Differences

This shows you the differences between two versions of the page.

Link to this comparison view

installation:software-components [2019/08/01 09:10] (current)
tjotov created
Line 1: Line 1:
 +====== Software Components ======
  
 +===== PostgreSQL =====
 +
 +==== Software Installation ====
 +
 +Configure repository: On CentOS: /​etc/​yum.repos.d/​CentOS-Base.repo,​ [base] and [updates] sections
 +<sxh bash>
 +exclude=postgresql*
 +</​sxh>​
 +
 +<codedoc code:​bash>​
 +yum install ~~codedoc:​clean:​https://​download.postgresql.org/​pub/​repos/​yum/​9.6/​redhat/​rhel-7-x86_64/​pgdg-redhat96-9.6-3.noarch.rpm~~
 +
 +yum install postgresql96 postgresql96-server postgresql96-devel postgresql-jdbc
 +#
 +/​usr/​pgsql-9.6/​bin/​postgresql96-setup initdb
 +systemctl enable postgresql-9.6.service
 +systemctl start postgresql-9.6.service
 +</​codedoc>​
 +
 +==== DB configuration ====
 +Roles after installation
 +<codedoc code:​bash>​
 +su - postgres
 +createuser -l -s root
 +vi /​var/​lib/​pgsql/​9.6/​data/​pg_hba.conf
 +</​codedoc>​
 +
 +<sxh bash>
 +# IPv4 local connections:​
 +host    all             ​all ​            ​10.0.0.0/​8 ​             md5
 +host    all             ​all ​            ​127.0.0.1/​32 ​           trust
 +</​sxh>​
 +
 +<codedoc code:​bash>​
 +logout
 +</​codedoc>​
 +
 +
 +===== Java =====
 +==== Software Installation ====
 +**Experimentally you can omit this part**
 +
 +//Oracle distribution policy has changed//
 +
 +Java 1.8.0_151
 +
 +GET JAVA 1.8.0_151 JRE RPM from Oracle at \\
 +http://​www.oracle.com/​technetwork/​java/​javase/​downloads/​java-archive-javase8-2177648.html \\
 +or \\
 +http://​download.oracle.com/​otn/​java/​jdk/​8u151-b12/​e758a0de34e24606bca991d704f6dcbf/​jre-8u151-linux-x64.rpm
 +
 +Newer versions of 1.8 will probably work, too.
 +
 +<sxh bash>
 +yum localinstall jre-8u151-linux-x64.rpm
 +
 +==== Software Configuration ====
 + 
 +alternatives --install /​usr/​bin/​java java /​usr/​java/​default/​bin/​java 180151 \
 + ​--slave /​usr/​bin/​keytool keytool /​usr/​java/​default/​bin/​keytool ​            \
 + ​--slave /​usr/​bin/​orbd orbd /​usr/​java/​default/​bin/​orbd ​                     \
 + ​--slave /​usr/​bin/​pack200 pack200 /​usr/​java/​default/​bin/​pack200 ​            \
 + ​--slave /​usr/​bin/​rmid rmid /​usr/​java/​default/​bin/​rmid ​                     \
 + ​--slave /​usr/​bin/​rmiregistry rmiregistry /​usr/​java/​default/​bin/​rmiregistry \
 + ​--slave /​usr/​bin/​servertool servertool /​usr/​java/​default/​bin/​servertool ​   \
 + ​--slave /​usr/​bin/​tnameserv tnameserv /​usr/​java/​default/​bin/​tnameserv ​      \
 + ​--slave /​usr/​bin/​unpack200 unpack200 /​usr/​java/​default/​bin/​unpack200 ​      \
 + ​--slave /​usr/​lib/​jvm/​jre jre /​usr/​java/​default
 + 
 +alternatives --config java
 +# select /​usr/​java/​default/​bin/​java
 +</​sxh>​
 +
 +===== Tomcat =====
 +
 +Tomcat 9.0.6 installation bash commands:
 +<sxh bash>
 +# A | installation
 +cd ~
 +mkdir development
 +cd development
 +wget https://​archive.apache.org/​dist/​tomcat/​tomcat-9/​v9.0.6/​bin/​apache-tomcat-9.0.6.tar.gz
 +
 +# install tomcat to the /opt/tomcat directory
 +mkdir /​opt/​apache-tomcat-9.0.6
 +tar xvf apache-tomcat-9*tar.gz -C /​opt/​apache-tomcat-9.0.6 --strip-components=1
 +# symlink /opt/tomcat to /​opt/​apache-tomcat-9.0.6
 +ln -s /​opt/​apache-tomcat-9.0.6 /opt/tomcat
 + 
 +# B | create tomcat user :: should be run as an unprivileged user
 +# 1. create a new tomcat group
 +groupadd tomcat
 + 
 +# 2. create a tomcat user ::
 +# member of the tomcat group, home directory of /opt/tomcat (install), shell of /bin/false (nobody login)
 +useradd -M -s /​sbin/​nologin -g tomcat -d /opt/tomcat tomcat
 + 
 +# C | update permissions :: proper access to the tomcat installation
 +cd /opt/tomcat
 + 
 +# tomcat group ownership over the entire installation directory
 +chgrp -R tomcat /opt/tomcat
 + 
 +# tomcat group read access to the conf directory, and execute access to the directory
 +chmod -R g+r conf
 +chmod g+x conf
 + 
 +# make the tomcat user the owner of the directories
 +chown -R tomcat webapps/ work/ temp/ logs/
 +chown -R tomcat /opt/tomcat
 +chown -R tomcat /​opt/​apache-tomcat-9.0.6
 + 
 +# D | install systemd unit file
 +# create and open unit file service
 +#vi /​usr/​lib/​systemd/​system/​tomcat9.service
 +echo \
 +"​[Unit]
 +Description=Apache Tomcat 9.0.x Servlet Container
 +After=syslog.target network.target
 + 
 +[Service]
 +User=tomcat
 +Group=tomcat
 +Type=forking
 +Environment=JAVA_HOME=/​usr/​java/​default
 +#​Environment=JAVA_HOME=/​usr/​lib/​jvm/​jre
 +Environment=CATALINA_PID=/​opt/​tomcat/​tomcat.pid
 +Environment=CATALINA_HOME=/​opt/​tomcat
 +Environment=CATALINA_BASE=/​opt/​tomcat
 +ExecStart=/​opt/​tomcat/​bin/​tomcat-startup.sh
 +ExecStop=/​opt/​tomcat/​bin/​tomcat-shutdown.sh
 + 
 +[Install]
 +WantedBy=multi-user.target"​ >/​usr/​lib/​systemd/​system/​tomcat9.service
 +
 +# Prepare config files
 +# /​opt/​tomcat/​bin/​tomcat-startup.sh
 +echo \
 +"#​!/​bin/​bash -x
 +cd $CATALINA_BASE
 +./​bin/​startup.sh"​ >/​opt/​tomcat/​bin/​tomcat-startup.sh
 + 
 +# /​opt/​tomcat/​bin/​tomcat-shutdown.sh
 +echo \
 +"#​!/​bin/​bash -x
 +cd $CATALINA_BASE
 +./​bin/​shutdown.sh"​ >/​opt/​tomcat/​bin/​tomcat-shutdown.sh
 + 
 +# /​opt/​tomcat/​bin/​setenv.sh
 +# The Dcom.sun.management lines are just voluntarily,​ in case you want monitor Tomcat
 +# *** Check validity of Xms-Xmx settings in your environment ***
 +echo \
 +"​CATALINA_OPTS="​-server \
 + ​-Dcom.sun.management.jmxremote.port=8086 \
 + ​-Dcom.sun.management.jmxremote.ssl=false \
 + ​-Dcom.sun.management.jmxremote.authenticate=false \
 + ​-Djava.security.egd=file:/​dev/​./​urandom -Djava.awt.headless=true \
 + ​-Xms2g -Xmx2g \
 + ​-XX:​+UseG1GC \
 + ​-XX:​+UseStringDeduplication \
 + ​-XX:​MaxGCPauseMillis=100 \
 + "​ >/​opt/​tomcat/​bin/​setenv.sh
 +
 +# make the scripts executable
 +chmod +x /​opt/​tomcat/​bin/​*.sh
 +</​sxh> ​
 +
 +Add ${catalina.home}/​conf to the common.loader values in the catalina.properties file and modify last two lines of the file to somewhat speed Tomcat startup
 + 
 +<​codedoc> ​
 +vi /​opt/​tomcat/​conf/​catalina.properties
 +</​codedoc>​
 +
 +<sxh bash> ​
 +common.loader="​${catalina.base}/​lib","​${catalina.base}/​lib/​*.jar","​${catalina.home}/​lib","​${catalina.home}/​lib/​*.jar","​${catalina.home}/​conf"​
 +# ... 
 +tomcat.util.scan.StandardJarScanFilter.jarsToSkip=*.jar
 +tomcat.util.scan.StandardJarScanFilter.jarsToScan=jstl-*.jar,​spring-webmvc-*.jar,​web_platform-*.jar
 +</​sxh> ​
 + 
 +reload Systemd to load the tomcat9 unit file
 +
 +<codedoc code:​bash>​
 +systemctl daemon-reload
 +systemctl enable tomcat9.service
 +</​codedoc>​
 +Start tomcat9 service. This is only to check, if everything goes well
 +<codedoc code:​bash>​
 +systemctl start tomcat9.service
 +systemctl -l status tomcat9.service
 +</​codedoc>​
 +Delete all default webapps
 +<codedoc code:​bash>​
 +systemctl stop tomcat9.service
 +cd /​opt/​tomcat/​webapps
 +rm -rf *
 +</​codedoc>​
 + 
 +Optional: ​
 +  * change the port of tomcat webserver in case of conflicts
 +  * search for <​Connector port="​8080"​ ...
 + 
 +# NOT used in this release
 +<codedoc code:​bash>​
 +vi /​opt/​tomcat/​conf/​server.xml
 + 
 +    <!-- ADUCID AJP options -->
 +    <​Connector port="​8009"​ protocol="​AJP/​1.3"​ enableLookups="​false"​
 +      acceptCount="​300"​ redirectPort="​8443"​
 +      keepAliveTimeout="​7000"​ connectionTimeout="​10000"​ URIEncoding="​UTF-8"​ />
 +  ​
 +</​codedoc>​
 +
 +===== Apache =====
 +==== Software Installation ====
 +CodeIT Apache 2.4 and related modules
 +
 +Download CodeIT Apache 2.4.25 (NOT NEWER) RPMs from %%https://​repo.codeit.guru/​packages/​centos/​7/​x86_64/​%%. Put them into selected directory (/​root/​apache/​CodeIT) and from it yum localinstall one module after another, to prevent installation from external repositories.
 +
 +Except for modules libnghttp2 and apr-util. They will be downloaded from the epel-release repository.
 +
 +<codedoc code:​bash>​
 +cd ~
 +mkdir -p apache/​CodeIT
 +cd apache/​CodeIT
 +
 +wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​apr-1.5.2-1.el7.codeit.x86_64.rpm
 +wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​httpd-2.4.25-3.el7.codeit.x86_64.rpm
 +wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm
 +wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm
 +wget ~~codedoc:​clean:​https:​~~//​repo.codeit.guru/​packages/​centos/​7/​x86_64/​mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm
 + 
 +yum -y localinstall apr-1.5.2-1.el7.codeit.x86_64.rpm
 +yum -y localinstall httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm
 +yum -y localinstall httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm
 +yum -y localinstall httpd-2.4.25-3.el7.codeit.x86_64.rpm
 +yum -y localinstall mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm
 + 
 +rpm -qa | grep codeit
 +# you should see this:
 +httpd-tools-2.4.25-3.el7.codeit.x86_64
 +apr-1.5.2-1.el7.codeit.x86_64
 +mod_ssl-2.4.25-3.el7.codeit.x86_64
 +httpd-filesystem-2.4.25-3.el7.codeit.noarch
 +httpd-2.4.25-3.el7.codeit.x86_64
 + 
 +rpm -qa | grep http2
 +# you should see this:
 +libnghttp2-1.31.1-1.el7.x86_64
 +</​codedoc>​
 +
 +==== System variables setting ====
 + 
 +<codedoc code:​bash>​
 +vi /​usr/​lib/​systemd/​system/​httpd.service
 +</​codedoc>​
 +
 +Modify file commenting out the Environment line and add the next one:
 +<sxh bash; highlight: [7,​8]> ​
 +[Unit]
 +Description=The Apache HTTP Server
 +After=network.target remote-fs.target nss-lookup.target
 +
 +[Service]
 +Type=notify
 +#​Environment=LANG=C
 +EnvironmentFile=/​etc/​sysconfig/​httpd
 +
 +ExecStart=/​usr/​sbin/​httpd $OPTIONS -DFOREGROUND
 +ExecReload=/​usr/​sbin/​httpd $OPTIONS -k graceful
 +# Send SIGWINCH for graceful stop
 +KillSignal=SIGWINCH
 +KillMode=mixed
 +PrivateTmp=true
 +
 +[Install]
 +WantedBy=multi-user.target
 +</​sxh> ​
 +
 +Modify /​etc/​sysconfig/​httpd
 +   
 +<sxh bash>
 +echo '​LANG=C'​ >>/​etc/​sysconfig/​httpd
 +echo '​OPENAAA_PROTOCOL="​aaa"'​ >>/​etc/​sysconfig/​httpd
 +echo '​OPENAAA_HANDLER="/​usr/​local/​bin/​aducid"'​ >>/​etc/​sysconfig/​httpd
 +echo OPENAAA_AUTHORITY=\"​`hostname`\"​ >>/​etc/​sysconfig/​httpd
 +tail -3 /​etc/​sysconfig/​httpd ​
 +</​sxh> ​
 +
 +
 +==== Config files settings ==== 
 +
 +They are in /etc/httpd.
 +
 +<codedoc code:​bash>​
 +vi /​etc/​httpd/​conf/​httpd.conf
 +</​codedoc>​
 +
 +<sxh bash; highlight: [4,​9,​17,​20,​21,​22,​23]> ​
 +### Keep the Include conf.modules.d/​*.conf setting in the file,
 +### but append one line in front of it, so the result will be:
 +# ...
 +Loadfile "/​usr/​lib64/​libssl.so.10"​
 +Include conf.modules.d/​*.conf
 +# ...
 + 
 +### Fill in your DNS server name
 +ServerName your.server.dnsname:​80
 + 
 +### Choose desired log level   
 +LogLevel info
 +
 +# Supplemental configuration is commented out
 +#
 +# Load config files in the "/​etc/​httpd/​conf.d"​ directory, if any.
 +#​IncludeOptional conf.d/​*.conf
 +
 +# Place these three lines at the end of file
 +TraceEnable Off
 +Include /​opt/​aaa/​conf/​aducid-aaa.conf
 +Include /​opt/​aaa/​conf/​aducid-aim.conf
 +Include /​opt/​aaa/​conf/​aducid-error-pages.conf
 +</​sxh>​
 +Modules from directory conf.d are **NOT USED**.
 +
 +Modules from directory conf.modules.d:​ some were left intact, some put away, some changed.
 +
 +<codedoc code:​bash>​
 +cd /​etc/​httpd/​conf.modules.d/​
 +mv 00-optional.conf 00-optional.conf.xxx
 +mv 00-lua.conf 00-lua.conf.xxx
 +mv 00-dav.conf 00-dav.conf.xxx
 +</​codedoc>​
 + 
 +<sxh bash> ​
 +cat 00-mpm.conf | grep prefork
 +LoadModule mpm_prefork_module modules/​mod_mpm_prefork.so
 +</​sxh> ​
 + 
 +<sxh bash>
 +echo \
 +"# This file configures all the proxy modules:
 +LoadModule proxy_module modules/​mod_proxy.so
 +#LoadModule lbmethod_bybusyness_module modules/​mod_lbmethod_bybusyness.so
 +#LoadModule lbmethod_byrequests_module modules/​mod_lbmethod_byrequests.so
 +#LoadModule lbmethod_bytraffic_module modules/​mod_lbmethod_bytraffic.so
 +#LoadModule lbmethod_heartbeat_module modules/​mod_lbmethod_heartbeat.so
 +LoadModule proxy_ajp_module modules/​mod_proxy_ajp.so
 +#LoadModule proxy_balancer_module modules/​mod_proxy_balancer.so
 +#LoadModule proxy_connect_module modules/​mod_proxy_connect.so
 +#LoadModule proxy_express_module modules/​mod_proxy_express.so
 +#LoadModule proxy_fcgi_module modules/​mod_proxy_fcgi.so
 +#LoadModule proxy_fdpass_module modules/​mod_proxy_fdpass.so
 +#LoadModule proxy_ftp_module modules/​mod_proxy_ftp.so
 +LoadModule proxy_http_module modules/​mod_proxy_http.so
 +#LoadModule proxy_hcheck_module modules/​mod_proxy_hcheck.so
 +#LoadModule proxy_scgi_module modules/​mod_proxy_scgi.so
 +#LoadModule proxy_wstunnel_module modules/​mod_proxy_wstunnel.so"​ > 00-proxy.conf ​
 +</​sxh> ​
 + 
 +<codedoc code:​bash>​
 +vi 00-base.conf
 +</​codedoc>​
 +
 +<sxh bash; highlight: [9]> ​
 +echo \
 +"#
 +# This file loads most of the modules included with the Apache HTTP
 +# Server itself.
 +#
 + 
 +# This module is substantional
 +# as it communicates with other ADUCID non-Apache components
 + 
 +LoadModule authnz_ssl_module /​usr/​lib64/​openaaa/​modules/​mod_authnz_ssl.so
 + 
 +# other modules as you like/need
 +LoadModule access_compat_module modules/​mod_access_compat.so
 +#LoadModule actions_module modules/​mod_actions.so
 +LoadModule alias_module modules/​mod_alias.so
 +#LoadModule allowmethods_module modules/​mod_allowmethods.so
 +#LoadModule auth_basic_module modules/​mod_auth_basic.so
 +#LoadModule auth_digest_module modules/​mod_auth_digest.so
 +#LoadModule authn_anon_module modules/​mod_authn_anon.so
 +LoadModule authn_core_module modules/​mod_authn_core.so
 +#LoadModule authn_dbd_module modules/​mod_authn_dbd.so
 +#LoadModule authn_dbm_module modules/​mod_authn_dbm.so
 +#LoadModule authn_file_module modules/​mod_authn_file.so
 +LoadModule authn_socache_module modules/​mod_authn_socache.so
 +LoadModule authz_core_module modules/​mod_authz_core.so
 +#LoadModule authz_dbd_module modules/​mod_authz_dbd.so
 +#LoadModule authz_dbm_module modules/​mod_authz_dbm.so
 +LoadModule authz_groupfile_module modules/​mod_authz_groupfile.so
 +LoadModule authz_host_module modules/​mod_authz_host.so
 +#LoadModule authz_owner_module modules/​mod_authz_owner.so
 +LoadModule authz_user_module modules/​mod_authz_user.so
 +LoadModule autoindex_module modules/​mod_autoindex.so
 +LoadModule cache_module modules/​mod_cache.so
 +#LoadModule cache_disk_module modules/​mod_cache_disk.so
 +LoadModule cache_socache_module modules/​mod_cache_socache.so
 +LoadModule data_module modules/​mod_data.so
 +#LoadModule dbd_module modules/​mod_dbd.so
 +#LoadModule deflate_module modules/​mod_deflate.so
 +LoadModule dir_module modules/​mod_dir.so
 +#LoadModule dumpio_module modules/​mod_dumpio.so
 +#LoadModule echo_module modules/​mod_echo.so
 +LoadModule env_module modules/​mod_env.so
 +#LoadModule expires_module modules/​mod_expires.so
 +#LoadModule ext_filter_module modules/​mod_ext_filter.so
 +LoadModule filter_module modules/​mod_filter.so
 +LoadModule headers_module modules/​mod_headers.so
 +LoadModule http2_module modules/​mod_http2.so
 +LoadModule include_module modules/​mod_include.so
 +LoadModule info_module modules/​mod_info.so
 +LoadModule log_config_module modules/​mod_log_config.so
 +LoadModule logio_module modules/​mod_logio.so
 +#LoadModule macro_module modules/​mod_macro.so
 +#LoadModule mime_magic_module modules/​mod_mime_magic.so
 +LoadModule mime_module modules/​mod_mime.so
 +LoadModule negotiation_module modules/​mod_negotiation.so
 +#LoadModule remoteip_module modules/​mod_remoteip.so
 +LoadModule reqtimeout_module modules/​mod_reqtimeout.so
 +LoadModule request_module modules/​mod_request.so
 +LoadModule rewrite_module modules/​mod_rewrite.so
 +LoadModule setenvif_module modules/​mod_setenvif.so
 +#LoadModule slotmem_plain_module modules/​mod_slotmem_plain.so
 +#LoadModule slotmem_shm_module modules/​mod_slotmem_shm.so
 +#LoadModule socache_dbm_module modules/​mod_socache_dbm.so
 +LoadModule socache_memcache_module modules/​mod_socache_memcache.so
 +LoadModule socache_shmcb_module modules/​mod_socache_shmcb.so
 +LoadModule status_module modules/​mod_status.so
 +LoadModule substitute_module modules/​mod_substitute.so
 +#LoadModule suexec_module modules/​mod_suexec.so
 +#LoadModule unique_id_module modules/​mod_unique_id.so
 +LoadModule unixd_module modules/​mod_unixd.so
 +#LoadModule userdir_module modules/​mod_userdir.so
 +LoadModule version_module modules/​mod_version.so
 +#LoadModule vhost_alias_module modules/​mod_vhost_alias.so
 +#LoadModule watchdog_module modules/​mod_watchdog.so"​ > 00-base.conf
 +</​sxh>​
 +
 +==== Further steps ====
 +**Prepare SSL certificates**
 +
 +Certificates for SSL communication (like other parameters of SSL/TLS communication) need to be set in the file /​opt/​aaa/​conf/​aducid-aaa.conf,​ that will be installed during ADUCID software install phase. At this point, just make sure, that you have these certificates ready.
 +
 +Example files:
 +
 +<sxh bash>
 +SSLCertificateFile ​     /​opt/​aaa/​certs/​wild.aducid.com.crt
 +SSLCertificateKeyFile ​  /​opt/​aaa/​certs/​wild.aducid.com.key
 +SSLCertificateChainFile /​opt/​aaa/​certs/​Thawte.CA.Intermediate.SHA256.crt
 +SSLCACertificateFile ​   /​opt/​aaa/​certs/​Thawte.CA.Primary.Root.G3.crt
 +</​sxh>​
 +
 +**Enable on system startup**
 +<codedoc code:​bash>​
 +systemctl daemon-reload
 +systemctl enable httpd.service
 +</​codedoc>​
  • installation/software-components.txt
  • Last modified: 2019/08/01 09:10
  • by tjotov