======Install Tomcat======

This page shows how to install Tomcat 8 on CentOS 6 64bit.
=====Prerequisites=====
You must have a CentOS machine already set up in accordance with the "[[Install CentOS 6]]" guide.

If you installed CentOS with just the 'Minimal' software package, you need to install a few tools before running this guide. Run the following as root<code>yum -y install unzip wget openssh-clients</code>

You must have installed JDK 8. The guide on this wiki is [[Install Java| here]].
=====Create Tomcat User=====
Create the user that we will run Tomcat as.
<code>groupadd webapp -g 320
useradd -g webapp -m -d /home/webapp -u 3200 webapp</code>
Set the password for the webapp user..
<code>echo "webapp:pa55w0rd" | chpasswd</code>
=====Configure Data Disk=====
This guide assumes that we have a second disk for the Tomcat installation and data. It assumes that the disk is attached to the system and is called <code>/dev/sdc</code>.
You can test to see if <code>/dev/sdc</code> exists by running this command in a terminal window<code>ls /dev/sdc</code> If you get no error messages, the disk exists and is attached.

If the second disk doesn't exist, you will either need to set it up or alter the instructions in this section as needed to get the appropriate logical volumes created on <code>/dev/sda</code>.

Open a root shell and run the following.
<code>pvcreate /dev/sdc

vgcreate datavg /dev/sdc

lvcreate -L 1G -n webapp_home datavg
lvcreate -L 5G -n webapp_base datavg
lvcreate -L 5G -n webapp_base_logs datavg
lvcreate -L 5G -n webapp_base_temp datavg

mkfs -t ext4 /dev/mapper/datavg-webapp_home
mkfs -t ext4 /dev/mapper/datavg-webapp_base
mkfs -t ext4 /dev/mapper/datavg-webapp_base_logs
mkfs -t ext4 /dev/mapper/datavg-webapp_base_temp

mkdir -p /webapp/home
mkdir -p /webapp/base
FILENAME=/etc/fstab
echo '/dev/mapper/datavg-webapp_home /webapp/home           ext4    defaults        1 2' >> $FILENAME
echo '/dev/mapper/datavg-webapp_base /webapp/base           ext4    defaults        1 2' >> $FILENAME
mount -a
mkdir -p /webapp/base/instance/logs
mkdir -p /webapp/base/instance/temp
echo '/dev/mapper/datavg-webapp_base_logs /tomcat/base/instance/logs          ext4    defaults        1 2' >> $FILENAME
echo '/dev/mapper/datavg-webapp_base_logs /tomcat/base/instance/temp          ext4    defaults        1 2' >> $FILENAME
mount -a

chown -R webapp:webapp /webapp/base/instance
chown -R root:root /webapp/home/lost+found
chown -R root:root /webapp/base/lost+found
chown -R root:root /webapp/base/instance/logs/lost+found
chown -R root:root /webapp/base/instance/temp/lost+found</code>
=====Disable IPv6=====
Disable IPv6 using [[Linux_Networking#Disable_IPv6| this guide]].
=====Install Tomcat=====
Download and install Tomcat. Edit the value of TOMCAT_MAJOR_VERSION and TOMCAT_FULL_VERSION as appropriate.
<code>su - webapp
cd /webapp/home
TOMCAT_MAJOR_VERSION=8
TOMCAT_FULL_VERSION=$TOMCAT_MAJOR_VERSION.0.15
FILENAME=apache-tomcat-$TOMCAT_FULL_VERSION
wget http://mirror.catn.com/pub/apache/tomcat/tomcat-$TOMCAT_MAJOR_VERSION/v$TOMCAT_FULL_VERSION/bin/$FILENAME.tar.gz
tar zxf $FILENAME.tar.gz
rm -f $FILENAME.tar.gz
ln -s $FILENAME tomcat
mv /webapp/home/tomcat/conf/ /webapp/base/instance/
mv /webapp/home/tomcat/webapps/ /webapp/base/instance/
rm -rf /webapp/base/instance/webapps/examples
exit</code>
=====Set Hashed Passwords=====
To populate the tomcat-users.xml file, create a hashed password
<code>set +o history
/webapp/home/tomcat/bin/digest.sh -a sha-256 PASSWORD
set -o history</code>
A working example is<code><?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
  <user name="webadm" password="f839eb86e44b568c99e9877ea138a0cebac6927fda3ecb26b2e60dfdedaf7314" roles="admin-gui,manager-script,manager-gui,manager" />
</tomcat-users></code>
Take this password and use it to create

Tell server.xml to use digested passwords
<code>sed -i "s/resourceName=\"UserDatabase\"/resourceName=\"UserDatabase\"\ digest=\"sha-256\"/g" /webapp/base/instance/conf/server.xml</code>
=====Create init Script=====
<code>cat > /etc/init.d/tomcat <<'END_OF_TEXT'
#!/bin/bash
# chkconfig: 2345 95 20
# description: Script to Start Stop Restart Tomcat
JAVA_HOME=/opt/java/default; export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH; export PATH
TOMCAT_USER=webapp; export TOMCAT_USER
TOMCAT_HOME=/webapp/home/tomcat/bin; export TOMCAT_HOME
CATALINA_BASE=/webapp/base/instance; export CATALINA_BASE
CATALINA_HOME=/webapp/home/tomcat; export CATALINA_HOME
CATALINA_TMPDIR=/webapp/base/instance/temp; export CATALINA_TMPDIR
JAVA_OPTS="-Duser.language=en -Duser.region=GB -Xms512m -Xmx2048m"; export JAVA_OPTS

case $1 in
start)
  if [[ $UID -eq 3200 ]]; then
    $TOMCAT_HOME/startup.sh
  else
    /bin/su tomcat $TOMCAT_HOME/startup.sh
  fi
;;
stop)
  if [[ $UID -eq 3200 ]]; then
    $TOMCAT_HOME/shutdown.sh
  else
    /bin/su tomcat $TOMCAT_HOME/shutdown.sh
  fi
;;
restart)
  if [[ $UID -eq 3200 ]]; then
    $TOMCAT_HOME/shutdown.sh
    $TOMCAT_HOME/startup.sh
  else
    /bin/su tomcat $TOMCAT_HOME/shutdown.sh
    /bin/su tomcat $TOMCAT_HOME/startup.sh
  fi
;;
*)
echo "Usage tomcat {start|stop|restart}"
esac
exit 0</code>

Install the init script
<code>chown root:root /etc/init.d/tomcat
chmod 755 /etc/init.d/tomcat
chkconfig --add tomcat
chkconfig tomcat on</code>

Bear in mind that when fully loaded with our web applications, Tomcat takes about two and a half minutes to start up fully even though the start up script seems to run in under a second. You can track the progress in the /webapp/base/instance/logs/catalina*.log
=====Setup conf Directory=====

Edit catalina.policy and add the following to the CATALINE CODE PERMISSIONS section at line 88.

Replace
<code>        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        permission java.util.PropertyPermission "catalina.base", "read";</code>
with
<code>        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        permission java.util.PropertyPermission "catalina.base", "read";
        permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.CONFIG", "read";
        permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME", "read";</code>

Edit server.xml
<code>sed -i "s/logs/logs\/tomcat/g" /webapp/base/instance/conf/server.xml</code>
<code>NEWPASSWD=4Hud97Ubw
sed -i "s/SHUTDOWN/$NEWPASSWD/g" /webapp/base/instance/conf/server.xml</code>
Edit logging.properties<code>sed -i "s/\${catalina.base}\/logs/\${catalina.base}\/logs\/tomcat/g" /tomcat/base/instance/conf/logging.properties</code>

Edit web.xml and add the following at the end of the file just before the </web-app> line.
<code>    <error-page>
        <exception-type>java.lang.Throwable</exception-type>
        <location>/error.jsp</location>
    </error-page>

    <!-- Disable unsecure access to manager -->
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>restricted methods</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
         </web-resource-collection>
         <auth-constraint />
     </security-constraint></code>
=====Setup wars Directory=====
<code>su - webapp
DIR=/webapp/base/instance/wars
mkdir -p $DIR</code>