Pacific AppServer installation for non-root users - OpenEdge General - Forum

Posted by ssaulius123 on 19-Dec-2016 01:49

Hi,

I try to find pacific or administrators community groups, but "rollbase" or "rdbms administration" doesn't fit for my question. So, I write here - if I'm wring, please forward to correct list.

I try to install Pacific AppServer for evaluation. On our site there are rules, that our Progress services is runing on "non-root" user. If you run OE admin service as "progress" or "admin", and use sudo for most of admin tasks it works. Of course, after installation you need to leave some files with "set-user-id root" permissions (_mprosrv or _progres).

Pacific is quite new for me. So, I install it under root, and then find, that only root can enter to $DLC/servers/pasoe or run $DLC/servers/pasoe/bin/tcman.sh . How to make this installation to work for non-root user?

BTW, I want to avoid to use OE management utilities, because they are used for current webspeed applications (we need support current apps too). And they run under non-root user. So, this is in any case the same question.

One more question. Do I need progress admin server for starting/stopping pacific services? As I understand from presentations, for pacific I just need to create something in $DLC/servers/pasoe/webapps and configure/start it by tcman/sh or startup.sh scripts. This is pure tomcat application and everything is managed by tomcat.

BR,

Saulius

OpenEdge General - Forum

All Replies

Posted by Julian Steiner on 20-Dec-2016 05:05

Saulius,

the correct community group would probably be "OpenEdge Deployment". I'm not the most authorative source on PAS4OE, but it's an Apache Tomcat server under the hood.

So generally you would "chown" the start up scripts to a dedicated tomcat user/group and chmod 755 all relevant files to that user. It very much depends on your Linux distro how to enable the service. If it uses systemd, this is a good guide to follow:

www.digitalocean.com/.../how-to-install-apache-tomcat-8-on-centos-7

Hope that helps as a start, but maybe someone more experienced with running PAS4OE in production can chip in.

EDIT: This might also help: https://documentation.progress.com/output/ua/OpenEdge_latest/index.html#page/pasoe-admin/create-an-instance-(create).html#

When you create a new instance you can provide a -U flag to indicate the "owning" user of that instance.

Cheers

Julian

Posted by Michael Jacobs on 22-Dec-2016 06:58

You can refer to that installation URL, but it will not ultimately accomplish what is needed for OpenEdge.

If you change permissions or ownership of the files located in DLC/server/pasoe, you will only affect who can administer, patch, and update the version of TC distributed with OE. Those files are NOT what is configured and executed at run-time to host your ABL application.

OpenEdge uses Tomcat's supported 'instance' feature, where the core Tomcat files only supply the common libraries and utilities used for the run-time servers. The run-time servers are created, configured, and executed as individual 'instances' and is where your ABL application will be executed from.

It is the PASOE 'instances' that you create, configure, and manage ownership and permissions for to control the run-time execution. Each PASOE 'instance' may have it own security configuration of who owns it, manages it, and execute it.

You are still using the same UNIX security model, just in different locations.

Does that help?

Mike J.

Posted by ssaulius123 on 22-Dec-2016 09:35

Hi Mike and Julian,

Sorry for slow answer. We have quite hard period now on my site (before Christmas is very huge client load and we have a lot of extra maintenance work).

Your answers was quite helpful. I add shortly, for what I find time:

1. chown -R progress:developers /opt/app/pacific11.6/servers/paseo (as Julian propose)

2. Setup my environment (DLC, PATH)

3. $DLC/servers/pasoe/bin/tcman.sh create /u1/pasoe/ssaulius (with non-root user)

4. Then I can:

a. /u1/pasoe/ssaulius/bin/tcman.sh list – work

b. /u1/pasoe/ssaulius/bin/tcman.sh start – work

c. /u1/pasoe/ssaulius/bin/tcman.sh stop – work with warning about memory leak (most probable our main development server have too many other services running)

d. /u1/pasoe/ssaulius/bin/tcman.sh info – doesn’t work: “Server manager not installed - serverinfo action aborted”

Maybe tomorrow, maybe next week try to find time, what is it mean.

What I find more, that all articles like knowledgebase.progress.com/.../How-to-setup-a-Pacific-AppServer-within-a-Production-Pacific-AppServer-installation-for-REST-Transport or knowledgebase.progress.com/.../How-to-setup-a-Pacific-AppServer-within-a-Production-Pacific-AppServer-installation-for-APSV-Transport ...

...mention, that for setup you need to use OE management: (go to http://servername:9090/ and click+click+click...). It is not very good for our environment (some services we need to setup up to 9 environment's). I believe, that there is possibility to do it through scripts (I really like this tcman.sh command-line), but I can't find more or less simple "step by step" instructions how to do it (install progress, chmod and tweak something in $DLC, tcman.sh create..., vi some_properties and so on).

If someone from you have some links, it will be very helpfull. Because otherwise I need to go itself. But I don't believe, that there is no sites, which have more then 2 environments with quite complex architecture. ;-)

Thank you for you answers.

Lovely Christmas and Happy New Year,

Saulius

This thread is closed