shibboleth-dev - RE: origin config problem?
Subject: Shibboleth Developers
List archive
- From: Scott Cantor <>
- To: 'RL 'Bob' Morgan' <>, 'Shib Design Team' <>
- Subject: RE: origin config problem?
- Date: Thu, 19 Jun 2003 00:35:16 -0400
- Importance: Normal
- Organization: The Ohio State University
Just to contribute a bit to this, I thought I'd relate my experience in
upgrading OSU's origin from 0.8 to 1.0. I followed Walter's
advice and used the edit in place -> build -> copy method, and it was MUCH
easier and the whole thing feels more controlled to me.
Maybe sysadmins won't like it, but this one did, a lot.
Now, I admit, I had my web server(s) all set, my SSO was already there, all
my PKI was done, but that meant all I had to do was deal
with Tomcat and this time it was simple.
What I did:
Installed latest Tomcat, moved my old 0.7 origin over from .18 to .24, fixed
some known issues with that, started new Tomcat,
tested, done. That was my basic starting point. I also edited server.xml and
changed the Host "unpackWARs" attribute to false.
- unpacked origin in /opt
- copied my 0.8 *.jks files to src/conf
(note you could use ant to generate your handle.jks, there's a task for it)
- fixed src/conf/resolver.xml for osu.edu
- edited src/conf/origin.properties
- usual defaults used, changed site name, hostnames, etc.
- used all the default /conf/* paths for stuff except for arps
$ mkdir conf/arps (personal preference, point is to be outside the webapp)
$ cp src/conf/arps/* conf/arps
$ ant
$ mv dist/shibboleth.war /usr/local/tomcat/webapps
I screwed up not uncommenting one required parameter, had to repeat the
edit/ant/mv cycle once. I still need to tweak Tomcat to
reload the webapp when I write over the warfile, but that will make it even
easier.
All totaled, about an hour, including the Tomcat upgrade from .18 to .24.
The ARPS are all that's outside the unexpanded warfile, so those could be put
in a good shared location for replication.
IMHO, this is the best way right now to deal with things. It gets even more
useful if you're writing attribute plugins, which I will
be.
-- Scott
PS. Whatever problems we're still having, it's apparently not the code, so I
suggest we ship.
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- Re: origin config problem?, (continued)
- Re: origin config problem?, Ryan Muldoon, 06/18/2003
- RE: origin config problem?, Scott Cantor, 06/18/2003
- Re: origin config problem?, Walter Hoehn, 06/18/2003
- Re: origin config problem?, RL 'Bob' Morgan, 06/18/2003
- RE: origin config problem?, Scott Cantor, 06/18/2003
- RE: origin config problem?, RL 'Bob' Morgan, 06/18/2003
- RE: origin config problem?, Scott Cantor, 06/18/2003
- RE: origin config problem?, RL 'Bob' Morgan, 06/18/2003
- RE: origin config problem?, Scott Cantor, 06/18/2003
- Re: origin config problem?, Walter Hoehn, 06/18/2003
- RE: origin config problem?, Scott Cantor, 06/19/2003
- RE: origin config problem?, RL 'Bob' Morgan, 06/18/2003
- RE: origin config problem?, Ryan Muldoon, 06/18/2003
Archive powered by MHonArc 2.6.16.