PortalInstall
How the machine was prepared
Create a VM in the T2B cloud with 12GB of disk size, 1 CPU, 2GB of RAM, and 2 NICs (one in the public and the other in the private network).
For the disk creation in OpenNebula, we chose a persistent datablock.
Deployment of the machine with Quattor :
- machine-type : grid/base (ui would have been a best choice for grid jobs support)
- filesystem : classic_single_root (see config/filesystems)
- operating system : SL6x
Installation of some extra packages required by gUSE done by adding these lines in the machine profile :
'/software/packages/{java-1.7.0-openjdk}' ?= nlist();
'/software/packages/{java-1.7.0-openjdk-devel}' ?= nlist();
'/software/packages/{xorg-x11-xauth}' ?= nlist();
'/software/packages/{mysql-server}' ?= nlist();
Choice of the version of the portal
After some compatibility tests, we chose to install gUSE 3.6.8 with java-1.7.0-openjdk.
Installation process
We followed the procedure described in the PDF "gUSE_Install_Wizard_Manual_v3.6.8" to the letter, thus using the wizard.
Installation of release 3.7.x
It has been tested under SL6.8 with java-1.8.0-openjdk-1.8.0.111-0.b15. We have met the problem described in this thread : https://sourceforge.net/p/guse/discussion/1672628/thread/4aa465ec/
To solve the problem :
- remove apache-tomcat-7.0.55/lib/javaee-api-5.0-1.jar
- copy http://central.maven.org/maven2/javax/transaction/jta/1.1/jta-1.1.jar and http://central.maven.org/maven2/javax/persistence/persistence-api/1.0.2/persistence-api-1.0.2.jar under apache-tomcat-7.0.55/lib/.
And then, follow the installation procedure from the manual.
Securing the portal
As explained in the manual, it is very important to change the default password of the test@liferay.com user right after the first login. But that's not enough ! After you've done with the Service Wizard step (http://<URL_install_backend>:8080/information), shutdown the portal, change the password of the admin user in tomcat-users.xml, and create the file /home/guse/guse/apache-tomcat-7.0.55/conf/Catalina/localhost/manager.xml with the following content :
<Context antiResourceLocking="false" privileged="true" docBase="${catalina.home}/webapps/manager">
<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127.0.0.1|192.168.10.*|193.190.247.*|193.58.172.*" denyStatus="404" />
</Context>
After the restart of the portal, access to http://<URL_install_backend>:8080/manager will be restricted to the IPs allowed in manager.xml. If you don't do this, you will undergo brute force attacks (trying to guess the admin password), and this kind of attack will put some pressure on the server.