Albrechts Blog


Archive for November, 2009

Installing Magnolia CMS on JBoss on Ubuntu

Wednesday, November 25th, 2009

I have to migrate the web site at work soon and so I’m want to try some CMS.

I will start with a Java CMS, and Magnolia seems to be a good candidate. It can run standalone with a packaged Tomcat or on an application server like JBoss, I’ll try to go the JBoss way.

For the JBoss installation part I follow the instructions at http://ubuntuforums.org/showthread.php?t=652472, the Magnolia on JBoss stuff is based on http://wiki.magnolia-cms.com/display/WIKI/How+to+install+Magnolia+on+Jboss

  • FirstĀ  get jboss-5.1.0.GA-jdk6.zip from sourceforge.net.
  • Decide where to extract it, under which user id. I choose /opt/jboss and will create a jboss user account.
    • groupadd -g 997 jboss; useradd -s /bin/bash -d /home/jboss -g 997 -u 997 -c "JBoss User" jboss
    • mkdir -p /opt; cd /opt; unzip ..../ jboss-5.1.0.GA-jdk6.zip; chown -R jboss.jboss jboss-5.1.0.GA; ln -sf jboss-5.1.0.GA/ jboss
    • copy a init script in place:
      cp /opt/jboss/bin/jboss_init_redhat.sh /etc/init.d/jboss
    • make some modifications to the init script
      • adjust JBOSS_HOME to /opt/jboss
      • adjust JAVAPTH to /usr/lib/jvm/java-6-sun/bin (I use the sun-java6-bin package on Ubuntu Jaunty)
      • decide if JBoss should only listen to port 8080 on localhost (default) or set a variable JBOSS_HOST to the public address of the server. Finally I want to route access through apache/mod_proxy so I leave the default setting.
      • and, really important: enlarge the numer of allowed open files per process!!. Put
        ulimit -n 2048
        somewhere before the real start command.

        Otherwise you will fail somewhere during the install process, I succeded with the magnolia author instance, but failed adding the public instance for this reason.

      • finally dont forget to add the init script links (I still have to learn the upstart stuff …)
        update-rc.d jboss defaults
      • edit bin/run.conf and increase memory settings for later use with magnolia:

        Change JAVA_OPTS from

        JAVA_OPTS="-Xms128m -Xmx512m ...

        to (at least)

        JAVA_OPTS="-Xms256m -Xmx1024m

      • Add some authentication configuration to /opt/jboss/server/default/conf/login-config.xml, later needed by magnolia:

        <!--
        magnolia JAAS login modules
        -->
        <application-policy name="magnolia">
        <authentication>
        <login-module code="info.magnolia.jaas.sp.jcr.JCRAuthenticationModule"
        flag = "requisite" />
        <login-module code="info.magnolia.jaas.sp.jcr.JCRAuthorizationModule"
        flag = "required" />
        </authentication>
        </application-policy>
        <!--
        jackrabbit JAAS login modules
        -->
        <application-policy name="Jackrabbit">
        <authentication>
        <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule"
        flag = "required" />
        </authentication>
        </application-policy>
      • start jboss for the first time
        /etc/init.d/jboss start

        watch /opt/jboss/server/default/log/boot.log for messages.
      • Ensure you have all ports available needed by JBoss. Just watch the log files for “Address already in use” error messages. In case of conflict search for the port specifications e.g. (if port 4444 is not free) with grep -r 4444 /opt/jboss/server/default/conf/ and find other free ports to use (4444 e.g. conflicts with a kerberos server)
  • Make the necessary Apache2 configuration steps:

    • Enable some modules:

      a2enmod proxy
      a2enmod proxy_http
      a2enmod proxy_balancer
      a2enmod proxy_ajp
    • Add e.g. the following lines to /etc/apache2/sites-enabled/000-default:

      ProxyRequests Off
      ProxyPreserveHost On
      <!-- balancer not working correctly, use ajp proxy below
      <Proxy balancer://mycluster>
      Order deny,allow
      Allow from all
      BalancerMember http://localhost:8080/
      </Proxy>
      ProxyPass /jboss balancer://mycluster
      ProxyPass /images balancer://mycluster/images
      ProxyPass /admin-console balancer://mycluster/admin-console
      ProxyPass /web-console balancer://mycluster/web-console
      ProxyPass /jmx-console balancer://mycluster/jmx-console
      ProxyPass /magnoliaAuthor balancer://mycluster/magnoliaAuthor
      ProxyPass /magnoliaPublic balancer://mycluster/magnoliaPublic
      ProxyPassReverse /jboss http://localhost:8080/
      -->
      <!-- use ajp proxy: -->
      ProxyPass /jboss ajp://localhost:8009
      ProxyPass /images ajp://localhost:8009/images
      ProxyPass /css ajp://localhost:8009/css
      ProxyPass /admin-console ajp://localhost:8009/admin-console
      ProxyPass /web-console ajp://localhost:8009/web-console
      ProxyPass /jmx-console ajp://localhost:8009/jmx-console
      ProxyPass /status ajp://localhost:8009/status
      ProxyPass /magnoliaAuthor ajp://localhost:8009/magnoliaAuthor
      ProxyPass /magnoliaPublic ajp://localhost:8009/magnoliaPublic
      ProxyPassReverse /jboss [***]ajp://localhost:8009/
      ProxyPassReverse /admin-console [***]ajp://localhost:8009/admin-console
      ProxyPassReverse /web-console [***]ajp://localhost:8009/web-console
      ProxyPassReverse /jmx-console [***]ajp://localhost:8009/jmx-console
      ProxyPassReverse /status [***]ajp://localhost:8009/status
      ProxyPassReverse /magnoliaAuthor [***]ajp://localhost:8009/magnoliaAuthor
      ProxyPassReverse /magnoliaPublic [***]ajp://localhost:8009/magnoliaPublic
      <Location /jboss>
      Order allow,deny
      Allow from all
      </Location>

      (see http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingMod_proxyWithJBoss or http://ubuntuforums.org/showthread.php?t=536078)

      Dont Forget later to add more ProxyPass entries for the applications you want to deploy! Here I already included the URLs for Magnolia. And do not forget to change default passwords … or restrict access to the several admin interfaces like this:

      <Location /admin-console>
      Order deny,allow
      Allow from 192.168.1.0/24
      </Location>

      Repeat this for web-console and jmx-console, restart Apache

      apache2ctl graceful

  • Now get Magnolia, download magnolia-bundled-webapp-4.1.1.war from sourceforge and for later use magnolia-standard-templating-kit-bundle-1.1.2-bundle.zip from Magnolia.
  • From this stage on, extract all files under the user id of the jboss user:

    su - jboss

  • cd /opt/jboss/server/default/deploy
    mkdir magnoliaAuthor.war
    cd magnoliaAuthor.war/
    unzip ..../magnolia-bundled-webapp-4.1.1.war
  • Important !!:

    Remove the xerces jar file delivered in magnolia-bundled-webapp-4.1.1.war it conflicts with the version in JBoss:

    rm -f WEB-INF/lib/xercesImpl-2.8.1.jar

  • add a new file /opt/jboss/server/default/deploy/magnoliaAuthor.war/WEB-INF/jboss-web.xml with contents

    <?xml version="1.0" encoding="UTF-8"?>
    <jboss-web>
    <context-root>/magnoliaAuthor</context-root>
    </jboss-web>
  • Now restart JBoss to deploy the extracted files.
  • Watch /opt/jboss/server/default/log/server.log for possible errors.
  • Ensure you have something like this (maybe more restrictive) in your apache config (/etc/apache2/sites-enabled/000-default on Ubuntu / Debian)

    <Location /magnoliaAuthor>
    Order allow,deny
    Allow from all
    </Location>
  • Go to http://YOURHOST/magnoliaAuthor and complete the initial update.
  • Watch /opt/jboss/server/default/log/server.log for possible errors.
  • Login to the Magnolia admin site, change default passwords.
  • Extract magnolia-standard-templating-kit-bundle-1.1.2-bundle.zip to a temporary place, move the extracted *.jar files to /opt/jboss/server/default/deploy/magnoliaAuthor.war/WEB-INF/lib
  • Restart JBoss once more to deploy the changes, watch /opt/jboss/server/default/log/server.log for possible errors.
  • Again, perform an initial update at http://YOURHOST/magnoliaAuthor.
  • Possible errors (happened several times to me):

    Extract/create files with wrong permissions (root instead of jboss).

    Evereything below /opt/jboss/server/default/deploy/magnoliaAuthor has to belong to jboss!!!

  • Repeat all steps done for magnoliaAuthor for magnoliaPublic
  • Setup relationship between magnoliaAuthor and magnoliaPublic (see http://documentation.magnolia-cms.com/cookbook/changing-an-author-instance-into-a-public-instance.html):

    Changes in magnoliaAuthor:

    • Access rights should per default be ok
    • If you use magnoliaPublic as name of the public site the subscription will also work immediately, other wise change names.

    Changes in magnoliaPublic:

    • set Admin mode to false
    • change the anonymous role to have Read access to the website and GET and POST access to the base URL, but leave /.magnolia/* protected.
  • Finally add some RewriteRule to your apache config to direct traffic to your magnoliaPublic URL:

    <IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteLog /var/log/apache2/rewrite.log
    RewriteLogLevel 1
    RewriteRule ^/magnolia$ /magnolia/ [R]
    RewriteRule ^/magnolia/(.*)$ http://YOUR.ADD.RESS/magnoliaPublic/$1 [L]
    </IfModule>
    <Location /magnolia>
    Order allow,deny
    Allow from all
    </Location&gt
  • Last step: Enable access over HTTPS
    • Add to /etc/apache2/sites-enabled/default-ssl:

      RewriteEngine on
      RewriteLog /var/log/apache2/sslproxy.log
      RewriteLogLevel 1
      RewriteMap domaindb txt:/etc/apache2/ssldomains
      RewriteRule ^/www\.([^/]+)/(.*) /${domaindb:$1|%{HTTP_HOST}/$1}/$2 [S=2]
      RewriteRule ^/([^/]+)/(.*) /${domaindb:$1|%{HTTP_HOST}/$1}/$2 [S=1]
      RewriteRule ^/(.+) /$1/ [R,L]
      RewriteRule ^/(.*) http://$1 [P,L]
    • create /etc/apache2/ssldomains with:

      jboss YOUR.ADD.RESS/jboss
      magnolia YOUR.ADD.RESS/magnolia
      magnoliaAuthor YOUR.ADD.RESS/magnoliaAuthor
      magnoliaPublic YOUR.ADD.RESS/magnoliaPublic
      web-console YOUR.ADD.RESS/web-console
      admin-console YOUR.ADD.RESS/admin-console
      jmx-console YOUR.ADD.RESS/jmx-console
    • Restrict / allow access in /etc/apache2/sites-enabled/default-ssl, e.g.:

      <Location /jboss>
      Order allow,deny
      Allow from All
      </Location>
      <Location /images>
      Order allow,deny
      Allow from All
      </Location>
      <Location /css>
      Order allow,deny
      Allow from All
      </Location>
      <Location /magnolia>
      Order allow,deny
      Allow from All
      </Location>
      <Location /magnoliaPublic>
      Order allow,deny
      Allow from All
      </Location>
      <Location /magnoliaAuthor>
      Order deny,allow
      Allow from 192.168.1.
      </Location>
      <Location /admin-console>
      Order deny,allow
      Allow from 192.168.1.
      </Location>
      <Location /web-console>
      Order deny,allow
      Allow from 192.168.1.
      </Location>
      <Location /jmx-console>
      Order deny,allow
      Allow from 192.168.1.
      </Location>

      Again, decide what should be accessible from which addresses and what not.

Posted in Uncategorized | Comments Off on Installing Magnolia CMS on JBoss on Ubuntu

How to build a debian package out of the iprint binary RPM

Friday, November 20th, 2009

As it may be of some interest, here is how I build my debian package containing the iprint client. Of course I cannot share the resulting binary, it is commercial software as I understand it.

So first you should get the RPM files yourself, by registering on Novells site and follwing this link.

Then get an empty debian package skeleton provided by me, extract it, and continue reading its README file.

The resulting debian package (I built it last time under Ubuntu Karmic) additionally contains a small Gnome applet wriiten by me, which allows you to control the stat of the iprint-listener (This has to be running, if you want to use iprint).

Even if the package contains the iprint firefox plugin, I don’t expect it to work, at laest it didn’t for me.

But you need this only for adding printers, and I prefer to do this manually anyway.

So how do you install a iPrint printer?

First examine somehow (maybe under Windows) what type of printer you are connecting to, also note its iPrint name, e.g. NAMEOFPRINTER. Then install a local CUPS printer (e.g. choosing a bogus USB interface) using that driver (driver simple means a matching PPD file, so if you get the PPD file, just copy it under /etc/cups/ppd/NAMEOFPRINTER.ppd). Afterwards edit your /etc/cups/printers.conf file, locate the new generted entry for NAMEOFPRINTER, and change the DeviceURI from whatever it is to iprint://SERVER.ADD.RESS/ipp/NAMEOFPRINTER.

Restart CUPS and you are done. If you now print to NAMEOFPRINTER, a login popup should appear, presenting you the (probably wrong guessed) username and asks for username and password.

As stated in my last post, starting with CUPS 1.4.? you need to patch CUPS to accept the incoming request from the iprint client. A patched cups debian package for Ubuntu Karmic can also be found on algepop.net, get it or build your own package out of the source package.

I also added a small Gnome system tray applet which monitors the state of iprint-listener. You can get this iprintman Python applet separately here (it is included in the debian package too).

Posted in Uncategorized | Comments Off on How to build a debian package out of the iprint binary RPM

Novell iprint client on Ubuntu Karmic

Monday, November 16th, 2009

Today I succeded in fixing my novell iprint client setup on Karmic, it was previously running on Ubuntu Hardy, but stopped working after the upgrade.

Karmic comes with CUPS in version 1.4.x, the latest SLED (11) still delivers an rather old iprint rpm dated Oct 2008 and has CUPS 1.3.9.

Obviously something changed in CUPS. After lot of strace, ltrace and log file reading I found the function valid_host in CUPS sources, which checks names allowed to connect via loopback. They are restricted to some versions of “localhost”. The Novell iprint binary connects with “/var/run/cups/cups.sock” set as hostname and therfore fails.

I created a patch for CUPS which (re-?) adds this to the valid_host function and now it works again.

Patch download: http://www.algepop.net/users/alge/fix-for-iprint.dpatch

Copy the patch into the debian/patches subdir of an extracted cups 1.4.x source package, add it to debian/patches/00list (preferably on top) and rebuild your debian package.

EDIT:
Some upgrade changed my printers.conf removing several lines from each printer. without re-adding those printing fails with client-error-document-format-not-supported.

The lines per Printer entry are

Filter application/vnd.cups-raw 0 -
Filter application/vnd.cups-command 0 commandtops
Filter application/vnd.cups-postscript 0 -

Posted in Uncategorized | Comments Off on Novell iprint client on Ubuntu Karmic

X config for Geode based Hercules eCafe EC-800

Sunday, November 15th, 2009

This weekend I had to install Jaunty on an AMD Geode based Hercules eCafe EC-800 netbook.

The problem with the graphics hardware is: The X server always thinks that the display is 800×600 but it is 800×480. So you what ever you do, you cant see the bottom part of the screen. It seems, this has been introduced with Ubuntu Jaunty and continues to be that way in Karmic.

After reading the driver source it turned out, that there are (at least) two versions of AMD Geode graphics hardware: GX and LX.

The GX version accepts a PanelGeometry option, where you can specify the panel size in pixels. Most forum posters try to use this without success.

The LX version uses a PanelMode option where the ModeLine has to be specified once more. So if you have

Modeline "800x480" 33.45 800 840 968 1056 480 490 492 525 -hsync -vsync

in Section “Monitor” you need

Option "PanelMode" "33450 800 840 968 1056 480 490 492 525"

in Section “Device”. The first parameter is the pixel clock in Hertz followed by the remaining parameters for x and y resolution.

The full working xorg.conf file is here: http://www.algepop.net/users/alge/xorg.conf.eCafe-EC-800

Posted in Uncategorized | Comments Off on X config for Geode based Hercules eCafe EC-800