PortalInstall: Difference between revisions
No edit summary |
|||
Line 34: | Line 34: | ||
And then, follow the installation procedure from the manual. | And then, follow the installation procedure from the manual. | ||
== Securing the portal == | |||
As explained in the manual, it is very important to change the default password of the test@liferay.com user right after the first login. But that's not enough ! After you've done with the Service Wizard step (<nowiki>http://<URL_install_backend>:8080/information</nowiki>), shutdown the portal, change the password of the admin user in tomcat-users.xml, and create the file /home/guse/guse/apache-tomcat-7.0.55/conf/Catalina/localhost/manager.xml with the following content : | |||
<pre> | |||
<Context antiResourceLocking="false" privileged="true" docBase="${catalina.home}/webapps/manager"> | |||
<Valve className="org.apache.catalina.valves.RemoteAddrValve" | |||
allow="127.0.0.1|192.168.10.*|193.190.247.*|193.58.172.*" denyStatus="404" /> | |||
</Context> | |||
</pre> | |||
After the restart of the portal, access to <nowiki>http://<URL_install_backend>:8080/manager</nowiki> will be restricted to the IPs allowed in manager.xml. | |||
{{TracNotice|{{PAGENAME}}}} | {{TracNotice|{{PAGENAME}}}} |
Revision as of 12:24, 14 July 2017
How the machine was prepared
Create a VM in the T2B cloud with 12GB of disk size, 1 CPU, 2GB of RAM, and 2 NICs (one in the public and the other in the private network).
For the disk creation in OpenNebula, we chose a persistent datablock.
Deployment of the machine with Quattor :
- machine-type : grid/base (ui would have been a best choice for grid jobs support)
- filesystem : classic_single_root (see config/filesystems)
- operating system : SL6x
Installation of some extra packages required by gUSE done by adding these lines in the machine profile :
'/software/packages/{java-1.7.0-openjdk}' ?= nlist(); '/software/packages/{java-1.7.0-openjdk-devel}' ?= nlist(); '/software/packages/{xorg-x11-xauth}' ?= nlist(); '/software/packages/{mysql-server}' ?= nlist();
Choice of the version of the portal
After some compatibility tests, we chose to install gUSE 3.6.8 with java-1.7.0-openjdk.
Installation process
We followed the procedure described in the PDF "gUSE_Install_Wizard_Manual_v3.6.8" to the letter, thus using the wizard.
Installation of release 3.7.x
It has been tested under SL6.8 with java-1.8.0-openjdk-1.8.0.111-0.b15. We have met the problem described in this thread : https://sourceforge.net/p/guse/discussion/1672628/thread/4aa465ec/
To solve the problem :
- remove apache-tomcat-7.0.55/lib/javaee-api-5.0-1.jar
- copy http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar and http://central.maven.org/maven2/javax/persistence/persistence-api/1.0.2/persistence-api-1.0.2.jar under apache-tomcat-7.0.55/lib/.
And then, follow the installation procedure from the manual.
Securing the portal
As explained in the manual, it is very important to change the default password of the test@liferay.com user right after the first login. But that's not enough ! After you've done with the Service Wizard step (http://<URL_install_backend>:8080/information), shutdown the portal, change the password of the admin user in tomcat-users.xml, and create the file /home/guse/guse/apache-tomcat-7.0.55/conf/Catalina/localhost/manager.xml with the following content :
<Context antiResourceLocking="false" privileged="true" docBase="${catalina.home}/webapps/manager"> <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127.0.0.1|192.168.10.*|193.190.247.*|193.58.172.*" denyStatus="404" /> </Context>
After the restart of the portal, access to http://<URL_install_backend>:8080/manager will be restricted to the IPs allowed in manager.xml.