How to install OpenERP 6.0 on Ubuntu 10.04 LTS Server (Part 1)
Update: 22/02/2012. OpenERP 6.1 was released today. I’ve written a howto for this new version here.
Recently at work, we’ve been setting up several new instances of OpenERP for customers. Our server operating system of choice is Ubuntu 10.04 LTS.
Installing OpenERP isn’t really that hard, but having seen several other “How Tos” on-line describing various methods where none seemed to do the whole thing in what I consider to be “the right way”, I thought I’d explain how we do it. There are a few forum posts that I’ve come across where the advice is just plain wrong too, so do be careful.
As we tend to host OpenERP on servers that are connected to the big wide Internet, our objective is to end up with a system that is:
- A: Accessible only via encrypted (SSL) services from the GTK client, Web browser, WebDAV and CalDAV
- B: Readily upgradeable and customisable
One of my friends said to me recently, “surely it’s just sudo apt-get install openerp-server isn’t it?” Fair enough; this would actually work. But there are several problems I have with using a packaged implementation in this instance:
- Out-of-date. The latest packaged version I could see, in either the Ubuntu or Debian repositories, was 5.0.15. OpenERP is now at 6.0.3 and is a major upgrade from the 5.x series.
- Lack of control. Being a business application, with many configuration choices, it can be harder to tweak your way when the packager determined that one particular way was the “true path”.
- Upgrades and patches. Knowing how, where and why your OpenERP instance is installed the way it is, means you can decide when and how to update it and patch it, or add custom modifications.
So although the way I’m installing OpenERP below is manual, it gives us a much more fine-grained level of control. Without further ado then here is my way as it stands currently (“currently” because you can almost always improve things. HINT: suggestions for improvement gratefully accepted).
[Update 18/08/2011: I've updated this post for the new 6.0.3 release of OpenERP]
Step 1. Build your server
I install just the bare minimum from the install routine (you can install the openssh-server during the install procedure or install subsequently depending on your preference).
After the server has restarted for the first time I install the openssh-server package (so we can connect to it remotely) and denyhosts to add a degree of brute-force attack protection. There are other protection applications available: I’m not saying this one is the best, but it’s one that works and is easy to configure and manage. If you don’t already, it’s also worth looking at setting up key-based ssh access, rather than relying on passwords. This can also help to limit the potential of brute-force attacks. [NB: This isn't a How To on securing your server...]
sudo apt-get install openssh-server denyhosts
Now make sure you are running all the latest patches by doing an update:
sudo apt-get update
sudo apt-get dist-upgrade
Although not always essential it’s probably a good idea to reboot your server now and make sure it all comes back up and you can still login via ssh.
Now we’re ready to start the OpenERP install.
Step 2. Create the OpenERP user that will own and run the application
sudo adduser --system --home=/opt/openerp --group openerp
This is a “system” user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (well it’s actually /bin/false) and has logins disabled. Note that I’ve specified a “home” of /opt/openerp, this is where the OpenERP server, and optional web client, code will reside and is created automatically by the command above. The location of the server code is your choice of course, but be aware that some of the instructions and configuration files below may need to be altered if you decide to install to a different location.
Step 3. Install and configure the database server, PostgreSQL
sudo apt-get install postgresql
Then configure the OpenERP user on postgres:
First change to the postgres user so we have the necessary privileges to configure the database.
sudo su - postgres
Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:
createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp
Enter password for new role: ********
Enter it again: ********
[Update 18/08/2011: I have added the --no-superuser switch. There is no need for the openerp database user to have superuser privileges.]
Finally exit from the postgres user account:
exit
Step 4. Install the necessary Python libraries for the server
sudo apt-get install python python-psycopg2 python-reportlab \
python-egenix-mxdatetime python-tz python-pychart python-mako \
python-pydot python-lxml python-vobject python-yaml python-dateutil \
python-pychart python-webdav
And if you plan to use the Web client install the following:
sudo apt-get install python-cherrypy3 python-formencode python-pybabel \
python-simplejson python-pyparsing
Step 5. Install the OpenERP server, and optional web client, code
I tend to use wget for this sort of thing and I download the files to my home directory.
Make sure you get the latest version of the application files. At the time of writing this it’s 6.0.2 6.0.3; I got the download links from their download page.
wget http://www.openerp.com/download/stable/source/openerp-server-6.0.3.tar.gz
And if you want the web client:
wget http://www.openerp.com/download/stable/source/openerp-web-6.0.3.tar.gz
Now install the code where we need it: cd to the /opt/openerp/ directory and extract the tarball(s) there.
cd /opt/openerp
sudo tar xvf ~/openerp-server-6.0.3.tar.gz
sudo tar xvf ~/openerp-web-6.0.3.tar.gz
Next we need to change the ownership of all the the files to the openerp user and group.
sudo chown -R openerp: *
And finally, the way I have done this is to copy the server and web client directories to something with a simpler name so that the configuration files and boot scripts don’t need constant editing (I call them, rather unimaginatively, server and web). I started out using a symlink solution, but I found that when it comes to upgrading, it seems to make more sense to me to just keep a copy of the files in place and then overwrite them with the new code. This way you keep any custom or user-installed modules and reports etc. all in the right place.
sudo cp -a openerp-server-6.0.3 server
sudo cp -a openerp-web-6.0.3 web
As an example, should OpenERP 6.0.4 come out next, I can extract the tarballs into /opt/openerp/ as above. I can do any testing I need, then repeat the copy command (replacing 6.0.3 obviously) so that the modified files will overwrite as needed and any custom modules, report templates and such will be retained. Once satisfied the upgrade is stable, the older 6.0.3 directories can be removed if wanted.
That’s the OpenERP server and web client software installed. The last steps to a working system are to set up the two (server and web client) configuration files and associated init scripts so it all starts and stops automatically when the server boots and shuts down.
Step 6. Configuring the OpenERP application
The default configuration file for the server (in /opt/openerp/server/doc/) could really do with laying out a little better and a few more comments in my opinion. I’ve started to tidy up this config file a bit and here is a link to the one I’m using at the moment (with the obvious bits changed). You need to copy or paste the contents of this file into /etc/ and call the file openerp-server.conf. Then you should secure it by changing ownership and access as follows:
sudo chown openerp:root /etc/openerp-server.conf
sudo chmod 640 /etc/openerp-server.conf
The above commands make the file owned and writeable only by the openerp user and only readable by openerp and root.
To allow the OpenERP server to run initially, you should only need to change one line in this file. Toward to the top of the file change the line db_password = ******** to have the same password you used way back in step 3. Use your favourite text editor here. I tend to use nano, e.g. sudo nano /etc/openerp-server.conf
Once the config file is edited, you can start the server if you like just to check if it actually runs.
/opt/openerp/server/bin/openerp-server.py --config=/etc/openerp-server.conf
It won’t really work just yet as it isn’t running as the openerp user. It’s running as your normal user so it won’t be able to talk to the PostgreSQL database. Just type CTL+C to stop the server.
Step 7. Installing the boot script
For the final step we need to install a script which will be used to start-up and shut down the server automatically and also run the application as the correct user. Here’s a link to the one I’m using currently.
Similar to the config file, you need to either copy it or paste the contents of this script to a file in /etc/init.d/ and call it openerp-server. Once it is in the right place you will need to make it executable and owned by root:
sudo chmod 755 /etc/init.d/openerp-server
sudo chown root: /etc/init.d/openerp-server
In the config file there’s an entry for the server’s log file. We need to create that directory first so that the server has somewhere to log to and also we must make it writeable by the openerp user:
sudo mkdir /var/log/openerp
sudo chown openerp:root /var/log/openerp
Step 8. Testing the server
To start the OpenERP server type:
sudo /etc/init.d/openerp-server start
You should now be able to view the logfile and see that the server has started.
less /var/log/openerp/openerp-server.log
If there are any problems starting the server now you need to go back and check. There’s really no point ploughing on if the server doesn’t start…
OpenERP - First Login
If you now start up the GTK client and point it at your new server you should see a message like this:
Which is a good thing. It means the server is accepting connections and you do not have a database configured yet. I will leave configuring and setting up OpenERP as an exercise for the reader. This is a how to for installing the server. Not a how to on using and configuring OpenERP itself…
What I do recommend you do at this point is to change the super admin password to something nice and strong. By default it is “admin” and with that a user can create, backup, restore and drop databases (in the GTK client, go to the file menu and choose the Databases -> Administrator Password option to change it). This password is written as plain text into the /etc/openerp-server.conf file. Hence why we restricted access to just openerp and root.
One rather strange thing I’ve just realised is that when you change the super admin password and save it, OpenERP completely re-writes the config file. It removes all comments and scatters the configuration entries randomly throughout the file. I’m not sure as of now if this is by design or not.
Now it’s time to make sure the server stops properly too:
sudo /etc/init.d/openerp-server stop
Check the logfile again to make sure it has stopped and/or look at your server’s process list.
Step 9. Automating OpenERP startup and shutdown
If everything above seems to be working OK, the final step is make the script start and stop automatically with the Ubuntu Server. To do this type:
sudo update-rc.d openerp-server defaults
You can now try rebooting you server if you like. OpenERP should be running by the time you log back in.
If you type ps aux | grep openerp you should see a line similar to this:
openerp 708 3.8 5.8 181716 29668 ? Sl 21:05 0:00 python /opt/openerp/server/bin/openerp-server.py -c /etc/openerp-server.conf
Which shows that the server is running. And of course you can check the logfile or use the GTK client too.
Step 10. Configure and automate the Web Client
Although it’s called the web client, it’s really another server-type application which [ahem] serves OpenERP to users via a web browser instead of the GTK desktop client.
If you want to use the web client too, it’s basically just a repeat of steps 6, 7, 8 and 9.
The default configuration file for the web client (can also be found in /opt/openerp/web/doc/openerp-web.cfg) is laid out more nicely than the server one and should work as is when both the server and web client are installed on the same machine as we are doing here. I have changed one line to turn on error logging and point the file at our /var/log/openerp/ directory. For our installation, the file should reside in /etc/, be called openerp-web.conf and have it’s owner and access rights set as with the server configuration file:
sudo chown openerp:root /etc/openerp-web.conf
sudo chmod 640 /etc/openerp-web.conf
Here is a web client boot script. This needs to go into /etc/init.d/, be called openerp-web and be owned by root and executable.
sudo chmod 755 /etc/init.d/openerp-web
sudo chown root: /etc/init.d/openerp-web
You should now be able to start the web server by entering the following command:
sudo /etc/init.d/openerp-web start
Check the web client is running by looking in the log file, looking at the process log and, of course, connecting to your OpenERP server with a web browser. The web client by default runs on port 8080 so the URL to use is something like this: http://my-ip-or-domain:8080
Make sure the web client stops properly:
sudo /etc/init.d/openerp-web stop
And then configure it to start and stop automatically.
sudo update-rc.d openerp-web defaults
You should now be able to reboot your server and have the OpenERP server and web client start and stop automatically.
I think that will do for this post. It’s long enough as it is!
I’ll do a part 2 in a little while where I’ll cover using apache, ssl and mod_proxy to provide encrypted access to all services.
[UPDATE: Part 2 is here]
A Good Pub Guide: The White Hart, Sherington
The White Hart, Sherington
Earlier this week, we had a bit of a road trip on our hands… A day discussing OpenERP in Cambridge and the next day vtiger CRM consulting in Milton Keynes which is not too far away, so we needed somewhere to stay to avoid driving a 200+ mile round trip.
We found a real gem of place! A very attractive country pub with extremely pleasant rooms, very friendly service, fantastic food (the Mixed Grill was really, really excellent), good beer and entertaining and congenial locals too.
If you happen to be working around the Bedford, Milton Keynes, Newport Pagnell area and want somewhere to stay, I whole-heartedly recommend you check out The White Hart in Sherington.
Dear Matt Asay,
It is great that you are now COO of the worlds leading Free Software company. We look forward to Canonical growing and changing over the next few years. Canonical has a world class management team, an epic engineering staff and the support of a huge and amazing community.
LONDON, February 5, 2010 – Canonical Ltd., the commercial sponsor of Ubuntu, announced today that open source industry veteran Matt Asay has joined the company as chief operating officer (COO) — responsible for aligning strategic goals and operational activities, the optimization of day-to-day operations, and leadership of Canonical marketing and back-office functions.
Part of your role appears to be figuring out how to help a Free Software company make money (monetise is not a great word). We don’t think “Open Core” is the right way. That might work for a proprietary company that just wants to leverage a community to do free marketing for them. We would like Canonical to be a Free Software company – and for it to make money.
Here are some ideas we think offer good potential for a reasonably quick return on investment.
Please take a long hard look at the partner ecosystem and programmes. There has been staggering amounts of effort put into community building around Ubuntu, but really not much of this has been directed at companies who want to support and participate in Ubuntu. There is no Launchpad group for partners. No mailing list. No IRC channel. There are just three other partners apart from ourselves in the UK. We would like to see lots of UK partners, and we would like to see them talking to each other; doing joint marketing events, subbing business out to each other as they run out of capacity to meet the growing market demands, you know the kind of thing. Creating a community of partners is one sure way to get your messages across faster and more consistently.
We’d like Canonical to produce more business-focussed events where you show off some of the cool things you and your customers are doing with Ubuntu like Landscape and the Eucalyptus private enterprise cloud. Talk about some of the amazing business-centric applications that run on Ubuntu like OpenERP, Asterisk, Alfresco etc. With a strong partner network getting bums-on-seats is less of a chore and you are more likely to get quality delegates too.
Please encourage and promote the whole “opportunistic developer” thing that is going on with Quickly, Launchpad and Ground Control. This is really fantastic stuff and could be a big differentiator. Our opportunity is to show businesses how:
- They can use Quickly to develop internal applications hosted on launchpad and then with Ground Control they can empower all their staff to improve the tools they work with.
- Quickly and Launchpad and the Ubuntu One CouchDB back end can be used to develop internal applications that work online and offline and share information between desktopcouchdb instances.
- Quickly and CouchDB have all the security and authentication and workflow of Lotus Notes without the clunky UI widgets and general user interface direness. Couchdb can do that at the back end and Quickly/GTK can take care of the UI.
One last thing, get Alfresco back in the repositories. It was in the partner repo for 9.04 and was nearly great, just a few minor issues. In 9.10 and 10.04 it isn’t present. Simply not there. As it is in the partner repo and not one of the Canonical or community maintained repos there is very little we can do to help, much as we would like to. You know how great Alfresco is, you know how great Ubuntu is. They belong together. Jump up and down until it happens. If Canonical/Alfresco will commit to not putting it in the partner repo that is a perfectly acceptable alternative, it is GPL licensed Free Software, we will work with others in the community to get it in the Universe repo and maintain it there.
Good luck Matt, we very much look forward to working with you and Canonical over the coming years,
Alan Bell & Alan Lord
The Open Learning Centre
BETT 2010 Review
It’s that time of year when around 30,000 educationalists from all over the world descend on Olympia in London for the annual edu-geek-out that is BETT.
I’ve been going to BETT now for 3 or 4 years as an exhibitor or just helping to promote Open Source and Free Software with other like minded members of our amazing community.
This year we helped our friends and colleagues at Open Source Schools and Open Forum Europe on the Open Source Café. The simple objective of the show was to inform the education sector about Open Source and where to find help, advice and common ground with peers who’ve “been there” and “done that” already.
This year was, frankly, quite exceptional.
The stand received financial sponsorship from Red Hat, Linux IT, University of London Computing Centre and The Learning
Machine (Ingots) for which everyone is very grateful. Canonical, the commercial entity behind Ubuntu very kindly provided us with 600 Ubuntu 9.10 CDs (500 Desktop and 100 Server) to give away (thanks Larry) and there were a similar number of CDs containing a great collection of Education-centric Open Source desktop applications for Windows from Free Software for Students that was compiled and produced by Peter Kemp and David Wilmut. That’s around 1200 CDs in total full of completely Free goodness and fun. We encouraged all the recipients to copy, share and pass them on too! At the end of the show we had only a few (quite literally) of each remaining.
An interesting sum was carried out: The value of equivalent proprietary software was estimated to be over £4000 for the pair of CDs – I actually think that is rather low considering the volume of stuff in the Ubuntu repos including several real Enterprise grade applications such as OpenERP and Alfresco – so we have potentially delivered a net saving to the education sector of at least £2.5m. And of course this does not include all the free copies that will be made and passed around!
The Open Source Cafe at BETT2010
We also found time to meet up with friends and colleagues from Sirius, Mark Taylor and John Spencer. Sirius has been very successful in the education sector, they are the only Open Source vendor to be on Becta’s “approved supplier list”, and were nominated for an award this year for the work they and North West Learning Grid put in to the National Digital Resource Bank.
The national digital resource bank will deliver a vast range of publicly funded resources under a creative commons licence and populate your learning platforms, preparing them for effective use.
It will also create a sharing community of educators who will identify, review and improve a common set of national digital assets.
The world is really changing very fast. I go to parties and find people in all walks of life (i.e. not IT professionals) who are aware of Open Source, Governments are (some faster than others admittedly) waking up to the reality that FOSS provides significant benefits over proprietary software in many ways more than just money, and Enterprises are adopting not just Open Source Software but the principles behind it too to make their own businesses better.
BETT 2010 confirmed this trend in spades. Roll on BETT 2011.
Miles from Open Source Schools and one of the organisers of the event has also posted a review of the show that you can read here.
