Installing the Application Server and GlassFish Agent Using the agentadmin Program (Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Application Server 8.1/8.2/9.0/9.1 and GlassFish)

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Sun Java System Application Server 8.1/8.2/9.0/9.1 and GlassFish

Previous: Gathering Information to Install the Application Server and GlassFish Agent
Next: Post-Installation Tasks for the Application Server and GlassFish Agent

Installing the Application Server and GlassFish Agent Using the `agentadmin` Program

The version 3.0 agentadmin program includes these installation options:

Default install (agentadmin --install): The program asks a limited number of questions and uses default values for the other options. Use the default install option when the default options, as shown in Table 1, meet your deployment requirements.

or
Custom install (agentadmin --custom-install): The program asks a full set of questions similar to the version 2.2 program. Use the custom install option when you want to specify values other than the default options shown in Table 1.

Before you install the Application Server and GlassFish agent:

An OpenSSO Enterprise server instance must be installed and running.
The Application Server or GlassFish instance must be installed and configured on the server where you plan to install the agent.
You must have downloaded and unzipped the distribution file, as described in Downloading and Unzipping the appserver_v9_agent.zip Distribution File.

To Install the Application Server and GlassFish Agent Using the `agentadmin` Program

Login into the server where you want to install the agent.

Important: To install the agent, you must have write permission to the Application Server or GlassFish instance files and directories.

If they are running, shut down the following server instances:
- Domain Administration Server (DAS) instance on the server where you want to install the agent
- Application Server or GlassFish instance that will be protected by the agent

Change to the following directory:

PolicyAgent-base/j2ee_agents/appserver_v9_agent/bin

On Solaris and Linux systems, set the permissions for the agentadmin program as follows, if needed:

# chmod 755 agentadmin

Start the agent installation:

Default install: # ./agentadmin --install

or

Custom install: # ./agentadmin --custom-install

On Windows systems, run the agentadmin.bat program.

Enter information as requested by the agentadmin program, or accept the default values displayed by the program.

After you have made your choices, the agentadmin program displays a summary of your responses. For example:

-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Application Server Config Directory :
/opt/SUNWappserver/domains/domain1/config 
Application Server Instance name : server 
OpenSSO Enterprise URL : http://openssohost.example.com:8080/opensso

Domain Administration Server Host is remote : false 
Agent URL : http://agenthost.example.com:8090/agentapp 
Encryption Key : Hpmw1eyip3sRmUlFCKjJeQUhU5DRX3aT 
Agent Profile name : AS91Agent 
Agent Profile Password file name : as91agentpw 
Agent installed on the DAS host for a remote instance : false 

Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:

Verify your choices and either continue with the installation (selection 1, the default) , or make any necessary changes.

If you continue, the program installs the agent and displays a summary of the installation. For example:

SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/agents/j2ee_agents/appserver_v9_agent
  /Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/agents/j2ee_agents/appserver_v9_agent
  /Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/audit
Agent Debug directory location:
/agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/debug

Install log file location:
/agents/j2ee_agents/appserver_v9_agent/install-logs/audit/custom.log

After the installation finishes successfully, if you wish, check the installation log file in the following directory:

PolicyAgent-base/install-logs/audit

Restart the Application Server or GlassFish instance that is being protected by the agent.

Note –
After you install the Application Server and GlassFish agent for a specific domain, you cannot use that same agent on the same host for a different domain. To use the Application Server and GlassFish agent for another domain on the same host, you must install the agent specifically for that domain.

Example 1 Sample `agentadmin` Program Installation for the Application Server and GlassFish Agent

************************************************************************
Welcome to the Sun OpenSSO Enterprise Policy Agent 3.0 for Sun Java
System Application Server 8.1/8.2/9.0/9.1.
************************************************************************

Enter the complete path to the directory which is used by Application Server
to store its configuration Files. This directory uniquely identifies the
Application Server instance that is secured by this Agent.
[ ? : Help, ! : Exit ]
Enter the Application Server Config Directory Path
[/var/opt/SUNWappserver/domains/domain1/config]: 
/opt/SUNWappserver/domains/domain1/config

Enter the name of the Application Server instance that is secured by this
Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the Application Server Instance name [server]: 

Enter the URL where the OpenSSO Enterprise is running. Please include
the deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO Enterprise URL: http://openssohost.example.com:8080/opensso

Enable this field only when the agent is being installed on a remote server
instance host.
[ ? : Help, < : Back, ! : Exit ]
Is Domain administration server host remote ? [false]: 

Enter the Agent URL. Please include the deployment URI also as shown below:
(http://agent1.sample.com:1234/agentapp)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://agenthost.example.com:8090/agentapp

Enter a valid Encryption Key.
[ ? : Help, < : Back, ! : Exit ]
Enter the Encryption Key [Hpmw1eyip3sRmUlFCKjJeQUhU5DRX3aT]: 

Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: AS91Agent

Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: as91agentpw

Enter true only if agent is being installed on a remote instance from the
Domain Administration server host. 
[ ? : Help, < : Back, ! : Exit ]
Is the agent being installed on the DAS host for a remote instance ? [false]: 

-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Application Server Config Directory :
/opt/SUNWappserver/domains/domain1/config 
Application Server Instance name : server 
OpenSSO Enterprise URL : http://openssohost.example.com:8080/opensso

Domain Administration Server Host is remote : false 
Agent URL : http://agenthost.example.com:8090/agentapp 
Encryption Key : Hpmw1eyip3sRmUlFCKjJeQUhU5DRX3aT 
Agent Profile name : AS91Agent 
Agent Profile Password file name : as91agentpw 
Agent installed on the DAS host for a remote instance : false 

Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]: 

Creating a backup for file
/opt/SUNWappserver/domains/domain1/config/login.conf ...DONE.

Creating a backup for file
/opt/SUNWappserver/domains/domain1/config/server.policy ...DONE.

Adding Agent Realm to
/opt/SUNWappserver/domains/domain1/config/login.conf file ...DONE.

Adding java permissions to
/opt/SUNWappserver/domains/domain1/config/server.policy file ...DONE.

Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.

Reading data from file
/agents/j2ee_agents/appserver_v9_agent/bin/as91agentpw and
encrypting it ...DONE.

Generating audit log file name ...DONE.

Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.

Creating the Agent Profile AS91Agent ...DONE.

Creating a backup for file
/opt/SUNWappserver/domains/domain1/config/domain.xml ...DONE.

Adding Agent parameters to
/opt/SUNWappserver/domains/domain1/config/domain.xml file ...DONE.


SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/agents/j2ee_agents/appserver_v9_agent
  /Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/agents/j2ee_agents/appserver_v9_agent
  /Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/audit
Agent Debug directory location:
/agents/j2ee_agents/appserver_v9_agent/Agent_001/install-logs/debug

Install log file location:
/agents/j2ee_agents/appserver_v9_agent/install-logs/audit/custom.log

Thank you for using Sun OpenSSO Enterprise Policy Agent 3.0.

After You Finish the Install

Agent Instance Directory

The installation program creates the following directory for each agent instance:

PolicyAgent-base/Agent_nnn

where nnn identifies the agent instance as Agent_001, Agent_002, and so on for each additional agent instance.

Each agent instance directory contains the following subdirectories:

/config contains the configuration files for the agent instance, including OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties.
/install-logs contains the following subdirectories
- /audit contains local audit trail for the agent instance.
- /debug contains the debug files for the agent instance when the agent runs in debug mode.