[GeoNetwork-users] Geonetwork 2.1.0 installation without X

Hi Paul,
Thanks for the tip on the shell script. Seems that it would be very handy. Yes, a truly headless install would be very nice indeed. It is quite painful at the moment to get everything installed on a headless machine, and I suppose impossible if you do not have remote access to the backend database.

Anyway, in terms of Tomcat security, here is what I did.

I thought i would share with the list what I did to provide Geonetwork and Intermap with elevated security privileges. They both need this and it can be configured as follows.

1) create a file 12geonetwork.policy with the following contents:

grant codeBase "file:/var/lib/tomcat5.5/webapps/geonetwork/-" {
  permission java.security.AllPermission;
};

The path to your Tomcat directory may vary.

2) create a file 13intermap.policy

grant codeBase "file:/var/lib/tomcat5.5/webapps/intermap/-" {
  permission java.security.AllPermission;
};

Your the path to your Tomcat directory may vary.

This is still more security than I would like to grant these apps and would need to be further refined for a production environment, but I have not had the time yet to fine tune everything. This is better than disabling security entirely on Tomcat though! If anyone else has some tips on their configuration, it would be nice to hear them.

Best regards,
Jason

-----Original Message-----
From: pgrzeszc@anonymised.com [mailto:pgrzeszc@anonymised.com]
Sent: Mon 10/22/2007 10:45 PM
To: Pickering, Jason
Subject: Re: [GeoNetwork-users] Geonetwork 2.1.0 installation without X

Hi Jason,
My shell script sets TOMCAT5_SECURITY=no in /etc/default/tomcat5, because
it will not work otherwise (I did test that). I realize that it would be
better to do it per-application in /etc/tomcat/policy.d as you mentioned.
I was wondering if you'd give me some pointers on that.

Thanks.
Paul

"Pickering, Jason" <pickeringj@anonymised.com>
Sent by: geonetwork-users-bounces@lists.sourceforge.net
2007-10-22 04:12 PM

To
Peteris Bruns <peteris.bruns@anonymised.com>,
<geonetwork-users@lists.sourceforge.net>
cc

Subject
Re: [GeoNetwork-users] Geonetwork 2.1.0 installation without X

Hi Peteris,
I have done an installation without X but it would seem that using GAST is
a necessity at this point. For a truly headless install, I think the
easiest way is to grab the latest source code from the SVN and compile the
necessary jar files. If you need instructions on how to do this, I can
provide these separately. Otherwise, if you have a machine with a
graphical user interface, you can just download the current installer
version and run the installer. However, even though I got everything
running from the SVN files, I was forced to used GAST to get geonetwork
running.

If you are using Tomcat, you will need to copy over these over (at the
very least) the geonetwork and intermap directories to your tomcat webapps
directory.If you need the geoserver functionality (I already had an
instance on my server, and did not want the one that is packaged with
geonetwork), you will need to copy over the geoserver directory as well
into your Tomcat webapps directory. You may need to provide geonetwork and
intermap with elevated security privileges depending on your Tomcat
install. This should be done in /etc/tomcat5.5/policy.d/ . If you need
specifics let me know. I am not sure this step is entirely necessary, but
I did it anyway for my test install.

I was not able to successfully install geonetwork without GAST, and I
could not get GAST to run per Andrea's instructions on a headless machine.
I grabbed a machine with a UI and connected to the database on the remote
machine and ran the setup function of GAST< and everything worked fine.
GAST populates the database with certain necessary information, which is
critical for the function of geonetwork. What this information is still a
bit of a mystery to me. This information is not part of the SQL scripts
that come with geonetwork, and you will only get Null Pointer Exceptions
if you create the database without running GAST. I would really like to
have a truly headless installer, and it will be on my wish list during the
Geonetwork conference in Rome in a few weeks. Perhaps a modified SQL
script with this "base" information would be good for those of us that do
not have the luxury of a GUI on our geonetwork boxes. :slight_smile:

Sorry for this rather sparse email, but I can provide you more detailed
information if you need it. Good luck.

Best regards,
Jason

-----Original Message-----
From: geonetwork-users-bounces@lists.sourceforge.net
[mailto:geonetwork-users-bounces@lists.sourceforge.net] On Behalf Of
Peteris Bruns
Sent: 21 October 2007 12:29
To: geonetwork-users@lists.sourceforge.net
Subject: [GeoNetwork-users] Geonetwork 2.1.0 installation without X

Hello!

I'm installing geonetwork 2.1.0 on debian etch, with postgresql
8.2.5database, to run with tomcat5 and apache2.
As installation example I used
http://geonetwork-opensource.org/documentation/how-to/installation-on-ubuntu(it

is for
2.0.3)

In installation process missed steps where I can define database
parameters
etc.
1.How can I define this parameters?! Is it possible to define it after
geonetwork installation?!

2.Is it possible to install geonetwork without graphical installer, in
shell
(for example on server without X)?!
As root in shell i get:

Xlib: connection to ":0.0" refused by server
Xlib: No protocol specified

Exception in thread "main" java.lang.InternalError: Can't connect to X11
window
server using ':0.0' as the value of the DISPLAY variable.
etc...

Thanks!

--
pb
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
GeoNetwork-users mailing list
GeoNetwork-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geonetwork-users
GeoNetwork OpenSource is maintained at
http://sourceforge.net/projects/geonetwork