HOWTO install Enkive 1.3 on CentOS 6.4

From Enkive Wiki

Jump to: navigation, search

This HOWTO documents step-by-step how to install and configure Enkive 1.3 on CentOS 6.4. (The instructions should work on all versions of CentOS 6 and Red Hat Enterprise Linux 6.x, but they have not been tested on those platforms.)

Before continuing, you should read the official, and generic, installation instructions for Enkive 1.3 at http://wiki.enkive.org/index.php/1.3_Installation_Instructions.

Assumptions: This will be a standalone server that only runs the Enkive email archiver. Any email sent to this machine's postfix (port 25) gets archived. In a production environment you will have to configure your existing mail server(s) to send a copy of each email that comes in to and goes out of your organization to this Enkive server. Configuring your existing mail server(s) to send duplicate emails to Enkive is not covered in this HOWTO.


Contents

Prerequisites

The files used to install Enkive 1.3. These were the latest available versions at the time of this writing (June 2013):

  • enkive-1.3.tar.gz
  • jdk-7u21-linux-x64.tar.gz (or jdk-7u21-linux-x64.rpm)
  • mongodb-linux-x86_64-2.4.4.tgz
  • indri-5.4.tar.gz
  • commons-daemon-1.0.15-native-src.tar.gz (do not use an earlier version than 1.0.12 with Enkive 1.3)

The download links are available at http://wiki.enkive.org/index.php/1.3_Installation_Instructions.

Linux operating system:

  • CentOS 6.4. Default install from the DVD, except selected "Desktop" package installation. You can customize the partitioning any way you like, but make sure there is enough room in /opt as this HOWTO installs most of the Enkive components in that directory.


Make sure you have at least 10GB (and preferably a lot more) of free space on your machine. MongoDB won't start properly if there's not enough free space.


Preliminary steps

SELinux

Since SELinux is in enforcing mode by default, you will want to set it to permissive while you install and configure Enkive. Modify the line in file /etc/selinux/config so that:

SELINUX=enforcing

becomes

SELINUX=permissive

You can also disable SELinux entirely by changing the line in /etc/selinux/config to:

SELINUX=disabled

You should reboot your server after modifying /etc/selinux/config. You can also switch to permissive mode on the fly with:

setenforce 0

Remember that changing SELinux with "setenforce" does not hold across reboots!

There are notes further down in this document on how to allow Enkive running with SELinux in enforcing mode.


iptables

We recommend leaving iptables temporarily disabled while installing and configuring Enkive. You can do this with:

system-config-firewall-tui


Postfix

Edit /etc/postfix/main.cf so that postfix doesn't just listen on localhost, which is the default behavior. For example, change the line, in /etc/postfix/main.cf:

inet_interfaces = localhost

to

inet_interfaces = all


Now restart Postfix:

/etc/init.d/postfix restart


Development environment

Some of the Enkive-related packages need to be compiled, so get a development environment installed. At minimum, the packages you'll need are:

  • gcc
  • gcc-c++
  • make
  • libcap-devel
yum install gcc gcc-c++ make libcap-devel

You can also get a fairly complete development environment by doing:

yum groupinstall "Development Tools" 
yum groupinstall "Server Platform Development"
yum groupinstall "Desktop Platform Development"
yum groupinstall "Additional Development"


Java

Unpack the tarball in /opt:

tar zxvf jdk-7u21-linux-x64.tar.gz -C /opt/

Make a symbolic link:

cd /opt/
ln -s jdk1.7.0_21/ java

So, per the Enkive wiki instructions, $JAVA_HOME is: /opt/jdk1.7.0_21 or /opt/java. We'll use /opt/java as the $JAVA_HOME from now on.

You may want to put /opt/java/bin in your path. The typical way to do this on CentOS/RHEL is to modify the $HOME/.bash_profile file. You could modify the line as follows:

PATH=/opt/java/bin:$PATH

This will put Java first in your path. Remember to log out and log back in to update your $PATH variable.


You can also install Java with the rpm:

rpm -Uvh jdk-7u21-linux-x64.rpm


If Java was installed using the rpm, then $JAVA_HOME will be:

 /usr/java/jdk1.7.0_21



Jsvc

Note: You must use Jsvc version 1.0.12 (or later) with Enkive 1.3. Earlier versions of Jsvc are not compatible with Enkive 1.3.

For Jsvc, we will compile with the java option and then copy the resulting binary to another directory so that it's in our path. Note that $JAVA_HOME is /opt/java:

tar zxvf commons-daemon-1.0.15-native-src.tar.gz
cd commons-daemon-1.0.15-native-src/
cd unix/
./configure --with-java=/opt/java
make
cp jsvc /usr/local/bin/

Now "jsvc" is in your path. This is also where the enkive initscript expects to find the jsvc binary.

(To use a bundled openjdk runtime, it may be possible to substitute for the configure step: export JAVA_HOME=/usr/lib/jvm/default-java ; ./configure )

If you installed Java with the RPM, change the "configure" line to:

./configure --with-java=/usr/java/jdk1.7.0_21


Swig

For swig:

yum install swig zlib zlib-devel

If you did a package group installation (ie, yum groupinstall) of the development tools and development libraries, then the swig, zlib, and zlib-devel packages are already installed.


Indri

For indri, we're going to install it in /opt/indri, as the Enkive wiki suggests.

tar zxvf indri-5.4.tar.gz
cd indri-5.4/
./configure --prefix=/opt/indri --enable-java --with-javahome=/opt/java
make
make install

Note: If you installed Java with the rpm, then the configure line will be:

./configure --prefix=/opt/indri --enable-java --with-javahome=/usr/java/jdk1.7.0_21

MongoDB

For mongodb, unpack it in /opt. Create a symbolic link for it. Create a directory within it (ie, data/db) for the database files.

tar zxvf mongodb-linux-x86_64-2.4.4.tgz -C /opt/
cd /opt/
ln -s mongodb-linux-x86_64-2.4.4/ mongodb
cd mongodb/
mkdir -p data/db


Create the initscript for mongodb, and put the following in /etc/init.d/mongodb:

#!/bin/bash
#
# mongodb     Startup script for the mongodb server
#
# chkconfig: - 60 40
# description: MongoDB Database Server
#
# processname: mongodb
#
# Credit for this initscript goes to: http://ewanleith.com/downloads/mongodb.txt, 
#  It has only been slightly modified.
#
#

# Source function library
. /etc/rc.d/init.d/functions

if [ -f /etc/sysconfig/mongodb ]; then
	. /etc/sysconfig/mongodb
fi

prog="mongod"
mongod="/opt/mongodb/bin/mongod"
RETVAL=0

start() {
	echo -n $"Starting $prog: "
	daemon $mongod "--fork --dbpath /opt/mongodb/data/db --logpath /var/log/mongodb.log --logappend 2>&1 >>/var/log/mongodb.log"
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && touch /var/lock/subsys/$prog
	return $RETVAL
}

stop() {
	echo -n $"Stopping $prog: "
	killproc $prog
	RETVAL=$?
	echo
	[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
	return $RETVAL
}

reload() {
	echo -n $"Reloading $prog: "
	killproc $prog -HUP
	RETVAL=$?
	echo
	return $RETVAL
}

case "$1" in
	start)
		start
		;;
	stop)
		stop
		;;
	restart)
		stop
		start
		;;
	condrestart)
		if [ -f /var/lock/subsys/$prog ]; then
			stop
			start
		fi
		;;
	reload)
		reload
		;;
	status)
		status $mongod
		RETVAL=$?
		;;
	*)
		echo $"Usage: $0 {start|stop|restart|condrestart|reload|status}"
		RETVAL=1
esac

exit $RETVAL


Make the mongodb initscript executable:

chmod 755 /etc/init.d/mongodb

Start mongodb. It may take a minute to start on slower machines:

/etc/init.d/mongodb start


Enkive (and Postfix)

Now unpack the Enkive tarball and put it in /opt. We also create a symbolic link here.

tar zxvf enkive-1.3.tar.gz -C /opt/
cd /opt/
ln -s enkive-1.3/ enkive


Create the Enkive socket filter:

cd /opt/enkive/support/filters/postfix/enkive-socket-filter/
make

This socket filter is now at:

/opt/enkive/support/filters/postfix/enkive-socket-filter/dist/enkive-socket-filter 

We'll need the path to it for Postfix.

Edit the /etc/postfix/master.cf file as follows. There's already a line at the top for "smtp". You will add a second line below it for the content filter, and then 3-line filter section.

The top of the master.cf file should look something like this:

smtp      inet  n       -       n       -       -       smtpd
   -o content_filter=filter:dummy
filter    unix  -       n       n       -       -      pipe
          flags=Rq user=nobody null_sender=
          argv=/opt/enkive/support/filters/postfix/enkive-socket-filter/dist/enkive-socket-filter localhost 2527 ${sender} ${recipient}

Restart Postfix:

/etc/init.d/postfix restart


Create an "enkive" user. The -r option will make a system user, rather than a regular user:

useradd -r enkive


Allow the new "enkive" user to read and write to Enkive (don't forget the trailing slash!):

chown -R enkive.enkive /opt/enkive/

Prepare the enkive initscript.

cp /opt/enkive/scripts/enkive /etc/init.d/enkive
chmod 755 /etc/init.d/enkive


At the top of the enkive initscript you need to edit several variables.

The relevant portion of the initscript:

...
# SYSTEM ADMINISTRATOR LIKELY WANTS TO MODIFY THE FOLLOWING VARIABLES

# user id under which Enkive is run; a good practice is to create a
# user specifically to run Enkive (e.g., "enkive")
ENKIVE_USER=enkive

# path to top-level Enkive directory; this directory would contain
# "lib" and "config"
ENKIVE_HOME=/opt/enkive

# path to the jsvc executable file
JSVC=/usr/local/bin/jsvc

# path to top level of the Java JDK (must be a JDK and not a JRE);
# should contain "bin", "lib", and "lib/tools.jar"
JAVA_HOME=/opt/java

# path to directory that Indri was installed in -- typically /usr/local
# or /opt/indri. Expect to find underneath this directory both
# lib/libindri_jni.so and share/indri/indri.jar . 
INDRI_INSTALL_PATH=/opt/indri
...

Note: If you installed Java with the rpm, the "JAVA_HOME" line should be:

JAVA_HOME=/usr/java/jdk1.7.0_21


Now start enkive:

/etc/init.d/enkive start


Give it a few seconds. Then log in to a graphical desktop and use the web browser to go to http://localhost:8888/ediscovery/. Even better: from another computer on your network go to http://enkiveIPaddress:8888/ediscovery/ in a web browser.

Log in as user "enkive" with the password "enkive". There won't be any archived email yet to search. Log out.


Add email to Enkive

The telnet client is sometimes not installed by default on CentOS 6, so:

yum install telnet

Sent a test email to the Enkive using the telnet client. If you've never done this before, you might want to read the following:

Follow the session below. You can only escape from the telnet session with CTRL-] (not CTRL-C!).

The actual lines you type after telnetting to port 25 are:

ehlo localhost
mail from:<bill@example.com>
rcpt to:<ted@example.org>
data
From: Bill <bill@example.com>
To: Ted <ted@example.org>
Subject: my first archived email

Archive me, please!

.


Note that you finally "send" the email by typing a single period by itself on a line, then hit enter. After which, postfix will queue the message.

[root@localhost ~]# telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.localdomain (127.0.0.1).
Escape character is '^]'.
220 localhost.localdomain ESMTP Postfix
ehlo localhost
250-localhost.localdomain
250-PIPELINING
250-SIZE 10240000
250-VRFY
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
mail from:<bill@example.com>
250 2.1.0 Ok
rcpt to:<ted@example.org>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: Bill <bill@example.com>
To: Ted <ted@example.org>
Subject: my first archived email

Archive me, please!

.
250 2.0.0 Ok: queued as 2C27F1E4836
^]
telnet> quit
Connection closed.


Now go back to http://localhost:8888/discovery and log in. You will be able to search for the email.


Final clean up and reboot

Make sure everything starts on boot.

chkconfig --add enkive
chkconfig --add mongodb
chkconfig enkive on
chkconfig mongodb on

Reboot for good measure.

Note: MongoDB should start before Enkive. If you're having issues with Enkive not starting on boot, it could be that MongoDB has not finished starting when Enkive starts. If that's the case, you need to modify the sequence numbers in the mongodb and enkive initscripts. The current settings used here should work, however.


SELinux

At this point, your Enkive installation is working, but only when SELinux is in permissive mode or if SELinux is disabled entirely. If you switch to enforcing mode, Postfix won't work with the Enkive socket filter because Postfix runs confined in SELinux. What will happen in this case is that Postfix won't have permission to run the Enkive socket filter and will report "permission denied" in /var/log/maillog. Also, any mail that gets sent to postfix will just stay in the mail queue.

If SELinux was in permissive mode, you can look in /var/log/audit/audit.log and check for lines that say "avc denied". This happened when you added mail to the archiver using the telnet client. Permissive mode doesn't actually block the action, but just reports what it would be had it been in enforcing mode.

To modify your SELinux policy, you will need the "audit2allow" command. If you don't have it, you need to install the following package:

yum install policycoreutils-python

The following will work, but read the cautionary note afterward:

cat /var/log/audit/audit.log | audit2allow -M postfixenkive

This will create files called "postfixenkive.te" and "postfixenkive.pp", but you can use whatever name you like. Now install the SELinux module:

semodule -i postfixenkive.pp 

You should be careful with this because you are submitting the entire audit.log to audit2allow. Now if this is being performed on a newly installed server that is solely dedicated to Enkive, this shouldn't be much of a problem.

The following might be preferable and is verified to work on CentOS 6.4. Put the following in a text file called postfixenkive.te:


module postfixenkive 1.0;

require {
	type postfix_pipe_t;
	type usr_t;
	class file { read execute execute_no_trans };
}

#============= postfix_pipe_t ==============
allow postfix_pipe_t usr_t:file { read execute execute_no_trans };

Run the following commands:

checkmodule -M -m postfixenkive.te -o postfixenkive.mod
semodule_package -m postfixenkive.mod -o postfixenkive.pp
semodule -i postfixenkive.pp


You can temporarily turn on SELinux with:

setenforce 1

and then test Enkive again.

This will put it in enforcing mode, but it won't survive a reboot. If you want this change permanent, modify /etc/selinux/config so that:

SELINUX=enforcing



iptables

If you want to set up a host-based iptables firewall, run:

system-config-firewall-tui

Remember to leave ports 25 and 8888 open.




You're mostly done

At this point, if you want to start archiving email you will have configure your mail server (and there may be more than one in your organization) to send a duplicate of each email to this Enkive server.

Postfix (including Zimbra), sendmail and exim have different ways of doing this; however, this is not covered here yet.

Personal tools