Skip to content

Getting Identity Manager 5.0 running in a Solaris 10 Container + App Server 8.1

January 26, 2005

Yesterday I installed Identity Manager (formely Waveset) into a Solaris 10 Container running App server 8.1 (from the soon to be released JES 2005Q1).

Here are some notes for those that might want to repeat the process.

First we need to bring up a zone to run IDM in. The JES installer requires a “non sparse” zone install (in other words, it should not inherit any packages or directories from the global zone). Here is my zone configuration (modify as required for your environment, and create the zone with zonecfg):

# zonecfg -z jes export
create -b
set zonepath=/export/home/zones/jes
set autoboot=true
add fs
set dir=/export/home/download
set special=/export/home/download
set type=lofs
end
add net
set address=129.155.57.233
set physical=bge0
end
add attr
set name=comment
set type=string
set value="JES 3 zone set up by warren"
end

This is a fairly vanilla zone install. One directory (/export/home/download) is shared with the global zone, but everything else is unique to the zone. Kinda nice to be able to install software in an isolated environment without having to worry about screwing up something else on the system!

When you first log in to the zone (via zlogin -z jes), you are prompted for the usual initial configuration (e.g. root password, terminal type, naming service etc.). I’ll skip this part since it is fairly easy.

Step 2 is to get a database running for the IDM account index. IDM supports mySQL 4.0.x, and this also happens to be included with the Solaris 10 distribution (look in /usr/sfw).

I opted to run mySQL under it’s own account which I created with the following commands:

groupadd mysql
mkdir /export/home/mysql
useradd -s /usr/bin/bash -g mysql -d /export/home/mysql mysql
chown mysql ~mysql
chown mysql /var/mysql/
cat << HERE  >~mysql/.profile
export PATH=$PATH:/usr/sfw/bin:/usr/sfw/sbin
HERE

I start MySQL by su’ing to the mysql account and running the following command:

/usr/sfw/sbin/mysqld_safe &

MySQL needs to be initialized (once only) with the following command:

# Create the db
/usr/sfw/bin/mysql_install_db

You can (optionally) set the root password:

mysqladmin -u root -p password
New Password:XXXXX

Next step is to create the database schema for IDM. In your IDM installation media you can find scripts for all of the supported databases. For mySQL, I used the following:

cd <IDM-INSTALL>/db_scripts
mysql -u root -p
Password: XXXXX
source create_waveset_tables.mysql
exit

Having fun yet? Now we install the App Server. I wont go into a lot of details on this – as I pretty much just ran the JES installer GUI, and selected the Application Server (and associated dependencies). I created the following .bashrc to make it easy to start and stop the app server:

export TERM=xterm
export AS_ADMIN_USER=admin
export AS_ADMIN_PASSWORD=XXXXXXX
export PATH=/opt/SUNWappserver/sbin:$PATH:/usr/sfw/bin:/usr/sfw/sbin
export MANPATH=/usr/man:/usr/sfw/man

Now we start the App Server administration instance:

# asadmin start-domain
Starting Domain domain1, please wait.
Log redirected to /var/opt/SUNWappserver/domains/domain1/logs/server.log.
WARNING: The --password option is insecure and should not be used since it can compromise your password.  Please use either the command prompt or the --passwordfile option.

You can now log on to the (very sweet…) App Server admin gui (the default port is 4849) https://server:4849/.

You have the option of running a web app in the same container as the admin instance itself (default listeners at 8080/8081). This is NOT recommended for production (you should create a standalone instance or a cluster) – but for development it is very nice as it supports exploded war file installs. This allows you make changes in the web application directory which can be dynamucally redployed by the App Server.

The IDM installer will unpack the distributed war file to the specified directory (/export/home/idm in my case). After prompting for the license key information, it will ask you if you want to run setup. Before you say yes, go and grab the mySQL JDBC driver. Unpack the driver distribution and put the driver in your WEB-INF/lib directory (/export/home/idm/WEB-INF/lib, for example).

Now you are ready to complete the IDM installation. Choose mySQL as the repository. The installer will ask you to import a default configuration file – which you will want to do. If all goes well the initial objects and sample data will be imported in to the mysql database

Now back to the app server console. From the Home->Common Tasks tab, choose “deploy Web application”. You will want to choose the second option “Specify a package file or a directory path that must be accessible from the server.” In our example, specify the path /export/home/idm. For reasons previously mentioned, you can only deploy the exploded war to the default server-config instance. Once you have deployed, you should be able to bring up the /idm context with your browser.

Two Caveats:

  1. I found it necessary to remove the policy manager setting (look under the instance JVM settings in the console):
    # Remove this
    -Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy
    

    [Note that you could also make the appropriate changes in server.policy – but I’m lazy :-)]

  2. You will probably find you get a JCE error when you first bring up the application. This is because the cryptix jars in the idm/WEB-INF/lib directory conflict with the JCE implementation provided by the App Servers JDK. The solution to this is to remove the cryptix jars, and redeploy the application. Because we installed with an exploded war file, you can get the App Server to redeploy with the following command:

    touch /export/home/idm/.reload

Whew!

You should now have a working IDM install. Have fun….

Advertisements
One Comment
  1. March 22, 2005 10:46 am

    Warren,
    I have create a whole root zone on a v40z with Solaris 10 x86, but when we try to run the JES2005Q1 installer we are getting this error:
    WARNING: Unsupported non-global zone
    EntSysResources:zoneCheckPanel-Gui-LocalZoneSupported
    Do you have any advice?
    Thanks,
    -John

Comments are closed.

%d bloggers like this: