Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:czechidm_installation [2021/11/02 13:48] steinhartm [5. Create CzechIdM configuration] |
tutorial:adm:czechidm_installation [2021/12/14 08:52] fiserp [3. Configure environment properties. Select application profile] |
==== 3. Configure environment properties. Select application profile ==== | ==== 3. Configure environment properties. Select application profile ==== |
| |
Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. | Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. <note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note> |
<note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note> | |
| |
Change the following line: | Change the following line: |
| |
<code bash> | <code bash> |
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8' | Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8' |
| |
</code> | </code> |
| |
into: | into: |
| |
<code bash> | <code bash> |
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dspring.profiles.active=production' | Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true -Dspring.profiles.active=production' |
</code> | </code> |
| |
Reload systemd after the changes: | Reload systemd after the changes: |
| |
<code bash> | <code bash> |
systemctl daemon-reload | systemctl daemon-reload |
| |
</code> | </code> |
| |
| |
==== 4. Create CzechIdM configuration folders ==== | ==== 4. Create CzechIdM configuration folders ==== |
In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. | In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. |
| |
<code> | <code> |
cat /dev/urandom | tr -dc 'a-z0-9' | head -c 32> /opt/czechidm/etc/secret.key | cat /dev/urandom | tr -dc 'a-z0-9' | head -c 32 > /opt/czechidm/etc/secret.key |
| |
</code> | </code> |