Reminder: Do not include any PHI or PII in Confluence. If you require 508 accessibility assistance or any other support for this system, then please send an email to onc-jira-questions@healthit.gov
...
Stop the Tomcat 7 service by running:
Code Block | ||
---|---|---|
| ||
sudo service tomcat7 stop |
Append the following lines to the file /etc/default/tomcat7:
Code Block | ||
---|---|---|
| ||
JAVA_HOME="/usr/lib/jvm/java-7-oracle" |
...
JAVA_OPTS="-Djava.awt.headless=true -Xms384m -Xmx768m -XX:+UseConcMarkSweepGC" ulimit -n 8192 |
Info |
---|
The execution of the ulimit command above increases/sets the open files limit for the Tomcat 7 service process. The common default value on *nix systems is 1024, which is quite often insufficient. |
If the file /usr/share/tomcat7/bin/setenv.sh does not exist, create it by running:
Code Block | ||
---|---|---|
| ||
sudo touch /usr/share/tomcat7/bin/setenv.sh |
Append the following lines to the file /usr/share/tomcat7/bin/setenv.sh:
Code Block | ||
---|---|---|
| ||
CATALINA_OPTS="$CATALINA_OPTS -XX:PermSize=256m -XX:MaxPermSize=512m" |
...
CATALINA_OPTS="$CATALINA_OPTS -Ddcdt.data.dir=<path to |
...
data directory> -Ddcdt.web.user.admin.secret=<admin console admin user password>" |
<path to database data directory> is the : path to a directory where you want the Derby database that will persist the Discovery testcase credentials data to be createdpersisted.
-
<admin console admin user password>
is the: custom password (default="adminpass") to set for the admin console "admin" user.
Then, run the following command so that the Tomcat user will be able to create and write to the database data in the specified directory:
Code Block | ||
---|---|---|
| ||
sudo chown -R tomcat7:tomcat7 |
...
"$(dirname "<path to |
...
|
...
data |
...
|
...
directory>")" |
Start the Tomcat 7 service by running:
Code Block | ||
---|---|---|
| ||
sudo service tomcat7 start |
Configure Authbind on Ubuntu
If you are installing DCDT on Ubuntu, authbind is required to allow the Tomcat user to run on privileged ports (port numbers 0-1023). For DCDT, the DNS service must bind to port 53 and the mail service must bind to port 25. Authbind may already be installed on your version of Ubuntu and can be found in /etc/authbind. If it is not already installed:
Code Block | ||
---|---|---|
| ||
sudo apt-get install authbind |
To enable authbind so that Tomcat can bind to privileged ports, change the default setting AUTHBIND=no to AUTHBIND=yes in /etc/default/tomcat7.
Since authbind requires the use of IPv4, add the following to /etc/sysctl.conf:
Code Block | ||
---|---|---|
| ||
net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1 |
Reinitialize sysctl by running the following:
Code Block | ||
---|---|---|
| ||
sudo sysctl -p |
Restart the Tomcat service by running:
Code Block | ||
---|---|---|
| ||
sudo service tomcat7 restart |
Verify that Tomcat can access the privileged ports. The user ID of the Tomcat user can be viewed in /etc/passwd. A file with the name of the Tomcat user ID (e.g. 106) should exist in /etc/authbind/byuid/ and contain the following entry:
Code Block | ||
---|---|---|
| ||
0.0.0.0/0:1,1023 |