| Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 7 (11.1.7) Part Number E21032-21 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 7 (11.1.7) Part Number E21032-21 |
|
|
PDF · Mobi · ePub |
The reference enterprise topology discussed in this guide is highly scalable. It can be scaled up and or scaled out. This chapter explains how to do so.
To scale up the topology, you add a new component instance to a node already running one or more component instances. To scale out the topology, you add new component instances to new nodes.
This chapter contains the following topics:
The Oracle Identity Management topology described in the guide has three tiers: the Directory Tier, Application Tier and Web Tier. The components in all the three tiers can be scaled up by adding a new server instance to a node that already has one or more server instances running.
The procedures described in this section show you how to create a new managed server or directory instance.
You scale out a topology by adding new components to new nodes. The components in all three tiers of the Oracle Identity Management topology described in this guide can be scaled out by adding a new component instance to a new node.
If you require more than the standard four database instances, then you must add additional database instances manually. The following steps assume that you have the database instances already configured.
Oracle Identity Management components interface with the database using WebLogic Datasources. In systems that use Oracle RAC, Data sources are configured as Multi Datasources in Identity Management. A multi datasource is made up of several child datasources, one for each RAC database Instance. The Identity Management Applications interface with the RAC database by accessing the parent multi data source. If you add a new database instance, then you must create new datasources for each of the existing multi datasources and then add the new data source into the pre-existing multi data source. Because different applications use different datasources, you must add the database to each data source that is using the database.
To do this perform the following steps:
Log In to the WebLogic console using the URL: http://admin.mycompany.com/console
Select Services > Messaging > Data Sources from the Domain Structure window.
Click on a Data Source which has an ID of the type Multi
Click on the Targets tab and make a note of what targets the multi data source is assigned to.
Click on the Configuration tab and the Data Sources subtab. The chosen box shows you what Data sources are currently part of the multi datasource.
Select Services > Messaging > Data Sources from the Domain Structure window.
This time click on one of the data sources that are currently part of the multi datasource.
Make a note of the following attributes. (The example shown is the data source EDNDDatasource-rc0, which is part of the multi data source EDNDatasource.)
General Tab
JNDI Name: for example, jdbc/EDNDatasource-rc0
Connection Pool Tab:
URL: for example: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=idmdb-scan.mycompany.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=soa_edg.mycpmpany.com)(INSTANCE_NAME=idmdb1)))
Driver Class: for example: oracle.jdbc.xa.client.OracleXADataSource
Properties: for example:
user=FA_SOAINFRA
oracle.net.CONNECT_TIMEOUT=10000
System Properties: for example: v$session.program=JDBCProgramName
Password: This is the database password you used when you ran the RCU
Return to the Overview screen
Click Lock and Edit.
Click New >Generic Datasource
Select Services - Messaging > Data Sources from the Domain Structure window.
Provide the following:
Name: Choose a name for the datasource for example: EDNDDatasource-rc3
JNDI Name: Enter a jndi name, for example: jdbc/EDNDatasource-rc3
Database Type: oracle
Click Next.
Database Driver: This can be determined from the Driver class, that is, xa or non xa. For example: Oracle's Driver (thin XA) for RAC Service-Instance connections; Versions 10 and later
Click Next.
On the Transaction Options page, click next.
On the Connection Properties page enter:
Service name: Database service name for example: soaedg.mycompany.com
Database Name: Enter the name of the database for example: IDMDB
Host Name: If this is for an 11.2 database enter the database scan address. Otherwise enter the VIP of the host being added.
Port: Enter the listener port, for example: 1521
Database User Name: enter the value from Properties, for example: FA_SOAINFRA
Enter the password assigned when RCU was run and confirm it.
Click Next.
On the Test Configuration page, test the connection.
Click Next
On the Targets page, assign the same targets as you noted for the mutli datasource.
Click Finish.
Now that the datasource has been defined, it can be added to the existing multi datasource.
Select Services > Messaging -> Data Sources from the Domain Structure window.
Click on the multi datasource, for example: EDNDDatasource
Click on the Targets tab and add the newly created data source.
Click Finish
Click Activate Changes
Repeat for each data source that uses the database.
The Directory tier consists of two LDAP hosts, each running Oracle Internet Directory and Oracle Virtual Directory.
This section contains the following topics:
The Directory Tier has two Oracle Internet Directory nodes, LDAPHOST1 and LDAPHOST2, each running an Oracle Internet Directory instance.
When scaling up, use the existing Oracle Identity Management binaries on either node for creating the new Oracle Internet Directory instance.
To add a new Oracle Internet Directory instance to either Oracle Internet Directory node, or to scale out Oracle Internet Directory instances, perform the steps in the following subsections:
Section 15.4.1.1, "Assembling Information for Scaling Oracle Internet Directory"
Section 15.4.1.2, "Configuring an Additional Oracle Internet Directory Instance"
Assemble the following information before scaling Oracle Internet Directory.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host Name |
LDAPHOST3.mycompany.com |
||
|
OID Port |
|
3060 |
|
|
OID SSL Port |
|
636 |
|
|
Oracle Instance Location |
|
||
|
Oracle Instance/component Name |
|
|
|
|
OID Admin Password |
|||
|
Password to protect your SSL wallet/keystore |
|
||
|
Password for the CA wallet |
|
||
|
WebLogic Admin Host |
ADMINVHN.mycompany.com |
||
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic Admin User |
weblogic_idm |
||
|
WebLogic Admin Password |
The schema database must be running before you perform this task. Follow these steps to install Oracle Internet Directory on the host:
Before starting the configuration, determine the ports you want to use for the new directory instance. For Scale out, these can be the same as the other instances you have. For Scale Up these ports must be unique to the new server instance.
Ensure that ports you want are not in use by any service on the computer by issuing these commands for the operating system you are using.
For example, on Linux, you would enter:
netstat -an | grep "3060" netstat -an | grep "3131"
If a port is not in use, no output is returned from the command. If the ports are in use (that is, if the command returns output identifying either port), you must free them.
Remove the entries for the ports in the /etc/services file and restart the services, as described in Section 16.1, "Starting and Stopping Components," or restart the computer.
Create a file containing the ports used by Oracle Internet Directory. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called oid_ports.ini. Delete all entries in oid_ports.ini except for Non-SSL Port for Oracle Internet Directory and SSL Port for Oracle Internet Directory. Change the values of those ports to the ports you want to use, for example: 3060 and 3131.
Note:
If the port names in the file are slightly different from those listed in this step, use the names in the file.
Start the Oracle Identity Management 11g Configuration Wizard by running OID_ORACLE_HOME/bin/config.sh.
On the Welcome screen, click Next.
On the Select Domain screen, select Configure without a Domain.
Click Next.
On the Specify Installation Location screen, specify the following values:
Oracle Instance Location: OID_ORACLE_INSTANCE
Oracle Instance Name: oidn, where n is a sequential number for the instance. For example, if you already have two instances configured, n will be 3, so you would enter oid3.
Click Next.
On the Specify Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the check box next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, select Oracle Internet Directory, deselect all the other components, and click Next.
On the Configure Ports screen, you use the oid_ports.ini file you created in Step 2 to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify oid_ports.ini.
Click Save, then click Next.
On the Specify Schema Database screen, select Use Existing Schema and specify the following values:
Connect String: OIDDBHOST1-VIP.mycompany.com:1521:idmdb1^OIDDBHOST2-VIP.mycompany.com:1521:idmdb2@OIDEDG.mycompany.com
Notes:
The Oracle RAC database connect string information must be provided in the format:
host1:port1:instance1^host2:port2:instance2@servicename
During this installation, it is not required that all the Oracle RAC instances to be up. If one Oracle RAC instance is up, the installation can proceed.
You must provide complete and accurate information. Specifically, you must provide the correct host, port, and instance name for each Oracle RAC instance, and the service name you provide must be configured for all the specified Oracle RAC instances.
Any incorrect information entered in the Oracle RAC database connect string must be corrected manually after the installation.
User Name: ODS
Password: password This is the password of the ODS schema in the database as specified when RCU was run.
Click Next.
The ODS Schema in use message appears. The ODS schema chosen is already being used by the existing Oracle Internet Directory instance. Therefore, the new Oracle Internet Directory instance being configured would reuse the same schema.
Choose Yes to continue.
A popup window with this message appears:
"Please ensure that the system time on this Identity Management Node is in sync with the time on other Identity management Nodes that are part of the Oracle Application Server Cluster (Identity Management) configuration. Failure to ensure this may result in unwanted instance failovers, inconsistent operational attributes in directory entries and potential inconsistent behavior of password state policies."
Ensure that the system time is synchronized among all the IDMHOSTs. See Section 5.10, "Synchronize Oracle Internet Directory Nodes" for more information.
Click OK to continue.
On the Specify OID Admin Password screen, specify the Oracle Internet Directory administration password.
Note:
If you see a message saying that OID is not running, verify that the orcladmin account has not become locked and try again. Do not continue until this message is no longer displayed.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not, click Back to modify selections on previous screens. When they are correct, click Configure.
On the Configuration screen, multiple configuration assistants are launched in succession. This process can be lengthy. Wait for the configuration process to finish.
On the Installation Complete screen, click Finish to confirm your choice to exit.
To validate the installation of the Oracle Internet Directory instance on the new LDAP host, issue these commands:
ldapbind -h LDAPHOST.mycompany.com -p 3060 -D "cn=orcladmin" -q ldapbind -h LDAPHOST.mycompany.com -p 3131-D "cn=orcladmin" -q -U 1
where LDAPHOST is the host where the new instance is running.
Note:
Ensure that the following environment variables are set before using ldapbind:
ORACLE_HOME
ORACLE_INSTANCE
PATH - The following directory locations should be in your PATH:
IDM_ORACLE_HOME/bin
IDM_ORACLE_HOME/ldap/bin
IDM_ORACLE_HOME/ldap/admin
All the Oracle Fusion Middleware components deployed in this enterprise deployment are managed by using Oracle Enterprise Manager Fusion Middleware Control. To manage the Oracle Internet Directory component with this tool, you must register the component and the Oracle Fusion Middleware instance that contains it with an Oracle WebLogic Server domain. A component can be registered either at install time or post-install. A previously un-registered component can be registered with a WebLogic domain by using the opmnctl registerinstance command.
To register the Oracle Internet Directory instances installed on the host where the new server instance is running, follow these steps for each instance:
On the new host:
Set ORACLE_HOME to IDM_ORACLE_HOME.
Set ORACLE_INSTANCE to OID_ORACLE_INSTANCE, where OID_ORACLE_INSTANCE is the location of the newly created instance.
Execute the opmnctl registerinstance command:
OID_ORACLE_INSTANCE/bin/opmnctl registerinstance -adminHost WLSHostName -adminPort WLSPort -adminUsername adminUserName
For example:
OID_ORACLE_INSTANCE/bin/opmnctl registerinstance -adminHost ADMINVHN.mycompany.com -adminPort 7001 -adminUsername weblogic
The command requires login to WebLogic Administration Server (ADMINVHN.mycompany.com)
Username: weblogic
Password: *******
Note:
For additional details on registering Oracle Internet Directory components with a WebLogic Server domain, see the "Registering an Oracle Instance or Component with the WebLogic Server" section in Oracle Fusion Middleware Administrator's Guide for Oracle Internet Directory.
On the host where the new instance is running, update the Enterprise Manager Repository URL using the emctl utility with the switchOMS flag. This will enable the local emagent to communicate with the WebLogic Administration Server using the virtual IP address. The emctl utility is located under the OID_ORACLE_INSTANCE/EMAGENT/EMAGENT/bin directory.
Syntax:
./emctl switchOMS ReposURL
For Example:
./emctl switchOMS http://ADMINVHN:7001/em/upload
Output:
./emctl switchOMS http://ADMINVHN.mycompany.com:7001/em/upload Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0. Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved. SwitchOMS succeeded.
Force the agent to reload its configuration by issuing the command:
./emctl reload
Check that the agent is using the correct Upload URL using the command:
./emctl status agent
Validate that the agents on the host where the new server is running are configured properly to monitor their respective targets. Follow these steps to complete this task:
Use a web browser to access Oracle Enterprise Manager Fusion Middleware Control at:
http://ADMINVHN.mycompany.com:7001/em
Log in as the weblogic_idm user.
From the Domain Home Page navigate to the Agent-Monitored Targets page using the menu under Farm -> Agent-Monitored Targets.
Update the WebLogic monitoring user name and the WebLogic monitoring password.
Enter weblogic_idm as the WebLogic monitoring user name and the password for the weblogic_idm user as the WebLogic monitoring password.
Click OK to save your changes.
If you are using SSL Authentication Mode, you must perform the following to ensure that your Oracle Internet Directory instances are capable of accepting requests using this mode. You must configure each Oracle Internet Directory instance independently.
To enable Oracle Internet Directory to communicate using SSL Server Authentication Mode, perform the following steps on the host where the new server is running:
Note:
When you perform this operation, only the Oracle Internet Directory instance you are working on should be running.
Set the ORACLE_HOME, ORACLE_INSTANCE and JAVA_HOME variables. For example:
Set ORACLE_HOME to IDM_ORACLE_HOME.
Set ORACLE_INSTANCE to OID_ORACLE_INSTANCE.
Set JAVA_HOME to DIR_MW_HOME/jdk6
Set the PATH variable to include JAVA_HOME.
To enable SSL Server Authentication use the tool SSLServerConfig which is located in:
ORACLE_COMMON_HOME/bin
For example
$ORACLE_COMMON_HOME/bin/SSLServerConfig.sh -component oid
When prompted, enter the following information:
LDAP Hostname: Central LDAP host, for example: POLICYSTORE.mycompany.com
LDAP port: LDAP_POLICY_LBR_PORT, for example: 389
Admin user DN: cn=orcladmin
Password: orcladmin_password
sslDomain for the CA: IDMDomain Oracle recommends that the SSLDomain name be the same as the Weblogic domain name to make reference easier.
Password to protect your SSL wallet/keystore: COMMON_IDM_PASSWORD
Enter confirmed password for your SSL wallet/keystore: COMMON_IDM_PASSWORD
Password for the CA wallet: certificate_password. This is the master password you used when you ran provisioning.
Country Name 2 letter code: Two letter country code, such as US
State or Province Name: State or province, for example: California
Locality Name: Enter the name of your city, for example: RedwoodCity
Organization Name: Company name, for example: mycompany
Organizational Unit Name: Leave at the default
Common Name: Name of this host, for example: LDAPHOST3.mycompany.com
OID component name: Name of your Oracle Instance, for example: oid1. If you need to determine what your OID component name is, execute the command:
OID_ORACLE_INSTANCE/bin/opmnctl status
WebLogic admin host: Host running the WebLogic Administration Server, for example:. ADMINVHN.mycompany.com
WebLogic admin port: WLS_ADMIN_PORT, for example: 7001
WebLogic admin user: Name of your WebLogic administration user, for example: weblogic
WebLogic password: password.
AS instance name: Name of the new instance you entered in Step 6 of Section 15.4.1.2, "Configuring an Additional Oracle Internet Directory Instance," for example: oid3.
SSL wallet name for OID component [oid_wallet1]: Accept the default
Do you want to restart your OID component: Yes
Do you want to test your SSL setup? Yes
SSL Port of your OID Server: OID_LDAP_SSL_PORT, for example: 3131
Sample output:
Server SSL Automation Script: Release 11.1.1.4.0 - Production Copyright (c) 2010 Oracle. All rights reserved. Downloading the CA wallet from the central LDAP location... >>>Enter the LDAP Hostname [SLC00DRA.mycompany.com]: POLICYSTORE.mycompany.com >>>Enter the LDAP port [3060]: 3060 >>>Enter an admin user DN [cn=orcladmin] >>>Enter password for cn=orcladmin: >>>Enter the sslDomain for the CA [idm]: IDMDomain >>>Enter a password to protect your SSL wallet/keystore: >>>Enter confirmed password for your SSL wallet/keystore: >>>Enter password for the CA wallet: >>>Searching the LDAP for the CA usercertificate ... Importing the CA certifcate into trust stores... >>>Searching the LDAP for the CA userpkcs12 ... Invoking OID SSL Server Configuration Script... Enter attribute values for your certificate DN >>>Country Name 2 letter code [US]: >>>State or Province Name [California]: >>>Locality Name(eg, city) []:Redwood >>>Organization Name (eg, company) [mycompany]: >>>Organizational Unit Name (eg, section) [oid-20110524015634]: >>>Common Name (eg, hostName.domainName.com) [SLC00XXX.mycompany.com]: The subject DN is cn=SLC00DRA.mycompany.com,ou=oid-20110524015634,l=Redwood,st=California,c=US Creating an Oracle SSL Wallet for oid instance... /u01/oracle/products/access/idm/../oracle_common/bin >>>Enter your OID component name: [oid1] >>>Enter the weblogic admin server host [SLC00XXX.mycompany.com] ADMINVHN >>>Enter the weblogic admin port: [7001] >>>Enter the weblogic admin user: [weblogic] >>>Enter weblogic password: >>>Enter your AS instance name:[asinst_1] oid1 >>>Enter an SSL wallet name for OID component [oid_wallet1] Checking the existence of oid_wallet1 in the OID server... Configuring the newly generated Oracle Wallet with your OID component... Do you want to restart your OID component?[y/n]y Do you want to test your SSL set up?[y/n]y >>>Please enter your OID ssl port:[3131] 3131 Please enter the OID hostname:[SLC00DRA.mycompany.com] LDAPHOST3.mycompany.com >>>Invoking IDM_ORACLE_HOM/bin/ldapbind -h LDAPHOST3.mycompany.com -p 3131-U 2 -D cn=orcladmin ... Bind successful Your oid1 SSL server has been set up successfully
Confirm that the script has been successful.
Repeat all the steps in this section, Section 15.4.1.4, "Configuring Oracle Internet Directory to Accept Server Authentication Mode SSL Connections." for each Oracle Internet Directory instance.
If you are accessing your Oracle Internet Directory instances through a load balancer, add the new Oracle Internet Directory instance to the existing server pool defined on the load balancer for distributing requests across the Oracle Internet Directory instances.
The Directory Tier has two nodes, LDAPHOST1 and LDAPHOST2, each running an Oracle Virtual Directory instance.
When scaling up, you can use existing Oracle Identity Management binaries on either node for creating the new Oracle Virtual Directory instance.
To add a new Oracle Virtual Directory instance to either Oracle Virtual Directory node, or to scale out Oracle Virtual Directory instances, perform the steps in the following subsections:
Section 15.4.2.1, "Assembling Information for Scaling Oracle Virtual Directory"
Section 15.4.2.2, "Configuring an Additional Oracle Virtual Directory"
Section 15.4.2.4, "Creating ODSM Connections to Oracle Virtual Directory"
Section 15.4.2.5, "Creating Adapters in Oracle Virtual Directory"
Assemble the following information before scaling Oracle Virtual Directory.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host Name |
LDAPHOST3.mycompany.com |
||
|
OVD Listen Port |
|
6501 |
|
|
OVD SSL Port |
|
7501 |
|
|
Oracle Virtual Directory Proxy Port |
|
8899 |
|
|
Oracle Instance Location |
|
|
|
|
OVD Existing Instance/Component Name |
|
|
|
|
Newly Created Instance/Component Name |
|
|
|
|
OVD Administrator Password |
|||
|
WebLogic Admin Host |
|
ADMINVHN.mycompany.com |
|
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic Admin User |
|
weblogic_idm |
|
|
WebLogicAdmin Password |
|||
|
Back end Identity Store host |
|
OIDIDSTORE.mycompany.com |
|
|
Back end Identity Store port |
|
3060 |
|
|
Identity Store LDAP admin password |
|||
|
Password to protect your SSL wallet/keystore |
|
||
|
Password for the CA wallet (created when you ran IdM Provisioning Wizard) |
|
Follow these steps to configure the new Oracle Virtual Directory instance:
Ensure that ports you are using (OVD_PORT and OVD_SSL_PORT in Section 3.7, "Fixed Ports Used by the Provisioning Wizard") are not in use by any service on the computer by issuing these commands for the operating system you are using.
On Linux:
netstat -an | grep "6501" netstat -an | grep "7501"
If a port is not in use, no output is returned from the command. If the ports are in use (that is, if the command returns output identifying either port), you must free the port.
On Linux:
Remove the entries for ports used by Oracle Virtual Directory in the /etc/services file and restart the services, as described in Section 16.1, "Starting and Stopping Components," or restart the computer.
Create a file containing the ports used by Oracle Virtual Directory. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called ovd_ports.ini. Delete all entries in ovd_ports.ini except for Non-SSL Port for Oracle Virtual Directory and SSL Port for Oracle Virtual Directory. Change the values of those ports to the ports you want to use, for example: 3060 and 3131.
Note:
If the port names in the file are slightly different from those listed in this step, use the names in the file.
Start the Oracle Identity Management 11g Configuration Wizard by running OID_ORACLE_HOME/bin/config.sh.
On the Welcome screen, click Next.
On the Select Domain screen, select Configure without a Domain.
Click Next.
On the Specify Installation Location screen, specify the following values:
Oracle Instance Location: OVD_ORACLE_INSTANCE
Oracle Instance Name: ovdn, where n is a sequential number for the instance. For example, if you already have two instances configured, n will be 3, so you would enter ovd3.
Click Next.
On the Specify Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the check box next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, select Oracle Virtual Directory, deselect all the other components, and click Next.
On the Configure Ports screen, you use the ovd_ports.ini file you created in Step 2 to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify ovd_ports.ini.
Click Save, then click Next.
On the Specify Virtual Directory screen: In the Client Listeners section, enter:
LDAP v3 Name Space: REALM_DN in Section 6.1, "Assembling Information for Identity Management Provisioning," for example: dc=mycompany,dc=com
In the OVD Administrator section, enter:
Administrator User Name: cn=orcladmin
Password: administrator_password
Confirm Password: administrator_password
Select Configure the Administrative Server in secure mode.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not, click Back to modify selections on previous screens. When they are correct, click Configure.
On the Configuration screen, multiple configuration assistants are launched in succession. This process can be lengthy. Wait for the configuration process to finish.
Click Next.
On the Installation Complete screen, click Finish to confirm your choice to exit.
To validate the installation of the Oracle Virtual Directory instance on the host, issue these commands:
ldapbind -h LDAPHOST.mycompany.com -p 6501 -D "cn=orcladmin" -q ldapbind -h LDAPHOST.mycompany.com -p 7501 -D "cn=orcladmin" -q -U 1
where LDAPHOST is the host where the new instance is running.
Note:
Ensure that the following environment variables are set before using ldapbind:
Set ORACLE_HOME to OID_ORACLE_HOME.
Set ORACLE_INSTANCE to OVD_ORACLE_INSTANCE.
PATH - The following directory locations should be in your PATH:
OID_ORACLE_HOME/bin
OID_ORACLE_HOME/ldap/bin
OID_ORACLE_HOME/ldap/admin
This section contains the following topics:
All the Oracle Fusion Middleware components deployed in this enterprise deployment are managed by using Oracle Enterprise Manager Fusion Middleware Control. To manage the Oracle Virtual Directory component with this tool, you must register the component and the Oracle Fusion Middleware instance that contains it with an Oracle WebLogic Server domain. A component can be registered either at install time or post-install. A previously un-registered component can be registered with a WebLogic domain by using the opmnctl registerinstance command.
To register the Oracle Virtual Directory instances, follow these steps on the host where the new instance is running:
Set the ORACLE_HOME to OID_ORACLE_HOME.
Set ORACLE_INSTANCE to OVD_ORACLE_INSTANCE1, where OVD_ORACLE_INSTANCE1 is the location of the newly-created instance.
Execute the opmnctl registerinstance command:
OVD_ORACLE_INSTANCE/bin/opmnctl registerinstance -adminHost WLSHostName -adminPort WLSPort -adminUsername adminUserName
For example:
OVD_ORACLE_INSTANCE/bin/opmnctl registerinstance \
-adminHost ADMINVHN.mycompany.com -adminPort 7001 -adminUsername weblogic
The command requires login to WebLogic Administration Server.
Username: weblogic
Password: password
Note:
For additional details on registering Oracle Virtual Directory components with a WebLogic Server domain, see the "Registering an Oracle Instance Using OPMNCTL" section in Oracle Fusion Middleware Administrator's Guide for Oracle Virtual Directory.
In order to manage Oracle Virtual Directory by using Oracle Enterprise Manager Fusion Middleware Control, you must update the Enterprise Manager Repository URL to point to the virtual IP address associated with the WebLogic Administration Server. Do this using the emctl utility with the switchOMS flag. This will enable the local emagent to communicate with the WebLogic Administration Server using the virtual IP address. The emctl utility is located under the OVD_ORACLE_INSTANCE/EMAGENT/EMAGENT/bin directory.
Syntax:
./emctl switchOMS ReposURL
For Example:
./emctl switchOMS http://ADMINVHN:7001/em/upload
Output:
./emctl switchOMS http://ADMINVHN.mycompany.com:7001/em/upload Oracle Enterprise Manager 10g Release 5 Grid Control 10.2.0.5.0. Copyright (c) 1996, 2009 Oracle Corporation. All rights reserved. SwitchOMS succeeded.
Force the agent to reload its configuration by issuing the command:
./emctl reload
Check that the agent is using the correct Upload URL using the command:
./emctl status agent
Validate if the agents on the host where the new instance is running are configured properly to monitor their respective targets. Follow these steps to complete this task:
Use a web browser to access Oracle Enterprise Manager Fusion Middleware Control at http://ADMINVHN.mycompany.com:7001/em. Log in as the weblogic_idm user.
From the Domain Home Page navigate to the Agent-Monitored Targets page using the menu under Farm -> Agent-Monitored Targets
Update the WebLogic monitoring user name and the WebLogic monitoring password.
Enter weblogic_idm as the WebLogic monitoring user name and the password for the weblogic user as the WebLogic monitoring password.
Click OK to save your changes.
Before configuring Oracle Virtual Directory for SSL, set the ORACLE_HOME, ORACLE_INSTANCE and JAVA_HOME variables. For example, on the new LDAPHOST, set ORACLE_HOME to OID_ORACLE_HOME, set ORACLE_INSTANCE to OVD_ORACLE_INSTANCE, set JAVA_HOME to JAVA_HOME, and add JAVA_HOME to your PATH variable.
Start the SSL Configuration Tool by issuing the command SSLServerConfig command which is located in the directory ORACLE_COMMON_HOME/bin directory.
For example:
ORACLE_COMMON_HOME/bin/SSLServerConfig.sh -component ovd
When prompted, enter the following information:
LDAP Hostname: Central LDAP host, for example: POLICYSTORE.mycompany.com
Note:
It is recommended that you use the Policy Store directory, not the Identity Store.
LDAP port: LDAP port, for example: 3060 (OID_LDAP_PORT)
Admin user DN: cn=orcladmin
Password: administrator_password
sslDomain for the CA: IDMDomain
Password to protect your SSL wallet/keystore: password_for_local_keystore
Enter confirmed password for your SSL wallet/keystore: password_for_local_keystore
Password for the CA wallet: certificate_password. This is the master password you crated when you ran provisioning.
Country Name 2 letter code: Two letter country code, such as US
State or Province Name: State or province, for example: California
Locality Name: Enter the name of your city, for example: RedwoodCity
Organization Name: Company name, for example: mycompany
Organizational Unit Name: Leave at the default
Common Name: Name of this host, for example: LDAPHOST3.mycompany.com
OVD Instance Name: for example, ovd1. If you need to determine what your OVD component name is, execute the command:
OVD_ORACLE_INSTANCE/bin/opmnctl status
Oracle instance name: Name of your newly created Oracle instance, for example: ovd3
WebLogic admin host: Host running the WebLogic Administration Server, for example:. ADMINVHN.mycompany.com
WebLogic admin port: WebLogic Administration Server port, for example: 7001 (WLS_ADMIN_PORT)
WebLogic admin user: Name of your WebLogic administration user, for example: weblogic
WebLogic password: password.
SSL wallet name for OVD component [ovdks1.jks]: Accept the default
When asked if you want to restart your Oracle Virtual Directory component, enter Yes.
When asked if you would like to test your OVD SSL connection, enter Yes. Ensure that the test is a success.
Before you can manage Oracle Virtual Directory you must create connections from ODSM to each of your Oracle Virtual Directory instances. To do this, proceed as follows:
Access ODSM through the load balancer at: http://ADMIN.mycompany.com/odsm
Follow these steps to create connections to Oracle Virtual Directory:
To create connections to Oracle Virtual Directory, follow these steps. Create connections to each Oracle Virtual Directory node separately. Using the Oracle Virtual Directory load balancer virtual host from ODSM is not supported:
Create a direct connection to Oracle Virtual Directory on the new host providing the following information in ODSM:
Host: LDAPHOST.mycompany.com
Port: 8899 (The Oracle Virtual Directory proxy port, OVD_ADMIN_PORT in Section 3.7, "Fixed Ports Used by the Provisioning Wizard")
Enable the SSL option.
User: cn=orcladmin
Password: password_to_connect_to_OVD
Create a direct connection to Oracle Virtual Directory on the host where your new instance is running, providing the following information in ODSM:
Host: LDAPHOST.mycompany.com
Port: 8899 (The Oracle Virtual Directory proxy port)
Enable the SSL option.
User: cn=orcladmin
Password: password_to_connect_to_OVD
Oracle Virtual Directory communicates with other directories through adapters.
The procedure is slightly different, depending on the directory you are connecting to. The following sections show how to create and validate adapters for supported directories:
You can use idmConfigTool to create the Oracle Virtual Directory User and Changelog adapters for Oracle Internet Directory and Active Directory. Oracle Identity Manager requires adapters. It is highly recommended, though not mandatory, that you use Oracle Virtual Directory to connect to Oracle Internet Directory.
To do this, perform the following tasks on IDMHOST1:
Set the environment variable ORACLE_HOME to IAM_ORACLE_HOME.
Create a properties file for the adapter you are configuring called ovd1.props. The contents of this file depends on whether you are configuring the Oracle Internet Directory adapter or the Active Directory Adapter.
Oracle Internet Directory adapter properties file:
ovd.host:LDAPHOST.mycompany.com
ovd.port:8899
ovd.binddn:cn=orcladmin
ovd.password:ovdpassword
ovd.oamenabled:true
ovd.ssl:true
ldap1.type:OID
ldap1.host:OIDIDSTORE.mycompany.com
ldap1.port:3060
ldap1.binddn:cn=oimLDAP,cn=systemids,dc=mycompany,dc=com
ldap1.password:oidpassword
ldap1.ssl:false
ldap1.base:dc=mycompany,dc=com
ldap1.ovd.base:dc=mycompany,dc=com
usecase.type: single
Active Directory adapter properties file:
ovd.host:LDAPHOST.mycompany.com
ovd.port:8899
ovd.binddn:cn=orcladmin
ovd.password:ovdpassword
ovd.oamenabled:true
ovd.ssl:true
ldap1.type:AD
ldap1.host:ADIDSTORE.mycompany.com
ldap1.port:636
ldap1.binddn:cn=adminuser
ldap1.password:adpassword
ldap1.ssl:true
ldap1.base:dc=mycompany,dc=com
ldap1.ovd.base:dc=mycompany,dc=com
usecase.type: single
The following list describes the parameters used in the properties file.
ovd.host is the host name of a server running Oracle Virtual Directory.
ovd.port is the https port used to access Oracle Virtual Directory (OVD_ADMIN_PORT) in Section 3.7, "Fixed Ports Used by the Provisioning Wizard."
ovd.binddn is the user DN you use to connect to Oracle Virtual Directory.
ovd.password is the password for the DN you use to connect to Oracle Virtual Directory.
ovd.oamenabled is always true in Fusion Applications deployments.
ovd.ssl is set to true, as you are using an https port.
ldap1.type is set to OID for the Oracle Internet Directory back end directory or set to AD for the Active Directory back end directory.
ldap1.host is the host on which back end directory is located. Use the load balancer name.
ldap1.port is the port used to communicate with the back end directory (OID_LDAP_PORT or OID_LDAP_SSL_PORT in Section 6.1, "Assembling Information for Identity Management Provisioning").
ldap1.binddn is the bind DN of the oimLDAP user.
ldap1.password is the password of the oimLDAP user
ldap1.ssl is set to true if you are using the back end's SSL connection, and otherwise set to false. This should always be set to true when an adapter is being created for AD.
ldap1.base is the base location in the directory tree.
ldap1.ovd.base is the mapped location in Oracle Virtual Directory.
usecase.type is set to Single when using a single directory type.
Configure the adapter by using the idmConfigTool command, which is located at:
IAM_ORACLE_HOME/idmtools/bin
Note:
When you run the idmConfigTool, it creates or appends to the file idmDomainConfig.param. This file is generated in the same directory that the idmConfigTool is run from. To ensure that each time the tool is run, the same file is appended to, always run the idmConfigTool from the directory:
IAM_ORACLE_HOME/idmtools/bin
The syntax of the command is:
idmConfigTool.sh -configOVD input_file=configfile [log_file=logfile]
For example:
idmConfigTool.sh -configOVD input_file=ovd1.props
The command requires no input. The output looks like this:
The tool has completed its operation. Details have been logged to logfile
Run this command for the newly created Oracle Virtual Directory instance in your topology, with the appropriate value for ovd.host in the property file.
Perform the following tasks by using ODSM:
Access ODSM through the load balancer at: http://ADMIN.mycompany.com/odsm
Connect to Oracle Virtual Directory.
Go the Data Browser tab.
Expand Client View so that you can see each of your user adapter root DN's listed.
Expand the user adapter root DN, if there are objects already in the back end LDAP server, you should see those objects here.
ODSM doesn't support changelog query, so you cannot expand the cn=changelog subtree.
Perform the following tasks by using the command-line:
Validate the user adapters by typing:
ldapsearch -h directory_host -p ldap_port -D "cn=orcladmin" -q -b user_search_base -s sub "objectclass=inetorgperson" dn
For example:
ldapsearch -h LDAPHOST.mycompany.com -p 6501 -D "cn=orcladmin" -q -b "cn=Users,dc=mycompany,dc=com" -s sub "objectclass=inetorgperson" dn
Supply the password when prompted.
You should see the user entries that already exist in the back end LDAP server.
Validate changelog adapters by typing:
ldapsearch -h directory_host -p ldap_port -D "cn=orcladmin" -q -b "cn=changelog" -s one "changenumber>=0"
For example:
ldapsearch -h LDAPHOST -p 6501 -D "cn=orcladmin" -q -b "cn=changelog" -s one "changenumber>=0"
The command returns logs of data, such as creation of all the users. It returns without error if the changelog adapters are valid.
Validate lastchangenumber query by typing:
ldapsearch -h directory_host -p ldap_port -D "cn=orcladmin" -q -b "cn=changelog" -s base 'objectclass=*' lastchangenumber
For example:
ldapsearch -h LDAPHOST3 -p 6501 -D "cn=orcladmin" -q -b "cn=changelog" -s base 'objectclass=*' lastchangenumber
The command returns the latest change number generated in the back end LDAP server.
If you are accessing your Oracle Virtual Directory instances through a load balancer, add the new Oracle Virtual Directory instance to the existing server pool defined on the load balancer for distributing requests across the Oracle Virtual Directory instances.
The Application Tier has two nodes (IDMHOST1 and IDMHOST2) running Managed Servers for Oracle Access Manager, Oracle Identity Federation, Oracle Directory Services Manager, and Oracle Identity Manager.
This section contains the following topics:
Section 15.5.1, "Mounting Middleware Home and Creating a New Machine when Scaling Out"
Section 15.5.2, "Creating a New Node Manager when Scaling Out"
Section 15.5.8, "Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files"
When scaling out a component of the Application Tier, perform these steps first:
On the new node, mount the existing Middleware home, which should include the Oracle Fusion Middleware installation and the domain directory, and ensure that the new node has access to this directory, just like the rest of the nodes in the domain. See Section 5.7, "Mounting Shared Storage Onto the Host" for more information.
To attach IAM_HOME in shared storage to the local Oracle Inventory, execute the following command:
cd IAM_ORACLE_HOME/oui/bin ./attachHome.sh -jreLoc JAVA_HOME
To update the Middleware home list, create (or edit, if another WebLogic installation exists in the node) the IAM_MW_HOME/bea/beahomelist file and add IAM_MW_HOME/oui/bin to it.
Log in to the WebLogic Administration Console at: http://ADMIN.mycompany.com/console
Create a new machine for the new node to be used, and add the machine to the domain, as follows.
Select Environment -> Machines from the Navigation menu.
Click Lock and Edit.
Click New on the Machine Summary screen.
Enter the following information:
Name: Name of the machine. This is usually the host name.
Machine OS: Select UNIX.
Click Next.
On the Node Manager Properties page, enter the following information:
Type: SSL.
Listen Address: Use the host name.
Click Finish.
Click Activate Changes.
Node Manager is used to start and stop WebLogic managed servers on the new host. In order to create a new node manager for the new host perform the following steps:
Create a new directory for the new node manager by copying an existing one. Copy the directory SHARED_CONFIG_DIR/nodemanger/idmhost1.mycompany.com to: SHARED_CONFIG_DIR/nodemanger/newidmhost.mycompany.com
For example:
cp -r $SHARED_CONFIG_DIR/nodemanger/idmhost1.mycompany.com $SHARED_CONFIG_DIR/nodemanger/newidmhost.mycompany.com
Change to the newly created directory.
cd SHARED_CONFIG_DIR/nodemanger/newidmhost.mycompany.com
Edit the nodemanager.properties file, changing all the entries for IDMHOST1 to newidmhost. For example:
DomainsFile=/u01/oracle//config/nodemanager/IDMHOST1.mycompany.com/nodemanager.domain
becomes
DomainsFile=/u01/oracle//config/nodemanager/newidmhost.mycompany.com/nodemanager.domain
Edit the startNodeManagerWrapper.sh file, changing all the entries for IDMHOST1 to IDMHOST3. For example:
NM_HOME=/u01/oracle/config/nodemanager/idmhost1.mycompany.com
becomes
NM_HOME=/u01/oracle/config/nodemanager/idmhost3.mycompany.com
Start the node manager by invoking the command:
./startNodeManagerWrapper.sh
To scale up ODSM, use the existing installations (WebLogic Server home, Oracle Fusion Middleware home, and domain directories) for creating a new Managed Server for the Oracle Directory Services Manager component.
To scale out, use the existing installations in shared storage for creating the new Managed Servers. You do not need to install WebLogic Server or Identity Management binaries in a new location but you do need to run pack and unpack to move files to MSERVER on the new node. (This is described in Section 15.5.5.7, "Completing the Oracle Identity Manager Configuration Steps.")
To scale ODSM instances, follow these steps:
Assemble the following information for scaling ODSM.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host name |
IDMHOST3.mycompany.com |
||
|
ODSM Port |
|
7005 |
|
|
Oracle Instance Location/Name |
|
|
|
|
Oracle Middleware Home Location |
|
|
|
|
Oracle Home Directory |
|
||
|
WebLogic Admin host |
ADMINVHN.mycompany.com |
||
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic User Name |
weblogic_idm |
||
|
WebLogic Password |
|
||
|
WebLogic Server Directory |
|
||
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
If you plan on provisioning the Instance Home or the Managed Server domain directory on shared storage, ensure that the appropriate shared storage volumes are mounted on the new host as described in Section 15.5.1, "Mounting Middleware Home and Creating a New Machine when Scaling Out."
If you are scaling out, you can use the default port (ODSM_PORT in Section 6.1, "Assembling Information for Identity Management Provisioning"). If you are scaling up, you must choose a unique port for this instance. Ensure that port number you are using is not in use by any service on the computer by issuing this command for the operating system you are using. If a port is not in use, no output is returned from the command.
On Linux:
netstat -an | grep "7005"
If the port is in use (if the command returns output identifying the port), you must free it.
On Linux:
Remove the entries for port 7005 (ODSM_PORT) in the /etc/services file if the port is in use by a service and restart the services, as described in Section 16.1, "Starting and Stopping Components," or restart the computer.
Create a file containing the ports used by ODSM. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called odsm_ports.ini. Delete all entries in odsm_ports.ini except for ODSM Server Port No. Change the values of ODSM Server Port No. to the value you want to use. If you are scaling out, you can use the default port, 7005 (ODSM_PORT in Section 6.1, "Assembling Information for Identity Management Provisioning"). If you are scaling up, choose a unique port for this instance.
Note:
If the port name in the file is slightly different from those listed in this step, use the name in the file.
Start the Oracle Identity Management 11g Configuration Wizard by running the config.sh script located under the IDM_ORACLE_HOME/bin directory on the new host. For example: IDM_ORACLE_HOME/bin
On the Welcome screen, click Next.
On the Select Domain screen, select the Expand Cluster option and specify these values:
Hostname: ADMINVHN.mycompany.com
Port: 7001 (WLS_ADMIN_PORT)
UserName: weblogic_idm
User Password: password for the webLogic user
Click Next.
A dialog box with the following message appears:
The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid.
Click YES to continue.
This is a benign warning that you can safely ignore.
If you are scaling out, on the Specify Installation Location screen, specify the following values. The values for the Oracle Middleware Home Location and the Oracle Home Directory fields are prefilled. The values default to the Middleware home and Oracle home previously installed on IDMHOST1. Choose a new instance using a sequential number.
Oracle Middleware Home Location: IAM_MW_HOME
Oracle Home Directory: idm
WebLogic Server Directory: IAM_MW_HOME /wlserver_10.3
Oracle Instance Location: ODS_ORACLE_INSTANCE
Oracle Instance Name: ODS_ORACLE_INSTANCE
Click Next.
On the Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the check box next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, de-select all the products except ODSM and then click Next.
On the Configure Ports screen, you use the odsm_ports.ini file you created in Step 4 to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify odsm_ports.ini.
Click Save, then click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Configure.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.
Add the newly added Managed Server host name and port to the list WebLogicCluster parameter, as described in Section 15.5.8, "Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files."
To scale up, use the existing installations (WebLogic Server home, Oracle Fusion Middleware home, and domain directories) for creating a new Managed Server for the Oracle Access Manager component.
Use the existing binaries in shared storage for creating the new Managed Servers. You do not need to install WebLogic Server or Identity Management binaries in a new location but you do need to run pack and unpack to bootstrap the domain configuration in the new node.
Note:
If you are using shared storage, allow the new host access to that shared storage area.
Scale Oracle Access Manager by performing the steps in the following subsections:
Section 15.5.4.1, "Assembling Information for Scaling Oracle Access Manager"
Section 15.5.4.3, "Configure New Oracle Access Manager Server"
Section 15.5.4.5, "Register Managed Server with Oracle Access Manager"
Assemble the following information before scaling Oracle Access Manager.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host Name |
|
||
|
Existing OAM server |
|
||
|
New OAM server name |
|
|
|
|
Server Listen Address |
|||
|
Server Listen Port |
|
14100 |
|
|
WebLogic Admin Host |
ADMINVHN.mycompany.com |
||
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic Admin User |
weblogic_idm |
||
|
WebLogic Admin Password |
The following steps are necessary only if you are scaling out.
Ensure that shared storage is mounted on the new node, as described in Section 15.5.1, "Mounting Middleware Home and Creating a New Machine when Scaling Out."
To update the Middleware home list, create (or edit, if another WebLogic installation exists in the node) the IAM_MW_HOME/bea/beahomelist file and add IAM_MW_HOME to it.
Log in to the Oracle WebLogic Administration Console at: http://ADMIN.mycompany.com/console
From the Domain Structure window of the Oracle WebLogic Server Administration Console, expand the Environment node and then Servers. The Summary of Servers page appears.
Click Lock & Edit from the Change Center menu.
Select an existing server on the host you want to extend, for example: WLS_OAM1.
Click Clone.
Enter the following information:
Server Name: A new name for the server, for example: WLS_OAM3.
Server Listen Address: The name of the host on which the Managed Server runs.
Server Listen Port: The port the new Managed Server uses. This port must be unique within the host.
If you are scaling out, you can use the default port, 14100 (OAM_PORT in Table 6-1). If you are scaling up, choose a unique port.
Click OK.
Click the newly created server WLS_OAM3
Set Machine to be the machine you created in Section 15.5.1, "Mounting Middleware Home and Creating a New Machine when Scaling Out."
Click Save.
Disable host name verification for the new Managed Server. Before starting and verifying the WLS_OAM3 Managed Server, you must disable host name verification. You can re-enable it after you have configured server certificates for the communication between the Oracle WebLogic Administration Server and the Node Manager in IDMHOSTn.
If the source server from which the new one was cloned had already disabled host name verification, these steps are not required, as the host name verification settings were propagated to the cloned server. To disable host name verification:
In Oracle Enterprise Manager Fusion Middleware Control, select Oracle WebLogic Server Administration Console.
Expand the Environment node in the Domain Structure window.
Click Servers. The Summary of Servers page appears.
Select WLS_OAM3 in the Names column of the table. The Settings page for server appears.
Click the SSL tab.
Click Advanced.
Set Hostname Verification to None.
Click Save.
Click Activate Changes from the Change Center menu.
Run pack and unpack as described in Section 15.5.7, "Running Pack/Unpack."
Register the new Managed Server with Oracle Access Manager. You now must configure the new Managed Server now as an Oracle Access Manager server. You do this from the Oracle OAM console. Proceed as follows:
Log in to the OAM console at http://ADMIN.mycompany.com/oamconsole as the user identified by the entry in Section 8.2, "Update User Names in Provisioning Response File."
Click the System Configuration tab.
Click Server Instances.
Select Create from the Actions menu.
Enter the following information:
Server Name: WLS_OAM3
Host: Host that the server runs on
Port: Listen port that was assigned when the Managed Server was created
OAM Proxy Port: Port you want the Oracle Access Manager proxy to run on. This is unique for the host
Proxy Server ID: AccessServerConfigProxy
Mode: Set to same mode as existing Oracle Access Manager servers.
Click Coherence tab.
Set Local Port to a unique value on the host.
Click Apply.
Restart the WebLogic Administration Server as described in Section 16.1, "Starting and Stopping Components."
Add the newly created Oracle Access Manager server to all WebGate Profiles that might be using it, such as Webgate_IDM, Webgate_IDM_11g, and IAMSuiteAgent
For example, to add the Oracle Access Manager server to Webgate_IDM, access the OAM console at: http://ADMIN.mycompany.com/oamconsole
Then proceed as follows:
Log in as the Oracle Access Manager Admin User.
Click the System Configuration tab.
Expand Access Manager Settings - SSO Agents - OAM Agents.
Click the open folder icon, then click Search.
You should see the WebGate agent Webgate_IDM.
Click the agent Webgate_IDM.
Select Edit from the Actions menu.
Click + in the Primary Server list (or the Secondary Server list if this is a secondary server).
Select the newly created managed server from the Server list.
Set Maximum Number of Connections to 10.
Click Apply.
Repeat Steps 5 through 10 for Webgate_IDM_11g, IAMSuiteAgent, and all other WebGates that might be in use.
You can now start the new Managed Server, as described in Section 16.1, "Starting and Stopping Components."
Add the newly added Managed Server host name and port to the list WebLogicCluster parameter, as described in Section 15.5.8, "Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files."
Save the file and restart the Oracle HTTP server, as described in Section 16.1, "Starting and Stopping Components."
You already have a node that runs a Managed Server configured with Oracle SOA Suite and Oracle Identity Manager components. The node contains a Middleware home, a SOA Oracle home, an Oracle Identity Manager Oracle home, and a domain directory for existing Managed Servers. Use the existing installations in shared storage for creating a new WLS_SOA and WLS_OIM managed server. There is no need to install the Oracle Identity and Access Management or Oracle SOA Suite binaries in a new location
When scaling up, you add WLS_SOA and WLS_OIM managed servers to existing nodes.
In either case, you must run pack and unpack.
When you scale out the topology, you add new Managed Servers configured with OIM and SOA to new nodes. First check that the new node can access the existing home directories for WebLogic Server, OIM, and SOA. You do need to run pack and unpack to bootstrap the domain configuration in the new node.
Follow the steps in the following subsections to scale the topology:
Section 15.5.5.1, "Assembling Information for Scaling Oracle Identity Manager"
Section 15.5.5.3, "Mounting Middleware Home and Creating a New Machine when Scaling Out"
Section 15.5.5.6, "Configuring Oracle Coherence for Deploying Composites"
Section 15.5.5.7, "Completing the Oracle Identity Manager Configuration Steps"
Assemble the following information before scaling Oracle Identity Manager.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host name |
|
|
|
|
SOA virtual server name |
SOAHOSTxVHN |
||
|
OIM virtual server name |
OIMHOSTxVHN |
||
|
SOA managed server to clone |
|
|
|
|
OIM managed server to clone |
|
|
|
|
SOA managed server name |
|
|
|
|
OIM managed server name |
|
|
|
|
Numeric extension for new JMS servers |
|
3 |
|
|
WebLogic Admin Host |
ADMINVHN.mycompany.com |
||
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic Admin User |
weblogic_idm |
||
|
WebLogic Admin Password |
Follow this procedure twice, once to clone WLS_SOA1 and once again to clone WLS_OIM1.
Log in to the Administration Console at: http://ADMIN.mycompany.com/console
Clone the WLS_OIM1 or the WLS_SOA1 into a new Managed Server. The source Managed Server to clone should be one that already exists on the node where you want to run the new Managed Server.
To clone a Managed Server:
Select Environment -> Servers from the Administration Console.
From the Change Center menu, click Lock and Edit.
Select the Managed Server that you want to clone (for example, WLS_OIM1 or WLS_SOA1).
Select Clone.
Name the new Managed Server WLS_OIMn or WLS_SOAn, where n is a number to identify the new Managed Server.
The rest of the steps assume that you are adding a new server to IDMHOST1, which is already running WLS_SOA1 and WLS_OIM1.
For the listen address, assign the host name or IP address to use for this new Managed Server. If you are planning to use server migration as recommended for this server, this should be the VIP (also called a floating IP) to enable it to move to another node. The VIP should be different from the one used by the Managed Server that is already running.
Mount the Middleware home, as described in Section 15.5.1, "Mounting Middleware Home and Creating a New Machine when Scaling Out."
Create JMS Servers for SOA, Oracle Identity Manager, UMS, and BPM on the new Managed Server. You do this as follows:
Log in to the WebLogic Administration Server and navigate to Services -> Messaging -> JMS Servers.
Click New.
Enter a value for Name, such as BPMJMSServer_auto_3.
Click Create New Store.
Select FileStore from the list
Click Next.
Enter a value for Name, such as BPMJMSFileStore_auto_3
Enter the following values:
Target: The new server you are creating.
Directory: ASERVER_HOME/jms/BPMJMSFileStore_auto_3
Click OK.
When you are returned to the JMS Server screen, select the newly created file store from the list.
Click Next.
On the next screen set the Target to the server you are creating.
Click Finish.
Create the following JMS Queues depending on the managed server you are creating:
| Server | JMS Server Name | File Store Name | Directory | Target |
|---|---|---|---|---|
|
WLS_SOAn |
BPMJMSServer_auto_n |
BPMJMSFileStore_auto_n |
|
WLS_SOAn |
|
WLS_SOAn |
SOAJMSServer_auto_n |
SOAJMSFileStore_auto_n |
|
WLS_SOAn |
|
WLS_SOAn |
UMSJMSServer_auto_n |
UMSJMSFileStore_auto_n |
|
WLS_SOAn |
|
wls_OIMn |
OIMJMSServer_auto_n |
OIMJMSFileStore_auto_n |
|
wls_OIMn |
|
wls_OIMn |
PS6SOAJMSServer_auto_n |
PS6SOAJMSFileStore_auto_n |
|
wls_OIMn |
Add the newly created JMS Queues to the existing JMS Modules by performing the following steps:
Log in to the WebLogic Administration Console
Navigate to Services -> Messaging -> JMS Modules
Click a JMSModule, such as SOAJMSModule
Click the Sub Deployments tab.
Click the listed sub deployment.
Note:
This subdeployment module name is a random name in the form of JMSServerNameXXXXXX resulting from the Configuration Wizard JMS configuration.
Assign the newly created JMS server, for example SOAJMSServer_auton.
Click Save.
Perform this for each of the JMS modules listed in the following table:
| JMS Module | JMS Server |
|---|---|
|
BPMJMSModule |
BPMJMSServer_auto_n |
|
JRFWSAsyncJmsModule |
JRFWSAsyncJmServer_auto_n |
|
OIMJMSModule |
OIMJMSServer_auto_n |
|
SOAJMSModule |
SOAJMSServer_auto_n |
|
UMSJMSSystemResource |
UMSJMSServe_auto_n |
Click Activate Configuration from the Change Center menu.
This section is necessary only when you are scaling out.
Run pack and unpack as described in Section 15.5.7, "Running Pack/Unpack."
Although deploying composites uses multicast communication by default, Oracle recommends using unicast communication in SOA enterprise deployments. Use unicast if you disable multicast communication for security reasons.
Unicast communication does not enable nodes to discover other cluster members in this way. Consequently, you must specify the nodes that belong to the cluster. You do not need to specify all of the nodes of a cluster, however. You need only specify enough nodes so that a new node added to the cluster can discover one of the existing nodes. As a result, when a new node has joined the cluster, it is able to discover all of the other nodes in the cluster. Additionally, in configurations such as SOA enterprise deployments where multiple IPs are available in the same system, you must configure Oracle Coherence to use a specific host name to create the Oracle Coherence cluster.
Note:
An incorrect configuration of the Oracle Coherence framework used for deployment may prevent the SOA system from starting. The deployment framework must be properly customized for the network environment on which the SOA system runs. Oracle recommends the configuration described in this section.
Specify the nodes using the tangosol.coherence.wkan system property, where n is a number between 1 and 9. You can specify up to 9 nodes. Start the numbering at 1. This numbering must be sequential and must not contain gaps. In addition, specify the host name used by Oracle Coherence to create a cluster through the tangosol.coherence.localhost system property. This local host name should be the virtual host name used by the SOA server as the listener addresses, for example: SOAHOST3VHN. Set this property by adding the -Dtangosol.coherence.localhost parameters to the Arguments field of the Oracle WebLogic Server Administration Console's Server Start tab. You will also need to add the new server to the existing entries.
Use the Administration Console to specify a host name used by Oracle Coherence.
To add the host name used by Oracle Coherence:
Log into the Oracle WebLogic Server Administration Console.
In the Domain Structure window, expand the Environment node.
Click Servers. The Summary of Servers page appears.
Click the name of the server (WLS_SOA1 or WLS_SOA2, which are represented as hyperlinks) in Name column of the table. The settings page for the selected server appears.
Click Lock & Edit.
Click the Server Start tab.
Enter the following for WLS_SOA1, WLS_SOA2, and WLS_SOA3 into the Arguments field.
For WLS_SOA1, enter the following:
-Dtangosol.coherence.wka1=SOAHOST1VHN -Dtangosol.coherence.wka2=SOAHOST2VHN -Dtangosol.coherence.wka3=SOAHOST3VHN -Dtangosol.coherence.localhost=SOAHOST1VHN
For WLS_SOA2, enter the following:
-Dtangosol.coherence.wka1=SOAHOST1VHN -Dtangosol.coherence.wka2=SOAHOST2VHN -Dtangosol.coherence.wka3=SOAHOST3VHN -Dtangosol.coherence.localhost=SOAHOST2VHN
For WLS_SOA3, enter the following:
-Dtangosol.coherence.wka1=SOAHOST1VHN -Dtangosol.coherence.wka2=SOAHOST2VHN -Dtangosol.coherence.wka3=SOAHOST3VHN -Dtangosol.coherence.localhost=SOAHOST3VHN
Note:
There should be no breaks in lines between the different -D parameters. Do not copy or paste the text to your Administration Console's arguments text field. It may result in HTML tags being inserted in the Java arguments. The text should not contain other text characters than those included the example above.
Note:
The Coherence cluster used for deployment uses port 8088 by default. This port can be changed by specifying a different port (for example, 8089) with the -Dtangosol.coherence.wkan.port and -Dtangosol.coherence.localport startup parameters. For example:
WLS_SOA1 (enter the following into the Arguments field on a single line, without a carriage return):
-Dtangosol.coherence.wka1=SOAHOST1VHN -Dtangosol.coherence.wka2=SOAHOST2VHN -Dtangosol.coherence.wka3=SOAHOST3VHN -Dtangosol.coherence.localhost=SOAHOST1VHN -Dtangosol.coherence.localport=8089 -Dtangosol.coherence.wka1.port=8089 -Dtangosol.coherence.wka2.port=8089 -Dtangosol.coherence.wka3.port=8089
WLS_SOA2 (enter the following into the Arguments field on a single line, without a carriage return):
-Dtangosol.coherence.wka1=SOAHOST1VHN -Dtangosol.coherence.wka2=SOAHOST2VHN -Dtangosol.coherence.wka3=SOAHOST3VHN -Dtangosol.coherence.localhost=SOAHOST2VHN -Dtangosol.coherence.localport=8089 -Dtangosol.coherence.wka1.port=8089 -Dtangosol.coherence.wka2.port=8089 -Dtangosol.coherence.wka3.port=8089
WLS_SOA3 (enter the following into the Arguments field on a single line, without a carriage return):
-Dtangosol.coherence.wka1=SOAHOST1VHN -Dtangosol.coherence.wka2=SOAHOST2VHN -Dtangosol.coherence.wka3=SOAHOST3VHN -Dtangosol.coherence.localhost=SOAHOST3VHN -Dtangosol.coherence.localport=8089 -Dtangosol.coherence.wka1.port=8089 -Dtangosol.coherence.wka2.port=8089 -Dtangosol.coherence.wka3.port=8089
For more information about Coherence Clusters see the Oracle Coherence Developer's Guide.
Click Save and Activate Changes.
Note:
You must ensure that these variables are passed to the managed server correctly. (They should be reflected in the server's output log.) Failure of the Oracle Coherence framework can prevent the soa-infra application from starting.
Note:
The multicast and unicast addresses are different from the ones used by the WebLogic Server cluster for cluster communication. SOA guarantees that composites are deployed to members of a single WebLogic Server cluster even though the communication protocol for the two entities (the WebLogic Server cluster and the groups to which composites are deployed) are different.
Configure TX persistent store for the new server. This should be a location visible from other nodes as indicated in the recommendations about shared storage.
From the WebLogic Administration Console, select the Server_name > Services tab. Under Default Store, in Directory, enter the path to the folder where you want the default persistent store to store its data files.
Disable host name verification for the new Managed Server. Before starting and verifying the WLS_SOAn Managed Server, you must disable host name verification. You can re-enable it after you have configured server certificates for the communication between the Oracle WebLogic Administration Server and the Node Manager in IDMHOSTn. If the source server from which the new one has been cloned had already disabled host name verification, these steps are not required (the host name verification settings is propagated to the cloned server).
To disable host name verification:
In the Oracle Enterprise Manager Console, select Oracle WebLogic Server Administration Console.
Expand the Environment node in the Domain Structure window.
Click Servers. The Summary of Servers page appears.
Select WLS_SOAn in the Names column of the table. The Settings page for the server appears.
Click the SSL tab.
Click Advanced.
Set Hostname Verification to None.
Click Save.
Repeat Steps 6a through 6h to disable host name verification for the WLS_OIMn Managed Servers. In Step d, select WLS_OIMn in the Names column of the table.
Click Activate Changes from the Change Center menu.
Restart the WebLogic Administration Server as described in Section 16.1, "Starting and Stopping Components."
Start and test the new Managed Server from the Administration Console.
Shut down the existing Managed Servers in the cluster.
Ensure that the newly created Managed Server, WLS_SOAn, is up.
Access the application on the newly created Managed Server (http://vip:port/soa-infra). The application should be functional.
Configure the newly created managed server for server migration. Follow the steps in Section 13.6, "Configuring Server Migration Targets" to configure server migration.
Note:
Since this new node is using an existing shared storage installation, the node is already using a Node Manager and an environment configured for server migration that includes netmask, interface, wlsifconfig script superuser privileges. The floating IP addresses for the new Managed Servers are already present in the new node.
Test server migration for this new server. Follow these steps from the node where you added the new server:
Stop the WLS_SOAn Managed Server.
To do this, run:
kill -9 pid
on the process ID (PID) of the Managed Server. You can identify the PID of the node using
ps -ef | grep WLS_SOAn
Watch the Node Manager Console. You should see a message indicating that the floating IP address for WLS_SOA1 has been disabled.
Wait for the Node Manager to try a second restart of WLS_SOAn. Node Manager waits for a fence period of 30 seconds before trying this restart.
Once Node Manager restarts the server, stop it again. Now Node Manager should log a message indicating that the server will not be restarted again locally.
Repeat Steps a-d for WLS_OIMn.
The Application Tier has two nodes (IDMHOST1 and IDMHOST2) running a Managed Server configured with Oracle Identity Federation.
The Oracle Identity Federation instances can be scaled out by adding a new node with a Managed Server to the existing cluster.
The existing installations (WebLogic Server home, Oracle Fusion Middleware home, and domain directories) can be used for creating a new Managed Server for Oracle Identity Federation.
The Oracle Identity Federation instances can be scaled out by adding a new node with a Managed Server to the existing cluster.
Perform the steps in the following sections to scale Oracle Identity Federation.
Section 15.5.6.1, "Assembling Information for Scaling Oracle Identity Federation"
Section 15.5.6.4, "Complete Oracle Identity Federation Server Configuration"
Section 15.5.6.5, "Add New Managed Server to OHS Configuration"
Assemble the following information before scaling Oracle Identity Federation.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host name |
IDMHOST3.mycompany.com |
||
|
OIF Port |
|
7499 |
|
|
Instance name |
|
|
|
|
WebLogic Admin Host |
ADMINVHN.mycompany.com |
||
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic Admin User |
weblogic_idm |
||
|
WebLogic Admin Password |
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Create a file containing the ports used by Oracle Internet Directory. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called oif_ports.ini. Delete all entries in oif_ports.ini except for Oracle Identity Federation Server Port. Change the value of that port to the port you are using for this instance.
If you are scaling out, you can use the default port, 7499 (OIF_PORT). If you are scaling up, you must choose a unique port for this instance.
Note:
If the port name in the file is slightly different from those listed in this step, use the name in the file.
Ensure that the appropriate shared storage volumes are mounted on the new IDMHOST, as described in Section 15.5.1, "Mounting Middleware Home and Creating a New Machine when Scaling Out."
Ensure that the port you want to use is not in use by any service on the computer by issuing these commands for the operating system you are using, specifying the port you want to use. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7499"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7499 in the /etc/services file.
Start the Oracle Identity Management 11g Configuration Wizard located under the IDM_ORACLE_HOME/bin directory as follows:
Issue this command:
./config.sh
On the Welcome screen, click Next.
On the Select Domain screen, select the Expand Cluster option and specify these values:
HostName: ADMINVHN.mycompany.com
Port: 7001
UserName: weblogic_idm
User Password: weblogic_user_password
Click Next.
A dialog box with the following message appears:
The selected domain is not a valid Identity Management domain or the installer cannot determine if it is a valid domain. If you created the domain using the Identity Management installer, you can ignore this message and continue. If you did not create the domain using the Identity Management installer, refer to the Identity Management documentation for information on how to verify the domain is valid.
This is a benign warning that you can ignore.
Click Yes to continue.
On the Specify Installation Location screen, specify the following values:
Oracle Middleware Home Location: OIF_MW_HOME (This value is prefilled and cannot be updated.)
Oracle Home Directory: idm (This value is prefilled and cannot be updated.)
WebLogic Server Directory: OIF_MW_HOME/wlserver_10.3
Oracle Instance Location: OIF_ORACLE_INSTANCE
Instance Name: oifn, where n is a sequential number, for example oif3.
Click Next.
On the Specify Security Updates screen (if shown), specify the values shown in this example:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Select I wish to receive security updates via My Oracle Support.
Click Next.
On the Configure Components screen, de-select all the components except Oracle Identity Federation components. Select only Oracle Identity Federation from the Oracle Identity Federation components. Do not select Oracle HTTP Server.
Click Next.
On the Configure Ports screen, you use the oif_ports.ini file you created in Step 2 to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify oif_ports.ini.
Click Save, then click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not correct, click Back to modify selections on previous screens. Then click Configure.
On the Configuration Progress screen, view the progress of the configuration.
On the Installation Complete screen, click Finish to confirm your choice to exit.
This section is necessary only when you are scaling out.
From IDMHOST1, copy the applications directory under the ASERVER_HOME/config/fmwconfig/servers/wls_oif1 directory to the ASERVER_HOME/config/fmwconfig/servers/wls_oifn directory, where wls_oifn is the new server being added, for example:
cp -rp ASERVER_HOME/config/fmwconfig/servers/wls_oif1/applications user@IDMHOST1:ASERVER_HOME/config/fmwconfig/servers/wls_oif3
Then run pack and unpack as described in Section 15.5.7, "Running Pack/Unpack."
Perform the steps in Section 11.3, "Validating Oracle Identity Federation" and Section 11.4, "Configuring the Enterprise Manager Agents" to completed the configuration of your new server.
Add the newly added Managed Server host name and port to the list WebLogicCluster parameter, as described in Section 15.5.8, "Adding New WebLogic Managed Server to Oracle HTTP Server Configuration Files."
Whenever you extend a domain to include a new managed server, you must extract the domain configuration needs from the ASERVER_HOME location to the MSERVER_HOME location. This applies whether you are scaling up or out. To do this perform the following steps.
Pack the domain on IDMHOST1 to create a template pack using the command:
pack.sh -domain=ASERVER_HOME -template =/templates/managedServer.jar -template_name="template_name" -managed=true
The pack.sh script is located in ORACLE_COMMON_HOME/common/bin.
Unpack the domain on the new host for scale out, or on the existing host for scale up, using the command:
unpack.sh -domain=MSERVER_HOME -template=/templates/managedServer.jar -app_dir=MSERVER_HOME/applications
The unpack.sh script is located in ORACLE_COMMON_HOME/common/bin.
If you are scaling out, start Node Manager and update the property file.
Start and stop Node Manager as described in Section 16.1, "Starting and Stopping Components."
Run the script setNMProps.sh, which is located in ORACLE_COMMON_HOME/common/bin, to update the node manager properties file, for example:
cd ORACLE_COMMON_HOME/common/bin ./setNMProps.sh
Start Node Manager once again as described in Section 16.1, "Starting and Stopping Components."
Scaling an Application Tier component typically requires you to create a new WebLogic managed server. If you add a new managed server to your topology, after adding the managed server you must update your Oracle HTTP Server configuration files (on all nodes) and add the new server to the existing WebLogic cluster directives.
In the Web tier, there are several configuration files under WEB_ORACLE_INSTANCE/config/OHS/componentname/moduleconf, including admin_vh.conf, sso_vh.conf and idminternal_vh.conf. Each contain a number of entries in location blocks. If a block references two server instances and you add a third one, you must update that block with the new server.
For example if you add a new Oracle Access Manager server, you must update sso_vh.conf to include the new managed server. You add the new server to the WebLogicCluster directive in the file, for example, change:
<Location /oam> SetHandler weblogic-handler WebLogicCluster IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100 </Location> <Location /fusion_apps> SetHandler weblogic-handler WebLogicCluster IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100 </Location>
to:
<Location /oam>
SetHandler weblogic-handler
WebLogicCluster IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100,IDMHOST1.mycompany.com:14101
</Location>
<Location /fusion_apps>
SetHandler weblogic-handler
WebLogicCluster IDMHOST1.mycompany.com:14100,IDMHOST2.mycompany.com:14100,IDMHOST3.mycompany.com:14100
</Location>
Similarly, if you add a new ODSM server, you must update ODSM entries in the file admin_vh.conf.
Once you have updated the configuration file, restart the Oracle HTTP server(s) as described in Section 16.1, "Starting and Stopping Components." Oracle recommends that you do this sequentially to prevent loss of service.
The Web Tier already has a node running an instance of the Oracle HTTP Server. The existing Oracle HTTP Server binaries can be used for creating the new Oracle HTTP Server instance.
To scale the Oracle HTTP Server, perform the steps in the following subsections:
Section 15.6.1, "Assembling Information for Scaling the Web Tier"
Section 15.6.2, "Mounting Middleware Home and Copying Oracle HTTP Server Files when Scaling Out"
Section 15.6.3, "Running the Configuration Wizard to Configure the HTTP Server"
Section 15.6.4, "Registering Oracle HTTP Server with WebLogic Server"
Assemble the following information before scaling the Web Tier.
| Description | Variable | Documented Value | Customer Value |
|---|---|---|---|
|
Host name |
WEBHOST1.mycompany.com |
||
|
OHS port |
|
7777 |
|
|
Instance Name |
|
|
|
|
Component Name |
|
|
|
|
WebLogic Admin Host |
ADMINVHN.mycompany.com |
||
|
WebLogic Admin Port |
|
7001 |
|
|
WebLogic Admin User |
weblogic_idm |
||
|
WebLogic Admin Password |
On the new node, mount the existing Middleware home.
Copy all files created in ORACLE_INSTANCE/config/OHS/component/moduleconf from the existing Web Tier configuration to the new one.
Perform these steps to configure the Oracle Web Tier:
Create a file containing the ports used by Oracle HTTP Server. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called ohs_ports.ini. Delete all entries in ohs_ports.ini except for OHS PORT and OPMN Local Port. Change the value of OPMN Local Port to 6700. If you are scaling out, you can use the default value, 7777, for OHS PORT. If you are scaling up, you must choose a unique value for that instance on the machine.
Note:
If the port names in the file are slightly different from OHS PORT and OPMN Local Port, use the names in the file.
Change the directory to the location of the Oracle Fusion Middleware Configuration Wizard:
cd WEB_ORACLE_HOME/bin
Start the Configuration Wizard:
./config.sh
Enter the following information into the configuration wizard:
On the Welcome screen, click Next.
On the Configure Component screen, select: Oracle HTTP Server.
Ensure that Associate Selected Components with WebLogic Domain is selected.
Ensure Oracle Web Cache is NOT selected.
Click Next.
On the Specify WebLogic Domain Screen, enter
Domain Host Name: ADMINVHN.mycompany.com
Domain Port No: 7001, where 7001 is WLS_ADMIN_PORT in Section 3.7, "Fixed Ports Used by the Provisioning Wizard."
User Name: Weblogic Administrator User (For example: weblogic)
Password: Password for the Weblogic Administrator User account
Click Next.
On the Specify Component Details screen, specify the following values:
Enter the following values for WEBHOSTn, where n is the number of the new host, for example, 3:
Instance Home Location: WEB_ORACLE_INSTANCE (/u02/local/oracle/config/instances/ohsn, for example, /u02/local/oracle/config/instances/ohs1)
Instance Name: webn
OHS Component Name: webn
Click Next.
On the Configure Ports screen, you use the ohs_ports.ini file you created in Step 1to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify ohs_ports.ini.
Click Save, then click Next.
On the Specify Security Updates screen, specify these values:
Email Address: The email address for your My Oracle Support account.
Oracle Support Password: The password for your My Oracle Support account.
Select: I wish to receive security updates via My Oracle Support.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not, click Back to modify selections on previous screens.
Click Configure.
On the Configuration screen, the wizard launches multiple configuration assistants. This process can be lengthy. When it completes, click Next.
On the Installation Complete screen, click Finish to confirm your choice to exit.
For Oracle Enterprise Manager Fusion Middleware Control to be able to manage and monitor the new Oracle HTTP server, you must register the Oracle HTTP server with IDMDomain. To do this, register Oracle HTTP Server with WebLogic Server by running the following command on the host where the new server is running:
cd WEB_ORACLE_INSTANCE/bin
./opmnctl registerinstance -adminHost ADMINVHN.mycompany.com \
-adminPort 7001 -adminUsername weblogic
Add the new Oracle HTTP Server instance to the existing server pool defined on the load balancer for distributing requests across the HTTP instances.
Provisioning creates a set of scripts to start and stop managed servers defined in the domain. When you create a new managed server in the domain you need to update the domain configuration so that these start and stop scripts can also start the newly created managed server.
To update the domain configuration, edit the file serverInstancesCustom.txt, which is located in the directory: SHARED_CONFIG_DIR/scripts
If you want to start a node manager on a new machine, add an entry which looks like this:
newmachine.mycompany.com NM nodemanager_pathname nodemanager_port
For example:
IDMHOST3.mycompany.com NM /u01/oracle/config/nodemanager/idmhost3.mycompany.com 5556
If you want to start a managed server called WLS_OIM3 add an entry which looks like this:
newmachine.mycompany.com OIM ManagedServerName
For example:
IDMHOST3 OIM WLS_OIM3
Save the file.
|
 Copyright © 2004, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|