= Setup of a Cinnamon Server on Debian 10.1.0 (buster) > **NOTE:** This documentation is currently under construction. > This documentation relates to Debian 10.1.0 Server (without GUI).[[br]]Particularly, it relates to a minimal Debian server VM installed from the Debian repositories on the KVM virtualization host.[[br]]The installation according to this documentation has been tested on a system of this type. == Installing Cinnamon Server * Log in to the standard Debian 10.1.0 VM (this is a minimal installation with {{{ssh}}} as the only option). > **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]). * Use the {{{su}}} command to acquire root privileges. * Edit {{{~/.bashrc}}} and append the following line: {{{ PATH=$PATH:/usr/sbin }}} * Exit and use the {{{su}}} command again to make the previous change effective. * Install Java (JDK), cURL and some other useful or required tools. When the installer asks you, deny mounting WebDAV resources to unprivileged users. {{{ apt update apt-get install curl sudo less daemontools rsync davfs2 htop zip unzip sshpass apt-transport-https ca-certificates wget dirmngr gnupg software-properties-common wget -qO - https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public | sudo apt-key add - add-apt-repository --yes https://adoptopenjdk.jfrog.io/adoptopenjdk/deb/ apt update apt install adoptopenjdk-8-hotspot }}} * In case other Java versions had been installed on the system before (like Java 11), select Java 8 with the following command: {{{ update-alternatives --config java }}} * Create a new group and user for tomcat. {{{ groupadd tomcat useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat mkdir /opt/tomcat }}} * The home directory of this account is set to {{{/opt/tomcat}}}. * The shell of this account is set to {{{/bin/false}}}, so logging on is not possible. * Download and extract tomcat. {{{ cd /tmp curl -O https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.38/bin/apache-tomcat-8.5.38.tar.gz tar xzvf apache-tomcat-8.5.38.tar.gz -C /opt/tomcat --strip-components=1 chgrp -R tomcat /opt/tomcat cd /opt/tomcat chown -R tomcat webapps/ work/ temp/ logs/ chmod -R g+r conf chmod g+x conf chmod -R g+rw logs }}} * Create a Tomcat service. * Create the service file. {{{ nano /etc/systemd/system/tomcat.service }}} * Paste the following code into the file: {{{ [Unit] Description=Apache Tomcat Web Application Container After=network.target [Service] Type=forking Environment=JAVA_HOME=/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64/jre Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid Environment=CATALINA_HOME=/opt/tomcat Environment=CATALINA_BASE=/opt/tomcat Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom' ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh User=tomcat Group=tomcat UMask=0007 RestartSec=10 Restart=always [Install] WantedBy=multi-user.target }}} * Save and close the file. * Start and test Tomcat. {{{ systemctl daemon-reload systemctl start tomcat systemctl status tomcat }}} Alternatively, you can use the following syntax to control the tomcat service: {{{ service tomcat start service tomcat stop service tomcat status }}} * Stop tomcat. {{{ service tomcat stop }}} * Install PostgreSQL database. {{{ apt-get install postgresql }}} * Set password for user {{{postgres}}}. > **NOTE:** This is required for backup and restore. {{{ sudo -u postgres psql template1 ALTER USER postgres PASSWORD 'myPassword'; \q }}} * Create a database user {{{cinnamon}}}. * Start the user creation program. {{{ sudo -u postgres createuser --interactive }}} * Answer the questions as follows: ||=**Question** =||=**Answer** =|| ||Enter the name of the role to add: ||{{{cinnamon}}} || ||Shall the new role be a superuser? ||{{{n}}} || ||Shall the new role be allowed to create databases? ||{{{n}}} || ||Shall the new role be allowed to create more new roles? ||{{{n}}} || * Set a password for the user. > **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]). {{{ sudo -u postgres psql ALTER USER "cinnamon" WITH PASSWORD 'new_password'; \q }}} * Assign password to user cinnamon and add it to the tomcat group. > **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]). {{{ useradd -g tomcat -d /opt/cinnamon cinnamon passwd cinnamon mkdir /opt/cinnamon }}} * Create a file {{{/opt/tomcat/bin/setenv.sh}}} and paste the following content into it: {{{ export CATALINA_OPTS="$CATALINA_OPTS -Xms32m" export CATALINA_OPTS="$CATALINA_OPTS -Xmx4g" export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxPermSize=256m" export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxGCPauseMillis=750" export CATALINA_OPTS="$CATALINA_OPTS -XX:GCTimeRatio=9" export CATALINA_OPTS="$CATALINA_OPTS -server" export CATALINA_OPTS="$CATALINA_OPTS -XX:+DisableExplicitGC" export CINNAMON_HOME_DIR="/opt/cinnamon/cinnamon-system" }}} * Set the permissions to the file {{{/opt/tomcat/setenv.sh}}}. {{{ chmod ug+x /opt/tomcat/bin/setenv.sh }}} * Upload {{{cinnamon.zip}}} to {{{/home/install}}}. * Unzip the required files and move Cinnamon content and system files to the correct location: {{{ cd /home/install unzip cinnamon.zip cd cinnamon mv cinnamon-data /opt/cinnamon mv cinnamon-system /opt/cinnamon }}} * Create database and import SQL dump. {{{ sudo -u postgres psql template1 create database content with owner=cinnamon; \q sudo -u postgres psql content < /home/install/cinnamon/content.sql }}} * Change the owner and permissions of the Cinnamon directories. {{{ cd /opt/cinnamon chown -R cinnamon:tomcat cinnamon-data chown -R cinnamon:tomcat cinnamon-system chmod -R 770 cinnamon-data chmod -R 770 cinnamon-system chown -R tomcat:tomcat /opt/tomcat/webapps/cinnamon.war }}} * Edit the password settings in the config files. TODO details * Move {{{cinnamon.war}}} and change its owner. {{{ mv /home/install/cinnamon/cinnamon.war /opt/tomcat/webapps chown -R tomcat:tomcat /opt/tomcat/webapps/cinnamon.war }}} * Set Tomcat service to start automatically. {{{ systemctl enable tomcat }}} * Start Tomcat. {{{ service tomcat start }}} == Installing Cinnamon Asynchronous Engine (CAE) * Create a new group and user for CAE. {{{ groupadd cae useradd -s /bin/bash -g cae -d /opt/cae cae mkdir /opt/cae }}} * The home directory of this account is set to {{{/opt/cae}}}. * The shell of this account is set to {{{/bin/bash}}}. For debugging purposes, it is useful to log on as the CAE user and run CAE from the shell. * Optionally, the shell can be set to {{{/bin/false}}}, disabling login as CAE user. Instead, testing can be performed as root. * Unzip the file {{{cae.zip}}} to {{{/opt/cae}}}. * Install dependencies, particularly mono from their repository (instead of the Debian packages). {{{ apt-get install apt-transport-https dirmngr gnupg ca-certificates apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF echo "deb https://download.mono-project.com/repo/debian stable-stretch main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list apt update apt-get install mono-complete ca-certificates-mono imagemagick }}} * Configure CAE. * Edit the configuration file. {{{ nano /opt/cae/bin/CinnamonAsynchronousEngine.config.xml }}} * Set the user credentials. > **NOTE:** Details will follow. * Transfer folder structure to user {{{cae}}}. {{{ chgrp -R cae /opt/cae chown -R cae /opt/cae chmod -R 770 /opt/cae }}} * Set owner and permission to script. {{{ chgrp cae /opt/cae/bin/cae.sh chown cae /opt/cae/bin/cae.sh chmod a+x /opt/cae/bin/cae.sh }}} * Set the script to be automatically started, and restarted when it exits (for any reason). * Copy {{{cae.sh}}} to {{{run}}}. {{{ cp /opt/cae/bin/cae.sh /opt/cae/bin/run }}} * Create the {{{crontab}}}. {{{ crontab -e }}} * Append the following code at the end of the crontab. > 120 seconds sleep time is on the safe side. On most systems, much shorter times work safely, e. g. 30 seconds. If the sleep time is too short, the process may fail to start correctly, so do not configure this value too small. {{{ @reboot sleep 120; supervise /opt/cae/bin }}} * Save and close the file. == Backup Cinnamon itself does not contain a backup mechanism, since all data is contained in the PostgreSQL database and the content files. Both can be backed up with operation system or database standard means. The backup configuration in detail depends on the system environment and the available backup target. A sample configuration, using {{{rsync}}} to copy the content and the standard database dump utility to backup the database can be found in reference [#ref2 (2)]. The configuration described there is successfully used in several production systems and has the advantage to avoid huge content transfer every night due to the differential {{{rsync}}} function. == References * [=#ref1 (1)] [wiki:Public/Docs/SafePasswords Safe passwords] * [=#ref2 (2)] [wiki:Public/Docs/CinnamonBackupRestore Backup and restore of a Cinnamon repository]