Versions Compared

Old Version 5

changes.mady.by.user jtel Support

Saved on

compared with

New Version Current

changes.mady.by.user jtel Support

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Sv translation
languageen

Introduction

The WEB role provides the following functionality to the jtel platform.

  • Web Server Application for Agents, Supervisors and Administrators
  • SOAP Web Service API

WEB requires access to STORE, and DATA.

The web server is provided by the java based wildfly server, and uses port 8080. The load balancer (LB) is used to distribute sessions to the webserver(s), and to decrypt https if installed. The WEB role runs internally behind the LB role and does not use encryption.

Pre-Requisites

STORE must be mounted before installing this role. See Mounting STORE - All Linux except for STORE (Debian/Win2019).

Installation

MySQL Client

Install the mysql repository for enterprise Linux 8.x and the mysql community client as follows.

This disables some default repos which are activated by the base CentOS 8.x installation:

Translations Ignore
Code Block
# Disable some default stuff
dnf config-manager --disable mysql-connectors-community
dnf config-manager --disable mysql-tools-community
dnf -y module disable mysql

# Install the Oracle MySQL repo and the client
dnf -y install https://dev.mysql.com/get/mysql80-community-release-el8-1.noarch.rpm
dnf -y install mysql-community-client

Symbolic Link for Store

Since access to the store is performed using UNC paths, this path must be created and linked to the location of the STORE mount:

Translations Ignore


Code Block
mkdir /acd-store
ln -s /home/jtel/shared /acd-store/shared


This will enable the webserver to access paths like: //acd-store/shared

Debian 10/11 Install Java Runtime

Translations Ignore


Code Block
apt-get -y install default-jdk


Debian 12 Install Java Runtime

Translations Ignore


Code Block
mkdir -p /etc/apt/keyrings
wget -O - https://cdnpackages.jtel.de/downloads/java/jdk-8u202-linux-x64.rpm
dnf -y install ./jdk-8u202-linux-x64.rpm
rm -f jdk-8u202-linux-x64.rpmadoptium.net/artifactory/api/gpg/key/public | tee /etc/apt/keyrings/adoptium.asc
echo "deb [signed-by=/etc/apt/keyrings/adoptium.asc] https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | tee /etc/apt/sources.list.d/adoptium.list
apt update 
apt install temurin-8-jdk


Install Wildfly

The following commands will install and configure the wildfly server as a systemd service:

Translations Ignore


Code Block
cd # Get and unpack package
cd /home/jtel
wget http://cdn.jtel.de/downloads/jboss/wildfly-18.0.1.Final.0305.tar.gz
tar xzf wildfly-18.0.1.Final.0305.tar.gz
rm -f wildfly-18.0.1.Final.0305.tar.gz
# Make deployment directory, change ownership, link up
mkdir -p wildfly-18.0.1.Final/standalone/deployments
chown -R jtel:jtel wildfly-18.0.1.Final
ln -s /home/jtel/wildfly-18.0.1.Final wildfly-current

# Install systemctl service
cp /home/jtel/wildfly-current/systemd/wildfly.service /etc/systemd/system/wildfly.service
systemctl daemon-reload

# Install required fonts
tar -xvf /home/jtel/shared/JTELCarrierPortal/Update/resources/lucida.tar -C /usr/share/fonts/truetype/
chmod -R a+r /usr/share/fonts/truetype/lucida
fc-cache

# Create daily cron jobs
cd /etc/cron.daily
ln -s /home/jtel/wildfly-current/bin/jboss-logmaint.sh jboss-logmaint
ln -s /home/jtel/wildfly-current/bin/jboss-restart.sh jboss-restart

# Create update script
cd /usr/local/bin
ln -s /home/jtel/wildfly-current/bin/updatejb.sh
systemctl enable wildfly.service


Configure Firewall

The following commands open the necessary ports in the firewall:

Translations Ignore


Code Block
firewall-cmd --zone=public --add-port=5701-5801/tcp --permanent
firewall-cmd --zone=public --add-port=5455/tcp --permanent
firewall-cmd --zone=public --add-port=8080-8081/tcp --permanent
firewall-cmd --zone=public --add-port=4447/tcp --permanent
firewall-cmd --zone=public --add-port=5445/tcp --permanent
firewall-cmd --zone=public --add-port=20640/udp --permanent
firewall-cmd --zone=public --add-port=20642/udp --permanent
firewall-cmd --zone=public --add-port=20644/udp --permanent
firewall-cmd --reload

SELinux Configuration

Enforcing

ufw allow 5701:5801/tcp
ufw allow 5455/tcp
ufw allow 8080:8081/tcp
ufw allow 4447/tcp
ufw allow 5445/tcp
ufw allow 20640/udp
ufw allow 20642/udp
ufw allow 20644/udp


Or for a specific ethernet interfaceIn order that wildfly can run with selinux enabled (enforcing), the following command must be issued:

Translations Ignore


Code Block
rm -f /home/jtel/wildfly-current/systemd/wildfly.mod
rm -f /home/jtel/wildfly-current/systemd/wildfly.pp
checkmodule -M -m -o /home/jtel/wildfly-current/systemd/wildfly.mod /home/jtel/wildfly-current/systemd/wildfly.te
semodule_package -o /home/jtel/wildfly-current/systemd/wildfly.pp -m /home/jtel/wildfly-current/systemd/wildfly.mod
semodule -i /home/jtel/wildfly-current/systemd/wildfly.pp

Changing SELinux Configuration

If you would prefer to set selinux off, or set it to permissive, you can edit the following file and reboot:

Translations Ignore Code Block
ufw allow in on eth1 to any port 5701:5801 proto tcp
ufw allow in on eth1 to any port 5455 proto tcp
ufw allow in on eth1 to any port 8080:8081 proto tcp
ufw allow in on eth1 to any port 4447 proto tcp
ufw allow in on eth1 to any port 5445 proto tcp
ufw allow in on eth1 to any port 20640 proto udp
ufw allow in on eth1 to any port 20642 proto udp
ufw allow in on eth1 to any port 20644 proto udp


Configure Cron

Info

Some debian packages come with a default crontab configuration that we need to change. 

Check/Change Configuration

Code Block
# Check current configuration
less /etc/crontab
# Edit configuration
vi /etc/crontab
# Reload Config after change
/etc/init.d/cron reload

Expected Result

Image Added

vi /etc/selinux/config ... # Change SELINUX=enforcing to: SELINUX=permissive ... reboot

Configure Wildfly Server

First Server

Next, configure the wildfly server to attach to the database servers as appropriate.

The 4th line of this series of commands must be modified to contain the password for the database.

Status
colourRed
titleCaution Password

Translations Ignore


Code Block
DBPRI=acd-dbm
DBSTA=acd-dbs
DBREP=acd-dbr
DBPWD=<password>
sed -i -e "s/DATA_PRIMARY/${DBPRI}/g" -e "s/DATA_STATS/${DBSTA}/g" -e "s/DATA_REPORTS/${DBREP}/g" -e "s/DB_PASSWORD/${DBPWD}/g" /home/jtel/wildfly-current/standalone/configuration/standalone.xml
unset DBPWD
unset DBREP
unset DBSTA
unset DBPRI
cp /home/jtel/wildfly-current/standalone/configuration/standalone.xml /home/jtel/shared


Further Servers

If the configuration file has already been provided on STORE, then the following commands will copy it to the wildfly server.

Translations Ignore


Code Block
rm -f /home/jtel/wildfly-current/standalone/configuration/standalone.xml
cp /home/jtel/shared/standalone.xml /home/jtel/wildfly-current/standalone/configuration/standalone.xml
chown jtel:jtel /home/jtel/wildfly-current/standalone/configuration/standalone.xml


Configure Hazelcast Cluster

The hazelcast configuration file is now copied:

Translations Ignore


Code Block
rm -f /home/jtel/wildfly-current/standalone/configuration/hazelcast.xml
cp /home/jtel/shared/hazelcast.xml /home/jtel/wildfly-current/standalone/configuration/hazelcast.xml
chown jtel:jtel /home/jtel/wildfly-current/standalone/configuration/hazelcast.xml


Start Wildfly

Start the webserver as follows:

Translations Ignore


Code Block
updatejb.sh


Whether it is running, can be checked in the webserver log file:

Translations Ignore


Code Block
less /home/jtel/wildfly-current/standalone/log/server.log


Or by logging into the portal directly on port 8080 using a browser pointing to the following URL:

Translations Ignore


Code Block
http://acd-jb1:8080/CarrierPortal/sysadmin/login


The login page should appear, with the logo.

Sv translation
languagede

Status
colourRed
titleThis page is only available in English

Sv translation
languagefr

Introduction

Le rôle WEB fournit les fonctionnalités suivantes à la plate-forme jtel.

  • Application de serveur web pour les agents, les superviseurs et les administrateurs
  • API de service Web SOAP

WEB nécessite l'accès à MAGASIN, et aux DONNÉES.

Le serveur Web est fourni par le serveur java wildfly et utilise le port 8080. L'équilibreur de charge (LB) est utilisé pour distribuer les sessions sur le (s) serveur (s) Web et pour déchiffrer https s'il est installé. Le rôle WEB s'exécute en interne derrière le rôle LB et n'utilise pas de chiffrement.

Prérequis

STORE doit être monté avant d'installer ce rôle. Voir Mounting STORE - All Linux except for STORE (Debian/Win2019).

Installation

Lien symbolique pour le magasin

Comme l'accès au magasin se fait par des chemins UNC, ce chemin doit être créé et lié à l'emplacement de la monture du magasin :

Translations Ignore


Code Block
mkdir /acd-store ln -s /home/jtel/shared /acd-store/shared


Cela permettra au serveur web d'accéder à des chemins comme : //acd-store/partagé

Installer Java Runtime

Translations Ignore


Code Block
apt-get -y install default-jdk



Installer Wildfly

Les commandes suivantes permettent d'installer et de configurer le serveur wildfly en tant que service systemd :

Translations Ignore


Code Block
cd /home/jtel wget http://cdn.jtel.de/downloads/jboss/wildfly-18.0.1.Final.03.tar.gz tar xzf wildfly-18.0.1.Final.03.tar.gz rm -f wildfly-18.0.1.Final.03.tar.gz mkdir -p wildfly-18.0.1.Final/standalone/deployments chown -R jtel:jtel wildfly-18.0.1.Final ln -s /home/jtel/wildfly-18.0.1.Final wildfly-current cp /home/jtel/wildfly-current/systemd/wildfly.service /etc/systemd/system/wildfly.service systemctl daemon-reload cd /etc/cron.daily ln -s /home/jtel/wildfly-current/bin/jboss-logmaint.sh jboss-logmaint ln -s /home/jtel/wildfly-current/bin/jboss-restart.sh jboss-restart cd /usr/local/bin ln -s /home/jtel/wildfly-current/bin/updatejb.sh systemctl enable wildfly.service


Configurer le pare-feu

Les commandes suivantes permettent d'ouvrir les ports nécessaires dans le pare-feu :

Translations Ignore


Code Block
ufw allow 5701:5801/tcp ufw allow 5455/tcp ufw allow 8080:8081/tcp ufw allow 4447/tcp ufw allow 5445/tcp ufw allow 20640/udp ufw allow 20642/udp ufw allow 20644/udp


Ou pour une interface ethernet spécifique :

Translations Ignore


Code Block
ufw allow in on eth1 to any port 5701:5801 proto tcp ufw allow in on eth1 to any port 5455 proto tcp ufw allow in on eth1 to any port 8080:8081 proto tcp ufw allow in on eth1 to any port 4447 proto tcp ufw allow in on eth1 to any port 5445 proto tcp ufw allow in on eth1 to any port 20640 proto udp ufw allow in on eth1 to any port 20642 proto udp ufw allow in on eth1 to any port 20644 proto udp


Configurer le serveur Wildfly

Premier Serveur

Ensuite, configurez le serveur de wildfly pour qu'il s'attache aux serveurs de base de données comme il convient.

La 4e ligne de cette série de commandes doit être modifiée pour contenir le mot de passe de la base de données.

Status
colourRed
titleMot de passe de précaution

Translations Ignore


Code Block
DBPRI=acd-dbm DBSTA=acd-dbs DBREP=acd-dbr DBPWD=<password> sed -i -e "s/DATA_PRIMARY/${DBPRI}/g" -e "s/DATA_STATS/${DBSTA}/g" -e "s/DATA_REPORTS/${DBREP}/g" -e "s/DB_PASSWORD/${DBPWD}/g" /home/jtel/wildfly-current/standalone/configuration/standalone.xml unset DBPWD unset DBREP unset DBSTA unset DBPRI cp /home/jtel/wildfly-current/standalone/configuration/standalone.xml /home/jtel/shared


Autres serveurs

Si le fichier de configuration a déjà été fourni sur MAGASIN, les commandes suivantes le copieront sur le serveur de wildfly.

Translations Ignore


Code Block
rm -f /home/jtel/wildfly-current/standalone/configuration/standalone.xml cp /home/jtel/shared/standalone.xml /home/jtel/wildfly-current/standalone/configuration/standalone.xml chown jtel:jtel /home/jtel/wildfly-current/standalone/configuration/standalone.xml


Configurer la grappe de diffusion

Le fichier de configuration de hazelcast est maintenant copié :

Translations Ignore


Code Block
rm -f /home/jtel/wildfly-current/standalone/configuration/hazelcast.xml cp /home/jtel/shared/hazelcast.xml /home/jtel/wildfly-current/standalone/configuration/hazelcast.xml chown jtel:jtel /home/jtel/wildfly-current/standalone/configuration/hazelcast.xml


Démarrer Wildfly

Démarrez le serveur web comme suit :

Translations Ignore


Code Block
updatejb.sh


Il est possible de vérifier s'il fonctionne dans le fichier journal du serveur web :

Translations Ignore


Code Block
less /home/jtel/wildfly-current/standalone/log/server.log


Ou en se connectant au portail directement sur le port 8080 à l'aide d'un navigateur pointant sur l'URL suivante :

Translations Ignore


Code Block
http://acd-jb1:8080/CarrierPortal/sysadmin/login


La page de connexion doit apparaître, avec le logo.

Image Added