Project

General

Profile

May 2011 Notes on Installing Tomcat and the Screen Snapshot Service

10-May-2011, KAB - Here are the steps that I used to install Tomcat and the Screen Snapshot Service on novadaq-ctrl-datamon, and the steps to configure Apache HTTPD on datamon to serve requests to it.

General steps:
  1. downloaded apache-tomcat-7.0.12.tar.gz from http://tomcat.apache.org/download-70.cgi
    • verified the MD5 sum
  2. downloaded snapshotWebapp_v1.5b10_java1.6.0_14.tar from http://home.fnal.gov/~biery/snapshot/index.html
From the root account on novadaq-ctrl-datamon:
  1. created tomcat_user and tomcat_runner accounts
    • I used the system-config-users system utility to do this.
    • I let system-config-users automatically create UIDs for these two accounts, and I let it create private groups for the two accounts, also.
    • I added the tomcat_runner account to the tomcat_user group.
From the tomcat_user account on novadaq-ctrl-datamon:
  1. un-tarred the apache-tomcat-7.0.12.tar.gz file to /home/tomcat_user
  2. un-tarred the snapshotWebapp_v1.5b10_java1.6.0_14.tar file to /home/tomcat_user/apache-tomcat-7.0.12/webapps
  3. removed the following directories:
    • /home/tomcat_user/apache-tomcat-7.0.12/webapps/docs
    • /home/tomcat_user/apache-tomcat-7.0.12/webapps/examples/
    • /home/tomcat_user/apache-tomcat-7.0.12/webapps/host-manager/
    • /home/tomcat_user/apache-tomcat-7.0.12/webapps/manager/
    • /home/tomcat_user/apache-tomcat-7.0.12/webapps/ROOT/
  4. changed permissions for files/directories under /home/tomcat_user/apache-tomcat-7.0.12:
    • 'chmod -R 750 bin conf lib webapps'
    • 'chmod 750 .'
    • 'chmod -R 770 logs temp work'
    • 'chmod 770 webapps/snapshot/images webapps/snapshot/internal'
  5. created webapps/snapshot/internal/ProducerAccess.xml from webapps/snapshot/internal/ProducerAccess.xml.raw
    • modified ProducerAccess.xml so that producers are limited to the following subnets:
      • 131.225.52.*
      • 131.225.53.*
      • 131.225.56.*
  6. created webapps/snapshot/internal/SnapshotProducer.jnlp from webapps/snapshot/internal/SnapshotProducer.jnlp.raw
    • modified SnapshotProducer.jnlp so that the hostname is set to novadaq-ctrl-datamon.fnal.gov:8083 (in two places!)
  7. changed all instances of "8080" to "8083" in /home/tomcat_user/apache-tomcat-7.0.12/conf/server.xml
  8. added the following lines to /home/tomcat_user/.bashrc:
    • export JAVA_HOME=/usr/java/latest
    • export JRE_HOME=$JAVA_HOME/jre
From the tomcat_runner account on novadaq-ctrl-datamon:
  1. added the following lines to /home/tomcat_runner/.bashrc:
    • export JAVA_HOME=/usr/java/latest
    • export JRE_HOME=$JAVA_HOME/jre
    • alias startTomcat="JRE_HOME=/usr/java/latest/jre; /home/tomcat_user/apache-tomcat-7.0.12/bin/startup.sh"
    • alias stopTomcat="JRE_HOME=/usr/java/latest/jre; /home/tomcat_user/apache-tomcat-7.0.12/bin/shutdown.sh"
  2. created a file called crontab.file in /home/tomcat_runner/.cron with the following contents:
    • @reboot JRE_HOME=/usr/java/latest/jre; /home/tomcat_user/apache-tomcat-7.0.12/bin/startup.sh
  3. installed this cron job with the following command:
    • crontab /home/tomcat_runner/.cron/crontab.file
  4. ran startTomcat
From the root account on novadaq-ctrl-datamon:
  1. tested which modules are currently compiled into the apache web server:
root@novadaq-ctrl-datamon bin]# pwd
/usr/local/apache2/bin
[root@novadaq-ctrl-datamon bin]# ./httpd -l
Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_dbm.c
  mod_authn_anon.c
  mod_authn_dbd.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_dbm.c
  mod_authz_owner.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_auth_digest.c
  mod_dbd.c
  mod_dumpio.c
  mod_reqtimeout.c
  mod_ext_filter.c
  mod_include.c
  mod_filter.c
  mod_substitute.c
  mod_deflate.c
  mod_log_config.c
  mod_log_forensic.c
  mod_logio.c
  mod_env.c
  mod_mime_magic.c
  mod_cern_meta.c
  mod_expires.c
  mod_headers.c
  mod_ident.c
  mod_usertrack.c
  mod_unique_id.c
  mod_setenvif.c
  mod_version.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_dav.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_info.c
  mod_cgi.c
  mod_dav_fs.c
  mod_vhost_alias.c
  mod_negotiation.c
  mod_dir.c
  mod_imagemap.c
  mod_actions.c
  mod_speling.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_so.c
  1. found that the proxy module is not include, so started a rebuild of apache
    • cd /root/apache2/httpd-2.2.16
    • head config.log (Here are the first N lines from the config.log file:)
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by configure, which was
generated by GNU Autoconf 2.65.  Invocation command line was

  $ ./configure --prefix=/usr/local/apache2 --enable-so --enable-cgi --enable-info --enable-rewrite --enable-speling --enable-usertrack --enable-deflate --enable-mime-magic --with-ssl --enable-ssl=shared --enable-setenvif --enable-modules=all
  1. continuing with the rebuild of apache...
    • ./configure --prefix=/usr/local/apache2 --enable-so --enable-cgi --enable-info --enable-rewrite --enable-speling --enable-usertrack --enable-deflate --enable-mime-magic --with-ssl --enable-ssl=shared --enable-setenvif --enable-modules=all --enable-proxy
    • make
    • make install
    • /etc/init.d/apache2 restart
  2. at this point, apache failed to restart
    • this was ultimately found to be caused by too many semaphores owned by novadaq
    • the error in the apache log mentioned "no space left on device", and Ron pointed out that that error is sometimes generated when no more semaphores can be created
    • after cleaning up the semaphores, we were able to restart apache
    • the source of the large number of stale semaphores is believe to be the online monitoring application
  3. here are the modules that are part of httpd after the build:
[root@novadaq-ctrl-datamon bin]# pwd
/usr/local/apache2/bin
[root@novadaq-ctrl-datamon bin]# ./httpd -l
Compiled in modules:
  core.c
  mod_authn_file.c
  mod_authn_dbm.c
  mod_authn_anon.c
  mod_authn_dbd.c
  mod_authn_default.c
  mod_authz_host.c
  mod_authz_groupfile.c
  mod_authz_user.c
  mod_authz_dbm.c
  mod_authz_owner.c
  mod_authz_default.c
  mod_auth_basic.c
  mod_auth_digest.c
  mod_dbd.c
  mod_dumpio.c
  mod_reqtimeout.c
  mod_ext_filter.c
  mod_include.c
  mod_filter.c
  mod_substitute.c
  mod_deflate.c
  mod_log_config.c
  mod_log_forensic.c
  mod_logio.c
  mod_env.c
  mod_mime_magic.c
  mod_cern_meta.c
  mod_expires.c
  mod_headers.c
  mod_ident.c
  mod_usertrack.c
  mod_unique_id.c
  mod_setenvif.c
  mod_version.c
  mod_proxy.c
  mod_proxy_connect.c
  mod_proxy_ftp.c
  mod_proxy_http.c
  mod_proxy_scgi.c
  mod_proxy_ajp.c
  mod_proxy_balancer.c
  prefork.c
  http_core.c
  mod_mime.c
  mod_dav.c
  mod_status.c
  mod_autoindex.c
  mod_asis.c
  mod_info.c
  mod_cgi.c
  mod_dav_fs.c
  mod_vhost_alias.c
  mod_negotiation.c
  mod_dir.c
  mod_imagemap.c
  mod_actions.c
  mod_speling.c
  mod_userdir.c
  mod_alias.c
  mod_rewrite.c
  mod_so.c
  1. added "rewrite" rules to /usr/local/apache2/htdocs/.htaccess. Here is what the file looks like after the additions:
AuthType Basic
AuthName "Usual NOvA user name and password (same as DocDB)" 
AuthUserFile /usr/local/apache2/auth/.htpasswd
Require valid-user
SSLRequireSSL
#
RewriteEngine On
RewriteRule ^snapshot/$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/ShowImageList.jsp [P]
RewriteRule ^snapshot/index.html$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/ShowImageList.jsp [P]
RewriteRule ^snapshot/internal/$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/internal/ [P]
RewriteRule ^snapshot/(.*)$ http://novadaq-ctrl-datamon.fnal.gov:8083/snapshot/$1 [P]
  1. created a /usr/local/apache2/htdocs/snapshot directory
  2. created a dummy /usr/local/apache2/htdocs/snapshot/index.html file
  3. created a /usr/local/apache2/htdocs/snapshot/internal directory
  4. restarted apache one more time (not really needed since the .htaccess file seems to be picked up immediately)
Reference:
  1. suggestions for changing Tomcat directory permissions appropriately (http://books.google.com/books?id=bgMKmsXVbTAC&pg=PA225&lpg=PA225&dq=how+to+run+tomcat+from+a+separate+account&source=bl&ots=tpCIODlq_3&sig=R9eHJYa9c0VwdFdS3wlHu9gKPgw&hl=en&ei=T6fBTaXCJcHY0QGs-_G3Cg&sa=X&oi=book_result&ct=result&resnum=1&ved=0CBYQ6AEwAA#v=onepage&q=how%20to%20run%20tomcat%20from%20a%20separate%20account&f=false)