Hannan's Blog (mostly technical): 2016

Sunday, February 28, 2016

Install Webmin on CentOS 7.2

How to install Webmin on CentOS 7

Login as root. First, create a new file webmin.repo in /etc/yum.repos.d/.

sudo nano /etc/yum.repos.d/webmin.repo

and paste below line:

[Webmin]
name=Webmin Distribution Neutral
#baseurl=http://download.webmin.com/download/yum
mirrorlist=http://download.webmin.com/download/yum/mirrorlist
enabled=1

Install webmin GPG key using below command.

rpm --import http://www.webmin.com/jcameron-key.asc

Now, update the repository:

yum check-update

Install webmin:

yum install webmin -y

Start the service and make it start automatically

chkconfig webmin on
service webmin start

By default, Webmin will listen on port 10000. Enable webmin Port:

firewall-cmd --add-port=10000/tcp

Now, open http://xxx.xxx.xxx.xxx:10000 in your browser and enter your root username and password.

Install PostgreSQL 9.4 on CentOS 7 Server

Add exclude

exclude=postgresql*

to CentOS default repository file in [base] and [updates] sections by:

nano /etc/yum.repos.d/CentOS-Base.repo

Install the latest stable version of PostgreSQL 9.4 for CentOS 7 64bit. All available repositories can be found in http://yum.postgresql.org/.

rpm -ivh http://yum.postgresql.org/9.4/redhat/rhel-7-x86_64/pgdg-centos94-9.4-2.noarch.rpm

Install PostgreSQL 9.4 server from YUM repository installed in previous step. YUM will automatically resolve and install dependencies also.

yum install postgresql94-server -y

Need to initialize the PostgreSQL 9.4 database before we can successfully start it:

/usr/pgsql-9.4/bin/postgresql94-setup initdb

Response will be

Initializing database ... OK.

We can see the PostgreSQL 9.4 service with the following command and also see that it is not enabled to start at boot:

systemctl list-unit-files |grep postgres

The response will be

postgresql-9.4.service disabled

Enable the PostgreSQL 9.4 service to start at boot:

systemctl enable postgresql-9.4.service

ln -s '/usr/lib/systemd/system/postgresql-9.4.service' '/etc/systemd/system/multi-user.target.wants/postgresql-9.4.service'

..and start the PostgreSQL 9.4 service as follows:

systemctl start postgresql-9.4.service

Check whether the database is running by viewing the process list:

ps auxf |grep postgres

The response will be like

root 3091 0.0 0.1 112640 980 pts/0 S+ 11:41 0:00 _ grep --color=auto postgres
postgres 3042 0.0 1.9 337452 15200 ? S 11:40 0:00 /usr/pgsql-9.4/bin/postgres -D /var/lib/pgsql/9.4/data
postgres 3043 0.0 0.1 192600 1368 ? Ss 11:40 0:00 _ postgres: logger process
postgres 3045 0.0 0.2 337452 1680 ? Ss 11:40 0:00 _ postgres: checkpointer process
postgres 3046 0.0 0.3 337452 2480 ? Ss 11:40 0:00 _ postgres: writer process
postgres 3047 0.0 0.2 337452 1688 ? Ss 11:40 0:00 _ postgres: wal writer process
postgres 3048 0.0 0.3 337864 2608 ? Ss 11:40 0:00 _ postgres: autovacuum launcher process
postgres 3049 0.0 0.2 192728 1744 ? Ss 11:40 0:00 _ postgres: stats collector process

Connect to the database as follows:

su - postgres

The response will be like:

Last login: Sun Feb 28 11:41:11 2016 on pts/0
-bash-4.2$

psql

The response will be:

psql (9.4.4)
Type "help" for help.
postgres=#

The default postgres user has its password disabled by default. We can set one using psql like this:

postgres=# \password postgres

Enter new password:
Enter it again:

postgres=# \q
exit

The configuration files for PostgreSQL on CentOS 7 are located in:/var/lib/pgsql/9.4/data/

These files contains helpful comments regarding the configuration options available.

By default, PostgreSQL is operating through a socket on the localhost. In that configuration, the installation is secured against remote threats. If you do not need to access the database from a remote host, you can leave the default configuration. However, we often need to access a database from a remote host.

Configuring access is handled by editing a couple files. First we will tell PostgreSQL to start listening on our network interfaces. This is done by making a change in /var/lib/pgsql/9.4/data/postgresql.conf. Find this section:

#------------------------------------------------------------------------------
# CONNECTIONS AND AUTHENTICATION
#------------------------------------------------------------------------------

# - Connection Settings -

#listen_addresses = 'localhost' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
#port = 5432 # (change requires restart)

and change it by uncommenting the listen_addresses line and changing localhost to *. Like this:

# - Connection Settings -

listen_addresses = '*' # what IP address(es) to listen on;
# comma-separated list of addresses;
# defaults to 'localhost'; use '*' for all
# (change requires restart)
port = 5432 # (change requires restart)

We will leave the port set to its default value of "5432". Make sure and save the change. Now we will edit /var/lib/pgsql/9.4/data/pg_hba.conf and tell PostgreSQL that we want to accept connections from a specific IP address or range. Find this section in the file:

# TYPE DATABASE USER ADDRESS METHOD

# "local" is for Unix domain socket connections only
local all all peer
# IPv4 local connections:
host all all 127.0.0.1/32 md5
and add a new host line with a specific IP address or range:

host all all <Client IP address>/32 md5

Now we can restart PostgreSQL:

sudo systemctl restart postgresql-9.4.service

and verify that we are now listening on port 5432:

# ss -l -n |grep 5432

u_str LISTEN 0 128 /var/run/postgresql/.s.PGSQL.5432 7728992 * 0
u_str LISTEN 0 128 /tmp/.s.PGSQL.5432 7728994 * 0
tcp LISTEN 0 128 *:5432 *:*
tcp LISTEN 0 128 :::5432 :::*

We will also add a local firewall rule to allow the incoming connection on port 5432. For example:

firewall-cmd --permanent --add-port=5432/tcp
firewall-cmd --permanent --add-port=80/tcp

firewall-cmd --reload

Give ownership of data folder to postgres user by

chown -R postgres.postgres /var/lib/pgsql/9.4/data/

Sunday, January 10, 2016

Install Apache Tomcat 8.0.30 on Ubuntu 14.04

First install Java 8; for DHIS2 version 2.21 Java 8 and Tomcat 8 is required.

Create Tomcat User

For security reason, Tomcat should be run as an unprivileged user (i.e. not root). We will create a new user and group that will run the Tomcat service. if not exist, create a new tomcat group by executing;

sudo groupadd tomcat

Then create a new tomcat user. Make this user a member of the tomcat group, with a home directory of /opt/tomcat (where we will install Tomcat), and with a shell of /bin/false (so nobody can log into the account):

sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

Download Tomcat Binary

Find the latest version of Tomcat 8 at the Tomcat 8 Downloads page. We now have latest version 8.0.30. Under the Binary Distributions section, then under the Core list, copy the link to the "tar.gz".

Let's download the latest binary distribution to our home directory.

Then use wget and paste in the link to download the Tomcat 8 archive, like this:

wget http://www.apache.org/dist/tomcat/tomcat-8/v8.0.30/bin/apache-tomcat-8.0.30.tar.gz

We're going to install Tomcat to the /opt/tomcat directory. Create the directory, then extract the the archive to it with these commands:

sudo mkdir /opt/tomcat

sudo tar xvf apache-tomcat-8*tar.gz -C /opt/tomcat --strip-components=1

Now we have to setup the proper user permissions.

Update Permissions

The tomcat user that we set up needs to have the proper access to the Tomcat installation.

Change to the Tomcat installation path:

cd /opt/tomcat

Then give the tomcat user write access to the conf directory, and read access to the files in that directory:

sudo chgrp -R tomcat conf

sudo chmod g+rwx conf

sudo chmod g+r conf/*

Then make the tomcat user the owner of the work, temp, and logs directories:

sudo chown -R tomcat work/ temp/ logs/

Now that the proper permissions are setup, we have to setup init script.

Setup Init Script

We want to run Tomcat as a service so we have to setup an Upstart script. Create and open it by running this command:

sudo nano /etc/init/tomcat.conf

Paste in the following script, and modify the value as per your requirement. JAVA_HOME should be as per your JVM installation. You may also want to modify the memory allocation settings as per your requirement. My one looks like:

description "Tomcat Server"

start on runlevel [2345]

stop on runlevel [!2345]

respawn

respawn limit 10 5

setuid tomcat

setgid tomcat

env JAVA_HOME=/usr/lib/jvm/java-8-oracle

env CATALINA_HOME=/opt/tomcat

# Modify these options as needed

env JAVA_OPTS='-Xmx7500m -Xms4000m'

env DHIS2_HOME='/home/dhis/config'

exec $CATALINA_HOME/bin/catalina.sh run

# cleanup temp directory after stop

post-stop script

rm -rf $CATALINA_HOME/temp/*

end script

Save and exit. This script tells the server to run the Tomcat service as the tomcat user, with the settings specified. It also enables Tomcat to run when the server is started.

Now let's reload the Upstart configuration, so we can use our new Tomcat script:

sudo initctl reload-configuration

Tomcat is ready to be run. Start it with this command:

sudo initctl start tomcat

Tomcat is not completely set up yet, but you can access the default splash page by going to your domain or IP address followed by :8080 in a web browser.You will see the default Tomcat splash page, in addition to other information.

Configure Tomcat Web Management Interface

In order to use the manager webapp that comes with Tomcat, we must add a login to our Tomcat server. We will do this by editing the tomcat-users.xml file:

sudo nano /opt/tomcat/conf/tomcat-users.xml

This file is filled with comments which describe how to configure the file. We may delete all the comments between the following two lines, or we may leave them. We want to add a user who can access the manager-gui. We can do so by defining a user similar to the example below. Be sure to change the username and password to something secure:

<tomcat-users>

</tomcat-users>

Save and quit the tomcat-users.xml file. To put our changes into effect, restart the Tomcat service:

sudo initctl restart tomcat

Monday, January 4, 2016

Install Java 8 and Tomcat 7 as service for DHIS2

Java installation

Oracle Java 8 JDK is the recommended Java option as it provides the greates operating system support, including Ubuntu LTS 14.04. The webupd8team Java PPA provides the necessary packages.

sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer

Check that your installation is okay by

java -version

You can also ensure that the appropriate environment variables are set by installing this package

sudo apt-get install oracle-java8-set-default

Install Tomcat

To install the Tomcat servlet container install Tomcat package by invoking:

sudo apt-get install tomcat7

Install tomcat admin package and other common package

sudo apt-get install tomcat7-docs tomcat7-admin tomcat7-examples

Next edit the environment file by

sudo nano /usr/share/tomcat7/bin/setenv.sh

Add the lines below. The first line will set the location of your Java Runtime Environment, the second will dedicate memory to Tomcat and the third will set the location for where DHIS 2 will search for the dhis.conf configuration file.

export JAVA_HOME='/usr/lib/jvm/java-8-oracle/'
export JAVA_OPTS='-Xmx7500m -Xms4000m'
export DHIS2_HOME='/home/dhis/config'

If tomcat service not started, uncomment the JAVA_HOME entry in /etc/default/tomcat7 and adjust the path accordingly. For our case update JAVA_HOME=/usr/lib/jvm/java-8-oracle.