IzPack wouldn't predefine the username and password - it would prompt user for the details (or take it from command line parameters).
Maven profiles - not sure why profiles would be necessary, unless at build time someone only wanted an individual platform distribution to be built. Otherwise I would have thought all platform distros should be built by default for release purposes.
I quite like the IzPack option as it is something that could be used inside a Dockerfile using silent install mode, with username/password potentially supplied from the docker build command line - but at the same time can be used standalone independent of docker. It combines the install and config steps, but can remove the dependency on ant.
Although we don't have izpack experience in the team, it is used within productisation, so could leverage their knowledge to get started.
Another way to solve the Ant problem is to implement a config tool in Java. Here are the things it has to do:
- Create a java keystore (the saml keystore *and* the vault)
- Prompt for user credentials and configure the app server with the result - either by updating a file or by invoking another java tool (e.g. for eap and wildfly)
- Use XSLT to inject changes into files like standalone.xml
- Modify properties files
All of these are easily implemented in java. I realize they are *more* easily implemented in Ant. I have no idea how difficult it is to do in izpack.
I'd be happy also to see a POC installer done in izpack so we can get a sense for the difficulty in building and maintaining it.
The main point about the Maven profiles is that you'd need some way to isolate dependencies into the separate targets. If that's done with separate assembly XML files, then you're correct. But if we want the assembly XML files to somehow be dynamic, and let the Maven dependencies determine what goes into them, then profiles would be necessary separation.
The ant option is good, although it should require to strip down to leave only what is required for the target container, as like Eric says, it will simplify the install process. One thing that may be worth is to use embedded ant, so provide an script (platform dependant, bash or bat) to launch the embedded ant in the installation distrib. To embed ant is easy, and only few extra jars are required. More depending on the required features.
The izPack option is also ok, but the graphical tools, even in silent mode sometimes require the servers to have X11 libraries (minor issue here). As they should also provide a text-only mode, which is not nice, but works.
The create your own installer is a very good option but might require some effort from your side, although I like it more.
The main problem with then installation, usually is modifying configuration already on the server, so to overlay another "feature" on top of an existing one, and to be platform independant, which leaves you with few options. There will always be requirements on something (java, ant, X11 libs, ...) so I would recommend then to explore a bit, an maybe come with the lightest and more maintainable of them. Which right now I think could be embedded-ant. If the ant scripts are properly configure to solve typical problems of the configurations, then great as you are almost there. With this problems I'm coming to respect values and information already in the configuration, or when configuring a database, checking if the schemas are already there, or for which version, as you do in newer DTGov with tje DTGovInit artifact.
I'll help you in whatever I can, although very bad coder :-(
I hadn't considered embedding Ant - that's an excellent option and I retract my suggestion to write our own java installer.
The biggest question I think is how to create stripped down distros for each platform without adding too much maintenance.
For creating stripped down version of the installers per runtime, I would probably combine maven profiles and maven assemblies (maven-assembly-plugin), generating different .tar.gz, .zip,... with only the relevant bits required. This is very maintanable.
To make it more resiliant and easy you can introduce the automatic installation of the runtime in the CI build pipeline, starting a ,why not, docker container with the target runtime, to validate the installer process, and then delete the docker container. This is very easy with jenkins.
Also maybe deploying a sample application (quickstart) and validating that everything runs fine is a further step.