Installation Guide

Owned by Betül Kara (Unlicensed)
Last updated: Mar 04, 2024 by Philipp Deycke

This short guide shall enable you to install TIM v7.14.1 on Windows or Linux OS.

JBOSS = WildFly

Preconditions for Windows or UNIX

Database access preferably db_owner on either MySQL 8, SQL Server 2019, or Oracle 19c according to our latest requirements in the release notes → Release Notes - Documentation EN - TIM BPM Documentation (atlassian.net)

Get additional tools if possible:

Windows OS

Quick guide for Windows installation with WildFly29 & TIM v7.13

Resources

Installation

  1. Install JDK and set JAVA_HOME for the system. Can be checked via system environmental variables.

  2. On Disk create folder tim e.g. C:\tim

  3. Unzip wildfly as per request to C:\tim\wildfly-VERSION and rename the folder to wildfly-VERSION-dev, -stage or -prod according to purpose.

  4. Copy & replace the content of wildfly-VERSION-JWT-delta.zip into WildFly Home e.g. C:\tim\wildfly-VERSION-dev

  5. Copy folder service from C:\tim\wildfly-VERSION-\docs\contrib\scripts to C:\tim\wildfly-VERSION.Final-\bin

  6. Edit with notepad++ C:\tim\wildfly-VERSION-dev\bin\service\service.bat and change SHORTNAME and DISPLAYNAME to e.g. TIM24DEV / Timprod-WildFly29

CONTROLLER=localhost:9990 in service.bat needs to match jboss.management.http.port in standalone-tim.xml

important if multiple app server are installed on one host machine

Copy from https://s3.eu-central-1.amazonaws.com/delivery.aws.tim-bpm.com/setup/jbcs-jsvc-1.1.0-win6-x86_64.zip

\jbcs-jsvc-1.1.0-win6-x86_64\jbcs-jsvc-1.1\bin\prunmgr.exe
\jbcs-jsvc-1.1.0-win6-x86_64\jbcs-jsvc-1.1\sbinprunsrv.exe

into the \bin folder when having trouble with shut-down of service

  1. Open C:\tim\wildfly-VERSION.Final\standalone\configuration\tim.properties and add

    keypair-password=changeit

  2. Run the following keytool command to create a jwt.keystore and adding the key

    keytool -genkey -alias jwt.key -keyalg RSA -keysize 2048 -keystore C:\tim\wildfly-VERSION.Final\standalone\configuration\jwt.keystore -storepass changeit -validity 900 -keypass changeit

  3. Iterate through the questions

     

  4. Open C:\tim\wildfly-VERSION.Final-dev\bin\standalone.conf.bat to check for XMS and rem all lines from 96 to 104 regarding port offset and the DB connection string. You can make use of this standalone-tim.xml config parts within the standalone.conf.bat by setting the java opts. e.g. for container use.

    set "JAVA_OPTS=%JAVA_OPTS% -Xms2G -Xmx2G -XX:MetaspaceSize=96M -XX:MaxMetaspaceSize=512m" rem TIM Solutions GmbH Configuration part rem Feel free to edit this configuration below! rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.socket.binding.port-offset=0" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.http.port=8080" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.JDBC_CONNECTION=jdbc:sqlserver://database.fqdn:1433;database=tim;encrypt=true;loginTimeout=30;" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.JDBC_DRIVER=sqlserver" rem set 'JAVA_OPTS=%JAVA_OPTS% -Djboss.CHECK_ALIVE_QUERY="SELECT 1 FROM TIM_DUAL"' rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.DBUSER=tim" rem set "JAVA_OPTS=%JAVA_OPTS% -Djboss.DBPASSWORD=t1m"

  5. Open under C:\tim\wildfly-VERSION.Final-dev\standalone\configuration\standalone-tim.xml to configure the data source. e.g. connection URL

  1. SET ‘SELECT 1 FROM TIM_DUAL’ only for ORA DB

  2. Open under C:\tim\wildfly-VERSION.Final-dev\standalone\configuration\tim.properties to set default client and add initpass for custom passwords (after the initial init of the system credentials can be encrypted via admin panel). Comment out # to not make use default passwords.

  3. Encoding via the administration panel of secrets is possible after the initialization of the application.

  4. Copy tim.ear and dashboard.war from TIM_x.x.x.zip into C:\tim\wildfly-VERSION.Final-dev\standalone\deployments

  5. Open cmd as admin and install the service.

  6. Open Windows Services and navigate to e.g. TIM24DEV. Set starttyp to automatic.

  7. Start TIM Service and check server.log C:\tim\wildfly-24.0.1.Final-dev\standalone\log for any issues to resolve. Popular issues: closed ports, the network connection to the database, missing permissions, or antivirus tool intervention.

  8. Open http://127.0.0.1:8080/loom-portal/hidden.htm to initialize the database. (InitDB)

  9. Open Eclipse for licence generation, ID Token, Multi or Single Node, Validity in month, Customer Name, values have to be provided from Ticket except ID and Node copy and paste licence into customer page. Customers can order a license under https://webform.tim-solutions.de/licenserequest/

  1. Open http://127.0.0.1:8080/loom-portal/license.htm to install the licence as super/admin.

  2. Log into super tenant http://localhost:8080/tim/client/ to create a customer tenant. Tenant Creation - Documentation EN - TIM BPM Documentation (atlassian.net)

  3. Replace unencrypted Passwords with encrypted ones in C:\tim\wildfly-VERSION.Final-dev\standalone\configuration\tim.properties

For further configuration check Documentation EN - TIM BPM Documentation (atlassian.net) e.g SMTP, LDAP Auth & Sync or SSO with SAML

UNIX

Resources

Installation

  1. Similar to the Windows installation, create a folder tim under e.g /usr/local/

  2. Create a user and group, e.g. tim that owns folder tim

  3. Copy WildFly and WildFly JWT Delta into tim folder

  4. Copy docs/contrib/scripts/systemd/launch.sh to bin\

  5. Copy docs/contrib/scripts/systemd/wildfly.conf to /etc/default/

  6. Copy docs/contrib/scripts/systemd/wildfly.service to /etc/systemd/system/

  7. Open bin/standalone.conf to disable. You can make use of this standalone-tim.xml config parts within the standalone.conf.bat by setting the java opts e.g. for container use.

  8. Open standalone/configuration/standalone-tim.xml to set datasources to the desired database.

    SET ‘SELECT 1 FROM TIM_DUAL’ only for ORA DB

  9. Check socket-binding for correct port offset

  10. Open /usr/local/tim/wildfly-VERSION.Final/standalone/configuration/tim.properties and add

     

  11. Run the following keytool command to create a jwt.keystore and adding the key

  12. Iterate through the questions

  13. Open under /usr/local/tim/wildfly-VERSION.Final/standalone/configuration/tim.properties to set default client and add initpass for custom passwords (after the initial init of the system credentials can be encrypted via admin panel). Comment out # to not make use default passwords.

  14. Encoding via the administration panel of secrets is possible after the initialization of the application.

  15. Copy tim.ear and dashboard.war from TIM_x.x.x.zip into /usr/local/tim/wildfly-VERSION.Final/standalone/deployments

  16. Set WILDFLY_CONFIG=standalone-tim.xml in /etc/default/wildfly.conf

  17. Set below parameters for /etc/systemd/system/wildfly.service

  18. Enable service with systemctl enable wildfly.service & systemctl daemon-reload

  19. Run systemctl start wildfly.service and check server.log /usr/local/tim/wildfly-VERSION.Final/standalone/log for any issues to resolve. Popular issues: closed ports, the network connection to the database, missing permissions, or antivirus tool intervention.

  20. Open http://127.0.0.1:8080/loom-portal/hidden.htm to initialize the database. (InitDB)

  21. Open Eclipse for licence generation, ID Token, Multi or Single Node, Validity in month, Customer Name, values have to be provided from Ticket except ID and Node copy and paste licence into customer page. Customers can order a license under https://webform.tim-solutions.de/licenserequest/

  1. Open http://127.0.0.1:8080/loom-portal/license.htm to install the licence as super/admin.

  2. Log into super tenant http://localhost:8080/tim/client/ to create a customer tenant. Tenant Creation - Documentation EN - TIM BPM Documentation (atlassian.net)

  3. Replace unencrypted Passwords with encrypted ones in /usr/local/tim/wildfly-VERSION.Final/standalone/configuration/tim.properties

For further configuration check Documentation EN - TIM BPM Documentation (atlassian.net) e.g SMTP, LDAP Auth & Sync or SSO with SAML

 

Additional Configuration

https://tim-doc.atlassian.net/wiki/spaces/eng/pages/227969903




 

KEYSTORE GENERATION

There is a command to create a keystore: 

The generated keystore must be located under standalone/configuration folder and must have a name jwt.keystore

TIM.PROPERTIES CONFIGURATION

Text above highlighted in bold can be changed and must be the same as defined in tim.properties. The tim.properties file has the following properties:

  1. Value of keystore-password property must be equal to the -storepass value of the aforementioned command 

  2. Value of keypair-name property must be equal to the -alias value of the aforementioned command 

  3. Value of keypair-password property must be equal to the -keypass value of the aforementioned command 

STANDALONE XML CONFIGURATION

Additionally, the standalone file must contain the keystore-password in the section of keystores definition:

Have a look at the   <credential-reference clear-text="changeit"/> . Credential-reference must be equal to the keystore-password.

When defining a certificate parameter for jwt issuer in the standalone config, we must put a value of the certificate name:

This value must be equal to keypair-name property value in tim.properties and -alias of the keystore generation command 

Azure SaaS Considerations

  1. Azure Application Gateway

  2. App Gateway Listener

  3. Check Firewall Port

  4. Log into the customer tenant to configure SMTP settings or create customer accounts as per ticket.

 

© TIM Solutions GmbH | AGB | Datenschutz | Impressum