Jarvis Installation walk through.

book

Article ID: 193887

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM) CA Virtual Privilege Manager

Issue/Introduction

Walk through for a basic install of User Activity Reporting Module (a.k.a UARM and Jarvis) on Red Had Enterprise Linux 7.x for PIM14.

Environment

Release : 14.0

Component : JASPERSOFT REPORTS FOR PAM SERVER CONTROL

Resolution

Please note that as is general Linux/unix convention, for a line with a command to be run that starts with a # or $ do not type the # or $. This is the prompt to indicate that # means the command should be executed as root and  $ means the command should be executed as a non-root user.

Remember, you should not type in the # or the $ at the beginning of the line when executing any commands below.

This document also assumes that you have installed a 64 bit Oracle 1.8.x JDK which is set up as the java for the system and included in the PATH environment variable to run Oracle java instead of OpenJDK.

1) Extract jarvisInstaller_InstallAnyWhere-2.3.0.tar:

# mkdir /jarvis
# mv jarvisInstaller_InstallAnyWhere-2.3.0.tar /jarvis
# cd /jarvis
# tar xf jarvisInstaller_InstallAnyWhere-2.3.0.tar

2) Prepare for install:

# cd /jarvis/jarvisInstaller_installAnyWhere/scripts
# chmod +x prepareMachineAsRoot.sh

Below I am using jarvisuser. This will create a user called jarvisuser which we will use to install and run jarvis. You can use any username for this which is not already on the system. 

# ./prepareMachineAsRoot.sh jarvisuser
# chown -R jarvisuser:jarvisuser /jarvis

3) Create the certificates

# cd /jarvis/jarvisInstaller_installAnyWhere/scripts
# chmod +x generate_dev_certs.sh

3a) Perform this only if "host -TtA $(hostname -s) |grep "has address"| awk '{print $1}' " does not return a FullyQualifiedHostname.

Edit generate_dev_certs.sh, and find:

if [[ "${fqn}" == "" ]]
  then fqn=$(hostname -s)
fi
echo "${fqn}"

Add the line fqn=<FQDN> like below where <FQDN> is the fully qualified domain name of the server we are installing on:

if [[ "${fqn}" == "" ]]
  then fqn=$(hostname -s)
fi
fqn=<FQDN>
echo "${fqn}"

Save the file and exit.

3b) [OPTIONAL] Set the certificate expiry days.

Edit /jarvis/jarvisInstaller_installAnyWhere/scripts/generate_dev_certs.sh and modify the -days parameter (which is 365 - one year - by default) in the following three lines:

openssl req -new -x509 -keyout ca-key -out ca-cert -days 365 -passout pass:$password -subj $dn

keytool -keystore keystore.jks -alias jarvis-key -validity 365 -genkey -dname $dn -storepass $password -noprompt -keypass $password -ext SAN=DNS:${fqn},oid:1.2.3.4.5.5 -keyalg RSA -keysize   2048 -sigalg SHA256withRSA

openssl x509 -req -CA ca-cert -CAkey ca-key -in jarvis-cert-file -out jarvis-cert-signed -days 365 -CAcreateserial -passin pass:$password

3c) Generate the certs:

# cd /jarvis/jarvisInstaller_installAnyWhere

Replace <password> with the password you want to use for the keystore and certificates. You can execute generate_dev_certs.sh without a parameter in which case the password will be set to [email protected]

# /jarvis/jarvisInstaller_installAnyWhere/scripts/generate_dev_certs.sh <password>

Copy the certificates to where they are needed:

# mkdir -p /opt/CA/Analytics/sslCerts
# cp truststore.jks  ca-key  ca-cert  keystore.jks  jarvis-cert-signed  jarvis-cert-file  ca-cert.srl  /opt/CA/Analytics/sslCerts

4) Modify the installer properties

Edit /jarvis/jarvisInstaller_installAnyWhere/properties/analyticsInstaller.properties

Find:

SSL_ENABLED=false

Set to:

SSL_ENABLED=true

Find:

KEYSTORE_FILEPATH=$USER_INSTALL_DIR$/sslCerts/CN=analytics-keystore.jks
TRUSTSTORE_FILEPATH=$USER_INSTALL_DIR$/sslCerts/analytics-truststore.jks
KEYSTORE_PASSWORD=1237c3b0ef108fe28b90
TRUSTSTORE_PASSWORD=dc075fba9dd181b77fb1
KEY_PASSWORD=abcd1234

Change to (where <password> is the password set in 3c):

KEYSTORE_FILEPATH=$USER_INSTALL_DIR$/sslCerts/keystore.jks
TRUSTSTORE_FILEPATH=$USER_INSTALL_DIR$/sslCerts/truststore.jks
KEYSTORE_PASSWORD=<password>
TRUSTSTORE_PASSWORD=<password>
KEY_PASSWORD=<password>

Save the file and exit.

5) Install jarvis:

# chown -R jarvisuser:jarvisuser /opt/CA/Analytics
# su - jarvisuser
$ cd /jarvis/jarvisInstaller_installAnyWhere
$ ./CA_Analytics.bin -f properties/analyticsInstaller.properties

 

6) In order for ENTM to connect to Jarvice successfully you will need to import the CA certificate to ENTM.

/jarvis/jarvisInstaller_installAnyWhere/scripts/ca-cert

Copy the above file to your ENTM server.

Goto your "<JDK>/jre/lib/security" folder and import the "ca-cert" file to "cacerts" keystore.

C:\jdk1.8.0_202\jre\lib\security> keytool -import -keystore cacerts -trustcacerts -alias jarvis-ca -file <ca-cert filepath> -storepass changeit

Restart ENTM Jboss.