Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
mysql
mariadb> create database fcrepo CHARACTER SET utf8 COLLATE utf8_general_ci;
mariadb> create user 'fcrepo'@'localhost' identified by '<fcrepo_password>';
mariadb> grant all privileges on fcrepo.* to 'fcrepo'@'localhost';

mariadb> create database rails CHARACTER SET utf8 COLLATE utf8_general_ci;
mariadb> create user 'rails'@'localhost' identified by '<rails_pasword>';
mariadb> grant all privileges on rails.* to 'rails'@'localhost';

mariadb> flush privileges;

...

Replace database.yml with the correct values for your production environment. Note that the pool setting should be equal or exceed the number of concurrent jobs in Sidekiq.

Code Block
production:
  adapter: mysql2
  host: localhost
  database: rails
  username: rails
  password: rails
  pool: 520
  timeout: 5000

Install the mysql2 adapter 

...

Code Block
# as root
systemctl start sidekiq

Sidekiq logs to STDOUT. 

...

Warning

Dropbox

Code Block
groupadd -r dropbox
useradd -r avalondrop
usermod -G dropbox avalon
mkdir -p /srv/avalon/dropbox
chown avalondrop:dropbox /srv/avalon/dropbox
chmod 2775 /srv/avalon/dropbox

Edit /etc/ssh/sshd_config

# override default of no subsystems Subsystem sftp internal-sftp
Code Block
titletmp Error after uploading file

When ingesting a media file, you may encounter an error message saying that file:///tmp/filename can’t be accessed or located.  This may result from the protected temp file settings that are defaults in CentOS 7.  Fix by changing “true” to “false” for PrivateTmp in these files in /usr/lib/systemd/system:

sidekiq.service  PrivateTmp=false
nginx.service   PrivateTmp=false
httpd.service   PrivateTmp=false

Additional Configurations

Dropbox

Code Block
groupadd -r dropbox
useradd -r avalondrop
usermod -G dropbox avalon
mkdir -p /srv/avalon/dropbox
chown avalondrop:dropbox /srv/avalon/dropbox
chmod 2775 /srv/avalon/dropbox

Edit /etc/ssh/sshd_config

Code Block
# override default of no subsystems
Subsystem sftp internal-sftp
 
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server
Match Group dropbox
ChrootDirectory /srv/avalon
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

...

Add to config/initializers/my-ldap.rb

module Avalon MY_GUEST_LDAP = Net::LDAP.new MY_GUEST_LDAP.host = "eads.myuni.edu" MY_GUEST_LDAP.authenticate 'cn=******,ou=Accounts,dc=eads,dc=myuni,dc=edu', '******'
Code Block
module Avalon
      GROUPMY_GUEST_LDAP = Net::LDAP.new
      GROUP_LDAP.host = "ads.myuni.edu"
      GROUP_LDAP.authenticate 'cn=******,ou=Accounts,dc=ads,dc=myuni,dc=edu', '******'LDAP.new
      GROUPMY_GUEST_LDAP_TREE.host = "dc=ads,dc=myuni,dc=edu"
end

Add config/initializers/user_auth_cas.rb

Code Block
require 'net/ldap'

User.instance_eval do
  def self.find_for_cas(access_token, signed_in_resource=nil)
    logger.debug "#{access_token.inspect}"
    #data = access_token.info
    username = access_token.uid
    email = nil

    if username =~ /\d{11}/eads.myuni.edu"
      MY_GUEST_LDAP.authenticate 'cn=******,ou=Accounts,dc=eads,dc=myuni,dc=edu', '******'

      GROUP_LDAP = Net::LDAP.new
      GROUP_LDAP.host = "ads.myuni.edu"
      GROUP_LDAP.authenticate 'cn=******,ou=Accounts,dc=ads,dc=myuni,dc=edu', '******'
      treeGROUP_LDAP_TREE = "dc=eadsads,dc=myuni,dc=edu"
      filter = Net::LDAP::Filter.construct("(&(objectCategory=CN=Person,CN=Schema,CN=Configuration,DC=eads,DC=myuni,DC=edu)(cn=#{username}))"),dc=edu"
end

Add config/initializers/user_auth_cas.rb

Code Block
require 'net/ldap'

User.instance_eval do
  def self.find_for_cas(access_token, signed_in_resource=nil)
    logger.debug "#{access_token.inspect}"
     #data username = Avalon::MY_GUEST_LDAP.search(:base => tree, :filter => filter, :attributes=> ["mail"]).first.mail.firstaccess_token.info
    username = access_token.uid
      email = username
    endnil

    user = User.where(:username => username).first

    unless user
      if email.nil?
        tree = "dc=ads,dc=myuni,dc=edu"
        filter = Net::LDAP::Filter.eq("cn", "#{username}")
        email = Avalon::GROUP_LDAP.search(:base => tree, :filter => filter, :attributes=> ["mail"]).first.mail.first
      end
      user = User.find_or_create_by_username_or_email(username, email)
      raise "Logging inFinding user (#{ user }) failed: #{ user.errors.full_messages }" unless user.persisted?
    end
    user
  end
end

...