This shows you the differences between two versions of the page.
— |
cluster:24 [2007/02/26 07:57] (current) |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | \\ | ||
+ | **[[cluster: | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ===== Daylight Savings Time '07 ===== | ||
+ | |||
+ | ^IF YOU NEED ASSISTANCE PERFORMING THE SUGGESTED ACTIONS FOR LINUX, SOLARIS AND JAVA --- PLEASE EMAIL ACSUNIX@WESLEYAN.EDU --- THE STEPS OUTLINED BELOW ARE ... AT YOUR OWN RISK ...^ | ||
+ | |||
+ | |||
+ | ==== Linux ==== | ||
+ | |||
+ | How to do this will vary from distro to distro, and should be handled by your update mechanism (yum, up2date, aptitude, etc) and distro for you rather easily, but basically you need to update your zoneinfo with the new info (typically / | ||
+ | |||
+ | === Testing === | ||
+ | Several ways to test, but one quick way is this... | ||
+ | |||
+ | < | ||
+ | zdump -v / | ||
+ | </ | ||
+ | If you're good to go you should see this: | ||
+ | |||
+ | < | ||
+ | melson@mugen: | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | melson@mugen: | ||
+ | </ | ||
+ | |||
+ | If you're wrong, you should see this: | ||
+ | < | ||
+ | [root@scan1 root]# zdump -v / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | === Manual RedHat EL === | ||
+ | |||
+ | If you're like us and brilliantly go with a commercial distro where you have to pay to get to the repository in a sane fashion but then don't pay for enough licenses, you may not have the luxury of being able to update easily and instead have to do it manually. | ||
+ | |||
+ | Here are some simple steps: | ||
+ | - Download the most up to date tzdata rpm from redhat - our example here is: tzdata-2006m-3.el3.noarch.rpm | ||
+ | - Install it - rpm -iUv tzdata-2006m-3.el3.noarch.rpm | ||
+ | - Re-run redhat-config-date (RHEL3) or system-config-date. | ||
+ | - Make no changes, just close (this is in the background updating the system) | ||
+ | |||
+ | === Caveats === | ||
+ | If programs/ | ||
+ | |||
+ | ==== Solaris ==== | ||
+ | |||
+ | | ||
+ | |||
+ | U.S. Energy Policy Act of 2005 implements change for the US. Starting in March 2007, DST in the United States will begin on the second Sunday in March and end on the first Sunday in November. | ||
+ | |||
+ | The "U.S. Energy Policy Act of 2005" which goes into effect in 2007 is addressed in the following releases: | ||
+ | |||
+ | < | ||
+ | SPARC Platform | ||
+ | Solaris 8 with patches 109809-02 or later and 108993-52 or later | ||
+ | Solaris 9 with patches 113225-03 or later and 112874-33 or later | ||
+ | Solaris 10 with patches 122032-01 or later and 119689-07 or later | ||
+ | |||
+ | x86 Platform | ||
+ | Solaris 8 with patches 109810-02 or later and 108994-52 or later | ||
+ | Solaris 9 with patches 116545-02 or later and 114432-23 or later | ||
+ | Solaris 10 with patches 122033-01 or later and 121208-03 or later | ||
+ | </ | ||
+ | |||
+ | |||
+ | == Steps to install patches: == | ||
+ | < | ||
+ | 1) download patches from http:// | ||
+ | |||
+ | 2) follow install instruction in the patch README (please note this patch install requires | ||
+ | | ||
+ | | ||
+ | |||
+ | 3) check patch installed ok by issuing following command and look for the latest revision: | ||
+ | alumni:/ | ||
+ | Patch: 109809-01 Obsoletes: | ||
+ | Patch: 109809-03 Obsoletes: | ||
+ | Patch: 109809-04 Obsoletes: | ||
+ | alumni:/ | ||
+ | |||
+ | 4) test if you would like to be sure: | ||
+ | alumni:/ | ||
+ | US/ | ||
+ | US/ | ||
+ | US/ | ||
+ | US/ | ||
+ | US/ | ||
+ | alumni:/ | ||
+ | </ | ||
+ | |||
+ | It is recommended to reboot system after patch install. The zoneinfo database is loaded into the process. The information will not be reloaded until TZ environment variable is changed or process is restarted. In order to ensure that all processes which have loaded the zoneinfo database, reload the new zoneinfo database, is to restart the application/ | ||
+ | |||
+ | ==== Java ==== | ||
+ | |||
+ | |||
+ | **Changes in 2007** | ||
+ | |||
+ | The United States has planned a change to its DST observance beginning in 2007. The Energy Policy Act of 2005 mandates that DST will start on the second Sunday in March and end on the first Sunday in November. In 2007, the start and stop dates will be March 11 and November 4, respectively. These dates are different from previous DST start and stop dates. In 2006, the dates were the first Sunday in April (April 2, 2006) and the last Sunday in October (October 29, 2006). | ||
+ | |||
+ | Some countries are still evaluating whether they will adopt the new rules for themselves. You should anticipate more changes in DST and time zone rules for countries that typically align with U.S. DST rules. | ||
+ | |||
+ | **Problems Affecting Java Applications** | ||
+ | |||
+ | The Java Runtime Environment (JRE) stores rules about DST observance all around the globe. Older JREs will have outdated rules that will be superseded by the Energy Policy Act of 2005. __As a result, applications running on an older JRE may report incorrect time from March 11, 2007 through April 2, 2007 and from October 29, 2007 through November 4, 2007.__ | ||
+ | |||
+ | **Solutions for Java Applications** | ||
+ | |||
+ | __If you are concerned about application failures that may result from these DST changes, you should update your Java Runtime Environment.__ To see which Java platform versions have the correct time rules to handle the DST changes that will affect U.S. time zones in 2007, see the question Which JRE version updates include which versions of the Olson data? in the [[http:// | ||
+ | |||
+ | For version 1.4 or later, you can also use a tool to modify the time zone data within your existing JRE. Get the " | ||
+ | |||
+ | **Read more about it.** | ||
+ | [[http:// | ||
+ | |||
+ | ===== Tomcat Install ===== | ||
+ | |||
+ | Ok, since i recently had to do this //again//, and completely forgot how i did it //before//, i decided to make this a UUG topic. | ||
+ | |||
+ | And, running Tomcat as root is just bad, bad form. | ||
+ | |||
+ | __The objectives for this exercise are__ | ||
+ | |||
+ | * install a server-based servlet manager (Tomcat, part of Apache' | ||
+ | |||
+ | * run both non-SSL and SSL http protocols | ||
+ | |||
+ | * run as non-privileged user (meaning not as root!) | ||
+ | |||
+ | * configured for ports above 1023 (a linux requirement) | ||
+ | |||
+ | * reroute traffic so end users do not encounter these odd ports | ||
+ | |||
+ | * customize the " | ||
+ | |||
+ | __Here is an example of what we want to achieve__ | ||
+ | |||
+ | * https:// | ||
+ | |||
+ | * http:// | ||
+ | |||
+ | |||
+ | __For the impatient: Java & Tomcat binaries for Linux__ | ||
+ | |||
+ | * [[https:// | ||
+ | |||
+ | * [[https:// | ||
+ | |||
+ | |||
+ | ==== Java & Tomcat ==== | ||
+ | |||
+ | To run Tomcat, a servlet manager, you first need to install java. Obtain the java runtime environment from [[http:// | ||
+ | |||
+ | < | ||
+ | |||
+ | root@chloe# which java | ||
+ | / | ||
+ | |||
+ | root@chloe# ls -ld / | ||
+ | lrwxrwxrwx | ||
+ | |||
+ | root@chloe# java -version | ||
+ | java version " | ||
+ | Java(TM) 2 Runtime Environment, | ||
+ | Java HotSpot(TM) Server VM (build 1.5.0_06-b05, | ||
+ | |||
+ | root@chloe# env | grep -i java | ||
+ | JAVA_HOME=/ | ||
+ | |||
+ | </ | ||
+ | |||
+ | Next download Tomcat and unpack in /usr/local for example. | ||
+ | |||
+ | < | ||
+ | |||
+ | #!/bin/sh | ||
+ | |||
+ | export CATALINA_HOME=/ | ||
+ | export JAVA_HOME=/ | ||
+ | |||
+ | if [ " | ||
+ | echo " | ||
+ | exit | ||
+ | fi | ||
+ | |||
+ | if [ $1 = " | ||
+ | su ferrett -c " | ||
+ | exit | ||
+ | fi | ||
+ | |||
+ | if [ $1 = " | ||
+ | su ferrett -c " | ||
+ | exit | ||
+ | fi | ||
+ | |||
+ | </ | ||
+ | |||
+ | I'm runnning Tomcat under UID:GID of ferrett: | ||
+ | |||
+ | |||
+ | |||
+ | ==== Virtual IP & Iptables ==== | ||
+ | |||
+ | Next we need an IP for our Tomcat server. | ||
+ | |||
+ | So, in this example ... eht1, eth0, eth0:4 and our DNS alias for the application. | ||
+ | |||
+ | < | ||
+ | |||
+ | root@chloe# host 10.3.200.71 gwaihir.wesad.wesleyan.edu | ||
+ | 71.200.3.10.in-addr.arpa domain name pointer chloe.wesleyan.private. | ||
+ | |||
+ | root@chloe# host chloe | ||
+ | chloe.wesleyan.edu has address 129.133.6.116 | ||
+ | |||
+ | root@chloe# host chloe4 | ||
+ | chloe4.wesleyan.edu has address 129.133.6.152 | ||
+ | |||
+ | root@chloe# host ferrett | ||
+ | ferrett.wesleyan.edu is an alias for chloe4.wesleyan.edu. | ||
+ | chloe4.wesleyan.edu has address 129.133.6.152 | ||
+ | |||
+ | </ | ||
+ | |||
+ | Since we run Tomcat as a non-privileged user, we need to be on higher ports than 80& | ||
+ | |||
+ | IPtables allows for a variety of packet traffic manipulations. | ||
+ | |||
+ | < | ||
+ | |||
+ | ### edit the iptables file ### | ||
+ | [root@chloe ~]# vi / | ||
+ | |||
+ | ### add the following 4 lines ### | ||
+ | *nat | ||
+ | -A PREROUTING -d 129.133.6.152 -p tcp --dport 80 -j DNAT --to 129.133.6.152: | ||
+ | -A PREROUTING -d 129.133.6.152 -p tcp --dport 443 -j DNAT --to 129.133.6.152: | ||
+ | COMMIT | ||
+ | |||
+ | ### conditionally restart the network ### | ||
+ | [root@chloe ~]# / | ||
+ | Flushing firewall rules: | ||
+ | Setting chains to policy ACCEPT: nat filter | ||
+ | Unloading iptables modules: | ||
+ | Applying iptables firewall rules: | ||
+ | |||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== Tomcat Configurations ==== | ||
+ | |||
+ | Almost there. | ||
+ | |||
+ | < | ||
+ | |||
+ | ### edit the tomcat config file ### | ||
+ | [root@chloe]# | ||
+ | |||
+ | ### change this section ### | ||
+ | |||
+ | <!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --> | ||
+ | |||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | /> | ||
+ | |||
+ | <!-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 --> | ||
+ | |||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | /> | ||
+ | |||
+ | </ | ||
+ | |||
+ | The SSL Connector refers to a " | ||
+ | |||
+ | < | ||
+ | |||
+ | / | ||
+ | -in / | ||
+ | | ||
+ | |||
+ | </ | ||
+ | |||
+ | Make sure the server can read the keystore.pkcs12 file in terms of permissions. **Do not store your *.crt and *.key underneath your server**. | ||
+ | |||
+ | Allright. Start the Tomcat server with your script ''/ | ||
+ | |||
+ | < | ||
+ | |||
+ | [root@chloe]# | ||
+ | |||
+ | Using CATALINA_BASE: | ||
+ | Using CATALINA_HOME: | ||
+ | Using CATALINA_TMPDIR: | ||
+ | Using JAVA_HOME: | ||
+ | |||
+ | [root@chloe]# | ||
+ | |||
+ | COMMAND | ||
+ | java 3502 ferrett | ||
+ | |||
+ | [root@chloe]# | ||
+ | |||
+ | COMMAND | ||
+ | java 3502 ferrett | ||
+ | |||
+ | [root@chloe]# | ||
+ | |||
+ | ... | ||
+ | ... | ||
+ | INFO: Starting Coyote HTTP/1.1 on http-7780 | ||
+ | Feb 19, 2007 11:23:31 PM org.apache.coyote.http11.Http11Protocol start | ||
+ | INFO: Starting Coyote HTTP/1.1 on http-7781 | ||
+ | Feb 19, 2007 11:23:31 PM org.apache.jk.common.ChannelSocket init | ||
+ | INFO: JK2: ajp13 listening on / | ||
+ | Feb 19, 2007 11:23:31 PM org.apache.jk.server.JkMain start | ||
+ | INFO: Jk running ID=0 time=17/ | ||
+ | Feb 19, 2007 11:23:31 PM org.apache.catalina.startup.Catalina start | ||
+ | INFO: Server startup in 55 ms | ||
+ | |||
+ | </ | ||
+ | |||
+ | Looks good. Connect to it. | ||
+ | |||
+ | * http:// | ||
+ | * https:// | ||
+ | |||
+ | If the iptables redirect is working you'll see the Tomcat welcome page. Try under SSL. | ||
+ | |This guy in top-left corner|{{: | ||
+ | Unless you've done the next step, ofcourse. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | ==== More Tomcat Configurations ==== | ||
+ | |||
+ | By default the Tomcat informational page shows up as the ROOT web application. | ||
+ | |||
+ | Copy this file into ''/ | ||
+ | |||
+ | * [[http:// | ||
+ | |||
+ | That's no fun. | ||
+ | |||
+ | Next traverse to ''/ | ||
+ | |||
+ | '' | ||
+ | < | ||
+ | |||
+ | < | ||
+ | |||
+ | | ||
+ | root so we can have it but use a different application as root. | ||
+ | |||
+ | | ||
+ | |||
+ | |||
+ | < | ||
+ | | ||
+ | |||
+ | < | ||
+ | < | ||
+ | prefix=" | ||
+ | | ||
+ | | ||
+ | |||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | '' | ||
+ | < | ||
+ | <!-- | ||
+ | |||
+ | | ||
+ | |||
+ | | ||
+ | |||
+ | |||
+ | < | ||
+ | | ||
+ | |||
+ | < | ||
+ | < | ||
+ | prefix=" | ||
+ | | ||
+ | | ||
+ | |||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | **Stop and Start Tomcat** | ||
+ | |||
+ | Now load | ||
+ | |||
+ | * http:// | ||
+ | |||
+ | * http:// | ||
+ | |||
+ | * http:// | ||
+ | |||
+ | |||
+ | ====== | ||
+ | |||
+ | |||
+ | |||
+ | \\ | ||
+ | prepared for the UUG meeting of [[cluster: | ||
+ | \\ | ||
+ | \\ | ||
+ | **[[cluster: |