Hello all,

On this first part of the blog, I will show you how to install DWP Catalog 19.11 on a cluster, as a non-root user, using an advanced-options.txt file having custom install directory, and Openjdk11 on:

1. Red Hat Enterprise Linux Server release 7.4 (Maipo)
2. Oracle Database 12c Enterprise Edition Release 12.1.0.1.0 - 64bit Production

Prerequisites: Basic Linux and Oracle Knowledge/Background.

NOTE - If you are upgrading to 19.11 and you have SSL in place, put the certs on a different directory (out of dwpcatalog install directory) and update the jetty-http.xml with the new path prior running the upgrade.

Use the installer and upgrade file realesed on EPD on December 9th of 2019

EXTRA - If you want to install DWP Catalog as root user on a Linux Server and on a MSSQL Database, check Vinay's post!

BMC Digital Workplace Catalog Installation - The Run Book

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

We will cover the following topics on the first part of this blog:

AGENDA

PRE-INSTALL STEPS

• Getting the server ready for the install - root
  • Installing dependencies and additional software
  • Configure Firewall - if any
  • Installing and Configuring OpenJDK11 for the Catalog and creating a soft-link to /user/java/latest
    • UPDATING JAVA References in case of a Java Update
  • Creating the non-root user
  • Creating custom install directory
  • Updating File/Directories permissions for non root user
  • Editing hosts file (for DWP Catalog Clulster only)
• Downloading the Installation files from EPD and installing JQ and XMLstartlet - root
  • Downloading the right files
  • Handling the installation files
  • Installing JQ and XMLstartlet
• Configuring Oracle for the installation: New Oracle Dump File process-- sysdba account needed
  • Restoring dump
  • Creating Tenant Schema
• Creating options.txt for custom install directory - dwpuser
  • File example

INSTALL STEPS

• Running the installer - dwpuser

POST INSTALL STEPS

• Loading the Tenant Schema - dwpuser
  • Creating a tenant.txt file
• Installing additional nodes (ServerGroup Configuration will be covered on the second part of this blog)

We will cover the following topics in the second part of this blog (see more details at the end of this blog):

DWP Catalog 19.11 | From First To Last: Initial Set Up Guide - PART II

Second part will be published by the End of December. Face some SSL/RSSO  issues during the upgrade and had to wait for the new installer.

POST CONFIGURATION  STEPS

• Setting up a Midtier for DWP Catalog.
• Configuring RSSO for DWP Catalog and the rest of the applications - dwpuser and rssoadmin
  • ignore-tenant=true setting explained
  • Disabling RSSO for DWP Catalog
  • RSSO external, internal (agents), ar sever config file url, and backchannel url's should match. --don't use aliases.
• Configuring SSL on the Catalog:
  • Creating a new self-signed certificate for the DWP Catalog - root
  • Importing self-certificate certificates to JAVA cacerts - root
  • CA signed certs and Java ca-certs
• Creating a cron entry for the user_group_sync.sh script - dwpuser in crontab
  • Updating user_group_sync.sh for SSL - dwpuser
• Configuring ServerGroup environment for the Catalog - dwpuser and Demo
  • Configuring FTS on a DWP Server Group - dwpuser and Demo
    • Primary DWP Catalog Server
    • Secondary DWP Catalog Server
• Integrating with ITSM, DWP and SmartIT -  dwpuser and Demo
  • User permissions needed for SmartIT and DWP Catalog Integration : sbe-agents
• Remedy Connector

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

PRE-INSTALL

Getting the server ready for the install

Installing dependencies

As root, perform these steps in all the DWP Nodes in the cluster.

• Enable optional rpm's (we need this to install OpenJDK11)

      yum-config-manager --enable rhel-7-server-optional-rpms

• Install dependencies. Note: You can do it with the script that comes with DWP Catalog too, but we don't have the file on the server at this point yet.
  

        yum install -y glibc nspr libgcc libstdc++ unzip tar compat-libstdc++-33 compat-libstdc++-33.i686 glibc.i686 libgcc.i686 libstdc++.i686 net-tools python-setuptools php-pear

• run the below command to improve DWP Catalog node performance

      ulimit -n  16384

Getting Firewall Ready - if any

• As root, check if firewall is running or not, if not skip this section.
• Handling firewall > https://linuxconfig.org/how-to-stop-start-and-disable-enable-firewall-on-redhat-7-linux-system

systemctl status firewalld

Not running

Running

• If it is running, then run below commands

firewall-cmd --zone=public --permanent --add-port=8008/tcp

firewall-cmd --zone=public --permanent --add-port=8443/tcp

firewall-cmd --zone=public --permanent --add-port=443/tcp

firewall-cmd --zone=public --permanent --add-port=9988/tcp

firewall-cmd --zone=public --permanent --add-port=80/tcp

firewall-cmd --zone=public --permanent --add-port=8080/tcp

firewall-cmd --zone=public --permanent --add-port=9977/tcp

firewall-cmd --zone=public --permanent --add-port=40001/tcp

firewall-cmd --zone=public --permanent --add-port=61617/tcp

firewall-cmd --zone=public --permanent --add-port=8009/tcp

firewall-cmd --zone=public --permanent --add-port=8005/tcp

firewall-cmd --reload

(hit enter)

•      All the commands above should throw a success message

Installing and Configuring OpenJDK11 for the Catalog and creating a soft-link to /usr/java/latest

As root, install OpenJDK11 on the server

• Install OpenJDK11 - Install OpenJDK on Windows and Linux | Red Hat Developer

yum-config-manager --enable rhel-7-server-optional-rpms

yum install java-11-openjdk-devel

Successful install

• Set OpenJDK11 as your default Java Provider. Select the OpenJDK11 option

alternatives --config java

• Create a softlink for OpenJDK called  /usr/java/latest - This way, JAVA updates shouldn't be a headache in future occasions.

        ln -s /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64               /usr/java/latest

       - if you get a problem when creating the soft link, try creating the /usr/java/latest directory, removing and try again -

        mkdir -p /usr/java/latest

        rm -rf /usr/java/latest

        ln -s /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64 /usr/java/latest

• Confirm soft link was created by running ls -l /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64 /usr/java/latest

• Set JAVA_HOME and confirm JAVA_HOME was set

       export JAVA_HOME=/usr/java/latest

       echo $JAVA_HOME

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

UPDATING JAVA References in case of a Java Update

• From now on, on each java update, you have to update the soft links. How?

        Say you upgrade to OpenJDK13

       unlink /usr/java/latest  -- This will remove the link between the OpenJDK11 and the symbolic link

       ln -s /usr/lib/jvm/java-11-openjdk-13 /usr/java/latest    -- This will recreate the symbolic link and will point OpenJDK13 (the new java) to it.

More info below

DWP Catalog - OpenJDK11 and ORACLE JRE 1.8 Configuration

•   That's all, no more headaches!

  NOTE: If you need ORACLE JRE, please check the below documentation:https://docs.bmc.com/docs/digitalworkplaceadvanced/1908/creating-oracle-tablespaces-871980124.html?src=search

  Setting up the installation environment - Documentation for BMC Digital Workplace Advanced 19.08 - BMC Documentation

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Creating the non-root user

Log onto the DWP Catalog Server node(s) as root:

• Create the dwpcatalog group

        groupadd dwpcatalog

• Create the user dwpuser - this will create a directory under /home/dwpuser

       useradd -g dwpcatalog -m dwpuser

• Set a password for dwpuser

passwd dwpuser

Creating custom install directory

Log onto the DWP Catalog Server node(s) as root:

• Create custom directory

mkdir -p /app

• Change permissions for dwpcatalog grouplist which contains dwpuser user

chown -R root:dwpcatalog  /app

chown -R dwpuser /app

chmod g+rwx  /app

(hit enter)

Updating File/Directories permissions for non root user

As root, run the below commands:

BE SURE TO BE USING YOUR JAVA DIRECTORY

chown -R root:dwpcatalog /opt/bmc

chmod g+rwx /opt/bmc

mkdir -p /etc/arsystem

chown -R root:dwpcatalog /etc/arsystem

chmod g+rwx /etc/arsystem

chown root:dwpcatalog /tmp

chmod g+rwx /tmp

chown root:dwpcatalog /usr/java/latest/bin

chmod g+rwx /usr/java/latest

chown root:dwpcatalog /usr/java/latest/lib

chmod g+rwx /usr/java/latest

chown root:dwpcatalog /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64/bin 

chmod g+rx  /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64/bin                    

chown root:dwpcatalog /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64/lib

chmod g+rwx  /usr/lib/jvm/java-11-openjdk-11.0.4.11-1.el7_7.x86_64/lib  

chown root:dwpcatalog /etc/profile

chmod g+w /etc/profile

chown root:dwpcatalog /dev/console

chmod g+w /dev/console

chown root:dwpcatalog /home/dwpuser

chmod g+wrx /home/dwpuser

(HIT ENTER)

Editing hosts file

• Log in as root
• Edit /etc/hosts

       vim /etc/hosts

• Add the desired hosts/aliases/dns entries.

        Use case: I have a servergroup/loadbalancer called catalog-cluster-americas.domain.com and it has two servers behind it: catalog1.domain.com and catalog2.domain.com

        NOTE:

        Below configuration could be different in you system: ask your sysadmin/network team what the right configuration for this would be.

        This is what I have in my system and works.

Primary DWP Catalog Hosts Files

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 catalogcluster-americas.domain.com catalog1.domain.com catalog2.domain.com

172.20.x.13x  catalogcluster-americas.domain.com catalog1.domain.com

172.20.x.13x  catalogcluster-americas.domain.com catalog2.domain.com

Secondary DWP Catalog Hosts Files

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4 catalogcluster-americas.domain.com catalog2.domain.com catalog1.domain.com

172.20.x.13x  catalogcluster-americas.domain.com catalog2.domain.com

172.20.x.13x  catalogcluster-americas.domain.com catalog1.domain.com

• Hit ESC twice then hit :
• Then, type wq!
• Hit Enter
• That should save above changes
• To confirm type cat /etc/hosts and that should return the above changes
• Type exit

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Downloading the Installation files from EPD and installing JQ and XMLstartlet

Downloading the right files

• The first thing we need to do is download DWP Catalog 19.11 from EPD.
• This is under MyIT/ MyIT Service broker

• Files that we need are higlighted below

1. digital-workplace-catalog-fresh19.11.00.tar.gz -- DWP Catalog Installer
2. 20191114_DWPCSaaSAdmin.dpdmp -- Oracle Dump
3. DWPCatalog1911forITSM1808Patch001_19.11 -- That goes on the AR Server and it needs to be installed via Deployment Package Console
   

Handling the installation files

• I'm assuming you are not allowed to upload files via ftp/scp as a non-root user. If you do, you can skip the permission steps.
• Log in as root
• Upload the file digital-workplace-catalog-fresh19.11.00.tar.gz to the Linux server using any scp/ftp tool and put it under /tmp

• Change the file permissons as follows

        chown dwpuser digital-workplace-catalog-fresh19.11.00.tar.gz

• Move the files to /home/dwpuser

       mv digital-workplace-catalog-fresh19.11.00.tar.gz /home/dwpuser

• switch to dwpuser

        su - dwpuser

• Go to directory

cd /home/dwpuser

• Unzip installation files

       tar -zxvf digital-workplace-catalog-fresh19.11.00.tar.gz

Installing JQ and XMLstartlet

• Switch back to root by running:

      exit

• Go to /home/dwpuser /install_files

        cd /home/dwpuser/install_files

• Install the xmlstartlet and

        rpm -Uvh xmlstarlet*

• Copy jq from the install directory to the /usr/bin and update the permissions.

        cp /home/dwpuser/install_files/jq    /usr/bin

        chmod +x /usr/bin/jq

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Configuring Oracle for the installation: New Oracle Dump File process

There is a new feature from 19.11. You can use an Oracle Dump to precreate the Schema and the DWP Catalog install should be faster.

If you don't want to use this dump, follow the old Oracle instructions in the docs.

ORACLE TUNING

Tuning the Oracle server - Documentation for BMC Digital Workplace Advanced 19.08 - BMC Documentation

Restoring dump

Remember, this dump has a precreated Schema Database which is called DWPCSAAS.

There is no need to create a Schema Database.

• Download the Oracle dump file from:

  http://iamslite.bmc.com/smbufs1/build_myitsb/backup/oracle/20190917_DWPCSaasAdmin.dmp

• Put the file under   '/data1/oracle/product/admin/ORA121DB/dpdump' using scp or any other protocol.

       Note: Directory might be different in your system

• Make sure file is owned by   oracle user and not   root by running

ls -lrth
-rw-rwxr-- 1 oracle dba 471M Nov 24 10:03 20190917_DWPCSaasAdmin.dmp

      If this is owned by   root, then you won't be able to import the dumpfile.

      Solution: need to  change the file permissions as follows:

      chown oracle 20190917_DWPCSaasAdmin.dmp

• Log onto sqlplus with an admin user

  sqlplus / as sysdba

• Run below command

CREATE OR REPLACE DIRECTORY DATA_PUMP_DIR as    '/data1/oracle/product/admin/ORA121DB/dpdump';  - this is the directory where you put the dump file

           NOTE:

           DATA_PUMP_DIR this is not a physical value, is more like a soft-link value.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Creating and Restoring DWP APP Schema, now called DWPCSAAS

IMPORTANT! FROM DWP Catalog 20.02 and beyond- follow below documentation

Creating Oracle tablespaces - Documentation for BMC Digital Workplace Advanced 20.02 - BMC Documentation

• Run the following queries via sqlplus as sysadmin.

  • NOTE: You can skip the Drop User and Tablespace if this is a fresh install

                # DROP USER DWPCSAASADMIN cascade;

#COMMIT;

#DROP TABLESPACE "DWPCSAAS" INCLUDING CONTENTS AND DATAFILES CASCADE CONSTRAINTS;

#COMMIT;

CREATE ROLE DWPCSAASADMINROLE NOT IDENTIFIED;

COMMIT;

GRANT ALTER SESSION, CREATE CLUSTER, CREATE DATABASE LINK, CREATE SEQUENCE, CREATE SESSION, CREATE SYNONYM, CREATE TABLE, CREATE VIEW, CREATE PROCEDURE, CREATE TRIGGER, QUERY REWRITE TO DWPCSAASADMINROLE;

COMMIT;

CREATE TABLESPACE DWPCSaas DATAFILE 'DWPCSaas.dbf' SIZE 500M REUSE AUTOEXTEND ON;

COMMIT;

         !impdp system/bmcAdm1n directory=DATA_PUMP_DIR dumpfile=20190917_DWPCSaasAdmin.dmp logfile=import.log full=y;     -- THIS NEEDS TO BE RUN VIA SQLPLUS

COMMIT;

alter user DWPCSAASADMIN identified by password;

COMMIT;

GRANT DWPCSAASADMINROLE  TO DWPCSAASADMIN;

COMMIT;

Creating Tenant Schema, now called DWPCTenant

• Run the following queries via sqlplus as sysadmin.

CREATE TABLESPACE DWPCTenant DATAFILE ' DWPCTenant.dbf' SIZE 2000M REUSE AUTOEXTEND ON;

COMMIT;

#Below will create a dedicated temporary a tablespace for both Users

CREATE TEMPORARY TABLESPACE DWPCTemp TEMPFILE 'DWPCTemp.dbf' SIZE 4000M REUSE AUTOEXTEND ON;

COMMIT;

CREATE USER DWPCTENANTADMIN IDENTIFIED BY password DEFAULT TABLESPACE DWPCTenant TEMPORARY TABLESPACE DWPCTemp QUOTA UNLIMITED ON DWPCTenant;

COMMIT;

GRANT DWPCSAASADMINROLE  TO DWPCTenantADMIN;

COMMIT;

alter user DWPCSAASADMIN   temporary tablespace DWPCTemp;

COMMIT;

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

INSTALL

Running the installer

• Log onto DWP Catalog Server as dwpuser user

       su - dwpuser

• Go to /home/dwpuser

cd /home/dwpuser

• Create a new  custom options.txt file

       touch custom-options.txt

• Open it up

        vim custom-options.txt

• Insert below values and update required fields so they match your environment details
  • NOTE: Use the hostname for this custom-options.txt file, you can set the server group name later and that will be covered on the second section of the blog.

• PLEASE READ THE FOLLOWING
  • Admin user/password is hardcoded in the db: Demo/password. We don't need/We cannot specify it a different one while using BMC DB provided snapshots/backup, not even with an advanced-options.txt file
  • Midtier password is hardcoded  too, and cannot be changed during the installation process, password is: !9FviS^#

       -P installLocation=/app/dwpcatalog  this will be our advanced option file

Example

       -P installLocation=/app/dwpcatalog

-J BMC_DWP_SERVER_ROLE=master

-J BMC_JAVA_JRE_64_BIT_HOME_PATH=/usr/java/latest

-J BMC_DWP_SERVER_NAME=dwpc-node-1

-J BMC_DWP_SERVER_HOST_NAME=dwpc-node-1.domain.com

-J BMC_DATABASE_LOGIN=DWPCSAASADMIN

-J BMC_DATABASE_PASSWORD=password

-J BMC_DATABASE_TYPE=ORACLE

-J BMC_DATABASE_HOST=catalogoracle.domain.com

-J BMC_DATABASE_PORT=1521

-J BMC_DATABASE_INSTANCE=ORA121DB

-J BMC_DATABASE_ORACLE_SID_OR_SERVICE=true

-J BMC_DATABASE_DBA_TABLESPACE_NAME=DWPCSaas

          -J BMC_MIDTIER_PASSWORD=!9FviS^#

FOR 20.02 and beyond file looks like this

-P installLocation=/apps/dwpc

-J BMC_DWP_SERVER_ROLE=master

-J BMC_JAVA_JRE_64_BIT_HOME_PATH=/apps/java

-J BMC_DWP_SERVER_NAME=clm-aus-u5isim

-J BMC_DWP_SERVER_HOST_NAME=clm-aus-u5isim.bmc.com

-J BMC_DATABASE_LOGIN=DWPCAdmin

-J BMC_DATABASE_PASSWORD=password

-J BMC_DATABASE_TYPE=ORACLE

-J BMC_DATABASE_HOST=clm-aus-u5ismf

-J BMC_DATABASE_PORT=1521

-J BMC_DATABASE_INSTANCE=ORA112DB

-J BMC_DATABASE_ORACLE_SID_OR_SERVICE=true

-J BMC_DATABASE_DBA_TABLESPACE_NAME=DWPCatalog

-J BMC_MIDTIER_PASSWORD=!9FviS^#

• Save it

• run the installer as dwpuser

       ./install-digitalworkplace.sh -o custom-options.txt

• A successful install should show the below output:
  

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

POST INSTALL STEPS

Loading the Tenant Data

Creating a tenant.txt file

IMPORTANT! - You can no longer specify an admin user for DWP Catalog. Back in the day we would user dwpadmin or specify a custom one by using advanced-optionts.txt file.

That is no longer supported. Now we have to use Demo/password for this and for Midtier is the same case,  for Midtier password needs to be !9FviS^#

Mid-Tier-Service-Password: UeaBxN3kmM7ZKu6H/FnfUUam6iCSRw7JjXq386a3ncjrilhrcPTVnm7gOGFIBji3NUrm4JDUglCvIpLaghVWSqb8f9pDkYwHXuKj6YXDQpkGdbPXSeZ3LQ==

Which is  !9FviS^#

You can create a new admin user for this later, by logging onto DWP Catalog AR Server as Demo, then create a new record on AR System Admin User Form

• Log onto the DWP Catalog as dwpuser
• Go to /app/dwpcatalog/sb directory

cd /app/dwpcatalog/sb

• Create a new tenant.txt file

        touch tenant.txt

• Add below values vi editing tenant.txt using vi

       vi tenant.txt (make sure this file is created and populated on LINUX, if you do it on Windows this won't work!!!)

Demo

password

DWPCTENANTADMIN

bmc.com

dwpc-oracle.bmc.com

DWPCTENANTADMIN

password

• Save and close
• Run the script

./post_install.sh create_tenant < tenant.txt

• A successful run should throw the below

• That should perform a DWP Catalog Restart when done

• Confirm you can now log onto the DWP Catalog - using hannah_admin@yourdomain.com  and the password is: Passw0rd!
• In order to restart the DWP Catalog, you need to run the next commands:
  • ./dwpcontroller stop
  • ./dwpcontroller start -u Demo -p password

Installing additional nodes (Server Group Configuration will be covered on the second part of this blog)

• Repeat all of the above, just skip the Database Creation Steps and the Create Tenant Steps and use the secondary catalog hostname for the custom-options.txt file.
• We will configure the Server Group environment on the second part of the blog.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

We will cover the following topics on the second part of this blog

DWP Catalog 19.11 | From First To Last: Initial Set Up Guide - PART II

Second part will be published by the End of December. Face some SSL/RSSO  issues during the upgrade and had to wait for the new installer.

POST CONFIGURATION  STEPS

• Setting up a Midtier for DWP Catalog.
• Configuring RSSO for DWP Catalog and the rest of the applications - dwpuser and rssoadmin
  • ignore-tenant=true setting explained
  • Disabling RSSO for DWP Catalog
  • RSSO external, internal (agents), ar sever config file url, and backchannel url's should match. --don't use aliases.
• Configuring SSL on the Catalog:
  • Creating a new self-signed certificate for the DWP Catalog - root
  • Importing self-certificate certificates to JAVA cacerts - root
  • CA signed certs and Java ca-certs
• Creating a cron entry for the user_group_sync.sh script - dwpuser in crontab
  • Updating user_group_sync.sh for SSL - dwpuser
• Configuring ServerGroup environment for the Catalog - dwpuser and Demo
  • Configuring FTS on a DWP Server Group - dwpuser and Demo
    • Primary DWP Catalog Server
    • Secondary DWP Catalog Server
• Integrating with ITSM, DWP and SmartIT -  dwpuser and Demo
  • User permissions needed for SmartIT and DWP Catalog Integration : sbe-agents
• Remedy Connector

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Hope this helps, and thanks for making it this far.

Please, leave your feedback/comments/concerns below.

Cheers,

Daniel Soto