CentOS Advanced deployment

From Mayan EDMS Wiki
Jump to: navigation, search

Most of this is borrowed from the Advanced Deployment guide for Debian and Ubuntu and adapted to CentOS. Tested on CentOS 7.7.1908, minimal install.

Mayan EDMS should be deployed like any other Django project and preferably using virtualenv.

Being a Django and a Python project, familiarity with these technologies is recommended to better understand why Mayan EDMS does some of the things it does.

Install Mayan-EDMS on CentOS 7[edit]

  • Install EPEL repo:
    sudo yum install epel-release
  • Install dependencies:
    sudo yum install gcc ghostscript graphviz libreoffice postgresql redis supervisor tesseract rsync poppler-devel poppler-utils tesseract-osd supervisor sane-backends python-virtualenv postgresql-server postgresql-contrib libpqxx-devel postgresql-devel rabbitmq-server zlib-devel tesseract-devel python2-pip
  • Create an user account for the installation:
    sudo adduser mayan --system
  • Migrate to the parent directory where the project will be deployed:
    cd /opt
  • Create the Python virtual environment for the installation:
    sudo virtualenv /opt/mayan-edms
  • Make the mayan user the owner of the installation directory:
    sudo chown mayan:mayan /opt/mayan-edms -R
  • Install Mayan EDMS from PyPI:
    sudo -u mayan /opt/mayan-edms/bin/pip install --no-cache-dir mayan-edms
  • Install the Python client for PostgreSQL and Redis:
    sudo -u mayan /opt/mayan-edms/bin/pip install --no-cache-dir librabbitmq==2.0.0 psycopg2==2.7.3.2 redis==2.10.6
  • Enable and start PostgreSQL:
    sudo systemctl enable postgresql
    sudo postgresql-setup initdb
  • Edit /var/lib/pgsql/data/pg_hba.conf

Find the lines that looks like this, near the bottom of the file:

...
host    all             all             127.0.0.1/32            ident
host    all             all             ::1/128                 ident

Then replace “ident” with “md5”:

...
host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5
  • Start PostgreSQL:
    sudo systemctl start postgresql
  • Create the database for the installation:
    sudo -u postgres psql -c "CREATE USER mayan WITH password 'mayanuserpass';"
    sudo -u postgres createdb -O mayan mayan
  • Initialize the project:
    sudo -u mayan MAYAN_DATABASE_ENGINE=django.db.backends.postgresql MAYAN_DATABASE_NAME=mayan MAYAN_DATABASE_PASSWORD=mayanuserpass MAYAN_DATABASE_USER=mayan MAYAN_DATABASE_HOST=127.0.0.1 MAYAN_MEDIA_ROOT=/opt/mayan-edms/media /opt/mayan-edms/bin/mayan-edms.py initialsetup
  • Collect the static files:
    sudo -u mayan MAYAN_MEDIA_ROOT=/opt/mayan-edms/media /opt/mayan-edms/bin/mayan-edms.py preparestatic --noinput
  • Enable RabbitMQ and start:
    sudo systemctl enable rabbitmq-server
    sudo systemctl start rabbitmq-server
  • Create the RabbitMQ user and vhost:
    sudo rabbitmqctl add_user mayan mayanrabbitmqpassword
    sudo rabbitmqctl add_vhost mayan
    sudo rabbitmqctl set_permissions -p mayan mayan ".*" ".*" ".*"
  • Create the supervisor file at /etc/supervisord.d/mayan.ini:
    [supervisord]
    environment=
        MAYAN_ALLOWED_HOSTS='["*"]', # For versions before 3.1 use MAYAN_ALLOWED_HOSTS="*"
        MAYAN_CELERY_RESULT_BACKEND="redis://127.0.0.1:6379/0",
        MAYAN_BROKER_URL="amqp://mayan:mayanrabbitmqpassword@localhost:5672/mayan",
        PYTHONPATH=/opt/mayan-edms/lib/python2.7/site-packages:/opt/mayan-edms/data,
        MAYAN_MEDIA_ROOT=/opt/mayan-edms/media,
        MAYAN_DATABASE_ENGINE=django.db.backends.postgresql,
        MAYAN_DATABASE_HOST=127.0.0.1,
        MAYAN_DATABASE_NAME=mayan,
        MAYAN_DATABASE_PASSWORD=mayanuserpass,
        MAYAN_DATABASE_USER=mayan,
        MAYAN_DATABASE_CONN_MAX_AGE=360,
        MAYAN_SIGNATURES_GPG_PATH=/usr/bin/gpg,
        DJANGO_SETTINGS_MODULE=mayan.settings.production
    
    [program:mayan-gunicorn]
    autorestart = true
    autostart = true
    command = /opt/mayan-edms/bin/gunicorn -w 2 mayan.wsgi --max-requests 500 --max-requests-jitter 50 --worker-class gevent --bind 0.0.0.0:8000 --timeout 120
    user = mayan
    
    [program:mayan-worker-fast]
    autorestart = true
    autostart = true
    command = nice -n 1 /opt/mayan-edms/bin/mayan-edms.py celery worker -Ofair -l ERROR -Q converter,sources_fast -n mayan-worker-fast.%%h
    killasgroup = true
    numprocs = 1
    priority = 998
    startsecs = 10
    stopwaitsecs = 1
    user = mayan
    
    [program:mayan-worker-medium]
    autorestart = true
    autostart = true
    command = nice -n 18 /opt/mayan-edms/bin/mayan-edms.py celery worker -Ofair -l ERROR -Q checkouts_periodic,documents_periodic,indexing,metadata,sources,sources_periodic,uploads,documents -n mayan-worker-medium.%%h --concurrency=1
    killasgroup = true
    numprocs = 1
    priority = 998
    startsecs = 10
    stopwaitsecs = 1
    user = mayan
    
    [program:mayan-worker-slow]
    autorestart = true
    autostart = true
    command = nice -n 19 /opt/mayan-edms/bin/mayan-edms.py celery worker -Ofair -l ERROR -Q mailing,tools,statistics,parsing,ocr -n mayan-worker-slow.%%h --concurrency=1
    killasgroup = true
    numprocs = 1
    priority = 998
    startsecs = 10
    stopwaitsecs = 1
    user = mayan
    
    [program:mayan-celery-beat]
    autorestart = true
    autostart = true
    command = nice -n 1 /opt/mayan-edms/bin/mayan-edms.py celery beat --pidfile= -l ERROR
    killasgroup = true
    numprocs = 1
    priority = 998
    startsecs = 10
    stopwaitsecs = 1
    user = mayan
    • Be very careful that:
      • There are exactly four spaces before each line of the environment variables at the top of the config
      • There is a comma after each environment variable except the last
      • Each line of the [program] blocks contains exactly one key = value pair (be sure there aren't any surprise carriage returns/newlines)
  • Configure Redis to discard data when it runs out of memory:
sudo echo "maxmemory-policy allkeys-lru" >> /etc/redis.conf
sudo echo "save \"\"" >> /etc/edis.conf
sudo echo "databases 1" >> /etc/redis.conf
  • Enable Redis and start:
    sudo systemctl enable redis
    sudo systemctl start redis
  • Enable and start the services:
    sudo systemctl enable supervisord
    sudo systemctl start supervisord

Reverse proxy (nginx)[edit]

  • Install nginx reverse proxy:
    sudo yum install nginx
  • Create a reverse proxy config file in /etc/nginx/conf.d/mayan.conf:

Note: If your server is internet-facing, it is wise to ignore the next couple steps and instead secure your web traffic with TLS.

server {
  listen *:80;
  server_name _;
  root /usr/share/nginx/html;
  location / {
    proxy_pass http://127.0.0.1:8000;
    proxy_set_header Host $host;
    proxy_set_header Referer "";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    client_max_body_size 25M;  # increase allowable size of webform upload
  }

 error_page 404 /404.html;
 location = /40x.html {
 }

 error_page 500 502 503 504 /50x.html;
 location = /50x.html {
 }

}
  • Edit /etc/nginx/nginx.conf and delete everything after line 37 and add a single } on a line by itself:
        ...
        # Load modular configuration files from the /etc/nginx/conf.d directory.
        # See http://nginx.org/en/docs/ngx_core_module.html#include
        # for more information.
        include /etc/nginx/conf.d/*.conf;
    }
  • Open the firewall:
    sudo firewall-cmd --add-service=http --zone=public --permanent
    sudo firewall-cmd --reload
  • Enable and start nginx:
    sudo setsebool httpd_can_network_connect 1 -P
    sudo systemctl enable nginx
    sudo systemctl start nginx


Troubleshooting[edit]

Ask Supervisor to log verbosely[edit]

Set loglevel=debug in /etc/supervisord.conf.

Check the Supervisord log[edit]

Navigate to /var/log/supervisor and take a look at supervisord.log

sudo tail -n 75 /var/log/supervisor/supervisord.log

Check the Supervisor configuration file[edit]

  • The environment section must be formatted as shown. Each line starts with 4 spaces. Each line, except the last one ends with comma.
  • If changes are made to the supervisor file the following commands must be execute to force and update:
    sudo supervisorctl reread
    sudo supervisorctl update