Install & Configure LB on Apache (Steps using Glassfish v2ur1 & Apache 2.0.59 on Unix platform)

In Glassfish 9.1.1, LB installation was done using the AS installer. The installer would edit the Apache config files as well. But, Glassfish v2 ur1 does not have LB bundled with it. The users will have to download the LB and manually configure it. Hence this blog, which gives you detailed steps to install LB and configure it with Apache. If you are using the Sun WebServer, the steps are available here

Install OpenSSL

  1. Download latest bits from http://openssl.org/source/ - Referred to as <download-dir> later on.

  2. gunzip openssl-<version-number>.tar.gz

  3. tar -xvf openssl-<version-number>.tar

  4. Have gcc, ant & make in the path

  5. Only on Solaris x86, Patch OpenSSL by downloading http://www.openssl.org/~appro/values.c and ksh -f values.c <gcc-location>

  6. cd openssl-<version-number>

  7. ./config --openssldir=openssl-<version-number> --prefix=<download-dir>

  8. gmake; gmake test; gmake install;

Install Apache with SSL

  1. Download bits from http://archive.apache.org/dist/httpd/httpd-2.0.59.tar.gz in <download-dir>

  2. gunzip httpd-2.0.59.tar.gz

  3. tar -xvf httpd-2.0.59.tar

  4. Have gcc , ant and make in the path

  5. cd httpd-2.0.59

  6. Patch httpd

    1. Copy http://issues.apache.org/bugzilla/attachment.cgi?id=16495 as 12355.diff

    2. patch < 12355.diff

  7. ./configure --with-ssl=<download-dir> --prefix=<download-dir>/apache --enable-ssl --enable-so

  8. gmake ; gmake install;

  9. Edit <apache-install>/conf/httpd.conf

    1. Uncomment the ServerName property and set it to fully qualified m/c name followed by port number

    2. Set 'Group nogroup' else you will see error messages. For e.g: ‘unable to set group id to Group 4294967295’ in <apache-install>/logs/error_log

Start/Stop Apache

  1. <apache-install>/bin/apachetl start

  2. Make sure the localhost:80 is accessible in a browser

  3. check the <apache-install>/logs/errors to make sure there are no errors. {File does not exist: <apache-install>/htdocs/favicon.ico Is a harmless error if it appears in the log .}

  4. <apache-install>/bin/apachetl stop

Setting up SSL for Apache

  1. openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 365 {Make sure lb device-host/common-name for certifcate are the same}

  2. mkdir <apache-install>/conf/ssl.crt and <apache-install>/conf/ssl.key

  3. Create the the certificate file as <apache-install>/conf/ssl.crt/server.crt copying from BEGIN CERTIFICATE to END CERTIFICATE from newreq.pem

  4. openssl rsa -in newreq.pem -out <apache-install>/conf/ssl.key/server.key

  5. Edit <apache-install>/conf/ssl.conf

    1. set the virtual host name to fully qualified m/c name [replace default with fully qualified m/c name ]

    2. Change server name to the fully qualified machine name followed by port number

Start Apache in secure mode

  1. <apache-install>/bin/apachetl startssl

  2. Make sure the localhost:443 is accessible in a browser

  3. check the <apache-install>/logs/errors to make sure there are no errors. {File does not exist: <apache-install>/htdocs/favicon.ico Is a harmless error if it appears in the log .}

Install Glassfish v2ur1.

  1. Download bits from http://www.java.net/download/javaee5/v2ur1/promoted/SunOS/glassfish-installer-v2ur1-b09d-sunos.jar

  2. java -Xmx256m -jar glassfish-installer-v2ur1-b09d-sunos.jar - to unbundle glassfish.

  3. cd glassfish

  4. chmod -R +x lib/ant/bin

  5. lib/ant/bin/ant -f setup-cluster.xml

Install LB Plugin.

  1. Download latest LB plugin from http://download.java.net/javaee5/external/<OS>/aslb/jars/ [e.g aslb-9.1.1-b1.jar]

  2. Unjar it to get SUNWaspx.zip SUNWaslb.zip

  3. mkdir glassfish/lib/plugin

  4. cp the zips from step 2 and unzip it in glassfish/lib/plugin [ make sure to remove the zip files from this directory]

  5. chmod -R 755 glassfish/lib/plugin/lib

Configure LB Plugin for Apache.

  1. Create sub-directories in <Apache-install>/modules directory as - resource errorpages

  2. Create sub-directory in <Apache-install> directory as - sec_db_files

  3. cp <glassfish>/lib/plugin/lib/webserver-plugin/solaris/apache2/LBPlugin\*.res <Apache-install>/modules/resource/

  4. cp <glassfish>/lib/plugin/lib/webserver-plugin/solaris/apache2/mod_loadbalancer.so <Apache-install>/modules/

  5. cp <glassfish>/lib/plugin/lib/webserver-plugin/solaris/apache2/errorpages/\* <Apache-install>/modules/errorpages/

  6. cp <glassfish>/lib/plugin/lib/install/templates/loadbalancer.xml.example <Apache-install>/conf/

  7. cp <glassfish>/lib/plugin/lib/dtds\\sun-loadbalancer\* <Apache-install>/conf/

  8. cp <Apache-install>/conf/httpd.conf <Apache-install>/conf/httpd.conf.orig

  9. Append httpd.conf file with:

          ##BEGIN EE LB Plugin Parameters
          LoadFile /usr/lib/libCstd.so.1
          LoadModule apachelbplugin_module modules/mod_loadbalancer.so
          <IfModule mod_apache2lbplugin.cpp>
                    config-file "<Apache-install>/conf/loadbalancer.xml"
                    locale en
          </IfModule>
          <VirtualHost 10.12.152.120>
          DocumentRoot "<Apache-install>/htdocs"
          ServerName <fully qualified m/c name>
          </VirtualHost>
          ##END EE LB Plugin Parameters
  10. Edit httpd.conf and set the apache-install location and the fully qualified machine name correctly.

  11. cp <glassfish>lib/plugin/lib/webserver-plugin/solaris/apache2/\*.db <Apache-install>/sec_db_files/

  12. Edit <Apache-install>/bin/apachetl to include the LD_LIBRARY_PATH

    LD_LIBRARY_PATH=/usr/lib/mps:<glassfish>/lib/plugin/lib:<apache-install>/modules:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH 
    echo $PATH
  13. Start Apache and make sure you are able to access the port 80 & 443. The error logs will have the following error message till the loadbalancer.xml is setup.

[emerg] lb.configurator: CNFG1014 : Error occured while initializing Loadbalancer config Parser. Please check that the config file: /space/smitha/apache/conf/loadbalancer.xml exists and has the read access.
[Fri Jun 20 12:09:23 2008] [crit] lb.runtime: RNTM3005 : Failed to initialise load balancing subsystem

Steps on How to Configure Loadbalancer.xml are here.

Comments:

In
http://docs.sun.com/app/docs/doc/819-3679/abdhg?l=en&a=view

there's a paragraph about "Exporting and Importing the DAS certificate".

In this blog you don't talk about this.
Why?
Is a unnecessary step?
Can you explain about this?

Many Thanks

Posted by giuseppe on September 25, 2008 at 07:38 AM IST #

Hi,
I've tried the Sun plugin with httpd 2.2 and 2.0.
i got this error from both of them:

Cannot load /usr/local/apache/modules/mod_loadbalancer.so into server: ld.so.1: httpd: fatal: libprldap50.so: open failed: No such file or directory

the file is exists. but there is a problem with its version i think.

-bash-3.00# pwd
/usr/local/apache/conf
-bash-3.00# cd ../modules/
-bash-3.00# ldd mod_loadbalancer.so
..
..
libprldap50.so => /usr/sfw/lib/mozilla/libprldap50.so
libprldap50.so (LDAPCSDK_5.10) =>(version not found)
..

i think i will use mod_jk.

Posted by Yavuz on October 22, 2008 at 10:20 AM IST #

[Mon Mar 09 10:57:28 2009] [alert] ERROR:NSS could not be initialized; The issue may be missing security DB files under /usr/local/apache-parex/sec_db_files; Please ensure that secmod.db, key3.db and cert7.db files are present under /usr/local/apache-parex/sec_db_files; Refer documentation for more details; Aborting Plugin initialization ...

I've got in error log file.
Can you help me debug this ?

Posted by Mihail on March 09, 2009 at 07:28 AM IST #

I'm also got this problem on RHEL5.3 + Apache 2.2.3.. any idea?

[Sat Mar 14 01:10:43 2009] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Mar 14 01:10:43 2009] [notice] Initializing lbplugin BuildId: GlassFish V2.1 aslb-b07
[Sat Mar 14 01:10:44 2009] [notice] Digest: generating secret for digest authentication ...
[Sat Mar 14 01:10:44 2009] [notice] Digest: done
[Sat Mar 14 01:10:44 2009] [alert] ERROR:NSS could not be initialized; The issue may be missing security DB files under /etc/httpd/sec_db_files; Please ensure that secmod.db, key3.db and cert7.db files are present under /etc/httpd/sec_db_files; Refer documentation for more details; Aborting Plugin initialization ...

Posted by Teddy on March 13, 2009 at 03:42 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
About

Smitha Prabhu

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today