Tomcat multi instance manual config

Get Tomcat to follow links:

### cd /var/lib/tomcat7/webapps/QBW-FrontPage/META-INF

### ls -l
-rw-r–r– 1 root root 89 Feb 4 00:22 context.xml
### vi context.xml
<?xml version='1.0' encoding='utf-8'?>
<Context reloadable="true" allowLinking="true" />

Needed for: QBW-FrontPage.war (435.41 kb)

Tomcat

Tomcat is actually very simple install. It is a matter of extracting the files in a location, modifying a few scripts, and running the startup scripts. For those who are not 100% familiar with how tomcat works, it sets up using the environment variables of the user that is executing the startup script.

Create “tomcat” Group & User

First things first, what we would like to do, is create a new user called tomcat and make it impossible for it to logon.

sudo groupadd tomcat

Now you have to create a new user called “tomcat” (useradd tomcat) who belongs to the group “tomcat” (-g tomcat) and cannot login –s /usr/sbin/nologin. You also should set the home directory of that user to the directory where you moved the Tomcat server in the previous step. In this case that would be “/usr/local/tomcat” (-d /usr/local/tomcat). So you should end up with a statement that looks something like this:
sudo useradd -g tomcat -s /usr/sbin/nologin -m -d /usr/local/tomcat tomcat

3. Now you should also add the user to the “www-data” group. This group should already exist. You do that by executing the following command:

sudo usermod -G www-data tomcat

4. Create INIT File for Tomcat

Now you should create an INIT-File that makes it possible to start, stop and restart your Tomcat Server. This file must be located in your “/etc/init.d/” directory. You can use the following command to create a file called “tomcat” and open up that file in an editor (I used nano).

sudo vi /etc/init.d/tomcat8x0

Now you should add the following lines into the file an save it:

#Tomcat auto-start

#description: Auto-starts tomcat

#processname: tomcat

#pidfile: /var/run/tomcat.pid

#this path should point to your JAVA_HOME Directory

#####export JAVA_HOME=/usr/lib/jvm/java-6-sun

case $1 in

start)

sh /opt/tomcat7/8×0/bin/startup.sh

;;

stop)

sh /opt/tomcat7/8×0/bin/shutdown.sh

;;

restart)

sh /opt/tomcat7/8×0/bin/startup.sh

sh /opt/tomcat7/8×0/bin/shutdown.sh

;;

esac

exit 0

Make sure you set the right paths for the startup.sh and shutdown.sh scripts. They reside in the /bin directory of your tomcat path (use the path to which you moved the tomcat files in step 2).

5. Adjust Permissions of INIT File

Since you have to execute the tomcat file, you have to assign the correct rights for the file to be executable.
This line should do the trick:

sudo chmod 755 /etc/init.d/tomcat8x0

6. Make Tomcat auto-start on boot (optional)

If you want the Tomcat Server to start every time the system boots up you can use the “update-rc.d” command to set a symbolic link at the correct runlevel. For the “tomcat fle” this looks like this:

sudo update-rc.d tomcat8x0 defaults

You can remove the autostart with the following command: sudo update-rc.d -f tomcat8x0 remove

Now the Tomcat Server starts automatically at system bootup. This step is optional you can always start your Tomcat Server manually like this:

sudo /etc/init.d/tomcat8x0 start

If we have already installed on another server, lets use SCP

Dest server: sudo chmod 777 /opt

Source server: sudo scp -r /opt/tomcat7 davidq@tomcat-02:/opt

Dest server: sudo chmod 755 /opt

IF scp was used….. (SET JMX HOST NAME)……Skip to section: Change the owner

Download the gz

mkdir ~/download

cd ~/download

wget http://apache.mirrors.tds.net/tomcat/tomcat-7/v7.0.35/bin/apache-tomcat-7.0.35.tar.gz

Now lets extract the files. Remember, our files are in the folder /download

tar -xf ​apache-tomcat-7.0.35.tar.gz

Copy them to the /opt folder

sudo cp -rf ~/download/apache-tomcat-7.0.35/* /opt/tomcat7/

sudo rm /opt/tomcat7/bin/*.bat

For every instance, we need to copy the folder over. For this exercise, we will create 2 instances:

sudo cp -rf /opt/tomcat7 /opt/tomcat7/8×0

sudo vi /opt/tomcat7/8×0/webapps/ROOT/index.jsp

replace:

<h1>${pageContext.servletContext.serverInfo}</h1>

With

<h1>${pageContext.servletContext.serverInfo} : <font color="red">Instance 8×0</font></h1>

Now we need to modify the startup and shutdown scripts. In order to do so, lets go into the bin folder of each instance.

cd /opt/tomcat7/8×0/bin

In this folder will be startup.sh and shutdown.sh scripts. We need to modify these scripts to include the right environmental parameters. Add these commands to the startup.sh script:

#export JAVA_HOME=/usr/java/jdk1.7.0_07

#export JAVA_HOME=/usr/bin/java
​#export PATH=$JAVA_HOME/bin:$PATH
​export BASEDIR=/opt/tomcat7/810
​export CATALINA_BASE=/opt/tomcat7/810
​export CATALINA_HOME=/opt/tomcat7/810

and enable JMX

export JAVA_OPTS="-Dcom.sun.management.jmxremote.port=810x

-Dcom.sun.management.jmxremote.ssl=false

-Dcom.sun.management.jmxremote.authenticate=false

-Djava.rmi.server.hostname=192.168.1.8x"

or secured

export JAVA_OPTS="-Dcom.sun.management.jmxremote.port=8×09

-Djava.rmi.server.hostname=192.168.1.xx

-Dcom.sun.management.jmxremote.ssl=false

-Dcom.sun.management.jmxremote.authenticate=true

-Dcom.sun.management.jmxremote.password.file=/opt/tomcat7/jmxremote.password

-Dcom.sun.management.jmxremote.access.file=/opt/tomcat7/jmxremote.access

"

sudo vi /opt/tomcat7/jmxremote.access

#monitorRole readonly

#controlRole readwrite

username readwrite

sudo vi /opt/tomcat7/jmxremote.password

#monitorRole tomcat

#controlRole tomcat

username password

Or we can modify the ENVIRONMENT variables???

Now we define the environment variables JAVA_HOME and JRE_HOME. This file is in the "environment" in / etc. Command to edit the file:

sudo gedit /etc/environment


Here we record the routes where we have installed Java in my case this is as follows:

JAVA_HOME="/usr/local/jdk1.6.0_23"

JRE_HOME="/usr/local/jdk1.6.0_23/jre"

PATH="…(other path):$JAVA_HOME:$JRE_HOME"

How your script should look with the script modifications.

​Once done, do the same for the shutdown script (shutdown.sh).

Next, in the conf folder, we need to modify the server.xml file to modify the server ports used for tomcat. This is how we do it:

There are two ports needed: (1) the actual http port and (2) the shutdown port. For every instance we will create, these ports need to be different (Later we will see how to use the same ports with another method).

For our first instance, we can leave the defaults, 8080 and 8001. For the next instance, we will change the ports. (I like to add a 100 to the default which means 8180 and 8101 for the second port)

​​Configuring the shutdown port from 8005 to 8101 in server.xml

​Configuring the http port from 8080 to 8180 in server.xml

Change the owner of the folders to the group tomcat and the user tomcat:

sudo chown -R tomcat:tomcat /opt/tomcat7

Now to run the instance of Tomcat, lets execute the script as the user tomcat:

cd /opt/tomcat7/8×0/bin

su -p -s /bin/sh tomcat startup.sh

Lets check out our separate tomcat instances:

http://ipaddress-of-server:8101/

<role rolename="manager-script"/>

<role rolename="manager-jmx"/>

<role rolename="manager-status"/>

<role rolename="manager-gui"/>

<role rolename="admin-gui"/>

<role rolename="admin-script"/>

<user username="user" password="password" roles="manager-gui,manager-script,manager-jmx,manager-status,admin-gui,admin-script"/>

Autostart after boot

http://linuxphile.org/node/7

JMX (more reading)

http://tomcat.apache.org/tomcat-5.5-doc/monitoring.html#Enabling_JMX_Local

http://www.mulesoft.com/tomcat-jmx#.URFKkYJopec

HAProxy

I mentioned earlier that there is a way to have all your instances of Tomcat to respond on the same http port. We can achieve this using a server called HAProxy. HAProxy is an open source load balancer that you can use to redirect http requests to web servers that are using different ports. For a full breakdown of the configuration, please read my post on HAProxy here.


Subversion

Subversion

Patch the system:

pico /etc/apt/sources.list
deb http://ro.archive.ubuntu.com/ubuntu hoary universedeb-src http://ro.archive.ubuntu.com/ubuntu hoary universe
Installing

Install the required packages, running the following command:

apt-get install libapache2-svn subversion subversion-tools

Creating your repository

Run as root:

cd /home
mkdir /home/svn
chown www-data:tomcat6 /home/svn
su www-data -c "svnadmin create /home/svn/src"

Your repository will live in /home/svn/src.

Note that if you let your users run things as www-data (eg. they can install CGI applications) they will be able to write to your repository!

Configure Apache

Become root again and add the following lines to our apache configuration (ssl), inside of the VirtualHost declaration.


$pico /etc/apache2/mods-enabled/dav_svn.conf

<Location /svn/src>
DAV svn
SVNPath /home/svn/src
AuthType Basic
AuthName "QBW Subversion Repository"
AuthUserFile /home/svn/.dav_svn.passwd
Require valid-user
</Location>

If you don't want to use passwords for read-only access, use this instead of the Require valid-user line:

  <LimitExcept GET PROPFIND OPTIONS REPORT>
    Require valid-user
  </LimitExcept>

Once you've applied these changes,

  • Restart apache2 /etc/init.d/apache2 restart
  • Create some users

    Add an user with the following command:

    su www-data -c "htpasswd -c -m /home/svn/.dav_svn.passwd user"
    

    The -c is only required the first time you run this command, in order to create the passwords' file. Subsequent runs won't require it:

    su www-data -c "htpasswd -m /home/svn/.dav_svn.passwd user"
    

    Note that the passwd file does not need to be created as www-data. It can be created as root, for example. However, it must be visible by www-data.

    In the meantime htpasswd had changed – htpasswd will do it (apache2 – Version: 2.2.4-1 on Debian apache2-utils_2.2.4-1_i386.deb)

    Using your browser. Load https://hostname/svn/src/ in your browser. Replace hostname with your host name or ip. You will get something like:

    Revision 0: /Powered by Subversion version 1.1.3 (r12730).
    

    Import your initial data:

    svn --username user import src https://localhost/svn/src -m "initial import"Authentication realm: <https://localhost:443> My Subversion RepositoryPassword for 'user':Adding         src/checkersAdding         src/checkers/trunkAdding         src/checkers/trunk/gendelta.plAdding         src/checkers/siteAdding         src/checkers/branchesAdding         src/checkers/tags
    
    Committed revision 1.
    

    Now load your URL in your browser again and make sure you can browse what you imported:

    - checkers/Powered by Subversion version 1.1.3 (r12730).
    

    backup/restore repository

    sudo su
    

    backup repo

    $ svnadmin dump /media/shares/svn > /media/backup/svn.dump
    
    WIN CMD: svnadmin dump d:\QBW_Subversion\repository > d:\QBW_Subversion\svn.dump
    

    create a new repo

    mkdir src2
    
    chown www-data:tomcat6 src2
    
    svnadmin create /home/svn/src2
    

    restore to a new repo

    svnadmin load --force-uuid /home/svn/src2 < /var/svn.dump
    
    mv /home/svn/src /home/svn/src_old
    
    mv /home/svn/src2 /home/svn/src
    

    Restoring from Backups (svn.qbytesworld.info) webfactions

    Backups can be restored with the svnadmin‘s load command. To restore a backup:

    1. Open an SSH session to your account.

    2. Switch to the directory of a new Subversion application. Entercd ~/webapps/svn, where svn is the name of the Subversion application as it appears in the control panel, and press Enter.

    3. Enter svnadmin load . < dump_file where dump_file is the path to the backup, and press Enter.

    Note

    To prevent your restoration from being stopped for excessive processor utilization (particularly for repositories with many commits or a large total file size), prefix the svnadmin command with the nice command for deference to other processes:

    nice -n 19 svnadmin load . < dump_file

    MVN setup???


    Alias /maven/ "/home/davidq/"
    
    <Location /home/davidq>
    
      AuthType Basic
    
      AuthName "QBW Maven Repository"
    
      AuthUserFile /home/svn/.dav_svn.passwd
    
      Require valid-user
    
      SSLRequireSSL
    
    </Location>
    

    SVN BOOK

    http://svnbook.red-bean.com/
    

    Setup OpenSSH Server on Ubuntu Linux

    This is only needed if you did not install as part of setup.

    Run this command from a terminal window:

    $ sudo apt-get install ssh

    To test that it’s working, you can try to ssh into your own machine:

    > ssh localhost

    The authenticity of host ‘localhost (127.0.0.1)’ can’t be established.
    RSA key fingerprint is 98:8a:b8:b2:9e:8a:84:e0:d4:08:27:fb:74:f0:de:d4.
    Are you sure you want to continue connecting (yes/no)?

    Looks like it’s working! Naturally our ssh client doesn’t have the key for the server, since we just installed it. You can type yes to continue or just hit Ctrl-C to stop.

    Hudson on Ubuntu as Service

    On Debian-based distributions, such as Ubuntu, you can install Hudson through apt-get.

    Recent versions are available in http://hudson-ci.org/downloads/debian/

    Installation
    $ sudo sh -c "echo 'deb http://hudson-ci.org/debian binary/' > /etc/apt/sources.list.d/hudson.list"
    $ sudo apt-get update
    $ sudo apt-get install hudson

    Upgrade


    $ sudo apt-get update
    $ sudo apt-get safe-upgrade


    What does this package do?


    Hudson will be launched as a daemon up on start. See /etc/init.d/hudson for more details.
    The 'hudson' user is created to run this service.
    Log file will be placed in /var/log/hudson/hudson.log. Check this file if you are troubleshooting Hudson.
    /etc/default/hudson will capture configuration parameters for the launch.

    Where to go from here?


    Try Hudson locally : http://localhost:8080 and install whatever plugins and more you need.
    You might want to make Hudson visible through Apache, to make it available on port 80 (for example, http://myserver/hudson/ instead of http://myserver:8080/). See this blog for more details

    Samba Shares


    Install Samba Server on Ubuntu

    information via: http://www.howtogeek.com/howto/ubuntu/install-samba-server-on-ubuntu/

    If you want to share files between your Ubuntu and Windows computers, your best option is to use Samba file sharing.

    To install, first open a terminal window and enter the following command:

    sudo apt-get install samba smbfs

    We’ve got samba installed, but now we’ll need to configure it to make it accessible. Run the following command to open the configuration file, substituting your editor of choice:

    sudo pico /etc/samba/smb.conf

    Find this section in the file:

    ####### Authentication #######

    # “security = user” is always a good idea. This will require a Unix account
    # in this server for every user accessing the server. See
    # /usr/share/doc/samba-doc/htmldocs/Samba-HOWTO-Collection/ServerType.html
    # in the samba-doc package for details.
    ; security = user

    Uncomment the security line, and add another line to make it look like this:

    security = user
    username map = /etc/samba/smbusers

    This will set Samba to use the smbusers file for looking up the user list.

    Finallly, add these two lines to your smb.conf:

    [global]

    null passwords = yes
    map to guest = Bad User

    The first tells Samba that null passwords are OK. The second that non-recognized users (which is what any user who doesn't have an account on your Ubuntu box will be) should be silently mapped to Guest (nobody).

    This allows a non-authenticated Windows box to list the shares advertised as browseable by Samba. When the user attempts to connect to a share, Samba evaluates their credentials (in this case, Guest), and either allows them access, or prompts for a new user name/password. You can also always prevent shares from being listed by marking them as browseable = no.

    You do sacrifice a little security for this convienince: anyone with access to your Samba server can now list your browesable shares and connect to any share that allows guest access. Samba isn't designed to face the Internet so all the normal rules for not doing that still apply. See the much more extensive Samba HOWTO (http://ubuntuforums.org/showthread.php?t=202605) for Ubuntu for general setup.

    Next make sure that nobody is enabled in Samba's backend:

    • $ sudo smbpasswd -n nobody
    • $ sudo smbpasswd -e nobody

    The first command creates the nobody account with a null password. The second enables this account. See this bug report (https://bugs.launchpad.net/ubuntu/+source/samba/+bug/39717) for more information. It took me awhile to track that down, but if I knew what I was doing it might have been faster. 😉

    System user must be created first

    :information via: http://ubuntuforums.org/showthread.php?t=839414


    $ sudo useradd USERNAME –shell /bin/false

    This assumes you create the SHARES folder and it is not the normal Linux /home.

    Here's what I do to create and authorize each user of the SAMBA shares:

    In, for example, the /home directory… to add a user called "USERNAME":

    • $ cd /shares/users
    • $ sudo mkdir USERNAME
    • $ sudo useradd -d /shares/users/USERNAME -s /bin/false -r USERNAME
    • $ sudo passwd USERNAME (then enter new UNIX password twice)
    • $ sudo smbpasswd -a USERNAME (then enter new SMB password twice)
    • $ sudo chown USERNAME USERNAME
    • $ sudo chgrp USERNAME USERNAME

    Repeat for each user you wish to add to SAMBA.


    System nobody must be enabled:


    information via: http://ubuntuforums.org/archive/index.php/t-490168.html
    For your shares that you want public users to access. But it still doesn't work. Check your /etc/shadow file with sudo cat /etc/shadow to see if you have a nobody account. You should.

    Create a Samba User

    There are two steps to creating a user. First we’ll run the smbpasswd utility to create a samba password for the user.

    sudo smbpasswd -a <username> Completed above

    Next, we’ll add that username to the smbusers file.

    sudo gedit /etc/samba/smbusers

    Add in the following line, substituting the username with the one you want to give access to. The format is <ubuntuusername> = “<samba username>”. You can use a different samba user name to map to an ubuntu account, but that’s not really necessary right now.

    <username> = “<username>”

    Now you can create samba shares and give access to the users that you listed here.

    You may want the graphical version (don't know how it works yet)

    Installing Samba Server confiuration tool:information via:http://www.unixmen.com/linux-tutorials/1060-how-to-configure-samba-using-a-graphical-interface-in-ubuntu

    If on desktop Ubuntu or wish to have web interface


    Now install the graphical interface System-config samba ( part may already be installed)


    sudo apt-get install samba samba-common

    sudo apt-get install system-config-samba

    SWAT:From the application screen, install swat, Sambe Web Admin Tool (not a hugh, help but does with validation)
    Access via: http://localhost:901/
    Share Ubuntu Home Directories using Sambainformation via: http://www.howtogeek.com/howto/ubuntu/share-ubuntu-home-directories-using-samba/
    Samba Server allows you to share the home directories of users automatically. This can be useful so that you don’t have to manually create every share for every user.

    First, make sure that you’ve installed Samba server.

    Share directories

    To share the home directories, open up smb.conf with the following command:

    sudo gedit /etc/samba/smb.conf

    uncomment lines refering to CDROM

    sudo gedit /etc/fstab
    /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0


    Find this section of the file, and make it match the following:

    Share Definitions

    # Un-comment the following (and tweak the other settings below to suit)
    # to enable the default home directory shares. This will share each
    # user’s home directory as \\server\username
    [homes]
    comment = Home Directories
    browseable = yes

    # By default, \\server\username shares can be connected to by anyone
    # with access to the samba server. Un-comment the following parameter
    # to make sure that only “username” can connect to \\server\username
    valid users = %S

    # By default, the home directories are exported read-only. Change next
    # parameter to ‘yes’ if you want to be able to write to them.
    writable = yes

    Always remember to test:

    $ sudo pico /etc/samba/smb.conf
    $ testparm
    Restart:

    $ sudo restart smbd
    $ sudo restart nmbd


    Validate:Check to see if the shares are present:

    apt-get install smbclient

    smbclient -L localhost


    Now you should be able to map a drive on windows using the following share format:

    \\ubuntumachine\username

    For example, if the Ubuntu machine is named ubuntuserv, and the username is geek, your share path would be \\ubuntuserv\geek


    Samba documentation:http://us5.samba.org/samba/docs/man/manpages-3/smb.conf.5.html
    Directory/File Mask
    http://www.cyberciti.biz/tips/understanding-linux-unix-umask-value-usage.html
    Create shares:Shares should be in the /srv directory structure:
    /srv/share/public
    # A publicly accessible directory, that can be read from

    browseable = Yes
    [public-read]
    comment = Guest access share
    path = /srv/shares/public
    read only = yes
    locking = yes
    guest ok = yes
    public = Yes
    available = yes
    writable = no
    browseable = Yes
    ;[public]
    ; comment = %h Shared Public Directory
    ; path = /srv/shares/public
    ; force directory mode = 0777
    ; force create mode = 0777
    ; force group = nobody
    ; force user = nobody
    ; public = yes
    ; writeable = yes
    ; read only = no

    (0) cd /srv
    (1) sudo mkdir shares
    (2) sudo chown -R nobody.nogroup /srv/shares
    (3.1)
    or (3.2) sudo chmod -R 0777 /srv/shares
    (4) sudo mkdir public
    (5) ls -l (to validate)

    Un-install

    if things go bad: $ sudo apt-get –purge remove smbfs
    $ sudo apt-get –purge remove samba
    –purge deletes all files not just the app.
    also remove SWAT
    SAMBA
    https://bbs.archlinux.org/viewto[pic.php?id=45423

    http://www.howtogeek.com/howto/ubuntu/share-ubuntu-home-directories-using-samba/
    http://www.ubuntugeek.com/howto-setup-samba-server-with-tdbsam-backend.html
    My /etc/samba/smb.conf file for reference:smb.conf (15.22 kb)

    fstab (774.00 bytes)

    smb.conf.save.zip (14.99 kb)

    [A_KYC_PROD]
    comment = KYC PROD SAMBA
    browseable = yes
    writable = yes
    path = /data/samba/kyc
    guest ok = no
    vfs objects = full_audit
    full_audit:failure = none
    full_audit:success = mkdir rename unlink rmdir open pwrite
    full_audit:prefix = %u|%I|%m|%S
    full_audit:facility = LOCAL7
    full_audit:priority = NOTICE


    Tag Cloud