How to install CKAN 2.5.2 on CentOS 6.8 - ckan/ckan GitHub Wiki
This guide is supposed that you have installed Java and python on your computer. For example, I have installed Java 1.7 and python 2.7.
Use the rpm -qa | grep selinux
, rpm -q policycoreutils
, and rpm -qa | grep setroubleshoot
commands to confirm that you have installed SELinux packages. If not, install it.
Verify that you have installed the following packages: selinux-policy-targeted, selinux-policy, libselinux, libselinux-python, libselinux-utils, policycoreutils, setroubleshoot, setroubleshoot-server, setroubleshoot-plugins.
As the Linux root user, install the above packages you have not installed via the following command:
yum install package-name
The following packages are optional: policycoreutils-gui, selinux-policy-devel, and mcstrans.
Use the /usr/sbin/getenforce
or /usr/sbin/sestatus
commands to check the status of SELinux. The getenforce command returns Enforcing
, Permissive
, or Disabled
. The getenforce command returns Enforcing
when SELinux is enabled (SELinux policy rules are enforced):
# /usr/sbin/getenforce
Enforcing
If SELinux is disabled, you should enable it before install ckan.
Before SELinux is enabled, each file on the file system must be labeled with an SELinux context. Before this happens, confined domains may be denied access, preventing your system from booting correctly. To prevent this, configure ELINUX=permissive
in /etc/selinux/config
:
[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
As the Linux root
user, run the reboot
command to restart the system. During the next boot, file systems are labeled.
The WSGI file in the 9th step need the paste.deploy
and paste.script
package of python. You can verify via the following command:
# python
>>> from paste.deploy import loadapp
>>> from paste.script.util.logging_config import fileConfig
If it does not return error message, you can do nothing. If it does and you have installed pip
, you can install the two packages via the following command:
pip install PasteDeploy
pip install PasteScript
Hint: The paste.deploy
and paste.script
are different from paste
package. You can exit the python environment with Ctrl+D
or exit
commond.
Now you can start to install CKAN!
Install and activate the CentOS Release Repository
# yum install centos-release
Update and reboot your system
# yum update
# shutdown -r now
Install wget
and policycoreutils-python
, which we'll need later.
# yum install wget policycoreutils-python
Install and activate the Extra Packages for Enterprise Linux (EPEL) Repository (it may already be installed):
# rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
Install the required packages:
# yum install xml-commons git subversion mercurial postgresql-server postgresql-devel \
postgresql python-devel libxslt libxslt-devel libxml2 libxml2-devel python-virtualenv \
gcc gcc-c++ make java-1.7.0-openjdk-devel java-1.7.0-openjdk tomcat tomcat-webapps \
tomcat-admin-webapps xalan-j2 unzip policycoreutils-python mod_wsgi httpd
First, create a CKAN User. The ckan
user is created with a shell of /sbin/nologin
and a home directory of /usr/lib/ckan
to mirror what is shown in the CKAN Deployment documentation.
# useradd -m -s /sbin/nologin -d /usr/lib/ckan -c "CKAN User" ckan
Open the newly created directory up for read access so that the content will eventually be able to be served out via httpd.
# chmod 755 /usr/lib/ckan
Modify the defaults and the current file context of the newly created directory such that it is able to be served out via httpd.
# semanage fcontext --add --ftype -- --type httpd_sys_content_t "/usr/lib/ckan(/.*)?"
# semanage fcontext --add --ftype -d --type httpd_sys_content_t "/usr/lib/ckan(/.*)?"
# restorecon -vR /usr/lib/ckan
Switch to the ckan
user.
# su -s /bin/bash - ckan
Install an isolated Python environment, called default
, to host CKAN from.
# virtualenv --no-site-packages default
Activate the newly installed Python environment.
# . default/bin/activate
Download and install version 2.5.2 of CKAN.
(default)# pip install --ignore-installed -e git+https://github.com/okfn/[email protected]#egg=ckan
Download and install the necessary Python modules to run CKAN into the isolated Python environment
(default)# pip install --ignore-installed -r default/src/ckan/pip-requirements-docs.txt
Return back to root user by
(default)# exit()
or pressing Ctrl+D
.
Enable PostgreSQL to start on system boot
# chkconfig postgresql on
Initialize the PostgreSQL database
# service postgresql initdb
Edit /var/lib/pgsql/data/pg_hba.conf
so it will accept passwords for login while still allowing the local postgres user to manage via ident login. The relevant changes to pg_hba.conf
are as follows:
local all postgres ident
local all all md5
# IPv4 local connections:
host all all 127.0.0.1/32 md5
# IPv6 local connections:
host all all ::1/128 md5
Start PostgreSQL
# service postgresql start
Switch to postgres user
# su - postgres
List existing databases:
# psql -l
Check that the encoding of databases is UTF8
, if not internationalisation may be a problem. Since changing the encoding of PostgreSQL may mean deleting existing databases, it is suggested that this is fixed before continuing with the CKAN install.
Next you’ll need to create a database user if one doesn’t already exist. Create a new PostgreSQL database user called ckan_default
, and enter a password for the user when prompted. You’ll need this password later
# createuser -S -D -R -P ckan_default
Create a new PostgreSQL database, called ckan_default
, owned by the database user you just created.
# createdb -O ckan_default ckan_default -E utf-8
Exit the postgres user environment with Ctrl + D or
# exit
Switch back to root user and create a directory to contain the site’s config files:
# mkdir -p /etc/ckan/default
# chown -R ckan /etc/ckan/
Switch to ckan user and create a CKAN config file:
# su -s /bin/bash - ckan
# . default/bin/activate
(default)# cd /usr/lib/ckan/default/src/ckan
(default)# paster make-config ckan /etc/ckan/default/development.ini
Edit the development.ini
file in a text editor, changing the following options:
sqlalchemy.url = postgresql://ckan_default:pass@localhost/ckan_default
ckan.site_url = http://default.yourdomain.com
ckan.site_id = default
solr_url = http://127.0.0.1:8080/solr/ckan-schema
Replace pass with the password that you created in 3. Setup a PostgreSQL database above.
Replace http://default.yourdomain.com with the ckan.site_url that you want to use when update file or other functions.
Exit from running as the ckan user with Ctrl+D
or exit
.
CKAN can not use the latest version of Apache SOLR and requires version 1.4.1.
Download and extract Apache SOLR
# curl http://archive.apache.org/dist/lucene/solr/1.4.1/apache-solr-1.4.1.tgz | tar xzf -
Create directories to hold multiple SOLR cores.
# mkdir -p /usr/share/solr/core0 /usr/share/solr/core1 /var/lib/solr/data/core0 \
/var/lib/solr/data/core1 /etc/solr/core0 /etc/solr/core1
Copy the Apache SOLR war to the desired location.
# cp apache-solr-1.4.1/dist/apache-solr-1.4.1.war /usr/share/solr
Copy the example Apache SOLR configuration to the core0 directory.
# cp -r apache-solr-1.4.1/example/solr/conf /etc/solr/core0
Edit the configuration file, /etc/solr/core0/conf/solrconfig.xml
, as follows:
<dataDir>${dataDir}</dataDir>
Copy the core0 configuration to core1.
# cp -r /etc/solr/core0/conf /etc/solr/core1
Create a symbolic link between the configurations in /etc and /usr.
# ln -s /etc/solr/core0/conf /usr/share/solr/core0/conf
# ln -s /etc/solr/core1/conf /usr/share/solr/core1/conf
Remove the provided schema from the two configured cores and link the schema files in the CKAN source.
# rm -f /etc/solr/core0/conf/schema.xml
# ln -s /usr/lib/ckan/default/src/ckan/ckan/config/solr/schema.xml /etc/solr/core0/conf/schema.xml
# rm -f /etc/solr/core1/conf/schema.xml
# ln -s /usr/lib/ckan/default/src/ckan/ckan/config/solr/schema-1.4.xml /etc/solr/core1/conf/schema.xml
Create a new file, called /etc/tomcat6/Catalina/localhost/solr.xml
, with the following contents:
<Context docBase="/usr/share/solr/apache-solr-1.4.1.war" debug="0" privileged="true" allowLinking="true" crossContext="true">
<Environment name="solr/home" type="java.lang.String" value="/usr/share/solr" override="true" />
</Context>
Create a new file, called /usr/share/solr/solr.xml
, with the following contents:
<solr persistent="true" sharedLib="lib">
<cores adminPath="/admin/cores">
<core name="ckan-schema" instanceDir="core0">
<property name="dataDir" value="/var/lib/solr/data/core0" />
</core>
<core name="ckan-schema-1.4" instanceDir="core1">
<property name="dataDir" value="/var/lib/solr/data/core1" />
</core>
</cores>
</solr>
Set Permissions
Make tomcat the owner of the Solr directories.
# chown -R tomcat:tomcat /usr/share/solr /var/lib/solr
Enable Tomcat
Configure Tomcat to start on system boot.
# chkconfig tomcat6 on
Start Tomcat
# service tomcat6 start
If Tomcat installation was successful, you may find its web interface at:
http://localhost:8080/
If Apache Solr installation was successful, you may find its web interface at:
http://localhost:8080/solr
Switch back to running as the ckan
user, activate the isolated Python environment, and change to the CKAN source directory.
# su -s /bin/bash - ckan
# . default/bin/activate
(default)# cd default/src/ckan
Initialize the CKAN database.
(default)# paster db init -c /etc/ckan/default/development.ini
You may see the output:
Initialising DB: SUCCESS.
This line should be the only output. If there is other output before it, you must find the error line and find out the reason to fix it.
Follow the instructions in Setting up the DataStore to create the required databases and users, set the right permissions and set the appropriate values in your CKAN config file.
Note: You'll need to run the paster --plugin=ckan datastore set-permissions -c /etc/ckan/default/development.ini
command as root user, since we've not set a sudo password for the ckan user.
Note: Setting up the DataStore is optional.
You should still be in the python virtualenv for this step, if not, do the following:
# su -s /bin/bash - ckan
# . default/bin/activate
(default)# cd default/src/ckan
who.ini (the Repoze.who configuration file) needs to be accessible in the same directory as your CKAN config file, so create a symlink to it:
(default)# ln -s /usr/lib/ckan/default/src/ckan/who.ini /etc/ckan/default/who.ini
Create your site’s WSGI script file /etc/ckan/default/apache.wsgi
with the following contents:
import os
activate_this = os.path.join('/usr/lib/ckan/default/bin/activate_this.py')
execfile(activate_this, dict(__file__=activate_this))
from paste.deploy import loadapp
config_filepath = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'development.ini')
from paste.script.util.logging_config import fileConfig
fileConfig(config_filepath)
application = loadapp('config:%s' % config_filepath)
The modwsgi Apache module will redirect requests to your web server to this WSGI script file. The script file then handles those requests by directing them on to your CKAN instance (after first configuring the Python environment for CKAN to run in).
Exit the ckan user with Ctrl+D
or exit
.
Create your site’s Apache config file at /etc/httpd/conf.d/ckan_default.conf
, with the following contents:
WSGISocketPrefix /var/run/wsgi
<VirtualHost 0.0.0.0:80>
ServerName default.yourdomain.com
ServerAlias http://default.yourdomain.com
WSGIScriptAlias / /etc/ckan/default/apache.wsgi
# Pass authorization info on (needed for rest api).
WSGIPassAuthorization On
# Deploy as a daemon (avoids conflicts between CKAN instances).
WSGIDaemonProcess ckan_default display-name=ckan_default processes=2 threads=15
WSGIProcessGroup ckan_default
# Add this to avoid Apache show error:
# "AH01630: client denied by server configuration: /etc/ckan/default/apache.wsgi"
<Directory /etc/ckan/default>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ErrorLog /var/log/httpd/ckan_default.error.log
CustomLog /var/log/httpd/ckan_default.custom.log combined
</VirtualHost>
Replace default.yourdomain.com
and http://default.yourdomain.com
with the domain name for your site.
This tells the Apache modwsgi module to redirect any requests to the web server to the WSGI script that you created above. Your WSGI script in turn directs the requests to your CKAN instance.
And then edit /etc/hosts
with command:
# vi /etc/hosts
Add a line to this file at last:
127.0.0.1 default.yourdomain.com
Replace the default.yourdomain.com
with the domain name of your site you have just set in the /etc/httpd/conf.d/ckan_default.conf
.
Enable httpd to make network connections
# setsebool -P httpd_can_network_connect 1
Enable httpd to start on system boot
# chkconfig httpd on
Start httpd
# service httpd start
Edit the file /etc/sysconfig/iptables
by inserting the following line near the middle of the file:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
Restart iptables
# service iptables restart
Open your browser and head to your domain, you should see CKAN running. For example, my domain is default.yourdomain.com
.