!!! JSPWIKI VM
[{TableOfContents }]
!! Intro
Description of the setup of the Ubuntu VM we have to run [http://jspwiki.apache.org/wiki] and [http://jspwiki.apache.org/doc].\\
See [INFRA-5588|https://issues.apache.org/jira/browse/INFRA-5588] for more background.
!! Important directories and files
|| name || purpose
|/etc/init/[tomcat1.conf]|upstart bootstrap script
|/etc/init/[tomcat2.conf]|upstart bootstrap script
|/usr/local/tomcat1| tomcat home dir (symlink to ./apache-tomcat1-x.y.z)
|/usr/local/tomcat2| tomcat home dir (symlink to ./apache-tomcat2-x.y.z)
|/usr/local/tomcat1/logs|log files tomcat1
|/usr/local/tomcat2/logs|log files tomcat2
|/var/jspwiki/wiki/pages|wiki pages and attachments of wiki
|/var/jspwiki/wiki/logs|wiki pages and attachments of wiki
|/var/jspwiki/doc/pages|wiki pages and attachments of doc
|/var/jspwiki/doc/logs|wiki pages and attachments of doc
|/var/log/apache2|webserver logs
!! Extra installed packages
* openjdk-6-jre-headless (apt)
* apache2 (apt)
* [tomcat 7.0.42|http://http://tomcat.apache.org/]
* JSPWiki v2.10.0-svn-49
* unzip (apt)
* openjdk-6-jdk (apt)
* logwatch
* mailutils
!! Configuration and installation
* __Default apache site configuration ? __ : /etc/apache2/sites-enabled/[000-default]
* __can I see apache status ? __ : Added my IP address to /etc/apache2/mods-enabled/status.conf
* __download vanilla tomcat__ :''wget 'http://apache.mirror1.spango.com/tomcat/tomcat-7/v7.0.42/bin/apache-tomcat-7.0.42.tar.gz' ''
* __create tomcat userids__ : ''useradd -m -s /bin/bash tomcat1 && useradd -m -s /bin/bash tomcat2''
* __install vanilla tomcat__ : ''cd /usr/local && tar -xf /tmp/apache-tomcat-7.0.42.tar && mv apache-tomcat-7.0.42 apache-tomcat1-7.0.42 && chown -R tomcat1.tomcat1 apache-tomcat1-7.0.42 && cp -R apache-tomcat1-7.0.42 apache-tomcat2-7.0.42 && chown -R tomcat2.tomcat2 apache-tomcat2-7.0.42 && ln -s apache-tomcat1-7.0.42 tomcat1 && ln -s apache-tomcat2-7.0.42 tomcat2 && rm -rf tomcat?/webapps/examples tomcat?/webapps/host-manager ''
* __create bootstrap scripts__ : created /etc/init/tomcat1.conf /etc/init/tomcat2.conf ==> use these to set the envvars for tomcat
* __download latest released JSPWiki__ : ''wget 'http://www.apache.org/dist/incubator/jspwiki/2.9.1-incubating/JSPWiki-2.9.1-incubating-4-bin.zip'''
* __create tomcat~[1/2~] webapp dirs__ : with user tomcat~[1/2~]: ''cd /usr/local/tomcat~[1/2~]/webapps && mv ROOT ROOT.old && mkdir ROOT && cd ROOT && jar -xf /tmp/ff/JSPWiki-bin/JSPWiki.war''
* %%strike __patch wiki vanilla jspwiki.properties__ : created ~tomcat1/jspwiki/jspwiki.properties.patch and run: ''patch /usr/local/tomcat1/webapps/wiki/WEB-INF/jspwiki.properties ~tomcat1/jspwiki/jspwiki.properties.patch''/%
* %%strike __patch doc vanilla jspwiki.properties__ : created ~tomcat2/jspwiki/jspwiki.properties.patch and run: ''patch /usr/local/tomcat2/webapps/wiki/WEB-INF/jspwiki.properties ~tomcat2/jspwiki/jspwiki.properties.patch''/%
* created /usr/local/tomcat~[1/2~]/lib/jspwiki-custom.properties (see attached files)
* __create jspwiki page logs dir__ : ''mkdir -p /var/jspwiki/wiki/pages /var/jspwiki/wiki/logs /var/jspwiki/doc/pages /var/jspwiki/doc/logs && chmod -R 755 /var/jspwiki && chown -R tomcat1.tomcat1 /var/jspwiki/wiki && chown -R tomcat2.tomcat2 /var/jspwiki/doc''
* __enable apache ajp proxy__ : ''cd /etc/apache2/mods-enabled && ln -s ../mods-available/proxy.conf proxy.conf && ln -s ../mods-available/proxy.load proxy.load && ln -s ../mods-available/proxy_ajp.load proxy_ajp.load''
* modify /etc/apache2/sites-available/[default]
* __patch tomcat1 server.xml (disable port 8080, change redirect port to 443)__ : ''cd /usr/local/tomcat1/conf && patch server.xml ~/jspwiki/tomcat.server.xml.patch''
* __patch tomcat2 server.xml (disable port 8080 and shift 8005 8009 up 100, change redirect port to 443)__ : ''cd /usr/local/tomcat2/conf && patch server.xml ~/jspwiki/tomcat.server.xml.patch''
* __install spam filter__ [filters.xml] to /usr/local/tomcat~[1/2~]/lib''
* __install jspwiki security policy__ [jspwiki-custom.policy] to /usr/local/tomcat~[1/2~]/lib'' (anonymous users can only view)
* __redirect root mail__ : %%strike /etc/aliases : direct "root" to harry.metske@gmail.com (and run newaliases)/% ==> puppet reverts it \\
==> edit __/etc/cron.weekly/00logwatch__ : ''logwatch --mailto harry.metske@gmail.com''
* create the /etc/logrotate.d/[tomcats] file to truncate catalina.out
* create the /etc/cron.daily/[cleanTomcatLogs] file to get rid of old log files
* create the /etc/cron.daily/[backupWikis] file to arrange the backup
!! Todo
* %%strike install apache2 with mod_ajp/%
* %%strike create user/group to run tomcats/%
* %%strike install tomcat latest release, 2 instances/%
* %%strike bootstrap scripts for tomcats/%
* have INFRA get the proxying in place:
** http://jspwiki.apache.org/wiki => http://jspwiki-vm.apache.org/wiki
** https://jspwiki.apache.org/wiki => http://jspwiki-vm.apache.org/wiki
** http://jspwiki.apache.org/doc => http://jspwiki-vm.apache.org/doc
** https://jspwiki.apache.org/doc => http://jspwiki-vm.apache.org/doc
* %%strike housekeeping (log cleaning) cron jobs/%
* %%strike get the proper userdatabase.xml (start with empty one)/%
* %%strike create the admin group and put your self in/%
* %%strike mail config => installed mailutilx/%
* %%strike backup ?/%
* analog ?
* %%strike fail2ban monitoring/%
* (nagios) monitoring
* %%strike place (apache) /var/www/favicon.ico/%
* %%strike place /var/www/[robots.txt]/%
!! Findings
* no lvm installed, so just one fs, simple and easy:
{{{
root@jspwiki-vm:~# mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro)
.....snip.....
/dev/sda6 on /tmp type ext4 (rw)
root@jspwiki-vm:~# df -h /
Filesystem Size Used Avail Use% Mounted on
/dev/sda1 28G 1.9G 25G 8% /
}}}
* network:
{{{
metskem@jspwiki-vm:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:9d:00:19
inet addr:140.211.11.82 Bcast:140.211.11.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe9d:19/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69671783 errors:0 dropped:9171 overruns:0 frame:0
TX packets:23419837 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16814561371 (16.8 GB) TX bytes:1662666969 (1.6 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
}}}
{{{
root@jspwiki-vm:/opt# iptables -vnL
Chain INPUT (policy DROP 3697 packets, 301K bytes)
pkts bytes target prot opt in out source destination
67M 16G fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0
15701 1494K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
68M 16G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* ASF IP tables enabled */
0 0 ACCEPT all -- lo * 127.0.0.1 0.0.0.0/0 /* Allow all loopback traffic */
55 1804 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 state NEW,RELATED,ESTABLISHED /* Allow ICMP */
801 47592 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3442K packets, 196M bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-ssh (2 references)
pkts bytes target prot opt in out source destination
18 1488 DROP all -- * * 61.153.110.253 0.0.0.0/0
20 1564 DROP all -- * * 123.30.143.150 0.0.0.0/0
21 3288 DROP all -- * * 112.216.76.110 0.0.0.0/0
14 704 DROP all -- * * 117.135.139.142 0.0.0.0/0
17 1640 DROP all -- * * 58.59.176.61 0.0.0.0/0
23 2228 DROP all -- * * 196.22.220.8 0.0.0.0/0
23 2228 DROP all -- * * 200.146.120.122 0.0.0.0/0
28 1820 DROP all -- * * 122.147.2.254 0.0.0.0/0
67M 16G RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain test (0 references)
pkts bytes target prot opt in out source destination
}}}