8.7 Installing Application Server 2 and J2EE Policy Agent 2

Use the following as your checklist for installing Application Server 2 and the J2EE Policy Agent 2:

1. Install Application Server 2 on Protected Resource 2.

2. Create an agent profile on Access Manager.

3. Run the J2EE Policy Agent installer on Application Server 2.

To Install Application Server 2 on Protected Resource 2

1. Download the BEA WebLogic Server installer onto Protected Resource 2.

   Follow the instructions provided by BEA for obtaining and using the software.

2. Extract the installer files:

   # /download_directory/export/weblogic/server910_solaris32.bin

   Welcome... You may quit the installer at any time by typing "Exit." Enter [Exit][Next]	Enter Next.
   Select Option: 1. Yes, I agree with the terms of the license. 2. No, I do not agree with the terms of the license.	Enter 1.
   Choose BEA Home Directory [/usr/local/bea]:	Press Enter to accept the default value and continue.
   Choose Install Type [Complete]:	Enter 2 to choose custom install.
   Release 9.1.0.0 WebLogic Server [1] Server [1.1] Server Examples [1.2] Web Server Plug-ins [1.3] Choose Componenets to install:	Enter Next.
   Choose Product Directory [/usr/local/bea/weblogic91]:	Press Enter to accept the default value and continue.
   Choose Product Directory [Yes, use this product directory]:	Press Enter to confirm the default value and continue.
   Installation Complete Press [Enter} to continue...	Press Enter.

3. Create a new domain.

   1. Start the BEA WebLogic Configuration Wizard.

      # cd /usr/local/bea/weblogic91/common/bin # ./config.sh

   2. Provide the following information:

      Welcome... ->1| Create a new WebLogic domain. 2| Extend an existing WebLogic domain.	Press Enter to accept the default value 1.
      Select Domain Source: ->1| Choose WebLogic Platform components 2| Choose custom template	Press Enter to accept the default value 1.
      Application Template Selection: Avaliable Templates WebLogic Server (Required)x Appache Behive [2]	Press Enter to accept the default value and continue.
      Configure Administrator Username and Password: Select Option: 1- Modify "user name" 2- Modify "user password" 3- Modify "Confirm user password" 4- Modify "Description' 5- Discard changes	Enter 2 to modify the user password.
      Input User password :	Enter w3bl0g1c.
      Configure Adminstrator Username and Password: 1- *User name: weblogic 2- *User password: ******** 3- *Confirm user password: ****** 4- Description: This user is the default administrator Select Option: 1- Modify "user name" 2- Modify "user password" 3- Modify "Confirm user password" 4- Modify "Description' 5- Discard changes	Enter 3 to confirm user password.
      Confirm user password:	Enter w3bl0g1c.
      Configure Adminstrator Username and Password: 1- *User name: weblogic 2- *User password: ******** 3- *Confirm user password: ******** 4- Description: This user is the default administrator Select Option: 1- Modify "user name" 2- Modify "user password" 3- Modify "Confirm user password" 4- Modify "Description' 5- Discard changes	Press Enter to accept the values and continue.
      Domain Mode Configuration: ->1| Development Mode 2|	Enter 2 to select Production Mode.
      Java SDK Selection: ->1| Sun SDK 1.5.0_04 @ /usr/local/bea/jdk150_04 2| Other Java SDK	Press Enter to accept the default value and continue.
      Choose Configuration Option: 1|Yes ->2| No	Enter 1 .
      Configure the Adminstration Server: Select Option: 1- *Name: AdminServer 2- Listen address: All Local Addresses 3- Listen port: 7001 4- SSL listen port: N/A 5- SSl enabled: false Select Option: 1- Modify "Name" 2- Modify "Listen address" 3- Modify "Listen port" 4- Modify "SSL enabled"	Press Enter to Continue.
      Configure Managed Servers: Add or delete configuration information for Managed Servers... Enter name for a new...	Enter ApplicationServer-2.
      Configure Managed Servers: Add or delete configuration information for Managed Servers... Name: ApplicationServer-2 Listen address: All Local Addresses Listen port: 7001 SSL listen port: N/A SSL enabled: false Select Option: 1- Modify "Name" 2- Modify "Listen address" 3- Modify "Listen port" 4- Modify "SSL enabled" 5- Done	Enter 3 to modify the Listen port.
      Modify “Listen port.”	Enter 1081.
      Configure Managed Servers: Add or delete configuration information for Managed Servers... Name: ApplicationServer-2 Listen address: All Local Addresses Listen port: 1081 SSL listen port: N/A SSL enabled: false Select Option: 1- Modify "Name" 2- Modify "Listen address" 3- Modify "Listen port" 4- Modify "SSL enabled" 5- Done	Press Enter to continue.
      Configure Clusters: Enter name for a new Cluster	Press Enter to continue.
      Configure Machines: Enter name for a new Machine	Press Enter to continue.
      Configure Unix Machines: Enter name for a new Unix Machine	Enter ProtectedResource-2.
      Configure Unix Machines: Add or delete configuration information for machines: 1- Name: ProtectedResource-2 2- Post bind GID enabled: false 3- Post bind GID: nobody 4- Post bind UID enabled: false 5- Post bind UID: nobody 6- Node manager listen address: localhost 7- Node manager listen port: 5556	Press Enter to accept these values.
      Enter name for a new Unix Machine.	Enter ProtectedResource-2.
      Configure Unix Machines: 1- Name: ProtectedResource-2 2- Post bind GID enbled: false 2- Post bind GID: nobody 4- Post bind UID enabled: false 5- Post bind UID: nobody 6- Node manager listen address: localhost 7- Node manager listen port: 5556	Press Enter to accept these values.
      Configure Unix machines: Name: ProtectedResource-2 Select Option: 1- Add Unix machine 2- Modify Unix machine 3- Delete unix machine 4- Discar Changes	Enter 1 to add a Unix machine.
      Assign Servers to Machines: Machine Unix Machine ProtectedResource-1 [1.1] ProtectedResource-2 [1.2]	Press Enter to continue.
      Select the target domain directory for this domain:	Press Enter to continue.
      Edit Domain Information: Enter value for "Name."	Enter ProtectedResource-2.
      Edit Domain Information: 1- Name: ProtectedResource-2 Select Option: 1- Modify "Name" 2- Discard Changes	Press Enter to continue.
      Installation Complete Press [Enter] to continue...	Press Enter.

4. Create two files necessary to automate Application Server 2 startup.

   Create one file in the directory for the Application Server 2 administration server, and create one file in the Application Server 2 instance directory. The administrative user and password are stored in each file. Application Server 2 uses this information during server start-up. Without these files, Application Server 2 will fail to start. Application Server 2 encrypts the file, so there is no security risk even though you enter the user name and password in clear text.

   # cd /usr/local/bea/user_projects/domains/ ProtectedResource-2/servers/AdminServer # cat > boot.properties username=weblogic password=w3bl0g1c ^D # cd /usr/local/bea/user_projects/domains/ ProtectedResource-2/servers/ApplicationServer-2/ # mkdir security # cd security/ # cat > boot.properties username=weblogic password=w3bl0g1c ^D

5. Start the servers.

   # cd /usr/local/bea/user_projects/ domains/ProtectedResource-2/bin/ # ./startWebLogic.sh & # # netstat -an | grep 7001 xxx.xx.72.151.7001 *.* 0 0 49152 0 LISTEN 127.0.0.1.7001 *.* 0 0 49152 0 LISTEN # # cd /usr/local/bea/user_projects/domains/ProtectedResource-2/bin/ # ./startManagedWebLogic.sh ApplicationServer-2 http://ProtectedResource-2.example.com:7001 & # # ./startManagedWebLogic.sh ApplicationServer-2 http://ProtectedResource-2.example.com:7001 # cd /usr/local/bea/user_projects/domains/ ProtectedResource-1/bin/ # netstat -an | grep 7001 xxx.xx.72.151.1081 *.* 0 0 49152 0 LISTEN 127.0.0.1.1081 *.* 0 0 49152 0 LISTEN xxx.xx.72.151.33425 xxx.xx.72.151.1081 49152 0 49152 0 ESTABLISHED xxx.xx.72.151.1081 xxx.xx.72.151.33425 49152 0 49152 0 ESTABLISHED

6. Verify that Application Server 2 is up and running.

   1. Go to the following URL:

      http://ProtectedResource-2.example.com:7001/console

   2. Log in to Application Server 2 using the following information:

      User Name:

      weblogic

      Password:

      w3bl0g1c

      Verify that you can successfully log into the console.

   3. Under Domain Structure > ProtectedResource-2, expand the Environment object.

   4. Click Servers.

      On the Summary of Servers page, verify that both AdminServer(admin) and ApplicationServer-2 are running and OK.

To Create an Agent Profile on Access Manager

This new account will be used by J2EE Policy Agent 2 to authenticate to the Access Manager server.

1. Go to Access Manage load balancer URL:

   https://LoadBalancer-3.example.com:9443/amserver/UI/Login

2. Log in to the Access Manager console using the following information:

   Username

   amadmin

   Password

   4m4dmin1

3. On the Access Control tab, under Realms, click the realm name example.com.

4. Click the Subjects tab.

5. Click the Agents tab.

6. On the Agent page, click New.

7. On the New Agent page, provide the following information:

   ID:

   j2eeagent-2

   Password:

   j2ee4gent2

   Password Confirm:

   j2ee4gent2

   Device State:

   Choose Active.

8. Click Create.

   The new agent j2eeagent–2 is now display in the list of Agent Users.

9. Log out of the Access Manager console.

10. Create a text file, and add the Agent Profile password to the file.

    The J2EE Policy Agent installer requires this file for installation.

    # cd /opt/j2ee_agents/amwl9_agent
    # cat > agent_pwd
    j2ee4gent2
    ^D

To Run the J2EE Policy Agent Installer on Application Server 2

Before You Begin

Application Server 2 must not be running when you install J2EE Policy Agent 2.

You must stop both the Application Server 2 instance and the administration server before installing J2EE Policy Agent 2.

# cd /usr/local/bea/user_projects/domains/ProtectedResource-2/bin/
# ./stopManagedWebLogic.sh ApplicationServer-2  t3://localhost:7001 
# cd /usr/local/bea/user_projects/domains/ProtectedResource-2/bin
# ./stopWebLogic.sh

1. Unpack the J2EE Policy Agent bits.

   cd /opt # /usr/sfw/bin/gtar -xvf /export/software/SJS_Weblogic_9_agent_2.2.tar # gunzip ../SJS_Weblogic_9_agent_2.2.tar.gz # /usr/sfw/bin/gtar -xvf ../SJS_Weblogic_9_agent_2.2.tar

2. Start the J2EE Policy Agent installer.

   # cd /opt/j2ee_agents/am_wl9_agent/bin
   # ./agentadmin --install

3. When prompted, provide the following information:

   Please read the following License Agreement carefully:	Press Enter to continue. Continue to press Enter until you reach the end of the License Agreement.
   Enter startup script location.	Enter   /usr/local/bea/user_projects/ domains/ProtectedResource-1/ bin/startwebLogic.sh .
   Enter the WebLogic Server instance name: [myserver]	Enter ApplicationServer-2.
   Access Manager Services Host:	Enter LoadBalancer-3.example.com.
   Access Manager Services port: [80]	Enter 90.
   Access Manager Services Protocol: [http]	Enter http.
   Access Manager Services Deployment URI: [/amserver]	Accept the default value.
   Enter the Agent Host name:	ProtectedResource-2.example.com
   Enter the WebLogic home directory: [usr/local/bea/weblogic90]	Enter /usr/loca/bea/weblogic91.
   Enter the port number for Application Server instance [80]:	Enter 1081.
   Enter the Preferred Protocol for Application instance [http]:	Accept the default value.
   Enter the Deployment URI for the Agent Application [/agentapp]	Accept the default value.
   Enter the Encryption Key [Q558gNigkno4dGZmPtgGs4K1HL1153QD]:	Accept the default value.
   Enter the Agent Profile name:	Enter j2eeagent-1.
   Enter the path to the password file:	Enter   /opt/j2ee_agent/ am_w19_agent/agent_pwd .
   Are the Agent and Access Manager installed on the same instance of Application Server? [false]:	Accept the default value.
   Verify your settings and decide from the choices below: 1. Continue with Installation 2. Back to the last interaction 3. Start Over 4. Exit Please make your selection [1]:	Accept the default value.

4. Check the installation log to make sure there are no problems reported.