Versions Compared

Old Version 15

changes.mady.by.user Brian F Knoll

Saved on

compared with

New Version Current

changes.mady.by.user Brian F Knoll

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

This

...

is

...

how

...

you

...

modify

...

an

...

Alfresco

...

installation

...

to

...

run

...

as

...

non-root.

...



  1. Enable IP forwarding:
    Code Block
    
echo 1 > /proc/sys/net/ipv4/ip_forward

...

  1.      Also, 
...
  1.  in 
...
  1.  the 
...
  1.  /etc/sysctl.conf, 
...
  1.  make 
...
  1.  sure 
...
  1.  ip 
...
  1.  forwarding 
...
  1.  is 
...
  1.  enabled: 
...

  1.  Code Block
    
net.ipv4.ip_forward = 1

...





  2. Place the following in fileservers-custom.xml: 
...

  1.  Code Block
    
<config evaluator="string-compare" condition="CIFS Server">
	<serverEnable enabled="true"/>
	<tcpipSMB port="1445" platforms="linux"/>
	<sessionTimeout="30" />
	<netBIOSSMB sessionPort="1139" namePort="1137" datagramPort="1138" platforms="linux"/>
</config>

...



  2. Set up iptables redirects: 
     Code Block
    
iptables -t nat -A PREROUTING -p tcp --dport 445 -j REDIRECT --to-ports 1445
iptables -t nat -A PREROUTING -p tcp --dport 139 -j REDIRECT --to-ports 1139
iptables -t nat -A PREROUTING -p udp --dport 137 -j REDIRECT --to-ports 1137
iptables -t nat -A PREROUTING -p udp --dport 138 -j REDIRECT --to-ports 1138

...



  2. Change ownership on the alfresco.pid 
...
  1.  file 
...
  1.  to 
...
  1.  repos: 
...

  1.  Code Block
    
chown repos:repos /var/run/alfresco.pid

...



  2. Make sure the path through /home/www/apache/modules/
...
  1. * 
...
  1.  is 
...
  1.  readable/executable 
...
  1.  by 
...
  1. repos 


  2. Change ownership and permissions on /sbin/mount.cifs 
...
  1.  to 
...
  1.  enable 
...
  1.  mounting 
...
  1.  CIFS 
...
  1.  by 
...
  1.  repos: 
...


  1.  Code Block
    
chown root:repos /sbin/mount.cifs
chmod 4750 /sbin/mount.cifs

...



  2. Add the following line to /etc/fstab: 
...
  1.  Code Block
...
  1. 
//localhost/avm  /home/repos/mnt/this-avm	cifs	user,noauto	0 0

...



  2. In the /etc/security/limits.conf 
...
  1.  file, 
...
  1.  add 
...
  1.  the 
...
  1.  following 
...
  1.  lines: 
...
  1.  Code Block
...
  1. 
repos		soft	nofile		8192
repos		hard	nofile		8192

...





  1.  For the deployment scripts (for the -mitmods version only): 


  2. Note that the deploy scripts need to be updated to use the 1445 port for CIFS (since local traffic is not forwarded). Also, the mount point for CIFS needs to be under /home/repos, 
...
  1.  not 
...
  1.  /mnt. 
...
  1.  For 
...
  1.  whatever 
...
  1.  reason, 
...
  1.  we 
...
  1.  need 
...
  1.  to 
...
  1.  use 
...
  1.  "mount.cifs" 
...
  1.  directly 
...
  1.  instead 
...
  1.  of 
...
  1.  "mount", 
...
  1.  which 
...
  1.  always 
...
  1.  requires 
...
  1.  you 
...
  1.  to 
...
  1.  be 
...
  1.  root 
...
  1.  whether 
...
  1.  the 
...
  1.  SUID 
...
  1.  bit 
...
  1.  is 
...
  1.  there 
...
  1.  or 
...
  1.  not. 
...
  1.  Finally, 
...
  1.  the 
...
  1.  sharename 
...
  1.  must 
...
  1.  be 
...
  1.  "//localhost/avm" 
...
  1.  to 
...
  1.  match 
...
  1.  the 
...
  1.  fstab 
...
  1.  entry. 
...
  1.  Here 
...
  1.  are 
...
  1.  the 
...
  1.  relevant 
...
  1.  changes 
...
  1.  in 
...
  1.  the 
...
  1.  script: 
...
  1.  Code Block
...
  1. 
export MOUNT_POINT=~/mnt/this-avm
# instead of /mnt/this-avm

umount -t cifs //localhost/avm ${MOUNT_POINT}/
# instead of //${HOSTNAME}/avm

mount.cifs //localhost/avm ${MOUNT_POINT}/ -o port=1445,user=${DEPLOY_ALFRESCO_USER}%${DEPLOY_ALFRESCO_PASSWORD}
# "mount.cifs" instead of "mount -t cifs"; "localhost" instead of "${HOSTNAME}"; "port=1445" instead of default behavior (445)

...


  2.  On the remote (linux) 
...
  1.  server, 
...
  1.  identify 
...
  1.  or 
...
  1.  create 
...
  1.  a 
...
  1.  remote 
...
  1.  user 
...
  1.  with 
...
  1.  write 
...
  1.  access 
...
  1.  to 
...
  1.  the 
...
  1.  desired 
...
  1.  deployment 
...
  1.  destination 
...
  1.  path.
...
  1.   Ensure 
...
  1.  that 
...
  1.  the 
...
  1.  root 
...
  1.  account 
...
  1.  on 
...
  1.  the 
...
  1.  Alfresco 
...
  1.  server 
...
  1.  can 
...
  1.  ssh 
...
  1.  as 
...
  1.  this 
...
  1.  user 
...
  1.  to 
...
  1.  the 
...
  1.  remote 
...
  1.  server 
...
  1.  without 
...
  1.  being 
...
  1.  prompted 
...
  1.  for 
...
  1.  a 
...
  1.  password.
...
  1.   If 
...
  1.  this 
...
  1.  is 
...
  1.  not 
...
  1.  already 
...
  1.  set 
...
  1.  up, 
...
  1.  you 
...
  1.  should 
...
  1.  do 
...
  1.  the 
...
  1.  following: 
...

  1.  * 
...
  1.  On 
...
  1.  the 
...
  1.  Alfresco 
...
  1.  server 
...
  1.  as 
...
  1.  *repos*, 
...
  1.  run 
...
  1.  "ssh-keygen 
...
  1.  -t 
...
  1.  dsa" 
...
  1.  and 
...
  1.  accept 
...
  1.  the 
...
  1.  default 
...
  1.  location.
...
  1.   Also, 
...
  1.  leave 
...
  1.  the 
...
  1.  passphrase 
...
  1.  blank 
...
  1.  (maybe 
...
  1.  not 
...
  1.  the 
...
  1.  best 
...
  1.  advice 
...
  1.  but 
...
  1.  I 
...
  1.  want 
...
  1.  to 
...
  1.  ensure 
...
  1.  that 
...
  1.  the 
...
  1.  script 
...
  1.  will 
...
  1.  not 
...
  1.  be 
...
  1.  prompted 
...
  1.  for 
...
  1.  a 
...
  1.  password)
...

  1.  * 
...
  1.  Copy 
...
  1.  the 
...
  1.  generated 
...
  1.  public 
...
  1.  key 
...
  1.  file 
...
  1.  (~/.ssh/id_dsa.pub) 
...
  1. to the remote server (e.g., 
...
  1.  "scp 
...
  1.  ~/.ssh/id_dsa.pub 
...
  1.  REMOTESERVER:")
...

  1.  * 
...
  1.  Log 
...
  1.  into 
...
  1.  the 
...
  1.  remote 
...
  1.  (assumed 
...
  1.  linux) 
...
  1.  server 
...
  1.  as 
...
  1.  the 
...
  1.  remote 
...
  1.  user.
...
  1.   (If 
...
  1.  the 
...
  1.  user 
...
  1.  doesn't 
...
  1.  exist, 
...
  1.  first 
...
  1.  log 
...
  1.  in 
...
  1.  as 
...
  1.  root 
...
  1.  and 
...
  1.  create 
...
  1.  the 
...
  1.  account 
...
  1.  with 
...
  1.  "adduser 
...
  1.  USERNAME")
...

  1.  * 
...
  1.  If 
...
  1.  it 
...
  1.  does 
...
  1.  not 
...
  1.  exist, 
...
  1.  create 
...
  1.  the 
...
  1.  remote 
...
  1.  user's 
...
  1.  .ssh 
...
  1.  directory 
...
  1.  and 
...
  1.  make 
...
  1.  sure 
...
  1.  its 
...
  1.  permissions 
...
  1.  are 
...
  1.  properly 
...
  1.  set.
...
  1.  ("mkdir 
...
  1.  ~/.ssh" 
...
  1.  and 
...
  1.  "chmod 
...
  1.  700 
...
  1.  ~/.ssh")
...

  1.  * 
...
  1.  Append 
...
  1.  the 
...
  1.  generated 
...
  1.  public 
...
  1.  key 
...
  1.  file 
...
  1.  you 
...
  1.  copied 
...
  1.  to 
...
  1.  the 
...
  1.  end 
...
  1.  of 
...
  1.  .ssh/authorized_keys, 
...
  1.  and 
...
  1.  make 
...
  1.  sure 
...
  1.  its 
...
  1.  permissions 
...
  1.  are 
...
  1.  properly 
...
  1.  set.
...
  1.   ("cat 
...
  1.  id_dsa.pub 
...
  1.  >> 
...
  1.  ~/.ssh/authorized_keys" 
...
  1.  and 
...
  1.  "chmod 
...
  1.  600 
...
  1.  ~/.ssh/authorized_keys")
...

  1.  * 
...
  1.  Remove 
...
  1.  the 
...
  1.  generated 
...
  1.  public 
...
  1.  key 
...
  1.  file 
...
  1.  from 
...
  1.  the 
...
  1.  remote 
...
  1.  server 
...
  1.  ("rm 
...
  1.  id_dsa.pub") 
...


  1.  Example: 
...
  1.  Code Block
...
  1. 
adduser deploy_bot    ###note, this is the WEB SERVER "deploy_bot" account, not the ALFRESCO "deploy_bot" account |
mkdir /home/deploy_bot/.ssh; |
chown deploy_bot /home/deploy_bot/.ssh |
chmod 700 /home/deploy_bot/.ssh; |
cat \~/id_dsa.pub >> /home/deploy_bot/.ssh/authorized_keys |
chown deploy_bot /home/deploy_bot/.ssh/authorized_keys |
chmod 600 /home/deploy_bot/.ssh/authorized_keys |
rm \~/id_dsa.pub |
chmod a+rx /home/www |
chmod a+rx /home/www/sash-server |
chmod a+rx /home/www/sash-server/servers/ |
chmod a+rx /home/www/sash-server/servers/alumni/ |
chown deploy_bot /home/www/sash-server/servers/alumni/webapps |
chown deploy_bot /home/www/sash-server/servers/alumni/webapps/ROOT |

...
  1.  * 
...
  1.  Log 
...
  1.  out 
...
  1.  of 
...
  1.  the 
...
  1.  remote 
...
  1.  server
...

  1.  * 
...
  1.  Test 
...
  1.  by 
...
  1.  logging 
...
  1.  into 
...
  1.  the 
...
  1.  Alfresco 
...
  1.  server 
...
  1.  as 
...
  1.  *repos
...
  1. * 
...
  1.  and 
...
  1.  running 
...
  1.  "ssh 
...
  1.  -l 
...
  1.  USERNAME 
...
  1.  REMOTESERVER".
...
  1.   If 
...
  1.  you 
...
  1.  get 
...
  1.  in 
...
  1.  as 
...
  1.  the 
...
  1.  remote 
...
  1.  user 
...
  1.  without 
...
  1.  being 
...
  1.  prompted 
...
  1.  for 
...
  1.  a 
...
  1.  password, 
...
  1.  congratulations.
...
  1.    Note:
...
  1.  in this 
...
  1.  step, 
...
  1.  accept 
...
  1.  the 
...
  1.  host 
...
  1.  key.
...
  1.   This 
...
  1.  stores 
...
  1.  the 
...
  1.  host 
...
  1.  key 
...
  1.  in 
...
  1.  known_hosts 
...
  1.  and 
...
  1.  is 
...
  1.  actually 
...
  1.  important, 
...
  1.  since 
...
  1.  you 
...
  1.  don't 
...
  1.  want 
...
  1.  the 
...
  1.  deployment 
...
  1.  script 
...
  1.  to 
...
  1.  be 
...
  1.  prompted 
...
  1.  to 
...
  1.  accept 
...
  1.  or 
...
  1.  not 
...
  1.  accept 
...
  1.  the 
...
  1.  host 
...
  1.  key. 
...