CA Governance Minder 12.6.3 on Linux/WebSphere/Oracle

Supported OS

Red Hat Enterprise Linux version 5.x ,6.x Architecture   64-bit

Supported Application Servers

IBM WebSphere ND (on RHEL only) ver 7.0 JDK · 1.6.0 (JDK version is IBM JDK that comes with Web Sphere version)

IBM WebSphere ND (on RHEL only) ver 8.5.5 JDK · 1.6.0, 1.7.x (JDK version is IBM JDK)

GM Installation

Governance Minder requires a Linux/Windows host for the J2EE container. In this environment GM will be installed on a WebSphere 8.5.5.5 Cluster. The backend database used is an Oracle 12C database server.

To begin the installation of the GM WebSphere environment you will need to install the Government Minder binaries. The install files can be downloaded from CA at www.ca.com or copied from the development server at CMS.

Pre-Requisites

Open Ports

netstat -an -o |grep “1098 1099 1577 4026 4444 4445 4446 5001 8009 8080 8083 8093 8094 9092”

If no results are returned good, if results are found. Use netstat –an –o –b to locate, you must redirect traffic from these ports prior to GM install

Create databases

Done – The dbutil utility in can be used to create the databases prior to install, this will not be used

JDK deployment

Install JDK 1.6.45

mkdir /opt/CA/

chmod 775 /opt/CA/

copy jdk-6u45-linux-x64.bin to /opt/CA/

cd /opt/CA/

chmod 775 jdk-6u45-linux-x64.bin

./jdk-6u45-linux-x64.bin

rm –f jdk-6u45-linux-x64.bin

echo export JAVA_HOME=/opt/CA/jdk1.6.0_45 > /etc/profile.d/jdk.sh

vi /etc/profile.d/jdk.sh

Add the following:

export PATH=$JAVA_HOME/bin:$PATH

Save and exit

Start a new shell and verify that your JAVA_HOME variable is set and your PATH is mapped to the JDK

java –version will return

Java(TM) SE Runtime Environment (build 1.6.0_45-b06)

Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)

Configure JAVA alternatives

This is to be used if there are multiple JDK’s on the system

/usr/sbin/alternatives –install /usr/bin/java java /usr/java/jdk1.6.0_45/bin/java 1500

/usr/sbin/alternatives –config java

Output:

[root@e48v111v bin]# /usr/sbin/alternatives –config java

You may see the following if there are 2 programs which provide ‘java’.

Selection   Command

———————————————–

*+ 1           /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java

   2           /usr/java/jdk1.6.0_45/bin/java

Enter to keep the current selection[+], or type selection number: 2

Select the new JDK (2) that was deployed

Verify JAVA version:

java –version

Should return java version 1.6.45 or above

Packages

The following packages must be installed

glibc-2.12-1.25.el6.i686.rpm

libX11-1.3-2.el6.i686.rpm

libxcb-1.5-1.el6.i686.rpm

libXtst-1.0.99.2-3.el6.i686.rpm

libXau-1.0.5-1.el6.i686.rpm

libXi-1.3-3.el6.i686.rpm

libXext-1.1-3.el6.i686.rpm

nss-softokn-freebl-3.12.9-3.el6.i686.rpm

dos2unix-3.1-37.el6.x86_64.rpm

Issue the following to install the required packages

yum install glibc-2.12-1.25.el6.i686 libX11-1.3-2.el6.i686 libxcb-1.5-1.el6.i686 libXtst-1.0.99.2-3.el6.i686 libXau-1.0.5-1.el6.i686 libXi-1.3-3.el6.i686 libXext-1.1-3.el6.i686 nss-softokn-freebl-3.12.9-3.el6.i686 dos2unix-3.1-37.el6.x86_64

Improve performance

rm /dev/random && mknod -m 644 /dev/random c 1 9

Output:

rm: remove character special file `/dev/random’? yes

Linux Environment Requirements

The install must be run as root

ulimit unlimited

umask 0022

Installation Instructions

mkdir /opt/CA/GM

chmod 775 /opt/CA/GM

cd /opt/CA/GM

The following files must be deployed in the /opt/CA/GM location

-rwxrwxr-x 1 root root   9944944 Aug 31 16:53 GEN06113240E.zip

-rwxrwxr-x 1 root root   22365919 Aug 31 16:53 GEN06113635E.zip

-rwxrwxr-x 1 root root   6508285 Aug 31 16:53 GEN06113840E.zip

-rwxrwxr-x 1 root root   7685405 Aug 31 16:53 GEN06114031E.zip

-rwxrwxr-x 1 root root 144821579 Aug 31 16:53 GEN06114144E.zip

-rwxrwxr-x 1 root root   21467559 Aug 31 16:53 GEN06114251E.zip

-rwxrwxr-x 1 root root   98058816 Aug 31 16:53 GEN06114404E.zip

-rwxrwxr-x 1 root root 128941761 Aug 31 16:53 GEN06114535E.zip

-rwxrwxr-x 1 root root 297298511 Aug 31 16:53 GEN06115951E.zip

-rwxrwxr-x 1 root root 293004965 Aug 31 16:53 GEN06120054E.zip

-rwxrwxr-x 1 root root   60494416 Aug 31 16:53 GEN06120210E.zip

-rwxrwxr-x 1 root root   2494281 Aug 31 16:53 GEN06120406E.zip

-rwxrwxr-x 1 root root   77711630 Aug 31 16:53 GEN06120508E.zip

-rwxrwxr-x 1 root root 246255121 Aug 31 16:53 GEN06120611E.zip

-rwxrwxr-x 1 root root     502996 Aug 31 16:53 GEN06121000E.zip

-rwxrwxr-x 1 root root     263826 Aug 31 16:53 GEN06120813E.zip

-rwxrwxr-x 1 root root 1020551602 Aug 31 16:53 GEN06120717E.zip

unzip ‘*.zip’

chmod 775 *

unzip CA-IdentityGovernance-12.6.03-Installer.zip

chmod 777 InstCAIdentityGovernance.bin

Run installer

./InstCAIdentityGovernance.bin

/

Deploying Governance Minder on WebSphere

Oracle changes for JMS

This procedure describes how to create database users to synchronize Java Messaging Service (JMS) topics. Have the Oracle DBA’s issue the following as the system user, examine notes for complete privileges:

create user gvmBus identified by PASSWORD;

create user wpBus identified by PASSWORD;

grant select on pending_trans$ to gvmBus;

grant select on dba_2pc_pending to gvmBus;

grant select on dba_pending_transactions to gvmBus;

grant execute on dbms_xa to gvmBus;

grant select on pending_trans$ to wpBus;

grant select on dba_2pc_pending to wpBus;

grant select on dba_pending_transactions to wpBus;

grant execute on dbms_xa to wpBus;

commit;

Note:   The following specific privileges were used

GRANT CMS_CONNECT TO GVMBUS;

GRANT CMS_RESOURCE TO GVMBUS;

GRANT CONNECT TO GVMBUS;

GRANT GVMBUS_XA_ROLE TO GVMBUS;

GRANT RESOURCE TO GVMBUS;

ALTER USER GVMBUS DEFAULT ROLE ALL;

GRANT UNLIMITED TABLESPACE TO GVMBUS;

GRANT CMS_CONNECT TO WPBUS;

GRANT CMS_RESOURCE TO WPBUS;

GRANT CONNECT TO WPBUS;

GRANT RESOURCE TO WPBUS;

ALTER USER WPBUS DEFAULT ROLE ALL;

GRANT UNLIMITED TABLESPACE TO WPBUS;

Note:    The passwords for these users are the ones used in dataSources.py

Note:   The following privileges work to provide sufficient access

grant all privileges to gvmBus;

grant all privileges to wpBus;

Note:    The following privileges were not sufficient to start the GM Server

GRANT CREATE SESSION TO gvmBus WITH ADMIN OPTION;

GRANT CREATE SESSION TO wpBus WITH ADMIN OPTION;

Note:   The GVM_WorkPoint used in the commands below is based upon the WorkPoint schema name used in the GM GUI install steps previously

Hazelcast

This procedure describes how to configure Hazelcast. Hazelcast is an open source clustering and highly scalable Java data distribution operating environment that CA GovernanceMinder uses.

For the CA GovernanceMinder cluster integration, edit the hazelcast.xml file to adjust the Hazelcast lock mechanism. The Hazelcast.xml file is located in the eurekify.war file. Follow the following steps to modify the hazelcast.xml file.

mkdir /tmp/hazelcast

chmod 777 /tmp/hazelcast

cd /tmp/hazelcast

cp /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekify.ear .

mv /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekify.ear /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekefy.ear.orig

jar xvf eurekify.ear eurekify.war

jar xvf eurekify.war WEB-INF/classes/hazelcast.xml

Note: If this is a multi server/clustered/federated configuration and only one the servers is available at the time of the install do not attempt to use both servers in the hazelcast.xml, this is unsupported

vi /tmp/hazelcast/WEB-INF/classes/hazelcast.xml

Change the group stanza password to be the WebSphere password, this needs to match the WAS Security you have setup, if there is no security setup, use the default values

<group>

<name>GM_WAS</name>

<password>PASSWORD</password>

</group>

Change the interfaces to include all servers in your WebSphere cluster

<tcp-ip enabled=”true”>

<interface>SHORTNAMEOFSERVER</interface>

</tcp-ip>

Recreate and place the modified .ear back in place

cd /tmp/hazelcast

jar uvf eurekify.war WEB-INF/classes/hazelcast.xml

jar uvf eurekify.ear eurekify.war

mv eurekify.ear /opt/CA/GovernanceMinder/Server/rcm-websphere

Review Python file parameters

vi /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts/dataSources.py

The password used was PASSWORD, so the four “db_pw” variables should have the install password.

Modify the gvmBus and wpBus user and passwords to match the user and passwords that were sent to the Oracle DBA’s in the previous steps

Set up the CA GovernanceMinder and Workpoint clusters.

Update the Custer Name and Server names in the gvmDefaults.py, the top 5 lines and bottom 2 are where modifications need to be made.

vi /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts/gvmDefaults.py

Top five Lines

Workpoint_Cluster_Name = “EUA-WP”

Workpoint_Server_Name_Format = “EUA-WP-S%d”

Workpoint_BusName = “wpBus”

Gvm_Cluster_Name = “EUA-GM”

Gvm_Server_Name_Format = “EUA-GM-S%d”

Bottom two lines, comment out the similar two lines with a # before

msJTDSdriverFullPath = “${WAS_INSTALL_ROOT}”+os.sep+essentialsDirName+os.sep+”JDBC”+os.sep+”jtds-1.2.jar”

ORACLEdriverFullPath = “${WAS_INSTALL_ROOT}”+os.sep+essentialsDirName+os.sep+”JDBC”+os.sep+”ojdbc6.jar”

Set up CA GovernanceMinder and setup CA GovernanceMinder and Workpoint Clusters

cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts

umask 0022

./DeployGVM.sh /opt/IBM/WebSphere/AppServer/bin/ >> deploy.log &

Note: The WebSphere directory to be used is the root directory of the application server and not the node or cluster locations of the wsadmin.sh script

Note: use tail –f deploy.log to examine log the last two commands should copy statements

Configure the CA GovernanceMinder folder

cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts

/opt/IBM/WebSphere/AppServer/bin/wsadmin.sh -lang jython -f setupEssentials.py >> setup.log &

This needs to be accomplished on each cluster server in a federated/cluster configuration. On each of the servers, repeat the following

cd /opt/CA

tar zcvf GMCluster.tar.gz GovernanceMinder/

copy the GMCluster.tar.gz to the other cluster members

On the other cluster members as root

ulimit unlimited

umask 0022

mkdir /opt/CA

chmod 775 /opt/CA

cd /opt/CA

cp GMCluster.tar.gz to this location

tar zxvf GMCluster.tar.gz

cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts

/opt/IBM/WebSphere/EntAppServer85-64/appServerbin/wsadmin.sh -lang jython -f setupEssentials.py

WebSphere Changes

Add JDBC provider

cp /oracle/product/12.1.0/db1/jdbc/lib/ojdbc6.jar /opt/IBM/WebSphere/AppServer/essentials/JDBC

Note:  The above assumes Oracle was installed on this machine and the database used was db1

Core Groups

Servers / Core groups / Core group bridge settings / Access point groups / DefaultAccessPointGroup / Core group access points

Select the core group and Show Detail, Select Bridge Interfaces, New

Select each of the Bridge interfaces (do this 4 times) listed in drop down and apply

Review changes and sync, the final list should look like this

Configure JDBC drivers and data sources on the WorkPoint cluster

This procedure describes how you install Oracle JDBC drivers and data sources on the WorkPoint cluster. Follow these steps for each of the JDBC providers, there will be six.

Resources / JDBC / JDBC Providers – The list should like this

Select each of the Oracle providers above

Select the Oracle11g Data provider for each

Review and synchronize changes for this provider, these steps should be done seven times total.

WebSphere Virtual Host Configuration

In Servers \ WebSphere Application Servers \ Application servers > EUA-GM-S1 > Ports

The WC_defaulthost is mapped to a port locate this value and that same port needs to be listed in Environment \ Virtual Hosts \ Default_host \ Host Alias

Restart Environment

/opt/IBM/WebSphere/AppServer/bin/stopManager.sh

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/stopNode.sh

/opt/IBM/WebSphere/AppServer/bin/startManager.sh

/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh

JDBC Connection Verification

Verify the ojdbc6.jar is located in the WAS_install_root/essentials/JDBC/

Verify each of the JDBC resources by testing the connection in Resources \ JDBC \ DataSources

Select the following 6 and test connection

You need to receive a successful connection test for all 6

Start GM and WP applications

Servers / All Servers

Portal Verification

Verify each of the JDBC resources by testing the connection (has to wait until node is started)

This procedure describes how you verify a successful installation after you complete installing the product. When the CA GovernanceMinder installation is successful, you can access the CA GovernanceMinder Portal.

Follow these steps:

Select and start one server from the CA GovernanceMinder cluster, CA GovernanceMinder, and installed applications, including reports.

Review the started server logs and verify that no log errors exist.

Start all other servers in the CA GovernanceMinder cluster.

Review all the product cluster logs and verify that no errors exist in the logs.

You can access the Portal after a successful installation.

Open a browser and enter the following URL:

http://GM_Server_Name:9081/eurekify/portal/login

Log in using the following default administration credentials:

Username: AD1\EAdmin

Password: eurekify

Advertisements