Changes between Initial Version and Version 1 of Public/Docs/CinnamonSetupDebian1010


Ignore:
Timestamp:
Sep 16, 2019, 2:03:48 PM (5 years ago)
Author:
Administrator
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Public/Docs/CinnamonSetupDebian1010

    v1 v1  
     1= Setup of a Cinnamon Server on Debian 10.1.0 (buster)
     2> **NOTE:** This documentation is currently under construction.
     3
     4> This documentation relates to Debian 10.1.0 Server (without GUI).[[br]]Particularly, it relates to a minimal Debian server VM installed from the Debian repositories on the KVM virtualization host.[[br]]The installation according to this documentation has been tested on a system of this type.
     5
     6== Installing Cinnamon Server
     7* Log in to the standard Debian 10.1.0 VM (this is a minimal installation with {{{ssh}}} as the only option).
     8> **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]).
     9* Use the {{{su}}} command to acquire root privileges.
     10* Install Java (JDK), cURL and some other useful or required tools.
     11 {{{
     12 apt-get install default-jdk curl sudo less daemontools rsync davfs2 htop zip unzip sshpass
     13 }}}
     14* Create a new group and user for tomcat.
     15 {{{
     16 groupadd tomcat
     17 useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
     18 mkdir /opt/tomcat
     19 }}}
     20 * The home directory of this account is set to {{{/opt/tomcat}}}.
     21 * The shell of this account is set to {{{/bin/false}}}, so logging on is not possible.
     22* Download and extract tomcat.
     23 {{{
     24 cd /tmp
     25 curl -O https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.38/bin/apache-tomcat-8.5.38.tar.gz
     26 tar xzvf apache-tomcat-8.5.38.tar.gz -C /opt/tomcat --strip-components=1
     27 chgrp -R tomcat /opt/tomcat
     28 cd /opt/tomcat
     29 chown -R tomcat webapps/ work/ temp/ logs/
     30 chmod -R g+r conf
     31 chmod g+x conf
     32 chmod -R g+rw logs
     33 }}}
     34* Create a Tomcat service.
     35 * Create the service file.
     36  {{{
     37  nano /etc/systemd/system/tomcat.service
     38  }}}
     39 * Paste the following code into the file:
     40  {{{
     41  [Unit]
     42  Description=Apache Tomcat Web Application Container
     43  After=network.target
     44
     45  [Service]
     46  Type=forking
     47
     48  Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
     49  Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
     50  Environment=CATALINA_HOME=/opt/tomcat
     51  Environment=CATALINA_BASE=/opt/tomcat
     52  Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
     53
     54  ExecStart=/opt/tomcat/bin/startup.sh
     55  ExecStop=/opt/tomcat/bin/shutdown.sh
     56
     57  User=tomcat
     58  Group=tomcat
     59  UMask=0007
     60  RestartSec=10
     61  Restart=always
     62
     63  [Install]
     64  WantedBy=multi-user.target
     65  }}}
     66 * Save and close the file.
     67* Start and test Tomcat.
     68 {{{
     69 systemctl daemon-reload
     70 systemctl start tomcat
     71 systemctl status tomcat
     72 }}}
     73 Alternatively, you can use the following syntax to control the tomcat service:
     74 {{{
     75 service tomcat start
     76 service tomcat stop
     77 service tomcat status
     78 }}}
     79* Stop tomcat.
     80 {{{
     81 service tomcat stop
     82 }}}
     83* Install PostgreSQL database.
     84 {{{
     85 apt-get install postgresql
     86 }}}
     87* Set password for user {{{postgres}}}.
     88> **NOTE:** This is required for backup and restore.
     89 {{{
     90 sudo -u postgres psql template1
     91 ALTER USER postgres PASSWORD 'myPassword';
     92 \q
     93 }}}
     94* Create a database user {{{cinnamon}}}.
     95 * Start the user creation program.
     96  {{{
     97  sudo -u postgres createuser --interactive
     98  }}}
     99 * Answer the questions as follows:
     100||=**Question** =||=**Answer** =||
     101||Enter the name of the role to add: ||{{{cinnamon}}} ||
     102||Shall the new role be a superuser? ||{{{n}}} ||
     103||Shall the new role be allowed to create databases? ||{{{n}}} ||
     104||Shall the new role be allowed to create more new roles? ||{{{n}}} ||
     105 * Set a password for the user.
     106 > **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]).
     107  {{{
     108  sudo -u postgres psql
     109  ALTER USER "cinnamon" WITH PASSWORD 'new_password';
     110  \q
     111  }}}
     112* Assign password to user cinnamon and add it to the tomcat group.
     113> **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]).
     114 {{{
     115 useradd -g tomcat -d /opt/cinnamon cinnamon
     116 passwd cinnamon
     117 mkdir /opt/cinnamon
     118 }}}
     119* Create a file {{{/opt/tomcat/bin/setenv.sh}}} and paste the following content into it:
     120 {{{
     121 export CATALINA_OPTS="$CATALINA_OPTS -Xms32m"
     122 export CATALINA_OPTS="$CATALINA_OPTS -Xmx4g"
     123 export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxPermSize=256m"
     124 export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxGCPauseMillis=750"
     125 export CATALINA_OPTS="$CATALINA_OPTS -XX:GCTimeRatio=9"
     126 export CATALINA_OPTS="$CATALINA_OPTS -server"
     127 export CATALINA_OPTS="$CATALINA_OPTS -XX:+DisableExplicitGC"
     128 export CINNAMON_HOME_DIR="/opt/cinnamon/cinnamon-system"
     129 }}}
     130* Set the permissions to the file {{{/opt/tomcat/setenv.sh}}}.
     131 {{{
     132 chmod ug+x /opt/tomcat/bin/setenv.sh
     133 }}}
     134* Pull files from the proxy to the VM.
     135> **NOTE:** This is specific to the texolution hosting environment. In other environments, the files must be provided in an appropriate way. A download package for the resources needed to install Cinnamon Server will be provided soon.
     136 {{{
     137 scp install@<proxy ip>:/home/install/content.sql.gz /root
     138 scp install@<proxy ip>:/home/install/content.tar.gz /root
     139 scp install@<proxy ip>:/home/install/cinnamon.war /root
     140 gunzip /root/content.sql.gz
     141 }}}
     142* Restore the content files.
     143 {{{
     144 mkdir /opt/cinnamon/cinnamon-data
     145 mkdir /opt/cinnamon/cinnamon-data/index
     146 tar xf /root/content.tar.gz -C /opt/cinnamon/cinnamon-data
     147 }}}
     148* Move the {{{content}}} folder directly under {{{cinnamon-data}}}.
     149* Create database and import SQL dump.
     150 {{{
     151 sudo -u postgres psql template1
     152 create database content with owner=cinnamon;
     153 \q
     154 sudo -u postgres psql content < /root/content.sql
     155 }}}
     156* Restore the configuration files.
     157 {{{
     158 mkdir /opt/cinnamon/cinnamon-system
     159 mkdir /opt/cinnamon/cinnamon-system/global
     160 mkdir /opt/cinnamon/cinnamon-system/global/log
     161 mkdir /opt/cinnamon/cinnamon-backup
     162 }}}
     163* Change the owner and permissions of the Cinnamon directories.
     164 {{{
     165 cd /opt/cinnamon
     166 chown -R cinnamon:tomcat cinnamon-data
     167 chown -R cinnamon:tomcat cinnamon-system
     168 chown -R cinnamon:tomcat cinnamon-backup
     169 chmod -R 770 cinnamon-data
     170 chmod -R 770 cinnamon-system
     171 chmod -R 770 cinnamon-backup
     172 }}}
     173* Flag all objects and folders in the repository to be indexed.
     174 {{{
     175 sudo -u cinnamon psql -d content
     176 insert into index_jobs select id,false,'cinnamon.ObjectSystemData',id from objects;
     177 insert into index_jobs select id,false,'cinnamon.Folder',id from folders;
     178 \q
     179 }}}
     180* Move {{{cinnamon.war}}}
     181 {{{
     182 mv /root/cinnamon.war /opt/tomcat/webapps
     183 }}}
     184* Set Tomcat service to start automatically.
     185 {{{
     186 systemctl enable tomcat
     187 }}}
     188* Start Tomcat.
     189 {{{
     190 service tomcat start
     191 }}}
     192
     193== Installing Cinnamon Asynchronous Engine (CAE)
     194* Create a new group and user for CAE.
     195 {{{
     196 groupadd cae
     197 useradd -s /bin/bash -g cae -d /opt/cae cae
     198 mkdir /opt/cae
     199 }}}
     200 * The home directory of this account is set to {{{/opt/cae}}}.
     201 * The shell of this account is set to {{{/bin/bash}}}. For debugging purposes, it is useful to log on as the CAE user and run CAE from the shell.
     202 * Optionally, the shell can be set to {{{/bin/false}}}, disabling login as CAE user. Instead, testing can be performed as root.
     203* Unzip the file {{{cae.zip}}} to {{{/opt/cae}}}.
     204* Install dependencies, particularly mono from their repository (instead of the Debian packages).
     205 {{{
     206 apt-get install apt-transport-https dirmngr gnupg ca-certificates
     207 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
     208 echo "deb https://download.mono-project.com/repo/debian stable-stretch main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
     209 apt update
     210 apt-get install mono-complete ca-certificates-mono imagemagick
     211 }}}
     212* Configure CAE.
     213 * Edit the configuration file.
     214  {{{
     215  nano /opt/cae/bin/CinnamonAsynchronousEngine.config.xml
     216  }}}
     217 * Set the user credentials.
     218 > **NOTE:** Details will follow.
     219* Transfer folder structure to user {{{cae}}}.
     220 {{{
     221 chgrp -R cae /opt/cae
     222 chown -R cae /opt/cae
     223 chmod -R 770 /opt/cae
     224 }}}
     225* Set owner and permission to script.
     226 {{{
     227 chgrp cae /opt/cae/bin/cae.sh
     228 chown cae /opt/cae/bin/cae.sh
     229 chmod a+x /opt/cae/bin/cae.sh
     230 }}}
     231* Set the script to be automatically started, and restarted when it exits (for any reason).
     232 * Copy {{{cae.sh}}} to {{{run}}}.
     233  {{{
     234  cp /opt/cae/bin/cae.sh /opt/cae/bin/run
     235  }}}
     236 * Create the {{{crontab}}}.
     237  {{{
     238  crontab -e
     239  }}}
     240 * Append the following code at the end of the crontab.
     241 > 120 seconds sleep time is on the safe side. On most systems, much shorter times work safely, e. g. 30 seconds. If the sleep time is too short, the process may fail to start correctly, so do not configure this value too small.
     242  {{{
     243  @reboot sleep 120; supervise /opt/cae/bin
     244  }}}
     245 * Save and close the file.
     246
     247== Backup
     248Cinnamon itself does not contain a backup mechanism, since all data is contained in the PostgreSQL database and the content files. Both can be backed up with operation system or database standard means.
     249
     250The backup configuration in detail depends on the system environment and the available backup target.
     251
     252A sample configuration, using {{{rsync}}} to copy the content and the standard database dump utility to backup the database can be found in reference [#ref2 (2)]. The configuration described there is successfully used in several production systems and has the advantage to avoid huge content transfer every night due to the differential {{{rsync}}} function.
     253
     254== References
     255
     256* [=#ref1 (1)] [wiki:Public/Docs/SafePasswords Safe passwords]
     257* [=#ref2 (2)] [wiki:Public/Docs/CinnamonBackupRestore Backup and restore of a Cinnamon repository]