May 2011 Notes on Installing Tomcat and the Screen Snapshot Service¶
10-May-2011, KAB - Here are the steps that I used to install Tomcat and the Screen Snapshot Service on novadaq-ctrl-datamon, and the steps to configure Apache HTTPD on datamon to serve requests to it.
General steps:- downloaded apache-tomcat-7.0.12.tar.gz from http://tomcat.apache.org/download-70.cgi
- verified the MD5 sum
- downloaded snapshotWebapp_v1.5b10_java1.6.0_14.tar from http://home.fnal.gov/~biery/snapshot/index.html
- created tomcat_user and tomcat_runner accounts
- I used the
system-config-userssystem utility to do this. - I let system-config-users automatically create UIDs for these two accounts, and I let it create private groups for the two accounts, also.
- I added the tomcat_runner account to the tomcat_user group.
- I used the
- un-tarred the apache-tomcat-7.0.12.tar.gz file to /home/tomcat_user
- un-tarred the snapshotWebapp_v1.5b10_java1.6.0_14.tar file to /home/tomcat_user/apache-tomcat-7.0.12/webapps
- removed the following directories:
- /home/tomcat_user/apache-tomcat-7.0.12/webapps/docs
- /home/tomcat_user/apache-tomcat-7.0.12/webapps/examples/
- /home/tomcat_user/apache-tomcat-7.0.12/webapps/host-manager/
- /home/tomcat_user/apache-tomcat-7.0.12/webapps/manager/
- /home/tomcat_user/apache-tomcat-7.0.12/webapps/ROOT/
- changed permissions for files/directories under /home/tomcat_user/apache-tomcat-7.0.12:
'chmod -R 750 bin conf lib webapps''chmod 750 .''chmod -R 770 logs temp work''chmod 770 webapps/snapshot/images webapps/snapshot/internal'
- created webapps/snapshot/internal/ProducerAccess.xml from webapps/snapshot/internal/ProducerAccess.xml.raw
- modified ProducerAccess.xml so that producers are limited to the following subnets:
- 131.225.52.*
- 131.225.53.*
- 131.225.56.*
- modified ProducerAccess.xml so that producers are limited to the following subnets:
- created webapps/snapshot/internal/SnapshotProducer.jnlp from webapps/snapshot/internal/SnapshotProducer.jnlp.raw
- modified SnapshotProducer.jnlp so that the hostname is set to novadaq-ctrl-datamon.fnal.gov:8083 (in two places!)
- changed all instances of "8080" to "8083" in /home/tomcat_user/apache-tomcat-7.0.12/conf/server.xml
- added the following lines to /home/tomcat_user/.bashrc:
export JAVA_HOME=/usr/java/latestexport JRE_HOME=$JAVA_HOME/jre
- added the following lines to /home/tomcat_runner/.bashrc:
export JAVA_HOME=/usr/java/latestexport JRE_HOME=$JAVA_HOME/jrealias startTomcat="JRE_HOME=/usr/java/latest/jre; /home/tomcat_user/apache-tomcat-7.0.12/bin/startup.sh"alias stopTomcat="JRE_HOME=/usr/java/latest/jre; /home/tomcat_user/apache-tomcat-7.0.12/bin/shutdown.sh"
- created a file called
crontab.filein /home/tomcat_runner/.cron with the following contents:@reboot JRE_HOME=/usr/java/latest/jre; /home/tomcat_user/apache-tomcat-7.0.12/bin/startup.sh
- installed this cron job with the following command:
crontab /home/tomcat_runner/.cron/crontab.file
- ran
startTomcat
- tested which modules are currently compiled into the apache web server:
root@novadaq-ctrl-datamon bin]# pwd /usr/local/apache2/bin [root@novadaq-ctrl-datamon bin]# ./httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_dbm.c mod_authn_anon.c mod_authn_dbd.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_dbm.c mod_authz_owner.c mod_authz_default.c mod_auth_basic.c mod_auth_digest.c mod_dbd.c mod_dumpio.c mod_reqtimeout.c mod_ext_filter.c mod_include.c mod_filter.c mod_substitute.c mod_deflate.c mod_log_config.c mod_log_forensic.c mod_logio.c mod_env.c mod_mime_magic.c mod_cern_meta.c mod_expires.c mod_headers.c mod_ident.c mod_usertrack.c mod_unique_id.c mod_setenvif.c mod_version.c prefork.c http_core.c mod_mime.c mod_dav.c mod_status.c mod_autoindex.c mod_asis.c mod_info.c mod_cgi.c mod_dav_fs.c mod_vhost_alias.c mod_negotiation.c mod_dir.c mod_imagemap.c mod_actions.c mod_speling.c mod_userdir.c mod_alias.c mod_rewrite.c mod_so.c
- found that the proxy module is not include, so started a rebuild of apache
- cd /root/apache2/httpd-2.2.16
- head config.log (Here are the first N lines from the config.log file:)
This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by configure, which was generated by GNU Autoconf 2.65. Invocation command line was $ ./configure --prefix=/usr/local/apache2 --enable-so --enable-cgi --enable-info --enable-rewrite --enable-speling --enable-usertrack --enable-deflate --enable-mime-magic --with-ssl --enable-ssl=shared --enable-setenvif --enable-modules=all
- continuing with the rebuild of apache...
- ./configure --prefix=/usr/local/apache2 --enable-so --enable-cgi --enable-info --enable-rewrite --enable-speling --enable-usertrack --enable-deflate --enable-mime-magic --with-ssl --enable-ssl=shared --enable-setenvif --enable-modules=all --enable-proxy
- make
- make install
- /etc/init.d/apache2 restart
- at this point, apache failed to restart
- this was ultimately found to be caused by too many semaphores owned by novadaq
- the error in the apache log mentioned "no space left on device", and Ron pointed out that that error is sometimes generated when no more semaphores can be created
- after cleaning up the semaphores, we were able to restart apache
- the source of the large number of stale semaphores is believe to be the online monitoring application
- here are the modules that are part of httpd after the build:
[root@novadaq-ctrl-datamon bin]# pwd /usr/local/apache2/bin [root@novadaq-ctrl-datamon bin]# ./httpd -l Compiled in modules: core.c mod_authn_file.c mod_authn_dbm.c mod_authn_anon.c mod_authn_dbd.c mod_authn_default.c mod_authz_host.c mod_authz_groupfile.c mod_authz_user.c mod_authz_dbm.c mod_authz_owner.c mod_authz_default.c mod_auth_basic.c mod_auth_digest.c mod_dbd.c mod_dumpio.c mod_reqtimeout.c mod_ext_filter.c mod_include.c mod_filter.c mod_substitute.c mod_deflate.c mod_log_config.c mod_log_forensic.c mod_logio.c mod_env.c mod_mime_magic.c mod_cern_meta.c mod_expires.c mod_headers.c mod_ident.c mod_usertrack.c mod_unique_id.c mod_setenvif.c mod_version.c mod_proxy.c mod_proxy_connect.c mod_proxy_ftp.c mod_proxy_http.c mod_proxy_scgi.c mod_proxy_ajp.c mod_proxy_balancer.c prefork.c http_core.c mod_mime.c mod_dav.c mod_status.c mod_autoindex.c mod_asis.c mod_info.c mod_cgi.c mod_dav_fs.c mod_vhost_alias.c mod_negotiation.c mod_dir.c mod_imagemap.c mod_actions.c mod_speling.c mod_userdir.c mod_alias.c mod_rewrite.c mod_so.c
- added "rewrite" rules to /usr/local/apache2/htdocs/.htaccess. Here is what the file looks like after the additions:
AuthType Basic AuthName "Usual NOvA user name and password (same as DocDB)" AuthUserFile /usr/local/apache2/auth/.htpasswd Require valid-user SSLRequireSSL # RewriteEngine On RewriteRule ^snapshot/$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/ShowImageList.jsp [P] RewriteRule ^snapshot/index.html$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/ShowImageList.jsp [P] RewriteRule ^snapshot/internal/$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/internal/ [P] RewriteRule ^snapshot/(.*)$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/$1 [P]
- created a /usr/local/apache2/htdocs/snapshot directory
- created a dummy /usr/local/apache2/htdocs/snapshot/index.html file
- created a /usr/local/apache2/htdocs/snapshot/internal directory
- restarted apache one more time (not really needed since the .htaccess file seems to be picked up immediately)
- suggestions for changing Tomcat directory permissions appropriately (http://books.google.com/books?id=bgMKmsXVbTAC&pg=PA225&lpg=PA225&dq=how+to+run+tomcat+from+a+separate+account&source=bl&ots=tpCIODlq_3&sig=R9eHJYa9c0VwdFdS3wlHu9gKPgw&hl=en&ei=T6fBTaXCJcHY0QGs-_G3Cg&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBYQ6AEwAA#v=onepage&q=how%20to%20run%20tomcat%20from%20a%20separate%20account&f=false)