Installing OpenIAM with a remote database
As an example, we're going to use a MySQL remote database. For other databases the process is similar and the differences are described at the end of the document.
- You need to prepare database beforehand by running the following.
dnf install mariadb-serversystemctl start mariadbsystemctl enable mariadbmysql_secure_installation
At this point, you need to answer installation questions.
firewall-cmd --add-service=mysql --permanentfirewall-cmd --add-port=3306/tcp --permanentfirewall-cmd --reload
Login to MySQL console as root and run the following.
grant all privileges on *.* to 'root'@'%' identified by '<MY_PASSWORD>' with grant option;
Verify connection form OpenIAM box.
mysql -h DB_IP -uroot -p
When the remote database is ready, it is time to install OpenIAM. To install a product using a remote database, repeat the installation steps indicated in general installation process till step 4.
The system will ask you, whether you want to install database local:
Would you like to install MariaDB RDBMS locally? [y/n]:
Answer No, installation process will proceed until Critical section is finished and the system asks you to connect to a remote database.
Generate OpenIAM encryption secrets=============== CRITICAL SECTION ===============DatabaseSet OpenIAM username for schema 'openiam' , default: idmuserSet OpenIAM password for schema 'openiam' , default: idmuserSet OpenIAM username for schema 'activiti'., default: activitiSet OpenIAM password for schema 'activiti'., default: activitiSet OpenIAM password for RabbitMQ message broker, default: passwd00Set OpenIAM password for Redis., default: passwd00User to Access ElasticSearch. If you don't change it on the ES server side, leave it as elastic, default: elasticPassword for elastic to access ElasticSearch, default: VanrIwkYvDMtjzsw56228KoULtioOdluPlease validate information below---------------------------------OpenIAM username for schema 'openiam': idmuserOpenIAM password for schema 'openiam': idmuserOpenIAM username for schema 'activiti': activitiOpenIAM password for schema 'activiti': activitiOpenIAM password for RabbitMQ message broker: passwd00OpenIAM password for Redis: passwd00OpenIAM Username to access ElasticSearch: elasticOpenIAM password for elastic user to access ElasticSearch: VanrIwkYvDMtjzsw56228KoULtioOdlu---------------------------------Please validate your input above, if you are OK with that enter 'y'. To repeat an information collecting procedure enter 'n': y
Answer Yes
to proceed database installation.
Note if you're using Flyway to install Oracle database, be sure to check username in database validation script. By default, it is IAMUSER. Hence, the username to be typed in on the previous step is to be AIMUSER. Note also that if you're not using Flyway to create a database, but create it on your own, be sure for the username and password in database validation script and in database configuration in the step above to coincide.
Further, installation will proceed and at the end you will be asked for database configuration.
=============== CRITICAL SECTION ===============Database configuration.Use default value if this is a new installation. If you are doing update, specify your current (before update) version here, like 4.1.11.0, default: 0.0.0.0This is the name of the openiam core database. If using mariadb, this is most likely 'openiam', default: openiamThis is the name of the openiam Activiti database. If using mariadb, this is most likely 'activiti', default: activitiPossible values: mysql, postgres, mssql, oracle. Type of the database that you are going to use with OpenIAM. The RDBMS have to be already installed, default: mysqlDo you want to initialize OpenIAM Schema and Users? Select this if you are not created schema and users in RDBMS yet. Super user (root) password will required [y/n]:yInitialization.Enter username for Super user (for mysql this is root), default: rootEnter password for super user (sa or root, depend on the db type), default:passwd00This is the hostname of where the openiam core database is., default: localhost194.233.175.51This is the port of where the openiam core database is. If using mariadb, this is most likely '3306', default: 3306This is the hostname of where the openiam activiti database is., default: localhost194.233.175.51This is the port of where the openiam activiti database is. If using mariadb, this is most likely '3306', default: 3306Please validate information below---------------------------------FLYWAY_BASELINE_VERSION=0.0.0.0FLYWAY_OPENIAM_DATABASE_NAME=openiamFLYWAY_ACTIVITI_DATABASE_NAME=activitiFLYWAY_OPENIAM_HOST=194.233.175.51FLYWAY_OPENIAM_PORT=3306FLYWAY_ACTIVITI_HOST=194.233.175.51FLYWAY_ACTIVITI_PORT=3306FLYWAY_DATABASE_TYPE=mysqlDatabase will be initialized=YRoot (Db admin) user name=rootRoot (Db admin) user password=passwd00---------------------------------Please validate your input above, if you are OK with that enter 'y'. To repeat an information collecting procedure enter 'n' :y
Answer Yes
to proceed.
The expected output for the installed database is given below.
Mysql. Try to initialize automaticallymysql: [Warning] Using a password on the command line interface can be insecure./usr/local/openiam/conf/schema/mysql/openiam/Flyway Community Edition 6.5.4 by RedgateDatabase: jdbc:mysql://194.233.175.51:3306/openiam (MySQL 5.5)Creating Schema History table `openiam`.`flyway_schema_history` with baseline ...WARNING: DB: Name 'flyway_schema_history_pk' ignored for PRIMARY key. (SQL State: 42000 - Error Code: 1280)Successfully baselined schema with version: 2.3.0.0Successfully validated 1077 migrations (execution time 00:00.330s)Current version of schema `openiam`: 2.3.0.0Migrating schema `openiam` to version 2.3.0.0.001 - mysql schema commonMigrating schema `openiam` to version 2.3.0.0.002 - mysql schema securityMigrating schema `openiam` to version 2.3.0.0.003 - mysql idm dataMigrating schema `openiam` to version 3.0.0.0.001 - alter table attribute mapMigrating schema `openiam` to version 3.0.0.0.002 - create resource many to many mappingMigrating schema `openiam` to version 3.0.0.0.003 - create group many to many mappingMigrating schema `openiam` to version 3.0.0.0.004 - migrate role idMigrating schema `openiam` to version 3.0.0.0.005 - migrate resource role mappingsMigrating schema `openiam` to version 3.0.0.0.006 - create role many to many mappingMigrating schema `openiam` to version 3.0.0.0.007 - create group and role name constraintsMigrating schema `openiam` to version 3.0.0.0.008 - add authorization data to resourcesMigrating schema `openiam` to version 3.0.0.0.009 - migrate menus to resourcesMigrating schema `openiam` to version 3.0.0.0.010 - fix resource name and type......Successfully applied 1076 migrations to schema `openiam` (execution time 00:27.744s)Flyway Community Edition 6.5.4 by RedgateDatabase: jdbc:mysql://194.233.175.51:3306/activiti (MySQL 5.5)Creating Schema History table `activiti`.`flyway_schema_history` with baseline ...WARNING: DB: Name 'flyway_schema_history_pk' ignored for PRIMARY key. (SQL State: 42000 - Error Code: 1280)Successfully baselined schema with version: 2.3.0.0Successfully validated 7 migrations (execution time 00:00.015s)Current version of schema `activiti`: 2.3.0.0Migrating schema `activiti` to version 4.0.0.0.106 - activiti.mysql.create.engineMigrating schema `activiti` to version 4.0.0.0.107 - activiti.mysql.create.historyMigrating schema `activiti` to version 4.0.0.0.108 - activiti.mysql.create.identityMigrating schema `activiti` to version 4.0.0.0.212 - activiti historyMigrating schema `activiti` to version 4.2.1.0.001 - OE-348Migrating schema `activiti` to version 4.2.1.0.999 - versionWARNING: DB: Name 'OPENIAM_VERESION_PK' ignored for PRIMARY key. (SQL State: 42000 - Error Code: 1280)Successfully applied 6 migrations to schema `activiti` (execution time 00:00.713s)
Installation done successfully.