====== Fedora repository 3.8.1 ======
service tomcat7 stop
mkdir /usr/local/fedora
mkdir /srv/data
mkdir /srv/tmp
chown -R tomcat7:tomcat7 /usr/local/fedora
chown -R tomcat7:tomcat7 /srv/data /srv/tmp
nano -w /etc/default/tomcat7
# Stuff for Fedora Commons
export FEDORA_HOME=/usr/local/fedora
PATH=$FEDORA_HOME/server/bin:$FEDORA_HOME/client/bin:$JAVA_HOME/bin:$PATH
mysql -u root -p
CREATE DATABASE digirepo;
GRANT ALL ON digirepo.* TO fedoraAdmin@localhost IDENTIFIED BY '***';
FLUSH PRIVILEGES;
wget https://github.com/fcrepo3/fcrepo/releases/download/v3.8.1/fcrepo-installer-3.8.1.jar
java -jar fcrepo-installer-3.8.1.jar
***********************
Fedora Installation
***********************
To install Fedora, please answer the following questions.
Enter CANCEL at any time to abort the installation.
Detailed installation instructions are available online:
https://wiki.duraspace.org/display/FEDORA/All+Documentation
Installation type
-----------------
The 'quick' install is designed to get you up and running with Fedora
as quickly and easily as possible. It will install Tomcat and an
embedded version of the Derby database. SSL support and XACML policy
enforcement will be disabled.
For more options, including the choice of hostname, ports, security,
and databases, select 'custom'.
To install only the Fedora client software, enter 'client'.
Options : quick, custom, client
Enter a value ==> custom
Fedora home directory
---------------------
This is the base directory for Fedora scripts, configuration files, etc.
Enter the full path where you want to install these files.
Enter a value ==> /usr/local/fedora
WARNING: The environment variable, FEDORA_HOME, is not defined
WARNING: Remember to define the FEDORA_HOME environment variable
WARNING: before starting Fedora.
Fedora administrator password
-----------------------------
Enter the password to use for the Fedora administrator (fedoraAdmin) account.
Enter a value ==> ********
Fedora server host
------------------
The host Fedora will be running on.
If a hostname (e.g. www.example.com) is supplied, a lookup will be
performed and the IP address of the host (not the host name) will be used
in the default Fedora XACML policies.
Enter a value [default is localhost] ==> repo.digibess.eu
Fedora application server context
---------------------------------
The application server context Fedora will be running in.
If 'fedora' (default) is supplied, the resulting context path
will be http://www.example.com/fedora.
It must be ensured that the configured application server context
matches this path if explicitly configured.
Enter a value [default is fedora] ==> fedora
Authentication requirement for API-A
------------------------------------
Fedora's management (API-M) interface always requires user authentication.
Require user authentication for Fedora's access (API-A) interface?
Options : true, false
Enter a value [default is false] ==> false
SSL availability
----------------
Should Fedora be available via SSL? Note: this does not preclude
regular HTTP access; it just indicates that it should be possible for
Fedora to be accessed over SSL.
Options : true, false
Enter a value [default is true] ==> false
Servlet engine
--------------
Which servlet engine will Fedora be running in?
Enter 'included' to use the bundled Tomcat 6.0.35 server.
To use your own, existing installation of Tomcat, enter 'existingTomcat'.
Enter 'other' to use a different servlet container.
Options : included, existingTomcat, other
Enter a value [default is included] ==> existingTomcat
Tomcat home directory
---------------------
Please provide the full path to your existing Tomcat installation, or
the path where you plan to install the bundled Tomcat.
Enter a value ==> /var/lib/tomcat7
WARNING: The environment variable, CATALINA_HOME, is not defined
WARNING: Remember to define the CATALINA_HOME environment variable
WARNING: before starting Fedora.
Tomcat HTTP port
----------------
Which HTTP port (non-SSL) should Tomcat listen on? This can be changed
later in Tomcat's server.xml file.
Enter a value [default is 8080] ==> 8080
Tomcat shutdown port
--------------------
Which port should Tomcat use for shutting down? Make sure this doesn't
conflict with an existing service. This can be changed later in Tomcat's
server.xml file.
Enter a value [default is 8005] ==> 8005
Database
--------
Please select the database you will be using with
Fedora. The supported databases are Derby, MySQL, Oracle and Postgres.
If you do not have a database ready for use by Fedora or would prefer to
use the embedded version of Derby bundled with Fedora, enter 'included'.
Options : derby, mysql, oracle, postgresql, included
Enter a value ==> mysql
MySQL JDBC driver
-----------------
You may either use the included JDBC driver or your own copy.
Enter 'included' to use the included JDBC driver, or, enter the location
(full path) of the driver.
Enter a value [default is included] ==> included
Database username
-----------------
Enter the database username Fedora will use to connect to the Fedora database.
Enter a value ==> fedoraAdmin
Database password
-----------------
Enter the database password Fedora will use to connect to the Fedora database.
Enter a value ==> *******
JDBC URL
--------
Please enter the JDBC URL.
Enter a value [default is jdbc:mysql://localhost/fedora3?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true] ==> jdbc:mysql://localhost/digirepo?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true
JDBC DriverClass
----------------
Please enter the JDBC driver class.
Enter a value [default is com.mysql.jdbc.Driver] ==> com.mysql.jdbc.Driver
Validating database connection...Successfully connected to MySQL
OK
Use upstream HTTP authentication (Experimental Feature)
-------------------------------------------------------
You may wish to rely on a local SSO or other external source for HTTP
authentication and subject attributes.
WARNING: This is an experimental feature and should be enabled only with the
understanding that integration with external authentication will require
further configuration and that this is not yet a stable Fedora feature.
We invite you to try it out and give us feedback.
Use upstream authentication?
Options : true, false
Enter a value [default is false] ==> false
Enable FeSL AuthZ (Experimental Feature)
----------------------------------------
Enable FeSL Authorization? This is an experimental replacement for Fedora's
legacy authorization module, and is still under development.
Production repositories should NOT enable this, but we invite you to try it
out and give us feedback.
Enter a value [default is false] ==> false
Policy enforcement enabled
--------------------------
Should XACML policy enforcement be enabled? Note: This will put a set of
default security policies in play for your Fedora server.
Options : true, false
Enter a value [default is true] ==> true
Low Level Storage
-----------------
Which low-level (file) storage plugin do you want to use?
We recommend akubra-fs for new installs. If you are upgrading Fedora from
version 3.3 or below, you should use legacy-fs for compatibility with your
existing storage. Other plugins are also available, but they must be
configured after installation.
Options : akubra-fs, legacy-fs
Enter a value [default is akubra-fs] ==> akubra-fs
Enable Resource Index
---------------------
Enable the Resource Index?
Options : true, false
Enter a value [default is false] ==> true
Enable Messaging
----------------
Enable Messaging? Messaging sends notifications of API-M events via JMS.
Options : true, false
Enter a value [default is false] ==> true
Messaging Provider URI
----------------------
Please enter the messaging provider URI. For more information about
using ActiveMQ broker URIs, see
http://activemq.apache.org/broker-uri.html
Enter a value [default is vm:(broker:(tcp://localhost:61616))] ==> vm:(broker:(tcp://localhost:61616))
Deploy local services and demos
-------------------------------
Several sample back-end services are included with this distribution.
These are required if you want to use the demonstration objects.
If you'd like these to be automatically deployed, enter 'true'.
Otherwise, the installer will put the files in your FEDORA_HOME/install
directory in case you want to deploy them later.
Options : true, false
Enter a value [default is true] ==> false
Preparing FEDORA_HOME...
Configuring fedora.fcfg
Installing beSecurity
Will not overwrite existing /var/lib/tomcat7/conf/server.xml.
Wrote example server.xml to:
/usr/local/fedora/install/server.xml
Preparing fedora.war...
Deploying fedora.war...
Installation complete.
----------------------------------------------------------------------
Before starting Fedora, please ensure that any required environment
variables are correctly defined
(e.g. FEDORA_HOME, JAVA_HOME, JAVA_OPTS, CATALINA_HOME).
For more information, please consult the Installation & Configuration
Guide in the online documentation.
----------------------------------------------------------------------
cd /var/lib/tomcat7/conf/
cp server.xml server.xml.ORI
cp /usr/local/fedora/install/server.xml /var/lib/tomcat7/conf/server.xml
nano -w /var/lib/tomcat7/conf/server.xml
nano -w /usr/local/fedora/server/config/spring/akubra-llstore.xml
...
...
...
nano -w /usr/local/fedora/server/fedora-internal-use/config/akubra-llstore.xml
...
...
...
mv /usr/local/fedora/data/activemq-data /srv/activemq-data
ln -s /srv/activemq-data /usr/local/fedora/data/
chown -R tomcat7:tomcat7 /usr/local/fedora
chown -R tomcat7:tomcat7 /srv/data /srv/tmp /srv/activemq-data
Add policy for getDatastreamHistory unrestricted.
git clone https://github.com/Islandora/islandora-xacml-policies.git islandora-xacml-policies
mkdir /usr/local/fedora//data/fedora-xacml-policies/repository-policies/islandora
cp islandora-xacml-policies/permit-getDatastreamHistory-unrestricted.xml /usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora/
Add back-end and front-end IP to apim policy:
nano -w /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml
150.145.48.48
2a00:1620:0:0:0:0:0:48
150.145.48.49
2a00:1620:0:0:0:0:0:49
chown -R tomcat7:tomcat7 /usr/local/fedora//data/fedora-xacml-policies/repository-policies