Installing the Application Server and GlassFish Agent

• Gathering Information to Install the Application Server and GlassFish Agent

• Installing the Application Server and GlassFish Agent Using the agentadmin Program

Gathering Information to Install the Application Server and GlassFish Agent

The following table describes the information you will need to provide when you run the agentadmin program to install the Application Server and GlassFish agent. For some agentadmin prompts, you can accept the default value displayed by the program, if you prefer.

Table 1 Information Required to Install the Application Server and GlassFish Agent

Prompt Request	Description
Application Server Configuration Directory	Path to the directory used by Application Server to store its configuration files. Applies to both default and custom installation options. Default: /var/opt/SUNWappserver/domains/domain1/config
Application Server Instance Name	Name of the Application Server instance secured by this agent. Applies only to the custom installation option. Default: server
Access Manager URL	URL where OpenSSO Enterprise is running. Applies to both default and custom installation options. For example: http://openssohost.example.com:8080/opensso
Is the agent installed on the DAS host for a remote instance?	Default: false See Installing the Application Server 9.1 / GlassFish 2.1 Agent on the Domain Administration Server (DAS). Applies only to the custom installation option.
Agent URL	Applies to both default and custom installation options. Agent protected Application Server URL For example: http://agenthost.example.com:8090/agentapp Note: The version 3.0 agentadmin program does not prompt you for the deployment URI for the agent application, because /agentapp is combined with this URL.
Encryption Key	Key used to encrypt the agent profile password. The encryption key should be at least 12 characters long. You can accept the default key or create a new key using the agentadmin --getEncryptKey command. Applies only to the custom installation option.
Agent Profile Name	A policy agent communicates with OpenSSO Enterprise using the name and password in the agent profile. Applies to both default and custom installation options. For information, see Creating an Agent Profile.
Agent profile password file	ASCII text file with only one line specifying the agent profile password. You create the agent profile password file as a pre-installation step. Applies to both default and custom installation options. For information, see Creating a Password File.
Option to create the agent profile The agentadmin program displays the following prompt if the agent profile previously specified for the Agent Profile Name prompt does not already exist in OpenSSO Enterprise: Enter true if the Agent Profile is being created into OpenSSO Enterprise by the installer. Enter false if it will be not be created by installer.	To have the installation program create the agent profile, enter true. The program then prompts you for: Agent administrator who can create, update, or delete the agent profile. For example: agentadmin Important: To use this option, the agent administrator must already exist in OpenSSO Enterprise and must have agent administrative privileges. For information see, Creating an Agent Administrator. If you prefer, you can also specify amadmin as this user. Path to the agent administrator password file. For information, see Creating a Password File. Applies only to the custom installation option.

Installing the Application Server and GlassFish Agent Using the agentadmin Program

The version 3.0 agentadmin program includes these installation options:

• Default install (agentadmin --install): The program asks a limited number of questions and uses default values for the other options. Use the default install option when the default options, as shown in Table 1, meet your deployment requirements.

  or

• Custom install (agentadmin --custom-install): The program asks a full set of questions similar to the version 2.2 program. Use the custom install option when you want to specify values other than the default options shown in Table 1.

Before you install the Application Server and GlassFish agent:

• An OpenSSO Enterprise server instance must be installed and running.

• The Application Server or GlassFish instance must be installed and configured on the server where you plan to install the agent.

• You must have downloaded and unzipped the distribution file, as described in Downloading and Unzipping the appserver_v9_agent.zip Distribution File.

To Install the Application Server and GlassFish Agent Using the agentadmin Program

1. Login into the server where you want to install the agent.

   Important: To install the agent, you must have write permission to the Application Server or GlassFish instance files and directories.

2. If they are running, shut down the following server instances:

   • Domain Administration Server (DAS) instance on the server where you want to install the agent

   • Application Server or GlassFish instance that will be protected by the agent

3. Change to the following directory:

   PolicyAgent-base/j2ee_agents/appserver_v9_agent/bin

4. On Solaris and Linux systems, set the permissions for the agentadmin program as follows, if needed:

   # chmod 755 agentadmin

5. Start the agent installation:

   Default install: # ./agentadmin --install

   or

   Custom install: # ./agentadmin --custom-install

   On Windows systems, run the agentadmin.bat program.

6. Enter information as requested by the agentadmin program, or accept the default values displayed by the program.

   After you have made your choices, the agentadmin program displays a summary of your responses. For example:

   -----------------------------------------------
   SUMMARY OF YOUR RESPONSES
   -----------------------------------------------
   Application Server Config Directory :
   /opt/SUNWappserver/domains/domain1/config 
   Application Server Instance name : server 
   OpenSSO Enterprise URL : http://openssohost.example.com:8080/opensso
   
   Domain Administration Server Host is remote : false 
   Agent URL : http://agenthost.example.com:8090/agentapp 
   Encryption Key : Hpmw1eyip3sRmUlFCKjJeQUhU5DRX3aT 
   Agent Profile name : AS91Agent 
   Agent Profile Password file name : as91agentpw 
   Agent installed on the DAS host for a remote instance : false 
   
   Verify your settings above and decide from the choices below.
   1. Continue with Installation
   2. Back to the last interaction
   3. Start Over
   4. Exit
   Please make your selection [1]:

7. Verify your choices and either continue with the installation (selection 1, the default) , or make any necessary changes.

   If you continue, the program installs the agent and displays a summary of the installation. For example:

   SUMMARY OF AGENT INSTALLATION
   -----------------------------
   Agent instance name: Agent_001
   Agent Bootstrap file location:
   /agents/j2ee_agents/appserver_v9_agent
     /Agent_001/config/OpenSSOAgentBootstrap.properties
   Agent Configuration file location
   /agents/j2ee_agents/appserver_v9_agent
     /Agent_001/config/OpenSSOAgentConfiguration.properties
   Agent Audit directory location:
   /agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/audit
   Agent Debug directory location:
   /agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/debug
   
   Install log file location:
   /agents/j2ee_agents/appserver_v9_agent/install-logs/audit/custom.log

8. After the installation finishes successfully, if you wish, check the installation log file in the following directory:

   PolicyAgent-base/install-logs/audit

9. Restart the Application Server or GlassFish instance that is being protected by the agent.

   ---

   Note –

   After you install the Application Server and GlassFish agent for a specific domain, you cannot use that same agent on the same host for a different domain. To use the Application Server and GlassFish agent for another domain on the same host, you must install the agent specifically for that domain.

   ---

---

Example 1 Sample agentadmin Program Installation for the Application Server and GlassFish Agent

************************************************************************
Welcome to the Sun OpenSSO Enterprise Policy Agent 3.0 for Sun Java
System Application Server 8.1/8.2/9.0/9.1.
************************************************************************

Enter the complete path to the directory which is used by Application Server
to store its configuration Files. This directory uniquely identifies the
Application Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Application Server Config Directory Path
[/var/opt/SUNWappserver/domains/domain1/config]: 
/opt/SUNWappserver/domains/domain1/config

Enter the name of the Application Server instance that is secured by this
Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the Application Server Instance name [server]: 

Enter the URL where the OpenSSO Enterprise is running. Please include
the deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO Enterprise URL: http://openssohost.example.com:8080/opensso

Enable this field only when the agent is being installed on a remote server
instance host.
[ ? : Help, < : Back, ! : Exit ]
Is Domain administration server host remote ? [false]: 

Enter the Agent URL. Please include the deployment URI also as shown below:
(http://agent1.sample.com:1234/agentapp)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://agenthost.example.com:8090/agentapp

Enter a valid Encryption Key.
[ ? : Help, < : Back, ! : Exit ]
Enter the Encryption Key [Hpmw1eyip3sRmUlFCKjJeQUhU5DRX3aT]: 

Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: AS91Agent

Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: as91agentpw

Enter true only if agent is being installed on a remote instance from the
Domain Administration server host. 
[ ? : Help, < : Back, ! : Exit ]
Is the agent being installed on the DAS host for a remote instance ? [false]: 

-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Application Server Config Directory :
/opt/SUNWappserver/domains/domain1/config 
Application Server Instance name : server 
OpenSSO Enterprise URL : http://openssohost.example.com:8080/opensso

Domain Administration Server Host is remote : false 
Agent URL : http://agenthost.example.com:8090/agentapp 
Encryption Key : Hpmw1eyip3sRmUlFCKjJeQUhU5DRX3aT 
Agent Profile name : AS91Agent 
Agent Profile Password file name : as91agentpw 
Agent installed on the DAS host for a remote instance : false 

Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]: 

Creating a backup for file
/opt/SUNWappserver/domains/domain1/config/login.conf ...DONE.

Creating a backup for file
/opt/SUNWappserver/domains/domain1/config/server.policy ...DONE.

Adding Agent Realm to
/opt/SUNWappserver/domains/domain1/config/login.conf file ...DONE.

Adding java permissions to
/opt/SUNWappserver/domains/domain1/config/server.policy file ...DONE.

Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.

Reading data from file
/agents/j2ee_agents/appserver_v9_agent/bin/as91agentpw and
encrypting it ...DONE.

Generating audit log file name ...DONE.

Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.

Creating the Agent Profile AS91Agent ...DONE.

Creating a backup for file
/opt/SUNWappserver/domains/domain1/config/domain.xml ...DONE.

Adding Agent parameters to
/opt/SUNWappserver/domains/domain1/config/domain.xml file ...DONE.


SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/agents/j2ee_agents/appserver_v9_agent
  /Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/agents/j2ee_agents/appserver_v9_agent
  /Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/audit
Agent Debug directory location:
/agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/debug

Install log file location:
/agents/j2ee_agents/appserver_v9_agent/install-logs/audit/custom.log

Thank you for using Sun OpenSSO Enterprise Policy Agent 3.0.

---

After You Finish the Install

Agent Instance Directory

The installation program creates the following directory for each agent instance:

PolicyAgent-base/Agent_nnn

where nnn identifies the agent instance as Agent_001, Agent_002, and so on for each additional agent instance.

Each agent instance directory contains the following subdirectories:

• /config contains the configuration files for the agent instance, including OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties.

• /install-logs contains the following subdirectories

  • /audit contains local audit trail for the agent instance.

  • /debug contains the debug files for the agent instance when the agent runs in debug mode.