CMDBuild 3.1 Installation

CMDBuild is an awesome tool to keep track of your assets. Tecnoteca also have a preconfigured version which adheres to the ITIL specification called READY2USE, but this only covers CMDBuild, where you can set up your own assets and relations.

This manual is for Debian 9, but CMDBuild works on other distributions as well.

Preparing

  1. Install Debian 9
  2. Install required packages
sudo apt install sudo vim unzip screen tomcat8 tomcat8-admin postgresql postgresql-9.6-postgis-scripts openjdk-8-jre

PostgreSQL setup

Set a password for user postgres.

sudo su postgres
psql
alter user postgres with password 'yourpassword';

Test logon.

psql -U postgres -W -h 127.0.0.1

Tomcat setup with certificates

Increase memory for Tomcat by editing /usr/share/tomcat8/bin/setenv.sh

export CATALINA_OPTS="$CATALINA_OPTS -Xms128m"
export CATALINA_OPTS="$CATALINA_OPTS -Xmx768m"
export CATALINA_OPTS="-server"

Enable access to Manager GUI and Admin GUI in Tomcat by editing /etc/tomcat8/tomcat-users.xml. Set your own password, obviously.

<role rolename="manager-gui"/>
<user username="admin" password="yourpassword" roles="manager-gui,admin-gui"/>

Restart Tomcat with sudo systemctl restart tomcat8.service. Manager GUI should be available at http://hostname:8080/manager/html. Replace with your hostname, obviously.

Download the CMDBuild WAR-file and copy this as cmdbuild.war to /var/lib/tomcat8/webapps. This should extract CMDBuild in this folder if Tomcat is started.

OPTIONAL: Generate a certificate for the server/website and copy it to /etc/ssl/private/. Generating a certificate is not covered here. We use Active Directory, so I also had to install the CA certificate from Active Directory:

sudo mkdir /usr/local/share/ca-certificates/extra
cp /tmp/Domain-RootCA.crt /usr/local/share/ca-certificates/extra
sudo update-ca-certificates

OPTIONAL: Change the connector in /var/lib/tomcat8/conf/server.xml to use port 80 and 443.

<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000"
      URIENcoding="UTF-8" enableLookups="false" redirectPort="443" />
<Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol"
      maxThreads="200" SSLEnabled="true" scheme="https" secure="true"
      keystoreFile="/etc/ssl/private/yourcertificate.pfx"
      keystorePass="<se keepass>" clientAuth="false" sslProtocol="TLSv1.2"
      sslEnabledProtocols="TLSv1.2">
</Connector>

Then you can set up redirect to HTTPS in /var/lib/tomcat8/conf/web.xml.

(...)

  <security-constraint>
   <web-resource-collection>
    <web-resource-name>Redirect to HTTPS</web-resource-name> <url-pattern>/*</url-pattern>
  </web-resource-collection> <user-data-constraint>
    <transport-guarantee>CONFIDENTIAL</transport-guarantee>
  </user-data-constraint>
 </security-constraint>

</web-app>

You have to enable Tomcat to use portnumbers below 1024. First set AUTHBIND=yes in /etc/default/tomcat8. Then run these commands.

sudo touch /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chown tomcat8 /etc/authbind/byport/80
sudo chown tomcat8 /etc/authbind/byport/443
sudo chmod 500 /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/443

Reboot the server. CMDBuild and Manager GUI should now be available at https://hostname/cmdbuild and https://hostname/manager/html.

Alfresco setup

This is optional. If you don’t need attachements in CMDBuild, your can skip this part.

Create a database for Alfresco.

create database alfresco;
grant all privileges on database alfresco to alfresco;

Create a Linux user for alfresco.

adduser alfresco

Download Alfresco Community Edition and run the installer.

$ ./alfresco-community-installer-201707-linux-x64.bin --mode text
Language Selection Please select the installation language 
[1] English - English 
[2] French - Français 
[3] Spanish - Español 
[4] Italian - Italiano 
[5] German - Deutsch 
[6] Japanese - 日本語 
[7] Dutch - Nederlands 
[8] Russian - Русский 
[9] Simplified Chinese - 简体中文 
[10] Norwegian - Norsk bokmål 
[11] Brazilian Portuguese - Português Brasileiro 

Please choose an option [1] :

----------
Welcome to the Alfresco Community Setup Wizard.

----------
Installation Type 
[1] Easy - Install using the default configuration. 
[2] Advanced - Configure server ports and service properties.: 

Choose optional components to install. Please choose an option [1] : 2

----------
Select the components you want to install; clear the components you do not want to install. Click Next when you are ready to continue. 
Java [Y/n] : 
PostgreSQL [Y/n] :n 
LibreOffice [Y/n] : 
Alfresco Community : Y (Cannot be edited) 
Solr1 [y/N] : 
Solr4 [Y/n] : 
Alfresco Office Services [Y/n] :n 
Web Quick Start [y/N] : 
Google Docs Integration [Y/n] :n 

Is the selection above correct? [Y/n]: Y

----------
Installation Folder Choose a folder to install Alfresco Community. 
Select a folder: [/home/alfresco/alfresco-community]:

----------
Database Configuration
JDBC URL: [jdbc:postgresql://localhost/alfresco]: jdbc:postgresql://localhost:5432/alfresco 
JDBC Driver: [org.postgresql.Driver]: 
Database name: [alfresco]: 
Username: []: alfresco 
Password: : yourpassword
Verify: : yourpassword

----------
Tomcat Port Configuration Enter your Tomcat configuration parameters.
Web Server Domain: [127.0.0.1]: 
Tomcat Server Port: [8080]: 8081 
Tomcat Shutdown Port: [8005]: 8006 
Tomcat SSL Port: [8443]: 8444 
Tomcat AJP Port: [8009]: 8010

----------
LibreOffice Server Port Enter the port that the LibreOffice Server will listen to.
LibreOffice Server Port: [8100]:

----------
FTP Port Choose a port number for the integrated FTP server.
Port: [2121]:

----------
Admin Password Specify a password for the Alfresco Content Services administrator account.
Admin Password: : 
Repeat Password: :

----------
Setup is now ready to begin installing Alfresco Community on your computer.
Do you want to continue? [Y/n]: Y

----------
Please wait while Setup installs Alfresco Community on your computer.

 . Installing
 0% __ 50% __ 100% #########################################

Warning: Problem creating uninstaller. Installation may have not completed correctly.
Press [Enter] to continue:

----------
Setup has finished installing Alfresco Community on your computer.
View Readme File [Y/n]: n 
Launch Alfresco Community [Y/n]: 
Using CATALINA_BASE:   /home/alfresco/alfresco-community/tomcat 
Using CATALINA_HOME:   /home/alfresco/alfresco-community/tomcat 
Using CATALINA_TMPDIR: /home/alfresco/alfresco-community/tomcat/temp 
Using JRE_HOME:        /home/alfresco/alfresco-community/java 
Using CLASSPATH:       /home/alfresco/alfresco-community/tomcat/bin/bootstrap.jar:/home/alfresco/alfresco-community/tomcat/bin/tomcat-juli.jar 
Using CATALINA_PID:    /home/alfresco/alfresco-community/tomcat/temp/catalina.pid 
Tomcat started. 

/home/alfresco/alfresco-community/tomcat/scripts/ctl.sh : tomcat started 

You need to set up certificate for Alfresco also. Make sure the alfresco user has read permissions to the certificate. The easiest way is probably to add alfresco to the group ssl-cert and make sure that group has permissions.

$ ls -l /etc/ssl/private/
total 12
-rwxr-x--- 1 root ssl-cert 5953 Sep 13 11:47 yourcertificate.pfx
-rw-r----- 1 root ssl-cert 1704 Jun  7 13:34 ssl-cert-snakeoil.key
$ 

Now change connector settings to use this certificate.

<Connector port="8444" URIEncoding="UTF-8" protocol="org.apache.coyote.http11.Http11Protocol" SSLEnabled="true"
            maxThreads="150" scheme="https" keystoreFile="/etc/ssl/private/yourcertificate.pfx" keystorePass="yourpassword"
            secure="true" connectionTimeout="240000"
            clientAuth="false" sslProtocol="TLSv1.2" sslEnableProtocols="TLSv1.2" maxHttpHeaderSize="32768" maxSavePostSize="-1" />

NOTE: I get some SOLR certificate errors in catalina.out, but I haven’t found out how to fix it yet. I will update this post when I have a complete solution for Alfresco setup. You also have to create a share in Alfresco and configure that i CMDBuild. None of that is covered here yet.

LDAP/Active Directory setup

NOTE: It might be better to use this approach: https://forum.cmdbuild.org/t/ldap-cmdbuild-3-1/3415

Use restws to set up logins from Active Directory (this is stored in the _SystemConfig table).

cd /var/lib/tomcat8/webapps/cmdbuild/
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.basedn "dc=example,dc=com" -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.use.ssl false -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.server.port  389 -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.search.filter "(&(ObjectClass=person)(memberOf:1.2.840.113556.1.4.1941:=cn=CMDBuild-Users,ou=Groups,ou=HR,ou=Customers,dc=example,dc=com))" -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.bind.attribute sAMAccountName -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.server.address dc.example.com -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.search.auth.method simple -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.search.auth.password <adpassword> -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.ldap.search.auth.principal "cn=service-cmdbuild,ou=Service Users,dc=example,dc=com" -username admin -password <password>
./cmdbuild.sh restws setconfig org.cmdbuild.auth.methods "LdapAuthenticator,DBAuthenticator" -username admin -password <password>

Replace the passwords and paths in Active Directory accordingly.

Restart Tomcat

sudo systemctl restart tomcat8.service

You should now be able to set up AD-users in CMDBuild. NOTE: You have to create the users in CMDBuild first with the same username as in Active Directory and set a fallback password.

Other settings

You might want to turn on Tecnoteca River (workflow engine) in CMDBuild Administrator.

GitLab

Hvis du driver utvikling med Git som versjonshåndteringssystem og er redd for å eksponere koden på nettet, så er GitLab et alternativ. GitLab fungerer omtrent som Github, hvor du får en sentral løsning å laste opp Git-prosjektene dine og et webgrensesnitt med massevis av funksjonalitet.

Webgrensesnittet har blant annet:

  1. Merge requests, forks og det meste annet man kan forvente i et Git prosjekt
  2. Innebygget issue tracker
  3. Code snippets, som gjør det enklere å gjenbruke kode
  4. Aktivitetsstrøm med oversikt over alle endringer
  5. Filoversikt med syntax highlighting og diffs
  6. Wiki
  7. Active Directory og LDAP integrasjon
  8. Integrasjon med Github, JIRA, Twitter og mye annet

Det beste er at det er veldig fort gjort å installere. Jeg brukte bare en halvtime på å sette opp en test (inkludert installasjon av Debian på VMWare) ved hjelp av denne veiledningen på Linux.com.