Note: Next revision cycle, start building everything into
$HOME/\[app\]-\[version#\] and creating a symlink to $HOME/\[app\] so that there is
no question about what the current, in use, directory is.
Note: When downloading software to install in these instructions, always
download the source code, and avoid binary installers. Binary installers tend
to make inaccurate assumptions about what libraries you have installed on your
system, as well as other problems.
1. download openssl 0.9.8a source from [http://www.openssl.org/source/]. follow
the instruction in the INSTALL document, compile and install the
binaries. the default location is /usr/local/ssl. If you want to change it,
run config like this:
cd /opt
tar \-xzvf /root/openssl-0.9.8a.tar.gz
cd openssl-0.9.8a
./config \--prefix=/usr/local/ssl \--openssldir=/usr/local/ssl
make
make install
2. set up certificates:
2a: get the mitca at [http://ca.mit.edu/mitClient.crt] and save it as
/usr/local/ssl/certs/mitClient.crt
2b: convert mitCA.crt to pem format:
openssl x509 \-in /usr/local/ssl/certs/mitClient.crt \-inform DER \-outform \
PEM \-out /usr/local/ssl/certs/mitCA.pem
2c: Generate rsa key
This simply generates some random stuff:
ps > /tmp/foo
ps \-elf >> /tmp/foo
cd /usr/local/ssl/bin
./openssl genrsa \-rand /tmp/foo 1024 >/usr/local/ssl/private/`hostname`-key.pem
2d: Generate request for a certificate
\--------------------------------\-
cd /usr/local/ssl/bin
./openssl req \-key /usr/local/ssl/private/`hostname`-key.pem \-new \
>../certs/`hostname`-req.pem
send the file /usr/local/ssl/certs/`hostname`-req.pem to mitcert@mit.edu,
Please be aware, the organization (O) is:
Massachusetts Institute of Technology
and the common name (CN) is the name of the server or
service, including the domain name (.mit.edu). Also, some servers, such
as Thalia servers, can represent an entire subdomain. These servers
will need certificates issued with a wildcard in the domain name, such
as \*.isda-thalia-1.mit.edu.
Remember, if the server is a Thalia server, if will need a wildcard
certificate and DNS record for \*.\[hostname\], and if it is doing any type of
authentication, it will need a joint client/server certificate to be able
to connect to the Shibboleth server (and have end users connect to it as
well).
2db. To generate a self signed temporary certificate, add the x509 and
nodes options to the openssl command line.
cd /usr/local/ssl/bin
./openssl req \-key /usr/local/ssl/private/`hostname`-key.pem \-new \
\-x509 \-nodes >../certs/`hostname`-temp.cert
2e:When you receive a certificate from MIT Certificates, save it as
/usr/local/ssl/certs/`hostname`-cert.pem
2f: to look at a request:
openssl req \-in ./req.pem \-text
to look at the private key:
openssl rsa \-in /usr/local/ssl/private/`hostname`-key.pem \-text
to look at the server certificate:
openssl x509 \-in /usr/localx/ssl/certs/`hostname`-cert.pem \-text
3 set up apache-ssl. Setup local directory structure and users.
3a: download Apache 2.2.4 from apache archive site at. Setup the www user.
[http://archive.apache.org/dist/httpd/]
3b: Unpack apache 2.2.4 (tar \-xzvf) and do "cd httpd-2.2.4"
groupadd www
cd /opt
taruseradd \-xzvf /root/httpd-2.2.4.tar.gzg www \-d /home/www \-m \-r \-s /bin/bash www
3b. cd httpd-2.2.4
3c. compile apache following the instruction in the INSTALL file. If needed (if this system is going to hold an Alfresco instance, or something similar), setup the repository user.
To enable the SSL, do the following:
groupadd repos
./configure \--prefix=/home/apache \--enable-ssl \
useradd \-g dbusr \-d /home/www \--with-ssl=/usr/local/ssl \m \-r \-s /bin/bash repos
3c. If needed, setup the database user.
\--enable-modules="most mod_rewrite"
groupadd dbuser
make
make install
4. set up mod-jk
4a. download mod-jk 1.2.21 source (previous versions have a security hole
that could allow a remote attacker to execute arbitary code) fromuseradd \-g dbusr \-d /home/www \-m \-r \-s /bin/bash dbusr
4 set up apache-ssl
4a: download Apache 2.2.4 from apache archive site at
[http://tomcatarchive.apache.org/connectors-docdist/httpd/].
cd 4b: Unpack apache 2.2.4 (tar \-xzvf) and do "cd httpd-2.2.4"
cd /opt
tar \-xzvf /root/tomcathttpd-connectors-12.2.21-src4.tar.gz
cd tomcathttpd-connectors-12.2.21-src4
4b4c. buildcompile andapache installfollowing binariesthe accordinginstruction to BUILD.txt. apxs is atin the INSTALL file.
/home/apache/bin/apxs. mod_jk.so will be put at /home/apache/modulesTo enable the SSL, do the following:
cd native ./configure \--prefix=/home/www/apache \--enable-ssl \
\--with-ssl=/usr/local/ssl \
\--enable-modules="most mod_rewrite"
make
make install
5. set up mod-jk
5a. download mod-jk 1.2.21 source (previous versions have a security hole
that could allow a remote attacker to execute arbitary code) from
./configure \--with-apxs=/home/apache/bin/apxs \--enable-ssl[http://tomcat.apache.org/connectors-doc/].
cd make/opt
make install
5. install jdk 1.6 which is required by tomcat 5.5.25
tar \-xzvf /root/tomcat-connectors-1.2.21-src.tar.gz
5a. download jdk 1.6 binary at
[http://java.sun.com/javase/downloads/index.jsp]
cd tomcat-connectors-1.2.21-src
5b. Youbuild mayand needinstall tobinaries setaccording the binary file to be executable:
to BUILD.txt. apxs is at
chmod u+x,u-w jdk-6-linux-i586.bin
/home/www/apache/bin/apxs. mod_jk.so will be put at /home/www/apache/modules
5c. execute the binary installer as root.cd native If it produces a rpm file,
use rpm \-ivh to install it. If you downloaded the straight binary
installer, move to a directory with installed software, such as
/usr/local. Also, you will need to page through a licensing agreement
and type yes to accept it.
cd /usr/local
/root/jdk-6-linux-i586.bin
./configure \--with-apxs=/home/www/apache/bin/apxs \--enable-ssl
ormake
./jdk-6-linux-i586-rpm.bin make install
6. install jdk 1.6 which is required by tomcat 5.5.25
6a. download jdk 1.6 binary at
rpm \-ivh jdk-6-linux-i586[http://java.sun.com/javase/downloads/index.jsp]
5d6b. createYou may aneed fileto in /etc/profile.d named java_home.sh. It should containset the binary file to be executable:
chmod u+x,u-w jdk-6-linux-i586.bin
a6c. lineexecute exportingthe abinary variableinstaller pointing to the Java home directoryas root. Then
  If it produces a rpm file,
use rpm \-ivh to install it. makeIf you thisdownloaded filethe world executable.:
straight binary
cat > /etc/profile.d/java_home.sh installer, move to a directory with installed software, such as
export JAVA_HOME=/usr/local/jdk1.6.0. Also, you will need to page through a licensing agreement
\^C and type yes to accept it.
chmod a+xr,a-w /etc/profile.d/java_home.sh
6. install the SASH Server cd /usr/local
NOTE: These instructions are written assuming version 2.0.3 of the SASH Server, but this version has been deprecated. We are waiting on version 2.0.4 to become officially supported.
6a. download /root/jdk-6-linux-i586.bin
or
./jdk-6-linux-i586-rpm.bin
rpm \-ivh jdk-6-linux-i586
6d. create a file in /etc/profile.d named java_home.sh. It should contain
a line exporting a variable pointing to the Java home directory. Then
make this file world executable.:
cat > /etc/profile.d/java_home.sh
export JAVA_HOME=/usr/local/jdk1.6.0
\^C
chmod a+xr,a-w /etc/profile.d/java_home.sh
7. install the SASH Server NOTE: These instructions are written assuming version 2.0.3 of the SASH Server, but this version has been deprecated. We are waiting on version 2.0.4 to become officially supported.
7a. download sash-server-2.0.3-1.noarch.tar.gz from: [https://portal.sourcelabs.com/?module=download]You will need to register and login to the web site to be able to
download the SASH Server. Also, copy the modify-instance-file.sh and mit-worker-consolidater.sh out of the ISDA repository and onto the machine.
7b. unzip and untar (gunzip , tar \-xvf) into your working
directory, such as /home
cd /home/www
tar \-xzvf /root/sash-server-2.0.3-1.noarch.tar.gz
ln \-s sash-server-2.0.3-1 sash-server
cd sash-server-2.0.3-1
7c. Edit /etc/profile.d/sash_home.sh to export a home variable, and set it world executable.
cat > /etc/profile.d/sash_home.sh
export SASHSRV_HOME=/home/www.sash-server-2.0.3-1.noarch.tar.gz from: [https://portal.sourcelabs.com/?module=download]You will need to register and login to the web site to be able to
\^c
chmod a-w,a+rx /etc/profile.d/sash_home.sh
source /etc/profile.d/sash_home.sh
7d. Copy the modify instance file and the MIT worker consolidator file into the SASH server bin directory.
cp /root/modify-instance-file.sh $SASHSRV_HOME/bin
download the SASH Server. Also, copy the cp /root/mit-worker-consolidater.sh $SASHSRV_HOME/bin
chmod ug+rx,a-w $SASHSRV_HOME/bin/modify-instance-file.sh and $SASHSRV_HOME/bin/mit-worker-consolidater.sh out of
7. Do the ISDA repository and onto the machine.configuration:
6b7a. unzipSASH andServer untarpart: (gunzipcd ,into tar \-xvf) into your workingthe tomcat home directory
directory, such as /home
cd $SASHSRV_HOME/conf/template
cd /home 7aa. enter the conf directory and create a jk directory
tar \-xzvf /root/sash-server-2.0.3-1.noarch.tar.gz cd conf
mkdir jk
cd jk
cd sash-server-2.0.3-1
7ab. copy the workers.properties file from
6c. Edit /etc/profile.d/sash_home.sh to export a home variable, and set it world executable.
opt/tomcat-connectors-1.2.21-src/conf and put it in conf/jk
cat >cp /etc/profile.d/sash_home.shopt/tomcat-connectors-1.2.21-src/conf/workers.properties \
export SASHSRV_HOME=/home/sash-server-2.0.3-1
$SASHSRV_HOME/conf/template/conf/jk
\^c
7ac. make certain the following directives in workers.properties are set:
workers.tomcat_home=%%CATALINA_BASE%%
chmod a-w,a+rx /etc/profile.d/sash_home.sh workers.java_home=/usr/local/jdk1.6.0
ps=/
source /etc/profile.d/sash_home.sh
worker.list=ajp13
6d. Copy the modify instance file and the MIT worker consolidator file into the SASH server bin directory.
worker.ajp13.port=%%AJP_PORT%%
worker.ajp13.host=localhost
cp /root/modify-instance-file.sh $SASHSRV_HOME/binworker.ajp13.type=ajp13
worker.ajp13.lbfactor=1
cp /root/mit-worker-consolidater.sh $SASHSRV_HOME/bin
worker.loadbalancer.type=lb chmod ug+rx,a-w $SASHSRV_HOME/bin/modify-instance-file.sh $SASHSRV_HOME/bin/mit-worker-consolidater.sh
7. Do the configuration:
7a. SASH Server part: cd into the tomcat home directory
cd $SASHSRV_HOME/conf/template
7aa. enter the conf directory and create a jk directory
worker.loadbalancer.balanced_workers= ajp13
cd conf
mkdir jk
cd jk
7ab.comment copyout the workers.properties file from
ajp12 lines in workers.properties.
/opt/tomcat-connectors-1.2.21-src/conf and put it in conf/jk
cp /opt/tomcat-connectors-1.2.21-src/conf/workers.properties \
$SASHSRV_HOME/conf/template/conf/jk
7ac. make certain7ad. edit conf/server.xml and add the following directives in workers.properties are set:
:
workers.tomcat_home=%%CATALINA_BASE%% after <Server port="%%SHUTDOWN_PORT%%" shutdown="SHUTDOWN">
workers.java_home=/usr/local/jdk1.6.0
add ps=/
worker.list=ajp13
worker.ajp13.port=%%AJP_PORT%%
worker.ajp13.host=localhost <Listener className="org.apache.jk.config.ApacheConfig"
worker.ajp13.type=ajp13 modJk="/home/www/apache/modules/mod_jk.so" jkDebug="info"
worker.ajp13.lbfactor=1 workersConfig="%%CATALINA_BASE%%/conf/jk/workers.properties"
worker.loadbalancer.type=lb jkLog="%%CATALINA_BASE%%/logs/mod_jk.log"/>
after <Engine name="Catalina" defaultHost="localhost">
add
worker.loadbalancer.balanced_workers= ajp13
<Listener className="org.apache.jk.config.ApacheConfig" append="true" />
7ae. If this is going to be a Web Services servers, disable direct
connections to the SASH Server and force communications to go through apache,
by commenting out the http port connector block in server.xml:
<\!-\-
<Connector port="%%HTTP_PORT%%"
comment out the ajp12 lines in workers.properties.
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
7ad. edit conf/server.xml and add the following:
enableLookups="false" redirectPort="8443" acceptCount="100"
after <Server port="%%SHUTDOWN_PORT%%" shutdown="SHUTDOWN">
add connectionTimeout="20000" disableUploadTimeout="true" />
\-->
<Listener className="org.apache.jk.config.ApacheConfig"
modJk="/home/apache/modules/mod_jk.so" jkDebug="info" If this is going to be a Thalia server, skip this step.
workersConfig="%%CATALINA_BASE%%/conf/jk/workers.properties"7af. Uncomment the AJP block in server.xml.
<\!-\- An AJP Connector - uncomment if needed -->
jkLog<Connector port="%%CATALINA_BASE%%/logs/mod_jk.log"/>
%%AJP_PORT%%"
after <Engine name="Catalina" defaultHost="localhost">
add
<Listener className="org.apache.jk.config.ApacheConfig" append="true" protocol="AJP/1.3" />
7ae7ag. If this is going to be a Web Services servers, disable directedit tomcat_users.xml, and add the following user definition just
connections toabove the SASH Server and force communications to go through apache,'</tomcat-users>' line:
<role rolename="manager"/> by commenting out the http port connector block in server.xml:
<\!-\-
<Connector port="%%HTTP_PORT%%"
maxHttpHeaderSize="8192"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
<user enableLookupsusername="falsetomcat" redirectPortpassword="8443zest2006" acceptCountroles="100tomcat,manager"/>
connectionTimeout="20000" disableUploadTimeout="true" />
\-->
be certain to change the password to be the password for the team
Ifthe thisserver is goingproviding services to. beA aserver Thaliafor server,the skip this step.
Zest group
7af. Uncomment the AJP block in server.xml.
<\!-\- An AJP Connector - uncomment if needed -->
<Connector port="%%AJP_PORT%%" (Web Services machines are usually for the Zest group) would be
'zest2006', and for the Thalia group, 'thalia2006'.
protocol="AJP/1.3" />
7ah. 7ag. edit tomcat_users.xml, Edit the sashsrv.conf file and add the base followingport userinformation definitionfor just
above the '</tomcat-users>' line:JMX. Add it near the bottom, between the AJP base port and the max port range.
<role rolename="manager"/> cd $SASHSRV_HOME/conf
vi sashsrv.conf
# The base port for the JMX handlers - MIT addition
<user username="tomcat" password="zest2006" roles="tomcat,manager"/>
#
be certain to change the password to be the password for the team
JMX_BASE=9000
the server is providing services to7ah. Add the JAVA_HOME location to $SASHSRV_HOME/conf/sashsrv.conf. A server for the Zest groupAlso
(Web Services machines are usually for the Zest group) would be
change the ACTIVE_PROBE_PLAN and LD_LIBRARY_PATH to have
'zest2006', and for the Thalia group, 'thalia2006'. $SASH_HOME in their paths. The conf file is read by the startup
7ah. Addscript, so putting the sashsrv user.
variables in will not work. They must be
useradd \-d $SASHSRV_HOME \-M \-r sashsrv
fully qualified.
7ai. Update the www user.
chown \-R sashsrv:sashsrv $SASHSRV_HOME
7ai. Add the JAVA_HOME location to $SASHSRV_HOME/conf/sashsrv.conf. Alsowww:www /home/www
changeAnd theedit ACTIVE_PROBE_PLAN$SASHSRV_HOME/bin/setvats, $SASHSRV_HOME/bin/sash-server.init, and LD_LIBRARY_PATH to have
$SASHSRV_HOME/bin/sash-server-CS2.init, and change the $SASH_HOME in their paths.
The conf file is read by the startup
script, so putting the variables in will not work. They must be
SASHSRV_USER.
fully qualified.SASHSRV_USER="www"
7aj. To progate the changes made to the config, delete the default
server container, and create a new one.
cd $SASHSRV_HOME/servers
rm \-rf default
cd $SASHSRV_HOME/bin
./mkInstance \-N default
cd $SASHSRV_HOME/servers/default
$SASHSRV_HOME/bin/modify-instance-file.sh /conf/jk/workers.properties $SASHSRV_HOME
7ak. Run the java_home.sh script and start the SASH Server
source /etc/profile.d/java_home.sh
$SASHSRV_HOME/bin/sashctl all start
7am. Tomcat creates a mod_jk.conf file in ./core/conf/auto/ directory
the first time is runs. Correct it to point to where mod_jk.so
resides.
change
LoadModule jk_module "/usr/local/apache/libexec/mod_jk.so"
to
LoadModule jk_module "/home/www/apache/modules/mod_jk.so"
7b. apache side: edit /home/www/apache/conf/httpd.conf
edit the following directives:
ServerRoot "/home/www/apache" # change to apache home directory
User www apache # change from daemon
Group apachewww # change from daemon
Include conf/extra/httpd-vhosts.conf # Uncomment
Include conf/extra/httpd-ssl.conf # Uncomment
7c. add to /home/apache/conf/httpd.conf, and the bottom of the other includes:
# SASH Server/mod_jk includes
Include /home/www/sash-server-2.0.4-BETA/core/conf/auto/mod_jk.conf
7d. edit /home/apache/conf/extra/httpd-vhosts.conf to have ONLY one of the
following VirtualHost blocks:
7d1. Thalia:
NameVirtualHost \*:80
<VirtualHost \*:80>
ServerName \*.isda-thalia2.mit.edu
RewriteEngine On
RewriteCond %
{HTTP_HOST} \!^isda-thalia2\.mit\.edu \[NC\]
RewriteCond %{HTTP_HOST}
\!^test\.isda-thalia2\.mit\.edu \[NC\]
RewriteCond %
{HTTP_HOST} \!^demo\.isda-thalia2\.mit\.edu \[NC\]
RewriteCond %{HTTP_HOST}
\!^hst\.isda-thalia2\.mit\.edu \[NC\]
RewriteCond %
{HTTP_HOST}
\!^ap\.isda-thalia2\.mit\.edu \[NC\]
RewriteRule \^/(.*) [http://isda-thalia2.mit.edu/$1] \[L,R\]
\\
</VirtualHost>
7d2. Web Services - edit for correct server name:
<VirtualHost \*:80>
RedirectPermanent / [https://isda-ws2.mit.edu/]
</VirtualHost>
7e. edit /home/apache/conf/extra/httpd-ssl.conf and alter the following
directives:
DocumentRoot "/home/sash-server-2.0.4-BETA/servers/"
# points to directory with tomcat servers
ServerName gybe.mit.edu:443
# the servername of the server
ServerAdmin dracus@mit.edu,dongq@mit.edu,dtanner@mit.edu
# the admins of this server
ErrorLog /home/www/apache/logs/error_log
# error log file
TransferLog /home/www/apache/logs/access_log
# access log file
SSLCertificateFile /usr/local/ssl/certs/gybe.mit.edu.pem
# public server certificate
SSLCertificateKeyFile /usr/local/ssl/private/https-key.pem
# private server certificate
SSLCACertificatePath /usr/local/ssl/certs
#certificate path
SSLCACertificateFile /usr/local/ssl/certs/mitCA.pem
# certificate authority key
SSLVerifyClient require
SSLVerifyDepth 10
7f. add the following after the '<Directory "/home/www/apache/cgi-bin">'
block in /home/apache/conf/extras/httpd-ssl.conf
SSLOptions \+StdEnvVars \+ExportCertData
8. to pass environment variables from apache to tomcat, add the following to
the end of httpd.conf (note, the name for those environment variables might
change between different apache versions. Apache comes with a cgi script in
cgi-bin/printenv. Run this script in your https enabled browser to verify
that these variables still holds).
JkEnvVar SSL_CLIENT_DN nodefault
JkEnvVar SSL_CLIENT_S_DN_CN nodefault
JkEnvVar SSL_CLIENT_S_DN_Email nodefault
JkEnvVar SSL_CLIENT_S_DN nodefault
JkEnvVar HTTP_ACCEPT_LANGUAGE nodefault
JkEnvVar SSL_CLIENT_CERT none
9. copy the following files to the noted locations. They should be in the ISDA software repository.
9a. MitIdService.jar moves to $SASHSRV_HOME/core/shared/lib
cp /root/MitIdService.jar $SASHSRV_HOME/core/shared/lib
9b. rolesApplicationContext.xml moves to $SASHSRV_HOME/core/shared/classes
cp /root/rolesApplicationContext.xml $SASHSRV_HOME/core/shared/classes/
9c. rootauth moves to /root
10. install the web init script into /etc/init.d, and place starter links into
the /etc/rc.d/ runlevel directories. It should be bundled with this
document.
10a. edit the variables in the top section of the web file to use the
directories and binaries correct for this system
10b. be certain to check if apache is using a httpdctl or apachectl starter
program, usually contained in /home/apache/bin, and set the apachectl
variable accordingly
10c. set web to be executable
chmod a+rx,a-w /etc/init.d/web
10d. link startweb and stopweb to the web program, from wherever it is
located, and link start scripts in /etc/init.d:
ln \-s /etc/init.d/web /root/startweb
ln \-s /etc/init.d/web /root/stopweb
ln \-s /etc/init.d/web /etc/rc.d/rc1.d/K15web
ln \-s /etc/init.d/web /etc/rc.d/rc2.d/K15web
ln \-s /etc/init.d/web /etc/rc.d/rc3.d/K15web
ln \-s /etc/init.d/web /etc/rc.d/rc4.d/K15web
ln \-s /etc/init.d/web /etc/rc.d/rc5.d/K15web
ln \-s /etc/init.d/web /etc/rc.d/rc6.d/K15web
ln \-s /etc/init.d/web /etc/rc.d/rc2.d/S15web
ln \-s /etc/init.d/web /etc/rc.d/rc3.d/S15web
ln \-s /etc/init.d/web /etc/rc.d/rc4.d/S15web
ln \-s /etc/init.d/web /etc/rc.d/rc5.d/S15web
10e. Copy the SASH Server init file into /etc/init.d
cp $SASHSRV_HOME/bin/sash-server.init /etc/init.d/sash-server
chmod a+rx,a-w /etc/init.d/sash-server
10f. Link the SASH Server init file to runlevels.
ln \-s /etc/init.d/sash-server /etc/rc.d/rc1.d/K16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc2.d/K16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc3.d/K16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc4.d/K16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc5.d/K16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc6.d/K16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc2.d/S16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc3.d/S16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc4.d/S16web
ln \-s /etc/init.d/sash-server /etc/rc.d/rc5.d/S16web
10g. Edit /etc/init.d/sash-server and correct the value of SASHSRV_HOME.
11. Add line to /var/spool/cron/root to cause rootauth to run every 15 min, and
freshen the Kerberos tickets.
cat >> /var/spool/cron/root
0,15,30,45 * * * * /root/rootauth
\^C
12. update paths in /etc/profile, by adding the following line in the path
manipulation code block (you can find it by searching for /usr/local/sbin)
pathmunge /usr/local/bin
pathmunge /usr/kerberos/bin
13. If this is an upgrade on a server that had previously had a tomcat on it,
there are additional steps to move necessay files and code to the new
directories.
13a. copy the webapps from the old deploy of tomcat to the new one. Be certain
to restart the server if it was running previously.
cd /home/apache-tomcat-5.5.20
cp \-a geows\* mapws\* mitidws\* uaws\* testcert\* TestRemoteAlfresco\* \
/home/apache-tomcat-5.5.23/webapps/
to see the applications deployed on a server that are not part of the
default tomcat install, get a listing of the directory:
ls \-1 \--hide=balancer \--hide ROOT \--hide=jsp-examples \
\--hide=servlets-examples \--hide=tomcat-docs \--hide=webdav
13b. Move the /home/https/weblib directory into /home
mv /home/https/weblib/ /home/weblib
ln \-s /home/weblib /home/https/weblib
Alternatively, if there is not /home/https/weblib, create a
/home/weblib directory
mkdir /home/weblib
13c. Edit /etc/init.d/web to have the following global variable:
export LD_LIBRARY_PATH=/usr/lib:/home/weblib
13d. Restart web services and tomcat
/etc/init.d/web restart
14. Install an AFS client, or check that a client is installed.
14a. Check if an AFS client is installed by looking at the root directory.
If a client is installed, the afs directory will be near the top.
ls \-l /
14b. If an AFS client is not installed, download these packages from the MIT
Athena or Thalia software lockers:
mit-openafs-setup-1.2-3.noarch.rpm
mit-krb-config-1.0-3.noarch.rpm
mit-openafs-package.patch
Unless the server is a virtual server. If this is the case, email server ops to have the virtualized AFS kernel module installed.
14c. Use rpm to install these packages, installing the Kerberos
configuration package first.
rpm \-ivh mit-krb-config-1.0-3.noarch.rpm
rpm \-ivh mit-openafs-setup-1.2-3.noarch.rpm
Please note: There are no paths in these commands. Store them in a
conveinent install directory, and cd to it first.
14d. Go to the OpenAFS client binary directory and execute the setup
script. It will ask if you want the AFS client to be started at boot
time. Type yes.
cd /opt/mit-openafs-setup/bin
./setup
If system is a SMP (multiprocessor) machine, apply the SMP patch before compiling.
cd /opt/mit-openafs-setup/bin
patch < /root/mit-openafs-package.patch
./setup
15. Install version of moira that uses Kerberos 5
15a. upload moira-rhel4-clients.tar.gz onto the server, and untar to
/usr/local
cd /usr/local
tar \-xzvf /root/moira-rhel4-clients.tar.gz
16. To start and stop tomcat and apache, use the initialization scripts in
/etc/init.d. Be certain to leave them running when you are finished.
starting
/etc/init.d/web start
stopping
/etc/init.d/web stop |