JSPWIKI VM #
Intro#
Description of the setup of the Ubuntu VM we have to run http://jspwiki.apache.org/wiki
and http://jspwiki.apache.org/doc.
See INFRA-5588 for more background.
Important directories and files#
| name | purpose |
|---|---|
| /etc/init.d/tomcat1 | bootstrap script |
| /etc/init.d/tomcat2 | bootstrap script |
| /usr/local/tomcat1 | tomcat home dir (symlink to ./apache-tomcat1-x.y.z) |
| /usr/local/tomcat2 | tomcat home dir (symlink to ./apache-tomcat2-x.y.z) |
| /usr/local/tomcat1/logs | log files tomcat1 |
| /usr/local/tomcat2/logs | log files tomcat2 |
| /var/jspwiki/wiki/pages | wiki pages and attachments of wiki |
| /var/jspwiki/wiki/logs | wiki pages and attachments of wiki |
| /var/jspwiki/doc/pages | wiki pages and attachments of doc |
| /var/jspwiki/doc/logs | wiki pages and attachments of doc |
| /var/log/apache2 | webserver logs |
Extra installed packages#
- openjdk-6-jre-headless (apt)
- apache2 (apt)
- tomcat 7.0.42
- jspwiki 2.9.1-incubating
- unzip (apt)
- openjdk-6-jdk (apt)
Configuration and installation#
- can I see apache status ? : Added my IP address to /etc/apache2/mods-enabled/status.conf
- download vanilla tomcat :wget 'http://apache.mirror1.spango.com/tomcat/tomcat-7/v7.0.42/bin/apache-tomcat-7.0.42.tar.gz'
- create tomcat userids : useradd -m -s /bin/bash tomcat1 && useradd -m -s /bin/bash tomcat2
- install vanilla tomcat : cd /usr/local && tar -xf /tmp/apache-tomcat-7.0.42.tar && mv apache-tomcat-7.0.42 apache-tomcat1-7.0.42 && chown -R tomcat1.tomcat1 apache-tomcat1-7.0.42 && cp -R apache-tomcat1-7.0.42 apache-tomcat2-7.0.42 && chown -R tomcat2.tomcat2 apache-tomcat2-7.0.42 && ln -s apache-tomcat1-7.0.42 tomcat1 && ln -s apache-tomcat2-7.0.42 tomcat2 && rm -rf tomcat?/webapps/examples tomcat?/webapps/host-manager
- create bootstrap scripts : created /etc/init/tomcat1.conf /etc/init/tomcat2.conf ==> use these to set the envvars for tomcat
- download latest released JSPWiki : wget 'http://www.apache.org/dist/incubator/jspwiki/2.9.1-incubating/JSPWiki-2.9.1-incubating-4-bin.zip'
- create tomcat1 webapp dirs : with user tomcat1: cd /usr/local/tomcat1/webapps && mkdir wiki && cd wiki && jar -xf /tmp/ff/JSPWiki-bin/JSPWiki.war
- create tomcat2 webapp dirs : with user tomcat2: cd /usr/local/tomcat2/webapps && mkdir doc && cd doc && jar -xf /tmp/ff/JSPWiki-bin/JSPWiki.war
- patch wiki vanilla jspwiki.properties : created ~tomcat1/jspwiki/jspwiki.properties.patch and run: patch /usr/local/tomcat1/webapps/wiki/WEB-INF/jspwiki.properties ~tomcat1/jspwiki/jspwiki.properties.patch
- patch doc vanilla jspwiki.properties : created ~tomcat2/jspwiki/jspwiki.properties.patch and run: patch /usr/local/tomcat2/webapps/wiki/WEB-INF/jspwiki.properties ~tomcat2/jspwiki/jspwiki.properties.patch
- create jspwiki page logs dir : mkdir -p /var/jspwiki/wiki/pages /var/jspwiki/wiki/logs /var/jspwiki/doc/pages /var/jspwiki/doc/logs && chmod -R 755 /var/jspwiki && chown -R tomcat1.tomcat1 /var/jspwiki/wiki && chown -R tomcat2.tomcat2 /var/jspwiki/doc
- enable apache ajp proxy : cd /etc/apache2/mods-enabled && ln -s ../mods-available/proxy.conf proxy.conf && ln -s ../mods-available/proxy.load proxy.load && ln -s ../mods-available/proxy_ajp.load proxy_ajp.load
- create /etc/apache2/conf.d/jspwiki :
ProxyPreserveHost on <VirtualHost *:80> ServerName jspwiki.apache.org ProxyPass /wiki ajp://localhost:8009/wiki ProxyPassReverse /wiki ajp://localhost:8009/wiki ProxyPass /doc ajp://localhost:8109/doc ProxyPassReverse /doc ajp://localhost:8109/doc </VirtualHost>
- patch tomcat1 server.xml (disable port 8080, change redirect port to 443) : cd /usr/local/tomcat1/conf && patch server.xml ~/jspwiki/tomcat.server.xml.patch
- patch tomcat2 server.xml (disable port 8080 and shift 8005 8009 up 100, change redirect port to 443) : cd /usr/local/tomcat2/conf && patch server.xml ~/jspwiki/tomcat.server.xml.patch
Todo#
- install apache2 with mod_ajp
- create user/group to run tomcats
- install tomcat latest release, 2 instances
- bootstrap scripts for tomcats
- have INFRA get the proxying in place:
- http://jspwiki.apache.org/wiki => http://jspwiki-vm.apache.org/wiki
- https://jspwiki.apache.org/wiki => http://jspwiki-vm.apache.org/wiki
- http://jspwiki.apache.org/doc => http://jspwiki-vm.apache.org/doc
- https://jspwiki.apache.org/doc => http://jspwiki-vm.apache.org/doc
- http://jspwiki.apache.org/manager => http://jspwiki-vm.apache.org/manager
- https://jspwiki.apache.org/manager => http://jspwiki-vm.apache.org/manager
- housekeeping (log cleaning) cron jobs
- get the proper userdatabase.xml (start with empty one)
- create the admin group and put your self in
- mail config ? ==> default is probably sufficient
- backup ?
- analog ?
- fail2ban monitoring
- (nagios) monitoring
Findings#
- no lvm installed, so just one fs, simple and easy:
root@jspwiki-vm:~# mount /dev/sda1 on / type ext4 (rw,errors=remount-ro) .....snip..... /dev/sda6 on /tmp type ext4 (rw) root@jspwiki-vm:~# df -h / Filesystem Size Used Avail Use% Mounted on /dev/sda1 28G 1.9G 25G 8% /
- network:
metskem@jspwiki-vm:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:9d:00:19
inet addr:140.211.11.82 Bcast:140.211.11.255 Mask:255.255.255.0
inet6 addr: fe80::250:56ff:fe9d:19/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:69671783 errors:0 dropped:9171 overruns:0 frame:0
TX packets:23419837 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:16814561371 (16.8 GB) TX bytes:1662666969 (1.6 GB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
root@jspwiki-vm:/opt# iptables -vnL
Chain INPUT (policy DROP 3697 packets, 301K bytes)
pkts bytes target prot opt in out source destination
67M 16G fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0
15701 1494K fail2ban-ssh tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
68M 16G ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED /* ASF IP tables enabled */
0 0 ACCEPT all -- lo * 127.0.0.1 0.0.0.0/0 /* Allow all loopback traffic */
55 1804 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8 state NEW,RELATED,ESTABLISHED /* Allow ICMP */
801 47592 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3442K packets, 196M bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-ssh (2 references)
pkts bytes target prot opt in out source destination
18 1488 DROP all -- * * 61.153.110.253 0.0.0.0/0
20 1564 DROP all -- * * 123.30.143.150 0.0.0.0/0
21 3288 DROP all -- * * 112.216.76.110 0.0.0.0/0
14 704 DROP all -- * * 117.135.139.142 0.0.0.0/0
17 1640 DROP all -- * * 58.59.176.61 0.0.0.0/0
23 2228 DROP all -- * * 196.22.220.8 0.0.0.0/0
23 2228 DROP all -- * * 200.146.120.122 0.0.0.0/0
28 1820 DROP all -- * * 122.147.2.254 0.0.0.0/0
67M 16G RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Chain test (0 references)
pkts bytes target prot opt in out source destination
