Monday, February 6, 2012

GlassFish 3 Install Script

I have a new application to manage in 2012.  GlassFish is an Oracle driven product to host Java applications.  I have been tasked with helping to build new servers to upgrade from version 2 to version 3.  To help with the deployment process, I created a bash script to automate the installation.


The script has supporting files including the latest version of GlassFish and Java JDK.  The files need to be copied to a directory called /tmp/gf_install  The script itself can be run from any location - user's home directory makes the most sense

#!/bin/bash
DOMAIN_NAME=`hostname --short`
#read -p "Enter domain name " DOMAIN_NAME
TMP_DIR="/tmp/gf_install"
# Use with AD Authentication
#ASADMIN="sudo -u appadmin /opt/AppSrv/glassfish3/glassfish/bin/asadmin -W ${TMP_DIR}/password"
# Use without AD Authentication
ASADMIN="/opt/AppSrv/glassfish3/glassfish/bin/asadmin -W ${TMP_DIR}/password"
KEYSTORE_FILE="/opt/AppSrv/glassfish3/glassfish/domains/${DOMAIN_NAME}/config"

svn_prep (){
 cd /opt
 sudo svn checkout http://svn.fbfs.com/midtierscripts/
 sudo chown -R appadmin:users /opt/midtierscripts
 mkdir /tmp/gf_install
 cd /opt/midtierscripts/serverInstall
 cp answer password password2 glassfish /tmp/gf_install
 cp /mnt/midtier_devtools/midtier/gfinstall/* /tmp/gf_install
}


edit_answer (){
 sed -i -silent s/newdomain/${DOMAIN_NAME}/g ${TMP_DIR}/answer
}

java_install (){
 sudo mkdir /opt/java ;
 tar zxf ${TMP_DIR}/jdk-7u3-linux-x64.tar.gz -C ${TMP_DIR}
 sudo mv ${TMP_DIR}/jdk1.7.0_03/* /opt/java
 #sudo cp ${TMP_DIR}/jdk.sh /etc/profile.d/jdk.sh
 #source /etc/profile.d/jdk.sh
 sudo chown -R appadmin:users /opt/java/
}

gf_install (){
 chmod +x ${TMP_DIR}/glassfish-3.1.2.2-unix.sh
 # Use with AD Authentication
 #sudo ${TMP_DIR}/glassfish-3.1.2-unix.sh -s -j /opt/java -a ${TMP_DIR}/answer
 # Use without AD Authentication
 ${TMP_DIR}/glassfish-3.1.2.2-unix.sh -s -j /opt/java -a ${TMP_DIR}/answer
 sudo chown -R appadmin:users /opt/AppSrv/
 $ASADMIN start-domain
}

gf_restart (){
 $ASADMIN stop-domain
 $ASADMIN start-domain
}

enable_secure_admin (){
        $ASADMIN enable-secure-admin
 gf_restart
}

gf_config (){
        wget https://localhost:4848 --no-check-certificate --delete-after -q
 $ASADMIN set server-config.admin-service.jmx-connector.system.security-enabled=true
 $ASADMIN set server-config.network-config.protocols.protocol.http-listener-2.security-enabled=true
 $ASADMIN set server-config.network-config.protocols.protocol.sec-admin-listener.security-enabled=true
 $ASADMIN set server-config.network-config.protocols.protocol.sec-admin-listener.ssl.cert-nickname=s1as
 $ASADMIN deploy ${TMP_DIR}/wmq.jmsra.rar
 $ASADMIN create-resource-adapter-config --property logWriterEnabled=true:maxConnections=4:traceLevel=3:traceEnabled=false:reconnectionRetryCount=5:reconnectionRetryInterval=300000:connectionConcurrency=1 wmq.jmsra
 sudo -u appadmin /opt/AppSrv/glassfish3/glassfish/bin/asadmin -W ${TMP_DIR}/password2 --secure create-password-alias jenkins
 sudo -u appadmin mkdir /mnt/midtier_logs/domain
 $ASADMIN set-log-attributes --target server com.sun.enterprise.server.logging.GFFileHandler.file=/mnt/midtier_logs/domain/server.log
 $ASADMIN set-log-attributes --target server com.sun.enterprise.server.logging.GFFileHandler.rotationTimelimitInMinutes=1440
 sudo mkdir /opt/AppSrv/glassfish3/glassfish/nodes
 sudo chown -R appadmin:users /opt/AppSrv
 sed -i -silent s/org.glassfish.admingui.level=INFO/org.glassfish.admingui.level=FINE/g /opt/AppSrv/glassfish3/glassfish/domains/${DOMAIN_NAME}/config/logging.properties
 gf_restart
}
 
cert_install (){
        sudo -u appadmin keytool -import -noprompt -alias root -keystore ${KEYSTORE_FILE}/keystore.jks -trustcacerts -file ${TMP_DIR}/Root.cer -storepass changeit 
        sudo -u appadmin keytool -import -noprompt -alias intermediate_1 -keystore ${KEYSTORE_FILE}/keystore.jks -trustcacerts -file ${TMP_DIR}/Intermediate_1.cer -storepass changeit
        sudo -u appadmin keytool -import -noprompt -alias issue -keystore ${KEYSTORE_FILE}/keystore.jks -trustcacerts -file ${TMP_DIR}/Issue.cer -storepass changeit
        sudo -u appadmin keytool -import -noprompt -alias root -keystore ${KEYSTORE_FILE}/cacerts.jks -trustcacerts -file ${TMP_DIR}/Root.cer -storepass changeit
        sudo -u appadmin keytool -import -noprompt -alias intermediate_1 -keystore ${KEYSTORE_FILE}/cacerts.jks -trustcacerts -file ${TMP_DIR}/FBL_Intermediate_1.cer -storepass changeit
        sudo -u appadmin keytool -import -noprompt -alias issue -keystore ${KEYSTORE_FILE}/cacerts.jks -trustcacerts -file ${TMP_DIR}/Issue.cer -storepass changeit
        sudo -u appadmin keytool -importkeystore -noprompt -deststorepass changeit -destkeypass changeit -destkeystore ${KEYSTORE_FILE}/keystore.jks -srckeystore ${TMP_DIR}/generic.p12 -srcstoretype PKCS12 -srcstorepass password -alias generic.domain.com
        sudo -u appadmin sed -i -silent 's/s1as/generic.domain.com/g' ${KEYSTORE_FILE}/domain.xml
 gf_restart
}

create_service (){
        sudo mv ${TMP_DIR}/glassfish /etc/init.d/glassfish
 cd /etc/init.d
 sudo chmod +x glassfish
 sudo chown root:root glassfish
 sudo chkconfig --add glassfish
 sudo chkconfig glassfish on
}

ldap_authentication (){
 $ASADMIN --secure create-password-alias ldapbind
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.base-dn="dc=domain,dc=com"
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.directory=ldap://ldap.domain.com:389
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.search-bind-password="\${ALIAS=ldapbind}"
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.jaas-context=ldapRealm
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.group-search-filter="(&(member=%d)(objectcategory=group))"
        $ASADMIN set server.security-service.auth-realm.admin-realm.property.search-bind-dn="cn=user user,OU=Service Accounts,DC=domain,DC=com"
        $ASADMIN set server.security-service.auth-realm.admin-realm.property.search-filter="(&(objectClass=user)(memberOf=CN=Group,OU=Domain Groups,DC=domain,DC=com)(sAMAccountName=%s))"
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.assign-groups=asadmin
 $ASADMIN set server.security-service.auth-realm.admin-realm.property.group-base-dn="ou=Domain Groups,dc=domain,dc=com"
 $ASADMIN set server.security-service.auth-realm.admin-realm.classname=com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
 gf_restart
}

glassfish_update (){
 $ASADMIN stop-domain
 cd /opt/AppSrv/glassfish3/bin
 sudo ./pkg image-update
 $ASADMIN start-domain
 sudo mkdir /opt/AppSrv/glassfish3/glassfish/nodes
        sudo chown -R appadmin:users /opt/AppSrv
}

copy_drivers (){
 cd ${TMP_DIR}
 sudo cp db2jcc.jar db2jcc_license_cisuz.jar db2java.zip sqljdbc4.jar ojdbc6.jar WebSEAL_SAM.jar /opt/AppSrv/glassfish3/glassfish/lib/
 gf_restart
}

cron (){
 echo '#!/bin/bash' > $TMP_DIR/backup_cron
 echo '(crontab -l 2>/dev/null -u appadmin; echo "0 21 * * * svn update /opt/midtierscripts"; echo "00 01 1 1,4,7,10 * /opt/midtierscripts/utility/devel_cert/cert_report.sh";) | crontab -' >> $TMP_DIR/backup_cron
 sudo chmod +x $TMP_DIR/backup_cron
 sudo -u appadmin $TMP_DIR/backup_cron
}

delete_tmp_dir (){
 cd ~
 rm -rf ${TMP_DIR}
}

svn_prep
edit_answer
java_install
gf_install
enable_secure_admin
gf_config
cert_install
create_service
ldap_authentication
glassfish_update
copy_drivers
cron
delete_tmp_dir
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)