Table of contents:
Introduction
This page provides instructions on how to configure a Scheduler application server and deploy the Scheduler application into it.
Conventions
<user@shell>
indicates a command executed via the system's shell as the indicated user<user@mysql>
indicates a command executed in the MySQL command line client as the indicated MySQL user<variable_name>
indicates that a value for the specified variable name should be substituted
Installation prerequisites
- Minimal CentOS 6 installation
- Tomcat installation owned by tomcat user/group
- MySQL instance co-resident in the server with Apache/Tomcat
Install and configure MySQL
Install mysql-server package
root@shell> yum -y install mysql-server
Install /etc/my.cnf
[mysqld] datadir=/var/lib/mysql socket=/var/lib/mysql/mysql.sock user=mysql # Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0 character_set_server = utf8 collation_server = utf8_bin default-character-set = utf8 default-collation = utf8_bin default-storage-engine = InnoDB max_allowed_packet = 128M innodb_file_per_table = 1 [mysqld_safe] log-error=/var/log/mysqld.log pid-file=/var/run/mysqld/mysqld.pid
Start and enable mysqld service
root@shell> chkconfig mysqld on ; service mysqld start
Set mysql root user password
root@shell> mysqladmin password <root_mysql_password>
Install /root/.my.cnf
[client] user=root password=<mysql_root_password> default-character-set=utf8 [mysql] pager=less -niSX
Create Scheduler database
root@shell> mysqladmin create scheduler
Create mysql user Scheduler with full privileges on Scheduler database
root@shell> mysql mysql root@mysql> GRANT ALL ON scheduler.* to 'scheduler'@'localhost' IDENTIFIED BY '<scheduler_mysql_password>';
Install and configure Java
- Download Zulu-JDK 11.0.6 and to /var/tmp
Extract Java JDK tarball and move it to /opt/jdk-11.0.6
root@shell> tar -C /opt -xzf /var/tmp/jdk-11.0.6.tar.gz
Install /etc/profile.d/java.sh
export JAVA_HOME=/opt/jdk-11.0.6 export JDK_HOME=$JAVA_HOME export PATH=$JAVA_HOME/bin:$PATH export MANPATH=$JAVA_HOME/man:$MANPATH
Install and configure Tomcat 9
(All files in this section should be owned by the tomcat user/group)
Create the Tomcat application role user and group
root@shell> useradd -d /home/tomcat -m -s /bin/bash -U tomcat
Install /home/tomcat/.my.cnf
[client] user=scheduler password=<scheduler_mysql_password> default-character-set=utf8 [mysql] pager=less -niSX
- Download tomcat-9.0.16 and install to /var/tmp/apache-tomcat-9.0.16.tar.gz
Extract Tomcat tarball to /opt/apache-tomcat-9.0.16
root@shell> tar -C /opt -xzf /var/tmp/apache-tomcat-9.0.16.tar.gz root@shell> chown -R tomcat:tomcat /opt/apache-tomcat-9.0.16
Edit /opt/apache-tomcat-9.0.16/bin/setenv.sh
export JAVA_HOME=/opt/jdk-11.0.6 export CATALINA_OPTS="$CATALINA_OPTS -Djava.net.preferIPv4Stack=true -Djava.net.preferIPv4Addresses=true"
Install /var/tmp/server.xml.patch
--- a/server.xml 2015-01-23 06:59:24.000000000 -0500 +++ b/server.xml 2015-10-26 14:50:42.770408195 -0400 @@ -19,7 +19,7 @@ define subcomponents such as "Valves" at this level. Documentation at /docs/config/server.html --> -<Server port="8005" shutdown="SHUTDOWN"> +<Server port="8005" shutdown="<random_shutdown_uuid>"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <!-- Security listener. Documentation at /docs/config/listeners.html <Listener className="org.apache.catalina.security.SecurityListener" /> @@ -66,7 +66,7 @@ APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL/TLS HTTP/1.1 Connector on port 8080 --> - <Connector port="8080" protocol="HTTP/1.1" + <Connector address="127.0.0.1" port="8080" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="8443" /> <!-- A "Connector" using the shared thread pool--> @@ -88,7 +88,7 @@ --> <!-- Define an AJP 1.3 Connector on port 8009 --> - <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> + <Connector address="127.0.0.1" port="8009" protocol="AJP/1.3" redirectPort="8443" /> <!-- An Engine represents the entry point (within Catalina) that processes
Apply patch to /opt/apache-tomcat-9.0.16/conf/server.xml
tomcat@shell> cd /opt/apache-tomcat-9.0.16/conf tomcat@shell> patch -p1 < /var/tmp/server.xml.patch
Add a Resource stanza under <Context> in server.xml
<Resource name="jdbc/scheduler" auth="Container" type="com.mchange.v2.c3p0.ComboPooledDataSource" factory="org.apache.naming.factory.BeanFactory" driverClass="com.mysql.jdbc.Driver" jdbcUrl="jdbc:mysql://localhost/scheduler?serverTimezone=EST&useJDBCCompliantTimezoneShift=true&useSSL=false" user="scheduler" password="<mysql_scheduler_password>" initialPoolSize="10" minPoolSize="10" maxPoolSize="100" testConnectionOnCheckout="true" preferredTestQuery="SELECT 1" acquireIncrement="5" acquireRetryAttempts="10" acquireRetryDelay="1000" unreturnedConnectionTimeout="600" debugUnreturnedConnectionStackTraces="true" />
Install /opt/apache-tomcat-9.0.16/lib/scheduler.properties
keystoreLocation = /opt/apache-tomcat-9.0.16/scheduler.jks keystorePassword = <scheduler_keystore_password> keyAlias = <scheduler_key_alias> keyPassword = <scheduler_key_password> mailFrom = <scheduler_mail_from> mailEnabled = false mailHost = localhost mailPort = 25 appSessionTimeout = 30 # epic or default subjectMode = default # Scheduling restriction in days from 1-99. Days are defined as 24 hour periods with any starting point. So 5pm on # Monday - 5pm on Tuesday is considered a day. # - If a non-numeric character is entered it will be treated as if there is no restriction # - If a number with a decimal is entered, the decimal will be truncated and the number will be treated as an integer # - If a number > 99 is entered the restriction will be set to 99 # - If a number < 1 is entered it will be treated as if there is no restriction schedulingRestriction= # The number of hours before an appointment start time that they would like to see a visual # indicator around applicable appointments. Defined in days from 1-99. Days are defined as 24 hour periods with any # starting point. So 5pm on Monday - 5pm on Tuesday is considered a day. # - The same rules listed for schedulingRestriction above apply here. lastMinuteIndicator=
Generate and install Java keystore to /opt/apache-tomcat-9.0.16/scheduler.jks
tomcat@shell> cd /opt/apache-tomcat-9.0.16 tomcat@shell> keytool -genseckey -keystore scheduler.jks -storetype JCEKS -storepass <scheduler_keystore_password> -alias <scheduler_key_alias> -keypass <scheduler_key_password> -keyalg AES -keysize 256 tomcat@shell> chmod 600 scheduler.jks
- Download mysql-connector-java-8.0.15.jar and install to /opt/apache-tomcat-9.0.16/lib/mysql-connector-java-8.0.15.jar
- Download c3p0-0.9.5.4.jar and install to /opt/apache-tomcat-9.0.16/lib/c3p0-0.9.5.4.jar
- Download mchange-commons-java-0.2.15.jar and install to /opt/apache-tomcat-9.0.16/lib/mchange-commons-java-0.2.15.jar
- Generate and install institution logo image file to /opt/apache-tomcat-9.0.16/webapps/scheduler-resources/local-logo.png
Generate and install institution CSS file to /opt/apache-tomcat-9.0.16/webapps/scheduler-resources/local-style.css
/* example: white background */ body { background: #ffffff; }
Install and configure Apache httpd
Install httpd and mod_ssl packages
root@shell> yum -y install httpd mod_ssl
Start and enable httpd service
root@shell> chkconfig httpd on ; service httpd start
- Install /etc/pki/tls/private/<your_site>.key
- Install /etc/pki/tls/certs/<your_site>.crt
Edit /etc/httpd/conf/httpd.conf
root@shell> sed 's/^ServerName .*$/ServerName <your_site>/' /etc/httpd/conf/httpd.conf
Install /etc/httpd/conf.d/01modproxy.conf
<IfModule mod_proxy.c> ProxyPreserveHost On </IfModule>
Install /etc/httpd/conf.d/02defaultvhost.conf
<VirtualHost *:80> ServerName <your_site> Redirect permanent / https://<your_site>/ </VirtualHost>
Edit /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so Listen 443 SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLMutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/<your_site>.crt SSLCertificateKeyFile /etc/pki/tls/private/<your_site>.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Include conf.d/ssl/*.conf </VirtualHost>
Install /etc/httpd/conf.d/ssl/01proxy.conf
ProxyPass /scheduler ajp://localhost:8009/scheduler DisableReuse=On ProxyPassReverse /scheduler ajp://localhost:8009/scheduler ProxyPass /scheduler-resources ajp://localhost:8009/scheduler-resources DisableReuse=On ProxyPassReverse /scheduler-resources ajp://localhost:8009/scheduler-resources
Deploy the Scheduler web application archive (WAR) file
- Install distributed Scheduler WAR file to /opt/apache-tomcat-9.0.16/webapps/scheduler.war
Seed the Scheduler database
- To setup the application with demo data please refer to Using Demo Data.
Start the Tomcat server
Startup Tomcat
tomcat@shell> /opt/apache-tomcat-9.0.16/bin/startup.sh
- Proceed to the Scheduler application at: https://<your_host>/scheduler