Skip to end of metadata
Go to start of metadata

Intro

This guide will show you how to instantiate a EC2 instance with OpenAM pre-installed, but also how to build such an image yourselves from scratch. This guide is updated and describes how to instantiate a OpenAM 10.0.0 instance running in Tomcat 7.

If you don't have an account at AWS, you have to create one to be able to create this image. Log in or create an account at at http://aws.amazon.com/console/

The OpenAM image is based upon a Amazon Linux AMI 64 bit “small” instance with 1 ECU, 1 Core, 1.7 GB RAM. It's possible to upgrade it later if you need for instance more RAM, or more ECU's.

A default EC2 instances will get a new IP every time it's booted, and therefor also a new FQDN (Public DNS). To avoid this allocate a "Elastic IP" and associate it with the newly created OpenAM instance, if you need to access the instance using the same name or IP every time it's restarted.

Fast track

The current OpenAM images is only available in the "EU West (Ireland) region". Make sure you switch to this region before searching for any AMI.

  • Click on “Launch Instance” from your instance menu
  • Select “Community AMIs”
  • Search for ForgeRock or OpenAM among “All Images” (take some time to load)
  • From the list of ForgeRock AMI’s click the “Select” next to the image you would like to instantiate
  • Select “Small (m1.small, 1.7 GB)” from the Instance type. OpenAM needs more RAM than the Micro instance can provide with 640MB.
  • Create a “Key Pair” if you don’t have any.
  • Create a “Security Group” if you don’t have any with the port 22 (SSH) and 8080(Tomcat/OpenAM) open for access 
  • Launch....
  • Associate the instance with a static IP from the Elastic IP pool (if you need to)
  • Point your browser to the IP/Public DNS on port 8080 and /openam

Thats it, your done....

Manual creation of instance from scratch

Here is a guideline if you would like to create a similar image yourselves from scratch, with the necessary software and configuration to run OpenAM in Amazon EC2.

  •  Select the "Amazon Linux AMI 64-bit" server type
  •  Choose 1 instance select "Small (m1.small, 1.7 GB)" for the "Instance Type", OpenAM needs memory
  •  Add some description to the instance
  •  Add some key/value pair to the instance
  •  Create a key pair (if you don't already have one you could use for SSH for this instance)
  •  Choose the "OpenAM" security group previously created.
  •  Click on "Lanuch" to create the instance, and make it active.

Install the software

Connect to the EC2 instance using your encrypted key previously created and downloaded locally using ssh similar to this command with your unique hostname.

Example:
ssh -i .ec2/openam.pem ec2-user@ec2-46-137-31-234.eu-west-1.compute.amazonaws.com

(Can also choose the connect option from the drop down menu of the instance, using the Java SSH client) 

When logged in then you can start installing the necessary software.

  • sudo yum install tomcat7
  • sudo /sbin/chkconfig --level 2345 tomcat7 on 
  • (just to make Tomcat start on boot)
  • Open the web page for the OpenAM Enterprise downloads: http://forgerock.com/download-stack/
  • Select OpenAM, and fill in the form and accept the terms, proceed to the page with the download links.
  • Copy the link address for the WAR file.
  • sudo wget <link address to the war file>
  • sudo mv openam_10.1.0.war /usr/share/tomcat7/webapps/openam.war
  • (The name of the war file will also be the name of the web context by default)
  • sudo chown -R tomcat /usr/share/tomcat7/
  • (Change the file ownership to the tomcat user for all related files. The Tomcat process will run default as “tomcat” as owner)
  • sudo vi /etc/tomcat7/tomcat7.conf 
  • (Open the Tomcat config file in a text editor)
  • Add the following  to the JAVA_OPTS="-Xmx1024m -XX:MaxPermSize=256m"
  • (This is the recommended setup for OpenAM)
  • sudo /sbin/service tomcat7 start 
  • (Start the Tomcat deamon, and deploy OpenAM)
  • sudo chmod -R 775 /var/log/tomcat7/
  • (Just so the default ec2-user can read the logs)

Then you can point your browser to the instance something similar to (using your hostname):

http://ec2-46-137-31-234.eu-west-1.compute.amazonaws.com:8080/openam

to start the OpenAM configuration wizard.

Labels
  • None