Tuesday, February 23, 2010

LifeRay Portal 5.2.3 - TomCat 6.0 - PostgreSQL on Debian (sid)

I was recently introduced to LifeRay and determined that I would setup a Virtual Machine & configure it to run LifeRay on TomCat 6.0 with a Postgres database.

I have a preference toward Debian and since I had a base install on a Virtual Machine, I began by duplicating it and updating it to Sid.  (I later installed on a testing version as well following the same procedures outlined below.)

After some light reading on the Liferay site I realized that they didn't have complete documentation for a PostgreSQL installation for the 5.x versions.   It appears that there have been extensive changes since these most recent releases.
_____________________________________

To begin I downloaded the LifeRay Portal bundle with TomCat 6.0 :

cd /usr/local/src/

wget http://sourceforge.net/projects/lportal/files/Liferay%20Portal/liferay-portal-tomcat-6.0-5.2.3.zip

cd /usr/local

unzip liferay-portal-tomcat-6.0-5.2.3.zip

Make the shell scripts executable.

cd /usr/local/liferay-portal-5.2.3/tomcat-6.0.18/bin/

chmod +x *.sh

Obtain the following package: 
Note:  You must have the option of "non-free" in your apt sources list.

apt-get install sun-java6-jdk

Check the java version

java -version

Update ./home/user/.bashrc and add the following line.

# JAVA6
export JAVA_HOME=/usr/lib/jvm/java-6-sun

Note: DEBIAN Users must modify the setenv.sh file for TomCat and add the following variable if using a testing version Debian or have upgraded from a testing version of Debian. (Thanks to Mr. LBR for pointing this out) You may reference this issue at the following website http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572048

Add the following to JAVA_OPTS line

-Djava.net.preferIPv4Stack=true

OPTIONAL:  If desired, you can simply start TomCat and allow LifeRay to use it's built in database HyperSQL.  I initially installed LifeRay with its default configuration so I could verify that I had a working installation prior to moving to PostgreSQL.

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/bin/start.sh

The default configuration starts TomCat on port 8080.

The log file is located at:

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/logs/

Tail the log file.

tail -f catalina.out

Once you see a line similar to the following, you may access your portal.

INFO:  Server startup in 62000 ms

Continuing on with a PostgreSQL database installation, you will need to stop TomCat by running the "Shutdown.sh" script found in the same location as the "start.sh" script.

 Obtain Postgres.  I also installed "-doc" package but didn't note it here.

 apt-get install postgresql 

 Start Postgres, setup a user for postgres, create a new database.

/etc/init.d/postgresql start

adduser newuser

Become a superuser

su postgres

Connect to the Database server.

psql template1 
template1=# CREATE USER newuser WITH PASSWORD 'newuserpassword';
template1=# CREATE DATABASE liferay;
template1=# GRANT ALL PRIVILEGES ON DATABASE liferay to newuser;
template1=# \q

Configure Liferay to use the PostgreSQL Database.

I found that the version or package that I downloaded did not actually have the following file.  I had to create this file.  If your version has this file please modify it with the following.

cd /usr/local/liferay-portal-5.2.3/tomcat-6.0.18/webapps/ROOT/WEB-INF/classes

vi portal-ext.properties

Insert the following lines with modifications to the database name, username & password to match your configuration.

jdbc.default.driverClassName=org.postgresql.Driver
jdbc.default.url=jdbc:postgresql://localhost:5432/liferay
jdbc.default.username=newuser
jdbc.default.password=newuserpassword

Start TomCat and tail the log file.

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/bin/start.sh

The default configuration starts TomCat on port 8080.

The log file is located at:

/usr/local/liferay-portal-5.2.3/tomcat-6.0.18/logs/

Tail the log file.

tail -f catalina.out

Once you see a line similar to the following, you may access your portal.

INFO: Server startup in 62332 ms

Login at:  http://localhost:8080

Admin access can be obtained by logging in with the following credentials (as per LifeRay.com)
Username: bruno@7cogs.com
Password: bruno

Overview:  Overall this was not a difficult process.  There were a few hurdles along the way getting the postgres database configured as I wanted with a different user than "postgres".  These were very minor and were primarily resolved once I found the proper location for the portal-ext.properties file.

Reference  & Info Links: 
LifeRay - LifeRay - website, documentation and wiki.
PostgreSQL - Postgresql - website & database commands.
YouTube - Howto change the default Logo on Liferay.  Saved me hunting around in the "control panel".

UPDATE 8/3/2010 - Tested ver. 6.0.4 GA2
  • Found documentation still applicable.  
  • Removed "SevenCogs" data in WEBAPPS folder prior to start up so no "example" data was deployed.  This required using the default username of test@liferay.com and password of "test" to access the admin console.
UPDATE 1/15/2011 - Tested ver. 6.0.5 GA3
  • Debian (testing) users will need to download and install (apt-get) default-java instead of sun-java6-jdk.
  • All other steps worked as documented

Tuesday, February 9, 2010

OpenVPN Howto

Scope:  

1.  Installation of OpenVPN was completed with apt

apt-get install openvpn

The following extra packages were installed when the above command was initiated.

libpkcs11-helper1 
openvpn-blacklist
 
2.  Next determine whether you will use a routed or bridged VPN.  OpenVPN has a more in depth write up of differences here. Each will require a different set of parameters in the openvpn configuration file but it is well documented. I configured my installation first as routed and then transitioned to a bridged model.

Bridging advantages
  • Broadcasts traverse the VPN -- this allows software that depends on LAN broadcasts such as Windows NetBIOS file sharing and network neighborhood browsing to work.
  • No route statements to configure.
  • Works with any protocol that can function over ethernet, including IPv4, IPv6, Netware IPX, AppleTalk, etc.
  • Relatively easy-to-configure solution for road warriors.

Bridging disadvantages

  • Less efficient than routing, and does not scale well.

Routing advantages

  • Efficiency and scalability.
  • Allows better tuning of MTU for efficiency.

Routing disadvantages

  • Clients must use a WINS server (such as samba) to allow cross-VPN network browsing to work.
  • Routes must be set up linking each subnet.
  • Software that depends on broadcasts will not "see" machines on the other side of the VPN.
  • Works only with IPv4 in general, and IPv6 in cases where tun drivers on both ends of the connection support it explicitly.

3.  Certificates need to be generated for both the server and clients.

NOTE:  You must place the key & crt files for the server and client in the same directory as your .conf files unless you explicitly state otherwise it the conf file.

mkdir /etc/openvpn/easy-rsa
cp /usr/share/doc/openvpn/examples/easy-rsa/2.0/* /etc/openvpn/easy-rsa

3a.  Edit the default values necessary for the certificates.

vi /etc/openvpn/easy-rsa/vars

3b. Generate the Certificate Authority that will be used to sign the certificates.

cd /etc/openvpn/easy-rsa
source ./vars
./clean-all
./build-ca

3c. Create server keys.

./build-key-server server

3d.  Generate the diffie-hellman parameters.

./build-dh 

3e. Create client keys.

./build-key client1

4. Configure server.conf file.  OpenVPN example found at http://openvpn.net/index.php/open-source/documentation/howto.html#examples

NOTE: For the logging, it will require that you create the /var/log/openvpn directory and I went ahead and created the two logfiles.This example is specifically for a bridged configuration.  Please see the example above for detailed explanations of the various settings and options. 

 

################## 
# server.conf 
##################
local 192.168.0.10 
port 1194 
proto udp 
dev tap0 
ca ca.crt 
cert server.crt 
key server.key 
dh dh2048.pem 
client-config-dir ccd 
server-bridge 192.168.0.10 255.255.255.0 192.168.0.150 192.168.0.160 
ifconfig-pool-persist ipp.txt 
route 192.168.0.0 255.255.255.0 
client-to-client 
keepalive 10 120 
#comp-lzo 
max-clients 15 
#user nobody 
#group nobody 
persist-key 
persist-tun 
status /var/log/openvpn/openvpn-status.log
log-append /var/log/openvpn/openvpn.log 
verb 3

 5. Acquire the necessary package for bridged configuration script.

apt-get install bridge-utils

6. Configure the openvpn-bridge script.  I did not have good luck with the example script included on the openvpn.net site.  I opted to utilize the one listed here and it has been successful on multiple systems.  

Edit based on your network settings.

#!/bin/bash

#################################
# OpenVPN Bridge 
#################################

# Define Bridge Interface
br="br0"

# Define list of TAP interfaces to be bridged,
# for example tap="tap0 tap1 tap2".
tap="tap0"

# Define physical ethernet interface to be bridged
# with TAP interface(s) above.
eth="eth0"

eth_ip="192.168.0.10"
eth_netmask="255.255.255.0"
eth_broadcast="192.168.0.255"
gw="192.168.0.1"

case "$1" in
  start)
  for t in $tap; do
      openvpn --mktun --dev $t
  done

  brctl addbr $br
  brctl addif $br $eth

  for t in $tap; do
      brctl addif $br $t
  done

  for t in $tap; do
      ifconfig $t 0.0.0.0 promisc up
  done

  ifconfig $eth 0.0.0.0 promisc up

  ifconfig $br $eth_ip netmask $eth_netmask broadcast $eth_broadcast
  route add default gw $gw
  ;;
  stop)
  ifconfig $br down
  brctl delbr $br

  for t in $tap; do
      openvpn --rmtun --dev $t
  done
  ifconfig $eth $eth_ip netmask $eth_netmask broadcast $eth_broadcast
  route add default gw $gw
  ;;
  *)
  echo "usage openvpn-bridge {start|stop}"

  exit 1
  ;;
esac
exit 0

7. Set openvpn-bridge script to run at startup. (Please test first.)

update-rc.d openvpn-bridge defaults

8. Once the bridge is up and functional you can proceed to start OpenVPN.

/etc/init.d/openvpn start

9. Firewall. Make the necessary firewall changes to allow your clients to connect on the specified port.

10. Client review and configuration to follow....