Versions Compared

Old Version 1

changes.mady.by.user Thomas Amsler

Saved on

compared with

New Version 2

changes.mady.by.user Thomas Amsler

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Create a sakai user. Sakai user's home directory is at:
    • /ucd/opt/sakai
  • Make sure that you have the following packages installed: (Installed them in /usr/local) Java 1/ucd/pkg/ and create soft links to /ucd/opt/)
    • ln -s /ucd/pkg/j2sdk1.4.2Maven _10 /ucd/opt/java
    • ln -s /ucd/pkg/maven-1.0.2 Ant /ucd/opt/maven
    • ln -a /ucd/pkg/apache-ant-1.6.5 /ucd/opt/ant
    • Subversion client (You can also download the source code without having Subversion installed)
  • Getting Tomcat (Installing tomcat in /homeucd/sakai/localpkg)
    No Format
    cd /homeucd/sakai/localpkg

wget http://apache.forbigweb.com/tomcat/tomcat-5/v5.5.12/bin/apache-tomcat-5.5.12.tar.gz

wget http://apache.forbigweb.com/tomcat/tomcat-5/v5.5.12/bin/apache-tomcat-5.5.12-compat.tar.gz

tar xvzf apache-tomcat-5.5.12.tar.gz

tar xvzf apache-tomcat-5.5.12-compat.tar.gz

ln -s /ucd/pkg/apache-tomcat-5.5.12 /ucd/opt/tomcat
  • Setting environment variables
    No Format
    setenv  ANT_HOME        /usrucd/localopt/ant
setenv  JAVA_HOME       /usrucd/localopt/java
setenv  MAVEN_HOME      /usrucd/localopt/maven
setenv  CATALINA_HOME   ${HOME}/local/ucd/opt/tomcat
  • Configure Tomcat
    • Edit /homeucd/sakai/localopt/tomcat/conf/server.xml
      No Format
      Replace:
<Connector port="8080" maxHttpHeaderSize="8192"
	maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
	enableLookups="false" redirectPort="8443" acceptCount="100"
	connectionTimeout="20000" disableUploadTimeout="true" />

With:
<Connector port="8080" maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
	enableLookups="false" redirectPort="8443" acceptCount="100"
	debug="0" connectionTimeout="20000" disableUploadTimeout="true"
	URIEncoding="UTF-8"/>
  • Make sure that tomcat's ROOT webapp redirects to sakai
    No Format
    Create this file: /homeucd/sakai/localopt/tomcat/webapps/ROOT/index.html

With this content:
<html>
<head>
  <meta http-equiv="refresh" content="0;url=/portal">
</head>
<body>
  redirecting to /portal ...
</body>
</html>
  • Setting up Maven
    • Create repository directory:
      No Format
      install_repo.sh $HOME/ucd/opt/sakai/.maven/repository

Create /ucd/homeopt/sakai/build.properties file with the following content:
maven.repo.remote=http://www.ibiblio.org/maven/,http://cvs.sakaiproject.org/maven/,http://horde.planetmirror.com/pub/maven/
maven.tomcat.home=/homeucd/sakaiopt/local/tomcat/
  • Getting the latest source code (As per sakai-dev list, the recommendation is to run production code off the maintenance branch)
    No Format
    
cd /ucd/opt/sakai
svn co https://source.sakaiproject.org/svn/branches/sakai_2-1 sakai-2-1-0-maint
  • Building Sakai
    No Format
    cd /homeucd/opt/sakai/sakai_2-1-0
maven sakai
  • Sakai configuration
    No Format
    Create a sakai folder
mkdir $CATALINA_HOME/ucd/opt/tocmat/sakai

Get a copy of the sakai.properties file and put it in the sakai folder
cp ~/ucd/opt/sakai/sakai_2-1-0-maint/docs/sakai.properties $CATALINA_HOME/ucd/opt/tomcat/sakai/
  • Now configure the sakai.properties file
    • e.g. Using Oracle and store content in file system
      Panel
      borderColor#ccc
      bgColor#FFFFCE
      titleBGColor#F7D6C1
      titleList of modifications made to sakai.properties
      borderStyledashed

      *serverId=stubing
      *serverUrl=http://stubing.ucdavis.edu:8080

      *username@javax.sql.BaseDataSource=SakaiUser
      *password@javax.sql.BaseDataSource=SakaiPassword
      *container.login = true

      *ui.institution = University of California, Davis
      *ui.service = Sakai@UCDavis

      *bodyPath@org.sakaiproject.service.legacy.content.ContentHostingService = /ucd/opt/tomcat/content/
      *bodyVolumes@org.sakaiproject.service.legacy.content.ContentHostingService = vol1,vol2,vol3
      *convertToFile@org.sakaiproject.service.legacy.content.ContentHostingService = true

      *provider.kerberos.auth.login.config=/ucd/opt/java/jre/lib/security/jaas.config
      *provider.kerberos.krb5.conf=/etc/krb5.conf
      *provider.kerberos.showconfig=true

      *secureweb.logoutURL=https://secureweb.ucdavis.edu/form-auth/logout?

      No Format
       
# sakai.properties - documentation

# identify your application server with a short name, unique among the servers in your cluster.
# choose a server id even if you are running a single app server
serverId=stubing

# the URL to the server, including transport, DNS name, and port, if any
serverUrl=http://stubing.ucdavis.edu:8080

# the DNS name of the server
serverName=stubing.ucdavis.edu

# the URL to send folks to after they logout
loggedOutUrl=/portal

# the default skin name, and the URL path (relative is ok) to the collection of skins
skin.default=default
skin.repo=/library/skin

# the database configuration (hsqldb, mysql or oracle) [ make sure to modify to match your particular setup ]
#vendor@org.sakaiproject.service.framework.sql.SqlService=hsqldb
#vendor@org.sakaiproject.service.framework.sql.SqlService=mysql
vendor@org.sakaiproject.service.framework.sql.SqlService=oracle

#driverClassName@javax.sql.BaseDataSource=org.hsqldb.jdbcDriver
#driverClassName@javax.sql.BaseDataSource=com.mysql.jdbc.Driver
driverClassName@javax.sql.BaseDataSource=oracle.jdbc.driver.OracleDriver

# two hsqldb: first for in-memory (no persistence between runs), second for disk based
#url@javax.sql.BaseDataSource=jdbc:hsqldb:.
#url@javax.sql.BaseDataSource=jdbc:hsqldb:${sakai.home}/db/sakai.db
#url@javax.sql.BaseDataSource=jdbc:mysql://127.0.0.1:3306/sakai?useUnicode=true&amp;characterEncoding=UTF-8
url@javax.sql.BaseDataSource=jdbc:oracle:thin:@ahab.ucdavis.edu:1521:dev

username@javax.sql.BaseDataSource=SakaiUser
password@javax.sql.BaseDataSource=SakaiPassword

#validationQuery@javax.sql.BaseDataSource=select 1 from SYSTEM_USERS

# this is good for both mysql and oracle
validationQuery@javax.sql.BaseDataSource=select 1 from DUAL

# added
hibernate.dialect=net.sf.hibernate.dialect.Oracle9Dialect
auto.ddl=true
defaultTransactionIsolationString@javax.sql.BaseDataSource=TRANSACTION_READ_COMMITTED

# For improved Oracle performance (from the University of Michigan)
validationQuery@javax.sql.BaseDataSource=
defaultTransactionIsolationString@javax.sql.BaseDataSource=
testOnBorrow@javax.sql.BaseDataSource=false


# enable presence display in the portal (true or false)
display.users.present=true

# smtp server for outgoing emails
smtp@org.sakaiproject.service.framework.email.EmailService=smtp.ucdavis.edu

# dns addresses used by James for incoming email
smtp.dns.1 = 169.237.250.250
smtp.dns.2 = 169.237.1.250

# SMTP port on which James runs.  Default is 25.  Recommend running on 8025, and using a standard mailer on 25 to forward mail to Sakai.
smtp.port = 8025

# flag to enable or disable James for incoming email (true | false)
smtp.enabled = true

# upload limit per request, in megs
content.upload.max=120

# links placed on the bottom nav - set the .count to the number of items, then add each item
bottomnav.count = 2
bottomnav.1 = <a href="https://localhost/portal/site/!gateway">Gateway</a>
bottomnav.2 = <a href="http://sakaiproject.org/cms" target="_blank">The Sakai Project</a>

# some fill-ins for the css/vm ui (Worksite Setup, Digest Service, Email notification, Worksite Setup, Contact Support, Portal)
ui.institution = University of California, Davis
ui.service = Sakai@UCDavis

# minutes to cache each security question in the SecurityService - set to 0 to disable caching.
cacheMinutes@org.sakaiproject.service.legacy.security.SecurityService = 3

# minutes to cache each site (site, page, tool) access in the SiteService - set to 0 to disable caching.
cacheMinutes@org.sakaiproject.service.legacy.site.SiteService = 3

# minutes to cache each user access in the UserDirectoryService - set to 0 to disable caching.(0 is the default)
#cacheMinutes@org.sakaiproject.service.legacy.user.UserDirectoryService = 3

# minutes between checks of the user cache for cleaning expired entries - set to 0 to disable caching (0 is the default)
#cacheCleanerMinutes@org.sakaiproject.service.legacy.user.UserDirectoryService = 15

# sessions expire if nothing happens in this many seconds (1 hour)
inactiveInterval@org.sakaiproject.api.kernel.session.SessionManager=3600

# presence expires if not refreshed in this many seconds
timeoutSeconds@org.sakaiproject.service.legacy.presence.PresenceService=60

# root of archive file system area - used to write archive files and to read them
# when clustering app servers, this should be a shared network location
storagePath@org.sakaiproject.service.legacy.archive.ArchiveService = ${sakai.home}/archive/

#copyright text to appear in the bottom area of each web page.
bottom.copyrighttext=(c) 2003, 2004, 2005 sakaiproject.org. All rights reserved.

# to let the container handle login or not (set to true for single-signon type setups, false for just internal login)
container.login = true

# the file system root for content hosting's external stored files (default is null, i.e. store them in the db)
# see the readme file (2.2.7 File Based Content Hosting) for more details
bodyPath@org.sakaiproject.service.legacy.content.ContentHostingService = ${sakai.home}/content/

# when storing content hosting's body bits in files, an optional set of folders just within the bodyPath -
# to act as volumes to distribute the files among - a comma separate list of folders.  If left out, no volumes will be used.
# see the readme file (2.2.7 File Based Content Hosting) for more details
bodyVolumes@org.sakaiproject.service.legacy.content.ContentHostingService = vol1,vol2,vol3

# convert to use file system rather than db
convertToFile@org.sakaiproject.service.legacy.content.ContentHostingService = true

# to disable list of appreance/icon with "edit site information" for course sites. (set as true to display only default appearance)
#disable.course.site.skin.select=true

# force all URLs out of Sakai back to Sakai to be secure, i.e. to use https, on this port.  Leave out to respond with the same transport as the request.
#  Otherwise, the URLs will reflect the attributes of the request URL. (443 | 8443 | or any other port) [defaults to missing]
#force.url.secure=443

#to run JGroups across subnets sending multiple unicast messages
#props@org.sakaiproject.service.legacy.event.EventTrackingService=TCP(start_port=7800):\
#    TCPPING(initial_hosts=localhost[7800];port_range=5;timeout=3000;num_initial_members=3;up_thread=true;down_thread=true):\
#    pbcast.NAKACK(down_thread=true;up_thread=true;gc_lag=100;retransmit_timeout=3000):\
#    VERIFY_SUSPECT(timeout=1500;down_thread=false;up_thread=false):\
#    pbcast.STABLE(desired_avg_gossip=20000):\
#    pbcast.GMS(join_timeout=5000;join_retry_timeout=2000;shun=false;print_local_addr=false;down_thread=true;up_thread=true)

# indicates whether users should see "Show Other Sites" twiggle in list mode of resources tool
resources.show.all.collections=true

# indicates whether users should see "Show Other Sites" twiggle in list mode of dropbox tool
resources.show_all_collections.dropbox = false
# indicates whether users should see "Show Other Sites" twiggle in list mode of filr picker
resources.show_all_collections.helper = true
# indicates whether users should see "Show Other Sites" twiggle in list mode of resources tool
resources.show_all_collections.tool = true

#the location (url) of the accessibility info
#accessibility.url=

#UCD specific parameters
provider.kerberos.auth.login.config=/ucd/opt/java/jre/lib/security/jaas.config
provider.kerberos.krb5.conf=/etc/krb5.conf
provider.kerberos.showconfig=true
secureweb.logoutURL=https://secureweb.ucdavis.edu/form-auth/logout?
  • Creating an "archive" and "content" directory
    No Format
    mkdir $CATALINA_HOME/ucd/opt/tomcat/sakai/content
mkdir $CATALINA_HOME/ucd/opt/tomcat/sakai/archive
  • Make sure that you get the Oracle JDBC driver and copy it to $CATALINA_HOME/ucd/opt/tomcat/common/lib
  • JVM tuning
    No Format
    setenv  JAVA_OPTS  "-server -Xms1500m -Xmx1500m -XX:PermSize=16m -XX:MaxPermSize=128m -verbose:gc -XX:+PrintGCDetails -XX:+PrintGCTimeStamps"

...

  • Enabling SSL on Tomcat, so that WebDav passwords are encrypted
    **Create Certificate
    No Format
    cd /usrucd/localopt/java/bin
keytool -genkey -alias tomcat -keyalg RSA -keystore /etc/keystore -storepass mysecretpass
    **Update Tomcat's server.xml to enable SSL
    No Format
    update the SSL Connection to have the following attributes:
SSLProtocol, keystoreType, keystoreFile, and keystorePass (see below)
<Connector port="6443" 
         maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
         enableLookups="false" disableUploadTimeout="true"
         acceptCount="100" debug="0" scheme="https" secure="true"
         clientAuth="false" sslProtocol="TLS" keystoreType="JKS"
         keystoreFile="/etc/.keystore" keystorePass="mysecretpass"/>
    **Restart Tomcat with the given port number specified. You can choose to turn off port 8080, or keep it open and do redirection via Apache.

    System Related Setup

  • Tomcat start on boot
    No Format
    in /etc/rc.d/ edit rc.local
========================================================================
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

# Source function library.
. /etc/rc.d/init.d/functions

action "Starting Tomcat: " su -c '/etc/rc.d/tomcat.sh' sakai
========================================================================


in /etc/rc.d/ create the tomcat.sh file
========================================================================
#!/bin/sh

/homeucd/sakai/localopt/tomcat/bin/startup.sh
========================================================================
  • Configure iptables so that we can use/run sakai's mail system as the sakai user
    No Format
    # Generated by iptables-save v1.2.8 on Thu Sep  9 14:43:05 2004
*nat
:PREROUTING ACCEPT [510:80231]
:POSTROUTING ACCEPT [12:2548]
:OUTPUT ACCEPT [12:2548]
-A PREROUTING -i eth0 -p tcp -m tcp --dport 25 -j REDIRECT --to-ports 8025
-A PREROUTING -i eth0 -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [74067:26067969]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
-A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type 255 -j ACCEPT
-A RH-Firewall-1-INPUT -p esp -j ACCEPT
-A RH-Firewall-1-INPUT -p ah -j ACCEPT
-A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp -s 169.237.970.0/2416 --dport 22 -j ACCEPT
-A RH-Firewall-1-INPUT -p udp -m state --state NEW -m udp -s 169.237.0.0/16 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8025 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Thu Sep  9 14:43:05 2004