Fedora repository 3.8.1

service tomcat7 stop

mkdir /usr/local/fedora
mkdir /srv/data
mkdir /srv/tmp
chown -R tomcat7:tomcat7 /usr/local/fedora
chown -R tomcat7:tomcat7 /srv/data /srv/tmp

nano -w /etc/default/tomcat7
	# Stuff for Fedora Commons
	export FEDORA_HOME=/usr/local/fedora

mysql -u root -p
	GRANT ALL ON digirepo.* TO fedoraAdmin@localhost IDENTIFIED BY '***';

wget https://github.com/fcrepo3/fcrepo/releases/download/v3.8.1/fcrepo-installer-3.8.1.jar

java -jar fcrepo-installer-3.8.1.jar
  Fedora Installation

To install Fedora, please answer the following questions.
Enter CANCEL at any time to abort the installation.
Detailed installation instructions are available online:


Installation type
The 'quick' install is designed to get you up and running with Fedora
as quickly and easily as possible. It will install Tomcat and an
embedded version of the Derby database. SSL support and XACML policy
enforcement will be disabled.
For more options, including the choice of hostname, ports, security,
and databases, select 'custom'.
To install only the Fedora client software, enter 'client'.

Options : quick, custom, client

Enter a value ==> custom

Fedora home directory
This is the base directory for Fedora scripts, configuration files, etc.
Enter the full path where you want to install these files.

Enter a value ==> /usr/local/fedora

WARNING: The environment variable, FEDORA_HOME, is not defined
WARNING: Remember to define the FEDORA_HOME environment variable
WARNING: before starting Fedora.

Fedora administrator password
Enter the password to use for the Fedora administrator (fedoraAdmin) account.

Enter a value ==> ********

Fedora server host
The host Fedora will be running on.
If a hostname (e.g. www.example.com) is supplied, a lookup will be
performed and the IP address of the host (not the host name) will be used
in the default Fedora XACML policies.

Enter a value [default is localhost] ==> repo.digibess.eu

Fedora application server context
The application server context Fedora will be running in.
If 'fedora' (default) is supplied, the resulting context path
will be http://www.example.com/fedora.
It must be ensured that the configured application server context
matches this path if explicitly configured.

Enter a value [default is fedora] ==> fedora

Authentication requirement for API-A
Fedora's management (API-M) interface always requires user authentication.
Require user authentication for Fedora's access (API-A) interface?

Options : true, false

Enter a value [default is false] ==> false

SSL availability
Should Fedora be available via SSL?  Note: this does not preclude
regular HTTP access; it just indicates that it should be possible for
Fedora to be accessed over SSL.

Options : true, false

Enter a value [default is true] ==> false

Servlet engine
Which servlet engine will Fedora be running in?
Enter 'included' to use the bundled Tomcat 6.0.35 server.
To use your own, existing installation of Tomcat, enter 'existingTomcat'.
Enter 'other' to use a different servlet container.

Options : included, existingTomcat, other

Enter a value [default is included] ==> existingTomcat

Tomcat home directory
Please provide the full path to your existing Tomcat installation, or
the path where you plan to install the bundled Tomcat.

Enter a value ==> /var/lib/tomcat7

WARNING: The environment variable, CATALINA_HOME, is not defined
WARNING: Remember to define the CATALINA_HOME environment variable
WARNING: before starting Fedora.

Tomcat HTTP port
Which HTTP port (non-SSL) should Tomcat listen on?  This can be changed
later in Tomcat's server.xml file.

Enter a value [default is 8080] ==> 8080

Tomcat shutdown port
Which port should Tomcat use for shutting down?  Make sure this doesn't
conflict with an existing service.  This can be changed later in Tomcat's
server.xml file.

Enter a value [default is 8005] ==> 8005

Please select the database you will be using with
Fedora. The supported databases are Derby, MySQL, Oracle and Postgres.
If you do not have a database ready for use by Fedora or would prefer to
use the embedded version of Derby bundled with Fedora, enter 'included'.

Options : derby, mysql, oracle, postgresql, included

Enter a value ==> mysql

MySQL JDBC driver
You may either use the included JDBC driver or your own copy.
Enter 'included' to use the included JDBC driver, or, enter the location
(full path) of the driver.

Enter a value [default is included] ==> included

Database username
Enter the database username Fedora will use to connect to the Fedora database.

Enter a value ==> fedoraAdmin

Database password
Enter the database password Fedora will use to connect to the Fedora database.

Enter a value ==> *******

Please enter the JDBC URL.

Enter a value [default is jdbc:mysql://localhost/fedora3?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true] ==> jdbc:mysql://localhost/digirepo?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true                                       

JDBC DriverClass
Please enter the JDBC driver class.

Enter a value [default is com.mysql.jdbc.Driver] ==> com.mysql.jdbc.Driver

Validating database connection...Successfully connected to MySQL

Use upstream HTTP authentication (Experimental Feature)
You may wish to rely on a local SSO or other external source for HTTP
authentication and subject attributes.
WARNING: This is an experimental feature and should be enabled only with the
understanding that integration with external authentication will require
further configuration and that this is not yet a stable Fedora feature.
We invite you to try it out and give us feedback.
Use upstream authentication?

Options : true, false

Enter a value [default is false] ==> false

Enable FeSL AuthZ (Experimental Feature)
Enable FeSL Authorization? This is an experimental replacement for Fedora's
legacy authorization module, and is still under development.
Production repositories should NOT enable this, but we invite you to try it
out and give us feedback.

Enter a value [default is false] ==> false

Policy enforcement enabled
Should XACML policy enforcement be enabled?  Note: This will put a set of
default security policies in play for your Fedora server.

Options : true, false

Enter a value [default is true] ==> true

Low Level Storage
Which low-level (file) storage plugin do you want to use?
We recommend akubra-fs for new installs.  If you are upgrading Fedora from
version 3.3 or below, you should use legacy-fs for compatibility with your
existing storage.  Other plugins are also available, but they must be
configured after installation.

Options : akubra-fs, legacy-fs

Enter a value [default is akubra-fs] ==> akubra-fs

Enable Resource Index
Enable the Resource Index?

Options : true, false

Enter a value [default is false] ==> true

Enable Messaging
Enable Messaging? Messaging sends notifications of API-M events via JMS.

Options : true, false

Enter a value [default is false] ==> true

Messaging Provider URI
Please enter the messaging provider URI. For more information about
using ActiveMQ broker URIs, see

Enter a value [default is vm:(broker:(tcp://localhost:61616))] ==> vm:(broker:(tcp://localhost:61616))

Deploy local services and demos
Several sample back-end services are included with this distribution.
These are required if you want to use the demonstration objects.
If you'd like these to be automatically deployed, enter 'true'.
Otherwise, the installer will put the files in your FEDORA_HOME/install
directory in case you want to deploy them later.

Options : true, false

Enter a value [default is true] ==> false

Preparing FEDORA_HOME...
        Configuring fedora.fcfg
        Installing beSecurity
Will not overwrite existing /var/lib/tomcat7/conf/server.xml.
Wrote example server.xml to:
Preparing fedora.war...
Deploying fedora.war...
Installation complete.

Before starting Fedora, please ensure that any required environment
variables are correctly defined
For more information, please consult the Installation & Configuration
Guide in the online documentation.
cd /var/lib/tomcat7/conf/
cp server.xml server.xml.ORI
cp /usr/local/fedora/install/server.xml /var/lib/tomcat7/conf/server.xml

nano -w /var/lib/tomcat7/conf/server.xml
    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443"/>

nano -w /usr/local/fedora/server/config/spring/akubra-llstore.xml
  <bean name="fsObjectStore" class="org.akubraproject.fs.FSBlobStore"
    <constructor-arg value="urn:example.org:fsObjectStore" />
    <constructor-arg value="/srv/data/objectStore"/>
  <bean name="fsDatastreamStore" class="org.akubraproject.fs.FSBlobStore"
    <constructor-arg value="urn:example.org:fsDatastreamStore" />
    <constructor-arg value="/srv/data/datastreamStore"/>
nano -w /usr/local/fedora/server/fedora-internal-use/config/akubra-llstore.xml
  <bean name="fsObjectStore" class="org.akubraproject.fs.FSBlobStore"
    <constructor-arg value="urn:example.org:fsObjectStore" />
    <constructor-arg value="/srv/tmp/objectStore"/>
  <bean name="fsDatastreamStore" class="org.akubraproject.fs.FSBlobStore"
    <constructor-arg value="urn:example.org:fsDatastreamStore" />
    <constructor-arg value="/srv/tmp/datastreamStore"/>
mv /usr/local/fedora/data/activemq-data /srv/activemq-data
ln -s /srv/activemq-data /usr/local/fedora/data/

chown -R tomcat7:tomcat7 /usr/local/fedora
chown -R tomcat7:tomcat7 /srv/data /srv/tmp /srv/activemq-data

Add policy for getDatastreamHistory unrestricted.

git clone https://github.com/Islandora/islandora-xacml-policies.git islandora-xacml-policies

mkdir /usr/local/fedora//data/fedora-xacml-policies/repository-policies/islandora
cp islandora-xacml-policies/permit-getDatastreamHistory-unrestricted.xml /usr/local/fedora/data/fedora-xacml-policies/repository-policies/islandora/

Add back-end and front-end IP to apim policy:

nano -w /usr/local/fedora/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml
	<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"></AttributeValue>
	<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">2a00:1620:0:0:0:0:0:48</AttributeValue>
	<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string"></AttributeValue>
	<AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">2a00:1620:0:0:0:0:0:49</AttributeValue>
chown -R tomcat7:tomcat7  /usr/local/fedora//data/fedora-xacml-policies/repository-policies
reloaded/be_fedora.txt ยท Last modified: 2018/04/09 20:23 by giancarlo

Developers: CNR IRCrES IT Office and Library
Giancarlo Birello (giancarlo.birello _@_ ircres.cnr.it) and Anna Perin (anna.perin _@_ ircres.cnr.it)
DigiBess is licensed under: Creative Commons License
Recent changes RSS feed Creative Commons License Valid XHTML 1.0 Valid CSS Driven by DokuWiki
Drupal Garland Theme for Dokuwiki