Sunday, December 26, 2010

Tomcat Oracle JDBC Connection using JNDI Resource

This post will cover connecting your Tomcat web application to Oracle via JDBC using Tomcat's JNDI emulation ability.

We'll be creating this example using Tomcat 6.0.29 on CentOS 5.5

In our example, we'll create a connection for an application in the Tomcat/webapps/ROOT directory.

We'll also do the same for an application in a directory other than ROOT (e.g. Tomcat/webapps/myapp).

In our examples below, I have installed Tomcat at /usr/share/apache-tomcat-6.0.29.

Adjust this to your Tomcat installation as required.

First, let's create a simple test table in Oracle.

CREATE TABLE  DEMO_CUSTOMERS 
   (    CUSTOMER_ID NUMBER, 
    CUST_FIRST_NAME VARCHAR2(20), 
    CUST_LAST_NAME VARCHAR2(20) 
    
   )

Now, let's populate it with some data.

INSERT INTO DEMO_CUSTOMERS VALUES (1, 'John ', 'Dulles');
INSERT INTO DEMO_CUSTOMERS VALUES (2, 'William ', 'Hartsfield');
INSERT INTO DEMO_CUSTOMERS VALUES (3, 'Edward', 'Logan');
INSERT INTO DEMO_CUSTOMERS VALUES (4, 'Edward "Butch"', 'OHAare');
INSERT INTO DEMO_CUSTOMERS VALUES (5, 'Fiorello', 'Lambert');
INSERT INTO DEMO_CUSTOMERS VALUES (6, 'Albert', 'Hartsfield');
INSERT INTO DEMO_CUSTOMERS VALUES (7, 'Eugene', 'Bradley');


1. Download the required drivers

You will need to download the required Oracle JDBC drivers from the OTN

Both ojdbc6.jar and ojdbc14.jar will work for this example.

Additionally, since I will be using JSP Standard Tag Library (or JSTL), I will also need to download standard.jar and jstl.jar, which you can download here.


2. Move the drivers above to: /usr/share/apache-tomcat-6.0.29/lib

[root@sv2 ~]# mv ojdbc14.jar /usr/share/apache-tomcat-6.0.29/lib/ojdbc14.jar
[root@sv2 ~]# mv standard.jar /usr/share/apache-tomcat-6.0.29/lib/standard.jar
[root@sv2 ~]# mv jstl.jar /usr/share/apache-tomcat-6.0.29/lib/jstl.jar

By placing the drivers in the TOMCAT_HOME/lib directory, we are making them available to all applications.

3. Create the JDBC JNDI resource for our default context 

Since we are using the ROOT directory, we will be using /usr/share/apache-tomcat-6.0.29/conf/context.xml.

Add the following:

<Resource name="jdbc/oradb"
          auth="Container"
          type="javax.sql.DataSource"
          driverClassName="oracle.jdbc.OracleDriver"
          url="jdbc:oracle:thin:@host:1521:sid"
          username="username"
          password="password"
          maxActive="20"
          maxIdle="30"
          maxWait="-1"
/>

Replace the url, username, and password above with your own.

I've used 'oradb' as my resource name. You can use whatever you like.

For an explanation of maxActive, maxIdle, and maxWait, and other attributes, please see the Context Configuration section of the Tomcat JNDI Datasource HOW-TO


4. Add a Resource-Ref to our web.xml file. 

Again, we are using the ROOT directory so we'll add our resource-ref to /usr/share/apache-tomcat-6.0.29/webapps/ROOT/WEB-INF/web.xml


jdbc/oradb
javax.sql.DataSource
Container

5. Create a JSP page to test our set up. 

I'll call the file mytest.jsp and place it into the ROOT directory (/usr/share/apache-tomcat-6.0.29/webapps/ROOT)


<%@ taglib uri="http://java.sun.com/jsp/jstl/sql" prefix="sql" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>

  <html>
  <head>

    
       select * from DEMO_CUSTOMERS
    

  </head>
  <body>
    <h1>Testing JDBC JINDI Oracle</h1>
    <table width='500' border='1'>
      <tr>
        <th align='left'>Customer Id</th>
        <th align='left'>Customer First Name</th>
        <th align='left'>Customer Last Name</th>
      </tr>
      <c:forEach var="democusts" items="${democusts.rows}">
        <tr>
           <td> ${democusts.CUSTOMER_ID}</td>
           <td> ${democusts.CUST_FIRST_NAME} </td>
           <td> ${democusts.CUST_LAST_NAME} </td>
       </tr>
      </c:forEach>
    </table>
  </body>
  </html>


Now start (or restart) Tomcat to allow it to read the changes to our configuration files

[root@sv2 ~]# service tomcat start
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.29
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.29
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.29/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_23
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.29/bin/bootstrap.jar 


We can now navigate to http://YourDomain.com:8080/mytest.jsp and we should see the following:




6. Locations when using directory outside of ROOT. 

If you web application does not live in the ROOT directory, you can apply the above to using the following locations within your application.

For an application called "MyApp", for example, you could use the following locations.

JDBC JNDI Resource: Webapps>MyApp>META-INF/context.xml

Resource-Ref: Webapps>MyApp>WEB-INF/web.xml

Drivers: Webapps>MyApp>WEB-INF/lib/{ojdbc14.jar, standard.jar, jstl.jar}

If any of the directories or files above do not exist, you will need to create them.

Again, you can leave the drivers under Tomcat/lib if you want them to be available to all applications.


For more information, see Apache Tomcat JNDI Datasource HOW-TO


Related Posts:
Install Tomcat 6 on CentOS
Tomcat Manager Password
Tomcat Custom 404 Page

Thursday, December 23, 2010

Install GlassFish 3 on CentOS

This post will cover installing GlassFish 3.0.1 on CentOS 5.x.

We'll also see how to run GlassFish as a service, how to access the Admin Console, and how to run GlassFish under a minimally privileged user.

GlassFish 3.0.1 is available two editions.

GlassFish Server Open Source Edition 3.0.1 (free) and Oracle GlassFish Server 3.0.1 (supported and requires paid subscription).

I installed both using the same process below on CentOS 5.5.

This post is intended to get a basic installation of GlassFish 3.0.1 up and running. Please consult the documentation.

If you do not already have the Java Development Kit (JDK) installed on your machine, you will need to download and install the required JDK for your platform.

If you do have the JDK installed, you can skip to: Step 2: Download and Install the GlassFish 3.0.1 Server:


Step 1: Install the JDK

You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

I'm using the latest, which is JDK 6, update 24. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.

If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

[root@sv2 ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin

Create the directory /usr/java.

[root@sv2 ~]# mkdir /usr/java

Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u24-linux-x64.bin'

[root@sv2 ~]# cd /usr/java
[root@sv2 java]# sh /opt/jdk-6u24-linux-x64.bin


Set the JAVA_HOME path. This is where we installed the JDK above.

To do this for your current session, you can issue the following:

[root@sv2 java]# JAVA_HOME=/usr/java/jdk1.6.0_24
[root@sv2 java]# export JAVA_HOME
[root@sv2 java]# PATH=$JAVA_HOME/bin:$PATH
[root@sv2 java]# export PATH

To set the JAVA_HOME for users, we add this to the user ~/.bashrc or ~/.bash_profile of the user. We can also add it /etc/profile and then source it to give to all users.

JAVA_HOME=/usr/java/jdk1.6.0_24 
export JAVA_HOME 
PATH=$JAVA_HOME/bin:$PATH 
export PATH

Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

[root@sv2 ~]#  echo $JAVA_HOME
/usr/java/jdk1.6.0_24



Step 2: Download and Install the GlassFish 3.0.1 Server:

You can download both the GlassFish Server Open Source Edition 3.0.1 and Oracle GlassFish Server 3.0.1 at http://glassfish.java.net/

Once you have downloaded the desired file, move (mv) or copy (cp) the file to /usr/share/glassfish-3.0.1.zip (or /usr/share/ogs-3.0.1.zip for Oracle GlassFish).

[root@sv2 ~]# mv glassfish-3.0.1.zip /usr/share/glassfish-3.0.1.zip

Change to the /usr/share directory and unzip the file:

[root@sv2 ~]# cd /usr/share
[root@sv2 share]# unzip -q glassfish-3.0.1.zip

The unzip will create the following directory: /usr/share/glassfishv3

Note: Both GlassFish editions will create the same directory when unzipped: glassfishv3

At this point, we should be able to start and stop GlassFish using:

/usr/share/glassfishv3/glassfish/bin/asadmin start-domain domain1

and

/usr/share/glassfishv3/glassfish/bin/asadmin stop-domain domain1

Start GlassFish:

[root@sv2 share]# /usr/share/glassfishv3/glassfish/bin/asadmin start-domain domain1
Waiting for DAS to start ...
Started domain: domain1
Domain location: /usr/share/glassfishv3/glassfish/domains/domain1
Log file: /usr/share/glassfishv3/glassfish/domains/domain1/logs/server.log
Admin port for the domain: 4848
Command start-domain executed successfully.
[root@sv2 share]#

Stop GlassFish:

[root@sv2 share]# /usr/share/glassfishv3/glassfish/bin/asadmin stop-domain domain1
Waiting for the domain to stop ....
Command stop-domain executed successfully.
[root@sv2 share]#

Note: If you did not set the JAVA_HOME and PATH for the user you are logged in as, or for your current session, when you attempt to start the GlassFish server it will complain it cannot find Java with the following:

error: /usr/share/glassfishv3/glassfish/bin/asadmin: line 19: exec: java: not found



Step 3: Running GlassFish as a Service.

To run GlassFish as a service and enable start up at boot, we'll now create a Start/Stop/Restart script.

We'll create the script as /etc/init.d/glassfish, make the script executable, and then add our new glassfish service to chkconfig.

Create our glassfish script:

[root@sv2 ~]# cd /etc/init.d
[root@sv2 init.d]# vi glassfish

#!/bin/bash
# description: Glassfish Start Stop Restart
# processname: glassfish
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
GLASSFISH_HOME=/usr/share/glassfishv3/glassfish

case $1 in
start)
sh $GLASSFISH_HOME/bin/asadmin start-domain domain1
;;
stop)
sh $GLASSFISH_HOME/bin/asadmin stop-domain domain1
;;
restart)
sh $GLASSFISH_HOME/bin/asadmin stop-domain domain1
sh $GLASSFISH_HOME/bin/asadmin start-domain domain1
;;
esac
exit 0


If you do not set the JAVA_HOME and PATH in the GlassFish script, when you attempt to start the GlassFish server it will complain it cannot find Java with the following:

error: /usr/share/glassfishv3/glassfish/bin/asadmin: line 19: exec: java: not found

Now, make the script executable and add it to our chkconfig so it starts at boot.

[root@sv2 init.d]# chmod 755 glassfish
[root@sv2 init.d]# chkconfig --add glassfish
[root@sv2 init.d]# chkconfig --level 234 glassfish on


We should now be able to Start, Stop, and Restart GlassFish as a service.

Start GlassFish:

[root@sv2 init.d]# service glassfish start
Waiting for DAS to start .....
Started domain: domain1
Domain location: /usr/share/glassfishv3/glassfish/domains/domain1
Log file: /usr/share/glassfishv3/glassfish/domains/domain1/logs/server.log
Admin port for the domain: 4848
Command start-domain executed successfully.

Stop GlassFish:

[root@sv2 init.d]# service glassfish stop
Waiting for the domain to stop ....
Command stop-domain executed successfully.


Step 4: Access GlassFish Admin Console.

You should now be able to access the GlassFish Admin Console at:

http://yourdomain.com:4848 or http://yourip:4848



On accessing the GlassFish Admin Console for the first time, you will find that no user name or password is required.

Previous to 3.0.1, a default password 'adminadmin' was used.

You can set (or change) the admin password within the GlassFish Admin console.

1. Click "Enterprise Server" on the tree.

2. Click the Administrator Password tab.

3. Enter and confirm your password and click Save.


The first password save will create a file,.asadminpass, in the home directory of the user you are running the service under.

Alternatively, you can set the admin password via the CLI using.

[root@sv2 bin]# $GLASSFISH_HOME/bin/asadmin change-admin-password
Enter admin user name [default: admin]>
Enter admin password>
Enter new admin password>
Enter new admin password again>

Command change-admin-password executed successfully.
[root@sv2 bin]#

Note: to make using the CLI easier, I've added the following lines to my ~/.bashrc (or ~/.bash_profile):

GLASSFISH_HOME=/usr/share/glassfishv3/glassfish
export GLASSFISH_HOME

So your ~/.bashrc or ~/.bash_profile will look like this:

JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
GLASSFISH_HOME=/usr/share/glassfishv3/glassfish
export GLASSFISH_HOME


As you can see above, I can now use $GLASSFISH_HOME rather than the full path of /usr/share/glassfishv3/glassfish.


Step 5: Running GlassFish with Minimally Privileged (non-root) User.


Since I am installing this on my development machine, I am running GlassFish as root above.

In production, you will want to run GlassFish as a non-root user with minimal privileges.

To do this, we can need to the following.

1. Create the user, glassfish, who will own the files.

Create the new group, glassfish, and add the user glassfish to the group:

[root@sv2 ~]# groupadd glassfish
[root@sv2 ~]# useradd -s /bin/bash -g glassfish glassfish


2. Change ownership of the GlassFish files to the user glassfish we created.

We'll change ownership of the files under /usr/share/glassfishv3 from root to the user glassfish we created above:

[root@sv2 ~]# chown -Rf glassfish.glassfish /usr/share/glassfishv3/


3. Update our glassfish script.

Finally, we update the glassfish start/stop/restart script we created above so we su to user glassfish:

#!bin/bash
# description: Glassfish Start Stop Restart
# processname: glassfish
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
GLASSFISH_HOME=/usr/share/glassfishv3/glassfish
GLASSFISH_USER=glassfish

case $1 in
start)
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin start-domain domain1"
;;
stop)
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin stop-domain domain1"
;;
restart)
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin stop-domain domain1"
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin start-domain domain1"
;;
esac
exit 0


Step 6: Running GlassFish on Port 80 as Non-Root User.

To run services below port 1024 as user other than root, you will need to use port forwarding.

You can do this by adding the following to your IP tables:

[root@sv2 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
[root@sv2 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080


Note: GlassFish 3.1 has now been released. For GlassFish 3.1 installation, you can view my tutorial here:
http://www.davidghedini.com/pg/entry/install_glassfish_3_1_on
It is basically the same procedure as GlassFish 3.0.1, with some minor changes.


GlassFish Quick Start Guide

http://glassfish.java.net/

Oracle GlassFish Docs

Saturday, October 30, 2010

Tomcat Custom 404 Page

This post will cover creating a custom 404 Error page for Tomcat.


By default, if a requested page does not exist, a 404 Error is raised and the user is served Tomcat's default 404 error page as below:


Above, I requested a page called 'david' which does not exist.

To make your 404 page a bit more presentable, provide the user with a link back into your site, as well as hide the Tomcat version in use, you can easily add a custom 404 error page.

Start by creating the page you wish to use. In my case, I am creating a page called 'NotFound.jsp'


Add the 404 page you crated to your site directory.

Now, in your $CATALINA_HOME/conf directory, edit your web.xml file.

Add the following entry just beneath the welcome-file-list entry as shown below:



<welcome-file-list>
        <welcome-file>index.html</welcome-file>
        <welcome-file>index.htm</welcome-file>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>

   <error-page>
       <error-code>404</error-code>
         <location>/NotFound.jsp</location>
   </error-page>



Now, when someone goes to a page that does not exist, they get the custom 404 page we created.

for example: http://www.davidghedini.com/YadaYadaYada.jsp


SEO Disclaimer: I've called my page NotFound.jsp page and have added a meta-tag:

meta content="noindex" name="robots">


I did this as it (supposedly), the tag will stop search engined from indexing my 404 page.  I'm not an SEO guy so whether this is necessary  (or even a good idea), I don't know.  You could, of course, place your 404 page within a sub directory (e.g. '404') and adjust the location in your web.xml from /404/NotFound.jsp to /NotFound.jsp. You could then add a robots.txt file to prevent crawling of the directory.



Related Posts:
Install Tomcat 6 on CentOS
Tomcat Oracle JDBC Connection
Tomcat Manager Password






Install PostgreSQL 9 on CentOS


PLEASE NOTE: I have created an updated and much expanded installation guide for PostgreSQL 9.1 here:

PLEASE USE THE ABOVE GUIDE.


This post will cover installing PostgreSQL 9 on CentOS.
PostgreSQL 9 is the first major release from PostgreSQL in some time and the directory structure has changed. If you are using Webmin, we will also show how to configure Webmin to manage PostgreSQL 9. PLEASE NOTE: If you are looking to install PostgreSQL 9 on cPanel, please see my step-by-step guide here: http://www.davidghedini.com/pg/entry/installing_postgresql_9_on_cpanel: We'll use the simplest method to install, which is the postrgres repo rpms.
Begin by locating the appropriate one here:
 
http://yum.pgrpms.org/reporpms/repoview/pgdg-centos.html 
There is a 9.1.1 Alpha version available, but I am going to install 9.0.2

For CentOS I will need:

http://yum.pgrpms.org/reporpms/9.0/pgdg-centos-9.0-2.noarch.rpm

So, using wget: 
wget http://yum.pgrpms.org/reporpms/9.0/pgdg-centos-9.0-2.noarch.rpm


[root@server1 ~]# wget http://yum.pgrpms.org/reporpms/9.0/pgdg-centos-9.0-2.noarch.rpm
--2010-10-29 15:38:15--  http://yum.pgrpms.org/reporpms/9.0/pgdg-centos-9.0-2.noarch.rpm
Resolving yum.pgrpms.org... 77.79.103.58
Connecting to yum.pgrpms.org|77.79.103.58|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4623 (4.5K) [application/x-rpm]
Saving to: `pgdg-centos-9.0-2.noarch.rpm'

100%[======================================>] 4,623       --.-K/s   in 0s

2010-10-29 15:38:15 (259 MB/s) - `pgdg-centos-9.0-2.noarch.rpm' saved [4623/4623]
Now install the repo....
[root@server1 ~]# rpm -i pgdg-centos-9.0-2.noarch.rpm
We now need to edit the CentOS-Base.repo to exclude postgre. To do, so we simply edit CentOS-Base.repo and add 'exclude=postgresql*' to the [base] and [updates] sections:
[root@server1 ~]# cd /etc/yum.repos.d
[root@server1 yum.repos.d]# vi CentOS-Base.repo
[base]
name=CentOS-$releasever - Base
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os
#baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
exclude=postgresql*

#released updates
[updates]
name=CentOS-$releasever - Updates
mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates
#baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
exclude=postgresql* 
Now, let's use 'yum list' to check the packages that are now available.
[root@server1 yum.repos.d]# yum list postgres*
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: mirrors.seas.harvard.edu
 * base: centos.mirror.choopa.net
 * extras: centos.mirror.nac.net
 * updates: mirror.net.cen.ct.gov
pgdg90                                                   | 2.8 kB     00:00
pgdg90/primary_db                                        |  57 kB     00:00
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Installed Packages
postgresql-libs.x86_64                    8.1.18-2.el5_4.1             installed
Available Packages
postgresql-jdbc90.x86_64                  9.0.801-1PGDG.rhel5          pgdg90
postgresql-jdbc90-debuginfo.x86_64        9.0.801-1PGDG.rhel5          pgdg90
postgresql90.x86_64                       9.0.4-1PGDG.rhel5            pgdg90
postgresql90-contrib.x86_64               9.0.4-1PGDG.rhel5            pgdg90
postgresql90-debuginfo.x86_64             9.0.4-1PGDG.rhel5            pgdg90
postgresql90-devel.x86_64                 9.0.4-1PGDG.rhel5            pgdg90
postgresql90-docs.x86_64                  9.0.4-1PGDG.rhel5            pgdg90
postgresql90-jdbc.x86_64                  9.0.801-1PGDG.rhel5          pgdg90
postgresql90-jdbc-debuginfo.x86_64        9.0.801-1PGDG.rhel5          pgdg90
postgresql90-libs.i386                    9.0.4-1PGDG.rhel5            pgdg90
postgresql90-libs.x86_64                  9.0.4-1PGDG.rhel5            pgdg90
postgresql90-odbc.x86_64                  09.00.0200-1PGDG.rhel5       pgdg90
postgresql90-odbc-debuginfo.x86_64        09.00.0200-1PGDG.rhel5       pgdg90
postgresql90-plperl.x86_64                9.0.4-1PGDG.rhel5            pgdg90
postgresql90-plpython.x86_64              9.0.4-1PGDG.rhel5            pgdg90
postgresql90-pltcl.x86_64                 9.0.4-1PGDG.rhel5            pgdg90
postgresql90-python.x86_64                4.0-2PGDG.rhel5              pgdg90
postgresql90-python-debuginfo.x86_64      4.0-2PGDG.rhel5              pgdg90
postgresql90-server.x86_64                9.0.4-1PGDG.rhel5            pgdg90
postgresql90-test.x86_64                  9.0.4-1PGDG.rhel5            pgdg90
postgresql_autodoc.noarch                 1.40-1.rhel5                 pgdg90
[root@server1 yum.repos.d]#
We can now install PostgreSQL 9 using yum: yum install postgresql90 postgresql90-devel postgresql90-server postgresql90-libs
[root@server1 ~]# yum install postgresql90 postgresql90-devel postgresql90-server postgresql90-libs
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: mirrors.seas.harvard.edu
 * base: centos.mirror.choopa.net
 * extras: centos.mirror.nac.net
 * updates: mirror.net.cen.ct.gov
Excluding Packages from CentOS-5 - Base
Finished
Excluding Packages from CentOS-5 - Updates
Finished
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package postgresql90.x86_64 0:9.0.4-1PGDG.rhel5 set to be updated
--> Processing Dependency: libxslt.so.1()(64bit) for package: postgresql90
---> Package postgresql90-devel.x86_64 0:9.0.4-1PGDG.rhel5 set to be updated
---> Package postgresql90-libs.i386 0:9.0.4-1PGDG.rhel5 set to be updated
--> Processing Dependency: libldap_r-2.3.so.0 for package: postgresql90-libs
---> Package postgresql90-libs.x86_64 0:9.0.4-1PGDG.rhel5 set to be updated
---> Package postgresql90-server.x86_64 0:9.0.4-1PGDG.rhel5 set to be updated
--> Running transaction check
---> Package libxslt.x86_64 0:1.1.17-2.el5_2.2 set to be updated
---> Package openldap.i386 0:2.3.43-12.el5_6.7 set to be updated
--> Processing Dependency: libsasl2.so.2 for package: openldap
---> Package openldap.x86_64 0:2.3.43-12.el5_6.7 set to be updated
--> Running transaction check
---> Package cyrus-sasl-lib.i386 0:2.1.22-5.el5_4.3 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                  Arch        Version                Repository    Size
================================================================================
Installing:
 postgresql90             x86_64      9.0.4-1PGDG.rhel5      pgdg90       1.4 M
 postgresql90-devel       x86_64      9.0.4-1PGDG.rhel5      pgdg90       1.6 M
 postgresql90-libs        i386        9.0.4-1PGDG.rhel5      pgdg90       220 k
 postgresql90-libs        x86_64      9.0.4-1PGDG.rhel5      pgdg90       218 k
 postgresql90-server      x86_64      9.0.4-1PGDG.rhel5      pgdg90       4.8 M
Installing for dependencies:
 cyrus-sasl-lib           i386        2.1.22-5.el5_4.3       base         127 k
 libxslt                  x86_64      1.1.17-2.el5_2.2       base         488 k
 openldap                 i386        2.3.43-12.el5_6.7      updates      296 k
Updating for dependencies:
 openldap                 x86_64      2.3.43-12.el5_6.7      updates      304 k

Transaction Summary
================================================================================
Install      8 Package(s)
Update       1 Package(s)
Remove       0 Package(s)

Total download size: 9.4 M
Is this ok [y/N]: y
Downloading Packages:
(1/9): cyrus-sasl-lib-2.1.22-5.el5_4.3.i386.rpm          | 127 kB     00:00
(2/9): postgresql90-libs-9.0.4-1PGDG.rhel5.x86_64.rpm    | 218 kB     00:00
(3/9): postgresql90-libs-9.0.4-1PGDG.rhel5.i386.rpm      | 220 kB     00:00
(4/9): openldap-2.3.43-12.el5_6.7.i386.rpm               | 296 kB     00:00
(5/9): openldap-2.3.43-12.el5_6.7.x86_64.rpm             | 304 kB     00:00
(6/9): libxslt-1.1.17-2.el5_2.2.x86_64.rpm               | 488 kB     00:00
(7/9): postgresql90-9.0.4-1PGDG.rhel5.x86_64.rpm         | 1.4 MB     00:01
(8/9): postgresql90-devel-9.0.4-1PGDG.rhel5.x86_64.rpm   | 1.6 MB     00:01
(9/9): postgresql90-server-9.0.4-1PGDG.rhel5.x86_64.rpm  | 4.8 MB     00:03
--------------------------------------------------------------------------------
Total                                           978 kB/s | 9.4 MB     00:09
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : openldap                                                1/10
  Installing     : postgresql90-libs                                       2/10
  Installing     : libxslt                                                 3/10
  Installing     : postgresql90                                            4/10
  Installing     : cyrus-sasl-lib                                          5/10
  Installing     : postgresql90-server                                     6/10
  Installing     : postgresql90-devel                                      7/10
  Installing     : openldap                                                8/10
  Installing     : postgresql90-libs                                       9/10
  Cleanup        : openldap                                               10/10

Installed:
  postgresql90.x86_64 0:9.0.4-1PGDG.rhel5
  postgresql90-devel.x86_64 0:9.0.4-1PGDG.rhel5
  postgresql90-libs.i386 0:9.0.4-1PGDG.rhel5
  postgresql90-libs.x86_64 0:9.0.4-1PGDG.rhel5
  postgresql90-server.x86_64 0:9.0.4-1PGDG.rhel5

Dependency Installed:
  cyrus-sasl-lib.i386 0:2.1.22-5.el5_4.3    libxslt.x86_64 0:1.1.17-2.el5_2.2
  openldap.i386 0:2.3.43-12.el5_6.7

Dependency Updated:
  openldap.x86_64 0:2.3.43-12.el5_6.7

Complete!
[root@server1 ~]#
We can now initialize Postgre 
*note: when using Webmin, please see 'Configuring Webmin to Manage PostgreSQL9 below):
[root@server1 ~]# service postgresql-9.0 initdb
Start the Postgre server:
[root@server1 ~]# service postgresql-9.0 start
 
Configuring Webmin to Manage PostegreSQL 9

Due to the directory structure of PostgreSQL 9, you will need to make a few changes to the Webmin management interface it let Webmin know where the Postgre files are located.

Under Servers>PostgreSQL Database Server

Click on Module Configuration.

Make the following substitutions in the System Configuration Section:

1. Path to psql command: 
Original:  /usr/bin/psql
Change to: /usr/pgsql-9.0/bin/psql

2. Command to start PostgreSQL
Original: 
if [ -r /etc/rc.d/init.d/rhdb ]; then /etc/rc.d/init.d/rhdb start; else /etc/rc.d/init.d/postgresql start; fi
Change to:
if [ -r /etc/rc.d/init.d/rhdb ]; then /etc/rc.d/init.d/rhdb start; else /etc/rc.d/init.d/postgresql-9.0 start; fi
3. Command to stop PostgreSQL 
Original:
if [ -r /etc/rc.d/init.d/rhdb ]; then /etc/rc.d/init.d/rhdb stop; else /etc/rc.d/init.d/postgresql stop; fi
Change to:
if [ -r /etc/rc.d/init.d/rhdb ]; then /etc/rc.d/init.d/rhdb stop; else /etc/rc.d/init.d/postgresql-9.0 stop; fi
4. Command to initialize PostgreSQL Original:
if [ -r /etc/rc.d/init.d/rhdb ]; then /etc/rc.d/init.d/rhdb start; else /etc/rc.d/init.d/postgresql initdb ; /etc/rc.d/init.d/postgresql start; fi
Change to:
if [ -r /etc/rc.d/init.d/rhdb ]; then /etc/rc.d/init.d/rhdb start; else /etc/rc.d/init.d/postgresql-9.0 initdb ; /etc/rc.d/init.d/postgresql-9.0 start; fi
5. Path to postmaster PID file Original: /var/run/postmaster.pid Change to: /var/run/postmaster-9.0.pid 6. Paths to host access config file Original: /var/lib/pgsql/data/pg_hba.conf Change to: /var/lib/pgsql/9.0/data/pg_hba.conf 7. Default backup repository directory Original: /home/db_repository Change to: /var/lib/pgsql/9.0/backups Save the configuration. If you have not alreay initialized the database, do so now by clicking the initialize database button.
PostgreSQL 9 Hosting PostGIS Hosting Additional information and references: http://people.planetpostgresql.org/devrim/index.php?/archives/43-How-to-install-PostgreSQL-9.0-Beta-1-to-FedoraCentOSRHEL.html http://www.postgresonline.com/journal/index.php?/archives/45-An-Almost-Idiots-Guide-to-PostgreSQL-YUM.html http://www.postgresql.org/

Sunday, July 18, 2010

Tomcat Manager Password

This post will cover basic set up and configuration to access the Tomcat Manager interface.

After installing Tomcat 6, as shown in my previous post, you can navigate to http://yourdomain.com:8080 to access the Tomcat Manager.

With some variation, which we will note, the procedure is the same for Tomcat 5, 6, and 7 (Beta).

By default, no users or passwords are created for the Tomcat manager role.

To set a user name and password, we need to configure the tomcat-users.xml file located at $CATALINA_HOME/conf/tomcat-users.xml.

In the case of our installation, $CATALINA_HOME is located at /usr/share/apache-tomcat-6.0.26.

By default the Tomcat 6 tomcat-users.xml file will look as below.

Note that while examples are provided, the elements between the <tomcat-users> and </tomcat-users> tags have been commented-out using <!-- -->

Most of what you need is explained in the file itself.











Now, in order to access Tomcat Manager we simply need to add a role, manager, and then add a user name with password and assign the user to the manager role.

I'll create a user 'david' with password 'BlogPost', and I'll assign 'david' to the manager role.






 



That's it! Very simple.

We added the role 'manager', and then created the username 'david' with password 'BlogSpot' and assigned the user to manager role.

IMPORTANT NOTE: For Tomcat 7.0, which is now in Beta Release, the role name is manager-gui. If configuring Tomcat 7.0, use this in place of 'manager':





 



Now, restart your Tomcat instance, and verify that you are able to access the Tomcat Manager at http://yourdomain.com:8080.

Click on the Tomcat Manager link on the Administration menu and enter the user name and password you created above.


Securing Your Tomcat Manager Password: Creating an SHA or MD5 Digest Password

You could stop here, but since the password is stored in plain text in the tomcat-users.xml file, it's a good idea to encrypt your password.

By default, Tomcat employs a simple, file based UserDatabase Realm for security. In this case, passwords are stored in plain text in the tomcat-users.xml file we configured above.

There are much stronger security Realms that can be used such as JNDI and JDBC, but we'll start with the simplest and create a Digested version of our password we created above.

For our Digest algorithm we can use SHA or MD5.

We can do this in a few simple steps.

First, we create a Digest version of our password using the digest.sh script located at $CATALINA_HOME/bin/digest.sh

For SHA, we use issue ./digest.sh -a sha BlogSpot as shown below.

[root@server1 bin]# ./digest.sh -a sha BlogSpot
BlogSpot:89fc9f60780695d50b5cf5b0598957fc88c91487

We then copy the output, 89fc9f60780695d50b5cf5b0598957fc88c91487, which is our SHA Digest password. Copy it somewhere safe, you will need it in a moment.


Similarly, for MD5, we issue ./digest.sh -a md5 BlogSpot as shown below.

[root@server1 bin]# ./digest.sh -a md5 BlogSpot
BlogSpot:f105429be7c7a3518f9376b3de4f0f1d

We then copy the output, f105429be7c7a3518f9376b3de4f0f1d, which is our MD5 Digest password. Copy it somewhere safe, you will need it in a moment.


Now, in our tomcat-users.xml file, replace the plain text password we created 'BlogSpot' (or whatever you used) with the SHA or MD5 Digest password you generated above. I'm going to use SHA.


[root@server1 conf]# vi tomcat-users.xml










Finally, we need to make an adjustment to our server.xml file, located in the Tomcat conf directory, so Tomcat knows we are using a Digest password as well as the Digest algorithm we selected (SHA or MD5).

In your server.xml file, look for this section:


 


At the end of the entry, we add: digest="sha" as shown below if we used the SHA Digest Algorithm.






If we used the MD5, we add digest="md5" as shown below.





We have now created the manager role, added a user with password to the manager role, as well as encrypted our user password using MD5 or SHA Digest.

Later we'll look at JDBC and JNDI security Realms, as well as other measures for securing your Tomcat installation.


Related Posts:
Install Tomcat 6 on CentOS
Tomcat Oracle JDBC Connection
Tomcat Custom 404 Page

Tuesday, July 6, 2010

Tomcat 7 Beta Release

Tomcat 7.0.0 Beta was released on June 29th.

http://tomcat.apache.org/tomcat-7.0-doc/index.html

"The Apache Tomcat Project is proud to announce the release of version 7.0.0 beta of Apache Tomcat. This release is the first Apache Tomcat release to support the Servlet 3.0, JSP 2.2 and EL 2.2 specifications. In addition, it includes numerous other improvements such as web application memory leak detection and prevention, extensive internal code clean-up and support for including external content directly in a web application (aliases)."

The list of improvements and additional features looks like exciting stuff.

I just got started playing with it a few days ago, the baseline installation is as Tomcat 6 (see my previous post here).

One configuration change I came across off the bat is the need to use the role of manager-gui, replacing the old manager role:






Well, I hope to be posting much more soon......

Sunday, July 4, 2010

Install Tomcat 6 on CentOS

NOTE: For an updated and expanded version of this post, please see:

http://www.davidghedini.com/pg/entry/install_tomcat_6_on_centos

This post will cover installation and configuration of Tomcat 6 on CentOS 5.

We will also show how to run Tomcat as a service, create a start/stop script, and configure Tomcat to run under a non-root user.

This post has been updated for Tomcat 6.0.32.

This post below will work with any Tomcat 6.x version, but I have been keeping it updated to keep the links consistent and to make it as "copying-and-paste" as possible.

If you are looking for our tutorial on installing Tomcat 7 on CentOS/RHEL, you can find it here.

This installation of Tomcat 6.0.32 was done on CentOS 5.5, but any CentOS 5.x should work, as well as RHEL and Fedora.

If you do not already have the Java Development Kit (JDK) installed on your machine, you will need to download and install the required JDK for your platform.

If you do have the JDK installed, you can skip to: Step 2: Download and Install the Tomcat 6.0.32:


Step 1: Install the JDK

You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

I'm using the latest, which is JDK 6, update 24. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.

If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

[root@blanche ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin  

Create a new directory /usr/java.

[root@blanche ~]# mkdir /usr/java  

Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u24-linux-x64.bin'

[root@blanche ~]# cd /usr/java
[root@blanche java]# sh /opt/jdk-6u24-linux-x64.bin

Set the JAVA_HOME path. This is where we installed our JDK above.

To set it for your current session, you can issue the following from the CLI:

[root@blanche java]# JAVA_HOME=/usr/java/jdk1.6.0_24
[root@blanche java]# export JAVA_HOME
[root@blanche java]# PATH=$JAVA_HOME/bin:$PATH
[root@blanche java]# export PATH

To set the JAVA_HOME for users, we add below to the user ~/.bashrc or ~/.bash_profile of the user. We can also add it /etc/profile and then source it to give to all users.

JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH

Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

[root@blanche ~]#  echo $JAVA_HOME
/usr/java/jdk1.6.0_24


Step 2: Download and Install Tomcat 6.0.32:

Download apache-tomcat-6.0.32.tar.gz here

Save the file to a directory. I'm saving it to /root/apache-tomcat-6.0.32.tar.gz

Before proceeding, you should verify the MD5 Checksum for your Tomcat download (or any other download).

Since we saved the Tomcat download to /root/apache-tomcat-6.0.32.tar.gz, we'll go to the /root directory and use the md5sum command.

[root@blanche ~]# md5sum apache-tomcat-6.0.32.tar.gz
082a0707985b6c029920d4d6d5ec11cd

Compare the output above to the MD5 Checksum provided by the Apache Tomcat MD5 page and insure that they match exactly. (There is also a link to display the MD5 checksum located just to the right off the download link).

Now, move (mv) or copy (cp) the file to the /usr/share directory:

[root@blanche ~]# mv apache-tomcat-6.0.32.tar.gz /usr/share/apache-tomcat-6.0.32.tar.gz

Change to the /usr/share directory and unpack the file using tar -xzf:

[root@blanche ~]# cd /usr/share
[root@sv2 blanche ]# tar -xzf apache-tomcat-6.0.32.tar.gz  

This will create the directory /usr/share/apache-tomcat-6.0.32

At this point, you could start Tomcat via the Tomcat bin directory using the Tomcat startup.sh script located at /usr/share/apache-tomcat-6.0.32/bin.

[root@blanche share]# cd /usr/share/apache-tomcat-6.0.32/bin
[root@blanche bin]# ./startup.sh


Step 3: How to Run Tomcat as a Service.

We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

[root@blanche share]# cd /etc/init.d
[root@blanche init.d]# vi tomcat


#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-6.0.32


case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;; 
stop)   
sh $CATALINA_HOME/bin/shutdown.sh
;; 
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;; 
esac    
exit 0

The above script is simple and contains all of the basic elements you will need to get going.

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-6.0.32/bin).

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-6.0.32)

Now, set the permissions for your script to make it executable:

[root@blanche init.d]# chmod 755 tomcat

We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 244 20 80. 2445 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.

[root@blanche init.d]# chkconfig --add tomcat
[root@blanche init.d]# chkconfig --level 234 tomcat on

Verify it:

[root@blanche init.d]# chkconfig --list tomcat
tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off

Now, let's test our script.

Start Tomcat:
[root@blanche ~]# service tomcat start
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar

Stop Tomcat:

[root@blanche ~]# service tomcat stop
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar

Restarting Tomcat (Must be started first):

[root@blanche ~]# service tomcat restart
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar



We should review the Catalina.out log located at /usr/share/apache-tomcat-6.0.32/logs/catalina.out and check for any errors.

[root@blanche init.d]# more /usr/share/apache-tomcat-6.0.32/logs/catalina.out


We can now access the Tomcat Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.


Step 5 (Optional): How to Run Tomcat using Minimally Privileged (non-root) User.

In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary.

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

[root@blanche ~]# groupadd tomcat
[root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat

2. Create the user 'tomcat' and add this user to the tomcat group we created above.

[root@blanche ~]# groupadd tomcat
[root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat

The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

[root@blanche ~]# useradd -g tomcat -d /usr/share/apache-tomcat-6.0.32/tomcat tomcat

The above will create the user tomcat's home directory as /usr/share/apache-tomcat-6.0.32/tomcat


3. Change ownership of the tomcat files to the user we created above:

[root@blanche ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-6.0.32/

Note: it is possible to enhance our security still further by making certain files and directory read-only. This will not be covered in this post and care should be used when setting such permissions.


4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
TOMCAT_HOME=/usr/share/apache-tomcat-6.0.32/bin


case $1 in
start)
/bin/su tomcat $TOMCAT_HOME/startup.sh
;; 
stop)   
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
;; 
restart)
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
/bin/su tomcat $TOMCAT_HOME/startup.sh
;; 
esac    
exit 0


Step 6 (Optional): How to Run Tomcat on Port 80 as Non-Root User.

Note: the following applies when you are running Tomcat in "stand alone" mode. That is, you are running Tomcat without Apache in front of it.

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

[root@blanche ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080  
[root@blanche ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080  


Tomcat 6 Hosting



Related Posts:
Tomcat Oracle JDBC Connection
Tomcat Manager Password
Tomcat Custom 404 Page
Install Tomcat 7 on CentOS/RHEL


Learn More About Apache Tomcat

Apache Tomcat Foundation
Tomcat 6

Monday, June 28, 2010

How to Set Hostname on CentOS (RHEL)

Setting the hostname on CentOS (RHEL).

Well, I could have sworn when I ordered this VPS that I entered the hostname I wanted in the order form. I guess I must have been hallucinating....

Begin by checking the existing hostname using the hostname command.
login as: root
root@vps12's password:
Last login: Mon Jun 28 16:21:53 2010
[root@vps12 ~]# hostname
vps12
We can also check via sysctl kernel.hostname
[root@vps12 ~]# sysctl kernel.hostname
kernel.hostname = vps12
The actual hostname I need to set for this server is blanche.mydomain.net

I can set the hostname initially using the hostname command followed by the desired hostname.
[root@vps12 ~]# hostname blanche.mydomain.net
This will set the hostname:
[root@vps12 ~]# hostname
blanche.mydomain.net
However, once the server is rebooted, the hostname will revert to it's previous setting (vps12).

To permanently change the hostname, I need to edit the network file at /etc/sysconfig/network.

So,
[root@vps12 ~]# cd /etc/sysconfig
[root@vps12 sysconfig]# vi network

The Network file will look as so.

NETWORKING=yes
HOSTNAME=vps12
GATEWAYDEV=eth0
GATEWAY=192.168.0.1

Hit 'i' to insert and change the HOSTNAME value to your FQDN, in my case, blanche.mydomain.net

Hit Escape, then :wq to save and exit.

Check that the hostname is properly set:
[root@vps12 sysconfig]# hostname
blanche.mydomain.net
[root@vps12 sysconfig]# sysctl kernel.hostname
kernel.hostname = blanche.mydomain.net

Finally, if we log out, and log back in using a new session, we see I am now root@blanche:
login as: root
root@blanche's password:
Last login: Mon Jun 28 16:21:53 2010
[root@blanche ~]#  

To properly check, you may wish to reboot the server.

How to Enable Root Login (CentOS / RHEL)

Disclaimer: It's always best practice that any machine on the internet not allow direct Root login via SSH.

To allow Root to log in, we need to update our sshd_config file located at /etc/ssh/sshd_config.

To update this file, we need to switch over to Root:
[admin@blanche ~]$ su root
Password:
[root@blanche ~]#

Go to the /ect/ssh directory:
[root@blanche ~]# cd /etc/ssh
[root@blanche ssh]#

Now, let's edit our sshd_config file using vi:
[root@blanche ssh]# vi sshd_config

Look for the following section (about 1/3 of the way down):
#LoginGraceTime 2m
PermitRootLogin no

Hit "i" to insert and then change the value for PermitRootLogin from no to yes.

Hit Escape and then :wq! to save changes and close the file.

Finally, still as Root, we need to restart SSHD using /etc/init.d/sshd restart.

[root@blanche ssh]# /etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                             [  OK  ]

Exit your session, open a new terminal and confirm you are now able to login as Root:

login as: root
root@blanche's password:
Last login: Mon Jun 28 16:21:53 2010
[root@blanche ~]#

Saturday, June 5, 2010

Install Webmin on CentOS 5

Some months ago, the download url for Webmin was updated.

You can find the latest release at: http://www.webmin.com/download.html

SSH to your server.
[root@server7]# yum -y install perl-Net-SSLeay
Get the rpm.
[root@server7]# wget http://prdownloads.sourceforge.net/webadmin/webmin-1.510-1.noarch.rpm

Verify using MD5 - Webmin also offers PGP Verification.

To do this, use the md5sum command

[root@server7]# md5sum webmin-1.510-1.noarch.rpm
7d7167b0f62e7f0a5578a6117581c46f  webmin-1.510-1.noarch.rpm

Compare the output above to the official MD5 Checksum on the Webmin Site.


The MD5 Checksum listed on the Webmin site, 7d7167b0f62e7f0a5578a6117581c46f, matches our output above, so we are ready to install.


Install the rpm.
[root@server7]# rpm -i webmin-1.510-1.noarch.rpm 

You should get a message at the end of the install informing you that you can reach the installation at:

https://hostname(or server IP):10000

Monday, May 24, 2010

Bash Script for Oracle Data Pump Export (with FTP and Email)

Red Hat Linux 5.4 or CentOS 5.4
Oracle 11g or 10g
SID = orcl

This post covers creating a basic bash script to produce a Data Pump export file (.dmp) file which we can then FTP to a remote server or mail the file using MUTT.

We'll also generate a log file of the export and write the output of the log file into the body of an email notification.

In the first scenario, we want to email the export file as an attachment, so we''ll need to do the following:

  1. Export the Scott schema on a daily basis using Data Pump.
  2. Create a log file of the Data Pump export
  3. Add the date and hour of the export to to the file name and log file in the forms of : scott-yyyymmddhh.dmp. and scottLOG-yyyymmddhh.log
  4. Use zip or gzip to compress the dump file for easier FTP and/or mailing
  5. Write the contents of the log file into the body of an email.
  6. FTP the file or attach the file to the email and send it.


To begin, you will need to create an Oracle directory to export the file to and then grant read and write on the directory for the schema.

SQL> CREATE OR REPLACE DIRECTORY backdir AS /home/app/oracle/admin/orcl/dpdump

SQL> GRANT READ, WRITE ON DIRECTORY backdir TO scott;
If not already installed, install MUTT:

[root@server1]# yum install mutt

Create your bash script.

In the first example, we'll zip the export, attach it to an email and place the export log into the body of the email.

I'm creating mine in /usr/lib/myscripts and the file name will be scottscript.sh

[root@server1]# cd /usr/lib/myscripts
[root@server1]# vi scottscript.sh 

#!/bin/sh
ORACLE_HOME=/home/app/oracle/product/11.2.0/dbhome_1
export ORACLE_HOME
export PATH=$ORACLE_HOME/bin:$PATH
ORACLE_SID=orcl; export ORACLE_SID
expdp scott/tiger DIRECTORY=backdir DUMPFILE=scott-$(date +%Y%m%d%H) VERSION=10.2 LOGFILE=scottLOG-$(date +%Y%m%d%H).log
zip -r /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).zip /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).dmp
cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log | mutt -s "scott Backup" -a /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).zip scott@tiger.com


What is in the script:

In the first part of the script, we set the required environment.
ORACLE_HOME=/home/app/oracle/product/11.2.0/dbhome_1
export ORACLE_HOME
export PATH=$ORACLE_HOME/bin:$PATH
ORACLE_SID=orcl; export ORACLE_SID


In the next bit, we do our export. In this case, I want to import my file into a local XE instance on my laptop so I'm going to specify VERSION=10.2. Additionally, because I will be doing this daily, I am appending the date in the form of YYYYMMDDHH to the file name:

expdp scott/tiger DIRECTORY=backdir DUMPFILE=scott-$(date +%Y%m%d%H) VERSION=10.2

Create a log file of our export to see if there were any issues:
LOGFILE=scottLOG-$(date +%Y%m%d%H).log


Compress the .dmp file to make it easier to mail:
zip -r scott-$(date +%Y%m%d%H).zip /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).dmp 




Finally, we use MUTT to attach our export file to our email as well as write the log file contents to the body of the email:

cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log |  mutt -s "Scott Backup" -a  /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).zip scott@tiger.com  


In the last bit above:

  • cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log writes the contents of the log file into the body of the email. 
  • "Scott Backup" is the email subject line.
  • -a /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).zip attaches our file to the email.
  • scott@tiger.com is the recipient address.


From here, you can set a cron job to automate running the script at whatever interval you require.


Now, instead of emailing the zip file, let's FTP the file to a remote server.

In this case, we want to FTP the file, so we'll need to do the following:

  1. Export the Scott schema on a daily basis using Data Pump.
  2. Create a log file of the Data Pump export
  3. Add the date and hour of the export to to the file name and log file in the forms of : scott-yyyymmddhh.dmp. and scottLOG-yyyymmddhh.log
  4. Use zip or gzip to compress the dump file for easier FTP
  5. Write the contents of the log file into the body of an email notification.
  6. FTP the file.




#!/bin/sh
ORACLE_HOME=/home/app/oracle/product/11.2.0/dbhome_1
export ORACLE_HOME
export PATH=$ORACLE_HOME/bin:$PATH
ORACLE_SID=orcl; export ORACLE_SID
HOST='192.168.0.2'
USER='ftpuser'
PASSWD='password'
expdp scott/tiger DIRECTORY=backdir DUMPFILE=scott-$(date +%Y%m%d%H) VERSION=10.2 LOGFILE=scottLOG-$(date +%Y%m%d%H).log
zip -r /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).zip /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).dmp
cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log | mutt -s "scott Backup" scott@tiger.com
cd /home/app/oracle/admin/orcl/dpdump
ftp -n -v $HOST << EOT
binary
user $USER $PASSWD
prompt
put scott-$(date +%Y%m%d%H).zip
bye
EOT

What is in the script:

In the first part of the script, we set the required environment.
ORACLE_HOME=/home/app/oracle/product/11.2.0/dbhome_1
export ORACLE_HOME
export PATH=$ORACLE_HOME/bin:$PATH
ORACLE_SID=orcl; export ORACLE_SID 


Next, we set our FTP information:
HOST='192.168.0.2'
USER='ftpuser'
PASSWD='password'


In the next bit, we do our export. Again, I want to import my file into a local XE instance on my laptop so I'm going to specify VERSION=10.2. Additionally, because I will be doing this daily, I am appending the date in the form of YYYYMMDDHH to the file name:
expdp scott/tiger DIRECTORY=backdir DUMPFILE=scott-$(date +%Y%m%d%H) VERSION=10.2

Create a log file of our export to see if there were any issues:
LOGFILE=scottLOG-$(date +%Y%m%d%H).log

Compress the .dmp file to make it easier to FTP:
zip -r scott-$(date +%Y%m%d%H).zip /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).dmp 

Now, we use MUTT to write the log file contents to the body of an email notification:
cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log | mutt -s "Scott Backup"  scott@tiger.com  

In the bit above:
  • cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log writes the contents of the log file into the body of the email.
  • "Scott Backup" is the email subject line.
  • scott@tiger.com is the recipient address. 

Finally, we go our backup directory and FTP the file in binary mode.
cd /home/app/oracle/admin/orcl/dpdump
ftp -n -v $HOST << EOT
binary
user $USER $PASSWD
prompt
put scott-$(date +%Y%m%d%H).zip
bye
EOT

Again, you now create a cron job to automate running the script at whatever interval you require.

What if I want to use tar/gzip instead of zip?

Simply make the substitutions as below:
#!/bin/sh
ORACLE_HOME=/home/app/oracle/product/11.2.0/dbhome_1
export ORACLE_HOME
export PATH=$ORACLE_HOME/bin:$PATH
ORACLE_SID=orcl; export ORACLE_SID
HOST='192.168.0.2'
USER='ftpuser'
PASSWD='password'
expdp scott/tiger DIRECTORY=backdir DUMPFILE=scott-$(date +%Y%m%d%H) VERSION=10.2 LOGFILE=scottLOG-$(date +%Y%m%d%H).log 
tar -cvzf /home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).tar.gz home/app/oracle/admin/orcl/dpdump/scott-$(date +%Y%m%d%H).dmp
cat /home/app/oracle/admin/orcl/dpdump/scottLOG-$(date +%Y%m%d%H).log | mutt -s "scott Backup" scott@tiger.com
cd /home/app/oracle/admin/orcl/dpdump
ftp -n -v $HOST << EOT
binary
user $USER $PASSWD
prompt
put scott-$(date +%Y%m%d%H).tar.gz
bye
EOT

    You can also execute it on-demand as well via command line: [root@server1]# cd /usr/lib/myscripts [root@server1]# . /scottscript.sh

    More About Oracle Datapump
      More about MUTT



      Oracle APEX Hosting