1.0 Installation Instructions test

From Enkive Wiki

Jump to: navigation, search

Contents

Installation Instructions for System Administrators

Prerequisites

The recommended configuration of Enkive uses Java, MongoDB, Indri, Postfix, Jsvc, and SWIG.

Currently the only supported storage backend and search indexing services supported are MongoDB and Indri. Alfresco is no longer supported.

Java

Enkive is written primarily in Java. You will need the Java Development Kit (JDK) for Standard Edition version 6 or later. The Java Runtime Environment (JRE) without the JDK is not sufficient to run Enkive.

Your operating system may already have Java installed, or it may provide an easy way to install it. Alternatively you can download it from Oracle. Oracle also provides installation instructions.

Note the installation directory, which we will refer to as $JAVA_HOME. After installation, the following (among other items) should be installed:

  • Executable file $JAVA_HOME/bin/javac
  • File $JAVA_HOME/lib/tools.jar

Jsvc

Jsvc is also required to launch Enkive as a daemon.

You can download Jsvc from its project page.

You'll want to download the latest version of the native source package (e.g., ccommons-daemon-1.0.10-native-src.tar.gz ; note that version 1.0.10 was the latest version as of May 2012).

Then compile as they suggest:

./configure --with-java=$JAVA_HOME
make

That will make the binary. They provide excellent instructions.

SWIG

SWIG provides a bridge between Enkive and Indri. On Debian-type systems, you can install it with the commands below.

apt-get install swig zlib1g zlib1g-dev

Otherwise, download SWIG from its project page and install accordingly.

Indri

Indri provides Enkive with the core text indexing and searching capabilities. You can read about Indri on its project page.

You can download Indri from SourceForge.

First choose where you would like to install it (e.g., /opt/indri); we'll refer to this place as $INDRI_HOME.

./configure --prefix=$INDRI_HOME --enable-java --with-javahome=$JAVA_HOME
make
make install

MongoDB

You can download binaries for MongoDB.

MongoDB does not ship with a standard Linux init script. You can download one here, edit it to indicate where you installed MongoDB, and save it as /etc/init.d/mongodb .

After installation is finished, MongoDB should be started.

sudo /etc/init.d/mongodb start

Postfix

The Postfix mailserver is used to reliably queue mail for delivery into Enkive. Other mail servers could be used to deliver mail to Enkive, but as of the writing of these installation instructions, only Postfix is supported.

It should be noted that this method assumes a copy of the message (as opposed to the only instance of the message) is received by postfix, as Enkive will consume the message and not send it back for delivery.

Enkive Socket Filter

We provide the enkive-socket-filter (in $ENKIVE_HOME/support/filters/postfix/enkive-socket-filter), which is a small C program that we configure Postfix to use to send the messages into Enkive. Even if you use a mail server other than Postfix, you might still be able to use the enkive-socket-filter with that mail server, although that is well beyond the scope of this document.

To build enkive-socket-filter, issue the command from $ENKIVE_HOME/support/filters/postfix/enkive-socket-filter:

make

That will generate the executable dist/enkive-socket-filter. Put that executable at your preferred location; we'll now refer to that location as $ENKIVE_SOCKET_FILTER_HOME.

Back to Postfix

For a quick setup, place the following code in postfix's master.cf. Replace $ENKIVE_SOCKET_FILTER_HOME with the location you placed the enkive-socket-filter.

smtp      inet  n       -       n       -       -      smtpd
        -o content_filter=filter:dummy

filter    unix  -       n       n       -       -      pipe
          flags=Rq user=nobody null_sender=
          argv=$ENKIVE_SOCKET_FILTER_HOME/enkive-socket-filter localhost 2527 ${sender} ${recipient}

This setup will send every message that comes through the postfix queue to Enkive. IMPORTANT: messages that are received by this postfix get sent to Enkive but do not get delivered to users. If you do not understand this statement and its implications, please seek the help of someone who does.

Configure Enkive

Configurable Settings

Enkive Filters

Enkive provides a fairly flexible system for filtering messages received. Currently the filtering system only provides for deciding whether or not to accept or reject messages. However it does provide filtering capabilities on many different types of message headers. Filter settings are set in $ENKIVE_HOME/config/enkive-filters.xml :

<filters
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="enkive-filters.xsd">
        <defaultAction>Allow</defaultAction>
        <filter enabled="true">
                <action>deny</action>
                <header>X-Spam-Flag</header>
                <value type="string" comparison="matches">YES</value>
        </filter>
        <filter enabled="true">
                <action>deny</action>
                <header>From</header>
                <value type="address" comparison="matches">reject@reject.com</value>
        </filter>
</filters>

The <defaultAction> tag determines the action to take if no filter cases apply to it. Allowed values are 'accept' and 'deny'.

The <filter> tag defines a new enkive filter. the "enabled" attribute defines whether or not enkive should enforce the filter. The <action> tag defines whether or not enkive should allow or deny a message if it meets that filters criteria. If a message meets a certain filter criteria, the action to take with that filter is compared with the default action, if the actions differ, the action set in the filter is taken. Using the example above the default action is to allow messages; if a message comes through that meets the 'x-spam-flag=YES' filter, that message would be rejected, because the action for that filter is to deny.

The <header> tag defines the header on which to filter. The field can be any string, allowing for filtering on any header. The field must match the case of the message header.

The <value> tag defines the value to compare a message headers value against. Valid 'type' attributes are 'integer', 'float', 'date', 'string', and 'address'. Valid comparisons for 'integer', 'float', and 'date' are 'is_greater_than', 'is_less_than', 'matches', and 'does_not_match'. Valid comparisons for addresses and string are 'contains', 'does_not_contain', 'matches', and 'does_not_match'.

Additional information can be found at Enkive_Message_Filtering.

Configure Enkive Daemon for Start Up

A Linux init script is included with the download in $ENKIVE_HOME/enkive [note: this will move to $ENKIVE_HOME/scripts/enkive in later versions of Enkive], however the paths at the top will most likely be incorrect. Edit the paths at the top of the enkive script.

Also it will need executable permissions, so from within the $ENKIVE_HOME directory issue the command:

chmod a+x ./enkive

The enkive script should be placed in your /etc/init.d/ directory (or wherever startup files on your particular operating system go).

Proxy Enkive Web Interface through Apache

If you are using Apache with mod_proxy as your web server, you can configure Apache to proxy to the Jetty web server that's part of Enkive by modifying your httpd.conf file to include:

ProxyPass /ediscovery http://localhost:8888/ediscovery
ProxyPassReverse /ediscovery http://localhost:8888/ediscovery

Configuring Apache in general or any other web server is well beyond the scope of this document.

User Setup

Users can be entered into Enkive in one of two ways

  1. by editing $ENKIVE_HOME/jetty/webapps/enkive/WEB-INF/users.properties
  2. by connecting to an LDAP server

Adding users via users.properties

This file is a standard Spring Security users file. The default file that ships with enkive has one user configured:

enkive=a795c3b4d817cf86580446a1f665cfd82284429d,ROLE_ENKIVE_ADMIN,ROLE_USER,enabled

The first field, enkive, is the username. The second field is the SHA1 hash of the default password, 'enkive'.

The next two fields are user priviliges. ROLE_ENKIVE_ADMIN gives unrestricted access to the enkive archive. All users should have the ROLE_USER attribute. The last field, 'enabled', enables the user to login; by changing this to disabled you can temporarily or permanently lock a user out of the archive.

You can add additional users, or edit and remove existing users. To add a user who only has access to a specific email account, the username should be the email address.

SHA1 hashes of passwords can be generated using the command:

echo -ne password | sha1sum

Connecting to an LDAP Server

LDAP connection is provided by standard spring modules and can be configured in $ENKIVE_HOME/jetty/webapps/enkive/WEB-INF/applicationContext.xml. To connect to your LDAP server, uncomment the lines surrounding the <ldap-server /> tag and the <authentication-manager> tag, then remove or comment out the second authentication-manager tag. Replace the ldap-server url attribute with the url of your ldap server. Enkive will look at the ldap attribute named in the 'ldap.emailField' property in the enkive.properties file. If the 'ldap.emailField' property is blank, it will attempt to build emails addresses from the dn provided in the ldap url.

For more on the capabilities of Spring Security LDAP, go to their website.

Other Properties

Other properties can be configured in the $ENKIVE_HOME/config/enkive.properties file.

In-line comments about the attributes can be found in the $ENKIVE_HOME/config/default/enkive.properties, however, this file should not be edited. All modifications to these properties should be made in $ENKIVE_HOME/config/enkive.properties.

Logging is provided by log4j and can be configured in the standard way by modifying the $ENKIVE_HOME/config/log4j.properties file.

Starting Enkive

Enkive can now be started using the init script that was modified earlier by running

/etc/init.d/enkive start

The Enkive Ediscovery front end can now be accessed on http://localhost:8888/ediscovery, and the back end is ready for archiving.

Personal tools