subsystem sftp internal-sftp
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Match Group dropbox
ChrootDirectory /srv/avalon
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp |
Restart SSH
Code Block |
---|
service sshd restart |
Batch ingest
To manually start a batch ingest job, run as avalon user
Code Block |
---|
rake avalon:batch:ingest |
To make batch ingest run automatically whenever a manifest is present, you need to add a cron job. This cron job can be created by the whenever gem from reading config/schedule.rb
. To preview, run
Code Block |
---|
whenever |
this will translate content in schedule.rb
to cron job syntax. Once verified, run the following to write job to crontab
Code Block |
---|
whenever --update-crontab |
You should get the cron job automatically if you were deploying from Capistrano.
Authentication Strategy
Avalon comes with Persona by default but it can be configured to work with other authentication strategies by using the appropriate omniauth gems. The following example is applicable to Indiana University CAS, it may need some adjustments in order to work with other CAS implementation.
Add to Gemfile
Code Block |
---|
gem 'net-ldap'
gem 'omniauth-cas', :git => "https://github.com/cjcolvar/omniauth-cas.git" |
Install new gems
Code Block |
---|
bundle install |
Add to config/initializers/my-ldap.rb
Code Block |
---|
module Avalon
MY_GUEST_LDAP = Net::LDAP.new
MY_GUEST_LDAP.host = "eads.myuni.edu"
MY_GUEST_LDAP.authenticate 'cn=******,ou=Accounts,dc=eads,dc=myuni,dc=edu', '******'
GROUP_LDAP = Net::LDAP.new
GROUP_LDAP.host = "ads.myuni.edu"
GROUP_LDAP.authenticate 'cn=******,ou=Accounts,dc=ads,dc=myuni,dc=edu', '******'
GROUP_LDAP_TREE = "dc=ads,dc=myuni,dc=edu"
end |
Add config/initializers/user_auth_cas.rb
Code Block |
---|
require 'net/ldap'
User.instance_eval do
def self.find_for_cas(access_token, signed_in_resource=nil)
logger.debug "#{access_token.inspect}"
#data = access_token.info
username = access_token.uid
email = nil
user = User.where(:username => username).first
unless user
if email.nil?
tree = "dc=ads,dc=myuni,dc=edu"
filter = Net::LDAP::Filter.eq("cn", "#{username}")
email = Avalon::GROUP_LDAP.search(:base => tree, :filter => filter, :attributes=> ["mail"]).first.mail.first
end
user = User.find_or_create_by_username_or_email(username, email)
raise "Finding user (#{ user }) failed: #{ user.errors.full_messages }" unless user.persisted?
end
user
end
end |
Add to config/settings/production.local.yml
Code Block |
---|
auth:
configuration:
- :name: My University
:logo: my_logo.png
:provider: :cas
:params:
:host: cas.myuni.edu
:login_url: /cas/login
:service_validate_url: /cas/validate
:logout_url: /cas/logout
:ssl: true |
Using the System
You should be able to visit the webpage with just the hostname (ie http://localhost)
Create an admin account
Click on "Sign in" in the upper right corner of the website main page. Set up a default identity with administrative privileges using the following properties.
Code Block |
---|
archivist1@example.com
<some password> |
...
You can create an account from the command line in the root of your avalon install:
...
You can find specific information about using the system in the Collection Manager's Guide. /wiki/spaces/AVALON/pages/1957954522 is available for your convenience. Upload new items individually or by batch directly via SFTP using the avalondrop account you created above.
Configure additional feataures
Known Issues - a list of bugs, workarounds, and cautions.
...
Code Block |
---|
chkconfig --level 345 tomcat on
chkconfig --level 345 mariadb on
chkconfig --level 345 nginx on
chkconfig --level 345 sshd on
chkconfig --level 345 redis on
chkconfig --level 345 sidekiq on
chkconfig --level 345 httpd on |
...