...
Note: When downloading software to install in these instructions, always
download the source code, and avoid binary installers. Binary installers tend
to make inaccurate assumptions about what libraries you have installed on your
system, as well as other problems.1.
- download openssl 0.9.8a source from http://www.openssl.org/source/. follow
...
- the instruction in the INSTALL document, compile and install the
...
- binaries. the default location is /usr/local/ssl. If you want to change it,
...
- run config like this:
Code Block cd /opt tar -xzvf /root/openssl-0.9.8a.tar.gz cd openssl-0.9.8a ./config --prefix=/usr/local/ssl --openssldir=/usr/local/ssl make make install
...
- set up certificates:
...
- get the mitca at http://ca.mit.edu/mitClient.crt and save it as /usr/local/ssl/certs/mitClient.crt
...
- convert mitCA.crt to pem format:
Code Block openssl x509 -in /usr/local/ssl/certs/mitClient.crt -inform DER -outform \ PEM -out /usr/local/ssl/certs/mitCA.pem
- convert mitCA.crt to pem format:
...
- Generate rsa key
- Generate rsa key
...
- This simply generates some random stuff:
Code Block ps > /tmp/foo ps -elf >> /tmp/foo cd /usr/local/ssl/bin ./openssl genrsa -rand /tmp/foo 1024 >/usr/local/ssl/private/`hostname`-key.pem
- This simply generates some random stuff:
...
- Generate request for a certificate
Code Block cd /usr/local/ssl/bin ./openssl req -key /usr/local/ssl/private/`hostname`-key.pem -new \ >../certs/`hostname`-req.pem
- Generate request for a certificate
...
- ##*send the file /usr/local/ssl/certs/`hostname`-req.pem to mitcert@mit.edu,
- ##*send the file /usr/local/ssl/certs/`hostname`-req.pem to mitcert@mit.edu,
...
Code Block Please be aware, the organization (O) is:
...
Massachusetts Institute of Technology
...
and the common name (CN) is the name of the server or
...
service, including the domain name (.mit.edu).
...
Also, some servers, such
...
as Thalia servers, can represent an entire subdomain.
...
These servers will need certificates issued with a wildcard in the domain name, such as \*.isda-thalia-1.mit.edu.
...
...
Remember, if the server is a Thalia server, if will need a wildcard
...
certificate and DNS record for \*.\[hostname\], and if it is doing any type of
...
authentication, it will need a joint client/server certificate to be able
...
to connect to the Shibboleth server (and have end users connect to it as
...
well).
...
- To generate a self signed temporary certificate, add the x509 and
...
- nodes options to the openssl command line.
Code Block cd /usr/local/ssl/bin ./openssl req -key /usr/local/ssl/private/`hostname`-key.pem -new \ -x509 -nodes >../certs/`hostname`-temp.cert
- nodes options to the openssl command line.
...
- When you receive a certificate from MIT Certificates, save it as
...
- /usr/local/ssl/certs/`hostname`-cert.pem
...
- Commands to view cert information:
- to look at a request:
Code Block openssl req -in ./req.pem -text
- to look at a request:
- Commands to view cert information:
...
- to look at the private key:
Code Block openssl rsa -in /usr/local/ssl/private/`hostname`-key.pem -text
- to look at the private key:
...
- to look at the server certificate:
Code Block openssl x509 -in /usr/localx/ssl/certs/`hostname`-cert.pem -text
- to look at the server certificate:
...
- Setup local directory structure and users.
...
- Setup the www user.
Code Block groupadd www useradd -g www -d /home/www -m -r -s /bin/bash www
- Setup the www user.
...
- Set the www user directory structure and copy the config files into place.
Code Block mkdir /home/www/weblib mkdir /home/www/etc cp -a /root/weblib /home/www/weblib scp -r root@trogdor.mit.edu:${REPOS_HOME}/System-configs/www-user/etc /home/www/etc cp /root/map-dev-ws1-new-keytab /home/www/etc/krb/daemon.map-dev-ws1.krb5.keytab chown -R www:www /home/www/etc chmod a-w,o-rx,u+r /home/www/etc/krb/daemon.map-dev-ws1.krb5.keytab
- Set the www user directory structure and copy the config files into place.
...
- Make certain that the library files are put into their correct locations.
Code Block scp -R root@trogdor.mit.edu:${REPOS_HOME}/System-configs/www-user/weblib /home/www/weblib/
- Make certain that the library files are put into their correct locations.
...
- If needed (if this system is going to hold an Alfresco instance, or something similar), setup the repository user.
Code Block groupadd repos useradd -g dbusr -d /home/www -m -r -s /bin/bash repos
- If needed (if this system is going to hold an Alfresco instance, or something similar), setup the repository user.
...
- If needed, setup the database user.
Code Block groupadd dbuser useradd -g dbusr -d /home/www -m -r -s /bin/bash dbusr
- If needed, setup the database user.
...
- set up apache-ssl
...
- download Apache 2.2.4 from apache archive site at
...
...
- Unpack apache 2.2.4 (tar -xzvf) and do "cd httpd-2.2.4"
Code Block cd /opt tar -xzvf /root/httpd-2.2.4.tar.gz cd httpd-2.2.4
- Unpack apache 2.2.4 (tar -xzvf) and do "cd httpd-2.2.4"
...
- compile apache following the instruction in the INSTALL file.
...
- To enable the SSL, do the following:
Code Block ./configure --prefix=/home/www/apache-2.2.4 --enable-ssl \ --with-ssl=/usr/local/ssl \ --enable-modules="most mod_rewrite" make make install ln -s /home/www/apache-2.2.4 /home/www/apache
- To enable the SSL, do the following:
...
- set up mod-jk
...
- download mod-jk 1.2.21 source (previous versions have a security hole
...
- that could allow a remote attacker to execute arbitary code) from
...
- http://tomcat.apache.org/connectors-doc/.
Code Block cd /opt tar -xzvf /root/tomcat-connectors-1.2.21-src.tar.gz cd tomcat-connectors-1.2.21-src
- http://tomcat.apache.org/connectors-doc/.
...
- build and install binaries according to BUILD.txt. apxs is at
...
- /home/www/apache/bin/apxs. mod_jk.so will be put at /home/www/apache/modules
Code Block cd native ./configure --with-apxs=/home/www/apache/bin/apxs --enable-ssl make make install
- /home/www/apache/bin/apxs. mod_jk.so will be put at /home/www/apache/modules
...
- install jdk 1.6 which is required by tomcat 5.5.25
...
- download jdk 1.6 binary at
...
...
- You may need to set the binary file to be executable:
Code Block chmod u+x,u-w jdk-6-linux-i586.bin
- You may need to set the binary file to be executable:
...
- execute the binary installer as root. If it produces a rpm file,
...
- use rpm -ivh to install it.
...
- If you downloaded the straight binary
...
- installer, move to a directory with installed software, such as
...
- /usr/local. Also, you will need to page through a licensing agreement
...
- and type yes to accept it.
Code Block cd /usr/local /root/jdk-6-linux-i586.bin
- and type yes to accept it.
...
- or
Code Block ./jdk-6-linux-i586-rpm.bin rpm -ivh jdk-6-linux-i586
- or
...
- create a file in /etc/profile.d named java_home.sh. It should contain
...
- a line exporting a variable pointing to the Java home directory.
...
- Then
...
- make this file world executable.:
Code Block cat > /etc/profile.d/java_home.sh export JAVA_HOME=/usr/local/jdk1.6.0 ^C chmod a+xr,a-w /etc/profile.d/java_home.sh
- make this file world executable.:
...
- install the SASH Server NOTE: These instructions are written assuming version 2.0.4-BETA of the SASH Server, but this version is not officially supported. We are waiting on version 2.0.4 to become officially supported.
...
- If this is a server ops installed and managed RHEL 4 VM, request that they install the 32 bit NPTL threading libraries, and reboot the VM. If this is a RHEL 5 VM, check the the threading libraries are 32 bit compatible. If this is a physical server, this step can be skipped.
- download sash-server-2.0.4-BETA.tar.gz from: https://portal.sourcelabs.com/?module=download You will need to register and login to the web site to be able to
...
- download the SASH Server.
...
- Also, copy the sashsrv.conf mkInstance, modify-instance-file.sh and mit-worker-consolidater.sh out of the ISDA repository and onto the
...
- machine.
...
- unzip and untar (gunzip , tar -xvf) into your working
...
- directory, such as /home
Code Block cd /home/www tar -xzvf /root/sash-server-2.0.4-BETA.tar.gz ln -s sash-server-2.0.4-BETA sash-server cd sash-server-2.0.4-BETA
- directory, such as /home
...
- Edit /etc/profile.d/sash_home.sh to export a home variable, and set it world executable.
Code Block cat > /etc/profile.d/sash_home.sh export SASHSRV_HOME=/home/www.sash-server-2.0.4-BETA export LD_LIBRARY_PATH=/usr/lib:/home/www/weblib ^c chmod a-w,a+rx /etc/profile.d/sash_home.sh source /etc/profile.d/sash_home.sh
- Edit /etc/profile.d/sash_home.sh to export a home variable, and set it world executable.
...
- Copy the modify instance file and the MIT worker consolidator file into the SASH server bin directory.
Code Block cp /root/mkInstance $SASHSRV_HOME/bin cp /root/modify-instance-file.sh $SASHSRV_HOME/bin cp /root/mit-worker-consolidater.sh $SASHSRV_HOME/bin chmod ug+rx,a-w $SASHSRV_HOME/bin/modify-instance-file.sh $SASHSRV_HOME/bin/mit-worker-consolidater.sh $SASHSRV_HOME/bin/mkInstance
- Copy the modify instance file and the MIT worker consolidator file into the SASH server bin directory.
...
- Copy the sash-2.0-flattened-jars.zip file onto the server and update the commons-io jar file.
Code Block cd ${SASHSRV_HOME}/core/server/webapps/manager/WEB-INF/lib unzip -j /root/sash-2.0-flattened-jars.zip sash-2.0-flattened-jars/commons-io-1.3.1-1.jar
- Copy the sash-2.0-flattened-jars.zip file onto the server and update the commons-io jar file.
...
- Do the configuration:
...
- SASH Server part: cd into the tomcat home directory
Code Block cd $SASHSRV_HOME/conf/template
- SASH Server part: cd into the tomcat home directory
...
- enter the conf directory and create a jk directory
Code Block cd conf mkdir jk cd jk
- enter the conf directory and create a jk directory
...
- copy the workers.properties file from /opt/tomcat-connectors-1.2.21-src/conf and put it in conf/jk.
...
- Also copy the sashsrv.conf template into the template conf directory.
Code Block cp /opt/tomcat-connectors-1.2.21-src/conf/workers.properties \ $SASHSRV_HOME/conf/template/conf/jk cp /root/sashsrv.conf /home/www/sash-server-2.0.4-BETA/conf/template/conf
- Also copy the sashsrv.conf template into the template conf directory.
...
- make certain the following directives in workers.properties are set:
Code Block workers.tomcat_home=%%CATALINA_BASE%% workers.java_home=/usr/local/jdk1.6.0 ps=/ worker.list=ajp13 worker.ajp13.port=%%AJP_PORT%% worker.ajp13.host=localhost worker.ajp13.type=ajp13 worker.ajp13.lbfactor=1 worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers= ajp13
- make certain the following directives in workers.properties are set:
...
- comment out the ajp12 lines in workers.properties.
...
...
- edit conf/server.xml and add the following:
- edit conf/server.xml and add the following:
...
- after <Server port="%%SHUTDOWN_PORT%%" shutdown="SHUTDOWN"> add
Code Block <Listener className="org.apache.jk.config.ApacheConfig" modJk="/home/www/apache/modules/mod_jk.so" jkDebug="info" workersConfig="%%CATALINA_BASE%%/conf/jk/workers.properties" jkLog="%%CATALINA_BASE%%/logs/mod_jk.log"/>
- after <Server port="%%SHUTDOWN_PORT%%" shutdown="SHUTDOWN"> add
...
- after <Engine name="Catalina" defaultHost="localhost">
...
- add
Code Block <Listener className="org.apache.jk.config.ApacheConfig" append="true" />
- add
...
- If this is going to be a Web Services servers, disable direct
...
- connections to the SASH Server and force communications to go through apache,
...
- by commenting out the http port connector block in server.xml:
Code Block <!-- <Connector port="%%HTTP_PORT%%" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" maxSpareThreads="75" enableLookups="false" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" /> -->
- by commenting out the http port connector block in server.xml:
...
- If this is going to be a Thalia server, skip this step.
...
- Uncomment the AJP block in server.xml.
Code Block <!-- An AJP Connector - uncomment if needed --> <Connector port="%%AJP_PORT%%" protocol="AJP/1.3" />
- Uncomment the AJP block in server.xml.
...
- edit tomcat_users.xml, and add the following user definition just
...
- above the '</tomcat-users>' line:
Code Block <role rolename="manager"/> <user username="tomcat" password="*****" roles="tomcat,manager"/>
- above the '</tomcat-users>' line:
...
- be certain to change the password to be the password for the team the server is providing services to.
...
- Check with your groups manager to see what the password
...
- standards for your group are.
...
- Do not cut and paste this password into place, do not use "*****" as a password, etc.
...
- Edit the sashsrv.conf file and add the base port information for JMX. Add it near the bottom, between the AJP base port and the max port range.
Code Block cd $SASHSRV_HOME/conf vi sashsrv.conf # The base port for the JMX handlers - MIT addition # JMX_BASE=9000
- Edit the sashsrv.conf file and add the base port information for JMX. Add it near the bottom, between the AJP base port and the max port range.
...
- Add the JAVA_HOME location to $SASHSRV_HOME/conf/sashsrv.conf. Also
...
- change the ACTIVE_PROBE_PLAN and LD_LIBRARY_PATH to have
...
- $SASH_HOME in their paths. The conf file is read by the startup
...
- script, so putting the variables in will not work. They must be
...
- fully qualified.
...
- Also add recursion to LD_LIBRARY_PATH.
Code Block LD_LIBRARY_PATH=/home/www/sash-server-2.0.4-BETA/lib:${LD_LIBRARY_PATH}
- Also add recursion to LD_LIBRARY_PATH.
...
- Update the www user.
Code Block chown -R www:www /home/www
- Update the www user.
...
- And edit $SASHSRV_HOME/bin/setvars, $SASHSRV_HOME/bin/sash-server.init, and $SASHSRV_HOME/bin/sash-server-CS2.init, and change
...
- the SASHSRV_USER.
Code Block sed -i s:SASHSRV_USER=\"sashsrv\":SASHSRV_USER=\"www\":g $SASHSRV_HOME/bin/setvars sed -i s:SASHSRV_USER=\"sashsrv\":SASHSRV_USER=\"www\":g $SASHSRV_HOME/bin/sash-server.init sed -i s:SASHSRV_USER=\"sashsrv\":SASHSRV_USER=\"www\":g $SASHSRV_HOME/bin/sash-server-CS2.init
- the SASHSRV_USER.
...
- To progate the changes made to the config, delete the default
...
- server container, and create a new one.
Code Block cd $SASHSRV_HOME/servers rm -rf default cd $SASHSRV_HOME/bin ./mkInstance -N default cd $SASHSRV_HOME/servers/default
- server container, and create a new one.
...
- Also create any other server containers that may be needed. Some of the common ones are mitid, roles, moira, sis, and misc.
...
- Set up the
...
- additional directories and files needed for JMX and the standard ISDA/MAP configuration scripts.
Code Block - Run the java_home.sh script and start the SASH Server
Code Block source /etc/profile.d/java_home.sh $SASHSRV_HOME/bin/sashctl all start
- additional directories and files needed for JMX and the standard ISDA/MAP configuration scripts.
...
- Tomcat creates a mod_jk.conf file in ./core/conf/auto/
...
- directorythe first time is runs.
...
- Correct it to point to where mod_jk.so
...
- resides.
- resides.
...
- change
Code Block LoadModule jk_module "/usr/local/apache/libexec/mod_jk.so"
- change
...
- to
Code Block LoadModule jk_module "/home/www/apache/modules/mod_jk.so"
- to
...
- Apache side:
- edit /home/www/apache/conf/httpd.conf
- edit /home/www/apache/conf/httpd.conf
- Apache side:
...
- edit the following directives:
Code Block ServerRoot "/home/www/apache" # change to apache home directory User www # change from daemon Group www # change from daemon Include conf/extra/httpd-vhosts.conf # Uncomment Include conf/extra/httpd-ssl.conf # Uncomment
- edit the following directives:
...
- add to /home/www/apache/conf/httpd.conf, and the bottom of the other includes:
Code Block # SASH Server/mod_jk includes Include /home/www/sash-server-2.0.4-BETA/core/conf/auto/mod_jk.conf <IfModule \!mod_rewrite.c> LoadModule rewrite_module "/home/www/apache/modules/mod_rewrite.so" </IfModule>
- add to /home/www/apache/conf/httpd.conf, and the bottom of the other includes:
...
- edit /home/www/apache/conf/extra/httpd-vhosts.conf to have ONLY one of the
...
- following VirtualHost blocks:
- following VirtualHost blocks:
...
- Thalia:
...
Code Block NameVirtualHost \*:80 <VirtualHost *:80> ServerName \*.isda-thalia2.mit.edu RewriteEngine On RewriteCond %{HTTP_HOST} !^isda-thalia2\.mit\.edu [NC] RewriteCond %{HTTP_HOST} !^test\.isda-thalia2\.mit\.edu [NC] RewriteCond %{HTTP_HOST} !^demo\.isda-thalia2\.mit\.edu [NC] RewriteCond %{HTTP_HOST} !^hst\.isda-thalia2\.mit\.edu [NC] RewriteCond %{HTTP_HOST} !^ap\.isda-thalia2\.mit\.edu [NC] RewriteRule \^/(.*) [http://isda-thalia2.mit.edu/$1] [L,R] </VirtualHost></pre></code>
...
- Web Services - edit for correct server name:
...
Code Block <VirtualHost \*:80> RewriteEngine On RewriteRule \^/(.*) [https://finniganfen.mit.edu/$1] [L,R] </VirtualHost>
...
- To prevent some web applications (such as WarehouseServices) from being redirected to https, add an escape clause between "RewriteEngine On" and the
...
- RewriteRule:
...
Code Block RewriteCond %{REQUEST_URI} !/WarehouseService
...
- edit /home/www/apache/conf/extra/httpd-ssl.conf and alter the following
...
- directives:
Code Block # points to directory with tomcat servers DocumentRoot "/home/www/sash-server-2.0.4-BETA/servers/" # the servername of the server ServerName gybe.mit.edu:443 # the admins of this server ServerAdmin dracus@mit.edu,dongq@mit.edu,dtanner@mit.edu # error log file ErrorLog /home/www/apache/logs/error_log # access log file TransferLog /home/www/apache/logs/access_log # public server certificate SSLCertificateFile /usr/local/ssl/certs/gybe.mit.edu.pem # private server certificate SSLCertificateKeyFile /usr/local/ssl/private/https-key.pem #certificate path SSLCACertificatePath /usr/local/ssl/certs # certificate authority key SSLCACertificateFile /usr/local/ssl/certs/mitCA.pem SSLVerifyClient require SSLVerifyDepth 10
- directives:
...
- add the following after the '<Directory "/home/www/apache/cgi-bin">'
...
- block in /home/www/apache/conf/extras/httpd-ssl.conf
Code Block SSLOptions +StdEnvVars +ExportCertData
- block in /home/www/apache/conf/extras/httpd-ssl.conf
...
- to pass environment variables from apache to tomcat, add the following to
...
- the end of httpd.conf (note, the name for those environment variables might
...
- change between different apache versions. Apache comes with a cgi script in
...
- cgi-bin/printenv. Run this script in your https enabled browser to verify
...
- that these variables still holds).
Code Block JkEnvVar SSL_CLIENT_DN nodefault JkEnvVar SSL_CLIENT_S_DN_CN nodefault JkEnvVar SSL_CLIENT_S_DN_Email nodefault JkEnvVar SSL_CLIENT_S_DN nodefault JkEnvVar HTTP_ACCEPT_LANGUAGE nodefault JkEnvVar SSL_CLIENT_CERT none
- that these variables still holds).
...
- copy the following files to the noted locations. They should be in the ISDA software repository.
...
- MitIdService.jar moves to $SASHSRV_HOME/core/shared/lib
Code Block cp /root/MitIdService.jar $SASHSRV_HOME/core/shared/lib
- MitIdService.jar moves to $SASHSRV_HOME/core/shared/lib
...
- rolesApplicationContext.xml moves to $SASHSRV_HOME/core/shared/classes
Code Block cp /root/rolesApplicationContext.xml $SASHSRV_HOME/core/shared/classes/
- rolesApplicationContext.xml moves to $SASHSRV_HOME/core/shared/classes
...
- install the web init script into /etc/init.d, and place starter links into
...
- the /etc/rc.d/ runlevel directories.
...
- It is in the Software Repository on Trogdor.
- edit the variables in the top section of the web file to use the
...
- directories and binaries correct for this system
...
- be certain to check if apache is using a httpdctl or apachectl starter
...
- program, usually contained in /home/www/apache/bin, and set the apachectl
...
- variable accordingly
...
- set web to be executable
Code Block chmod a+rx,a-w /etc/init.d/web
- set web to be executable
...
- link startweb and stopweb to the web program, from wherever it is
...
- located, and link start scripts in /etc/init.d:
Code Block ln -s /etc/init.d/web /root/startweb ln -s /etc/init.d/web /root/stopweb ln -s /etc/init.d/web /etc/rc.d/rc1.d/K15web ln -s /etc/init.d/web /etc/rc.d/rc2.d/K15web ln -s /etc/init.d/web /etc/rc.d/rc3.d/K15web ln -s /etc/init.d/web /etc/rc.d/rc4.d/K15web ln -s /etc/init.d/web /etc/rc.d/rc5.d/K15web ln -s /etc/init.d/web /etc/rc.d/rc6.d/K15web ln -s /etc/init.d/web /etc/rc.d/rc2.d/S15web ln -s /etc/init.d/web /etc/rc.d/rc3.d/S15web ln -s /etc/init.d/web /etc/rc.d/rc4.d/S15web ln -s /etc/init.d/web /etc/rc.d/rc5.d/S15web
- located, and link start scripts in /etc/init.d:
...
- Copy the SASH Server init file into /etc/init.d
Code Block cp $SASHSRV_HOME/bin/sash-server.init /etc/init.d/sash-server chmod a+rx,a-w /etc/init.d/sash-server
- Copy the SASH Server init file into /etc/init.d
...
- Link the SASH Server init file to runlevels.
Code Block ln -s /etc/init.d/sash-server /etc/rc.d/rc1.d/K16web ln -s /etc/init.d/sash-server /etc/rc.d/rc2.d/K16web ln -s /etc/init.d/sash-server /etc/rc.d/rc3.d/K16web ln -s /etc/init.d/sash-server /etc/rc.d/rc4.d/K16web ln -s /etc/init.d/sash-server /etc/rc.d/rc5.d/K16web ln -s /etc/init.d/sash-server /etc/rc.d/rc6.d/K16web ln -s /etc/init.d/sash-server /etc/rc.d/rc2.d/S16web ln -s /etc/init.d/sash-server /etc/rc.d/rc3.d/S16web ln -s /etc/init.d/sash-server /etc/rc.d/rc4.d/S16web ln -s /etc/init.d/sash-server /etc/rc.d/rc5.d/S16web
- Link the SASH Server init file to runlevels.
...
- Edit /etc/init.d/sash-server and correct the value of SASHSRV_HOME.
...
- update paths in /etc/profile, by adding the following line in the path
...
- manipulation code block (you can find it by searching for /usr/local/sbin)
Code Block pathmunge /usr/local/bin pathmunge /usr/kerberos/bin
...
- If this is an upgrade on a server that had previously had a tomcat on it,
...
- there are additional steps to move necessay files and code to the new
...
- directories.
...
- copy the webapps from the old deploy of tomcat to the new one.
...
- Be certain
...
- to restart the server if it was running previously.
Code Block cd /home/www/sash-server-2.0.4-BETA/servers/$SERVER/webapps
- to restart the server if it was running previously.
...
cp -a geows\* mapws\* mitidws\* uaws\* testcert\* TestRemoteAlfresco\* \ /home/www/sash-server-2.0.4-BETA/servers/$SERVER/webapps
...
- to see the applications deployed in a container that are not part of the
...
- default tomcat install, get a listing of the directory:
Code Block ls -1 --hide=balancer --hide ROOT --hide=jsp-examples \ --hide=servlets-examples --hide=tomcat-docs --hide=webdav
- default tomcat install, get a listing of the directory:
...
- Move the /home/https/weblib directory into /home/www
Code Block mv /home/https/weblib/ /home/www/weblib ln -s /home/www/weblib /home/https/weblib
- Move the /home/https/weblib directory into /home/www
...
- Alternatively, if there is not /home/https/weblib, create a
...
- /home/www/weblib directory
Code Block mkdir /home/www/weblib
- /home/www/weblib directory
...
- Edit /etc/init.d/web to have the following global variable:
Code Block export LD_LIBRARY_PATH=/usr/lib:/home/www/weblib
- Edit /etc/init.d/web to have the following global variable:
...
- Copy the libMitIdNativeClient.so into /home/www/weblib
Code Block cp /root/libMitIdNativeClient.so /home/www/weblib
- Copy the libMitIdNativeClient.so into /home/www/weblib
...
- Restart web services and tomcat
Code Block /etc/init.d/web restart
- Restart web services and tomcat
...
- Set up kerberos daemon principle and service ACLs for the system.
Wiki Markup
...
Send email to accounts@mit.edu and ask for a kerberos principle in the format of daemon.\[hostname\].krb5.keytab.
...
When you receive it, install it in /home/www/etc/krb
...
as daemon.\[hostname\].krb5.keytab.
Wiki Markup
...
Send email to Mark Silis or Jim Repa and request that the kerberos principle above (daemon/\[hostname\].mit.edu@ATHENA.MIT.EDU) be added to the access control
...
list for the databases on Illinois that the web service will be using (often mitid or roles).
...
...
- If this is a Web Services system, install an AFS client, or check that a client is installed. Thalia systems do not need this.
...
- Check if an AFS client is installed by looking at the root directory.
...
- If a client is installed, the afs directory will be near the top.
Code Block ls -l /
- If a client is installed, the afs directory will be near the top.
...
- If an AFS client is not installed, download these packages from the MIT
...
- Athena or Thalia software lockers:
Code Block mit-openafs-setup-1.2-3.noarch.rpm mit-krb-config-1.0-3.noarch.rpm mit-openafs-package.patch
- Athena or Thalia software lockers:
...
- Unless the server is a virtual server.
...
- If this is the case, email server ops to have the virtualized AFS kernel module installed.
...
...
- Use rpm to install these packages, installing the Kerberos
...
- configuration package first.
Code Block rpm -ivh mit-krb-config-1.0-3.noarch.rpm rpm -ivh mit-openafs-setup-1.2-3.noarch.rpm
- configuration package first.
...
- Please note: There are no paths in these commands. Store them in a
...
- conveinent install directory, and cd to it first.
...
- Go to the OpenAFS client binary directory and execute the setup
...
- script.
...
- It will ask if you want the AFS client to be started at boot
...
- time.
...
- Type yes.
Code Block cd /opt/mit-openafs-setup/bin ./setup
- Type yes.
...
- If system is a SMP (multiprocessor) machine, apply the SMP patch before compiling.
Code Block cd /opt/mit-openafs-setup/bin patch < /root/mit-openafs-package.patch ./setup
- If system is a SMP (multiprocessor) machine, apply the SMP patch before compiling.
...
- If this is a Web Services system, install version of moira that uses Kerberos 5. Thalia systems do not need this.
...
- upload moira-rhel4-clients.tar.gz onto the server, and untar to
...
- /usr/local
Code Block cd /usr/local tar -xzvf /root/moira-rhel4-clients.tar.gz
- /usr/local
...
- To start and stop tomcat and apache, use the initialization scripts in
...
- /etc/init.d.
...
- Be certain to leave them running when you are finished.
...
- starting
Code Block /etc/init.d/web start
- starting
...
- stopping
Code Block /etc/init.d/web stop
- stopping