We have completed this process at Clayton State University, and have felt that it would be best to release our installation documentation to try and help others who are pursuing similar interests. Below is a modified extract of our documentation, as well as sample scripts that can be modified in any way to suite anyone's interests. This information is made available with absolutely no legal strings attached - I encourage people to reproduce this content, and distribute it in any way possible. I have no affiliation with Sungard, or Luminis and it is not my intention to disclose any industry, or trade secrets.

Our configuration was an existing single tier Portal server running on Solaris 10. We were moving to RHEL4 with a Parallel deployment configuration. Many of the references below (ie copying files from the current system) require you to either have an existing installation, or deviate from the flow of this document.

Attached are the script files referenced in the documentation. You will want to copy these files to the home folder of your Portal administrator account on the new resource tier machine. Please look at the scripts and make any needed modifications before running them. They are powerful, and can cause a lot of trouble if you aren't familiar with the contents of these files.

Also - I would like to give credit to Chris Hansen for writing the scripts that are attached.

Contents 1 Overview 1.1 Installing RHEL4 1.2 Preparing RHEL4 Base Image 1.3 The Resource Tier 1.3.1 Additional installation 1.3.2 Introduction 1.3.3 install.conf 1.3.4 Run installer 1.3.5 Upgrading 1.3.6 Post Installation Configuration 1.3.6.1 Replication 1.3.6.2 Copying Old Production Schema and Data to New Schema 1.3.6.3 Setup LDAP Authentication 1.3.6.4 Single Sign On with systems 1.3.6.5 Importing SSL Certificates 1.3.6.6 Synchronize customized files 1.3.7 Parallel Deployment Implementation 1.3.8 LMG Integration 1.4 Load Balancer Configuration 1.4.1 HTTP Cluster 1.4.2 HTTPS Cluster 1.4.3 HTTP CPIP Cluster 1.4.4 Chat Cluster 1.5 The Portal Tier 1.5.1 Configuration 1.5.2 Installation 1.5.3 Post Installation Configuration 1.5.3.1 Configman changes 2 Moving to a new DNS Name 2.1 Preparation 2.2 Load Balancer 2.3 Apply Settings 2.4 Message Broker

Overview

 

Luminis can now run on RHEL4 (Enterprise Server - ES) (as of April, 2009). Several steps must be performed to prepare the OS for a Luminis installation. See preparing RHEL4 below

The Luminis platform is divided into multiple tiers. Each tier serves a specific purpose, such as the resource tier, portal tier, etc. We will need to install and configure each tier in a specific order, starting with the Resource tier.

Installing RHEL4

If you haven't verified the installation media, run a checksum before installing. Also, if you want to setup a static IP, you can do that at this point. For the rest of the installation, use the default values.

Preparing RHEL4 Base Image

After the installation, complete these tasks for the base image:

• Setup admin account
• Transfer authorized_keys file
• Add admin to sudoers list with no password prompt (visudo)
• Modify /etc/resolv.conf
• Open up the firewall on ports 80, 443, 8008 for platform communications
• Setup any extra packages (vim, etc) by adding your Red Hat network account info
• Change init to 3, and turn off unwanted services (samba, X, cups, etc)+
• Install vmware tools

+ These are the services to modify:

sudo /sbin/chkconfig isdn off
sudo /sbin/chkconfig pcmcia off
sudo /sbin/chkconfig smartd off
sudo /sbin/chkconfig cups off
sudo /sbin/chkconfig cups-config-daemon off
sudo /sbin/chkconfig apmd off
sudo /sbin/chkconfig nfs on

The Resource Tier

Additional installation

Complete these tasks:

• Modify the MAC address, IP, Gateway, etc in /etc/sysconfig/network-scripts/ifcfg-eth0 if copying from an existing VM
• Mount / prepare installation media
• Disable the firewall
• Acquire DNS name
• Change hostname in /etc/hostname
• Create appropriate entries in /etc/hosts to create loopback, and local reference to own DNS name
• Copy over our custom Luminis scripts directory from an existing server
• Change variables in the scripts/90-functions file (attached)

Introduction

This Tier is responsible for LDAP, database connections, and housing file fragments for Targeted Content Channels. This tier must be coupled with its own portal tier (even though it may never be used). This must be installed first, as it is a prerequisite for the Portal tiers.

install.conf

Copy over the install.conf file, or create from scatch. You will need the following for the resources tier (anywhere is fine - assuming ~/install.conf):

# What to install
tiers=portal, resource
# Where to install

cp.root=/opt/luminis

# How to connect to LDAP running on the Resource box
resource.directory.manager.dn=cn=Directory Manager
resource.directory.manager.password=(password)
resource.host=fqdn of host
resource.ldap.port=389
resource.ldap.suffix=cp

# Properties required for the Dev box
admin.email=a@a.com
admin.id=adminrt
admin.password=(password)
email.domain=clayton.edu
email.host=oi.clayton.edu
license.key=####
luminis.database.host=fqdn of Oracle instance
luminis.database.name=(Oracle SID)
luminis.database.port=8765
luminis.database.type=oracle
luminis.database.user.id=(db user)
luminis.database.user.password=(db password)
school.city=Morrow
school.country=us
school.name=Clayton State University
school.state=GA
school.timezone=America/New_York
school.zipcode=######
secure.email=yes
smtp.host=fqdn of smtp host

# Properties required on Unix
os.group.id=admin
os.user.id=admin

# Optional Properties
local.ip=(resource tier ip)
local.host=(resource tier fqdn)
verbose=yes
validate.network.properties=no

#PD Settings
pd.enabled=yes
pd.server.cookie.enabled=yes
shared.directory=/opt/luminisshared
grouptools.chat.port=9001
integrated.email=no
localhost=(resource tier fqdn)

Note: The userid of the Luminis platform must not be the username of the platform that you are migrating from. This "temporary" username will be replaced by the old user from the source system.

Run installer

Run the following operations on the mounted installation media (assuming /tmp/install as a mount point). Run the following:

cd /tmp/install
./LP-4.0.0.0-linux -x /tmp/explode
chmod -R 755 /tmp/explode
cp -r /tmp/install/jes /tmp/

This will extract the installer file into its separate files so that we can modify them. Yes - we are modifying the installer here. You will need to change some prerequisite checking to allow Luminis to install on RHEL4. The files to be modified are:

• /tmp/explode/0/scripts/check-linux-prereqs.py
• /tmp/jes/Linux_x86/installer

Consult the lp0309sup.pdf for specifics. We are now ready to being the installation. If you have the ability to snapshot, this would be a good place to do so. Run the following (may need to be root)

cd /tmp/explode/bin
./run-installer /home/admin/install.conf

This will install the resource tier without any questions or prompts. If it fails, you will most likely have to revert to your snapshot and start again, as it doesn't seem to resume very well when it errors.

If you plan to replicate data, DO NOT DO ANYTHING IN THE PORTAL. It relies on exact matches for channel IDs, etc so look but don't touch.

Upgrading

You should upgrade the resource tier before syncing any files, or applying any customizations because the upgrades can knock out these customizations, causing you to have to do them again. Additionally, if you are replicating, you want to make sure that you are at the version of the source system.

As of LP-4.2.1.0-linux, the patching has become cumulative, so life is easier. LP-4.2.1.0-linux does not appear to want to install over top of 4.0.1.0, so I run the following commands to ensure my environment:

patchcp -l

If you get back:

luminis-4.0.0.0
luminis-4.0.1.0

then you will need to perform the additional step of uninstalling 4.0.1.0. To do that, run:

sudo patchcp -u luminis-4.0.1.0

Copy the LP installation file to a writable directory (if you have it mounted from an read-only share). This will cause the installation to fail if not performed. Then run the patch:

sudo ./LP-4.2.1.0-linux

If the installer fails, you will want to check "patchcp -l" again and make sure that it is not listed. If it is, it may be partially installed, creating a problem. You will want to uninstall any partially completed patches. When you uninstall in this scenario, you may have to run the uninstaller a few times before it completely finishes.

Also, note that upgrading is specific to the tier it is run on. In a parallel deployment, you will need to perform these steps for each.

Post Installation Configuration

Replication

Replication is a fancy way of moving data from one system to another. It relies on specific ID's in the database, so you will want to do this first thing after bringing up a new Resource Tier.

The replicator isn't offially supported for particular versions. Actually, I think it is broken. To fix it, edit the following file:

vim /opt/luminis/bin/replicator

Comment out the ExportVersionCheck function, and the ImportVersionCheck function in both the source and target resource tiers:

ExportVersionCheck()
{
    # cp version sanity check
    ver=`cpver | grep 'Luminis Platform 4.0.0.0'`
#    if [ -z "$ver" ]
#    then
#        echo "CRITICAL ERROR: unsupported Luminis Platform software version"
#    echo "Exiting"
#        exit 1
#    fi
}

ImportVersionCheck()
{
    #cp version sanity check
    ver=`cpver | grep 'Luminis Platform 4.0.0.0'`
#    if [ -z "$ver" ]
#    then
#       echo "CRITICAL ERROR: unsupported Luminis Platform software version"
#        echo "Exiting"
#        exit 1
#    fi
}

To replicate, login to the source system, and run the following:

replicator export platform -d /tmp/migration

This will shut down Luminis, and make the directory specified above.

Note that commenting out the version does not remove the responsibility of checking for different versions. I would recommend replicating out of and back into the same version because of potential changes in the database, or in LDAP' structure.

Next, move this over from the source to the destination:

scp -r /tmp/migration/ TARGET:/tmp/migration/

You will need to also remove the jaas.conf file from the migration folder:

rm /tmp/migration/jaas.conf

Now, import the new settings into the target system:

replicator import platform -d /tmp/migration

This will cause services to stop to begin the import. If at any point the migration errors, you may have to reinstall the platform.

Copying Old Production Schema and Data to New Schema

This should be done in parallel with the replication above Log into server as oracle and run:

/oracle/10gR201/bin/exp SYSTEM/<Password Here>FILE=SCHEMA.dmp OWNER=(OLD DB ACCOUNT)

Loginto sqlplus as system and run:

Drop user (NEW DB ACCOUNT) cascade
/
CREATE USER (NEW DB ACCOUNT)
IDENTIFIED BY <Password Here>
DEFAULT TABLESPACE LUMINIS
TEMPORARY TABLESPACE TEMP
/
GRANT CREATE ANY PROCEDURE TO (NEW DB ACCOUNT)
/
GRANT CREATE ANY SEQUENCE TO (NEW DB ACCOUNT)
/
GRANT CREATE ANY TABLE TO (NEW DB ACCOUNT)
/
GRANT CREATE ANY TRIGGER TO (NEW DB ACCOUNT)
/
GRANT CREATE ANY VIEW TO (NEW DB ACCOUNT)
/
GRANT DROP ANY SEQUENCE TO (NEW DB ACCOUNT)
/
GRANT DROP ANY TABLE TO (NEW DB ACCOUNT)
/
GRANT DROP ANY VIEW TO (NEW DB ACCOUNT)
/
GRANT UNLIMITED TABLESPACE TO (NEW DB ACCOUNT)
/
GRANT CONNECT TO (NEW DB ACCOUNT)
/
ALTER USER (NEW DB ACCOUNT) DEFAULT ROLE ALL
/
Exit

Run this from the command line as oracle:

/oracle/10gR201/bin/imp SYSTEM/<Password Here>FROMUSER=(OLD DB ACCOUNT) TOUSER=(NEW DB ACCOUNT) FILE=(OLD DB ACCOUNT).dmp

Setup LDAP Authentication

Luminis controls user access through the Java security model. You will need to modify the following files:

vim /usr/jdk/instances/jdk1.5.0_10/jre/lib/security/jaas.conf

Add the following:

jaasEas {
        //Authentication
        com.pipeline.security.authen.JaasLdapLoginModule sufficient prefix=security.ias.eas;
        com.pipeline.security.authen.JaasLdapLoginModule sufficient prefix=security.ias.eas.###;
};

vim /usr/jdk/entsys-j2se/jre/lib/security/java.security

Enable the line reading:

login.config.url.1=file:${java.home}/lib/security/jaas.conf

If you are replicating from an existing environment, you do not need to perform these steps. You will need to remove jaas.conf, as the script will create this file for you. If it already exists, the migration will halt.

Single Sign On with systems

We will need to enable Banner SSB, and Baner SSO. To accomplish this, export the o=SCTSSOapplications node of the source LDAP to a LDIF file. We will import this into the new system. Match environments so you SSO into the right target.

Run the script "96-copy_sctsso" from our Luminis custom scripts folder. This will import several LDIF files into the local LDAP:

./96-copy_sctsso OLD FQDN

Additionally, you will need to change the configURLs of the target machines after replicating a server. Extract the relevant sections of LDAP via configman into a file, then do a find and replace (but monitor it), and then reimport with the new settings:

configman -g *.configURL > /tmp/configURL
vim /tmp/configURL

Inside vim you can do a find and replace as a command (hit : to begin)

%s/OLD/NEW/gic

The NEW address should be the URL of the load balancer. Save the file, then exit. Run the following to import back into configman:

configman -i /tmp/configURL

Importing SSL Certificates

You will need to import the SSL certificates from machines using non trusted CA's. These include tutortrac, and kb. To do this, change the password in /opt/luminis/bin/checkssl, then run this command with the server as an argument:

/opt/luminis/bin/checkssl UNTRUSTED FQDN

Confirm that you want to import the server certificate. Also, if it asks you about a trusted CA, import this as well. If it asks you for a server alias, change this to the FQDN of the machine you are importing the certificate on.

Synchronize customized files

Customized files can be migrated from one platform to the other via a the "91-sync_files" script in the custom scripts folder. This will move stylesheets, javascript files, images, customized login pages, etc to the target server. Run the following from the source server:

./91-sync_files -s TARGET

Next, we will want to run a script to fix any hard-coded host name references. This is referred to as "fixurls". Do the following to build the Java classpath:

. /opt/luminis/bin/cpclasspath

Next, run the Java command:

java com.pipeline.tools.JavaFixUrls -d /opt/luminis/webapps/luminis -s /opt/luminis/webapps/luminis -oldFqn OLDSERVER -redeploy -x fckeditor

This is a Java class that is a fancy regular expression find and replace. Because of this, it sometimes breaks on files like the minified Prototype.js, and Tiny_mce.js files because of limitations of the Java regex implementation. Even better, when this happens it clears out the entire file, so you will need to recopy these when this operation completes. Yes world, this is why people preach the DRY Principle.

Parallel Deployment Implementation

While other steps above affect parallel deployment (such as some of the settings in the install.conf), this section deals with the majority of the changes.

Luminis by default sets its own cookie for each server to uniquely identify them, and to allow a load balancer to route incoming requests. We have a load balancer that does this its own way (with another cookie), so we can skip some of the setup requirements here.

Regardless, the settings in LDAP that are prefixed with "fos." deal with the parallel deployment settings, and we will need to change some. Set the server failure notification to off, as this is handled by our load balancer:

configman -s fos.server.failure.notification.enabled false

Additionally, the content root locations will change globally:

configman -s content.root /opt/luminisshared
configman -s content.store.perm.text /opt/luminisshared/content  

LMG Integration

The LMG is needed to consume events generated in Banner. This needs to be installed separately from the Luminis platform. To start with, it uses its own version of Java, so you will have to install this on the RHEL OS. Download from Sun's website, http://java.sun.com/j2se/1.4.2/download.html for RHEL.

Run the bin file to extract the rpm. Then install the RPM:

sudo rpm -i ./j2sdk-1_4_2_19-linux-i586

Next, we will need to obtain the LMG jar file. This can be found on Sungard's website, or from another resource tier.

scp /opt/luminis/products/lmg40/lmg4.0.jar TARGET:/tmp/

Now we can run the jar file with a specific version of Java:

cd /opt/luminis/products/lmg40
sudo /usr/jdk/instances/jdk1.5.0_10/j2sdk1.4.2_19/bin/java -jar /tmp/lmg4.0.jar -erp banner -lmbhost TARGET FQDN -dburl BANNER DB FQDN:8765:PROD -dbpw <PASSWORD> -jmspw <PASSWORD> -ldi true -notification true

Now that it is "installed", we will need to configure the LMG. This is pretty straightforward since we use all the defaults:

sudo ./mbldisetup

You can then start the Events processing by issuing the command:

/opt/luminis/products/lmg40/Events/bin/startevents &

Load Balancer Configuration

You will need to configure a load balancer to work with the Luminis Parallel deployment. This load balancer will be responsible for routing requests to the portal tiers. As a matter of conservation, the resource tier is omitted from the load balancing, and its web server is shut down, so that it is a dedicated LDAP / DBMS machine. You will need to setup four different clusters in the load balancer:

HTTP Cluster

This is a Layer 7, regular cluster. Add each VM as a server underneath this cluster. You will need to make the outbound NAT address the Cluster's IP address.

HTTPS Cluster

This is a Layer 7 encrypted cluster. You will need to generate a certificate for this cluster and upload it to the server before it works. Add the same machines as in the HTTP Cluster. The cluster itself will be bound to port 443, however its VMs will listen on port 80 since the load balancer has hardware SSL de/encoding.

HTTP CPIP Cluster

This is like the HTTP cluster, except that it listens on port 8008. This is the SSO web server for Luminis.

Chat Cluster

This is a different setup, with a Layer 4 cluster. You will setup the VMs, and increment the port used for Group Tools.

The Portal Tier

Configuration

Install the base image in VMWare, and configure the following:

• Change the IP to a static entry
• Create a DNS name for this IP address
• Modify /etc/sysconfig/network to reflect new hostname - This cannot be the full DNS name
• Start the VM

Also, check that the scripts folder on the resource tier reflects the appropriate values in the 90-functions file.

Installation

The Portal tier installation is pushed from the resource tier. You will need to configure the Portal tier as shown above, then run the installation script for portal tiers. This is the "93-install" located in the scripts folder:

cd scripts/
./93-install TARGET

This will establish SSH keys, copy over needed installation files, generate the install.conf file, share and mount NFS drives, mount the installation media, and run the installer. Watch for any errors.

Post Installation Configuration

You will need to make several changes in LDAP for the specific branch of the Portal tier for Parallel deployment:

• cn=content.root, ou=install-TARGET FQDN, o=Luminis Configuration => /opt/luminisshared
• cn=site.root, ou=install-TARGET FQDN, o=Luminis Configuration => /opt/luminisshared
• cn=grouptools.data.directory, ou=install-TARGET FQDN, o=Luminis Configuration => /opt/luminisshared

Clear out the /tmp/luminis-install directory (the patching process needs this to be clean to succeed):

rm -rf /tmp/luminis-install

Additionally, you will need to patch the Portal tier to the version of Luminis that the resource tier is running. Obtain the latest patch from Sungard's website, and copy the patch to the Portal tier:

The installation file needs to be able to extract to its local directory, so if this is a share like the above, then you will need to copy the patch to a writable location:

cp /tmp/install/LP-4.2.1.0-linux /tmp/

Then, run the installer:

sudo /tmp/LP-4.2.1.0-linux

After the patch(es) install, you will probably need to resynchronize your file customizations. Run the from the resource tier:

~/scripts/91-sync_files -s TARGET -u

This will copy over customized files, and then run fixurls on the portal tier.

Configman changes

You will need to change a few additional Portal tier values in LDAP to point to the shared resource location instead of the local location. These values are located at:

cn=site.root, ou=install-PORTAL TIER FQDN, o=Luminis Configuration

and

cn=grouptools.data.directory, ou=install-PORTAL TIER FQDN, o=Luminis Configuration

Moving to a new DNS Name

After the process of setting up an environment, there is probably an intention to make this environment the new production environment. To do this, you will most likely need to change your Portal's DNS name. This can be accomplished using the steps below.

Note that if you are moving from a single tier, to multiple tiers, the LDAP server will reside on the resource tier. This DNS name is referenced in several places, so change this in addition to any DNS names by following all the steps below.

Preparation

• Shut down the webserver if it is runnning on all the Portal tiers
• Make the following changes in LDAP

For each Portal tier:

configman -s web.fqn -h NEW DNS NAME
configman -s web.secure.fqn -h NEW DNS NAME
<pre>

For each SSO application:
<pre>
configman -s es.SYSTEM.configURL es.SYSTEM.configURL=NEW DNS NAME:8008/cpipconnector/SYSTEM/GetConfigVersion2

configman -s security.ias.eas.Luminis.host.name NEW DNS NAME

After you have applied these settings, you can run the FixURLs script above to updated any absolute links in the Portal tier HTML files.

• Change the DNS name in $CP_ROOT/webapps/cpipconnector/WEB-INF/config/cpipconnectr.properties file
• Verify that the SCTSSO branch in LDAP contains the correct DNS entries
• Login to Banner as the baseline user, and set the new LDAP name in GUAUPRF under the LDAP tab
• Login into Banner Self-Service and change the WebTailor parameter for the LDAP server name to the new DNS

Startup all the Portal tiers again.

Load Balancer

Any cluster IP addresses for your Portal environment referenced in the load balancer will need to be updated to reflect the new IP address of the DNS name you are moving to. See the Load Balancer section for specifics.

Apply Settings

Halt the old Portal tier(s) if they are still running. We will need to bind to these IP address and this has unpredictable results if they are still in use. Restart the load balancer interfaces if they have not yet been bound to the new IPs.

Message Broker

Start the new message broker instance on the replacement Portal tier. Since some of the events were probably consumed by the old system, you will want to make sure the new system is totally up to date with the most current Banner data. To do this, you can run an ICGORLDI extract and import into the new Portal instance. Once the XML file has been generated. import the XML by issuing the following command:

cptool import ims /PATH/TO/ICGORLDI_###.XML