Chapter 2. Starting and Stopping OpenIDM
Prev		Next

Chapter 2. Starting and Stopping OpenIDM

Table of Contents

2.1. To Start and Stop OpenIDM
2.2. Specifying the OpenIDM Startup Configuration
2.3. Obtaining Information About an OpenIDM Instance
2.4. Verifying the Health of an OpenIDM System
2.5. Displaying Information About Installed Modules
2.6. Starting OpenIDM in Debug Mode

This chapter covers the scripts provided for starting and stopping OpenIDM, and describes how to verify the health of a system, that is, that all requirements are met for a successful system startup.

2.1. To Start and Stop OpenIDM

By default you start and stop OpenIDM in interactive mode.

To start OpenIDM interactively, open a terminal or command window, change to the openidm directory, and run the startup script:

startup.sh (UNIX)
startup.bat (Windows)

The startup script starts OpenIDM, and opens an OSGi console with a -> prompt where you can issue console commands.

To stop OpenIDM interactively in the OSGi console, enter the shutdown command.

-> shutdown

You can also start OpenIDM as a background process on UNIX, Linux, and Mac OS X. Follow these steps before starting OpenIDM for the first time.

If you have already started OpenIDM, then shut down OpenIDM and remove the Felix cache files under openidm/felix-cache/.
```
-> shutdown
...
$ rm -rf felix-cache/*
```

Disable ConsoleHandler logging before starting OpenIDM by editing openidm/conf/logging.properties to set java.util.logging.ConsoleHandler.level = OFF, and to comment out other references to ConsoleHandler, as shown in the following excerpt.

# ConsoleHandler: A simple handler for writing formatted records to System.err
#handlers=java.util.logging.FileHandler, java.util.logging.ConsoleHandler
handlers=java.util.logging.FileHandler
...
# --- ConsoleHandler ---
# Default: java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.level = OFF
#java.util.logging.ConsoleHandler.formatter = ...
#java.util.logging.ConsoleHandler.filter=...

Remove the text-based OSGi console bundle, bundle/org.apache.felix.shell.tui-version.jar.
Start OpenIDM in the background.
```
$ ./startup.sh &
```
Alternatively, use the nohup command to keep OpenIDM running after you log out.
```
$ nohup ./startup.sh &
[2] 394
$ appending output to nohup.out
$
```

To stop OpenIDM running as a background process, use the shutdown.sh script.

$ ./shutdown.sh
./shutdown.sh
Stopping OpenIDM (454)

2.2. Specifying the OpenIDM Startup Configuration

By default, OpenIDM starts up with the configuration and script files that are located in the openidm/conf and openidm/script directories, and with the binaries that are in the default install location. You can launch OpenIDM with a different configuration and set of script files, and even with a different set of binaries, in order to test a new configuration, managed multiple different OpenIDM projects, or to run one of the included samples.

The startup.sh script enables you to specify the following elements of a running OpenIDM instance.

project location (-p)
The project location specifies the configuration and default scripts with which OpenIDM will run.
If you specify the project location, OpenIDM does not try to locate configuration objects in the default location. All configuration objects and any artifacts that are not in the bundled defaults (such as custom scripts) must be provided in the project location. This includes everything that is in the default openidm/conf and openidm/script directories.
The following command starts OpenIDM with the configuration of sample 1:
```
$ ./startup.sh -p /path/to/openidm/samples/sample1
```
If an absolute path is not provided, the path is relative to the system property, user.dir. If no project location is specified, OpenIDM is launched with the default configuration in /path/to/openidm/conf.
working location (-w)
The working location specifies the directory to which OpenIDM writes its cache. Specifying a working location separates the project from the cached data that the system needs to store. The working location includes everything that is in the default openidm/db and openidm/audit, openidm/felix-cache, and openidm/logs directories.
The following command specifies that OpenIDM writes its cached data to /Users/admin/openidm/storage:
```
$ ./startup.sh -w /Users/admin/openidm/storage
```
If an absolute path is not provided, the path is relative to the system property, user.dir. If no working location is specified, OpenIDM writes its cached data to openidm/db and openidm/logs.
startup configuration file (-c)
A customizable startup configuration file (named launcher.json) enables you to specify how the OSGi Framework is started.
If no configuration file is specified, the default configuration (defined in /path/to/openidm/bin/launcher.json) is used. The following command starts OpenIDM with an alternative startup configuration file:
```
$ ./startup.sh -c /Users/admin/openidm/bin/launcher.json
```
You can modify the default startup configuration file to specify a different startup configuration.
The customizable properties of the default startup configuration file are as follows:
- "location" : "bundle" - resolves to the install location. You can also load OpenIDM from a specified zip file ("location" : "openidm.zip") or you can install a single jar file ("location" : "openidm-system-2.1.jar").
- "includes" : "**/openidm-system-*.jar" - the specified folder is scanned for jar files relating to the system startup. If the value of "includes" is *.jar, you must specifically exclude any jars in the bundle that you do not want to install, by setting the "excludes" property.
- "start-level" : 1 - specifies a start level for the jar files identified previously.
- "action" : "install.start" - a period-separated list of actions to be taken on the jar files. Values can be one or more of "install.start.update.uninstall".
- "config.properties" - takes either a path to a configuration file (relative to the project location) or a list of configuration properties and their values. The list must be in the format "string":"string", for example:
```
           "config.properties" :
 	           {
 	               "property" : "value"
 	           },
           
```
- "system.properties" - takes either a path to a system.properties file (relative to the project location) or a list of system properties and their values. The list must be in the format "string":"string", for example:
```
           "system.properties" :
 	           {
 	               "property" : "value"
 	           },
           
```
- "boot.properties" - takes either a path to a boot.properties file (relative to the project location) or a list of boot properties and their values.The list must be in the format "string":object, for example:
```
           "boot.properties" :
 	           {
 	               "property" : true
 	           },
           
```

By default, properties files are loaded in the following order, and property values are resolved in the reverse order:

system.properties
config.properties
boot.properties

If both system and boot properties define the same attribute, the property substitution process locates the attribute in boot.properties and does not attempt to locate the property in system.properties.

You can use variable substitution in any .json configuration file with the install, working and project locations described previously. The following properties can be substituted:

install.location

install.url

working.location

working.url

project.location

project.url

Property substitution takes the following syntax:

&{launcher.property}

For example, to specify the location of the OrientDB database, you can set the dbUrl property in repo.orientdb.json as follows:

"dbUrl" : "local:&{launcher.working.location}/db/openidm",

The database location is then relative to a working location defined in the startup configuration.

2.3. Obtaining Information About an OpenIDM Instance

OpenIDM includes a customizable information service that provides detailed information about a running OpenIDM instance. The information can be accessed over the REST interface, under the context http://localhost:8080/openidm/info.

By default, OpenIDM provides the following information:

Basic information about the health of the system.
This information can be accessed over REST at http://localhost:8080/openidm/info/ping. For example:
```
$ curl
 --header "X-OpenIDM-Username: openidm-admin"
 --header "X-OpenIDM-Password: openidm-admin"
 --request GET
 "http://localhost:8080/openidm/info/ping"

 {"state":"ACTIVE_READY","shortDesc":"OpenIDM ready"}
      
```
The information is provided by the script openidm/bin/defaults/script/info/ping.js.

Information about the current OpenIDM session.

This information can be accessed over REST at http://localhost:8080/openidm/info/login. For example:

$ curl
 --header "X-OpenIDM-Username: openidm-admin"
 --header "X-OpenIDM-Password: openidm-admin"
 --request GET
 "http://localhost:8080/openidm/info/login"

 {
  "username":"openidm-admin",
  "userid":{
     "id":"openidm-admin",
     "component":"internal/user"
  }
 }

The information is provided by the script openidm/bin/defaults/script/info/login.js.

You can extend or override the default information that is provided by creating your own script file and its corresponding configuration file in openidm/conf/info-name.json. Custom script files can be located anywhere, although a best practice is to place them in openidm/script/info. A sample customized script file for extending the default ping service is provided in openidm/samples/infoservice/script/info/customping.js. The corresponding configuration file is provided in openidm/samples/infoservice/conf/info-customping.json.

The configuration file has the following syntax:

{
    "infocontext" : "ping",
    "type" : "text/javascript",
    "file" : "script/info/customping.js"
}

The parameters in the configuration file are as follows:

"infocontext" specifies the relative name of the info endpoint under the info context. The information can be accessed over REST at this endpoint, for example, setting "infocontext" to "mycontext/myendpoint" would make the information accessible over REST at http://localhost:8080/openidm/info/mycontext/myendpoint.
"type" specifies the type of the information source. Currently, only Javascript is supported, so the type must be "text/javascript".
"file" specifies the path to the Javascript file, if you do not provide a "source" parameter.
"source" specifies the actual Javascript, if you have not provided a "file" parameter.

Additional properties can be passed to the script in this configuration file ( openidm/samples/infoservice/conf/info-name.json).

Script files in openidm/samples/infoservice/script/info/ have access to the following objects:

request - the request details, including the method called and any parameters passed.
healthinfo - the current health status of the system.
openidm - access to the JSON resource API.
Any additional properties that are defined in the configuration file ( openidm/samples/infoservice/conf/info-name.json.)

2.4. Verifying the Health of an OpenIDM System

Due to the highly modular, configurable nature of OpenIDM, it is often difficult to assess whether a system has started up successfully, or whether the system is ready and stable after dynamic configuration changes have been made.

OpenIDM provides a configurable health check service that verifies that the required modules and services for an operational system are up and running. During system startup, OpenIDM checks that these modules and services are available and reports on whether any requirements for an operational system have not been met. If dynamic configuration changes are made, OpenIDM rechecks that the required modules and services are functioning so that system operation is monitored on an ongoing basis.

The health check service reports on the state of the OpenIDM system and outputs this state to the console and to the log files. The system can be in one of the following states:

STARTING - OpenIDM is starting up

ACTIVE_READY - all of the specified requirements have been met to consider the OpenIDM system ready

ACTIVE_NOT_READY - one or more of the specified requirements have not been met and the OpenIDM system is not considered ready

STOPPING - OpenIDM is shutting down

By default, OpenIDM checks the following modules and services:

Required Modules

"org.forgerock.openicf.framework.connector-framework"
"org.forgerock.openicf.framework.connector-framework-internal"
"org.forgerock.openicf.framework.connector-framework-osgi"
"org.forgerock.openidm.audit"
"org.forgerock.openidm.core"
"org.forgerock.openidm.enhanced-config"
"org.forgerock.openidm.external-email"
"org.forgerock.openidm.external-rest"
"org.forgerock.openidm.filter"
"org.forgerock.openidm.httpcontext"
"org.forgerock.openidm.infoservice"
"org.forgerock.openidm.policy"
"org.forgerock.openidm.provisioner"
"org.forgerock.openidm.provisioner-openicf"
"org.forgerock.openidm.repo"
"org.forgerock.openidm.restlet"
"org.forgerock.openidm.smartevent"
"org.forgerock.openidm.system"
"org.forgerock.openidm.ui"
"org.forgerock.openidm.util"
"org.forgerock.commons.org.forgerock.json.resource"
"org.forgerock.commons.org.forgerock.json.resource.restlet"
"org.forgerock.commons.org.forgerock.restlet"
"org.forgerock.commons.org.forgerock.util"
"org.forgerock.openidm.security-jetty"
"org.forgerock.openidm.jetty-fragment"
"org.forgerock.openidm.quartz-fragment"
"org.ops4j.pax.web.pax-web-extender-whiteboard"
"org.forgerock.openidm.scheduler"
"org.ops4j.pax.web.pax-web-jetty-bundle"
"org.forgerock.openidm.repo-jdbc"
"org.forgerock.openidm.repo-orientdb"
"org.forgerock.openidm.config"
"org.forgerock.openidm.crypto"

Required Services

"org.forgerock.openidm.config"
"org.forgerock.openidm.provisioner"
"org.forgerock.openidm.provisioner.openicf.connectorinfoprovider"
"org.forgerock.openidm.external.rest"
"org.forgerock.openidm.audit"
"org.forgerock.openidm.policy"
"org.forgerock.openidm.managed"
"org.forgerock.openidm.script"
"org.forgerock.openidm.crypto"
"org.forgerock.openidm.recon"
"org.forgerock.openidm.info"
"org.forgerock.openidm.router"
"org.forgerock.openidm.scheduler"
"org.forgerock.openidm.scope"
"org.forgerock.openidm.taskscanner"

You can replace this list, or add to it, by adding the following lines to the openidm/conf/boot/boot.properties file:

"openidm.healthservice.reqbundles" - overrides the default required bundles. Bundles are specified as a list of symbolic names, separated by commas.

"openidm.healthservice.reqservices" - overrides the default required services. Services are specified as a list of symolic names, separated by commas.

"openidm.healthservice.additionalreqbundles" - specifies required bundles (in addition to the default list). Bundles are specified as a list of symbolic names, separated by commas.

"openidm.healthservice.additionalreqservices" - specifies required services (in addition to the default list). Services are specified as a list of symbolic names, separated by commas.

By default, OpenIDM gives the system ten seconds to start up all the required bundles and services, before the system readiness is assessed. Note that this is not the total start time, but the time required to complete the service startup after the framework has started. You can change this default by setting the value of the servicestartmax property (in miliseconds) in the openidm/conf/boot/boot.properties file. This example sets the startup time to five seconds.

openidm.healthservice.servicestartmax=5000

The health check service works in tandem with the scriptable information service. For more information see Section 2.3, “Obtaining Information About an OpenIDM Instance”.

2.5. Displaying Information About Installed Modules

On a running OpenIDM instance, you can list the installed modules and their states by typing the following command in the Felix administration console:

-> scr list
   Id   State          Name
[  12] [active       ] org.forgerock.openidm.endpoint
[  13] [active       ] org.forgerock.openidm.endpoint
[  14] [active       ] org.forgerock.openidm.endpoint
[  15] [active       ] org.forgerock.openidm.endpoint
[  16] [active       ] org.forgerock.openidm.endpoint
[  17] [active       ] org.forgerock.openidm.endpoint
[  23] [unsatisfied  ] org.forgerock.openidm.info
[  27] [active       ] org.forgerock.openidm.provisioner.openicf.connectorinfoprovider
[  35] [active       ] org.forgerock.openidm.ui.simple
[  29] [active       ] org.forgerock.openidm.restlet
[   3] [active       ] org.forgerock.openidm.repo.orientdb
[   7] [active       ] org.forgerock.openidm.scope
[   5] [active       ] org.forgerock.openidm.audit
[  32] [active       ] org.forgerock.openidm.schedule
[   2] [unsatisfied  ] org.forgerock.openidm.repo.jdbc
[  31] [active       ] org.forgerock.openidm.workflow
[   9] [active       ] org.forgerock.openidm.managed
[  28] [active       ] org.forgerock.openidm.provisioner.openicf
[  22] [active       ] org.forgerock.openidm.health
[  26] [active       ] org.forgerock.openidm.provisioner
[   0] [active       ] org.forgerock.openidm.config.starter
[  34] [active       ] org.forgerock.openidm.taskscanner
[  20] [active       ] org.forgerock.openidm.external.rest
[   6] [active       ] org.forgerock.openidm.router
[  33] [active       ] org.forgerock.openidm.scheduler
[  19] [unsatisfied  ] org.forgerock.openidm.external.email
[  11] [active       ] org.forgerock.openidm.sync
[  25] [active       ] org.forgerock.openidm.policy
[   8] [active       ] org.forgerock.openidm.script
[  10] [active       ] org.forgerock.openidm.recon
[   4] [active       ] org.forgerock.openidm.http.contextregistrator
[   1] [active       ] org.forgerock.openidm.config
[  18] [active       ] org.forgerock.openidm.endpointservice
[  30] [unsatisfied  ] org.forgerock.openidm.servletfilter
[  24] [active       ] org.forgerock.openidm.infoservice
[  21] [active       ] org.forgerock.openidm.authentication
->

To display additional information about a particular module or service, run the following command, substituting the Id of that module from the preceding list.

-> scr info Id

The following example displays additional information about the router service:

-> scr info 6
ID: 6
Name: org.forgerock.openidm.router
Bundle: org.forgerock.openidm.core (41)
State: active
Default State: enabled
Activation: immediate
Configuration Policy: optional
Activate Method: activate (declared in the descriptor)
Deactivate Method: deactivate (declared in the descriptor)
Modified Method: modified
Services: org.forgerock.json.resource.JsonResource
Service Type: service
Reference: ref_JsonResourceRouterService_ScopeFactory
    Satisfied: satisfied
    Service Name: org.forgerock.openidm.scope.ScopeFactory
    Multiple: single
    Optional: mandatory
    Policy: dynamic
Properties:
    component.id = 6
    component.name = org.forgerock.openidm.router
    felix.fileinstall.filename = file:/openidm/samples/sample1/conf/router.json
    jsonconfig = {
    "filters" : [
        {
            "onRequest" : {
                "type" : "text/javascript",
                "file" : "bin/defaults/script/router-authz.js"
            }
        },
        {
            "onRequest" : {
                "type" : "text/javascript",
                "file" : "bin/defaults/script/policyFilter.js"
            },
            "methods" : [
                "create",
                "update"
            ]
        }
    ]
}
    openidm.restlet.path = /
    service.description = OpenIDM internal JSON resource router
    service.pid = org.forgerock.openidm.router
    service.vendor = ForgeRock AS
->

2.6. Starting OpenIDM in Debug Mode

To debug custom libraries, you can start OpenIDM with the option to use the Java Platform Debugger Architecture (JPDA).

Start OpenIDM with the jpda option:

$ cd /path/to/openidm
$ ./startup.sh jpda
./startup.sh
Using OPENIDM_HOME:   /Users/lana/openidm
Using OPENIDM_OPTS:   -Xmx1024m -Djava.compiler=NONE -Xnoagent -Xdebug -Xrunjdwp:transport=dt_socket,address=5005,server=y,suspend=n
Using LOGGING_CONFIG: -Djava.util.logging.config.file=/Users/lana/openidm/conf/logging.properties
Listening for transport dt_socket at address: 5005
Using boot properties at /Users/lana/openidm/conf/boot/boot.properties
OpenIDM version "2.1.0-SNAPSHOT" (revision: 2144)
-> OpenIDM ready

The relevant JPDA options are outlined in the startup script (startup.sh).

In your IDE, attach a Java debugger to the JVM via socket, on port 5005.

Caution

This interface is internal and subject to change. If you depend on this interface, contact ForgeRock support.

Prev		Next
Chapter 1. Architectural Overview	Home	Chapter 3. OpenIDM Command-Line Interface