/
Unix: Installation Guide

Unix: Installation Guide

This short guide shall enable you to install TIM on Unix.

Preconditions for UNIX

Database access preferably db_owner on either MySQL 8, SQL Server 2019 / 2022, or Oracle 19c according to our latest requirements in the release notes → Release Notes - Documentation EN - TIM BPM Documentation (atlassian.net)

Get additional tools if possible:

  • MSSQL Management Studio or MySQL Workbench

  • open Ports for incoming connections, such as 443/8443

Resources

Installation

  1. Create a folder tim under e.g /usr/local/

  2. Create a user and group, e.g. tim that owns folder tim

  3. Copy WildFly and WildFly JWT Delta into tim folder

  4. Copy docs/contrib/scripts/systemd/launch.sh to bin/

  5. Copy docs/contrib/scripts/systemd/wildfly.conf to /etc/default/

  6. Copy docs/contrib/scripts/systemd/wildfly.service to /etc/systemd/system/

  7. Open bin/standalone.conf to disable.

    # TIM Solutions GmbH Configuration part # Feel free to edit this configuration below! #JAVA_OPTS="$JAVA_OPTS -Djboss.socket.binding.port-offset=0" #JAVA_OPTS="$JAVA_OPTS -Djboss.http.port=8080" #JAVA_OPTS="$JAVA_OPTS -Djboss.JDBC_CONNECTION=jdbc:sqlserver://database.fqdn:1433\;database=tim\;encrypt=true\;loginTimeout=30\;" #JAVA_OPTS="$JAVA_OPTS -Djboss.JDBC_DRIVER=sqlserver" #JAVA_OPTS="$JAVA_OPTS -Djboss.CHECK_ALIVE_QUERY='SELECT 1 FROM TIM_DUAL'" #JAVA_OPTS="$JAVA_OPTS -Djboss.DBUSER=tim" #JAVA_OPTS="$JAVA_OPTS -Djboss.DBPASSWORD=t1m"

  8. Open standalone/configuration/standalone-tim.xml to set datasources to the desired database.

    SET ‘SELECT 1 FROM TIM_DUAL’

  9. Check socket-binding for correct port offset

  10. Open /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/tim.properties and add

    keypair-password=changeit

     

  11. Run the following keytool command to create a jwt.keystore and add the key

    keytool -genkey -alias jwt.key -keyalg RSA -keysize 2048 -keystore /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/jwt.keystore -storepass changeit -validity 900 -keypass changeit

  12. Iterate through the questions

  13. Open under /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/tim.properties to set default client and add initpass for custom passwords (after the initial init of the system credentials can be encrypted via admin panel). Comment out # to not make use of the default passwords.

    default-client= #initpass-super-admin= #initpass-super-sys.support= #initpass-x-admin= #initpass-x-sys.support= #initpass-x-others=

  14. Encoding via the administration panel of secrets is possible after the initialization of the application.

  15. Copy tim.ear and dashboard.war from TIM_x.x.x.zip into /usr/local/tim/wildfly-[VERSION].Final/standalone/deployments

  16. Set WILDFLY_CONFIG=standalone-tim.xml in /etc/default/wildfly.conf

  17. Set below parameters for /etc/systemd/system/wildfly.service

    [Service] Environment=LAUNCH_JBOSS_IN_BACKGROUND=1 EnvironmentFile=-/etc/default/wildfly.conf User=tim LimitNOFILE=102642 PIDFile=/run/wildfly/wildfly.pid ExecStart=/usr/local/tim/wildfly-[VERSION].Final/bin/launch.sh $WILDFLY_MODE $WILDFLY_CONFIG $WILDFLY_BIND StandardOutput=null

  18. Enable service with systemctl enable wildfly.service & systemctl daemon-reload

  19. Run systemctl start wildfly.service and check server.log /usr/local/tim/wildfly-[VERSION].Final/standalone/log for any issues to resolve. Popular issues: closed ports, the network connection to the database, missing permissions, or antivirus tool intervention.

  20. Open http://127.0.0.1:8080/loom-portal/hidden.htm to initialize the database. (InitDB)

  21. Open Eclipse for license generation, ID Token, Multi or Single Node, Validity in month, Customer Name, values have to be provided from Ticket except ID and Node copy and paste license into customer page. Customers can order a license under https://webform.tim-solutions.de/licenserequest/

The difference between single and multi node license depends on the database instance. As soon as a multi node token is displayed, a multi node license should be ordered.

  1. Open http://127.0.0.1:8080/loom-portal/license.htm to install the license as super/admin.

  2. Log into super tenant http://localhost:8080/tim/client/ to create a customer tenant. Tenant Creation - Documentation EN - TIM BPM Documentation (atlassian.net)

  3. Replace unencrypted Passwords with encrypted ones in /usr/local/tim/wildfly-[VERSION].Final/standalone/configuration/tim.properties

 

For further configuration - e.g SMTP, LDAP Auth & Sync or SSO with SAML - please check the links below.

Additional Configuration

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/227969903
https://tim-doc.atlassian.net/wiki/spaces/eng/pages/228102152/Module+Requirements#Mailserver
https://tim-doc.atlassian.net/wiki/spaces/eng/pages/228102152/Module+Requirements#SAML-2.0
https://tim-doc.atlassian.net/wiki/spaces/eng/pages/228102152/Module+Requirements#LDAP
https://tim-doc.atlassian.net/wiki/spaces/eng/pages/227871731
https://tim-doc.atlassian.net/wiki/spaces/eng/pages/228396550

 

KEYSTORE GENERATION

There is a command to create a keystore: 

keytool -genkey -alias jwt.key -keyalg RSA -keysize 2048 -keystore jwt.keystore -storepass changeit -keypass changeit

The generated keystore must be located under standalone/configuration folder and must have a name jwt.keystore

TIM.PROPERTIES CONFIGURATION

Text above highlighted in bold can be changed and must be the same as defined in tim.properties. The tim.properties file has the following properties:

  1. Value of keystore-password property must be equal to the -storepass value of the aforementioned command 

  2. Value of keypair-name property must be equal to the -alias value of the aforementioned command 

  3. Value of keypair-password property must be equal to the -keypass value of the aforementioned command 

STANDALONE XML CONFIGURATION

Additionally, the standalone file must contain the keystore-password in the section of keystores definition:

<key-store name="jwt-key-store"> <credential-reference clear-text="changeit"/> <implementation type="JKS"/> <file path="jwt2.keystore" relative-to="jboss.server.config.dir"/> </key-store>

Have a look at the   <credential-reference clear-text="changeit"/> . Credential-reference must be equal to the keystore-password.

When defining a certificate parameter for jwt issuer in the standalone config, we must put a value of the certificate name:

<token-realm name="tim-jwt-realm" principal-claim="uid"> <jwt issuer="TimBpmSuite" audience="TimBpmSuiteAudience" key-store="jwt-key-store" certificate="jwt.key"/> </token-realm>

This value must be equal to keypair-name property value in tim.properties and -alias of the keystore generation command 

Azure SaaS Considerations

  1. Azure Application Gateway

  2. App Gateway Listener

  3. Check Firewall Port

  4. Log into the customer tenant to configure SMTP settings or create customer accounts as per ticket.

 

© TIM Solutions GmbH | AGB | Datenschutz | Impressum