How to install OpenERP 6.0 on Ubuntu 10.04 LTS Server (Part 1)
Update: 22/02/2012. OpenERP 6.1 was released today. I’ve written a howto for this new version here.
Recently at work, we’ve been setting up several new instances of OpenERP for customers. Our server operating system of choice is Ubuntu 10.04 LTS.
Installing OpenERP isn’t really that hard, but having seen several other “How Tos” on-line describing various methods where none seemed to do the whole thing in what I consider to be “the right way”, I thought I’d explain how we do it. There are a few forum posts that I’ve come across where the advice is just plain wrong too, so do be careful.
As we tend to host OpenERP on servers that are connected to the big wide Internet, our objective is to end up with a system that is:
- A: Accessible only via encrypted (SSL) services from the GTK client, Web browser, WebDAV and CalDAV
- B: Readily upgradeable and customisable
One of my friends said to me recently, “surely it’s just sudo apt-get install openerp-server isn’t it?” Fair enough; this would actually work. But there are several problems I have with using a packaged implementation in this instance:
- Out-of-date. The latest packaged version I could see, in either the Ubuntu or Debian repositories, was 5.0.15. OpenERP is now at 6.0.3 and is a major upgrade from the 5.x series.
- Lack of control. Being a business application, with many configuration choices, it can be harder to tweak your way when the packager determined that one particular way was the “true path”.
- Upgrades and patches. Knowing how, where and why your OpenERP instance is installed the way it is, means you can decide when and how to update it and patch it, or add custom modifications.
So although the way I’m installing OpenERP below is manual, it gives us a much more fine-grained level of control. Without further ado then here is my way as it stands currently (“currently” because you can almost always improve things. HINT: suggestions for improvement gratefully accepted).
[Update 18/08/2011: I’ve updated this post for the new 6.0.3 release of OpenERP]
Step 1. Build your server
I install just the bare minimum from the install routine (you can install the openssh-server during the install procedure or install subsequently depending on your preference).
After the server has restarted for the first time I install the openssh-server package (so we can connect to it remotely) and denyhosts to add a degree of brute-force attack protection. There are other protection applications available: I’m not saying this one is the best, but it’s one that works and is easy to configure and manage. If you don’t already, it’s also worth looking at setting up key-based ssh access, rather than relying on passwords. This can also help to limit the potential of brute-force attacks. [NB: This isn’t a How To on securing your server…]
sudo apt-get install openssh-server denyhosts
Now make sure you are running all the latest patches by doing an update:
sudo apt-get update
sudo apt-get dist-upgrade
Although not always essential it’s probably a good idea to reboot your server now and make sure it all comes back up and you can still login via ssh.
Now we’re ready to start the OpenERP install.
Step 2. Create the OpenERP user that will own and run the application
sudo adduser --system --home=/opt/openerp --group openerp
This is a “system” user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (well it’s actually /bin/false) and has logins disabled. Note that I’ve specified a “home” of /opt/openerp, this is where the OpenERP server, and optional web client, code will reside and is created automatically by the command above. The location of the server code is your choice of course, but be aware that some of the instructions and configuration files below may need to be altered if you decide to install to a different location.
Step 3. Install and configure the database server, PostgreSQL
sudo apt-get install postgresql
Then configure the OpenERP user on postgres:
First change to the postgres user so we have the necessary privileges to configure the database.
sudo su - postgres
Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:
createuser --createdb --username postgres --no-createrole --no-superuser --pwprompt openerp
Enter password for new role: ********
Enter it again: ********
[Update 18/08/2011: I have added the --no-superuser switch. There is no need for the openerp database user to have superuser privileges.]
Finally exit from the postgres user account:
exit
Step 4. Install the necessary Python libraries for the server
sudo apt-get install python python-psycopg2 python-reportlab \
python-egenix-mxdatetime python-tz python-pychart python-mako \
python-pydot python-lxml python-vobject python-yaml python-dateutil \
python-pychart python-webdav
And if you plan to use the Web client install the following:
sudo apt-get install python-cherrypy3 python-formencode python-pybabel \
python-simplejson python-pyparsing
Step 5. Install the OpenERP server, and optional web client, code
I tend to use wget for this sort of thing and I download the files to my home directory.
Make sure you get the latest version of the application files. At the time of writing this it’s 6.0.2 6.0.3; I got the download links from their download page.
wget http://www.openerp.com/download/stable/source/openerp-server-6.0.3.tar.gz
And if you want the web client:
wget http://www.openerp.com/download/stable/source/openerp-web-6.0.3.tar.gz
Now install the code where we need it: cd to the /opt/openerp/ directory and extract the tarball(s) there.
cd /opt/openerp
sudo tar xvf ~/openerp-server-6.0.3.tar.gz
sudo tar xvf ~/openerp-web-6.0.3.tar.gz
Next we need to change the ownership of all the the files to the openerp user and group.
sudo chown -R openerp: *
And finally, the way I have done this is to copy the server and web client directories to something with a simpler name so that the configuration files and boot scripts don’t need constant editing (I call them, rather unimaginatively, server and web). I started out using a symlink solution, but I found that when it comes to upgrading, it seems to make more sense to me to just keep a copy of the files in place and then overwrite them with the new code. This way you keep any custom or user-installed modules and reports etc. all in the right place.
sudo cp -a openerp-server-6.0.3 server
sudo cp -a openerp-web-6.0.3 web
As an example, should OpenERP 6.0.4 come out next, I can extract the tarballs into /opt/openerp/ as above. I can do any testing I need, then repeat the copy command (replacing 6.0.3 obviously) so that the modified files will overwrite as needed and any custom modules, report templates and such will be retained. Once satisfied the upgrade is stable, the older 6.0.3 directories can be removed if wanted.
That’s the OpenERP server and web client software installed. The last steps to a working system are to set up the two (server and web client) configuration files and associated init scripts so it all starts and stops automatically when the server boots and shuts down.
Step 6. Configuring the OpenERP application
The default configuration file for the server (in /opt/openerp/server/doc/) could really do with laying out a little better and a few more comments in my opinion. I’ve started to tidy up this config file a bit and here is a link to the one I’m using at the moment (with the obvious bits changed). You need to copy or paste the contents of this file into /etc/ and call the file openerp-server.conf. Then you should secure it by changing ownership and access as follows:
sudo chown openerp:root /etc/openerp-server.conf
sudo chmod 640 /etc/openerp-server.conf
The above commands make the file owned and writeable only by the openerp user and only readable by openerp and root.
To allow the OpenERP server to run initially, you should only need to change one line in this file. Toward to the top of the file change the line db_password = ******** to have the same password you used way back in step 3. Use your favourite text editor here. I tend to use nano, e.g. sudo nano /etc/openerp-server.conf
Once the config file is edited, you can start the server if you like just to check if it actually runs.
/opt/openerp/server/bin/openerp-server.py --config=/etc/openerp-server.conf
It won’t really work just yet as it isn’t running as the openerp user. It’s running as your normal user so it won’t be able to talk to the PostgreSQL database. Just type CTL+C to stop the server.
Step 7. Installing the boot script
For the final step we need to install a script which will be used to start-up and shut down the server automatically and also run the application as the correct user. Here’s a link to the one I’m using currently.
Similar to the config file, you need to either copy it or paste the contents of this script to a file in /etc/init.d/ and call it openerp-server. Once it is in the right place you will need to make it executable and owned by root:
sudo chmod 755 /etc/init.d/openerp-server
sudo chown root: /etc/init.d/openerp-server
In the config file there’s an entry for the server’s log file. We need to create that directory first so that the server has somewhere to log to and also we must make it writeable by the openerp user:
sudo mkdir /var/log/openerp
sudo chown openerp:root /var/log/openerp
Step 8. Testing the server
To start the OpenERP server type:
sudo /etc/init.d/openerp-server start
You should now be able to view the logfile and see that the server has started.
less /var/log/openerp/openerp-server.log
If there are any problems starting the server now you need to go back and check. There’s really no point ploughing on if the server doesn’t start…
OpenERP - First Login
If you now start up the GTK client and point it at your new server you should see a message like this:
Which is a good thing. It means the server is accepting connections and you do not have a database configured yet. I will leave configuring and setting up OpenERP as an exercise for the reader. This is a how to for installing the server. Not a how to on using and configuring OpenERP itself…
What I do recommend you do at this point is to change the super admin password to something nice and strong. By default it is “admin” and with that a user can create, backup, restore and drop databases (in the GTK client, go to the file menu and choose the Databases -> Administrator Password option to change it). This password is written as plain text into the /etc/openerp-server.conf file. Hence why we restricted access to just openerp and root.
One rather strange thing I’ve just realised is that when you change the super admin password and save it, OpenERP completely re-writes the config file. It removes all comments and scatters the configuration entries randomly throughout the file. I’m not sure as of now if this is by design or not.
Now it’s time to make sure the server stops properly too:
sudo /etc/init.d/openerp-server stop
Check the logfile again to make sure it has stopped and/or look at your server’s process list.
Step 9. Automating OpenERP startup and shutdown
If everything above seems to be working OK, the final step is make the script start and stop automatically with the Ubuntu Server. To do this type:
sudo update-rc.d openerp-server defaults
You can now try rebooting you server if you like. OpenERP should be running by the time you log back in.
If you type ps aux | grep openerp you should see a line similar to this:
openerp 708 3.8 5.8 181716 29668 ? Sl 21:05 0:00 python /opt/openerp/server/bin/openerp-server.py -c /etc/openerp-server.conf
Which shows that the server is running. And of course you can check the logfile or use the GTK client too.
Step 10. Configure and automate the Web Client
Although it’s called the web client, it’s really another server-type application which [ahem] serves OpenERP to users via a web browser instead of the GTK desktop client.
If you want to use the web client too, it’s basically just a repeat of steps 6, 7, 8 and 9.
The default configuration file for the web client (can also be found in /opt/openerp/web/doc/openerp-web.cfg) is laid out more nicely than the server one and should work as is when both the server and web client are installed on the same machine as we are doing here. I have changed one line to turn on error logging and point the file at our /var/log/openerp/ directory. For our installation, the file should reside in /etc/, be called openerp-web.conf and have it’s owner and access rights set as with the server configuration file:
sudo chown openerp:root /etc/openerp-web.conf
sudo chmod 640 /etc/openerp-web.conf
Here is a web client boot script. This needs to go into /etc/init.d/, be called openerp-web and be owned by root and executable.
sudo chmod 755 /etc/init.d/openerp-web
sudo chown root: /etc/init.d/openerp-web
You should now be able to start the web server by entering the following command:
sudo /etc/init.d/openerp-web start
Check the web client is running by looking in the log file, looking at the process log and, of course, connecting to your OpenERP server with a web browser. The web client by default runs on port 8080 so the URL to use is something like this: http://my-ip-or-domain:8080
Make sure the web client stops properly:
sudo /etc/init.d/openerp-web stop
And then configure it to start and stop automatically.
sudo update-rc.d openerp-web defaults
You should now be able to reboot your server and have the OpenERP server and web client start and stop automatically.
I think that will do for this post. It’s long enough as it is!
I’ll do a part 2 in a little while where I’ll cover using apache, ssl and mod_proxy to provide encrypted access to all services.
[UPDATE: Part 2 is here]
BSA Supporting Free & Open Source Software
BSA SPAM
This spam marketing literature however, is actually a very compelling call to action for those businesses that aren’t already protecting themselves by using Free and Open Source Software. If the image isn’t terribly legible, here are a few of the juicy bits just SCREAMING at you to think very carefully about the software choices you make in your business.
Your boss wouldn’t ask you to steal or commit fraud, would they? So why do they ask you to use unlicensed software?
Note the phrasing: “unlicensed software”. Of course Free software is licensed, so that’s OK then. There are lots of great Free Software licenses.
Here’s the bit where the BSA really start to suggest you should be using Free Software.
Here’s how easy it is to get caught up using illegal software:
- One or more software licenses are bought, but the software is installed on more PCs than the licenses permit
- Software is purchased for an employee’s home PC and is also installed on to a work PC
These activities are perfectly OK and in-fact encouraged with licensed Free software. A Free Software License gives a user the freedom to do these things; It’s called freedom 2: The freedom to redistribute copies so you can help your neighbor.
- Font designs and software are downloaded illegally from the internet
You can download legally lots of font designs from places such as the Open Font Library and Google’s WebFont Library online.
The recently released Ubuntu font is an excellent example of a high quality, freely available font.. You can read about it here, get it from here and even get the font source from here. You may also choose to use the Google Font API to use it freely on your website from here.
And as for downloading “software” well, there’s probably more Free software available for download than the BSA could shake a stick at.
So please, consider carefully what our friends at the BSA have to say and talk your bosses or employees about the choices they make. Using properly licensed software is not hard. You don’t have to be at risk from even making a simple mistake. Using licensed Free software protects you.
If you are in a business and want advice on the choices available there are companies such as our own that can help. The BSA would rather your employees take you to the cleaners…
So, if you know of a company that is using unlicensed software, please let us know now. You could receive a reward of up to £10,000.
A Good Pub Guide: The White Hart, Sherington
The White Hart, Sherington
Earlier this week, we had a bit of a road trip on our hands… A day discussing OpenERP in Cambridge and the next day vtiger CRM consulting in Milton Keynes which is not too far away, so we needed somewhere to stay to avoid driving a 200+ mile round trip.
We found a real gem of place! A very attractive country pub with extremely pleasant rooms, very friendly service, fantastic food (the Mixed Grill was really, really excellent), good beer and entertaining and congenial locals too.
If you happen to be working around the Bedford, Milton Keynes, Newport Pagnell area and want somewhere to stay, I whole-heartedly recommend you check out The White Hart in Sherington.
vtiger CRM – A “Proper” Open Source CRM
I wanted to point any readers who may be interested to a new post I wrote over on our company blog. It discusses the latest release of a very popular business application we spend more and more time working with our customers on – vtiger CRM. CRM meaning Customer Relationship Management. Not only do we help others use vtiger CRM, it is also our own tool of choice for Sales and Marketing Automation.
The company behind vtiger CRM just released the latest version, 5.2.0, which has several major new features and lots of minor tweaks and improvements too.
We think this is the best truly Open Source CRM application currently available. There are other CRM systems that claim to be Open Source but are actually Open Core which is not the same thing at all.
If you want to learn a little about vtiger CRM, please drop over here and feel free to use the comments or contact-us page if you want to find out any more.
Westminster eForum Speech
Today I had the pleasure of addressing the Westminster eForum event on Free and open source software in business, in government. I had a five minute slot following the excellent Karsten Gerloff of the Free Software Foundation Europe, then after speeches from Paul Holt, Andrew Katz and Christopher Roberts we had a panel Q&A with questions from the audience. Here are the notes from my speech, transcripts of the whole event will be distributed around Westminster. The seminar was sponsored by our friends at Sirius.
Hello & Good Morning Ladies & Gentleman.
My name is Alan Lord and I am co-owner of The Open Learning Centre; an Open Source Software Consulting and Services business based in Surrey.
In the few minutes I have I would like to briefly discuss a few of the themes that were suggested for this session.
So, starting with the first one then:
The challenges faced by small, medium and large organisations implementing Free & Open Source Software?
For me, one of the key challenges is Procurement:
Procurement practices have not kept pace with changing times. Existing policies and procedures often struggle with the idea of acquiring something that is â€freeâ€. In addition, in our Free Software marketplace, many suppliers do not have the budgets or resources to participate in lengthy tendering processes and, frankly, often have better and less costly opportunities to pursue elsewhere.
Another challenge is lack of familiarity and knowledge: There is still a significant proportion of the population who haven’t really heard of, or understand what Free & Open Source Software is, even though they may use it everyday. The Open Source community has made tremendous inroads and awareness is definitely increasing, but bear in mind, we are competing against companies with multi-billion dollar marketing budgets.
Now I’d like to move on to mention something about:The costs of deploying Free and Open Source software?
Firstly, it’s important to recognise that the â€free†in Free Software generally refers to freedom and not necessarily the price; although Open Source Software is frequently zero cost too. It should be recognised that implementing any software solution has costs, whether or not the software itself is freely available.
Time, of course, is not free; training, consulting and other professional services require people and knowledge, all of which have a cost whether they be internally or externally sourced. Although I feel fairly confident in saying that Open Source providers tend to charge comparatively less, I would recommend you use your experience to estimate and budget for the financial costs of the professional services you will need to acquire. Typically, the work required will be similar, in volume at least, for any given project whether Free or proprietary.
The financial benefits of Open Source really make an impact once you start using it: There are no ongoing licensing fees; you may copy and replicate what you have as many times as you wish. Product development, bug fixes and new features can generally be introduced at your discretion, and not that of your software vendor.
Another question that is often discussed is:
Is Open Source Software vulnerable?
Open Source Software is widely regarded as being inherently more secure than comparable proprietary software. Generally I would concur with this; particularly with regard to Operating Systems such as Linux and BSD. However, no software is ever infallible or 100% secure, so as an IT manager one must take all available precautions.
Many of the stories of Open Source vulnerabilities are, in the end, down to lack of skill or knowledge in setting up and maintaining these systems; this is just the same as with the proprietary alternatives. Again, skills and good education are the key to minimising these risks.
Free and Open Source Software is created in a very different way to legacy software. The ‘source code’, or instructions, are public; anyone can look at them. In a well managed Open Source project this visibility actually helps to improve the security of the end product. The benefit of this code-transparency was famously described by Eric S. Raymond, a well known Open Source author and advocate:
“Given enough eyeballs, all bugs are shallow.â€
And finally I’d like to touch upon the question:
Who is responsible if Open Source Software is compromised or malfunctions?
Well – to be blunt. You are.
But then how is this different to proprietary solutions? If you’ve ever read a License Agreement for proprietary software then I’m sure you will have noticed that they start by disclaiming all liabilities, warranties and risks. Here’s one sentence taken from a very famous proprietary software vendor’s license agreement:
“The entire risk arising out of use or performance of the OS Components AND ANY SUPPORT SERVICES remains with you.â€
If your chosen proprietary software is compromised or malfunctions what happens? Basically, you await the benevolence of the manufacturer, who is hopefully still in business and has a copy of the version of your product. With Free and Open Source Software, you will ALWAYS have a copy of the source code available.
A key feature of Open Source licensing, and something that is specifically NOT offered in the proprietary world, is the empowerment to improve and change it yourself. This doesn’t mean that you have to write the code though, there are lots of developers who will do that for a fair price.
Thank you.
vtiger on demand – Open Source as a Service
Today we are adding a new offering to our regular line up of consultancy services and comprehensive on-site bundles and this time it is out in the cloud.
There is a clear general trend towards outsourced software as a service, back when this first became a viable concept technically it seemed complete madness to me to have all your valuable data locked up on some server you never even get to see. You would be at the mercy of the vendor, subject to them raising their prices or going out of business and with very little recourse when they do. This remains a major business risk with proprietary software as a service, but the benefits of not requiring in-house hardware and expertise to install and manage a useful and scalable solution are still quite compelling.
With Open Source as a Service things are somewhat different, you still get to wash your hands of the installation and management of the hardware and software, upgrades just happen and they are someone else’s problem. You get the low cost of entry and prices that that are in proportion to the amount of users that are getting value from it. You also get Freedom instead of lock-in. You can take your hosted cloud based software and run the same code somewhere else. Either on another bit of remote hardware you never see, or on a box with flashing lights that sits quietly in a broom cupboard somewhere in your building. You are not at all locked in to Open Source as a Service, you are using it because it provides benefits you want at a price that is good value, as well as financially supporting the further development of the software.
So the announcement today is that The Open Learning Centre is partnering with vtiger CRM to bring the vtiger on demand Open Source as a Service to the UK market. This is hosted out in the cloud (Amazon EC2 to be precise) and managed on a day to day basis by the vtiger engineers. We can provide an optional on-site training day to complement the hosted service and of course at any time you can transition from the hosted CRM to one of our Ubuntu based Libertus servers (or the other way round if you like). This is just one example of how Software Freedom makes total business sense and it illustrates the difference between free as in no cost and the much more important free as in Freedom.
