20 GB default hard drive size.
512 MB minimum RAM size.
Set the hostname manually. This will need to be updated for each template deployment.
Deselect all packages from the installation (no gnome desktop or server or anything selected).
Download the latest jdk rpm from javasoft.com
Tip: The text-based web browser elinks is installed by default on CentOS. Using this browser allows one to download most packages that require agreeing to license statements (the jdk) directly to the target host. Keep in mind that the content is reflowed for a text browser, so a lot of pages of text will have to be sifted though. And, to top it all off, oracle might decide to change the pages in a way that will not even work with a text-based browser.
Open the java download page with elinks.
elinks http://www.oracle.com/technetwork/java/javase/downloads/index.html
Search for "download" with elinks and find the link to download the Java Platform, Standard Edition rpm.
Download the RPM Installer on another machine and transfer it to the target host with scp. WinSCP works well on Windows.
The downloaded RPM Installer may be executed directly and will install not only the embedded jdk rpm but also six more rpms for javadb. Executing file~/jdk-6u25-linux-i586-rpm.bin on the RPM Installer reveals that the file is a "Bourne shell script text executable". The RPM Installer maybe extracted allowing for individual installation.
sh ~/jdk-6u25-linux-i586-rpm.bin -x
Execute the jdk binary.
sudo yum install ~/jdk-6u25-linux-i586.rpm --nogpgcheck
Clean up after yourself
rm jdk-*rpm*
Only Tomcat 5 is in the default yum repository for Centos 5.5.
jpackage does not keep up with the most recent versions of Tomcat
The version of Tomcat included in JPackage (head) was over 15 months out of date.
6.0.29 release on 2009-06-19 versus 6.0.32 release on 2010-09-22
Tomcat version 6 is currently the most sensible for wide use.
Look at the Tomcat dist page to verify the latest version.
elinks http://apache.org/dist/tomcat/tomcat-6/
Download the latest Tomcat installation.
wget http://apache.org/dist/tomcat/tomcat-6/v6.0.32/bin/apache-tomcat-6.0.32.tar.gz
Optionally download all of the other stuff
wget http://apache.org/dist/tomcat/tomcat-6/v6.0.32/bin/apache-tomcat-6.0.32-deployer.tar.gz
wget http://apache.org/dist/tomcat/tomcat-6/v6.0.32/bin/apache-tomcat-6.0.32-fulldocs.tar.gz
wget http://apache.org/dist/tomcat/tomcat-6/v6.0.32/bin/extras/
As a matter of policy, I make sure that the Security Level is Enabled and SELinux is set to permissive. Maybe someday I will understand SELinux enough to run it in enforcing mode (See Change SELinux mode to permissive.).
The security settings can be set set using the setup text user interface.
sudo setup or sudo system-config-securitylevel-tui
Verify that Security Level is set to Enabled (the default) and SELinux is set to Permissive as a opposed to the Enforcing default. Other ports need to allow incoming connections for 8080 and 8443.
Select Customize to add Tomcat ports to the Other Ports field.
8080:tcp 8443:tcp
The system-config-securitylevel-tui script uses lokkit underneath. The follow statements are pretty dependable but it can flaky whe dealing with port ranges like 8080-8088:tcp.
sudo /usr/sbin/lokkit -q --port=8080:tcp
sudo /usr/sbin/lokkit -q --port=8443:tcp
Update the service description file so that the tomcat ports are named sensible. By default, the service ports map to webcache and pcsync-https.
Comment out the lines for the existing services associated with 8080/tcp, 8080/udp, 8443/tcp, and 8443/udp.
sudoedit /etc/services
tomcat 8080/tcp # Tomcat
tomcat-https 8443/tcp # Tomcat HTTPS
Extract the package:
tar xvzf apache-tomcat-6.0.32.tar.gz -C ~
Update the environment variables.
vi ~/.bashrc
Include the following lines.
export JAVA_HOME=/usr/java/jdk1.6.0_25
export CATALINA_HOME=~/apache-tomcat-6.0.32
Restart the session to export the new variables.
Start the Tomcat server.
$CATALINA_HOME/bin/startup.sh
Make sure that Tomcat is running.
ps -ef | grep java
Make sure that Tomcat serves some content (probably will need to open up some firewall ports)
Stop the Tomcat server.
$CATALINA_HOME/bin/shutdown.sh
The information presented here is greatly influence by the following:
A Guide To Apache Tomcat Linux Installation and Set-Up (written by one of the authors of Tomcat: The Definitive Guide) http://www.mulesoft.com/tomcat-linux
Tomcat: The Definitive Guide, Second Edition ISBN:9978-0-596-10106-0
Professional Apache Tomcat 6 ISBN:9780471753612
Enterprise Ready Server (ERS) http://static.springsource.com/projects/ers/4.0/
Filesystem Hierarchy Standard http://www.pathname.com/fhs/pub/fhs-2.3.html
http://wiki.openbluedragon.org/wiki/index.php/Apache_Tomcat_on_CentOS/RedHat
http://www.if-not-true-then-false.com/2010/install-sun-oracle-java-jdk-jre-6-on-fedora-centos-red-hat-rhel/
http://www.java.com/en/download/help/linux_install.xml
http://www.oracle.com/technetwork/java/javase/install-linux-rpm-137089.html
http://confluence.atlassian.com/display/DOC/Start+Confluence+automatically+on+Linux+and+UNIX
What directory should Tomcat get installed into? /usr/share/ (RHEL), /usr/local/, /opt/apache/ (FHS) /usr/java/ (next to the java rpm installation). The directory name should probably correspond to the full name and version of the release. The decision was made to go with /opt/apache/apache-tomcat-6.0.32 based on influence from FHS and that javadb from the sun rpm installation was placed in /opt/sun/javadb.
Create the parent directory.
sudo mkdir -p /opt/apache
Extract the package:
sudo tar xvzf apache-tomcat-6.0.32.tar.gz -C /opt/apache
Create user and group for service.
sudo /usr/sbin/useradd -M -s /sbin/nologin -c "tomcat service account" -d /opt/apache/apache-tomcat-6.0.32 tomcat
Give ownership of the Tomcat directories to the tomcat user and the tomcat group.
sudo chown -R tomcat.tomcat /opt/apache/apache-tomcat-6.0.32
Restict access to the Tomcat install directory to only the associated user and group.
sudo chmod -R u=rwx,g=rwx,o= /opt/apache/apache-tomcat-6.0.32
Add an arbitrary user to the tomcat group.
sudo /usr/sbin/usermod -a -G tomcat theUserId
sudoedit /etc/init.d/tomcat
Paste the following content.
#!/bin/sh
# Tomcat init script for Linux.
#
# chkconfig: 2345 96 14
# description: The Apache Tomcat servlet/JSP container.
#JAVA_HOME=/usr/java/jdkxxx
#export JAVA_HOME
CATALINA_HOME=/opt/apache/apache-tomcat-6.0.32
export CATALINA_HOME
su -s /bin/bash -m tomcat -c "$CATALINA_HOME/bin/catalina.sh $*"
Set the permissions for the Tomcat startup script.
sudo chmod u=rwx,g=rx,o=rx /etc/init.d/tomcat
Add the Tomcat startup script to it into init.d.
sudo /sbin/chkconfig --add tomcat
Start the Tomcat service.
sudo /sbin/service tomcat start
sudo /sbin/iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
sudo /sbin/iptables -t nat -I OUTPUT-p tcp --dport 80 -j REDIRECT --to-ports 8080
We want a group of people to be able to restart Tomcat but not execute the startup and shutdown scripts so that the process does not run under some arbitrary user id.
TODO
TODO