Installing the WebLogic Server/Portal 10 Agent

• Gathering Information to Install the WebLogic Server/Portal 10 Agent

• Installing the WebLogic Server/Portal 10 Agent Using the agentadmin Program

• Considering Specific Deployment Scenarios for the WebLogic Server/Portal 10 Agent

Gathering Information to Install the WebLogic Server/Portal 10 Agent

The version 3.0 agentadmin program includes these installation options:

• Default installation (agentadmin --install): The program displays a minimum number of prompts and uses default values for the other options. Use the default install option when the default options, as shown in Table 3, meet your deployment requirements.

  or

• Custom installation (agentadmin --custom-install): The program displays a full set of prompts, similar to the version 2.2 program. Use the custom install option when you want to specify values other than the default options shown in Table 3, or when you want to install the agent in a WebLogic Portal domain.

Table 3 Information Required to Install the WebLogic Server/Portal 10 Agent

Prompt Request	Description
Startup script location	Path to the location of the script used to start the WebLogic domain.  Applies to both default and custom installation options.  Default: /usr/local/bea/user_projects/domains/base_domain/startWebLogic.sh
WebLogic server instance	WebLogic Server instance secured by the agent.  Applies only to the custom installation option.  Default: AdminServer
WebLogic home directory	WebLogic Server home directory.  Applies to both default and custom installation options.  Default: /usr/local/bea/wlserver_10.0
OpenSSO Enterprise URL	URL where OpenSSO Enterprise is running.  Applies to both default and custom installation options.  For example: http://openssohost.example.com:58080/opensso
Portal domain	WebLogic Portal domain  Applies only to the custom installation option.  Default: false. Specify true only if you are installing the agent on a WebLogic Portal domain.
Deployment URI for the portal application	Deployment URI for the portal application that is protected by the agent.  Applies only to the custom installation option.  Displayed if you answered true to the previous prompt, because your are installing the agent on a WebLogic Portal domain.
Agent URL	Agent URL, including the deployment URI.  Applies to both default and custom installation options.  For example: http://agent.example.com:8090/agentapp
Encryption Key	Key used to encrypt the agent profile password.   Applies only to the custom installation option.  The encryption key should be at least 12 characters long. You can accept the default key or create a new key using the agentadmin --getEncryptKey command.
Agent profile name	Agent profile name. A policy agent communicates with OpenSSO Enterprise using the name and password in the agent profile.  Applies to both default and custom installation options.  For information, see Creating an Agent Profile.
Agent profile password file	ASCII text file with only one line specifying the agent profile password.  Applies to both default and custom installation options.  For information, see Creating a Password File.
Option to create the agent profile  The agentadmin program displays the following prompt if the agent profile previously specified for the Agent Profile Name prompt does not already exist in OpenSSO Enterprise: Enter true if the Agent Profile is being created into OpenSSO Enterprise by the installer. Enter false if it will be not be created by installer.	To have the installation program create the agent profile, enter true. The program then prompts you for: Agent administrator who can create, update, or delete the agent profile. For example: agentadmin Important: To use this option, the agent administrator must already exist in OpenSSO Enterprise and must have agent administrative privileges. For information see, Creating an Agent Administrator. If you prefer, you can also specify amadmin as this user. Path to the agent administrator password file. For information, see Creating a Password File. Applies only to the custom installation option.

Installing the WebLogic Server/Portal 10 Agent Using the agentadmin Program

This section describes how to install the agent in a standalone environment. For information about a cluster, see Installing and Configuring the WebLogic Server/Portal 10 Agent in a Cluster.

Requirements. Before you install the WebLogic Server/Portal 10 agent:

• OpenSSO Enterprise server must be installed and accessible.

• The WebLogic Server/Portal 10 container must be installed and configured on the server where you plan to install the agent.

• You must have downloaded and unzipped the distribution file, as described in Downloading and Unzipping the WebLogic Server/Portal 10 Agent Distribution File.

To Install the WebLogic Server/Portal 10 Agent Using the agentadmin Program

1. Login to the server where you want to install the agent.

   Important: To install the agent, you must have write permission to the WebLogic Server/Portal 10 agent container files and directories.

2. Change to the following directory:

   PolicyAgent-base/bin

3. On Solaris and Linux systems, set the permissions for the agentadmin program as follows, if needed:

   # chmod 755 agentadmin

4. Stop the WebLogic Server/Portal 10 container.

5. Start the agent installation:

   Default installation: ./agentadmin --install

   or

   Custom installation: ./agentadmin --custom-install

   On Windows systems, run the agentadmin.bat program.

6. Enter information as requested by the agentadmin program, or accept the default values.

   After you have made your choices, the agentadmin program displays a summary of your responses. For example, for an --custom-install installation:

   -----------------------------------------------
   SUMMARY OF YOUR RESPONSES
   -----------------------------------------------
   Startup script location :
   /opt/bea/user_projects/domains/base_domain/startWebLogic.sh
   WebLogic Server instance name : AdminServer
   WebLogic home directory : /opt/bea/wlserver_10.0
   OpenSSO Enterprise URL : http://openssohost.example.com:58080/opensso
   Agent Installed on Portal domain : false
   Agent URL :  http://agent.example.com:8090/agentapp
   Encryption Key : 6w2Tb03H0crtOcU2G5JmphiOoY6e42Pn
   Agent Profile name : WebLogicAgent
   Agent Profile Password file name : /tmp/wl10agentpw
   Agent Profile will be created right now by agent installer : true
   Agent Administrator : agentadmin
   Agent Administrator's password file name : /tmp/agentadminpw
   
   Verify your settings above and decide from the choices below.
   1. Continue with Installation
   2. Back to the last interaction
   3. Start Over
   4. Exit
   Please make your selection [1]:

7. Verify your choices and either continue with the installation (1, the default), or make any necessary changes.

   If you continue, the program installs the agent and displays a summary of the installation. For example:

   SUMMARY OF AGENT INSTALLATION
   -----------------------------
   Agent instance name: Agent_001
   Agent Bootstrap file location:
   /opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent
   /Agent_001/config/OpenSSOAgentBootstrap.properties
   Agent Configuration file location
   /opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent
   /Agent_001/config/OpenSSOAgentConfiguration.properties
   Agent Audit directory location:
   /opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent/Agent_001/install-logs/audit
   Agent Debug directory location:
   /opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent/Agent_001/install-logs/debug
   
   Install log file location:
   /opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent/install-logs/audit/custom.log
   
   Thank you for using Sun OpenSSO Enterprise Policy Agent 3.0.

8. After the installation finishes successfully, if you wish, check the installation log file in the following directory:

   PolicyAgent-base/install-logs/audit

9. Restart the WebLogic Server/Portal 10 container.

   ---

   Note –

   After you install the WebLogic Server/Portal 10 agent for a specific domain, you cannot use that same agent on the same host for a different domain. To use the WebLogic Server/Portal 10 agent for another domain on the same host, you must install the agent specifically for that domain.

   ---

---

Example 1 Sample agentadmin --custom-install for the WebLogic Server/Portal 10 Agent

************************************************************************
Welcome to the Sun OpenSSO Enterprise Policy Agent 3.0 for BEA WebLogic
10.0 Platform.
************************************************************************

Enter the path to the location of the script used to start the WebLogic domain.
Please ensure that the agent is first installed on the admin server instance
before installing on any managed server instance.
[ ? : Help, ! : Exit ]
Enter the Startup script location
[/usr/local/bea/user_projects/domains/base_domain/startWebLogic.sh]: 
/opt/bea/user_projects/domains/base_domain/startWebLogic.sh

Enter the name of the WebLogic Server instance secured by the agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the WebLogic Server instance name [AdminServer]:

Enter the WebLogic home directory
[ ? : Help, < : Back, ! : Exit ]
Enter the WebLogic home directory [/usr/local/bea/wlserver_10.0]: 
/opt/bea/wlserver_10.0

Enter the URL where the OpenSSO Enterprise is running. Please include
the deployment URI also as shown below:
(http://opensso.sample.com:58080/opensso)
[ ? : Help, < : Back, ! : Exit ]
OpenSSO Enterprise URL: http://openssohost.example.com:58080/opensso

Enter true if the agent is being installed on a Portal domain
[ ? : Help, < : Back, ! : Exit ]
Is the agent being installed on a Portal domain ? [false]:

Enter the Agent URL. Please include the deployment URI also as shown below:
(http://agent1.sample.com:1234/agentapp)
[ ? : Help, < : Back, ! : Exit ]
Agent URL: http://agent.example.com:8090/agentapp

Enter a valid Encryption Key.
[ ? : Help, < : Back, ! : Exit ]
Enter the Encryption Key [6w2Tb03H0crtOcU2G5JmphiOoY6e42Pn]:

Enter the Agent profile name
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Profile name: WebLogicAgent

Enter the path to a file that contains the password to be used for identifying
the Agent.
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file: /tmp/wl10agentpw

WARNING:
Agent profile/User: WebLogicAgent does not exist in OpenSSO! 
Either "Hit the Back button, and re-enter the correct agent profile 
name/user name", or "Create this agent profile when asked (available only in 
custom-install)", or "Continue without validating it because agent 
profile is in sub realm", or "Continue without validating/creating it, and 
manually validate/create it in OpenSSO Enterprise after installation".

Enter true if the Agent Profile is being created into OpenSSO
by the installer. Enter false if it will be not be created by
installer.
[ ? : Help, < : Back, ! : Exit ]
This Agent Profile does not exist in OpenSSO Enterprise, will it be
created by the installer? (Agent Administrator's name and password are
required) [true]:

Agent Administrator is the Administrator user that can create, delete or
update agent profile.
[ ? : Help, < : Back, ! : Exit ]
Enter the Agent Administrator's name: agentadmin

Enter the path to a file that contains the password of Agent Administrator
[ ? : Help, < : Back, ! : Exit ]
Enter the path to the password file that contains the password of Agent
Administrator: /tmp/agentadminpw

-----------------------------------------------
SUMMARY OF YOUR RESPONSES
-----------------------------------------------
Startup script location :
/opt/bea/user_projects/domains/base_domain/startWebLogic.sh
WebLogic Server instance name : AdminServer
WebLogic home directory : /opt/bea/wlserver_10.0
OpenSSO Enterprise URL :
http://openssohost.example.com:58080/opensso
Agent Installed on Portal domain : false
Agent URL :  http://agent.example.com:8090/agentapp
Encryption Key : 6w2Tb03H0crtOcU2G5JmphiOoY6e42Pn
Agent Profile name : WebLogicAgent
Agent Profile Password file name : /tmp/wl10agentpw
Agent Profile will be created right now by agent installer : true
Agent Profile type : J2EEAgent
Agent Administrator : agentadmin
Agent Administrator's password file name : /tmp/agentadminpw

Verify your settings above and decide from the choices below.
1. Continue with Installation
2. Back to the last interaction
3. Start Over
4. Exit
Please make your selection [1]:

Copy amauthprovider.jar to
/opt/bea/wlserver_10.0/server/lib/mbeantypes ...DONE.

Creating directory layout and configuring Agent file for Agent_001
instance ...DONE.

Reading data from file /tmp/wl10agentpw and encrypting it ...DONE.

Generating audit log file name ...DONE.

Creating tag swapped OpenSSOAgentBootstrap.properties file for instance
Agent_001 ...DONE.

Configure
/opt/bea/user_projects/domains/base_domain/setAgentEnv_AdminServer.sh
...DONE.

Configure
/opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent
/config/OpenSSOAgentBootstrap.properties
...DONE.

Creating the Agent Profile WebLogicAgent ...DONE.

SUMMARY OF AGENT INSTALLATION
-----------------------------
Agent instance name: Agent_001
Agent Bootstrap file location:
/opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent
/Agent_001/config/OpenSSOAgentBootstrap.properties
Agent Configuration file location
/opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent
/Agent_001/config/OpenSSOAgentConfiguration.properties
Agent Audit directory location:
/opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent/Agent_001/install-logs/audit
Agent Debug directory location:
/opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent/Agent_001/install-logs/debug

Install log file location:
/opt/agents/weblogic10/j2ee_agents/weblogic_v10_agent/install-logs/audit/custom.log

Thank you for using Sun OpenSSO Enterprise Policy Agent 3.0.

---

After You Finish the Install

Agent instance directory.The installation program creates the following directory for each agent instance:

PolicyAgent-base/Agent_nnn

where nnn identifies the agent instance as Agent_001, Agent_002, and so on for each additional agent instance.

Each agent instance directory contains the following subdirectories:

• /config contains the configuration files for the agent instance, including OpenSSOAgentBootstrap.properties and OpenSSOAgentConfiguration.properties.

• /install-logs contains the following subdirectories:

  /audit contains local audit trail for the agent instance.

  /debug contains the debug files for the agent instance when the agent runs in debug mode.

Considering Specific Deployment Scenarios for the WebLogic Server/Portal 10 Agent

• Installing the Agent on Multiple WebLogic Server/Portal 10 Instances on the Same Domain

• Installing the Agent on a Different WebLogic Server/Portal 10 Domain

Installing the Agent on Multiple WebLogic Server/Portal 10 Instances on the Same Domain

If the agent is installed on a particular domain, you can install the agent on more than one WebLogic Server/Portal 10 instance associated with the same domain by running the agentadmin program again with the -custom-install option. When you are prompted to enter the startup script location and WebLogic Server instance name, enter values for the new instance, so the agent can distinguish between the various instances.

Installing the Agent on a Different WebLogic Server/Portal 10 Domain

After the agent is installed for a specific WebLogic Server/Portal 10 domain, you cannot use the same agent binary files on the same server for a different domain. If you attempt to use previously installed agent binary files on the same server but on a different domain, the installation will fail. The agent associates a specific set of agent binary files with a particular domain on WebLogic Server/Portal 10.

To install the agent on a different domain, copy the agent distribution file (weblogic_v10_agent_3.zip) to a different location before you install the agent on the second domain.