5 Creating a Domain with Administration Server

This chapter describes how to create a domain using the Oracle Fusion Middleware Configuration Wizard, Oracle WebLogic Server Administration Console, and Oracle Enterprise Manager. You can extend the domain to add Fusion Middleware (FMW) components: SOA, Oracle Universal Content Management (UCM) and, optionally, Oracle Imaging and Process Management (I/PM). This will be addressed in later chapters in this document.

Important:

Oracle strongly recommends that you read the release notes for any additional installation and deployment considerations prior to starting the setup process.

This chapter contains the following sections:

5.1 Enabling ADMINVHN on SOAHOST1

This step is required for failover of the Administration Server, regardless of whether or not other Fusion Middleware components are installed later. You will associate the Administration Server with a virtual IP (ADMINVHN). Make sure that ADMINVHN is enabled on SOAHOST1.

To enable the virtual IP on Linux, run the ifconfig command as root:

/sbin/ifconfig interface:index IP_address netmask netmask
/sbin/arping -q -U -c 3 -I interface IP_address

For example:

/sbin/ifconfig ethX:Y 100.200.140.206 netmask 255.255.255.0

Enable your network to register the new location of the virtual IP, for example:

/sbin/arping -q -U -c 3 -I ethX 100.200.140.206

Validate that the address is available by pinging it from another node, for example:

/bin/ping 100.200.140.206

Note:

In these examples, 'ethX' is the ethernet interface (eth0 or eth1) and Y is the index (0, 1, 2, etc.).

5.2 Running the Configuration Wizard on SOAHOST1 to Create a Domain

Run the Oracle Fusion Middleware Configuration Wizard from the Oracle Common home directory to create a domain containing the Administration Server. You will extend the domain to contain other components later.

  1. Change the directory to the location of the Oracle Fusion Middleware Configuration Wizard (created in Chapter 3, "Installing the Software"):

    SOAHOST1> cd ORACLE_COMMON_HOME/common/bin

  2. Start the Configuration Wizard:

    SOAHOST1> ./config.sh

  3. In the Welcome screen, select Create a new WebLogic Domain, and click Next.

  4. The Select Domain Source screen opens. In this screen, do the following (as shown in Figure 5-1):

    • Select Generate a domain configured automatically to support the following products.

    • Select the following products:

      • Basic WebLogic Server Domain - 10.3.5.0 [wlserver_10.3] (this should be selected automatically)

      • Oracle Enterprise Manager - 11.1.1.0 [oracle_common]

      • Oracle JRF - 11.1.1.0 [oracle_common] (this should be selected automatically)

    Figure 5-1 Select Domain Source Screen

    Description of Figure 5-1 follows
    Description of "Figure 5-1 Select Domain Source Screen"

    If you accidentally deselect some of the targets, make sure that the following selections are made in this screen:

    • Oracle Enterprise Manager

    • Oracle JRF

    Click Next.

  5. In the Specify Domain Name and Location screen, enter the domain name (domain_name).

    Make sure that the domain directory matches the directory and shared storage mount point recommended in Chapter 2, "Database and Environment Preconfiguration": enter ORACLE_BASE/admin/domain_name/aserver for the domain directory and ORACLE_BASE/admin/domain_name/aserver/applications for the application directory. This directory should be in shared storage.

    Click Next.

  6. In the Configure Administrator User Name and Password screen, enter the username and password to be used for the domain's administrator.

    Click Next.

  7. In the Configure Server Start Mode and JDK screen, do the following:

    • For WebLogic Domain Startup Mode, select Production Mode.

    • For JDK Selection, select JROCKIT SDK1.6.0_<version>.

    Click Next.

  8. In the Select Optional Configuration screen, select the following:

    • Administration Server

    • Managed Servers, Clusters and Machines

    Click Next.

  9. In the Configure the Administration Server screen, enter the following values:

    • Name: AdminServer

    • Listen address: enter ADMINVHN.

    • Listen port: 7001

    • SSL listen port: N/A

    • SSL enabled: leave this check box unselected.

    Click Next.

  10. In the Configure Managed Servers screen, click Next.

  11. In the Configure Clusters screen, click Next.

  12. In the Configure Machines screen, click the Unix Machine tab and then click Add to add the following machine:

    Table 5-1 Machines

    Name Node Manager Listen Address

    ADMINVHN

    localhost

    Leave all other fields to their default values. Please note that the machine name does not need to be a valid host name or listen address; it is just a unique identifier of a Node Manager location.

    Click Next.

  13. In the Assign Servers to Machines screen, assign servers to machines as follows:

    • ADMINVHN:

      • AdminServer

    Click Next.

  14. In the Configuration Summary screen, click Create.

  15. In the Create Domain screen, click Done.

5.3 Creating boot.properties for the Administration Server on SOAHOST1

Create a boot.properties file for the Administration Server on SOAHOST1. This file enables the Administration Server to start without prompting you for the administrator username and password.

  1. Create the following directory structure:

    mkdir -p ORACLE_BASE/admin/domain_name/aserver/domain_name/servers/AdminServer/security

  2. In a text editor, create a file called boot.properties in the directory created in the previous step, and enter the following lines in the file:

    username=Admin_Username
password=Password

    Note:

    When you start the Administration Server, the username and password entries in the file get encrypted. You start the Administration Server in Section 5.5, "Starting the Administration Server on SOAHOST1." For security reasons, you want to minimize the time the entries in the file are left unencrypted. After you edit the file, you should start the server as soon as possible so that the entries get encrypted.

  3. Save the file and close the editor.

5.4 Starting Node Manager on SOAHOST1

Perform these steps to start Node Manager on SOAHOST1:

  1. Run the setNMProps.sh script, which is located in the ORACLE_COMMON_HOME/common/bin directory, to set the StartScriptEnabled property to 'true' before starting Node Manager:

    SOAHOST1> cd ORACLE_COMMON_HOME/common/bin
SOAHOST1> ./setNMProps.sh

    Note:

    You must use the StartScriptEnabled property to avoid class loading failures and other problems. See also Section 12.8.3, "Incomplete Policy Migration After Failed Restart of SOA Server."

  2. Start Node Manager:

    SOAHOST1> cd WL_HOME/server/bin
SOAHOST1> export JAVA_OPTIONS=-DDomainRegistrationEnabled=true
SOAHOST1> ./startNodeManager.sh

    Note:

    It is important that the -DDomainRegistrationEnabled=true parameter is set whenever a Node Manager is started which must manage the Administration Server. If there is no Administration Server on the machine and the machine is not an Administration Server failover node, then Node Manager can be started using 
    SOAHOST1> ./startNodeManager.sh

    (without the export command).

5.5 Starting the Administration Server on SOAHOST1

The administration server will be started and stopped using Node Manager. However, the first start of the administration server with Node Manager requires changing the default username and password that the Oracle Fusion Middleware Configuration Wizard set for Node Manager. You must therefore use the start script for the administration server for the first start. Follow these steps to start the Administration Server using Node Manager (steps 1 through 4 are required for the first start; all subsequent starts require only step 4):

  1. Start the Administration Server using the start script in the domain directory:

    SOAHOST1> cd ORACLE_BASE/admin/domain_name/aserver/domain_name/bin
SOAHOST1> ./startWebLogic.sh

  2. Use the Administration Console to update the Node Manager credentials:

    1. Open a Web browser and go to http://ADMINVHN:7001/console.

    2. Log in as the administrator.

    3. Click on domain_name, then Security, then General, and then expand the Advanced options at the bottom.

    4. Click Lock & Edit.

    5. Enter a new username for Node Manager or make a note of the existing one and update the Node Manager password.

    6. Save and activate the changes.

  3. Stop the administration server process (either using Ctrl+C in the shell where it was started or by the standard process identification and kill commands in the operating system).

  4. Start the Oracle WebLogic Scripting Tool (WLST) and connect to Node Manager with nmconnect and the credentials set above, and start the administration server using nmstart:

    SOAHOST1> cd ORACLE_COMMON_HOME/common/bin
SOAHOST1> ./wlst.sh

    Once in the WLST shell, execute the following command (make sure Node Manager is up and running):

    wls:/offline>nmConnect(Admin_User,'Admin_Pasword, 'SOAHOST1','5556','domain_name','/u01/app/oracle/admin/domain_name/aserver/domain_name')

wls:/nm/domain_name> nmStart('AdminServer')

Note:

SOAHOST1 is the address of the node where the domain was created, not the listen address of the administration server.
Also, the username and password are only used to authenticate connections between Node Manager and clients. They are independent from the server admin ID and password, and are stored in the ORACLE_BASE/admin/domain_name/aserver/domain_name/config/nodemanager/nm_password.properties file.

5.6 Validating the Administration Server

Perform these steps to ensure that the administration server is properly configured:

  1. Open a Web browser and go to http://ADMINVHN:7001/console.

  2. Log in as the administrator.

  3. Check that you can access Oracle Enterprise Manager at http://ADMINVHN:7001/em.

  4. Log in to Enterprise Manager Console with the username and password you specified in Section 5.3, "Creating boot.properties for the Administration Server on SOAHOST1."

5.7 Disabling Host Name Verification for the Administration Server

This step is required if you have not set up the appropriate certificates to authenticate the different nodes with the Administration Server (see Chapter 9, "Setting Up Node Manager"). If you have not configured the server certificates, you will receive errors when managing the different WebLogic servers. To avoid these errors, disable host name verification while setting up and validating the topology, and enable it again once the EDG topology configuration is complete as described in Chapter 9, "Setting Up Node Manager."

Perform these steps to disable host name verification:

  1. Log in to Oracle WebLogic Server Administration Console.

  2. Click Lock & Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers. The Summary of Servers page opens.

  5. Select AdminServer(admin) in the Names column of the table. The settings page for the server opens.

  6. Open the SSL tab.

  7. Expand the Advanced section of the page.

  8. Set host name verification to 'None'.

  9. Click Save.

  10. Save and activate the changes.

  11. The change will not take effect until the Administration Server is restarted (Node Manager must be up and running):

    1. Stop the Administration Server using the following command:

      wls:/nm/domain_name>nmKill('AdminServer')

    2. Start the Administration Server again as described in Section 5.5, "Starting the Administration Server on SOAHOST1."

5.8 Configuring Oracle HTTP Server for the Administration Server

To enable Oracle HTTP Server to route to the Administration Server, you must set the corresponding mount points in your HTTP server configuration:

  1. For each of the web servers on WEBHOST1 and WEBHOST2, add the following lines to the file ORACLE_INSTANCE/config/OHS/component/mod_wl_ohs.conf:

    # Admin Server and EM
<Location /console>
   SetHandler weblogic-handler
   WebLogicHost ADMINVHN
   WeblogicPort 7001
   WLProxySSL OFF
   WLProxySSLPassThrough OFF
</Location>
 
<Location /consolehelp>
   SetHandler weblogic-handler
   WebLogicHost ADMINVHN
   WeblogicPort 7001
   WLProxySSL OFF
   WLProxySSLPassThrough OFF
</Location>
 
<Location /em>
   SetHandler weblogic-handler
   WebLogicHost ADMINVHN
   WeblogicPort 7001
   WLProxySSL OFF
   WLProxySSLPassThrough OFF
</Location>

  2. For each of the web servers on WEBHOST1 and WEBHOST2, make sure the file ORACLE_INSTANCE/config/OHS/component/httpd.conf includes the following lines:

    NameVirtualHost *:7777
<VirtualHost *:7777>
   ServerName admin.mycompany.com:80
   ServerAdmin you@your.address
   RewriteEngine On
   RewriteOptions inherit
</VirtualHost>

  3. Restart Oracle HTTP Server on both WEBHOST1 and WEBHOST2.

    WEBHOST1> ORACLE_BASE/admin/instance_name/bin/opmnctl restartproc ias-component=ohs1

WEBHOST2> ORACLE_BASE/admin/instance_name/bin/opmnctl restartproc ias-component=ohs2

Important Security Consideration

For security purposes, and since the load balancer terminates SSL request (Oracle HTTP Server routes the requests as non-SSL to WebLogic Server), once SSL is configured for the load balancer, turn on the WebLogic plug-in enabled flag2 for the domain. Make sure you do this only if SSL is configured for the load balancer. To perform this procedure, follow these steps:

  1. Log on to the Administration Console.

  2. Click on the domain name in the navigation tree on the left.

  3. Open the Web Applications tab.

  4. Click Lock & Edit.

  5. Select the WebLogic Plugin Enabled check box.

  6. Save and activate the changes.

  7. Restart the administration server (even though the WLS console may not specifically prompt for that).

5.9 Registering Oracle HTTP Server with WebLogic Server

For Oracle Enterprise Manager Fusion Middleware Console to be able to manage and monitor Oracle HTTP Server instances, they must be registered with the domain. To do this, you must register Oracle HTTP Server with Oracle WebLogic Server using the following command:

WEBHOST1> cd ORACLE_BASE/admin/instance_name/bin
WEBHOST1> ./opmnctl registerinstance -adminHost ADMINVHN -adminPort 7001 -adminUsername weblogic

You must also run this command from WEBHOST2 for OHS2.

Note:

After registering Oracle HTTP Server, it should appear as a manageable target in the Oracle Enterprise Manager Console. To verify this, log in to the Enterprise Manager Console. The WebTier item in the navigation tree should show that Oracle HTTP Server has been registered.

5.10 Setting the Frontend URL for the Administration Console

The Oracle WebLogic Server Administration Console application tracks changes made to ports, channels and security using the console. When changes made through the console are activated, the console validates its current listen address, port and protocol. If the listen address, port and protocol are still valid, the console redirects the HTTP request replacing the host and port information with the Administration Server's listen address and port. When the Administration Console is accessed using a load balancing router (LBR), it is required to change the Administration Server's frontend URL so that the user's web browser is redirected to the appropriate LBR address. To do this, complete these steps:

  1. Log in to Oracle WebLogic Server Administration Console.

  2. Click Lock & Edit.

  3. Expand the Environment node in the Domain Structure window.

  4. Click Servers. The Summary of Servers page opens.

  5. Select Admin Server in the Names column of the table. The settings page for AdminServer(admin) opens.

  6. Click the Protocols tab.

  7. Click the HTTP tab.

  8. Set the Front End Host field to admin.mycompany.com (your LBR address).

  9. Save and activate the changes.

To eliminate redirections it is recommended that you disable the Administration Console's "Follow changes" feature. To do this, log on to the Administration Console and click Preferences and then Shared Preferences. Clear the 'Follow Configuration Changes' check box and click Save.

5.11 Validating Access Through Oracle HTTP Server

Verify that the server status is reported as "Running" in the Administration Console. If the server is shown as "Starting" or "Resuming," wait for the server status to change to "Started." If another status is reported (such as "Admin" or "Failed"), check the server output log files for errors. See Section 12.8, "Troubleshooting" for possible causes.

Validate Administration Console and Enterprise Manager through both Oracle HTTP Server instances using the following URLs:

  • http://WEBHOST1:7777/console

  • http://WEBHOST2:7777/console

  • http://WEBHOST1:7777/em

  • http://WEBHOST2:7777/em

    Note:

    After setting the frontend URL to the LBR address, the access to the console through the WEBHOSTn addresses will be redirected by the console to the frontend URL, thus validating the correct configuration of both Oracle HTTP Server and the LBR device.

  • http://admin.mycompany.com/console

  • http://admin.mycompany.com/em

For information on configuring system access through the load balancer, see Section 2.2.2, "Load Balancers."

5.12 Manually Failing Over the Administration Server to SOAHOST2

In case a node fails, you can fail over the Administration Server to another node. This section describes how to fail over the Administration Server from SOAHOST1 to SOAHOST2:

5.12.1 Assumptions and Procedure

Please note the following assumptions:

  • The Administration Server is configured to listen on ADMINVHN, and not on ANY address. See step 12 in Section 5.2, "Running the Configuration Wizard on SOAHOST1 to Create a Domain".

  • The Administration Server is failed over from SOAHOST1 to SOAHOST2, and the two nodes have these IP addresses:

    • SOAHOST1: 100.200.140.165

    • SOAHOST2: 100.200.140.205

    • ADMINVHN: 100.200.140.206. This is the VIP where the Administration Server is running, assigned to ethX:Y, available in SOAHOST1 and SOAHOST2.

  • The domain directory where the administration server is running in SOAHOST1 is on a shared storage and is mounted also from SOAHOST2.

    Note:

    Node Manager in SOAHOST2 will not control the domain domain_name at this point, since unpack/nmEnroll has not been run yet on SOAHOST2. However, for the purpose of AdminServer failover and control of the administration server itself, Node Manager will be fully functional. Later failovers (after unpack has been run in SOAHOST2) will correctly have Node Manager controlling the domain.

  • Oracle WebLogic Server and Oracle FMW components have been installed in SOAHOST2 as described in Chapter 3, "Installing the Software" (that is, the same paths for ORACLE_HOME and MW_HOME that exist on SOAHOST1 are also available on SOAHOST2).

Procedure

The following procedure shows how to fail over the Administration Server to a different node (SOAHOST2):

  1. Stop the Administration Server if it is running.

  2. Migrate the IP address to the second node:

    1. Run the following command as root on SOAHOST1 (where X:Y is the current interface used by ADMINVHN):

      SOAHOST1> /sbin/ifconfig ethX:Y down

    2. Run the following command on SOAHOST2:

      SOAHOST2> /sbin/ifconfig interface:index IP_address netmask netmask

      For example:

      /sbin/ifconfig eth0:1 100.200.140.206 netmask 255.255.255.0

      Note:

      Make sure that the netmask and interface to be used match the available network configuration in SOAHOST2.

    3. Update the routing tables using arping, for example:

      SOAHOST2> /sbin/arping -b -A -c 3 -I eth0 100.200.140.206

  3. Start Node Manager in SOAHOST2 as described in Section 5.4, "Starting Node Manager on SOAHOST1."

  4. Start the Administration Server on SOAHOST2 as described in Section 5.5, "Starting the Administration Server on SOAHOST1."

  5. Test that you can access the Administration Server on SOAHOST2 as follows:

    1. Ensure that you can access the Oracle WebLogic Server Administration Console at http://ADMINVHN:7001/console.

    2. Check that you can access and verify the status of components in the Oracle Enterprise Manager at http://ADMINVHN:7001/em.

5.12.2 Validating Access to SOAHOST2 Through Oracle HTTP Server

Perform the same steps as in Section 5.11, "Validating Access Through Oracle HTTP Server." This is to check that you can access the Administration Server when it is running on SOAHOST2.

5.12.3 Failing the Administration Server Back to SOAHOST1

This step checks that you can fail back the Administration Server; that is, stop it on SOAHOST2 and run it on SOAHOST1 again. To do this, migrate ADMINVHN back to the SOAHOST1 node as follows:

  1. Make sure the Administration Server is not running.

  2. Run the following command on SOAHOST2.

    SOAHOST2> /sbin/ifconfig ethZ:N down

  3. Run the following command on SOAHOST1:

    SOAHOST1> /sbin/ifconfig ethX:Y 100.200.140.206 netmask 255.255.255.0

    Note:

    Make sure that the netmask and interface to be used match the available network configuration in SOAHOST1.

  4. Update the routing tables using arping. Run the following command from SOAHOST1:

    SOAHOST1> /sbin/arping -b -A -c 3 -I ethZ 100.200.140.206

  5. Start the Administration Server again on SOAHOST1 as described in Section 5.5, "Starting the Administration Server on SOAHOST1."

  6. Test that you can access the Oracle WebLogic Server Administration Console at http://ADMINVHN:7001/console.

  7. Check that you can access and verify the status of components in the Oracle Enterprise Manager at http://ADMINVHN:7001/em.

5.13 Backing Up the Installation

After you have verified that the extended domain is working, back up the installation. This is a quick backup for the express purpose of immediate restore in case of problems in the further steps. The backup destination is the local disk. This backup can be discarded once the enterprise deployment setup is complete. At that point, the regular deployment-specific backup and recovery process can be initiated. The Oracle Fusion Middleware Administrator's Guide provides further details. For information on describing the Oracle HTTP Server data that must be backed up and restored, refer to the "Backup and Recovery Recommendations for Oracle HTTP Server" section in that guide. For information on how to recover components, see the "Recovery of Components" and "Recovery After Loss of Component" sections in the guide. For recommendations specific to recovering from the loss of a host, see the "Recovering Oracle HTTP Server to a Different Host" section in the guide. Also refer to the Oracle Database Backup and Recovery Guide for information on database backup.

Perform these steps to back up the installation at this point:

  1. Back up the web tier:

    1. Shut down the instance using opmnctl:

      WEBHOST1> ORACLE_BASE/admin/instance_name/bin/opmnctl stopall

    2. Back up the Middleware Home on the web tier using the following command (as root):

      WEBHOST1> tar -cvpf BACKUP_LOCATION/web.tar MW_HOME

    3. Back up the Oracle Instance Home on the web tier using the following command:

      WEBHOST1> tar -cvpf BACKUP_LOCATION/web_instance_name.tar ORACLE_INSTANCE

    4. Start the instance using opmnctl:

      WEBHOST1> cd ORACLE_BASE/admin/instance_name/bin
WEBHOST1> opmnctl startall

    Repeat this step for WEBHOST2.

  2. Back up the database. This is a full database backup (either hot or cold) using Oracle Recovery Manager (recommended) or operating system tools such as tar for cold backups if possible.

  3. Stop the Administration Server and back up its domain directory to save your domain configuration. The configuration files all exist in the ORACLE_BASE/admin/ domain_name directory. Run the following command to create the backup:

    SOAHOST1> tar -cvpf edgdomainback.tar ORACLE_BASE/admin/domain_name

    Do not forget to restart the Administration Server again.