Once the Tomcat server has been successfully built, configured, and tested on the master build server (casdev-master) as described in the previous sections, the installation can be copied to the CAS servers (casdev-srv01, casdev-srv02, and casdev-srv03). It is not necessary (or desirable) to install Tomcat on casdev-casapp or casdev-samlsp.

Create a distribution tar file

To distribute all relevant files in the Tomcat installation to the CAS servers, we will assemble them all into a single tar archive that can be copied to each server and extracted. First, run the commands

casdev-master# systemctl stop tomcat
casdev-master# cd /opt/tomcat/latest
casdev-master# rm -rf logs/* work/*

to shut down the Tomcat server and remove files that don’t need to be included in the archive. Then run the commands

casdev-master# cd /
casdev-master# tar czf /tmp/tomcat-files.tgz etc/tomcat opt/apr opt/openssl opt/tomcat var/cache/tomcat var/lib/tomcat var/cache/tomcat etc/firewalld/services/tomcat-https.xml etc/systemd/system/tomcat.service

to create the tar archive in /tmp/tomcat-files.tgz.

Create an installation shell script

In addition to extracting the tar archive on each CAS server, commands must be executed to create the tomcat user and group, reset the correct user and group ownership of the installation, open firewall ports, and start the Tomcat service. To make it easier to run these commands on each server, they can be collected into a shell script (called, for example, /opt/scripts/tomcat-install.sh) like this:

#!/bin/sh

echo "--- Installing on `hostname`"

if [ -f /tmp/tomcat-files.tgz ]
then
    cd /
    tar xzf /tmp/tomcat-files.tgz

    groupadd -r tomcat
    useradd -r -d /opt/tomcat -g tomcat -s /sbin/nologin tomcat

    for dir in . conf webapps
    do
        cd /opt/tomcat/latest/$dir
        chown -R root.tomcat .
    done

    for dir in logs temp work
    do
        cd /opt/tomcat/latest/$dir
        chown -R tomcat.tomcat .
    done

    restorecon /etc/firewalld/services/tomcat-https.xml
    firewall-cmd --zone=public --add-service=tomcat-https --permanent
    firewall-cmd --reload

    restorecon /etc/systemd/system/tomcat.service
    systemctl enable tomcat.service
    systemctl start tomcat

    rm -f /tmp/tomcat-files.tgz /tmp/tomcat-install.sh
    echo "Installation complete."
else
    echo "Cannot find /tmp/tomcat-files.tgz; nothing installed."
fi

exit 0

This script will extract the contents of the tar archive to the right places and then run all the necessary commands to finish the installation and start Tomcat.

Copy files to each server and run the installation script

To complete the setup of each CAS server, the tar archive and installation shell script need to be copied to each server, and the installation script executed. This can be done manually, or with a shell loop as shown below:

casdev-master# for host in srv01 srv02 srv03
> do
> scp -p /tmp/tomcat-files.tgz casdev-${host}:/tmp/tomcat-files.tgz
> scp -p /opt/scripts/tomcat-install.sh casdev-${host}:/tmp/tomcat-install.sh
> ssh casdev-${host} sh /tmp/tomcat-install.sh
> done
casdev-master#  

Test Tomcat on each server

Open up a web browser and enter the URL of Tomcat’s TLS port on each CAS server:

https://casdev-srv01.newschool.edu:8443
https://casdev-srv02.newschool.edu:8443
https://casdev-srv03.newschool.edu:8443

As in the previous test, expect the browser to complain about the TLS/SSL certificate because the host name of the server does not match the name in the certificate. Verify that the Tomcat “success” page appears on each server, just as it did for the development server.