Tuesday, October 23, 2007

Installing Luntbuild With Tomcat For Nexenta

Luntbuild is a continuous integration server and build management tool. I have chosen to use it because it has been so easy to set up builds with it in the past. Their claim that it takes about 1/2 hour to set up an initial build was pretty accurate when I used it before on a Windows machine. I wanted to test out this claim for Nexenta. Since Nexenta already offers a Tomcat 5 package, I thought the initial set-up would be a piece of cake. It became a good learning experience about Java security policies.
The security permissions required for running web applications with the Nexenta Tomcat package provided a big headache for me, as I have not configured Tomcat policy files before, and Terracotta and Spring (which Luntbuild uses) seem to use quite a few restricted actions. Hopefully these instructions will help some other intrepid Agilist who wants to get a CI server up and running quickly on Nexenta or Ubuntu.

Step 1: Create a New Zone


See these instructions for setting up a new zone for Nexenta. I named my zone luntbuild_zone and put it in /export/home/zones/luntbuild_zone.
Do NOT bootstrap tomcat5 with the install as you will need to install the JDK separately before tomcat5.

Step 2: Install JDK 6 in the luntbuild_zone


See these instructions for setting up the JDK in a new base Nexenta zone.
Tomcat requires the JDK, and, unfortunately, Nexenta only provides a JRE package. If you install tomcat5 without a JDK, startup fails with the message

Could not start Tomcat 5 servlet engine because no Java Development Kit
(JDK) was found. Please download and install JDK 1.3 or higher and set
JAVA_HOME in /etc/default/tomcat5 to the JDK's installation directory.

Step 3: Install Tomcat


  • root@luntbuild_zone:~# export JAVA_HOME=/usr/opt/jdk1.6.0_02
  • root@luntbuild_zone:~# apt-get install tomcat5
  • root@luntbuild_zone:~# vi /etc/default/tomcat5
    add the line JAVA_HOME=/usr/opt/jdk1.6.0_02
  • root@luntbuild_zone:/usr/opt# /etc/init.d/tomcat5 start
    Starting Tomcat 5 servlet engine using Java from /usr/opt/jdk1.6.0_02: tomcat5.
  • Navigate to http://192.168.0.111:8180 in a browser and you should see an empty directory listing. This directory corresponds to /var/lib/tomcat5/webapps/ROOT/.

Step 4: Install the Luntbuild Web Application


These instructions come primarily from the Luntbuild Installation Guide in the section Installation using zip distribution (without GUI)

Download the luntbuild 1.5.3 zip (NOT the installer-jar).
  • root@luntbuild_zone:~# mkdir /usr/opt/luntbuild
  • Copy luntbuild-1.5.3.zip into /usr/opt/luntbuild
  • root@luntbuild_zone:~# cd /usr/opt/luntbuild
  • root@luntbuild_zone:/usr/opt/luntbuild# apt-get install unzip
  • root@luntbuild_zone:/usr/opt/luntbuild# unzip luntbuild-1.5.3.zip
  • root@luntbuild_zone:/usr/opt/luntbuild# /etc/init.d/tomcat5 stop
  • root@luntbuild_zone:/usr/opt/luntbuild# vi web/WEB-INF/web.xml
    Replace $INSTALL_PATH with /usr/opt/luntbuild
  • root@luntbuild_zone:/usr/opt/luntbuild# vi /usr/opt/luntbuild/log4j.properties (unfortunately, the Luntbuild configuration uses relative paths for these log4j configuration files so you will see File permission errors in the catalina logs if you try to start tomcat from a directory that is not owned by the tomcat5 process; it's best just to change these relative paths to absolute paths)
    Replace luntbuild_log.html with /usr/opt/luntbuild/logs/luntbuild_log.html
    Replace luntbuild_log.txt with /usr/opt/luntbuild/logs/luntbuild_log.txt
  • root@luntbuild_zone:/usr/opt/luntbuild# vi /usr/opt/luntbuild/web/WEB-INF/classes/log4j.properties
    Replace luntbuild_log.html with /usr/opt/luntbuild/logs/luntbuild_log.html
    Replace luntbuild_log.txt with /usr/opt/luntbuild/logs/luntbuild_log.txt
  • root@luntbuild_zone:/usr/opt/luntbuild# mkdir /var/lib/tomcat5/webapps/luntbuild
  • root@luntbuild_zone:/usr/opt/luntbuild# cp -r /usr/opt/luntbuild/web/* /var/lib/tomcat5/webapps/luntbuild
  • root@luntbuild_zone:/usr/opt/luntbuild# rm /var/lib/tomcat5/webapps/luntbuild/WEB-INF/lib/commons-logging-1.0.4.jar (you will see ClassNotFoundExceptions otherwise since there is also a commons-logging.jar in /java/share that is installed by Nexenta when tomcat5 is installed)
  • root@luntbuild_zone:/usr/opt/luntbuild# vi /etc/tomcat5/policy.d/05luntbuild.policy (this is the policy file that grants permissions to the luntbuild jsps, classes and libraries, particularly to the Terracotta, Spring and cglib jars which access a number of restricted methods and properties)


    grant codeBase "file:${catalina.home}/webapps/luntbuild/WEB-INF/lib/-" {
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "shutdownHooks";
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "setContextClassLoader";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.io.FilePermission "${java.home}/-", "read";
    permission ognl.OgnlInvokePermission "*";
    };

    grant codeBase "file:${catalina.home}/webapps/luntbuild/WEB-INF/classes/-" {
    permission java.util.PropertyPermission "*", "read,write";
    permission java.lang.RuntimePermission "shutdownHooks";
    permission java.lang.RuntimePermission "getProtectionDomain";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
    permission java.lang.RuntimePermission "createClassLoader";
    permission java.lang.RuntimePermission "setContextClassLoader";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.io.FilePermission "${java.home}/-", "read";
    permission ognl.OgnlInvokePermission "*";
    };

    grant codeBase "file:${catalina.home}/webapps/luntbuild/-" {
    permission java.io.FilePermission "${catalina.home}/temp", "read";
    permission java.io.FilePermission "${catalina.home}/temp/-", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/-", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/logs", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/logs/-", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/db", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/db/-", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/tmp", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/tmp/-", "read,write,delete";
    permission java.io.FilePermission "/usr/opt/luntbuild/tmp/dummy", "read,write,delete";
    };



  • root@luntbuild_zone:/usr/opt/luntbuild# chown -R tomcat5 /usr/opt/luntbuild (the tomcat process runs as the tomcat5 user)
  • root@luntbuild_zone:/usr/opt/luntbuild# chown -R tomcat5 /var/lib/tomcat5/webapps/luntbuild
  • root@luntbuild_zone:/usr/opt/luntbuild# /etc/init.d/tomcat5 start
  • With a browser, navigate to http://192.168.0.111:8180/luntbuild/ and you should be redirected to the Luntbuild project administration page!

2 comments:

Anton Andreev said...

Hi,

I do not see a tomcat package in Nexenta Core 2 RC3.

Have you tried using NC2 RC3?

Tim Myer said...

Hi Toncho,
Unfortunately, I have not tried Nexenta Core RC3. You might consider posting a question on the Nexenta community site (http://www.nexenta.org/os/Community). If the package is not available in the RC3 repository, you might also consider using a stand-alone Tomcat distribution. I do not see why the standalone version would not work for this scenario. The tomcat5 package was used here primarily because of the convenience of its availability.
I hope that helps.
---Tim---