The instructions below are valid for all OpenIAM v4.2.1.x deployments on CentOS 9 Stream,Red Hat Enterprise Linux (RHEL) 9 and related distributions such as: Rocky Linux 9 and Alma Linux 9

This section describes how to install OpenIAM on either Centos 9 Stream, RHEL 9 / Rocky Linux 9 and Alma Linux 9 using an RPM distribution.

OpenIAM provides an RPM distribution which includes all the dependencies and Maria DB to simplify the installation process. The completeness of the RPM file also enables deployments in locked down environments where there is no network. The following databases are not included in the distribution: Oracle, SQL Server, and PostgreSQL.

You may download CentOS or RHEL from the following locations.

The installation instructions below require root level privileges on the host where OpenIAM will be deployed. The person or team installing OpenIAM must be familiar with the RHEL operating system, databases and services.

The procedures described in this guide must be performed in the order that they have been presented below.

SSH into your VM

To ssh into your newly created VM, follow the steps below: a) First get the IP address of your VM. You can do this using:

ip addr

b) Next use a tool such Putty or the terminal window on Mac and SSH to this Linux host:

ssh [username]@[IP address of your VM]

Example:

ssh root@172.16.101.128

Minimum System requirements

For non-production use, the Linux Host or VM must have the following minimum configuration:

Validate your environment

Login to your VM as root or a privileged user. To check the CPUs on your VM use: lscpu To the memory on your VM use: free -m

The result of each of these commands MUST align with the above minimum requirements. For sizing assistance for a production deployment, either open a support ticket or contact your OpenIAM point of contact.

Example of output from the above command is provided below.

[root@li1262-180 ~]# lscpu
Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          48 bits physical, 48 bits virtual
  Byte Order:             Little Endian
CPU(s):                   16
  On-line CPU(s) list:    0-15
Vendor ID:                AuthenticAMD
  BIOS Vendor ID:         QEMU
  Model name:             AMD EPYC 7713 64-Core Processor
    BIOS Model name:      pc-q35-7.2
    CPU family:           25
    Model:                1
    Thread(s) per core:   1
    Core(s) per socket:   16
    Socket(s):            1
    Stepping:             1
    BogoMIPS:             3999.99
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse ss
                          e2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm rep_good nopl cpuid extd_apicid tsc_known_fr
                          eq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes x
                          save avx f16c rdrand hypervisor lahf_lm cmp_legacy cr8_legacy abm sse4a misalignsse 3dnowprefet
                          ch osvw perfctr_core ssbd ibrs ibpb stibp vmmcall fsgsbase tsc_adjust bmi1 avx2 smep bmi2 rdsee
                          d adx smap clflushopt clwb sha_ni xsaveopt xsavec xgetbv1 xsaves clzero xsaveerptr wbnoinvd ara
                          t umip pku ospke vaes vpclmulqdq rdpid arch_capabilities


[root@li1262-180 ~]# free -m
               total        used        free      shared  buff/cache   available
Mem:           64300         847       63754          16         314       63452
Swap:            511           0         511

[root@li1262-180 ~]#

You may also run the following supporting commands to prepare the system for installation.

Command to check VM Operating System is as follows.

cat /etc/os-release

Example of output form the above command.

VERSION="9.5 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.5"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.5 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
VENDOR_NAME="RESF"
VENDOR_URL="https://resf.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.5"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.5"

Command to get system disk space is as follows.

df -H

Example of output form the above command.

Filesystem           Size  Used Avail Use% Mounted on
devtmpfs              17G     0   17G   0% /dev
tmpfs                 17G     0   17G   0% /dev/shm
tmpfs                 17G  8.9M   17G   1% /run
tmpfs                 17G     0   17G   0% /sys/fs/cgroup
/dev/mapper/cs-root   52G  2.4G   49G   5% /
/dev/mapper/cs-home   25G  209M   25G   1% /home
/dev/sda1            1.1G  295M  769M  28% /boot
tmpfs                3.4G     0  3.4G   0% /run/user/0

vi editor commands:

to edit -- type i
to escape -- hit esc
to save and quit -- type :wq

Prepare the host system for installation

The OpenIAM application requires a few configurations to be performed prior to installing the application. These steps are described below.

Install required packages

Before installing OpenIAM, please execute the commands below to install the required packages. If you have already logged in as root, you do not need to prefix them with sudo. If you have used another account, then you need to use sudo.

Next steps

• Install with Internet Access
• Install without Internet Access

Directory structure

This section describes the location and structure of the OpenIAM installation. By default, the application is installed at: /usr/local/openiam Within this directory, files are organized into the following subdirectories:

1. conf/ - Contains configuration-related files and subdirectories:
   1. iamscripts/ – Predefined Groovy scripts.
   2. activiti/ – Predefined Activiti workflow templates.
   3. device/ – Configuration files for push notification service integration used by the OpenIAM mobile application.
   4. properties/ – Property files for database connectivity, Elasticsearch, Redis, Vault, and other configurations.
   5. schema/ – SQL files defining the database schema, used by Flyway.
2. connectors/ - Scripts to start and stop locally installed connectors.
3. env.conf - Configuration file defining system-level settings.
4. flyway/ - Contains Flyway-related configurations and database drivers for schema versioning.
5. health/ - Stores the output of health check operations for OpenIAM services.
6. janusgraph/ - Installation directory for JanusGraph.
7. jdk/ - Java Development Kit (JDK) used by OpenIAM and other services.
8. logs/ - Stores log files generated by OpenIAM services.
9. openiamrepo/ - Contains RPM packages for OpenIAM components.
10. services/ - JAR files for OpenIAM services, along with utilities to start and stop them.
11. source-adapters/ - Scripts to start and stop source adapters.
12. ui/ - Files and configurations related to the OpenIAM UI, including Tomcat, IdP, Self-Service, Web Console, and more.
13. upload/ - Storage location for uploaded files.
14. utils/ - Utilities for managing OpenIAM infrastructure components.
15. vault/ - Contains policy files and certificates used by Vault.
16. version - File containing the installed version of OpenIAM.