David Ghedini

Linux, Java, Oracle, and PostgreSQL


David Ghedini

Sunday Sep 25, 2011

Install Oracle 11g Express (XE) on CentOS

This post will cover basic installation and configuration of Oracle 11g Express Edition (XE) on CentOS.

We will also take a quick look at configuring Application Express (APEX) for 11g XE.

Basic installation is straight forward.

If you just want to get up and running, you can just do steps 1 to 4 below (and 10 and 11 for Apex). The remaining steps (5 to 9) cover basic backup, recovery, and performance configuration.

The full system requirements are here


Your CentOS box should have swap equal to 2xRAM.

On every CentOS installation I have done for XE, I just needed to update/install the packages for libaio, bc, and flex.

[root@ms3 ~]#  yum install libaio bc flex


Step 1: Download and Install Oracle 11g XE rpm



You can download the Oracle XE rpm, oracle-xe-11.2.0-1.0.x86_64.rpm.zip, from the OTN here

Unzip oracle-xe-11.2.0-1.0.x86_64.rpm.zip:

[root@ms3 ~]# unzip -q oracle-xe-11.2.0-1.0.x86_64.rpm.zip


This will create the directory Disk1. Change to the Disk1 directory:

[root@ms3 ~]# cd Disk1
[root@ms3 Disk1]# ls
oracle-xe-11.2.0-1.0.x86_64.rpm  response  upgrade


Install the rpm using rpm -ivh oracle-xe-11.2.0-1.0.x86_64.rpm


[root@ms3 Disk1]# rpm -ivh oracle-xe-11.2.0-1.0.x86_64.rpm
Preparing...                ########################################### [100%]
   1:oracle-xe              ########################################### [100%]
Executing post-install steps...
You must run '/etc/init.d/oracle-xe configure' as the root user to configure the database.

[root@ms3 Disk1]#



Step 2: Configure 11g XE Database and Options



When installation completes, run '/etc/init.d/oracle-xe configure' to configure and start the database.

Unless you wish to change the ports, except the defaults and set SYS/SYSTEM password.

[root@ms3 Disk1]# /etc/init.d/oracle-xe configure

Oracle Database 11g Express Edition Configuration
-------------------------------------------------
This will configure on-boot properties of Oracle Database 11g Express
Edition.  The following questions will determine whether the database should
be starting upon system boot, the ports it will use, and the passwords that
will be used for database accounts.  Press  to accept the defaults.
Ctrl-C will abort.

Specify the HTTP port that will be used for Oracle Application Express [8080]:

Specify a port that will be used for the database listener [1521]:

Specify a password to be used for database accounts.  Note that the same
password will be used for SYS and SYSTEM.  Oracle recommends the use of
different passwords for each database account.  This can be done after
initial configuration:
Confirm the password:

Do you want Oracle Database 11g Express Edition to be started on boot (y/n) [y]:y

Starting Oracle Net Listener...Done
Configuring database...Done
Starting Oracle Database 11g Express Edition instance...Done
Installation completed successfully.


The installation created the directory /u01 under which Oracle XE is installed.


Step 3: Set the Environment



To set the required Oracle environment variables, use the oracle_env.sh the script included under cd /u01/app/oracle/product/11.2.0/xe/bin
[root@ms3 Disk1]# cd /u01/app/oracle/product/11.2.0/xe/bin


To set the environment for your current session run '. ./oracle_env.sh':

[root@ms3 bin]# . ./oracle_env.sh


To set the environment permanently for users, add the following to the .bashrc or .bash_profile of the users you want to access the environment:

. /u01/app/oracle/product/11.2.0/xe/bin/oracle_env.sh


You should now be able to access SQL*Plus

[root@ms3 bin]# sqlplus /nolog

SQL*Plus: Release 11.2.0.2.0 Production on Wed Sep 21 08:17:26 2011

Copyright (c) 1982, 2011, Oracle.  All rights reserved.

SQL> connect sys/Password as sysdba
Connected.
SQL>




Step 4: Allow Remote Access to Oracle 11g XE GUI



To allow remote access to Oracle 11g XE GUI (as well as Application Express GUI) issue the following from SQL*Plus

SQL> EXEC DBMS_XDB.SETLISTENERLOCALACCESS(FALSE);

PL/SQL procedure successfully completed.


You should now be able to access the Oracle 11g XE Home Page GUI at:

http://localhost:8080/apex/f?p=4950:1

Replace localhost above with your IP or domain as required.

Log in as SYSTEM using the password you selected in Step 2 above.


Step 5: Move the Flash Recovery Area (Fast Recovery Area)



To protect against disk failure, you should move the Flash Recovery Area to a separate disk.

This is actually now called the Fast Recovery Area, but the existing documentation still refers to it as the Flash Recovery Area

If a separate disk is not in your budget you should, at the very least, move the Flash Recovery Area to a partition other than the Oracle installation directory.

By default, the Fast Recovery Area will be located under /u01/app/oracle/fast_recovery_area

SQL> show parameter DB_RECOVERY_FILE_DEST;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_recovery_file_dest                string      /u01/app/oracle/fast_recovery_area
db_recovery_file_dest_size           big integer 10G
SQL>
So, to move it elsewhere, first create the new directory

[root@ms3 ~]# mkdir /opt/fra


Change the owner to oracle and the group to dba

[root@ms3 ~]# chown oracle:dba /opt/fra


Now, change the DB_RECOVERY_FILE_DEST to the location you selected above.

SQL> ALTER SYSTEM SET DB_RECOVERY_FILE_DEST = '/opt/fra';

System altered.

SQL>
To move the files use the movelog.sql script:
SQL> @?/sqlplus/admin/movelogs
SQL> SET FEEDBACK 1
SQL> SET NUMWIDTH 10
SQL> SET LINESIZE 80
SQL> SET TRIMSPOOL ON
SQL> SET TAB OFF
SQL> SET PAGESIZE 100
SQL> declare
  2     cursor rlc is
  3        select group# grp, thread# thr, bytes/1024 bytes_k
  4          from v$log
  5        order by 1;
  6     stmt     varchar2(2048);
  7     swtstmt  varchar2(1024) := 'alter system switch logfile';
  8     ckpstmt  varchar2(1024) := 'alter system checkpoint global';
  9  begin
 10     for rlcRec in rlc loop
 11    stmt := 'alter database add logfile thread ' ||
 12                 rlcRec.thr || ' size ' ||
 13                 rlcRec.bytes_k || 'K';
 14        execute immediate stmt;
 15        begin
 16           stmt := 'alter database drop logfile group ' || rlcRec.grp;
 17           execute immediate stmt;
 18        exception
 19           when others then
 20              execute immediate swtstmt;
 21              execute immediate ckpstmt;
 22              execute immediate stmt;
 23        end;
 24        execute immediate swtstmt;
 25     end loop;
 26  end;
 27  /

PL/SQL procedure successfully completed.

SQL>
SQL>


Now, set an appropriate size for the Fast Recovery Area. Use df -h to insure that there is ample space.

SQL> ALTER SYSTEM SET DB_RECOVERY_FILE_DEST_SIZE = 20G;

System altered.


Verify the new location and size.

SQL> show parameter DB_RECOVERY_FILE_DEST;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
db_recovery_file_dest                string      /opt/fra
db_recovery_file_dest_size           big integer 20G
SQL>


Step 6: Add Redo Log Members to Groups



You should have at least two Redo Log Groups and each group should have at least two members.

Additionally, the members should be spread across disks (or at least directories)

For whatever reason, only one member is created per group on install.

You can view the redo log files using SQL> SELECT * FROM V$LOGFILE;

Since the default location for the two members is the Flash Recovery Area, the two existing members have been moved to our new FRA.

You should now add an additional member for each group under /u01/app/oracle/oradata/XE

SQL> ALTER DATABASE ADD LOGFILE MEMBER '/u01/app/oracle/oradata/XE/log1b.LOG' TO GROUP 1;

Database altered.

SQL> ALTER DATABASE ADD LOGFILE MEMBER '/u01/app/oracle/oradata/XE/log2b.LOG' TO GROUP 2;

Database altered.

SQL>



Step 7: Set Sessions and Processes Parameters



The default values for parameters and sessions is quite low on the default installation.


SQL> show parameters sessions;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
java_max_sessionspace_size           integer     0
java_soft_sessionspace_limit         integer     0
license_max_sessions                 integer     0
license_sessions_warning             integer     0
sessions                             integer     172
shared_server_sessions               integer

SQL> show parameters processes;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
aq_tm_processes                      integer     0
db_writer_processes                  integer     1
gcs_server_processes                 integer     0
global_txn_processes                 integer     1
job_queue_processes                  integer     4
log_archive_max_processes            integer     4
processes                            integer     100



You can increase these parameters.

After each change, you will need to restart the database.

Increase sessions and then bounce database.

SQL> alter system set sessions=250 scope=spfile;

System altered.

SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.

Total System Global Area 1068937216 bytes
Fixed Size                  2233344 bytes
Variable Size             780143616 bytes
Database Buffers          281018368 bytes
Redo Buffers                5541888 bytes
Database mounted.
Database opened.


Verify change to sessions parameter:


SQL> show parameters sessions;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
java_max_sessionspace_size           integer     0
java_soft_sessionspace_limit         integer     0
license_max_sessions                 integer     0
license_sessions_warning             integer     0
sessions                             integer     252
shared_server_sessions               integer


Increase processes and restart database

SQL> alter system set processes=200 scope=spfile;

System altered.

SQL>


Database dismounted.
ORACLE instance shut down.
SQL> startup
ORACLE instance started.

Total System Global Area 1068937216 bytes
Fixed Size                  2233344 bytes
Variable Size             763366400 bytes
Database Buffers          297795584 bytes
Redo Buffers                5541888 bytes
Database mounted.
Database opened.



Verify change to processes parameter:



SQL>  show parameters processes;

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
aq_tm_processes                      integer     0
db_writer_processes                  integer     1
gcs_server_processes                 integer     0
global_txn_processes                 integer     1
job_queue_processes                  integer     4
log_archive_max_processes            integer     4
processes                            integer     200
SQL>




Step 8: Enable Archivelog Mode



To enable online or "hot" backups, Archivelog Mode must be enabled.

Additionally, if you do not enable Archivelog Mode and take only offline or "cold" backups, should you need to restore the database you will only be able to restore to the last backup

To enable Archivelog Mode, shutdown the database and then startup mount:

SQL> shutdown immediate
Database closed.
Database dismounted.
ORACLE instance shut down.
SQL> startup mount
ORACLE instance started.

Total System Global Area 1068937216 bytes
Fixed Size                  2233344 bytes
Variable Size             763366400 bytes
Database Buffers          297795584 bytes
Redo Buffers                5541888 bytes
Database mounted.


Enable Archivelog Mode


SQL> alter database archivelog;

Database altered.



Open the database and verify that Archivelog Mode is enabled

SQL> alter database open;

Database altered.

SQL>

SQL> SELECT LOG_MODE FROM SYS.V$DATABASE;

LOG_MODE
------------
ARCHIVELOG

SQL>



Step 9: Create Online Backup Script



To create automated backups, you can modify the backup.sh included under /u01/app/oracle/product/11.2.0/xe/config/scripts

Create a directory for your backup script

[root@ms3 ~]# mkdir /opt/ora_backup


Change the owner to oracle and the group to dba

[root@ms3 ~]# chown oracle:dba /opt/ora_backup


Copy the backup.sh script from /u01/app/oracle/product/11.2.0/xe/config/scripts to the directory you created above.

[root@ms3 ~]# cp  /u01/app/oracle/product/11.2.0/xe/config/scripts/backup.sh /opt/ora_backup/backup.sh


Open the backup.sh script in a text editor or vi. The last section will look like this:
else
   echo Backup of the database succeeded.
   echo Log file is at $rman_backup_current.
fi

#Wait for user to press any key
echo -n "Press ENTER key to exit"
read userinp 


Change it to:

else
   echo Backup of the database succeeded.
   echo Log file is at $rman_backup_current.
   mail -s 'Oracle Backup Completed' 'david@davidghedini.com' < /u01/app/oracle/oxe_backup_current.log
fi

#Wait for user to press any key
#echo -n "Press ENTER key to exit"
#read userinp 


The line we added above, mail -s 'Oracle Backup Completed' 'david@davidghedini.com' < /u01/app/oracle/oxe_backup_current.log, will send us an email notification that the backup has completed as well as cat the backup log to the body of the email.

Note that we have also commented out the last two lines of the script (the prompt).

Create a cron job to run the script as user oracle.

You should run it at least once a day. With Archivelog Mode enabled, it is important that backups be taken regularly to prevent the Flash Recovery Area from filling.


Step 10: Oracle 11g XE and Application Express (APEX)



Oracle 11g Express Edition comes with Application Express 4.0.2 already installed.

If you elect to upgrade to the latest version (4.1 as of this writing), you can do so but will loose access to the XE GUI. Not a huge loss, but something to keep in mind.

Although Apex is already installed, you will need to set the Internal Admin password.

To do so, run the apxchpwd.sql located under /u01/app/oracle/product/11.2.0/xe/apex:

Note: pick something simple like Password123! as you will be prompted to change it on first log in anyways.

SQL> @/u01/app/oracle/product/11.2.0/xe/apex/apxchpwd.sql
Enter a value below for the password for the Application Express ADMIN user.


Enter a password for the ADMIN user              []

Session altered.

...changing password for ADMIN

PL/SQL procedure successfully completed.


Commit complete.

SQL>


You can access the Application Express GUI at:

http://localhost:8080/apex/f?p=4550:1

Replace localhost above with your IP or domain as required.

Workspace: Internal
User Name: admin
Password: (whatever you selected above).

Alternatively, you can access via

http://localhost:8080/apex/f?p=4550:10 or http://localhost:8080/apex/apex_admin

Again, replace localhost above with your IP or domain as required.


Step 11: Oracle 11g XE: Configure EPG or Apex Listener



Unless you have a license for Oracle HTTP Server (OHS), your options are the embedded PLSQL Gateway (EPG) or Apex Listener.

The Application Express that comes installed with Oracle 11g XE is configured using the EPG.

While the EPG is simpler than Apex Listener, it can be painfully slow as of Apex 3.2.

Apex Listener, while quite fast, adds an extra layer of complexity.

You will need to install an application server to run Apex Listener.

I have run Apex Listener on both Tomcat (unsupported) as well as Oracle GlassFish 3.x (supported) and was not impressed with either.

A lot of people who know far more than I do about APEX (read: 99.9999% of the population) like the Apex Listener.

Apex Listener and it's installation guide can be found here.

The Apex Listener installation guide is well done and simple to follow.

If you need to install Oracle GlassFish or GlassFish CE (basic installation is the same), you can use my GlassFish 3.1 instructions here.

If you want to be an outlaw and use Tomcat, you can use my Tomcat 6 installation guide here. or my Tomcat 7 installation guide here..

Oracle APEX Hosting

Bookmark and Share



Friday Mar 04, 2011

Install Tomcat 6 on CentOS or RHEL

This post will cover installation and configuration of Tomcat 6 on CentOS 5.

We will also show how to run Tomcat as a service, create a start/stop script, and configure Tomcat to run under a non-root user.

This post has been updated for Tomcat 6.0.32.

This post below will work with any Tomcat 6.x version, but I have been keeping it updated to keep the links consistent and to make it as "copying-and-paste" as possible.

If you are looking for our tutorial on installing Tomcat 7 on CentOS/RHEL, you can find it here.

This installation of Tomcat 6.0.32 was done on CentOS 5.5, but any CentOS 5.x should work, as well as RHEL and Fedora.

If you do not already have the Java Development Kit (JDK) installed on your machine, you will need to download and install the required JDK for your platform.

If you do have the JDK installed, you can skip to: Step 2: Download and Install the Tomcat 6.0.32:

Step 1: Install the JDK


You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

I'm using the latest, which is JDK 6, update 24. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.

If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

[root@blanche ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin  


Create a new directory /usr/java.

[root@blanche ~]# mkdir /usr/java  


Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u24-linux-x64.bin'

[root@blanche ~]# cd /usr/java
[root@blanche java]# sh /opt/jdk-6u24-linux-x64.bin


Set the JAVA_HOME path. This is where we installed our JDK above.

To set it for your current session, you can issue the following from the CLI:

[root@blanche java]# JAVA_HOME=/usr/java/jdk1.6.0_24
[root@blanche java]# export JAVA_HOME
[root@blanche java]# PATH=$JAVA_HOME/bin:$PATH
[root@blanche java]# export PATH


To set the JAVA_HOME for users, we add below to the user ~/.bashrc or ~/.bash_profile of the user. We can also add it /etc/profile and then source it to give to all users.

JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH


Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

[root@blanche ~]#  echo $JAVA_HOME
/usr/java/jdk1.6.0_24


Step 2: Download and Install Tomcat 6.0.32:


Download apache-tomcat-6.0.32.tar.gz here

Save the file to a directory. I'm saving it to /root/apache-tomcat-6.0.32.tar.gz

Before proceeding, you should verify the MD5 Checksum for your Tomcat download (or any other download).

Since we saved the Tomcat download to /root/apache-tomcat-6.0.32.tar.gz, we'll go to the /root directory and use the md5sum command.

[root@blanche ~]# md5sum apache-tomcat-6.0.32.tar.gz
082a0707985b6c029920d4d6d5ec11cd


Compare the output above to the MD5 Checksum provided by the Apache Tomcat MD5 page and insure that they match exactly. (There is also a link to display the MD5 checksum located just to the right off the download link).

Now, move (mv) or copy (cp) the file to the /usr/share directory:

[root@blanche ~]# mv apache-tomcat-6.0.32.tar.gz /usr/share/apache-tomcat-6.0.32.tar.gz


Change to the /usr/share directory and unpack the file using tar -xzf:

[root@blanche ~]# cd /usr/share
[root@sv2 blanche ]# tar -xzf apache-tomcat-6.0.32.tar.gz  


This will create the directory /usr/share/apache-tomcat-6.0.32

At this point, you could start Tomcat via the Tomcat bin directory using the Tomcat startup.sh script located at /usr/share/apache-tomcat-6.0.32/bin.

[root@blanche share]# cd /usr/share/apache-tomcat-6.0.32/bin
[root@blanche bin]# ./startup.sh


Step 3: How to Run Tomcat as a Service.


We will now see how to run Tomcat as a service and create a simple Start/Stop/Restart script, as well as to start Tomcat at boot.

Change to the /etc/init.d directory and create a script called 'tomcat' as shown below.

[root@blanche share]# cd /etc/init.d
[root@blanche init.d]# vi tomcat


#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
CATALINA_HOME=/usr/share/apache-tomcat-6.0.32

case $1 in
start)
sh $CATALINA_HOME/bin/startup.sh
;; 
stop)   
sh $CATALINA_HOME/bin/shutdown.sh
;; 
restart)
sh $CATALINA_HOME/bin/shutdown.sh
sh $CATALINA_HOME/bin/startup.sh
;; 
esac    
exit 0


The above script is simple and contains all of the basic elements you will need to get going.

As you can see, we are simply calling the startup.sh and shutdown.sh scripts located in the Tomcat bin directory (/usr/share/apache-tomcat-6.0.32/bin).

You can adjust your script according to your needs and, in subsequent posts, we'll look at additional examples.

CATALINA_HOME is the Tomcat home directory (/usr/share/apache-tomcat-6.0.32)

Now, set the permissions for your script to make it executable:

[root@blanche init.d]# chmod 755 tomcat


We now use the chkconfig utility to have Tomcat start at boot time. In my script above, I am using chkconfig: 244 20 80. 2445 are the run levels and 20 and 80 are the stop and start priorities respectively. You can adjust as needed.

[root@blanche init.d]# chkconfig --add tomcat
[root@blanche init.d]# chkconfig --level 234 tomcat on


Verify it:

[root@blanche init.d]# chkconfig --list tomcat
tomcat          0:off   1:off   2:on    3:on    4:on    5:off   6:off


Now, let's test our script.

Start Tomcat:

[root@blanche ~]# service tomcat start
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar


Stop Tomcat:

[root@blanche ~]# service tomcat stop
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar
Restarting Tomcat (Must be started first):

[root@blanche ~]# service tomcat restart
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar
Using CATALINA_BASE:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_HOME:   /usr/share/apache-tomcat-6.0.32
Using CATALINA_TMPDIR: /usr/share/apache-tomcat-6.0.32/temp
Using JRE_HOME:        /usr/java/jdk1.6.0_24
Using CLASSPATH:       /usr/share/apache-tomcat-6.0.32/bin/bootstrap.jar


We should review the Catalina.out log located at /usr/share/apache-tomcat-6.0.32/logs/catalina.out and check for any errors.

[root@blanche init.d]# less /usr/share/apache-tomcat-6.0.32/logs/catalina.out


We can now access the Tomcat Manager page at:

http://yourdomain.com:8080 or http://yourIPaddress:8080 and we should see the Tomcat home page.

Step 5 (Optional): How to Run Tomcat using Minimally Privileged (non-root) User.


In our Tomcat configuration above, we are running Tomcat as Root.

For security reasons, it is always best to run services with the only those privileges that are necessary.

There are some who make a strong case that this is not required, but it's always best to err on the side of caution.

To run Tomcat as non-root user, we need to do the following:

1. Create the group 'tomcat':

[root@blanche ~]# groupadd tomcat
[root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat


2. Create the user 'tomcat' and add this user to the tomcat group we created above.

[root@blanche ~]# groupadd tomcat
[root@blanche ~]# useradd -s /bin/bash -g tomcat tomcat


The above will create a home directory for the user tomcat in the default user home as /home/tomcat

If we want the home directory to be elsewhere, we simply specify so using the -d switch.

[root@blanche ~]# useradd -g tomcat -d /usr/share/apache-tomcat-6.0.32/tomcat tomcat


The above will create the user tomcat's home directory as /usr/share/apache-tomcat-6.0.32/tomcat

3. Change ownership of the tomcat files to the user we created above:

[root@blanche ~]# chown -Rf tomcat.tomcat /usr/share/apache-tomcat-6.0.32/


Note: it is possible to enhance our security still further by making certain files and directory read-only. This will not be covered in this post and care should be used when setting such permissions.

4. Adjust the start/stop service script we created above. In our new script, we need to su to the user tomcat:

#!/bin/bash
# description: Tomcat Start Stop Restart
# processname: tomcat
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
TOMCAT_HOME=/usr/share/apache-tomcat-6.0.32/bin

case $1 in
start)
/bin/su tomcat $TOMCAT_HOME/startup.sh
;; 
stop)   
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
;; 
restart)
/bin/su tomcat $TOMCAT_HOME/shutdown.sh
/bin/su tomcat $TOMCAT_HOME/startup.sh
;; 
esac    
exit 0


Step 6 (Optional): How to Run Tomcat on Port 80 as Non-Root User.


Note: the following applies when you are running Tomcat in "stand alone" mode. That is, you are running Tomcat without Apache in front of it.

To run services below port 1024 as a user other than root, you can add the following to your IP tables:

[root@blanche ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080  
[root@blanche ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080  


Learn More About Apache Tomcat

Apache Tomcat Foundation

Tomcat 6



Tomcat 6 Hosting

Bookmark and Share



Wednesday Mar 02, 2011

How to Install GlassFish 3 on CentOS

This post will cover installing GlassFish 3.0.1 on CentOS 5.x.

We'll also see how to run GlassFish as a service, how to access the Admin Console, and how to run GlassFish under a minimally privileged user.

GlassFish 3.0.1 is available two editions.

GlassFish Server Open Source Edition 3.0.1 (free) and Oracle GlassFish Server 3.0.1 (supported and requires paid subscription).

I installed both using the same process below on CentOS 5.5.

This post is intended to get a basic installation of GlassFish 3.0.1 up and running. Please consult the documentation.

If you do not already have the Java Development Kit (JDK) installed on your machine, you will need to download and install the required JDK for your platform.

If you do have the JDK installed, you can skip to: Step 2: Download and Install the GlassFish 3.0.1 Server:

Step 1: Install the JDK


You can download the JDK here: http://www.oracle.com/technetwork/java/javase/downloads/index.html

I'm using the latest, which is JDK 6, update 24. The JDK is specific to 32 and 64 bit versions.

My CentOS box is 64 bit, so I'll need: jdk-6u24-linux-x64.bin.

If you are on 32 bit, you'll need: jdk-6u24-linux-i586.bin

Download the appropriate JDK and save it to a directory. I'm saving it to /root.

Move (mv) or copy (cp) the file to the /opt directory:

[root@sv2 ~]# mv jdk-6u24-linux-x64.bin /opt/jdk-6u24-linux-x64.bin


Create the directory /usr/java.

[root@sv2 ~]# mkdir /usr/java


Change to the /usr/java directory we created and install the JDK using 'sh /opt/jdk-6u24-linux-x64.bin'

[root@sv2 ~]# cd /usr/java
[root@sv2 java]# sh /opt/jdk-6u24-linux-x64.bin


Set the JAVA_HOME path. This is where we installed the JDK above.

To do this for your current session, you can issue the following:

[root@sv2 java]# JAVA_HOME=/usr/java/jdk1.6.0_24
[root@sv2 java]# export JAVA_HOME
[root@sv2 java]# PATH=$JAVA_HOME/bin:$PATH
[root@sv2 java]# export PATH


To set the JAVA_HOME for users, we add below to the user ~/.bashrc or ~/.bash_profile of the desired user(s). We can also add it /etc/profile and then source it to give to all users.

JAVA_HOME=/usr/java/jdk1.6.0_24 
export JAVA_HOME 
PATH=$JAVA_HOME/bin:$PATH 
export PATH


Once you have added the above to ~/.bash_profile or ~/.bashrc, you should log out, then log back in and check that the JAVA_HOME is set correctly.

[root@sv2 ~]#  echo $JAVA_HOME
/usr/java/jdk1.6.0_24


Step 2: Download and Install the GlassFish 3.0.1 Server:


You can download both the GlassFish Server Open Source Edition 3.0.1 and Oracle GlassFish Server 3.0.1 at http://glassfish.java.net/

Once you have downloaded the desired file, move (mv) or copy (cp) the file to /usr/share/glassfish-3.0.1.zip (or /usr/share/ogs-3.0.1.zip for Oracle GlassFish).

[root@sv2 ~]# mv glassfish-3.0.1.zip /usr/share/glassfish-3.0.1.zip


Change to the /usr/share directory and unzip the file:

[root@sv2 ~]# cd /usr/share
[root@sv2 share]# unzip -q glassfish-3.0.1.zip


The unzip will create the following directory: /usr/share/glassfishv3

Note: Both GlassFish editions will create the same directory when unzipped: glassfishv3

At this point, we should be able to start and stop GlassFish using:

/usr/share/glassfishv3/glassfish/bin/asadmin start-domain domain1

and

/usr/share/glassfishv3/glassfish/bin/asadmin stop-domain domain1

Start GlassFish:

[root@sv2 share]# /usr/share/glassfishv3/glassfish/bin/asadmin start-domain domain1
Waiting for DAS to start ...
Started domain: domain1
Domain location: /usr/share/glassfishv3/glassfish/domains/domain1
Log file: /usr/share/glassfishv3/glassfish/domains/domain1/logs/server.log
Admin port for the domain: 4848
Command start-domain executed successfully.
[root@sv2 share]#


Stop GlassFish:

[root@sv2 share]# /usr/share/glassfishv3/glassfish/bin/asadmin stop-domain domain1
Waiting for the domain to stop ....
Command stop-domain executed successfully.
[root@sv2 share]#


Note: If you did not set the JAVA_HOME and PATH for the user you are logged in as, or for your current session, when you attempt to start the GlassFish server it will complain it cannot find Java with the following:

error: /usr/share/glassfishv3/glassfish/bin/asadmin: line 19: exec: java: not found

Step 3: Running GlassFish as a Service.


To run GlassFish as a service and enable start up at boot, we'll now create a Start/Stop/Restart script.

We'll create the script as /etc/init.d/glassfish, make the script executable, and then add our new glassfish service to chkconfig.

Create our glassfish script:

[root@sv2 ~]# cd /etc/init.d
[root@sv2 init.d]# vi glassfish


#!/bin/bash
# description: Glassfish Start Stop Restart
# processname: glassfish
# chkconfig: 234 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
GLASSFISH_HOME=/usr/share/glassfishv3/glassfish

case $1 in
start)
sh $GLASSFISH_HOME/bin/asadmin start-domain domain1
;;
stop)
sh $GLASSFISH_HOME/bin/asadmin stop-domain domain1
;;
restart)
sh $GLASSFISH_HOME/bin/asadmin stop-domain domain1
sh $GLASSFISH_HOME/bin/asadmin start-domain domain1
;;
esac
exit 0


If you do not set the JAVA_HOME and PATH in the GlassFish script, when you attempt to start the GlassFish server it will complain it cannot find Java with the following:

error: /usr/share/glassfishv3/glassfish/bin/asadmin: line 19: exec: java: not found

Now, make the script executable and add it to our chkconfig so it starts at boot.

[root@sv2 init.d]# chmod 755 glassfish
[root@sv2 init.d]# chkconfig --add glassfish
[root@sv2 init.d]# chkconfig --level 234 glassfish on


We should now be able to Start, Stop, and Restart GlassFish as a service.

Start GlassFish:

[root@sv2 init.d]# service glassfish start
Waiting for DAS to start .....
Started domain: domain1
Domain location: /usr/share/glassfishv3/glassfish/domains/domain1
Log file: /usr/share/glassfishv3/glassfish/domains/domain1/logs/server.log
Admin port for the domain: 4848
Command start-domain executed successfully.


Stop GlassFish:

[root@sv2 init.d]# service glassfish stop
Waiting for the domain to stop ....
Command stop-domain executed successfully.


Step 4: Access GlassFish Admin Console.


You should now be able to access the GlassFish Admin Console at:

http://yourdomain.com:4848 or http://yourip:4848



On accessing the GlassFish Admin Console for the first time, you will find that no user name or password is required.

Previous to 3.0.1, a default password 'adminadmin' was used.

You can set (or change) the admin password within the GlassFish Admin console.

1. Click "Enterprise Server" on the tree.

2. Click the Administrator Password tab.

3. Enter and confirm your password and click Save.



The first password save will create a file,.asadminpass, in the home directory of the user you are running the service under.

Alternatively, you can set the admin password via the CLI using.

[root@sv2 bin]# $GLASSFISH_HOME/bin/asadmin change-admin-password
Enter admin user name [default: admin]>
Enter admin password>
Enter new admin password>
Enter new admin password again>

Command change-admin-password executed successfully.
[root@sv2 bin]#


Note: to make using the CLI easier, I've added the following lines to my ~/.bashrc (or ~/.bash_profile):

GLASSFISH_HOME=/usr/share/glassfishv3/glassfish
export GLASSFISH_HOME

So your ~/.bashrc or ~/.bash_profile will look like this:

JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
GLASSFISH_HOME=/usr/share/glassfishv3/glassfish
export GLASSFISH_HOME


As you can see above, I can now use $GLASSFISH_HOME rather than the full path of /usr/share/glassfishv3/glassfish.

Step 5: Running GlassFish with Minimally Privileged (non-root) User.


Since I am installing this on my development machine, I am running GlassFish as root above.

In production, you will want to run GlassFish as a non-root user with minimal privileges.

To do this, we can need to the following.

1. Create the user, glassfish, who will own the files.

Create the new group, glassfish, and add the user glassfish to the group:

[root@sv2 ~]# groupadd glassfish
[root@sv2 ~]# useradd -s /bin/bash -g glassfish glassfish


2. Change ownership of the GlassFish files to the user glassfish we created.

We'll change ownership of the files under /usr/share/glassfishv3 from root to the user glassfish we created above:

[root@sv2 ~]# chown -Rf glassfish.glassfish /usr/share/glassfishv3/

3. Update our glassfish script.

Finally, we update the glassfish start/stop/restart script we created above so we su to user glassfish:

#!bin/bash
# description: Glassfish Start Stop Restart
# processname: glassfish
# chkconfig: 2345 20 80
JAVA_HOME=/usr/java/jdk1.6.0_24
export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH
export PATH
GLASSFISH_HOME=/usr/share/glassfishv3/glassfish
GLASSFISH_USER=glassfish

case $1 in
start)
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin start-domain domain1"
;;
stop)
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin stop-domain domain1"
;;
restart)
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin stop-domain domain1"
su $GLASSFISH_USER -c "$GLASSFISH_HOME/bin/asadmin start-domain domain1"
;;
esac
exit 0


Step 6: Running GlassFish on Port 80 as Non-Root User.


To run services below port 1024 as user other than root, you will need to use port forwarding.

You can do this by adding the following to your IP tables:

[root@sv2 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
[root@sv2 ~]# iptables -t nat -A PREROUTING -p udp -m udp --dport 80 -j REDIRECT --to-ports 8080


GlassFish Quick Start Guide

http://glassfish.java.net/

Oracle GlassFish Docs

Bookmark and Share




Main Menu

Built With

Pages

LinkedIn

Tag Cloud

Hosted by:

Navigation

Visitors

Sponsors

petiole Cloud

Feeds