Loose Setup Instructions:
=========================

This guide is intended as a rough log of what it took to take my (mainly
vanilla) Redhat 7.3 (Valhalla) box from virginal to ready for the purposes of
NYUMAD. Caveat emptor, you may have to do more/other things to get workable
results, but with that in mind, enjoy!

-----

1. Security

Ensure your system is patched with the most recent versions of whatever public services you use. If you have a system administrator responsible for the box you will be running this on, then it is probably his/her responsibility to ensure your machine is properly up-to-date security wise. If not, it is *YOUR* responsibility to make sure your machine isn't running vulnerable/outdated services, the reason for this being that most modern internet virii/worms make use of known vulnerabilities to compromise hosts and spread themselves. If you don't want to become the internet equivalent of the virus-infested biohazard waste bin on the corner, do your homework and keep your machine patched. If you're using a Redhat distribution, RH issues security errata and advisories that you should follow and heed regularly (if not religiously). Redhat has a convenient system for updating your box called "up2date"; run regularly, this should inform you of any pressing new security releases and their respective downloads for your system.

In my case, a recent vulnerability entailed upgrading my ssh server. I did not use up2date, but looked online at the Redhat Networks Errata page, rhn.redhat.com/errata, and downloaded the appropriate rpm's for my distribution.

2. Non-root users

Create a non-root user for your use when not doing superuser tasks. Use the root user only when you must, as root can take a system from working to trashed in less than 7 well-chosen keystrokes.

# useradd -d <user's new home directory> <username>
# passwd <username>

These two commands should do the trick.

3. Get java.

Head over to java.sun.com, and navigate your way to J2SE (Java 2 Standard Edition, *NOT* Enterprise Edition). What you will need is a copy of the Java Developers Kit (J2SDK/JDK) 1.4 or greater for the linux operating system. At the time of this writing, the newest available JDK was 1.4.2_01, but this will undoubtably increment as time goes on. Unless otherwise noted in the release notes of the NYUMad platform, *minor* JDK revisions should be acceptable, however *major* revisions will probably break things. An example to save a thousand words:

1.4.x_xx       => the primary, preferred versions look like this. They should all (probably) work.
1.3.xx or less => will *not* work. Don't bother with this, get a 1.4 JDK.
1.5            => the next release of java, not yet out at the time of this writing. Will probably break things.

If you're running a redhat system, grab the "RPM" version of the JDK, otherwise just get the regular "Linux self-extracting file" instead. Save it somewhere. The following commands are intended for the redhat audience, others must summon their local guru to do things right. As root, do the following in the directory where you saved the sdk file:

# chmod a+x j2sdk-1_4_2_01-linux-i586-rpm.bin
# ./j2sdk-1_4_2_01-linux-i586-rpm.bin

Note that the filenames may be different depending on the version number.

You will be greeted by 3 screenfuls of Sun Microsystem's java legalese. Say "yes" to proceed when prompted. After some more chatter, you will have a prompt again. Now:

# rpm -I j2sdk-1_4_2_01-linux-i586-rpm

will install the JDK, on my machine it deposits the JDK in /usr/java/j2sdk1.4.2_01. Still as root, you now need to add the JDK's bin directory to your path, and declare a new environment variable, JDK_HOME. As root, fire up your favorite editor and point it at /etc/profile. Inside, add the following lines:

export PATH=$PATH:/usr/java/j2sdk1.4.2_01/bin
export JDK_HOME=/usr/java/j2sdk1.4.2_01

Log out. Log back in. Verify that you've succeeded by typing the following commands:

# which java
/usr/java/j2sdk1.4.2_01/bin/java
# echo $JAVA_HOME
/usr/java/j2sdk1.4.2_01

if your output doesn't look very similar to mine, you've messed up. Don't proceed until you've got it working.

4. Get Postgresql

This is a pretty involved process, and even these instructions pale before what you should really do: read the (terse) original documentation and Do The Right Thing For Your System.

Head over to www.postgresql.org, and fish around for the download links. Choose a mirror, and navigate to the binary release of the latest stable version (7.3.4 at the time of this writing). Inside, grab yourself the RPMS appropriate to your distribution:

postgresql
postgresql-libs
postgresql-server

Note that you don't want the .src.rpm -- get the binary one, ending in .i386.rpm. Install them in the regular fashion, rpm -i <packages>.

After installation, head over to /etc/init.d (as root, still) and type:

# ./postgresql start

You'll see it initializing the database (this happens once only) and starting up postmaster, the postgresql server. If you'd like this to happen at startup automagically, you'll have to add it to whatever runlevels you like -- if the previous statement baffles you, get a sysadmin to do this step for you.

Some salient points that this documentation won't cover:

- The files that postgresql uses must me owned by a user other than root. The standard is a user named "postgres".
- The postgresql server process must be owned by that same user.

To check if your server is running properly, type the following at your root prompt:

# su - postgres
$ psql -l

You should be rewarded with a short list of available databases. Note that you should replace "postgres" in the first command above with the user who owns postgresql from "salient points" above. To return to your root prompt type "logout".

** THE FOLLOWING IS CRITICAL AND THE INSTALL WILL FAIL WITHOUT IT **

Now the tricky stuff: in order for the installation script to run (and for
users to be able to connect from other machines later on) you need to make
some changes to your pg_hba.conf/pg_ident.conf files. These files reside
wherever the postgres home directory is, a common location is under
/var/lib/pgsql or thereabouts.

pg_hba.conf: this file defines access rules, as in "who may connect to the
database for what purpose." To this end, you need to have several lines in
your pg_hba.conf. For a detailed explanation of what each of these means, take
a look at the PostgreSQL administrators' guide (www.postgres.org). My
pg_hba.conf file looks like this once I finished with it:

# TYPE  DATABASE    USER     IP-ADDRESS        IP-MASK           METHOD
local   all         all                                          ident myident
local   all         all                                          md5
local   all         all                                          ident sameuser
host    all         all      0.0.0.0           0.0.0.0           password

This configuration allows remote users to connect as any postgres user with
the correct password. It allows local users to connect as themselves, as others with
a MD5 password, or as specified by the ident mapping myident, which we need to
add to...

pg_ident.conf: this file specifies mappings that essentially mean "treat this
user as another user for the purposes of postgres. Because the postgres
installation initially has only the postgres user, and you need to execute the
install script as root, you need to add the following mappings:

# MAPNAME     IDENT-USERNAME    PG-USERNAME
myident       root              postgres
myident       root              bigdba

Which will allow the root user to do all of the setup work.

5. Getting tomcat

Head over to jakarta.apache.org/tomcat and pull yourself the latest binary release of tomcat. At the time of this writing, it was 4.1.27, and you'd probably do best to get the .tar.gz variant thereof since you're installing on a unix system. Save the file somewhere reasonable and decompress it (as root, of course). You'll end up with a directory named "jakarta-tomcat-4.1.27" or something similar. Move this directory to some reasonable location, say /usr/local:

# mv jakarta-tomcat-4.1.27 /usr/local

So now you should have a directory named /usr/local/jakarta-tomcat-4.1.27. Hurrah! Now, still as root, fire up an editor and edit /etc/profile. Add the following lines:

CATALINA_HOME=/usr/local/jakarta-tomcat-4.1.27
CATALINA_BASE=/usr/local/jakarta-tomcat-4.1.27
export CATALINA_HOME CATALINA_BASE

Save and close that. Open up a new editor, this time you're looking to edit the tomcat-users.xml file that resides at:

<tomcat dir>/conf/tomcat-users.xml

You'll need to define a new user for tomcat's administrative functions. Here's what my tomcat-users.xml file looked like after I edited it:

<tomcat-users>
  <user name="nyumad" password="orange" roles="manager,admin"/>
  <!--  <user name="tomcat" password="tomcat" roles="tomcat" />
  <user name="role1"  password="tomcat" roles="role1"  />
  <user name="both"   password="tomcat" roles="tomcat,role1" />
  -->
</tomcat-users>

Note that I added one user, "nyumad", with roles "manager,admin". Choose a good password of your liking, and notice that I've commented out all of the default users that come with the tomcat distribution as they're both useless and a security risk.

To start tomcat, run <tomcat home>/bin/startup.sh. To have tomcat start automatically on system boot, you'll have to cook up your own startup script in /etc/init.d or whatever is your distribution's version of initscripts.


6. PostgreSQL JDBC drivers

Head over to jdbc.postgresql.org and download the latest JDBC 3 *stable* release. Save it somewhere, and then place a copy in the following location:

<java home>/jre/lib/ext

On my system, this equates to /usr/java/j2sdk1.4.2_01/jre/lib/ext/. This location is always on the java classpath, so this ensures the library is visible to whatever other java apps you have available to you.