setting up Apache Tomcat on Oracle Cloud Infrastructure OCI

Goal

Goal of this blog is to setup a basic Apache Tomcat Environment and also Tensorflow Machine Learning infrastructure on Oracle Cloud Infrastructure [OCI]

Assumption :

We assume that you have access & administrative rights for OCI environment, 

You have done the following

  • Generate SSH Keys
  • Create VNC and Ubuntu 16.04 Virtual Machine image
  • Create Ubuntu 16.04 Virtual Machine using the created VNC
  • SSH to OCI Ubuntu Instance

Please refer this Blog if you are not sure about this 

Installing Tomcat on Ubuntu 16.04

Just remember the login is NOT as user opc ( holds good for Oracle Linux ) for Ubuntu Images it is ubuntu user

You can also refer this link or follow steps below

D:\BM>ssh -i bm_ssh_key ubuntu@129.213.51.202

Install JDK and Add user group

sudo apt-get update
sudo apt-get install default-jdk
sudo groupadd tomcat
sudo useradd -s /bin/false -g tomcat -d /opt/tomcat tomcat

Copy Apache Tomcat Download Link from Apache Website

Download the Tomcat Zip file and Extract

root@tc:sudo mkdir /opt/tomcat
root@tc:sudo cd /opt/tomcat
root@tc:/opt/tomcat# ls
root@tc:/opt/tomcat# curl -O 
http://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.31/bin/apache-tomcat-8.5.31.zip % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 9901k 100 9901k 0 0 64.2M 0 --:--:-- --:--:-- --:--:-- 64.4M root@tc:/opt/tomcat# ls apache-tomcat-8.5.31.zip root@tc:/opt/tomcat# unzip apache-tomcat-8.5.31.zip Archive: apache-tomcat-8.5.31.zip creating: apache-tomcat-8.5.31/ creating: apache-tomcat-8.5.31/bin/ creating: apache-tomcat-8.5.31/conf/ creating: apache-tomcat-8.5.31/lib/ inflating: apache-tomcat-8.5.31/webapps/manager/status.xsd inflating: apache-tomcat-8.5.31/webapps/manager/xform.xsl .... root@tc:/opt/tomcat# ls apache-tomcat-8.5.31 apache-tomcat-8.5.31.zip root@tc:/opt/tomcat# sudo rm apache-tomcat-8.5.31.zip root@tc:/opt/tomcat# ls

Groups and Permissions

root@tc:/opt/tomcat# pwd
/opt/tomcat
root@tc:/opt/tomcat# cd apache-tomcat-8.5.31/
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo chmod g+x conf
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo chmod -R g+r conf
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo chown -R tomcat webapps/ work/ temp/ logs/
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo update-java-alternatives -l
java-1.8.0-openjdk-amd64       1081       /usr/lib/jvm/java-1.8.0-openjdk-amd64
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo chmod -R +x /opt/tomcat/
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo chmod -R +x /opt/tomcat/apache-tomcat-8.5.31/

Create a systemd Service File

ubuntu@tc:~$ sudo vi /etc/systemd/system/tomcat.service
ubuntu@tc:~$ cat /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64/jre
Environment=CATALINA_PID=/opt/tomcat/apache-tomcat-8.5.31/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat/apache-tomcat-8.5.31
Environment=CATALINA_BASE=/opt/tomcat/apache-tomcat-8.5.31
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/apache-tomcat-8.5.31/bin/startup.sh
ExecStop=/opt/tomcat/apache-tomcat-8.5.31/bin/shutdown.sh

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

Reload Daemon and Start Tomcat

If the service does not start check the permissions section above

root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo systemctl daemon-reload
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo systemctl start tomcat
root@tc:/opt/tomcat/apache-tomcat-8.5.31# sudo systemctl status tomcat
● tomcat.service - Apache Tomcat Web Application Container
   Loaded: loaded (/etc/systemd/system/tomcat.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-06-27 06:55:03 UTC; 38s ago
  Process: 8777 ExecStart=/opt/tomcat/apache-tomcat-8.5.31/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 8786 (java)
    Tasks: 45
   Memory: 110.9M
      CPU: 4.516s
   CGroup: /system.slice/tomcat.service
           └─8786 /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin/java
 -Djava.util.logging.config.file=/opt/tomcat/apache-tomcat-8.5.31/conf/logging.properties 
-Djava.util.logging.manager=org.apache.juli.ClassLoad
Jun 27 06:55:03 tc systemd[1]: Stopped Apache Tomcat Web Application Container.
Jun 27 06:55:03 tc systemd[1]: Starting Apache Tomcat Web Application Container...
Jun 27 06:55:03 tc systemd[1]: Started Apache Tomcat Web Application Container.
Jun 27 06:55:10 tc systemd[1]: Started Apache Tomcat Web Application Container.

root@tc:/opt/tomcat/apache-tomcat-8.5.31#

Open Port 8080 in Security List 

Delete the REJECT All Firewall Rule

ubuntu@tc:~$ sudo systemctl enable tomcat
Created symlink from /etc/systemd/system/multi-user.target.wants/tomcat.service to /etc/systemd/system/tomcat.service.
ubuntu@tc:~$ sudo vi /opt/tomcat/apache-tomcat-8.5.31/conf/tomcat-users.xml
ubuntu@tc:~$ sudo vi /opt/tomcat/apache-tomcat-8.5.31/conf/tomcat-users.xml
ubuntu@tc:~$ sudo vi /opt/tomcat/apache-tomcat-8.5.31/webapps/manager/META-INF/context.xml
ubuntu@tc:~$ sudo systemctl restart tomcat
ubuntu@tc:~$ sudo iptables --list --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED
2    ACCEPT     icmp --  anywhere             anywhere
3    ACCEPT     all  --  anywhere             anywhere
4    ACCEPT     udp  --  anywhere             anywhere             udp spt:ntp
5    ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh
6    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    BareMetalInstanceServices  all  --  anywhere             link-local/16

Chain BareMetalInstanceServices (1 references)
...
removing this rule */ reject-with icmp-port-unreachable
ubuntu@tc:~$ sudo iptables -D INPUT 6
ubuntu@tc:~$ sudo netfilter-persistent save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables save
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables save
ubuntu@tc:~$ sudo netfilter-persistent reload
run-parts: executing /usr/share/netfilter-persistent/plugins.d/15-ip4tables start
run-parts: executing /usr/share/netfilter-persistent/plugins.d/25-ip6tables start
ubuntu@tc:~$ sudo systemctl restart tomcat
ubuntu@tc:~$ sudo systemctl status tomcat
● tomcat.service - Apache Tomcat Web Application Container
   Loaded: loaded (/etc/systemd/system/tomcat.service; enabled; vendor preset: enabled)
   Active: active (running) since Wed 2018-06-27 07:43:52 UTC; 9s ago
  Process: 1611 ExecStop=/opt/tomcat/apache-tomcat-8.5.31/bin/shutdown.sh (code=exited, status=0/SUCCESS)
  Process: 1643 ExecStart=/opt/tomcat/apache-tomcat-8.5.31/bin/startup.sh (code=exited, status=0/SUCCESS)
 Main PID: 1655 (java)
    Tasks: 47
   Memory: 110.6M
      CPU: 4.449s
   CGroup: /system.slice/tomcat.service
           └─1655 /usr/lib/jvm/java-1.8.0-openjdk-amd64/jre/bin/java -Djava.
.. Jun 27 07:43:52 tc systemd[1]: Starting Apache Tomcat Web Application Container... Jun 27 07:43:52 tc systemd[1]: Started Apache Tomcat Web Application Container.

Restart VM Machine if required, since we changed lots of stuff

Once you start VM and Tomcat then

Reality Check

PublicIp:8080/

Enabling Manager GUI

Edit tomcat-users.xml , set password for tomcat user

sudo vi /opt/tomcat/apache-tomcat-8.5.31/conf/tomcat-users.xml
..  
  role rolename="tomcat"/ 
  role rolename="role1"/
  user username="tomcat" password="tomcat" roles="tomcat"/
  user username="both" password="tomcat" roles="tomcat,role1"/
  user username="role1" password="tomcat" roles="role1"/
  user username="admin" password="tomcat" roles="manager-gui,admin-gui"/ 

Ensure that there are no IP restrictions for manager Webapp

 sudo vi /opt/tomcat/apache-tomcat-8.5.31/webapps/manager/META-INF/context.xml
Comment or remove this one below
Valve className="org.apache.catalina.valves.RemoteAddrValve" 
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1"  

Restart Apache Tomcat , Access the following link http://public-ip:8080/maanger