# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# LibreSource Installation notes
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Copyright (C) 2004-2007 Artenum SARL / INRIA
# http://www.libresource.org - contact@libresource.org
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Thank you for using LibreSource
# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Prerequisites
  You must install the following components on the server
  - JOnAS Application Server with Tomcat (http://jonas.objectweb.org/)
       [this version is released for JOnAS 4.7.6 and Tomcat 5.5.15]
  - JDK 1.5.x or 1.6.x versions (http://java.sun.com/j2se/)
  - PostgreSQL Database server (version 7.4.6 or more recent) (http://www.postgresql.org/)

cryptographic key generation for the Java Web Start applications
keytool -genkey -alias ls-so6 -dname "CN=LibreSource , OU=Groupware, O=Artenum, L=Paris, S=France, C=FR" -keyalg DSA -keysize 1024 -validity 1000 -keystore keystore -keypass tagada -storepass tagada

1) LibreSource config file
  - create a directory for the LibreSource indexation (kernel.indexationDataDir)
  - create a directory for the LibreSource file exchange (libresource.distributedFilesystem)
  - give to the postgres group the right to use these folders
     sudo chgrp postgres tmp/files tmp/index
     sudo chmod g+rwx tmp/files tmp/index
  - create the libresource database in PostgreSQL
  - create the libresource user in PostgreSQL
  - allow this user to be a superuser : 
    ALTER USER libresource WITH superuser;
  - Edit the file $LIBRESOURCE_HOME/Distribution/ls-config.properties
     in order to set your server properties
  - Edit the file $LIBRESOURCE_HOME/Distribution/build.properties
     in order to choose the service you want
  - Export the JONAS_ROOT path 
     (The following given path should be updated regarding your personnal configuration)
     on windows: SET JONAS_ROOT=c:/JONAS_4_7_x
     on linux  : export JONAS_ROOT=/opt/JONAS_4_7_x
  - Run "./ThirdPart/ant/bin/ant clean-all; ./ThirdPart/ant/bin/ant deploy" to build 
      the LibreSource ear and libresourceDS.properties and libresourceMail.properties and libresourceConfig.properties


2) Security configuration
  - Edit the file JONAS_ROOT/conf/jaas.config and add those text lines

	=> if you are using the local database for authentication (default)
    libresource {
			org.libresource.security.InternalBaseLoginModule requisite;
			org.objectweb.jonas.security.auth.spi.ClientLoginModule requisite globalCtx="false";
		};
		
    => if you are using a CAS server for the authentication
	    libresource {
        org.libresource.security.CASLoginModule requisite;
        org.objectweb.jonas.security.auth.spi.ClientLoginModule requisite globalCtx="false";
    };


3) Database access
  After install postgres on the server, configure JOnAS to access database
  - Database driver
    + Copy the file $LIBRESOURCE_HOME/ThirdPart/driver/postgresql.jar to JONAS_ROOT/lib/ext/

  - Datasource for JOnAS
    + If you did not use the "deploy" ant task, then copy the file $LIBRESOURCE_HOME/Distribution/Application/libresourceDS.properties in $JONAS_ROOT/conf
    + Edit the folowing line in the file $JONAS_ROOT/conf/jonas.properties
        jonas.service.dbm.datasources	libresourceDS
    + Remove "db" (hsql db service) in the following line in the file $JONAS_ROOT/conf/jonas.properties
        jonas.services    registry,jmx,jtm,dbm,security,resource,ejb,web,ear


4) Notifications
  You have to configure a MailSession that point to a valid mail server and the jabber user
  - MailSession definition
    + If you did not use the "deploy" ant task, then copy the file $LIBRESOURCE_HOME/Distribution/Application/libresourceMail.properties in $JONAS_ROOT/conf
    + Edit the folowing line in $JONAS_ROOT/conf/jonas.properties
        jonas.service.mail.factories	libresourceMail
    + Add "mail" at the end of the following line in the file $JONAS_ROOT/conf/jonas.properties
        jonas.services    registry,jmx,jtm,dbm,security,resource,ejb,web,ear,mail

5) Parametric configuration
  - specific configuration definition
    + If you did not use the "deploy" ant task, then copy the file $LIBRESOURCE_HOME/Distribution/Application/libresourceConfig.properties in $JONAS_ROOT/conf
    + Edit the folowing line in $JONAS_ROOT/conf/jonas.properties (LibreSourceMail is optional if you don't want to proceed the notification part)
        jonas.service.mail.factories	libresourceMail, libresourceConfig
    + Add "mail" at the end of the following line in the file $JONAS_ROOT/conf/jonas.properties if you didn't do it in the Notification part.
        jonas.services    registry,jmx,jtm,dbm,security,resource,ejb,web,ear,mail

6) Deployement of the ear
  - Remove the applications deploy by default :
    + JONAS_ROOT/apps/autoload/*.ear
      ++ NOTE : keep the JONAS_ROOT/apps/autoload/LibreSource-XXXX.ear
    + JONAS_ROOT/ejbjars/autoload/*.jar
   ++ NOTE : If you have set the protocol to "jeremie" the JONAS_ROOT/conf/carole.properties file, this step is mandatory (because these ejbs were compiled with the default protocol ("jrmp").
    + JONAS_ROOT/webapps/autoload/*.war
      ++ NOTE : you can keep the jonasAdmin.war (a webapp for administration of JOnAS) if you want to use it
    + JONAS_ROOT/webapps/autoload/jonas-doc-en
    + JONAS_ROOT/webapps/autoload/jonas-javadoc
  - If you did not use the "deploy" ant task, then copy the file $LIBRESOURCE_HOME/Distribution/Application/LibreSource-VERSION.ear in the directory JONAS_ROOT/apps/autoload/


7) CAS server (This is not needed by default)
  - If you want to start the Authentication server, you have to configure an https connector in tomcat
    + Create an ssl certificat (you can use openssl or the keytool available in java)
      cd $JONAS_ROOT
      keytool -genkey -alias tomcat -keyalg RSA -keystore truststore-tomcat
        ++ NOTE : the name (CN) MUST BE the name of your LibreSource server
        ++ NOTE : for this example the password is "secret"
        ++ NOTE : complete generation : keytool -genkey -alias tomcat -dname "CN=localhost, OU=Groupware, O=Artenum, L=Paris, S=France, C=FR" -keyalg DSA -keysize 1024 -validity 1000 -keystore truststore-tomcat -keypass secret -storepass secret
      keytool -export -alias tomcat -rfc -file tomcat.cer -keystore truststore-tomcat

  - You have to trust the CAS server certificat :
    + Import certificat
      keytool -import -alias tomcat -file tomcat.cer -keystore truststore-jvm
    + Trust it in java
      [if you are root]
          sudo cp truststore-jvm $JAVA_HOME/jre/lib/security/cacerts
      [otherwise]	
          export JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStore=$JONAS_ROOT/truststore-jvm"
    + Edit $JONAS_ROOT/conf/server.xml
      and uncomment this block
        <Connector port="9043" maxHttpHeaderSize="8192"
           maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="truststore-tomcat" keystorePass="secret" />
     and configure it to use the certificat you have created
   
   More doc about SSL here :
        > http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html

8) Subversion installation
  - The LibreSource Subversion service manage dynamicaly the 
    subversion configuration files for user authentication and 
    security management. Thus, in order to use this services, 
    a subversion server must be installed and configured to used 
    those generated files.

  - Configure LibreSource for your subversion (Properties to defined in $LIBRESOURCE_HOME/Distribution/ls-config.properties)
      > subversion.authz.file.path      : Specify the path to the authz file that your Subversion should use (security mapping)
      > subversion.passwd.file.path     : Specify the path to the passwd file that your Subversion should use (user authentication)
      > subversion.repository.base.path : Working area for LibreSource. Should be set by the administrateur as the root 
      > subversion.admin.login          : Subversion Libresource superuser
      > subversion.admin.password       : Subversion Libresource superuser password

  - Configure the Subversion installation
      > Create only one repository that should respond at svn://YOUR_LS_SERVER/ls-svn
      > Check-out the content of this repository
         + svn co svn://forge.artenum.com/ls-svn  "THE_PATH_YOU_SET_FOR_LS_subversion.repository.base.path"
      > Delete all the repository content and commit
         + cd "THE_PATH_YOU_SET_FOR_LS_subversion.repository.base.path"
         + svn delete trunk
         + svn delete tags
         + svn delete branches
         + svn commit -m "Initialisation"
      > Edit the configuration file "svnserve.conf" (authz/passwd should refer to the file path specified in LibreSource)
         [general]
         authz-db    = authz
         password-db = passwd
         
         anon-access = none
         auth-access = read
         
9) Run LibreSource
  - jonas start
      > http://localhost:9000/
      > https://localhost:9043/cas/  (Is not provided by default)

10) Some optimizations...
  - Run JOnAS with some java properties set
    + Edit the folowing line in $JONAS_ROOT/conf/jonas.properties
        jonas.service.jtm.timeout    3000
    + Depending the amount of memory you have : export JAVA_OPTS="$JAVA_OPTS -server -Xms768m -Xmx768m"
    + For JFreeChart (need a X server) : export JAVA_OPTS="$JAVA_OPTS -Djava.awt.headless=true"

  - For long execution of the server, we recommand you to execute these commands periodically :
    + jonas admin -passivate 
      ++ NOTE : The passivate action is optional since JONAS 4.6.x
    + vacuumdb -f libresource
      ++ you can, for example, use the cron daemon with the following crontab :
           1       */2     *       *       *       jonas admin -passivate
           1       1       *       *       *       vacuumdb -f -a