2.3. Installing Red Hat JBoss BRMS Using Installer
The installer for Red Hat JBoss BRMS is an executable Java JAR file. You can use it to install Red Hat JBoss BRMS on an existing Red Hat JBoss EAP 6.4 installation.
Note that the provided Red Hat JBoss BRMS JAR file installer does not support the Red Hat JBoss EAP distribution installed by yum or RPM Package Manager. In this case, download the Red Hat JBoss BRMS 6.3.0 Deployable for EAP 6 file and follow the steps described in Section 2.6, “Installing Red Hat JBoss BRMS on Red Hat JBoss Enterprise Application Platform”.
For security reasons, you should run the installer as a non-root user.
Before attempting to install Red Hat JBoss BRMS, ensure you have already installed Red Hat JBoss EAP 6.4.7 or better, and create a back up. Ensure that your user has sufficient rights to complete the installation.
Set up location and users.
Navigate to the folder where you downloaded the installer file in a command prompt and execute the following command:
java -jar jboss-brms-6.3.0.GA-installer.jarNote
When running the installer on Windows, you may be prompted to provide administrator credentials during the installation. To prevent this, add the
izpack.mode=privilegedoption to the installation command:
java -Dizpack.mode=privileged -jar jboss-brms-6.3.0.GA-installer.jar
Furthermore, when running the installer with a 32-bit Java Virtual Machine, you can encounter memory limitations. To solve the issue, run
java -XX:MaxHeapSize=4g -jar jboss-brms-6.3.0.GA-installer.jar
- The graphical installer will execute and display a splash screen and a license agreement page. Read and accept the license to proceed.
In the next screen, provide the parent location of an existing Red Hat JBoss EAP where Red Hat JBoss BRMS must be installed. The screenshot below depicts an example directory path:
Figure 2.1. Red Hat JBoss BRMS Installer for EAP Directory Path
In the next two screens, create two users: the first one for the management console of the Red Hat JBoss EAP (ManagementRealm) and the second one for managing Red Hat JBoss BRMS itself (ApplicationRealm).
Creation of the first user for the management console of Red Hat JBoss EAP is optional and you may skip it if it is not required.
Make a note of these user names and passwords as you will need them to access the Red Hat JBoss EAP server (if you do decide to create it) and the Red Hat JBoss BRMS application respectively.Important
Make sure that the selected user name does not conflict with any known title of a role or a group.
For example, if there is a role called
admin, you should not create a user with the user name
The passwords that you create must have at least 8 characters and must contain at least one number and one non-alphanumeric character (not including the character &).Note
The application role assigned to the second user that you create is the
adminrole. This is the only role that can be assigned to this newly created user. You can create more users with narrow roles afterwards by using the command line.
Set up security environment.
Next, you will set up the security environment of your new Red Hat JBoss BRMS install. Decide to enable or disable the Java Security Manager in this step by clicking on the check box. The Java Security Manager makes your system more secure but may downgrade performance. You need to make a decision based on your environment.
- Choose whether you want to set up pure IPv6 configuration on the server that the installation is taking place. This will allow you to set up runtime IPv6 specific configurations later.
Configure runtime environment.
This step provides the option of using a default configuration or specifying an advanced configuration.
Choose Perform default configuration for the runtime environment in the next step and click Next to review the installation details. If you are happy with the details, click Next to start the actual installation or click Previous to go back and make changes.
Choose to enable advanced configuration options. Select Perform advanced configuration and choose the advanced configuration options you want to enable for your environment using the check boxes.
Figure 2.2. Advanced Configuration Options
Configure Password Vault
Vault passwords are used to obfuscate passwords in the various server descriptors using a Java secret key generated during the installation process, or manually using the keytool. This prevents passwords from being stored as plain text in the descriptors. The Iteration count and Salt are both parameters to the encryption process.
For more information about vault passwords, see the Red Hat JBoss EAP Security Guide.
Figure 2.3. Configure Password Vault
This screen allows you to add the
<truststore>elements to the ManagementRealm security realm using the provided keystore.
<ssl>element causes the server to present the certificate within the keystore as its identity, which allows the user to apply their official certificate.
<truststore>element enables Client-Cert authentication. This means that, if a remote client attempts to connect to any resource managed by the ManagementRealm, the client can present a certificate, and if an entry in the truststore matches, will be authenticated without needing to provide a user name/password.
The end result is an encrypted connection that is secure between the client and the server for the ManagementRealm.
Figure 2.4. SSL Security Configuration
This step in the installer allows the user to define an LDAP server, which in turn defines users which should be allowed to authenticate with the ManagementRealm. This replaces the default configuration.
The LDAP Connection screen allows users to define how to connect to the LDAP server.
- Distinguished Name (DN): the user that can connect to the LDAP server. Typically the DN will uniquely define a special user for this purpose.
Figure 2.5. LDAP Connection Configuration
LDAP Security (Management Console)
The Management Console LDAP Configuration screen allows you to set up a security realm. This defines the
<security-realm>element to be added to the descriptors, and utilizes the connection defined previously.
Figure 2.6. Management Console LDAP Configuration
- Base DN: Will typically define a 'base search' or 'root context' to begin searching for users.
- Filter Type: Tells Red Hat JBoss EAP how to find the LDAP attribute that defines a user; it is can be a simple attribute, but can also be a complex LDAP filter.
Username filter: The LDAP attribute which holds the user name values. A user name entered in this field is used for search queries as a value of the
uidattribute. If a user chooses LDAP Syntax Query as a filter type, this query must be specified in this field.
- Recursive directory search: If enabled, Red Hat JBoss EAP will traverse the LDAP tree recursively, starting at Base DN. Otherwise, the search will be limited to Base DN.
LDAP Security (Business Central)
Most of the following fields are similar to the Base DN. Contexts are used to search for roles, which allows it to perform authorization in addition to authentication. Otherwise, the context fields are analogous to the Base DN from the previous, and attribute fields are analogous to user name attribute. The filters allow fine grained control over which values of the given attribute will be accepted.
Input values from Business Central LDAP Configuration page are used to configure a new security domain, which make use of
LdapExtendedlogin module. This security domain is set as default for Business Central web application. For more information about security domains and login modules, see the Red Hat JBoss EAP Security Guide.
Figure 2.7. Business Central LDAP Configuration
Security Domain and JSSE Configuration
The Security Domain screen allows you to configure all of the elements of the
<security-domain>security subsystem for managing security information, including JSSE configuration. For more detailed information about configuring security domains, see the Red Hat JBoss EAP Security Guide.
Figure 2.8. Security Domain
Figure 2.9. JSSE Configuration
Selecting this option installs Red Hat JBoss BRMS ready for clustered operation. For more information, see Section 6.5, “Clustering on Red Hat JBoss EAP”.
Business Central Datasource Setup
After cluster configuration, the next screen allows you to configure the Business Central data source.
Figure 2.10. Business Central Datasource Setup
Configure Business Resource Planner
This screen allows you to configure Business Resource Planner.
Figure 2.11. Configure Business Resource Planner
- The installer will go through the steps to install Red Hat JBoss BRMS and will perform post installation configuration steps when you click Next. The installer will also start the Red Hat JBoss BRMS server and connect to it to validate the installation. Click Next to get to the last screen where you can generate the installation script and properties file. Click Done to quit the installer.
You have successfully installed Red Hat JBoss BRMS using the installer.