Note |
---|
Work in progress |
This is the group management app that we intent to use for all our federation plansgroup management.
I want to We will run this on a an Ubuntu VM. Since Lucid is just around the corner and the beta seems to work OK, I will try to get grouper to work on Lucid.
The old Ubuntu Hardy does not have tomcat6 either12.04 VM.
I would like to stick as much as possible to Ubuntu provided packages (no manual source compilation), yet also try to stick with the stuff that the I2 guys have experience with (Tomcat, Sun Java, MySQL).
The Sun apps used to be in multiverse in Hardy, but they seem to have moved to a more fenced-off repository called 'partner'. See /etc/apt/sources.list
on how to enable that. If you try to install sun-java6-jdk
without it you'll get this warning:
No Format |
---|
Package sun-java6-jdk is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
E: Package sun-java6-jdk has no installation candidate |
After enabling the partner repository you can install the needed packages (this will also pull down all the depending packages). The resulting syste
apt-get install sun-java6-jdk tomcat6 tomcat6-admin ant libmysql-java mysql-server
The grouper quickstart already hung because of not enough memory it seems, fixed by putting this in /etc/default/tomcat6
:
Code Block |
---|
JAVA_OPTS="-Djava.awt.headless=true -Xms256m -Xmx512m -XX:MaxPermSize=256m"
|
, preferably the latest versions of everything. Confirmed on the list that Grouper can run fine with OpenJDK, so no need for the Sun Oracle Java stuff any more (which was tedious to install and update since Oracle ended their Operating System Distributor License for Java in August 2011). So, at the moment it looks like we're going to use:
- Tomcat 6.0.35 (v7 does not work with Grouper - yet)
- PostgreSQL 9.1.4
- Ant 1.8.2
- OpenJDK 7u3
To page described how to get all various components installed and running on a pristine Ubuntu 12.04 system.
Grouper core
This is the core, and consists of a database and the grouper/
directory in the repository - which is downloaded later.
Code Block |
---|
apt-get install --no-install-recommends subversion postgresql libpgjava tomcat6 openjdk-7-jdk ant |
Remove the old JRE:
Code Block |
---|
apt-get purge openjdk-6-jre-headless |
Now download the source code, in this case we're fetching the latest version of the 2.1 branch, and stick that under /opt
:
Code Block |
---|
cd /opt
svn co http://anonsvn.internet2.edu/svn/i2mi/tags/GROUPER_2_1_BRANCH/ |
Create the PostgreSQL database and credentials:
Code Block |
---|
sudo su - postgres
createuser -D -I -R -S -P grouper_user
createdb -O grouper_user -T template0 grouper
exit |
Because we run our databases on IPv6 only, we have to edit /etc/postgresql/9.1/main/postgresql.conf
to list:
Code Block |
---|
listen_addresses = '::' |
Copy the default hibernate config file:
Code Block |
---|
cd /opt/GROUPER_2_1_BRANCH/grouper/conf
cp grouper.hibernate.example.properties grouper.hibernate.properties |
and edit accordingly. Note that the values should not be enclosed in quotes:
Code Block | ||
---|---|---|
| ||
# Example:
hibernate.connection.url = jdbc:postgresql://ip6-localhost:5432/grouper
hibernate.connection.username = grouper_user
hibernate.connection.password = hackme |
Change all (6) occassions of the version string "1.5" into "1.7" in build.xml:
Code Block | ||
---|---|---|
| ||
sed -i -e 's/"1\.5"/"1.7"/g' build.xml |
Symlink the database driver:
Code Block |
---|
ln -s /usr/share/java/postgresql-jdbc4.jar /opt/GROUPER_2_1_BRANCH/grouper/lib/custom/ |
Compile sources:
Code Block |
---|
cd /opt/GROUPER_2_1_BRANCH/grouper
ant dist |
Create the database structure:
Code Block |
---|
bin/gsh.sh -registry -runscript |
Check if this went OK:
Code Block |
---|
bin/gsh.sh -registry -check |
Run the tests. This is an extensive test suite - on a powerful VM it took me about one hour:
Code Block |
---|
bin/gsh.sh -test -all |
No errors should be reported in the end.
Configure the subject source(s)
At this stage the database structure is in place to manage groups, but obviously you need something to group .
Often you'll want to group users together. In Grouper-speak users are called subjects.
Grouper needs to know about the subjects before it can group them. This is done by configuring one or more subject sources.
There are several options: let Grouper look stuff up in a directory, an SQL database, etc, depending on the local situation.
Our users subjects are stored in a PostgreSQL database on a remote server. I created a dedicated view in the database, just for Grouper, which is handy because you can add whatever you like, without affecting the rest of the database.
User interface
This is the web interface that comes as another java app, and sits in /grouper-ui
of the repository.
First change the version statement to 1.7 to make sure it works with JDK1.7:
Code Block | ||
---|---|---|
| ||
cd /opt/GROUPER_2_1_BRANCH/grouper-ui
sed -i -e 's/"1\.5"/"1.7"/g' build.xml |
Compile the app:
Code Block |
---|
ant dist |
Create a file /etc/tomcat6/Catalina/localhost/grouper.xml
with this content:
Code Block | ||
---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8"?>
<Context
path="/grouper"
docBase="/opt/GROUPER_2_1_BRANCH/grouper-ui/dist/grouper"
reloadable="false"
/> |
Edit /etc/tomcat6/tomcat-users.xml
so that there is a user called GrouperSystem, with a secure password:
Code Block | ||
---|---|---|
| ||
<tomcat-users>
<role rolename="grouper_user"/>
<user username="GrouperSystem" password="hackme" roles="grouper_user"/>
</tomcat-users> |
Change the permissions on the logging directory:
Code Block |
---|
chown tomcat6:tomcat6 /opt/GROUPER_2_1_BRANCH/grouper/logs |
Restart tomcat
Code Block |
---|
service tomcat6 restart |
You should now be able to go to http://<yourservername>:8080/grouper-ui/
and log in.
Apache
This is optional, but good practise for security considerations. All the JAVA stuff can run on unprivileged ports, and apache faces the internet.
Code Block |
---|
cd /etc/apache2
a2enmod proxy_ajp
|
Configure SSL certificates etc
TO BE CONTINUED
...