Deployment Question from the Excellent Docs at: 'dacurry-tns.github.io'
27 views
Skip to first unread message
Jann Malenkoff
May 9, 2018, 8:29:54 PM5/9/18
to CAS Community
I've been following the excellent CAS installation examples at https://dacurry-tns.github.io/deploying-apereo-cas/building_server_install-and-test-the-cas-application.html
I have added our local setting for 'cas.properties' & 'log4j2.xml' in '/opt/workspace/cas-overlay-template/etc/cas/config'
However I didn't quite understand the following:
casdev-master# cd /opt/workspace/cas-overlay-template
casdev-master# tar czf /tmp/cassrv-files.tgz --owner=root --group=tomcat --mode=g-w,o-rwx etc/cas -C target cas --exclude cas/META-INFVia above there is no build of the CAS war -- how will it pick up our locals settings in our local setting for 'cas.properties' & 'log4j2.xml' in '/opt/workspace/cas-overlay-template/etc/cas/config'?
David Curry
May 9, 2018, 8:59:59 PM5/9/18
to cas-...@apereo.org
In my configuration (which is essentially what this guide is describing), I use an external Tomcat, not the embedded one. So, my setup follows the Tomcat hardening guidelines, which recommend deploying exploded directories rather than WAR files. See the section on installing Tomcat (under Setting up the environment) for more info on this.
The "tar" command bundles up the contents of the "target/cas" directory, which is what would end up in the WAR file anyway, and also your "etc/cas/config" files.The other options just set things up so when the files are extracted they're owned by the right user and group and have the right permissions.
Read ahead to the next section on the page (the installation shell script) and you'll see where the script extracts the application into "/var/lib/tomcat" ("/opt/tomcat/latest/webapps") and your config files into "/etc/cas/config".
So there's no WAR file to deploy, because it's not needed in the external Tomcat setup. If you really want one Maven builds it and leaves it in the "target" directory, but it's still going to expect the config files to be in "/etc/cas/config", not inside the WAR file.
--Dave
David A. Curry, CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, NY 10003
+1 212 229-5300 x4728 ~ david...@newschool.edu
Sent from my phone; please excuse typos and inane auto-corrections.
David A. Curry, CISSP
Director of Information Security
The New School - Information Technology
71 Fifth Ave., 9th Fl. ~ New York, NY 10003
+1 212 229-5300 x4728 ~ david...@newschool.edu
Sent from my phone; please excuse typos and inane auto-corrections.
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+u...@apereo.org.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/333a5108-6045-4249-826f-af1c49e78466%40apereo.org.
Jann Malenkoff
May 9, 2018, 9:24:09 PM5/9/18
to CAS Community
Thanks David --- for all your work on the documentation and reply below -- very much appreciated.
For historical reasons, we plan to go with a WAR and place it in /opt/tomcat/webapps
Our sys admin prefers an Apache HTTPD front-end and standalone tomcat as is (this is the only part we are diverting from your docs).
To build a WAR.....do we run './build.sh package' at '/opt/workspace/cas-overlay-template'?
I don't see the WAR having the configurations we added in '/opt/workspace/cas-overlay-template/etc'
Spending many hours in fron of the computer --- my apologies if I am less than coherent.
David Curry
May 9, 2018, 10:01:02 PM5/9/18
to cas-...@apereo.org
You can probably use build.sh; I don't use it myself, so I'm not sure of its usage or what else it does for you (I believe it copies the config files into place, etc.). Personally I just use "./mvnw clean package" and then my own scripts, since I'm using the external Tomcat and deploying on multiple servers.
The WAR will not have the config files from cas-overlay-template/etc/cas in it; the default setup from GitHub, even with embedded Tomcat, expects them to be outside the WAR in /etc/cas. I suppose you could set things up to put them in the WAR, but you'd need to shuffle some things around in the overlay (move etc/cas into src/main/<something>) and maybe make some changes to the build instructions in pom.xml. I've never done this myself, but maybe someone else on the list has.
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/0970a406-025e-45f8-a846-89af17e29e7d%40apereo.org.
Andy Ng
May 11, 2018, 9:31:54 AM5/11/18
to CAS Community
Hi Jann,
build.sh is what you are looking for, as documented in the overlay github https://github.com/apereo/cas-overlay-template (which I think is where you get the command from anyway).
build.sh is what you are looking for, as documented in the overlay github https://github.com/apereo/cas-overlay-template (which I think is where you get the command from anyway).
I am also deploying using WAR in Tomcat for my setup. And based on my experience, WAR to Tomcat using build.sh would work without any additional configuration.
Of course just like what David said, "./mvnw clean package" is going to be fine most likely. However, the build.sh will do a little bit more things other than just mvnw clean package, as seen here "https://github.com/apereo/cas-overlay-template/blob/5.1/build.sh".
So... just see which one is working and use that one.
Cheers!
- Andy
Jann Malenkoff
May 11, 2018, 3:09:43 PM5/11/18
to CAS Community
Thanks Andy!
It took me some time to wrap my head around this - your post sparked the direction --- I think I userstand now :)
./build.sh package --- generates the war (configuration is picked up from '/etc/cas/config' --- relative to the cas-overlay)
When cas.war is expanded in tomcat: '/opt/tomcat/webapps/cas' -- the configuration files are in '/opt/tomcat/webapps/cas/etc/config'.
Did I understand above correctly?
It took me some time to wrap my head around this - your post sparked the direction --- I think I userstand now :)
./build.sh package --- generates the war (configuration is picked up from '/etc/cas/config' --- relative to the cas-overlay)
When cas.war is expanded in tomcat: '/opt/tomcat/webapps/cas' -- the configuration files are in '/opt/tomcat/webapps/cas/etc/config'.
Did I understand above correctly?
Ray Bon
May 11, 2018, 7:34:17 PM5/11/18
to cas-...@apereo.org
Jann,
Are you running on Windows?
On a unix like system, /etc is in the root of the file system, not relative to tomcat.
The build script attempts to copy some files to this folder. It is not writable by a 'normal' user. You can create the folder (sudo mkdir -p /etc/cas/config) and change its ownership (sudo chown userrunningbuild:userrunningbuild /etc/cas/config) or you
can change the config location (how has slipped my mind at the moment). The second option may involve changing build.sh to copy to the new location.
Ray
-- Ray Bon Programmer analyst Development Services, University Systems 2507218831 | CLE 019 | rb...@uvic.ca
Andy Ng
May 11, 2018, 9:57:22 PM5/11/18
to CAS Community
Hi Jann,
Pretty sure by default, configuration path is not relative, instead is absolute path.
So "'/opt/tomcat/webapps/etc/cas/config" is not right, instead is "/etc/cas/config".
But either way, you can try both on your own, and see which one is correct.
Cheers!
- Andy
Reply all
Reply to author
Forward
0 new messages