Camunda Installation Guide, v5.0

 

Notes

  • MariaDB 10.3 should be installed and running, before continuing the installation.

  • ${INSTALLATION_ROOT} represents the installation set of GlobalID.

  • sen${DB_USERNAME} represents the username of the MariaDB Database User.

  • ${DB_PASSWORD} represents the password for the MariaDB Database User.

  • ${DB_HOST_ADDRESS} represents the host address and port for the MariaDB database.

  • ${HOST} represents the home IP address and Port e.g. 192.168.0.1:1234

  • *.war files provided with this installation in the folder /GlobalID/WebApps

  • mysql-connector-java-8.0.22.jar file provided with this installation in the folder /GlobalID/DBConnect

1. Add Required Libraries and Configuration

Copy all libraries and configuration from the ${INSTALLATION_ROOT}/lib folder to the Tomcat library folder /usr/share/tomcat/lib/

Copy the SSL certificate for the server in PKCS12 format to /etc/tomcat/domain.p12

Edit the file /var/opt//GlobalID/camunda-rest.properties

Change the <host> to the full DNS name of the server.

The APIName and APIKey are used for authenticaton of Camunda Process services against GlobalID. Use the values from the API Key section in https://ligasoftware.atlassian.net/wiki/spaces/PSPD/pages/123404661/5.3+Admin+UI+-+Settings+-+API+Key%2C+v5.0

Change the <name> and <key> to an encrypted value.

Make a note of this setting, as it must be provided to GlobalID later in the installation process.

Change the <camunda.encryption.password> and <camunda.encryption.salt> to a random string.

Tip: < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-16};echo;

1 2 3 4 5 globalid.url=https://<host>:8443/GlobalID globalid.service.account.api.name=<name> globalid.service.account.api.key=<key> camunda.encryption.salt=<random> camunda.encryption.password=<random>

 

2. Add BPM Bootstrap Server Listener

Add this entry before GlobalResourcesLifecycleListener in /usr/share/tomcat/conf/server.xml. This class is responsible for starting and stopping the Camunda BPM platform as Tomcat is started and stopped.

1 2 3 4 <Server port="9005" shutdown="SHUTDOWN">  ...  <Listener className="org.camunda.bpm.container.impl.tomcat.TomcatBpmPlatformBootstrap" />  ...

3. Configure a JDBC and BPM Resources

To configure a Resource, edit the file /usr/share/tomcat/conf/server.xml. To initialize the connection with MariaDB MySQL Server, you have to add the following:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 <Server>  ...  <GlobalNamingResources>    ...    <Resource name="jdbc/ProcessEngine"              auth="Container"              type="javax.sql.DataSource"               factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"              uniqueResourceName="process-engine"              driverClassName="com.mysql.cj.jdbc.Driver"               url="jdbc:mysql://${DB_HOST_ADDRESS}/camunda?autoReconnect=true&amp;useSSL=true&amp;serverTimezone=UTC"           defaultTransactionIsolation="READ_COMMITTED"              username="${DB_USERNAME}"                password="${DB_PASSWORD}"              maxTotal="20"              minIdle="5"              maxIdle="20" />  <Resource name="global/camunda-bpm-platform/process-engine/ProcessEngineService!org.camunda.bpm.ProcessEngineService" auth="Container" type="org.camunda.bpm.ProcessEngineService" description="camunda BPM platform Process Engine Service" factory="org.camunda.bpm.container.impl.jndi.ProcessEngineServiceObjectFactory" /> <Resource name="global/camunda-bpm-platform/process-engine/ProcessApplicationService!org.camunda.bpm.ProcessApplicationService" auth="Container" type="org.camunda.bpm.ProcessApplicationService" description="camunda BPM platform Process Application Service" factory="org.camunda.bpm.container.impl.jndi.ProcessApplicationServiceObjectFactory" /> </GlobalNamingResources> </Server>

 Pay attention to line 11. If using 127.0.0.1 SSL may be set to “false”.

4. Add bpm-platform.xml

Copy the file ${INSTALLATION_ROOT}/GlobalID/conf/bpm-platform.xml to the folder /usr/share/tomcat/conf.

5. Add WebApps files to Tomcat

Copy the files in ${INSTALLATION_ROOT}/GlobalID/webapps to /usr/share/tomcat/webapps.

Remember to include subfolder(s).

6. Configure SSL and start Tomcat

Edit /etc/tomcat/server.xml and add the following connector:

1 2 3 4 5 6 7 8 <Connector SSLEnabled="true" maxThreads="150" port="8443" protocol="org.apache.coyote.http11.Http11AprProtocol"> <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol"/> <SSLHostConfig> <Certificate certificateKeystoreFile="/etc/tomcat/domain.p12" certificateKeystorePassword="mypassword" certificateKeystoreType="PKCS12" type="RSA"/> </SSLHostConfig> </Connector>

Pay attention to the location of the PKCS12 file which is recommended to be an SSL star-certificate for the domain in question.

Comment out Tomcat sample apps if not used:

1 2 3 <!-- <Context docBase="/usr/share/tomcat/tomcat-webapps/ROOT" path="/"><Resources allowLinking="true"/></Context> --> <!-- <Context docBase="/usr/share/tomcat/tomcat-webapps/sample" path="/sample"><Resources allowLinking="true"/></Context> --> <!-- <Context path="/examples" docBase="/usr/share/tomcat/tomcat-webapps/examples"><Resources allowLinking="true"/></Context> -->

 

Start Tomcat using: systemctl start tomcat

7. Activate Basic Authentication on REST API

Open /usr/share/tomcat/webapps/engine-rest/WEB-INF/web.xml.

Scroll down and uncomment the following code:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 <filter> <filter-name>camunda-auth</filter-name> <filter-class> org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter </filter-class> <async-supported>true</async-supported> <init-param> <param-name>authentication-provider</param-name> <param-value> org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider </param-value> </init-param> <init-param> <param-name>rest-url-pattern-prefix</param-name> <param-value></param-value> </init-param> </filter> <filter-mapping> <filter-name>camunda-auth</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>

Verify it works by accessing the URL https://<host>:8443/engine-rest/incident/count. It should display a validation window where you have to enter the credentials of the newly created user from the previous step. Considering there is no process deployed, it should return the value 0.

 

8. Configure Camunda User Base

Access the URL https://<host>:8443/camunda/. Accessing the link for the first time will give the user creation page. Type in all relevant information. Remember the credentials you used as you will need them later on.

Verify it works by accessing the URL https://<host>:8443/engine-rest/incident/count. It should display a validation window where you have to enter the credentials of the newly created user from the previous step. Considering there is no process deployed, it should return the value 0.

Camunda can be configured to use LDAP agains the GlobalID user directory. Please consult the the Camunda documentation and enable the configuration in the file /usr/share/tomcat/conf/bpm-platform.xml

Link to the camanuda documentation regarding the LDAP plugin : https://docs.camunda.org/manual/7.14/user-guide/process-engine/identity-service/#activate-the-ldap-plugin

 

9. Verify Camunda Cockpit

Access the URL https://<host>:8443/camunda/app/cockpit. Please verify that the GlobalID processes are deployed.

 

10. Secure access to Swagger

To be done.