This page contains the preparations needed before installing a Lequinox platform on a Red Hat Enterprise Linux or CentOS operating system.
During the preparations you will need a certificate-key-file.

System requirements

Make sure your server environment meets the system requirements for the version you are about to install. 

Python

Python is required to run our deployment scripts. Please refer to system requirements for the latest required version. 

When you come across the execution of Python scripts, ‘python’ should be replaced with the path to your Python 3 installation directory.

Provide database access

1. Make sure a database administrator user can log on to the database server using username and password.

2. Make a note of the credentials as they will be used in the profiles during the installation. 

Set up the WildFly server

1. Expose the ports WildFly will use:

• HTTPS (Default is 8443) – this port is used for HTTPS traffic.

• WildFly Controller PORT – this port is used for WildFly CLI commands. The CLI interface is used to configure the application server during the installation of the Lequinox platform. Our scripts need access to port 9990.

2. Set the JAVA_OPTS environment variable. The application server uses this to configure IP bind address, IP version, memory allocation for the Java Virtual Machine (JVM) and other parameters. This is also where you can configure Garbage Collector (GC) for the JVM. Below, an example of a JAVA_OPTS:

• Xms and Xmx control the JVM memory allocation, and should be tuned based on your need. See the official Oracle documentation on JAVA_OPTS for more information.

• jboss.bind.address configures which IP address the application server will listen on. 

• The config.path parameter should point to where the generated configuration file will be placed. The path is generated during the install, and the files are generated based on the profile configuration (see step Generate a new configuration file in the Install section).

• jdk.tls.ephemeralDHKeySize specifies the ephemeral Diffie-Hellman key size. We recommend setting this to matched. See the official Oracle documentation on Java Secure Socket Extension (JSSE) Reference Guide for more information.

For more information on JVM parameters, consult Oracle's documentation.

3. Add your certificate-key-file, for example /etc/pki/wildfly/https/example-keystore.p12, to the server. This keystore needs to contain the certificates used to enable HTTPS. Configuring WildFly to collect the keystore is done in the Deployment profile.

4. Create an init script for WildFly, this is required for the deployment scripts and defined in the deployment profiles. For more information, consult WildFly documentation.

Tools

To run the deployment scripts, you need Python and psql on the host server.

If you want to run the scripts from a remote location you will also need to install SSH and SCP.

If you install any tools, make sure they are included in the system path variable.

Prepare the target machine

1. Copy and extract the installation package to the target machine. 

2. Set up a directory for the archive_service filestore, and give the WildFly user read and write access.

3. Give the WildFly user read and write access to the folder where the Lequinox console will store the secret keys used to secure users' passphrases (parameter consoleplus_secret_keys_path in the <tarball extract directory>/deployment/profiles/default/console_plus.properties file).

Set up your deployment profile

All deployment scripts require a deployment profile with custom settings.

In the default profile, you will find information on what you need to specify in your profile, and what you can or what you should not override. Settings that you must alter are specified as UNCONFIGURED in the default profile. If any UNCONFIGURED settings are left unchanged, the deployment scripts will not work.

Your deployment profile

1. Go to the profiles directory in the deployment script directory: <tarball extract directory>/deployment/profiles/

2. Copy and rename* the default profile. That is, copy all the contents of the ‘default’ directory to your own deployment profile directory.

3. Go through all the .properties files in your renamed profile directory, and set all UNCONFIGURED values. Also, change any other default settings if you prefer a different setup or if your environment requires additional adjustments.

4. Save your changes.

5. Back up your amended deployment profile. That is, back up all the files and folders in your own deployment profile directory.  

* You must enter your amended profile name when executing the deployment scripts.

Contents of the deployment profile root directory

profile.properties

The profile.properties file is the main configuration file. The profile.properties file contains detailed information on the various parameters and what they are used for. 

components

This directory contains configuration files for component specific settings. Some of the component settings declare an endpoint that is used by a specific sub-system. The general format of the variable name is:

The access-level can be either private or public. Private means that the endpoint should only be accessed from within the domain (network/server) where the main components are installed. In theory, you could choose to use the unencrypted http protocol for faster throughput. Public means the endpoint has to be accessed from the outside, so we strictly recommend using https for every public endpoint.

datasources

This folder contains configuration files for datasource specific settings.

Install your Lequinox platform

You are now ready to run the Lequinox deployment scripts. To do so, follow the instructions to install the Lequinox platform to the point.