MODEM on HP-UX

Document Sample
MODEM on HP-UX Powered By Docstoc
					MODEM on HP-UX


  Guy Van Sanden
  gvsanden@sckcen.be
MODEM on HP-UX
by Guy Van Sanden



This document describes how to set up MODEM on HP-UX
Table of Contents
    1. Introduction............................................................................................................................................1
    2. Apache and Tomcat ...............................................................................................................................2
            2.1. Requirements ..............................................................................................................................2
            2.2. Tomcat configuration ..................................................................................................................2
                  2.2.1. Tomcat Users ..................................................................................................................2
                  2.2.2. Enable MD5 passwords in Tomcat .................................................................................3
                  2.2.3. Disable Tomcat standalone server ..................................................................................3
            2.3. Apache2 configuration ................................................................................................................4
                  2.3.1. SSL configuration...........................................................................................................4
                  2.3.2. Configuring mod_jk (Tomcat Connector) ......................................................................5
                  2.3.3. Start Apache ...................................................................................................................5
            2.4. Add services to default runlevels ................................................................................................6
    3. Installing MODEM................................................................................................................................7
            3.1. Upgrading from a previous release .............................................................................................7
            3.2. Obtaining MODEM ....................................................................................................................7
            3.3. Create users and groups for MODEM ........................................................................................7
            3.4. Installing MODEM .....................................................................................................................8
            3.5. Configuring MODEM .................................................................................................................8
            3.6. Installing the Newfile service......................................................................................................8
                   3.6.1. The newfile initscript ......................................................................................................9
    4. Recommendations................................................................................................................................10
            4.1. Software updates .......................................................................................................................10
            4.2. Monitoring ................................................................................................................................10




                                                                                                                                                            iii
Chapter 1. Introduction
    This guide describes how to set up MODEM on a HP-UX system. It requires a working HP-UX
    installation.




                                                                                              1
Chapter 2. Apache and Tomcat

2.1. Requirements
     MODEM requires Apache2, Tomcat 5 and Tomcat-connectors (mod_jk) to work.



     You can download an Apache2 depot for HP-UX from the HP software site (http://www.software.hp.com).
     This also contains an older version of Tomcat (4). If possible, do not install this, otherwise remove it (it will
     be located in /opt/hpws/tomcat/).




     To install Tomcat, first create a tomcat user and group.

          # groupadd tomcat
          # useradd -c "Tomcat user" -d /home/tomcat -g tomcat -m tomcat

     Download Tomcat from the official Jakarta website (http://jakarta.apache.org/site/binindex.cgi#tomcat).
     Make sure the archive is readable by the tomcat user and change to that user.

          # su - tomcat

     Unpack the archive in the location where you want it, and set the variable $CATALINA_HOME to that
     value.




2.2. Tomcat configuration

     2.2.1. Tomcat Users

     Tomcat stores it’s authentication information in its own file: tomcat-users.xml.


     This file will be located in $CATALINA_HOME/conf. It needs to look something like this:


     <?xml version=’1.0’ encoding=’utf-8’?>
     <tomcat-users>
       <role rolename="modemuser"/>
       <role rolename="modemadmin"/>
       <role rolename="admin"/>
       <user username="user1" password="" roles="modemuser,modemadmin"/>




                                                                                                                     2
                                                                        Chapter 2. Apache and Tomcat

  <user username="modem" password="" fullName="" roles="modemuser"/>
</tomcat-users>


You need to create a userline for each user that will be using modem including a username, a MD5
password and the role the user plays.



2.2.2. Enable MD5 passwords in Tomcat

MODEM will be using MD5 encrypted passwords in Tomcat. You need to enable this in the Tomcat
configuation file server.xml which defaults to cleartext authentication. Add the line:


<Realm className="org.apache.catalina.realm.MemoryRealm" digest="MD5"/>




2.2.3. Disable Tomcat standalone server

Because Tomcat will be running behind Apache, the ports connecting it to the outside world should be
closed (and preferably firewalled).


This can be done by opening the Tomcat server file: server.xml. You need to comment out the sections
related to the connectors on port 8080 and 8443 (SSL).




<!--
<Connector port="8080"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" redirectPort="8443" acceptCount="100"
       debug="0" connectionTimeout="20000"
       disableUploadTimeout="true" />
-->




<!--
<Connector port="8443"
       maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
       enableLookups="false" disableUploadTimeout="true"




                                                                                                       3
                                                                                Chapter 2. Apache and Tomcat

              acceptCount="100" debug="0" scheme="https" secure="true"
              clientAuth="false" sslProtocol="TLS" />
     -->




2.3. Apache2 configuration

     2.3.1. SSL configuration

     This step requires that you have obtained a signed certificate from a certificate authority as described in
     the document ’Creating trusted SSL certificates for MODEM’, available on the MODEM site
     (http://modemsrv.sckcen.be) (section documentation).


     Once you have created an SSL key and obtained a certificate, you can simply copy them over the
     installed demo files.

     # cp server.key /etc/path-to-apache/ssl.key/server.key
     # cp server.crt /etc/path-to-apache/ssl.crt/server.crt




     Now, add a virtual host entry to Apache for the SSL port on your host.


     <IfDefine SSL>
     <IfDefine !NOSSL>


     <VirtualHost _default_:443>

     DocumentRoot "/srv/www/htdocs"
     ErrorLog /var/log/apache2/error_log
     TransferLog /var/log/apache2/access_log

     SSLEngine on
     SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
     SSLCertificateFile /etc/apache2/ssl.crt/server.crt

     <Files ~ "\.(cgi|shtml|phtml|php3?)$">
         SSLOptions +StdEnvVars
     </Files>
     <Directory "/srv/www/cgi-bin">
         SSLOptions +StdEnvVars
     </Directory>




                                                                                                                 4
                                                                          Chapter 2. Apache and Tomcat


SetEnvIf User-Agent ".*MSIE.*" \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0

CustomLog /var/log/apache2/ssl_request_log                   ssl_combined

</VirtualHost>

</IfDefine>
</IfDefine>




2.3.2. Configuring mod_jk (Tomcat Connector)

mod_jk is an Apache module that provides the Apache-Tomcat integration. In essence, it allows Tomcat
to be run as an Apache plugin.


To set it up, you will have to create an apache config section for this module, I used the file jk.conf for
this (adapt for your site).


<IfModule mod_jk.c>

JkWorkersFile /etc/tomcat/base/workers.properties
JkLogFile /var/log/tomcat/base/mod_jk.log

JkLogLevel debug

Alias /modemEx "/srv/www/tomcat/base/webapps/modemEx"

<Directory "/srv/www/tomcat/base/webapps/modemEx/">
Options Indexes FollowSymLinks
DirectoryIndex index.jsp Index.jsp
order allow,deny
allow from all
</Directory>

JkMount /modemEx/* ajp13

<Location "/modemEx/WEB-INF/">
AllowOverride None
deny from all
</Location>
</IfModule>




                                                                                                        5
                                                                   Chapter 2. Apache and Tomcat

     2.3.3. Start Apache

     Start apache using the init script on your system.




2.4. Add services to default runlevels
     Enable the automatic startup of Tomcat and Apache2 at boot.




                                                                                             6
Chapter 3. Installing MODEM

3.1. Upgrading from a previous release
     This applies only if you have a previous version of MODEM running.



       1. S
     top tomcat
       2. S
     ave _path.xml from your Tomcat directory webapps/modemEx/data
       3. D
     elete modemEx directory from your webapps directory.
       4. D
     elete modemEx.war from your webapps directory.
       5. P
     ut new version of modemEx.war to your webapps directory.
       6. S
     tart Tomcat
       7. R
     estore information you saved previously.




3.2. Obtaining MODEM
     MODEM can be downloaded from the main site (http://modemsrv.sckcen.be). There is a version for each
     supported OS that includes the supporting libraries for the NewFile daemon.



3.3. Create users and groups for MODEM
     To use modem, you will need to create a modem group and a user which will accept the incoming
     connections from the dss system. To allow Tomcat access to the dss-user’s file, the tomcat userid needs to
     be in the modem group.

     # groupadd modem
     # usermod -G modem tomcat
     # useradd -c "DSS user" -d /home/dss -g modem -k /etc/skel -m -s /bin/bash dss




                                                                                                            7
                                                                                 Chapter 3. Installing MODEM

3.4. Installing MODEM
     Go to your tomcat webapps directroy ($CATALINA_HOME/webapps), You will need to put the
     downloaded war file in that location.


     Now you will need to (re)start Tomcat for a moment, this will auto-deploy the MODEM package in the
     Tomcat directory.



3.5. Configuring MODEM
     Once deployed, you will need to configure the path were MODEM stores it’s data files. This is done in
     the file _path.xml,located in /srv/www/tomcat/base/webapps/modemEx/data


     The file should look like this:


     <?xml version="1.0" encoding="UTF-8"?>
     <paths>
              <exercises>/home/modem/modemdata/exercises</exercises>
              <accidents>/home/modem/modemdata/accidents</accidents>
          <authority>/home/modem/modemdata/_authority.xml</authority>
          <emailtemplate>/home/modem/modemdata/email_template.xml</emailtemplate>
          <subscribers>/home/modem/modemdata/_subscribers.xml</subscribers>
          <transit>/home/modem/modemdata/dss/dss-import</transit>
              <dss>/home/modem/modemdata/dss</dss>
     </paths>


     Create those directories, and set the permissions correct.

     The modem data directory has to be owned by tomcat to allow it to read/write the files in it. Therefor it
     needs to be group readable and writable to the dss userid (for dss2modem file transfers).

     #   mkdir /home/modem
     #   mkdir /home/modem/modemdata
     #   mkdir /home/modem/modemdata/exercises
     #   mkdir /home/modem/modemdata/accidents
     #   mkdir /home/modem/modemdata/dss
     #   mkdir /home/modem/modemdata/dss/dss-import
     #   cd /home
     #   chown -R tomcat:dss modem
     #   chmod -R 770 modem




                                                                                                                8
                                                                                   Chapter 3. Installing MODEM

3.6. Installing the Newfile service
      The NewFile service is included in the download file for any platform (in this case HP-UX). The only
      action remaining is to make it executable (file permissions cannot be stored in a zip or war file.

      # cd /srv/www/tomcat/base/webapps/modemEx/WEB-INF/classes/
      # chmod +x NewFile.sh

      Test it out by running:

      # NewFile.sh console




      3.6.1. The newfile initscript

      You will need to create an init script to start up the NewFile service. It should first reset the permissions
      on it to execute to avoid problems after updates and run the script as the dss user.




                                                                                                                     9
Chapter 4. Recommendations

4.1. Software updates
     MODEM is a web application. It is therefor depending on it’s backend software (Apache, Tomcat, the
     operating system). It is recommended that this software is maintained following IT best practices. This
     means that especially security updates should be installed on a regular basis.



4.2. Monitoring
     MODEM depends on it’s components and backend software running properly over large periods of time.
     If possible, include the MODEM server in your site’s monitoring infrastructure. This includes general
     hardware and system failures, but also the status of Apache, Tomcat and MODEM’s daemons
     (dss2modem and NewFile).

     There are several very good monitoring systems available for Unix (and other platforms), the most popular
     are Nagios and Big Brother.




                                                                                                           10

				
DOCUMENT INFO
Categories:
Tags:
Stats:
views:5
posted:12/5/2011
language:English
pages:13