.

Symas How-To Guide

Step 3: Apache Fortress Setup for HA


Step 3: Configuring Apache Fortress-OpenLDAP for High Availability


Prereqs tailored for REDHAT

  • Java v8 installed
  • Apache Fortress-OpenLDAP Virtual IP Setup complete
  • Steps under OpenLDAP HA Installation complete

Introduction

Apache Fortress software will be installed to:

  • /opt/fortress: The root folder for the Apache Fortress runtime.
  • /opt/fortress/lib: Apache Fortress Realm proxy component.
  • /opt/fortress/webapps: Apache Fortress Rest component.
  • /opt/fortress/logs/catalina.out: The process logfile.
  • /etc/systemd/system/fortress.service: The service configuration is placed here.

Fortress Server Setup

To be performed on each machine.

1. Prep Env

a. Download Tomcat 9 to local machine

b. Create Installation folder, extract tar, goto folder:

$ mkdir /opt/fortress
$ tar -zxvf apache-tomcat-[VERSION].tar.gz -C /opt/fortress --strip-components=1
$ cd /opt/fortress

Where [VERSION] matches downloaded latest Apache Fortress Tomcat.  As of today, 9.0.13.

2. Install Fortress

a. Deploy Apache Fortress Realm Proxy:

$ wget http://repo.maven.apache.org/maven2/org/apache/directory/fortress/fortress-realm-proxy/[VERSION]/fortress-realm-proxy-[VERSION].jar -P /opt/fortress/lib

Where [VERSION] matches latest Apache Fortress Realm. As of today, 2.0.3.

b. Deploy Apache Fortress Rest:

$ wget https://repository.apache.org/content/repositories/releases/org/apache/directory/fortress/fortress-rest/[VERSION]/fortress-rest-[VERSION].war -P /opt/fortress/lib

Where [VERSION] matches latest Apache Fortress Rest. As of today, 2.0.3.

3. Configure Fortress-as-a-Service

a. Create a group and user for Apache Fortress process to run under:

$ groupadd fortress
$ useradd -s /bin/nologin -g fortress -d /opt/fortress fortress

b. Edit systemd file

$ vi /etc/systemd/system/fortress.service

c. Add the following. Change JAVA_OPTS for hostname, admin user/pw for your env.

[Unit]
Description=Apache Fortress is powered by Apache Tomcat
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/fortress/temp/fortress.pid
Environment=CATALINA_HOME=/opt/fortress
Environment=CATALINA_BASE=/opt/fortress
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment="JAVA_OPTS=-Djava.awt.headless=true 
                       -Dfortress.host=localhost
                       -Dfortress.port=389
                       -Dfortress.admin.user=cn=manager,dc=example,dc=com
                       -Dfortress.admin.pw=secret
                       -Dfortress.config.root=ou=config,dc=example,dc=com"
                       -Dfortress.min.admin.conn=1
                       -Dfortress.max.admin.conn=10
                       -Dfortress.ldap.server.type=openldap
                       -Dfortress.config.realm=DEFAULT
ExecStart=/opt/fortress/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=fortress
Group=fortress

[Install]
WantedBy=multi-user.target
  • Here, we'll point each instance of Apache Fortress to slapd running localhost.
  • Defaults given for JAVA_HOME, service accounts, password, host, port, etc, change to match your env.

d. Enable the service to startup automatically.

$ chown fortress.fortress -R /opt/fortress
$ systemctl start fortress.service
$ systemctl enable fortress.service

e. Verify it's running and no errors in the logs.

$ ps -ef | grep tomcat
$ tail -f -n10000 /opt/fortress/logs/catalina.out

4. Testing

Prequisites for these tests

  • Curl installed onto local machine

Use Apache Fortress Quickstart to test services

1. Download and extract.

$ wget https://github.com/shawnmckinney/apache-fortress-quickstart/archive/master.zip

2. Open a system prompt and navigate to folder in quickstart package containing test files.

$ cd apache-fortress-quickstart-master/src/test/resources

3. Run through the samples:  SECTION 5. Test Apache Fortress Rest with Curl.

a. Run the sample curl commands. Password for tests, corresponding with adminuser: $3cret
b. Point the commands to IP address of the VIP, setup earlier.

4. Verify replication

Use a preferred LDAP client to verify that data is being replicated between the masters as you run the tests.

Speak With Us Today

Our staff are here to answer your questions. 
+1 650.963.7601