This page contains the preparations needed before installing a Lequinox platform on a Red Hat Enterprise Linux or CentOS operating system.
During the preparations you will need a certificate-key-file.
System requirements
Make sure your server environment meets the system requirements for the version you are about to install.
...
Python is required to run our deployment scripts. Please refer to system requirements for the latest required version.
When you come across the execution of Python scripts, ‘python’ should be replaced with the path to your Python 3 installation directory.
Provide database access
1. Make sure a database administrator user can log on to the database server using username and password.
...
1. Expose the ports WildFly will use:
HTTPS (Default is 8443) – this port is used for HTTPS traffic.
WildFly Controller PORT – this port is used for WildFly CLI commands. The CLI interface is used to configure the application server during the installation of the Lequinox platform. Our scripts need access to port 9990.
Note |
---|
It is not recommend that you make the controller port public, but the deployment scripts need access to it. |
2. Set the JAVA_OPTS environment variable. The application server uses this to configure IP bind address, IP version, memory allocation for the Java Virtual Machine (JVM) and other parameters. This is also where you can configure Garbage Collector (GC) for the JVM. Below, an example of a JAVA_OPTS:
Code Block |
---|
-Xms2048m -Xmx2048m -Djboss.bind.address=0.0.0.0 -Dconfig.path=/path/to/config_directory -Djdk.tls.ephemeralDHKeySize=matched |
Xms and Xmx control the JVM memory allocation, and should be tuned based on your need. See the official Oracle documentation on JAVA_OPTS for more information.
jboss.bind.address configures which IP address the application server will listen on.
The config.path parameter should point to where the generated configuration file will be placed. The path is generated during the install, and the files are generated based on the profile configuration (see step Generate a new configuration file in the Install section).
jdk.tls.ephemeralDHKeySize specifies the ephemeral Diffie-Hellman key size. We recommend setting this to matched. See the official Oracle documentation on Java Secure Socket Extension (JSSE) Reference Guide for more information.
For more information on JVM parameters, consult Oracle's documentation.
3. Add your certificate-key-file, for example /etc/pki/wildfly/https/example-keystore.p12, to to the server. This keystore needs to contain the certificates used to enable HTTPS. Configuring WildFly to collect the keystore is done in the Deployment profile.
...
To run the deployment scripts, you need Python and psql on the host server.
Info |
---|
Python may be included in the OS, and psql should be included in the database server. Note that the Python version included might not be the required one. Refer to our system requirements for information on the correct version. |
If you want to run the scripts from a remote location you will also need to install SSH and SCP.
If you install any tools, make sure they are included in the system path variable.
Prepare the target machine
1. Copy and extract the installation package to the target machine.
2. Set up a directory for the archive_service filestore, and give the WildFly user read and write access.
3. Give the WildFly user read and write access to the folder where the Lequinox console will store the secret keys used to secure users' passphrases (parameter consoleplus_secret_keys_path in the <tarball extract directory>/deployment/profiles/default/console_plus.properties file). Verify with devs, OK with ICT.
Info | ||||||
---|---|---|---|---|---|---|
A release of the Lequinox platform contains, among other things, deployment scripts and deployment profile files. You will run the deployment scripts during the installation of your Lequinox platform. In order for the scripts to work on your specific system, you need to supply your own details in the files to set up your deployment profile. |
...
...
Set up your deployment profile
All deployment scripts require a deployment profile with custom settings.
In the default profile, you will find information on what you need to specify in your profile, and what you can or what you should not override. Settings that you must alter are specified as UNCONFIGURED in the default profile. If any UNCONFIGURED settings are left unchanged, the deployment scripts will not work.
Info |
---|
During the installation you will need to add a URL to a National node. A list of public National nodes is found here. |
Your deployment profile
1. Go to the profiles directory in the deployment script directory: <tarball extract directory>/deployment/profiles/
2. Copy and rename* the default profile. That is, copy all the contents of the ‘default’ directory to your own deployment profile directory.
Info |
---|
Do not remove the default profile from the target directory |
...
. |
3. Go through all the .properties files in your renamed profile directory, and set all UNCONFIGURED values. Also, change any other default settings if you prefer a different setup or if your environment requires additional adjustments.
...
5. Back up your amended deployment profile. That is, back up all the files and folders in your own deployment profile directory.
Info |
---|
Make a note of where you keep the backup, as having this at hand will save time during future upgrades. Using your previous deployment profile as a starting point, you will not have to make all the changes in step 3 for each upgrade. When upgrading, you will only have to apply any changes mentioned in deployment profile changes to the files in your own amended profile. |
* You must enter your amended profile name when executing the deployment scripts.
...
This directory contains configuration files for component specific settings. Some of the component settings declare an endpoint that is used by a specific sub-system. The general format of the variable name is:
<
requesting
|
|
|
|
|
>
|
Variable Part | Comment |
---|---|
requesting-subsystem | sub-system performing the request |
endpoint-subsystem | sub-system answering the request |
access-level | “private” or “public”, depending on location of the sub-systems taking part of the request |
The access-level can be either private or public. Private means that the endpoint should only be accessed from within the domain (network/server) where the main components are installed. In theory, you could choose to use the unencrypted http protocol for faster throughput. Public means the endpoint has to be accessed from the outside, so we strictly recommend using https for every public endpoint.
datasources
This folder contains configuration files for datasource specific settings.
Install your Lequinox platform
You are now ready to run the Lequinox deployment scripts. To do so, follow the instructions to install the Lequinox platform to the point.