Installing and Configuring Identity Manager Reporting on Solaris

Document ID : KB000022820
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

How to install and configure CA Identity Manager Reporting on Solaris:

This document was created to serve as a simplified, unified sample procedure for deployment of the IM Reporting (CABI) product on Solaris 10. This method has resulted in successful deployments, for customers and within the CA Lab environment, on Solaris 10.

The report server installation itself consists of only a few steps but there are several common failures that can occur. This document includes detailed preventive prerequisite information as well as troubleshooting of specific problems inline with the procedures at points during the installation where errors would occur.

This applies to CA Identity Manager 12.5.x and 12.6 until SP6

 

Instructions:

  • The installer will install the report server to /opt/CA/SharedComponents/CommonReporting. (As of this writing, specifying another location during the installation does not actually change the installation location.) The /opt/CA directory must have non-root user permissions or the installation fails.
  • Install location /opt/CA should reside on the root partition of Solaris 10.
  • UTF-8 locale, which should be installed as a valid locale for the Solaris 10 report server.
  • UTF-8 Oracle database character set specified on the database instance where the CMS schema will reside.
  • Oracle Database Client Installation Type: Runtime: Enables applications to connect to an Oracle report database on the local system or on a remote system. The Oracle client should be the same version as the database being connected to.
  • Default schema owner with full grants for the default CMS schema, which will be utilized for the installation.
  • Non-root user with full access to Oracle libraries that can be leveraged when prompted by the report installer for a non-root account. Typically when installing the Oracle client on Solaris you'll have a non-root Oracle user, which will work properly for the IM Report install as well.
  • 7-10 gigabytes free on the root file system.

Oracle Configuration:

A prerequisite to installing IM Reporting on Solaris 10 is that you have a supported Oracle database version, which is listed on the IM support matrix, with UTF-8 character set. This database will be used for your CMS (Central Management Server) database.

Oracle runtime client is required by the CA BI report server to establish the Oracle database connection.

Validate that your database instance is using a UTF-8 character set with the following commands:

SELECT * FROM NLS_DATABASE_PARAMETERS
 
NLS_CHARACTERSET value should be UTF-8

Before running the IM Report Server installer you should have a new CMS schema, tablespace and default CMS schema owner created, which you can connect to from Solaris via SQLPlus and have the necessary full Grants to create and drop all objects in that schema.

To setup the default schema owner and default tablespace on the UTF8 Oracle instance, I typically perform something like the following:

(Please consider this isn't the only way to do this or even the absolute recommended approach, but is a procedure that works and has resulted in successful deployment by Support at CA Technologies Lab)

/* 
Created By:  thoch16 (Chris Thomas)
Description: This script does the following: 
                    1. Creates a tablespace for the data 
                    2. Creates a tablespace for the indexes 
                    3. Create a user 
*/ 
declare 
    UserName        varchar2(50);                   -- User to be created 
    DataSize        varchar2(10);                   -- Size of the tablespace for data in MB 
    IndexSize       varchar2(10);                   -- Size of the tablespace for indexes in MB 
    InstanceName    varchar2(20);                   -- CA 
begin 
    UserName        := 'CMS_USER'; 
    DataSize        := '25'; 
    IndexSize       := '25'; 
    InstanceName    := 'CA'; 
--Create the tablespace for data 
EXECUTE IMMEDIATE('CREATE TABLESPACE ' || UserName || '_DAT DATAFILE '$ORACLE_HOME/oradata/CA/' || 
UserName || '_DAT1.DBF'' SIZE ' || DataSize || 'M AUTOEXTEND ON NEXT  25600K'); 
--Create the tablespace for indexes 
EXECUTE IMMEDIATE('CREATE TABLESPACE ' || UserName || '_IDX DATAFILE '$ORACLE_HOME/oradata/CA/' || 
UserName || '_IDX1.DBF'' SIZE ' || IndexSize || 'M AUTOEXTEND ON NEXT  25600K'); 
  
end;

Then do something like this from SQL Developer on the UTF-8 Oracle DB instance as sys user:

CREATE USER CMS_USER IDENTIFIED 
 BY lvl1supp 
 DEFAULT TABLESPACE CMS_USER_DAT 
 TEMPORARY TABLESPACE TEMP 
 PROFILE DEFAULT 
/ 
GRANT CREATE SESSION, IMP_FULL_DATABASE TO CMS_USER 
/ 
GRANT UNLIMITED TABLESPACE TO CMS_USER 
/ 
GRANT RESOURCE TO CMS_USER 
/

After installing Oracle on Solaris, you'll likely be left with an non-root oracle user who has their env setup with all the necessary permissions to establish a local or remote Oracle database connection. This access and environment settings are mandatory permanently for the non-root oracle user being utilized for the IM Reporting installation and temporarily for the root user who'll be utilized to start the installer. For simplicity sake, I opted to leverage this non-root oracle account as the non-root userid for the IM report server installation. Although you'll need to launch the IM Report Server installer as root, the cabi install will ask you for a non-root user to utilize for the installation. Root is required to be able to successfully setup the CA Shared Components. Before launching the installation, we'll need to make sure that both the non-root oracle user and root user have the necessary ENV setup to enable the console mode Report server installation.

Here's an env of oracle before I ran the installer:

LC_ALL=en_US.UTF-8 
LANG=en_US.UTF-8
LD_LIBRARY_PATH=$ORACLE_HOME/lib32:$ORACLE_HOME\lib 
ORACLE_SID=YourSID
ORACLE_BASE=YourBaseLocation
PATH=$ORACLE_HOME/lib32:$ORACLE_HOME/lib:$ORACLE_HOME/jdk:$ORACLE_HOME/jdk/bin:$ORACLE_HOME/bin:/usr/bin: 
PWD=/export/home/oracle 
HOME=/export/home/oracle 
LOGNAME=oracle 
ORACLE_HOME=YourHome

Not all of the above are required and variables can differ based on your environment, but I attempted to highlight the important entries. If you're experiencing issues installing, I simply suggest you try to emulate as close as possible to what's listed above and the procedure used in this document, but please consider this likely isn't the only way to install it, nor is it the minimum level of permissions, which may be required on the box, however post installation customizations and/or ACL permission / ownership modifications will likely be more easily accomplished and less problematic than restricting the installer during the installation.

My approach was simple and likely something sufficient for development environment, but even perhaps fit production use depending on your security requirements, which likely will require more granular security that can be achieved post install using this method. I simply appended oracle's profile for use with CABI so that this is automatically loaded every time you su - oracle. Now post-install when you launch the report server it should startup with a simple ./startservers after you launch tomcat. I used oracle user because they've already got everything setup for the Oracle client on Solaris 10 Sparc system and was a logical choice to expedite the installation.

Install the Reporting Server:

First, download the IM Reporting installer tar ball from support.ca.com download center. It should be something like GEN06144814E.tar. Copy it over as root in binary mode and then after untaring it you should see ca-iamreportserver-12.5-solaris directory created. I suggest chown'ing it so it's owned by root and chmod'ing the install media recursively to 777 prior to starting the install to prevent permissions issues during the install process.

Launch the installer from ca-iamreportserver-12.5-solaris directory as follows.

./cabiinstall.sh console

Note: if you attempt to run the cabiinstall as a non-root user you'll likely receive the following error:

Invalid CA Shared Components Directory 
-------------------------------------- 
  
The CA Shared Components Directory path specified in the environment is 
invalid. CA LSM and CA Common Utilities are not installed. The installer cannot 
proceed. In order to install CA LSM and CA Common Utilities, the installer 
needs to run as the root user. Exit the installer and re-start it as the root. 
The installer cannot proceed with this configuration.

When performing the installation for the first time, please ensure that root's env replicates oracle's because. If not the installer will complain and you'll receive something like the following error, after progressing almost all the way through the installation:

CMS Database Connectivity Failed 
-------------------------------- 
The database library could not be found. Please ensure that the database is installed.

To correct the above error ensure that root's env replicates what you've setup in the oracle user. Select the Custom install type, which is required because IM Report server is only supported on Solaris 10 when using Oracle for its CMS DB and Tomcat as it's application server. This configuration will require the Custom setup, DO NOT ACCEPT THE DEFAULT (1-TYPICAL)

Installation Type 
----------------- 
 Please choose the Install Set to be installed by this installer. 
   ->1- Typical 
    2- Custom ENTER THE NUMBER FOR THE INSTALL SET, OR PRESS  TO ACCEPT THE DEFAULT 
   : 2 

You'll soon notice that the installer will prompt for the non-root user credentials even though you launched the installer as root and here I simply put in the oracle user and group I created after following the aforementioned on-line documentation to setup oracle locally on Solaris.

Non-Root Credentials 
-------------------- 
  
The BusinessObjects installation program needs to run as a non-root user. The 
installer is running as the 'root' user, enter credentials for a valid non-root 
user. 
User Name: oracle 
Group Name: dba

If you receive an invalid credentials error on this step (see the following example), you must ensure that your non-root user is the owner of their home directory or else you'll likely receive this error message, just simply chown the home directory for oracle and you should be all set.

Non-Root Credentials 
-------------------- 
The BusinessObjects installation program needs to run as a non-root user. The 
installer is running as the 'root' user, enter credentials for a valid non-root 
user. 
User Name: oracle 
Group Name: dba 
=============================================================================== 
Invalid Credentials

Prior to triggering the install you'll require 7-10 gigabytes free on your root file system as mentioned in the Requirements section above. This is likely an over estimate, but having more drive space can't hurt considering how inexpensive it is and the potential for log file growth. If you don't have enough drive space you'll receive an error message similar to the following after entering your directory paths for CA shared components are entered, which may appear alterable but DO NOT DEVIATE FROM /opt/CA INSTALL PATH OR YOUR INSTALLATION WILL FAIL:

CA Shared Components 
-------------------- 
  
The environment variable for locating CA Shared Components, which is set by the 
first CA product that uses CA shared components, has not been set. Specify the 
CA Shared Components location below. 
 
 
CA Shared Components Directory: (DEFAULT: /opt/CA/SharedComponents) 
   : /opt/CA/SharedComponents 
Specify the CA Common Reporting location below. By default it is under the CA 
Shared Components Directory. 
CA Common Reporting Directory: (DEFAULT: /opt/CA/SharedComponents) 
   : /opt/CA/SharedComponents/CommonReporting 
Disk Space is Low 
----------------- 
  
Space for CABI Installation at folder 
/opt/CA/SharedComponents/CommonReporting/CommonReporting is below the required 
value: Wanted:6750 Available:6026. This must be resolved before the 
installation can run. Click the button below to continue.

As you can see above, my default installation paths were /opt/CA, as required.

I observed that /opt/CA is on the root filesystem and I needed to clean up some disk space.
After resolving the file system space issue I had sufficient space:

bash-3.00# df -h 
Filesystem             size   used  avail capacity  Mounted on 
/dev/dsk/c1t5006016839A02B5Dd0s0 
                        21G    15G   5.9G    72%    / 

Once the filespace was cleaned up the installer proceeded fine past this step.

Now you can proceed through the rest of the installation making sure to select oracle as the database of choice and the default application server Tomcat, which is the supported configuration. You'll notice that the status bar may show that it's progressed all the way through the installation, but my experience is to allow it to complete gracefully, which may take an extended period of time. You can always do a ps -elfa and grep for the installer process to make sure cpu cycles are continuing. Also I was able to verify that database objects were created successfully by issuing a from sql developer connected as sys on the UTF8 database instance:

select count(*) from all_objects where owner = 'CMS_USER'

The above query should return at least 47 objects prior to startup, an indication that the installation was successful.