ParaViewWeb with system tomcat package
Introduction
The tomcat package that come inside the system package of a Linux distribution, has two limitation that needs to be managed in order to run ParaViewWeb on it. The first one is related to the fact that the system tomcat do not start in a run-level that has a server X which force ParaView to not use X and/or the GPU. For that special case, ParaView needs to be compiled with OSMesa. The second limitation is due to some security setting that prevent any web application to read/write on the disk or execute command lines. We will provide the list of the rules that needs to be bend.
Compiling ParaView with OSMesa
This will allow ParaView and therefore ParaViewWeb to work on an headless server. (No GPU, no server X)
System dependency
apt-get install xutils-dev
Compile OSMesa
mkdir OSMesa cd OSMesa mkdir install
wget ftp://ftp.freedesktop.org/pub/mesa/7.10.2/MesaLib-7.10.2.tar.gz tar xvfz MesaLib-7.10.2.tar.gz cd MesaLib-7.10.2
./configure --with-driver=xlib --disable-gallium --disable-egl --disable-glw --enable-gl-osmesa --prefix=../install make make install
Compile ParaView
PARAVIEWWEB_INSTALL : Absolute path where ParaViewWeb will be installed PARAVIEWWEB_SOURCE : Path of the ParaViewWeb source fetch from git.
> ccmake PARAVIEWWEB_SOURCE
BUILD_SHARED_LIBS ON CMAKE_BUILD_TYPE Debug CMAKE_INSTALL_PREFIX PARAVIEWWEB_INSTALL PARAVIEW_BUILD_QT_GUI OFF PARAVIEW_ENABLE_PYTHON ON VTK_OPENGL_HAS_OSMESA ON OSMESA_INCLUDE_DIR /.../OSMesa/install/include/ OSMESA_LIBRARY /.../OSMesa/install/lib/libOSMesa.so VTK_USE_OFFSCREEN ON VTK_USE_X OFF OPENGL_INCLUDE_DIR OPENGL_gl_LIBRARY OPENGL_glu_LIBRARY OPENGL_xmesa_INCLUDE_DIR OPENGL_xmesa_INCLUDE_DIR-NOTFOUND
> make > make install
Configuring Tomcat
This explanation are based on an Ubuntu Linux distribution, so some explanation may need to be adjusted.
Installing tomcat
apt-get install tomcat6 sun-java6-jdk
Tomcat get installed in
- /usr/share/tomcat6
and the web applications are located in
- /var/lib/tomcat6/webapps
Deploying ParaViewWeb applications into tomcat
[as root] cp PARAVIEWWEB_INSTALL/Web-apps/*.war /var/lib/tomcat6/webapps cd /var/lib/tomcat6/webapps chown -R tomcat6 PW*
Creating a ParaViewWeb working directory
[as root] cd /var/lib/tomcat6 mkdir paraviewweb-work cd paraviewweb-work mkdir bin classpath data plugins logs states-working-dir states cp PARAVIEWWEB_INSTALL/Web-apps/pw-config.properties classpath cp PARAVIEWWEB_SOURCE/WebServer/PWService/external-libraries/derby.jar classpath cp PARAVIEWWEB_INSTALL/bin/* bin cp PARAVIEWWEB_INSTALL/lib/* bin cp -r PARAVIEW_INSTALL/lib/paraview-X.XX/* bin cp /.../OSMesa/insatll/lib/*.so bin touch bin/PWServer.sh chmod +x bin/PWServer.sh cd .. chown -R tomcat6 paraviewweb-work chgrp -R tomcat6 paraviewweb-work
Configure ParaViewWeb
edit file /var/lib/tomcat6/paraviewweb-work/lib/pw-config.properties
################################### # ParaView Web configuration file # ################################### # Directory used to store application files pw.working.directory=/var/lib/tomcat6/paraviewweb-work # Logging level that should be used [DEBUG, INFO, WARNING, ERROR, CRITICAL] pw.logging.level=ERROR # Do we enable logging [on, off, yes, no] paraview.logging=OFF pw.logging=ON # Inactivity timeout for garbage collecting PWServer applications # time is given in minute pw.garbage.collector.timeout=5 # Administration page user credentials pw.admin.login=admin pw.admin.password=CHANGE_ME # Total number of resources available pw.max.resources=5 # PWServer executable path settings pw.executable.path.default=/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh # Plugin directory settings pw.plugins.default=/var/lib/tomcat6/paraviewweb-work/plugins # Resource consumption definition pw.resource.consumption.default=1 # Optional thirdpart properties pw.gwt-app.data=/var/lib/tomcat6/paraviewweb-work/data pw.gwt-app.states=/var/lib/tomcat6/paraviewweb-work/states pw.gwt-app.confs=default # Optional PWApp upload properties # - size in MegaBytes # - timeout in minute # - types provides the set of extension allowed pw.gwt-app.upload.size=10 pw.gwt-app.upload.timeout=2 pw.gwt-app.upload.types=vtp:vtk pw.remote.log.dir=/var/lib/tomcat6/paraviewweb-work/logs # Optional PWStateApp working directory pw.state.working.directory=/var/lib/tomcat6/paraviewweb-work/states-workdir
edit file /var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/var/lib/tomcat6/paraviewweb-work/bin /var/lib/tomcat6/paraviewweb-work/bin/PWServer $1 $2 $3 $4 $5 $6 $7 $8
Configure Tomcat
edit the file /etc/init.d/tomcat6
[...] JSVC_CLASSPATH="/usr/share/java/commons-daemon.jar:$CATALINA_HOME/bin/bootstrap.jar:/usr/share/tomcat6/lib/:/var/lib/tomcat6/paraviewweb-work/classpath:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar" [...]
Configure Java Security Manager
edit the file /var/lib/tomcat6/conf/policy.d/03catalina.policy
[...] // Allow the embedded database to work just fine grant codeBase "file:/var/lib/tomcat6/paraviewweb-work/classpath/derby.jar" { permission java.security.AllPermission; };
edit the file /var/lib/tomcat6/conf/policy.d/04webapps.policy
grant { [...] // ParaViewWeb Add-on ----------------------------- // System configuration permission java.util.PropertyPermission "*", "read,write"; // Working dir permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/-", "read,write,delete"; permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work", "read"; // Hibernate permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // JMS connection permission java.net.SocketPermission "127.0.0.1:61616", "connect,resolve"; // PWserver launcher permission java.io.FilePermission "/var/lib/tomcat6/paraviewweb-work/bin/PWServer.sh", "execute"; // For the shuttle sample permission java.lang.RuntimePermission "getClassLoader"; permission java.net.SocketPermission "YOUR_HOSTNAME:80"; // Flash renderer permission javax.management.MBeanServerPermission "createMBeanServer"; permission javax.management.MBeanPermission "flex.management.runtime.*", "registerMBean"; permission javax.management.MBeanTrustPermission "register"; };