Table of Contents
When you have explored the eno domain, you may wish to integrate Ambience more tightly with your existing infrastructure, for example to share the same user identities and groups with other tools through LDAP or Active Directory. To demonstrate this integration, we will set up a new domain called foxx which will integrate with an existing LDAP service.
In the following we will emphasize on the configuration of foxx domain. The foxx domain is completely distinct from the eno domain. The foxx domain adopts LDAP authentication system, which requires connecting to an LDAP server and setting up the user group.
In this section, we will focus on how to set up Foxx Domain on the Linux operating system.
Before installing Ambience on Linux, be sure to set up the ZooKeeper properties using either approach:
The ZooKeeper Properties Approach is more secure as it ties the ability to run services to a particular user account.
Create three /.elixirtech directories and set permission owners as shown in the table below.
Table 5.1. /.elixirtech directories and permission owners
| Directory | Permission Owner |
|---|---|
| /root/.elixirtech | root |
| /home/elixir/.elixirtech | elixir |
| /home/<user>/.elixirtech | <user> |
In the /root/.elixirtech directory, create the zookeeper.properties file by copying the following contents into it. Fill in your host machine name and domain names. Leave the default ZooKeeper port as 2181 unless there is a clash with another service. The timeout indicates the heartbeat in milliseconds of the ZooKeeper cluster. If you need to configure a cluster, add more hosts here:
hosts=<machine-name>:2181 timeout=5000 domain.foxx=<key>
Copy the zookeeper.properties file into the other directories as shown in the table. The three copies of zookeeper.properties should contain exactly the same contents. Once the contents change, you should modify the three copies.
domain.<name>=<key>
The System Preferences Approach is simpler as it sets the values for all users. Using this approach, you need to maintain only one copy of file. Although this approach makes editing easier, it is not as secure as the ZooKeeper Properties Approach.
Open the install.sh file with Text Editor. Uncomment the following contents to use system preferences instead of zookeeper.properties. Please note that you need to run as an administrator with "sudo" commands to alter the values:
#sudo ./elx-zookeeper-init.sh --hosts "$<host-name>:2181" --timeout 5000 #sudo ./elx-zookeeper-init.sh --add $<domain> <domain-name> #./elx-zookeeper-init.sh --display
If there is a zookeeper.properties file present for a particular user account, it will be used instead of any system preferences.
To install Ambience on Linux, complete the following steps:
Open the Terminal window. Change to the directory that contains the install.sh and foxx-install.sh files.
Type the following command lines to change the mode of the install.sh and foxx-install.sh files to be executable:
chmod +x install.sh chmod +x foxx-install.sh
Type the following command lines to run the install.sh and foxx-install.sh files. The installation process will get started:
./install.sh ./foxx-install.sh
Look out for any error messages which might occur if existing services use the default ports that Elixir Ambience needs. Install will create a new "elixir" user which will be used to run all services. Services will automatically start each time the computer is switched on.
Obtain and add any necessary JDBC drivers to the /var/elixir/lib folder.
If you have added new jars to the lib folder, run ./stop.sh and then ./start.sh for them to be included in the restarted environment.
Ambience is successfully installed.
The uninstallation of Ambience with foxx domain is quite similar with the uninstallation of Ambience with eno domain. If you wish to uninstall Ambience after setting up foxx domain, refer to the section called “Uninstall Elixir Ambience from Linux”.
Configuring the foxx domain follows the same steps with configuring the eno domain, where the domain name “eno” should be replaced with “foxx” in each case. There are a few additional changes required, where the domain name is included in some configuration files and needs editing after the installation.
Procman: Each Procman service supports multiple domains. You need to specify which domains will be handled by editing the file /etc/elixir/procman/domains.xml. This file contains the following information by default:
<domains> <domain name="eno" hostname="/host/default" clone="false"/> </domains>
You need to add an additional line for the foxx domain:
<domains> <domain name="eno" hostname="/host/default" clone="false"/> <domain name="foxx" hostname="/host/default" clone="false"/> </domains>
The host names can be either the same or different, because they are in separate domain trees and won't clash. After this change is made, Procman will manage job engines defined under /host/default for the foxx domain as well. Procman will automatically apply this change, and restarting the service is not required. However, if you remove a domain from the configuration file, the Procman service needs a restart.
Scheduler: The Scheduler service also supports multiple domains. You need to specify which domains will be handled by editing the file /etc/elixir/scheduler/domains.xml. This file contains the following information by default:
<domains> <domain name="eno" module="/module/scheduler"/> </domains>
You need to add an additional line for the foxx domain:
<domains> <domain name="eno" module="/module/scheduler"/> <domain name="foxx" module="/module/scheduler"/> </domains>
This section demonstrates how to configure the foxx domain with LDAP authentication. Before getting started, be sure to meet the following prerequisites:
You have a working domain foxx
A LDAP server is running
The user group has been set up
Change the login realm of the domain. Use the Domain Manager to edit the realm value on path, “/foxx/module/identity/realm”, on the domain tree. Use the Edit Content dialog to change the realm node value from "default" to "ldap".
Modify the LoginModule configuration to setup a LDAP server binding. Edit jaas-login.conf file located in /etc/elixir/identity for a Linux installation.
Uncomment or add the below section to jass-login.config:
ldap
{
com.elixirtech.v2.authldap.LDAPLoginModule required
configPath="/etc/elixir/identity/ldap.xml" debug="true";
};Change the configPath to point to the ldap server binding configuration file. For foxx domain, the path is "/etc/elixir/identity/ldap.foxx.xml". This file has the pre-configured setting to bind to an Apache Directory server but you will need to modify the host location.
Here is an example of an Active Directory server (Windows Server 2008) configuration (as in ldap.active-directory.xml) and a sample start and stop script (as in apacheds) for the Apache Directory server. You can use sysv-rc-conf to configure the run level on Ubuntu.
You can allow user to change password on Ambience user portal page by uncommenting two entries in "/elixir/identity/web.xml". They are servlet and servlet-mapping for usergroupldap-user as
<servlet> <servlet-name>usergroupldap-user</servlet-name> <servlet-class>com.elixirtech.v2.authldap.web.UserServlet </servlet-class> </servlet>
and
<servlet-mapping> <servlet-name>usergroupldap-user</servlet-name> <url-pattern>/usergroupldap/user/*</url-pattern> </servlet-mapping>
Update the zookeeper node "/url/id/changepassword" to a new URL, following the syntax "http://<host>:<port>/usergroupldap". Here is an URL example, "http://localhost:8040/usergroup/ldap".
Update the entry in ldap.foxx.xml to indicate the ldap attribute that is used for password change.
<user dn="ou=user,o=elite" filter="cn=*" return-attribute="uid"> <!-- password attribute option allow password change --> <option name="password-attribute" value="userpassword"/>
For Windows Active Directory, you have to set the ldap bind to use ssl otherwise the access to the LDAP server entries is read only (as in ldap.active-directory.ssl.xml).