Grouper Provisioner Plugin: Prepare Tomcat

As this time the Grouper development team primarily develops with Apache Tomcat (Tomcat) 6.x and we recommend using that version as the container for Grouper.

1. Install Tomcat 6.x. For example on Debian 7

   apt-get install tomcat6

   or on RHEL and its derivatives:

   yum install tomcat6

2. Edit the server configuration file /etc/tomcat6/server.xml so that a AJP connector listens on port 8009. No other connectors are necessary for Grouper functionality so an example minimal and recommended configuration is

   <?xml version='1.0' encoding='utf-8'?>
   <Server port="8005" shutdown="SHUTDOWN">
     <Listener className="org.apache.catalina.core.JasperListener" />
     <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
     <Service name="Catalina">
     
       <Connector port="8009" 
          tomcatAuthentication="false"
          enableLookups="false"
          protocol="AJP/1.3" 
          address="127.0.0.1" 
          URIEncoding="UTF-8" />
       <Engine name="Catalina" defaultHost="localhost">
         <Host name="localhost"  appBase="webapps"
               unpackWARs="true" autoDeploy="true"
               xmlValidation="false" xmlNamespaceAware="false">
         </Host>
       </Engine>
     </Service>
   </Server>

3. Configure JAVA startup options for Tomcat by editing /etc/default/tomcat6 on Debian or /etc/sysconfig/tomcat6 on RHEL so that 

   JAVA_OPTS="-Djava.awt.headless=true -Xmx1024m -XX:+UseConcMarkSweepGC -Dfile.encoding=UTF-8" 

   You may adjust the garbage collector later if you experience issues in production. 

4. Install the standard Tomcat 6 examples set of web applications. On Debian

   apt-get install tomcat6-examples

   and on RHEL

   yum install tomcat6-webapps

5. Restart both Tomcat and Apache, eg.

   service tomcat6 restart
   service apache2 restart 

6. Test that Apache is able to proxy for Tomcat by browsing to https://<your host>/examples/. You should be prompted for basic auth, ie. to enter a simple username and password. Enter the username 'GrouperSystem' and the password you set. You should then see "Servlets examples" and "JSP Examples". Click through some of the examples to make sure that they work.

7. When you are confident that Apache is properly proxying for Tomcat stop Tomcat and Apache and then uninstall the examples, for example

   service apache2 stop
   service tomcat6 stop
   apt-get purge tomcat6-examples

8. Edit the Apache configuration and remove the lines

   ProxyPass /examples/ ajp://localhost:8009/examples/ retry=0
   
   <Location /examples>
     AuthType Basic
     AuthName "Grouper"
     AuthUserFile /etc/apache2/passwords
     Require valid-user
   </Location>