Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:czechidm_installation [2019/03/13 11:25] urbanl old revision restored (2018/11/09 14:11) |
tutorial:adm:czechidm_installation [2020/03/12 14:43] urbanl old revision restored (2020/03/11 11:55) |
||
---|---|---|---|
Line 35: | Line 35: | ||
and restart PostgreSQL. | and restart PostgreSQL. | ||
</ | </ | ||
- | ==== 2. JDBC driver installation - CentOS7 ==== | + | ==== 2. JDBC driver installation |
+ | **CentOS** | ||
Install the package with PostgreSQL JDBC driver: | Install the package with PostgreSQL JDBC driver: | ||
Line 50: | Line 50: | ||
</ | </ | ||
- | ==== 3. JDBC driver installation - Debian ==== | + | ==== 3. JDBC driver installation - Debian |
Install the package with PostgreSQL JDBC driver: | Install the package with PostgreSQL JDBC driver: | ||
Line 74: | Line 73: | ||
</ | </ | ||
- | Change the following line: | + | Change |
<code bash> | <code bash> | ||
Environment=' | Environment=' | ||
Line 80: | Line 79: | ||
into: | into: | ||
<code bash> | <code bash> | ||
- | Environment=' | + | Environment=' |
</ | </ | ||
- | Reload systemd after the changes: | + | Reload |
<code bash> | <code bash> | ||
systemctl daemon-reload | systemctl daemon-reload | ||
</ | </ | ||
- | |||
==== 5. Create CzechIdM configuration folders ==== | ==== 5. Create CzechIdM configuration folders ==== | ||
In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. | In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. | ||
Line 94: | Line 92: | ||
* The **backup** directory stored Groovy scripts backups. | * The **backup** directory stored Groovy scripts backups. | ||
* The **data** directory stores various user-attached files. | * The **data** directory stores various user-attached files. | ||
+ | * | ||
Create the directory structure: | Create the directory structure: | ||
< | < | ||
mkdir -p / | mkdir -p / | ||
</ | </ | ||
+ | |||
+ | |||
==== 6. Create CzechIdM configuration ==== | ==== 6. Create CzechIdM configuration ==== | ||
Line 276: | Line 276: | ||
# System.getProperty(" | # System.getProperty(" | ||
idm.sec.core.attachment.storagePath=/ | idm.sec.core.attachment.storagePath=/ | ||
+ | |||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | spring.servlet.multipart.max-file-size=100MB | ||
+ | spring.servlet.multipart.max-request-size=100MB | ||
</ | </ | ||
Line 328: | Line 332: | ||
</ | </ | ||
- | ==== Set correct permissions on CzechIdM files ==== | + | |
+ | |||
+ | ==== 7. Set correct permissions on CzechIdM files ==== | ||
+ | **CentOS** | ||
< | < | ||
chown tomcat: | chown tomcat: | ||
- | chown -R tomcat: | + | chown -R tomcat: |
- | chown tomcat: | + | chmod 750 / |
- | chmod 750 / | + | |
chmod 640 / | chmod 640 / | ||
</ | </ | ||
- | ==== Adjust Tomcat' | + | |
+ | ==== 8. Adjust Tomcat' | ||
Apache Tomcat has to know where the new configuration is. Because CzechIdM uses SpringBoot project, we simply add the **/ | Apache Tomcat has to know where the new configuration is. Because CzechIdM uses SpringBoot project, we simply add the **/ | ||
- | Create new file **/ | + | Create new file **/ |
+ | |||
+ | <code bash:> | ||
CLASSPATH=/ | CLASSPATH=/ | ||
</ | </ | ||
- | And change owner of the file to tomcat:< | + | |
+ | And change owner of the file to tomcat: | ||
+ | < | ||
chown root:tomcat / | chown root:tomcat / | ||
</ | </ | ||
- | ==== Create dedicated Java truststore ==== | + | ==== 9. Create dedicated Java truststore ==== |
Java truststore is a file which contains SSL certificates which we consider trusted. Usually this means some certificates of end systems or their respective certificate authorities. | Java truststore is a file which contains SSL certificates which we consider trusted. Usually this means some certificates of end systems or their respective certificate authorities. | ||
When we need CzechIdM to communicate with some new system with SSL-encrypted way, we need to import particular certificate here and restart the Tomcat container. | When we need CzechIdM to communicate with some new system with SSL-encrypted way, we need to import particular certificate here and restart the Tomcat container. | ||
Line 373: | Line 384: | ||
systemctl restart tomcat.service | systemctl restart tomcat.service | ||
</ | </ | ||
- | ==== Deploy the CzechIdM ==== | + | ==== 10. Deploy the CzechIdM ==== |
- | Download the latest CzechIdM version. Currently it is idm-app-7.6.1.war. | + | Download the latest CzechIdM version. Currently it is idm-app-9.4.0.war. |
- | Ensure Tomcat is stopped:< | + | |
+ | Ensure Tomcat is stopped: | ||
+ | < | ||
systemctl stop tomcat.service | systemctl stop tomcat.service | ||
</ | </ | ||
- | Copy the identity manager WAR into webapps folder in Tomcat and name it **idm.war**:< | + | Copy the identity manager WAR into webapps folder in Tomcat and name it **idm.war**: |
- | cp idm-app-7.6.1.war / | + | < |
+ | cp idm-app-9.4.0.war / | ||
+ | chown tomcat: | ||
</ | </ | ||
Start the Tomcat container:< | Start the Tomcat container:< | ||
systemctl start tomcat.service | systemctl start tomcat.service | ||
</ | </ | ||
+ | If everything is set up right, the CzechIdM will deploy. Default log is **/ | ||
- | If everything is set up right, the CzechIdM will deploy. Default log is **/ | + | |
- | ===== Allow network services | + | ==== 11. Final Steps ==== |
+ | |||
+ | === Allow network services === | ||
Firewall may restrict the access to all port except ssh (22/tcp). To be able to use CzechIdM, allow port 443/tcp and reload firewalld: | Firewall may restrict the access to all port except ssh (22/tcp). To be able to use CzechIdM, allow port 443/tcp and reload firewalld: | ||
Line 394: | Line 412: | ||
</ | </ | ||
- | ===== Change default admin password | + | === Change default admin password === |
In the fresh CzechIdM installation, | In the fresh CzechIdM installation, | ||
- | ===== Configure IdM ===== | + | === Configure IdM === |
Follow some final configuration steps: [[tutorial: | Follow some final configuration steps: [[tutorial: | ||
+ |