PortalInstall: Difference between revisions

From T2B Wiki
Jump to navigation Jump to search
No edit summary
Line 43: Line 43:
</pre>
</pre>


After the restart of the portal, access to <nowiki>http://<URL_install_backend>:8080/manager</nowiki> will be restricted to the IPs allowed in manager.xml.
After the restart of the portal, access to <nowiki>http://<URL_install_backend>:8080/manager</nowiki> will be restricted to the IPs allowed in manager.xml. If you don't do this, you will undergo brute force attacks (trying to guess the admin password), and this kind of attack will put some pressure on the server.
 


{{TracNotice|{{PAGENAME}}}}
{{TracNotice|{{PAGENAME}}}}

Revision as of 12:25, 14 July 2017

How the machine was prepared

Create a VM in the T2B cloud with 12GB of disk size, 1 CPU, 2GB of RAM, and 2 NICs (one in the public and the other in the private network).

For the disk creation in OpenNebula, we chose a persistent datablock.

Deployment of the machine with Quattor :

  • machine-type : grid/base (ui would have been a best choice for grid jobs support)
  • filesystem : classic_single_root (see config/filesystems)
  • operating system : SL6x

Installation of some extra packages required by gUSE done by adding these lines in the machine profile :

'/software/packages/{java-1.7.0-openjdk}' ?= nlist();
'/software/packages/{java-1.7.0-openjdk-devel}' ?= nlist();
'/software/packages/{xorg-x11-xauth}' ?= nlist();
'/software/packages/{mysql-server}' ?= nlist();

Choice of the version of the portal

After some compatibility tests, we chose to install gUSE 3.6.8 with java-1.7.0-openjdk.


Installation process

We followed the procedure described in the PDF "gUSE_Install_Wizard_Manual_v3.6.8" to the letter, thus using the wizard.

Installation of release 3.7.x

It has been tested under SL6.8 with java-1.8.0-openjdk-1.8.0.111-0.b15. We have met the problem described in this thread : https://sourceforge.net/p/guse/discussion/1672628/thread/4aa465ec/

To solve the problem :

And then, follow the installation procedure from the manual.

Securing the portal

As explained in the manual, it is very important to change the default password of the test@liferay.com user right after the first login. But that's not enough ! After you've done with the Service Wizard step (http://<URL_install_backend>:8080/information), shutdown the portal, change the password of the admin user in tomcat-users.xml, and create the file /home/guse/guse/apache-tomcat-7.0.55/conf/Catalina/localhost/manager.xml with the following content :

<Context antiResourceLocking="false" privileged="true" docBase="${catalina.home}/webapps/manager">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" 
           allow="127.0.0.1|192.168.10.*|193.190.247.*|193.58.172.*" denyStatus="404" />
</Context> 

After the restart of the portal, access to http://<URL_install_backend>:8080/manager will be restricted to the IPs allowed in manager.xml. If you don't do this, you will undergo brute force attacks (trying to guess the admin password), and this kind of attack will put some pressure on the server.


Template:TracNotice