Friday, December 7, 2012

Install SOLR on Ubuntu 12.04 LTS for Alfresco v4.0.x

How to install SOLR on a separate tomcat on Ubuntu 12.04 LTS 64 bit machine for Alfresco v4.0.2 EE or v4.0.e CE?

1) Download the Solr distribution file alfresco-enterprise-solr-4.0.2.zip from Alfresco Support or alfresco-community-solr-4.0.e.zip from
https://wiki.alfresco.com/wiki/Community_file_list_4.0.e and unzip it in your user home directory.

/home/deepak$ wget http://dl.alfresco.com/release/community/build-
00007/alfresco-community-solr-4.0.e.zip

/home/deepak$ unzip alfresco-community-solr-4.0.e.zip -d alfresco-community-solr-
4.0.e

This file contains the following artifacts:
• A template SOLR home directory containing solr.xml, which is expected by Solr
• Solr WAR file (apache-solr-1.4.1.war)
• An example web application context file to wire up in Tomcat (solr-tomcat-context.xml)
• A lib directory with all the required Alfresco and other JARs.
• Two Solr core configurations: one to track the live SpacesStore (workspace-SpacesStore folder)
and one to track items archived from the SpacesStore. (archive-SpacesStore folder)

2) I assume that tomcat6 server and java are installed on Ubuntu. Next, we need to create
/var/alfsolr directory for Solr Web Application and copy all the files of 
alfresco-communitysolr-4.0.e directory and make it accessible to tomcat6 user.

/var$ sudo mkdir alfsolr

/var/alfsolr$ sudo cp -r /home/deepak/alfresco-community-solr-4.0.e/* /var/alfsolr/

Change the ownership of directory (with –R --Recursive option) to tomcat6 for user & group.
/var$ sudo chown –R tomcat6:tomcat6 alfsolr/

Check if ownership of alfsolr directory is tomcat6 for user & group.
/var$ ls –l alfsolr/

drwxr-xr-x 3 tomcat6 tomcat6 4096 Nov 28 11:24 alf_data
-rw-r--r-- 1 tomcat6 tomcat6 4105628 Nov 28 11:24 apache-solr-1.4.1.war
-rw-r--r-- 1 tomcat6 tomcat6 4101544 Nov 28 11:24 apache-solr-1.4.1.war.unpatched
drwxr-xr-x 5 tomcat6 tomcat6 4096 Nov 28 12:53 archive-SpacesStore
-rw-r--r-- 1 tomcat6 tomcat6 6127 Nov 28 12:51 CreateSSLKeystores.txt
drwxr-xr-x 2 tomcat6 tomcat6 4096 Nov 28 11:24 docs
-rw-r--r-- 1 tomcat6 tomcat6 6720 Nov 28 11:24 HowToSetUpSolr.txt
drwxr-xr-x 2 tomcat6 tomcat6 4096 Nov 28 11:24 lib
-rw-rw-r-- 1 tomcat6 tomcat6 228 Nov 28 13:55 solr-tomcatcontext.xml
-rw-r--r-- 1 tomcat6 tomcat6 322 Nov 28 11:24 solr.xml
drwxr-xr-x 5 tomcat6 tomcat6 4096 Nov 28 12:53 workspace-SpacesStore

3) Deploy Solr Web Application Context file (solr-tomcat-context.xml) in tomcat.
Copy solr-tomcat-context.xml file in “/var/lib/tomcat6/conf/Catalina/localhost” directory.

/var$ sudo cp /var/alfsolr/solr-tomcat-context.xml
/var/lib/tomcat6/conf/Catalina/localhost/solr.xml

4) Modify solr.xml file, so paths match the installation, set the location of the Solr war file and the location of the Solr home directory: (docBase property & “solr/home” Env. variable)

The original file looks like:

< ? xml version="1.0" encoding="utf-8" ? >
< Context docBase="@@ALFRESCO_SOLR_DIR@@/apache-solr-1.4.1.war"
debug="0" crossContext="true" >

< Environment
name="solr/home" type="java.lang.String"
value="@@ALFRESCO_SOLR_DIR@@" override="true" / >

</ Context >

The modified file should look like:

< ? xml version="1.0" encoding="utf-8" ? >
< Context docBase="/var/alfsolr/apache-solr-1.4.1.war" debug="0" crossContext="true" >

< Environment
name="solr/home" type="java.lang.String"
value="/var/alfsolr" override="true"
 / >
</ Context >

Change the ownership of file to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/conf/conf/Catalina/localhost/solr.xml

Check if ownership of file is tomcat6 for user & group.
/var$ ls -l /var/lib/tomcat6/conf/Catalina/localhost/solr.xml

-rw-r--r-- 1 tomcat6 tomcat6 367 Nov 28 19:20 /var/lib/tomcat6/conf/Catalina/localhost/solr.xml

5) For each core, edit solrcore.properties file
/var/alfsolr/workspace-SpacesStore/conf/solrcore.properties &
/var/alfsolr/archive-SpacesStore/conf/solrcore.properties files.

1. Edit the "data.dir.root" property to where the Solr indexes will be stored - you can set the
same value for the both cores and the cores will create the sub-directories.

2. Edit the Hostname to point to Alfresco "alfresco.host" - this could point to the load balancer
in front of an Alfresco cluster.

# Top level directory path for the indexes managed by Solr.
data.dir.root=/var/alfsolr

# Alfresco hostname.
alfresco.host=api.alfresco.com

# Alfresco HTTP port.
alfresco.port=8080

# Alfresco HTTPS port.
alfresco.port.ssl=8443

# Value can be https or none.
alfresco.secureComms=https

# Instructs Solr if it should index Alfresco content repository store or not.
# Value can be true or false. Default value is true.
enable.alfresco.tracking=true

# Cron expression for Solr to track Alfresco and index new or updated content.
# The default value indicates that Solr tracks Alfresco every 15 seconds.
# We can change it as per our requirement.
alfresco.cron=0/15 * * * * ? *

6) Create and populate a keystore directory for the Alfresco and Solr servers. Alfresco need to talk over HTTPS with Solr.

By default, the keystore directory is created in /alf_data/keystore or
/var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/keystore.

Please note that at this stage the keystore directory will just be a template, containing standard
keys. To secure the installation, you must follow the steps to generate new keys as explained in
http://docs.alfresco.com/4.0/topic/com.alfresco.enterprise.doc/tasks/generate-keyssolr.html section.

Download keystore directory from /var/lib/tomcat6/webapps/alfresco/WEBINF/classes/alfresco/keystore to your home directory on Ubuntu where, SOLR Web Application
is getting installed.

Now, copy keystore directory files to /var/alfsolr/keystore directory.
/var$ sudo cp –r /home/deepak/keystore/* /var/alfsolr/keystore

Change the ownership (with –R --Recursive option) to tomcat6 for user & group.
/var$ sudo chown –R tomcat6:tomcat6 /var/alfsolr/keystore

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/alfsolr/keystore

-rw-r--r-- 1 tomcat6 tomcat6 1904 Nov 29 13:55 browser.p12
-rw-r--r-- 1 tomcat6 tomcat6 6276 Nov 28 12:51 CreateSSLKeystores.txt
-rw-r--r-- 1 tomcat6 tomcat6 5942 Nov 28 12:51 generate_keystores.bat
-rw-r--r-- 1 tomcat6 tomcat6 5679 Nov 28 12:51 generate_keystores.sh
-rw-r--r-- 1 tomcat6 tomcat6 645 Nov 28 12:51 keystore
-rw-r--r-- 1 tomcat6 tomcat6 211 Nov 28 12:51 keystorepasswords.properties
-rw-r--r-- 1 tomcat6 tomcat6 574 Nov 28 12:51 readme.txt
-rw-r--r-- 1 tomcat6 tomcat6 1388 Nov 29 13:55 ssl.keystore
-rw-r--r-- 1 tomcat6 tomcat6 253 Nov 28 12:51 ssl-keystorepasswords.properties
-rw-r--r-- 1 tomcat6 tomcat6 1397 Nov 29 13:55 ssl.truststore
-rw-r--r-- 1 tomcat6 tomcat6 175 Nov 28 12:51 ssl-truststorepasswords.properties

7) Configure the Solr Tomcat to use the keystore and truststore for https requests, by editing the specification of the connector on port 8443 in /var/lib/tomcat6/conf/server.xml as follows.

< Connector
port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/var/alfsolr/keystore/ssl.keystore"
keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/var/alfsolr/keystore/ssl.truststore"
truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="false" sslProtocol="TLS"
allowUnsafeLegacyRenegotiation="true" maxSavePostSize="-1"
/ >

Change the ownership to tomcat6 for user & group.
/var$ sudo chown  tomcat6:tomcat6 /var/lib/tomcat6/conf/server.xml

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/lib/tomcat6/conf/server.xml

-rw-r--r-- 1 tomcat6 tomcat6 7188 Nov 30 12:49 /var/lib/tomcat6/conf/server.xml

8) Add the following user to the /var/lib/tomcat6/conf/tomcat-users.xml file, which will allow the
Alfresco to authenticate with Solr.

< tomcat-users >
< user
username="CN=Alfresco Repository, OU=Unknown, O=Alfresco
Software Ltd., L=Maidenhead, ST=UK, C=GB"
roles="repository"
password="null"
/ >
</ tomcat-users >

Change the ownership to tomcat6 for user & group.
/var$ sudo chown tomcat6:tomcat6 /var/lib/tomcat6/conf/tomcatusers.xml

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/lib/tomcat6/conf/tomcat-users.xml

-rw-r--r-- 1 tomcat6 tomcat6 1832 Nov 30 07:54 /var/lib/tomcat6/conf/tomcat-users.xml

Now, we need to configure Alfresco server, which is deployed on a separate tomcat to communicate
with SOLR server.

1) Stop Alfresco tomcat server.
/var$ sudo /etc/init.d/tomcat6 stop

2) We know that the keystore directory is /alf_data/keystore or
/var/lib/tomcat6/webapps/alfresco/WEB-INF/classes/alfresco/keystore.

We need to copy keystore directory files to /var/alfresco/alf_data/keystore directory and
make it accessible to tomcat6 user.

Create the above directory if it doesn’t exist.
/var$ sudo mkdir -p alfresco/alf_data/keystore

Change the ownership (with –R --Recursive option) to tomcat6 for user & group.
/var$ sudo chown –R tomcat6:tomcat6 /var/alfresco

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/alfresco

Copy keystore directory files to /var/alfresco/alf_data/keystore directory.
/var$ sudo cp –r /var/lib/tomcat6/webapps/alfresco/WEBINF/classes/alfresco/keystore/* /var/alfresco/alf_data/keystore

Change the ownership (with –R --Recursive option) to tomcat6 for user & group.
/var$ sudo chown –R tomcat6:tomcat6 /var/alfresco/alf_data/keystore

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/alfresco/alf_data/keystore

-rw-r--r-- 1 tomcat6 tomcat6 1904 Nov 29 13:55 browser.p12
-rw-r--r-- 1 tomcat6 tomcat6 6276 Nov 28 12:51 CreateSSLKeystores.txt
-rw-r--r-- 1 tomcat6 tomcat6 5942 Nov 28 12:51 generate_keystores.bat
-rw-r--r-- 1 tomcat6 tomcat6 5679 Nov 28 12:51 generate_keystores.sh
-rw-r--r-- 1 tomcat6 tomcat6 645 Nov 28 12:51 keystore
-rw-r--r-- 1 tomcat6 tomcat6 211 Nov 28 12:51 keystorepasswords.properties
-rw-r--r-- 1 tomcat6 tomcat6 574 Nov 28 12:51 readme.txt
-rw-r--r-- 1 tomcat6 tomcat6 1388 Nov 29 13:55 ssl.keystore
-rw-r--r-- 1 tomcat6 tomcat6 253 Nov 28 12:51 ssl-keystorepasswords.properties
-rw-r--r-- 1 tomcat6 tomcat6 1397 Nov 29 13:55 ssl.truststore
-rw-r--r-- 1 tomcat6 tomcat6 175 Nov 28 12:51 ssl-truststorepasswords.properties

3) Edit /var/lib/tomcat6/shared/classes/alfresco-global.properties file and add following SOLR related properties.

### Solr indexing ###

# Absolute Path to your keystore directory for configuring Alfresco to talk to SOLR
dir.keystore=/var/alfresco/alf_data/keystore

# The subsystem type value. Value is either solr or lucene.
index.subsystem.name=solr

# Solr hostname
solr.host=solr.alfresco.com

# Http port
solr.port=8080

# Https port
solr.port.ssl=8443

# Value can be https, or none
solr.secureComms=https

4) Configure the Alfresco Tomcat to use the keystore and truststore for https requests, by
editing the specification of the connector on port 8443 in /var/lib/tomcat6/conf/server.xml
as follows.

< Connector
port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
SSLEnabled="true" maxThreads="150" scheme="https"
keystoreFile="/var/alfresco/alf_data/keystore/ssl.keystore"
keystorePass="kT9X6oe68t" keystoreType="JCEKS"
secure="true" connectionTimeout="240000"
truststoreFile="/var/alfresco/alf_data/keystore/ssl.truststore"
truststorePass="kT9X6oe68t" truststoreType="JCEKS"
clientAuth="false" sslProtocol="TLS"
/ >

Change the ownership to tomcat6 for user & group.
/var$ sudo chown  tomcat6:tomcat6 /var/lib/tomcat6/conf/server.xml

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/lib/tomcat6/conf/server.xml

5) Add the following user to the /var/lib/tomcat6/conf/tomcat-users.xml file, which will allow
the Solr to authenticate with Alfresco.

< tomcat-users >
< user
username="CN=Alfresco Repository Client, OU=Unknown,
O=Alfresco Software Ltd., L=Maidenhead, ST=UK, C=GB"
roles="repoclient"
password="null"
/ >
</ tomcat-users >

Change the ownership to tomcat6 for user & group.
/var$ sudo chown –R tomcat6:tomcat6 /var/lib/tomcat6/conf/tomcat-users.xml

Check if ownership is tomcat6 for user & group.
/var$ ls –l /var/lib/tomcat6/conf/tomcat-users.xml

6) Start Alfresco tomcat server.
/var$ sudo /etc/init.d/tomcat6 start

7) After Alfresco server starts up, start tomcat server that has Solr Web Application deployed
on a separate Ubuntu box.

/var$ sudo /etc/init.d/tomcat6 start

Now, you will see indexes are getting created under /var/alfsolr/workspace/SpacesStore/index & /var/alfsolr/archive/SpacesStore/index directories.

NOTE: If your certificate is expired then, you may get exception as below. Create a new certificate by following steps given in 
http://docs.alfresco.com/4.0/topic/com.alfresco.enterprise.doc/tasks/generatekeys-solr.html


Exception:
Caused by: sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: timestamp check failed
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:173)
at sun.security.validator.Validator.validate(Validator.java:218)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:167)
at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkClientTrusted(X509TrustManagerImpl.java:237)
at com.sun.net.ssl.internal.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1395)
... 21 more
Caused by: java.security.cert.CertPathValidatorException: timestamp check failed
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:328)
at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
... 28 more
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Thu Aug 16 10:43:17 CEST 2012
at sun.security.x509.CertificateValidity.valid(CertificateValidity.java:256)
at sun.security.x509.X509CertImpl.checkValidity(X509CertImpl.java:570)
at sun.security.provider.certpath.BasicChecker.verifyTimestamp(BasicChecker.java:157)
at sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:109)
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)

For more info, refer following links:
1) http://wiki.alfresco.com/wiki/Alfresco_And_SOLR
2) http://wiki.alfresco.com/wiki/Alfresco_Solr_Demo_Script
3) http://docs.alfresco.com/4.0/topic/com.alfresco.enterprise.doc/tasks/generate-keys-solr.html

No comments:

Post a Comment