| Oracle® Identity Manager Installation Guide for JBoss Release 9.0.3 Part Number B32460-01 |
|
|
View PDF |
| Oracle® Identity Manager Installation Guide for JBoss Release 9.0.3 Part Number B32460-01 |
|
|
View PDF |
This chapter describes how to deploy Oracle Identity Manager in a clustered JBoss application server environment.
This chapter discusses the following topics:
Caution:
Deploying an application in a clustered environment is a complex procedure. This document assumes that you have expertise in installing and using applications in a JBoss cluster. These instructions provide the Oracle Identity Manager-specific details only. They are not complete instructions for setting up a JBoss cluster. For more information on clustering, refer to your JBoss documentation.To install Oracle Identity Manager on a JBoss cluster, you must complete the following general tasks:
Install Oracle Identity Manager on the first node in your JBoss cluster.
Refer to "Installing Oracle Identity Manager on the First Node" for more information.
Copy the JBoss and Oracle Identity Manager installation directories from the first node in your JBoss cluster to all other nodes, making sure to maintain the original directory structure during throughout this process.
Refer to "Copying Oracle Identity Manager to Additional JBoss Nodes" for more information.
If you are using SQL Server as your database, locate the JDBC driver files (mssqlserver.jar, msbase.jar, and msutil.jar) and copy them to the <JBOSS_HOME>\server\all\lib directory.
Refer to "Configuring JBoss for SQL Server" for more information.
Set up the load balancer for your JBoss cluster.
Refer to "Setting up the Load Balancer for JBoss" for more information.
Perform post-installation configuration of Oracle Identity Manager on the JBoss cluster.
Refer to "Configuring Oracle Identity Manager on the JBoss Cluster" for more information.
Start the cluster.
Refer to "Starting the JBoss Cluster" for more information.
Follow the installation steps for the Oracle Identity Manager server in "Installing the Oracle Identity Manager Server on Windows" or "Installing the Oracle Identity Manager Server on UNIX or Linux" to install Oracle Identity Manager on the initial node in your JBoss cluster.
For each additional node in your JBoss cluster, copy the JBoss and Oracle Identity Manager installation directories from the first node to all other nodes, making sure to maintain the original directory structure and hierarchy throughout this process.
The procedure for installing a load balancer for your JBoss cluster varies according to the operating system running on the host machines where your JBoss nodes are installed:
To set up a load balancer on Windows:
Download the latest distribution package for the Apache2 web server from Apache.org, then install the Apache server in a directory that this document henceforth refers to as <APACHE_HOME>.
Download the latest distribution package mod_jk 1.2.x from the Tomcat connector section page at the following URL: http://tomcat.apache.org/download-connectors.cgi.
Copy the library named mod_jk.so to the <APACHE_HOME>/modules directory.
Setup Apache to use modjk by adding the following line (and the accompanying comment line) as the last line of the <APACHE_HOME>\conf\httpd.conf file:
# Include mod_jk configuration file
Include conf/mod_jk.conf
In the directory <APACHE_HOME>/conf, create a configuration file to forward requests to JBoss instances.
Name this file mod_jk.conf and populate with the following lines:
# Load mod_jk module
# Specify the filename of the mod_jk lib
LoadModule jk_module modules/mod_jk.so
# Where to find workers.properties
JkWorkersFile conf/workers.properties
# Where to put jk logs
JkLogFile logs/mod_jk.log
# Set the jk log level [debug/error/info]
JkLogLevel info
# Select the log format
JkLogStampFormat "[%a %b %d %H:%M:%S %Y]"
# JkOptions indicates to send SSK KEY SIZE
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories
# JkRequestLogFormat
JkRequestLogFormat "%w %V %T"
# Mount your applications
JkMount /application/* loadbalancer
# You can use external file for mount points.
# It will be checked for updates each 60 seconds.
# The format of the file is: /url=worker
# /examples/*=loadbalancer
JkMountFile conf/uriworkermap.properties
# Add shared memory.
# This directive is present with 1.2.10 and
# later versions of mod_jk, and is needed for
# for load balancing to work properly
JkShmFile logs/jk.shm
# Add jkstatus for managing runtime data
<Location /jkstatus/>
JkMount status
Order deny,allow
Deny from all
Allow from all
</Location>
Review the directive descriptions located at the Apache Tomcat Connector Documentation Index Web site at the following URL:
http://tomcat.apache.org/connectors-doc/
Make sure to observe the guidelines concerning Apache cache size.
In the directory <APACHE_HOME>/conf, create a file named workers.properties and populate it with the following lines:
# Define list of workers that will be used
# for mapping requests
worker.list=loadbalancer,status
# Define Node1
# modify the host as your host IP or DNS name.
worker.node1.port=8009
worker.node1.host=<IP of node1>
worker.node1.type=ajp13
worker.node1.lbfactor=1
# worker.node1.local_worker=1 (1)
worker.node1.cachesize=10
# Define Node2
# modify the host as your host IP or DNS name.
worker.node2.port=8009
worker.node2.host= <IP of node2>
worker.node2.type=ajp13
worker.node2.lbfactor=1
# worker.node2.local_worker=1 (1)
worker.node2.cachesize=10
# Load-balancing behavior
worker.loadbalancer.type=lb
worker.loadbalancer.balance_workers=node1,node2
worker.loadbalancer.sticky_session=1
# worker.loadbalancer.local_worker_only=1
# worker.list=loadbalancer
If your JBoss cluster contains more than two nodes, you need to add extra lines to the workers.properties file in the directory <APACHE_HOME>/conf.
For example, if you have three nodes, you need to add the following lines.
# modify the host as your host IP or DNS name.
worker.node3.port=8009
worker.node3.host= <IP of node3>
worker.node3.type=ajp13
worker.node3.lbfactor=1
# worker.node3.local_worker=1 (1)
worker.node3.cachesize=10
For each subsequent node, you need to add the preceding group of lines again, except you must change all references to node3 to node4, node5, or node 6, and so on as appropriate.
In the <APACHE_HOME>/conf directory, create the file uriworkermap.properties, which will hold the URL mappings Apache forwards to Tomcat.
Specifically, it enables mod_jk to forward to Tomcat requests from /mx-console, /web-console, /xlWebApp, /xlScheduler as well as /Nexaweb. The syntax for each line is /url=worker_name. Paste this example into the file you created:
# Simple worker configuration file
# Mount the Servlet context to the ajp13 worker
/jmx-console=loadbalancer
/jmx-console/*=loadbalancer
/web-console=loadbalancer
/web-console/*=loadbalancer
/xlWebApp=loadbalancer
/xlWebApp/*=loadbalancer
/xlScheduler=loadbalancer
/xlScheduler/*=loadbalancer
/Nexaweb=loadbalancer
/Nexaweb/*=loadbalancer
Start Apache by launching Windows Explorer, navigating to the directory <APACHE_HOME>/bin, then double clicking Apache.exe.
To set up the load balancer on UNIX or Linux:
Download the binary file for Apache 2.0 for UNIX or Linux from the following URL:
Run the following commands to install Apache:
tar xvfz httpd-2.0.54.tar.gz
cd httpd-2.0.54
./configure --prefix=/opt/apache2 --enable-module=so
make
make install
Download the file jakarta-tomcat-connectors-1.2.14-src.tar.gz from the Apache Software Foundation Web site by searching at the following URL: http://www.apache.org/
Run the following commands to install the connector:
tar xzvf jakarta-tomcat-connectors-1.2.14-src.tar.gz
cd jakarta-tomcat-connectors-1.2.14-src/jk/native
chmod 755 buildconf.sh
./buildconf.sh
./configure --with-apxs=/opt/apache2/bin/apxs
make
make install
cd / jakarta-tomcat-connectors-jk1.2.14-src/jk/native/apache-2.0/
cp mod_jk.so /opt/apache2/modules/
Complete steps 4 to 8 in the procedure "Setting Up a Load Balancer for JBoss on Windows" on page 9-2 as they are the same steps for Windows and UNIX or Linux.
Navigate to the <APACHE_HOME>\bin\ directory, then run the following command:
./apachectl start
After you install Oracle Identity Manager on your JBoss cluster, you must perform certain configuration steps on each node in the cluster.
To configure Oracle Identity Manager on your JBoss cluster:
For each successive node in the cluster, navigate to the directory <JBOSS_HOME>/server/all/deploy/jbossweb-tomcat55.sar/, open server.xml in a text editor, and perform the following steps:
Locate the following string:
<Engine name="jboss.web" defaultHost="localhost" jvmRoute
Change the value of jvmRoute to the name of the node associated with the machine on which you are currently working. (The name of the node should be node1, node2, or node3, and so on as listed in the file workers.properties associated with the machine on which you are currently working).
For Example:
<Engine name="jboss.web" defaultHost="localhost" jvmRoute="node1">
For each successive node in your cluster, navigate to the directory <JBOSS_HOME>/ server/all/deploy, then open the following files:
cluster-service.xml
tc5-cluster-service.xml
Comment out the following block in both of the preceding files:
<!--
<Config>
<UDP mcast_addr="228.1.2.3" mcast_port="45566" ip_ttl="8" ip_mcast="true" mcast_send_buf_size="800000" mcast_recv_buf_size="150000" ucast_send_buf_size="800000" ucast_recv_buf_size="150000" loopback="false"/>
<PING timeout="2000" num_initial_members="3" up_thread="true" down_thread="true"/>
<MERGE2 min_interval="10000" max_interval="20000"/> <FD shun="true" up_thread="true" down_thread="true" timeout="2500" max_tries="5"/>
<VERIFY_SUSPECT timeout="3000" num_msgs="3" up_thread="true" down_thread="true"/>
<pbcast.NAKACK gc_lag="50" retransmit_timeout="300,600,1200,2400,4800" max_xmit_size="8192" up_thread="true" down_thread="true"/>
<UNICAST timeout="300,600,1200,2400,4800" window_size="100" min_threshold="10" down_thread="true"/>
<pbcast.STABLE desired_avg_gossip="20000"
up_thread="true" down_thread="true"/>
<FRAG frag_size="8192" down_thread="true" up_thread="true"/> <pbcast.GMS join_timeout="5000" join_retry_timeout="2000" shun="true" print_local_addr="true"/> <pbcast.STATE_TRANSFER up_thread="true" down_thread="true"/>
</Config>
-->
Uncomment the following block in both files:
<Config>
<TCP bind_addr="thishost" start_port="7800" loopback="true"/> <TCPPING initial_hosts="thishost[7800],otherhost[7800]" port_range="3" timeout="3500" num_initial_members="3" up_thread="true" down_thread="true"/>
<MERGE2 min_interval="5000" max_interval="10000"/>
<FD shun="true" timeout="2500" max_tries="5" up_thread="true" down_thread="true" />
<VERIFY_SUSPECT timeout="1500" down_thread="false" up_thread="false" />
<pbcast.NAKACK down_thread="true" up_thread="true" gc_lag="100" retransmit_timeout="3000"/>
<pbcast.STABLE desired_avg_gossip="20000" down_thread="false" up_thread="false" />
<pbcast.GMS join_timeout="5000" join_retry_timeout="2000" shun="false" print_local_addr="true" down_thread="true" up_thread="true"/>
<pbcast.STATE_TRANSFER up_thread="true" down_thread="true"/> </Config>
Within the block listed in Step b, replace thishost with the IP of the machine on which you are currently working.
The entire IP list must be surrounded by double quotes. For example: TCPbind_addr="192.168.161.20".
Within the block listed in Step b, replace otherhost with the IP of the other machine in the cluster, or, if the cluster contains more than two nodes, replace otherhost with a comma-delimited list of all the IPs.
The IP must be surrounded by double quotes.
For each successive node in the cluster, modify the <XL_HOME>/xellerate/config/xlconfig.xml file.
Locate the setting for the java.naming.provider.url in the <Discovery> section and insert a comma-delimited list of URLs corresponding to all the nodes in cluster.
For example, you would change a string something like the following:
<java.naming.provider.url>
jnp://localhost:1100
</java.naming.provider.url>
to the following string:
<java.naming.provider.url>
jnp://<IP of node1>:1100,<IP of node 2>:1100
</java.naming.provider.url>
Perform the following steps on the second and remaining cluster members to configure the cluster to use a common database:
Launch a plain-text editor, navigate to the directory <JBOSS_HOME>\server\all\deploy-hasingleton\jms\, then open the file <database_name>-jdbc2-service.xml.
Note that <database_name> refers to the common database used by the cluster.
In all the queries and statements in the sqlProperties section of the <database_name>-jdbc2-service.xml, change the names of the tables represented by JMS_MESSAGES and JMS_TRANSACTIONS to new, unique, and valid values.
Add the following statements to the end of the file:
DELETE_TEMPORARY_MESSAGES = DELETE FROM <NEW_JMS_MESSAGES_NAME> WHERE TXOP='T' CREATE_IDX_MESSAGE_TXOP_TXID = CREATE INDEX <NEW_JMS_MESSAGES_NAME>_TXOP_TXID ON <NEW_JMS_MESSAGES_NAME> (TXOP, TXID) CREATE_IDX_MESSAGE_DESTINATION = CREATE INDEX <NEW_JMS_MESSAGES_NAME>_DESTINATION ON <NEW_JMS_MESSAGES_NAME>(DESTINATION)
Note:
<NEW_JMS_MESSAGES_NAME> represents the new name of the JMS_MESSAGES tables you changed in step 2.Save and close the file.
To start the JBoss cluster on which you have installed and configured Oracle Identity Manager:
Initially, start only one node in the cluster (commonly referred to as the master node).
Navigate to the directory <XL_HOME>/xellerate/bin, then run one of the following commands, as appropriate for the operating system on the machine hosting the JBoss application server and Oracle Identity Manager:
On Windows:
xlStartServer.bat
On UNIX or Linux:
xlStartServer.sh
On each remaining machine in the cluster, navigate to the directory <XL_HOME>/xellerate/bin, then run one of the following commands, as appropriate for the operating system on the machine hosting the JBoss application server and Oracle Identity Manager:
On Windows:
xlStartServer.bat
On UNIX or Linux:
xlStartServer.sh
Access the Administration console by launching a browser and pointing it to the following URL
http://<IP of machine where apache server is running>/xlWebApp
