# Installing OpenIAM with internet access

OpenIAM provides an RPM installer that includes all dependencies **except for** the database and system tools. The instructions below assume that you have already followed the [Single VM installation](/installing-openiam/installing-openiam-in-rpm-environment.md). If not, complete that step first, then return to this page.

{% stepper %}
{% step %}

### Download the RPM installer

For EL8:

{% code overflow="wrap" %}

```shellscript
curl https://download.openiam.com/release/enterprise/2026.5.1/rpm/openiam-2026.5.1.noarch.x86_64.rpm --output /usr/src/openiam-2026.5.1.noarch.x86_64.rpm 
```

{% endcode %}

For EL9:

{% code overflow="wrap" %}

```shellscript
curl https://download.openiam.com/release/enterprise/2026.5.1/rpm/openiam-2026.5.1.noarch.x86_64.rpm --output /usr/src/openiam-2026.5.1.noarch.x86_64.rpm 
```

{% endcode %}
{% endstep %}

{% step %}

### Install the RPM

Run:

```shellscript
sudo rpm -i openiam-2026.5.1.noarch.x86_64.rpm
```

This step updates initial `ulimit` settings required by the subsequent installation process. You should see output similar to:

```shellscript
openiam/
openiam/vault/
openiam/vault/openiam.cluster.policy.hcl
...
openiam/env.conf
```

Your VM will reboot to apply changes to `ulimit`. After it reboots, reconnect to your VM:

```shellscript
ssh [username]@[IP address of your VM]
```

To cancel the reboot if you don't want it now, use:

```shellscript
shutdown -c
```

{% endstep %}

{% step %}

### Start initialization (downloads files from OpenIAM server)

Run:

```shellscript
sudo openiam-cli init
```

You will be asked about Internet access:

```shellscript
Initialize openiam
Does this box have Internet access ? [y/n]:
```

Type `y` and press Enter.

The system will download additional files, extract them locally, update your repository, and install essential base packages. You will see output similar to the snippet below (truncated for brevity):

{% code expandable="true" %}

```shellscript
Initialize openiam
Does this box have Internet access ? [y/n]:y
It is default configuration in env.conf
Download file openiamrepo.tar.gz from OpenIAM website
Download file backend.tar.gz from OpenIAM website
Download file frontend.tar.gz from OpenIAM website
openiamrepo/
openiamrepo/mariadb/
openiamrepo/mariadb/perl-MIME-Base64-3.15-396.el8.x86_64.rpm
...
Installed:
  m4-1.4.19-1.el9.x86_64               telnet-1:0.17-85.el9.x86_64

Complete!
workflow.jar
synchronization.jar
...
webconsole.war
```

{% endcode %}
{% endstep %}

{% step %}

### Choose database option

You will be asked:

```shellscript
Would you like to install MariaDB RDBMS locally? [y/n]:
```

* Answer `Y` to install and use local MariaDB (suitable for demo/POC/small deployments).
* Answer `N` to use your existing database infrastructure (you will be prompted later for credentials and connection details).

Database recommendations:

* MariaDB is suitable for Demo/POC/small deployments. For production, use a corporate-standard database aligned with your organization’s policies and operational support.
* If using MariaDB in production, ensure it is properly sized and deployed in a high-availability configuration.

If you selected `Y`, the MariaDB installer will guide you through `mysql_secure_installation`-style prompts. Follow the steps below:

1. `Enter current password for root (enter for none):` — Press Enter (no password yet). You will see confirmation:

   ```
   OK, successfully used password, moving on...
   ```
2. `Set root password? [Y/n]` — Type `y` and Enter to set a password.
3. `New password:` — Enter a secure password (you will need this later).
4. `Re-enter new password:` — Enter the same password again.
5. `Remove anonymous users? [Y/n]` — Type `y` to remove anonymous users.
6. `Disallow root login remotely? [Y/n]` — Type `y` to prevent remote root login.
7. `Remove test database and access to it? [Y/n]` — Type `y` to remove the test DB.
8. `Reload privilege tables now? [Y/n]` — Type `y` to apply changes immediately.

Example interactive output (for reference):

{% code expandable="true" %}

```shellscript
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
 ... Success!
Remove anonymous users? [Y/n] y
 ... Success!
Disallow root login remotely? [Y/n] y
 ... Success!
Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!
Reload privilege tables now? [Y/n] y
 ... Success!
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
```

{% endcode %}

After MariaDB installation, the installer proceeds to infrastructure services (Vault, Redis, RabbitMQ, Cassandra). This process typically takes 4–5 minutes. You may see certificate generation and vault initialization logs, for example:

```shellscript
Certificate request self-signature ok
subject=C=US, ST=NY, L=NY, O=OPENIAM, OU=PRODUCTION, CN=localhost
...
Starting consul...
Starting vault...
```

{% endstep %}

{% step %}

### Defining database and infrastructure credentials

The installer will prompt for credentials and DB usernames for default schemas created by OpenIAM: `openiam`, `activiti`, and `groovy`. These are used by the application and related components.

Questions and explanations (defaults shown):

| Question raised by the installer                                | Explanation                                                                             |
| --------------------------------------------------------------- | --------------------------------------------------------------------------------------- |
| Set OpenIAM username for schema `openiam`, default: `idmuser`   | DB username to manage the `openiam` schema (primary OpenIAM schema). Default `idmuser`. |
| Set OpenIAM password for schema `openiam`, default: `idmuser`   | Password for the `openiam` DB user. Default `idmuser`.                                  |
| Set OpenIAM username for schema `activiti`, default: `activiti` | DB username for the `activiti` schema (workflow). Default `activiti`.                   |
| Set OpenIAM password for schema `activiti`, default: `activiti` | Password for the `activiti` DB user. Default `activiti`.                                |
| Set OpenIAM username for schema `groovy`, default: `groovy`     | DB username for the `groovy` schema. Default `groovy`.                                  |
| Set OpenIAM password for schema `groovy`, default: `groovy`     | Password for the `groovy` DB user. Default `groovy`.                                    |

Additional infrastructure credentials you will be asked for (examples/defaults shown):

{% code overflow="wrap" %}

```shellscript
Set OpenIAM password for RabbitMQ message broker, default: passwd00
Set OpenIAM password for Redis., default: passwd00
Set OpenIAM password for Redis Sentinel., default: passwd00
User to Access OpenSearch. If you don't change it on the OS server side, leave it as elastic, default: elastic
Password for elastic to access OpenSearch, default: VlyXHUBDuhgv6BTKjTz7TumtBZL8Zbmu
```

{% endcode %}

{% hint style="info" %}
The installer will mark sections requiring your input in the console with:

<mark style="color:$primary;">=============== CRITICAL SECTION ===============</mark>
{% endhint %}
{% endstep %}
{% endstepper %}

At this point, the critical installation section is completed. The installer will then proceed to infrastructure component installation and database schema configuration. Proceed to the [Configuring infrastructure](/installing-openiam/configuring-infrastructure.md) step.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs-beta.openiam.com/installing-openiam/installing-openiam-with-internet-access.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.