How to install webpasswordsafe 1.3 WAR on Centos 6

Here’s a quick howto on installing web password safe on CentOS 6 with tomcat.

Prerequiste:

You’ll need to have JAVA setup correctly with JCE installed and I assume that Tomcat is already installed. You can consult both documentation I wrote :

Howto install JDK 7 with JCE

Howto install Tomcat 7 on centos 6

I will describe the steps I took, feel free to tell me if there’s something to fix, it’s possible your setup is slightly different..

  • Install your CentOS with at least those package/group @Base, mysql-server2 and mysql-connector-java.noarch
    • Don’t forget to run mysql_secure_installation and change the root password..

 

  • Not sure on this one, because my system is kickstarted and automatically added to the repo, but you’ll probably need the EPEL repository ( rpm -Uhv http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm )

 

 

Now we’ll copy the MySQL JDBC driver to our Tomcat Install if it’s not already done:

# ls -lah /opt/apache-tomcat-7.0.53/lib/*mysql*

If you see a file there, skip the copy, you already have the JDBC driver installed.

# cp /usr/share/java/mysql-connector-java.jar /opt/apache-tomcat-7.0.53/lib/

Now we will create the database needed by passwordsafe and the user it will use to connect, plus the permission.

# mysql -u root -p
 mysql> create database webpasswordsafe;
 mysql> create user wps@localhost identified by 'PUT_A_SAFE_PASSWORD_HERE';
 mysql> grant all privileges on webpasswordsafe.* to wps@localhost;
 mysql> grant usage on webpasswordsafe.* to wps@localhost;
 mysql> flush privileges;
 mysql> exit

Now we will deploy the WAR for the first time, and configure some settings:

Stop tomcat if it run:

# /etc/init.d/tomcat-webpasswordsafe stop

Copy the WAR in the webapp directory of your tomcat install and we will rename it:

# cp -ar webpasswordsafe-sample-1.3.war /opt/webpasswordsafe/catalina_base/webapps/
# mv webpasswordsafe-sample-1.3.war webpasswordsafe-1.3.war

Start Tomcat:

# /etc/init.d/tomcat-webpasswordsafe start

Now let's configure few basics settings:

Set a new secret key at encryptor.jasypt.password

# cd /opt/webpasswordsafe/catalina_base/webapps/webpasswordsafe-1.3
# vim WEB-INF/encryption.properties

Edit the config to access the database:

# vim WEB-INF/jdbc.properties
 set db user key
 jdbc.username=wps
 jdbc.password=HERE_YOU_PASTE_THE_NOT_SO_SAFE_PASSWORD_YOU_PROBABLY_CHOOSE

 uncomment mysql config:
 # MySQL/MariaDB settings
 hibernate.dialect=org.hibernate.dialect.MySQL5InnoDBDialect
 jdbc.driverClassName=com.mysql.jdbc.Driver
 jdbc.url=jdbc:mysql://localhost:3306/webpasswordsafe
 jdbc.validationQuery=select 1

Now restart Tomcat and we'll see if everything work:

# /etc/init.d/tomcat-webpasswordsafe restart

Normally at this point you should be able to access the web interface via http://your-hostname-or-ip:8080/webpasswordsafe-1.3/

If you are using the default LocalAuthenticator the user/pass are: admin/admin

That's it for the install, check the Admin Guide for more informations regarding all the different options available in the config files.. I will probably add another post to cinfigure the LDAP connector and other features.

 

Be sure to setup a SSL connection if you want to use this in production... You don't want to access your password manager via http... You are gonna store all your password there, doublecheck EVERYTHING, root password, MySQL, SSL, ensure that you have the minimum service running on this host, iptables and SELinux enabled could be a great idea.

 

Note:

Howto install java JDK 7 on CentOS 6 with Java Cryptography Extension (JCE) enabled ready for Tomcat

This installation of java is for people who want to install java and use it with tomcat or any other app that don’t require the java bin to be in the $PATH…

 

Download the latest JDK 7 release: http://java.sun.com/javase/downloads/index.jsp

If you need to install the JCE, download it: Other Downloads -> Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. If you don’t know what JCE is, the chance are you won’t need it..

Untar the archive and move it to /opt

# tar -xzvf jdk-7u51-linux-x64.gz
# mv jdk-7u51-linux-x64 /opt/

If you downloaded the JCE, unzip it. We'll need to overwrite the default file. We'll backup the file before..

# mv /opt/jdk1.7.0_51/jre/lib/security/local_policy.jar /opt/jdk1.7.0_51/jre/lib/security/local_policy.jar.orig
# mv /opt/jdk1.7.0_51/jre/lib/security/US_export_policy.jar /opt/jdk1.7.0_51/jre/lib/security/US_export_policy.jar.orig
# unzip UnlimitedJCEPolicyJDK7.zip
# cp UnlimitedJCEPolicy/*.jar /opt/jdk1.7.0_51/jre/lib/security/

 

And voila!

 

 

Howto Install Tomcat 7 clean on Centos 6

Prerequisite: you need to have a working copy of Java installed. See my post about installing Java on CentOS 6 Here.

You’ll see that Tomcat is installed in /opt and every single application will use it’s own catalina_home, this is in place to separate different install and simplify the update process, same thing for java, if a single war don’t support a new version of tomcat, you can upgrade by application, changing only the symbolic link..

 

The user will use uid 5007, it’s a standard uid of the tomcat user where I work.

useradd -u 5007 -s /sbin/nologin -c "Tomcat" _tomcat

Download the latest tarball and extract it to /opt

tar xzvf apache-tomcat-7.0.53.tar.gz -C /opt
ln -s /opt/apache-tomcat-7.0.53 /opt/tomcat-webpasswordsafe

We will now create the catalina_home base config

cd /opt
mkdir -p webpasswordsafe/catalina_base
cd webpasswordsafe/catalina_base
mkdir bin conf logs webapps work temp
chown _tomcat logs webapps work temp

Now we'll create setenv.sh where the java_home will be set:

vim /opt/webpasswordsafe/catalina_base/bin/setenv.sh

Point the JAVA_HOME variable to your java home, if you have followed my howto on java it should look like this...

JAVA_HOME=/opt/java-webpasswordsafe

Copy the server.xml and web.xml to our catalina_base, the default should be ok:

cp /opt/apache-tomcat-7.0.53/conf/server.xml /opt/webpasswordsafe/catalina_base/conf/
cp /opt/apache-tomcat-7.0.53/conf/web.xml /opt/webpasswordsafe/catalina_base/conf/

We will now give the files the right ownership:

chmod -R 644 /opt/webpasswordsafe/catalina_base/conf/*
chown -R _tomcat._tomcat /opt/webpasswordsafe/catalina_base/

Create the init script used to start tomcat.

You'll have to adjust the variable CATALINA_BASE, CATALINA_HOME and SVC_SCRIPT to reflect your installation if it's not the same as mine.

vim /etc/init.d/tomcat-webpasswordsafe
#!/bin/bash
#
# Init file for buildserver tomcat
#
# chkconfig: 35 99 10
# description: BuildServer Tomcat
#

# source function library
. /etc/rc.d/init.d/functions

RETVAL=0
prog="tomcat pour le gestionnaire de password"

SVC_SCRIPT=/opt/tomcat-webpasswordsafe/bin/catalina.sh
SVC_START_ARGS="start"
SVC_STOP_ARGS="stop"
SVC_USER="_tomcat"

ECHO=/bin/echo
SUDO=/usr/bin/sudo
RUNUSER=/sbin/runuser

# Toute la config et les apps sont deployees dans ce repertoire
export CATALINA_BASE=/opt/webpasswordsafe/catalina_base
# Le repertoire ou tomcat est vraiment installe
export CATALINA_HOME=/opt/tomcat-webpasswordsafe


start()
{
 $ECHO -n $"Starting $prog: "
 # On utilise runuser au lieu de daemon() car daemon clear l'environnement... need CATALINA_*
 $RUNUSER -s /bin/bash -m -c "$SVC_SCRIPT $SVC_START_ARGS" "$SVC_USER" && success || failure
 RETVAL=$?
}

stop()
{
 $ECHO -n $"Stopping $prog: "
 $SVC_SCRIPT $SVC_STOP_ARGS && success || failure
 RETVAL=$?
}


case "$1" in
 start)
 start
 ;;
 stop)
 stop
 ;;
 restart)
 stop
 start
 ;;
 *)
 echo $"Usage: $0 {start|stop|restart}"
 RETVAL=1
esac
exit $RETVAL

Give the right permissions to the files:

chmod +x /etc/init.d/tomcat-webpasswordsafe

Enable the service to start at boot:

chkconfig tomcat-webpasswordsafe on

Let's try this!

Start tomcat with the init script we've just created:

/etc/init.d/tomcat-passwordsafe start

You can take a look at the log to see if everything is ok.

tail -f /opt/webpasswordsafe/catalina_base/logs/catalina.out

If you see something similar to INFO: Server startup in 33397 ms, your installation is fine you can go ahead and put your war file in the webapp directory in catalina_home.

 

Let me know what you think and if you have problem I'll be glad to help you, but this is pretty straight forward!

Spacewalk 2.1 Problem pushing config files to systems. ( ‘str’ object has no attribute ‘value’ )

I have a problem publishing config file to my registered system using satellite 2.1

When I run rhn_check on the systems I always get a: D: Sending back response(49, “Failed deployment, rolled back:  ‘str’ object has no attribute ‘value’”, {})

I found a bug opened few days ago, so I’m curently working with a DEV on this, it look like a bug, if you too face this bug, please comment on the bugreport!

https://bugzilla.redhat.com/show_bug.cgi?id=1087786

Here’s the full output of rhn_check -vv:

D: opening db environment /var/lib/rpm cdb:mpool:joinenv
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: locked db index /var/lib/rpm/Packages
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening db index /var/lib/rpm/Name rdonly mode=0x0
D: added key gpg-pubkey-0608b895-4bd22942 to keyring
D: added key gpg-pubkey-863a853d-4f55f54d to keyring
D: added key gpg-pubkey-b3892132-4c63febc to keyring
D: added key gpg-pubkey-c105b9de-4e0fd3a3 to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
D: opening db index /var/lib/rpm/Providename rdonly mode=0x0
D: check_action{'action': "<?xml version='1.0'?>\n<methodCall>\n<methodName>configfiles.deploy</methodName>\n<params>\n<param>\n<value><struct>\n<member>\n<name>files</name>\n<value><array><data>\n<value><struct>\n<member>\n<name>config_channel</name>\n<value><string>base-sepaq</string></value>\n</member>\n<member>\n<name>username</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>encoding</name>\n<value><string>base64</string></value>\n</member>\n<member>\n<name>checksum</name>\n<value><string>ec3c5c05a212c20ca690def7c2d3c79d</string></value>\n</member>\n<member>\n<name>filetype</name>\n<value><string>file</string></value>\n</member>\n<member>\n<name>delim_start</name>\n<value><string>{|</string></value>\n</member>\n<member>\n<name>delim_end</name>\n<value><string>|}</string></value>\n</member>\n<member>\n<name>symlink</name>\n<value><string></string></value>\n</member>\n<member>\n<name>modified</name>\n<value><string></string></value>\n</member>\n<member>\n<name>groupname</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>file_contents</name>\n<value><string>I3hmZ3hneGdmCiNBQUFBQUFBQUFBQUFBQUFBQUEKI0JCQkJCQkJCQkJCQkJCQkJCQkJCQgojQ0ND\nQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDCiNEREREREREREREREREREREREREREREREREREQK\n</string></value>\n</member>\n<member>\n<name>filemode</name>\n<value><int>644</int></value>\n</member>\n<member>\n<name>checksum_type</name>\n<value><string>md5</string></value>\n</member>\n<member>\n<name>path</name>\n<value><string>/etc/aaa</string></value>\n</member>\n<member>\n<name>selinux_ctx</name>\n<value><string>etc_t</string></value>\n</member>\n<member>\n<name>revision</name>\n<value><int>4</int></value>\n</member>\n</struct></value>\n</data></array></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n", 'version': 2, 'id': 126}
updateLoginInfo() login info
D: login(forceUpdate=True) invoked
logging into up2date server
D: rpcServer: Calling XMLRPC up2date.login
D: writeCachedLogin() invoked
D: Wrote pickled loginInfo at 1398439576.61 with expiration of 1398443176.61 seconds.
successfully retrieved authentication token from up2date server
D: logininfo:{'X-RHN-Server-Id': 1000010006, 'X-RHN-Auth-Server-Time': '1398439576.41', 'X-RHN-Auth': 'M0X4upKQItLGbt4W6CMUjQ==', 'X-RHN-Auth-Channels': [['prod-centos6-x86_64', '20140324072756', '1', '1'], ['prod-epel_rhel6_x86_64', '20140413154109', '0', '1'], ['prod-spacewalk-client-2.1-centos6-x86_64', '20140414235043', '0', '1'], ['prod-rhel6-vm-x64-esx5-5', '20140416225329', '0', '1']], 'X-RHN-Auth-User-Id': '', 'X-RHN-Auth-Expire-Offset': '3600.0'}
D: handle_action{'action': "<?xml version='1.0'?>\n<methodCall>\n<methodName>configfiles.deploy</methodName>\n<params>\n<param>\n<value><struct>\n<member>\n<name>files</name>\n<value><array><data>\n<value><struct>\n<member>\n<name>config_channel</name>\n<value><string>base-sepaq</string></value>\n</member>\n<member>\n<name>username</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>encoding</name>\n<value><string>base64</string></value>\n</member>\n<member>\n<name>checksum</name>\n<value><string>ec3c5c05a212c20ca690def7c2d3c79d</string></value>\n</member>\n<member>\n<name>filetype</name>\n<value><string>file</string></value>\n</member>\n<member>\n<name>delim_start</name>\n<value><string>{|</string></value>\n</member>\n<member>\n<name>delim_end</name>\n<value><string>|}</string></value>\n</member>\n<member>\n<name>symlink</name>\n<value><string></string></value>\n</member>\n<member>\n<name>modified</name>\n<value><string></string></value>\n</member>\n<member>\n<name>groupname</name>\n<value><string>root</string></value>\n</member>\n<member>\n<name>file_contents</name>\n<value><string>I3hmZ3hneGdmCiNBQUFBQUFBQUFBQUFBQUFBQUEKI0JCQkJCQkJCQkJCQkJCQkJCQkJCQgojQ0ND\nQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDCiNEREREREREREREREREREREREREREREREREREQK\n</string></value>\n</member>\n<member>\n<name>filemode</name>\n<value><int>644</int></value>\n</member>\n<member>\n<name>checksum_type</name>\n<value><string>md5</string></value>\n</member>\n<member>\n<name>path</name>\n<value><string>/etc/aaa</string></value>\n</member>\n<member>\n<name>selinux_ctx</name>\n<value><string>etc_t</string></value>\n</member>\n<member>\n<name>revision</name>\n<value><int>4</int></value>\n</member>\n</struct></value>\n</data></array></value>\n</member>\n</struct></value>\n</param>\n</params>\n</methodCall>\n", 'version': 2, 'id': 126}
D: handle_action actionid = 126, version = 2
D: do_call configfiles.deploy({'files': [{'config_channel': 'base-seq', 'username': 'root', 'encoding': 'base64', 'checksum': 'ec3c5c05a212c20ca690def7c2d3c79d', 'filetype': 'file', 'delim_start': '{|', 'modified': '', 'symlink': '', 'groupname': 'root', 'delim_end': '|}', 'selinux_ctx': 'etc_t', 'filemode': 644, 'file_contents': 'I3hmZ3hneGdmCiNBQUFBQUFBQUFBQUFBQUFBQUEKI0JCQkJCQkJCQkJCQkJCQkJCQkJCQgojQ0ND\nQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDQ0NDCiNEREREREREREREREREREREREREREREREREREQK\n', 'checksum_type': 'md5', 'path': '/etc/aaa', 'revision': 4}]},){'cache_only': None}
'str' object has no attribute 'value'
D: Sending back response(49, "Failed deployment, rolled back: 'str' object has no attribute 'value'", {})
D: do_call packages.checkNeedUpdate('rhnsd=1',){}
D: opening db environment /var/lib/rpm cdb:mpool:joinenv
D: opening db index /var/lib/rpm/Packages rdonly mode=0x0
D: loading keyring from pubkeys in /var/lib/rpm/pubkeys/*.key
D: couldn't find any keys in /var/lib/rpm/pubkeys/*.key
D: loading keyring from rpmdb
D: opening db index /var/lib/rpm/Name rdonly mode=0x0
D: added key gpg-pubkey-0608b895-4bd22942 to keyring
D: added key gpg-pubkey-863a853d-4f55f54d to keyring
D: added key gpg-pubkey-b3892132-4c63febc to keyring
D: added key gpg-pubkey-c105b9de-4e0fd3a3 to keyring
D: Using legacy gpg-pubkey(s) from rpmdb
D: opening db index /var/lib/rpm/Providename rdonly mode=0x0
D: closed db index /var/lib/rpm/Providename
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm
Loaded plugins: fastestmirror, rhnplugin
Config time: 0.033
D: rpcServer: Calling XMLRPC up2date.listChannels
This system is receiving updates from RHN Classic or Red Hat Satellite.
Setting up Package Sacks
Loading mirror speeds from cached hostfile
 * base: centos.mirror.rafal.ca
 * extras: centos.mirror.rafal.ca
 * updates: centos.mirror.rafal.ca
pkgsack time: 0.233
rpmdb time: 0.000
Checking for new repos for mirrors
repo time: 0.001
D: local action status: (0, 'rpm database not modified since last update (or package list recently updated)', {})
D: rpcServer: Calling XMLRPC registration.welcome_message
D: closed db index /var/lib/rpm/Providename
D: closed db index /var/lib/rpm/Name
D: closed db index /var/lib/rpm/Packages
D: closed db environment /var/lib/rpm

Fedora 15 problem with Empathy and you are unable to connect to msn ?

LAST UPDATE #2: An update as been pushed in the Fedora Testing repo and correct this problem. If you want to install this update you just have to use the enablerepo feature just like that:

#yum install papyon --enablerepo=updates-testing

The repository is enabled only for this update!


UPDATE #1: This has worked for me yesterday, but it's not working anymore.. I haven't been able to fix the issue... Please report your test and problems in the bug report at: https://bugzilla.redhat.com/show_bug.cgi?id=750884



Papyon : Can't login in Windows live : accountab.py:202:_HandleABFindAllResponse:AttributeError: 'NoneType' object has no attribute 'find'

If you get this erorr reported by ABRT on Fedora 15 and you are unable to connect to msn with empathy, here's a workaround.

Here's the bug report if you want to share your problem regarding this issue:

https://bugzilla.redhat.com/show_bug.cgi?id=750884

The workaround consist of a upstram patch that has been released. It will probably work it's way to fedora soon but for now you need to do some work by hand.

Here you can get the code to update: http://cgit.collabora.com/git/user/maiku/papyon.git/commit/?h=bug-42689&id=011201e47004538e732f247bfeb21634c6e1d97f

As you can see you have to edit three files. The path I will give you is the exact path under Fedora 15 but can change with other distrib. The line with "-" need to be commented with a "#" at the beginning of the line, and the line with a + need to be added..

1 - /usr/lib/python2.7/site-packages/papyon/service/description/SingleSignOn/RequestMultipleSecurityTokens.py

- CONTACTS = ("contacts.msn.com", "MBI")
+ CONTACTS = ("local-bay.contacts.msn.com", "MBI")
2 - /usr/lib/python2.7/site-packages/papyon/service/description/AB/__init__.py
-url = "http://contacts.msn.com/abservice/abservice.asmx"
+url = "http://local-bay.contacts.msn.com/abservice/abservice.asmx"
3 - /usr/lib/python2.7/site-packages/papyon/service/description/Sharing/__init__.py
-url = "http://contacts.msn.com/abservice/SharingService.asmx"
+url = "http://local-bay.contacts.msn.com/abservice/SharingService.asmx"

That's it!

Intel(R) Centrino(R) Advanced-N 6230 AGN not working by default with Fedora 15

I just got a new laptop, from my new job ( Yeah! ) and I was testing Fedora 15 on it. It’s a Toshiba Tecra R850 and by default on Fedora 15 with all available update applied in date of 28 May 2011.

So if you get something like this in your dmesg output, you probably just don’t have the right package.

    [ 8.751626] iwlagn: Intel(R) Wireless WiFi Link AGN driver for Linux, in-tree:d
    [ 8.751628] iwlagn: Copyright(c) 2003-2010 Intel Corporation
    [ 8.751729] iwlagn 0000:05:00.0: PCI INT A -> GSI 18 (level, low) -> IRQ 18
    [ 8.751769] iwlagn 0000:05:00.0: setting latency timer to 64
    [ 8.751909] iwlagn 0000:05:00.0: Detected Intel(R) Centrino(R) Advanced-N 6230 AGN, REV=0xB0
    [ 8.762800] iwlagn 0000:05:00.0: device EEPROM VER=0x716, CALIB=0x6
    [ 8.762802] iwlagn 0000:05:00.0: Device SKU: 0Xb
    [ 8.762804] iwlagn 0000:05:00.0: Valid Tx ant: 0X3, Valid Rx ant: 0X3
    [ 8.762830] iwlagn 0000:05:00.0: Tunable channels: 13 802.11bg, 24 802.11a channels
    [ 8.763257] iwlagn 0000:05:00.0: irq 49 for MSI/MSI-X
    [ 8.905727] iwlagn 0000:05:00.0: request for firmware file 'iwlwifi-6000g2b-5.ucode' failed.
    [ 8.907145] iwlagn 0000:05:00.0: request for firmware file 'iwlwifi-6000g2b-4.ucode' failed.
    [ 8.907150] iwlagn 0000:05:00.0: no suitable firmware found!
    [ 8.907448] iwlagn 0000:05:00.0: PCI INT A disabled

To resolve the issue simply install iwl6000g2b-firmware.noarch using yum.

# yum install iwl6000g2b-firmware.noarch

That's it, the package is just not installed by default!

MythTV and MythWEB on Fedora 14

I finally get everything working correctly… I don’t have a lot of time for this post, but I want to share how I corrected few problems I had.

1 – Sound problem. This one is cause by MythTV having problem dealing with PulseAudio. The solution was simple, and it was to set the MythTV FrontEnd audio device to ALSA:pulse … There’s no auto discovery for this.

The second problem was with MythWeb. I was unable to load the web interface.

Here’s the errors I got:

Apache logs:
PHP Fatal error:  Failed to open translation file:  modules_path/_shared/lang/English.lang in /usr/share/mythweb/classes/Translate.php on line 172
MythTV Backend:
MainServer, Warning: Unknown socket closing MythSocket

So I don't think this is the best fix ever. But if you're like me and totally pissed off do this:

# vim /usr/share/mythweb/classes/Translate.php

Modify this section (original) :

    // Load the primary language file, or English if the other doesn't exist.
        if (file_exists(modules_path.'/_shared/lang/'.$language.'.lang'))
            $path = modules_path.'/_shared/lang/'.$language.'.lang';
        else
            $path = modules_path.'/_shared/lang/English.lang';

After modification it should look like this:

       //if (file_exists(modules_path.'/_shared/lang/'.$language.'.lang'))
        if (file_exists('/usr/share/mythweb/modules/_shared/lang/English.lang'))
            $path = '/usr/share/mythweb/modules/_shared/lang/English.lang';
        else
            $path = '/usr/share/mythweb/modules/_shared/lang/English.lang';

And voila... everything is working now. Feel free to ask question I know there's not a lot of detail in this post but I've run into a lot of problem with this setup, so I can probably help!

++

Follow

Get every new post delivered to your Inbox.