Difference between revisions of "Enterprise Linux GIS"
Line 326: | Line 326: | ||
Procedure: | Procedure: | ||
+ | * Download spring-ldap and copy it to the WEB-INF/lib directory of GeoServer: | ||
+ | cd /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib | ||
+ | sudo wget http://search.maven.org/remotecontent?filepath=org/springframework/ldap/spring-ldap/1.3.1.RELEASE/spring-ldap-1.3.1.RELEASE-all.jar -O spring-ldap-1.3.1.RELEASE-all.jar | ||
* Extract applicationContextSecurity.xml from the main-jar (in /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib/) | * Extract applicationContextSecurity.xml from the main-jar (in /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib/) | ||
* Copy it to /var/lib/tomcat5/webapps/geoserver/WEB-INF/ | * Copy it to /var/lib/tomcat5/webapps/geoserver/WEB-INF/ | ||
Line 331: | Line 334: | ||
<pre> | <pre> | ||
<beans> | <beans> | ||
− | + | <!-- CUSTOM : LDAP config --> | |
− | + | <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> | |
− | + | <constructor-arg value="ldap://my_ldap_server:389/dc=my_org,dc=org" /> | |
− | + | <!--<property name="managerDn" value="mydomain\myuser" /> <property name="managerPassword" | |
− | + | value="mypasswd" /> --> | |
− | + | </bean> | |
− | + | ||
− | + | <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> | |
− | + | <constructor-arg index="0"> | |
− | + | <value>ou=People</value> | |
− | + | </constructor-arg> | |
− | + | <constructor-arg index="1"> | |
− | + | <value>(uid={0})</value> | |
− | + | </constructor-arg> | |
− | + | <constructor-arg index="2"> | |
− | + | <ref local="contextSource" /> | |
− | + | </constructor-arg> | |
− | + | <property name="searchSubtree"> | |
− | + | <value>false</value> | |
− | + | </property> | |
− | + | </bean> | |
− | + | <bean id="ldapAuthenticationProvider" | |
− | + | class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> | |
− | + | <constructor-arg> | |
− | + | <bean | |
− | + | class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> | |
− | + | <constructor-arg ref="contextSource"/> | |
− | + | <property name="userSearch"> | |
− | + | <ref local="userSearch" /> | |
− | + | </property> | |
− | + | </bean> | |
− | + | </constructor-arg> | |
− | + | <constructor-arg> | |
− | + | <bean | |
− | + | class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> | |
− | + | <constructor-arg> | |
− | + | <ref local="contextSource" /> | |
− | + | </constructor-arg> | |
− | + | <constructor-arg> | |
− | + | <value>ou=Roles</value> | |
− | + | </constructor-arg> | |
− | + | <property name="groupRoleAttribute"> | |
− | + | <value>cn</value> | |
− | + | </property> | |
− | + | <property name="rolePrefix"> | |
− | + | <value>ROLE_</value> | |
− | + | </property> | |
− | + | <property name="convertToUpperCase"> | |
− | + | <value>true</value> | |
− | + | </property> | |
− | + | </bean> | |
− | + | </constructor-arg> | |
− | + | </bean> | |
− | + | ||
+ | <!-- END OF CUSTOM LDAP CONFIGURATION --> | ||
+ | |||
+ | <bean id="filterChainProxy" | ||
+ | class="org.springframework.security.util.FilterChainProxy"> | ||
+ | <property name="filterInvocationDefinitionSource"> | ||
+ | ... | ||
</pre> | </pre> | ||
* Modify the following section | * Modify the following section | ||
<pre> | <pre> | ||
... | ... | ||
− | + | <bean id="authenticationManager" | |
− | + | class="org.springframework.security.providers.ProviderManager"> | |
− | + | <property name="providers"> | |
− | + | <list> | |
− | + | <ref local="ldapAuthenticationProvider" /> | |
+ | <!-- <ref local="daoAuthenticationProvider" /> --> | ||
... | ... | ||
</pre> | </pre> | ||
Line 407: | Line 417: | ||
* Restart Tomcat | * Restart Tomcat | ||
sudo /sbin/service tomcat5 restart | sudo /sbin/service tomcat5 restart | ||
− | |||
− | |||
= Historical Reference = | = Historical Reference = |
Revision as of 08:33, 24 June 2011
This page gathers links and information about running FLOSS GIS software on Enterprise Linux (shortened EL hereafter) and derivatives, that is Red Hat Enterprise Linux (RHEL), CentOS and Scientific Linux.
EL is a popular and robust platform for servers and computing-heavy workstations, and is therefore a good fit for the specific requirements of GIS.
The mailing list el@lists.osgeo.org is used for communication (with an online archive).
Useful repositories for GIS software
- EPEL is an official Fedora project which repackages many Fedora packages which are not part of the standard EL distribution. It contains quite a few GIS packages and base libraries. Note that one of the rules of the packages maintained in EPEL is that they should never require to change the base EL distribution.
- ELGIS repositories try to ensure that the latest stable version of the major FLOSS GIS software are available for Enterprise Linux. They maintain versions of packages which cannot be maintained in EPEL, or that EPEL does not want to keep at the latest stable version. This is where our packaging effort currently takes place, and can be seen as a kind of backport repository. It requires EPEL to be configured as a repository.
Packages Status Summary
Detailed package lists for ELGIS are available here: http://elgis.argeo.org
Packages matrix
Package | Version (stable) | Version (testing) | Repository | Comment |
gdal | 1.7.2 | 1.8.0 | elgis | built against postgresql84, PCRaster support available in testing. Java bindings under development in testing. |
geos | 3.2.2 | elgis | ||
gpsbabel | 1.3.3 | epel | ||
grass | 6.4.0 | 6.4.1 | elgis | no NVIZ and digitizer in the wxPython UI (has been removed from upstream, use -tcltk UI; scheduled for 6.4.2) |
libspatialite | 2.4.0 RC4 | elgis-plus | ||
mapnik | 0.7.1 | elgis-plus | requires to update the boost library | |
mapserver | 5.6.5 | 5.6.6 | elgis | in testing: xml map files, php-mapserver-proj, transparent PNG, FriBidi, main executable moved from /usr/sbin to /usr/libexec |
mapserver6 | 6.0.0rc2 | elgis | main executable moved from /usr/sbin to /usr/libexec | |
mod_geocache | 0.3.1 | elgis | ||
osm2pgsql | 0.1.20100821svn | elgis | built against postgresql84 | |
pgrouting | 1.03 | 1.05 | elgis | built against postgresql84, with TSP support |
postgis | 1.5.2 | elgis | built against postgresql84 | |
proj | 4.7.0 | elgis | ||
qgis | 1.5.0 | 1.6.0 | elgis-plus | based on EPEL's python26, requires to update qt4 |
tinyows | 0.9.0 | elgis |
Formats supported by GDAL
As of gdal-1.8.0-4:
LIBZ support: external LIBLZMA support: no GRASS support: no CFITSIO support: external PCRaster support: internal NetCDF support: yes LIBPNG support: external LIBTIFF support: external (BigTIFF=no) LIBGEOTIFF support: external LIBJPEG support: external 8/12 bit JPEG TIFF: no LIBGIF support: external OGDI support: yes HDF4 support: yes HDF5 support: yes Kakadu support: no JasPer support: yes (GeoJP2=no) OpenJPEG support: no ECW support: no MrSID support: no MrSID/MG4 Lidar support: no MSG support: no GRIB support: yes EPSILON support: no cURL support (wms/wcs/...):yes PostgreSQL support: yes MySQL support: yes Ingres support: no Xerces-C support: yes NAS support: yes Expat support: yes Google libkml support: no ODBC support: yes PGeo support: yes PCIDSK support: internal OCI support: no GEORASTER support: no SDE support: no Rasdaman support: no DODS support: yes SQLite support: yes SpatiaLite support: yes DWGdirect support no INFORMIX DataBlade support:no GEOS support: yes VFK support: yes Poppler support: no OpenCL support: no
./configure --build=x86_64-redhat-linux-gnu --host=x86_64-redhat-linux-gnu --target=x86_64-redhat-linux-gnu --program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share --includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec --localstatedir=/var --sharedstatedir=/usr/com --mandir=/usr/share/man --infodir=/usr/share/info --prefix=/usr --includedir=/usr/include/gdal/ --datadir=/usr/share/gdal/ --with-threads=yes --with-dods-root=/usr/lib64 --with-ogdi --with-cfitsio=/usr --with-geotiff=external --with-tiff=external --with-libtiff=external --with-libz --with-netcdf --with-hdf4 --with-hdf5 --with-geos --with-jasper --with-png --with-gif --with-jpeg --with-odbc --with-sqlite --with-mysql --with-curl --with-python --with-perl --with-pcraster --with-ruby --with-java --with-xerces --with-xerces-lib=-lxerces-c --with-xerces-inc=/usr/include --with-jpeg12=no --enable-shared --with-gdal-ver=1.8.0 --with-spatialite=yes
If you want to contribute packages to the ELGIS repo
- Especially for new packages, please try to build them in mock first (the one from CentOS, not from EPEL!), so that all build dependencies are in the spec file. You can find some mock config files here. Don't hesitate to ask on the mailing-list if you need support for your first mock builds: this is much easier than it seems, and very clean
- For existing packages, please always start from the spec files maintained in subversion, so that previous changes are integrated: https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis/ <package>/SPECS/*.spec (or https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis-plus/ ...)
Then send you spec file to the mailing-list or give download access to an SRPM.
Collaboration with Fedora and EPEL
The following principles clarify the collaboration with the Fedora and EPEL projects and which packages are supposed to be maintained in the ELGIS repository:
- in general, Fedora packages are the upstream source for Enterprise Linux packages (be they in the EPEL or ELGIS repos)
- the ELGIS repos depends on the EPEL repo, they complement it and sometimes override it
- for EL 5, the GIS packages in EPEL will most probably not be updated, so the mission of the ELGIS repos is to provide up to date packages until there is no more interest for them (as will be discussed on a case by case basis on the ELGIS list)
- for EL 6, the GIS packages will mostly be provided by EPEL. Later on in the life cycle of the platform, if EPEL doesn't want to keep the packages up to date, the ELGIS repos may take over as it did for EL 5
- packages that cannot be in EPEL (typically because they require to update the base platform) can be maintained in the ELGIS Plus repo (it is expected that there will be very few of them at the beginning of the EL6 life cycle)
- our goal is not primarily to provide packages but also to serve as a knowledge base for FLOSS GIS software usage on Enterprise Linux. Therefore EL specific questions related to GIS packages from EPEL are welcome on the ELGIS list and information about them will be documented in the other resources provided by the OSGeo foundation (wiki, trac, etc.)
How To
How to enable the ELGIS repository
- enable the EPEL repository (see https://fedoraproject.org/wiki/EPEL/FAQ#howtouse)
- execute
sudo rpm -Uvh http://elgis.argeo.org/repos/5/elgis-release-5-5_0.noarch.rpm
- if you want to install QGIS, edit the /etc/yum.repos.d/elgis.repo file and enable the 'elgis-plus'. WARNING: this updates the base distribution
How to hack and locally build the ELGIS packages
For the time being, the ELGIS packages (that is, those not maintained by EPEL) are versioned by and distributed through argeo.org.
You can see the currently versioned packages here:
- Testing
- Stable
Note: simply accept the self-signed certificate
You can checkout all the packages:
svn co https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild rpms
Or one by one, for example:
svn co https://projects.argeo.org/elgis/svn/factory/trunk/rpmbuild/elgis/gdal gdal
Each package directory follows the directory structure expected by rpmbuild (see how to set an rpmbuild environment).
We version only the spec files (under <package name>/SPECS/<package name>.spec) and the patches or some light sources (under <package name>/SOURCES). The source packages of the underlying libraries needs to be downloaded in the SOURCES directory.
Please send patches to the spec files to the el@lists.osgeo.org mailing-list.
In order to actually build, you can then configure %_topdir in your ~/.rpmmacros file to point to where you checked out a package, for example:
%_topdir %(echo $HOME)/dev/rpmbuild %rhel 5 %packager Mathieu Baudier <mbaudier@argeo.org> %dist .el5.elgis
A more persistent alternative is to have the two following files in each package directory:
- <package directory>/rpmrc
include: /usr/lib/rpm/rpmrc macrofiles: /usr/lib/rpm/macros:/usr/lib/rpm/ia32e-linux/macros:/usr/lib/rpm/redhat/macros:/etc/rpm/macros.*:/etc/rpm/macros:/etc/rpm/ia32e-linux/macros:~/.rpmmacros:<package directory>/rpmmacros
(note the ':<package directory>/rpmmacros' appended at the end of the macrofiles line)
- <package directory>/rpmmacros
%_topdir <package directory> %rhel 5 %packager Mathieu Baudier <mbaudier@argeo.org> %dist .el5.argeo
And then call rpmbuild as follow
cd <package directory> rpmbuild --rcfile=rpmrc -ba SPECS/<package name>.spec
These two files are registered in svn:ignore and can typically be automatically generated by scripts or a build framework.
How to deploy GeoServer 2.1 on Tomcat 5 (standard packages)
This how-to goes through the various steps required to have GeoServer 2.1 running as a Java web application inside the standard Tomcat 5 container. It has been tested with CentOS 5.6 x86_64.
Basic install (with base OpenJdk)
- Install the required packages
sudo yum install java-1.6.0-openjdk-devel tomcat5
- (optional) Install tomcat-native frop EPEL
sudo yum install tomcat-native
- Download GeoServer
cd ~/Downloads wget http://sourceforge.net/projects/geoserver/files/GeoServer/2.1.1/geoserver-2.1.1-war.zip/download?use_mirror=ignum
- (optional) Stop Tomcat
sudo /sbin/service tomcat5 stop
- (optional) Backup previous data dir
sudo tar -czf /srv/backups/geoserver/geoserver-data-110624.tar.gz /var/lib/geoserver/data
- (optional) Backup up previous install
sudo mv /var/lib/tomcat5/webapps/geoserver* /srv/backups/geoserver/2.0.2/
- Unpack to Tomcat webapps
cd /var/lib/tomcat5/webapps/ sudo unzip ~/Downloads/geoserver-2.1.1-war.zip geoserver.war
- Create a separate data directory
sudo mkdir -p /var/lib/geoserver cd /var/lib/geoserver sudo jar -xvf /var/lib/tomcat5/webapps/geoserver.war data sudo chown -R tomcat.tomcat /var/lib/geoserver
- Update /etc/tomcat/tomcat5.conf to add the recommended Java settings and to point to the data directory. You can increase/decrease the maximum memory allocated to Java with the -Xmx flag (-Xms is the initial allocation):
# Geoserver recommended # http://docs.geoserver.org/stable/en/user/production/container.html JAVA_OPTS="-showversion -server -Xmx512m -Xms64m -XX:SoftRefLRUPolicyMSPerMB=36000 -XX:MaxPermSize=128m -XX:+UseParallelGC" JAVA_OPTS="$JAVA_OPTS -DGEOSERVER_DATA_DIR=/var/lib/geoserver/data"
- Add an AJP proxy in the Apache configuration (e.g. in /etc/httpd/conf.d/geoserver.conf)
<Location /geoserver/> ProxyPass ajp://localhost:8009/geoserver/ # Uncomment to forbid non ssl access #RequireSSL </Location>
- (optional) If using SELinux, allow the proxying by setting the appropriate boolean
setsebool -P httpd_can_network_connect=1
- Start Tomcat
sudo /sbin/service tomcat5 start
- (optional) You can tail Tomcat logs to make sure that it is starting properly
tail -500f /var/log/tomcat5/catalina.out
- Restart Apache
sudo /sbin/service httpd restart
- Visit http://yourhost.org/geoserver/
- Log in as admin (default password is 'geoserver')
With Sun/Oracle JRE and JAI native (recommended by GeoServer)
GeoServer documentation recommends to use a Sun/Oracle JRE with the JAI and JAI-ImageIO native extensions. There was an obvious performaince gain inthe tile generation by doing so
- Download in install Sun/Oracle JDK in /opt (a JRE should be enough)
- Hack the /usr/bin/dtomcat5 script to add an explicit reference to Sun/Oracle JDK at the beginning (did not find any better way neither through /etc/tomcat5/tomcat5.conf nor /etc/init.d/tomcat5 nor the alternatives system, ideas welcome...)
... JAVA_HOME=/opt/jdk1.6.0_21 ...
- Go into the Sun JDK directory:
cd /opt/jdk1.6.0_21
- Dowload and install JAI from https://jai.dev.java.net/binary-builds.html:
sudo sh ~/Downloads/jai-1_1_3-lib-linux-amd64-jdk.bin
- Dowload JAI-ImageIO from https://jai-imageio.dev.java.net/binary-builds.html.
- Note: On x86_64 the archive of JAI-ImageIO to download as of 1.1 is corrupted, fix it with the command below and run the fixed archive (thanks to http://jgrasstechtips.blogspot.com/2009/07/jai-tail-cannot-open-215-for-reading-no.html for the tip)
sed s/+215/-n+215/ jai_imageio-1_1-lib-linux-amd64-jdk.bin > jai_imageio-1_1-lib-linux-amd64-jdk-fixed.bin
- Install JAI-ImageIO
sudo sh ~/Downloads/jai_imageio-1_1-lib-linux-amd64-jdk-fixed.bin
- Restart Tomcat
sudo /sbin/service tomcat5 restart
- Visit your GeoServer status page in order to make sure that native JAI is taken into account
LDAP Authentication (experimental)
This will allow you to have you user referential in LDAP (tested with base CentOS 5 openldap-servers). Your users need to be inetOrgPerson under ou=People,dc=my_org,dc=org Your GeoServer administrators need to belong to the cn=administrator,ou=Roles,dc=my_org,dc=org role:
dn: cn=administrator,ou=Roles,dc=my_org,dc=org objectClass: top objectClass: groupOfNames cn: administrator member: uid=mbaudier,ou=People,dc=my_org,dc=org
Other roles can be defined similarly under ou=Roles,dc=argeo,dc=org, and should be added mnaually when defining rules in GeoServer. You can of course adapt the following configuration with your specific LDAP settings.
Caveats:
- the list of users won't be properly displayed in GeoServer.
- as usual with autentication via HTTP make sure that users are using SSL (https://) when they authenticate, otherwise their credentials will be sent in clear. If you want to mix public with private data and stay compatible with client which don't support HTTPS, this is not necessarily easy.
Procedure:
- Download spring-ldap and copy it to the WEB-INF/lib directory of GeoServer:
cd /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib sudo wget http://search.maven.org/remotecontent?filepath=org/springframework/ldap/spring-ldap/1.3.1.RELEASE/spring-ldap-1.3.1.RELEASE-all.jar -O spring-ldap-1.3.1.RELEASE-all.jar
- Extract applicationContextSecurity.xml from the main-jar (in /var/lib/tomcat5/webapps/geoserver/WEB-INF/lib/)
- Copy it to /var/lib/tomcat5/webapps/geoserver/WEB-INF/
- Add the following at the beginning of the applicationContextSecurity.xml file (after the <beans> tag)
<beans> <!-- CUSTOM : LDAP config --> <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://my_ldap_server:389/dc=my_org,dc=org" /> <!--<property name="managerDn" value="mydomain\myuser" /> <property name="managerPassword" value="mypasswd" /> --> </bean> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value>ou=People</value> </constructor-arg> <constructor-arg index="1"> <value>(uid={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="contextSource" /> </constructor-arg> <property name="searchSubtree"> <value>false</value> </property> </bean> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg ref="contextSource"/> <property name="userSearch"> <ref local="userSearch" /> </property> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg> <ref local="contextSource" /> </constructor-arg> <constructor-arg> <value>ou=Roles</value> </constructor-arg> <property name="groupRoleAttribute"> <value>cn</value> </property> <property name="rolePrefix"> <value>ROLE_</value> </property> <property name="convertToUpperCase"> <value>true</value> </property> </bean> </constructor-arg> </bean> <!-- END OF CUSTOM LDAP CONFIGURATION --> <bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy"> <property name="filterInvocationDefinitionSource"> ...
- Modify the following section
... <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider" /> <!-- <ref local="daoAuthenticationProvider" /> --> ...
- Modify /var/lib/tomcat5/webapps/geoserver/WEB-INF/web.xml to use WEB-INF/applicationSecurityContext.xml instead of classpath*:/applicationSecurityContext.xml
... <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/applicationContext.xml WEB-INF/applicationSecurityContext.xml</param-value> </context-param> ...
- Restart Tomcat
sudo /sbin/service tomcat5 restart
Historical Reference
- December 2010 - Collaboration with Fedora and EPEL: http://lists.osgeo.org/pipermail/el/2010-December/000338.html
- August 2010 - Announcement of the ELGIS repositories: http://lists.osgeo.org/pipermail/el/2010-August/000018.html
- May/June 2010 - Original mails suggesting to coordinate EL GIS through OSGeo and describing the rationale and the approach
- On the Live GIS CD mailing-list: http://lists.osgeo.org/pipermail/live-demo/2010-May/001724.html
- On the Discuss mailing list: http://lists.osgeo.org/pipermail/discuss/2010-June/007231.html