System Prep
SUSE Linux Enterprise Server 15. Uses zypper rather than dnf or apt. Requires either a paid subscription (SUSEConnect) or activated trial registration for repo access.
1.1 Register the host with SUSE
sudo SUSEConnect -r <YOUR-REG-CODE> -e <YOUR-EMAIL>
sudo SUSEConnect --list-extensions
Required modules for this install:
| Module | Why |
|---|---|
| Basesystem Module | Core utilities |
| Server Applications Module | PostgreSQL community packages |
| Development Tools Module | Compiler toolchain (for some JNI) |
sudo SUSEConnect -p sle-module-basesystem/15.5/x86_64
sudo SUSEConnect -p sle-module-server-applications/15.5/x86_64
sudo SUSEConnect -p sle-module-development-tools/15.5/x86_64
(Substitute 15.5 for your actual SP level. Check with cat /etc/os-release.)
1.2 Update the system
sudo zypper refresh
sudo zypper update -y
sudo reboot
1.3 Install required utilities
sudo zypper install -y \
unzip wget curl jq net-tools-deprecated vim bash-completion \
tar lsof telnet firewalld
Note.
net-tools-deprecatedprovidesnetstatfor SLES 15. Thesscommand fromiproute2is also available and is preferred in new commands.
1.4 Configure the firewall
SLES 15 uses firewalld from SP2 onwards. (Earlier SPs used SuSEfirewall2 which is no longer recommended.)
sudo systemctl enable --now firewalld
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --permanent --add-port=8070/tcp
sudo firewall-cmd --permanent --add-port=8071/tcp
sudo firewall-cmd --permanent --add-port=8072/tcp
sudo firewall-cmd --permanent --add-port=6379/tcp
sudo firewall-cmd --permanent --add-port=5672/tcp
sudo firewall-cmd --permanent --add-port=15672/tcp
sudo firewall-cmd --reload
1.5 AppArmor
SLES uses AppArmor by default. No relaxation is required for the IDP services.
sudo systemctl status apparmor
Database
PostgreSQL 16 on SLES 15. PGDG ships SLES 15 packages.
2.1 Add the PGDG repository
sudo zypper addrepo \
https://download.postgresql.org/pub/repos/zypp/repo/pgdg-sles-15-pg16.repo
sudo zypper --gpg-auto-import-keys refresh
2.2 Install PostgreSQL 16
sudo zypper install -y postgresql16-server postgresql16 postgresql16-contrib
2.3 Initialise and start
The PGDG package on SLES does not auto-init the cluster.
sudo /usr/pgsql-16/bin/postgresql-16-setup initdb
sudo systemctl enable --now postgresql-16
2.4 Create the miniOrange database and user
sudo -u postgres psql <<'SQL'
CREATE USER moadmin WITH PASSWORD 'Password123';
CREATE DATABASE miniorangedb OWNER moadmin;
ALTER USER moadmin WITH SUPERUSER;
SQL
2.5 Switch authentication to md5
sudo sed -i -E 's/^(host\s+all\s+all\s+(127\.0\.0\.1\/32|::1\/128)\s+)ident/\1md5/' \
/var/lib/pgsql/16/data/pg_hba.conf
sudo systemctl restart postgresql-16
2.6 Verify
PGPASSWORD=Password123 psql -h 127.0.0.1 -U moadmin -d miniorangedb -c '\l'
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | PostgreSQL |
| Host | 127.0.0.1 |
| Port | 5432 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123 |
MySQL 8.4 LTS on SLES 15. Derived from the MySQL community SLES 15 repo.
2.1 Add the MySQL community repository
sudo zypper addrepo \
https://repo.mysql.com/yum/mysql-8.4-lts-community/sles/15/x86_64/ \
mysql-8.4-lts-community
sudo zypper --gpg-auto-import-keys refresh
2.2 Install MySQL 8.4
sudo zypper install -y mysql-community-server mysql-community-client
sudo systemctl enable --now mysql
2.3 Retrieve the temporary root password
sudo grep 'temporary password' /var/log/mysql/mysqld.log
2.4 Secure the installation
sudo mysql_secure_installation
2.5 Create the miniOrange database and user
mysql -u root -p <<'SQL'
CREATE DATABASE miniorangedb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'moadmin'@'localhost' IDENTIFIED BY 'Password123';
CREATE USER 'moadmin'@'%' IDENTIFIED BY 'Password123';
GRANT ALL PRIVILEGES ON miniorangedb.* TO 'moadmin'@'localhost';
GRANT ALL PRIVILEGES ON miniorangedb.* TO 'moadmin'@'%';
FLUSH PRIVILEGES;
SQL
2.6 Place the MySQL JDBC driver (derived)
sudo mkdir -p /opt/miniorange/drivers
cd /tmp
sudo wget https://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-j-8.4.0-1.el8.noarch.rpm
sudo rpm -ivh --nodeps mysql-connector-j-8.4.0-1.el8.noarch.rpm
sudo cp /usr/share/java/mysql-connector-j-8.4.0.jar /opt/miniorange/drivers/
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | MySQL |
| Host | 127.0.0.1 |
| Port | 3306 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123 |
Microsoft SQL Server 2022 on SLES 15. Microsoft officially supports MSSQL on SLES 15.
2.1 Verify system requirements
free -h
2.2 Add the Microsoft repository
sudo zypper addrepo -fc \
https://packages.microsoft.com/config/sles/15/mssql-server-2022.repo
sudo zypper addrepo -fc \
https://packages.microsoft.com/config/sles/15/prod.repo
sudo zypper --gpg-auto-import-keys refresh
2.3 Install MSSQL 2022 and tools
sudo zypper install -y mssql-server
sudo ACCEPT_EULA=Y zypper install -y mssql-tools18 unixODBC-devel
2.4 Run the initial setup
sudo /opt/mssql/bin/mssql-conf setup
sudo systemctl enable --now mssql-server
2.5 Add tools to PATH
echo 'export PATH="$PATH:/opt/mssql-tools18/bin"' | sudo tee /etc/profile.d/mssql.sh
source /etc/profile.d/mssql.sh
2.6 Create the miniOrange database and login
sqlcmd -S localhost -U SA -P '<SA_PASSWORD>' -C -Q "
CREATE DATABASE miniorangedb;
GO
CREATE LOGIN moadmin WITH PASSWORD = 'Password123!';
GO
USE miniorangedb;
CREATE USER moadmin FOR LOGIN moadmin;
ALTER ROLE db_owner ADD MEMBER moadmin;
GO
"
2.7 Place the MSSQL JDBC driver (derived)
sudo mkdir -p /opt/miniorange/drivers
cd /tmp
sudo curl -L -o mssql-jdbc.tar.gz \
https://download.microsoft.com/download/8/c/d/8cdfd87a-1684-4731-91a9-2ba182c8b0ad/sqljdbc_12.6.4.0_enu.tar.gz
sudo tar -xzf mssql-jdbc.tar.gz
sudo cp sqljdbc_12.6/enu/jars/mssql-jdbc-12.6.4.jre11.jar /opt/miniorange/drivers/
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | MSSQL |
| Host | 127.0.0.1 |
| Port | 1433 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123! |
Oracle Database 19c on SLES 15. Oracle officially supports 19c on SLES 15 SP2 and later.
2.1 Install kernel parameter package
Oracle does not ship a SLES preinstall package. Set kernel parameters manually using oracle-rdbms-server-12cR1-preinstall as a reference or use Oracle’s SLES 15 installation guide.
sudo zypper install -y libaio1 libcap-progs libstdc++6 ksh make sysstat unixODBC \
glibc-devel glibc-locale binutils gcc-c++ libgcc_s1 libstdc++-devel
2.2 Create the oracle user and groups
sudo groupadd -g 54321 oinstall
sudo groupadd -g 54322 dba
sudo groupadd -g 54323 oper
sudo useradd -u 54321 -g oinstall -G dba,oper oracle
sudo passwd oracle
2.3 Configure kernel parameters
sudo tee /etc/sysctl.d/97-oracle.conf > /dev/null <<'EOF2'
fs.aio-max-nr = 1048576
fs.file-max = 6815744
kernel.shmall = 2097152
kernel.shmmax = 4294967295
kernel.shmmni = 4096
kernel.sem = 250 32000 100 128
net.ipv4.ip_local_port_range = 9000 65500
net.core.rmem_default = 262144
net.core.rmem_max = 4194304
net.core.wmem_default = 262144
net.core.wmem_max = 1048576
EOF2
sudo sysctl --system
2.4 Install Oracle 19c
Download oracle-database-ee-19c-*.rpm from Oracle. SLES uses the Linux-x86_64 RPM (same as RHEL family).
cd /opt
sudo rpm -ivh oracle-database-ee-19c-*.rpm --nodeps
sudo /etc/init.d/oracledb_ORCLCDB-19c configure
2.5 Configure environment variables, open the PDB, start the listener, create the user, place the JDBC driver
The remaining steps are identical to the Oracle Linux 8 path:
- Set
ORACLE_HOME,ORACLE_SID,PATHinoracleuser’s.bash_profile STARTUP; ALTER PLUGGABLE DATABASE ALL OPEN; ALTER PLUGGABLE DATABASE ALL SAVE STATE;lsnrctl start- Create
moadmininsideORCLPDB1 - Copy
ojdbc8.jarfrom$ORACLE_HOME/jdbc/lib/to/opt/miniorange/drivers/
Refer to the Oracle Linux 8 → Oracle page for the verbatim commands; they are unchanged on SLES 15.
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | Oracle |
| Host | 127.0.0.1 |
| Port | 1521 |
| SID / Service | Service |
| Service Name | ORCLPDB1 |
| Username | moadmin |
| Password | Password123 |
Erlang + RabbitMQ
RabbitMQ requires Erlang. On SLES 15, install both from the OpenSUSE Build Service (OBS) or the official RabbitMQ RPM releases on GitHub.
3.1 Add OpenSUSE Erlang repository
sudo zypper addrepo \
https://download.opensuse.org/repositories/devel:/languages:/erlang/SLE_15_SP5/devel:languages:erlang.repo
sudo zypper --gpg-auto-import-keys refresh
3.2 Install Erlang
sudo zypper install -y erlang
3.3 Install RabbitMQ from upstream RPM
sudo zypper install -y \
https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.13.7/rabbitmq-server-3.13.7-1.suse.noarch.rpm \
--no-gpg-checks
If no .suse.noarch.rpm is published for the version you want, the .el8.noarch.rpm build runs on SLES 15 in practice:
sudo zypper install -y --allow-unsigned-rpm \
https://github.com/rabbitmq/rabbitmq-server/releases/download/v3.13.7/rabbitmq-server-3.13.7-1.el8.noarch.rpm
3.4 Enable and start the service
sudo systemctl enable --now rabbitmq-server
3.5 Enable the management plugin
sudo rabbitmq-plugins enable rabbitmq_management
sudo systemctl restart rabbitmq-server
3.6 Verify
sudo rabbitmqctl status
sudo ss -tulnp | grep 5672
Values for the /initialize wizard
| Field | Value |
|---|---|
| RabbitMQ Host | 127.0.0.1 |
| AMQP Port | 5672 |
| Mgmt UI Port | 15672 |
| Default Login | guest / guest |
mo-installer
The miniOrange installer bundles Java 17 and Redis. You don’t install either manually. The installer auto-detects the OS and deploys the IDP services into /opt/tomcat/.
4.1 Download the installer
cd /opt
sudo wget https://miniorange.s3.us-east-1.amazonaws.com/public/installers/mo-installer-5.0.0.zip
sudo unzip mo-installer-5.0.0.zip -d mo-installer-5.0.0
cd /opt/mo-installer-5.0.0
ls -la
You should see:
.env.sh Environment configuration (review before sourcing)
mo-installer.sh Main installer script
moctl/ moctl CLI and bash completion
4.2 Review and source the environment file
less .env.sh
source .env.sh
Note. In v5.0.0,
.env.shdoes not contain database connection details. The DB connection is configured later through the browser UI at/initialize. Source the file as-is.
4.3 Set execute permissions
sudo chmod +x mo-installer.sh moctl/*.sh
4.4 Run the installer
sudo bash mo-installer.sh
Watch the output for failures. The installer covers:
- Java 17 — installed automatically
- Redis — installed and configured automatically
- moctl — installed to
/usr/bin/moctlwith tab completion - IDP services — deployed to
/opt/tomcat/
At the end of the run, the installer will print:
Next step: moctl service start
4.5 Start the four core services
moctl service start
The core services start in this order:
| Service | Port | Purpose |
|---|---|---|
| configserver | 8071 | Configuration |
| eurekaserver | 8070 | Service registry |
| gatekeeper | 8072 | API gateway |
| miniorange | 8080 | Main IDP service |
4.6 Check service status
moctl service status
Only the four core services should be active at this point. Secondary services start after initialisation.
| Symbol | Meaning |
|---|---|
● running | Active and registered in Eureka |
△ registering | Active but not yet registered; wait and recheck |
△ stopped | Inactive |
✗ failed | Failed; check moctl log <service> |
4.7 Open /initialize in a browser
https://<SERVER_IP>/initialize
You will see a self-signed certificate warning. Proceed past it.
Enter the values from the Database section above, plus the Redis and RabbitMQ values from Section 3 (Redis: 127.0.0.1:6379, no password by default).
After the wizard completes, the dashboard loads. Navigate to Settings → Base URL and set it to your final domain:
https://<your-domain>
4.8 Restart all services
This step starts the secondary services that depend on the completed schema.
moctl service restart
Wait 1–2 minutes for everything to register, then verify in the next section.
Verify & Service Enablement
Confirm everything is running and registered. All commands here come from the source v5.0.0 guide.
5.1 Full service status
moctl service status
Every service should show ● running or ● reachable. If anything shows △ registering, wait 30 seconds and re-run.
5.2 Full diagnostics
moctl diagnose
Expected output includes:
Database connectivity reachable
Redis reachable
RabbitMQ reachable
5.3 Individual service status
systemctl status mo-idp-miniorange.service
systemctl status redis
systemctl status rabbitmq-server
5.4 Check all bound ports
sudo ss -tulnp | egrep '8080|8070|8071|8072|6379|5672'
For your DB:
| DB | Port |
|---|---|
| PostgreSQL | 5432 |
| MySQL | 3306 |
| MSSQL | 1433 |
| Oracle | 1521 |
5.5 Preflight
moctl pre checks Java, the DB, Redis, and RabbitMQ reachability in one go.
moctl pre
Quick moctl reference
| Command | Purpose |
|---|---|
moctl service start | Start all services in order |
moctl service stop | Stop all services in reverse order |
moctl service restart | Full ordered restart |
moctl service restart miniorange | Restart one named service |
moctl log <service> -f | Live tail logs |
moctl log <service> --since 1h | Logs from the past hour |
moctl system memory | Per-service RSS memory |
moctl jvm <service> | Heap, threads, open file descriptors |
moctl diagnose ports | Check that core ports are bound |
Common issues
Issue: △ registering after a minute.
The service started but hasn’t completed its handshake with Eureka. Check the gatekeeper log:
moctl log gatekeeper --since 5min
Issue: PostgreSQL peer authentication failed.
You modified pg_hba.conf but didn’t restart. Run sudo systemctl restart postgresql-16.
Issue: SELinux denials in audit.log.
You skipped section 1.5. Set setenforce 0 and re-check getenforce.
Issue: Tomcat stale PID after a crash.
sudo rm -f /opt/tomcat/latest/temp/*.pid
moctl service restart miniorange