Changes between Initial Version and Version 1 of Public/Docs/CinnamonSetupDebian980


Ignore:
Timestamp:
Sep 11, 2019, 10:04:03 AM (2 years ago)
Author:
Administrator
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Public/Docs/CinnamonSetupDebian980

    v1 v1  
     1= Setup of a Cinnamon Server on Debian 9.8.0 (stretch)
     2> This documentation relates to Debian 9.8.0 Server (without GUI).[[br]]Particularly, it relates to a minimal Debian server VM installed from the Debian repositories on the KVM virtualization host.[[br]]The installation according to this documentation has been tested on a system of this type.
     3
     4== Installing Cinnamon Server
     5* Log in to the standard Debian 9.8.0 VM (this is a minimal installation with {{{ssh}}} as the only option).
     6> **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]).
     7* Use the {{{su}}} command to acquire root privileges.
     8* Install Java (JDK), cURL and some other useful or required tools.
     9 {{{
     10 apt-get install default-jdk curl sudo less daemontools rsync davfs2 htop zip unzip sshpass
     11 }}}
     12* Create a new group and user for tomcat.
     13 {{{
     14 groupadd tomcat
     15 useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat
     16 mkdir /opt/tomcat
     17 }}}
     18 * The home directory of this account is set to {{{/opt/tomcat}}}.
     19 * The shell of this account is set to {{{/bin/false}}}, so logging on is not possible.
     20* Download and extract tomcat.
     21 {{{
     22 cd /tmp
     23 curl -O https://archive.apache.org/dist/tomcat/tomcat-8/v8.5.38/bin/apache-tomcat-8.5.38.tar.gz
     24 tar xzvf apache-tomcat-8.5.38.tar.gz -C /opt/tomcat --strip-components=1
     25 chgrp -R tomcat /opt/tomcat
     26 cd /opt/tomcat
     27 chown -R tomcat webapps/ work/ temp/ logs/
     28 chmod -R g+r conf
     29 chmod g+x conf
     30 chmod -R g+rw logs
     31 }}}
     32* Create a Tomcat service.
     33 * Create the service file.
     34  {{{
     35  nano /etc/systemd/system/tomcat.service
     36  }}}
     37 * Paste the following code into the file:
     38  {{{
     39  [Unit]
     40  Description=Apache Tomcat Web Application Container
     41  After=network.target
     42
     43  [Service]
     44  Type=forking
     45
     46  Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
     47  Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
     48  Environment=CATALINA_HOME=/opt/tomcat
     49  Environment=CATALINA_BASE=/opt/tomcat
     50  Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'
     51
     52  ExecStart=/opt/tomcat/bin/startup.sh
     53  ExecStop=/opt/tomcat/bin/shutdown.sh
     54
     55  User=tomcat
     56  Group=tomcat
     57  UMask=0007
     58  RestartSec=10
     59  Restart=always
     60
     61  [Install]
     62  WantedBy=multi-user.target
     63  }}}
     64 * Save and close the file.
     65* Start and test Tomcat.
     66 {{{
     67 systemctl daemon-reload
     68 systemctl start tomcat
     69 systemctl status tomcat
     70 }}}
     71 Alternatively, you can use the following syntax to control the tomcat service:
     72 {{{
     73 service tomcat start
     74 service tomcat stop
     75 service tomcat status
     76 }}}
     77* Stop tomcat.
     78 {{{
     79 service tomcat stop
     80 }}}
     81* Install PostgreSQL database.
     82 {{{
     83 apt-get install postgresql
     84 }}}
     85* Set password for user {{{postgres}}}.
     86> **NOTE:** This is required for backup and restore.
     87 {{{
     88 sudo -u postgres psql template1
     89 ALTER USER postgres PASSWORD 'myPassword';
     90 \q
     91 }}}
     92* Create a database user {{{cinnamon}}}.
     93 * Start the user creation program.
     94  {{{
     95  sudo -u postgres createuser --interactive
     96  }}}
     97 * Answer the questions as follows:
     98||=**Question** =||=**Answer** =||
     99||Enter the name of the role to add: ||{{{cinnamon}}} ||
     100||Shall the new role be a superuser? ||{{{n}}} ||
     101||Shall the new role be allowed to create databases? ||{{{n}}} ||
     102||Shall the new role be allowed to create more new roles? ||{{{n}}} ||
     103 * Set a password for the user.
     104 > **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]).
     105  {{{
     106  sudo -u postgres psql
     107  ALTER USER "cinnamon" WITH PASSWORD 'new_password';
     108  \q
     109  }}}
     110* Assign password to user cinnamon and add it to the tomcat group.
     111> **IMPORTANT:** Choose a safe password on production systems (see [#ref1 (1)]).
     112 {{{
     113 useradd -g tomcat -d /opt/cinnamon cinnamon
     114 passwd cinnamon
     115 mkdir /opt/cinnamon
     116 }}}
     117* Create a file {{{/opt/tomcat/bin/setenv.sh}}} and paste the following content into it:
     118 {{{
     119 export CATALINA_OPTS="$CATALINA_OPTS -Xms32m"
     120 export CATALINA_OPTS="$CATALINA_OPTS -Xmx4g"
     121 export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxPermSize=256m"
     122 export CATALINA_OPTS="$CATALINA_OPTS -XX:MaxGCPauseMillis=750"
     123 export CATALINA_OPTS="$CATALINA_OPTS -XX:GCTimeRatio=9"
     124 export CATALINA_OPTS="$CATALINA_OPTS -server"
     125 export CATALINA_OPTS="$CATALINA_OPTS -XX:+DisableExplicitGC"
     126 export CINNAMON_HOME_DIR="/opt/cinnamon/cinnamon-system"
     127 }}}
     128* Set the permissions to the file {{{/opt/tomcat/setenv.sh}}}.
     129 {{{
     130 chmod ug+x /opt/tomcat/bin/setenv.sh
     131 }}}
     132* Pull files from the proxy to the VM.
     133> **NOTE:** This is specific to the texolution hosting environment. In other environments, the files must be provided in an appropriate way. A download package for the resources needed to install Cinnamon Server will be provided soon.
     134 {{{
     135 scp install@<proxy ip>:/home/install/content.sql.gz /root
     136 scp install@<proxy ip>:/home/install/content.tar.gz /root
     137 scp install@<proxy ip>:/home/install/cinnamon.war /root
     138 gunzip /root/content.sql.gz
     139 }}}
     140* Restore the content files.
     141 {{{
     142 mkdir /opt/cinnamon/cinnamon-data
     143 mkdir /opt/cinnamon/cinnamon-data/index
     144 tar xf /root/content.tar.gz -C /opt/cinnamon/cinnamon-data
     145 }}}
     146* Move the {{{content}}} folder directly under {{{cinnamon-data}}}.
     147* Create database and import SQL dump.
     148 {{{
     149 sudo -u postgres psql template1
     150 create database content with owner=cinnamon;
     151 \q
     152 sudo -u postgres psql content < /root/content.sql
     153 }}}
     154* Restore the configuration files.
     155 {{{
     156 mkdir /opt/cinnamon/cinnamon-system
     157 mkdir /opt/cinnamon/cinnamon-system/global
     158 mkdir /opt/cinnamon/cinnamon-system/global/log
     159 mkdir /opt/cinnamon/cinnamon-backup
     160 }}}
     161* Change the owner and permissions of the Cinnamon directories.
     162 {{{
     163 cd /opt/cinnamon
     164 chown -R cinnamon:tomcat cinnamon-data
     165 chown -R cinnamon:tomcat cinnamon-system
     166 chown -R cinnamon:tomcat cinnamon-backup
     167 chmod -R 770 cinnamon-data
     168 chmod -R 770 cinnamon-system
     169 chmod -R 770 cinnamon-backup
     170 }}}
     171* Flag all objects and folders in the repository to be indexed.
     172 {{{
     173 sudo -u cinnamon psql -d content
     174 insert into index_jobs select id,false,'cinnamon.ObjectSystemData',id from objects;
     175 insert into index_jobs select id,false,'cinnamon.Folder',id from folders;
     176 \q
     177 }}}
     178* Move {{{cinnamon.war}}}
     179 {{{
     180 mv /root/cinnamon.war /opt/tomcat/webapps
     181 }}}
     182* Set Tomcat service to start automatically.
     183 {{{
     184 systemctl enable tomcat
     185 }}}
     186* Start Tomcat.
     187 {{{
     188 service tomcat start
     189 }}}
     190
     191== Installing Cinnamon Asynchronous Engine (CAE)
     192* Create a new group and user for CAE.
     193 {{{
     194 groupadd cae
     195 useradd -s /bin/bash -g cae -d /opt/cae cae
     196 mkdir /opt/cae
     197 }}}
     198 * The home directory of this account is set to {{{/opt/cae}}}.
     199 * The shell of this account is set to {{{/bin/bash}}}. For debugging purposes, it is useful to log on as the CAE user and run CAE from the shell.
     200 * Optionally, the shell can be set to {{{/bin/false}}}, disabling login as CAE user. Instead, testing can be performed as root.
     201* Unzip the file {{{cae.zip}}} to {{{/opt/cae}}}.
     202* Install dependencies, particularly mono from their repository (instead of the Debian packages).
     203 {{{
     204 apt-get install apt-transport-https dirmngr gnupg ca-certificates
     205 apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
     206 echo "deb https://download.mono-project.com/repo/debian stable-stretch main" | sudo tee /etc/apt/sources.list.d/mono-official-stable.list
     207 apt update
     208 apt-get install mono-complete ca-certificates-mono imagemagick
     209 }}}
     210* Configure CAE.
     211 * Edit the configuration file.
     212  {{{
     213  nano /opt/cae/bin/CinnamonAsynchronousEngine.config.xml
     214  }}}
     215 * Set the user credentials.
     216 > **NOTE:** Details will follow.
     217* Transfer folder structure to user {{{cae}}}.
     218 {{{
     219 chgrp -R cae /opt/cae
     220 chown -R cae /opt/cae
     221 chmod -R 770 /opt/cae
     222 }}}
     223* Set owner and permission to script.
     224 {{{
     225 chgrp cae /opt/cae/bin/cae.sh
     226 chown cae /opt/cae/bin/cae.sh
     227 chmod a+x /opt/cae/bin/cae.sh
     228 }}}
     229* Set the script to be automatically started, and restarted when it exits (for any reason).
     230 * Copy {{{cae.sh}}} to {{{run}}}.
     231  {{{
     232  cp /opt/cae/bin/cae.sh /opt/cae/bin/run
     233  }}}
     234 * Create the {{{crontab}}}.
     235  {{{
     236  crontab -e
     237  }}}
     238 * Append the following code at the end of the crontab.
     239 > 120 seconds sleep time is on the safe side. On most systems, much shorter times work safely, e. g. 30 seconds. If the sleep time is too short, the process may fail to start correctly, so do not configure this value too small.
     240  {{{
     241  @reboot sleep 120; supervise /opt/cae/bin
     242  }}}
     243 * Save and close the file.
     244
     245== Backup
     246Cinnamon itself does not contain a backup mechanism, since all data is contained in the PostgreSQL database and the content files. Both can be backed up with operation system or database standard means.
     247
     248The backup configuration in detail depends on the system environment and the available backup target.
     249
     250A sample configuration, using {{{rsync}}} to copy the content and the standard database dump utility to backup the database can be found in reference [#ref2 (2)]. The configuration described there is successfully used in several production systems and has the advantage to avoid huge content transfer every night due to the differential {{{rsync}}} function.
     251
     252== References
     253
     254* [=#ref1 (1)] [wiki:Public/Docs/SafePasswords Safe passwords]
     255* [=#ref2 (2)] [wiki:Public/Docs/CinnamonBackupRestore Backup and restore of a Cinnamon repository]