Personal tools
 

Fedora

Note: Return to reference manual view.

This guide contains the core installation instructions that are common to all GRIA services. Topics covered include installing Java and Tomcat, war file deployment and firewall configuration.

1. Fedora Core 3

Fedora Core 3

Installing the Fedora Core 3 Operating System

If you feel confident in installing the server installation of Fedora Core 3, you may skip this section but make sure to install the pre-requisites otherwise GRIA war will fail to function correctly.

N.B. There are several ways to install and configure Fedora, so you are advised to consult your system manager and set up the system according to your needs. The following notes describe a simple way to install and configure a headless Fedora system for deployment of a GRIA war.

Having satisfied the above, the installation process is as follows:

  1. Place the Fedora Core 3 CD1 into the CD-ROM drive and boot the system from the CD, pressing enter at the boot prompt (install in graphical mode).
  2. Test the CD media (optional).
  3. Click Next on the Welcome to Fedora Core screen.
  4. Choose language (e.g. English) on the Language Selection screen.
  5. On the Keyboard Configuration screen choose keyboard, e.g. United Kingdom.
  6. On Upgrade/Install Examine screen choose Install Fedora Core.
  7. On the Installation Type screen choose Server.
  8. According to your needs and system settings, choose automatic or manual configuration for the Disk Partitioning Setup screen. Then follow the instructions accordingly, e.g. for the Disk Setup and Boot Loader Configuration screens.
  9. Enter the appropriate settings for the Network Configuration screen. If you do not have a DHCP server, enter the hostname, etc manually.
  10. On the Firewall Configuration screen, select Enable firewall and choose SSH and Web Server services. You may want to disable SELinux by selecting this option in the drop down menu.
  11. In the Additional Language Support screen, add any additional language support you require e.g. "English (Great Britain)" and set your preferred default language.
  12. Set the correct time zone in the Time Zone Selection screen.
  13. Set the root password in Set Root Password screen.
  14. The machine will reboot at the end of the installation.

After the installation from CD is complete, we recommend updating the system with the latest patches. This may be done using the yum command:

  1. First (as root) import the Fedora public key (for checking package integrity): 
    # rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora
  2. Update your system (this may take some time): 
    # yum update

This completes the installation of the operating system.

Installing the Software Pre-requisites

Having installed the operating system, the following lists the pre-requisites which must be installed if the GRIA war is to function correctly. It is important to install any dependencies which may also required by these software pre-requisites:

  • Sun Java JDK v1.5.0 or higher
  • Jakarta Tomcat v5.5.x
  • Apache HTTP server v2.0 (an optional package to provide secure access)
    • httpd-2.0.xx.x
  • Perl v5.6 or higher (only required for the GRIA Basic Application Services package)
  • A sample, test application: ImageMagick(only required for the GRIA Basic Application Services package)
  • An Internet browser, e.g. Mozilla Firefox (which may be installed on a different machine)
  • Optional utility packages:
    • zip and unzip
    • tar, etc.

If you have followed the installation instructions above then your system already has Apache and Perl installed. You must now download and install the Sun Java JDK and Tomcat.

First, download the Java binary JDK selecting the "Linux self-extracting file" (e.g. jdk-1_5_0_05-linux-i586.bin) and Tomcat packages and place them into /tmp directory on the Fedora Core 3 machine. You may find it easiest to do this by downloading the packages to your desktop machine and copying them to the server. Finally, log in to the server machine as the root user ready to install the software.

Install Java

In order to install Java in the /opt directory the following must be done (adjusting the version number to your particular package):

  1. Move to /opt: 
    # cd /opt
  2. Unpack the binary from the temporary directory: 
    # sh /tmp/jdk-1_5_x_xx-linux-i586.bin
  3. Create a symbolic link within this directory: 
    # ln -s jdk1.5.x_xx java

Install Tomcat

The following must be done in order to install Tomcat successfully (adjusting the version number to your particular package):

  1. Tomcat will be installed under the /opt directory, therefore move to this directory with: 
    # cd /opt
  2. Unpack the Tomcat tarball from the temporary directory: 
    # tar xvfz /tmp/apache-tomcat-5.5.20.tar.gz
  3. Create a symbolic link for Tomcat 
    # ln -s apache-tomcat-5.5.20 tomcat
  4. Tomcat will be most secure if it is not run by root, therefore create a user for the tomcat server to run as e.g. "tomcat" with the user's home directory set to /opt/tomcat: 
    # useradd -d /opt/tomcat tomcat
  5. Alter the ownership of the directory to the tomcat user created above: 
    # chown -R tomcat:tomcat tomcat
  6. Configure tomcat to use Sun Java by editting /opt/tomcat/bin/catalina.sh. Open the file (e.g. in vi) and add the line JAVA_HOME=/opt/java to the top of the file after the file header, e.g.: 
    # system class path used to start Tomcat.
    #
    # CATALINA_PID (Optional) Path of the file which should contains the pid
    # of catalina startup java process, when start (fork) is used
    #
    # $Id: fc3-pre.htm 3715 2006-04-10 14:01:19Z ajw $
    # -----------------------------------------------------------------------------

    JAVA_HOME=/opt/java

    # OS specific support. $var _must_ be set to either true or false.
    cygwin=false

Install Sample Application

The GRIA Basic Application Services package uses demo applications which require the ImageMagick package. You may already have ImageMagick installed. To test for it, log in as root and type:

# rpm -qi ImageMagick

If you see "package ImageMagick is not installed" then the package must be installed, either from the CDs or by using yum:

  1. First import the Fedora public key (for checking package integrity) if you have not already done so: 
    # rpm --import /usr/share/rhn/RPM-GPG-KEY-fedora
  2. Install ImageMagick (and any dependencies): 
    # yum install ImageMagick

Setting the System Clock

In order to provide some synchronisation between the clocks on machines that the various GRIA packages are installed on, it is recommended to run an NTP client service that will synchronise your system with an Internet time server. Fedora comes with an NTP package which is installed by default in the server installation. To see if NTP is installed, log in as root and type:

# rpm -qi ntp

If you see "package ntp is not installed" then install NTP either from the CDs or by using yum:

# yum install ntp

The NTP daemon must be configured using the file /etc/ntp.conf. If you are using DHCP then your DHCP server may automatically configure this file. Further instructions regarding NTP are beyond the scope of this manual.

Setting Up Tomcat Users

In order to deploy the war file, the Tomcat Manager for application deployment will be used. The Tomcat manager functions are disabled by default.

o enable Tomcat administration and management we must add a role and a tomcat user to the tomcat-users.xml file. 
  1. Open the $CATALINA_HOME/conf/tomcat-users.xml file with a suitable editor and add this element after the last 'role' element: 
    <role rolename="manager"/>
    <role rolename="admin"/>

  2. Add this line after the last 'user' element, replacing TOMCAT_PASSWORD with an appropriate password: 
    <user username="tomcat" password="TOMCAT_PASSWORD" roles="admin,manager"/>
  3. Save the file

Configuring the Firewall

The deployed GRIA war (or webapp) should be hosted behind a firewall to ensure that your server can only be accessed on certain ports. You should consult with your systems administrator to determine if you need to run a firewall. If so, configure the firewall as follows:

  1. As root, run: 
    # system-config-securitylevel
  2. Enable firewall and continue with Customize (use the TAB key to move fields and the SPACEBAR key to select)
  3. Do not select any "Trusted Devices", e.g. eth0
  4. Allow incoming connections for "SSH" and "WWW (HTTP)"
  5. In the "Other ports" box type: "https:tcp 8080:tcp" to permit secure access to Apache and temporarily enable insecure access to Tomcat
  6. Finish firewall configuration by selecting "OK"

Configuring SELinux

SELinux is an option during the installation process. It provides better security than standard linux installations. If you are not sure whether SELinux is installed, then type (as root):

# setsebool

If you get "Command not found" then SELinux is not installed and no configuration is necessary. Otherwise, if you chose to install SELinux then it must be configured to let the Apache web server communicate with the Tomcat web server. To do this, enter the following command as root:

# setsebool -P httpd_can_network_connect=1

Starting Services

There are two services that need to be started: Tomcat and NTP. NTP is easily managed by the system and may be started with this command:

# service ntpd start

As mentioned above, Tomcat should not be run as root, therefore first switch form being the root user to the tomcat user and then start tomcat:

# su tomcat
$ cd /opt/tomcat/bin
$ ./startup.sh

It is useful to have the NTP daemon start automatically when the server is rebooted. This can be done by typing the following as the root user:

# chkconfig ntpd on

2. Fedora Core 4

Preparing Fedora Core 4

Preparing Fedora Core 4

Installing the Fedora Core 4 Operating System

If you feel confident in installing the server installation of Fedora Core 4, you may skip this section but make sure to install the pre-requisites otherwise GRIA war will fail to function correctly.

N.B. There are several ways to install and configure Fedora, so you are advised to consult your system manager and set up the system according to your needs. The following notes describe a simple way to install and configure a headless Fedora system for GRIA war.

Having satisfied the above, the installation process is as follows:

  1. Place the Fedora Core 4 CD1 into the CD-ROM drive and boot the system from the CD, pressing enter at the boot prompt (install in graphical mode).
  2. Test the CD media (optional).
  3. Click Next on the Welcome to Fedora Core screen.
  4. Choose language (e.g. English) on the Language Selection screen.
  5. On the Keyboard Configuration screen choose keyboard, e.g. United Kingdom.
  6. On Upgrade/Install Examine screen choose Install Fedora Core.
  7. On the Installation Type screen choose Server.
  8. According to your needs and system settings, choose automatic or manual configuration for the Disk Partitioning Setup screen. Then follow the instructions accordingly, e.g. for the Disk Setup and Boot Loader Configuration screens.
  9. Enter the appropriate settings for the Network Configuration screen. If you do not have a DHCP server, enter the hostname, etc manually.
  10. On the Firewall Configuration screen, select Enable firewall and choose SSH and Web Server services. You may want to disable SELinux by selecting this option in the drop down menu.
  11. Set the correct time zone in the Time Zone Selection screen.
  12. Set the root password in Set Root Password screen.
  13. The machine will reboot at the end of the installation.

After the installation from CD is complete, we recommend updating the system with the latest patches. This may be done using the yum command (this may take some time):

# yum update

This completes the installation of the operating system.

Installing the Software Pre-requisites

Having installed the operating system, the following lists the pre-requisites which must be installed if GRIA war is to function correctly. It is important to install any dependencies which may also required by these software pre-requisites:

  • Sun Java JDK v1.5.0 or higher
  • Jakarta Tomcat v5.5.x
  • Apache HTTP server v2.0 (an optional package to provide secure access)
    • httpd-2.0.xx.x
  • Perl v5.6 or higher (only required for the GRIA Basic Application Services package)
  • A sample, test application: ImageMagick(only required for the GRIA Basic Application Services package)
  • An Internet browser, e.g. Mozilla Firefox (which may be installed on a different machine)
  • Optional utility packages:
    • zip and unzip
    • tar, etc.

If you have followed the installation instructions above then your system already has Apache and Perl installed. The Fedora Core 4 distribution CDs include RPM packages for Tomcat and for GNU Java. However, to use GRIA you must install Sun Java. Unfortunately, it is very difficult to configure the pre-packaged Tomcat to use Sun Java, so Tomcat must also be manually installed by following the instructions below.

First, download the Java binary JDK selecting the "Linux self-extracting file" (e.g. jdk-1_5_0_05-linux-i586.bin) and Tomcat packages and place them into /tmp directory on the Fedora Core 4 machine. You may find it easiest to do this by downloading the packages to your desktop machine and copying them to the server. Finally, log in to the server machine as the root user ready to install the software.

Install Java

In order to install Java in the /opt directory the following must be done (adjusting the version number to your particular package):

  1. Move to /opt: 
    # cd /opt
  2. Unpack the binary from the temporary directory: 
    # sh /tmp/jdk-1_5_x_xx-linux-i586.bin
  3. Create a symbolic link within this directory: 
    # ln -s jdk1.5.x_xx java

Install Tomcat

The following must be done in order to install Tomcat successfully (adjusting the version number to your particular package):

  1. Tomcat will be installed under the /opt directory, therefore move to this directory with: 
    # cd /opt
  2. Unpack the Tomcat tarball from the temporary directory: 
    # tar xvfz /tmp/apache-tomcat-5.5.20.tar.gz
  3. Create a symbolic link for Tomcat 
    # ln -s apache-tomcat-5.5.20 tomcat
  4. Tomcat will be most secure if it is not run by root, therefore create a user for the tomcat server to run as e.g. "tomcat" with the user's home directory set to /opt/tomcat: 
    # useradd -d /opt/tomcat tomcat
  5. Alter the ownership of the directory to the tomcat user created above: 
    # chown -R tomcat:tomcat tomcat
  6. Configure tomcat to use Sun Java by editting /opt/tomcat/bin/catalina.sh. Open the file (e.g. in vi) and add the line JAVA_HOME=/opt/java to the top of the file after the file header, e.g.: 
    # system class path used to start Tomcat.
    #
    # CATALINA_PID (Optional) Path of the file which should contains the pid
    # of catalina startup java process, when start (fork) is used
    #
    # $Id: fc4-pre.htm 3715 2006-04-10 14:01:19Z ajw $
    # -----------------------------------------------------------------------------

    JAVA_HOME=/opt/java

    # OS specific support. $var _must_ be set to either true or false.
    cygwin=false

Install Sample Application

The GRIA Basic Application Services package uses demo applications which require the ImageMagick package. You may already have ImageMagick installed. To test for it, log in as root and type:

# rpm -qi ImageMagick

If you see "package ImageMagick is not installed" then the package must be installed, either from the CDs or by using yum:

# yum install ImageMagick

Setting the System Clock

In order to provide some synchronisation between the clocks on machines that the various GRIA packages are installed on, it is recommended to run an NTP client service that will synchronise your system with an Internet time server.. Fedora comes with an NTP package which is installed by default in the server installation. To see if NTP is installed, log in as root and type:

# rpm -qi ntp

If you see "package ntp is not installed" then install NTP either from the CDs or by using yum:

# yum install ntp

The NTP daemon must be configured using the file /etc/ntp.conf. If you are using DHCP then your DHCP server may automatically configure this file. Further instructions regarding NTP are beyond the scope of this manual.

Configuring the Firewall

The deployed GRIA war (or webapp) should be hosted behind a firewall to ensure that your server can only be accessed on certain ports. You should consult with your systems administrator to determine if you need to run a firewall on the GRIA server machine. If so, configure the firewall as follows:

  1. As root, run: 
    # system-config-securitylevel
  2. Enable firewall and continue with Customize (use the TAB key to move fields and the SPACEBAR key to select)
  3. Do not select any "Trusted Devices", e.g. eth0
  4. Allow incoming connections for "SSH", "WWW (HTTP)" and "Secure WWW (HTTPS)"
  5. In the "Other ports" box type: "8080:tcp" to temporarily enable insecure access to Tomcat
  6. Finish firewall configuration by selecting "OK"

Configuring SELinux

SELinux is an option during the installation process. It provides better security than standard linux installations. If you are not sure whether SELinux is installed, then type (as root):

# setsebool

If you get "Command not found" then SELinux is not installed and no configuration is necessary. Otherwise, if you chose to install SELinux then it must be configured to let the Apache web server communicate with the Tomcat web server. To do this, enter the following command as root:

# setsebool -P httpd_can_network_connect=1
May need to set another bool to enable httpd to communicate with the terminal (needed for cert handling)

Setting Up Tomcat Users

In order to deploy the war file, the Tomcat Manager for application deployment will be used. The Tomcat manager functions are disabled by default.

o enable Tomcat administration and management we must add a role and a tomcat user to the tomcat-users.xml file. 
  1. Open the $CATALINA_HOME/conf/tomcat-users.xml file with a suitable editor and add this element after the last 'role' element: 
    <role rolename="manager"/>
    <role rolename="admin"/>

  2. Add this line after the last 'user' element, replacing ADMIN_PASSWORD and GRIA_PASSWORD with appropriate passwords: 
    <user username="tomcat" password="TOMCAT_PASSWORD" roles="admin,manager"/>
  3. Save the file

Starting Services

There are two services that need to be started: Tomcat and NTP. NTP is easily managed by the system and may be started with this command:

# service ntpd start

As mentioned above, Tomcat should not be run as root, therefore first switch form being the root user to the tomcat user and then start tomcat:

# su tomcat
$ cd /opt/tomcat/bin
$ ./startup.sh

It is useful to have the NTP daemon start automatically when the server is rebooted. This can be done by typing the following as the root user:

# chkconfig ntpd on

3. Fedora Core 5

Preparing Fedora Core 5

Installing the Fedora Core 5 Operating System

If you feel confident in installing the server installation of Fedora Core 5, you may skip this section but make sure to install the pre-requisites, as well as the initial configuration otherwise GRIA war will fail to function correctly.

N.B. There are several ways to install and configure Fedora, so you are advised to consult your system manager and setup the system according to your needs. The following notes describe a simple way to install and configure a headless Fedora system for GRIA war.

Having satisfied the above, the installation process is as follows:

Note: The following describes how to install FC5 using a network installation and booting the system with an FC5 boot.iso CD.

  1. Boot the system with the FC5 boot.iso CD and press Enter on the Welcome to Fedora Core screen.
  2. Choose language (e.g. English) on the Language Selection screen.
  3. On the Keyboard Configuration screen choose keyboard, e.g. United Kingdom.
  4. Choose the installation method, e.g. in our case select HTTP.
  5. Enter the appropriate settings for the Network Configuration screen. If you do not have a DHCP server, enter the hostname, etc manually.
  6. HTTP Setup section, you need to provide the HTTP server and the Fedora Core 5 path, e.g. www.mirrorservice.org, sites/download.fedora.redhat.com/pub/fedora/linux/core/5/i386/os. You might have to find a suitable mirror service to speed up installation.
  7. According to your needs and system settings, choose automatic or manual configuration for the Disk Partitioning Setup screen. Then follow the instructions accordingly, e.g. for the Disk Setup and Boot Loader Configuration screens.
  8. Follow the installation screens in order to complete the system installation.
  9. The machine will reboot at the end of the installation. After rebooting it will prompt to configure some of its basic services.

Initial system Configuration

When the system reboots will prompt to configure its basic services such as Firewall, SELinux, system users, to complete the installation.

Click yes on the license agreement and go into the Firewall configuration.

Firewall Configuration

In this section ensure that the Firewall setting is enabled and check the following predefined ports: WWW, and Secure WWW. Additionally you need to add the following ports 8080 and 8443.

Click on other ports (section to expand) and use the add button to add new ports, type 8080 for the port number and select the protocol type as tcp. Repeat the same steps to add port 8443.

Click next and say yes to overwrite system settings.

You can always change your Firewall settings later, using the following commnad as root:

# system-config-securitylevel

SELinux Configuration

SELinux configuration: leave the default settings to Enforcing, then from the Modify SELinux Policy expand the HTTP Service Section and click on Allow HTTPD scripts and modules to connect to the network.

Date and Time

Click next to the Date and Time section. Choose the Network Time Protocol tab and click on the Enable Network Time Protocol button.

Configure the remaining sections according to your needs.

After the installation is complete, we recommend updating the system with the latest patches. This may be done using the yum command (this may take some time):

# yum update

This completes the installation of the operating system.

Installing the Software Pre-requisites

Having installed the operating system, the following lists the pre-requisites which must be installed if GRIA war is to function correctly. It is important to install any dependencies which may also required by these software pre-requisites:

  • Sun Java JDK v1.5.0 or higher
  • Jakarta Tomcat v5.5.x
  • Apache HTTP server v2.0 (an optional package to provide secure access)
    • httpd-2.0.xx.x
  • Perl v5.6 or higher (only required for the GRIA Basic Application Services package)
  • A sample, test application: ImageMagick(only required for the GRIA Basic Application Services package)
  • An Internet browser, e.g. Mozilla Firefox (which may be installed on a different machine)
  • Optional utility packages:
    • zip and unzip
    • tar, etc.

If you have followed the installation instructions above then your system already has Apache and Perl installed. The Fedora Core 5 distribution include RPM packages for Tomcat and for GNU Java. However, to use GRIA you must install Sun Java. Unfortunately, it is very difficult to configure the pre-packaged Tomcat to use Sun Java, so Tomcat must also be manually installed by following the instructions below.

First, download the Java binary JDK selecting the "Linux self-extracting file" (e.g. jdk-1_5_0_05-linux-i586.bin) and Tomcat packages and place them into /tmp directory on the Fedora Core 5 machine. You may find it easiest to do this by downloading the packages to your desktop machine and copying them to the server. Finally, log in to the server machine as the root user ready to install the software.

Install Java

In order to install Java the following must be done (adjusting the version number to your particular package):

  1. Move to /opt: 
    # cd /opt
  2. Unpack the binary from the temporary directory: 
    # sh /tmp/jdk-1_5_x_xx-linux-i586.bin
  3. Create a symbolic link within this directory: 
    # ln -s /usr/java/jdk1.5.x_xx java

Install Tomcat

The following must be done in order to install Tomcat successfully (adjusting the version number to your particular package):

  1. Tomcat will be installed under the /opt directory, therefore move to this directory with: 
    # cd /opt
  2. Unpack the Tomcat tarball from the temporary directory: 
    # tar xvfz /tmp/apache-tomcat-5.5.20.tar.gz
  3. Create a symbolic link for Tomcat 
    # ln -s apache-tomcat-5.5.20 tomcat
  4. Tomcat will be most secure if it is not run by root, therefore create a user for the tomcat server to run as e.g. "tomcat" with the user's home directory set to /opt/tomcat: 
    # useradd -d /opt/tomcat tomcat
  5. Alter the ownership of the directory to the tomcat user created above: 
    # chown -HR tomcat:tomcat tomcat
  6. Configure tomcat to use Sun Java by editting /opt/tomcat/bin/catalina.sh. Open the file (e.g. in vi) and add the line JAVA_HOME=/opt/java to the top of the file after the file header, e.g.: 
    # system class path used to start Tomcat.
    #
    # CATALINA_PID (Optional) Path of the file which should contains the pid
    # of catalina startup java process, when start (fork) is used
    #
    # $Id: fc4-pre.htm 3715 2006-04-10 14:01:19Z ajw $
    # -----------------------------------------------------------------------------

    JAVA_HOME=/opt/java

    # OS specific support. $var _must_ be set to either true or false.
    cygwin=false

Install Sample Application

The GRIA Basic Application Services package uses demo applications which require the ImageMagick package. You may already have ImageMagick installed. To test for it, log in as root and type:

# rpm -qi ImageMagick

If you see "package ImageMagick is not installed" then the package must be installed, either from the CDs or by using yum:

# yum install ImageMagick

Setting Up Tomcat Users

In order to deploy the war file, the Tomcat Manager for application deployment will be used. The Tomcat manager functions are disabled by default.

To enable Tomcat administration and management we must add a user with appropriate roles to the tomcat-users.xml file. Do this by adding the line: 

<user username="tomcat" password="TOMCAT_PASSWORD" roles="admin,manager"/>
replacing TOMCAT_PASSWORD with a suitable password.

Starting Services

As mentioned above, Tomcat should not be run as root, therefore first switch form being the root user to the tomcat user and then start tomcat:

# su tomcat
$ cd /opt/tomcat/bin
$ ./startup.sh