How to set up a Read-Only Install zFS for CEM Tomcat
search cancel

How to set up a Read-Only Install zFS for CEM Tomcat

book

Article ID: 242493

calendar_today

Updated On:

Products

Compliance Event Manager

Issue/Introduction

The following are instructions to allow CEM tomcat binaries to run under a read-only filesystem (instead of the standard read/write configuration for its binaries.)
In addition, keeping CEM's config zFS read-write for logs, configuration, and running application data separately.  

Environment

Release : 6.0

Component : COMPLIANCE EVENT MANAGER

Resolution

It will be necessary to perform a mkdir for both the webapps and logs directories to reside under the mounted read/write CEM Configuration zFS file (referenced in this KD as <CEM_CONFIG_MOUNTPOINT> and ensure the necessary permissions to allow for updating by CEM tomcat (the standard install read-write configuration has the webapps and logs directories created under the primary install <CEM_zFS_MOUNTPOINT> zFS file.

**NOTE**  It is necessary for the <CEM_zFS_MOUNTPOINT> zFS to be mounted read/write for the success of steps 2 and 3. Once modified, it can be mounted            read-only.
  
Steps:

1.  Edit <CEME_HLQ>.<CEME_MLQ>.CUSTOM.CFGLIB(CEMETOME) search for the line

    #IJO="$IJO -verbose:class"

    and after it insert:

    IJO="$IJO -Dcem.config.path=${CEM_CONFIG_PATH}"

    This sets up the config directory as a variable addressable in other configuration files.

2.  In <CEM_zFS_MOUNTPOINT>/tomcat/conf directory, edit the logging.properties file and change the lines:

    1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
    2localhost.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
    3manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs
    4host-manager.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs

    to:

    1catalina.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
    2localhost.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
    3manager.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs
    4host-manager.org.apache.juli.AsyncFileHandler.directory = ${cem.config.path}/logs

3.  In <CEM_zFS_MOUNTPOINT>/tomcat/conf directory, edit context.xml, and change the line:

    <Context>

    to:

    <Context workDir="${cem.config.path}/webapps">

4.  Edit <CEME_HLQ>.<CEME_MLQ>.CUSTOM.CFGLIB(CEMESRVX) and change:

    <Host name="localhost"  appBase="webapps"
        unpackWARs="true" autoDeploy="true">
 
    to:
 
    <Host name="localhost"  appBase="${cem.config.path}/webapps
        unpackWARs="true" autoDeploy="true">


    Also change:

    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
       prefix="localhost_access_log" suffix=".txt"  
       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
 
    To:
 
    <Valve className="org.apache.catalina.valves.AccessLogValve" directory="${cem.config.path}/logs"
       prefix="localhost_access_log" suffix=".txt"  
       pattern="%h %l %u %t &quot;%r&quot; %s %b" />

5.  Create symbolic links for the 4 war files needed for CEM into the config ZFS:
   
    ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMWS <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cemws.war
    ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMUI <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cemui.war
    ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMREST <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cemrest.war
 
 **NOTE* These links are not needed if LU03968 is applied.
    ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEM <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/cem.war
    ln -s <CEM_zFS_MOUNTPOINT>/cai/cacem/cem/CA/CEMSTYLE <CEM_CONFIG_zFS_MOUNTPOINT>/webapps/castylesr5.1.3.war
   
   
6.  **NOTE* This step is not needed if LU03968 is applied. 
    In <CEM_zFS_MOUNTPOINT>/tomcat/webapps/cem/WEB-INF/classes edit log4j.properties and change the line:

    log4j.appender.drfileapp.File=${catalina.home}/logs/PolicyAdmin.log

    to:

    log4j.appender.drfileapp.File=${cem.config.path}/logs/PolicyAdmin.log

7.  **NOTE* This step is not needed if LU03968 is applied. 
    In <CEM_zFS_MOUNTPOINT>/tomcat/webapps/cemws/WEB-INF/classes edit the logback.xml file and change all instances of:
   
    INSTALL_HOME
   
    to
   
    CEM_CONFIG_PATH