Base Software Installation

From Snix.hk

Contents 1 Basic System Hardware Recommendations 2 Basic System Configuration 2.1 Fedora 9 2.2 Required Packages 2.3 Recommended Packages 2.4 System Tuning Changes 2.5 System Environment Changes 3 Software Installation 3.1 Directory Server Enterprise Edition 6.3 3.1.1 CACAO 3.2 Application Server 9.1 Update 1 3.2.1 Rebuild The Domain 3.2.1.1 Delete the node agent and the node agent config 3.2.1.2 Create the domain 3.2.1.3 Start the domain 3.2.1.4 Create and start the Node Agent 3.2.2 Test App Server 3.3 Access Manager 7.1 3.4 Enable Directory Service Control Centre (DSCC) 3.4.1 Restart Application Server 3.4.2 Start the DSCC registery 3.4.3 Register the Directory Server instance in the DSCC

Basic System Hardware Recommendations

Sun recommends the following for the basic hardware configuration:

• RAM: 4gig
• SWAP: 4gig

Pretty much everything else is up to you. Of course, quick disk (RAID) is very handy! ^^

Basic System Configuration

Fedora 9

It is assumed you're experienced with installing Fedora 9 onto a system. If this is beyond your abilities.. or you struggle with it.... *cough*

Moving on...

Install Fedora 9 x64 with minimal packages. I choose to install and uncheck every package in the GUI installer except OpenSSH server and client, and YUM.

Make sure your HOSTNAME is a FQDN:

hostname
server.example.com

If it's not a FQDN, change the /etc/sysconfig/network file (probably should reboot after this)

Required Packages

After lots of trial and error, the following packages were found to be required in order to be able to run the Sun Java software on Fedora 9 x64.

Install the following packages using this command:

yum -y install which compat-libstdc++-33 compat-libstdc++-296 ntp libXext unzip perl xdpyinfo uuid xinetd ksh ntp tcsh rsync gettext unzip

yum -y install libXtst.i386 libXi.i386 libxml2.i386 nss.i386 zlib.i386 libXext.i386 uuid.i386 e2fsprogs-libs.i386 gettext.i386 compat-libstdc++-33.i386 glibc-2.8-8.i386 pam.i386

Note the .i386 packages are required for compatibility when running Fedora 9 x64

Recommended Packages

I also install the following packages to make life a little bit easier:

• tcsh
• wget
• rsync
• vim-enhanced
• ntp
• sudo

Up to you to add as many or few additional packages for whatever "crutches" you need on Linux! ^^

Install the packages above with:

yum -y install tcsh wget rsync vim-enhanced ntp sudo

If you install vim-enhanced, I usually disable the auto-comment "feature" that is now turned on by default as it's soooo fucking annoying:

echo "au FileType * setlocal comments-=:#" >> /etc/vimrc

System Tuning Changes

Sun recommends the following:

Edit the /etc/sysctl.conf "tuning" file and add:

fs.file-max = 16384
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.core.wmem_max = 8388608
net.core.rmem_max = 8388608
net.ipv4.tcp_rmem = 4096 87380 8388608
net.ipv4.tcp_wmem = 4096 87380 8388608
net.ipv4.ip_local_port_range = 1024 65536
net.ipv4.tcp_fin_timeout = 30

System Environment Changes

In order to be able to run the X11 installer for some of the Sun packages, we need to make a link to the directory that the installer checks for before it will start a X window:

mkdir /usr/X11R6; ln -s /usr/bin /usr/X11R6/bin

Software Installation

Note: This assumes you already have downloaded all the Sun packages to your local system

Directory Server Enterprise Edition 6.3

Ref: Install DSEE 6.3 from Zip

Unpack the ZIP archive into a temporary directory and launch the installer:

mkdir DSEE6.3
cd DSEE6.3
tar zxBf ../DSEE.6.3.Linux-X86-full.tar.gz
cd DSEE_ZIP_Distribution
./dsee_deploy install -i /opt/sun/directory

Wade through the lengthy license agreement... and wait for the install complete.

Next, we need to create a directory for our new LDAP server instance:

mkdir -p /var/opt/sun/directory/

And finally, create the instance in the directory.:

/opt/sun/directory/ds6/bin/dsadm create -p 389 /var/opt/sun/directory/dsins1
Choose the Directory Manager password: thepassword
Confirm the Directory Manager password: thepassword
Use 'dsadm start '/var/opt/sun/directory/dsins1 to start the instance

Go ahead and start the instance up like the create command tells you:

/opt/sun/directory/ds6/bin/dsadm start /var/opt/sun/directory/dsins1

And lastly, create a suffix for this instance:

/opt/sun/directory/ds6/bin/dsconf create-suffix -h server.example.com -p 389 dc=example,dc=com
Certificate "CN=server.example.com, CN=636, CN=Directory Server, O=Sun Microsystems" presented by the server is not trusted.
Type "Y" to accept, "y" to accept just once, "n" to refuse, "d" for more details: Y
Enter "cn=Directory Manager" password: thepassword

Make sure to answer the Certificate question with a CAPITAL Y or you'll be prompted to accept the certificate over again.. That's it. The DSEE 6.3 installation is very straightforward and simple compared to the rest of the installs!

CACAO

TODO: make sure CACAO is running:

/opt/sun/directory/dsee6/cacao_2/cacao/bin/cacaoadm start

Application Server 9.1 Update 1

Set the install package as "executable" and then run it: (make sure to set your X11 'DISPLAY' environment variable or you'll get the text mode installer)

chmod +x sjsas_ee-9_1_01-linux-ml.bin
./sjsas_ee-9_1_01-linux-ml.bin 

You should see a bunch of installer messages pop up:

Checking available disk space...
Checking Java(TM) 2 Runtime Environment...
Extracting Java(TM) 2 Runtime Environment files...
Extracting installation files...
Launching Java(TM) 2 Runtime Environment...
...

And if you're lucky enough to be running a Mac, you'll get a bunch of Java errors: ^^

Locking assertion failure.  Backtrace:
#0 /usr/lib/libxcb-xlib.so.0 [0xdd9b2767]
#1 /usr/lib/libxcb-xlib.so.0(xcb_xlib_unlock+0x31) [0xdd9b2831]
#2 /usr/lib/libX11.so.6(_XReply+0x244) [0xdd9f6f64]
#3 /tmp/sjsasnWLpvW/package/jre/lib/i386/xawt/libmawt.so [0xddaf0d7e]
#4 /tmp/sjsasnWLpvW/package/jre/lib/i386/xawt/libmawt.so [0xddadad47]
#5 /tmp/sjsasnWLpvW/package/jre/lib/i386/xawt/libmawt.so [0xddadaec3]
#6 /tmp/sjsasnWLpvW/package/jre/lib/i386/xawt/libmawt.so(Java_sun_awt_X11GraphicsEnvironment_initDisplay+0x26)...
... etc etc etc ...

Note: The installer runs with no errors when connecting to the Cygwin X11 server under Windows XP

You should see the following installation X11 window pop up:

Accept the license agreement

And choose the installation directory. Place the application server into /opt/sun/appserver:

Let the installer create the directory:

Now uncheck the Sample Applications.. Your should only be installing the Node Agent and Domain Administration Server and Administration Tool:

Install the supplied Java 2 SDK (5.0):

Enter the admin account details and the "master password" - we will end up deleting this instance shortly, so in reality it doesn't matter much what ports you choose here. Just make sure your master password is the one you want:

App Server Admin User: admin
App Server Admin Pass: thepassword
App Server Master Pass: thepassword
App Server Admin Port: 4848
App Server HTTP Port: 80
App Server HTTPs Port: 443

Next, uncheck the Enable Updatecenter Client since we don't need it:

The installer will perform a disk check and finally display a "Install Now" page:

Hit "Install Now" and let the install do it's thing. Once it's done, you'll be invited to register. Choose Skip Registration and hit next.. followed by finish on the next page to end the installation.

Rebuild The Domain

The Appserver forces you to enter a username/password and the master password for *every* startup unless you create the domain with a specific flag to store the credentials for un-prompted startup later. In order to set this up, we need to delete the domain that was created by the installer:

First, set the admin password into a password file:

echo "AS_ADMIN_password=thepassword" > /opt/sun/appserver/passwordfile.txt

Now startup the domain so we can connect to delete components from the domain before we can delete the domain:

/opt/sun/appserver/bin/asadmin start-domain --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt domain1
Starting Domain domain1, please wait.
Log redirected to /opt/sun/appserver/domains/domain1/logs/server.log.
Please enter the master password> thepassword
Redirecting output to /opt/sun/appserver/domains/domain1/logs/server.log
Domain domain1 started.
Domain [domain1] is running [Sun Java System Application Server 9.1_01 (build local)] with its configuration and logs at: [/opt/sun/appserver/domains].
Admin Console is available at [https://localhost:4848].
Use the same port [4848] for "asadmin" commands.
User web applications are available at these URLs:
[http://localhost:80 https://localhost:443 ].
Following web-contexts are available:
[/web1 /__wstx-services ].
Standard JMX Clients (like JConsole) can connect to JMXServiceURL:
[service:jmx:rmi:///jndi/rmi://commsuite.eclipsecapital.com.hk:8686/jmxrmi] for domain management purposes.
Domain listens on at least following ports for connections:
[80 443 4848 3700 3820 3920 8686 ].
Domain supports application server clusters and other standalone instances.

Delete the node agent and the node agent config

Delete the node-agent:

/opt/sun/appserver/bin/asadmin delete-node-agent server.example.com
Command delete-node-agent executed successfully.

Delete the node-agent-config:

/opt/sun/appserver/bin/asadmin delete-node-agent-config --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt server.example.com
Command delete-node-agent-config executed successfully.

Stop the domain:

/opt/sun/appserver/bin/asadmin stop-domain domain1
Domain domain1 stopped.

Delete the domain:

/opt/sun/appserver/bin/asadmin delete-domain domain1
Domain domain1 deleted.

Create the domain

/opt/sun/appserver/bin/asadmin create-domain --adminport=4848 --user=admin --savemasterpassword=true --instanceport=80 --savelogin=true --domainproperties http.ssl.port=443 domain1
Please enter the admin password> thepassword
Please enter the admin password again> thepassword
Please enter the master password [Enter to accept the default]:> thepassword
Please enter the master password again [Enter to accept the default]:> thepassword
Using port 4848 for Admin.
Using port 80 for HTTP Instance.
Using default port 7676 for JMS.
Using default port 3700 for IIOP.
Using port 443 for HTTP_SSL.
Using default port 3820 for IIOP_SSL.
Using default port 3920 for IIOP_MUTUALAUTH.
Using default port 8686 for JMX_ADMIN.
On Unix platform, port numbers below 1024 may require special privileges.
Domain being created with profile:enterprise, as specified by variable AS_ADMIN_PROFILE in configuration file.
Security Store uses: NSS
Domain domain1 created.
Login information relevant to admin user name [admin] for this domain [domain1] stored at [/root/.asadminpass] successfully.
Make sure that this file remains protected. Information stored in this file will be used by asadmin commands to manage this domain.

Start the domain

/opt/sun/appserver/bin/asadmin start-domain --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt domain1
Starting Domain domain1, please wait.
Log redirected to /opt/sun/appserver/domains/domain1/logs/server.log.
Redirecting output to /opt/sun/appserver/domains/domain1/logs/server.log
Domain domain1 started.
Domain [domain1] is running [Sun Java System Application Server 9.1_01 (build local)] with its configuration and logs at: [/opt/sun/appserver/domains].
Admin Console is available at [https://localhost:4848].
Use the same port [4848] for "asadmin" commands.
User web applications are available at these URLs:
[http://localhost:80 https://localhost:443 ].
Following web-contexts are available:
[/web1 /__wstx-services ].
Standard JMX Clients (like JConsole) can connect to JMXServiceURL:
[service:jmx:rmi:///jndi/rmi://commsuite.eclipsecapital.com.hk:8686/jmxrmi] for domain management purposes.
Domain listens on at least following ports for connections:
[80 443 4848 3700 3820 3920 8686 ].
Domain supports application server clusters and other standalone instances.

Create and start the Node Agent

Create a new node-agent-config:

/opt/sun/appserver/bin/asadmin create-node-agent-config --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt server.example.com
Command create-node-agent-config executed successfully.

Create the node-agent:

/opt/sun/appserver/bin/asadmin create-node-agent --savemasterpassword=true --agentport=11162 --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt server.example.com
/opt/sun/appserver/bin/asadmin create-node-agent --savemasterpassword=true --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt server.example.com
Please enter the master password [Enter to accept the default]:> thepassword
Command create-node-agent executed successfully.

Start the new node agent:

/opt/sun/appserver/bin/asadmin start-node-agent --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt server.example.com
Please enter the master password [Enter to accept the default]:> thepassword
Redirecting output to /opt/sun/appserver/nodeagents/commsuite.eclipsecapital.com.hk/agent/logs/server.log
Redirecting application output to /opt/sun/appserver/nodeagents/commsuite.eclipsecapital.com.hk/agent/logs/server.log
Command start-node-agent executed successfully.

Test App Server

You should now be able to connect to the App server using the following URI's:

http://server.example.com:80
(you should get a "Your Application Server is now running" web page)

Admin server:
https://server.example.com:4848/
(try logging in as the admin user)

Access Manager 7.1

Unzip the Identity Suite archive and launch the installer:

unzip java_es-5u1-identsuite-ga-linux-x86.zip
cd java_es-5u1-identsuite/Linux_x86
./installer

Plow through the "welcome" and license agreement pages to get to the component selection screen.

You only need to select the "Access Manager 7.1" and the "Core Services", "Administration Console", "Common Domain Services" and the "SDK" (they should be selected automagically when you select the Access Manager checkbox. The Directory Preparation Tool 6.4 and Directory Server Enterprise Edition 6.2 will also be automagically selected. Uncheck the Directory Server 6.2 and the Directory Perparation Tool 6.4 should automagically uncheck as well. Leave the "Install multilingual.." checkbox check as well.

When the installer barks at you... Select "A compatible web container previously installed on this system"

Install into /opt/sun:

After the installer verifies the system requirements... Choose "Configure Now":

Set the Common Server Settings:

Hostname: server.example.com
DNS domain name: example.com
IP Address: 10.2.42.61
Administrator User ID: admin
Administrator Password: thepassword

Choose "Legacy Mode" for the Installation type. Enter an appropriate admin password and LDAP password. Do not fold/spindle/mutilate the Password Encryption Key:

Administrator Password: thepassword
LDAP User Password: thepassword

Select "Sun Java System Application Server" for the deployment container:

Change the Instance Directory to "/opt/sun/appserver/domains/domain1", and the Document Root to "/opt/sun/appserver/domains/domain1/docroot". Leave the two check boxes at the bottom at the default:

Application Server Admin User: admin
Application Server Admin Pass: thepassword
Application Server Instance Port: 80
Application Server Admin Port: 4848

Specify the web container for the access manager services - make sure your Cookie Domain is correct - if it's not, you will not be able to login later. The installer does not parse 3 part TLD's correctly and will offer the wrong data as default. For example, "myhost.example.co.uk" will be offered as "co.uk" for the cookie domain:

Choose "Deploy new console" for the Access Manager Console:

Setup the directory server information:

Directory Server Host: server.example.com
Directory Server Port: 389
Root Suffix: dc=example,dc=com
Manager DN: cn=Directory Manager
Manager Pass: thepassword

Since this is a brand new directory service, there is no user data yet:

All done with configuration. Hit Install

After the installation is over.. click next and you are returned to the shell where you're prompted with:

In order to notify you of potential updates, we need to confirm an internet connection. Do you want to proceed [Y/N] :

Answer "N" and you're done.

Enable Directory Service Control Centre (DSCC)

Create a new DSCC registry:

/opt/sun/directory/dscc6/bin/dsccsetup ads-create
Choose password for Directory Service Manager: sinoplaza
Confirm password for Directory Service Manager: sinoplaza
Creating DSCC registry...
DSCC Registry has been created successfully

Edit the /opt/sun/appserver/domains/domain1/config/server.policy file to add the following required DSCC permissions:

// Permissions for Directory Service Control Center
grant codeBase "file:${com.sun.aas.instanceRoot}/applications/j2ee-modules/dscc/-"
{
    permission java.security.AllPermission;
};

Now we need to deploy the /opt/sun/directory/var/dscc6/dscc.war file included with the directory server using the Application Server administration web pages. Access the Application Server administration console at

https://server.example.com:4848/

Log in by using the admin username and adminpass password you defined when the Application Server was installed. To deploy application:

• Select Applications then Web Applications from the left-hand menu in the Administration Console.
• Select the Deploy option from the Web Applications menu.
• Select Local packaged file or directory that is accessible from the Application Server.
• Type the full path of the DSCC war file: /opt/sun/directory/var/dscc6/dscc.war or browse to it.
• Click the OK button at the bottom of the page.
• Log out of the Administration Console once the DSCC deployment has completed.

Restart Application Server

(this appears to be optional):

/opt/sun/appserver/bin/asadmin stop-domain domain1
/opt/sun/appserver/bin/asadmin start-domain --user=admin --passwordfile=/opt/sun/appserver/passwordfile.txt domain1

Start the DSCC registery

(it should already be running)

/opt/sun/directory/ds6/bin/dsadm start /opt/sun/directory/var/dscc6/dcc/ads

Register the Directory Server instance in the DSCC

• Login to the DSCC console

http://server.example.com/dscc

• Select the Directory Servers tab.
• Select "Register Existing Directory Server" action from the More Server Actions drop-down menu.
• Type or select the following values:
  • Host: server.example.com
  • Instance Path: /var/opt/sun/directory/dsins1
  • DSCC Agent Port: 11162
  • Description: Put something descriptive here
• Select the Next button to continue.
• In the Provide Authentication Information for the Host step, type the following values:
  • User ID: root
  • Password: root-password

Note: Root access is required for the DSCC to be able to modify the directory service config files.

• Select the Next button to continue.
• In the Review Server Certificate step, select the Next button.
• In the Provide Authentication Information step, type the following values:
  • Administration DN: cn=Directory Manager
  • Password: thepassword
• Select the Next button to continue.
• Click the Finish button to complete the process then close the window once the registration has completed.

You should now see the server commsuite.eclipsecapital.com.hk:389 listed in the Directory Servers listing.

Log out of the DSCC interface.