Installation of XNAT on redhat 8

[Anders Tisell]

Hello XNAT users I hope I also will be a user soon, but right now I have some troubles setting up an XNAT server. 

I have a server running REDhat 8, Apache-tomcat-8.5.76, PSQL 10.17, JAVA 8 (open JDK). 

We have followed the instructions at 

https://wiki.xnat.org/documentation/getting-started-with-xnat/xnat-installation-guide

and installed the prerequisites according to:

https://wiki.xnat.org/documentation/getting-started-with-xnat/xnat-installation-guide/prerequisites-for-installing-xnat#PrerequisitesforInstallingXNAT-systemd

However, since we could not use the recommended versions ie. we have RedHat 8 and tomcat 8 not 7. Thus, we adapted our installation as good as we could. But probably something went wrong here. E.g we did not have a /etc/tomcat7/tomcat7.conf file.  

Should this be created manual and if so where do we place the file? (Our tomcat path is in /opt/)

When we start psql we see in the log that we have the error :

2022-05-02 15:44:48,998 [localhost-startStop-1] ERROR org.hibernate.tool.hbm2ddl.SchemaUpdate - HHH000319: Could not get database metadata

java.sql.SQLException: Cannot create PoolableConnectionFactory (FATAL: Ident authentication failed for user "xnat")

        at org.apache.commons.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:2294)

        at org.apache.commons.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:2039)

Any suggestion on what to fix? 

Best regards 

Anders 

[Richard Cole]

Have installed XNAT ( xnat-web-1.8.3.war and xnat-web-1.8.4.1.war  ) on Rocky 8.5 with Apache-Tomcat 9.0.48, Postgres 12.7,  and JAVA 1.8.0_292

Look at these few things that may help.. I suspect #3 is what you are lacking..

1: XNAT Database & User Setup Information
su postgres
bash-4.4$ cd
bash-4.4$ pwd
/var/lib/pgsql
bash-4.4$ createuser -U postgres -S -D -R -P xnatuser
Enter password for new role:
Enter it again:
bash-4.4$ createdb -U postgres -O xnatuser xnatdb
bash-4.4$ psql xnatdb
psql (12.7)
Type "help" for help.
xnatdb=# alter user xnatuser with password 'xnatuserpasswd';
ALTER ROLE
xnatdb=# \q
bash-4.4$ exit
systemctl restart postgresql-12

2: Create the xnat-conf.properties file
cd /xnat/home/config/
touch xnat-conf.properties
nano xnat-conf.properties
datasource.driver=org.postgresql.Driver
datasource.url=jdbc:postgresql://localhost/xnatdb
datasource.username=xnatuser
datasource.password=xnatuserpasswd

hibernate.dialect=org.hibernate.dialect.PostgreSQL9Dialect
hibernate.hbm2ddl.auto=update
hibernate.show_sql=false
hibernate.cache.use_second_level_cache=true
hibernate.cache.use_query_cache=true

3: Config Tomcat with “XNAT.HOME” settings
nano /opt/tomcat/bin/catalina.sh
CATALINA_OPTS="$CATALINA_OPTS -Dxnat.home=/xnat/home”

These are steps I used, there may be other ways to configure as well..

Hope it helps

--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/eeafc183-4e68-4ef9-b477-5e3e05a4b6f5n%40googlegroups.com.

[Herrick, Rick]

The issue isn’t with XNAT, it’s with your PostgreSQL configuration. There’s a file called pg_hba.conf in your database configuration that controls how authentication is done based on factors like the particular database instance, the user, how the user is accessing the database, e.g. local (via Unix socket), host (TCP), where the connection is coming from, etc. (connections from XNAT to the database always use host connections).

 

However that’s configured, the role specified for the XNAT database credentials is resolving so that PostgreSQL is using ident authentication and for whatever reason that’s failing. This is okay though because you shouldn’t be using ident authentication anyway!

 

The drawback of this procedure is that it depends on the integrity of the client: if the client machine is untrusted or compromised, an attacker could run just about any program on port 113 and return any user name they choose. This authentication method is therefore only appropriate for closed networks where each client machine is under tight control and where the database and system administrators operate in close contact. In other words, you must trust the machine running the ident server. Heed the warning:

 

The Identification Protocol is not intended as an authorization or access control protocol.--RFC 1413

 

The best way to configure your connection is password authentication using scram-sha-256 or md5. You can add that to your pg_hba.conf specifically for your XNAT database (this presumes that your database is named xnat and the user role is xnat: change accordingly if not):

 

host    xnat             xnat             127.0.0.1/24            scram-sha-256

 

Then just restart the database server:

 

systemctl restart postgresql.service

 

And you should be good. You can test this with a simple command:

 

psql --host=localhost --username=xnat --password

 

You should be prompted for your password and then see the command-line interface:

 

# psql --host=localhost --username=xnat --password

Password:

psql (12.10 (Ubuntu 12.10-1.pgdg20.04+1+b1))

SSL connection (protocol: TLSv1.3, cipher: TLS_AES_256_GCM_SHA384, bits: 256, compression: off)

Type "help" for help.

 

xnat=>

 

-- 

Rick Herrick

XNAT Architect/Developer

Computational Imaging Laboratory

Washington University School of Medicine

 

 

From: xnat_di...@googlegroups.com <xnat_di...@googlegroups.com> on behalf of Anders Tisell <andt...@gmail.com>
Date: Thursday, May 5, 2022 at 11:06 AM
To: xnat_discussion <xnat_di...@googlegroups.com>
Subject: [XNAT Discussion] Installation of XNAT on redhat 8

* External Email - Caution *

--

You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to xnat_discussi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/eeafc183-4e68-4ef9-b477-5e3e05a4b6f5n%40googlegroups.com.

 

---

The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.

[Anders Tisell]

Thanks Rick, 

Changing the authentication to  scram-sha-256 solved the problem with the psql. 

But now we seem to have a problem with tomcat getting some error at start up complains about some listeners that fails to start. In the catalina.out it say:

  GNU nano 2.9.8                                                                 catalina.out                                                                          
19-May-2022 10:58:35.370 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version name:   Apache Tomcat/8.5.76
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server built:          Feb 23 2022 17:59:11 UTC
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Server version number: 8.5.76.0
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Name:               Linux
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log OS Version:            4.18.0-305.19.1.el8_4.x86_64
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Architecture:          amd64
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Java Home:             /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.322.b06-2.el8_5$
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Version:           1.8.0_322-b06
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log JVM Vendor:            Red Hat, Inc.
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_BASE:         /opt/apache-tomcat-8.5.76
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log CATALINA_HOME:         /opt/apache-tomcat-8.5.76
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.config.file=/opt/tomcat/conf/logg$
19-May-2022 10:58:35.371 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoad$
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webr$
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dorg.apache.catalina.security.SecurityListener.UMASK$
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dxnat.home=/data/xnat/home
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dignore.endorsed.dirs=
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.base=/opt/tomcat
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Dcatalina.home=/opt/tomcat
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -Djava.io.tmpdir=/opt/tomcat/temp
19-May-2022 10:58:35.372 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The Apache Tomcat Native library which allows using OpenSSL was not f$
19-May-2022 10:58:35.422 INFO [main] org.apache.coyote.AbstractProtocol.init Initializing ProtocolHandler ["http-nio-8080"]
19-May-2022 10:58:35.450 INFO [main] org.apache.catalina.startup.Catalina.load Initialization processed in 385 ms
19-May-2022 10:58:35.481 INFO [main] org.apache.catalina.core.StandardService.startInternal Starting service [Catalina]
19-May-2022 10:58:35.481 INFO [main] org.apache.catalina.core.StandardEngine.startInternal Starting Servlet engine: [Apache Tomcat/8.5.76]
19-May-2022 10:58:35.504 INFO [localhost-startStop-1] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/opt/apache-tomcat-8.5.76/web$
19-May-2022 10:58:41.788 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable$
19-May-2022 10:58:47.773 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal One or more listeners failed to start. Full details will$
19-May-2022 10:58:47.778 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.startInternal Context [/xnat] startup failed due to previous errors
19-May-2022 10:58:47.815 WARNING [localhost-startStop-1] org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web application [xnat] appears to $ java.net.PlainSocketImpl.socketConnect(Native Method)
 java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
 java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)

And the localhost.log say 

GNU nano 2.9.8                                                           localhost.2022-05-19.log                                                                    
19-May-2022 10:58:42.075 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log 2 Spring WebApplicationInitializers detected on classpath
19-May-2022 10:58:42.182 INFO [localhost-startStop-1] org.apache.catalina.core.ApplicationContext.log Initializing Spring root WebApplicationContext
19-May-2022 10:58:47.773 SEVERE [localhost-startStop-1] org.apache.catalina.core.StandardContext.listenerStart Exception sending context initialized event to listener $        org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'updateSecurityFilterHandlerMethod' defined in file [/opt/apach$                at org.springframework.beans.factory.support.ConstructorResolver.createArgumentArray(ConstructorResolver.java:749)
                at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:189)
                at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1196)
                at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1098)
                at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
                at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:481)
                at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:312)
                at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
                at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:308)
                at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:202)
                at org.springframework.context.support.PostProcessorRegistrationDelegate.registerBeanPostProcessors(PostProcessorRegistrationDelegate.java:237)
                at org.springframework.context.support.AbstractApplicationContext.registerBeanPostProcessors(AbstractApplicationContext.java:703)
                at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:527)
                at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:443)
                at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:325)
                at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
                at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4761)
                at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5232)
                at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
                at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:753)
                at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:727)
                at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:695)
                at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:1016)
                at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1903)
                at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
                at java.util.concurrent.FutureTask.run(FutureTask.java:266)
                at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
                at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
                at java.lang.Thread.run(Thread.java:750)
        Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: Error creating bean with name 'org.nrg.xnat.configuration.ApplicationConfig': Unsa$                at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor$

Do you have some idea of how to fix this? 

/Anders  

[Herrick, Rick]

No idea how to fix it because the log messages are incomplete. Can you reply with the localhost log attached? Also, have a look at the XNAT logs in the folder ${xnat.home}/logs and attach any relevant log messages from there.

 

The easiest way to do the latter is the following:

 

• Shut down Tomcat
• Delete or move all files from ${xnat.home}/logs
• Start Tomcat
• Wait until start-up completes

 

Now look through the logs for any error or warning messages. Most likely you’re going either to see nothing–because whatever’s failing is failing before XNAT ever starts logging (although I doubt that, since that message is coming from ApplicationConfig, at which point logging should be initialized)–or something that likely contains the same error messages you see in the Tomcat localhost log. If there is something, send that as well.

To view this discussion on the web visit https://groups.google.com/d/msgid/xnat_discussion/849a18fc-eef9-4775-8b41-4cef97a7744bn%40googlegroups.com.

[Anders Tisell]

Thanks Rick, I deleted the old logfiles and restarted tomcat. This are the new logs I got. The application.log and spring.log are from the xnat/home/logs folder. The catalina.out and localhost.log are from tomcat/logs. 

/Anders

[Christopher Sayre]

Hey Anders, 

Looks like there is still something going on with the DB. Can you post your pg_hba.conf file? Or have you gotten this working? 

[Anders Tisell]

We have not got this working jet so pleas look at the pg_hba file if there seems to be any problems with our alterations. 

Best regards Anders