Installing OpenIAM with a remote database

As an example, we're going to use a MySQL remote database. For other databases the process is similar and the differences are described at the end of the document.

  1. You need to prepare database beforehand by running the following.
dnf install mariadb-server
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation

At this point, you need to answer installation questions.

firewall-cmd --add-service=mysql --permanent
firewall-cmd --add-port=3306/tcp --permanent
firewall-cmd --reload

Login to MySQL console as root and run the following.

grant all privileges on *.* to 'root'@'%' identified by '<MY_PASSWORD>' with grant option;

Verify connection form OpenIAM box.

mysql -h DB_IP -uroot -p

When the remote database is ready, it is time to install OpenIAM. To install a product using a remote database, repeat the installation steps indicated in general installation process till step 4.

The system will ask you, whether you want to install database local:

Would you like to install MariaDB RDBMS locally? [y/n]:

Answer No, installation process will proceed until Critical section is finished and the system asks you to connect to a remote database.

Generate OpenIAM encryption secrets
=============== CRITICAL SECTION ===============
Database
Set OpenIAM username for schema 'openiam' , default: idmuser
Set OpenIAM password for schema 'openiam' , default: idmuser
Set OpenIAM username for schema 'activiti'., default: activiti
Set OpenIAM password for schema 'activiti'., default: activiti
Set OpenIAM password for RabbitMQ message broker, default: passwd00
Set OpenIAM password for Redis., default: passwd00
User to Access ElasticSearch. If you don't change it on the ES server side, leave it as elastic, default: elastic
Password for elastic to access ElasticSearch, default: VanrIwkYvDMtjzsw56228KoULtioOdlu
Please validate information below
---------------------------------
OpenIAM username for schema 'openiam': idmuser
OpenIAM password for schema 'openiam': idmuser
OpenIAM username for schema 'activiti': activiti
OpenIAM password for schema 'activiti': activiti
OpenIAM password for RabbitMQ message broker: passwd00
OpenIAM password for Redis: passwd00
OpenIAM Username to access ElasticSearch: elastic
OpenIAM password for elastic user to access ElasticSearch: VanrIwkYvDMtjzsw56228KoULtioOdlu
---------------------------------
Please validate your input above, if you are OK with that enter 'y'. To repeat an information collecting procedure enter 'n': y

Answer Yes to proceed database installation.

Note if you're using Flyway to install Oracle database, be sure to check username in database validation script. By default, it is IAMUSER. Hence, the username to be typed in on the previous step is to be AIMUSER. Note also that if you're not using Flyway to create a database, but create it on your own, be sure for the username and password in database validation script and in database configuration in the step above to coincide.

Further, installation will proceed and at the end you will be asked for database configuration.

=============== CRITICAL SECTION ===============
Database configuration.
Use default value if this is a new installation. If you are doing update, specify your current (before update) version here, like 4.1.11.0, default: 0.0.0.0
This is the name of the openiam core database. If using mariadb, this is most likely 'openiam', default: openiam
This is the name of the openiam Activiti database. If using mariadb, this is most likely 'activiti', default: activiti
Possible values: mysql, postgres, mssql, oracle. Type of the database that you are going to use with OpenIAM. The RDBMS have to be already installed, default: mysql
Do you want to initialize OpenIAM Schema and Users? Select this if you are not created schema and users in RDBMS yet. Super user (root) password will required [y/n]:y
Initialization.
Enter username for Super user (for mysql this is root), default: root
Enter password for super user (sa or root, depend on the db type), default:
passwd00
This is the hostname of where the openiam core database is., default: localhost
194.233.175.51
This is the port of where the openiam core database is. If using mariadb, this is most likely '3306', default: 3306
This is the hostname of where the openiam activiti database is., default: localhost
194.233.175.51
This is the port of where the openiam activiti database is. If using mariadb, this is most likely '3306', default: 3306
Please validate information below
---------------------------------
FLYWAY_BASELINE_VERSION=0.0.0.0
FLYWAY_OPENIAM_DATABASE_NAME=openiam
FLYWAY_ACTIVITI_DATABASE_NAME=activiti
FLYWAY_OPENIAM_HOST=194.233.175.51
FLYWAY_OPENIAM_PORT=3306
FLYWAY_ACTIVITI_HOST=194.233.175.51
FLYWAY_ACTIVITI_PORT=3306
FLYWAY_DATABASE_TYPE=mysql
Database will be initialized=Y
Root (Db admin) user name=root
Root (Db admin) user password=passwd00
---------------------------------
Please validate your input above, if you are OK with that enter 'y'. To repeat an information collecting procedure enter 'n' :y

Answer Yes to proceed.

The expected output for the installed database is given below.

Mysql. Try to initialize automatically
mysql: [Warning] Using a password on the command line interface can be insecure.
/usr/local/openiam/conf/schema/mysql/openiam/
Flyway Community Edition 6.5.4 by Redgate
Database: jdbc:mysql://194.233.175.51:3306/openiam (MySQL 5.5)
Creating Schema History table `openiam`.`flyway_schema_history` with baseline ...
WARNING: DB: Name 'flyway_schema_history_pk' ignored for PRIMARY key. (SQL State: 42000 - Error Code: 1280)
Successfully baselined schema with version: 2.3.0.0
Successfully validated 1077 migrations (execution time 00:00.330s)
Current version of schema `openiam`: 2.3.0.0
Migrating schema `openiam` to version 2.3.0.0.001 - mysql schema common
Migrating schema `openiam` to version 2.3.0.0.002 - mysql schema security
Migrating schema `openiam` to version 2.3.0.0.003 - mysql idm data
Migrating schema `openiam` to version 3.0.0.0.001 - alter table attribute map
Migrating schema `openiam` to version 3.0.0.0.002 - create resource many to many mapping
Migrating schema `openiam` to version 3.0.0.0.003 - create group many to many mapping
Migrating schema `openiam` to version 3.0.0.0.004 - migrate role id
Migrating schema `openiam` to version 3.0.0.0.005 - migrate resource role mappings
Migrating schema `openiam` to version 3.0.0.0.006 - create role many to many mapping
Migrating schema `openiam` to version 3.0.0.0.007 - create group and role name constraints
Migrating schema `openiam` to version 3.0.0.0.008 - add authorization data to resources
Migrating schema `openiam` to version 3.0.0.0.009 - migrate menus to resources
Migrating schema `openiam` to version 3.0.0.0.010 - fix resource name and type
......
Successfully applied 1076 migrations to schema `openiam` (execution time 00:27.744s)
Flyway Community Edition 6.5.4 by Redgate
Database: jdbc:mysql://194.233.175.51:3306/activiti (MySQL 5.5)
Creating Schema History table `activiti`.`flyway_schema_history` with baseline ...
WARNING: DB: Name 'flyway_schema_history_pk' ignored for PRIMARY key. (SQL State: 42000 - Error Code: 1280)
Successfully baselined schema with version: 2.3.0.0
Successfully validated 7 migrations (execution time 00:00.015s)
Current version of schema `activiti`: 2.3.0.0
Migrating schema `activiti` to version 4.0.0.0.106 - activiti.mysql.create.engine
Migrating schema `activiti` to version 4.0.0.0.107 - activiti.mysql.create.history
Migrating schema `activiti` to version 4.0.0.0.108 - activiti.mysql.create.identity
Migrating schema `activiti` to version 4.0.0.0.212 - activiti history
Migrating schema `activiti` to version 4.2.1.0.001 - OE-348
Migrating schema `activiti` to version 4.2.1.0.999 - version
WARNING: DB: Name 'OPENIAM_VERESION_PK' ignored for PRIMARY key. (SQL State: 42000 - Error Code: 1280)
Successfully applied 6 migrations to schema `activiti` (execution time 00:00.713s)

Installation done successfully.