Oracle® Application Server Administrator's Guide 10g (10.1.4.0.1) Part Number B28185-01 |
|
|
View PDF |
This chapter provides procedures for changing the network configuration of an Oracle Application Server host.
It contains the following topics:
The following procedures for changing network configurations are presented in this chapter:
Changing the Hostname, Domain Name, or IP Address
This section describes how to update Oracle Application Server when changing the hostname, domain name, or IP address of a host.
Moving Between Off-Network and On-Network
This section provides procedures for moving an Oracle Application Server host on and off the network. You may use DHCP or a static IP address when on the network. You can use these procedures, for example, if you installed Oracle Application Server on your laptop and want to connect to different networks to use it.
Changing Between a Static IP Address and DHCP
This section provides procedures for changing from a static IP address to DHCP, and from DHCP to a static IP address. You might use these if you install on a static IP address but then decide you want to use DHCP so you can be more mobile, or if you are using DHCP and must connect to a network using a static IP address.
If you have disabled anonymous binds in Oracle Internet Directory, you must enable them before you make configuration changes. See Section 7.5 for more information.
You may want to change the hostname, domain name, or IP address of the host after you have installed Oracle Application Server. Depending on your installation type, you can perform some or all of these operations.
Many of the procedures in this section use the chgiphost
command. See Section 8.2.1 for more information about the command.
Table 8-1 summarizes the installation types that support hostname, domain name, and IP address changes, and provides pointers to the appropriate procedures.
Table 8-1 Supported Procedures for Hostname, Domain Name, and IP Address Changes
Installation Type | Changing the Hostname or Domain Name | Changing the IP Address |
---|---|---|
Infrastructure: Identity Management only Identity Management installations with the following components configured on the host to be changed:
|
Supported See Section 8.2.2 |
Supported See Section 8.2.2 |
Infrastructure: Identity Management and Metadata Repository |
Not supported |
Supported See Section 8.2.5 |
Infrastructure: Metadata Repository only |
Not supported |
Supported See Section 8.2.5 |
Oracle Identity Federation |
Supported See Section 8.2.3 |
Supported See Section 8.2.3 |
OracleAS Certificate Authority |
Supported See Section 8.2.4 |
Supported Simply change the address in your operating system. No updates to Oracle Application Server are required. |
For the procedures in this chapter, a Metadata Repository is one created by an installation of OracleAS Infrastructure or by the running Oracle Application Server Repository Creation Assistant.
See Also:
|
The chgiphost
command-line utility changes the hostname, domain name, or IP address of an Oracle Application Server installation.
The utility is located at:
On UNIX systems:
ORACLE_HOME/chgip/scripts/chgiphost.sh
On Windows systems:
ORACLE_HOME\chgip\scripts\chgiphost.bat
Table 8-2 shows the options for the command.
Table 8-2 Options for the chgiphost Command
Options | Description |
---|---|
-fed |
Changes the hostname, domain name, or IP address of an Oracle Identity Federation installation |
-help |
Displays command-line Help for the utility |
-idm |
Changes the hostname, domain name, or IP address of an Identity Management only instance |
-infra |
Changes the IP address of an Infrastructure instance |
-silent |
Runs the command in silent mode |
-version |
Displays the version of the utility |
Note that if you use chgiphost
to change the hostname, domain name, or IP address, it does not update the instance name. For example, assume that the original instance name, with the hostname and domain name appended, is:
1014im.myhost1.mydomain.com
If you change the hostname to myhost2, the instance name does not change; it remains the same.
This section describes how to change the hostname, domain name, or IP address on a host that contains an Identity Management installation. This procedure applies to any Identity Management-only installation (one that does not include a Metadata Repository), including the following:
Identity Management with only Oracle Internet Directory configured
Identity Management with OracleAS Single Sign-On and Oracle Delegated Administration Services configured, and, optionally, Oracle Directory Integration Platform
Identity Management with Oracle Internet Directory, OracleAS Single Sign-On, and Oracle Delegated Administration Services configured and, optionally, Oracle Directory Integration Platform
Identity Management with Oracle Identity Federation configured
Note: If your Identity Management installation consists of only OracleAS Certificate Authority, use the procedure described in Section 8.2.4. |
The following sections describe the procedure:
Before You Begin
Review the following items before you start the procedure:
Consider changing the log level before running the chgiphost
command so you can view more detailed information. See Section 8.2.6.2 for more information.
If your old hostname is a string that is likely to appear in a configuration file, the chgiphost
command may encounter problems when trying to update the configuration files. Refer to Section 8.2.6.3 for information on how to avoid this problem.
Write down the old hostname and IP address before you begin. You will be prompted for these values.
Oracle recommends that you perform a backup of your environment before you start this procedure. Refer to Part V, "Backup and Recovery" for more information.
Task 1: Shut Down Middle-Tier Instances
For each middle-tier instance that uses Identity Management, stop the Application Server Control Console and the middle-tier instance using the following commands:
On UNIX systems:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall
On Windows systems:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall
Task 2: Prepare Your Host
Prepare your host for the hostname change by stopping all processes:
Set the ORACLE_HOME environment variable.
Shut down the Identity Management installation, including the servers, such as Oracle Directory Server, Oracle Directory Integration Platform server, and Replication Server, and the Application Server Control Console. For example, on UNIX, use the following commands:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/bin/oidctl server=odisrv instance=instance_number stop ORACLE_HOME/bin/oidctl connect=global_db_name server=oidrepld instance=instance_number stop ORACLE_HOME/bin/oidctl server=oidldapd instance=instance_number stop ORACLE_HOME/opmn/bin/opmnctl stopall
To make sure Oracle Application Server processes will not start automatically after a restart of the host, disable any automated startup scripts you may have set up, such as /etc/init.d
scripts.
Task 3: Change the Hostname, Domain Name, or IP Address
Update your operating system with the new hostname, domain name, or IP address. Consult your operating system documentation for information on how to perform the following steps:
Make the updates to your operating system to properly change hostname, domain name, or both.
Restart the host, if necessary for your operating system.
Verify that you can ping the host from another host in your network. Be sure to ping using the new hostname to make sure everything is resolving properly.
Task 4: Run the chgiphost Command
Perform these steps using the Identity Management Oracle home:
Log in to the host as the user that installed Identity Management.
Set the ORACLE_HOME environment variable. Do not use a trailing slash (UNIX) or backslash (Windows) when specifying the ORACLE_HOME variable.
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Run the following commands in the Identity Management Oracle home:
On UNIX systems:
cd ORACLE_HOME/chgip/scripts
./chgiphost.sh -idm
On Windows systems:
cd ORACLE_HOME\chgip\scripts
cmd /c chgiphost.bat -idm
The chgiphost
command prompts for information, as shown in Table 8-3. Note that the prompts may provide values in parentheses. You can enter a different value, or press the return key to accept the suggested value.
Table 8-3 Prompts and Actions for chgiphost -idm
Prompt | Action |
---|---|
Enter fully qualified hostname (hostname.domainname) of destination |
If you changed the hostname or domain name on your system, enter the new fully qualified hostname. Otherwise, enter the current fully qualified hostname. |
Enter fully qualified hostname (hostname.domainname) of source |
If you changed the hostname or domain name on your system, enter the old fully-qualified hostname. Otherwise, enter the current fully qualified hostname. |
Enter valid IP Address of destination |
If you changed the IP address of the system, enter the new IP address. Otherwise, enter the current IP address |
Enter valid IP Address of source |
If you changed the IP address of the system, enter the old IP address. Otherwise, enter the current IP address |
Verify that the tool ran successfully by checking for errors in the files in the following directory:
(UNIX) ORACLE_HOME/chgip/log (Windows) ORACLE_HOME\chgip\log
Task 5: Restart Your Environment
Restart the Identity Management installation and any other instances that you stopped during this procedure:
Restart the Identity Management instance, using the following commands:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
If you disabled any processes for automatically starting Oracle Application Server at the beginning of this procedure, enable them.
Task 6: Update Your Environment
This task contains the steps to update your environment for the new hostname, domain name, or IP address. The steps you need to take depend on how your environment is configured. If you changed the hostname or IP address of the host containing:
Oracle Internet Directory only: See "Configuration 1: Oracle Internet Directory Only". Oracle Internet Directory is installed on one host and the other Identity Management components are installed on another host and you change the host that contains Oracle Internet Directory. In this case, you must update the other Identity Management components and the middle tiers that use this Identity Management.
Identity Management components other than Oracle Internet Directory: See "Configuration 2: OracleAS Single Sign-On, Oracle Delegated Administration Services, and (optionally) Oracle Directory Integration Platform". Oracle Internet Directory is installed on one host and the other Identity Management components are installed on another host and you change the host that contains the other Identity Management components. In this case, you must update the middle tiers that use this Identity Management.
Oracle Internet Directory and other Identity Management components: See "Configuration 3: Oracle Internet Directory, OracleAS Single Sign-On, Oracle Delegated Administration Services, and (optionally) Oracle Directory Integration Platform". Oracle Internet Directory and the other Identity Management components are installed on the same host. In this case, you must update the middle tiers that use this Identity Management.
If your environment uses LDAP-based replication of Oracle Internet Directory and Oracle Internet Directory is on a different host than OracleAS Metadata Repository, you can change the hostname, domain name, or IP address of the host containing the Master (supplier) or Replica (consumer) Oracle Internet Directory. See Task 7: Update Oracle Internet Directory If LDAP-Based Replication Is Used for information.
Configuration 1: Oracle Internet Directory Only In this case, Oracle Internet Directory is installed on one host and the other Identity Management components are installed on another host and you changed the host that contains Oracle Internet Directory. Take the following steps:
In the OracleAS Single Sign-On installation, stop the Infrastructure processes and the Application Server Control Console:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/bin/emctl stop iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\bin\emctl stop iasconsole
Update the ias.properties
file in every instance that uses Oracle Internet Directory. This includes other Identity Management instances (OracleAS Single Sign-On, Oracle Delegated Administration Services, and Oracle Directory Integration Platform) and middle-tier instances (such as J2EE and Web Cache, Portal and Wireless, and Business Intelligence and Forms).
In each Oracle home, update the following file:
(UNIX) ORACLE_HOME/config/ias.properties (Windows) ORACLE_HOME\config\ias.properties
In the file, update the OIDhost
parameter in with the new hostname:
OIDhost=newhost.us.oracle.com
Update the ldap.ora
file in every instance that uses Oracle Internet Directory. This includes other Identity Management instances and middle-tier instances.
In each Oracle home, edit the following file:
(UNIX) ORACLE_HOME/ldap/admin/ldap.ora (Windows) ORACLE_HOME\ldap\admin\ldap.ora
In the file, update the DIRECTORY_SERVERS
parameter with the new fully qualified hostname.
In the Oracle homes for the other Identity Management components and the middle-tier instances, restart OPMN and Application Server Control Console:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl start ORACLE_HOME/bin/emctl start iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl start ORACLE_HOME\bin\emctl start iasconsole
In the Oracle homes for the other Identity Management components and each middle tier, run the Change Identity Management Services wizard and supply the new Oracle Internet Directory information:
Using the Application Server Control Console, navigate to the Application Server Home page for OracleAS Single Sign-On.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Follow the steps in the wizard for supplying the new Identity Management information (new hostname).
Note that although you may see the new Internet Directory host and port on the page, you still need to perform this step. The Application Server Control Console displays the virtual hostname only because it read it from the updated ias.properties
file.
When the wizard completes, it asks you to restart the affected components. Run the following commands in each Oracle home:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall
If OracleAS Certificate Authority is installed, take the following steps:
Stop OracleAS Certificate Authority, the OC4J oca
process, and the Oracle HTTP Server on the host running OracleAS Certificate Authority. For example, on UNIX, execute the following commands:
ORACLE_HOME/oca/bin/ocactl stop ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=oca ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=HTTP_Server
Edit the following file and change the name of the host listed in the file:
(UNIX) ORACLE_HOME/oca/conf/oca.conf (Windows) ORACLE_HOME\oca\conf\oca.conf
Reassociate with OracleAS Single Sign-On and Oracle Internet Directory. For example, on UNIX:
ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port OcaSslPort
Start Oracle HTTP Server, the OC4J oca
process, and OracleAS Certificate Authority. For example, on UNIX:
ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=HTTP_Server ORACLE_HOME/opmn/bin/opmnctl startproc process-type=oca ORACLE_HOME/oca/bin/ocactl start
Configuration 2: OracleAS Single Sign-On, Oracle Delegated Administration Services, and (optionally) Oracle Directory Integration Platform In this case, Oracle Internet Directory is installed on one host and the other Identity Management components are installed on another host and you changed the host that contains the other Identity Management components.
In each middle-tier installation (such as J2EE and Web Cache, Portal and Wireless, or Business Intelligence and Forms installations), take the following steps:
Start the OPMN and the Application Server Control Console:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl start ORACLE_HOME/bin/emctl start iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl start ORACLE_HOME\bin\emctl start iasconsole
In the Oracle home for each middle tier, run the Change Identity Management Services wizard and supply the new Oracle Internet Directory information:
Using the Application Server Control Console, navigate to the Application Server Home page for OracleAS Single Sign-On.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Follow the steps in the wizard for supplying the new Identity Management information (new hostname).
Note that although you may see the new Internet Directory host and port on the page, you still need to perform this step. The Application Server Control Console displays the virtual hostname only because it read it from the updated ias.properties
file.
Restart the affected components. Run the following commands in each Oracle home:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall
Configuration 3: Oracle Internet Directory, OracleAS Single Sign-On, Oracle Delegated Administration Services, and (optionally) Oracle Directory Integration Platform In this case, Oracle Internet Directory and the other Identity Management components are installed on the same host and this is the host you changed. Take the following steps:
Start the OPMN and the Application Server Control Console:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl start ORACLE_HOME/bin/emctl start iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl start ORACLE_HOME\bin\emctl start iasconsole
Update the ias.properties
file in every middle-tier instance.
In each Oracle home, update the following file:
(UNIX) ORACLE_HOME/config/ias.properties (Windows) ORACLE_HOME\config\ias.propertie
In the file, update the OIDhost
parameter in with the new hostname:
OIDhost=newhost.us.oracle.com
Update the ldap.ora
file in every middle-tier instance that uses the Identity Management instance.
In each Oracle home, edit the following file:
(UNIX) ORACLE_HOME/ldap/admin/ldap.ora (Windows) ORACLE_HOME\ldap\admin\ldap.ora
In the file, update the DIRECTORY_SERVERS
parameter with the new fully qualified hostname.
In each middle-tier installation, run the Change Identity Management Services wizard:
Using the Application Server Control Console, navigate to the Application Server Home page for the middle-tier instance.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Note that the Infrastructure page may display an error, but the error will be resolved after you complete the steps in the wizard.
Follow the steps in the wizard for supplying the new Identity Management information.
Restart the affected components. Run the following commands in each Oracle home:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall
Task 7: Update Oracle Internet Directory If LDAP-Based Replication Is Used
If your environment uses LDAP-based replication of Oracle Internet Directory and Oracle Internet Directory is on a different host than OracleAS Metadata Repository, you can change the hostname, domain name or IP address of the host containing the Master (supplier) or Replica (consumer) Oracle Internet Directory:
Configuration A: Host with Master Oracle Internet Directory is Changed
Configuration B: Host with Replica Oracle Internet Directory is Changed
Configuration A: Host with Master Oracle Internet Directory is Changed
If you change the hostname, domain name, or IP address of the host containing the Master Oracle Internet Directory, take the following steps:
Obtain the replica ID of the Master Oracle Internet Directory:
ldapsearch -p master_port -h master_host -b "" -s base "objectclass=*" orclreplicaid
On both the Master and the Replica, update either orclreplicauri
or orclreplicasecondaryuri
or both, if they exist, in the replica entry of the Master Oracle Internet Directory. Take the following steps:
Create a file named mod.ldif
and enter the following lines in the file:
dn: orclreplicaid=master_replicaID,cn=replication configuration changetype:modify replace: orclreplicauri orclreplicauri: ldap://new_master_host:new_master_port/
In the example, master_replicaID
is the ID obtained in Step a, new_master_host
is the new hostname of the Master Oracle Internet Directory, and new_master_port
is the port number for the Master Oracle Internet Directory.
Run the following command on the Master:
ldapmodify -p master_port -h master_host -f mod.ldif
Run the following command on the Replica:
ldapmodify -p replica_port -h replica_host -f mod.ldif
Restart the Replication server at the Replica:
oidctl server=oidrepld inst=inst_num connect=connect_string flags="-h replica_host -p replica_port -m false" stop oidctl server=oidrepld inst=inst_num connect=connect_string flags="-h replica_host -p replica_port -m false" start
In the example, replica_host
is the hostname of the Replica Oracle Internet Directory and replica_port
is the port of the Replica Oracle Internet Directory.
Configuration B: Host with Replica Oracle Internet Directory is Changed
If you change the hostname, domain name, or IP address of the host containing the Replica Oracle Internet Directory, take the following steps:
Obtain the replica ID of the Replica Oracle Internet Directory:
ldapsearch -p replica_port -h replica_host -b "" -s base "objectclass=*" orclreplicaid
On both the Master and the Replica, update either orclreplicauri
or orclreplicasecondaryuri
or both, if they exist, in the replica entry of the Replica Oracle Internet Directory. Take the following steps:
Create a file named mod.ldif
and enter the following lines in the file:
dn: orclreplicaid=replica_replicaID,cn=replication configuration changetype:modify replace: orclreplicauri orclreplicauri: ldap://new_replica_host:new_replica_port/
In the example, replica_replicaID
is the ID obtained in Step a, new_replica_host
is the new hostname of the Replica Oracle Internet Directory, and new_replica_port
is the port number for the Replica Oracle Internet Directory.
Run the following command on the Master:
ldapmodify -p master_port -h master_host -f mod.ldif
Run the following command on the Replica:
ldapmodify -p replica_port -h replica_host -f mod.ldif
Restart the Replication server at the Replica:
oidctl server=oidrepld inst=inst_num connect=connect_string flags="-h new_replica_host -p new_replica_port -m false" stop oidctl server=oidrepld inst=inst_num connect=connect_string flags="-h new_replica_host -p new_replica_port -m false" start
In the example, new_replica_host
is the new hostname of the Replica Oracle Internet Directory and new_replica_port
is the port of the Replica Oracle Internet Directory.
Task 8: Update Oracle Identity Federation
If your environment includes Oracle Identity Federation and Oracle Identity Federation uses Oracle Internet Directory or OracleAS Single Sign-On, update the Oracle Identity Federation configuration by taking the following steps:
In the Oracle home for the Oracle Identity Federation instance, run the Change Identity Management Services wizard and supply the new Oracle Internet Directory information:
Using the Application Server Control Console, navigate to the Application Server Home page for OracleAS Single Sign-On.
Click the Infrastructure link.
On the Infrastructure page, in the Identity Management section, click Change.
Follow the steps in the wizard for supplying the new Identity Management information (new hostname).
Note that although you may see the new Internet Directory host and port on the page, you still need to perform this step. The Application Server Control Console displays the virtual hostname only because it read it from the updated ias.properties
file.
When the wizard completes, it asks you to restart the affected components. Run the following commands in the Oracle home:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall
From a browser, log into the Oracle Identity Federation Administration console, using the following URL:
http://oif_host:port/fedadmin
In the URL, oif_host
is the host on which Oracle Identity Federation is installed and port
is the port number of the Oracle HTTP Server.
The username is oif_admin
; the password is the password you specified at installation.
If you changed the network information of the Oracle Internet Directory instance, take the following steps:
Choose IDM Data Stores, then User Data Store.
For Select Active Repository, select LDAP Directory.
In the Repository Parameters section, enter the following information:
For Connection URL(s), change the hostname or domain name, entering the new information for Oracle Internet Directory, in the following format:
ldap://oid_hostname.domainname:port
For example, if you changed the hostname to newhost, the domain name to mydomain, (and the port remained 389), enter the following:
ldap://newhost.mydomain:389
For Bind DN, enter the administrator account DN to use to connect to the LDAP directory. For example:
cn=orcladmin
For Password, enter the administrator account password to use to connect to the LDAP directory.
For the other fields, see the online Help for the page.
Click Save.
From the IDM Data Stores tab, choose Federation Data Store.
For Select Active Repository, select LDAP Directory.
For Connection URL(s), change the hostname or domain name, entering the new information for Oracle Internet Directory, in the following format:
ldap://oid_hostname.domainname:port
For example, if you changed the hostname to newhost, the domain name to mydomain, (and the port remained 389), enter the following:
ldap://newhost.mydomain:389
Click Save.
If you changed the network information of the OracleAS Single Sign-On instance, take the following steps:
Choose IDM Data Stores, then User Data Store.
For Select Active Repository, select OracleAS Single Sign-On.
In the Repository Parameters section, enter the following information:
For Connection URL(s), change the hostname or domain name, entering the new information for the OracleAS Single Sign-On instance, in the following format:
ldap://sso_hostname.domainname:port
For example, if you changed the hostname to newhost, the domain name to mydomain, (and the port remained 389), enter the following:
ldap://newhost.mydomain:389
For Bind DN, enter the administrator account DN to use to connect to the LDAP directory. For example:
cn=orcladmin
For Password, enter the administrator account password to use to connect to the LDAP directory.
For the other fields, see the online Help for the page.
For OSSO Login URL, change the hostname or domain name, entering the new information for the OracleAS Single Sign-On instance, in the following format:
http://sso_hostname.domainname:port/sso/auth
For OSSO Logout URL, change the hostname or domain name, entering the new information for the OracleAS Single Sign-On instance, in the following format:
http://sso_hostname.domainname:port/sso/logout
Click Save.
If any resource is protected by Oracle Identity Federation using a virtual host and a non-default (other than osso.conf) partner application, re-register mod_osso
with the new hostname or domain name. Do this by running the following command:
On UNIX systems:
ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path identity_management_oracle_home -site_name newhostname:port -config_mod_osso TRUE -mod_osso_url http://newhostname:port -virtualhost -config_file path/osso-https.conf
On Windows systems:
ORACLE_HOME\sso\bin\ssoreg.bat -oracle_home_path identity_management_oracle_home -site_name newhostname:port -config_mod_osso TRUE -mod_osso_url http://newhostname:port -virtualhost -config_file path\osso-https.conf
In the examples, the config_file
parameter is the name of the file, including the full path, that is used in the partner application or resource protection.
For example, if you changed the hostname to newhost on UNIX:
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /disk1/oracleas -site_name newhost:4445 -config_mod_osso TRUE -mod_osso_url http://newhost.mydomain:7778 -virtualhost -config_file $ORACLE_HOME/Apache/Apache/conf/osso/osso-https.conf
Restart the Oracle Identity Federation server and Oracle HTTP Server:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=OC4J_FED (UNIX) ORACLE_HOME/opmn/bin/opmnctl restartproc process-type=HTTP_Server (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=OC4J_FED (Windows) ORACLE_HOME\opmn\bin\opmnctl restartproc process-type=HTTP_Server
This section describes how to change the hostname, domain name, or IP address on a host that contains an Oracle Identity Federation installation. This procedure applies to the following types of environments:
Oracle Identity Federation used as the Service Provider, and where Oracle Internet Directory is the Federation Data Store and the Metadata Repository is the Federation Transient Store. Oracle Identity Federation may or may not be associated with OracleAS Single Sign-On.
Oracle Identity Federation used as the Identity Provider, and where Oracle Internet Directory is the Federation Data Store and the Metadata Repository is the Federation Transient Store. Oracle Identity Federation may or may not be associated with OracleAS Single Sign-On.
The following sections describe the procedure:
Before You Begin
Review the following items before you start the procedure:
Consider changing the log level before running the chgiphost
command so you can view more detailed information. See Section 8.2.6.2 for more information.
If your old hostname is a string that is likely to appear in a configuration file, the chgiphost
command may encounter problems when trying to update the configuration files. Refer to Section 8.2.6.3 for information on how to avoid this problem.
Write down the old hostname and IP address before you begin. You will be prompted for these values.
Oracle recommends that you perform a backup of your environment before you start this procedure. Refer to Part V, "Backup and Recovery" for more information.
Task 1: Prepare Your Host
Prepare your host for the hostname change:
Set the ORACLE_HOME environment variable.
Shut down the Oracle Identity Federation installation, including the Oracle Identity Federation server and Application Server Control Console. For example, on UNIX, use the following commands:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall
To make sure Oracle Application Server processes will not start automatically after a restart of the host, disable any automated startup scripts you may have set up, such as /etc/init.d
scripts.
Task 2: Change the Hostname, Domain Name, or IP Address
Update your operating system with the new hostname, domain name, or IP address. Consult your operating system documentation for information on how to perform the following steps:
Make the updates to your operating system to properly change hostname, domain name, or both.
Restart the host, if necessary for your operating system.
Verify that you can ping the host from another host in your network. Be sure to ping using the new hostname to make sure everything is resolving properly.
Task 3: Run the chgiphost Command
Perform these steps from the Oracle Identity Federation Oracle home:
Log in to the host as the user that installed Oracle Identity Federation.
Set the ORACLE_HOME environment variable. Do not use a trailing slash (UNIX) or backslash (Windows) when specifying the ORACLE_HOME variable.
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Run the following commands in the Oracle Identity Federation Oracle home:
On UNIX systems:
cd ORACLE_HOME/chgip/scripts
./chgiphost.sh -fed
On Windows systems:
cd ORACLE_HOME\chgip\scripts
cmd /c chgiphost.bat -fed
The chgiphost
command prompts for information, as shown in Table 8-3. Note that the prompts may provide values in parentheses. You can enter a different value, or press the return key to accept the suggested value.
Table 8-4 Prompts and Actions for chgiphost -fed
Prompt | Action |
---|---|
Enter fully qualified hostname (hostname.domainname) of destination |
Enter the new fully qualified hostname. This may be a new hostname, domain name, or both. |
Enter fully qualified hostname (hostname.domainname) of source |
Enter the original fully qualified hostname and domain name. |
Enter valid IP Address of destination |
If you changed the IP address of the host, enter the new IP address. Otherwise, enter the current IP address. |
Enter valid IP Address of source |
If you changed the IP address of the host, enter the old IP address. Otherwise, enter the current IP address. |
OIDAdmin Password: |
Enter the |
Verify that the tool ran successfully by checking for errors in the files in the following directory:
(UNIX) ORACLE_HOME/chgip/log (Windows) ORACLE_HOME\chgip\log
Task 4: Restart Your Environment
Restart the Oracle Identity Federation installation and any other instances that you stopped during this procedure:
Restart the Oracle Identity Federation instance, using the following commands:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
If you disabled any processes for automatically starting Oracle Application Server at the beginning of this procedure, enable them.
Task 5: Update the Metadata for the Identity Provider
If you changed the hostname, domain name, or IP address of the Oracle Identity Federation instance that is configured as an Identity Provider, you must load the new metadata file for the Identity Provider into the Service Provider configuration in the Circle of Trust. Take the following steps:
From a browser, navigate to the Oracle Identity Federation Identity Provider's metadata file, using the following URL:
http://oif_host:port/fed/idp/metadata_file
In the URL, oif_host
is the host on which Oracle Identity Federation is installed as an Identity Provider; port
is the port number of the Oracle HTTP Server; metadata_file
is the metadata file used for the protocol you are using. For example, the metadata file for the protocol SAML 2.0 is metadatav20
.
From the browser, save the page.
From a browser, log into the Oracle Identity Federation Administration console for the Service Provider, using the following URL:
http://oif_host:port/fedadmin
In the URL, oif_host
is the host on which Oracle Identity Federation is installed as the Service Provider and port
is the port number of the Oracle HTTP Server.
The username is oif_admin
; the password is the password that you specified at installation.
Select Server Configuration, then Circle of Trust.
In the Identity Provider table, select the Identity Provider that has had its network information changed and click Update.
The Edit Trusted Provider page is displayed.
For Description, enter a description of the file.
For Metadata Location, click Browse to locate the metadata file you downloaded for the Identity Provider.
Click Load New.
Click Apply.
Click Refresh Server.
Note: The Identity Provider tab (Server Configuration > Identity Provider) continues to have the old hostname information in the Provider ID (URI) field. This is expected. It allows the user federations that were created before the hostname was changed to continue to function. |
Task 6: Update the Metadata for the Service Provider
If you changed the hostname, domain name, or IP address of the Oracle Identity Federation instance that is configured as a Service Provider, you must load the new metadata file for the Service Provider into the Identity Provider configuration in the Circle of Trust. Take the following steps:
From a browser, navigate to the Oracle Identity Federation Service Provider's metadata file, using the following URL:
http://oif_host:port/fed/sp/metadata_file
In the URL, oif_host
is the host on which Oracle Identity Federation is installed as a Service Provider; port
is the port number of the Oracle HTTP Server; metadata_file
is the metadata file used for the protocol you are using. For example, the metadata file for the protocol SAML 2.0 is metadatav20
.
From the browser, save the page.
From a browser, log into the Oracle Identity Federation Administration console for the Identity Provider, using the following URL:
http://oif_host:port/fedadmin
In the URL, oif_host
is the host on which Oracle Identity Federation is installed as the Identity Provider and port
is the port number of the Oracle HTTP Server.
The username is oif_admin
; the password is the password you specified at installation.
Select Server Configuration, then Circle of Trust.
In the Service Provider table, select the Service Provider that has had its network information changed and click Update.
The Edit Trusted Provider page is displayed.
For Description, enter a description of the file.
For Metadata Location, click Browse to locate the metadata file you downloaded for the Service Provider.
Click Load New.
Click Apply.
Click Refresh Server.
Note: The Service Provider tab (Server Configuration > Service Provider) continues to have the old hostname information in the Provider ID (URI) field. This is expected. It allows the user federations that were created before the hostname was changed to continue to function. |
Task 7: Update OracleAS Single Sign-On
If Oracle Identity Federation is associated with OracleAS Single Sign-On, take the following steps:
On the OracleAS Single Sign-On instance, update the SASSOAuthnUrl
and SASSOLogoutUrl
properties in the following file with the new network information:
(UNIX) ORACLE_HOME/sso/conf/policy.properties (Windows) ORACLE_HOME\sso\conf\policy.properties
For example, if you changed the hostname and domain name to new.cp.com, change the properties to the following:
SASSOAuthnUrl = http\://new.cp.com\:port/sso/authn SASSOLogoutUrl = http\://new.cp.com\:port/sso/jsp/sasso_logout_success.jsp
On the Oracle Identity Federation installation, edit the following file to update the IP address, if it has been changed:
(UNIX) ORACLE_HOME/Apache/Apache/conf/httpd.conf (Windows) ORACLE_HOME\Apache\Apache\conf\httpd.conf
On the Oracle Identity Federation installation, re-register mod_osso
with the new hostname or domain name by running the following command:
On UNIX:
ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path identity_management_oracle_home -site_name newhostname:port -config_mod_osso TRUE -mod_osso_url http://newhostname:port -virtualhost -config_file path/osso-file.conf
On Windows:
ORACLE_HOME\sso\bin\ssoreg.bat -oracle_home_path identity_management_oracle_home -site_name newhostname:port -config_mod_osso TRUE -mod_osso_url http://newhostname:port -virtualhost -config_file path\osso-file.conf
In the examples, path/osso-file.conf
, refers to the SSO partner application configuration file. The file name should be the same as the one defined for resource protection by OracleAS Single Sign-On for Oracle Identity Federation.
For example, if you changed the hostname to newhost on UNIX:
$ORACLE_HOME/sso/bin/ssoreg.sh -oracle_home_path /disk1/oracleas -site_name newhost:4445 -config_mod_osso TRUE -mod_osso_url http://newhost.mydomain:7778 -virtualhost -config_file $ORACLE_HOME/Apache/Apache/conf/osso/my-osso-file.conf
Regenerate the OSSO secret in Oracle Identity Federation and copy it to the OracleAS Single Sign-On home:
From a browser, log into the Oracle Identity Federation Administration console for the Identity Provider, using the following URL:
http://oif_host:port/fedadmin
In the URL, oif_host
is the host on which Oracle Identity Federation is installed as the Identity Provider and port
is the port number of the Oracle HTTP Server.
The username is oif_admin
; the password is the password you specified at installation.
Choose IdM Data Stores, then User Data Stores.
In the Oracle SSO Parameters section, for Regenerate OSSO Secret, click Update. This updates the key and generates an updated keystore file.
Stop processes in the OracleAS Single Sign-On installation:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl stopall (Windows) ORACLE_HOME\opmn\bin\opmnctl stopall
Copy the keystore file from the Oracle Identity Federation home to the OracleAS Single Sign-On home. For example:
cp OIF_HOME/sso/conf/keystore SSO_HOME/sso/conf/
In both the Identity Management instance and the Oracle Identity Federation instance, restart the processes:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl stopall ORACLE_HOME/opmn/bin/opmnctl startall
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl stopall ORACLE_HOME\opmn\bin\opmnctl startall
See Also: Oracle Identity Federation Administrator's Guide for more information about Oracle Identity Federation |
If you have installed OracleAS Certificate Authority, and you want to change the name of the OracleAS Certificate Authority host, you must perform these steps:
Verify that Oracle Internet Directory and OracleAS Metadata Repository are started.
Stop OracleAS Certificate Authority, the OC4J oca
process, and the Oracle HTTP Server on the host running OracleAS Certificate Authority. For example, on UNIX, execute the following commands:
ORACLE_HOME/oca/bin/ocactl stop ORACLE_HOME/opmn/bin/opmnctl stopproc process-type=oca ORACLE_HOME/opmn/bin/opmnctl stopproc ias-component=HTTP_Server
Change the name of the host where OracleAS Certificate Authority is running.
Regenerate the SSL wallet. For example, on UNIX:
ORACLE_HOME/oca/bin/ocactl generatewallet -type CASSL
Reassociate with OracleAS Single Sign-On and Oracle Internet Directory. For example, on UNIX:
ORACLE_HOME/oca/bin/ocactl changesecurity -server_auth_port OcaSslPort
Start Oracle HTTP Server, the OC4J oca
process, and OracleAS Certificate Authority. For example, on UNIX:
ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=HTTP_Server ORACLE_HOME/opmn/bin/opmnctl startproc process-type=oca ORACLE_HOME/oca/bin/ocactl start
This section describes how to change the IP address of a host that contains either of the following Infrastructure installation types:
Metadata Repository only
Identity Management and Metadata Repository
Note that you cannot change the hostname or domain name that contains a Metadata Repository.
The following sections describe the procedure:
Before You Begin
Review the following items before you start the procedure:
Write down the old IP address before you begin. You will be prompted for this during the procedure.
Oracle recommends that you perform a backup of your environment before you start this procedure. Refer to Part V, "Backup and Recovery" for more information.
Task 1: Shut Down Middle-Tier Instances
Shut down all middle-tier instances that use the Infrastructure installation, even if they are on other hosts.
Task 2: Prepare Your Host
Prepare your host for the change by stopping all processes:
Set the ORACLE_HOME and ORACLE_SID environment variables.
Shut down the Infrastructure:
On UNIX systems:
ORACLE_HOME/bin/emctl stop iasconsole ORACLE_HOME/opmn/bin/opmnctl stopall
On Windows systems:
ORACLE_HOME\bin\emctl stop iasconsole ORACLE_HOME\opmn\bin\opmnctl stopall
Shut down the listener and database:
lsnrctl stop sqlplus /nolog SQL> CONNECT SYS as SYSDBA SQL> SHUTDOWN SQL> quit
Verify that all Oracle Application Server processes have stopped.
To make sure Oracle Application Server processes will not start automatically after a restart of the host, disable any automated startup scripts you may have set up, such as /etc/init.d
scripts.
Task 3: Change the IP Address
Update your operating system with the new IP address. Consult your operating system documentation for information on how to perform the following steps:
Make the updates to your operating system to properly change the IP address.
Restart the host, if required by your operating system.
Verify that you can ping the host from another host in your network. Be sure to ping using the new IP address to make sure everything is resolving properly.
Task 4: Update the Infrastructure
Update the Infrastructure on your host with the new IP address:
Log in to the host as the user that installed the Infrastructure.
Set the ORACLE_HOME and ORACLE_SID environment variables. Do not use a trailing slash (UNIX) or backslash (Windows) when specifying the ORACLE_HOME variable.
On UNIX systems, set the LD_LIBRARY_PATH, LD_LIBRARY_PATH_64, LIB_PATH, or SHLIB_PATH environment variables to the proper values, as shown in Table 1-1. The actual environment variables and values that you must set depend on the type of your UNIX operating system.
Start the database and listener:
sqlplus /nolog SQL> CONNECT SYS as SYSDBA SQL> STARTUP SQL> quit lsnrctl start
Start OPMN:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl start (Windows) ORACLE_HOME\opmn\bin\opmnctl start
Start Oracle Internet Directory:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startproc ias-component=OID process-type=OID (Windows) ORACLE_HOME\opmn\bin\opmnctl startproc ias-component=OID process-type=OID
Run the following commands in the Infrastructure Oracle home:
On UNIX systems:
cd ORACLE_HOME/chgip/scripts
./chgiphost.sh -infra
On Windows systems:
cd ORACLE_HOME\chgip\scripts
cmd /c chgiphost.bat -infra
The chgiphost
command prompts for the old and new IP address.
Verify that the tool ran successfully by checking for errors in the files in the following directory:
(UNIX) ORACLE_HOME/chgip/log (Windows) ORACLE_HOME\chgip\log
Task 5: Restart Your Environment
Start the remaining components of the Infrastructure and start any middle-tier instances that use it:
Start the Infrastructure:
On UNIX systems:
ORACLE_HOME/opmn/bin/opmnctl startall ORACLE_HOME/bin/emctl start iasconsole
On Windows systems:
ORACLE_HOME\opmn\bin\opmnctl startall ORACLE_HOME\bin\emctl start iasconsole
If a middle-tier instance is on the same host as the Infrastructure, then you need to run the chgiphost
command on the middle-tier instance before restarting the middle-tier processes.
If you disabled any processes for automatically starting Oracle Application Server at the beginning of this procedure, enable them.
This section contains the following special topics that apply to changing the hostname or domain name of an Oracle Application Server host:
After running the chgiphost
command, you must run the SSLConfigTool
utility to complete the necessary Oracle Directory Integration Platform server registration and OracleAS Single Sign-On re-association and re-registration.
By default, the console log level for the chgiphost
command is SEVERE
. This causes only critical information to be printed while running chgiphost
. To view additional progress information, set the console log level to CONFIG
as follows:
Edit the following file:
(UNIX) ORACLE_HOME/chgip/config/chgip.log.properties (Windows) ORACLE_HOME\chgip\config\chgip.log.properties
Change the java.util.logging.ConsoleHandler.level
parameter to CONFIG
:
java.util.logging.ConsoleHandler.level = CONFIG
By default, the chgiphost
command updates key configuration files in the Oracle home with the new hostname. If any of the following cases apply to your installation, you may want to consider customizing the behavior of the chgiphost
command:
You have created additional configuration files that contain the hostname and want the chgiphost
command to update those files.
To update these files, add their full path name to the following file before running chgiphost
:
(UNIX) ORACLE_HOME/chgip/config/hostname.lst (Windows) ORACLE_HOME\chgip\config\hostname.lst
Your old hostname is very short (one or two letters) or is a string that is likely to appear in a configuration file.
Before running chgiphost
, examine each of the files listed in hostname.lst
to determine if the old hostname exists in any settings in those files. If you find a match, you can correct those settings after you run chgiphost
.
Your Oracle home contains the hostname in its full path.
In this case, the chgiphost
command may not update your configuration files properly. You can avoid this problem by using a Java utility called FileFixer, which searches for specific text strings in a file by matching regular expressions, and updates them to their new values. Note that FileFixer searches for patterns one line at a time. It cannot match patterns across lines.
To use FileFixer:
Make a copy of the following file:
(UNIX) ORACLE_HOME/chgip/config/hostname_short_sample.lst.xml (Windows) ORACLE_HOME\chgip\config\hostname_short_sample.lst.xml
Edit your copy of the file to specify the regular expression matching required for your old and new hostnames. The file contains an example of how to do this.
Specify the file when running the chgiphost
command:
./chgiphost option -hostnameShortXml full_path_to_your_xml_file
For example, if you named your file /mydir/my_sample.lst.xml
, and you are updating a middle-tier installation on UNIX, run chgiphost
as follows:
./chgiphost -mid -hostnameShortXml /mydir/my_sample.lst.xml
When you upgrade from Windows 2000 to Windows 2003, lowercase letters in your hostname may be changed to uppercase letters. For example, if your hostname is myhost
before the upgrade, it may be changed to MYHOST
. If this occurs, some Oracle Application Server processes may not function properly.
To resolve this problem, you do not need to run the chgiphost
command to update Oracle Application Server. You can simply add an entry with the lowercase hostname to the hosts file:
OS_path\system32\drivers\etc\hosts
For example, if your fully qualified hostname was myhost.mydomain
before the upgrade, and your IP address is 1.2.3.4, add the following line:
1.2.3.4 myhost.mydomain myhost
This section describes how to recover from typical errors you might encounter when using the chgiphost
command. It contains the following scenarios:
Scenario 1: You Specified the Wrong Destination Name
Suppose you ran the chgiphost
command but specified the wrong destination name. In this case, you can remedy the error by running chgiphost
again. Here are the details.
Suppose the current source hostname is loire985, the incorrect destination hostname you specified is mqa985, and the correct destination hostname is sqb985. Initially, you ran chgiphost
with source = loire985 and destination = mqa985.
To recover from this error:
Run chgiphost
with source = mqa985 and destination = sqb985.
Run chgiphost
again with source = loire985 and destination = sqb985.
Scenario 2: You Encountered an Error when Running chgiphost
For example, you will get an error message if you enter the wrong password for Oracle Internet Directory. In this case, you should run chgiphost
again, with the same source and destination hostnames as before, and make sure to supply the correct password when prompted.
If you encounter an error when running chgiphost
, you should fix the error and run chgiphost
again.
This section describes how to move an Oracle Application Server host on and off the network. The following assumptions and restrictions apply:
The host must contain an Infrastructure and middle-tier instance, or a middle-tier instance that does not use an Infrastructure, that is, the entire Oracle Application Server environment must be on the host.
DHCP must be used in loopback mode. Refer to Oracle Application Server Installation Guide for more information.
Only IP address change is supported; the hostname must remain unchanged.
Hosts in DHCP mode should not use the default hostname (localhost.localdomain
). The hosts should be configured to use a standard hostname and the loopback IP should resolve to that hostname.
A loopback adapter is required for all off-network installations (DHCP or static IP). Refer to Oracle Application Server Installation Guide for more information.
This procedure assumes you have installed Oracle Application Server on a host that is off the network, using a standard hostname (not localhost
), and would like to move on the network and use a static IP address. The IP address may be the default loopback IP, or any standard IP address.
To move onto the network, you can simply connect the host to the network. No updates to Oracle Application Server are required.
This procedure assumes you have installed Oracle Application Server on a host that is off the network, using a standard hostname (not localhost
), and would like to move on the network and use DHCP. The IP address of the host can be any static IP address or loopback IP address, and should be configured to the hostname.
To move onto the network:
Connect the host to the network using DHCP.
Configure the hostname to the loopback IP address only.
Follow this procedure if your host is on the network, using a static IP address, and you would like to move it off the network:
Configure the /etc/hosts
file so the IP address and hostname can be resolved locally.
Take the host off the network.
There is no need to perform any steps to change the hostname or IP address.
Follow this procedure if your host is on the network, using DHCP in loopback mode, and you would like to move it off the network:
Configure the /etc/hosts file so the IP address and hostname can be resolved locally.
Take the host off the network.
There is no need to perform any steps to change the hostname or IP address.
This section describes how to change between a static IP address and DHCP. The following assumptions and restrictions apply:
The host must contain an Infrastructure and middle-tier instance, or a middle-tier instance that does not use an Infrastructure. That is, the entire Oracle Application Server environment must be on the host.
DHCP must be used in loopback mode. Refer to Oracle Application Server Installation Guide for more information.
Only IP address change is supported; the hostname must remain unchanged.
Hosts in DHCP mode should not use the default hostname (localhost.localdomain
). The hosts should be configured to use a standard hostname and the loopback IP should resolve to that hostname.