Installing CKAN 2.4¶
Introduction¶
In this document you’ll only find specific information for installing CKAN, some required ancillary applications and some ufficial CKAN extensions.
It is expected that the base system has already been properly installed and configured as described in Installing basic packages (CentOS 7).
In such document there are information about how to install some required base components, such as PostgreSQL, Apache HTTPD, Oracle Java, Apache Tomcat.
Installing Solr¶
Solr is a java webapp used by CKAN as a backend for dataset indexing. Solr shall be installed in a tomcat instance on its own, in order to decouple it from other installed webapps.
We’re going to install its catalina base in /opt/tomcat/solr
; we’ll put its configuration files
in /etc/solr
.
Install¶
Download solr (it’s a 127MB .tgz file) and untar it:
mkdir /root/download
cd /root/download
wget http://archive.apache.org/dist/lucene/solr/4.5.0/solr-4.5.0.tgz
tar xzvf solr-4.5.0.tgz
Make sure you already:
- created the tomcat user (Create tomcat user)
- installed tomcat (Installing apache tomcat)
- created the base catalina template (Creating apache tomcat context)
Create catalina base directory for solr:
cp -a /opt/tomcat/base/ /opt/tomcat/solr
Copy .war file
cp -av /root/download/solr-4.5.0/dist/solr-4.5.0.war /opt/tomcat/solr/webapps/solr.war
Copy configuration files
mkdir -p /etc/solr/ckan
cp -r /root/download/solr-4.5.0/example/solr/collection1/conf /etc/solr/ckan
Create file /etc/solr/solr.xml
<solr persistent="true" sharedLib="lib">
<cores adminPath="/admin/cores" defaultCoreName="ckan">
<core name ="ckan-schema-2.3" instanceDir="ckan">
<!-- <property name="dataDir" value="/var/lib/solr/data/ckan" /> -->
</core>
</cores>
</solr>
Copy libs
mkdir -p /opt/solr/libs
cp solr-4.5.0/dist/*.jar /opt/solr/libs
cp solr-4.5.0/contrib/analysis-extras/lib/* /opt/solr/libs
cp solr-4.5.0/contrib/clustering/lib/* /opt/solr/libs
cp solr-4.5.0/contrib/dataimporthandler/lib/* /opt/solr/libs
cp solr-4.5.0/contrib/extraction/lib/* /opt/solr/libs
cp solr-4.5.0/contrib/langid/lib/* /opt/solr/libs
cp solr-4.5.0/contrib/uima/lib/* /opt/solr/libs
cp solr-4.5.0/contrib/velocity/lib/* /opt/solr/libs
Backup solr config files
cp /etc/solr/ckan/conf/solrconfig.xml /etc/solr/ckan/conf/solrconfig.xml.orig
Edit config file, commenting out all the <lib dir= .....
entries, and add:
<lib dir="/opt/solr/libs/" regex=".*\.jar" />
Create data dir:
mkdir /opt/tomcat/solr/data
Edit file /opt/tomcat/solr/bin/setenv.sh
.
We’ll set here some system vars used by tomcat, by the JVM, and by the wabapp itself:
export CATALINA_BASE=/opt/tomcat/solr
export CATALINA_HOME=/opt/tomcat/
export CATALINA_PID=$CATALINA_BASE/work/pidfile.pid
export JAVA_OPTS="$JAVA_OPTS -Xms512m -Xmx800m -XX:MaxPermSize=256m"
export JAVA_OPTS="$JAVA_OPTS -Dsolr.solr.home=/etc/solr/"
export JAVA_OPTS="$JAVA_OPTS -Dsolr.data.dir=$CATALINA_BASE/data"
export CLASSPATH="$CLASSPATH:/opt/tomcat/lib/"
Make setenv.sh
executable:
chmod +x /opt/tomcat/solr/bin/setenv.sh
Edit server.xml¶
Solr is the first tomcat instance we are installing in this VM, so we can keep the default ports:
- 8005 for commands to catalina instance
- 8080 for the HTTP connection
We won’t need the AJP connection, since Solr will be not exposed to the internet via apache httpd.
Remember that you may change these ports in the file /opt/tomcat/solr/conf/server.xml.
See also Installed applications.
Automatic startup¶
Create the file /etc/systemd/system/tomcat@.service
and insert the following content:
[Unit]
Description=Tomcat %I
After=network.target
[Service]
Type=forking
User=tomcat
Group=tomcat
Environment=CATALINA_PID=/var/run/tomcat/%i.pid
#Environment=TOMCAT_JAVA_HOME=/usr/java/default
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat/%i
Environment=CATALINA_OPTS=
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
#ExecStop=/bin/kill -15 $MAINPID
[Install]
WantedBy=multi-user.target
Once downloaded, make it executable
chmod +x /etc/systemd/system/tomcat\@.service
and set it as autostarting
ln -s /etc/systemd/system/tomcat\@.service \
/lib/systemd/system/multi-user.target.wants/tomcat\@solr.service
Note
systemctl enable tomcat@solr
will not work
Final configurations¶
Set the ownership of the solr/
related directories to user tomcat
chown tomcat: -R /opt/tomcat
chown tomcat: -R /etc/solr/
In order to make solr work with CKAN, a schema needs to be set. It will be set in a following section, so we do not want to start solr right away.
Installing required packages¶
Install the software packages needed by CKAN:
yum install postgresql94-devel python-devel python-pip git gcc python-virtualenv
Creating a CKAN user¶
The ckan
user is created with a shell of /sbin/nologin
and a home directory of /usr/lib/ckan
:
useradd -m -s /sbin/nologin -d /usr/lib/ckan -c "CKAN User" ckan
Should you need to run anything as user ckan
, you can switch to the ckan account
by issuing this command as root
su -s /bin/bash - ckan
Setup CKAN dir¶
Open the ckan home directory up for read access so that the content will eventually be able to be served out via httpd
chmod 755 /usr/lib/ckan
Under CentOS you may have to modify the defaults and the current file context of the newly created directory such that it is able to be served out via httpd
semanage fcontext --add --ftype -- --type httpd_sys_content_t "/usr/local/ckan(/.*)?"
semanage fcontext --add --ftype -d --type httpd_sys_content_t "/usr/local/ckan(/.*)?"
restorecon -vR /usr/lib/ckan
PostgreSQL configuration¶
Create the ckan
user in postgres:
su - postgres -c "createuser -S -D -R -P ckan"
and annotate the password for such user.
As an example, we’ll use ckan_pw
to show where this info will be needed.
Create the ckan db:
su - postgres -c "createdb -O ckan ckan -E utf-8"
Configuring CKAN environment¶
Installing python dependencies¶
As user root
run:
easy_install pip
pip install virtualenv
As user ckan
, go to ckan home dir:
cd
Create a virtualenv called default
:
virtualenv --no-site-packages default
Activate the vitualenv:
. default/bin/activate
Download and install CKAN:
pip install -e 'git+https://github.com/ckan/ckan.git@ckan-2.4.0#egg=ckan'
Enable pgsql94 path:
export PATH=$PATH:/usr/pgsql-9.4/bin
Download and install the necessary Python modules to run CKAN into the isolated Python environment:
pip install -r /usr/lib/ckan/default/src/ckan/requirements.txt
Solr configuration¶
Configure in Solr the CKAN schema:
systemctl stop tomcat@solr
cd /etc/solr/ckan/conf/
mv schema.xml schema.xml.original
cp /usr/lib/ckan/default/src/ckan/ckan/config/solr/schema.xml /etc/solr/ckan/conf/schema.xml
chown tomcat: schema.xml
systemctl start tomcat@solr
Note
Should Solr complain about missing libs, copy them from the dist directory:
systemctl stop tomcat@solr
cp /root/download/solr-4.5.0/dist/solrj-lib/* /opt/tomcat/solr/webapps/solr/WEB-INF/lib/
systemctl start tomcat@solr
Important
Note that solr requires the current hostname to be bound to a real IP address.
This is an example of a hostname not properly bound:
[root@ckan conf]# hostname
ckan
[root@ckan conf]# ping ckan
ping: unknown host ckan
[root@ckan conf]#
You’ll have to edit the /etc/hosts
file and add a line like this:
10.10.100.70 ckan
Start solr and make sure it’s working:
systemctl start tomcat@solr
curl -i http://localhost:8080/solr/ | less
CKAN configuration¶
Create a default configuration file.
As root
create the directory
mkdir /etc/ckan
chown ckan: /etc/ckan/
As user ckan
, enter the virtualenv
$ . /usr/lib/ckan/default/bin/activate
(pyenv)$ paster make-config ckan /etc/ckan/default/production.ini
Edit the file /etc/ckan/default/production.ini
(below are collected the main properties of the final installation)
DB connection parameters
sqlalchemy.url = postgresql://ckan:PASSWORD@localhost/ckan solr_url = http://127.0.0.1:8080/solr/ckan-schema-2.3
Site data
ckan.site_id: ckan.site_title: ckan.site_url:
Mail notifications (es.)
email_to = info@the.project.org smtp_server = server.smtp.for.the.project.org error_email_from = notifications@project.org
Language
ckan.locale_default = it ckan.locale_order = it de ckan.locales_offered = it de ckan.locales_filtered_out =
Translations setting (see also Provincia Di Bolzano Extension):
ckan.i18n_directory = /usr/lib/ckan/default/src/ckanext-provbz/ckanext/provbz/translations
Licence file setting (see also Provincia Di Bolzano Extension):
licenses_group_url = file:///usr/lib/ckan/default/src/ckanext-provbz/ckanext/provbz/licenses/ckan.json
Metadata validator:
ckan.spatial.validator.profiles = iso19139
Cache settings:
ckan.cache_enabled = True #ckan.page_cache_enabled = True ckan.cache_expires = 3600
Authorization settings:
ckan.auth.anon_create_dataset = false ckan.auth.create_unowned_dataset = false ckan.auth.create_dataset_if_not_in_organization = false ckan.auth.user_create_groups = false ckan.auth.user_create_organizations = false ckan.auth.user_delete_groups = false ckan.auth.user_delete_organizations = false ckan.auth.create_user_via_api = false ckan.auth.create_user_via_web = false ckan.auth.roles_that_cascade_to_sub_groups = admin
Misc settings:
# Resource Proxy settings # Preview size limit, default: 1MB ckan.resource_proxy.max_file_size = 5242880 # CORS settings ckan.cors.origin_allow_all = False ckan.cors.origin_whitelist = http://test-dati.retecivica.bz.it http://test-daten.buergernetz.bz.it http://dati.retecivica.bz.it http://daten.buergernetz.bz.it
External resources settings (see also Extras extension):
##ckanext.extras.local_sites = ckanext.extras.external_sites=http://dati.retecivica.bz.it/services
Datapusher settings (see also DataPusher):
## Datapusher settings # Make sure you have set up the DataStore ckan.datapusher.formats = csv xls xlsx tsv application/csv application/vnd.ms-excel application/vnd.openxmlformats-officedocument.spreadsheetml.sheet ckan.datapusher.url = http://127.0.0.1:8800/
Pages settings (see also Pages Extension):
#Ckan pages configuration options ckanext.pages.allow_html = True ckanext.pages.editor = ckeditor
Setting the storage path for datastore:
ckan.storage_path = /var/lib/ckan/upload
The file who.ini
(the Repoze.who configuration file) needs to be accessible
in the same directory as your CKAN config file, so create a symlink to it:
ln -s /usr/lib/ckan/default/src/ckan/who.ini /etc/ckan/default/who.ini
DB init¶
As user ckan
:
. default/bin/activate
paster --plugin=ckan db init -c /etc/ckan/default/production.ini
Note
The db init
procedure needs solr to be running.
CKAN users¶
Add a user with sysadmin privileges using this command
(pyenv)$ paster --plugin=ckan sysadmin add USERNAME -c /etc/ckan/default/production.ini
Apache httpd configuration¶
As root
, create the file /etc/httpd/conf.d/92-ckan.conf
and add the following content:
RequestHeader unset X-Forwarded-Host ## Only if you use a proxy between CKAN and Internet
ProxyPass / http://localhost:5000/
ProxyPassReverse / http://localhost:5000/
Warning
CKAN creates the backreference URL in a smart way using various available information like the X-Forwarded-Host including this header if it exists, but cannot know if the header it’s incorrect.
and reload the configuration
service httpd reload
SElinux¶
httpd is blocked by default by SELinux so that it can’t establish internal TCP connections; in order to allow http proxying, issue the following command
setsebool -P httpd_can_network_connect 1
DataStore plugin¶
Hint
Ref info page at http://ckan.readthedocs.org/en/ckan-2.4.0/maintaining/datastore.html
Create database users (datastore
with RW privs, and datastorero
with RO), and a DB for the datastore:
su - postgres -c "createuser -S -D -R -P -l datastore"
su - postgres -c "createuser -S -D -R -P -l datastorero"
su - postgres -c "createdb -O datastore datastore -E utf-8"
Open the file /etc/ckan/default/production.ini
and edit the lines:
ckan.datastore.write_url = postgresql://datastore:PASSWORD@localhost/datastore
ckan.datastore.read_url = postgresql://datastorero:PASSWORD@localhost/datastore
Also, add the datastore
plugin:
ckan.plugins = datastore [... other plugins...]
CKAN needs to change some grants on the datastore, but the python script uses the sudo
command,
which works just fine on Ubuntu but is not configured on CentOS machines.
We’re going to run the SQL script by hand, but it requires some setup:
cd /usr/lib/ckan/default/src/ckan/ckanext/datastore/
cp set_permissions.sql set_permissions_new.sql
Edit set_permissions_new.sql
and set the proper values for the variables in braces:
\connect datastore
replace {maindb} with "ckan"
replace {datastoredb} with "datastore"
replace {mainuser} with "ckan"
replace {writeuser} with "datastore"
replace {readuser} with "datastorero"
The resulting document should look like this:
-- revoke permissions for the read-only user
REVOKE CREATE ON SCHEMA public FROM PUBLIC;
REVOKE USAGE ON SCHEMA public FROM PUBLIC;
GRANT CREATE ON SCHEMA public TO "ckan";
GRANT USAGE ON SCHEMA public TO "ckan";
GRANT CREATE ON SCHEMA public TO "datastore";
GRANT USAGE ON SCHEMA public TO "datastore";
-- take connect permissions from main db
REVOKE CONNECT ON DATABASE "ckan" FROM "datastorero";
-- grant select permissions for read-only user
GRANT CONNECT ON DATABASE "datastore" TO "datastorero";
GRANT USAGE ON SCHEMA public TO "datastorero";
-- grant access to current tables and views to read-only user
GRANT SELECT ON ALL TABLES IN SCHEMA public TO "datastorero";
-- grant access to new tables and views by default
ALTER DEFAULT PRIVILEGES FOR USER "datastorero" IN SCHEMA public
GRANT SELECT ON TABLES TO "datastorero";
As root
run:
su - postgres -c "psql postgres -f /usr/lib/ckan/default/src/ckan/ckanext/datastore/bin/set_permissions_new.sql"
(also check this mail http://lists.okfn.org/pipermail/ckan-discuss/2013-March/002593.html).
File storage plugin¶
Hint
Ref info page at http://docs.ckan.org/en/latest/filestore.html
FileStore is used to enable data upload in CKAN.
Create directory
mkdir -p /var/lib/ckan/upload
chown ckan: -R /var/lib/ckan
Set the storage config in production.ini
:
ckan.storage_path = /var/lib/ckan/upload
Harvester plugin¶
As root install:
yum install redis
systemctl enable redis
systemctl start redis
Installing ckan harvester¶
As user ckan
:
. /usr/lib/ckan/default/bin/activate
pip install -e git+https://github.com/ckan/ckanext-harvest.git@release-v2.0#egg=ckanext-harvest
cd /usr/lib/ckan/default/src/ckanext-harvest/
pip install -r pip-requirements.txt
Edit file /etc/ckan/default/production.ini
and add the harvest related plugins:
ckan.plugins = [...] harvest ckan_harvester
ckan.harvest.mq.type = redis
Init the db for the harvester services:
paster --plugin=ckanext-harvest harvester initdb --config=/etc/ckan/default/production.ini
Script harvesting¶
Running harvesting procedure requires issuing a couple of command lines. It’s handy to create a script file that runs them. We’ll use the same script to run the cron’ed harvest.
Create the file /usr/lib/ckan/run_harvester.sh
and add the following lines:
#!/bin/bash
. /usr/lib/ckan/default/bin/activate
paster --plugin=ckanext-harvest harvester job-all --config=/etc/ckan/default/production.ini
paster --plugin=ckanext-harvest harvester run --config=/etc/ckan/default/production.ini
and make it executable:
chmod +x /usr/lib/ckan/run_harvester.sh
Periodic harvesting¶
Add a cron job for the harvester:
crontab -e -u ckan
Add in the crontab the following line to run the harvesting every 15 minutes:
*/15 * * * * /usr/lib/ckan/run_harvester.sh
Spatial plugin¶
The spatial plugin allows CKAN to harvest spatial metadata (ISO 19139) using the CSW protocol.
Upgrade libxml2¶
Important
As reported on http://docs.ckan.org/projects/ckanext-spatial/en/latest/install.html#when-running-the-spatial-harvesters and https://github.com/okfn/ckanext-spatial :
NOTE: The ISO19139 XSD Validator requires system library libxml2 v2.9 (released Sept 2012).
Check the installed libs using
ll /usr/lib64/libxml*
CentOS¶
On CentOS 7 install the following packages packages:
yum install libxml2-python libxml2-devel libxslt libxslt-devel
DB configuration¶
Add the spatial extension to the ckan
DB:
# su - postgres -c "psql ckan"
ckan=# CREATE EXTENSION postgis;
ckan=# GRANT ALL PRIVILEGES ON DATABASE ckan TO ckan;
ckan=# GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO ckan;
Note
On x86_64 if having issues when creating EXTENSION postgis
with libhdf.so.6
try to create the following symbolic links:
ln -s /usr/lib64/libhdf5.so.7 /usr/lib64/libhdf5.so.6
ln -s /usr/lib64/libhdf5_hl.so.7 /usr/lib64/libhdf5_hl.so.6
Installing ckan spatial¶
As user ckan
:
. /usr/lib/ckan/default/bin/activate
pip install -e git+https://github.com/okfn/ckanext-spatial.git@stable#egg=ckanext-spatial
cd /usr/lib/ckan/default/src/ckanext-spatial/
pip install -r pip-requirements.txt
Init spatial DB¶
Init database, where 4326 is the default SRID:
(pyenv)$ cd /usr/lib/ckan/default/src/ckan
(pyenv)$ paster --plugin=ckanext-spatial spatial initdb 4326 --config=/etc/ckan/default/production.ini
Note
If you get an error saying
ValueError: VDM only works with SQLAlchemy versions 0.4 through 0.7, not: 0.8.3
just reinstall the proper SQLAlchemy version:
pip install -r /usr/lib/ckan/default/src/ckan/requirements.txt
Config¶
Edit file /etc/ckan/default/production.ini
and add the spatial related plugins:
ckan.plugins = [...] spatial_metadata spatial_query csw_harvester
You may also specify the default SRID:
ckan.spatial.srid = 4326
Metadata validation¶
You may force the validation profiles when harvesting:
ckan.spatial.validator.profiles = iso19139,gemini2,constraints
CKAN stops on validation errors by default.
If you want to import also metadata that fails the XSD validation you need to add this line to the
.ini
file:
ckanext.spatial.harvest.continue_on_validation_errors = True
This same behavior can also be defined on a per-source base, setting
continue_on_validation_errors
in the source configuration.
WMS resources validation¶
When importing data, the spatial harvester can optionally check if the WMS services pointed to
the resources are reachable and working. To enable this check, you have to add this line to the
.ini
file:
ckanext.spatial.harvest.validate_wms = true
If the service is working, two extras will be added to the related resource: verified
as True
and verified_date
with the timestamp of the verification.
Configure Spatial search¶
Hint
Ref info page at http://ckan.readthedocs.org/projects/ckanext-spatial/en/latest/spatial-search.html
In order to show the widget for the spatial search, you have to:
- index the bbox in Solr and
- add the spatial search widget
Solr¶
Edit file /etc/ckan/default/production.ini
and add this line to configure the spatial backend:
ckanext.spatial.search_backend = solr
Edit the Solr schema file:
vim /etc/solr/ckan/conf/schema.xml
and add the field
elements:
<fields>
<!-- ... -->
<field name="bbox_area" type="float" indexed="true" stored="true" />
<field name="maxx" type="float" indexed="true" stored="true" />
<field name="maxy" type="float" indexed="true" stored="true" />
<field name="minx" type="float" indexed="true" stored="true" />
<field name="miny" type="float" indexed="true" stored="true" />
</fields>
Then update Solr clause configuration.
As root
, edit the file /etc/solr/ckan/conf/solrconfig.xml
and
update the value of maxBooleanClauses
to 16384.
Restart Solr to make it read the config changes:
systemctl restart tomcat@solr
If your CKAN instance already contained spatial datasets, you may want to reindex the catalog:
. /usr/lib/ckan/default/bin/activate
paster --plugin=ckan search-index rebuild_fast --config=/etc/ckan/default/production.ini
Spatial search widget¶
Edit the file:
vim /usr/lib/ckan/default/src/ckan/ckan/templates/package/search.html
and add
{% snippet "spatial/snippets/spatial_query.html" %}
inside the {% block secondary_content %}
.
You have to restart CKAN to see the search map.
Configure map extents¶
Hint
Ref info page at http://ckan.readthedocs.org/projects/ckanext-spatial/en/latest/spatial-search.html#spatial-search-widget
In order to display the map that shows the extents, edit the file:
vim /usr/lib/ckan/default/src/ckan/ckan/templates/package/read.html
and add
{% set dataset_extent = h.get_pkg_dict_extra(c.pkg_dict, 'spatial', '') %}
{% if dataset_extent %}
{% snippet "spatial/snippets/dataset_map.html", extent=dataset_extent %}
{% endif %}
inside {% block primary_content_inner %}
anywhere after {{ super() }}
.
supervisord configuration¶
CKAN does not provide a default script for autostarting; we’ll use the supervisord deamon to do that.
As root:
yum install supervisor
systemctl enable supervisord
Edit the file /etc/supervisord.conf
and add the following lines to handle CKAN:
[program:ckan]
command=/usr/lib/ckan/default/bin/paster serve /etc/ckan/default/production.ini
user=ckan
autostart=true
autorestart=true
numprocs=1
log_stdout=true
log_stderr=true
stdout_logfile=/var/log/ckan/out.log
stderr_logfile=/var/log/ckan/err.log
logfile=/var/log/ckan/ckan.log
startsecs=10
startretries=3
Add these lines related to the CKAN Harvester:
[program:ckan_gather_consumer]
command=/usr/lib/ckan/default/bin/paster --plugin=ckanext-harvest harvester gather_consumer --config=/etc/ckan/default/production.ini
user=ckan
autostart=true
autorestart=true
numprocs=1
log_stdout=true
log_stderr=true
stdout_logfile=/var/log/ckan/gather_out.log
stderr_logfile=/var/log/ckan/gather_err.log
logfile=/var/log/ckan/gather.log
startsecs=10
startretries=3
[program:ckan_fetch_consumer]
command=/usr/lib/ckan/default/bin/paster --plugin=ckanext-harvest harvester fetch_consumer --config=/etc/ckan/default/production.ini
user=ckan
autostart=true
autorestart=true
numprocs=1
log_stdout=true
log_stderr=true
stdout_logfile=/var/log/ckan/fetch_out.log
stderr_logfile=/var/log/ckan/fetch_err.log
logfile=/var/log/ckan/fetch.log
startsecs=10
startretries=3
Run supervisord:
systemctl start supervisord
Reconfiguring CKAN in a cloned VM¶
If you are configuring a cloned VM, there is no need to review the whole stuff: only a few data should be reconf.
Usually, in a cloned machine, you only need to reconfigure the references to the IP address. Anyway you may set up more stuff as you see fit.
Mandatory reconfig¶
There are a few configurations that may prevent the application to work at all.
As reported in “Solr configuration”, make sure the hostname is resolved somehow.
Also, reconfig the ckan.site_url
property defined in “CKAN configuration”.
Other reconfig¶
If the machine has already run, you may want to clear the CKAN DB, or if security is a concern, you may want to redefine the users and/or their related password. Here a list of what you may want to reset (only related to the CKAN installation):
- Password for PostgreSQL user
ckan
- Password for PostgreSQL user
datastore
- Password for PostgreSQL user
datastorero
- Password for CKAN sysadmin
ckan
- Clear and reinit db
ckan
- Clear and reinit db
datastore
- Clear and reinit Solr index
- Clear redis data
System account ckan
was created as a nologin account so you don’t need to reset any password for it.