Skip Headers
Oracle® Exalogic Elastic Cloud Enterprise Deployment Guide for Oracle Identity Management
Release EL X2-2 and EL X3-2

Part Number E35832-01
Go to Documentation Home
Home
Go to Book List
Book List
Go to Table of Contents
Contents
Go to Index
Index
Go to Feedback page
Contact Us

Go to previous page
Previous
Go to next page
Next
PDF · Mobi · ePub

7 Installing and Configuring Oracle Traffic Director for an Enterprise Deployment

This chapter describes how to install and configure Oracle Traffic Director for an Exalogic enterprise deployment.

This chapter contains the following sections:

7.1 Overview of Installing and Configuring Oracle Traffic Director for an Enterprise Deployment

Oracle Traffic Director is a software load balancer for load balancing HTTP/S and TCP traffic to servers in the back-end. These back-end servers, which are referred to as origin servers within Oracle Traffic Director, can be application servers, web servers, or LDAP servers.

Installing and configuring Oracle Traffic Director for an enterprise deployment involves performing the steps shown in Table 7-1.

Table 7-1 Overview of Installing and Configuring Oracle Traffic Director for an Enterprise Deployment

Task Description More Information

Review Oracle Traffic Director prerequisites.

For example, be sure that you have set up the required virtual IP addresses, that the user account has root permission on the storage appliance, and that you have already created the initial Oracle WebLogic Server domain for the Oracle Identity Management topology.

"Prerequisites" in the Oracle Traffic Director Installation Guide

Install the Oracle Traffic Director software on WEBHOST1 and WEBHOST2.

You install the software using the directories and mount points you created in Section 4.6, "Configuring Exalogic Storage for Oracle Identity Management."

Section 7.2, "Installing Oracle Traffic Director on WEBHOST1 and WEBHOST2"

Create and start an Oracle Traffic Director Administration Server.

The Oracle Traffic Director administration server hosts the administration console and command-line interface, through which you can create Oracle Traffic Director configurations, deploy them as instances on administration nodes, and manage the instances.

Section 7.3, "Creating and Starting the Traffic Director Administration Server"

Verify the installation.

Be sure that the installation was successful before you continue configuring the environment.

"Verifying the Installation" in the Oracle Traffic Director Installation Guide

Register WEBHOST2 as administration node.

This ensures that Oracle Traffic Director is up and running on both WEBHOST1 and WEBHOST2.

Section 7.4, "Register WEBHOST2 as an Administration Node"

Create a configuration

The configuration should route requests from the Oracle Traffic Director instances to the managed servers in the Oracle WebLogic Server domain you created in Chapter 10, "Creating a Domain for an Enterprise Deployment".

The configuration should also define the required origin-server pools to which requests should be routed.

Section 7.5, "Creating a Configuration"

Create the Oracle Traffic Director instances

Create the instances on WEBHOST1 and WEBHOST2, based on the configuration you created earlier in this procedure.

Section 7.6, "Creating Oracle Traffic Director Instances on WEBHOST1 and WEBHOST2"

Start the Oracle Traffic Director instances

Start the instances on WEBHOST1 and WEBHOST2, based on the configuration you created earlier in this procedure.

Section 7.7, "Starting the Oracle Traffic Director Instances"

Define the virtual servers.

Define the virtual servers required for accessing the various management tools and login screens for the topology.

Section 7.8, "Defining the Required Oracle Traffic Director Virtual Servers for an Enterprise Deployment"

Deploy and test the configuration.

Deploy the configuration and test the virtual server URLs to be sure you have configured the Oracle Traffic Director instances successfully.

Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses"

Create an active-passive failover group.

Create a failover group to ensure that requests will continue to be served if WEBHOST1 or WEBHOST2 become unavailable.

Section 7.10, "Creating a Failover Group for Virtual Hosts"


7.2 Installing Oracle Traffic Director on WEBHOST1 and WEBHOST2

This section describes how to install Oracle Traffic Director software.

Note:

Be sure that you are not logged in as root user before installing or performing any action on Oracle Traffic Director.

Note:

Be sure to verify you have obtained all required patches. For more info, see Section 2.5.3, "Applying Patches and Workarounds."

To install Oracle Traffic Director:

  1. Extract the contents of the installer zip file to a directory on WEBHOST1.

  2. Change directory to the Disk1 subdirectory in the directory in which you unzipped the installer.

  3. Run the following command:

    ./runInstaller
    
  4. Follow the instructions on the screen to install the software.

    When the Specify Installation Location screen appears, enter the value of the WEB_ORACLE_HOME variable in the Oracle Home Directory field.

    The recommended directory location for the WEB_ORACLE_HOME is listed in Table 4-3, "Private Storage Directories".

    If you need help with any of the other options on the installer screens, click Help, or refer to "Installing Oracle Traffic Director in Graphical Mode" in the Oracle Traffic Director Installation Guide.

  5. Repeat steps 1 through 5 on WEBHOST2.

7.3 Creating and Starting the Traffic Director Administration Server

After you install Oracle Traffic Director on WEBHOST1 and WEBHOST2, you can then create an Oracle Traffic Director administration server.

For more information, see "Managing the Administration Server" in the Oracle Traffic Director Administrator's Guide

To create the Oracle Traffic Director administration server on WEBHOST1 run the tadm command from the WEB_ORACLE_HOME/bin directory, as follows:

  1. On WEBHOST1 enter the following command:

    WEB_ORACLE_HOME/bin/tadm configure-server --port=8989 --user=oracle 
     --instance-home=WEB_ORACLE_INSTANCE
    
    

    Where:

  2. Enter the administrator password.

    You will later use this password to log in to the Oracle Traffic Director administration console.

    A prompt to re-enter the administrator password is displayed, as follows:

    Please enter admin-user-password again>
    
  3. Confirm the administrator password by entering it again.

    An Administration Server instance of Oracle Traffic Director is created and deployed on the local host in a directory named admin-server within the WEB_ORACLE_INSTANCE directory that you specified in step 1.

  4. Start the Administration Server by running the following command on WEBHOST1:

    WEB_INSTANCE_HOME/admin-server/bin/startserv
    

7.4 Register WEBHOST2 as an Administration Node

This section assumes you have installed Oracle Traffic Director, started the Administration Server, and verified the installation.

WEBHOST1 and WEBHOST2 have IP over InfiniBand (IPoIB) addresses. For example, 192.168.10.5 and 912.168.10.6.

You can now register WEBHOST2 with the Oracle Traffic Director Administration Server using the tadm command from the WEB_ORACLE_HOME/bin directory, as follows:

  1. On the WEBHOST2, run the configure-server command to register the host with the remote Administration Server as an administration node.

    ./tadm configure-server --user=admin --port=8989 --host=WEBHOST1
    --admin-node --node-port=8900 --instance-home=WEB_ORACLE_INSTANCE
    

    Where:

    For more information, see "configure-server" in the Oracle Traffic Director Command-Line Reference or use the configure-server --help command to see an explanation of the command line options.

    The following prompt appears after you run configure-server command:

    This command creates an Administration Node and register it with the following remote Administration Server: https://WEBHOST1.mycompany.com
    
    Enter admin-user password>
    
  2. Enter the admin-user password for the Oracle Traffic Director Administration Server.

    The configure-server command attempts to connect to the remote administration server by using the specified administration server host, port, user, and password. The Administration Server on WEBHOST1 must be up and running.

    If this is the first time that the host on which you are creating the administration node is attempting to connect to the administration server, the server certificate of the administration server is displayed.

  3. Enter y to trust the certificate.

    The following message is displayed:

    OTD-70215 The administration node has been configured successfully.The node can be started by executing: 
    WEB_ORACLE_INSTANCE/admin-server/bin/startserv
    

After you start the administration node, you can create instances of Oracle Traffic Director configurations on the administration node. Note that on each administration node, you can create only one instance of a configuration.

7.5 Creating a Configuration

The next step in installing and configuring Oracle Traffic Director for an enterprise deployment is to create a configuration that will route requests to a server pool that consists of the managed servers in your Oracle WebLogic Server domain.

When creating a new configuration, you are required to provide the host and port information for the origin server, which in turn automatically creates (and names) an origin-server pool called origin-server-pool-1. This is the default origin-server pool and this pool can be found when you click the Server Pools option in the administration console. You cannot rename the default origin-server pool.

You can create configurations using either the administration console or the CLI.

Note:

The CLI examples in this section are shown in shell mode (tadm>).

Creating a Configuration Using the Administration Console

To create a configuration named IDM by using the administration console:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. In the Common Tasks pane, click New Configuration.

    The New Configuration wizard starts.

    Figure 7-1 New Configuration Wizard


  3. In the Step 1 Configuration Information screen, enter the following information:

    • Name: IDM

    • Server User: oracle

    • Origin Server Type: Make sure HTTP is selected.

  4. In the Step 2 Listener Information screen, accept the default values and click Next.

  5. In the Step 3 Server Pool Information screen:

    1. In the Origin Servers: Host: field, enter IDMHOST1, the port 8001, and click Add Server.

    2. Enter IDMHOST2 and the required port, click Add Server and click Next.

  6. In the Step 4 Deployment Information screen, select WEBHOST1 and click Next.

    The Review screen appears.

  7. Review the information and click Create Configuration.

    The Results screen appears.

    After the configuration is created, the Results screen of the New Configuration wizard displays a message confirming successful creation of the configuration. If you chose to create instances of the configuration, then a message confirming successful creation of the instances is also displayed.

  8. Click Close on the Results screen.

    In the New Configuration wizard, if you chose not to create an instance of the configuration, the message Undeployed Configuration is displayed, indicating that the configuration that you just created is yet to be deployed.

Creating a Configuration Using the CLI

You can create a configuration using the create-config command.

To create a configuration using the CLI run the tadm command from the WEB_ORACLE_HOME/bin directory, as follows:

  1. On WEBHOST1 and create a configuration named IDM, using the following create-config command:

    WEB_ORACLE_HOME/bin/tadm create-config --user=admin --port=8989
     --http-port=7777 --server-name=idminternal.mycompany.com
     --origin-server=IDMHOST1.mycompany.com:8001,IDMHOST2.mycompany.com:8001 IDM
    

    The origin servers, IDMHOST1.mycompany.com:8001 and IDMHOST2.mycompany.com:8001, form the default origin-server pool, origin-server-pool-1.

  2. When prompted, enter the Admin user password for the Oracle Traffic Director Administration Server.

For more information about create-config, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

7.6 Creating Oracle Traffic Director Instances on WEBHOST1 and WEBHOST2

You can create Oracle Traffic Director instances of a configuration using either the administration console or the CLI. To create a you must have a configuration defined, see Section 7.5, "Creating a Configuration.")

Creating Oracle Traffic Director Instances Using the Administration Console

To create Oracle Traffic Director instances of a configuration by using the administration console, do the following:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the configuration for which you want to create an instance.

  4. In the Common Tasks pane, click New Instance.

    The New Instance wizard is displayed. The wizard lists the available administration nodes.

    Note:

    • For a host to be listed as an available administration node, it should be designated as an administration node.

    • On an administration node, you can create only one instance of a particular configuration. So if an instance of the configuration that you are trying to deploy already exists on the administration node, the node is not displayed.

  5. Select the check boxes for WEBHOST1 and WEBHOST2. Then, click Next.

  6. On the resulting screen of the wizard, review the list of administration nodes that you selected. Then, click Create Instance.

    A message is displayed confirming the successful creation of the instances.

  7. Click Close.

    The Instances page is displayed, showing the instances that you just created.

Creating an Oracle Traffic Director Instance Using the CLI

To create one or more Oracle Traffic Director instances using CLI commands, run the tadm command from the WEB_ORACLE_HOME/bin directory.

For example, the following command creates an instance of the configuration named IDM on each of the nodes, first on WEBHOST1:

WEB_ORACLE_HOME/bin/tadm create-instance --user=admin --port=8989 --config=IDM WEBHOST1

Enter the admin user password when prompted.

Then run the following command on WEBHOST2:

WEB_ORACLE_HOME/bin/tadm create-instance --user=admin --port=8989 --config=IDM WEBHOST2

Enter the admin user password when prompted.

For more information about create-instance, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

For each Oracle Traffic Director configuration that you instantiate on an administration node, a subdirectory named net-config_name is created in the INSTANCE_HOME subdirectory.

7.7 Starting the Oracle Traffic Director Instances

You can start or restart Oracle Traffic Director instances using either the administration console or the CLI.

Starting Oracle Traffic Director Instances Using the Administration Console

To start Oracle Traffic Director instances using the administration console:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button that is situated at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the configuration for which you want to start the instance.

  4. In the navigation pane, select Instances.

  5. Click the Start/Restart button for the instance that you want to start.

    Note:

    To start or restart all instances of the selected configuration, click Start/Restart Instances in the Common Tasks pane. To stop all instances of the configuration, click Stop Instances.

Starting Oracle Traffic Director Instances Using the CLI

To start or restart one or more Oracle Traffic Director instances of a configuration, run the start-instance command on WEBHOST1 and WEBHOST2:

WEB_ORACLE_HOME/bin/tadm start-instance --config=IDM

For more information about the CLI commands mentioned in this section, see the Oracle Traffic Director Command-Line Reference or run the commands with the --help option.

7.8 Defining the Required Oracle Traffic Director Virtual Servers for an Enterprise Deployment

You can create virtual servers in a configuration using either the administration console or the CLI. For more information, see "Creating a Virtual Server" in the Oracle Traffic Director Administrator's Guide.

Create and configure the following virtual servers for the Identity Manager configuration:

This section contains the following topics:

7.8.1 Defining Virtual Servers using the Administration Console

To create and configure virtual servers using the administration console complete the following steps:

Step 1   Creating an Origin-Server Pool

Create the following origin-server pools using the administration console:

  • admin-pool

  • oim-pool

  • oud-pool

  • oam-pool

  • soa-pool

To create an origin-server pool by using the administration console, do the following:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button that is situated at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the configuration for which you want to create a virtual server.

  4. In the Common Tasks pane, click New Origin-Server Pool.

    The New Origin-Server Pool wizard starts.

    Figure 7-2 New Origin-Server Pool Wizard


  5. In the Step 1: Server Pool Information screen, create the following Origin Server Pools using the information in Table 7-2 and clicking add.

    Table 7-2 Origin-Server Pools and Origin Servers

    Origin-Server Pool Origin Server Type Origin Servers

    admin-pool

    HTTP

    ADMINVHN.mycompany.com

    oud-pool

    TCP

    IDMHOST1.mycompany.com, IDMHOST2.mycompany.com

    oim-pool

    HTTP

    OIMHOST1VHN.mycompany.com, OIMHOST2VHN.mycompany.com

    oam-pool

    HTTP

    IDMHOST1.mycompany.com, IDMHOST2.mycompany.com

    soa-pool

    HTTP

    SOAHOST1VHN.mycompany.com,

    SOAHOST2VHN.mycompany.com


    After the origin-server pool is created, the Results screen of the New Origin-Server Pool wizard displays a message confirming successful creation of the origin-server pool.

  6. Click Close on the Results screen.

    • The details of the origin-server pool that you just created are displayed on the Origin-Server Pools page.

    • In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

Step 2   Creating Virtual Servers

Create the following virtual servers:

  • sso.mycompany.com

  • admin.mycompany.com

  • idminternal.mycompany.com

To create a virtual server using the administration console:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button that is situated at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the configuration for which you want to create a virtual server.

  4. In the Common Tasks pane, click New Virtual Server.

    The New Virtual Server wizard starts.

    Figure 7-3 New Virtual Server Wizard


  5. Create three virtual servers and enter the information in Table 7-3.

    Table 7-3 Virtual Server Information

    Name Host

    sso.mycompany.com

    sso.mycompany.com

    admin.mycompany.com

    admin.mycompany.com

    idminternal.mycompany.com

    idminternal.mycompany.com


    After the virtual server is created, the Results screen of the New Virtual Server wizard displays a message confirming successful creation of the virtual server.

  6. Click Close on the Results screen.

    • The details of the virtual server that you just created are displayed on the Virtual Servers page.

    • In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes, as described in Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

Step 3   Creating a TCP Proxy and Listener for OUD

Create a TCP Proxy using the administration console.

To create a TCP Proxy:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button that is situated at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the configuration for which you want to create a TCP Proxy.

  4. In the Common Tasks pane, click New TCP Proxy.

    The New TCP Proxy wizard starts.

    Figure 7-4 New TCP Proxy Wizard


  5. In the Step 1: TCP Proxy Information screen, enter the following information and click Next:

    • Name: oudinternal.mycompany.com

    • Listener Name: listener-oud

    • Port: 1489

    • IP Address: oudinternal.mycompany.com:1489

    Note:

    If you do not have a DNS entry for the Virtual IP, add this entry to the /ect/hosts.

  6. In the Step 2: Server Pool Information screen, click Select a pool of origin servers.

  7. In the drop-down list, select oud-pool and click Next.

    The Review screen appears.

  8. Review the details and click Create TCP Proxy.

  9. Click Close on the Results screen.

    • The details of the TCP Proxies that you just created are displayed on the TCP proxies page.

    • In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes, as described in Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

Step 4   Creating Routes

Create the following routes using the administration console:

  • oam-route

  • soa-idminternal-route

  • admin-oim-route

  • sso-oim-route

To create virtual server routes:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button that is situated at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the configuration for which you want to configure routes.

  4. In the navigation pane, expand Virtual Servers, expand the sso.mycompany.com virtual server, and select Routes.

    The Routes page is displayed. It lists the routes that are currently defined for the virtual server.

    Creating a Route

    1. Click New Route.

      The New Route dialog box is displayed.

      Figure 7-5 New Route Dialog Box


    2. In the Step 1: Route Properties screen, in the Name field, enter oam-route

    3. In the Origin Server Pool drop-down select oam-pool, and click Next.

    4. In the Step2: Condition Information screen, select the $uri variable from the Variable/Function drop-down list. Select the Operator ('=' in your example). And enter the value in the Value field. Note that a joiner (and/or) cannot be used for the first expression in the sequence.

      Figure 7-6 New Route Condition Information


    5. Click OK and click the Plus button to add the next expression.

      Figure 7-7 New Route Condition Information


      Note the joiner 'or' can now be selected.

    6. Select the Variable/Function, Operator, and Value and click OK.

      Figure 7-8 New Route Condition Information


    7. Perform steps d to g until you have added all the required values

      You can also click the Edit Manually button to edit the expressions in a text field. Note that going into the manual mode, it is not possible to go back to the default edit mode. You must continue in the manual edit mode and save the condition.

  5. Add the rest of the routes using the information in Step 4.

    Table 7-4 Routes and Conditions

    Route Origin-Server Pool Conditions

    oam-route

    oam-pool

    '/oam' or '/oamfed'

    soa-idminternal-route

    soa-pool

    '/soa-infra' or '/workflowservice' or '/provisioning-callback' or '/spml-xsd' or

    '/spmlws' or '/role-sod' or '/callbackResponseService'"

    admin-oim-route

    oim-pool

    '/oim' or

    '/identity' or '/sysadmin' or '/xlWebApp' or '/Nexaweb'"

    sso-oim-route

    oim-pool

    '/oim' or '/identity' or '/sysadmin'

    or '/xlWebApp' or '/Nexaweb'"


  6. Click Next, and then Create Route.

    The route that you just created is displayed on the Routes page.

    In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

    ./tadm set-route-prop --user=admin --password-file=passwd_file_path
    --host=adminhost --port=adminport --config=IDM --vs=ssoel.mycompany.com --route=oam sticky-cookie=oimjsessionid
    
  7. Create a passwd file named admin.passwd and add password=OTD_admin_server_password to the file. Run the following command for all admin.mycompany.com, idminternal.mycompany.com and sso.mycompany.com virtual servers routes created. Do not run this command for oam-route:

    The route that you just created is displayed on the Routes page.

    In addition, the Deployment Pending message is displayed at the top of the main pane. You can either deploy the updated configuration immediately by clicking Deploy Changes, or you can do so later after making further changes as described in Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

    ./tadm set-route-prop --user=admin --password-file=passwd_file_path 
    --host=adminhost --port=adminport --config=IDM --vs=ssoel.mycompany.com --route=oam sticky-cookie=oimjsessionid
    

7.8.2 Defining Virtual Servers using the CLI

Step 1   Creating an Origin-Server Pool

Create the following origin-server pools using the command run the create-origin-server-pool tadm command from the WEB_ORACLE_HOME/bin directory.

  • admin-pool

  • oim-pool

  • oam-pool

  • oud-pool

  • soa-pool

To create origin-server pools:

  1. Run the following command to create an origin-server pool named admin-pool containing origin server IDMHOST1.mycompany.com:7001 in the IDM configuration.

    tadm> create-origin-server-pool --config=IDM --type=http
     --origin-server=IDMHOST1.mycompany.com:7001 admin-pool
    
  2. Run the following command to create an origin-server pool oim-pool containing origin server IDMHOST1.mycompany.com:14000 in the IDM configuration:

    tadm> create-origin-server-pool --config=IDM --type=http
     --origin-server=OIMHOST1VHN.mycompany.com:14000,OIMHOST2VHN.mycompany.com:14000 oim-pool
    
  3. Run the following command to create an origin-server pool oud-pool containing origin server IDMHOST1.mycompany.com:1389 in the IDM configuration:

    tadm> create-origin-server-pool --config=IDM --type=tcp
     --origin-server=IDMHOST1.mycompany.com:1389,IDMHOST2.mycompany.com:1389 oud-pool
    
  4. Run the following command to create an origin-server pool oam-pool containing origin server IDMHOST1.mycompany.com:14100 in the IDM configuration:

    tadm> create-origin-server-pool --config=IDM --type=http
     --origin-server=IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100 oam-pool
    
  5. Run the following command to create an origin-server pool soa-pool containing origin server IDMHOST1.mycompany.com:14100 in the IDM configuration:

    tadm> create-origin-server-pool --config=IDM --type=http
     --origin-server=SOAHOAT1VHN.mycompany.com:8001,SOAHOST2VHN.mycompany.com:8001 soa-pool
    

For the updated configuration to take effect, you should deploy it to the Oracle Traffic Director instances by using the administration console or the deploy-config command. For more information see Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

For more information about create-origin-server-pool, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

Step 2   Creating Virtual Servers

Create the following virtual servers using the create-virtual-server tadm command from the WEB_ORACLE_HOME/bin directory:

  • sso.mycompany.com

  • admin.mycompany.com

  • oudinternal.mycompany.com

  • idminternal.mycompany.com

To create the virtual servers:

  1. Run the following command to create a virtual server named sso.mycompany.com associated with the listener http-listener-1 for the configuration IDM, and configure the virtual server to forward client requests to the origin-server pool oim-pool:

    tadm> create-virtual-server --config=IDM --origin-server-pool=oim-pool --host=sso.mycompany.com --http-listener=http-listener-1 sso.mycompany.com
    
  2. Run the following command to creates a virtual server named admin.mycompany.com associated with the listener http-listener-1 for the configuration IDM, and configure the virtual server to forward client requests to the origin-server pool admin-pool

    tadm> create-virtual-server --config=IDM --origin-server-pool=admin-pool --host=admin.mycompany.com --http-listener=http-listener-1 admin.mycompany.com
    
  3. Run the following command to create a virtual server named idminternal.mycompany.com associated with the listener http-listener-1 for the configuration IDM, and configures the virtual server to forward client requests to the origin-server pool oam-pool:

    tadm>  create-virtual-server --config=IDM --origin-server-pool=soa-pool
     --host=idminternal.mycompany.com --http-listener=http-listener-1 idminternal.mycompany.com
    

For the updated configuration to take effect, you should deploy it to the Oracle Traffic Director instances by using the administration console or the deploy-config command. For more information see Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

For more information about create-virtual-server, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

Step 3   Creating a TCP Proxy

To create a TCP Proxy, run the create-tcp-proxy command.

Run the following command to create a TCP Proxy named tcp_proxy1 for the IDM configuration with the port as 1489 and the origin-server-pool as oud-pool.

tadm> create-tcp-proxy --config=IDM --origin-server-pool=oud-pool --port=1489 oudinternal.mycompany.com

For the updated configuration to take effect, you should deploy it to the Oracle Traffic Director instances by using the administration console or the deploy-config command. For more information see Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

For more information about create-tcp-proxy, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

Step 4   Creating a TCP Listener

To create an TCP listener, run the create-tcp-listener tadm command from the WEB_ORACLE_HOME/bin directory.

Run the following command to create a TCP listener named listener_oud for the configuration IDM with the port as 1489 and the TCP Proxy as tcp_proxy1.

tadm> create-tcp-listener --config=IDM --listener-port=1489 --tcp-proxy=tcp_proxy-1 listener_oud

For the updated configuration to take effect, you should deploy it to the Oracle Traffic Director instances by using the administration console or the deploy-config command. For more information see Section 7.9, "Deploying the Configuration and Testing the Virtual Server Addresses."

For more information about create-tcp-listener, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

Step 5   Creating Routes

Use the create-route command to create the following routes for the virtual servers.

  • oam-route

  • soa-idminternal-route

  • admin-oim-route

  • sso-oim-route

To create virtual server routes:

  1. Run the following command to create a route named oam-route in the virtual server sso.mycompany.com of the configuration IDM, to send requests for which the URI matches the pattern /oam to the origin-server pool oam-pool.

    tadm> create-route --config=IDM --vs=sso.mycompany.com --condition='/oamfed' --origin-server-pool=oam-pool oam-route
    
  2. Run the following command to create a route named soa-idminternal-route in the virtual server idminternal.mycompany.com of the configuration IDM, to send requests to the origin-server pool oam-pool.

    tadm> create-route --config=IDM --vs=idminternal.mycompany.com
     --condition="'/soa-infra' or '/workflowservice' or '/provisioning-callback' or '/spml-xsd' or
     '/spmlws' or '/role-sod' or '/callbackResponseService'"
     --origin-server-pool=soa-pool soa-idminternal-route
    
  3. Run the following command to creates a route named admin-oim-route in the virtual server admin.mycompany.com of the configuration IDM, to send requests to the origin-server pool oim-pool.

    tadm> create-route --config=IDM --vs=admin.mycompany.com --condition="'/oim' or
     '/identity' or '/sysadmin' or '/xlWebApp' or '/Nexaweb'"
     --origin-server-pool=oim-pool admin-oim-route
    
  4. Run the following command to create a route named sso-oim-route in the virtual server sso.mycompany.com of the configuration IDM, to send requests to the origin-server pool oam-pool.

    tadm> create-route --config=IDM --vs=sso.mycompany.com --condition="'/oim' or
     '/identity' or '/sysadmin' or '/xlWebApp' or '/Nexaweb', or '/oamfed'"
     --origin-server-pool=oim-pool sso-oim-route
    

For more information about using the --condition option and information about building condition expressions, see "Using Variables, Expressions, and String Interpolation" in the Oracle Traffic Director Configuration Files Reference.

For the updated configuration to take effect, you should deploy it to the Oracle Traffic Director instances by using the deploy-config command.

For more information about the CLI commands mentioned in this section, see the Oracle Traffic Director Command-Line Reference or run the commands with the --help option.

7.9 Deploying the Configuration and Testing the Virtual Server Addresses

Deploy the configuration to create an instance of it on an administration node. When you deploy a configuration, the running instances are reconfigured to reflect the configuration changes.

Note:

Certain configuration changes cannot be applied dynamically without restarting the instances. For the configuration changes that require instances to be restarted, the administration interfaces—CLI and administration console—display a prompt to restart the instances.

You can deploy a configuration using either the administration console or the CLI.

Note:

The CLI examples in this section are shown in shell mode (tadm>).

Note:

The topology documented in this guide requires the following virtual IP addresses:

  • oudinternal.mycompany.com

  • idminternal.mycompany.com

You can register these virtual IP addresses on the DNS, or you can add host entries to resolve them with and internal IP address.

Deploying a Configuration Using the Administration Console

To deploy a configuration by using the administration console, do the following:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button at the upper left corner of the page.

    A list of the available configurations is displayed.

  3. Select the IDM configuration.

  4. Click Deploy.

    A message is displayed confirming that the updated configuration was successfully deployed.

  5. Click Close.

Deploying a Configuration Using the CLI

To deploy a configuration, run the deploy-config tadm command from the WEB_ORACLE_HOME/bin directory.

For example, the following command updates all instances of the configuration IDM with the latest configuration settings.

tadm> deploy-config --user=admin IDM

For more information about deploy-config, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

After deploying an updated configuration, for the changes to take effect, you should restart the instance.

Verify the Deployment

Verify the deployment by accessing the following URLs:

The following URLS are available only after you configure Oracle Identity Manager as described in Chapter 12, "Extending the Domain to Include Oracle Identity Manager."

7.10 Creating a Failover Group for Virtual Hosts

When a request is sent to one of the virtual hosts oudinternal.mycompany.com and idminternal.mycompany.com it is directed to the IP address associated with the virtual host name. This IP address is enabled on one of the OTD instances. Move the IP address to an OTD instance that is still available.

Each OTD instance maintains a heart beat with each other OTD instance. If that heartbeat fails then OTD will move any active IP addresses on the downed instance to one of the named failover instances.

You do this by creating an active-passive failover group for the IP address. This failover group lists a primary and a number of secondary instances.

The steps below show you how to create failover groups for the IP addresses associated with oudinternal.mycompany.com and idminternal.mycompany.com. To distribute the load it is recommended that oudinternal.mycompany.com be enabled on WEBHOST1 with a secondary instance of WEBHOST2 and idminternal.mycompany.com be enabled on WEBHOST2 with a secondary instance of WEBHOST1

You can create a failover group using the administration console or the CLI commands.

For more information about creating failover groups or other high availability configurations for Oracle traffic Director, see "Configuring Oracle Traffic Director for High Availability" in the Oracle Traffic Director Administrator's Guide.

This section contains the following topics:

7.10.1 Creating a Failover Group Using the Administration Console

To create a failover group by using the administration console, do the following:

  1. Log in to the administration console using the following URL:

    https://WEBHOST1.mycompany.com:8989
    
  2. Click the Configurations button at the upper left corner of the page.

    A list of the available configurations appears.

  3. Select the configuration for which you want to create a failover group.

  4. In the navigation pane, select Failover Groups.

    The Failover Groups page is displayed.

  5. Click New Failover Group.

    The New Failover Group wizard is displayed.

    Figure 7-9 New Failover Group Wizard


  6. In the Virtual IP (VIP) field, enter the virtual IP address associated with oudinternal.mycompany.com or idminternal.mycompany.com and click Next.

  7. In the Virtual IP (VIP) field, enter the virtual IP address associated with oudinternal.mycompany.com (192.168.10.120) and click Next.

    To create the failover group for the idminternal.mycompany.com use the the VIP associated with the idminternal.mycompany.com (10.244.25.211).

  8. In the Step 2: Failover Nodes Information screen, select the Primary and Backup nodes, (WEBHOST1, WEBHOST2), and click Next.

    The details of the failover group that you just created are displayed on the Failover Groups page.

  9. Click Close on the Results screen.

    The details of the failover group that you just created are displayed on the Failover Groups page.

7.10.2 Creating a Failover Group Using CLI Commands

Create a failover group using the create-failover-group tadm command from the WEB_ORACLE_HOME/bin directory.

To create a failover group for an enterprise deployment:

  1. Verify that you have created a Virtual IP address (VIP) in the same network as WEBHOST1 and WEBHOST2 as described in Section 3.5, "About IP Addresses and Virtual IP Addresses."

    For specific requirements for the Virtual IP address, see the "Before You Begin" section in "Creating Failover Groups" in the Oracle Traffic Director Administrator's Guide.

    Ping the new Virtual IP address to validate it.

  2. Configure WEBHOST1 and WEBHOST2 in active-passive mode using the following command:

    Note:

    Before running this command make sure your user has permission as root on the ZFS storage. Without root permission, the command fails. If you do not have permission, please follow the steps in Section 5.5, "Setting Permissions for the Oracle Traffic Director Appliance User Account."

    WEB_ORACLE_HOME/bin/tadm create-failover-group --config=IDM 
         --virtual-ip=vip_address 
         --primary-node=WEBHOST1
         --backup-node=WEBHOST2
    
  3. Verify the creation of the failover groups by viewing a list of the failover groups for the configuration.

    For example:

    WEB_ORACLE_HOME/bin/tadm list-failover-groups --config=IDM --verbose --all
    

Note:

If the Virtual IPs are created on the interfaces like bond0:1, the keepalive.config files need to be updated in the WEB_ORACLE_INSTANCE/config directory of WEBHOST1 and WEBHOST2.

For example, if the virtual IP (192.168.10.207) is on bond1:1. Change the keepalive.conf file on WEBHOST1 and WBHOST2 in the config directory of the Oracle Traffic Directory instance.

For this example you replace:

vrrp_instance otd-vrrp-router-1 {
        priority 250
        interface bond1
        virtual_ipaddress {
                192.168.10.207/21
        }
        virtual_router_id 254
}

With:

vrrp_instance otd-vrrp-router-1 {
        priority 250
        interface bond1
        virtual_ipaddress {
                192.168.10.207/21 label bond1:1
        }
        virtual_router_id 254
}

For more information about failover groups, see "Managing Failover Groups" in the Oracle Traffic Director Administrator's Guide.

Note:

When creating a failover group, if the administration node process is running as non-root on the node where the instances are located, then you must run start-failover on those nodes as a root user. This is to manually start the failover. If this command is not executed, failover will not start and there will be no high availability. For more information about start-failover, see the Oracle Traffic Director Command-Line Reference.

For more information about the create-failover-group command, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

Validating Failover

To validate high availability failover, stop the Oracle Traffic Director instance on WEBHOST1 and see that the IP addresses for oudinternal.mycompany.com and idminternal.mycompany.com have move to WEBHOST2.

To validate failover view the logs /var/logs/messages on WEBHOST2. You should see the entries for IP addresses of oudinternal.mycompany.com and idminternal.mycompany.com.

Another way to validate failover is to run the following command on WEBHOST2:

/sbin/ifconfig -a | grep oudinternal.mycompany.com_ip
/sbin/ifconfig -a | grep oudinternal.mycompany.com_ip

Once the Oracle Traffice Director host is down. Ping the IP address again and it should still respond.

About Managed Failover Groups and the keepalived Daemon

Oracle Traffic Director starts the keepalived daemon automatically when you start instances that are part of a failover group, and stops the daemon when you stop the instances. The configuration parameters for the keepalived daemon are stored in a file named keepalived.conf in the following directory:

WEB_ORACLE_INSTANCE/config

If the administration node process is running as non-root on the node where the instances are located, you must run the start-failover command on those nodes as a root user. This is to manually start the failover. If this command is not executed, failover does not start and there is no high availability.

For more information about the start-failover command, see the Oracle Traffic Director Command-Line Reference or run the command with the --help option.

Note:

For the keepalived daemon to be started and stopped automatically, you must run the commands to start and stop the Oracle Traffic Director instances as the root user.