test

Deployment Example 1: Access Manager 7.0 Load Balancing, Distributed Authentication UI, and Session Failover

ProcedureTo Install Access Manager Session Failover Components on Message Queue 2

  1. As root, log in to the host MessageQueue-2.

  2. Use the pkgadd command to install the Access Manager session failover component packages.

    1. Add the BerkeleyDB-Base and BerkeleyDB-Java packages.


      # cd /mnt/Solaris_sparc/Product/shared_components/Packages
# pkgadd -d . SUNWbdb SUNWbdbj

    2. Add the Access Manager Session Failover DB components.


      # cd /mnt2/Solaris_sparc/Product/identity_svr/Packages
# pkgadd -d . SUNWamsfodb

  3. Add a new user and password.

    This is the user and password you will use connect to the Message Queue broker on servers where Message Queue is installed. Using this new user ensures that the guest user will not be able to access the other Access Manager server.

    1. Create a new instance named msgqbroker by running the following command:

      /bin/imqbrokerd -name msgqbroker -port 7777 &

      Run the netstat command to verify that the new Message Queue instance is up and running.

      # netstat -an | grep 7777
*.7777			*.*				0			0	49152			0	LISTEN

    2. Add a new user named msgquser.

      # /bin/imqusermgr add -u msgquser -g admin -p m5gqu5er -i msgqbroker

    3. Update the guest user.

      # /bin/imqusermgr update -u guest -a false -i msgqbroker 

      User repository for broker instance: msgqbroker 
Are you sure you want to update user guest? (y/n) y
User guest successfully updated.

  4. Edit the /opt/SUNWam/lib/amsfo.conf file.

    Make a backup of the amsfo.conf file, and then set the following properties:

    CLUSTER_LIST=MessageQueue-1.example.com:7777,MessageQueue-2.example.com:7777 
BROKER_INSTANCE_NAME=msgqbroker 
USER_NAME=msgquser 
lbServerPort=9443 
lbServerProtocol=https 
lbServerHost=LoadBalancer-3.example.com 
SiteID=11

  5. Run the amsfopassword command.

    This command generates an encrypted password, creates a new file named .password, and stores the encrypted password in the new file.

    # cd /opt/SUNWam/bin

    # ./amsfopassword -e m5gqu5er -f /opt/SUNWam/.password

    To view the encrypted password:

    # more /opt/SUNWam/.password

    M27OGb6U4ufRu+oWAzBdWw==

  6. Edit the /opt/SUNWam/bin/amsessiondb script.

    Make a backup of the /opt/SUNWam/bin/amsessiondb script before making any changes to the script.

    The amsessiondb script is called by the amsfo script to start the Berkeley DB client (amsessiondb ), create the database, and set specific database values. The script contains variables that specify various default paths and directories:


    JAVA_HOME=/usr/jdk/entsys-j2se/ 
IMQ_JAR_PATH=/usr/share/lib 
JMS_JAR_PATH=/usr/share/lib 
BDB_JAR_PATH=/usr/share 
BDB_SO_PATH=/usr/lib 
AM_HOME=/opt/SUNWam

    If any of these components are not installed in their default directories, edit the amsessiondb script and set the variables, as needed, to the correct locations.

  7. Edit the /opt/SUNWam/bin/amsfoscript.

    Make a backup of the /opt/SUNWam/bin/amsfo script before making any changes to the script. In the following line, add the parameter —name $BROKER_INSTANCE_NAME as follows:


    $JMQEXECUTABLE -bgnd $BROKER_OPTIONS -vmargs $BROKER_VM_ARGS
           -name $BROKER_INSTANCE_NAME -port $BROKER_PORT 
           -cluster $CLUSTER_LIST &
           -jmqpid=$!
           echo $_jmqpid > $JMQ_PID_FILE

  8. Restart the Access Manager session failover components.

    1. Stop the Message Queue broker instance.


      # cd /opt/SUNWam/bin
# ./amsfo stop

    2. Run the netstat command to verify that the Message Queue broker instance is stopped.


      # netstat -an | grep 7777

      If netstat returns no result, then the Message Queue broker instance is stopped.

      Tip –

      If the Message Queue broker instance is not stopped, run the following commands:


      # cd /tmp/amsession/logs
# cat *.pid

      Process IDs are displayed. Example:


      4940
    4924

      Kill these Java processes. Example:


      # kill -9 4940 4924

      If you don't see the process-ids in that file, and the netstat is still listening on port 7777, then it's possible that the amsfo script did not stop properly. In this case, run the following command to identify the java processes:


      # ps -ef | grep java

      Then kill those identified processes as shown in the kill command example above.

      Then check with netstat again. The port socket should be relinquished before you start up amsfo again. Otherwise, session failover problems may occur.

    3. Restart the Message Queue broker instance.


      # ./amsfo start

    4. Run the netstat command to verify that the Message Queue port is open and listening.

      # netstat -an | grep 7777
*.7777			*.*				0			0	49152			0	LISTEN

  9. Run the netstat command to verify that the Message Queue port is open and listening.

    # netstat -an | grep 7777
*.7777			*.*				0				0	49152		0	LISTEN