Skip to content
This repository has been archived by the owner on Aug 26, 2023. It is now read-only.

Latest commit

 

History

History
118 lines (88 loc) · 3.92 KB

README.md

File metadata and controls

118 lines (88 loc) · 3.92 KB

CollectionSpace Installer

This project is archived and no longer maintained. Please refer to the CollectionSpace documentation for installtion instructions.

The installer provides an Ansible playbook for setting up CollectionSpace on an Ubuntu server consistent with the official documentation.

For a turn-key, production ready deployment there are just two requirements:

  • An Ubuntu server reachable via SSH
  • DNS configured to access the server by hostname

All of the components in a CollectionSpace system will be installed:

Some minimal system configuration updates can be applied, including:

  • Enable firewall (default deny policy) with exceptions for HTTP & SSH
  • Software packages are updated automatically
  • SSH ip addresses can be whitelisted
  • SSH password authentication is disabled
  • SSH for root user login can be disabled

These features are optional but highly recommended. If you do not use these features of the installer we strongly advise hardening and securing your server before running the installer.

We recommend starting with a newly created server as a buildup to a production deployment. As you become familiar with the installation process and CollectionSpace you may want to wipe and reload the Operating System a few times before settling on a final configuration / setup.

See the documentation for full instructions.

Developer Quickstart

Add ServerAliveInterval 120 to your ~/.ssh/config then create vars/deploy.yml:

---
certbot_admin_email: no-reply@collectionspace.org
certbot_certs: [] # comment this out if you've added dns and want an SSL cert to be created
collectionspace_csadmin_password: keepmesecretplz
collectionspace_force_build: False
# update this (IP or domain): for vagrant use: "localhost" [wsl], or "collectionspace.local" [native]
collectionspace_addr: 45.33.112.113
collectionspace_tenant: core
permit_dev_ports: false
permit_root_login: 'no'
# or, to allow all: - 0.0.0.0/0
ssh_allowed_ip_addresses:
  - "{{ lookup('url', 'http://checkip.amazonaws.com', split_lines=False) | replace('\n', '') }}"
users:
  - name: deploy
    shell: bin/bash
    public_key: "{{ lookup('file', lookup('env','HOME') + '/.ssh/id_rsa.pub') }}"

Run it locally

Install:

Then:

ansible-galaxy install -r requirements.yml --force # update if any gotchas

# Linux/Ubuntu
sudo apt-get install sshpass
# Mac/OSX
brew install hudochenkov/sshpass/sshpass

vagrant plugin install vagrant-hostmanager
vagrant up

# when the provisioning has completed we have to kick it
# because we have no service manager in a vagrant / docker env
vagrant ssh # password 'root'
su - collectionspace
$CSPACE_JEESERVER_HOME/bin/startup.sh
# to view logs
tail -f $CSPACE_JEESERVER_HOME/logs/catalina.out

Running locally does not run the security tasks.

Run it using an existing server

DOMAIN_OR_IP=45.33.112.113
ansible-playbook -i $DOMAIN_OR_IP, security.yml -u root -e @vars/deploy.yml # -u ubuntu (for lightsail)
ansible-playbook -i $DOMAIN_OR_IP, collectionspace.yml -u deploy -e @vars/deploy.yml

Access CollectionSpace

Either way CollectionSpace will be available at: http://{collectionspace_addr}

License

This project is available as open source under the terms of the MIT License.