Saucepan

User Tools

Site Tools

Trace: install_samba install_tomcat
linux:install_tomcat

Table of Contents

Install Tomcat

This page shows how to install Tomcat 8 on CentOS 6 64bit.

Prerequisites

You must have a CentOS machine already set up in accordance with the “Install CentOS 6” guide.

If you installed CentOS with just the 'Minimal' software package, you need to install a few tools before running this guide. Run the following as root 

yum -y install unzip wget openssh-clients

You must have installed JDK 8. The guide on this wiki is here.

Create Tomcat User

Create the user that we will run Tomcat as. 

groupadd webapp -g 320
useradd -g webapp -m -d /home/webapp -u 3200 webapp

Set the password for the webapp user.. 

echo "webapp:pa55w0rd" | chpasswd

Configure Data Disk

This guide assumes that we have a second disk for the Tomcat installation and data. It assumes that the disk is attached to the system and is called 

/dev/sdc

. You can test to see if 

/dev/sdc

exists by running this command in a terminal window 

ls /dev/sdc

If you get no error messages, the disk exists and is attached.

If the second disk doesn't exist, you will either need to set it up or alter the instructions in this section as needed to get the appropriate logical volumes created on 

/dev/sda

.

Open a root shell and run the following. 

pvcreate /dev/sdc

vgcreate datavg /dev/sdc

lvcreate -L 1G -n webapp_home datavg
lvcreate -L 5G -n webapp_base datavg
lvcreate -L 5G -n webapp_base_logs datavg
lvcreate -L 5G -n webapp_base_temp datavg

mkfs -t ext4 /dev/mapper/datavg-webapp_home
mkfs -t ext4 /dev/mapper/datavg-webapp_base
mkfs -t ext4 /dev/mapper/datavg-webapp_base_logs
mkfs -t ext4 /dev/mapper/datavg-webapp_base_temp

mkdir -p /webapp/home
mkdir -p /webapp/base
FILENAME=/etc/fstab
echo '/dev/mapper/datavg-webapp_home /webapp/home           ext4    defaults        1 2' >> $FILENAME
echo '/dev/mapper/datavg-webapp_base /webapp/base           ext4    defaults        1 2' >> $FILENAME
mount -a
mkdir -p /webapp/base/instance/logs
mkdir -p /webapp/base/instance/temp
echo '/dev/mapper/datavg-webapp_base_logs /tomcat/base/instance/logs          ext4    defaults        1 2' >> $FILENAME
echo '/dev/mapper/datavg-webapp_base_logs /tomcat/base/instance/temp          ext4    defaults        1 2' >> $FILENAME
mount -a

chown -R webapp:webapp /webapp/base/instance
chown -R root:root /webapp/home/lost+found
chown -R root:root /webapp/base/lost+found
chown -R root:root /webapp/base/instance/logs/lost+found
chown -R root:root /webapp/base/instance/temp/lost+found

Disable IPv6

Disable IPv6 using this guide.

Install Tomcat

Download and install Tomcat. Edit the value of TOMCAT_MAJOR_VERSION and TOMCAT_FULL_VERSION as appropriate. 

su - webapp
cd /webapp/home
TOMCAT_MAJOR_VERSION=8
TOMCAT_FULL_VERSION=$TOMCAT_MAJOR_VERSION.0.15
FILENAME=apache-tomcat-$TOMCAT_FULL_VERSION
wget http://mirror.catn.com/pub/apache/tomcat/tomcat-$TOMCAT_MAJOR_VERSION/v$TOMCAT_FULL_VERSION/bin/$FILENAME.tar.gz
tar zxf $FILENAME.tar.gz
rm -f $FILENAME.tar.gz
ln -s $FILENAME tomcat
mv /webapp/home/tomcat/conf/ /webapp/base/instance/
mv /webapp/home/tomcat/webapps/ /webapp/base/instance/
rm -rf /webapp/base/instance/webapps/examples
exit

Set Hashed Passwords

To populate the tomcat-users.xml file, create a hashed password 

set +o history
/webapp/home/tomcat/bin/digest.sh -a sha-256 PASSWORD
set -o history

A working example is 

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">
  <user name="webadm" password="f839eb86e44b568c99e9877ea138a0cebac6927fda3ecb26b2e60dfdedaf7314" roles="admin-gui,manager-script,manager-gui,manager" />
</tomcat-users>

Take this password and use it to create

Tell server.xml to use digested passwords 

sed -i "s/resourceName=\"UserDatabase\"/resourceName=\"UserDatabase\"\ digest=\"sha-256\"/g" /webapp/base/instance/conf/server.xml

Create init Script

cat > /etc/init.d/tomcat <<'END_OF_TEXT'
#!/bin/bash
# chkconfig: 2345 95 20
# description: Script to Start Stop Restart Tomcat
JAVA_HOME=/opt/java/default; export JAVA_HOME
PATH=$JAVA_HOME/bin:$PATH; export PATH
TOMCAT_USER=webapp; export TOMCAT_USER
TOMCAT_HOME=/webapp/home/tomcat/bin; export TOMCAT_HOME
CATALINA_BASE=/webapp/base/instance; export CATALINA_BASE
CATALINA_HOME=/webapp/home/tomcat; export CATALINA_HOME
CATALINA_TMPDIR=/webapp/base/instance/temp; export CATALINA_TMPDIR
JAVA_OPTS="-Duser.language=en -Duser.region=GB -Xms512m -Xmx2048m"; export JAVA_OPTS

case $1 in
start)
  if [[ $UID -eq 3200 ]]; then
    $TOMCAT_HOME/startup.sh
  else
    /bin/su tomcat $TOMCAT_HOME/startup.sh
  fi
;;
stop)
  if [[ $UID -eq 3200 ]]; then
    $TOMCAT_HOME/shutdown.sh
  else
    /bin/su tomcat $TOMCAT_HOME/shutdown.sh
  fi
;;
restart)
  if [[ $UID -eq 3200 ]]; then
    $TOMCAT_HOME/shutdown.sh
    $TOMCAT_HOME/startup.sh
  else
    /bin/su tomcat $TOMCAT_HOME/shutdown.sh
    /bin/su tomcat $TOMCAT_HOME/startup.sh
  fi
;;
*)
echo "Usage tomcat {start|stop|restart}"
esac
exit 0

Install the init script 

chown root:root /etc/init.d/tomcat
chmod 755 /etc/init.d/tomcat
chkconfig --add tomcat
chkconfig tomcat on

Bear in mind that when fully loaded with our web applications, Tomcat takes about two and a half minutes to start up fully even though the start up script seems to run in under a second. You can track the progress in the /webapp/base/instance/logs/catalina*.log

Setup conf Directory

Edit catalina.policy and add the following to the CATALINE CODE PERMISSIONS section at line 88.

Replace 

        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        permission java.util.PropertyPermission "catalina.base", "read";

with 

        permission java.util.PropertyPermission "java.util.logging.config.class", "read";
        permission java.util.PropertyPermission "java.util.logging.config.file", "read";
        permission java.util.PropertyPermission "catalina.base", "read";
        permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.CONFIG", "read";
        permission java.util.PropertyPermission "org.apache.juli.logging.UserDataHelper.SUPPRESSION_TIME", "read";

Edit server.xml 

sed -i "s/logs/logs\/tomcat/g" /webapp/base/instance/conf/server.xml
NEWPASSWD=4Hud97Ubw
sed -i "s/SHUTDOWN/$NEWPASSWD/g" /webapp/base/instance/conf/server.xml

Edit logging.properties 

sed -i "s/\${catalina.base}\/logs/\${catalina.base}\/logs\/tomcat/g" /tomcat/base/instance/conf/logging.properties

Edit web.xml and add the following at the end of the file just before the </web-app> line. 

    <error-page>
        <exception-type>java.lang.Throwable</exception-type>
        <location>/error.jsp</location>
    </error-page>

    <!-- Disable unsecure access to manager -->
    <user-data-constraint>
        <transport-guarantee>CONFIDENTIAL</transport-guarantee>
    </user-data-constraint>
    <security-constraint>
        <web-resource-collection>
            <web-resource-name>restricted methods</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>PUT</http-method>
            <http-method>DELETE</http-method>
            <http-method>OPTIONS</http-method>
            <http-method>TRACE</http-method>
         </web-resource-collection>
         <auth-constraint />
     </security-constraint>

Setup wars Directory

su - webapp
DIR=/webapp/base/instance/wars
mkdir -p $DIR
linux/install_tomcat.txt · Last modified: by 127.0.0.1