Disclaimer: Please note, the following instructions are not comprehensive nor meant to replace official sun docs. They are merely to help speed up your work.
For people new to our software stack, Sun Identity Manager is our flagship user provisioning product. This can run on many web containers, but I always prefer to run all our products on Sun app server.
Installation Instructions
Initial preparations
Solaris 10 will contain a bundled version of the Sun application server (and Sun Message Queue). This will need to be removed to prevent potential conflicts with the new versions of the Sun application server.
Issue the following command to get the package names of Application server and Message Queue:
bash#pkginfo | grep -i "sun java application"
bash#pkginfo | grep -i "sun java message"
Remove the packages by using the pkgrm command, a sample is shown below:
bash# pkgrm SUNWasac SUNWascmn SUNWasdem <.. more package names>
Note: Please ONLY remove packages related to the Application server and Message queue. Before installing zones, please find the directories where the local zones should be installed. The file system landscape can be found by issuing the following command:
bash#df -h
If we are installing multiple local zones on a server, we will need some spare IP addresses that can be used during the local zone install.
Creating a container (local zone) in Solaris 10
Create a zone configuration file with the required IP address, directory where the zone will be installed etc. A sample configuration file is given below:
bash-3.00# more idm-zone.cfg
create -b
set zonepath=/export/home/idm-zone
set autoboot=false
add net
set address=192.168.21.3/24 <please use your own IP address, the 24 refers to the netmask
255.255.255.0 and should remain there>
set physical=ce0 <use your own setting, can be found using the ifconfig -a command>
end
add attr
set name=comment
set type=string
set value="IDM 5.5 running on Sun AS 8.1 Update 2 Sol 10 SPARC and MySQL"
end
verify
commit
Before creating the zone, lets call it idm-zone, verify if a zone of that name already exists:
bash# zonecfg -z idm-zone info
Use the following commands to create a local zone, idm-zone:
bash# zonecfg -z idm-zone -f idm-zone.cfg
bash# zonecfg -z idm-zone info zonepath
bash# zoneadm -z idm-zone install
Issue the following command to boot the zone:
bash# zoneadm -z idm-zone boot
Simultaneously, open another terminal window, and login to the Solaris machine and issue the following command:
new-bash#zlogin -C idm-zone
Once the systems boots, in the other window, we will need to give a new hostname (default is the zone name), NIS (or someother naming type), name server, root password etc.(this will be like running a separate server to the outside world).
The following information is for information purposes only, when you need to delete a local zone.
bash# zoneadm -z idm-as81-zone halt
bash# zoneadm list -cv
bash# zoneadm -z idm-as81-zone uninstall
bash#zonecfg -z idm-as81-zone delete
I thank my colleague, Hasham for the Solaris zones gyan (a.k.a Knowledge) !!
Install the Sun Java System Application Server 8.1 Update 2
We need to use the latest version of the Sun Application server 8.1 SE/EE, the latest version as of this document creation, is Sun Application server 8.1 Update2. The Platform edition of the Application server, can also be used, but it has some reduced features especially in administration, and hence the Standard Edition SE was used. Login to the local zone, idm-zone and copy the application server bits (these bits can be ftp'ed to the local zone IP address from outside). Unzip the Application server bits and install the Sun Application 8.1 Update 2 SPARC or x86, please refer to the application server 8.1 install guide (at
http://docs.sun.com) for more information.
Issue the following commands in the local zone, after going to the application server's bin directory:
1. Start the application server domain server
asadmin start-domain --user admin
2. Start the node agent
asadmin start-node-agent --user admin
3. Login to the app server admin console, like https://<mylocal zone server name/IP>:<4849 or appserverport>. Create a new server instance, lets call it idm-server-instance1 and start the instance.
MySQL server configuration
The MySQL server is already installed in Solaris 10. The server will need to be started and configured for use with Sun Identity Manager.
• Start mysql:
/usr/sfw/sbin/mysqld_safe &
• Populate the database
/usr/sfw/bin/mysql_install_db
• Test the database (Optional):
cd /usr/sfw/mysql/mysql-test; ./mysql-test-run
Sun Identity Manager 5.5 Installation and Configuration
• Unzip the Identity Manager bits to some directory, say /space/idmbits. Then issue the following commands to populate the mysql database with Identity Manager related schema.
cd /space/idmbits/db_scripts
/usr/sfw/bin/mysql -u root -p
mysql>source create_waveset_tables.mysql
mysql>exit
• Download the mysql JDBC driver at http://dev.mysql.com/downloads/connector/j/3.1.html
If there is a more recent version of the JDBC driver, please use that version.
• Go to /space/idmbits and start the Identity Manager installer.
• Select a directory, for example /space/idm55, for the installer to copy the Identity manager bits.
• When we reach the stage, where the setup button needs to be clicked. Copy the mysql JDBC driver to /space/idm55/WEB-INF/lib directory.
• Click setup, select mysql as the repository, enter license info, and import the
config file.
• To prevent conflicts with Sun application server jar files, move the cryptix-jce-api*.jar files in /space/idm55/WEB-INF/lib to some other file names.
• Go to /space/idm55 and create a idm war file using the following command.
jar cvf idm.war *
• Open the app server admin console and deploy the idm.war app in the server instance created in the app server (app name is idm and context root is /idm)
• In the app server admin console, add a JVM property to the server instance, idm-serverinstance1.
-Dwaveset.home=<the directory in the app server where the idm
application got deployed>
• In the app server admin console, Delete/Disable security JVM property in the JVM settings of the server instance, idm-server-instance1.:
-Djava.security.policy=${com.sun.aas.instanceRoot}/config/server.policy
Note: This is a hack and is not recommended for production. The proper way is to edit the server.policy file and grant permission to the Sun Identity Manager (or waveset) classes. This is documented in the Identity manager Installation guide, Section 9 (Installing Identity Manager on Sun Java System Application server 8) and Step 5.
• Restart the app server
• Check if the idm application comes up: http://<app server>:port/idm and login with the username/password as configurator/configurator
