Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Note

Work in progress

 

This is the group management app that we intent to use for all our federation plansgroup management.

We will run this on an Ubuntu 12.04 VM. 

I would like to stick as much as possible to Ubuntu provided packages, preferably the latest versions of everything. Confirmed on the list that Grouper can run fine with OpenJDK, so no need for the Sun Oracle Java stuff any more . At (which was tedious to install and update since Oracle ended their Operating System Distributor License for Java in August 2011). So, at the moment it looks like we're going to use:

To get these installed page described how to get all various components installed and running on a pristine Ubuntu 12.04 system:.

 

Grouper core

This is the core, and consists of a database and the grouper/ directory in the repository - which is downloaded later.

Code Block
apt-get install --no-install-recommends subversion postgresql libpgjava tomcat7tomcat6 openjdk-7-jdk ant

 

Make JDK7 the default oneRemove the old JRE:

Code Block
update-java-alternatives -apt-get purge openjdk-6-jre-headless -s java-1.7.0-openjdk-amd64

 

Now download the source code, in this case we're fetching the latest version of the 2.1 branch, and stick that under /opt:

Code Block
cd /opt
svn co http://anonsvn.internet2.edu/svn/i2mi/tags/GROUPER_2_1_BRANCH/

 

Create a the PostgreSQL database and credentials:

Code Block
sudo su - postgres
createuser -D -I -R -S -P grouper_user
createdb -O grouper_user -T template0 grouper
exit

Because we run our databases on IPv6 only, we have to edit /etc/postgresql/9.1/main/postgresql.conf to list:

Code Block
listen_addresses = '::' 

Copy the default hibernate config file:

Code Block
cd /usropt/src/GROUPER_2_1_1BRANCH/grouper/conf
cp grouper.hibernate.example.properties grouper.hibernate.properties

...

Code Block
languagebash
# Example:
hibernate.connection.url              = jdbc:postgresql://ip6-localhost:5432/grouper
hibernate.connection.username         = grouper_user 
hibernate.connection.password         = hackme

 

Change all (6) occassions of the version string "1.5" into "1.7" in build.xml:

Code Block
languagebash
sed -i -e 's/"1\.5"/"1.7"/g' build.xml

 

Symlink the database driver:

Code Block
ln -s /usr/share/java/postgresql-jdbc4.jar /usropt/src/GROUPER_2_1_1BRANCH/grouper/lib/custom/

 

Download the latest/greatest sources and compileCompile sources:

Code Block
cd /usr/src
svn co http://anonsvn.internet2.edu/svn/i2mi/tags/GROUPER_2_1_1
cd GROUPER_2_1_1/grouper
ant dist

Run the tests. This will blitz your database, so make sure it doesn't contain precious data:

/opt/GROUPER_2_1_BRANCH/grouper
ant dist

Create the database structure:

Code Block
bin/gsh.sh -registry -runscript

Check if this went OK:

Code Block
bin/gsh.sh -registry -check

Run the tests. This is an extensive test suite - on a powerful VM it took me about one hour:

Code Block
bin/gsh.sh -test -all

No errors should be reported in the end.

 

Configure the subject source(s)

At this stage the database structure is in place to manage groups, but obviously you need something to group (wink).

Often you'll want to group users together. In Grouper-speak users are called subjects.

Grouper needs to know about the subjects before it can group them. This is done by configuring one or more subject sources.

There are several options: let Grouper look stuff up in a directory, an SQL database, etc, depending on the local situation.

Our users subjects are stored in a PostgreSQL database on a remote server. I created a dedicated view in the database, just for Grouper, which is handy because you can add whatever you like, without affecting the rest of the database.

 

User interface

This is the web interface that comes as another java app, and sits in /grouper-ui of the repository.

 

First change the version statement to 1.7 to make sure it works with JDK1.7:

 

Code Block
languagebash
cd /opt/GROUPER_2_1_BRANCH/grouper-ui
sed -i -e 's/"1\.5"/"1.7"/g' build.xml

 

Compile the app:

Code Block
ant dist

 

Create a file /etc/tomcat6/Catalina/localhost/grouper.xml with this content:

Code Block
languagehtml/xml
<?xml version="1.0" encoding="UTF-8"?>
<Context
        path="/grouper"
        docBase="/opt/GROUPER_2_1_BRANCH/grouper-ui/dist/grouper"
        reloadable="false"
/>

Edit /etc/tomcat6/tomcat-users.xml so that there is a user called GrouperSystem, with a secure password:

Code Block
languagehtml/xml
<tomcat-users>
<role rolename="grouper_user"/>
<user username="GrouperSystem" password="hackme" roles="grouper_user"/>
</tomcat-users>

 

Change the permissions on the logging directory:

Code Block
chown tomcat6:tomcat6 /opt
Code Block
cd /usr/src/GROUPER_2_1_1BRANCH/grouper/
bin/gsh.sh -test -alllogs

Restart tomcat

Code Block
service tomcat6 restart

You should now be able to go to http://<yourservername>:8080/grouper-ui/

 

and log in.

 

 

Apache

This is optional, but good practise for security considerations. All the JAVA stuff can run on unprivileged ports, and apache faces the internet.

 

 

Code Block
cd /etc/apache2
a2enmod proxy_ajp
 

Configure SSL certificates etc 

 

 

 

TO BE CONTINUED