Red Hat Training

A Red Hat training course is available for Red Hat JBoss Web Server

Chapter 2. Installing JBoss Web Server on Red Hat Enterprise Linux

You can install JBoss Web Server on Red Hat Enterprise Linux using one of two methods:

Regardless of which method you choose, you must first install a supported Java Development Kit (JDK).

2.1. Prerequisites

2.1.1. Installing a Java Development Kit (JDK)

Before installing JBoss Web Server, you must first install a supported Java Development Kit (JDK).

For a list of supported JDKs for Red Hat JBoss Web Server 5.0, see: JBoss Web Server 5 Supported Configurations.

The installation of the OpenJDK or the IBM JDK are presented here. To install the Oracle JDK, follow the instructions provided by Oracle at: http://www.oracle.com/technetwork/java/javase/downloads/index.html.

Installing a JDK using the YUM package manager

  1. Subscribe your Red Hat Enterprise Linux system to the appropriate channel:

    • OpenJDK:

      • rhel-6-server-rpms
      • rhel-7-server-rpms

    • IBM:

      • rhel-6-server-supplementary-rpms
      • rhel-7-server-supplementary-rpms

  2. As the root user, execute the command to install a 1.8 JDK: 

    # yum install java-1.8.0-<VENDOR>-devel

    Replace <VENDOR> with ibm or openjdk.

  3. Run the following commands as the root user to ensure the correct JDK is in use: 

    # alternatives --config java
    # alternatives --config javac

    These commands return lists of available JDK versions with the selected version marked with a plus (+) sign. If the selected JDK is not the desired one, change to the desired JDK as instructed in the shell prompt.

    Important

    All software that use the java and javac commands uses the JDK set by alternatives. Changing Java alternatives may impact on the running of other software.

Installing a JDK from a compressed archive (such as .zip or .tar)

If the JDK was downloaded from the vendor’s website (Oracle, IBM or OpenJDK), use the installation instructions provided by the vendor and set the JAVA_HOME environment variable.

If the JDK has was installed from a compressed archive, set the JAVA_HOME environment variable for Tomcat before running JBoss Web Server.

In the bin directory of Tomcat (JWS_HOME/tomcat/bin), create a file named setenv.sh, and insert the JAVA_HOME path definition.

For example: 

$ cat JWS_HOME/tomcat/bin/setenv.sh

export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64

2.1.2. Red Hat Enterprise Linux Package Prerequisites

Before installing JBoss Web Server on Red Hat Enterprise Linux, ensure the following prerequisites are met.

  • A supported JDK is installed.
  • You must remove the tomcatjss package before installing the tomcat-native package. The tomcatjss package uses an underlying NSS security model rather than the OpenSSL security model.

Removing the tomcatjss Package

  1. As the root user, run the following command to remove tomcatjss: 

    # yum remove tomcatjss

2.2. ZIP Installation

Ensure that all of the prerequisites are met before installing JBoss Web Server.

2.2.1. Downloading and Extracting JBoss Web Server

To install JBoss Web Server, download and extract the installation ZIP files.

  1. Open a browser and log in to the Red Hat Customer Portal.
  2. Click Downloads.
  3. Click Red Hat JBoss Web Server in the Product Downloads list.
  4. Select the correct JBoss Web Server version from the Version drop-down menu.

  5. Click Download for each of the following files, ensuring that you select the correct platform and architecture for your system:

    • The Red Hat JBoss Web Server 5.0 Application Server (jws-application-servers-5.0.0.zip).
    • The Red Hat JBoss Web Server 5.0 Native Components for RHEL (jws-application-servers-5.0.0-<platform>-<architecture>.zip).

  6. Unzip the downloaded ZIP files to your installation directory.

    For example: 

    # unzip jws-application-server-5.0.0.zip -d /opt/
# unzip -o jws-application-server-5.0.0-<platform>-<architecture>.zip -d /opt/

The directory created by extracting the ZIP archives is the top-level directory for JBoss Web Server. This is referred to as JWS_HOME.

2.2.2. Managing JBoss Web Server on Red Hat Enterprise Linux

There is three supported methods for running and managing Red Hat JBoss Web Server on Red Hat Enterprise Linux:

The recommended method for managing the JBoss Web Server is using a system daemon.

2.2.2.1. Managing JBoss Web Server using a system daemon for .zip installations on Red Hat Enterprise Linux

Using the JBoss Web Server with a system daemon provides a method of starting the JBoss Web Server services at system boot. The system daemon also provides start, stop and status check functions.

The default system daemon for Red Hat Enterprise Linux 7 is systemd and for Red Hat Enterprise Linux 6 the default is SysV.

Note

To determine which system daemon is running, issue ps -p 1 -o comm=.

  • For systemd: 

    $ ps -p 1 -o comm=

systemd

  • For SysV: 

    $ ps -p 1 -o comm=

init
2.2.2.1.1. Setting up and using the JBoss Web Server with SysV
Prerequisites
  • The redhat-lsb-core package. To install, run: yum install redhat-lsb-core
Setting up the JBoss Web Server for SysV

As the root user, execute the .postinstall.sysv script: 

# cd JWS_HOME/tomcat
# sh .postinstall.sysv
Controlling the JBoss Web Server with SysV

SysV commands can only be issued by the root user.

  • To enable the JBoss Web Server services to start at boot using SysV: 

    # chkconfig jws5-tomcat on

  • To start the JBoss Web Server using SysV: 

    # service jws5-tomcat start

  • To stop the JBoss Web Server using SysV: 

    # service jws5-tomcat stop

  • To verify the status of the JBoss Web Server using SysV (the status operation can be executed by any user): 

    $ service jws5-tomcat status

For more information on using SysV, see: Red Hat Enterprise Linux 6 Deployment Guide: Running Services

2.2.2.1.2. Setting up and using the JBoss Web Server with systemd
Setting up the JBoss Web Server for systemd

As the root user, execute the .postinstall.systemd script: 

# cd JWS_HOME/tomcat
# sh .postinstall.systemd
Controlling the JBoss Web Server with systemd

Systemd commands can only be issued by the root user.

  • To enable the JBoss Web Server services to start at boot using systemd: 

    # systemctl enable jws5-tomcat.service

  • To start the JBoss Web Server using systemd: 

    # systemctl start jws5-tomcat.service

  • To stop the JBoss Web Server using systemd: 

    # systemctl stop jws5-tomcat.service

  • To verify the status of the JBoss Web Server using systemd (the status operation can be executed by any user): 

    # systemctl status jws5-tomcat.service

For more information on using systemd, see: Red Hat Enterprise Linux 7 System Administrator’s Guide: Managing System Services

2.2.2.2. Managing JBoss Web Server on a command line

2.2.2.2.1. Configuring the JBoss Web Server Installation
Note

The following configuration steps are performed by the .postinstall.sysv script and the .postinstall.systemd script described in Managing JBoss Web Server using a system daemon for .zip installations on Red Hat Enterprise Linux

Some configuration is required before running JBoss Web Server. This section includes the following configuration procedures:

Setting the JAVA_HOME Environment Variable

You must set the JAVA_HOME environment variable for Tomcat before running JBoss Web Server.

In the bin directory of Tomcat (JWS_HOME/tomcat/bin), create a file named setenv.sh, and insert the JAVA_HOME path definition.

For example: export JAVA_HOME=/usr/lib/jvm/jre-1.8.0-openjdk.x86_64

Creating a Tomcat User

Follow this procedure to create the tomcat user and its parent group:

  1. In a shell prompt as the root user, change directory to JWS_HOME.

  2. Run the following command to create the tomcat user group: 

    # groupadd -g 53 -r tomcat

  3. Run the following command to create the tomcat user in the tomcat user group: 

    # useradd -c "tomcat" -u 53 -g tomcat -s /bin/sh -r tomcat
Move the ownership of tomcat directory to the tomcat user

  1. From JWS_HOME, run the following command to assign the ownership of the Tomcat directories to the tomcat user to allow the user to run the Tomcat service: 

    # chown -R tomcat:tomcat tomcat/

    You can use ls -l to verify that the tomcat user is the owner of the directory.

  2. Ensure that the tomcat user has execute permissions to all parent directories. For example: 

    # chmod -R u+X tomcat/
2.2.2.2.2. Starting JBoss Web Server

Run the following command as the tomcat user: 

$ sh JWS_HOME/tomcat/bin/startup.sh
2.2.2.2.3. Stopping JBoss Web Server

To stop Tomcat, run the following command as the tomcat user: 

$ sh JWS_HOME/tomcat/bin/shutdown.sh

2.3. RPM Installation

Installing JBoss Web Server from RPM packages installs Tomcat as service, and installs its resources into absolute paths. The RPM installation option is only available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7.

RPM installation packages for JBoss Web Server are available from Red Hat Subscription Management.

2.3.1. Installing JBoss Web Server from RPM packages

Prerequisites

Before downloading and installing the RPM packages, you must register your system with Red Hat Subscription Management and subscribe to the respective Content Delivery Network (CDN) repositories.

For information on registering Red Hat Enterprise Linux, see Configuring the Subscription Service for Red Hat Enterprise Linux 6 or The Subscription Manager for Red Hat Enterprise Linux 7.

Attaching subscriptions to Red Hat Enterprise Linux (if required)

If the system does not have a subscription attached that provides JBoss Web Server:

  1. Log in to the Red Hat Subscription Manager.
  2. Click on the Systems tab.
  3. Click on the Name of the system to add the subscription to.
  4. Change from the Details tab to the Subscriptions tab, then click Attach Subscriptions.
  5. Select the check box beside the subscription to attach, then click Attach Subscriptions.
Note

To verify that a subscription provides the required CDN repositories:

  1. Log in to: https://access.redhat.com/management/subscriptions.
  2. Click the Subscription Name.

  3. Under Products Provided, you require:

    • JBoss Enterprise Web Server.
    • Red Hat JBoss Core Services.

Installing JBoss Web Server from RPM packages using YUM

  1. On a command line, subscribe to the JBoss Web Server CDN repositories for your operating system version using subscription-manager: 

    # subscription-manager repos --enable <repository>

    • For Red Hat Enterprise Linux 6:

      • jws-5-for-rhel-6-server-rpms
      • jb-coreservices-1-for-rhel-6-server-rpms

    • For Red Hat Enterprise Linux 7:

      • jws-5-for-rhel-7-server-rpms
      • jb-coreservices-1-for-rhel-7-server-rpms

  2. Issue the following command as the root user to install JBoss Web Server: 

    # yum groupinstall jws5
    Note
    • Although not recommended, instead of using the group install, you can install each of the packages and their dependencies individually.
    • The Red Hat JBoss Core Services repositories above are required for the installation of JBoss Web Server.

2.3.2. Starting JBoss Web Server

  • In a shell prompt as the root user, start the Tomcat service.

    • For Red Hat Enterprise Linux 6: 

      # service jws5-tomcat start

    • For Red Hat Enterprise Linux 7: 

      # systemctl start jws5-tomcat.service

This is the only supported method of starting JBoss Web Server for an RPM installation.

  • To verify that Tomcat is running, the output of the service status command should be reviewed. This can be executed as any user.

    • For Red Hat Enterprise Linux 6: 

      # service jws5-tomcat status

    • For Red Hat Enterprise Linux 7: 

      # systemctl status jws5-tomcat.service

2.3.3. Stopping JBoss Web Server

  • In a shell prompt as the root user, stop the Tomcat service.

    • For Red Hat Enterprise Linux 6: 

      # service jws5-tomcat stop

    • For Red Hat Enterprise Linux 7: 

      # systemctl stop jws5-tomcat.service

  • To verify that Tomcat is no longer running, the output of the service status command should be reviewed. This can be executed as any user.

    • For Red Hat Enterprise Linux 6: 

      # service jws5-tomcat status

    • For Red Hat Enterprise Linux 7: 

      # systemctl status jws5-tomcat.service

2.3.4. Configuring JBoss Web Server Services to Start at Boot

Use the following commands to enable the JBoss Web Server services to start at boot.

  • For Red Hat Enterprise Linux 6: 

    # chkconfig jws5-tomcat on

  • For Red Hat Enterprise Linux 7: 

    # systemctl enable jws5-tomcat.service

2.4. SELinux Policies

2.4.1. SELinux Policy Information

The following table contains information about the SELinux policies provided in the jws5-tomcat-selinux packages.

Table 2.1. RPMs and Default SELinux Policies

NamePort InformationPolicy Information

jws5_tomcat

Four ports in http_port_t (TCP ports 8080, 8005, 8009, and 8443) to allow the tomcat process to use them.

The jws5_tomcat policy is installed, which sets the appropriate SELinux domain for the process when Tomcat executes. It also sets the appropriate contexts to allow tomcat to write to /var/opt/rh/jws5/lib/tomcat, /var/opt/rh/jws5/log/tomcat, /var/opt/rh/jws5/cache/tomcat and /var/opt/rh/jws5/run/tomcat.pid.

For more information about using SELinux and other Red Hat Enterprise Linux security information, see the Red Hat Enterprise Linux Security Guide.

2.4.2. SELinux Policies for an RPM Installation

SELinux policies for JBoss Web Server are provided by the jws5-tomcat-selinux package. These packages are available in the JWS channel.

To enable SELinux policies for JBoss Web Server 5.0, install the jws5-tomcat-selinux package.

2.4.3. SELinux Policies for a ZIP Installation

In this release, SELinux policies are provided in the ZIP packages. The SELinux security model is enforced by the kernel and ensures applications have limited access to resources such as file system locations and ports. This helps ensure that the errant processes (either compromised or poorly configured) are restricted and in some cases prevented from running.

The .postinstall.selinux file is included in the tomcat folder of jws-application-server-5.0.0-<platform>-<architecture>.zip. If required, you can run the .postinstall.selinux script.

To install the SELinux policies using ZIP:

  1. Install the selinux-policy-devel package: 

    yum install -y selinux-policy-devel

  2. Execute the .postinstall.selinux script: 

    cd <JWS_home>/tomcat/
sh .postinstall.selinux

  3. Make and install the SELinux module: 

    cd selinux
make -f /usr/share/selinux/devel/Makefile
semodule -i jws5-tomcat.pp

  4. Apply the SELinux contexts for JBoss Web Server: 

    restorecon -r <JWS_home>/tomcat/

  5. Add access permissions to the required ports for JBoss Web Server. The JBoss Web Server has access to ports 8080, 8009, 8443 and 8005 on Red Hat Enterprise Linux 7 systems.

    When additional ports are required for JBoss Web Server, use the semanage command to provide the necessary permissions, replacing the port number with the port required: 

    semanage port -a -t http_port_t -p tcp <port>
    Note

    The JBoss Web Server on Red Hat Enterprise Linux 6 systems has access to the same ports as Red Hat Enterprise Linux 7 systems, with the exception of port 8005. To grant the JBoss Web Server access to this port on a Red Hat Enterprise Linux 6 system, as the root user, issue: 

    semanage port -a -t http_port_t -p tcp 8005

  6. Start the Tomcat service: 

    <JWS_home>/tomcat/bin/startup.sh

  7. Check the context of the running process expecting jws5_tomcat: 

    ps -eo pid,user,label,args | grep jws5_tomcat | head -n1

  8. To verify the contexts of the Tomcat directories, for example: 

    ls -lZ <JWS_home>/tomcat/logs/
Note

By default, the SElinux policy provided is not active and the Tomcat processes run in the unconfined_java_t domain. This domain does not confine the processes, and it is recommended that you undertake the following security precautions if you chose not to enable the SElinux policy provided:

  • Restrict file access for the tomcat user to only the files and directories that are necessary to the JBoss Web Server runtime.
  • Do not run Tomcat as the root user.