Note |
---|
This documentation is for Release 7.0 and above. For documentation on previous releases, please select from the options below.
|
These instructions provide a recipe for building your own all-in-one Avalon system from scratch on CentOS or Red Hat Enterprise Linux version 7.x. Please note that while an all-in-one installation as outlined here is certainly suitable for testing and demos, a single, all-in-one, server may not be suitable for production environments.
Table of Contents | ||
---|---|---|
|
Ready the Installation Environment
Info |
---|
The instructions below require being run as root unless specifically noted otherwise. |
Storage requirement
Avalon and components need about 20GB of disk space to install.
Open ports requirement
The Avalon Media System requires several ports to be open to client browsers.
Here are the port settings that will need to be configured:
...
These instructions provide a recipe for building your own all-in-one Avalon system from scratch on CentOS or Red Hat Enterprise Linux version 7.x. Please note that while an all-in-one, single machine installation as outlined here is certainly suitable for testing and demos, production environments are typically implemented across multiple servers running the main components of the application.
Table of Contents | ||
---|---|---|
|
Ready the Installation Environment
Info |
---|
The instructions below require being run as root unless specifically noted otherwise. |
Storage requirement
Avalon and components need about 20GB of disk space to install.
Open ports requirement
The Avalon Media System requires several ports to be open to client browsers.
Here are the port settings that will need to be configured:
Port | Purpose | External? |
---|---|---|
80 | HTTP (Avalon) | Yes |
8983 | HTTP (Solr) | No |
8984 | HTTP (Fedora) | No |
8980 | HTTP (Nginx) | Yes |
...
Code Block |
---|
mysql mariadb> create database fcrepo CHARACTER SET utf8 COLLATE utf8_general_ci; mariadb> create user 'fcrepo'@'localhost' identified by '<fcrepo_password>'; mariadb> grant all privileges on fcrepo.* to 'fcrepo'@'localhost'; mariadb> create database rails rails CHARACTER SET utf8 COLLATE utf8_general_ci; mariadb> create user 'rails'@'localhost' identified by '<rails_pasword>'; mariadb> grant all privileges on rails.* to 'rails'@'localhost'; mariadb> flush privileges; |
...
Try it out on your local machine and on another machine. If you can't reach the app from another machine, your iptables1957955315 might need to be changed to allow access. If Fedora is not up, check the tomcat logs in /var/log/tomcat/. Catalina.out and localhost.<date>.log usually provide the best information.
...
Code Block |
---|
mkdir -p /tmp/avalon_solr/ wget https://raw.githubusercontent.com/avalonmediasystem/avalon/mastermain/solr/config/solrconfig.xml -O /tmp/avalon_solr/solrconfig.xml wget https://raw.githubusercontent.com/avalonmediasystem/avalon/mastermain/solr/config/schema.xml -O /tmp/avalon_solr/schema.xml su solr # Needs to run as solr user /opt/solr/bin/solr create_core -c avalon -d /tmp/avalon_solr exit |
...
Code Block |
---|
wget --no-check-certificate https://raw.github.com/avalonmediasystem/config-files/mastermain/apache/20-avalon.conf -P /etc/httpd/conf.d/ vim /etc/httpd/conf.d/20-avalon.conf |
...
Replace database.yml with the correct values for your production environment. Note that the pool setting should be equal or exceed the number of concurrent jobs in Sidekiq.
Code Block |
---|
production: adapter: mysql2 host: localhost database: rails username: rails password: rails pool: 520 timeout: 5000 |
Install the mysql2 adapter
...
Code Block |
---|
# as root
yum install redis
systemctl start redis |
Install Sidekiq
Code Block |
---|
# as root
wget https://raw.githubusercontent.com/mperham/sidekiq/master/examples/systemd/sidekiq.service -O /lib/systemd/system/sidekiq.service |
Edit the following lines in sidekiq.service
Code Block |
---|
WorkingDirectory=/var/www/avalon
ExecStart=/bin/bash -lc '/home/avalon/.rvm/gems/ruby-2.5.5/bin/bundle exec sidekiq -e production'
User=avalon
Group=avalon |
Code Block |
---|
# as root
systemctl start sidekiq |
...
start redis |
Install Sidekiq
Code Block |
---|
# as root
wget https://raw.githubusercontent.com/mperham/sidekiq/main/examples/systemd/sidekiq.service -O /lib/systemd/system/sidekiq.service |
Edit the following lines in sidekiq.service
Code Block |
---|
WorkingDirectory=/var/www/avalon
ExecStart=/bin/bash -lc '/home/avalon/.rvm/gems/ruby-2.5.5/bin/bundle exec sidekiq -e production'
User=avalon
Group=avalon |
Code Block |
---|
# as root
systemctl start sidekiq |
Sidekiq logs to STDOUT.
Warning | ||
---|---|---|
| ||
When ingesting a media file, you may encounter an error message saying that file:///tmp/filename can’t be accessed or located. This may result from the protected temp file settings that are defaults in CentOS 7. Fix by changing “true” to “false” for PrivateTmp in these files in /usr/lib/systemd/system: sidekiq.service PrivateTmp=false |
Additional Configurations
...
Avalon comes with Persona by default but it can be configured to work with other authentication strategies by using the appropriate omniauth gems. The following example is applicable to Indiana University CAS, it may need some adjustments in order to work with other CAS implementation.
Add to Gemfile
Code Block |
---|
gem 'net-ldap'
gem 'omniauth-cas', :git => "https://github.com/cjcolvar/omniauth-cas.git" |
Install new gems
Code Block |
---|
bundle install |
Add to config/initializers/my-ldap.rb
...
other CAS implementation.
Add to Gemfile
Code Block |
---|
gem 'net-ldap'
gem 'omniauth-cas', :git => "https://github.com/cjcolvar/omniauth-cas.git" |
Install new gems
Code Block |
---|
bundle install |
Add to config/initializers/my-ldap.rb
Code Block |
---|
module Avalon GROUPMY_GUEST_LDAP = Net::LDAP.new GROUP_LDAP.host = "ads.myuni.edu" GROUP_LDAP.authenticate 'cn=******,ou=Accounts,dc=ads,dc=myuni,dc=edu', '******'LDAP.new GROUPMY_GUEST_LDAP_TREE.host = "dc=ads,dc=myuni,dc=edu" end |
Add config/initializers/user_auth_cas.rb
Code Block |
---|
require 'net/ldap' User.instance_eval do def self.find_for_cas(access_token, signed_in_resource=nil) logger.debug "#{access_token.inspect}" #data = access_token.info username = access_token.uid email = nil if username =~ /\d{11}/eads.myuni.edu" MY_GUEST_LDAP.authenticate 'cn=******,ou=Accounts,dc=eads,dc=myuni,dc=edu', '******' GROUP_LDAP = Net::LDAP.new GROUP_LDAP.host = "ads.myuni.edu" GROUP_LDAP.authenticate 'cn=******,ou=Accounts,dc=ads,dc=myuni,dc=edu', '******' treeGROUP_LDAP_TREE = "dc=eadsads,dc=myuni,dc=edu" filter = Net::LDAP::Filter.construct("(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=eads,DC=myuni,DC=edu)(cn=#{username}))"),dc=edu" end |
Add config/initializers/user_auth_cas.rb
Code Block |
---|
require 'net/ldap' User.instance_eval do def self.find_for_cas(access_token, signed_in_resource=nil) logger.debug "#{access_token.inspect}" #data username = Avalon::MY_GUEST_LDAP.search(:base => tree, :filter => filter, :attributes=> ["mail"]).first.mail.firstaccess_token.info username = access_token.uid email = username endnil user = User.where(:username => username).first unless user if email.nil? tree = "dc=ads,dc=myuni,dc=edu" filter = Net::LDAP::Filter.eq("cn", "#{username}") email = Avalon::GROUP_LDAP.search(:base => tree, :filter => filter, :attributes=> ["mail"]).first.mail.first end user = User.find_or_create_by_username_or_email(username, email) raise "Logging inFinding user (#{ user }) failed: #{ user.errors.full_messages }" unless user.persisted? end user end end |
...
You can find specific information about using the system in the Collection Manager's Guide. /wiki/spaces/AVALON/pages/1957954522 is available for your convenience. Upload new items individually or by batch directly via SFTP using the avalondrop account you created above.
Configure additional feataures
Known Issues - a list of bugs, workarounds, and cautions.
...