Sun and OracleChannel SunHow to BuyLog InEspañol

Technical Note: Deploying Access Manager to an Application Server Cluster
  Buscar sólo este libro
Buscar Ayuda
Contained Within
Find More Documentation
Featured Support Resources
 Descargar este libro en PDF (388 KB)

Technical Note: Deploying Access Manager Instances to an Application Server Cluster

This document describes how to deploy Sun JavaTMSystem Access Manager 7 2005Q4 to a Sun Java System Application Server Enterprise Edition 8.1 2005Q4 cluster, either on a single host server or on multiple host servers, including:

Before You Get Started

This document is intended for system administrators and software technicians. You should be familiar with the administrative commands for your deployment platform (SolarisTM system or Linux system ) and the following tasks.

Task 

Where to Find More Information 

Running the Java ES installer to install Java ES components. The examples in this technical note will use separate machines for the following. with Access Manager installed on all three machines: 

  • Sun Java System Application Server with cluster instances

  • Sun Java System Directory Server

    Access Manager requires Directory Server. Either install a new Directory Server or use an existing one.

  • Sun Java System Web Server as a Load Balancer.

Sun Java Enterprise System 2005Q4 Installation Guide for UNIX

Applying any required patches for Access Manager and other Java ES components. 

Check for required patches in the Java ES 2005Q4 Release Notes Collection: http://docs.sun.com/coll/1315.1

Also, check with your Sun Microsystems technical representative. 

You can download patches from SunSolve Online: http://sunsolve.sun.com/

Administering Access Manager, Application Server, and Directory Server 

Java ES component documentation: 

Installation and Configuration Steps

To deploy Access Manger instances to an Application Server 8.1 2005Q4 cluster, follow these steps:

Install and Configure Application Server

In this section, one machine will contain the DAS host server and the Application Server host-server1). Two additional servers (server1 and server2) will contain the Application Server instances.

  1. Install Application Server using the Java ES installer with the Configure Now option. When you install Application Server, the Java ES installer also creates the node agent. .

  2. Install the Application Server command line utilities on server1 and server2. You will install node agents on these servers (See Step 3c). The examples in this document use nodeagent1, nodeagent2, nodeagent3 as the node agent names

  3. Configure the Application Server Cluster. Examples in the following steps use the Application Server asadmin command-line utility; however, you can use the Application Server Administration Console, if you prefer.

    1. Start the node agent on the DAS (host-server1). For example:

      asadmin> start-node-agent --user admin --passwordfile password-file nodeagent1

    2. Create node agents on server1 and server2. 

      asadmin> create-node-agent --host host-server1.example.com --port 4849 --user admin 
--passwordfile password-file nodeagent2
asadmin> create-node-agent --host host-server1.example.com --port 4849 --user admin 
--passwordfile password-file nodeagent3

    3. Start the node agents on server1 and server2. For example:

      asadmin> start-node-agent --user admin --passwordfile password-file nodeagent2
asadmin> start-node-agent --user admin --passwordfile password-file nodeagent3

    4. Create the cluster on the DAS. For example:

      asadmin create-cluster --user admin --passwordfile password-file amcluster

    5. Create a server instance for the cluster at the DAS. For example: 

      asadmin> create-instance --user admin --passwordfile password-file 
--cluster amcluster --nodeagent nodeagent1 
--systemproperties HTTP_LISTENER_PORT=8182: instance1
      asadmin> create-instance --user admin --passwordfile password-file 
--cluster amcluster --nodeagent nodeagent2 
--systemproperties HTTP_LISTENER_PORT=8182: instance2
      asadmin> create-instance --user admin --passwordfile password-file 
--cluster amcluster --nodeagent nodeagent3 
--systemproperties HTTP_LISTENER_PORT=8182: instance3
      Note –

      If you are creating an instance on a remote server, specify the node agent name on the remote server. Also, make sure that the node agent is running on the remote server.

Install and Configure Access Manager

Perform the following steps on all of the servers:

  1. Install Access Manager using the Java ES installer with the Configure Later option. Access Manager requires Sun Java System Directory Server. Either install Directory Server before you install Access Manager. Or, use an existing Directory Server.

  2. Start all instances of Application Server to verify that they are installed properly.

  3. Create an amsamplesilent file on the DAS machine (host-server1) and set the following attributes:

    SERVER_NAME=host-server1
SERVER_HOST=$SERVER_NAME.example.com
SERVER_PORT=8082
ADMIN_PORT=4849
DS_HOST=qa-host-server1.example.comDS_DIRMGRPASSWD=password
ROOT_SUFFIX="dc=example,dc=com"
ADMINPASSWD=password
AMLDAPUSERPASSWD=password
COOKIE_DOMAIN=.example.com
AM_ENC_PWD=""
NEW_OWNER=root
NEW_GROUP=other
PAM_SERVICE_NAME=other
WEB_CONTAINER=AS8

AS81_HOST=host-server1.example.com
AS81_INSTANCE=amcluster

  4. Save and deploy the ampsamplesilent file. For example:

    amconfig -s amsamplesilent

  5. Restart Access Manager and the cluster instance

  6. Log in to Access Manager as amadmin on the DAS machine and add the additional server instances to the Platform server list. For more information, see Add Instances to the Platform Server List and Realm/DNS Aliases.

  7. Copy the ampsamplesilent file to /usr/tmp directory on both server1 and server2.

  8. On the DAS machine, locate the AM_ENC_PWD property in amconfig.properties (located in /etc/opt/SUNWam/config):

    am.encryption.pwd=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

  9. Copy the value of the AM_ENC_PWD from the DAS machine and replace the value in the amsamplesilent file for both server1 and server2: 

    SERVER_NAME=server1
AM_ENC_PWD=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

SERVER_NAME=server2
AM_ENC_PWD=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

  10. Deploy the configuration file on server1 and server2. The applications will produce error messages when attempting to deploy, because the applications are already in the domain. The configuration files need to be created and the command line utilities need to be defined. To do so, run the amconfig command for each installed instance. For example:

    amconfig -s /usr/tmp/ amsamplesilent

    For more information, see the Access Manager Administration Guide.

    Note –

    Certain error messages will be sent, but these are expected and can be ignored.

    • Access Manager 7 errors:


      Directory Server is already loaded with Access Manager DIT.
CLI171 Command deploy failed : Application amserver is already deployed on other targets. Ple
ase use create-application-ref command to create reference to the specified target; requested
 operation cannot be completed
Failed to deploy /amserver
cp: cannot access /var/opt/SUNWappserver/domains/domain1/config/domain.xml
cp: cannot access /var/opt/SUNWappserver/domains/domain1/config/server.policy
CLI167 Could not create the following jvm options. Options exist:
-Djava.protocol.handler.pkgs=com.iplanet.services.com
-DLOG_COMPATMODE=Off
-Ds1is.java.util.logging.config.class=com.sun.identity.log.s1is.LogConfigReader
-Dcom.iplanet.am.serverMode=true
CLI137 Command create-jvm-options failed.

  11. Repeat these steps for other instances in the cluster.

Add Instances to the Platform Server List and Realm/DNS Aliases

To add Access Manager instances to the Platform Server List and Realm/DNS Aliases, use the Access Manager Admin Console on the first host server (host-server1)

  1. Log in to the Access Manager Console as amadmin on the first host server (host-server1).

  2. In the Access Manager Console, click Configuration, System Properties, and then Platform.

  3. Add each additional instance to the Platform Server List:

    1. Under Instance Name, click New.

    2. In New Server Instance, add the Server and Instance Name. For example:

      Server: http://host-server1.example.com:8182

      Instance Name: 02

    3. Click OK to add the instance.

    4. After you have added all instances, click Save.

      Your Platform Server List will like similar to this list:

      http://host-server1.example.com:8182|01
http://server1.example.com:8182|02 
http://server2.example.com:8182|03

      In this example, all instances are on the same server. If instances are on remote servers, specify the remote host server names when you add the servers to the list.

If you have instances on remote servers, update the Realm/DNS Aliases (sunOrganizationAliases) with the remote host names:

  1. In the Access Manager Console on the first host server (host-server1), click Access Control and then the root (top-level) realm under Realm Name.

  2. Under Realm Attributes, add each remote instance to the Realm/DNS Aliases and then click Add. For example:

    host-server2.example.com

  3. After you have added all remote instances, click Save.

    Your Realm/DNS Aliases will like similar to this list:

    host-server1.example.com
server1.example.com
server2.example.com

Install Web Server as a Load Balancer

Install Web Server on one of the machines and configure it as a load balancer. For information, see the Sun Java System Web Server documentation at http://docs.sun.com/app/docs/coll/1308.1.

Be sure to add the load balancer's site and address to Access Manager's platform list.

Add Listeners to the Clusters for the Load Balancer

Log in to the machine that has Web Server configured as the load balancer plug-in. You will create a listener for each instance of the cluster and the contexts roots for Access manager.

  1. Locate the loadbalancer.xml file.

  2. Add the listeners to the file. For example:

     <instance  name="instance1" enabled="true" disable-timeout-in-minutes="60" 
listeners="http://host-server1.expamle.com.com:8182"/>
        <instance  name="instance2" enabled="true" disable-timeout-in-minutes="60" 
listeners="http://server1.example.com:8182"/>
        <instance  name="instance3" enabled="true" disable-timeout-in-minutes="60" 
listeners="http://server2.exapmle.com:8182"/>

        <web-module context-root="/amserver" enabled="true" disable-timeout-in-minutes="60" 
error-url="sun-http-lberror.html" />
        <web-module context-root="/ampassword" enabled="true" disable-timeout-in-minutes="60"
error-url="sun-http-lberror.html" />
        <web-module context-root="/amcommon" enabled="true" disable-timeout-in-minutes="60" 
error-url="sun-http-lberror.html" />

  3. In loadbalancer.xml, change property name to the following:

    <property name="response-timeout-in-seconds" value="120"/>

  4. Restart the Web Server.

Restart All Application Server Instances

Restart all Application Server instances using the following commands:

asadmin> stop-cluster --user admin --passwordfile password-file amcluster
asadmin> start-cluster --user admin --passwordfile password-file amcluster

Accessing Sun Resources Online

The docs.sun.com web site enables you to access Sun technical documentation online. You can browse the docs.sun.com archive or search for a specific book title or subject. Books are available as online files in PDF and HTML formats. Both formats are readable by assistive technologies for users with disabilities.

To access the following Sun resources, go to http://www.sun.com:

  • Downloads of Sun products

  • Services and solutions

  • Support (including patches and updates)

  • Training

  • Research

  • Communities (for example, Sun Developer Network)

Third-Party Web Site References

Third-party URLs are referenced in this document and provide additional, related information.

Note –

Sun is not responsible for the availability of third-party web sites mentioned in this document. Sun does not endorse and is not responsible or liable for any content, advertising, products, or other materials that are available on or through such sites or resources. Sun will not be responsible or liable for any actual or alleged damage or loss caused or alleged to be caused by or in connection with use of or reliance on any such content, goods, or services that are available on or through such sites or resources.

Sun Welcomes Your Comments

Sun is interested in improving its documentation and welcomes your comments and suggestions. To share your comments, go to http://docs.sun.com and click Send Comments. In the online form, provide the full document title and part number. The part number is a 7-digit or 9-digit number that can be found on the book's title page or in the document's URL. For example, the part number of this document is 819-6769.

Revision History

Release Date 

Description of Changes 

May 26, 2006 

Review draft.