How to set up a Read-Only Install zFS for CEM Tomcat
Article ID: 242493
Updated On: 06-23-2022
Products
Issue/Introduction
The following are instructions to allow CEM tomcat binaries to run under a read-only filesystem (instead of the standard read/write configuration for its binaries.)
In addition, keeping CEM's config zFS read-write for logs, configuration, and running application data separately.
Environment
Release : 6.0
Component : COMPLIANCE EVENT MANAGER
Resolution
It will be necessary to perform a mkdir for both the webapps and logs directories to reside under the mounted read/write CEM Configuration zFS file (referenced in this KD as <CEM_CONFIG_MOUNTPOINT> and ensure the necessary permissions to allow for updating by CEM tomcat (the standard install read-write configuration has the webapps and logs directories created under the primary install <CEM_zFS_MOUNTPOINT> zFS file.
**NOTE** It is necessary for the <CEM_zFS_MOUNTPOINT> zFS to be mounted read/write for the success of steps 2 and 3. Once modified, it can be mounted read-only.
Steps:
1. Edit <CEME_HLQ>.<CEME_MLQ>.CUSTOM.CFGLIB(CEMETOME) search for the line
#IJO="$IJO -verbose:class"
and after it insert:
IJO="$IJO -Dcem.config.path=${CEM_CONFIG_PATH}"
This sets up the config directory as a variable addressable in other configuration files.
2. In <CEM_zFS_MOUNTPOINT>/tomcat/conf directory, edit the logging.properties file and change the lines:
1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
to:
1catalina.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
2localhost.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
3manager.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
4host-manager.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
3. In <CEM_zFS_MOUNTPOINT>/tomcat/conf directory, edit context.xml, and change the line:
<Context>
to:
<Context workDir="${cem.config.path}/webapps">
4. Edit <CEME_HLQ>.<CEME_MLQ>.CUSTOM.CFGLIB(CEMESRVX) and change:
<Host name="localhost" appBase="webapps"
unpackWARs="true" autoDeploy="true">
to:
<Host name="localhost" appBase="${cem.config.path}/webapps
unpackWARs="true" autoDeploy="true">
Also change:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
To:
<Valve className="org.apache.catalina.valves.AccessLogValve" directory="${cem.config.path}/logs"
prefix="localhost_access_log" suffix=".txt"
pattern="%h %l %u %t "%r" %s %b" />
5. Create symbolic links for the 4 war files needed for CEM into the config ZFS:
ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMWS <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cemws.war
ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMUI <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cemui.war
ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMREST <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cemrest.war
**NOTE* These links are not needed if LU03968 is applied.
ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEM <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cem.war
ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMSTYLE <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/castylesr5.1.3.war
6. **NOTE* This step is not needed if LU03968 is applied.
In <CEM_zFS_MOUNTPOINT>/tomcat/webapps/cem/WEB-INF/classes edit log4j.properties and change the line:
log4j.appender.drfileapp.File=${catalina.home}/logs/PolicyAdmin.log
to:
log4j.appender.drfileapp.File=${cem.config.path}/logs/PolicyAdmin.log
7. **NOTE* This step is not needed if LU03968 is applied.
In <CEM_zFS_MOUNTPOINT>/tomcat/webapps/cemws/WEB-INF/classes edit the logback.xml file and change all instances of:
INSTALL_HOME
to
CEM_CONFIG_PATH
Feedback
