Sentinel Express 2.7.0 :: Sentinel Administration Guide :: Installing the Sentinel Provisioning Module

The Sentinel provisioning module is distributed as a Rhino Element Manager (REM) extension.

It requires a standalone distribution of REM 1.4.0 or compatible. REM can be installed with Jetty or Apache Tomcat. These instructions provide steps for configuring Apache Tomcat.

See the Rhino Element Manager User Guide to install and configure the Rhino Element Manager.

You’ll need these files to install the Sentinel Provisioning module:

apache-tomcat-<version>.zip
rhino-element-manager-<version>.zip
sentinel-express-element-manager-<version>.zip

Below are the procedures to set up Tomcat, install the REM extension, and run it securely

Set up Tomcat

To set up Apache Tomcat for the Sentinel Provisioning module:

1	Unzip `apache-tomcat.zip`: cd ~/RhinoSDK # or the location where your RhinoSDK is installed export RHINO_HOME=`pwd` unzip apache-tomcat.zip -d $RHINO_HOME cd $RHINO_HOME/apache-tomcat* export TOMCAT_HOME=`pwd` mkdir rem_home
2	Create the file `$TOMCAT_HOME/bin/setenv.sh` with this content: CATALINA_OPTS="-Drem.home=$CATALINA_BASE/rem_home -Dderby.stream.error.file=$CATALINA_BASE/rem_home/derby.log -Drem.encryption.password=changeit"
3	Set permissions: chmod +x $TOMCAT_HOME/bin/*.sh

Unzip apache-tomcat.zip:

cd ~/RhinoSDK  # or the location where your RhinoSDK is installed
export RHINO_HOME=`pwd`
unzip apache-tomcat.zip -d $RHINO_HOME
cd $RHINO_HOME/apache-tomcat*
export TOMCAT_HOME=`pwd`
mkdir rem_home

Create the file $TOMCAT_HOME/bin/setenv.sh with this content:

CATALINA_OPTS="-Drem.home=$CATALINA_BASE/rem_home -Dderby.stream.error.file=$CATALINA_BASE/rem_home/derby.log -Drem.encryption.password=changeit"

Set permissions:

chmod +x $TOMCAT_HOME/bin/*.sh

Install the REM extension

To install the REM extension for the Sentinel Provisioning Module:

1	Unzip `rhino-element-manager.zip`: cd $RHINO_HOME unzip rhino-element-manager.zip -d $RHINO_HOME cd rhino-element-manager* export REM_HOME=`pwd`
2	Copy `sentinel-express-element-manager-<version>.zip` into `$REM_HOME/admin/extensions`.
3	Run `install-extensions.sh`: cd $REM_HOME/admin ./install-extensions.sh
4	Unzip `rem.war`: cd $REM_HOME/admin/target unzip rem.war
5	Edit `WEB-INF/classes/log4j.properties` with this content: log4j.rootLogger=INFO, FILE, CONSOLE log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p <%t> [%c] %m%n log4j.appender.FILE=org.apache.log4j.FileAppender log4j.appender.FILE.File=${rem.home}/rem.log log4j.appender.FILE.layout=org.apache.log4j.PatternLayout log4j.appender.FILE.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p <%t> [%c] %m%n log4j.logger.rem=INFO log4j.logger.openjpa=INFO log4j.logger.org.apache.wink=INFO # Uncomment for subscriberdata cache eviction logging #log4j.logger.rem.server.sentinel.subscriberdata.cache=TRACE log4j.logger.sentinel.audit=INFO, AUDIT log4j.additivity.sentinel.audit=false log4j.appender.AUDIT=org.apache.log4j.FileAppender log4j.appender.AUDIT.File=${rem.home}/sentinel-audit.log log4j.appender.AUDIT.layout=org.apache.log4j.PatternLayout log4j.appender.AUDIT.layout.ConversionPattern="%d{yyyy-MM-dd HH:mm:ss,SSS}", "%c{1}", %m%n
6	Zip and move `rem.war` to `webapps`: zip -rqu rem.war * mv rem.war $TOMCAT_HOME/webapps/
7	Remove install files: (optional) cd $RHINO_HOME rm -rf rhino-element-manager*
8	Import a Rhino Trust Certificate into REM: "${JAVA_HOME}/bin/keytool" -importcert -file ${RHINO_HOME}/rhino-trust.cert -keystore "${TOMCAT_HOME}/rem_home/rhino-ems.ks" -storepass changeit -noprompt
9	Start Tomcat: cd $TOMCAT_HOME ./bin/catalina.sh run

Restarting Tomcat

To restart Tomcat when needed, run these commands:

cd $TOMCAT_HOME
./bin/catalina.sh stop
./bin/catalina.sh run

Security considerations

Below are recommendations for securely running the Sentinel Provisioning Module.

Use https

Be aware that the Sentinel machine API uses HTTP BASIC authentication. This passes the username and password with every request.

To prevent your credentials going over the network unencrypted, run REM over https.

Set up SSL

See the Tomcat 7 - SSL How-To docs for help setting up SSL in Apache Tomcat 7.

Safeguard configuration data

By default, all REM and Sentinel provisioning configuration data is stored in the current working directory. When running REM from within Apache Tomcat, this means that the data will reside wherever you start Tomcat from. If Tomcat is stopped and then started from a different directory, the previous configuration data will not be found.

To specify a new directory for REM (and the Sentinel provisioning REM extension) to store its data in:

1	Edit (or create) `${TOMCAT_HOME}/bin/setenv.sh`, modifying the `rem.home `property to a new value.
2	If you already had existing configuration data which you want to keep, make sure Tomcat is stopped and then move it to the new data directory. This data may include: `rem_data` — REM configuration data `rhino-ems.ks` — keystore containing Rhino instance trust certificates `sentinel_data` — Sentinel provisioning configuration data `sentinel-provisioning-config.properties` — Sentinel provisioning configuration settings.
3	Start/restart Tomcat.

Edit (or create) ${TOMCAT_HOME}/bin/setenv.sh, modifying the `rem.home `property to a new value.

If you already had existing configuration data which you want to keep, make sure Tomcat is stopped and then move it to the new data directory. This data may include:

rem_data — REM configuration data
rhino-ems.ks — keystore containing Rhino instance trust certificates
sentinel_data — Sentinel provisioning configuration data
sentinel-provisioning-config.properties — Sentinel provisioning configuration settings.

Start/restart Tomcat.

Previous page Next page