Ethos Installation(3)-Install BEP and Messaging Service/Adapter
1. BEP
1. Set up Server TrustStore, copy from RabbitMQ we set up in the previous article.
# mkdir /l01/app/oracle/rabbitmqcertificates
# cp "emb1.pprd.odu.edu folder"/server/cert.pem -> /l01/app/oracle/rabbitmqcertificates
# cp "emb1.pprd.odu.edu folder"/client/keycert.p12 -> /l01/app/oracle/rabbitmqcertificates
Create a new truststore file rabbitstore
# keytool -import -alias rabbitmqserver -file /l01/app/oracle/rabbitmqcertificates/cert.pem -keystore rabbitstore
2. Install through ESM, and then, configure the application
# BannerEventPublisher_configuration.groovy
/*******************************************************************************
* *
* Banner Event Publisher DataSource Configuration *
* *
*******************************************************************************/
dataSource_cdcadmin {
//JNDI configuration for use in 'production' environment
jndiName = "java:comp/env/jdbc/cdcadmin"
transactional = false
}
dataSource_events {
//JNDI configuration for use in 'production' environment
jndiName = "java:comp/env/jdbc/events"
transactional = false
}
dataSource_bannerSsbDataSource {
//JNDI configuration for use in 'production' environment
jndiName = "java:comp/env/jdbc/bannerSsbDataSource"
transactional = false
}
dataSource_bannerDataSource {
//JNDI configuration for use in 'production' environment
jndiName = "java:comp/env/jdbc/bannerDataSource"
transactional = false
}
bep {
//App Server
//Possible values are either "TOMCAT" or "WEBLOGIC"
app.server = "TOMCAT"
//Message Broker
//Possible values are "RABBITMQ" or "WEBLOGIC" or "RABBITMQ/WEBLOGIC"
message.broker = "RABBITMQ"
//Retry interval to publish to broker in SECONDS
publish.retry.interval = 45
}
//RabbitMQ configuration
rabbitmq {
host = "emb1.pprd.odu.edu"
port = "5671"
userName = "ellucian"
password = "password"
virtualHostName = "bep_events_host"
exchangeName = "bep_events_topic"
enableSSL = "true"
//Validate rabbit connections
validate = true
//Put an actual path to a file starting with "file:" otherwise leave the value as NO_FILE
keyStoreFileName = "file:/l01/app/oracle/rabbitmqcertificates/keycert.p12"
keyStorePassPhrase = "pass"
//Put an actual path to a file starting with "file:" otherwise leave the value as NO_FILE
trustStoreFileName = "file:/l01/app/oracle/rabbitmqcertificates/rabbitstore"
trustStorePassPhrase = "pass"
}
jms {
validate = true
}
// This configuration needs to be done in milliseconds for the footer to appear in the screen
footerFadeAwayTime=2000
// Application Navigator opens embedded applications within an iframe. To protect against the clickjacking vulnerability,
// integrating applications will have to set the X-Frame options to protect the "login/auth" URI from loading in the iframe and
// set it to denied mode. This setting is needed if the application needs to work inside Application Navigator and
// the secured application pages will be accessible as part of the single-sign on solution.
grails.plugin.xframeoptions.urlPattern = '/login/auth'
grails.plugin.xframeoptions.deny = true
// End of configuration
3. Set up Tomcat
# server.xml, configure database connection
<GlobalNamingResources>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
pathname="conf/tomcat-users.xml" />
<Resource name="jdbc/bannerDataSource" auth="Container" type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@//bannerdb.pprd2.odu.edu:2336/PPRD2"
username="banproxy" password="password"
initialSize="5" maxTotal="600" maxIdle="-1" maxWaitMillis="30000"
validationQuery="select 1 from dual"
accessToUnderlyingConnectionAllowed = "true"
removeAbandonedOnBorrow = "true"
testOnBorrow="true"/>
<Resource name="jdbc/bannerSsbDataSource" auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@//bannerdb.pprd2.odu.edu:2336/PPRD2"
username="ban_ss_user" password="password"
initialSize="5" maxTotal="600" maxIdle="-1" maxWaitMillis="30000"
validationQuery="select 1 from dual"
accessToUnderlyingConnectionAllowed = "true"
removeAbandonedOnBorrow = "true"
testOnBorrow="true"/>
<Resource name="jdbc/events" auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@//database.domain.edu:2336/PPRD2"
username="events" password="password"
initialSize="5" maxTotal="600" maxIdle="-1" maxWaitMillis="30000"
validationQuery="select 1 from dual"
accessToUnderlyingConnectionAllowed = "true"
removeAbandonedOnBorrow = "true"
testOnBorrow="true"/>
<Resource name="jdbc/cdcadmin" auth="Container"
type="javax.sql.DataSource"
driverClassName="oracle.jdbc.OracleDriver"
url="jdbc:oracle:thin:@//database.domain.edu:2336/PPRD2"
username="cdcadmin" password="password"
initialSize="5" maxTotal="600" maxIdle="-1" maxWaitMillis="30000"
validationQuery="select 1 from dual"
accessToUnderlyingConnectionAllowed = "true"
removeAbandonedOnBorrow = "true"
testOnBorrow="true"/>
</GlobalNamingResources>
# context.xml, configure datasource
<ResourceLink global="jdbc/bannerDataSource" name="jdbc/bannerDataSource" type="javax.sql.DataSource"/>
<ResourceLink global="jdbc/bannerSsbDataSource" name="jdbc/bannerSsbDataSource" type="javax.sql.DataSource"/>
<ResourceLink global="jdbc/events" name="jdbc/events" type="javax.sql.DataSource"/>
<ResourceLink global="jdbc/cdcadmin" name="jdbc/cdcadmin" type="javax.sql.DataSource"/>
# The war file which deployed in Tomcat should be named as BannerEventPublisher.war
4. The user who needs to log into BEP should be granted:
Grant object BEP_ADMIN_OBJECT / BAN_DEFAULT_M to the user who needs access through INB/GSASECR, then
https://ellucian.force.com/clients/s/article/Logging-into-BEP-gives-you-You-are-not-Authorized-to-view-this-page-error
SQL> GRANT EXECUTE ON GOKFGAC TO <BEP_USER>;
SQL> GRANT EXECUTE ON GB_COMMON TO <BEP_USER>;
SQL> GRANT SELECT ON TWGRMENU TO <BEP_USER>;
SQL> GRANT SELECT ON TWGRWMRL TO <BEP_USER>;
SQL> GRANT SELECT ON TWGRROLE TO <BEP_USER>;
2. Messaging Service
Configure ESM with the configuration of rabbitmq I created before. ./ConfigureEMS ellucian oracle123 bep_events_host
3. Messaging Adapter
Before configure Messaging Adapter, we need:
1. Create two applications in the Ethos cloud, one for student API and another for integration API. Add all resources into them. And get the API keys of them
2. One user in the local banner database, Ethos Cloud will use it to access banner to fetch database. Make sure you grant necessary permission to it.
$ ./ConfigureEMS.sh
<?xml version="1.0" encoding="UTF-8"?>
<emsConfig>
<clientErpType>Banner</clientErpType> <!-- Colleague or Banner -->
<configId>ETHOS-INTEGRATION</configId> <!-- Change this to match config name for Colleague (HUB is delivered default), set to ETHOS-INTEGRATION for Banner -->
<amqpUsername>ellucian</amqpUsername> <!-- EMS (RabbitMQ) username -->
<amqpPassword>oracle123</amqpPassword> <!-- EMS (RabbitMQ) password -->
<colleagueApiConfig>
<baseUrl>https://server:port/ColleagueApi/</baseUrl> <!-- Colleague Web Api Url -->
<username>required</username> <!-- Colleague Web Api username -->
<password>required</password> <!-- Colleague Web Api password -->
<hubApiKey>required</hubApiKey> <!-- API key from your Ethos Integration application -->
</colleagueApiConfig>
<bannerStudentConfig>
<baseUrl>https://apiserver:7005/studentapi/api</baseUrl> <!-- Banner Student Api Url -->
<username>apiuser</username> <!-- Banner Student Api username -->
<password>password</password> <!-- Banner Student Api password -->
<apiKeys> <!-- Banner MEP clients add new apiKey sections for each VPDI code -->
<apiKey>
<hubApiKey>apikey</hubApiKey> <!-- API key from your Ethos Integration application -->
<vpdiCode></vpdiCode> <!-- Leave blank if MEP is not used -->
</apiKey>
</apiKeys>
<mepSharedDataApiKey></mepSharedDataApiKey> <!-- API key to use when publishing shared data in a MEP environment -->
</bannerStudentConfig>
<bannerIntegrationConfig>
<baseUrl>https://apiserver:7005/intgrationapi/api</baseUrl> <!-- Banner Integration Api Url -->
<username>apiuser</username> <!-- Banner Integration Api username -->
<password>passwd</password> <!-- Banner Integration Api password -->
<apiKeys> <!-- Banner MEP clients add new apiKey sections for each VPDI code -->
<apiKey>
<hubApiKey>apikey</hubApiKey> <!-- API key from your Ethos Integration application -->
<vpdiCode></vpdiCode> <!-- Leave blank if MEP is not used -->
</apiKey>
</apiKeys>
<mepSharedDataApiKey></mepSharedDataApiKey> <!-- API key to use when publishing shared data in a MEP environment -->
</bannerIntegrationConfig>
<!-- startup logging level...this will be overridden by the value returned from the api config endpoint -->
<logLevel>INFO</logLevel>
<!-- Number of messages to pull from RabbitMQ for parallel processing api calls -->
<amqpBatchSize>80</amqpBatchSize>
<!-- Parallel processing settings for making api calls -->
<autoConfigurePool>true</autoConfigurePool> <!-- Pool grows as messages come in (max # of threads is limited by batch size). 60 sec idle threads will be evicted -->
<processingThreads>4</processingThreads> <!-- Number of connection pool threads to use for parallel api calls. This is not used if 'autoConfigurePool' it true -->
<!-- Api timeout retry settings -->
<apiTimeoutInterval>300000</apiTimeoutInterval> <!-- value in milliseconds -->
<maxRetryAttempts>1</maxRetryAttempts>
<!-- Number of messages to publish to ethos integration at once...max of 20 -->
<ethosPublishBatchSize>20</ethosPublishBatchSize>
<!-- Banner database connection settings. This is only necessary for a Banner MEP environment -->
<bannerConnectString>jdbc:oracle:thin:@database.domain.edu:2336:PPRD2</bannerConnectString>
<jdbcDriver>oracle.jdbc.pool.OracleDataSource</jdbcDriver>
</emsConfig>
# set up a key used to encipher communication in the Tomcat's setenv.sh
export EMA_CONFIG=oracle123
# The Adapter cannot be deployed to the same Tomcat with API
