SUSE 10.0 SC RAW Notes
For the most part I just followed the directions in Scalix CE Raw/Installation, but I am using this to make not of things that I tried that may be useful to add back in if they work. This is a doc in progress.
Contents
Deviations
Sun Java
Here I just used the SUSE 10.0 java-1_5_0-sun package, we'll see if that works.
Apache Tomcat
Using SUSE Default (incomplete)
- Note
- I never got this to work, but I am leaving these notes here in case they help someone else trying it. After some thought, I decided to follow Florian's advise and to just use the customized supported version of Tomcat for Scalix. Part of the problem I think is because the SUSE 10.0 tomcat package is .30, and currently Apache only supports .28. See http://www.scalix.com/community/viewtopic.php?t=2023
Here I just used the SUSE tomcat5 package, we'll also see if that works. I use the smart package manager and just add the java packages installation source for SUSE to do so. An example for adding this repo at: http://heinous.org/wiki/SUSE_and_Smart
After installing the packages, do the following:
cd /opt ln -s /usr/share/tomcat5 scalix-tomcat
Also, you should log out of the system and back in after installing JAVA, so the environment variables work right. You'll have lots of confusing problems if you don't.
Then see Technotes/Tomcat for instructions on getting tomcat to run in sudo mode.
I also needed to change the file /etc/tomcat5/base/Catalina/localhost/scalix-caa.xml to have privileged be set to false, but I'm not sure that's right:
<Context path="/caa" docBase="/opt/scalix/web/caa-services.war" debug="0" privileged="false"> <Logger className="org.apache.catalina.logger.FileLogger" prefix="scalix-caa_log." suffix=".txt" timestamp="true"/> </Context>
Quick Installation for SUSE 10.0
OS Installation and initial configuration
Install SUSE 10.0 with a minimal installation. You may well want to put /var and /opt on separate partitions and use LVM to make growing them more manageable, but that is entirely up to you.
Install the smart package manager
This is really useful for command line package maintenance. It is to be used instead of Apt from SUSE 10.1 onward. More information at: http://www.heinous.org/wiki/SUSE_and_Smart and http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=System/smart/
Use YaST2's Software Management screen to install the python, rpm-python, and python-xml packages.
Check http://linux01.gwdg.de/~pbleser/rpm-navigation.php?cat=System/smart/ for latest version, here's an example of the steps:
mkdir /opt/others cd /opt/others rpm -Uvh http://ftp.gwdg.de/pub/linux/misc/suser-guru/rpm/packages/System/smart/smart-0.41-15.guru.suse100.i686.rpm # rpm -Uvh http://ftp.gwdg.de/pub/linux/misc/suser-guru/rpm/packages/System/smart/smart-0.41-15.guru.suse100.x86_64.rpm
Add needed software repos
Here is an example of how to add the Java and normal OS repositories to smart. It would probably be a good idea to find out the appropriate mirror for your region by checking http://en.opensuse.org/Mirrors_Released_Version
############################ ### ADD JAVA INST SOURCE ### ############################ smart channel --add suse-10.0-java type=yast2 name="SUSE 10.0 Java Packages (yast2)" baseurl=http://mirrors.kernel.org/opensuse/distribution/SL-OSS-stable/inst-source-java ################################################## ## RECOMMENDED RESPONSES FOR FIRST CHANNEL ADD ### ################################################## # New channel 'suser-guru 3rd party package repository for SUSE Linux on ftp.gwdg.de (guru-apt)' detected. # Include it? (Y/n): y # # New channel 'Packman 3rd party package repository for SUSE Linux on ftp.gwdg.de (packman-apt)' detected. # Include it? (Y/n): y # # New channel 'SUSE Linux packages apt-rpm repository on ftp.gwdg.de (suse-apt-base-gwdg)' detected. # Include it? (Y/n): n # # New channel 'SUSE Linux packages apt-rpm repository on ftp.gwdg.de (suse-apt-update-gwdg)' detected. # Include it? (Y/n): n # # New channel 'SUSE Linux packages apt-rpm repository on ftp.gwdg.de (suse-apt-security-gwdg)' detected. # Include it? (Y/n): n # # Alias: suse-10.0-java # Type: yast2 # Name: SUSE 10.0 Java Packages (yast2) # Base URL: http://mirrors.kernel.org/opensuse/distribution/SL-OSS-stable/inst-source-java # # Include this channel? (y/N): y # ########################## ### ADD OS INST SOURCE ### ########################## smart channel --add suse-10.0 type=yast2 name="SUSE 10.0 Packages (yast2)" baseurl=http://mirrors.kernel.org/opensuse/distribution/SL-OSS-stable/inst-source # # Alias: suse-10.0 # Type: yast2 # Name: SUSE 10.0 Packages (yast2) # Base URL: http://mirrors.kernel.org/opensuse/distribution/SL-OSS-stable/inst-source # # Include this channel? (y/N): y # ############################## ### UPDATE PKGS & PKG LIST ### ############################## smart update smart upgrade
Set up firewall (optional)
I disable the SUSE firewall and then install Shorewall. The SUSE firewall works really, well, but for this doc, I show the shorewall config that I use, which could be easily done with the SUSE firewall as well. I use Shorewall mainly because it runs on pretty much ever Linux distribution (I even run it on my Linksys router) and allows me to only have to think about one firewalling system. Also, webmin has a nice plugin to manage it.
smart install -y wget cd /opt/others ################################################################### ## You should check the latest version on the shorewall.net site ## ################################################################### wget http://www.shorewall.net/pub/shorewall/3.0/shorewall-3.0.6/shorewall-3.0.6-1.noarch.rpm rpm -Uvh shorewall-*.rpm cp -a /etc/shorewall /etc/shorewall.org cp /usr/share/doc/packages/shorewall/Samples/two-interfaces/* /etc/shorewall/
You'll want to adjust the /etc/shorewall/interfaces, /etc/shorewall/masq, and /etc/shorewall/policy files to suit your config. Here's an example of the /etc/shorewall/rules file that I use:
############################################ ### Generic to all external fw addresses ### ############################################ ACCEPT all fw icmp echo-request ################### ### web related ### ################### ACCEPT all fw tcp http ACCEPT all fw tcp https ACCEPT all fw tcp 8080 #################### ### mail related ### #################### ACCEPT all fw tcp smtp ACCEPT all fw tcp smtps REDIRECT all 25 tcp submission ACCEPT all fw tcp imap ACCEPT all fw tcp imaps ACCEPT all fw tcp pop3 ACCEPT all fw tcp pop3s ############# ### other ### ############# ACCEPT all fw tcp 10000 # webmin DNAT net loc:10.0.1.245:22 tcp 22869 # ACCEPT all fw tcp 22 # ACCEPT all fw tcp ftp # ACCEPT all fw udp ftp # ACCEPT all fw tcp ftp-data # ACCEPT all fw udp ftp-data # ACCEPT all fw tcp domain # ACCEPT all fw udp domain # ACCEPT net:192.139.81.239 fw tcp 389 # ACCEPT net:192.139.81.239 fw tcp 636 # ACCEPT net:192.139.81.206 fw tcp mysql # ACCEPT net:192.139.81.98 fw tcp mysql #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE
- NOTE
- Be sure to set up a /etc/shorewall/routestopped file for emergency situations.
Questions & Comments welcome! Edit the Discussion tab, or, for more traditional contact information: see User:Leah | |||
leah-@-heinous.org | http://heinous.org | http://www.frauerpower.com | http://www.looniepos.com |