| Oracle® Beehive Installation Guide Release 2 (2.0.1.8) for Microsoft Windows x86 Part Number E16642-07 |
|
|
PDF · Mobi · ePub |
| Oracle® Beehive Installation Guide Release 2 (2.0.1.8) for Microsoft Windows x86 Part Number E16642-07 |
|
|
PDF · Mobi · ePub |
This chapter describes how to configure Oracle Beehive DMZ instances. It includes the following steps:
If you want to manually uninstall a DMZ instance, have made an error while configuring your DMZ instances, or would like to completely rollback any DMZ configuration steps without uninstalling your DMZ instances, refer to "Manually Deleting DMZ Instances".
Note:
If you want to configure your DMZ instances with SSL, follow the directions described in "Configuring SSL with Oracle Beehive DMZ Instances" in "Configuring SSL" These steps involve configuring your entire Oracle Beehive deployment for SSL.Follow these steps on all DMZ instances. Refer to "Configuring TLS with Oracle Wallet" for more information about Oracle Wallet.
Set the ORACLE_HOME environment variable to the Oracle home of the DMZ instance.
Enable auto login mode for the default wallet with the following command. The default password for the default wallet is welcome:
<Oracle home of DMZ instance>\bin\orapki wallet create -wallet <Oracle home of DMZ instance>\Apache\Apache\conf\ssl.wlt\default -auto_login -pwd welcome
Note:
Alternatively, you may create a new wallet with auto login mode enabled. Use the same command except specify a different directory that does not contain a wallet. You may specify any password when creating a new wallet.Edit the file <Oracle home of DMZ instance>\beehive\conf\bti.properties and change the value of WalletDir to the wallet directory you configured in the previous step:
WalletDir=
<Oracle home of DMZ instance>\\Apache\\Apache\\conf\\ssl.wlt\\default
Note:
Escape colons (:) and backslashes (\) with a backslash. For example, if the location of your wallet isC:\DMZ\Apache\Apache\conf\ssl.wlt\default, then you would specify C\:\\DMZ\\Apache\\Apache\\conf\\ssl.wlt\\default in the bti.properties file.
When using path names from this file for other purposes, such as in a command line, remember to remove the backslash escape character.
Edit the file <Oracle home of DMZ instance>\opmn\conf\opmn.xml and change the value of wallet-file to the wallet directory you configured in Step 2:
<notification-server interface="ipv4">
<!-- ... -->
<ssl enabled="true"
wallet-file="<Oracle home of DMZ instance>
\Apache\Apache\conf\ssl.wlt\default"/>
Restart the DMZ instance:
opmnctl stopall opmnctl startall
If you have not already done so, configure Oracle Wallet with your Oracle Beehive DMZ instance. Refer to "Step A: Configuring Oracle Wallet with Oracle Beehive DMZ Instances".
If you have configured your Oracle Beehive DMZ instances for SSL as described in "Configuring SSL with Oracle Beehive DMZ Instances" in "Configuring SSL", then ensure that SSL is enabled for Oracle Notification Services (ONS) for your non-DMZ Oracle Beehive instances. Ensure that the property NotificationServerSslEnabled is true in the component _current_site:OpmnCluster. To set this property, run the following commands on your non-DMZ instances:
beectl modify_property
--component _current_site:OpmnCluster
--name NotificationServerSslEnabled
--value true
--activate_configuration
<Oracle Beehive home>\opmn\bin\opmnctl stopall
<Oracle Beehive home>\opmn\bin\opmnctl startall
If you have not configured your Oracle Beehive DMZ instances for SSL and specifically do not want to your Oracle Beehive DMZ instances for SSL, then follow this step.
By default, Oracle Beehive DMZ instances are configured to receive secure ONS notifications. If you do not want to use SSL, you must configure ONS to receive non-SSL notifications.
To do this, edit the file <Oracle home of DMZ instance>/opmn/conf/opmn.xml as follows in all Oracle Beehive DMZ instances. In the <ssl> element, set the enable attribute to false:
<ssl enabled="false"
wallet-file="$ORACLE_HOME/opmn/conf/ssl.wlt/default"/>
Update the file <Oracle home of DMZ instance>\opmn\conf\opmn.xml as follows in all Oracle Beehive DMZ instances to add the topology definition for all Oracle Beehive (non-DMZ) application tiers that are part of this configuration:
<notification-server>
<!-- ... -->
<topology>
<nodes list="
<Application tier 1 host name>:<OPMN remote port of application tier 1>,
<Application tier 2 host name>:<OPMN remote port of application tier 2>,
...
"/>
</topology>
</notification-server>
For example, if you have two Oracle Beehive application tiers with host names example1.com and example2.com and OPMN remote port numbers 6200 and 6300, respectively, add the following topology definition to the opmn.xml file in your DMZ instances:
<notification-server> <!-- ... --> <topology> <nodes list="example1.com:6200,example2.com:6300"/> </topology> </notification-server>
Tip:
Retrieve the OPMN port of an Oracle Beehive application tier from the file<Oracle Beehive home>\opmn\conf\opmn.xml (of a non-DMZ application tier). The OPMN port is specified by the remote attribute of the port element in the notification-server element.Restart each DMZ instance whose opmn.xml file you changed with the <Oracle home of DMZ instance>\opmn\bin\opmnctl command:
opmnctl stopall opmnctl startall
From every DMZ instance, retrieve the following values from the specified files:
<Oracle home of DMZ instance>\opmn\conf\opmn.xml:
opmn_request_port
opmn_remote_port
<Oracle home of DMZ instance>\beehive\conf\bti.properties
bti_server_port
bti_unique_id (PersistentId)
NumberOfClientWorkers
Open the following ports in your firewall:
OPMN ports between your DMZ instances and non-DMZ instances
AJP ports between your intranet and your DMZ instances: This is required for connectivity between Oracle HTTP Server (OHS) and OC4J. By default, Oracle Beehive OC4J instances listens on port numbers in the range 12501-12600. Oracle Beehive OC4J instances will try to listen on the lowest port number in this range.
Consequently, you only have to open the range of ports 12501-12504. Ensure that no other applications on Oracle Beehive servers occupy this range. As long as these ports are not occupied, Oracle Beehive OC4J instances will listen on this range of ports.
If you have installed Oracle Beehive Integration for Zimbra, open two additional ports (12505-12506).
Note:
You do not need to open any OPMN ports between your DMZ instances and any Oracle RAC database host(s).The AJP port number range is defined in the AjpPortMinValue and AjpPortMaxValue parameters in each of Oracle Beehive's managed OC4J components:
beectl list_components --type ManagedOc4j ---------------+--------------------------------------------------- Component type | Component identifier ---------------+--------------------------------------------------- ManagedOc4j | BEEAPP_site.example.com ---------------+--------------------------------------------------- ... beectl list_properties --component BEEAPP_site.example.com --------------------------+---------------------------------------- Property name | Property value --------------------------+---------------------------------------- AdminPassword | [Protected Value] --------------------------+---------------------------------------- AdminUsername | oc4jadmin --------------------------+---------------------------------------- AjpPortMaxValue | 12600 --------------------------+---------------------------------------- AjpPortMinValue | 12501 --------------------------+---------------------------------------- ...
You may open a range of ports other than 12501-12504 (or 12501-12506 if you have installed Oracle Beehive Integration for Zimbra); however, you must make the necessary changes in the Oracle Beehive configuration.
On any Oracle Beehive non-DMZ instance, but not on a DMZ instance, run the following commands:
Add the first DMZ instance to the non-DMZ instance by calling the beectl add_dmz_home_instance command on a non-DMZ instance:
beectl add_dmz_home_instance --hostname <Host name of first DMZ instance> --oracle_home <Oracle home of DMZ instance> --opmn_request_port <OPMN request port of first DMZ instance> --opmn_remote_port <OPMN remote port of first DMZ instance> --bti_server_port <BTI server port of first DMZ instance> --bti_unique_id <BTI unique ID of first DMZ instance> --no_of_client_workers <NumberOfClientWorkers from bti.properties>
After the successful completion of the beectl add_dmz_home_instance command, immediately run the command beectl activate_configuration on the same non-DMZ instance. Do not execute any other other beectl commands on any other non-DMZ instance.
Repeat steps a and b for each of your other DMZ instances.
Run the following command on all the other non-DMZ instances:
beectl modify_local_configuration_files --log_level FINEST
If you configured Oracle Beehive with Oracle Application Server Single Sign-On (OSSO) as described in "Configuring Oracle Application Server Single Sign-On with Oracle Beehive", then follow these steps for each of your Oracle Beehive DMZ instances to configure them with OSSO. For more information, refer to Chapter 4, "Configuring and Administering Partner Applications" in Oracle Application Server Single Sign-On Administrator's Guide.
Copy the configuration file that you created when you ran the OSSO registration tool (<OSSO home>\sso\bin\ssoreg.bat) to a directory on the computer hosting your Oracle Beehive DMZ instance. These steps assume that you copied this file as C:\osso\osso.example.conf.
Edit the file <Oracle Beehive DMZ home>\Apache\Apache\conf\mod_osso.conf and add the following line, which specifies the location of the OSSO configuration file you copied in the previous step:
OssoConfigFile C:\osso\osso\example.com
Edit the file <Oracle Beehive DMZ home>\Apache\Apache\conf\mod_osso.conf and uncomment the following line:
include "<Oracle Beehive DMZ home>\Apache\Apache\conf\mod_osso.conf"
Restart OPMN on your Oracle Beehive DMZ instance:
<Oracle Beehive DMZ home>\opmn\bin\opmnctl stopall <Oracle Beehive DMZ home>\opmn\bin\opmnctl startall
If you receive an HTTP 404 error when accessing and HTTP resource from a DMZ instance, verify that you have properly configured your DMZ instances. Do this by running the command <Oracle home>/opmn/bin/opmnctl @cluster status from any Oracle Beehive instance. If you have properly configured your DMZ instances, then this command will display all your application tiers in your site.
Follow these steps to manually delete a DMZ instance.
Note:
If you have made an error while configuring your DMZ instances or you would like to completely rollback any DMZ configuration steps without uninstalling your DMZ instances, then perform steps 3 and 4.If you use the Install Wizard to uninstall DMZ instances, steps 3 and 4 are unnecessary.
Uninstall the DMZ instance by running the Install Wizard from the installation media:
setup.exe -uninstall
From any Oracle Beehive home, run the following command for each DMZ instance you want to delete:
beectl delete_dmz_home_instance --id <DMZ instance identifier>
To retrieve a list of DMZ instance identifiers, run the command beectl list_components --type UnmanagedBeehiveInstance --all_visibilities.
After the successful completion of the beectl delete_dmz_home_instance command, immediately run the command beectl activate_configuration on the same non-DMZ instance. Do not execute any other other beectl commands on any other non-DMZ instance.
For each DMZ instance you want to delete, edit the file <Oracle home of DMZ instance>\opmn\conf\opmn.xml and delete the topology information. The topology information is contained in the <topology> element. Delete this element. It will look similar to the following:
<notification-server>
<!-- ... -->
<topology>
<nodes list="
<Application tier 1 host name>:<OPMN remote port of application tier 1>,
<Application tier 2 host name>:<OPMN remote port of application tier 2>,
...
"/>
</topology>
</notification-server>
Restart each DMZ instance whose opmn.xml file you edited with the following commands:
<Oracle home of DMZ instance>\opmn\bin\opmnctl stopall <Oracle home of DMZ instance>\opmn\bin\opmnctl startall
From each of your Oracle Beehive homes, run the following command:
beectl modify_local_configuration_files
|
 Copyright © 2008, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|