How To Install OpenERP 6 On Ubuntu 10.04 LTS Server

(This tutorial was originally written by Alan Lord. You can find the original tutorial here:
http://www.theopensourcerer.com/2011/04/19/how-to-install-openerp-6-on-ubuntu-10-04-lts-server-part-1/
http://www.theopensourcerer.com/2011/04/21/how-to-install-openerp-6-on-ubuntu-10-04-lts-server-part-2-ssl/ )

Recently at, we’ve been setting up several new instances of OpenERP for customers. Our server operating system of choice is Ubuntu 10.04 LTS. Installing OpenERP isn’t really that hard, but having seen several other "How Tos" online describing various methods where none seemed to do the whole thing in what I consider to be "the right way", I thought I’d explain how we do it. There are a few forum posts that I’ve come across where the advice is just plain wrong too, so do be careful.

As we tend to host OpenERP on servers that are connected to the big wide Internet, our objective is to end up with a system that is:

A: Accessible only via encrypted (SSL) services from the GTK client, Web browser, WebDAV and CalDAV
B: Readily upgradeable and customisable

One of my friends said to me recently, "surely it's just sudo apt-get install openerp-server isn’t it?" Fair enough; this would actually work. But there are several problems I have with using a packaged implementation in this instance:

Out-of-date. The latest packaged version I could see, in either the Ubuntu or Debian repositories, was 5.0.15. OpenERP is now at 6.0.2 and is a major upgrade from the 5.x series.
Lack of control. Being a business application, with many configuration choices, it can be harder to tweak your way when the packager determined that one particular way was the "true path".
Upgrades and patches. Knowing how, where and why your OpenERP instance is installed the way it is, means you can decide when and how to update it and patch it, or add custom modifications.

So although the way I’m installing OpenERP below is manual, it gives us a much more fine-grained level of control. Without further ado then here is my way as it stands currently ("currently" because you can almost always improve things. HINT: suggestions for improvement gratefully accepted).

Step 1. Build your server

I install just the bare minimum from the install routine (you can install the openssh-server during the install procedure or install subsequently depending on your preference).

After the server has restarted for the first time I install the openssh-server package (so we can connect to it remotely) and denyhosts to add a degree of brute-force attack protection. There are other protection applications available: I’m not saying this one is the best, but it’s one that works and is easy to configure and manage. If you don’t already, it’s also worth looking at setting up key-based ssh access, rather than relying on passwords. This can also help to limit the potential of brute-force attacks. [NB: This isn't a How To on securing your server...]

sudo apt-get install openssh-server denyhosts

Now make sure you are running all the latest patches by doing an update:

sudo apt-get update
sudo apt-get dist-upgrade

Although not always essential it’s probably a good idea to reboot your server now and make sure it all comes back up and you can still login via ssh.

Now we’re ready to start the OpenERP install.

Step 2. Create the OpenERP user that will own and run the application

sudo adduser --system --home=/opt/openerp --group openerp

This is a "system" user. It is there to own and run the application, it isn’t supposed to be a person type user with a login etc. In Ubuntu, a system user gets a UID below 1000, has no shell (well it’s actually /bin/false) and has logins disabled. Note that I’ve specified a "home" of /opt/openerp, this is where the OpenERP server, and optional web client, code will reside and is created automatically by the command above. The location of the server code is your choice of course, but be aware that some of the instructions and configuration files below may need to be altered if you decide to install to a different location.

Step 3. Install and configure the database server, PostgreSQL

sudo apt-get install postgresql

Then configure the OpenERP user on postgres:

First change to the postgres user so we have the necessary privileges to configure the database.

sudo su - postgres

Now create a new database user. This is so OpenERP has access rights to connect to PostgreSQL and to create and drop databases. Remember what your choice of password is here; you will need it later on:

createuser --createdb --username postgres --no-createrole --pwprompt openerp

Enter password for new role: <-- ********
Enter it again: <-- ********
Shall the new role be a superuser? (y/n) <-- y

Finally exit from the postgres user account:

exit

Step 4. Install the necessary Python libraries for the server

sudo apt-get install python python-psycopg2 python-reportlab \
python-egenix-mxdatetime python-tz python-pychart python-mako \
python-pydot python-lxml python-vobject python-yaml python-dateutil \
python-pychart python-pydot python-webdav

And if you plan to use the Web client install the following:

sudo apt-get install python-cherrypy3 python-formencode python-pybabel \
python-simplejson python-pyparsing

Step 5. Install the OpenERP server, and optional web client, code

I tend to use wget for this sort of thing and I download the files to my home directory.

Make sure you get the latest version of the application files. At the time of writing this it was 6.0.2; I got the download links from their download page.

wget http://www.openerp.com/download/stable/source/openerp-server-6.0.2.tar.gz

And if you want the web client:

wget http://www.openerp.com/download/stable/source/openerp-web-6.0.2.tar.gz

Now install the code where we need it: cd to the /opt/openerp/ directory and extract the tarball(s) there.

cd /opt/openerp
sudo tar xvf ~/openerp-server-6.0.2.tar.gz
sudo tar xvf ~/openerp-web-6.0.2.tar.gz

Next we need to change the ownership of all the the files to the openerp user and group.

sudo chown -R openerp: *

And finally, the way I have done this is to copy the server and web client directories to something with a simpler name so that the configuration files and boot scripts don’t need constant editing (I call them, rather unimaginatively, server and web). I started out using a symlink solution, but I found that when it comes to upgrading, it seems to make more sense to me to just keep a copy of the files in place and then overwrite them with the new code. This way you keep any custom or user-installed modules and reports etc. all in the right place.

sudo cp -a openerp-server-6.0.2 server
sudo cp -a openerp-web-6.0.2 web

As an example, should OpenERP 6.0.3 come out next, I can extract the tarballs into /opt/openerp/ as above. I can do any testing I need, then repeat the copy command (replacing 6.0.2 obviously) so that the modified files will overwrite as needed and any custom modules, report templates and such will be retained. Once satisfied the upgrade is stable, the older 6.0.2 directories can be removed if wanted.

That’s the OpenERP server and web client software installed. The last steps to a working system are to set up the two (server and web client) configuration files and associated init scripts so it all starts and stops automatically when the server boots and shuts down.

Step 6. Configuring the OpenERP application

The default configuration file for the server (in /opt/openerp/server/doc/) could really do with laying out a little better and a few more comments in my opinion. I’ve started to tidy up this config file a bit and here is to the one I’m using at the moment (with the obvious bits changed).

[options]
; This is the password that allows database operations
; Will be written to by the server when password is changed
; !! Keep this file secure !!
; admin_passwd = admin
root_path = /opt/openerp/server/bin
without_demo = False
verbose = False
; Database settings
db_user = openerp
db_password = ********
; Please uncomment the following line *after* you have created the
; database. It activates the auto module check on startup.
; db_name = False
db_port = False
db_host = False
db_maxconn = 64
; Networking Settings
xmlrpc = True
xmlrpc_interface =
xmlrpc_port = 8069
netrpc = True
netrpc_interface =
netrpc_port = 8070
; Uncomment these for xml-rpc over SSL
;xmlrpcs = True
;xmlrpcs_interface =
;xmlrpcs_port = 8071
;secure_pkey_file = /etc/ssl/openerp/server.pkey
;secure_cert_file = /etc/ssl/openerp/server.crt
; Log settings
logfile = /var/log/openerp/openerp-server.log
syslog = False
logrotate = True
log_level = info
; False prevents the client displaying the list of databases
list_db = True
addons_path = /opt/openerp/server/bin/addons
demo = {}
soap = False
reportgz = False
translate_modules = ['all']
; Static http parameters
static_http_enable = False
static_http_document_root = /var/www/html
static_http_url_prefix = /
; Outbound email configuration
;smtp_user = [email protected]
;email_from = "OpenERP Support" <[email protected]>
;smtp_port = 25
;smtp_password = ********
;smtp_ssl = True
;smtp_server = mail.example.com

You need to copy or paste the contents of this file into /etc/ and call the file openerp-server.conf. Then you should secure it by changing ownership and access as follows:

sudo chown openerp:root /etc/openerp-server.conf
sudo chmod 640 /etc/openerp-server.conf

The above commands make the file owned and writeable only by the openerp user and only readable by openerp and root.

To allow the OpenERP server to run initially, you should only need to change one line in this file. Toward to the top of the file change the line db_password = ******** to have the same password you used way back in step 3. Use your favourite text editor here. I tend to use nano, e.g.

sudo nano /etc/openerp-server.conf

Once the config file is edited, you can start the server if you like just to check if it actually runs.

/opt/openerp/server/bin/openerp-server.py --config=/etc/openerp-server.conf

It won’t really work just yet as it isn’t running as the openerp user. It’s running as your normal user so it won’t be able to talk to the PostgreSQL database. Just type CTL+C to stop the server.