Posted by: cmani2010 | September 26, 2005

Installing Sun Java Identity Manager 5.5 in Solaris 10 zones, on Sun application server 8.1 Update 2 and MySQL

For a recent project, I had to prepare a document, which detailed some basic steps to install Sun Java Identity Manager 5.5 in Solaris 10 zones, on Sun application server 8.1 Update 2 and MySQL. After preparing the document, I realized there was nothing proprietary or confidential about this information and this maybe useful for other people.
Disclaimer: Please note, the following instructions are not comprehensive nor meant to replace official sun docs. They are merely to help speed up your work.
For people new to our software stack, Sun Identity Manager is our flagship user provisioning product. This can run on many web containers, but I always prefer to run all our products on Sun app server.

Installation
Instructions





Initial
preparations





Solaris
10 will contain a bundled version of the Sun application server (and
Sun Message Queue). This will need to be removed to prevent potential
conflicts with the new versions of the Sun application server.


Issue
the following command to get the package names of Application server
and Message Queue:





bash#pkginfo
| grep -i "sun java application"


bash#pkginfo
| grep -i "sun java message"





Remove
the packages by using the pkgrm command, a sample is shown below:





bash#
pkgrm SUNWasac SUNWascmn SUNWasdem
<.. more package names>





Note:
Please ONLY remove packages related to the Application server and
Message queue. Before installing zones, please find the directories
where the local zones should be installed. The file system landscape
can be found by issuing the following command:





bash#df
-h





If
we are installing multiple local zones on a server, we will need some
spare IP addresses that can be used during the local zone install.





Creating
a container (local zone) in Solaris 10





Create
a zone configuration file with the required IP address, directory
where the zone will be installed etc. A sample configuration file is
given below:





bash-3.00#
more idm-zone.cfg


create
-b


set
zonepath=/export/home/idm-zone


set
autoboot=false


add
net


set
address=192.168.21.3/24 <please use your own IP address, the 24
refers to the netmask


255.255.255.0
and should remain there>


set
physical=ce0 <use your own setting, can be found using the
ifconfig -a command>


end


add
attr


set
name=comment


set
type=string


set
value="IDM 5.5 running on Sun AS 8.1 Update 2 Sol 10 SPARC and
MySQL"


end


verify


commit





Before
creating the zone, lets call it idm-zone, verify if a
zone of that name already exists:





bash#
zonecfg -z idm-zone info





Use
the following commands to create a local zone, idm-zone:





bash#
zonecfg -z idm-zone -f idm-zone.cfg


bash#
zonecfg -z idm-zone info zonepath


bash#
zoneadm -z idm-zone install





Issue
the following command to boot the zone:





bash#
zoneadm -z idm-zone boot





Simultaneously,
open another terminal window, and login to the Solaris machine and
issue the following command:





new-bash#zlogin
-C idm-zone





Once
the systems boots, in the other window, we will need to give a new
hostname (default is the zone name), NIS (or someother naming type),
name server, root password etc.(this will be like running a separate
server to the outside world).





The
following information is for information purposes only, when you need
to delete a local zone.





bash#
zoneadm -z idm-as81-zone halt


bash#
zoneadm list -cv


bash#
zoneadm -z idm-as81-zone uninstall


bash#zonecfg
-z idm-as81-zone delete


I thank my colleague, Hasham for the Solaris zones gyan (a.k.a Knowledge) !!





Install
the Sun Java System Application Server 8.1 Update 2





We
need to use the latest version of the Sun Application server 8.1
SE/EE, the latest version as of this document creation, is Sun
Application server 8.1 Update2. The Platform edition of the
Application server, can also be used, but it has some reduced
features especially in administration, and hence the Standard Edition
SE was used. Login to the local zone, idm-zone and copy the
application server bits (these bits can be ftp’ed to the local zone
IP address from outside). Unzip the Application server bits and
install the Sun Application 8.1 Update 2 SPARC or x86, please refer
to the application server 8.1 install guide (at


http://docs.sun.com)
for more information.





Issue
the following commands in the local zone, after going to the
application server’s bin directory:





1.
Start the application server domain server


asadmin
start-domain –user admin





2.
Start the node agent


asadmin
start-node-agent –user admin





3.
Login to the app server admin console, like https://<mylocal zone
server name/IP>:<4849 or appserverport>. Create a new server
instance, lets call it idm-server-instance1 and start
the instance.








MySQL
server configuration





The
MySQL server is already installed in Solaris 10. The server will need
to be started and configured for use with Sun Identity Manager.






Start mysql:


/usr/sfw/sbin/mysqld_safe
&






Populate the database


/usr/sfw/bin/mysql_install_db






Test the database
(Optional):


cd
/usr/sfw/mysql/mysql-test; ./mysql-test-run





Sun
Identity Manager 5.5 Installation and Configuration






Unzip the Identity
Manager bits to some directory, say /space/idmbits. Then
issue the following commands to populate the mysql database with
Identity Manager related schema.





cd
/space/idmbits/db_scripts


/usr/sfw/bin/mysql
-u root -p


mysql>source
create_waveset_tables.mysql


mysql>exit






Download the mysql JDBC
driver at http://dev.mysql.com/downloads/connector/j/3.1.html


If
there is a more recent version of the JDBC driver, please use that
version.






Go to /space/idmbits
and start the Identity Manager installer.






Select a directory, for
example /space/idm55, for the installer to copy the
Identity manager bits.






When we reach the stage,
where the setup button needs to be clicked. Copy the mysql JDBC
driver to /space/idm55/WEB-INF/lib directory.






Click setup, select mysql
as the repository, enter license info, and import the


config
file.






To prevent conflicts with
Sun application server jar files, move the cryptix-jce-api*.jar
files in /space/idm55/WEB-INF/lib to some other
file names.






Go to /space/idm55
and create a idm war file using the following command.


jar
cvf idm.war *






Open the app server admin
console and deploy the idm.war app in the server instance
created in the app server (app name is idm and context root is
/idm)






In the app server admin
console, add a JVM property to the server instance,
idm-serverinstance1.


-Dwaveset.home=<the
directory in the app server where the idm


application
got deployed>






In the app server admin
console, Delete/Disable security JVM property in the JVM settings of the server instance,
idm-server-instance1.:


-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy





Note:
This is a hack and is not recommended for production. The proper way
is to edit the server.policy file and grant permission to the Sun
Identity Manager (or waveset) classes. This is documented in the
Identity manager Installation guide, Section 9 (Installing Identity
Manager on Sun Java System Application server 8) and Step 5.





Restart
the app server





Check
if the idm application comes up: http://<app server>:port/idm
and login with the username/password
as
configurator/configurator











There you go, please let me know if there are some gotchas, I will correct them !

Advertisements

Responses

  1. I want to install java runtime on a local zone. To tell few things:
    1. Java is already running on the local zone, can i install more versions of java on the same local. If yes how? i want that to be upgraded here.
    2. when i tried installing from global it started installing on all the local zones that were present, i want to install on a specific local.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Categories