This section describes how to create the various domains to support the split domain topology.
Note:
Tasks in each section must be performed for every domain being created, unless otherwise stated.This section contains the following topics:
Which domains you need to create depends on the topologies that you are implementing. Table 15-1 shows which domains are required for Oracle Access Manager and Oracle Identity Manager.
Table 15-2 lists the component URL's related to the domains, and the user names used to access them. In addition, Table 15-3 lists the post-Web tier configuration user names you would use to access the consoles after they have been integrated into single sign-on.
The URL's are divided into two sections:
Pre-Web Integration
Post-Web Integration
The rest of this document will relate to these URL's for example if you see log into the WebLogic console you will need to use the URL for the WebLogic console listed below for the domain you are working on.
Table 15-2 URLs Available Prior to Web Tier Integration
Domain | Component | URL | User |
---|---|---|---|
IAMAccessDomain |
WebLogic Console |
|
|
OAM Console |
|
|
|
Fusion Middleware Control |
|
|
|
IAMGovernanceDomain |
WebLogic Console |
|
|
Fusion Middleware Control |
|
|
Table 15-3 URLs Available After Web Tier Integration
Domain | Component | URL | User | SSO User |
---|---|---|---|---|
IAMAccessDomain |
WebLogic Console |
|
weblogic |
weblogic_idm |
Fusion Middleware Control |
|
weblogic |
weblogic_idm |
|
OAM Console |
|
weblogic |
oamadmin |
|
Policy Manager |
|
weblogic |
oamadmin |
|
IAMGovernanceDomain |
WebLogic Console |
|
weblogic |
weblogic_idm |
Fusion Middleware Control |
|
weblogic |
weblogic_idm |
Run the WebLogic Configuration Wizard once for each domain listed in Table 15-1.
Note:
For ease of use, the example host names in this section refer to the hosts in the distributed topology. Refer to the Enterprise Deployment Workbook for that actual host names to use. For more information, see Chapter 4, "Using the Enterprise Deployment Workbook".Table 15-4 Domains to be Created
Domain Name | Consolidated Host | Distributed Host | Listen Address | Listen Port |
---|---|---|---|---|
IAMAccessDomain |
IAMHOST1 |
OAMHOST1 |
IADADMINVHN.example.com |
7001 |
IAMGovernanceDomain |
IAMHOST2 |
OIMHOST1 |
IGDADMINVHN.example.com |
7101 |
To create a domain:
Ensure that the database where you installed the repository is running. For Oracle RAC databases, all instances should be running, so that the validation check later in the procedure is more reliable.
Change the directory to the location of the Oracle Fusion Middleware Configuration Wizard:
cd MW_HOME/oracle_common/common/bin
In this command, MW_HOME
is:
IAD_MW_HOME
for IAMAccessDomain
IGD_MW_HOME
for IAMGovernanceDomain
Start the Configuration Wizard using the following command:
./config.sh
On the Welcome screen, select Create a New WebLogic Domain, and click Next.
On the Select Domain Source screen, select the following products:
Table 15-5 Domain Component Information
Domain Name | Products |
---|---|
IAMAccessDomain |
Oracle Access Management and Mobile Security Suite (select this and all dependent components will be selected automatically) Oracle Enterprise Manager [ Oracle JRF [ Oracle WSM Policy Manager [ Oracle Platform Security Service Oracle OPSS Metadata for JRF [ |
IAMGovernanceDomain |
Oracle Identity Manager [ Oracle Enterprise Manager [ Oracle JRF [ Oracle JRF WebServices Asynchronous services [ Oracle BI Publisher [ Oracle BI JDBC [ Oracle OPSS Metadata for JRF [ Oracle Platform Security Service [ Oracle SOA Suite [ Oracle WSM Policy Manager |
Click Next.
On the Specify Domain Name and Location screen, enter the following:
Domain name: Name of the Domain you are creating. For example: IAMAccessDomain
Domain location: SHARED_CONFIG_DIR/domains
Application Location: SHARED_CONFIG_DIR/domains/IAMAccessDomain/applications
Ensure that the domain directory matches the directory and shared storage mount point
Click Next.
On the Configure Administrator Username and Password screen, enter the username (default is weblogic) and password to be used for the domain's administrator. For example:
Name: weblogic
User Password: password for weblogic user
Confirm User Password: password for weblogic user
Description: This user is the default administrator.
Click Next.
On the Configure Server Start Mode and JDK screen, do the following:
For WebLogic Domain Startup Mode, select Production Mode.
For JDK Selection, select the JDK in MW_HOME/jdk
(for the domain you are creating. For example IAD_MW_HOME/jdk
)
Click Next.
Note:
The next step and all steps through Step 12, "On the Test Component Schema," are only relevant if the domain being created isIAMAccessDomain
or IAMGovernanceDomain
.On the Configure JDBC Component Schema screen, select all the data sources listed on the page.
Select: Convert to GridLink.
Click Next.
The Gridlink RAC Component Schema screen appears. In this screen, enter values for the following fields, specifying the connect information for the Oracle RAC database that was seeded with RCU.
Driver: Select Oracle's driver (Thin) for GridLink Connections,Versions:10 and later.
Select Enable FAN.
Do one of the following:
If SSL is not configured for ONS notifications to be encrypted, deselect SSL.
Select SSL and provide the appropriate wallet and wallet password.
Service Listener: Enter the SCAN address and port for the RAC database being used. You can identify this address by querying the parameter remote_listener
in the database:
SQL>show parameter remote_listener; NAME TYPE VALUE ------------------------------------------------------------- remote_listener string db-scan.example.com:1521
Note:
For Oracle Database 11g Release 1 (11.1), use the virtual IP and port of each database instance listener, for example: DBHOST1-vip.example.com (port 1521) and DBHOST2-vip.example.com (port 1521)
For Oracle Database 10g, use multi data sources to connect to an Oracle RAC database.
ONS Host: Enter the SCAN address for the Oracle RAC database and the ONS remote port, as reported by the database when you invoke the following command:
srvctl config nodeapps -s ONS exists: Local port 6100, remote port 6200, EM port 2016
Note:
For Oracle Database 11g Release 1 (11.1), use the hostname and port of each database's ONS service, for example:DBHOST1.example.com
(port 6200) and DBHOST2.example.com
(port 6200).Table 15-6 RAC Component Schema Information
Domain | Schema | Service Name | User Name | Password |
---|---|---|---|---|
IAMAccessDomain |
OAM Infrastructure |
|
EDGIAD_OAM |
password |
OPSS Schema |
|
EDGIAD_OPSS |
password |
|
OMSM MDS Schema |
|
EDGIAD_MDS |
password |
|
OMSM Schema |
|
EDGIAD_OMSM |
password |
|
IAMGovernanceDomain |
OIM Schema |
EDGIGD_OIM |
password |
|
SOA Infrastructure |
|
EDGIGD_SOAINFRA |
password |
|
User Messaging Service |
|
EDGIGD_ORASDPM |
password |
|
BIP Schema |
|
EDGIGD_BIPLATFORM |
password |
|
OIM MDS Schema |
|
EDGIGD_MDS |
password |
|
OWSM MDS Schema |
|
EDGIGD_MDS |
password |
|
SOA MDS Schema |
|
EDGIGD_MDS |
password |
|
OPSS Schema |
|
EDGIGD_OPSS |
password |
Click Next.
On the Test Component Schema screen, the Wizard attempts to validate the data sources. If the data source validation succeeds, click Next. If it fails, click Previous, correct the problem, and try again.
On the Select Optional Configuration screen, select the following:
Administration Server
JMS Distributed Destination (IAMGovernanceDomain only)
Managed Servers, Clusters and Machines
JMS File Store (IAMGovernanceDomain only)
Click Next.
On the Configure the Administration Server screen, enter the following values:
For IAMAccessDomain:
Name: AdminServer
Listen Address: See Table 15-4
Listen Port: See Table 15-4
SSL Listen Port: n/a
SSL Enabled (deselected)
Click Next.
On the JMS Distributed Destination screen (IAMGovernanceDomain Only), ensure that all the JMS system resources listed on the screen are uniform distributed destinations. If they are not, select UDD from the drop down box. Ensure that the entries are correct according to Table 15-7.
Table 15-7 JMS Distributed Destination Information
JSM System Resource | Uniform/Weighted Distributed Destination |
---|---|
JRFWSASYNCJMSMODULE BIPJMSRESOURCE |
UDD UDD |
UMSJMSSYSTEMRESOURCE |
UDD |
SOAJMSMODULE |
UDD |
OIMJMSMODULE |
UDD |
BPMJMSMODULE |
UDD |
Click Next.
An Override Warning box with the following message is displayed:
CFGFWK-40915: At least one JMS system resource has been selected for conversion to a Uniform Distributed Destination (UDD). This conversion will take place only if the JMS System resource is assigned to a cluster
Click OK on the Override Warning box.
When you first enter the Configure Managed Servers screen you will see a number of managed servers already created. DO NOT remove any of these entries. Edit the existing entries and add new ones as described below, existing entries can be matched up using ports:
Table 15-8 Consolidated WebLogic Managed Server Information
Domain | Name | Listen Address(Distributed) | Listen Address(Consolidated) | Listen Port | SSL Listen Port | SSL Enabled |
---|---|---|---|---|---|---|
IAMAccessDomain |
WLS_OAM1 |
|
|
14100 |
N/A |
No |
WLS_OAM2 |
|
|
14100 |
N/A |
No |
|
WLS_AMA1 |
|
|
14150 |
N/A |
No |
|
WLS_AMA2 |
|
|
14150 |
N/A |
No |
|
WLS_MSM1 |
|
|
14180 |
14181 |
Yes |
|
WLS_MSM2 |
|
|
14180 |
14181 |
Yes |
|
IAMGovernanceDomain |
WLS_OIM1 |
|
|
14000 |
N/A |
No |
WLS_OIM2 |
|
|
14000 |
N/A |
No |
|
WLS_SOA1 |
|
|
8001 |
N/A |
No |
|
WLS_SOA2 |
|
|
8001 |
N/A |
No |
|
WLS_BI1 |
|
|
9704 |
N/A |
No |
|
WLS_BI2 |
|
|
9704 |
N/A |
No |
Click Next.
Note:
When using Exalogic, ensure that you set the listen address to that associated with the network interface name. For example,IAMHOST1-INT
for the internal IPoIB network.On the Configure Clusters screen, create clusters as described below by clicking Add and supplying the following information.
Table 15-9 WebLogic Cluster Information
Domain Name | Name | Cluster Messaging Mode | Muiticast Address | Multicast Port | Cluster Address |
---|---|---|---|---|---|
IAMAccessDomain |
cluster_oam |
unicast |
N/A |
N/A |
|
cluster_ama |
unicast |
N/A |
N/A |
||
cluster_msm |
unicast |
N/A |
N/A |
||
IAMGovernanceDomain |
cluster_oim |
unicast |
N/A |
N/A |
OIMHOST1VHN1:14000,OIMHOST2VHN1:14000 |
cluster_soa |
unicast |
N/A |
N/A |
OIMHOST1VHN2:8001,OIMHOST2VHN2:8001 |
|
cluster_bi |
unicast |
N/A |
N/A |
OIMHOST1VHN3:9704,OIMHOST2VHN3:9704 |
Click Next.
On the Assign Servers to Clusters screen, associate the managed servers with the cluster as shown below. Click the cluster name in the right pane. Click the managed server under Servers and then click the arrow to assign it to the cluster.
Table 15-10 WebLogic Cluster Details
Cluster | Domain | Managed Servers |
---|---|---|
cluster_oam |
IAMAccessDomain |
WLS_OAM1 WLS_OAM2 |
cluster_ama |
IAMAccessDomain |
WLS_AMA1 WLS_AMA2 |
cluster_msm |
IAMAccessDomain |
WLS_MSM1 WLS_MSM2 |
cluster_oim |
IAMGovernanceDomain |
WLS_OIM1 WLS_OIM2 |
cluster_soa |
IAMGovernanceDomain |
WLS_SOA1 WLS_SOA2 |
cluster_bi |
IAMGovernanceDomain |
WLS_BI1 WLS_BI2 |
Click Next.
On the Configure Machines screen, click the Unix Machine tab and then click Add to add the following machines. The machine name does not need to be a valid host name or listen address; it is just a unique identifier of a node manager location.
You create one machine per host in your topology, and an additional Adminhost entry for the Administration Server.
Table 15-11 Distributed WebLogic Machine Information
Domain | Name | Node Manager Listen Address | Node Manager Listen Port |
---|---|---|---|
IAMAccessDomain |
ADMINHOST |
LOCALHOST |
5556 |
OAMHOST1.example.com |
OAMHOST1.example.com |
5556 |
|
OAMHOST2.example.com |
OAMHOST2.example.com |
5556 |
|
IAMGovernanceDomain |
ADMINHOST |
LOCALHOST |
5556 |
OIMHOST1.example.com |
OIMHOST1.example.com |
5556 |
|
OIMHOST2.example.com |
OIMHOST2.example.com |
5556 |
Table 15-12 Consolidated WebLogic Machine Information
Domain | Name | Node Manager Listen Address | Node Manager Listen Port |
---|---|---|---|
IAMAccessDomain |
ADMINHOST |
LOCALHOST |
5556 |
IAMHOST1.example.com |
IAMHOST1.example.com |
5556 |
|
IAMHOST2.example.com |
IAMHOST2.example.com |
5556 |
|
IAMGovernanceDomain |
ADMINHOST |
LOCALHOST |
5556 |
IAMHOST1.example.com |
IAMHOST1.example.com |
5556 |
|
IAMHOST2.example.com |
IAMHOST2.example.com |
5556 |
Note:
If you see a machine called localhost, remove it.When using Exalogic, ensure that you set the listen address to that associated with the network interface name. For example, IAMHOST1-INT
for the internal IPoIB network.
Click Next.
On the Assign Servers to Machines screen, assign servers to machines as follows:
Machine Name(Distributed) | Machine Name(Consolidated) | Managed Servers |
---|---|---|
AdminHost |
AdminHost |
Admin Server |
OAMHOST1.example.com |
IAMHOST1.example.com |
WLS_OAM1 WLS_AMA1 WLS_MSM1 |
OAMHOST2.example.com |
IAMHOST2.example.com |
WLS_OAM2 WLS_AMA2 WLS_MSM2 |
AdminHost |
AdminHost |
Admin Server |
OIMHOST1.example.com |
IAMHOST1.example.com |
WLS_SOA1 WLS_OIM1 WLS_BI1 |
OIMHOST2.example.com |
IAMHOST2.example.com |
WLS_SOA2 WLS_OIM2 WLS_BI2 |
Click Next.
On the Configure JMS File Stores screen (IAMGovernanceDomain only), update the directory locations for the JMS file stores. Provide the information shown in the following table.
Table 15-14 JMS File Stores Information
Name | Directory |
---|---|
BipJmsStore |
|
UMSJMSFileStore_auto_1 |
|
UMSJMSFileStore_auto_2 |
|
BPMJMSServer_auto_1 |
|
BPMJMSServer_auto_2 |
|
SOAJMSFileStore_auto_1 |
|
SOAJMSFileStore_auto_2 |
|
OIMJMSFileStore_auto_1 |
|
OIMJMSFileStore_auto_2 |
|
JRFWSASYNCFILESTORE_AUTO_1 |
|
JRFWSASYNCFILESTORE_AUTO_2 |
|
Note:
The directory locations above must be on shared storage and accessible from OIMHOST1 and OIMHOST2.Click Next.
On the Configuration Summary screen, validate that your choices are correct, then click Create.
On the Create Domain screen, click Done.
After configuring the domain with the configuration Wizard, follow these instructions for post-configuration and verification, for each domain created.
This section contains the following topics:
Section 15.4.1, "Associating the Domain with the OPSS policy Store"
Section 15.4.2, "Forcing the Managed Servers to use IPv4 Networking"
Section 15.4.4, "Creating boot.properties for the WebLogic Administration Servers"
Section 15.4.5, "Perform Initial Node Manager Configuration"
Section 15.4.10, "Using JDBC Persistent Stores for TLOGs and JMS in an Enterprise Deployment"
Section 15.4.11, "Manually Failing over the WebLogic Administration Server"
Section 15.4.13, "Adding a Load Balancer Certificate to JDK Trust Stores"
You must associate the domain with the OPSS policy store in the database. This is must be done before a domain is started.
To associate the domain IAMAccessDomain with the OPSS security store use the following command:
ORACLE_COMMON_HOME/common/bin/wlst.sh IAD_ORACLE_HOME/common/tools/configureSecurityStore.py -d IAD_ASERVER_HOME -c IAM -m create -p opss_schema_password
To associate the domain IAMGovernanceDomain with the OPSS security store use the following command:
ORACLE_COMMON_HOME/common/bin/wlst.sh IGD_ORACLE_HOME/common/tools/configureSecurityStore.py -d IGD_ASERVER_HOME -c IAM -m create -p opss_schema_password
Validate that the above commands have been successful by issuing the command:
ORACLE_COMMON_HOME/common/bin/wlst.sh IAD_ORACLE_HOME/common/tools/configureSecurityStore.py -d IAD_ASERVER_HOME -m validate OR ORACLE_COMMON_HOME/common/bin/wlst.sh IGD_ORACLE_HOME/common/tools/configureSecurityStore.py -d IGD_ASERVER_HOME -m validate
Manually add the system property -Djava.net.preferIPv4Stack=true to the startWebLogic.sh script, which is located in the bin directory of ASERVER_HOME
/bin
of the domain you are modifying, using a text editor as follows:
Locate the following line in the startWebLogic.sh script:
{DOMAIN_HOME}/bin/setDomainEnv.sh $*
Add the following property immediately after the above entry:
JAVA_OPTIONS="${JAVA_OPTIONS} -Djava.net.preferIPv4Stack=true"
Save and close the file.
Complete the procedure for each domain.
In the IAMAccessDomain the initial startup parameters which define memory usage are insufficient. These parameters need to be increased.
To edit the setDomainEnv.sh
file to change memory allocation setting:
Open the setDomainEnv.sh
file located in the following directory using a text editor: IAD_ASERVER_HOME
/bin
.
Change the following memory allocation by updating the Java maximum memory allocation pool (Xmx) to 3072m and initial memory allocation pool (Xms) to 1024m. For example, change the following line to be:
WLS_MEM_ARGS_64BIT="-Xms1024m -Xmx3072m"
Update the values of the following parameters as specified:
XMS_JROCKIT_64BIT="1024" XMX_JROCKIT_64BIT="3072" XMS_SUN_64BIT="1024" XMX_SUN_64BIT="3072"
Save the file when finished.
Create a boot.properties
file for each Administration Server. This file will be placed into the ASERVER_HOME
/servers/AdminServer
directory of each domain (IAD/IGD). If the file already exists, edit it. The boot.properties
file enables the Administration Server to start without prompting you for the administrator username and password.
For the Administration Server:
Create the following directory structure.
mkdir -p ASERVER_HOME/servers/AdminServer/security
Where ASERVER_HOME is the SHARED_CONFIG_DIR domain directory that corresponds with that Administration Server: IAMAccessDomain
or IAMGovernanceDomain
.
In a text editor, create a file called boot.properties
in the last directory created in the previous step, and enter the username and password in the file. For example:
username=weblogic
password=password for weblogic user
Save the file and close the editor.
Note:
The username and password entries in the file are not encrypted until you start the Administration Server. For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, start the server as soon as possible so that the entries are encrypted.One Node Manager runs per host, regardless of the number of domains being supported by that host. Node Manager uses content from the MW_HOME
/wlserver_10.3
directory. If you are running a consolidated topology where Access and Governance components run on the same host, you must start node manager from one of the MW_HOMEs.
The steps in this section apply to the Middleware home of your choice. These steps are for initial boot strapping. Further node manager configuration steps are described in Chapter 16, "Setting Up Node Manager for an Enterprise Deployment".
The following sections refer to just MW_HOME
or ASERVER_HOME
, to make it generic. If you are using Node Manager from the IAD_MW_HOME
, the values would be IAD_MW_HOME
or IAD_ASERVER_HOME
. If are using the Node Manager from the IGD_MW_HOME
, then IGD
prefix should be used.
Note:
Perform the tasks in this section only if you have not configured the Node Manager on the host yet.For example, if you are running a consolidated topology, and if you have already created a domain and configured the Node Manager for that host and any subsequent hosts in the following chapter, you do have to perform the tasks in this section.
Perform the following tasks to set the initial Node Manager configuration:
Section 15.4.5.4, "Restart the Administration Server via Node Manager"
Section 15.4.5.5, "Validating the WebLogic Administration Server"
You start the Administration Server by using WLST
and connecting to Node Manager. The first start of the Administration Server with Node Manager, however, requires that you change the default username and password that the Configuration Wizard sets for Node Manager. Therefore you must use the start script for the Administration Server for the first start. Follow these steps to start the Administration Server using Node Manager. Setting the memory parameters is required only for the first start operation. You must start the Node Manager only once per Administration Server host.
Note:
This procedure assumes that you have applied WebLogic Server patch13964737
. For more information, see:
"Mandatory Patches Required for Installing Oracle Identity Manager" in the Oracle Fusion Middleware Release Notes for Identity Management
Before you start the Node Manager, edit the MW_HOME
/wlserver_10.3/server/bin/startNodeManager.sh
as follows:
Open the startNodeManager.sh
file in an editor and locate the line starting with:
. "${WL_HOME}/common/bin/commEnv.sh"
Add the following line below the line that you located in the previous step:
JAVA_OPTIONS="${JAVA_OPTIONS} -Dweblogic.ssl.JSSEEnabled=true -Dweblogic.security.SSL.enableJSSE=true"
It is recommended that you perform this step from both IAD_MW_HOME
and IGD_MW_HOME
.
Save the file.
Perform these steps to start Node Manager on the administration host:
Start the Node Manager to generate an initial property file. To do this, run the following commands:
MW_HOME/wlserver_10.3/server/bin/startNodeManager.sh
Stop the Node Manager by killing the process.
Update the generated Node Manager Property file by running the following commands:
cd MW_HOME/oracle_common/common/bin
./setNMProps.sh
This adds an extra parameter called startScriptEnabled
to the property file. This ensures that, when the Administration Server is started, it uses the startWebLogic.sh
script.
Note:
You must use theStartScriptEnabled
property to avoid class loading failures and other problems.
If you are creating a distributed topology, MW_HOME
refers to the MW_HOME of the component that will be run on that machine. For example, OAMHOST will use IAD_MW_HOME.
If you are creating a consolidated topology, set MW_HOME to be the home that you are running Node Manager out of. Only one Node Manager can run on a given server.
Restart the Node Manager using the instructions mentioned in the first step.
You must update each domain with Node Manager administration credentials. This is done via the WebLogic Administration Console which must first be started. You start the Administration server by using WLST
and connecting to Node Manager. The first start of the Administration Server with Node Manager, however, requires that you change the default username and password that the Configuration Wizard sets for Node Manager. Therefore you must use the start script for the Administration Server for the first start. Follow these steps to start the Administration Server using Node Manager.
Start the Administration Server using the start script in the domain directory:
Note:
As part of application of WebLogic patch 13964737: SU Patch [YVDZ], you should have added Java arguments to various system shell scripts to enable JSSE. Refer to Section 16.1, "Recreating WebLogic Demo Certificates" for updating the scriptsASERVER_HOME
/bin/startWeblogic.sh
and MW_HOME
/wlserver_10.3/common/bin/wlst.sh
.
cd ASERVER_HOME/bin
./startWebLogic.sh
Use the Administration Console to update the Node Manager credentials for the domain.
In a browser, access the WebLogic Administration console.
http://IADADMINVHN.example.com:7001/console or http://IGDADMINVHN.example.com:7101/console
Log in as the weblogic user, using the password you specified during the installation.
Click Lock & Edit.
Click domain_name.
Select Security tab, and then General tab.
Expand Advanced Options.
Enter a new username for Node Manager or make a note of the existing one and update the Node Manager password.
Click Save.
Click Activate Changes
This step is required if you have not set up the appropriate certificates to authenticate the different nodes with the Administration Server. (See Chapter 16, "Setting Up Node Manager for an Enterprise Deployment") If you have not configured the server certificates, you will receive errors when managing the different WebLogic Servers. To avoid these errors, disable host name verification while setting up and validating the topology, and enable it again once the enterprise deployment topology configuration is complete.
To disable host name verification, complete the following steps for each domain:
Log in to the Oracle WebLogic Server Administration console.
Log in as the user weblogic
, using the password you specified during the installation.
Click Lock & Edit.
Expand the Environment node in the Domain Structure window.
Click Servers.
The Summary of Servers page appears.
Select AdminServer(admin) in the Name column of the table. The Settings page for AdminServer(admin) appears.
Click the SSL tab.
Click Advanced.
Set Hostname Verification to None.
Click Save.
Click Activate Changes.
Stop the WebLogic Administration Server by issuing the command stopWebLogic.sh located under the following directory:
ASERVER_HOME/bin
Start WLST and connect to the Node Manager with nmconnect
and the credentials set previously described. Then start the Administration Server using nmStart
.
cd ORACLE_COMMON_HOME/common/bin
./wlst.sh
Once in the WLST shell, execute the following commands:
nmConnect('Admin_User','Admin_Pasword', 'ADMINHOST1','5556', 'domain_name','ASERVER_HOME') nmStart('AdminServer')
Where domain_name is the name of the domain, Admin_user
and Admin_Password
are the Node Manager username and password you entered in Step 2. For example:
nmConnect('weblogic','password', 'OAMHOST1','5556',
'IAMAccessDomain','ASERVER_HOME')
nmStart('AdminServer')
Perform these steps to ensure that the Administration Server is properly configured:
In a browser, log in to the Oracle WebLogic Server Administration Console for example:
http://IADADMINVHN.example.com:7001/console or http://IGDADMINVHN.example.com:7101/console
Log in as the WebLogic administrator, for example: weblogic
.
Check that you can access Oracle Enterprise Manager Fusion Middleware Control for example:
http://IADADMINVHN.example.com:7001/em or http://IGDADMINVHN.example.com:7101/em
Log in to Oracle Enterprise Manager Fusion Middleware Control as the WebLogic administrator, for example: weblogic
.
Use the pack and unpack commands to separate the domain directory used by the Administration Server from the domain directory used by the managed servers. Before running the unpack script, be sure the following directories exist:
IAD_MSERVER_HOME IGD_MSERVER_HOME
To create a separate domain directory on IAMAccessDomain:
Run the following command from the location IAD_MW_HOME
/oracle_common/common/bin
to create a template pack:
./pack.sh -managed=true -domain=IAD_ASERVER_HOME -template=domaintemplate.jar -template_name=domain_template
Run the following command from the location IAD_MW_HOME
/oracle_common/common/bin
to unpack the template in the managed server domain directory:
./unpack.sh -domain= IAD_MSERVER_HOME -template=domaintemplate.jar -app_dir=IAD_MSERVER_HOME/applications
Note:
You must have write permissions on the following directory before running the unpack command:
LOCAL_CONFIG_DIR/domains/
If you already have a domain or Managed Servers running on this host, ensure that the SHARED_CONFIG_DIR
/nodemanager/hostname/nodemanager.domains
has an entry for the domain you are creating. This entry should point to the MSERVER_HOME
directory.
If the entry is missing, you must enrol the domain with the running Node Manager. To do this, perform the following steps:
Launch the WebLogic Scripting Tool (WLST) using the following command from the location MW_HOME
/oracle_common/common/bin
:
./wlst.sh
Connect to the domain you wish to add, by running the following command:
connect('
weblogic_user
','
password
','
t3://
ADMINVHN
:
AdminPort
')
In this command:
weblogic_user
is the WebLogic Administration user. For example, weblogic
or weblogic_idm
.
password
is the password of the WebLogic Administrator account.
ADMINVHN
is the virtual host name of Administration Server. For example, IGDADMINVHN
or IADADMINVHN
.
adminPort
is the port on which the Administration Server is running. For example, 7101
.
For example:
connect('weblogic_idm','mypasswd','t3://igdadminvhn.example.com:7001')
Enrol the domain using the following command:
nmEnroll(domainDir=
full_path_to_the_domain
,nm_Home=
full_path_to_the_nodemanager_home
)
For example:
nmEnroll(domainDir='/u02/private/oracle/config/domains/IAMGovernanceDomain/',nmHome='/u01/oracle/config/nodemanger/hostname')
Note:
For Managed Servers, the domain home must be specified as the local Managed Server directory.Before you can start managed servers on remote hosts, you must first perform an unpack on those servers.
IAMAccessDomain should be unpacked on OAMHOST2 and IAMGovernanceDomain should be unpacked on host OIMHOST2.
Using the file domaintemplate.jar created above perform an unpack on the target host by using the following commands:
cd IAD_MW_HOME/oracle_common/common/bin ./unpack.sh -domain= IAD_MSERVER_HOME -template=domaintemplate.jar -app_dir=IAD_MSERVER_HOME/applications
Start the Node Manager on OIMHOST1, OIMHOST2, OAMHOST1, and OAMHOST2, if not already started.
For information about starting the Node Manager, see Section 31.1.4.1, "Starting Node Manager".
This section of the document describes how to access the WebLogic Administration services via the Web Server. The Web Server will be either Oracle HTTP Server or Oracle Traffic Director depending on your topology.
Perform the following tasks to configure Web Tier:
Section 15.4.9.1, "Registering Oracle HTTP Server with Oracle WebLogic Server"
Section 15.4.9.2, "Setting the Front End URL for the Administration Console"
This step is optional.
For Oracle Enterprise Manager Fusion Middleware Control to be able to manage and monitor the Oracle HTTP server, you must register the Oracle HTTP server with IAMAccessDomain. To do this, register Oracle HTTP Server with Oracle WebLogic Server by running the following command on WEBHOST1 from the location OHS_ORACLE_INSTANCE
/bin
:
./opmnctl registerinstance -adminHost
IADADMINVHN.example.com
-adminPort
7001
-adminUsername
WebLogic
Run this command for ohs2 on WEBHOST2. This step is optional. Each Oracle HTTP Server can be registered with only one domain.
Oracle WebLogic Server Administration Console tracks changes that are made to ports, channels, and security using the console. When changes made through the console are activated, the console validates its current listen address, port, and protocol. If the listen address, port, and protocol are still valid, the console redirects the HTTP request, replacing the host and port information with the Administration Server's listen address and port. When the Administration Console is accessed using a load balancer, you must change the Administration Server's front end URL so that the user's browser is redirected to the appropriate load balancer address. To make this change, perform the following steps:
Log in to the WebLogic Server Administration Console.
Click Lock and Edit.
Expand the Environment node in the Domain Structure window.
Click Servers to open the Summary of Servers page.
Select Admin Server in the Names column of the table. The Settings page for AdminServer(admin) appears.
Go to the Protocols tab, and then to the HTTP tab.
Set the Front End Host and Front End HTTP PORT fields to your load balancer address as shown in
Click Save, and then click Activate Changes.
To eliminate redirections, the best practice is to disable the Administration console's Follow changes feature. To do this, log in to the administration console and click Preference, and then click Shared Preferences. Deselect Follow Configuration Changes, and click Save.
In Enterprise deployments, Oracle WebLogic Server is fronted by Oracle HTTP servers. The HTTP servers are, in turn, fronted by a load balancer, which performs SSL translation. In order for internal loopback URLs to be generated with the https prefix, Oracle WebLogic Server must be informed that it receives requests through the Oracle HTTP Server WebLogic plug-in.
The plug-in can be set at either the domain, cluster, or Managed Server level. Because all requests to Oracle WebLogic Server are through the Oracle OHS plug-in, set it at the domain level.
To do this perform the following steps:
Log in to the Oracle WebLogic Server Administration Console.
Click Lock and Edit.
Click domain_name, for example: IAMAccessDomain in the Domain Structure Menu.
Go to the Configuration tab.
Go to the Web Applications sub tab.
Select WebLogic Plugin Enabled.
Click Save, and then click Activate Changes.
Restart the WebLogic Administration Server.
Verify that the server status is reported as Running
in the Administration Console. If the server is shown as Starting or Resuming, wait for the server status to change to Started
. If another status is reported (such as Admin or Failed), check the server output log files for errors.
Validate the Administration Console and the Oracle Enterprise Manager Fusion Middleware Control through Oracle HTTP Server using each of the console
and em
using the URLs available after Web Tier integration. For example:
http://iadadmin.example.com/console http://iadadmin.example.com/em http://igdadmin.example.com/console http://igdadmin.example.com/em
This section provides guidelines for when to use JDBC persistent stores for transaction logs (TLOGs) and JMS. This section also provides the procedures to configure the persistent stores in a supported database.
A JDBC store can be configured when a relational database is used for storage. A JDBC store enables you to store persistent messages in a standard JDBC-capable database, which is accessed through a designated JDBC data source. The data is stored in the JDBC store's database table, which has a logical name of WLStore. It is up to the database administrator to configure the database for high availability and performance. JDBC stores also support migratable targets for automatic or manual JMS service migration.
Using JMS in the database is optional; however, it can simplify Disaster Recovery implementations. If other servers in the same domain have already been configured with JDBC store for JMS, the same tablespace and data sources can be used. The sections below describe the steps to configure a database user and tablespace for the JDBC persistent store and a gridlink datasource in weblogic for the database schema.
Once the database schema and datasource are configured, you must create the JDBC persistent store and associate it with the gridlink datasource.
The following sections describe the process for configuring JDBC persistent store for the OIM JMS server. Same procedure can be followed to configure JDBC JMS persistence store for SOA and BI JMS servers.
Section 15.4.10.1, "About JDBC Persistent Stores for JMS and TLOGs"
Section 15.4.10.2, "Performance Impact of the TLOGs and JMS Persistent Stores"
Section 15.4.10.3, "Roadmap for Configuring a JDBC Persistent Store for TLOGs"
Section 15.4.10.4, "Roadmap for Configuring a JDBC Persistent Store for JMS"
Section 15.4.10.5, "Creating a User and Tablespace for TLOGs"
Section 15.4.10.7, "Creating GridLink Data Sources for TLOGs and JMS Stores"
Section 15.4.10.8, "Assigning the TLOGs JDBC Store to the Managed Servers"
Section 15.4.10.10, "Assigning the JMS JDBC Store to the JMS Servers"
Section 15.4.10.11, "Creating the Required Tables for JMS JDBC Store"
Oracle Fusion Middleware supports both database-based and file-based persistent stores for Oracle WebLogic Server transaction logs (TLOGs) and JMS. Before deciding on a persistent store strategy for your environment, consider the advantages and disadvantages of each approach.
Note:
Regardless of which storage method you choose, Oracle recommends that, for transaction integrity and consistency, you use the same type of store for both JMS and TLOGs.When you store your TLOGs and JMS data in an Oracle database, you can take advantage of the replication and high availability features of the database. For example, you can use OracleData Guard to simplify cross-site synchronization. This is especially important if you are deploying Oracle Fusion Middleware in a disaster recovery configuration.
Storing TLOGs and JMS data in a database also means you do not have to identity a specific shared storage location for this data. However, the shared storage is still required for other aspects of an enterprise deployment. For example, it is necessary for Admnistration Server configuration (to support Administration Server failover), for deployment plans, and for adapter artifacts, such as the File/FTP Adapter control and processed files.
If you are storing TLOGs and JMS stores on a shared storage device, you can protect this data by using the appropriate replication and backup strategy to guarantee zero data loss, and you will potentially realize better system performance. However, the file system protection will always be inferior to the protection provided by an Oracle Database.
For more information about the potential performance impact of using a database-based TLOGs and JMS store, see Section 15.4.10.2, "Performance Impact of the TLOGs and JMS Persistent Stores".
One of the primary considerations when selecting a storage method for Transaction Logs and JMS persistent stores is the potential impact on performance. This topic provides some guidelines and details to help you determine the performance impact of using JDBC persistent stores for TLOGs and JMS.
Performance Impact of Transaction Logs Versus JMS Stores
For transaction logs, the impact of using a JDBC store is relatively small, because the logs are very transient in nature. Typically, the effect is minimal when compared to other database operations in the system.
On the other hand, JMS database stores can have a higher impact on performance if the application is JMS intensive. For example, the impact of switching from a file-based to database-based persistent store is very low when you are using the SOA Fusion Order Demo (a sample application used to test Oracle SOA Suite environments), because the JMS database operations are masked by many other SOA database invocations that are much heavier.
Factors that Affect Performance
There are multiple factors that can affect the performance of a system when it is using JMS DB stores for custom destinations. The following are the important ones:
Custom destinations involved and their type
Payloads being persisted
Concurrency on the SOA system (producers on consumers for the destinations)
Depending on the effect of each one of the above, different settings can be configured in the following areas to improve performance:
Type of data types used for the JMS table (using raw versus lobs)
Segment definition for the JMS table (partitions at index and table level)
If your system uses Topics intensively, then, as concurrency increases, the performance degradation with an Oracle RAC database will increase more than for Queues. In tests conducted by Oracle with JMS, the average performance degradation for different payload sizes and different concurrency was less than 30% for Queues. For topics, the impact was more than 40%. Consider the importance of these destinations from the recovery perspective when deciding whether to use database stores.
Impact of Data Type and Payload Size
When choosing to use the RAW or SecureFiles LOB data type for the payloads, consider the size of the payload being persisted. For example, when payload sizes range between 100b and 20k, then the amount of database time required by SecureFiles LOB is slightly higher than for the RAW data type.
More specifically, when the payload size reach around 4k, then SecureFiles tend to require more database time. This is because 4k is where writes move out-of-row. At around 20k payload size, SecureFiles data starts being more efficient. When payload sizes increase to more than 20k, then the database time becomes worse for payloads set to the RAW data type.
One additional advantage for SecureFiles is that the database time incurred stabilizes with payload increases starting at 500k. In other words, at that point it is not relevant (for SecureFiles) whether the data is storing 500k, 1MB, or 2MB payloads, because the write is asynchronized, and the contention is the same in all cases.
The effect of concurrency (producers and consumers) on the queue's throughput is similar for both RAW and SecureFiles until the payload sizes reeach 50K. For small payloads, the effect on varying concurrency is practically the same, with slightly better scalability for RAW. Scalability is better for SecureFiles when the payloads are above 50k.
Impact of Concurrency, Worker Threads, and Database Partioning
Concurrency and worker threads defined for the persistent store can cause contention in the RAC database at the index and global cache level. Using a reverse index when enabling multiple worker threads in one single server or using multiple Oracle WebLogic Server clusters can improve things. However, if the Oracle Database partitioning option is available, then global hash partition for indexes should be used instead. This reduces the contention on the index and the global cache buffer waits, which in turn improves the response time of the application. Partitioning works well in all cases, some of which will not see significant improvements with a reverse index.
This section lists the tasks to configure a database-based persistent store for JMS:
This section lists the tasks to configure a database-based persistent store for JMS:
Before you can create a database-based persistent store for transaction logs, you must create a user and tablespace in a supported database by completing the following steps:
Create a tablespace called logs
. For example, log in to SQL*Plus as the sysdba
user and run the following command:
create tablespace IAMTLOGS datafile 'DBFILE_LOCATION/IAMTLOGS.dbf' size 32m autoextend on next 32m maxsize 2048m extent management local;
Create a user named IAMTLOGS
and assign to it the IAMTLOGS
tablespace using the following command:
create user IAMTLOGS identified by password;
grant create table to IAMTLOGS;
grant create session to IAMTLOGS;
alter user IAMTLOGS default tablespace IAMTLOGS;
alter user IAMTLOGS quota unlimited on IAMTLOGS;
To set up a user and tablespace for the JDBC Persistent store, complete the following steps:
Create a tablespace called IAMJMS
. For example, log on to SQL*Plus as the sysdba
user and run the following command:
create tablespace IAMJMS datafile 'DB_HOME/oradata/orcl/IAMJMS.dbf' size 32m autoextend on next 32m maxsize 2048m extent management local;
Create a user named EDGIGD_JMS
and assign to it the IAMJMS
tablespace using the following command:
create user EDGIGD_JMS identified by password;
grant create table to EDGIGD_JMS;
grant create session to EDGIGD_JMS;
alter user EDGIGD_JMS default tablespace IAMJMS;
alter user EDGIGD_JMS quota unlimited on IAMJMS;
Before you can configure database-based persistent stores for JMS and TLOGs, you must create two data sources: one for the TLOGs persistent store and one for the JMS persistent store.
For an enterprise deployment, you should use GridLink data sources for your TLOGs and JMS stores. To create a GridLink data source, complete the following steps:
Log in to the Oracle WebLogic Server Administration Console for the IAMGovernanceDomain. The following is an example of the URL:
http://
igdadmin.example.com
:7101/console
In the Change Center, click Lock & Edit.
In the Domain Structure tree, expand Services, then select Data Sources.
On the Summary of Data Sources page, click New and select GridLink Data Source, and enter the following information appropriate to the datasource you are creating:
Name | JNDI Name | Database Driver |
---|---|---|
IGDTLOGS_DS |
jdbc/igdtlogs |
Oracle's Driver (Thin) for GridLink Connections
Versions: 11 and later. |
IGDJMS_DS |
jdbc/igdjms |
Oracle's Driver (Thin) for GridLink Connections
Versions: 11 and later. |
Click Next.
On the Transaction Options page, de-select Supports Global Transactions, Logging Last Resource, and Emulate Two Phase commit.
Click Next.
On the GridLink Data Source Connection Properties Options screen, select Enter individual listener information.
Click Next.
Enter the following connection properties:
Service Name: Enter the service name of the database with lowercase characters. For a GridLink data source, you must enter the Oracle RAC service name. For example, igdedg.example.com
Host Name and Port: Enter the SCAN address and port for the RAC database, separated by a colon. For example:
db-scan.example.com
:1521
Click Add to add the host name and port to the list box below the field.
You can identify this address by querying the appropriate parameter in the database using the TCP Protocol:
SQL>show parameter remote_listener;
NAME | TYPE | VALUE |
---|---|---|
remote_listener |
string |
db-scan.example.com |
Note:
For Oracle Database 11g Release 1 (11.1), use the virtual IP and port of each database instance listener. For example:IDMDBHOST1-vip.example.com (port 1521)
and
IDMDBHOST2-vip.example.com (port 1521)
Port: The port on which the database server listens for connection requests.
Database User Name: For the TLOGs store, enter IAMTLOGS. For the JMS persistent store, enter EDGIGD_JMS. For example, EDGIGD_JMS
Password: Enter the password you used when you created the user in the database. For example: password
Confirm Password: Enter the password again.
Click Next.
On the Test GridLink Database Connection page, review the connection parameters and click Test All Listeners.
Click Next.
On the ONS Client Configuration page, do the following:
Select FAN Enabled to subscribe to and process Oracle FAN events.
Enter the SCAN address for the RAC database and the ONS remote port as reported by the database. For example:
srvctl config nodeapps -s
ONS exists: Local port 6100, remote port 6200, EM port 2016
Click ADD.
Click Next.
Note:
For Oracle Database 11g Release 1 (11.1), use the hostname and port of each database's ONS service, for example:IDMDBHOST1.example.com (port 6200)
and
IDMDBHOST2.example.com (6200)
On the Test ONS Client Configuration page, review the connection parameters and click Test All ONS Nodes.
Click Next.
On the Select Targets page, select cluster_bi, cluster_oim, and cluster_soa.
Click Finish.
Repeat the steps to create both the data sources.
Click Activate Changes after you create each of the data sources, or after creating both.
After you create the tablespace and user in the database, and the datasource, you must assign the TLOGs persistence store to each of the required Managed Servers. To do this, complete the following steps:
Log in to the Oracle WebLogic Server Administration Console for the IAMGovernanceDomain. The following is an example of the URL:
http://
igdadmin.example.com
:7101/console
In the Change Center, click Lock and Edit.
In the Domain Structure tree, expand Environment, and then Servers.
Click the name of the Managed Server you want to use the TLOGs store.
Select Configuration, and then select General.
Go to the Services tab.
Under Transaction Log Store, select JDBC from the Type menu.
From the Data Source menu, select the data source you created for the TLOGs persistence store.
In the Prefix Name field, specify a prefix name to form a unique JDBC TLOG store name for each configured JDBC TLOG store.
Click Save.
Repeat step 3 to 7 for each of the additional Managed Servers in the cluster.
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
To create a JDBC Persistent Store, complete the following steps:
Log in to the Oracle WebLogic Server Administration Console.
In the Change Center, click Lock & Edit.
In the Domain Structure tree, expand Services, then select Persistent Stores.
On the Summary of Persistent Stores page, click New, and select JDBC Store, and enter the following:
Name: Name of the jdbc store. For example, OIMJMSDBSTORE_1
Target: wls_oim1
Data Source: IGDJMS_DS
Prefix Name: oimjmsdb1
Note:
It is highly recommended that you configure the Prefix option to a unique value for each configured JDBC store table.Click OK.
Repeat steps 3 to 5 for the Persistent Stores listed in Table 15-16
Name | Target | Datasource | Prefix |
---|---|---|---|
OIMJMSDBSTORE_2 |
wls_oim2 |
IGDJMS_DS |
oimjmsdb2 |
SOAJMSDBSTORE_1 |
wls_soa1 |
IGDJMS_DS |
soajmsdb1 |
SOAJMSDBSTORE_2 |
wls_soa2 |
IGDJMS_DS |
soajmsdb2 |
BIJMSDBSTORE_1 |
wls_bi1 |
IGDJMS_DS |
bijmsdb1 |
BIJMSDBSTORE_2 |
wls_bi2 |
IGDJMS_DS |
bijmsdb2 |
BPMJMSDBSTORE_1 |
wls_soa1 |
IGDJMS_DS |
bpmjmsdb1 |
BPMJMSDBSTORE_2 |
wls_soa2 |
IGDJMS_DS |
bpmjmsdb2 |
JRFWSASYNCDBSTORE_1 |
wls_oim1 |
IGDJMS_DS |
jrfwsasynchdb1 |
JRFWSASYNCDBSTORE_2 |
wls_oim2 |
IGDJMS_DS |
jrfwsasynchdb2 |
PS6SOAJMSDBSTORE_1 |
wls_soa1 |
IGDJMS_DS |
ps6soajmsdb1 |
PS6SOAJMSDBSTORE_2 |
wls_soa2 |
IGDJMS_DS |
ps6soajmsdb2 |
UMSJMSDBSTORE_1 |
wls_soa1 |
IGDJMS_DS |
umsjmsdb1 |
UMSJMSDBSTORE_2 |
wls_soa2 |
IGDJMS_DS |
umsjmsdb2 |
To configure JMS Server to use JDBC Persistent Store, do the following:
In the Domain Structure tree, expand Services, Messaging, and then select JMS Servers.
On the Summary of JMS Servers page, click OIMJMSSERVER_auto_1, that is the JMS Server for OIM that is targeted to WLS_OIM1.
On the General Configurations page of the OIM JMS Server, update the Persistent Store to use the JDBC Persistent store OIMJMSDBSTORE_1.
Click Save and then click Finish.
Repeat steps 1 to 4 for each of the JMS data stores created in the earlier sections.
Click Activate Changes.
Note:
When Oracle BI Publisher is configured, only one persistent store is created. This is a know issue. To create JMS store for each of the BI Managed Servers, manually, refer to Section 20.2.2, "Configuring JMS for BI Publisher".The final step in using a JDBC persistent store for JMS is to create the required JDBC store tables. Perform this task before restarting the Managed Servers in the domain. To do this, complete the following steps:
If you want to use oracle_blob.ddl
, run the following commands to extract the oracle_blob.ddl
file from the com.bea.core.store.jdbc_1.3.1.0.jar
file:
cd
IGD_MW_HOME
/modules
jar -xvf com.bea.core.store.jdbc_1.3.1.0.jar weblogic/store/io/jdbc/ddl
Note:
If you omit theweblogic/store/io/jdbc/ddl
parameter, then the entire jar file is extracted.Review the information in Performance Impact of the TLOGs and JMS Persistent Stores, and edit the DDL file, accordingly.
For example, for an optimized schema definition that uses both secure files and hash partitioning, create a jms_custom.ddl
file in the RT_HOME
directory (or any other directory on shared storage accessible from all servers) with the following content:
CREATE TABLE $TABLE ( id int not null, type int not null, handle int not null, record blob not null, PRIMARY KEY (ID) USING INDEX GLOBAL PARTITION BY HASH (ID) PARTITIONS 8) LOB (RECORD) STORE AS SECUREFILE (ENABLE STORAGE IN ROW);
This example can be compared to the default schema definition for JMS stores, where the RAW data type is used without any partitions for indexes.
Note that the number of partitions should be a power of two. This will ensure that each partition will be of the same size. The recommended number of partitions will vary depending on the expected table or index growth. You should have your database administrator (DBA) analyze the growth of the tables over time and adjust the tables accordingly. For more information, see the Oracle Database VLDB and Partitioning Guide.
Edit the existing JDBS Store you created earlier to create the table that will be used for the JMS data, using the Administration Console. To do this, complete the following steps:
Log in to the Oracle WebLogic Server Administration Console.
In the Change Center, click Lock and Edit.
In the Domain Structure tree, expand Services, then expand Persistent Stores.
Click the persistent store you created earlier.
Under the Advanced options, enter RT_HOME
/jms_custom.ddl
in the Create Table from DDL File field.
Note:
You can use theoracle_blob.ddl
that was extracted from com.bea.core.store.jdbc_1.3.1.0.jar
or you can use a custom ddl script prepared as part of step 2.
The oracle_blob.ddl path would be:
IGD_MW_HOME
/modules/weblogic/store/io/jdbc/ddl/oracle_blob.ddl
Click Save.
To activate these changes, in the Change Center of the Administration Console, click Activate Changes.
Restart the Managed Servers.
If a node running the Administration Server fails, you can fail over the Administration Server to another node. To do this, complete the following steps:
Disable the Administration Server virtual IP address on the failed server, if it is not disabled already.
Unmount the ASERVER_HOME
shared file system from the failed server, if it is not dismounted already.
Mount the ASERVER_HOME
shared file system on a new node.
Enable the Administration Server virtual IP Address on the new server.
Start the Administration Server.
It is recommendation that you create a backup after successfully completing the installation and configuration of each tier, or at another logical point. Create a backup after verifying that the installation so far was successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process.
For information about backing up database, see Oracle Database Backup and Recovery User's Guide.
To back up the installation at this point, complete the following steps:
Back up the web tier.
Back up the database. This is a full database backup, either hot or cold. The recommended tool is Oracle Recovery Manager.
Stop the Node Manager and all the processes running in the domain.
Back up the Administration Server domain directory. This saves your domain configuration. The configuration files all exist under the ORACLE_BASE
/admin/domainName/aserver
directory.
Some IAM Products require that the SSL certificate used by the load balancer be added to the trusted certificates in the JDK.
To add the certificate, do the following:
Create a directory to hold user created keystores and certificates. For example:
mkdir SHARED_CONFIG_DIR/keystores
Obtain the certificate from the load balancer.
You can obtain the load balancer certificate from the using a browser, such as Firefox. However, the easiest way to obtain the certificate is to use the openssl
command. The syntax of the command is as follows:
openssl s_client -connect LOADBALANCER -showcerts </dev/null 2>/dev/null|openssl x509 -outform PEM > SHARED_CONFIG_DIR/keystores/LOADBALANCER.pem
For example:
openssl s_client -connect login.example.com:443 -showcerts </dev/null 2>/dev/null|openssl x509 -outform PEM > SHARED_CONFIG_DIR/keystores/login.example.com.pem
This command saves the certificate to a file called login.example.com
.pem
in the following directory:
SHARED_CONFIG_DIR/keystores
Load the certificate into the JDK and Node Manager Trust Stores by running the following command to import the CA certificate file, login.example.com.pem
, into the IGD_MW_HOME
Java, and Node Manager trust stores:
set JAVA_HOME to IGD_MW_HOME/jdk set PATH to include JAVA_HOME/bin keytool -importcert -file SHARED_CONFIG_DIR/keystores/login.example.com.pem -trustcacerts -keystore $JAVA_HOME/jre/lib/security/cacerts keytool -importcert -file SHARED_CONFIG_DIR/keystores/login.example.com.pem -trustcacerts -keystore SHARED_CONFIG_DIR/keystores/appTrustKeyStore-oimhost1vhn1.example.com.jks keytool -importcert -file SHARED_CONFIG_DIR/keystores/login.example.com.pem -trustcacerts -keystore SHARED_CONFIG_DIR/keystores/appTrustKeyStore-oimhost2vhn1.example.com.jks keytool -importcert -file SHARED_CONFIG_DIR/keystores/login.example.com.pem -trustcacerts -keystore SHARED_CONFIG_DIR/keystores/appTrustKeyStore-oimhost1.example.com.jks keytool -importcert -file SHARED_CONFIG_DIR/keystores/login.example.com.pem -trustcacerts -keystore SHARED_CONFIG_DIR/keystores/appTrustKeyStore-oimhost2.example.com.jks
You are prompted to enter a password for the keystore. The default password for the JDK is changeit
. The default password for the Node Manager keystores is COMMON_IAM_PASSWORD
. You are also prompted to confirm that the certificate is valid.
Note:
The names of the virtual hosts you assigned to your OIM server areoimhost1vhn1
and oimhost2vhn1
.This section describes the tasks specific to Exalogic optimization. This sections contains the following topic:
Perform these steps to enable WebLogic domain Exalogic optimizations:
Log in to the Oracle WebLogic Server Administration Console.
Select the domain name - IAMAccessDomain or IAMGovernanceDomain, in the left navigation pane.
Click Lock & Edit.
On the Settings page, click the General tab.
Select Enable Exalogic Optimizations, and click Save and Activate Changes.
Restart the WebLogic Administration Server.