ParaViewWeb with system tomcat package

From KitwarePublic
Jump to navigationJump to search

ParaViewWeb


Introduction

The tomcat package that come inside the system package of a Linux distribution, has two limitation that needs to be managed in order to run ParaViewWeb on it. The first one is related to the fact that the system tomcat do not start in a run-level that has a server X which force ParaView to not use X and/or the GPU. For that special case, ParaView needs to be compiled with OSMesa. The second limitation is due to some security setting that prevent any web application to read/write on the disk or execute command lines. We will provide the list of the rules that needs to be bend.

Compiling ParaView with OSMesa

This will allow ParaView and therefore ParaViewWeb to work on an headless server. (No GPU, no server X)

System dependency

apt-get install xutils-dev

Compile OSMesa

mkdir OSMesa
cd OSMesa
mkdir install
wget ftp://ftp.freedesktop.org/pub/mesa/7.10.2/MesaLib-7.10.2.tar.gz
tar xvfz MesaLib-7.10.2.tar.gz
cd MesaLib-7.10.2
./configure --with-driver=xlib --disable-gallium --disable-egl --disable-glw --enable-gl-osmesa --prefix=../install
make
make install

Compile ParaView

PARAVIEWWEB_INSTALL : Absolute path where ParaViewWeb will be installed PARAVIEWWEB_SOURCE : Path of the ParaViewWeb source fetch from git.

> ccmake PARAVIEWWEB_SOURCE
BUILD_SHARED_LIBS          ON
CMAKE_BUILD_TYPE           Debug
CMAKE_INSTALL_PREFIX       PARAVIEWWEB_INSTALL
PARAVIEW_BUILD_QT_GUI      OFF
PARAVIEW_ENABLE_PYTHON     ON
VTK_OPENGL_HAS_OSMESA      ON

OSMESA_INCLUDE_DIR         /.../OSMesa/install/include/
OSMESA_LIBRARY             /.../OSMesa/install/lib/libOSMesa.so
VTK_USE_OFFSCREEN          ON
VTK_USE_X                  OFF

OPENGL_INCLUDE_DIR
OPENGL_gl_LIBRARY
OPENGL_glu_LIBRARY
OPENGL_xmesa_INCLUDE_DIR   OPENGL_xmesa_INCLUDE_DIR-NOTFOUND
> make
> make install

Configuring Tomcat

This explanation are based on an Ubuntu Linux distribution, so some explanation may need to be adjusted.

Installing tomcat

apt-get install tomcat6 sun-java6-jdk

Tomcat get installed in

  • /usr/share/tomcat6

and the web applications are located in

  • /var/lib/tomcat6/webapps

Deploying ParaViewWeb applications into tomcat

[as root]
cp PARAVIEWWEB_INSTALL/Web-apps/*.war /var/lib/tomcat6/webapps
cd /var/lib/tomcat6/webapps
chown -R tomcat6 PW*

Creating a ParaViewWeb working directory

[as root]
cd /var/lib/tomcat6
mkdir paraviewweb-work
cd paraviewweb-work
mkdir bin classpath data plugins logs states-working-dir states

cp PARAVIEWWEB_INSTALL/Web-apps/pw-config.properties classpath
cp PARAVIEWWEB_SOURCE/WebServer/PWService/external-libraries/derby.jar classpath
cp PARAVIEWWEB_INSTALL/bin/* bin
cp PARAVIEWWEB_INSTALL/lib/* bin
cp -r PARAVIEW_INSTALL/lib/paraview-X.XX/* bin
cp /.../OSMesa/insatll/lib/*.so bin
touch bin/PWServer.sh
chmod +x bin/PWServer.sh

cd ..
chown -R tomcat6 paraviewweb-work
chgrp -R tomcat6 paraviewweb-work

Configure ParaViewWeb

edit file /var/lib/tomcat6/paraviewweb-work/lib/pw-config.properties

###################################
# ParaView Web configuration file #
###################################

# Directory used to store application files
pw.working.directory=/var/lib/tomcat6/paraviewweb-work 

# Logging level that should be used [DEBUG, INFO, WARNING, ERROR, CRITICAL]
pw.logging.level=ERROR

# Do we enable logging [on, off, yes, no]
paraview.logging=OFF
pw.logging=ON

# Inactivity timeout for garbage collecting PWServer applications 
# time is given in minute
pw.garbage.collector.timeout=5

# Administration page user credentials
pw.admin.login=admin
pw.admin.password=CHANGE_ME

# Total number of resources available
pw.max.resources=5

# PWServer executable path settings
pw.executable.path.default=/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh

# Plugin directory settings
pw.plugins.default=/var/lib/tomcat6/paraviewweb-work/plugins

# Resource consumption definition
pw.resource.consumption.default=1

# Optional thirdpart properties
pw.gwt-app.data=/var/lib/tomcat6/paraviewweb-work/data
pw.gwt-app.states=/var/lib/tomcat6/paraviewweb-work/states
pw.gwt-app.confs=default

# Optional PWApp upload properties
# - size in MegaBytes
# - timeout in minute
# - types provides the set of extension allowed
pw.gwt-app.upload.size=10
pw.gwt-app.upload.timeout=2
pw.gwt-app.upload.types=vtp:vtk

pw.remote.log.dir=/var/lib/tomcat6/paraviewweb-work/logs

# Optional PWStateApp working directory
pw.state.working.directory=/var/lib/tomcat6/paraviewweb-work/states-workdir

edit file /var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh

export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/lib/tomcat6/paraviewweb-work/bin
/var/lib/tomcat6/paraviewweb-work/bin/PWServer $1 $2 $3 $4 $5 $6 $7 $8

Configure Tomcat

edit the file /etc/init.d/tomcat6

[...]
JSVC_CLASSPATH="/usr/share/java/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar:/usr/share/tomcat6/lib/:/var/lib/tomcat6/paraviewweb-work/classpath:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar"
[...]

Configure Java Security Manager

edit the file /var/lib/tomcat6/conf/policy.d/03catalina.policy

[...]
// Allow the embedded database to work just fine
grant codeBase "file:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar" {
       permission java.security.AllPermission;
};

edit the file /var/lib/tomcat6/conf/policy.d/04webapps.policy

grant { 
   [...]

   // ParaViewWeb Add-on -----------------------------

   // System configuration
   permission java.util.PropertyPermission "*", "read,write";
    
   // Working dir
   permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/-", "read,write,delete";
   permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work", "read";

   // Hibernate
   permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

   // JMS connection
   permission java.net.SocketPermission "127.0.0.1:61616", "connect,resolve";

   // PWserver launcher
   permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh", "execute";
 
   // For the shuttle sample
   permission java.lang.RuntimePermission "getClassLoader";
   permission java.net.SocketPermission "YOUR_HOSTNAME:80";

   // Flash renderer
   permission javax.management.MBeanServerPermission "createMBeanServer";
   permission javax.management.MBeanPermission "flex.management.runtime.*", "registerMBean";
   permission javax.management.MBeanTrustPermission "register";
};