To install Identity Manager on a server running Red Hat Enterprise Linux or later operating systems, ensure that the server meets a specific set of prerequisites.
NetIQ recommends that you review the following prerequisites:
If you have a loopback address alias to the hostname of the system in an /etc/hosts entry, it must be changed to the hostname or IP address. That is, if you have an entry similar to the one below in your /etc/hosts file, it needs to be changed to the correct entry given in second example below.
The following example has problems when any utility tries to resolve to the ndsd server:
<loopback IP address> test-system localhost.localdomain localhost
The following is a correct example entry in /etc/hosts:
<loopback IP address> localhost.localdomain localhost <IP address> test-system
If any third-party tool or utility resolves through localhost, it needs to be changed to resolve through a hostname or IP address and not through the localhost address.
If you have configured Security-Enhanced Linux (SELinux) on RHEL 8.x, you must
set the value to permissive to install Identity Manager Engine. Otherwise, the Engine installation fails with the following error: Identity Vault configuration failed with the exit code 10
For example, to set the value of SELinux to permissive, perform the following steps:
Modify the config file located at the /etc/selinux/ directory.
In the SELINUX field, set the value to permissive.
Save the changes and restart the system.
disable SELinux, if Identity Reporting is installed on a different server than Identity Manager Engine and Identity Applications. Otherwise, the Tomcat service will not come up and the Identity Reporting database configuration reports liquibase errors.
Install the appropriate libraries on the server. For more information, see Ensuring that the Server has Dependent Libraries.
Ensure that you set the Java path in either of two environment variables, $PATH or $JAVA_HOME on the server where you want to install Remote Loader. You must perform this action before running the ./RHEL-Prerequisite.sh script. To set the Java path, run the following command:
export PATH=<java installed location>/bin:$PATH
For example, export PATH=/opt/netiq/common/jre/bin/:$PATH
(Conditional) Before installing or upgrading Identity Manager to 4.8.x version, make sure that you download and execute the idm_updated_os_linux.sh script available at the location: TID KM000007635. If you do not replace the script, the PostgreSQL database configuration may fail with the following error:
symbol lookup error: /opt/netiq/idm/postgres/bin/../lib/libgssapi_krb5.so.2: undefined symbol: krb5_ser_context_init, version krb5_3_MIT
NOTE:This issue occurs when the PostgreSQL database is installed on either Identity Applications or Identity Reporting on the same server.
For more information, see TID KM000007635.
On a 64-bit platform, the required libraries for RHEL vary according to your chosen method of installation. Install the dependent libraries or RPMs in the following order.
NOTE:To add a ksh file, you can enter the following command:
yum -y install ksh
glibc-*.i686.rpm
libgcc-*.i686.rpm
libXtst-*.i686.rpm
libXrender-*.i686.rpm
libXi-*.i686.rpm
unzip
bc
lsof
net-tools
libncurses
NOTE:For Identity Manager, you can edit the ./RHEL-Prerequisite.sh script and remove all the occurrences of compat-libstdc++-33.x86_64.rpm and compat-libstdc++-33-*.i686.rpm. These packages are no longer necessary for Identity Manager installation.
If your RHEL 8.x server needs a repository for the installation media, you can manually create one.
NOTE:Your RHEL server must have the appropriate libraries installed. For more information, see Ensuring that the Server has Dependent Libraries.
To set up a repository for the installation:
Create a mount point on your local server.
For example,
mkdir -p /mnt/rhel8
Mount the RHEL 8 installation ISO:
mount -o loop rhel-server-8.0-x86_64-dvd.iso mnt/rhel8
Copy the media.repo file from the mounted directory to /etc/yum.repos.d/ and set the required permissions.
For example:
cp /mnt/rhel8/media.repo /etc/yum.repos.d/rhel8.repo chmod 644 /etc/yum.repos.d/rhel8.repo
Modify the rhel8.repo file and add the following content:
[dvd-BaseOS] name=DVD for RHEL8 - BaseOS baseurl=file:///RHEL8/BaseOS enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release [dvd-AppStream] name=DVD for RHEL8 - AppStream baseurl=file:///RHEL8/AppStream enabled=1 gpgcheck=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
If you want to install the 32-bit packages, change the value of exactarch parameter from 1 to 0 in the /etc/yum.conf file.
Run the following command:
yum clean all
(Conditional) If you want to retrieve the package list from the DVD repository, run the following command:
yum --noplugins list
Install the yum-utils package.
yum install createrepo yum-utils
To install the required packages for Identity Manager on RHEL8, create an install.sh file and add the following contents to the file:
NOTE:If you observe any warnings specific to duplicate RPMs, you must manually manage the warnings using the appropriate yum command.
#!/bin/bash yum clean all yum repolist yum makecache PKGS="ksh gettext.x86_64 libXrender.i686 libXau.i686 libxcb.i686 libX11.i686 libXext.i686 libXi.i686 libXtst.i686 glibc-*.i686.rpm libstdc++.x86_64 libgcc-*.i686.rpm unzip bc lsof net-tools" for PKG in $PKGS; do yum -y install "$PKG" done
Install the following packages:
yum install libgcc*.i686 libnsl* libnsl*.i686 libncurses*
Run the install.sh file.
To confirm if the prerequisites are met, run the script as mentioned in Running a Prerequisite Check.
Install Identity Manager 4.8.
If your RHEL 7.x server needs a repository for the installation media, you can manually create one.
NOTE:Your RHEL server must have the appropriate libraries installed. For more information, see Ensuring that the Server has Dependent Libraries.
To set up a repository for the installation:
Create a mount point in your local server.
Example: /mnt/rhel (mkdir –p /mnt/rhel)
If you use an installation media, you can mount using the following command:
# mount -o loop /dev/sr0 /mnt/rhel
OR
Mount the RHEL 7 installation ISO to a directory like /mnt/rhel, using the following command:
# mount -o loop RHEL7.x.iso /mnt/rhel
Download RHEL 7.4 iso and mount the same.
For example: mount -o loop <path_to_downloaded rhel*.iso> /mnt/rhel
Copy the media.repo file from the root of the mounted directory to /etc/yum.repos.d/ and set the required permissions.
For example:
# cp /mnt/rhel/media.repo /etc/yum.repos.d/rhel7dvd.repo # chmod 644 /etc/yum.repos.d/rhel7dvd.repo
Edit the new repo file by changing the gpgcheck=0 setting to 1 and add the following:
enabled=1 baseurl=file:///mnt/rhel/ gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
In the end, the new repo file would look like the following (though the mediaid would be different depending on the RHEL version):
[InstallMedia] name=DVD for RHEL 7.x metadata_expire=-1 gpgcheck=1 cost=500 enabled=1 baseurl=file:///mnt/rhel gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
To install the 32-bit packages, change "exactarch=1" to "exactarch=0" in the /etc/yum.conf file.
To install the required packages for Identity Manager on RHEL7.x, create an install.sh file and add the following contents to the file:
NOTE:If you observe any warnings specific to duplicate RPMs, you must manually manage the warnings using the appropriate yum command.
#!/bin/bash yum clean all yum repolist yum makecache PKGS="ksh gettext.x86_64 libXrender.i686 libXau.i686 libxcb.i686 libX11.i686 libXext.i686 libXi.i686 libXtst.i686 glibc-*.i686.rpm libstdc++.x86_64 libgcc-*.i686.rpm unzip bc lsof net-tools" for PKG in $PKGS; do yum -y install "$PKG" done
Run the install.sh file created in Step 6 depending on the RHEL version.
To confirm if the prerequisites are met, run the script as mentioned in Running a Prerequisite Check.
Install Identity Manager 4.8.
You can generate a report of the missing prerequisites for each Identity Manager component. Run the ./RHEL-Prerequisite.sh script located in the mount directory of the installation kit.