8.2 Installation guide - Ubuntu 18.04

Introduction

The following installation guide for Goobi workflow refers to Ubuntu Linux 18.04. It is written as a step-by-step guide from top to bottom, meaning that settings and configurations build on each other. If the order is not followed, certain commands may fail.

The domain name used in this manual is GOOBI.EXAMPLE.ORG and must be adapted to your own DNS name.

Preparation

We assume that we start with a fresh, Ubuntu Linux 18.04 installed from the Server install image with no additional packages installed. First you have to log on to the server where you want to install Goobi workflow and get root privileges:

ssh GOOBI.EXAMPLE.ORG
sudo -i

Passwords must then be generated for the Goobi workflow database and the local LDAP and stored as a variable in the session:

export PW_SQL_GOOBI=SECRETPASSWORD
export PW_LDAP_GOOBI=SECRETPASSWORD
export NAME_HOST=GOOBI.EXAMPLE.ORG
export BASENAME=dc=GOOBI,dc=EXAMPLE,dc=ORG
export SOURCEDIR=/tmp/install
export PW_GOOBITESTUSER=SECRETPASSWORD

Install packages

Goobi workflow is based on Java 1.8, MariaDB, Tomcat and uses Samba and OpenLdap. Maven is used as build automation tool, so some packages and dependencies have to be installed. First we set some pre-configurartion:

debconf-set-selections << EOF
postfix postfix/main_mailer_type select Local only
postfix postfix/mailname string $NAME_HOST
slapd slapd/internal/adminpw password $PW_LDAP_GOOBI
slapd slapd/password1 password $PW_LDAP_GOOBI
slapd slapd/password2 password $PW_LDAP_GOOBI
slapd shared/organization string $NAME_HOST
slapd slapd/domain string $NAME_HOST
slapd slapd/backend select MDB
nslcd nslcd/ldap-uris string ldap://127.0.0.1/
nslcd nslcd/ldap-base string $BASENAME
libnss-ldapd libnss-ldapd/nsswitch multiselect passwd, group, shadow
EOF

Then we start the package installation:

apt -y install openjdk-8-jdk-headless tomcat8 mariadb-server apache2 samba smbclient imagemagick graphicsmagick libtiff-tools djvulibre-bin netpbm jhead exiv2 bc unzip maven git mailutils slapd libnss-ldapd libldap-2.4-2 ldap-utils ldapvi libpam-ldapd smbldap-tools rename

Fresh installed services are started right away in Debian like system, but we do not want the Tomcat server to run yet:

service tomcat8 stop

Set Java 1.8 as default, for the system and Tomcat:

update-alternatives --set java /usr/lib/jvm/java-8-openjdk-amd64/jre/bin/java
sed -e 's|#JAVA_HOME=.*|JAVA_HOME=/usr/lib/jvm/java-8-openjdk-amd64/|' /etc/default/tomcat8 -i
patch /etc/java-8-openjdk/accessibility.properties << "EOF"
@@ -5,5 +5,5 @@
# Note: the line below cannot end the file (there must be at
# a minimum a blank line following it).
#
-assistive_technologies=org.GNOME.Accessibility.AtkWrapper
+#assistive_technologies=org.GNOME.Accessibility.AtkWrapper
EOF

Variables and Aliases

The following aliases should be added to the /root/.bash_aliases file:

cat << "EOF" >/root/.bash_aliases
alias cata='tail -n 1000 -f /var/log/tomcat8/catalina.out'
alias ct='chown tomcat8:tomcat8 *'
alias ctr='chown -R tomcat8:tomcat8 *'
EOF

To apply the changes to the current session, the following command must be executed:

. /root/.bash_aliases

Checkout Goobi from Github

A temporary directory for the installation must be created and the Goobi workflow repository cloned into it. This directory will contain various files that are required for the following installation steps:

mkdir -p $SOURCEDIR
cd $SOURCEDIR
git clone https://github.com/intranda/goobi.git

It is recommended that you already have a DNS record for the server at this time.

Configuration of Services

LDAP

Configuration of the LDAP-Server

First the LDAP should be responsible only for localhost. For this the setting of the SLAPD_SERVICES must be modified in the file /etc/default/slapd:

patch /etc/default/slapd << "EOF"
@@ -21,7 +21,7 @@
# sockets.
# Example usage:
# SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
-SLAPD_SERVICES="ldap:/// ldapi:///"
+SLAPD_SERVICES="ldap://127.0.0.1:389/ ldapi:///"
# If SLAPD_NO_START is set, the init script will not start or restart
# slapd (but stop will still work). Uncomment this if you are
EOF

Then the following step is executed:

zcat /usr/share/doc/samba/examples/LDAP/samba.schema.gz >> /etc/ldap/schema/samba.schema

The file samba.ldif can then be moved to the path /etc/ldap/schema/ and the schema inserted into the LDAP:

cp $SOURCEDIR/goobi/Goobi/install/ldap/samba.ldif /etc/ldap/schema/
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/samba.ldif

We create OUs and the cn=NextFreeUnixId for Goobi:

ldapadd -x -D cn=admin,$BASENAME -w "$PW_LDAP_GOOBI" -f <(sed -e"s|dc=GOOBI,dc=EXAMPLE,dc=ORG|$BASENAME|" $SOURCEDIR/goobi/Goobi/install/ldap/import.ldif)

The /etc/ldap/ldap.conf file is then modified as follows:

cat << EOF >/etc/ldap/ldap.conf
#
# LDAP Defaults
#
BASE $BASENAME
URI ldap://127.0.0.1
TLS_REQCERT never
EOF
ldapmodify -Y EXTERNAL -H ldapi:/// -f $SOURCEDIR/goobi/Goobi/install/ldap/index.ldif

Using the tool ldapvi

ldapvi is a good tool for later, easier editing of values in LDAP. Therefore the following entries in the file /etc/ldapvi.conf have to be adapted and inserted:

echo "user: cn=admin,$BASENAME" >>/etc/ldapvi.conf
echo "password: $PW_LDAP_GOOBI" >>/etc/ldapvi.conf
chmod 600 /etc/ldapvi.conf

Setting up Samba

The Samba server is connected to the LDAP. The configuration file must be replaced with the one from the repository and then the LDAP configuration must be adapted:

sed -e"s|dc=GOOBI,dc=EXAMPLE,dc=ORG|$BASENAME|" $SOURCEDIR/goobi/Goobi/install/samba/smb.conf > /etc/samba/smb.conf

Samba needs the password for the LDAP Admin for this:

smbpasswd -w "$PW_LDAP_GOOBI"

Attention Samba does not distinguish between upper and lower case for user names!

systemctl restart smbd

Samba: Free memory display

The upload of the images usually takes place within the directory path /opt/digiverso. Therefore Samba should also display the free memory from there.:

cp "$SOURCEDIR/goobi/Goobi/install/samba/samba-dfree" /usr/local/bin/samba-dfree
chmod 755 /usr/local/bin/samba-dfree

Setting up the database MySQL / MariaDB

Goobi workflow requires a database and its own user. The following command also imports the database schema and creates an initial structure:

mysql -e "CREATE DATABASE goobi;
USE goobi;
SOURCE $SOURCEDIR/goobi/Goobi/install/db/goobi_blank.sql;
CREATE USER 'goobi'@'localhost' IDENTIFIED BY '$PW_SQL_GOOBI';
GRANT ALL PRIVILEGES ON goobi.* TO 'goobi'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;"

Setting up the Tomcat server

In the file /etc/default/tomcat8 the memory under -Xmx should be adapted to the available machine memory. The garbage collector options to be used are also selected and urandom configured for a faster Tomcat start:

patch /etc/default/tomcat8 << "EOF"
@@ -18,7 +18,15 @@
# response time). If you use that option and you run Tomcat on a machine with
# exactly one CPU chip that contains one or two cores, you should also add
# the "-XX:+CMSIncrementalMode" option.
-JAVA_OPTS="-Djava.awt.headless=true -XX:+UseConcMarkSweepGC"
+JAVA_OPTS="-Djava.awt.headless=true -Xmx2g -Xms2g"
+JAVA_OPTS="${JAVA_OPTS} -XX:+UseG1GC"
+JAVA_OPTS="${JAVA_OPTS} -XX:+ParallelRefProcEnabled"
+JAVA_OPTS="${JAVA_OPTS} -XX:+DisableExplicitGC"
+JAVA_OPTS="${JAVA_OPTS} -XX:+CMSClassUnloadingEnabled"
+JAVA_OPTS="${JAVA_OPTS} -Djava.security.egd=file:/dev/./urandom"
+JAVA_OPTS="${JAVA_OPTS} -Dfile.encoding='utf-8'"
+
+UMASK=0022
# To enable remote debugging uncomment the following line.
# You will then be able to use a java debugger on port 8000.
@@ -32,9 +42,9 @@
#TOMCAT8_SECURITY=no
# Number of days to keep logfiles in /var/log/tomcat8. Default is 14 days.
-#LOGFILE_DAYS=14
+LOGFILE_DAYS=14
# Whether to compress logfiles older than today's
-#LOGFILE_COMPRESS=1
+LOGFILE_COMPRESS=1
# Location of the JVM temporary directory
# WARNING: This directory will be destroyed and recreated at every startup !
EOF

In the file /etc/tomcat8/server.xml the Tomcat is configured to listen only on localhost, appropriate connectors are set up for the proxy:

sed -e "s/GOOBI_HOSTNAME/$NAME_HOST/" << "EOF" | patch /etc/tomcat8/server.xml
@@ -66,56 +66,19 @@
APR (HTTP/AJP) Connector: /docs/apr.html
Define a non-SSL/TLS HTTP/1.1 Connector on port 8080
-->
- <Connector port="8080" protocol="HTTP/1.1"
+ <Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1"
connectionTimeout="20000"
- redirectPort="8443" />
- <!-- A "Connector" using the shared thread pool-->
- <!--
- <Connector executor="tomcatThreadPool"
- port="8080" protocol="HTTP/1.1"
- connectionTimeout="20000"
- redirectPort="8443" />
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443
- This connector uses the NIO implementation. The default
- SSLImplementation will depend on the presence of the APR/native
- library and the useOpenSSL attribute of the
- AprLifecycleListener.
- Either JSSE or OpenSSL style configuration may be used regardless of
- the SSLImplementation selected. JSSE style configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
- maxThreads="150" SSLEnabled="true">
- <SSLHostConfig>
- <Certificate certificateKeystoreFile="conf/localhost-rsa.jks"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
- <!-- Define a SSL/TLS HTTP/1.1 Connector on port 8443 with HTTP/2
- This connector uses the APR/native implementation which always uses
- OpenSSL for TLS.
- Either JSSE or OpenSSL style configuration may be used. OpenSSL style
- configuration is used below.
- -->
- <!--
- <Connector port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"
- maxThreads="150" SSLEnabled="true" >
- <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" />
- <SSLHostConfig>
- <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
- certificateFile="conf/localhost-rsa-cert.pem"
- certificateChainFile="conf/localhost-rsa-chain.pem"
- type="RSA" />
- </SSLHostConfig>
- </Connector>
- -->
+ maxThreads="400"
+ URIEncoding="UTF-8"
+ enableLookups="false"
+ disableUploadTimeout="true"
+ proxyName="GOOBI_HOSTNAME"
+ proxyPort="80" />
- <!-- Define an AJP 1.3 Connector on port 8009 -->
- <!--
- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
- -->
+<Connector address="127.0.0.1" port="8009" protocol="AJP/1.3"
+ connectionTimeout="20000"
+ maxThreads="400"
+ URIEncoding="UTF-8" />
<!-- An Engine represents the entry point (within Catalina) that processes
@@ -159,9 +122,9 @@
<!-- Access log processes all example.
Documentation at: /docs/config/valve.html
Note: The pattern used is equivalent to using pattern="common" -->
- <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
+ <!--Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
- pattern="%h %l %u %t &quot;%r&quot; %s %b" />
+ pattern="%h %l %u %t &quot;%r&quot; %s %b" /-->
</Host>
</Engine>
EOF

Then the session persistence within the file /etc/tomcat8/context.xml is deactivated by commenting the following line:

patch /etc/tomcat8/context.xml << "EOF"
@@ -24,7 +24,5 @@
<WatchedResource>${catalina.base}/conf/web.xml</WatchedResource>
<!-- Uncomment this to disable session persistence across Tomcat restarts -->
- <!--
<Manager pathname="" />
- -->
</Context>
EOF

Configuration of Apache

The Apache web server must be set up to make Goobi workflow available externally. The following modules are activated for this purpose:

a2enmod proxy_ajp
a2enmod rewrite
a2enmod headers

The following file must be saved to the following path /etc/apache2/sites-available/GOOBI.EXAMPLE.ORG.conf:

sed -e "s/GOOBI.EXAMPLE.ORG/$NAME_HOST/" << "EOF" >/etc/apache2/sites-available/$NAME_HOST.conf
<VirtualHost *:80>
ServerAdmin support@intranda.com
ServerName GOOBI.EXAMPLE.ORG
DocumentRoot /var/www
RequestHeader unset Expect early
## compress output
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain text/html text/xml
AddOutputFilterByType DEFLATE text/css text/javascript
AddOutputFilterByType DEFLATE application/xml application/xhtml+xml
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/javascript application/x-javascript
</IfModule>
## general proxy settings
ProxyPreserveHost On
ProxyVia On
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
<Proxy *>
Require local
</Proxy>
## goobi
redirect /index.html http://GOOBI.EXAMPLE.ORG/goobi/
redirectmatch /goobi$ http://GOOBI.EXAMPLE.ORG/goobi/
<Location "/goobi/">
Require all granted
ProxyPass ajp://localhost:8009/goobi/ retry=0
ProxyPassReverse ajp://localhost:8009/goobi/
</Location>
## disable external connection to Goobi WebAPI globally
# ProxyPass /goobi/wi !
## only allow access to Goobi WebAPI for certain hosts
<Location "/goobi/wi">
# Require ip 1.2.3.4
Require local
</Location>
## logging
CustomLog /var/log/apache2/GOOBI.EXAMPLE.ORG_access.log combined
ErrorLog /var/log/apache2/GOOBI.EXAMPLE.ORG_error.log
# Possible values include: debug, info, notice, warn, error, crit, alert, emerg.
LogLevel warn
</VirtualHost>
EOF

The Goobi workflow vhost is now activated, the default vhost is deactivated and the Apache web server is restarted:

a2dissite 000-default.conf
a2ensite $NAME_HOST.conf
systemctl restart apache2

Setting up sudo

Goobi workflow requires different rights to execute scripts. The following file for the sudo rights must be stored for this:

cat << "EOF" | EDITOR='tee' visudo -f /etc/sudoers.d/70_goobi
##
# Goobi sudoers file
##
# Berechtigungen fuer Tomcat Server
User_Alias HTTPD=tomcat8
# In den Shellscripten definierte Kommandos:
# script_chownTomcat.sh, script_chownUser.sh, script_createDirUserHome.sh,
# script_createSymLink.sh
Cmnd_Alias CHOWN_DATEN=/bin/chown * /opt/digiverso/goobi/metadata/*
# script_createDirUserHome.sh
Cmnd_Alias CHGRP_USERS=/bin/chgrp tomcat8 /home/*
Cmnd_Alias CHMOD_USERS=/bin/chmod g+w /home/*
Cmnd_Alias CHMOD_WRITE=/bin/chmod * /opt/digiverso/goobi/metadata/*
Cmnd_Alias CHOWN_USERS=/bin/chown * /home/*
Cmnd_Alias MKDIR_USERS=/bin/mkdir /home/*
# Der Tomcat Server darf die in den Shellscripten definierten Kommandos ohne
# Passwortabfrage mit root Berechtigung ausfuehren
HTTPD ALL=NOPASSWD: CHOWN_DATEN, CHGRP_USERS, CHMOD_USERS, CHOWN_USERS, MKDIR_USERS, CHMOD_WRITE
HTTPD ALL=NOPASSWD: /bin/mount --bind /opt/digiverso/goobi/metadata/* /home/*
HTTPD ALL=NOPASSWD: /bin/umount -l /home/*
HTTPD ALL=NOPASSWD: /bin/rmdir /home/*
HTTPD ALL=NOPASSWD: /bin/chmod * /home/*
EOF

Creation of the directory structure

The following commands create the necessary folder structure and move the files from the repository to the expected location:

mkdir -p /opt/digiverso/{logs,tomcat-lib,viewer/hotfolder,goobi/{activemq,config,lib,metadata,rulesets,scripts,static_assets,tmp,xslt,plugins/{administration,command,dashboard,export,GUI,import,opac,statistics,step,validation,workflow}}}
cp $SOURCEDIR/goobi/Goobi/install/config/* /opt/digiverso/goobi/config/
cp $SOURCEDIR/goobi/Goobi/install/scripts/* /opt/digiverso/goobi/scripts/
cp $SOURCEDIR/goobi/Goobi/install/rulesets/* /opt/digiverso/goobi/rulesets/
cp $SOURCEDIR/goobi/Goobi/install/xslt/* /opt/digiverso/goobi/xslt/
chown -R tomcat8: /opt/digiverso/

Java Advanced Imaging (JAI) is also installed for the image display:

cd "$SOURCEDIR"
wget http://www.java2s.com/Code/JarDownload/jai/jai_codec-1.1.2_01.jar.zip
wget http://www.java2s.com/Code/JarDownload/jai/jai_core-1.1.2_01.jar.zip
wget http://www.java2s.com/Code/JarDownload/jai/jai_imageio-1.1.jar.zip
for i in *.zip; do unzip $i; done
cp "$SOURCEDIR"/jai_*.jar /opt/digiverso/tomcat-lib/

Deployment of Goobi workflow

The following file has to be stored under the path /etc/tomcat8/Catalina/localhost/goobi.xml:

sed -e "s/PW_SQL_GOOBI/$PW_SQL_GOOBI/" << "EOF" >/etc/tomcat8/Catalina/localhost/goobi.xml
<?xml version='1.0' encoding='utf-8'?>
<Context>
<Manager className="org.apache.catalina.session.PersistentManager" saveOnRestart="false">
<Store className="org.apache.catalina.session.FileStore"/>
</Manager>
<Resources>
<PreResources
className="org.apache.catalina.webresources.DirResourceSet"
base="/opt/digiverso/tomcat-lib/"
webAppMount="/WEB-INF/lib" />
<PreResources
className="org.apache.catalina.webresources.DirResourceSet"
base="/opt/digiverso/goobi/plugins/GUI/"
webAppMount="/WEB-INF/lib" />
<PostResources
className="org.apache.catalina.webresources.DirResourceSet"
base="/opt/digiverso/goobi/lib/"
webAppMount="/WEB-INF/lib" />
</Resources>
<Resource name="goobi"
auth="Container"
factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
type="javax.sql.DataSource"
driverClassName="com.mysql.jdbc.Driver"
username="goobi"
password="PW_SQL_GOOBI"
maxActive="100"
maxIdle="30"
minIdle="4"
maxWait="10000"
testOnBorrow="true"
testWhileIdle="true"
validationQuery="SELECT SQL_NO_CACHE 1"
removeAbandoned="true"
removeAbandonedTimeout="600"
url="jdbc:mysql://localhost/goobi?characterEncoding=UTF-8&amp;autoReconnect=true&amp;autoReconnectForPools=true" />
</Context>
EOF

Now the file permissions are adjusted so that the file is not deleted during an update:

chown -R root.tomcat8 /etc/tomcat8/Catalina
chmod -R g-w /etc/tomcat8/Catalina

In the following, Goobi workflow is now compiled and moved to the expected location in the file system:

cd $SOURCEDIR/goobi/Goobi/
mvn package
cp $SOURCEDIR/goobi/Goobi/module-war/target/goobi.war /var/lib/tomcat8/webapps/

Deployment of Plugins

Some plugins must also be compiled and moved to the expected location in the file system for commissioning:

# OPAC: PICA
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-opac-pica.git
cd $SOURCEDIR/goobi-plugin-opac-pica/PicaOpacPlugin
mvn package
cp $SOURCEDIR/goobi-plugin-opac-pica/PicaOpacPlugin/target/plugin_intranda_opac_pica.jar /opt/digiverso/goobi/plugins/opac/
# OPAC: MARC
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-opac-marc.git
cd $SOURCEDIR/goobi-plugin-opac-marc/goobi-plugin-opac-marc
mvn package
cp $SOURCEDIR/goobi-plugin-opac-marc/goobi-plugin-opac-marc/module-main/target/plugin_intranda_opac_marc.jar /opt/digiverso/goobi/plugins/opac/
# Step: Fileupload
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-step-fileupload.git
cd $SOURCEDIR/goobi-plugin-step-fileupload/goobi-plugin-step-fileupload
mvn package
cp $SOURCEDIR/goobi-plugin-step-fileupload/goobi-plugin-step-fileupload/module-main/target/plugin_intranda_step_fileUpload.jar /opt/digiverso/goobi/plugins/step/
cp $SOURCEDIR/goobi-plugin-step-fileupload/goobi-plugin-step-fileupload/plugin_intranda_step_fileUpload.xml /opt/digiverso/goobi/config
cp $SOURCEDIR/goobi-plugin-step-fileupload/goobi-plugin-step-fileupload/module-gui/target/plugin_intranda_step_fileUpload-GUI.jar /opt/digiverso/goobi/plugins/GUI/
# Step: ImageQA
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-step-imageqa.git
cd $SOURCEDIR/goobi-plugin-step-imageqa/ImageQAPlugin/
mvn package
cp $SOURCEDIR/goobi-plugin-step-imageqa/ImageQAPlugin/plugin_intranda_step_imageQA.xml /opt/digiverso/goobi/config
cp $SOURCEDIR/goobi-plugin-step-imageqa/ImageQAPlugin/module-gui/target/plugin_intranda_step_imageQA-GUI.jar /opt/digiverso/goobi/plugins/GUI/
cp $SOURCEDIR/goobi-plugin-step-imageqa/ImageQAPlugin//module-main/target/plugin_intranda_step_imageQA.jar /opt/digiverso/goobi/plugins/step/
# Command: intranda WebAPI
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-command-intranda.git
cd $SOURCEDIR/goobi-plugin-command-intranda/goobi-plugin-command-intranda
mvn package
cp $SOURCEDIR/goobi-plugin-command-intranda/goobi-plugin-command-intranda/target/plugin_intranda_command_default.jar /opt/digiverso/goobi/plugins/command/
# Dashboard: Example
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-dashboard-example.git
cd $SOURCEDIR/goobi-plugin-dashboard-example/DashboardPlugins
mvn package
cp $SOURCEDIR/goobi-plugin-dashboard-example/DashboardPlugins/module-gui/target/plugin_intranda_dashboard_example-GUI.jar /opt/digiverso/goobi/plugins/GUI/
cp $SOURCEDIR/goobi-plugin-dashboard-example/DashboardPlugins/module-main/target/plugin_intranda_dashboard_example.jar /opt/digiverso/goobi/plugins/dashboard/
cp $SOURCEDIR/goobi-plugin-dashboard-example/DashboardPlugins/plugin_intranda_dashboard_extended.xml /opt/digiverso/goobi/config/
cp $SOURCEDIR/goobi-plugin-dashboard-example/DashboardPlugins/plugin_intranda_dashboard_simple.xml /opt/digiverso/goobi/config/
# REST: intranda REST
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-rest-intranda.git
cd $SOURCEDIR/goobi-plugin-rest-intranda/goobi-plugin-rest-intranda
mvn package
cp $SOURCEDIR/goobi-plugin-rest-intranda/goobi-plugin-rest-intranda/target/plugin_intranda_rest_default.jar /opt/digiverso/goobi/lib/
# Controlling: intranda default statistics
cd $SOURCEDIR
git clone https://github.com/intranda/goobi-plugin-controlling-intranda.git
cd $SOURCEDIR/goobi-plugin-controlling-intranda/intrandaStatisticPlugins/
mvn package
cp $SOURCEDIR/goobi-plugin-controlling-intranda/intrandaStatisticPlugins/statistics_template.pdf /opt/digiverso/goobi/plugins/statistics/
cp $SOURCEDIR/goobi-plugin-controlling-intranda/intrandaStatisticPlugins/statistics_template.xls /opt/digiverso/goobi/plugins/statistics/
cp $SOURCEDIR/goobi-plugin-controlling-intranda/intrandaStatisticPlugins/module-gui/target/plugin_intranda_statistics-GUI.jar /opt/digiverso/goobi/plugins/GUI/
cp $SOURCEDIR/goobi-plugin-controlling-intranda/intrandaStatisticPlugins/module-main/target/plugin_intranda_statistics.jar /opt/digiverso/goobi/plugins/statistics/

The Tomcat service can then be restarted:

systemctl start tomcat8

Configuration and Settings

Configuration file: goobi_config.properties

Please note that commas in the configuration files must be escaped with a backslash:

# Wrong:
ldap_adminLogin=cn=admin,dc=GOOBI,dc=EXAMPLE,dc=ORG
<institution>Name, Place</institution>
# Correct:
ldap_adminLogin=cn=admin\,dc=GOOBI\,dc=EXAMPLE\,dc=ORG
<institution>Name\, Place</institution>
sed -e"s|dc=GOOBI\\\\,dc=EXAMPLE\\\\,dc=ORG|${BASENAME//,/\\\\,}|" -e"s|PW_LDAP_GOOBI|$PW_LDAP_GOOBI|" -e"s|ldap_use=false|ldap_use=true|" /opt/digiverso/goobi/config/goobi_config.properties -i

Creating Users in LDAP

The test accounts must be written to the LDAP. Please note that dn, sambaPrimaryGroupSID and sambaSID are adapted in the file testuser.ldif:

SID=$(sudo net getlocalsid | awk '{print $NF}')
NLTMHASH_PW_GOOBITESTUSER=$(python3 -c "import hashlib; pw = '$PW_GOOBITESTUSER'; print(hashlib.new('md4', pw.encode('utf-16le')).hexdigest().upper());")
SLAPHASH_PW_GOOBITESTUSER=$(slappasswd -s "$PW_GOOBITESTUSER")
ldapadd -x -D cn=admin,$BASENAME -w $PW_LDAP_GOOBI -f <(sed \
-e"s|S-1-5-21-531335965-4077168823-1713822973|$SID|" \
-e"s|dc=GOOBI,dc=EXAMPLE,dc=ORG|$BASENAME|" \
-e"s|sambaNTPassword: 0CB6948805F797BF2A82807973B89537|sambaNTPassword: $NLTMHASH_PW_GOOBITESTUSER|" \
-e"s|userPassword:: e1NTSEF9ZWtKaFpTZklJcndHdjlKTU1rYmxmOUwvZGQ3S3pmU1Y=|userPassword: $SLAPHASH_PW_GOOBITESTUSER|" \
$SOURCEDIR/goobi/Goobi/install/ldap/testuser.ldif)

The home directories for the users are created, but first ensure that the users are known to the system:

id testadmin

If you see a no such user message, try:

service nscd restart
# Wait some 30 seconds, and/or restart slapd, nscd, nslcd, ... and try again:
id testadmin

When the user testadmin is found, go on with the home directory creation:

cd /home && for i in testadmin testscanning testmetadata testimaging testqc testprojectmanagement ; do mkdir $i; chown $i:tomcat8 $i; chmod 775 $i; done

In addition, the SID for Goobi workflow is changed and the value for userDN is adjusted:

mysql goobi -e "update ldapgruppen set sambaSID='$SID-{uidnumber*2+1000}', sambaPrimaryGroupSID='$SID-100' where ldapgruppenid=2;"
mysql goobi -e "update ldapgruppen set userDN='cn={login},ou=users,ou=goobi,$BASENAME' where ldapgruppenID=2;"

A test of the SMB access can be performed as follows:

smbclient -U testadmin%$PW_GOOBITESTUSER //localhost/testadmin

First login

With the account testadmin and the given password $PW_GOOBITESTUSER it is now possible to log in. The application runs here: http://$NAME_HOST/goobi/uii/index.xhtml

Troubleshooting

  • Check the logs:

    • less /var/log/tomcat8/catalina.out

    • less /opt/digiverso/logs/goobi.log

  • Is Tomcat running?

    • ps aux | grep tomcat

    • journalctl -u tomcat8.service

    • systemctl status tomcat8.service

  • Is MariaDB running? Is there a database "goobi"?

    • ps aux | grep mysql

    • mysqlshow goobi

  • Is Apache httpd running? Is the "goobi" vhost enabled?

  • Are you able to access Goobi workflow on the server's command line?

    • Accessing Apache httpd: curl http://localhost/goobi/uii/index.xhtml

    • Accessing Tomcat directly: curl http://localhost:8080/goobi/uii/index.xhtml

  • Check the network configuration and the hostname / DNS name of the server. Especially when you are running this installation as a first test in a VirtualBox environment, the accessibility depends on the VirtualBox Network Adapter settings, and DNS names might not work. In this case try: http://$IP/goobi/uii/index.xhtml

Further configuration

Configuration file: goobi_opac.xml

In the file goobi_opac.xml the used catalog can be entered or adapted:

/opt/digiverso/goobi/config/goobi_opac.xml
<?xml version="1.0" encoding="UTF-8"?>
<opacCatalogues>
[...]
<catalogue title="K10Plus">
<config address="kxp.k10plus.de" database="2.1" description="K10plus" iktlist="IKTLIST-GBV.xml" port="80" ucnf="UCNF=NFC&amp;XPNOFF=1" />
</catalogue>
</opacCatalogues>

Configuration file: goobi_projects.xml

In the configuration file goobi_projects.xml several important parameters for the creation of processes are defined. Among other things, this concerns the institution name, the current year or also the catalog used by default:

/opt/digiverso/goobi/config/goobi_projects.xml
<?xml version="1.0" encoding="UTF-8"?>
<goobiProjects>
<project name="default">
<createNewProcess>
<itemlist>
<item from="werk" multiselect="true">
Creator of digital edition
<select label="Library of Congress (LoC)">Library of Congress</select>
</item>
[...]
<item docstruct="topstruct" isnotdoctype="periodical|multivolume" metadata="_dateDigitization" multiselect="true" required="true" ughbinding="true">
Digitisation date
<select label="2029">2019</select>
</item>
[...]
</itemlist>
<opac use="true">
<catalogue>Library of Congress</catalogue>
</opac>
</createNewProcess>
</project>
</goobiProjects>

Configuration file: goobi_digitalCollections.xml

In the configuration file goobi_digitalCollections.xml different collections can be adapted for the created example project. As an example this could look like this:

/opt/digiverso/goobi/config/goobi_digitalCollections.xml
<?xml version="1.0" encoding="UTF-8"?>
<DigitalCollections>
<default>
<DigitalCollection>DefaultCollection</DigitalCollection>
</default>
<project>
<name>sample_project</name>
<DigitalCollection>Monograph</DigitalCollection>
<DigitalCollection>Varia</DigitalCollection>
</project>
</DigitalCollections>

Goobi viewer integration - prepare NFS share

Setting up NFS is only relevant if the Goobi viewer is also installed or is to be installed, and this installation is not performed on the same machine.

In this case, the /opt/digiverso/viewer folder must be exported from the Goobi viewer server and mounted in the Goobi workflow server. The adjustments for this are as follows:

export IP_VIEWER=1.2.3.4 # IP-Adresse of the Goobi viewer server
apt install -y nfs-common
mkdir /opt/digiverso/viewer/hotfolder -p
chown root:root /opt/digiverso/viewer/hotfolder
echo "${IP_VIEWER}:/opt/digiverso/viewer/hotfolder /opt/digiverso/viewer/hotfolder nfs rsize=8192,wsize=8192,soft,intr,rw,nolock,auto 0 0" >> /etc/fstab