Difference between revisions of "ParaViewWeb with system tomcat package"

From KitwarePublic
Jump to navigationJump to search
 
(13 intermediate revisions by the same user not shown)
Line 4: Line 4:
  
 
The tomcat package that come inside the system package of a Linux distribution, has two limitation that needs to be managed in order to run ParaViewWeb on it.
 
The tomcat package that come inside the system package of a Linux distribution, has two limitation that needs to be managed in order to run ParaViewWeb on it.
The first one is related to the fact that the system tomcat do not start in a run-level that has a server X which force or ParaView to not use the screen and therefore the GPU. For that special case, ParaView needs to be compiled with OSMesa.
+
The first one is related to the fact that the system tomcat do not start in a run-level that has a server X which force ParaView to not use X and/or the GPU. For that special case, ParaView needs to be compiled with OSMesa.
The second limitation is because of some security setting that prevent any web application to read/write anywhere on the disk or execute command lines.
+
The second limitation is due to some security setting that prevent any web application to read/write on the disk or execute command lines. We will provide the list of the rules that needs to be bend.
  
 
== Compiling ParaView with OSMesa ==
 
== Compiling ParaView with OSMesa ==
Line 30: Line 30:
  
 
=== Compile ParaView ===
 
=== Compile ParaView ===
 +
 +
PARAVIEWWEB_INSTALL : Absolute path where ParaViewWeb will be installed
 +
PARAVIEWWEB_SOURCE : Path of the ParaViewWeb source fetch from git.
 +
 +
> ccmake PARAVIEWWEB_SOURCE
  
 
  BUILD_SHARED_LIBS          ON
 
  BUILD_SHARED_LIBS          ON
 
  CMAKE_BUILD_TYPE          Debug
 
  CMAKE_BUILD_TYPE          Debug
  CMAKE_INSTALL_PREFIX      /home/seb/Kitware/Projects/ParaView4/install-osmesa
+
  CMAKE_INSTALL_PREFIX      PARAVIEWWEB_INSTALL
 
  PARAVIEW_BUILD_QT_GUI      OFF
 
  PARAVIEW_BUILD_QT_GUI      OFF
 
  PARAVIEW_ENABLE_PYTHON    ON
 
  PARAVIEW_ENABLE_PYTHON    ON
 
  VTK_OPENGL_HAS_OSMESA      ON
 
  VTK_OPENGL_HAS_OSMESA      ON
 
+
  OSMESA_INCLUDE_DIR        /home/seb/Kitware/Projects/OSMesa/install/include/
+
  OSMESA_INCLUDE_DIR        /.../OSMesa/install/include/
  OSMESA_LIBRARY            /home/seb/Kitware/Projects/OSMesa/install/lib/libOSMesa.so
+
  OSMESA_LIBRARY            /.../OSMesa/install/lib/libOSMesa.so
 
  VTK_USE_OFFSCREEN          ON
 
  VTK_USE_OFFSCREEN          ON
 
  VTK_USE_X                  OFF
 
  VTK_USE_X                  OFF
 
+
 
  OPENGL_INCLUDE_DIR
 
  OPENGL_INCLUDE_DIR
 
  OPENGL_gl_LIBRARY
 
  OPENGL_gl_LIBRARY
 
  OPENGL_glu_LIBRARY
 
  OPENGL_glu_LIBRARY
 
  OPENGL_xmesa_INCLUDE_DIR  OPENGL_xmesa_INCLUDE_DIR-NOTFOUND
 
  OPENGL_xmesa_INCLUDE_DIR  OPENGL_xmesa_INCLUDE_DIR-NOTFOUND
 +
 +
> make
 +
> make install
  
 
== Configuring Tomcat ==
 
== Configuring Tomcat ==
Line 82: Line 90:
 
  cp PARAVIEWWEB_INSTALL/lib/* bin
 
  cp PARAVIEWWEB_INSTALL/lib/* bin
 
  cp -r PARAVIEW_INSTALL/lib/paraview-X.XX/* bin
 
  cp -r PARAVIEW_INSTALL/lib/paraview-X.XX/* bin
  cp OSMesa_INSTALL/lib/*.so bin
+
  cp /.../OSMesa/insatll/lib/*.so bin
 
  touch bin/PWServer.sh
 
  touch bin/PWServer.sh
 
  chmod +x bin/PWServer.sh
 
  chmod +x bin/PWServer.sh
Line 156: Line 164:
  
 
  [...]
 
  [...]
  # Use the Java security manager? (yes/no)
+
  JSVC_CLASSPATH="/usr/share/java/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar:/usr/share/tomcat6/lib/:/var/lib/tomcat6/paraviewweb-work/classpath:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar"
TOMCAT6_SECURITY=no
 
 
  [...]
 
  [...]
JSVC_CLASSPATH="/usr/share/java/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar:/usr/share/tomcat6/lib/:/var/lib/tomcat6/paraviewweb-work/classpath:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar"
+
 
 +
=== Configure Java Security Manager ===
 +
 
 +
edit the file /var/lib/tomcat6/conf/policy.d/03catalina.policy
 +
 
 
  [...]
 
  [...]
 +
// Allow the embedded database to work just fine
 +
grant codeBase "file:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar" {
 +
        permission java.security.AllPermission;
 +
};
 +
 +
edit the file /var/lib/tomcat6/conf/policy.d/04webapps.policy
 +
 +
grant {
 +
    [...]
 +
 +
    // ParaViewWeb Add-on -----------------------------
 +
 +
    // System configuration
 +
    permission java.util.PropertyPermission "*", "read,write";
 +
   
 +
    // Working dir
 +
    permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/-", "read,write,delete";
 +
    permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work", "read";
 +
 +
    // Hibernate
 +
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
 +
 +
    // JMS connection
 +
    permission java.net.SocketPermission "127.0.0.1:61616", "connect,resolve";
 +
 +
    // PWserver launcher
 +
    permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh", "execute";
 +
 
 +
    // For the shuttle sample
 +
    permission java.lang.RuntimePermission "getClassLoader";
 +
    permission java.net.SocketPermission "YOUR_HOSTNAME:80";
 +
 +
    // Flash renderer
 +
    permission javax.management.MBeanServerPermission "createMBeanServer";
 +
    permission javax.management.MBeanPermission "flex.management.runtime.*", "registerMBean";
 +
    permission javax.management.MBeanTrustPermission "register";
 +
};

Latest revision as of 13:13, 3 June 2011

ParaViewWeb


Introduction

The tomcat package that come inside the system package of a Linux distribution, has two limitation that needs to be managed in order to run ParaViewWeb on it. The first one is related to the fact that the system tomcat do not start in a run-level that has a server X which force ParaView to not use X and/or the GPU. For that special case, ParaView needs to be compiled with OSMesa. The second limitation is due to some security setting that prevent any web application to read/write on the disk or execute command lines. We will provide the list of the rules that needs to be bend.

Compiling ParaView with OSMesa

This will allow ParaView and therefore ParaViewWeb to work on an headless server. (No GPU, no server X)

System dependency

apt-get install xutils-dev

Compile OSMesa

mkdir OSMesa
cd OSMesa
mkdir install
wget ftp://ftp.freedesktop.org/pub/mesa/7.10.2/MesaLib-7.10.2.tar.gz
tar xvfz MesaLib-7.10.2.tar.gz
cd MesaLib-7.10.2
./configure --with-driver=xlib --disable-gallium --disable-egl --disable-glw --enable-gl-osmesa --prefix=../install
make
make install

Compile ParaView

PARAVIEWWEB_INSTALL : Absolute path where ParaViewWeb will be installed PARAVIEWWEB_SOURCE : Path of the ParaViewWeb source fetch from git.

> ccmake PARAVIEWWEB_SOURCE
BUILD_SHARED_LIBS          ON
CMAKE_BUILD_TYPE           Debug
CMAKE_INSTALL_PREFIX       PARAVIEWWEB_INSTALL
PARAVIEW_BUILD_QT_GUI      OFF
PARAVIEW_ENABLE_PYTHON     ON
VTK_OPENGL_HAS_OSMESA      ON

OSMESA_INCLUDE_DIR         /.../OSMesa/install/include/
OSMESA_LIBRARY             /.../OSMesa/install/lib/libOSMesa.so
VTK_USE_OFFSCREEN          ON
VTK_USE_X                  OFF

OPENGL_INCLUDE_DIR
OPENGL_gl_LIBRARY
OPENGL_glu_LIBRARY
OPENGL_xmesa_INCLUDE_DIR   OPENGL_xmesa_INCLUDE_DIR-NOTFOUND
> make
> make install

Configuring Tomcat

This explanation are based on an Ubuntu Linux distribution, so some explanation may need to be adjusted.

Installing tomcat

apt-get install tomcat6 sun-java6-jdk

Tomcat get installed in

  • /usr/share/tomcat6

and the web applications are located in

  • /var/lib/tomcat6/webapps

Deploying ParaViewWeb applications into tomcat

[as root]
cp PARAVIEWWEB_INSTALL/Web-apps/*.war /var/lib/tomcat6/webapps
cd /var/lib/tomcat6/webapps
chown -R tomcat6 PW*

Creating a ParaViewWeb working directory

[as root]
cd /var/lib/tomcat6
mkdir paraviewweb-work
cd paraviewweb-work
mkdir bin classpath data plugins logs states-working-dir states

cp PARAVIEWWEB_INSTALL/Web-apps/pw-config.properties classpath
cp PARAVIEWWEB_SOURCE/WebServer/PWService/external-libraries/derby.jar classpath
cp PARAVIEWWEB_INSTALL/bin/* bin
cp PARAVIEWWEB_INSTALL/lib/* bin
cp -r PARAVIEW_INSTALL/lib/paraview-X.XX/* bin
cp /.../OSMesa/insatll/lib/*.so bin
touch bin/PWServer.sh
chmod +x bin/PWServer.sh

cd ..
chown -R tomcat6 paraviewweb-work
chgrp -R tomcat6 paraviewweb-work

Configure ParaViewWeb

edit file /var/lib/tomcat6/paraviewweb-work/lib/pw-config.properties

###################################
# ParaView Web configuration file #
###################################

# Directory used to store application files
pw.working.directory=/var/lib/tomcat6/paraviewweb-work 

# Logging level that should be used [DEBUG, INFO, WARNING, ERROR, CRITICAL]
pw.logging.level=ERROR

# Do we enable logging [on, off, yes, no]
paraview.logging=OFF
pw.logging=ON

# Inactivity timeout for garbage collecting PWServer applications 
# time is given in minute
pw.garbage.collector.timeout=5

# Administration page user credentials
pw.admin.login=admin
pw.admin.password=CHANGE_ME

# Total number of resources available
pw.max.resources=5

# PWServer executable path settings
pw.executable.path.default=/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh

# Plugin directory settings
pw.plugins.default=/var/lib/tomcat6/paraviewweb-work/plugins

# Resource consumption definition
pw.resource.consumption.default=1

# Optional thirdpart properties
pw.gwt-app.data=/var/lib/tomcat6/paraviewweb-work/data
pw.gwt-app.states=/var/lib/tomcat6/paraviewweb-work/states
pw.gwt-app.confs=default

# Optional PWApp upload properties
# - size in MegaBytes
# - timeout in minute
# - types provides the set of extension allowed
pw.gwt-app.upload.size=10
pw.gwt-app.upload.timeout=2
pw.gwt-app.upload.types=vtp:vtk

pw.remote.log.dir=/var/lib/tomcat6/paraviewweb-work/logs

# Optional PWStateApp working directory
pw.state.working.directory=/var/lib/tomcat6/paraviewweb-work/states-workdir

edit file /var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/lib/tomcat6/paraviewweb-work/bin
/var/lib/tomcat6/paraviewweb-work/bin/PWServer $1 $2 $3 $4 $5 $6 $7 $8

Configure Tomcat

edit the file /etc/init.d/tomcat6

[...]
JSVC_CLASSPATH="/usr/share/java/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar:/usr/share/tomcat6/lib/:/var/lib/tomcat6/paraviewweb-work/classpath:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar"
[...]

Configure Java Security Manager

edit the file /var/lib/tomcat6/conf/policy.d/03catalina.policy

[...]
// Allow the embedded database to work just fine
grant codeBase "file:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar" {
       permission java.security.AllPermission;
};

edit the file /var/lib/tomcat6/conf/policy.d/04webapps.policy

grant { 
   [...]

   // ParaViewWeb Add-on -----------------------------

   // System configuration
   permission java.util.PropertyPermission "*", "read,write";
    
   // Working dir
   permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/-", "read,write,delete";
   permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work", "read";

   // Hibernate
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

   // JMS connection
   permission java.net.SocketPermission "127.0.0.1:61616", "connect,resolve";

   // PWserver launcher
   permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh", "execute";
 
   // For the shuttle sample
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.net.SocketPermission "YOUR_HOSTNAME:80";

   // Flash renderer
   permission javax.management.MBeanServerPermission "createMBeanServer";
   permission javax.management.MBeanPermission "flex.management.runtime.*", "registerMBean";
   permission javax.management.MBeanTrustPermission "register";
};