Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
tutorial:adm:czechidm_installation [2021/10/07 13:10] – [5. Create CzechIdM configuration] fiserptutorial:adm:czechidm_installation [2022/12/20 10:11] (current) – [9. Deploy the CzechIdM] kralikf
Line 3: Line 3:
 {{tag>installation jdbc quickstart encryption}} {{tag>installation jdbc quickstart encryption}}
  
-We expect that the server is prepared as described in [[tutorial:adm:server_preparation|]].+We expect that the server is prepared as described in [[.:server_preparation|]].
  
 This tutorial shows how to install full production-ready version of CzechIdM on standard software setup (Java, PostgreSQL, Tomcat, Apache HTTPd). If you are looking for a demo installation please see [[:getting-started|]]. This tutorial shows how to install full production-ready version of CzechIdM on standard software setup (Java, PostgreSQL, Tomcat, Apache HTTPd). If you are looking for a demo installation please see [[:getting-started|]].
  
-<note tip>If you install CzechIdM on with Microsoft SQL Server database backend, please skip PostgreSQL-related sections and [[tutorial:adm:mssql_database_support|swap them for this tutorial]] instead.</note>+<note tip>If you install CzechIdM on with Microsoft SQL Server database backend, please skip PostgreSQL-related sections and [[.:mssql_database_support|swap them for this tutorial]] instead.</note> 
 + 
 ==== 1. Create DB user and database in PostgreSQL ==== ==== 1. Create DB user and database in PostgreSQL ====
 +If czech database collation should be used, install the czech language packs.
 +<code bash>
 +dnf install langpacks-cs
 +</code>
 +
 +
 Switch the user from root to postgres and use **psql** to add the user and database into PostgreSQL: Switch the user from root to postgres and use **psql** to add the user and database into PostgreSQL:
  
Line 52: Line 60:
 ==== 3. Configure environment properties. Select application profile ==== ==== 3. Configure environment properties. Select application profile ====
  
-Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. +Edit the configuration file ''/etc/systemd/system/tomcat.service'' - edit the line with environment variable choosing the appropriate application profile. We use **production** profile in our example, which enables you to configure production-ready instace of the identity manager. <note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note>
-<note>The **dev** profile is for development and testing environments and as such it has debug logging enabled. For production deployment, use a profile named **production** as is shown in the example. The profile naming convention is mandatory because other CzechIdM configuration depends on it.</note> +
  
 Change ​the following line: Change ​the following line:
 +
 <code bash> <code bash>
 Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8' Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8'
 +
 </code> </code>
 +
 into: into:
 +
 <code bash> <code bash>
-Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dspring.profiles.active=production' +Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Dlog4j2.formatMsgNoLookups=true -Dspring.profiles.active=production' 
 </code> </code>
  
 Reload ​systemd after the changes: Reload ​systemd after the changes:
 +
 <code bash> <code bash>
 systemctl daemon-reload systemctl daemon-reload
 +
 </code> </code>
 +
 +
 ==== 4. Create CzechIdM configuration folders ==== ==== 4. Create CzechIdM configuration folders ====
 In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments. In CzechIdM, you can store all deployment-specific configuration (i.e. database credentials) outside the war file. This is a configure-once approach which greatly simplifies future deployments.
Line 108: Line 123:
 org.quartz.jobStore.misfireThreshold=60000 org.quartz.jobStore.misfireThreshold=60000
 org.quartz.jobStore.tablePrefix=qrtz_ org.quartz.jobStore.tablePrefix=qrtz_
 +
  
 </file> </file>
Line 132: Line 148:
         <logger name="org.hibernate.SQL" level="INFO"/>         <logger name="org.hibernate.SQL" level="INFO"/>
         <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>         <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>
-        <logger name="AUDIT" level="ERROR"/>+        <logger name="AUDIT" level="INFO"/>
     </springProfile>     </springProfile>
  
Line 142: Line 158:
  
         <appender name="DB" class="eu.bcvsolutions.idm.core.exception.IdmDbAppender">         <appender name="DB" class="eu.bcvsolutions.idm.core.exception.IdmDbAppender">
-            <connectionSource class="ch.qos.logback.core.db.DriverManagerConnectionSource"> +
-                <driverClass>${spring.datasource.driver-class-name}</driverClass> +
-                <url>${spring.datasource.url}</url> +
-                <user>${spring.datasource.username}</user> +
-                <password>${spring.datasource.password}</password> +
-            </connectionSource>+
         </appender>         </appender>
  
Line 162: Line 173:
         <logger name="org.hibernate.SQL" level="INFO"/>         <logger name="org.hibernate.SQL" level="INFO"/>
         <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>         <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>
-        <logger name="AUDIT" level="ERROR"/>+        <logger name="AUDIT" level="INFO"/>
  
     </springProfile>     </springProfile>
  
 </configuration> </configuration>
 +
  
 </file> </file>
Line 178: Line 190:
 idm.pub.app.stage=production idm.pub.app.stage=production
  
-spring.datasource.url=jdbc:postgresql://localhost:5432/czechidm+spring.datasource.jdbcUrl=jdbc:postgresql://localhost:5432/czechidm
 spring.datasource.username=czechidm spring.datasource.username=czechidm
 spring.datasource.password=********** TODO ********* spring.datasource.password=********** TODO *********
Line 233: Line 245:
 spring.servlet.multipart.max-file-size=100MB spring.servlet.multipart.max-file-size=100MB
 spring.servlet.multipart.max-request-size=100MB spring.servlet.multipart.max-request-size=100MB
 +
  
 </file> </file>
Line 247: Line 260:
 spring.datasource.validationQuery=SELECT 1 spring.datasource.validationQuery=SELECT 1
 spring.datasource.test-on-borrow=true spring.datasource.test-on-borrow=true
 +
  
 </code> </code>
Line 258: Line 272:
 # We recommend the VALUE to be at least 25. # We recommend the VALUE to be at least 25.
 idm.sec.security.jwt.secret.token=********** TODO ********* idm.sec.security.jwt.secret.token=********** TODO *********
 +
  
 </code> </code>
Line 288: Line 303:
 # System.getProperty("user.home")/idm_data will be used if no path is given # System.getProperty("user.home")/idm_data will be used if no path is given
 idm.sec.core.attachment.storagePath=/opt/czechidm/data idm.sec.core.attachment.storagePath=/opt/czechidm/data
 +
  
 </code> </code>
Line 298: Line 314:
 # Application stage (development, test, production (default)) # Application stage (development, test, production (default))
 idm.pub.app.stage=production idm.pub.app.stage=production
 +
  
 </code> </code>
Line 352: Line 369:
 </code> </code>
 ==== 9. Deploy the CzechIdM ==== ==== 9. Deploy the CzechIdM ====
-Download the latest CzechIdM version. Currently it is idm-app-10.4.1.war.+ 
 +Download the latest CzechIdM version. Currently it is idm-app-12.2.3.war.
  
 Ensure Tomcat is stopped: Ensure Tomcat is stopped:
 +
 <code> <code>
 systemctl stop tomcat.service systemctl stop tomcat.service
 +
 </code> </code>
 +
 Copy the identity manager WAR into webapps folder in Tomcat and name it ''idm.war'': Copy the identity manager WAR into webapps folder in Tomcat and name it ''idm.war'':
 <code> <code>
 cp idm-app-10.4.1.war /opt/tomcat/current/webapps/idm.war cp idm-app-10.4.1.war /opt/tomcat/current/webapps/idm.war
 +
 </code> </code>
-Start the Tomcat container:<code>+ 
 +Start the Tomcat container: 
 + 
 +<code>
 systemctl start tomcat.service systemctl start tomcat.service
 +
 </code> </code>
 +
 If everything is set up right, the CzechIdM will deploy. Default log is ''/opt/tomcat/​current/logs/​catalina.out''. If everything is set up right, the CzechIdM will deploy. Default log is ''/opt/tomcat/​current/logs/​catalina.out''.
  
  • by fiserp