Thursday, February 10, 2011

Install Apache Roller 4 on CentOS and Tomcat

This post will cover installing Apache Roller 4.0.1 on CentOS with Tomcat and MySQL.

4.0.1 is the current GA production release of Apache Roller.

For this post, you will need a working installation of Tomcat. If you do not have Tomcat installed, you can install it using our Tomcat step-by-step guide here.

What you will need to download:

apache-roller-4.0.1.zip
JavaMail 1.4.4
mysql-connector-java-5.1.15-bin.jar


I'll be saving the above file to my /opt directory.


1. Create the Required MySQL Database and User:

We'll call our database 'roller'

[root@srv6 opt]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 2694
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database roller;
Query OK, 1 row affected (0.00 sec)

mysql> grant all on roller.* to myuser@localhost identified by 'secret';
Query OK, 0 rows affected (0.00 sec)

mysql>


2. Copy The Required JAR Files to the Tomcat/lib Directory

From our downloads, we'll need to copy the mail.jar and mysql-connector-java-5.1.15-bin.jar to our Tomcat/lib Directory

Unzip javamail1_4_4.zip

[root@srv6 opt]# unzip -q javamail1_4_4.zip
Change to the javamail-1.4.4 directory and copy mail.jar to the Tomcat lib directory:
[root@srv6 opt]# cd javamail-1.4.4
[root@srv6 javamail-1.4.4]# cp mail.jar /usr/share/apache-tomcat-6.0.30/lib/mail.jar

Change back to the /opt directory and unpack mysql-connector-java-5.1.15.tar.gz

[root@srv6 javamail-1.4.4]# cd /opt
[root@srv6 opt]# tar -xvf mysql-connector-java-5.1.15.tar.gz

Change to the mysql-connector-java-5.1.15 directory and copy mysql-connector-java-5.1.15-bin.jar to the Tomcat lib directory:

[root@srv6 opt]# cd mysql-connector-java-5.1.15
[root@srv6 mysql-connector-java-5.1.15]# cp mysql-connector-java-5.1.15-bin.jar /usr/share/apache-tomcat-6.0.30/lib/mysql-connector-java-5.1.15-bin.jar




3. Create a roller-custom.properties File

We'll now create our roller-custom.properties file in the Tomcat/lib directory

[root@srv6 mysql-connector-java-5.1.15]#  cd /usr/share/apache-tomcat-6.0.30/lib
[root@srv6 lib]# vi roller-custom.properties

The file should contain the following. Replace database, user and password with your own. If required enter the mail user credentials as well.

installation.type=auto
database.configurationType=jdbc
database.jdbc.driverClass=com.mysql.jdbc.Driver
database.jdbc.connectionURL=jdbc:mysql://localhost:3306/roller
database.jdbc.username=myuser
database.jdbc.password=secret
mail.configurationType=properties
mail.hostName=localhost
#mail.username=
#mail.password=

4. Create roller.war

We now need to build the roller.war file from our Roller download.

Unzip apache-roller-4.0.1.zip
[root@srv6 opt]# unzip -q apache-roller-4.0.1.zip
Change to the apache-roller-4.0.1/webapp/roller directory
[root@srv6 opt]# cd apache-roller-4.0.1/webapp/roller
Create the WAR file
[root@srv6 roller]# % jar cvf ../roller.war *

5. Copy the roller.war to your Tomcat/webapps Directory

The roller.war file is created apache-roller-4.0.1/webapp directory. Copy the WAR to your Tomcat/webapps directory

[root@srv6 webapp]# cp roller.war /usr/share/apache-tomcat-6.0.30/webapps/roller.war



6. Start Tomcat

Start up Tomcat to load your new files and jars.

[root@srv6 webapp]# service tomcat start
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.30/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_23
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.30/bin/bootstrap.jar


7. Create Roller Tables in MySQL via Roller GUI

If your installation was successful, you should now be able to go to http://YourIP:8080/roller or http://YourDomain:8080/roller

If you are not able to access Roller, check your catalina.out or roller.log files in your Tomcat/logs directory.

You should see a prompt to create the roller tables in MySQL.

Click the "Yes - Create Tables Now" button




On successful completion of creating the Roller tables in MySQL you will see the following:



Follow the prompt and click to complete the installation.



8. Create Global Admin User

The Roller Front Page should now be displayed as below.


Click the 'New User Registration Link' to create your Global Admin user. As noted, the first user registered will have Global Admin rights.



http://roller.apache.org/

Wednesday, February 9, 2011

Install Mondrian OLAP 3.2 on CentOS with Tomcat and MySQL

This post will cover installing Mondrian OLAP Engine on CentOS with Tomcat and MySQL.

Mondrian 3.2.0.13661
Tomcat 6.0.30
MySQL 5.0.77


This post assumes you have a working Tomcat installation. If you do not, please follow our step-by-step tutorial to installing Tomcat 6 or Tomcat 7.

You will need to download the following:

Mondrian: mondrian-3.2.0.13661.zip
http://sourceforge.net/projects/mondrian/files/mondrian/mondrian-3.2.0.13661-GA/

Apache Axis 1.4: axis-bin-1_4.tar.gz
http://www.apache.org/dyn/closer.cgi/ws/axis/1_4

MySQL Connector J (if not already installed): mysql-connector-java-5.1.14.tar.gz
http://www.mysql.com/downloads/connector/j/


1. Download the Above Files to the /opt Directory.

Unzip mondrian-3.2.0.13661.zip
[root@srv6 opt]# unzip -q mondrian-3.2.0.13661.zip
Unpack Axis 1.4
[root@srv6 opt]# tar xzf axis-bin-1_4.tar.gz

Unpack mysql-connector-java-5.1.14.tar.gz
[root@srv6 opt]# tar xzf mysql-connector-java-5.1.14.tar.gz
In your /opt directory you should now have:
[root@srv6 opt]# ls
axis-1_4                mondrian-3.2.0.13661
mysql-connector-java-5.1.14


2. Deploy Mondrian to the Tomcat_Home/webapps folder.

Naviagte to /opt/mondrian-3.2.0.13661/lib

You can use one of two methods to deploy the mondrian.war to Tomcat_Home/webapps:

Method 1. Copy or mv the Modrian.WAR file from /opt/mondrian-3.2.0.13661/lib to your Tomcat/webapps directory and restart Tomcat to deploy the WAR.
[root@srv6 opt]# cp /opt/mondrian-3.2.0.13661/lib/mondrian.war /usr/share/apache-tomcat-6.0.30/webapps/mondrian.war
[root@srv6 opt]# service tomcat start (or restart)

Method 2. Create the mondrian directory under Tomcat_Home/webapps and manually and explode the WAR via the CLI
[root@srv6 opt]# mkdir /usr/share/apache-tomcat-6.0.30/webapps/mondrian
[root@srv6 opt]# cp /opt/mondrian-3.2.0.13661/lib/mondrian.war /usr/share/apache-tomcat-6.0.30/webapps/mondrian/mondrian.war
[root@srv6 opt]# cd /usr/share/apache-tomcat-6.0.30/webapps/mondrian
[root@srv6 mondrian]# jar -xvf mondrian.war

3. Copy the Required Jars from Axis and MySQL to the Mondrain Directory Created Above

There are four JAR files we need from /opt/axis-1_4/lib:

axis.jar
commons-discovery-0.2.jar
wsdl4j-1.5.1.jar
jaxrpc.jar

Copy or move these JAR file to /mondrian/WEB-INF/lib:


[root@srv6 mondrian]# cd /opt/axis-1_4/lib
[root@srv6 lib]# cp axis.jar /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/axis.jar
[root@srv6 lib]# cp commons-discovery-0.2.jar /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/commons-discovery-0.2.jar
[root@srv6 lib]# cp wsdl4j-1.5.1.jar /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/wsdl4j-1.5.1.jar
[root@srv6 lib]# cp jaxrpc.jar /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/jaxrpc.jar

Copy or move the MySQL Connector to /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib

[root@srv6 lib]# cp /opt/mysql-connector-java-5.1.14/mysql-connector-java-5.1.14-bin.jar /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/mysql-connector-java-5.1.14-bin.jar



4. Restart Tomcat

[root@srv6 ~]# service tomcat restart
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.30/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_23
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.30/bin/bootstrap.jar
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.30/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_23
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.30/bin/bootstrap.jar

5. Create the Foodmart Database and Database User:

[root@srv6 lib]# mysql -u root -p
Enter password:
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10
Server version: 5.0.77 Source distribution

Type 'help;' or '\h' for help. Type '\c' to clear the buffer.

mysql> create database foodmart
    -> ;
Query OK, 1 row affected (0.02 sec)

mysql> grant all privileges on *.* to 'foodmart'@'localhost' identified by 'foodmart';
Query OK, 0 rows affected (0.02 sec)

mysql>


6. Load the Foodmart Sample Data.

java -cp "/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/mondrian.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/log4j-1.2.8.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/commons-logging-1.0.4.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/commons-collections-3.1.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/eigenbase-xom.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/eigenbase-resgen.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/eigenbase-properties.jar:/usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/lib/mysql-connector-java-5.1.14-bin.jar" mondrian.test.loader.MondrianFoodMartLoader 
-verbose -tables -data -indexes -jdbcDrivers=com.mysql.jdbc.Driver 
-inputFile=/opt/mondrian-3.2.0.13661/demo/FoodMartCreateData.sql
-outputJdbcURL="jdbc:mysql://localhost/foodmart?user=foodmart&password=foodmart"

  • In the above, I have used the full directory paths for everything. So you can run the above from any directory. It also allows you to see exactly where everything is coming from.

  • My Tomcat installation is located at /usr/share/apache-tomcat-6.0.30, so if yours is elsewhere, you'll need to update this above.

  • Similarly, I have placed mysql-connector-java-5.1.14-bin.jar in mondrain/WEB-INF/lib. If you already have this elsewhere or are using a different version of connector j, update accordingly.

  • The Pentaho/Mondrian docs do not mention using commons-collections-3.1.jar, but I needed to use this to get the data to load.

Now that we have loaded all of the require jars and loaded the sample data, we need to create a data source, and edit some files.


7. Create a Data Source:


Create a Data Source, we'll call it DsMySQL.

Open /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/datasurce.xml and edit to look like below.


 
   Provider=Mondrian;DataSource=DsMySQL;
   FoodMart Data Warehouse
   http://localhost:8080/mondrian/xmla
   

Provider=mondrian;Jdbc=jdbc:mysql://localhost/foodmart;JdbcUser=foodmart;JdbcPassword=foodmart;JdbcDrivers=com.mysql.jdbc.Driver;
  Mondrian
  MDP
  Unauthenticated
   
    
     /WEB-INF/queries/FoodMart.xml
    
   





8. Edit Mondrian web.xml.

Replace the two instances of @mondrian.webapp.connectString@ with the following:

Provider=mondrian;Jdbc=jdbc:mysql://localhost/foodmart?user=foodmart&password=foodmart;Catalog=/WEB-INF/queries/FoodMart.xml;JdbcDrivers=com.mysql.jdbc.Driver;


Original web.xml entries:


    connectString@mondrian.webapp.connectString@

  
    MDXQueryServlet
    mondrian.web.servlet.MdxQueryServlet
    
      connectString@mondrian.webapp.connectString@
  


Web.xml after editing:


    connectStringProvider=mondrian;Jdbc=jdbc:mysql://localhost/foodmart?user=foodmart&password=foodmart;Catalog=/WEB-INF/queries/FoodMart.xml;JdbcDrivers=com.mysql.jdbc.Driver;
  
    MDXQueryServlet
    mondrian.web.servlet.MdxQueryServlet
    
      connectStringProvider=mondrian;Jdbc=jdbc:mysql://localhost/foodmart?user=foodmart&password=foodmart;Catalog=/WEB-INF/queries/FoodMart.xml;JdbcDrivers=com.mysql.jdbc.Driver;
  




9. Edit Queries

Under /usr/share/apache-tomcat-6.0.30/webapps/mondrian/WEB-INF/queries, edit the following:

fourhier.jsp
mondrian.jsp
colors.jsp
arrows.jsp

In each case, replace this:



with this...





For testrole.jsp, replace this:



with this...




For xmla.jsp, replace this:




with this...(using the Data Source, DsMySQL, we created in step 7 above):




10. Edit Catalina.sh to force use of Axis for SOAP:

/usr/share/apache-tomcat-6.0.30/bin/Catalina.sh

Add the following:
JAVA_OPTS="-Djavax.xml.soap.MessageFactory=org.apache.axis.soap.MessageFactoryImpl -
Djavax.xml.soap.SOAPConnectionFactory=org.apache.axis.soap.SOAPConnectionFactoryImpl -Djavax.xml.soap.SOAPFactory=org.apache.axis.soap.SOAPFactoryImpl"


11. Restart Tomcat to Reload Edited Files.

[root@srv6 ~]# service tomcat restart
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.30/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_23
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.30/bin/bootstrap.jar
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.30
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.30/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_23
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.30/bin/bootstrap.jar


That should do it :)

Navigate to http://YourIP:8080/modrian or http://YourDomain.com:8080/mondrian and verify that all samples are working correctly.



Notes:

Mondrian Installation Docs:
http://mondrian.pentaho.com/documentation/installation.php

Forcing Mondrian to use axis (SOAP) and Xalan libraries for JPivot by Sherman Wood;
http://lists.pentaho.org/pipermail/mondrian/2009-January/001550.html
http://lists.pentaho.org/pipermail/mondrian/2009-January/001553.html

I did not use Xalan in the above post.


A great step-by-step guide to trouble-shooting each sample app from Feris Thia:
http://pentaho-en.phi-integration.com/mondrian/configuring-mondrian-sample

Tuesday, February 1, 2011

Install Tomcat 7 on CentOS / RHEL



PLEASE NOTE: This post covers installation of Tomcat 7 along with JDK 6. For installation of Tomcat 7 with JDK 6 or JDK 7, please see my updated and expanded post here:



This post will cover installing and basic configuration of Tomcat 7 on CentOS 5.x.

The procedure can be used for Fedora and RHEL as well.

Tomcat 7 implements the JavaServer Pages 2.2 and Servlet 3.0 specifications and a number of new features. The Manager application also has a new look with finer-grain roles and access than 6.x

In this post, we'll install the required JDK, Tomcat, configure Tomcat as a service, create a start/stop/restart script, and (optionally) configure Tomcat to run under a non-root user.





For this installation, we'll use Tomcat 7.0.19, the current stable release of Tomcat 7. This post began with the first Tomcat 7 release and I have tried to keep it updated to keep things as "copy and paste" as possible.

I've also updated the post for JDK 6, Update 26.

To begin, we'll need to install the Java Development Kit (JDK) 1.6

JDK 1.6 is the minimum JDK version for Tomcat 7.

If you do have the JDK installed, you can skip to: Step 2: Download and Unpack Tomcat 7.0.19:


Step 1: Install JDK 1.6

You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

We'll install the latest JDK, which is JDK 6 Update 26. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u26-linux-x64.bin

If you are on 32 bit, you'll need: jdk-6u26-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

[root@srv6 ~]# mv jdk-6u26-linux-x64.bin /opt/jdk-6u26-linux-x64.bin  

Create a new directory /usr/java.

[root@srv6 ~]# mkdir /usr/java  

Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u26-linux-x64.bin'

[root@srv6 ~]# cd /usr/java
[root@srv6 java]# sh /opt/jdk-6u26-linux-x64.bin

Set the JAVA_HOME path. This is where we installed our JDK above.

To set it for your current session, you can issue the following from the CLI:

[root@srv6 java]# JAVA_HOME=/usr/java/jdk1.6.0_26
[root@srv6 java]# export JAVA_HOME
[root@srv6 java]# PATH=$JAVA_HOME/bin:$PATH
[root@srv6 java]# export PATH

To set the JAVA_HOME permanently, we add below to either the ~/.bashrc or ~/.bash_profile of the user (in this case, root).

We can also add it /etc/profile and then source it to give to all users.

JAVA_HOME=/usr/java/jdk1.6.0_26
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH

Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

[root@srv6 ~]#  echo $JAVA_HOME
/usr/java/jdk1.6.0_26


Step 2: Download and Unpack Tomcat 7.0.19

Download apache-tomcat-7.0.19.tar.gz here

Alternatively, you can download using wget.

[root@srv6 ~]#  wget http://apache.mivzakim.net/tomcat/tomcat-7/v7.0.19/bin/apache-tomcat-7.0.19.tar.gz

Save the file to a directory. I'm saving it to /root/apache-tomcat-7.0.19.tar.gz

Before proceeding, you should verify the MD5 Checksum for your Tomcat download (or any other download).

Since we saved the Tomcat download to /root/apache-tomcat-7.0.19.tar.gz, we'll go to the /root directory and use the md5sum command.

[root@srv6 ~]# md5sum apache-tomcat-7.0.19.tar.gz
5a5e9bc742714d1b7210d9f68764fd8e *apache-tomcat-7.0.19.zip

Compare the output above to the MD5 Checksum provided by here the Apache Tomcat MD5 page and insure that they match exactly.

Now, move (mv) or copy (cp) the file to the /usr/share directory:

[root@srv6 ~]# mv apache-tomcat-7.0.19.tar.gz /usr/share/apache-tomcat-7.0.19.tar.gz

Change to the /usr/share directory and unpack the file using tar -xzf:

[root@srv6 ~]# cd /usr/share
[root@sv2 srv6 ]# tar -xzf apache-tomcat-7.0.19.tar.gz  

This will create the directory /usr/share/apache-tomcat-7.0.19


Step 3: Configure Tomcat to Run as a Service.

We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

[root@srv6 share]# cd /etc/init.d
[root@srv6 init.d]# vi tomcat


#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_26
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-7.0.19


case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;; 
stop)   
sh $CATALINA_HOME/bin/shutdown.sh
;; 
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;; 
esac    
exit 0

The above script is simple and contains all of the basic elements you will need to get going.

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-7.0.19/bin).

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-7.0.19)

Now, set the permissions for your script to make it executable:

[root@srv6 init.d]# chmod 755 tomcat

We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 234 20 80. 2445 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.

[root@srv6 init.d]# chkconfig --add tomcat
[root@srv6 init.d]# chkconfig --level 234 tomcat on

Verify it:

[root@srv6 init.d]# chkconfig --list tomcat
tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off

Now, let's test our script.

Start Tomcat:
[root@srv6 ~]# service tomcat start
Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.19/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_26
Using CLASSPATH:       /usr/share/apache-tomcat-7.0.19/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.19/bin/tomcat-juli.jar

Stop Tomcat:

[root@srv6 ~]# service tomcat stop
Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.19/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_26
Using CLASSPATH:       /usr/share/apache-tomcat-7.0.19/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.19/bin/tomcat-juli.jar

Restarting Tomcat (Must be started first):

[root@srv6 ~]# service tomcat restart
Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.19/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_26
Using CLASSPATH:       /usr/share/apache-tomcat-7.0.19/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.19/bin/tomcat-juli.jar
Using CATALINA_BASE:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_HOME:   /usr/share/apache-tomcat-7.0.19
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-7.0.19/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_26
Using CLASSPATH:       /usr/share/apache-tomcat-7.0.19/bin/bootstrap.jar:/usr/share/apache-tomcat-7.0.19/bin/tomcat-juli.jar



We should review the Catalina.out log located at /usr/share/apache-tomcat-7.0.19/logs/catalina.out and check for any errors.

[root@srv6 init.d]# more /usr/share/apache-tomcat-7.0.19/logs/catalina.out


We can now access the swanky new Tomcat Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.



Step 4: Configuring Tomcat Manager Access.

Tomcat 7 contains a number of changes that offer finer-grain roles.

For security reasons, no users or passwords are created for the Tomcat manager roles by default. In a production deployment, it is always best to remove the Manager application.

To set roles, user name(s) and password(s), we need to configure the tomcat-users.xml file located at $CATALINA_HOME/conf/tomcat-users.xml.

In the case of our installation, $CATALINA_HOME is located at /usr/share/apache-tomcat-7.0.19.

By default the Tomcat 7 tomcat-users.xml file will look as below.

<!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the "License"); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

      http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an "AS IS" BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
-->
<tomcat-users>
<!--
  NOTE:  By default, no user is included in the "manager-gui" role required
  to operate the "/manager/html" web application.  If you wish to use this app,
  you must define such a user - the username and password are arbitrary.
-->
<!--
  NOTE:  The sample user and role entries below are wrapped in a comment
  and thus are ignored when reading this file. Do not forget to remove
  <!.. ..> that surrounds them.
-->
<!--
  <role rolename="tomcat"/>
  <role rolename="role1"/>
  <user username="tomcat" password="tomcat" roles="tomcat"/>
  <user username="both" password="tomcat" roles="tomcat,role1"/>
  <user username="role1" password="tomcat" roles="role1"/>
-->
</tomcat-users>

Note that while examples are provided, the elements between the <tomcat-users> and </tomcat-users> tags have been commented-out.

New roles for Tomcat 7 offer finer-grained access.

The following roles are available:

manager-gui
manager-status
manager-jmx
manager-script
admin-gu
admin-script.

We can enable access for the manager-gui role, for example as below:

<tomcat-users>
<role rolename="manager-gui">
<user username="tomcat" password="secret" roles="manager-gui">
</user>
</role></tomcat-users>

Caution should be exercised in granting multiple roles so as not to under-mind security.




Step 5 (Optional): How to Run Tomcat using Minimally Privileged (non-root) User.

In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary.

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

[root@srv6 ~]# groupadd tomcat

2. Create the user 'tomcat' and add this user to the tomcat group we created above.

[root@srv6 ~]# useradd -s /bin/bash -g tomcat tomcat

The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

[root@srv6 ~]# useradd -g tomcat -d /usr/share/apache-tomcat-7.0.19/tomcat tomcat

The above will create the user tomcat's home directory as /usr/share/apache-tomcat-7.0.19/tomcat


3. Change ownership of the tomcat files to the user tomcat we created above:

[root@srv6 ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-7.0.19/

Note: it is possible to enhance our security still further by making certain files and directories read-only. This will not be covered in this post and care should be used when setting such permissions.


4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_26
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
TOMCAT_HOME=/usr/share/apache-tomcat-7.0.19/bin


case $1 in
start)
/bin/su tomcat $TOMCAT_HOME/startup.sh
;; 
stop)   
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
;; 
restart)
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
/bin/su tomcat $TOMCAT_HOME/startup.sh
;; 
esac    
exit 0


Step 6 (Optional): How to Run Tomcat on Port 80 as Non-Root User.

Note: the following applies when you are running Tomcat in "stand alone" mode with Tomcat running under the minimally privileged user Tomcat we created in the previous step.

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

[root@srv6 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080  
[root@srv6 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080  

Be sure to save and restart your iptables for the above change to take affect.

Tomcat 7 Hosting


Related Posts:
Tomcat Oracle JDBC Connection
Tomcat Manager Password
Tomcat Custom 404 Page
Install Tomcat 6 on CentOS

Learn More About Apache Tomcat 7

Apache Tomcat Foundation
Tomcat 7