Tuesday May 22, 2007

Attributes needed for JES + Portal + IDM + Comms user via Identity Manager

Okay here is the object classes needed to provision an user via Identity Manager. This
one always gets me. So just replace or augment your existing object classes in the resource
definition.



top

person

inetUser

organizationalPerson

inetOrgPerson

ipUser

userPresenceProfile

iplanet-am-managed-person

inetMailUser

inetLocalMailRecipient

icscalendaruser

iplanet-am-user-service

inetadmin

sunmobileappmailperson

sunmobileappcalendarperson

sunamauthaccountlockout

sunssoadapterperson

sunportalnetletservice

iplanetpreferences

sunportalportal1pksubscriptionsperson

sunportalportal1desktopperson

sunportalproxyletservice

sunportalgatewayaccessservice

sunmobileappabperson

sunportalnetfileservice

sunIMUser

sunPresenceUser

Monday May 21, 2007

Service Registry Install

One note once you install the registry it will have its own application service instance. Mine was in /var/opt/SUNWsrvc-registry. So if you are doing a JES install and already have app server created you will get a new domain.

Java ES Reporter

Java ES Reporter is a command line utility that performs anonymous product registration in the Java Enterprise System. To disable after installation edit /etc/opt/SUNWmfwk/config/reporter/config.properties. Change "enabled=true" to "enabled=false". The restart cacao via cacaoadm stop/start.

Webconsole and DSEE

Just did the install of JES on Solaris x86. The online docs miss a step that is important. You should check to make sure the web console is running. You can do this by issuing /usr/sbin/smcwebserver start.

Also make sure your url has https:// not http:// in it. You will prolong the greying of your hair.

Thursday May 17, 2007

CACAO and JES

I had customer that was setting up an jump start image to preinstall the Java Enterprise System. They were running into errors with CACAO. It seems that the host information was from the Jump Start System was not being updated. At least until they logged on the first time with the GUI. So below is the link to reset the CACAO host information...

Here is the doc extract and link to reset CACAO in case of host name change or compromised system. http://docs.sun.com/app/docs/doc/819-2971/6n57mi2el?a=view

How to Regenerate Common Agent Container Security Keys

Sun Cluster Manager uses strong encryption techniques to ensure secure communication between the Sun Cluster Manager web server and each cluster node.

The keys that Sun Cluster Manager uses are stored under the /etc/opt/SUNWcacao/security directory on each node. They should be identical across all cluster nodes.

Under normal operation, these keys can be left in their default configuration. If you change the host name of a cluster node, you must regenerate the common agent container security keys. You might also need to regenerate the keys because a possible key compromise (for example, root compromise on the machine). To regenerate the security keys, use the following procedure.

1. On all cluster nodes, stop the common agent container management daemon.

# /opt/SUNWcacao/bin/cacaoadm stop

2. On one node of the cluster, regenerate the security keys.

phys-schost-1# /opt/SUNWcacao/bin/cacaoadm create-keys --force

3. Restart the common agent container management daemon on the node on which you regenerated the security keys.

phys-schost-1# /opt/SUNWcacao/bin/cacaoadm start

4. Create a tar file of the /etc/cacao/instances/default directory.

phys-schost-1# cd /etc/cacao/instances/default phys-schost-1# tar cf /tmp/SECURITY.tar security

5. Copy the /tmp/Security.tar file to each of the cluster nodes.

6. On each node to which you copied the/tmp/SECURITY.tar file, extract the security files.

Any security files that already exist in the /etc/opt/SUNWcacao/ directory are overwritten.

phys-schost-2# cd /etc/cacao/instances/default

phys-schost-2# tar xf /tmp/SECURITY.tar

7. Delete the /tmp/SECURITY.tar file from each node in the cluster.

You must delete each copy of the tar file to avoid security risks.

phys-schost-1# rm /tmp/SECURITY.tar

phys-schost-2# rm /tmp/SECURITY.tar

8. On all nodes, restart the common agent container management daemon.

phys-schost-1# /opt/SUNWcacao/bin/cacaoadm start

9. Restart Sun Cluster Manager.

# /usr/sbin/smcwebserver restart

CACAO and Sun Portal Server

The following is information I have gotten from other sources but felt it would be interesting to share. It documents how CACAO, Portal, Access Manager and Directory interact. 1. When would the cacao servers talk to each other? When you try to perform a "remote" task. For example, when you go to the psconsole running on server1 to create a PS instance on server2, or alternatively, you go to server2 and run psadmin create-instance to create a PS instance on server1. This is a unique feature of PS administration. No other JES products or components (e.g. Sun Cluster or JES-MF) require connections between Cacao agents. 2. What type of data is passed between the cacao server? Uh, many different types, depending on what the task is. Did this answer your question? :-) The protocol is JMXMP over TLS. There are other ways to talk to Cacao (e.g. SNMP), but portal uses none of that. 3. How does one cacao server know about the other? For every PS instance created, we record the host and port (and other config data too) to the Portal Domain Repository. Cacao itself doesn't know about other Cacao agents running on other nodes, but our portal MBeans do. 4. Does the cacao server store any data in the DS (via the AMSDK) and if so, do we know the DN's for those settings? Cacao doesn't. The PDR is stored in DS (not via AM SDK) by PAS. It's a subtree with root sunPortalAdminPortalDomainID=defaultDomain, Also, are the certs that we copied only used when the cacao server talk to each other, or also when other components talk to the cacao server to use the portal mbeans? Our Cacao clients (psconsole, psadmin, psconfig) use the same truststore that the local Cacao agent does. This is true only for PS7.0. We start to use our own truststore in PS7.1 per the recommendation of the Cacao team.
About

leroyk

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today