Wed. Jun 3rd, 2020

Binary Blogger

Are you a 1 or a 0? News, Thoughts and Reviews

CA IdentityMinder – Enabling JBOSS As A Service On 64-bit Windows

5 min read

If you are using the Out Of The Box installation that CA provides then you have installed JBOSS 5.1. The open source app server is just fine for running the products however in my opinion if a vendor recommends and provides some instructions on how to configure JBOSS, they should provide all instructions and support around that as well.

If you are going to take JBOSS to a production level you must setup Windows to run JBOSS as a service. Now there are a few ways to do this but if you are running 64-bit Windows running 64-bit JBOSS the CA Documentation will not work for you.

Side Story
When I ran into this issue I am about to detail I opened a case with CA. Instead of getting back instructions on an alternate method to enable JBOSS as a service I received a response that JBOSS is a 3rd party product, go read the JBOSS documentation on how to do it. 

I am a highly technical resource but know lots of shops that have IAM teams that would never be able to figure out how to do it and stall their projects.

So here’s the problem with the CA recommended steps and how to do it.

========================================================================
DISCLAIMER: These instructions are what worked for me in my environment. These may or may not work the same for you in your environment. If you have a problem with these steps feel free to leave a comment for these posts, but don’t expect me to support or provide further assistance past what I detail out here.

========================================================================


CA Instruction Location (Using the IAM 12.6 Bookshelf)
Installation Guide › JBoss Version › CA IdentityMinder as a Windows Service › Install the Java Service Wrapper Files

The documentation refers you to another 3rd party location, Tanuki Software, to download the Java Service Wrapper. This may have been fine before but after several hours of trying to get it to work I finally saw why my installation was failing.

From Tanuki Software
      *1: 64-bit Windows versions of the Java Service Wrapper are not currently being made available in the Community Edition.

The Community Version (free) doesn’t support 64-Bit Windows. OK… I see on CA’s website there is a notice that the next major release of IdentityMinder will only support 64-bit deployments. This may be a problem for JBOSS users. Not really because here’s how to enable the service with JBOSS components.

Depending how you have JBOSS installed the directories may be slightly different.

Go to the JBOSS community site and download a native connector package – 

  • http://www.jboss.org/jbossweb/downloads/jboss-native-2-0-10.html 
    • The file for 64-bit is binaries 2.0.10-windows x64
  • Copy the zip to the IDM server and unpack it to a directory.
  • In  the new directory you will have a bin folder, in there make a copy of service.bat. 
    • (A sample of the edited service.bat is at the bottom of this post)
    • Edit service.bat
      • Locate and delete all of these strings
      • > run.log
      • >> run.log
      • > shutdown.log
      • >> shutdown.log
      • 2>&1
    • Save file.
  • Now, you must do this in the file
    • In the :cmdStop section put the full path for the shutdown bat.
      • Example: call D:\jboss-5.1.0.GA-jdk6\jboss-5.1.0.GA\bin\shutdown.bat -S < .s.lock
    • The reason is if shutdown is just called by itself, Windows catches it first and Shutdown will power off your server in 1 minute. You want it to call the JBOSS shutdown file. Even if JBOSS is in the path correctly, I have seen the OS executes it first… bye bye server
  • Open a command prompt, Run As Administrator, navigate to the bin directory of the native package you downloaded.
    • Type service install
      • A confirmation message will appear that the service was installed.
    • Open Control Panel and set the service to Automatic.
    • Restart the system. 
      • Note – It may take several minutes for IDM to get fired up. Don’t expect the console to be up as soon as the box reboots.
    • If you goof up go back to the bin and enter service uninstall to get rid of it and do it over.

That’s it. It’s simpler than it looks

======================================================


I have this up and running and have run into no problems with the service not starting or not staying up. It’s been several weeks and it’s looking fine.

Here’s the ironic part of these instructions, even though CA Support told me to go JBOSS docs and figure it out, these steps I just detailed are modified from the CA GovernanceMinder documentation for enabling JBOSS as a service.

End of Line.

Sample Edited service.bat
===================================================

@echo off
REM JBoss, the OpenSource webOS
REM
REM Distributable under LGPL license.
REM See terms of license at gnu.org.
REM
REM ————————————————————————-
REM JBoss Service Script for Windows
REM ————————————————————————-


@if not “%ECHO%” == “” echo %ECHO%
@if “%OS%” == “Windows_NT” setlocal
set DIRNAME=%CD%

REM
REM VERSION, VERSION_MAJOR and VERSION_MINOR are populated
REM during the build with ant filter.
REM
set SVCNAME=JBAS50SVC
set SVCDISP=CA IDM
set SVCDESC=CA IDM JBoss Application Server 5.0.0 GA/Platform: Windows x64
set NOPAUSE=Y

REM Suppress killing service on logoff event
set JAVA_OPTS=-Xrs

REM Figure out the running mode

if /I “%1” == “install”   goto cmdInstall
if /I “%1” == “uninstall” goto cmdUninstall
if /I “%1” == “start”     goto cmdStart
if /I “%1” == “stop”      goto cmdStop
if /I “%1” == “restart”   goto cmdRestart
if /I “%1” == “signal”    goto cmdSignal
echo Usage: service install^|uninstall^|start^|stop^|restart^|signal
goto cmdEnd

REM jbosssvc retun values
REM ERR_RET_USAGE           1
REM ERR_RET_VERSION         2
REM ERR_RET_INSTALL         3
REM ERR_RET_REMOVE          4
REM ERR_RET_PARAMS          5
REM ERR_RET_MODE            6

:errExplain
if errorlevel 1 echo Invalid command line parameters
if errorlevel 2 echo Failed installing %SVCDISP%
if errorlevel 4 echo Failed removing %SVCDISP%
if errorlevel 6 echo Unknown service mode for %SVCDISP%
goto cmdEnd

:cmdInstall
jbosssvc.exe -imwdc %SVCNAME% “%DIRNAME%” “%SVCDISP%” “%SVCDESC%” service.bat
if not errorlevel 0 goto errExplain
echo Service %SVCDISP% installed
goto cmdEnd

:cmdUninstall
jbosssvc.exe -u %SVCNAME%
if not errorlevel 0 goto errExplain
echo Service %SVCDISP% removed
goto cmdEnd

:cmdStart
REM Executed on service start
del .r.lock | findstr /C:”being used” > nul
if not errorlevel 1 (
  echo Could not continue. Locking file already in use.
  goto cmdEnd
)
echo Y > .r.lock
jbosssvc.exe -p 1 “Starting %SVCDISP%” > run.log
call D:\jboss-5.1.0.GA-jdk6\jboss-5.1.0.GA\bin\run.bat < .r.lock
jbosssvc.exe -p 1 “Shutdown %SVCDISP% service”
del .r.lock
goto cmdEnd

:cmdStop
REM Executed on service stop
echo Y > .s.lock
jbosssvc.exe -p 1 “Shutting down %SVCDISP%”
call D:\jboss-5.1.0.GA-jdk6\jboss-5.1.0.GA\bin\shutdown.bat -S < .s.lock
jbosssvc.exe -p 1 “Shutdown %SVCDISP% service”
del .s.lock
goto cmdEnd

:cmdRestart
REM Executed manually from command line
REM Note: We can only stop and start
echo Y > .s.lock
jbosssvc.exe -p 1 “Shutting down %SVCDISP%”
call D:\jboss-5.1.0.GA-jdk6\jboss-5.1.0.GA\bin\shutdown -S < .s.lock
del .s.lock
:waitRun
REM Delete lock file
del .r.lock > nul
REM Wait one second if lock file exist
jbosssvc.exe -s 1
if exist “.r.lock” goto waitRun
echo Y > .r.lock
jbosssvc.exe -p 1 “Restarting %SVCDISP%”
call D:\jboss-5.1.0.GA-jdk6\jboss-5.1.0.GA\bin\run.bat < .r.lock
jbosssvc.exe -p 1 “Shutdown %SVCDISP% service”
del .r.lock
goto cmdEnd

:cmdSignal
REM Send signal to the service.
REM Requires jbosssch.dll to be loaded in JVM
@if not “”%2″” == “””” goto execSignal
echo Missing signal parameter.
echo Usage: service signal [0…9]
goto cmdEnd
:execSignal
jbosssvc.exe -k%2 %SVCNAME%
goto cmdEnd

:cmdEnd

==================================================



Copyright © All rights reserved. | Newsphere by AF themes.