cookbook 'tomcat-openam', '= 0.1.0'
tomcat-openam (2) Versions 0.1.0 Follow4
Installs/Configures tomcat7 and OpenAM
cookbook 'tomcat-openam', '= 0.1.0', :supermarket
knife supermarket install tomcat-openam
knife supermarket download tomcat-openam
Description
Installs and configures
Tomcat version 7.0.33 with OpenAM 10.1.0
OpenAM provides Access Management, Federated SSO. For more information,
Forgerock - OpenAM
Where can this be used ?
Helps to setup an cloud indentity for your organization. Developers/Testers can standup an cloud identity to test against.
Requirements
Platform:
- Debian, Ubuntu (OpenJDK)
The following Opscode cookbooks are dependencies:
- apache2
- java
- apt
- opendj-openam
(If you wish to have seperate opendj)
Attributes
OpenAM Configuration
* node["tomcat-openam"]["opendj"]["arg-val"]["baseDN"]
- LDAP BaseDN value, default dc=example,dc=com
* node["tomcat-openam"]["opendj"]["arg-val"]["rootUserDN"]
- LDAP root user name, default 'n=Directory Manager'
* node["tomcat-openam"]["opendj"]["arg-val"]["rootUserPassword"]
- LDAP root user password, default secret12
* node["tomcat-openam"]["opendj"]["arg-val"]["ldapPort"]
- LDAP port value, default 1389
node["tomcat-openam"]["java-options"]
- Heap storage limits, default-Xms256m -Xmx1024m
node["tomcat-openam"]["cfg"]["server-url"]
- OpenAM server url, defaulthttp://#{node["tomcat-openam"]["dns"]}:8080
node["tomcat-openam"]["cfg"]["deployment-uri"]
- OpenAM deployment uri, default/openam
node["tomcat-openam"]["cfg"]["base-dir"]
- OpenAM base directory, default/home/ubuntu/openam
node["tomcat-openam"]["cfg"]["locale"]
- Locale for OpenAM, defaulten_US
node["tomcat-openam"]["cfg"]["platform-locale"]
- Platform Locale for OpenAM, defualten_US
node["tomcat-openam"]["cfg"]["admin-pwd"]
- OpenAM admin password, defaultadminp3me
node["tomcat-openam"]["cfg"]["amldapuserpasswd"]
- LDAP user password, defaultadminl3me
node["tomcat-openam"]["cfg"]["cookie-domain"]
- Domain for cookie, defaultnode[:ec2][:public_hostname]
node["tomcat-openam"]["cfg"]["data-store"]
- OpenAM data store, defaultembedded
node["tomcat-openam"]["cfg"]["directory"]["ssl"]
- OpenAM SSL directory, defaultSIMPLE
node["tomcat-openam"]["cfg"]["directory"]["server"]
- OpenAM server directory, defaultnode["tomcat-openam"]["dns"]
node["tomcat-openam"]["cfg"]["directory"]["port"]
- OpenAM directory port, default50389
node["tomcat-openam"]["cfg"]["directory"]["admin-port"]
- OpenAM directory admin-port, default5444
node["tomcat-openam"]["cfg"]["directory"]["jmx-port"]
- OpenAM directory jmx-port, default5689
node["tomcat-openam"]["cfg"]["root-suffix"]
OpenAM root-suffix, defaulto=openam
node["tomcat-openam"]["cfg"]["ds-dirmgrdn"]
- Directory Manager name, defaultcn=Directory Manager
node["tomcat-openam"]["cfg"]["ds-dirmgrpasswd"]
- Directory manager password, defaultemdstor3me
node["tomcat-openam"]["cfg"]["user-store"]["type"]
- User store type, defaultLDAPv3ForOpenDS
node["tomcat-openam"]["cfg"]["user-store"]["ssl"]
- User store SSL, defaultSIMPLE
node["tomcat-openam"]["cfg"]["user-store"]["host"]
- User store host (OpenDJ URL)Only if
you need seperate OpenDJ (for the recipe tomcat-openam::configure)node["tomcat-openam"]["cfg"]["user-store"]["port"]
- User store port, default1389
node["tomcat-openam"]["cfg"]["user-store"]["suffix"]
- User store suffix, defaultdc=example,dc=com
node["tomcat-openam"]["cfg"]["user-store"]["mgrdn"]
- User store manager domain name, defaultcn=Directory Manager
node["tomcat-openam"]["cfg"]["user-store"]["passwd"]
- User store password, defaultsecret12
Usage
Simply include the recipe where you want Tomcat on apache server with OpenAM installed. This cookbook contains three different recipes, namely
* full_stack
* vanilla
* configure
This cookbook creates a new tomcat server by using our packaged tar ball stored in S3
. This tar ball has changes to run tomcat behind apache2.
Changes in apache2
cookbook
The following two changes are needed in the apache2 cookbook. The tomcat tar bundle server.xml
is equipped to handle the change.
-
By default apache2 cookbook's mod_proxy_http.rb recipe contain the following code
apache_module "proxy_http"
You just need to change it as follows
apache_module "proxy_http" do
conf true
end
- Create a file in /templates/default/mods/
proxy_http.conf.erb
with the following content
<IfModule mod_proxy_http.c> ProxyRequests Off ProxyPreserveHost On <Proxy *> Order deny,allow Allow from all </Proxy> ProxyPass /openam http://localhost:8081/openam ProxyPassReverse /openam http://localhost:8081/openam <Location /openam> Order allow,deny Allow from all </Location> </IfModule>
full_stack
This recipe installs apache2, java, tomcat7, OpenAM and OpenDJ in a single instance and the configurations of all has been done in the same instance.
An example for a tomcat-openam full_stack role:
name "openam_fullstack"
run_list "recipe[apt]", "recipe[apache2]", "recipe[tomcat-openam::full_stack]"
vanilla
This recipe installs apache2, java, tomcat7 and OpenAM in an instance. apache2 and tomcat7 has been configured in the same instance. But configuration of OpenAM needs OpenDJ.
An example for a tomcat-openam vanilla role:
name "openam_vanilla"
run_list "recipe[apt]", "recipe[apache2]", "recipe[tomcat-openam::vanilla]"
configure
This recipe is just to configure OpenAM. For this you need OpenDJ. There is a cookbook for OpenDJ in cookbook website as opendj-openam. Run opendj in another instance using the opendj-openam
cookbook. Give the url id of opendj to node["tomcat-openam"]["cfg"]["user-store"]["host"]
An example for a opendj role:
name "opendj-openam"
run_list "recipe[apt]", "recipe[opendj-openam::single_instance]"
An example for a tomcat-openam configure role:
name "openam_configure"
run_list "recipe[tomcat-openam::configure]"
License and Author
Author:: Kishore Kumar (nkishore@megam.co.in)
Author:: Thomas Alrin (alrin@megam.co.in)
Copyright:: 2013, Megam Systems
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Dependent cookbooks
java >= 0.0.0 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.