Supported OS
Red Hat Enterprise Linux version 5.x ,6.x Architecture 64-bit
Supported Application Servers
IBM WebSphere ND (on RHEL only) ver 7.0 JDK · 1.6.0 (JDK version is IBM JDK that comes with Web Sphere version)
IBM WebSphere ND (on RHEL only) ver 8.5.5 JDK · 1.6.0, 1.7.x (JDK version is IBM JDK)
GM Installation
Governance Minder requires a Linux/Windows host for the J2EE container. In this environment GM will be installed on a WebSphere 8.5.5.5 Cluster. The backend database used is an Oracle 12C database server.
To begin the installation of the GM WebSphere environment you will need to install the Government Minder binaries. The install files can be downloaded from CA at www.ca.com or copied from the development server at CMS.
Pre-Requisites
Open Ports
netstat -an -o |grep “1098 1099 1577 4026 4444 4445 4446 5001 8009 8080 8083 8093 8094 9092”
If no results are returned good, if results are found. Use netstat –an –o –b to locate, you must redirect traffic from these ports prior to GM install
Create databases
Done – The dbutil utility in can be used to create the databases prior to install, this will not be used
JDK deployment
Install JDK 1.6.45
mkdir /opt/CA/
chmod 775 /opt/CA/
copy jdk-6u45-linux-x64.bin to /opt/CA/
cd /opt/CA/
chmod 775 jdk-6u45-linux-x64.bin
./jdk-6u45-linux-x64.bin
rm –f jdk-6u45-linux-x64.bin
echo export JAVA_HOME=/opt/CA/jdk1.6.0_45 > /etc/profile.d/jdk.sh
vi /etc/profile.d/jdk.sh
Add the following:
export PATH=$JAVA_HOME/bin:$PATH
Save and exit
Start a new shell and verify that your JAVA_HOME variable is set and your PATH is mapped to the JDK
java –version will return
Java(TM) SE Runtime Environment (build 1.6.0_45-b06)
Java HotSpot(TM) 64-Bit Server VM (build 20.45-b01, mixed mode)
Configure JAVA alternatives
This is to be used if there are multiple JDK’s on the system
/usr/sbin/alternatives –install /usr/bin/java java /usr/java/jdk1.6.0_45/bin/java 1500
/usr/sbin/alternatives –config java
Output:
[root@e48v111v bin]# /usr/sbin/alternatives –config java
You may see the following if there are 2 programs which provide ‘java’.
Selection Command
———————————————–
*+ 1 /usr/lib/jvm/jre-1.6.0-openjdk.x86_64/bin/java
2 /usr/java/jdk1.6.0_45/bin/java
Enter to keep the current selection[+], or type selection number: 2
Select the new JDK (2) that was deployed
Verify JAVA version:
java –version
Should return java version 1.6.45 or above
Packages
The following packages must be installed
glibc-2.12-1.25.el6.i686.rpm
libX11-1.3-2.el6.i686.rpm
libxcb-1.5-1.el6.i686.rpm
libXtst-1.0.99.2-3.el6.i686.rpm
libXau-1.0.5-1.el6.i686.rpm
libXi-1.3-3.el6.i686.rpm
libXext-1.1-3.el6.i686.rpm
nss-softokn-freebl-3.12.9-3.el6.i686.rpm
dos2unix-3.1-37.el6.x86_64.rpm
Issue the following to install the required packages
yum install glibc-2.12-1.25.el6.i686 libX11-1.3-2.el6.i686 libxcb-1.5-1.el6.i686 libXtst-1.0.99.2-3.el6.i686 libXau-1.0.5-1.el6.i686 libXi-1.3-3.el6.i686 libXext-1.1-3.el6.i686 nss-softokn-freebl-3.12.9-3.el6.i686 dos2unix-3.1-37.el6.x86_64
Improve performance
rm /dev/random && mknod -m 644 /dev/random c 1 9
Output:
rm: remove character special file `/dev/random’? yes
Linux Environment Requirements
The install must be run as root
ulimit unlimited
umask 0022
Installation Instructions
mkdir /opt/CA/GM
chmod 775 /opt/CA/GM
cd /opt/CA/GM
The following files must be deployed in the /opt/CA/GM location
-rwxrwxr-x 1 root root 9944944 Aug 31 16:53 GEN06113240E.zip
-rwxrwxr-x 1 root root 22365919 Aug 31 16:53 GEN06113635E.zip
-rwxrwxr-x 1 root root 6508285 Aug 31 16:53 GEN06113840E.zip
-rwxrwxr-x 1 root root 7685405 Aug 31 16:53 GEN06114031E.zip
-rwxrwxr-x 1 root root 144821579 Aug 31 16:53 GEN06114144E.zip
-rwxrwxr-x 1 root root 21467559 Aug 31 16:53 GEN06114251E.zip
-rwxrwxr-x 1 root root 98058816 Aug 31 16:53 GEN06114404E.zip
-rwxrwxr-x 1 root root 128941761 Aug 31 16:53 GEN06114535E.zip
-rwxrwxr-x 1 root root 297298511 Aug 31 16:53 GEN06115951E.zip
-rwxrwxr-x 1 root root 293004965 Aug 31 16:53 GEN06120054E.zip
-rwxrwxr-x 1 root root 60494416 Aug 31 16:53 GEN06120210E.zip
-rwxrwxr-x 1 root root 2494281 Aug 31 16:53 GEN06120406E.zip
-rwxrwxr-x 1 root root 77711630 Aug 31 16:53 GEN06120508E.zip
-rwxrwxr-x 1 root root 246255121 Aug 31 16:53 GEN06120611E.zip
-rwxrwxr-x 1 root root 502996 Aug 31 16:53 GEN06121000E.zip
-rwxrwxr-x 1 root root 263826 Aug 31 16:53 GEN06120813E.zip
-rwxrwxr-x 1 root root 1020551602 Aug 31 16:53 GEN06120717E.zip
unzip ‘*.zip’
chmod 775 *
unzip CA-IdentityGovernance-12.6.03-Installer.zip
chmod 777 InstCAIdentityGovernance.bin
Run installer
./InstCAIdentityGovernance.bin
Deploying Governance Minder on WebSphere
Oracle changes for JMS
This procedure describes how to create database users to synchronize Java Messaging Service (JMS) topics. Have the Oracle DBA’s issue the following as the system user, examine notes for complete privileges:
create user gvmBus identified by PASSWORD;
create user wpBus identified by PASSWORD;
grant select on pending_trans$ to gvmBus;
grant select on dba_2pc_pending to gvmBus;
grant select on dba_pending_transactions to gvmBus;
grant execute on dbms_xa to gvmBus;
grant select on pending_trans$ to wpBus;
grant select on dba_2pc_pending to wpBus;
grant select on dba_pending_transactions to wpBus;
grant execute on dbms_xa to wpBus;
commit;
Note: The following specific privileges were used
GRANT CMS_CONNECT TO GVMBUS;
GRANT CMS_RESOURCE TO GVMBUS;
GRANT CONNECT TO GVMBUS;
GRANT GVMBUS_XA_ROLE TO GVMBUS;
GRANT RESOURCE TO GVMBUS;
ALTER USER GVMBUS DEFAULT ROLE ALL;
GRANT UNLIMITED TABLESPACE TO GVMBUS;
GRANT CMS_CONNECT TO WPBUS;
GRANT CMS_RESOURCE TO WPBUS;
GRANT CONNECT TO WPBUS;
GRANT RESOURCE TO WPBUS;
ALTER USER WPBUS DEFAULT ROLE ALL;
GRANT UNLIMITED TABLESPACE TO WPBUS;
Note: The passwords for these users are the ones used in dataSources.py
Note: The following privileges work to provide sufficient access
grant all privileges to gvmBus;
grant all privileges to wpBus;
Note: The following privileges were not sufficient to start the GM Server
GRANT CREATE SESSION TO gvmBus WITH ADMIN OPTION;
GRANT CREATE SESSION TO wpBus WITH ADMIN OPTION;
Note: The GVM_WorkPoint used in the commands below is based upon the WorkPoint schema name used in the GM GUI install steps previously
Hazelcast
This procedure describes how to configure Hazelcast. Hazelcast is an open source clustering and highly scalable Java data distribution operating environment that CA GovernanceMinder uses.
For the CA GovernanceMinder cluster integration, edit the hazelcast.xml file to adjust the Hazelcast lock mechanism. The Hazelcast.xml file is located in the eurekify.war file. Follow the following steps to modify the hazelcast.xml file.
mkdir /tmp/hazelcast
chmod 777 /tmp/hazelcast
cd /tmp/hazelcast
cp /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekify.ear .
mv /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekify.ear /opt/CA/GovernanceMinder/Server/rcm-websphere/eurekefy.ear.orig
jar xvf eurekify.ear eurekify.war
jar xvf eurekify.war WEB-INF/classes/hazelcast.xml
Note: If this is a multi server/clustered/federated configuration and only one the servers is available at the time of the install do not attempt to use both servers in the hazelcast.xml, this is unsupported
vi /tmp/hazelcast/WEB-INF/classes/hazelcast.xml
Change the group stanza password to be the WebSphere password, this needs to match the WAS Security you have setup, if there is no security setup, use the default values
<group>
<name>GM_WAS</name>
<password>PASSWORD</password>
</group>
Change the interfaces to include all servers in your WebSphere cluster
<tcp-ip enabled=”true”>
<interface>SHORTNAMEOFSERVER</interface>
</tcp-ip>
Recreate and place the modified .ear back in place
cd /tmp/hazelcast
jar uvf eurekify.war WEB-INF/classes/hazelcast.xml
jar uvf eurekify.ear eurekify.war
mv eurekify.ear /opt/CA/GovernanceMinder/Server/rcm-websphere
Review Python file parameters
vi /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts/dataSources.py
The password used was PASSWORD, so the four “db_pw” variables should have the install password.
Modify the gvmBus and wpBus user and passwords to match the user and passwords that were sent to the Oracle DBA’s in the previous steps
Set up the CA GovernanceMinder and Workpoint clusters.
Update the Custer Name and Server names in the gvmDefaults.py, the top 5 lines and bottom 2 are where modifications need to be made.
vi /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts/gvmDefaults.py
Top five Lines
Workpoint_Cluster_Name = “EUA-WP”
Workpoint_Server_Name_Format = “EUA-WP-S%d”
Workpoint_BusName = “wpBus”
Gvm_Cluster_Name = “EUA-GM”
Gvm_Server_Name_Format = “EUA-GM-S%d”
Bottom two lines, comment out the similar two lines with a # before
msJTDSdriverFullPath = “${WAS_INSTALL_ROOT}”+os.sep+essentialsDirName+os.sep+”JDBC”+os.sep+”jtds-1.2.jar”
ORACLEdriverFullPath = “${WAS_INSTALL_ROOT}”+os.sep+essentialsDirName+os.sep+”JDBC”+os.sep+”ojdbc6.jar”
Set up CA GovernanceMinder and setup CA GovernanceMinder and Workpoint Clusters
cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts
umask 0022
./DeployGVM.sh /opt/IBM/WebSphere/AppServer/bin/ >> deploy.log &
Note: The WebSphere directory to be used is the root directory of the application server and not the node or cluster locations of the wsadmin.sh script
Note: use tail –f deploy.log to examine log the last two commands should copy statements
Configure the CA GovernanceMinder folder
cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts
/opt/IBM/WebSphere/AppServer/bin/wsadmin.sh -lang jython -f setupEssentials.py >> setup.log &
This needs to be accomplished on each cluster server in a federated/cluster configuration. On each of the servers, repeat the following
cd /opt/CA
tar zcvf GMCluster.tar.gz GovernanceMinder/
copy the GMCluster.tar.gz to the other cluster members
On the other cluster members as root
ulimit unlimited
umask 0022
mkdir /opt/CA
chmod 775 /opt/CA
cd /opt/CA
cp GMCluster.tar.gz to this location
tar zxvf GMCluster.tar.gz
cd /opt/CA/GovernanceMinder/Server/rcm-websphere/WAS-Scripts
/opt/IBM/WebSphere/EntAppServer85-64/appServerbin/wsadmin.sh -lang jython -f setupEssentials.py
WebSphere Changes
Add JDBC provider
cp /oracle/product/12.1.0/db1/jdbc/lib/ojdbc6.jar /opt/IBM/WebSphere/AppServer/essentials/JDBC
Note: The above assumes Oracle was installed on this machine and the database used was db1
Core Groups
Servers / Core groups / Core group bridge settings / Access point groups / DefaultAccessPointGroup / Core group access points
Select the core group and Show Detail, Select Bridge Interfaces, New
Select each of the Bridge interfaces (do this 4 times) listed in drop down and apply
Review changes and sync, the final list should look like this
Configure JDBC drivers and data sources on the WorkPoint cluster
This procedure describes how you install Oracle JDBC drivers and data sources on the WorkPoint cluster. Follow these steps for each of the JDBC providers, there will be six.
Resources / JDBC / JDBC Providers – The list should like this
Select each of the Oracle providers above
Select the Oracle11g Data provider for each
Review and synchronize changes for this provider, these steps should be done seven times total.
WebSphere Virtual Host Configuration
In Servers \ WebSphere Application Servers \ Application servers > EUA-GM-S1 > Ports
The WC_defaulthost is mapped to a port locate this value and that same port needs to be listed in Environment \ Virtual Hosts \ Default_host \ Host Alias
Restart Environment
/opt/IBM/WebSphere/AppServer/bin/stopManager.sh
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/stopNode.sh
/opt/IBM/WebSphere/AppServer/bin/startManager.sh
/opt/IBM/WebSphere/AppServer/profiles/AppSrv01/bin/startNode.sh
JDBC Connection Verification
Verify the ojdbc6.jar is located in the WAS_install_root/essentials/JDBC/
Verify each of the JDBC resources by testing the connection in Resources \ JDBC \ DataSources
Select the following 6 and test connection
You need to receive a successful connection test for all 6
Start GM and WP applications
Servers / All Servers
Portal Verification
Verify each of the JDBC resources by testing the connection (has to wait until node is started)
This procedure describes how you verify a successful installation after you complete installing the product. When the CA GovernanceMinder installation is successful, you can access the CA GovernanceMinder Portal.
Follow these steps:
Select and start one server from the CA GovernanceMinder cluster, CA GovernanceMinder, and installed applications, including reports.
Review the started server logs and verify that no log errors exist.
Start all other servers in the CA GovernanceMinder cluster.
Review all the product cluster logs and verify that no errors exist in the logs.
You can access the Portal after a successful installation.
Open a browser and enter the following URL:
http://GM_Server_Name:9081/eurekify/portal/login
Log in using the following default administration credentials:
Username: AD1\EAdmin
Password: eurekify
Leave a Reply