Skip to Content
Version 54.1 by Larry Mills-Gahl on 2016/02/25 16:26
Show last authors
1 {{info}}
2 The packages will work on CentOS and RedHat Enterprise 5.x or 6.x, or Amazon Linux, with Apache httpd 2.2 or 2.4.
3 {{/info}}
4
5 Installing a deployment environment on platforms that uses RPM packages is now even easier than ever.
6
7 1. Install a JDK. You can install openjdk with Yum (//yum install java-1.6.0-openjdk//) or get the JDK from [[Oracle>>url:http://www.oracle.com/technetwork/java/index.html||shape="rect"]].
8 1. (((
9 Install the Yum repository of the WOCommunity like this:
10
11 {{code language="bash"}}
12 sudo curl -o /etc/yum.repos.d/wocommunity.repo https://raw.github.com/wocommunity/wonder/master/Utilities/Linux/wocommunity.repo
13 {{/code}}
14 )))
15 1. (((
16 Once it's done, you can use Yum to install wotaskd and JavaMonitor.
17
18 {{code language="bash"}}
19 sudo yum install wotaskd; sudo yum install womonitor;
20 {{/code}}
21 )))
22 1. (((
23 To install the module for Apache httpd 2.2, run:
24
25 {{code language="bash"}}
26 sudo yum install woadaptor
27 {{/code}}
28
29 for Apache httpd 2.4:
30
31 {{code language="bash"}}
32 sudo yum install woadaptor-httpd24
33 {{/code}}
34 )))
35 1. (((
36 If SELinux is enabled on your system, wotaskd won't be reachable due to its preventing Apache from opening TCP connections. If you're comfortable with allowing Apache to connect to any TCP ports (including external hosts), you can run the following:
37
38 {{code language="bash"}}
39 sudo setsebool -P httpd_can_network_connect=1
40 {{/code}}
41
42
43
44 Alternatively, [[Steven Klassen>>url:http://www.mrxinu.com/||rel="nofollow" shape="rect" class="external-link"]] has written a blog post ([[Custom SELinux Port Access>>url:http://www.mrxinu.com/2013/06/07/custom-selinux-port-access/||rel="nofollow" shape="rect" class="external-link"]]) that outlines how to create and install a wotaskd SELinux module that specifically allows connections to port 1085.
45 )))
46
47 And you're done! When the packages are installed, the services are started automatically. JavaMonitor will be running on port 56789. Your Project Wonder applications goes into ///opt/Local/Library/WebObjects/Applications//.
48
49 If you wish to restart wotaskd or Monitor, startup scripts are located in ///etc/init.d//. You can use the //service// tool to stop or restart them:
50
51 {{code language="bash"}}
52 sudo /sbin/service wotaskd stop
53 sudo /sbin/service womonitor stop
54
55 {{/code}}
56
57 (replace //stop// with //restart// to restart them in one step).
58
59 When Monitor is started, it will report to the console that is available at address like "ip-10-212-110-28" but that is the **internal** address of the Amazon server. The **external** address, which you must use, is available in the AWS console, and of the form "ec2-xx-vv-zz-ww.compute-1.amazonaws.com".
60
61 {{warning}}
62 Don't forget to change the password in JavaMonitor after you made the installation!
63 {{/warning}}
64
65 == Notes on CentOS 7 64/ Apache 2.4 ==
66
67 The yum repositories for deployment artifacts is a little out of date, so these instructions are based on wonder source and compiling the adaptor on the target system.
68
69 ==== Compiling the Apache Adaptor ====
70
71 {{code title="Compiling Apache 2.4 WebObjects Adaptor" language="bash"}}
72 $ sudo yum install httpd https-dev
73 $ # get the latest wonder source
74 $ git clone https://github.com/wocommunity/wonder.git
75 $ cd wonder/Utilities/Adaptors
76 $ # thanks to alextu for these commands to fix the make.config file
77 $ # (from his docker recipe)
78 $ sed -ri 's/ADAPTOR_OS = MACOS/ADAPTOR_OS = LINUX/g' make.config
79 $ sed -ri 's/ADAPTORS = CGI Apache2.2/ADAPTORS = Apache2.4/g' make.config
80 $ make
81 $ # move the compiled module to the modules directory (check your apache config
82 $ # but the default on CentOS7 is /usr/lib64/httpd/modules
83 $ cp Apache2.4/mod_WebObjects.so /usr/lib64/httpd/modules/
84 {{/code}}
85
86 ==== Configuring Apache for WebObjects ====
87
88 The standard apache.conf (found in the wonder source at wonder/Utilities/Adaptors/Apache2.4/apache.conf) should work fine. Here are a couple of modifications that worked for me:
89
90 The authorization for Apache changed between 2.2 and 2.4. If you're used to "Allow from all" or "Deny from all" you should know that Apache 2.4 syntax has changed so this is how those allows/denies work now. This is a mostly permissive structure restricting some of the verbs that are not used (We have some configs that allow PUT, DELETE, PROPFIND, etc... but they don'tcall me "Little Paranoid Larry" for nothing.
91
92 {{code title="Apache Permissions Config" language="xml"}}
93 WebObjectsAlias /cgi-bin/WebObjects
94 <Location /cgi-bin/WebObjects/>
95 <Limit GET POST OPTIONS >
96 Require all granted
97 </Limit>
98 Require all denied
99 </Location>
100 {{/code}}
101
102 ==== FirewallD ====
103
104 CentOS7 switched to using FirewallD from IP Tables. I've tried to understand firewalld and I'm actually digging it even though it's a big change from IP Tables. Useful info on Firewalld can be found at [[Linux firewalld information at Oracle>>url:http://oracle-base.com/articles/linux/linux-firewall-firewalld.php||shape="rect"]] or [[FirewallD at Fedora>>url:https://fedoraproject.org/wiki/FirewallD||shape="rect"]].
105
106 The cheat sheet commands that help get started are:
107
108 {{panel title="FirewallD Cheat Sheet"}}
109 getting help on the command line: {{code language="none"}}# firewall-cmd --help{{/code}}
110
111 checking the state of the firewall: {{code language="none"}}# firewall-cmd --state{{/code}}
112
113 panic: firewall-cmd ~-~-panic-on{{code language="none"}}# {{/code}}
114
115 stop panic:{{code language="none"}} # firewall-cmd --panic-off{{/code}}
116
117 set a service to a zone for runtime (not persistent) : {{code language="none"}}# {{/code}}{{code language="none"}}firewall-cmd --zone=public --add-service=https{{/code}}
118
119 set a service to a zone permanently: {{code language="none"}}# {{/code}}{{code language="none"}}firewall-cmd --permanent --zone=public --add-service=https{{/code}}
120
121 setup specific ports (like for WO instances) # firewall-cmd ~-~-zone=public ~-~-permanent ~-~-add-port=2000-2020/tcp{{code language="none"}}{{/code}}
122
123 reload the configuration: {{code language="none"}}# {{/code}}{{code language="none"}}firewall-cmd --reload{{/code}}
124
125 find out what services the zone thinks should be handled at runtime (or permanently) :{{code language="none"}} # {{/code}}{{code language="none"}}firewall-cmd (–permanent) --zone=public --list-services{{/code}}
126
127 go nuts and specify rules to within an inch of their lives: # firewall-cmd ~-~-permanent ~-~-zone=public ~-~-add-rich-rule="rule family="ipv4" source address="192.168.0.4/24" service name="http" accept"{{code language="none"}}{{/code}}
128 {{/panel}}
129
130
131
132 ==== SELinux ====
133
134 As is mentioned in [[https:~~/~~/wiki.wocommunity.org/display/documentation/Installing+a+deployment+environment+on+RedHat,+CentOS+or+Amazon+Linux>>doc:documentation.Installing a deployment environment on RedHat, CentOS or Amazon Linux||shape="rect"]],
135 you can open up apache to network connections using the command:
136 \\
137
138 {{code title="SELinux " language="bash"}}
139 $ # make sure you have the policy utils (yum install policycoreutils-python)
140 $ sudo setsebool -P httpd_can_network_connect=1
141 {{/code}}
142
143
144 If you have additional problems with the SELinux configuration, check the context and ownership of files. More useful information on SELinux can be found at [[http:~~/~~/wiki.centos.org/HowTos/SELinux>>url:http://wiki.centos.org/HowTos/SELinux||shape="rect"]].