Introduction
This document describes different ways that Contact Center Enterprise (CCE) 12.5(1) servers can be configured so that it is OpenJDK JRE compliant.
Contributed by Anuj Bhatia, Cisco TAC Engineer.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- Contact Center Enterprise (CCE) Solution
- OpenJDK
Components Used
The information in this document is based on CCE 12.5(1) version and not based on specific hardware.
The information in this document was created from the devices in a lab environment. All of the devices used in this document started with a cleared (default) configuration. If you are performing these tasks in a production environment, ensure that you understand the potential impact of any command.
Background Information
Contact Center Enterprise (CCE) applications from 12.5(1) onwards support OpenJDK as Java runtime environment. This document highlights different ways CCE 12.5(1) solution can be configured so that it is OpenJDK JRE compliant and also explains the steps required to update OpenJDK JRE to latest patch in the same train for CCE core components. For easy navigation the document has been divided into these sections:
CCE 12.5(1) Oracle JRE Migration to OpenJDK
12.5(1)a Installer
Update OpenJDK to latest patch
CCE 12.5(1) Oracle JRE Migration to OpenJDK
Existing 12.5(1) CCE core components, for example, Roggers, ADS and PG servers can transition to OpenJDK JRE by the installation of engineering special (ES) 55 patch. More details about the ES can be gathered from these links:
Here are the steps required to complete this migration on the server:
Step 1. Export all the certificates from the existing oracle java keystore.
Execute the command cd %JAVA_HOME%\bin and export the certificates of all the components with the command:
keytool -keystore "C:\Program Files (x86)\Java\jre1.8.0_221\lib\security\cacerts" -export -storepass changeit -alias <alias of the cert> -file <filepath>.cer
Step 2. Install ES_55 patch on the server. Follow the instruction as stated in the readme file.
Note: there is not need to un-install any previous ES before the installation of ES_55.
Step 3. The patch installs 32 bit Openlogic java version i.e. 1.8 update 272 and ensures internally all the services use this environment to run.
Step 4. After succesfull installation confirm java environmental variable has the correct OpenJDK path.
Step 5. Import the certificates into the new path by the use of these commands.
Execute the command cd %CCE_JAVA_HOME%\bin and import the certs with the command:
keytool -keystore "C:\Program Files (x86)\OpenJDK\jre-8.0.272.10-hotspot\lib\security\cacerts" -import -storepass changeit -alias <alias of the cert> -file <filepath>.cer
12.5(1)a Installer
Solution which are upgraded to 12.5(1) version can now use the new 12.5(1)a base installer. It is no different from the preceding 12.5(1) version except for the Java runtime environment installed on the virtual machines (VMs).
Steps required are same as upgrade or technology refresh process which is documented in the Install and Upgrade guide. With regards to the certificates you have to ensure that the certificates are imported into the openJDK java keystore path.
Post 12.5(1)a if valuation is being done to install any of the existing ES patches following information needs to be checked
- ES_55 patch is a cumulative of these ES's 'ES4, ES5, ES7, ES12, ES21, ES22, ES25, ES30, ES33, ES39, ES43, ES50' and should be installed instead of a specific one.
- ES's which are not included in 55 patch i.e. 'ES2, ES9, ES11, ES13, ES16, ES17, ES18, ES19, ES20, ES24, ES26, ES27, ES28, ES31, ES32, ES34, ES35, ES37, ES38, ES40, ES42, ES44, ES45, ES46, ES47, ES49' can be installed post ES_55.
- If these ES's are installed before ES_55 system might encounter few error messages related to JAVA which can be fixed when you download and run 12.5.1-ES-Install-Utility.bat utility.
- ES_55 is required and should be installed before you apply any patch greater than ES_55
Update OpenJDK to Latest Patch
CCE application offers couple of ways to update the open JDK 1.8 version to latest patch
- Manual Upgrade
- Upgrade via OpenJdkUpgradeTool
Manual Upgrade
Step 1. Download the latest 1.8 version patch from the Openlogic site and copy it in the server.
https://www.openlogic.com/openjdk-downloads
Step 2. Export all the certificates from the existing oracle java keystore.
Execute the instrcution cd %CCE_JAVA_HOME%\bin and export the certificates of all the components with the command:
keytool -keystore "C:\Program Files (x86)\OpenJDK\jre-8.0.272.10-hotspot\lib\security\cacerts" -export -storepass changeit -alias <alias of the cert> -file <filepath>.cer
Step 3. Install the java update which was downloaded in step 1 and follow the instructions in openlogic java readme file.
Step 4. Modify the CCE_JAVA_HOME environment variable to point to the new OpenJDK Java Runtime Environment (JRE) location.
Step 5. Import the certificates into the new path by following these commands.
Execute the command cd %CCE_JAVA_HOME%\bin and import the certs with the command:
keytool -keystore "C:\Program Files (x86)\OpenJDK\<jre-8.0.292.10-hotspot or new version>\lib\security\cacerts" -import -storepass changeit -alias <alias of the cert> -file <filepath>.cer
Upgrade Via OpenJdkUpgradeTool
Step 1. Download the latest 1.8 version patch from the openlogic site and copy it in the server.
https://www.openlogic.com/openjdk-downloads
Step 2. Copy the downloaded file into the Unified CCE component VMs.For Example, C:\UpgradeOpenJDKTool
Step 3. Export all the certificates from the existing oracle java keystore.
Execute the instrcution cd %CCE_JAVA_HOME%\bin and export the certificates of all the components with the command:
keytool -keystore "C:\Program Files (x86)\OpenJDK\jre-8.0.272.10-hotspot\lib\security\cacerts" -export -storepass changeit -alias <alias of the cert> -file <filepath>.cer
Step 4. Download OpenJdkUpgradeTool utility from this site to any local folder. For example: download and unzip under C:\UpgradeOpenJDKTool
<ahref="https://software.cisco.com/download/home/284360381/type/284416107/release/12.6(1" target="_blank" rel="noopener">https://software.cisco.com/download/home/284360381/type/284416107/release/12.6(1)
Step 5. Run openJDKUtility.exe from unziped folder and follow the commands in ReadMe file.
Step 6. Once the installation is successful ensure CCE_JAVA_HOME path is updated.
Step 7. Import the certificates into the new path with these commands.
Execute the command cd %CCE_JAVA_HOME%\bin and import the certs with the command:
keytool -keystore "C:\Program Files (x86)\OpenJDK\<jre-8.0.292.10-hotspot or new version>\lib\security\cacerts" -import -storepass changeit -alias <alias of the cert> -file <filepath>.cer
Related Information