4 Preamble: referenced user accounts
5 ----------------------------------
7 In subsequent sections, we will refer to a number of different accounts, as
10 * Linux user accounts:
11 ** The *user* Linux account is the account that you use to log onto the
12 Linux system as a regular user.
13 ** The *root* Linux account is an account that has system administrator
14 privileges. On Debian you can switch to this account from
15 your *user* account by issuing the `su -` command and entering the
16 password for the *root* account when prompted. On Ubuntu you can switch
17 to this account from your *user* account using the `sudo su -` command
18 and entering the password for your *user* account when prompted.
19 ** The *opensrf* Linux account is an account that you will create as part
20 of installing OpenSRF. You can switch to this account from the *root*
21 account by issuing the `su - opensrf` command.
23 Download and unpack the code
24 ----------------------------
26 Issue the following commands as the *user* Linux account.
28 1. Acquire a stable release tarball from https://evergreen-ils.org/opensrf-downloads/
31 ------------------------------------------------------------------------------
32 wget https://evergreen-ils.org/downloads/opensrf-OSRFVERSION.tar.gz
33 ------------------------------------------------------------------------------
36 Developers can find the full source code at the OpenSRF Git repository:
37 http://git.evergreen-ils.org/?p=OpenSRF.git
39 2. Unpack the tarball, and move into that directory:
42 ------------------------------------------------------------------------------
43 tar -xvf opensrf-OSRFVERSION.tar.gz
44 cd opensrf-OSRFVERSION/
45 ------------------------------------------------------------------------------
47 Installing prerequisites
48 ------------------------
50 OpenSRF has a number of prerequisite packages that must be installed
51 before you can successfully configure, compile, and install OpenSRF.
52 On Debian and Ubuntu, the easiest way to install these prerequisites
53 is to use the Makefile.install prerequisite installer.
55 Issue the following commands as the *root* Linux account to install
56 prerequisites using the Makefile.install prerequisite installer, substituting
57 your operating system identifier for <osname> below:
60 ---------------------------------------------------------------------------
62 make -f src/extras/Makefile.install <osname>
63 ---------------------------------------------------------------------------
65 Well-tested values for <osname> include:
67 * `debian-stretch` for Debian 9
68 * `debian-jessie` for Debian 8
69 * `debian-wheezy` for Debian 7
70 * `ubuntu-trusty` for Ubuntu 14.04
71 * `ubuntu-xenial` for Ubuntu 16.04
73 Patches and suggestions for improvement from users of these distributions,
74 or others, are welcome!
76 When the prerequisite installer reaches the Perl module stage, you may
77 be prompted for configuration of Comprehensive Perl Archive Network (CPAN)
78 on your server. You can generally accept the defaults by pressing <return>
79 for all of the prompts, except for the country configuration.
81 Preamble: Developer instructions
82 --------------------------------
85 Skip this section if you are using an official release tarball downloaded
86 from https://evergreen-ils.org/opensrf-downloads/
88 Developers working directly with the source code from the Git repository,
89 rather than an official release tarball, must install some extra packages
90 and perform one step before they can proceed with the `./configure` step.
92 As the *root* Linux account, install the following packages:
98 As the *user* Linux account, issue the following command in the OpenSRF
99 source directory to generate the configure script and Makefiles:
102 ------------------------------------------------------------------------------
104 ------------------------------------------------------------------------------
106 Configuration and compilation instructions
107 ------------------------------------------
109 Use the `configure` command to configure OpenSRF, and the `make` command to
110 build OpenSRF. The default installation prefix (PREFIX) for OpenSRF is
113 If you are building OpenSRF for Evergreen, issue the following commands as
114 the *user* Linux account to configure and build OpenSRF:
117 ---------------------------------------------------------------------------
118 ./configure --prefix=/openils --sysconfdir=/openils/conf
120 ---------------------------------------------------------------------------
122 By default, OpenSRF includes C, Perl, and JavaScript support.
123 You can add the `--enable-python` option to the configure command
124 to build Python support and `--enable-java` for Java support.
126 If you are planning on proxying WebSockets traffic (see below), you
127 can add `--with-websockets-port=443` to specify that WebSockets traffic
128 will be going through port 443. Without that option, the default port
131 Installation instructions
132 -------------------------
134 1. Once you have configured and compiled OpenSRF, issue the following
135 command as the *root* Linux account to install OpenSRF:
138 ---------------------------------------------------------------------------
140 ---------------------------------------------------------------------------
142 Create and set up the opensrf Unix user environment
143 ---------------------------------------------------
145 This user is used to start and stop all OpenSRF processes, and must own all
146 files contained in the PREFIX directory hierarchy. Issue the following
147 commands as the *root* Linux account to create the `opensrf` user and set up
148 its environment, substituting <PREFIX> with the value you passed to `--prefix`
149 in your configure command:
151 .Creating the `opensrf` user
153 ---------------------------------------------------------------------------
154 useradd -m -s /bin/bash opensrf
155 echo "export PATH=\$PATH:/<PREFIX>/bin" >> /home/opensrf/.bashrc
157 chown -R opensrf:opensrf /<PREFIX>
158 ---------------------------------------------------------------------------
160 Define your public and private OpenSRF domains
161 ----------------------------------------------
163 For security purposes, OpenSRF uses Jabber domains to separate services
164 into public and private realms. Throughout these instructions, we will use
165 the example domains `public.localhost` and `private.localhost`.
167 On a single-server system, the easiest way to define public and private
168 domains is to define separate hostnames by adding entries to the `/etc/hosts`
169 file. Here are entries that you could add to a stock `/etc/hosts` file for our
172 .Example added entries for `/etc/hosts`
174 ---------------------------------------------------------------------------
175 127.0.1.2 public.localhost public
176 127.0.1.3 private.localhost private
177 ---------------------------------------------------------------------------
179 Adjust the system dynamic library path
180 --------------------------------------
182 Add `<PREFIX>/lib/` to the system's dynamic library path, and then run
183 `ldconfig` as the *root* Linux account.
185 On Debian and Ubuntu systems, run the following commands as the *root*
188 .Adjusting the system dynamic library path
190 ---------------------------------------------------------------------------
191 echo <PREFIX>/lib > /etc/ld.so.conf.d/opensrf.conf
193 ---------------------------------------------------------------------------
195 On most other systems, you can add these entries to `/etc/ld.so.conf`, or
196 create a file within the `/etc/ld.so.conf.d/` directory, and then run
197 `ldconfig` as the *root* Linux account.
199 Configure the ejabberd server
200 -----------------------------
202 OpenSRF requires an XMPP (Jabber) server. For performance reasons, ejabberd is
203 the Jabber server of choice for the OpenSRF project. In most cases, you only
204 have to make a few changes to the default configuration file to make ejabberd
207 1. Stop ejabberd before making any changes to its configuration by issuing the
208 following command as the *root* Linux account:
210 .(Debian / Ubuntu Trusty) Stopping ejabberd
212 ---------------------------------------------------------------------------
213 /etc/init.d/ejabberd stop
214 ---------------------------------------------------------------------------
216 .(Debian Stretch / Ubuntu Xenial) Stopping ejabberd
218 ---------------------------------------------------------------------------
219 systemctl stop ejabberd.service
220 ---------------------------------------------------------------------------
222 2. Edit the ejabberd config file.
224 (Debian Wheezy / Ubuntu Trusty) Ejabberd 2.x.x::
225 Open `/etc/ejabberd/ejabberd.cfg` and make the following
227 a. Define your public and private domains in the `hosts` directive. For
231 ---------------------------------------------------------------------------
232 {hosts, ["localhost", "private.localhost", "public.localhost"]}.
233 ---------------------------------------------------------------------------
235 b. Change all `maxrate` values to 500000
236 c. Increase the `max_user_sessions` value to 10000
237 d. Comment out the `mod_offline` directive
239 (Debian Jessie) Ejabberd 13.x and 14.x::
240 Open `/etc/ejabberd/ejabberd.yml` and make the following
242 a. Define your public and private domains in the `hosts` directive. For
246 ---------------------------------------------------------------------------
249 - "private.localhost"
251 ---------------------------------------------------------------------------
253 b. Change `shaper:` `normal` and `fast` values to 500000
254 c. Increase the `max_user_sessions:` `all:` value to 10000
255 d. Comment out the `mod_offline` directive
257 -----------------------
259 ##access_max_user_messages: max_user_offline_messages
260 -----------------------
262 (Debian Stretch / Ubuntu Xenial) Ejabberd 16.x::
263 Open `/etc/ejabberd/ejabberd.yml` and make the following
265 a. Define your public and private domains in the `hosts` directive. For
269 ---------------------------------------------------------------------------
272 - "private.localhost"
274 ---------------------------------------------------------------------------
276 b. Change `auth_password_format` to plain
277 c. Change `shaper:` `normal` and `fast` values to 500000
278 d. Increase the `max_user_sessions:` `all:` value to 10000
279 e. Comment out the `mod_offline` directive
281 -----------------------
283 ##access_max_user_messages: max_user_offline_messages
284 -----------------------
286 3. Restart the ejabberd server to make the changes take effect:
288 .(Debian / Ubuntu Trusty) Starting ejabberd
290 ---------------------------------------------------------------------------
291 /etc/init.d/ejabberd start
292 ---------------------------------------------------------------------------
294 .(Debian Stretch / Ubuntu Xenial) Starting ejabberd
296 ---------------------------------------------------------------------------
297 systemctl start ejabberd.service
298 ---------------------------------------------------------------------------
300 Create the OpenSRF Jabber users
301 -------------------------------
303 On each domain, you need two Jabber users to manage the OpenSRF communications:
305 * a `router` user, to whom all requests to connect to an OpenSRF service
306 will be routed; this Jabber user must be named `router`
307 * an `opensrf` user, which clients use to connect to OpenSRF services; this
308 user can be named anything you like
310 Create the Jabber users by issuing the following commands as the *root* Linux
311 account. Substitute `<password>` for your chosen passwords for each user
314 .Creating the OpenSRF Jabber users
316 ---------------------------------------------------------------------------
317 ejabberdctl register router private.localhost <password>
318 ejabberdctl register opensrf private.localhost <password>
319 ejabberdctl register router public.localhost <password>
320 ejabberdctl register opensrf public.localhost <password>
321 ---------------------------------------------------------------------------
323 Update the OpenSRF configuration files
324 --------------------------------------
326 About the OpenSRF configuration files
327 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
328 There are several configuration files that you must update to make OpenSRF
329 work. SYSCONFDIR is `/opensrf/etc` by default, or the value that you passed to
330 `--sysconfdir` during the configuration phase.
332 * `SYSCONFDIR/opensrf.xml` - this file lists the services that this
333 OpenSRF installation supports; if you create a new OpenSRF service,
334 you need to add it to this file.
335 ** The `<hosts>` element at the bottom of the file lists the services
336 that should be started for each hostname. You can force the system
337 to use `localhost`, so in most cases you will leave this section
340 * `SYSCONFDIR/opensrf_core.xml` - this file lists the Jabber connection
341 information that will be used for the system, as well as determining
342 logging verbosity and defining which services will be exposed on the
345 * `~/.srfsh.xml` - this file gives a Linux account the ability to use
346 the `srfsh` interpreter to communicate with OpenSRF services.
348 Updating the OpenSRF configuration files
349 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
350 1. As the *opensrf* Linux account, copy the example configuration files
351 to create your locally customizable OpenSRF configuration files:
353 .Copying the example OpenSRF configuration files
355 ---------------------------------------------------------------------------
357 cp opensrf_core.xml.example opensrf_core.xml
358 cp opensrf.xml.example opensrf.xml
359 ---------------------------------------------------------------------------
361 2. Edit the `SYSCONFDIR/opensrf_core.xml` file to update the four username
362 / password pairs to match the Jabber user accounts you just created:
364 a. `<config><opensrf>` = use the private Jabber `opensrf` user
365 b. `<config><gateway>` = use the public Jabber `opensrf` user
366 c. `<config><routers><router>` = use the public Jabber `router` user
367 d. `<config><routers><router>` = use the private Jabber `router` user
368 3. Create a `.srfsh.xml` file in the home directory of each user
369 that you want to use `srfsh` to communicate with OpenSRF services. For
370 example, to enable the *opensrf* Linux account to use `srfsh`:
371 a. `cp SYSCONFDIR/srfsh.xml.example ~/.srfsh.xml`
372 b. Open `~/.srfsh.xml` in your text editor of choice and update the
373 password to match the password you set for the Jabber `opensrf` user
374 at the `private.localhost` domain.
376 Starting and stopping OpenSRF services
377 --------------------------------------
379 To start all OpenSRF services with a hostname of `localhost`, issue the
380 following command as the *opensrf* Linux account:
383 ---------------------------------------------------------------------------
384 osrf_control --localhost --start-all
385 ---------------------------------------------------------------------------
387 To stop all OpenSRF services with a hostname of `localhost`, issue the
388 following command as the *opensrf* Linux account:
391 ---------------------------------------------------------------------------
392 osrf_control --localhost --stop-all
393 ---------------------------------------------------------------------------
395 Testing the default OpenSRF services
396 ------------------------------------
398 By default, OpenSRF ships with an `opensrf.math` service that performs basic
399 calculations involving two integers. Once you have started the OpenSRF
400 services, test the services as follows:
402 1. Start the `srfsh` interactive OpenSRF shell by issuing the following
403 command as the *opensrf* Linux account:
405 .Starting the `srfsh` interactive OpenSRF shell
407 ---------------------------------------------------------------------------
409 ---------------------------------------------------------------------------
411 2. Issue the following request to test the `opensrf.math` service:
414 ---------------------------------------------------------------------------
415 srfsh# request opensrf.math add 2,2
416 ---------------------------------------------------------------------------
418 You should receive the value `4`.
420 Websockets installation instructions: Option #1 Apache
421 -------------------------------------------------------
422 Websockets are new to OpenSRF 2.4+ and are required for operating the new web-based
423 staff client for Evergreen. Complete the following steps as the *root* Linux
426 1. Install git if not already present:
429 ---------------------------------------------------------------------------
430 apt-get install git-core
431 ---------------------------------------------------------------------------
433 2. Install the apache-websocket module:
436 ---------------------------------------------------------------------------
437 # Use a temporary directory
439 git clone https://github.com/disconnect/apache-websocket
441 apxs2 -i -a -c mod_websocket.c
442 ---------------------------------------------------------------------------
444 3. Create the websocket Apache instance (more information about this in
445 `/usr/share/doc/apache2/README.multiple-instances`)
449 ---------------------------------------------------------------------------
450 sh /usr/share/doc/apache2.2-common/examples/setup-instance websockets
451 ---------------------------------------------------------------------------
453 .(Debian Jessie/Stretch, Ubuntu Trusty/Xenial)
455 ---------------------------------------------------------------------------
456 sh /usr/share/doc/apache2/examples/setup-instance websockets
457 ---------------------------------------------------------------------------
459 4. Remove from the main apache instance
462 ---------------------------------------------------------------------------
464 ---------------------------------------------------------------------------
466 5. Change to the directory into which you unpacked OpenSRF, then copy into
467 place the config files
471 ---------------------------------------------------------------------------
472 cd /path/to/opensrf-OSRFVERSION
473 cp examples/apache2/websockets/apache2.conf /etc/apache2-websockets/
474 ---------------------------------------------------------------------------
476 .(Debian Jessie/Stretch, Ubuntu Trusty/Xenial)
478 ---------------------------------------------------------------------------
479 cd /path/to/opensrf-OSRFVERSION
480 cp examples/apache_24/websockets/apache2.conf /etc/apache2-websockets/
481 ---------------------------------------------------------------------------
483 6. OPTIONAL: add these configuration variables to `/etc/apache2-websockets/envvars`
484 and adjust as needed.
487 ---------------------------------------------------------------------------
488 export OSRF_WEBSOCKET_IDLE_TIMEOUT=120
489 export OSRF_WEBSOCKET_IDLE_CHECK_INTERVAL=5
490 export OSRF_WEBSOCKET_CONFIG_FILE=/openils/conf/opensrf_core.xml
491 export OSRF_WEBSOCKET_CONFIG_CTXT=gateway
492 export OSRF_WEBSOCKET_MAX_REQUEST_WAIT_TIME=600
493 ---------------------------------------------------------------------------
495 * `IDLE_TIMEOUT` specifies how long we will allow a client to stay connected
496 while idle. A longer timeout means less network traffic (from fewer
497 websocket CONNECT calls), but it also means more Apache processes are
498 tied up doing nothing.
499 * `IDLE_CHECK_INTERVAL` specifies how often we wake to check the idle status
500 of the connected client.
501 * `MAX_REQUEST_WAIT_TIME` is the maximum amount of time the gateway will
502 wait before declaring a client as idle when there is a long-running
503 outstanding request, yet no other activity is occurring. This is
504 primarily a fail-safe to allow idle timeouts when one or more requests
505 died on the server, and thus no response was ever delivered to the gateway.
506 * `CONFIG_FILE / CTXT` are the standard opensrf core config options.
508 7. Before you can start websockets, you must install a valid SSL certificate
509 in `/etc/apache2/ssl/`. It is possible, but not recommended, to generate a
510 self-signed SSL certificate. For example, if you need to test with a self-signed
511 certicate on Chrome or Chromimum browsers, one workaround is to start the browser
512 with `--ignore-certificate-errors`.
514 8. After OpenSRF is up and running (or after any re-install),
515 fire up the secondary Apache instance. Errors will appear in
516 `/var/log/apache2-websockets/error.log`. Start apache2-websockets with:
519 ---------------------------------------------------------------------------
520 /etc/init.d/apache2-websockets start
521 ---------------------------------------------------------------------------
523 Websockets installation instructions: Option #2 Websocketd
524 ----------------------------------------------------------
526 1. Install websocketd (latest stable release from http://websocketd.com/)
530 ---------------------------------------------------------------------------
532 wget 'https://github.com/joewalnes/websocketd/releases/download/v0.3.0/websocketd-0.3.0-linux_amd64.zip'
533 unzip websocketd-0.3.0-linux_amd64.zip
534 sudo cp websocketd /usr/local/bin/
535 ---------------------------------------------------------------------------
539 Choose option a or b, below.
541 a. Run websocketd as 'opensrf'
544 ===========================================================================
545 This choice requires one of the proxy configurations mentioned below.
546 ===========================================================================
550 ---------------------------------------------------------------------------
551 /usr/local/bin/websocketd --port 7682 /openils/bin/osrf-websocket-stdio &
553 # Other useful command line parameters include:
554 # --loglevel debug|trace|access|info|error|fatal
557 # --origin=host[:port][,host[:port]...]
559 # See https://github.com/joewalnes/websocketd/blob/master/help.go
560 ---------------------------------------------------------------------------
562 b. Run websocketd without a proxy
566 ---------------------------------------------------------------------------
567 sudo -b /usr/local/bin/websocketd --port 7682 --ssl --sslcert=/etc/apache2/ssl/server.crt \
568 --sslkey=/etc/apache2/ssl/server.key /openils/bin/osrf-websocket-stdio
569 ---------------------------------------------------------------------------
571 Optional: Using NGINX as a proxy
572 --------------------------------
573 NGINX can be used to proxy HTTP, HTTPS, and WebSockets traffic. Among other
574 reasons, this can be useful for Evergreen setups that want to have both
575 HTTPS and secure WebSockets traffic both go through port 443 while using
576 two Apache instances (one for the WebSockets gateway and one for the more
577 memory-intensive TPAC pages).
579 The following instructions are a guide for setting this up on Debian
580 and Ubuntu systems, but expect general familiarity with various system
581 administration and network tasks. The steps should be run as the *root*
582 Linux account, and assume that you already followed the instructions
583 for installing WebSockets support.
585 1. Configure the main Apache instance to listen on port 7080 for HTTP and
586 port 7443 for HTTPS and ensure that it is not listening on ports 80
587 and 443, then restart Apache.
589 2. Install NGINX if not already present:
592 ---------------------------------------------------------------------------
593 apt-get install nginx
594 ---------------------------------------------------------------------------
596 3. Copy the example NGINX configuration file into place and remove default.
599 ---------------------------------------------------------------------------
600 cd /path/to/opensrf-OSRFVERSION
601 cp examples/nginx/osrf-ws-http-proxy /etc/nginx/sites-available/
602 ln -s /etc/nginx/sites-available/osrf-ws-http-proxy /etc/nginx/sites-enabled/osrf-ws-http-proxy
603 rm /etc/nginx/sites-enabled/default
604 ---------------------------------------------------------------------------
606 4. Edit `/etc/nginx/sites-available/osrf-ws-http-proxy` to set the location
607 of the SSL certificate and private key.
611 ---------------------------------------------------------------------------
612 /etc/init.d/nginx start
613 ---------------------------------------------------------------------------
615 6. If you didn't run `configure` with the `--with-websockets-port=443` option,
616 edit `<PREFIX>/javascript/opensrf_ws.js` and `<PREFIX>/javascript/opensrf_ws_shared.js`
620 ---------------------------------------------------------------------------
621 var WEBSOCKET_PORT_SSL = 7682;
622 ---------------------------------------------------------------------------
627 ---------------------------------------------------------------------------
628 var WEBSOCKET_PORT_SSL = 443;
629 ---------------------------------------------------------------------------
631 Optional: Using HAProxy as a proxy
632 ----------------------------------
633 HAProxy can also be used to proxy HTTP, HTTPS, and WebSockets traffic
634 as an alternative to NGINX.
636 The following instructions are a guide for setting this up on Debian
637 and Ubuntu systems, but expect general familiarity with various system
638 administration and network tasks. The steps should be run as the *root*
639 Linux account, and assume that you already followed the instructions
640 for installing WebSockets support.
642 1. Install HAProxy if not already present:
645 ---------------------------------------------------------------------------
646 apt-get install haproxy
647 ---------------------------------------------------------------------------
649 2. Configure the main Apache instance to listen on port 7080 for HTTP and
650 port 7443 for HTTPS and ensure that it is not listening on ports 80
651 and 443, then restart Apache.
652 3. Append the example HAProxy to `haproxy.cfg`.
655 ---------------------------------------------------------------------------
656 cd /path/to/opensrf-OSRFVERSION
657 cat examples/haproxy/osrf-ws-http-proxy >> /etc/haproxy/haproxy.cfg
658 ---------------------------------------------------------------------------
660 4. Edit `/etc/haproxy/haproxy.cfg` to set the location
661 of the PEM file containing the SSL certificate and private key.
665 ---------------------------------------------------------------------------
666 /etc/init.d/haproxy start
667 ---------------------------------------------------------------------------
669 6. Edit `<PREFIX>/javascript/opensrf_ws.js` and `<PREFIX>/javascript/opensrf_ws_shared.js`
673 ---------------------------------------------------------------------------
674 var WEBSOCKET_PORT_SSL = 7682;
675 ---------------------------------------------------------------------------
680 ---------------------------------------------------------------------------
681 var WEBSOCKET_PORT_SSL = 443;
682 ---------------------------------------------------------------------------
684 Troubleshooting note for Python users
685 -------------------------------------
687 If you are running a Python client and trying to connect to OpenSRF running on
688 localhost rather than a hostname that can be resolved via DNS, you will
689 probably receive exceptions about `dns.resolver.NXDOMAIN`. If this happens,
690 you need to install the `dnsmasq` package, configure it to serve up a DNS
691 entry for localhost, and point your local DNS resolver to `dnsmasq`. For example,
692 on Ubuntu you can issue the following commands as the *root* Linux account:
694 .(Debian / Ubuntu) Installing and starting `dnsmasq`
696 ---------------------------------------------------------------------------
697 aptitude install dnsmasq
698 /etc/init.d/dnsmasq restart
699 ---------------------------------------------------------------------------
701 Then edit `/etc/resolv.conf` and ensure that `nameserver 127.0.0.1` is the
702 first entry in the file.
707 Need help installing or using OpenSRF? Join the mailing lists at
708 http://evergreen-ils.org/communicate/mailing-lists/ or contact us
709 on the Freenode IRC network on the #evergreen channel.