Oracle® Fusion Applications Installation Guide 11g Release 1 (11.1.3) Part Number E16600-08 |
|
|
PDF · Mobi · ePub |
This chapter describes the prerequisites for provisioning a new applications environment.
This chapter includes the following sections:
In order to provision a new Oracle Fusion Applications environment, you must ensure that your system meets certain requirements and that you perform the necessary prerequisite tasks in preparation for an installation of Oracle Fusion Applications product offerings.
Review the following prerequisites:
This release of Oracle Fusion Applications relies on Oracle Fusion Applications system requirements and supported platforms documentation to supply certified versions of Oracle components. This documentation provides details about hardware and software, minimum disk space and memory requirements, required system libraries, packages, or patches, and minimum database requirements. Consult an Oracle Fusion Applications sizing-certified representative to obtain specific, customized system hardware requirements.
Oracle Fusion Applications is supported on the following platforms:
Linux x86-64
Oracle Solaris
IBM AIX on POWER Systems (64-Bit)
Microsoft Windows x64 (64-Bit)
Oracle Fusion Applications supports Oracle Database (11.2.0.2 and 11.2.0.3) for storing transactional data. You can install either a single-instance Oracle Enterprise Edition Database or Oracle Real Application Clusters. See Chapter 3 for more information about database installations.
Review this section to learn about Oracle Identity Management components required for Oracle Fusion Applications, review references to documentation about installing those components, and read about how to create an IDM properties file that can supply default configuration parameters in your response file.
Note that during the Oracle Identity Management component installation, you must set up a super user in the identity store. This user has the administrative and functional setup privileges necessary for installation and provisioning. The user name you provide must correspond to the uid
attribute in the identity store.
These components must be installed and configured specifically for use with Oracle Fusion Applications.
Two instances of Oracle Database (11.2.0.2 or 11.2.0.3). One for the Identity Store and the other for the Policy Store.
Oracle Internet Directory 11g (OID)
Oracle Virtual Directory 11g (OVD)
Oracle Identity Manager 11g (OIM)
Oracle Access Manager 11g (OAM)
Note:
The installers for OAM and OIM are included among the installers in the provisioning repository.
Follow the instructions in Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) to install and configure these components. Keep a record of the configuration details. You must supply them to the Provisioning Wizard when you create your response file.
Apply all mandatory Oracle Identity Management patches, as listed in the "Oracle Identity Management Patches for Oracle Fusion Applications" section of Oracle Fusion Applications release notes.
See Section 4.1 for information about the configuration details required by provisioning. For specific information about how provisioning links the Oracle Identity Management components and your new applications environment, see Section 4.1.3 and Section 5.1.3.
A properties file, idmDomainConfig.param
, is generated the first time you run the idmConfigTool
during the installation and configuration of an Oracle Identity Management environment. Each time you make changes to that environment, the new information is appended to the properties file. This file includes the configuration values that you must supply to the Provisioning Wizard when you create a response file. These values must be included in your response file in order to integrate Oracle Identity Management components with an Oracle Fusion Applications environment. The idmConfigTool
is located in IDM_ORACLE_HOME
/idmtools/bin
. The properties file is created in:
IDM_ORACLE_HOME
/idmtools/bin/idmDomainConfig.param
.
See "Input to the Fusion Applications Provisioning Tool" in Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition). Note that you must run idmConfigTool
from the same location each time to prevent the creation of duplicate idmDomainConfig.param
files that contain only partial information.
If IDM_ORACLE_HOME
/idmtools/bin/idmDomainConfig.param
is in a shared location, you can point the Provisioning Wizard to that location so that it can read the values directly from the file. If you do not have direct access, you can copy the file to an accessible location and point the Provisioning Wizard to that location. You specify the path to the properties file on the Installation Location screen when you create the response file.
Before creating your new environment, review the following actions in this section that can help ensure a smooth installation.
For IBM AIX on POWER Systems (64-Bit) platforms, run the following commands as the root
user:
no -o rfc1323=1
no -o sb_max = 4194304
For IBM AIX on POWER Systems (64-Bit) platforms, the provisioning install phase installs the Oracle Database client and a database patch update. To prepare your environment for this action, set the SKIP_SLIBCLEAN environment variable as follows:
SKIP_SLIBCLEAN = TRUE;export SKIP_SLIBCLEAN;
Run /usr/sbin/slibclean
as root
and ensure that the value TRUE
is in uppercase as this value is case sensitive.
For Oracle Solaris platforms, ensure that the Solaris Operating System patch 144540-01 is installed on the servers. Do this for both Oracle Solaris on SPARC (64-Bit) and Oracle Solaris on x86-64 (64-Bit) platforms. The Solaris OS patch 144540-01 can be obtained from My Oracle Support.
Increase the limit of open files to 16384 or higher for the operating system.
For Linux x86-64:
Modify /etc/security/limits.conf
to read as follows:
FUSION_USER_ACCOUNT
soft nofile 32767
FUSION_USER_ACCOUNT
hard nofile 327679
Edit /etc/ssh/sshd_config
as follows:
Set UsePAM t
o Yes
.
Restart sshd
.
Logout (or reboot) and log in again.
Increase the maximum open files limit.
Edit /proc/sys/fs/file-max
and set it to 6553600. The change becomes effective immediately but does not persist after a reboot. To make the change permanent edit /etc/sysctl.conf
and set fs.file-max
= 6553600
. This change will not be effective until the sysctl
command is run or the server is rebooted.
For Oracle Solaris on SPARC (64-Bit):
Edit /etc/system
and set as follows:
set rlim_fd_cur=32767
set rlim_fd_max=327679
For IBM AIX on POWER Systems (64-Bit):
Modify /etc/security/limits
defaults to read as follows:
fsize = -1
core = 2097151
cpu = -1
data = 1024000
rss = 512000
stack = -1
stack hard = -1
nofiles = 32767
nofiles hard = 327679
For All Platforms:
Typically, you would have max user processes set to 16384:
$ulimit -u
16384
For Linux platforms, confirm that the host names are correctly formatted in /etc/hosts
, for each host that is participating in provisioning. Review /etc/hosts
for each participating host and edit any host entries that do not meet the following recommendations:
The format for each host entry should follow this format:
IP_address canonical_hostname [aliases}
The canonical_hostname
should be the same as the fully qualified host name. Errors can occur if a short version, or alias, of the host name is specified first in /etc/hosts
. The usage of aliases is optional and can be left empty. Examples of correct and incorrect entries follow:
(Correct) 141.80.151.100 myMachine.company.com myMachine (Incorrect) 141.80.151.100 myMachine myMachine.company.com
If the machine name is a logical host name and is different from the physical host name specified in /etc/sysconfig/network
, then the entry for the logical machine should be listed before the entry of the physical host name in /etc/hosts
. If the machine is always accessed using its logical host name, there is no need to have an entry for the physical host name in /etc/hosts. Examples of entries in the correct order follow:
141.80.151.100 myLogicalMachine.company.com myLogicalMachine 141.80.151.100 myPhysicalMachine.company.com myPhysicalMachine
If the order of host names is reversed from what is shown in the example, then there may be errors in retrieving the logical host name.
Make sure the hosts have enough entropy values in the provisioning hosts. If this value is less than 1000 then increase it to a value to a greater value using the rngd
command. Run these commands as the root user for the current session:
To check the entropy value:
cat /proc/sys/kernel/random/entropy_avail
To increase the entropy value:
rngd -r /dev/urandom -o /dev/random
To set the rngd
service to start automatically after rebooting the host, enter the following text into a script, such as, start.rngd
, and run the script as root user.
#! /usr/bin/perl -w . # minimum required bytes to be happy with the device my $want_bytes = 8192; . # list of commands to check my clist = qw(/sbin/rngd /usr/sbin/rngd); S . # list of device names to check my slist = qw( /dev/hwrandom /dev/hw_random /dev/hwrng /dev/intel_rng /dev/i810_rng /dev/urandom ); . . use Fcntl qw(O_RDONLY); . # find the rngd binary my $command; . foreach (clist) { -x && ($command = $_) && last; } . # stop if rngd isn't installed defined $command || die "$0 error: rngd is not installed\n"; . . # look for a hw random device my $source; my $continue = 1; $SIG{'ALRM'} = sub { $continue = 0 }; . foreach my $test (slist) { -e $test || next; . alarm 2; $continue = 1; . my $bytes = 0; . sysopen FILE, $test, O_RDONLY or next; while ($continue) { sysread FILE, $_, 4096 or last; $bytes += length $_; } close FILE; . if ($bytes > $want_bytes) { $source = $test; last; } } . . # use the select command and source print "starting $command with $source... "; system "$command -r $source"; print "done.\n"; . exit 0;
For Microsoft Windows x64 (64-Bit) platforms, complete these steps on each provisioning host:
Create a domain\user
that is part of the Administrators group.
Log in as the user that you created.
Run secpol.msc
(security policy) and add the domain\user
that you created to "Log on as service" under the Local Policies, User Rights Assignment option.
Create a fusionapps
folder on a shared disk that is accessible to all hosts in the provisioned environment. The name of the fusionapps
folder must not exceed eight characters.
Create a symbolic link to the fusionapps
folder that you created in Step 4. Perform this step on all hosts to be provisioned. For example, at the MS-DOS prompt, type the following:
C:\>mklink /d C:\
fusionapps
\
ComputerName
\fusionapps
Confirm that a file or folder can be created through the C:\fusionapps
symbolic link from all hosts in the provisioned environment.
You must define your local port range to ensure that it does not overlap with the ports used by the Java Virtual Machines (JVMs) and other servers. This action avoids port conflicts during server startup. To view and modify localRange
:
For Linux x86-64:
To view:
$cat /proc/sys/net/ipv4/
ip_local_port_range
To modify:
$echo "16202 65535" > /proc/sys/net/
ipv4/ip_local_port_range
For Oracle Solaris
To view:
#/usr/sbin/ndd /dev/
tcp tcp_smallest_anon_port tcp_largest_anon_port
To modify:
#/usr/sbin/ndd -set /dev/
tcp tcp_smallest_anon_port
16202
#/usr/sbin/ndd -set /dev/
tcp tcp_largest_anon_port
65535
For IBM AIX on POWER Systems (64-Bit):
To view:
#/usr/sbin/no -a | fgrep ephemeral
To modify:
#/usr/sbin/no -o
tcp_ephemeral_low
=16202 -o
tcp_ephemeral_high
=65535
Typically, the port range settings would be as follows:
$ /usr/sbin/no -a | fgrep ephemeral tcp_ephemeral_high = 65535 tcp_ephemeral_low = 32768 udp_ephemeral_high = 65535 udp_ephemeral_low = 32768
For more information about setting port values, see "Viewing and Changing Ports for Components" in Oracle Fusion Applications Administrator's Guide.
All engine and data tier servers (including SIP) must accurately synchronize their system clocks to a common time source, to within one or two milliseconds. Large differences in system clocks can cause severe problems.
The shared drive (NFS or CIFS) must support file locking. For NFS Version 3, the advisory locking must be configured for the NFS mount. This applies to all UNIX platforms.
Before provisioning, ensure that the provisioning server and the computer hosting Oracle Access Server have the same date and time stamp settings. The Webgate installation fails with an Oracle Access Manager certificate error if the date and time settings on the provisioning server are different from the Oracle Access Server.
The provisioning repository contains all the installers required to provision a new Oracle Fusion Applications environment. You download the repository from the Oracle Fusion Applications Product Media Package to a location of your choice (repository_location
).
Note:
If you want to set up a demilitarized zone (DMZ) for the web tier in your new environment, see Section 2.6 before you create the repository.
Oracle groups its software releases by product area. A Product Media Pack refers to those groupings. Each media pack may also include a zipped file containing electronic documentation files or "Quick Install" files, which facilitate the initial installation of the software.
Note:
For installations of Oracle Fusion Applications, you must have available the complete set of software contained in the product media pack. You cannot install from individual pieces. Therefore, if you need to install from media that is no longer available on Oracle Software Delivery Cloud, contact My Oracle Support to obtain the complete media pack.
Once you have completed the software licensing agreements, you can obtain the Oracle Fusion Applications software using one of these two methods:
Oracle Software Delivery Cloud Portal: Provides you with a readme document that helps you to determine which media you need to fulfill the license you have purchased. You download only the media you need. This is the default delivery method.
Oracle Store: Provides a complete set of the software in DVD format. You use only the DVDs covered by your software licensing agreement.
Using either method, you can obtain the Oracle Fusion Applications Provisioning repository and gain access to the Oracle Fusion Applications documentation library.
Go to http://edelivery.oracle.com/
and follow these instructions:
Complete the Export Validation process by entering basic identification information using the online form.
On the Media Pack Search page, specify the product pack and platform to identify the media pack you want to download. If you do not know the name of the product pack, you can search for it using the license list.
Choose the appropriate media pack from the search results and download the provisioning repository (in zipped format). You can download the repository to a location of your choice.
Extract the contents of all the zipped files to the same target directory. The directory must be on a networked drive or shared disk so that it will be accessible to all the hosts in your new environment. By default, the unzip process places the installers in repository_location
/installers
.
Note:
Create the repository location name so that unzipping the files does not run into the Windows MAX_PATH limitation.
Note:
Do not unzip different versions of Oracle Fusion Applications Media Packs into the same location. This will cause errors when you try to provision Oracle Fusion Applicationsme files.
To order the Oracle Fusion Applications DVDs from the Oracle Store, go to http://oracle.com
. Navigate to the Products and Services page. Click Oracle Applications and then Oracle Fusion Applications.
Log in as the operating system user with sufficient privileges to mount, unmount, and eject a DVD.
Each DVD in the media pack is assigned a unique name and typically contains only one zipped file. Insert the first DVD in the Oracle Fusion Applications Media Pack.
Extract the contents of the first DVD, and each of the remaining DVDs one by one to the same target directory. The directory must be on a networked drive or shared disk so that it is accessible and writable to all hosts in your environment. By default, the unzip process places the installers in repository_location/installers
.
Note:
Be sure to create the repository location name so that unzipping the files does not run into the Windows MAX_PATH limitation.
Note:
Do not mix or unzip different versions of Oracle Fusion Applications Media Packs into the same location. This will cause errors when you try to provision Oracle Fusion Applications files.
The Oracle Fusion Applications Provisioning installer (faprov
) was delivered with the other installers in the provisioning repository. The purpose of faprov
is to create the Oracle Fusion Applications Provisioning framework, which contains the following components:
Provisioning Wizard: A question-and-answer interview that guides you through the process of installing a database, creating or updating a response file, and provisioning or deinstalling an Oracle Fusion Applications environment.
Provisioning command-line interface (CLI): Used for starting the wizard and running installation phases on the primary, secondary, and DMZ hosts (when present).
Provisioning-related files and utilities: The ANT utilities, binary files, library files, templates, locations of saved response files and provisioning build scripts, and other provisioning utilities required for performing provisioning tasks.
Because the provisioning installer is a customized version of the Oracle Universal Installer (OUI), its behavior closely resembles that of the OUI.
Run faprov
from the directory where you created the provisioning repository, for example, repository_location
/installers/faprov/Disk1
.
Set the JAVA_HOME
environment variable to point to the JDK location in the provisioning repository. For example:
(UNIX)
export
JAVA_HOME
=repository_location
/jdk6
export
PATH
=$JAVA_HOME
/bin:$PATH
(Windows)
set
JAVA_HOME
=repository_location
\jdk6
set PATH=%JAVA_HOME%\bin;%PATH%
Use this command:
(UNIX) runInstaller
(Windows) setup.exe
The installer creates a directory (.../provisioning
) for the framework components in any location that you specify, for example, framework_location
/provisioning
.
Table 2-1 lists the steps for running the provisioning framework installer. For examples of the interview screens, see Appendix A.
Table 2-1 Provisioning Framework Installation Screen Flow
Screen | Description and Action Required |
---|---|
Specify Inventory Directory (UNIX) |
If this is your first Oracle installation on this host, you must specify the location of the Central Inventory Directory. It is used by the installer to keep track of all Oracle products installed on this host. The default location for this file varies by platform. In the Operating System Group Name field, select the group whose members will be granted access to the inventory directory. All members of this group can install products on this host. Click OK to continue. The Inventory Location Confirmation dialog prompts you to run the
The standard location for this file is If you do not have Click OK to continue. |
Welcome |
No action is necessary on this read-only screen. Click Next to continue. |
Prerequisite Checks |
Analyzes the host computer to ensure that specific operating system prerequisites have been met. If any prerequisite check fails, the screen displays a short error message at the bottom. Fix the issue that caused the error and click Retry. To ignore the error or warning message, click Continue. Click Abort to stop the prerequisite check process for all components. Click Next to continue. |
Specify Installation Location |
In the Location field, specify where you want to install the provisioning framework. This is the location where the Provisioning Wizard and the start command for provisioning are installed. You can choose any location as long as it is on a shared disk in a location that is accessible to all hosts in your new environment. The installation process creates a logical directory called the Oracle home. This location is where software binaries will be stored. No runtime process can write to this directory. The directory must initially be empty. If you are performing the installation on a Windows operating system, ensure that the directory paths are valid and do not contain a double backslash (\\). Click Next to continue. |
Installation Summary |
Summarizes the selections that you have made during this installation session. To change this configuration before installing, select one of the screens from the left navigation pane or click Back to return to a previous screen. When you are satisfied with the details, click Save to create a text file (response file) to use if you choose to perform the same installation later. Click Install to begin installing this configuration. |
Installation Progress |
The progress indicator shows the percentage of the installation that is complete, and indicates the location of the installation log file. Click Next when the progress indicator shows 100 percent. |
Installation Complete |
Summarizes the installation just completed. To save the details to a text file, click Save and indicate a directory where you want to save the file. Click Finish to dismiss the screen and exit the installer. |
Table 2-2 shows the components in the framework_location
/provisioning
directory.
Table 2-2 Contents of the Provisioning Framework
Component Type | Component Name | General Use |
---|---|---|
ANT |
ant |
Java processes for installing binaries, configuring domains and subsystems (JDBD and SOA composites), deploying applications, and domain startup |
Binary files |
bin |
Executable files, compiled programs, system files, spreadsheets, compressed files, and graphic (image) files |
Library files |
lib |
Previously defined functions that have related functionality or are commonly used, stored in object code format |
Location of saved response files |
provisioning-response file |
Location for completed or partially completed response files |
Location of provisioning build scripts |
provisioning-build |
Location for build scripts that are available when called for during the provisioning of an environment |
Location of templates |
template |
Start parameters, single sign-on configuration, and database templates |
Location of utility files |
util |
Other provisioning utilities |
The goal of large page support is to optimize processor Translation-Lookaside Buffers. Beginning with Java SE 5.0, you can use a cross-platform flag for requesting large memory pages: -XlargePages:exitOnFailure=true
works on all platforms that support large pages. You can also use -XX:+UseLargePages
for the same purpose. Both arguments are platform-generic.
See http://www.oracle.com/technetwork/java/javase/ tech/largememory-jsp-137182.html
for more information.
If your environment has large pages, add the largepages option as follows:
After you have created a provisioning repository, open provisioning/provisioning-plan/fusionapps_start_params.properties
.
Append -XlargePages:exitOnFailure=true
or -XX:+UseLargePages
to the entry for your platform. Operating system entries are in the following form:
fusion.default.
platform_name
.memoryargs=
existing_page_size
.
For Hotspot JVM only, use the -XX:+UseLargePages
argument.
Run provisioning as usual.
The web tier contains Oracle HTTP Server, which can be installed on the same shared file system (inside the firewall) as the other components, or exist on a host in a DMZ. If you install the web tier in a DMZ, the web tier host cannot be the same as any other host deployed, regardless of domain.
Installing the web tier in a DMZ enables you to impose more restrictions on communication within the portion of the system that is within the firewall, including the following:
The DMZ host cannot access the shared storage that is accessible by the hosts within the firewall (in the APPLICATIONS_BASE
area where the middleware homes are installed or the shared area).
The DMZ host may not be able to communicate with the CommonDomain AdminServer through the firewall. If this is the case, web tier running on the DMZ is non-managed; that is, it is not associated with the CommonDomain running inside the firewall.
However, the APPLICATIONS_BASE
file path and the directory structure under it remain the same on the DMZ host as for the other hosts that exist inside the firewall.
During the provisioning process, phase guard files are generated automatically to determine when a specific phase has been completed on a specific host. For systems that do not use a DMZ, these phase guard files are generated automatically under the shared APPLICATIONS_CONFIG
area on the hosts inside the firewall.
To set up and configure your web tier on a DMZ host, go to http://edelivery.oracle.com/
and follow these directions:
Copy the provisioning repository zipped files to a location on the web tier host to be designated as a demilitarized zone. Follow the instructions in Section 2.3.
Create an installers/temp
directory.
Run the provisioning framework installer (faprov
), as described in Section 2.4. You can create the framework in any location, or you can create it on the DMZ host.
Copy the provisioning framework (framework_location
/provisioning
) from the location where you installed it to the DMZ host. If you installed it initially on the DMZ host, no action is required.
Place the libstdc++.so.5
and libgcc_s.so.1
libraries in the installers directory.
When you create the response file for this environment, indicate this web tier configuration when prompted. See Section 4.3 for details.
Place a copy of the response file on the DMZ host.
Deinstalling Oracle Fusion Applications involves removing the Oracle Fusion Applications Provisioning Oracle home. The deinstaller attempts to remove the Oracle home from which it was started, and removes only the software in the Oracle home.
Before you remove the Oracle Fusion Applications Provisioning Oracle home, ensure that it is not in use. After you remove the software, you will no longer be able to provision a new Oracle Fusion Applications environment.
To start the deinstaller, navigate to (UNIX) PROV_FRMWK_HOME
/oui/bin
or (Windows) PROV_FRMWK_HOME
\oui\bin
. Start the deinstaller with this command:
(Unix)./runInstaller -deinstall
(Windows) setup.exe -deinstall
On Windows operating systems, you can also start the deinstaller from the Start menu by selecting Programs, then Oracle Fusion Applications Provisioning 11g-Home1, and finally Uninstall.
Table 2-3 contains instructions for deinstalling the provisioning framework. For help with any of the interview screens, see Appendix A or click Help on any interview screen.
Table 2-3 Provisioning Deinstaller Screen Flow
Screen | Description and Action Required |
---|---|
Welcome |
No action is required on this read-only screen. Click Next to continue. |
Deinstall Oracle Home |
Verify that the directory path is correct. Click Save to create a text file with the details of the configuration you are deinstalling. Click Deinstall to continue. On the Warning screen, select whether you want the deinstaller to remove the Oracle home directory in addition to removing the software. Click Yes to remove the software files and the provisioning Oracle home directory. Click No to remove only the software files, or click Cancel to return to the previous screen. If you clicked No, remove the framework software files manually. For example, you would use this syntax if the directory is
If the Oracle home directory is |
Deinstallation Progress |
Monitor the progress of the deinstallation. Click Cancel to stop the process. Click Next to continue. |
Deinstallation Complete |
Click Finish to dismiss the screen. |
You must install a transaction database before you create a response file. See Chapter 3 for complete information.