5–Run the amsfoconfig Script
Access Manager 7 2005Q4 provides the amsfoconfig script to configure an Access Manager deployment for session failover.
Requirements to Run the amsfoconfig Script
To run the amsfoconfig script, an Access Manager deployment must meet the following requirements:
-
Two or more Access Manager instances must be installed and configured in the deployment, but the deployment cannot be configured as a site. If the amsfoconfig script determines that the deployment is configured as a site or that any of the server entries in the platform server list are site enabled, the script displays a message and exits. To configure session failover manually, see Configuring Session Failover Manually
-
The Java Message Queue (MQ) broker must be installed and configured on at least two servers in the deployment.
-
The Berkeley DB client and database must be installed and configured in the deployment.
-
Directory Server must be running, accessible to the script, and configured with Access Manager data.
Functions of the amsfoconfig Script
The amsfoconfig script reads the amsfo.conf configuration file and then configures an Access Manager deployment for session failover by performing these functions:
-
Configures a new site. The script uses the Access Manager instances in the platform server list and the load balancer information from the amsfo.conf file to create a new site for the Access Manager session failover deployment. The script modifies the existing platform server list, so that after the site is configured, all server entries under the platform server list then belong to the site.
For example, http://server1.example.com:80|01 changes to http://server1.example.com:80|01|10, if the default value of 10 is used as the SiteID.
-
Modifies the existing Realm/DNS alias list. The script appends the host name of the load balancer to the list. This host name is obtained from the lbServerHost variable of the amsfo.conf file.
-
Loads session failover configuration XML into Directory Server. The script dynamically generates the session configuration XML file based on the configuration information and loads the generated XML into Directory Server. This information corresponds to the Secondary Configuration Instance under Session in the Access Manager Console.
The following table lists the Access Manager session failover scripts and configuration files.
Table 6–2 Access Manager Session Failover Scripts and Configuration Files|
Name |
Description and Location |
|---|---|
|
amsofconfig |
Script to configure Access Manager for session failover. Solaris systems: AccessManager-base/SUNWam/bin Linux systems: AccessManager-base/identity/bin |
|
amsfo |
Script to start and stop the Message Queue broker and amsessiondb client. Solaris systems: AccessManager-base/SUNWam/bin Linux systems: AccessManager-base/identity/bin |
|
amsfopasswd |
Script to generate the encrypted Message Queue broker user password. Solaris systems: AccessManager-base/SUNWam/bin Linux systems: AccessManager-base/identity/bin |
|
amsfo.conf |
Session failover configuration file. Solaris systems: AccessManager-base/SUNWam/lib Linux systems: AccessManager-base/sun/identity/lib |
|
amProfile.conf |
Session failover environment file. Solaris systems: etc/opt/SUNWam/config Linux systems: etc/opt/sun/identity/config |
|
AccessManager-base represents the base installation directory for Access Manager. The default values are: Solaris systems: /opt Linux systems: /opt/sun |
|
Running the amsfoconfig Script
To run the amsfoconfig script to configure Access Manager for session failover, follow these steps.
-
Log in as or become superuser (root).
-
Set the variables in the amsfo.conf file, as described in Table 6–3.
-
Run the script. For example, on a Solaris system with Access Manager installed in the default directory:
# cd /opt/SUNWam/bin # ./amsfoconfig
The script displays status information as it runs.
-
When the amsfoconfig script prompts you, enter the following passwords:
-
Access Manager administrator (amAdmin) password
-
Message Queue broker user password
-
-
To check the results, see the /var/tmp/amsfoconfig.log file.
The following table describes the variables in the amsfo.conf file that are used by the amsfoconfig script. Set these variables as needed for your deployment before you run the amsfoconfig script.
Table 6–3 Variables in the amsfo.conf File Used by the amsfoconfig Script|
Variable |
Description |
|---|---|
|
CLUSTER_LIST |
Message Queue broker list participating in the cluster. The format is: host1:port,host2:port,host3:port For example: jmq1.example.com:7777,jmq2.example.com:7777,jmq3.example.com:7777 There is no default. |
|
lbServerPort |
Port for the load balancer. The default is 80. |
|
lbServerProtocol |
Protocol (http or https) used to access the load balancer. The default is http. |
|
lbServerHost |
Name of the load balancer. For example: lbhost.example.com |
|
SiteID |
Identifier for the new site (and the load balancer) that the amsfoconfig script will create. SiteID can be any value greater than the Server IDs that already exist in the platform server list. The default is 10. |
amsfoconfig Script Sample Run
The following example shows a sample run of the amsfoconfig script.
Welcome to Sun Java System Access Manager 7 2005Q4
Session Failover Configuration Setup script.
=========================================================
=========================================================
Checking if the required files are present...
=========================================================
Running with the following Settings.
-------------------------------------------------
Environment file: /etc/opt/SUNWam/config/amProfile.conf
Resource file: /opt/SUNWam/lib/amsfo.conf
-------------------------------------------------
Using /opt/SUNWam/bin/amadmin
Validating configuration information.
Done...
Please enter the LDAP Admin password:
(nothing will be echoed): password1
Verify: password1
Please enter the JMQ Broker User password:
(nothing will be echoed): password2
Verify: password2
Retrieving Platform Server list...
Validating server entries.
Done...
Retrieving Site list...
Validating site entries.
Done...
Validating host: http://amhost1.example.com:7001|02
Validating host: http://amhost2.example.com:7001|01
Done...
Creating Platform Server XML File...
Platform Server XML File created successfully.
Creating Session Configuration XML File...
Session Configuration XML File created successfully.
Creating Organization Alias XML File...
Organization Alias XML File created successfully.
Loading Session Configuration schema File...
Session Configuration schema loaded successfully.
Loading Platform Server List File...
Platform Server List server entries loaded successfully.
Loading Organization Alias List File...
Organization Alias List loaded successfully.
Please refer to the log file /var/tmp/amsfoconfig.log for additional
information.
###############################################################
Session Failover Setup Script. Execution end time 10/05/05 13:34:44
###############################################################
- © 2010, Oracle Corporation and/or its affiliates