Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
tutorial:adm:czechidm_installation [2021/10/07 13:11]
fiserp [5. Create CzechIdM configuration] 		tutorial:adm:czechidm_installation [2022/12/20 10:09]
kralikf [5. Create CzechIdM configuration]
Line 3: Line 3:
 {{tag>installation jdbc quickstart encryption}} {{tag>installation jdbc quickstart encryption}}
  
-We expect that the server is prepared as described in [[tutorial:adm:server_preparation|]].+We expect that the server is prepared as described in [[.:server_preparation|]].
  
 This tutorial shows how to install full production-ready version of CzechIdM on standard software setup (Java, PostgreSQL, Tomcat, Apache HTTPd). If you are looking for a demo installation please see [[:getting-started|]]. This tutorial shows how to install full production-ready version of CzechIdM on standard software setup (Java, PostgreSQL, Tomcat, Apache HTTPd). If you are looking for a demo installation please see [[:getting-started|]].
  
-<note tip>If you install CzechIdM on with Microsoft SQL Server database backend, please skip PostgreSQL-related sections and [[tutorial:adm:mssql_database_support|swap them for this tutorial]] instead.</note>+<note tip>If you install CzechIdM on with Microsoft SQL Server database backend, please skip PostgreSQL-related sections and [[.:mssql_database_support|swap them for this tutorial]] instead.</note> 
 + 
 ==== 1. Create DB user and database in PostgreSQL ==== ==== 1. Create DB user and database in PostgreSQL ====
 +If czech database collation should be used, install the czech language packs.
 +<code bash>
 +dnf install langpacks-cs
 +</code>
 +
 +
 Switch the user from root to postgres and use **psql** to add the user and database into PostgreSQL: Switch the user from root to postgres and use **psql** to add the user and database into PostgreSQL:
  
Line 52: Line 60:
 ==== 3. Configure environment properties. Select application profile ==== ==== 3. Configure environment properties. Select application profile ====
  
-Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. +Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. <note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note>
-<note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note> +
  
 Change ​the following line: Change ​the following line:
 +
 <code bash> <code bash>
 Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8' Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8'
 +
 </code> </code>
 +
 into: into:
 +
 <code bash> <code bash>
-Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dspring.profiles.active=production' +Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true -Dspring.profiles.active=production' 
 </code> </code>
  
 Reload ​systemd after the changes: Reload ​systemd after the changes:
 +
 <code bash> <code bash>
 systemctl daemon-reload systemctl daemon-reload
 +
 </code> </code>
 +
 +
 ==== 4. Create CzechIdM configuration folders ==== ==== 4. Create CzechIdM configuration folders ====
 In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments.
Line 108: Line 123:
 org.quartz.jobStore.misfireThreshold=60000 org.quartz.jobStore.misfireThreshold=60000
 org.quartz.jobStore.tablePrefix=qrtz_ org.quartz.jobStore.tablePrefix=qrtz_
 +
  
 </file> </file>
Line 142: Line 158:
  
         <appender name="DB" class="eu.bcvsolutions.idm.core.exception.IdmDbAppender">         <appender name="DB" class="eu.bcvsolutions.idm.core.exception.IdmDbAppender">
-            <connectionSource class="ch.qos.logback.core.db.DriverManagerConnectionSource"> +
-                <driverClass>${spring.datasource.driver-class-name}</driverClass> +
-                <url>${spring.datasource.url}</url> +
-                <user>${spring.datasource.username}</user> +
-                <password>${spring.datasource.password}</password> +
-            </connectionSource>+
         </appender>         </appender>
  
Line 167: Line 178:
  
 </configuration> </configuration>
 +
  
 </file> </file>
Line 178: Line 190:
 idm.pub.app.stage=production idm.pub.app.stage=production
  
-spring.datasource.url=jdbc:postgresql://localhost:5432/czechidm+spring.datasource.jdbcUrl=jdbc:postgresql://localhost:5432/czechidm
 spring.datasource.username=czechidm spring.datasource.username=czechidm
 spring.datasource.password=********** TODO ********* spring.datasource.password=********** TODO *********
Line 233: Line 245:
 spring.servlet.multipart.max-file-size=100MB spring.servlet.multipart.max-file-size=100MB
 spring.servlet.multipart.max-request-size=100MB spring.servlet.multipart.max-request-size=100MB
 +
  
 </file> </file>
Line 247: Line 260:
 spring.datasource.validationQuery=SELECT 1 spring.datasource.validationQuery=SELECT 1
 spring.datasource.test-on-borrow=true spring.datasource.test-on-borrow=true
 +
  
 </code> </code>
Line 258: Line 272:
 # We recommend the VALUE to be at least 25. # We recommend the VALUE to be at least 25.
 idm.sec.security.jwt.secret.token=********** TODO ********* idm.sec.security.jwt.secret.token=********** TODO *********
 +
  
 </code> </code>
Line 288: Line 303:
 # System.getProperty("user.home")/idm_data will be used if no path is given # System.getProperty("user.home")/idm_data will be used if no path is given
 idm.sec.core.attachment.storagePath=/opt/czechidm/data idm.sec.core.attachment.storagePath=/opt/czechidm/data
 +
  
 </code> </code>
Line 298: Line 314:
 # Application stage (development, test, production (default)) # Application stage (development, test, production (default))
 idm.pub.app.stage=production idm.pub.app.stage=production
 +
  
 </code> </code>
  • by kralikf