AgileApps Support Wiki Pre Release

Difference between revisions of "Installation FAQs"

From AgileApps Support Wiki
imported>Aeric
imported>Aeric
Line 173: Line 173:
*[[Service Provider Settings]]
*[[Service Provider Settings]]


{{#if: {{ShowIsvInfo}} |
{{#if: {{ShowInstallInfo}} |
<noinclude>
<noinclude>



Revision as of 21:19, 31 May 2012

Installation FAQs

Answers to commonly asked installation questions.


What is Memcached?

Memcached is a third party caching mechanism which is used by the platform to cache the platform Application Data and other required elements, which can improve performance by minimizing the user response time to the server.

Learn more: Configure Memcached

Is the communication secure using the platform?

For secure communication, You should always use https://yourdomain/networking/Service to access the Platform. The platform provides a default self-signed certificate which is used by the Application Server.

This certificate can be replaced with your own certificate, purchased from VeriSign. For more instructions on replacing your own certificate, please follow the instructions at Certificate Signing Request (CSR) Generation Instructions-Tomcat

How do I obtain and install an SSL Certificate?

Managing SSL Certificates

Obtaining an SSL Certificate

The platform provides a default self-signed certificate which is used by the Application Server.

To obtain and install your own SSL Certificate, make a request to a Certificate Authority (CA). An SSL certificate authenticates a website to a web browser, part of a security protocol to manage secure data exchange.

The CA will accept your Certificate Signing Request and generate a certificate which identifies your website as a secured website.

To create a Certificate Signing Request (CSR)

1. Create a keystore and a private key:
cd {install-dir}/profiles/IS_default/configuration/tomcat/conf/RN

keytool -genkey -alias tomcat -keyalg RSA -keysize 2048 -keystore {keystore_filename}
2. Create a CSR from the keystore
keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr 
        -keystore {keystore_filename}
3. Submit the resulting file, certreq.csr, to the CA to obtain a certificate.
(When the certificate arrives, you are ready for the next step of steps.)

To Install the Certificate Obtained from the CA

Once you have obtained a certificate, you need to import it into the keystore.

But first, in addition to your certificate, the CA might provide a Chain/Root Certificate, which must also be imported. If you have received a chain certificate from the CA, then:

1. Copy the contents of the chain certificate into a file called chain
2. Import the chain certificate into your keystore:
keytool -import -alias root -keystore {keystore_filename} 
        -trustcacerts -file chain

When the chain certificate (if any) has been imported, you are ready for the final step:

3. Import the certificate received from the CA:
keytool -import -alias tomcat -keystore {keystore_filename} 
        -trustcacerts -file {certificate_filename}

Notepad.png

Note: If you have SSL certificate and private key, follow the below steps:

1. Convert the private key and certificate to PKCS#12 format using OpenSSL. Assuming you have the private key file in .key format (private.key) and the certificate file in .crt format (VMNX-AALIND22.crt), use the following command:
openssl pkcs12 -export -inkey <private.key> -in <certificate.crt> -out <keystore.p12> -name <alias>

The default alias is set to 1.

2. Replace <alias> with the desired alias for the key entry.
3. Import the PKCS#12 file into the Java keystore using the keytool command:
keytool -importkeystore -srckeystore <keystore.p12> -srcstoretype PKCS12 -destkeystore <keystore.jks> -destalias <alias>
4. Replace <alias> with the alias used in the previous step.

5. Enter the appropriate passwords when prompted, including the source keystore password for the PKCS#12 file and the destination keystore password for the Java keystore.

6. Once you have successfully completed these steps, the certificate and private key should be imported into the Java keystore with the specified alias.

To update a Customer SSL Certificate in AgileApps

1. Stop the Application server.
2. Update keystoreFile and keystorePass values in “com.softwareag.catalina.connector.https.pid-agileappsHttps-8284.properties” file available under
{install-dir}/profiles/IS_default/configuration/com.softwareag.platform.config.propsloader folder.

Notepad.png

Note: The keystorePass value provided by you in plain text is encrypted automatically when you restart the AgileApps application server.

3. After updating the properties, place the certificate in the {install-dir}/profiles/IS_default/configuration/tomcat/conf folder.
4. Restart the memcached server and start the AgileApps application server.


Learn More


On what port does the Application Server run?

The Application Server runs on the following ports. Please ensure these ports are open for your network.

  • Default Non SSL port 80
  • Default SSL port 443
  • Default Server Port 8006

Can I run Application Server on a different port?

Yes, you can choose to run the Application Server on a different port other than default port.

To run the Application Server on a different port:

A. Edit the file longjump_installation/tomcat/conf/server.xml
  1. Change the port number to the new port number
  2. Save the file
B. Edit the file longjump_installation/tomcat/conf/RN/networking.properties
Change the port numbers highlighted below:
@ Service Configuration
Service domain: www.example.com:
8080
@ Server.xml
<Connector port="
8080" ...
@ networking.properties
current_server=http://127.0.0.1:
8080/networking
@ Database Relationals

@ Table NETWORK_GLOBAL_PROPERTIES
@ Column
import_document_server = <ip>:8080
document_server = <ip>:8080
public_document_server = <ip>:8080

C. Restart the Application Server

Does the Application Server support any other Database Server other than MySQL?

Currently, the Application Server supports MySQL.

Is it possible to run the Application Server on one server and have Database Server MySQL running on another remote server?

Yes, the Application Server can be isolated on one machine and MySQL can be run on another remote machine.

Permissions need to be enabled on MySQL to allow the web servers to be able to access the database server. This can be done using the GRANT command of MySQL:

GRANT ALL ON *.* to 'root'@'web server IP Address' IDENTIFIED BY 'password'

How do I point a web server running the Application Server to a Remote Database server?

To direct a Remote Database Server to the Application Server:

  1. Edit the file longjump_installation/tomcat/conf/server.xml
  2. Replace url="jdbc:mysql://{domain}/relationals" with url="jdbc:mysql:// IP address of remote Database Server/relationals"
    Where IP address of remote Database Server is the IP address of the remote database server
  3. Save the file
  4. Restart the Application Server

How do I control the various servers which run inside the Application Server?

See Managing Backend Services

What kind of Housekeeping is Needed

Removing old data and old files that are no longer needed helps to keep both server and platform running smoothly.

Learn more: Housekeeping

Licensing

How do I read my license?

Open a command prompt and type the following command:

java –cp longjump_installation/tomcat/lib/es.jar com.es.customerLicense.ReadLicense

How do I check that my license is valid?

Open a command prompt and type the following command:

java –cp longjump_installation/tomcat/lib/es.jar com.es.customerLicense.ReadLicense

How will I be know when my license needs to be renewed?

The AgileApps Cloud platform monitors the license expiration date automatically. Following the end date of the license period, a seven-day grace period begins. During this grace period, an email notification is sent daily, until the license is renewed, or the grace period ends.

Can I use REST API to query my license?

Yes, a REST API License Resource is available. Use this resource to query each server for the license details, or use the resource to implement your own custom notification policies.

Learn more: License Resource

Troubleshooting

Error Sending Email Messages

If you receive the following error message, it is likely due to an incorrectly configured hostname.

Error in Sending Email:  501 Syntax: HELO hostname

To identify this issue try the following:

  • Find the hostname of the server by executing the following command.
 #hostname
 web1.mydomain.com
  • Check if you can ping the hostname (the ping should be successful):
#ping web1.mydomain.com
  • Check if you can resolve the hostname (nslookup should be able to resolve the hostname without any errors):
#nslookup web1.mydomain.com

If all of the remedies are not successful, work with your service provider or consult the Operating System documentation to configure a valid hostname for your server.

The hostname can be configured in the following files:

/etc/sysconfig/network
/etc/hosts


Out Of Memory Error

Follow these instructions to resolve OutOfMemoryError: PermGen Space errors:

  1. Edit this file:
    /longjump_app_Server/tomcat/bin/catalina.sh
  2. Add the following line at the end of the CATALINA_OPTS options:
    -XX:PermSize=500m -XX:MaxPermSize=500m
  3. Save the file and restart the Applications Server

If OutOfMemoryError: PermGen Space errors continue, the 500m option can be increased, depending upon the available memory.


My Documents are not being uploaded/downloaded or Imports are not working

A non-SSL tomcat connector is required for the document and import servers. These servers listen to port 80 by default.

Optionally, a different port can be selected. If documents are not being uploaded/downloaded or imports are not running, run the following patch. In this example, port 8080 is used. Be sure to change the port number to match the configuration in your environment.

  1. Login into mysql as root and execute the following queries:
    Mysql>Begin;
    Mysql> update relationals.NETWORK_GLOBAL_PROPERTIES SET document_server='http://locahost:8080
    /networking',public_document_server='http://localhost:8080/networking',import_document_server=
    'http://localhost:8080/networking';
    Mysql>commit;
  2. Restart memcached
  3. Restart the application server

Learn More