Installation and Configuration Steps

To deploy Access Manger instances to an Application Server 8.1 2005Q4 cluster, follow these steps:

• Install and Configure Application Server

• Install and Configure Access Manager

• Add Instances to the Platform Server List and Realm/DNS Aliases

• Add Listeners to the Clusters for the Load Balancer

• Restart All Application Server Instances

Install and Configure Application Server

In this section, one machine will contain the DAS host server and the Application Server host-server1). Two additional servers (server1 and server2) will contain the Application Server instances.

1. Install Application Server using the Java ES installer with the Configure Now option. When you install Application Server, the Java ES installer also creates the node agent. .

2. Install the Application Server command line utilities on server1 and server2. You will install node agents on these servers (See Step 3c). The examples in this document use nodeagent1, nodeagent2, nodeagent3 as the node agent names

3. Configure the Application Server Cluster. Examples in the following steps use the Application Server asadmin command-line utility; however, you can use the Application Server Administration Console, if you prefer.

   1. Start the node agent on the DAS (host-server1). For example:

      asadmin> start-node-agent --user admin --passwordfile password-file nodeagent1

   2. Create node agents on server1 and server2.

      asadmin> create-node-agent --host host-server1.example.com --port 4849 --user admin 
      --passwordfile password-file nodeagent2
      asadmin> create-node-agent --host host-server1.example.com --port 4849 --user admin 
      --passwordfile password-file nodeagent3

   3. Start the node agents on server1 and server2. For example:

      asadmin> start-node-agent --user admin --passwordfile password-file nodeagent2
      asadmin> start-node-agent --user admin --passwordfile password-file nodeagent3

   4. Create the cluster on the DAS. For example:

      asadmin create-cluster --user admin --passwordfile password-file amcluster

   5. Create a server instance for the cluster at the DAS. For example:

      asadmin> create-instance --user admin --passwordfile password-file 
      --cluster amcluster --nodeagent nodeagent1 
      --systemproperties HTTP_LISTENER_PORT=8182: instance1

      asadmin> create-instance --user admin --passwordfile password-file 
      --cluster amcluster --nodeagent nodeagent2 
      --systemproperties HTTP_LISTENER_PORT=8182: instance2

      asadmin> create-instance --user admin --passwordfile password-file 
      --cluster amcluster --nodeagent nodeagent3 
      --systemproperties HTTP_LISTENER_PORT=8182: instance3

      ---

      Note –

      If you are creating an instance on a remote server, specify the node agent name on the remote server. Also, make sure that the node agent is running on the remote server.

      ---

Install and Configure Access Manager

Perform the following steps on all of the servers:

1. Install Access Manager using the Java ES installer with the Configure Later option. Access Manager requires Sun Java System Directory Server. Either install Directory Server before you install Access Manager. Or, use an existing Directory Server.

2. Start all instances of Application Server to verify that they are installed properly.

3. Create an amsamplesilent file on the DAS machine (host-server1) and set the following attributes:

   SERVER_NAME=host-server1
   SERVER_HOST=$SERVER_NAME.example.com
   SERVER_PORT=8082
   ADMIN_PORT=4849
   DS_HOST=qa-host-server1.example.comDS_DIRMGRPASSWD=password
   ROOT_SUFFIX="dc=example,dc=com"
   ADMINPASSWD=password
   AMLDAPUSERPASSWD=password
   COOKIE_DOMAIN=.example.com
   AM_ENC_PWD=""
   NEW_OWNER=root
   NEW_GROUP=other
   PAM_SERVICE_NAME=other
   WEB_CONTAINER=AS8
   
   AS81_HOST=host-server1.example.com
   AS81_INSTANCE=amcluster

4. Save and deploy the ampsamplesilent file. For example:

   amconfig -s amsamplesilent

5. Restart Access Manager and the cluster instance

6. Log in to Access Manager as amadmin on the DAS machine and add the additional server instances to the Platform server list. For more information, see Add Instances to the Platform Server List and Realm/DNS Aliases.

7. Copy the ampsamplesilent file to /usr/tmp directory on both server1 and server2.

8. On the DAS machine, locate the AM_ENC_PWD property in amconfig.properties (located in /etc/opt/SUNWam/config):

   am.encryption.pwd=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

9. Copy the value of the AM_ENC_PWD from the DAS machine and replace the value in the amsamplesilent file for both server1 and server2:

   SERVER_NAME=server1
   AM_ENC_PWD=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2
   
   SERVER_NAME=server2
   AM_ENC_PWD=RrO0vsw+sg8D1+3ldZ6imu9yhjhyksS2

10. Deploy the configuration file on server1 and server2. The applications will produce error messages when attempting to deploy, because the applications are already in the domain. The configuration files need to be created and the command line utilities need to be defined. To do so, run the amconfig command for each installed instance. For example:

    amconfig -s /usr/tmp/ amsamplesilent

    For more information, see the Access Manager Administration Guide.

    ---

    Note –

    Certain error messages will be sent, but these are expected and can be ignored.

    • Access Manager 7 errors:

      Directory Server is already loaded with Access Manager DIT. CLI171 Command deploy failed : Application amserver is already deployed on other targets. Ple ase use create-application-ref command to create reference to the specified target; requested operation cannot be completed Failed to deploy /amserver cp: cannot access /var/opt/SUNWappserver/domains/domain1/config/domain.xml cp: cannot access /var/opt/SUNWappserver/domains/domain1/config/server.policy CLI167 Could not create the following jvm options. Options exist: -Djava.protocol.handler.pkgs=com.iplanet.services.com -DLOG_COMPATMODE=Off -Ds1is.java.util.logging.config.class=com.sun.identity.log.s1is.LogConfigReader -Dcom.iplanet.am.serverMode=true CLI137 Command create-jvm-options failed.

    ---

11. Repeat these steps for other instances in the cluster.

Add Instances to the Platform Server List and Realm/DNS Aliases

To add Access Manager instances to the Platform Server List and Realm/DNS Aliases, use the Access Manager Admin Console on the first host server (host-server1)

1. Log in to the Access Manager Console as amadmin on the first host server (host-server1).

2. In the Access Manager Console, click Configuration, System Properties, and then Platform.

3. Add each additional instance to the Platform Server List:

   1. Under Instance Name, click New.

   2. In New Server Instance, add the Server and Instance Name. For example:

      Server: http://host-server1.example.com:8182

      Instance Name: 02

   3. Click OK to add the instance.

   4. After you have added all instances, click Save.

      Your Platform Server List will like similar to this list:

      http://host-server1.example.com:8182|01
      http://server1.example.com:8182|02 
      http://server2.example.com:8182|03 

      In this example, all instances are on the same server. If instances are on remote servers, specify the remote host server names when you add the servers to the list.

If you have instances on remote servers, update the Realm/DNS Aliases (sunOrganizationAliases) with the remote host names:

1. In the Access Manager Console on the first host server (host-server1), click Access Control and then the root (top-level) realm under Realm Name.

2. Under Realm Attributes, add each remote instance to the Realm/DNS Aliases and then click Add. For example:

   host-server2.example.com

3. After you have added all remote instances, click Save.

   Your Realm/DNS Aliases will like similar to this list:

   host-server1.example.com
   server1.example.com
   server2.example.com

Install Web Server as a Load Balancer

Install Web Server on one of the machines and configure it as a load balancer. For information, see the Sun Java System Web Server documentation at http://docs.sun.com/app/docs/coll/1308.1.

Be sure to add the load balancer's site and address to Access Manager's platform list.

Add Listeners to the Clusters for the Load Balancer

Log in to the machine that has Web Server configured as the load balancer plug-in. You will create a listener for each instance of the cluster and the contexts roots for Access manager.

1. Locate the loadbalancer.xml file.

2. Add the listeners to the file. For example:

    <instance  name="instance1" enabled="true" disable-timeout-in-minutes="60" 
   listeners="http://host-server1.expamle.com.com:8182"/>
           <instance  name="instance2" enabled="true" disable-timeout-in-minutes="60" 
   listeners="http://server1.example.com:8182"/>
           <instance  name="instance3" enabled="true" disable-timeout-in-minutes="60" 
   listeners="http://server2.exapmle.com:8182"/>
   
           <web-module context-root="/amserver" enabled="true" disable-timeout-in-minutes="60" 
   error-url="sun-http-lberror.html" />
           <web-module context-root="/ampassword" enabled="true" disable-timeout-in-minutes="60"
   error-url="sun-http-lberror.html" />
           <web-module context-root="/amcommon" enabled="true" disable-timeout-in-minutes="60" 
   error-url="sun-http-lberror.html" />

3. In loadbalancer.xml, change property name to the following:

   <property name="response-timeout-in-seconds" value="120"/>

4. Restart the Web Server.

Restart All Application Server Instances

Restart all Application Server instances using the following commands:

asadmin> stop-cluster --user admin --passwordfile password-file amcluster
asadmin> start-cluster --user admin --passwordfile password-file amcluster