| Oracle® Application Server Enterprise Deployment Guide 10g (10.1.4.0.1) Part Number B28184-02 |
|
|
View PDF |
| Oracle® Application Server Enterprise Deployment Guide 10g (10.1.4.0.1) Part Number B28184-02 |
|
|
View PDF |
Installing the Oracle Application Server Metadata Repository for the Security Infrastructure
Installing the Oracle Internet Directory Instances in the Data Tier
Configuring the Virtual Server to Use the Load Balancing Router
Testing the Data Tier Components
You must install the 10g (10.1.4.0.1) OracleAS Metadata Repository before you install components into the Security DMZ. Oracle Application Server provides a tool, the Oracle Application Server Repository Creation Assistant, to create the OracleAS Metadata Repository in an existing database.
The 10g (10.1.4.0.1) OracleAS RepCA is available on the OracleAS RepCA CD-ROM or the Oracle Application Server DVD-ROM. You install the OracleAS RepCA in its own, separate Oracle home.
To install the OracleAS Metadata Repository, you must perform these steps:
Install the OracleAS RepCA, following the steps in Section 2.1.1.
Ensure that the database meets the requirements specified in the "Database Requirements" section of the Oracle Application Server Metadata Repository Creation Assistant User's Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using. In addition, ensure that:
The database computer has at least 512 MB of swap space available for execution of the OracleAS RepCA
There are no dependencies of any kind related to the ultrasearch directory in the database's Oracle home. The OracleAS RepCA replaces this directory with a new version, renaming the existing version of the directory to ultrasearch_timestamp.
Execute the OracleAS RepCA, following the steps in Section 2.1.2 or Section 2.1.3.
To install into a database using raw devices, follow the steps in Section 2.1.2, "Installing the Metadata Repository in a Database Using Raw Devices".
To install into a database using Oracle Cluster File System, follow the steps in Section 2.1.3, "Installing the Metadata Repository in an Oracle Cluster File System (OCFS)".
Perform the post-installation step described in Section 2.1.4.
Follow these steps to install the OracleAS RepCA into its own Oracle home:
Insert the OracleAS RepCA CD-ROM or the Oracle Application Server DVD-ROM.
Note:
If your computer does not mount CD-ROMs or DVD-ROMs automatically, you must set the mount point manually.Start the installer, using the method corresponding to the installation media:
(CD-ROM)
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
(DVD-ROM) Navigate to the repca_utilities directory and do one of the following:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
The Specify File Locations screen appears.
In the Name field, specify a name for the OracleAS RepCA Oracle home. The Oracle home name must contain only alphanumeric characters and the underscore character, and be 128 characters or fewer.
In the Destination field, enter the full path to a new Oracle home in which to install the OracleAS RepCA, and click Next.
The Launch Repository Creation Assistant screen appears.
Select No and click Next.
The Summary screen appears.
Click Install.
The Configuration Assistants screen appears, executing the OracleAS RepCA, and indicating "In Progress".
When the OracleAS RepCA is no longer running, exit the OracleAS RepCA.
The End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Follow these steps to install the Metadata Repository into an existing two-node Real Application Clusters (RAC) database using raw devices:
Create raw devices for the OracleAS Metadata Repository.
Tip:
The command to create tablespaces is specific to the volume manager used. For example, the command to create a tablespace in VERITAS Volume Manager is
vxassist.Create a file to map the tablespaces to the raw devices. Each line in the file has the format:
tablespace name=raw device file path
Note:
Creating the sample file is not mandatory; you can enter the tablespace values into the Specify Tablespace Information screen during execution of the OracleAS RepCA.Populate the DBCA_RAW_CONFIG environment variable with the full path and filename of the tablespace mapping file.
Ensure that the database and listener are running.
Ensure that the NLS_LANG environment variable is not set to a non-English locale, or is set to american_america.us7ascii, with one of the following commands:
UNIX:
unsetenv NLS_LANG
setenv NLS_LANG american_america.us7ascii
Windows:
set NLS_LANG=
set NLS_LANG=american_america.us7ascii
Note:
If you need to, you can set NLS_LANG to its original value after executing the OracleAS RepCA.Start the OracleAS RepCA from the OracleAS RepCA Oracle home with this command:
runRepca
The Welcome screen appears.
Click Next.
The Specify Oracle Home screen appears.
In the Oracle Home field, specify the full path of the database Oracle home.
In the Log File Directory field, specify the full path of the directory on the current computer in which you want the OracleAS RepCA to write its log files. Ensure correct input for the Log File Directory on this screen, as you will not be able to change it after you have proceeded beyond this screen.
Click Next.
The Select Operation screen appears.
Select Load and click Next.
The Specify Database Connection screen appears.
Enter the SYS user name and password and the host and port information. For example:
infradbhost1.mycompany.com:1521,infradbhost2.mycompany.com:1521
Click Next.
The Specify Storage Options screen appears.
Select Regular or Cluster File System.
The Specify Tablespace Information screen appears, displaying the values from the file specified by the DBCA_RAW_CONFIG environment variable.
Correct the values, if necessary, and click Next.
The Warning: Check Disk Space dialog appears if your SYSTEM and UNDO tablespaces are set to autoextend.
Check the disk space as specified in the dialog and click OK.
The Loading Repository screen appears. The tablespaces and schemas are created and populated.
The Success screen appears.
Click OK.
The OracleAS RepCA exits.
If the installation was unsuccessful, or you need more information, see the Oracle Application Server Metadata Repository Creation Assistant User's Guide.
Follow these steps to install the Metadata Repository into an existing two-node Real Application Clusters (RAC) database using an OCFS file system:
Ensure that the database and listener are running.
Start the OracleAS RepCA from the OracleAS RepCA Oracle home with this command:
runRepca
The Welcome screen appears.
Click Next.
The Specify Oracle Home screen appears.
In the Oracle Home field, specify the full path of the database Oracle home.
In the Log File Directory field, specify the full path of the directory on the current computer in which you want the OracleAS RepCA to write its log files. Ensure correct input for the Log File Directory on this screen, as you will not be able to change it after you have proceeded beyond this screen.
Click Next.
The Select Operation screen appears.
Select Load and click Next.
The Specify Database Connection screen appears.
Enter the SYS user password, select the Real Application Clusters Database option, and enter the host and port information. For example:
infradbhost1.mycompany.com:1521,infradbhost2.mycompany.com:1521
Enter the service name.
Click Next.
The Specify Storage Options screen appears.
Select Regular or Cluster File System.
The Specify Tablespace Information screen appears.
Select a directory option (Use Same Directory for All Tablespaces or Use Individual Directories for Each Tablespace) and complete the remaining fields. When specifying a directory, ensure that it is an existing, writable directory with sufficient free space. Click Next.
The Warning: Check Disk Space dialog appears if your SYSTEM and UNDO tablespaces are set to autoextend.
Check the disk space as specified in the dialog and click OK.
The Loading Repository screen appears. The tablespaces and schemas are created and populated.
The Success screen appears.
Click OK.
The OracleAS RepCA exits.
If the installation was unsuccessful, or you need more information, see the Oracle Application Server Metadata Repository Creation Assistant User's Guide.
You must configure the SQLNET.EXPIRE_TIME parameter in the sqlnet.ora file on the application infrastructure database.
Open the file ORACLE_HOME/network/admin/sqlnet.ora file (UNIX) or the ORACLE_BASE/ ORACLE_HOME/network/admin/sqlnet.ora file (Windows).
Set the SQLNET.EXPIRE_TIME parameter to a value lower than the TCP session time out value for the Load Balancing Router and firewall.
Restart the listener by issuing these commands in ORACLE_HOME/bin:
lsnrctl stop
lsnrctl start
Follow these steps to install the Oracle Internet Directory components (OIDHOST1 and OIDHOST2) on the Data Tier with the Metadata Repository. The procedures for the installations are very similar, but the selections in the configuration options screen differ.
Note:
Ensure that the clocks are synchronized between the two computers on which you intend to install the Oracle Internet Directory instances. Errors will occur if this is not done.The OracleAS Metadata Repository must be running before you perform this task. Follow these steps to install the 10g (10.1.4.0.1)Oracle Internet Directory on OIDHOST1:
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Application Server Quick Installation Guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Ensure that ports 389 and 636 are not in use by any service on the computer by issuing these commands for the operating system you are using. (If the port is not in use, no output is returned from the command.)
On UNIX:
netstat -an | grep "389"
netstat -an | grep "636"
On Windows:
netstat -an | findstr :389
netstat -an | findstr :636
If the port is in use (if the command returns output identifying the port), you must free the port.
In UNIX:
Remove the entries for ports 389 and 636 in the /etc/services file and restart the services, or restart the computer.
In Windows:
Stop the component that is using the port.
Copy the staticport.ini file from the Disk1/stage/Response directory to the Oracle home directory.
Edit the staticport.ini file to assign the following custom ports:
Oracle Internet Directory port = 389 Oracle Internet Directory (SSL) port = 636
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory directory and the operating system group that has permission to write to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the oraInstRoot.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for the installation (Source)
The name and path to an Oracle home (Destination)
Note:
Ensure that the Oracle home directory path for OIDHOST1 is the same as the path to the Oracle home location of OIDHOST2. For example, if the path to the Oracle home on OIDHOST1 is:/u01/app/oracle/product/AS10gOID
then the path to the Oracle home on OIDHOST2 must be:
/u01/app/oracle/product/AS10gOID
Specify the Destination Name and Path, if different from the default, and click Next.
The Select a Product to Install screen appears.
Figure 2-1 Oracle Universal Installer Select a Product to Install Screen
Select OracleAS Infrastructure 10g, as shown in Figure 2-1, and click Next.
The Select Installation Type screen appears.
Select Identity Management, as shown in Figure 2-2, and click Next.
Figure 2-2 Oracle Universal Installer Select Installation Type Screen
The Product-Specific Prerequisite Checks screen appears.
Click Next.
The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met, check the box for each, and click Next.
The Select Configuration Options screen appears.
Figure 2-3 Oracle Universal Installer Select Configuration Options Screen
Select Oracle Internet Directory, OracleAS Directory Integration and Provisioning, and High Availability and Replication, as shown in Figure 2-3, and click Next.
The Specify Port Configuration Options screen appears.
Figure 2-4 Oracle Universal Installer Specify Port Configuration Options Screen
Select Manual, as shown in Figure 2-4, and click Next.
The Specify Repository screen appears.
Provide the DBA login and computer information as shown in Figure 2-5 and click Next.
Figure 2-5 Oracle Universal Installer Specify Repository Screen
The Select High Availability or Replication Option screen appears.
Select OracleAS Cluster (Identity Management), as shown in Figure 2-6, and click Next.
Figure 2-6 Oracle Universal Installer Select High Availability or Replication Option Screen
The Specify Namespace in Internet Directory screen appears.
Figure 2-7 Oracle Universal Installer Specify Namespace in Internet Directory
Click Next to specify the default Suggested Namespace shown in Figure 2-7, or enter values for the Custom Namespace and click Next.
The Specify Instance Name and ias_admin Password screen appears.
Specify the instance name and password and click Next.
The Summary screen appears.
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
The Install screen appears with a progress bar. On UNIX systems, a dialog opens prompting you to run the root.sh script.
Open a window and run the script.
The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
The OracleAS Metadata Repository and the first Oracle Internet Directory must be running before you perform this task. Follow these steps to install the 10g (10.1.4.0.1) Oracle Internet Directory on OIDHOST2:
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Application Server Quick Installation Guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Ensure that ports 389 and 636 are not in use by any service on the computer by issuing these commands for the operating system you are using. (If the port is not in use, no output is returned from the command.)
On UNIX:
netstat -an | grep "389"
netstat -an | grep "636"
On Windows:
netstat -an | findstr :389
netstat -an | findstr :636
If the port is in use (if the command returns output identifying the port), you must free the port.
In UNIX:
Remove the entries for ports 389 and 636 in the /etc/services file and restart the services, or restart the computer.
In Windows:
Stop the component that is using the port.
Copy the staticport.ini file from the Disk1/stage/Response directory to the Oracle home directory.
Edit the staticport.ini file and uncomment, and update these entries:
Oracle Internet Directory port = 389 Oracle Internet Directory (SSL) port = 636
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory directory and the operating system group that has permission to write to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the oraInstRoot.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for the installation (Source)
The name and path to an Oracle home (Destination)
Note:
Ensure that the Oracle home directory path for OIDHOST1 is the same as the path to the Oracle home location of OIDHOST2. For example, if the path to the Oracle home on OIDHOST1 is:/u01/app/oracle/product/AS10gOID
then the path to the Oracle home on OIDHOST2 must be:
/u01/app/oracle/product/AS10gOID
Specify the Destination Name and Path, if different from the default, and click Next.
The Select a Product to Install screen appears.
Figure 2-8 Oracle Universal Installer Select a Product to Install Screen
Select OracleAS Infrastructure 10g, as shown in Figure 2-8, and click Next.
The Select Installation Type screen appears.
Select Identity Management, as shown in Figure 2-9, and click Next.
Figure 2-9 Oracle Universal Installer Select Installation Type Screen
The Product-specific Prerequisite Checks screen appears.
Click Next.
The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met, check the box for each, and click Next.
The Select Configuration Options screen appears.
Figure 2-10 Oracle Universal Installer Select Configuration Options Screen
Select Oracle Internet Directory, OracleAS Directory Integration and Provisioning, and High Availability and Replication, as shown in Figure 2-10, and click Next.
The Specify Port Configuration Options screen appears.
Figure 2-11 Oracle Universal Installer Specify Port Configuration Options Screen
Select Manual, as shown in Figure 2-11, and click Next.
The Specify Repository screen appears.
Provide the DBA login and computer information as shown in Figure 2-12 and click Next.
Figure 2-12 Oracle Universal Installer Specify Repository Screen
A dialog opens, prompting you to synchronize the system time of the primary Oracle Internet Directory computer and the system time on the computer on which you are installing.
Synchronize the system time on the computers and click OK.
The Specify ODS Password screen appears.
Specify the ODS password (by default, the ias_admin password), as shown in Figure 2-13, and click Next.
Figure 2-13 Oracle Universal Installer Specify ODS Password Screen
The Specify OID Login screen appears.
Specify the user name and password, as shown in Figure 2-14, and click Next.
Figure 2-14 Oracle Universal Installer Specify OID Login Screen
The Specify Instance Name and ias_admin Password screen appears.
Specify the instance name and password and click Next.
The Summary screen appears.
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
The Install screen appears with a progress bar. On UNIX systems, a dialog opens prompting you to run the root.sh script.
Open a window and run the script.
The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
If you plan to use the Enterprise Deployment Architecture for myJ2EEcompany.com with JAZN-SSO/DAS (shown in Figure 2–1), you must configure the Load Balancing Router to perform these functions:
Balance the requests received on ports 389 and 636 to oidhost1.mycompany.com and oidhost2.mycompany.com on ports 389 and 636.
Monitor the heartbeat of the Oracle Internet Directory processes on both computers. If an Oracle Internet Directory process stops on one of the computers, the Load Balancing Router must route the LDAP traffic to the surviving computer.
Note:
Some tuning of the Load Balancing Router's monitoring interval and time out values may be required to ensure system availability. If the interval or time out value is too long, the Load Balancing Router will not detect service failures in time; if it is too short, the Load Balancing Router may erroneously detect that a server is down.For example, suppose the Load Balancing Router maps the virtual IP address oid.mycompany.com to the two Oracle Internet Directory servers for round robin load balancing, and the monitoring scheme attempts an ldapbind at 10-second intervals.
If the Oracle Internet Directory on OIDHOST1 is down, then the Load Balancing Router directs all traffic to the Oracle Internet Directory on OIDHOST2 only.However, there is a10-second interval during which the Load Balancing Router is unaware that the Oracle Internet Directory on OIDHOST1 is down. There is also a 30-second time out period. During this period, the Load Balancing Router continues to direct traffic to both Oracle Internet Directory servers in round robin mode, and ldapbind failures will occur when it attempts connections to the Oracle Internet Directory on OIDHOST1.
Perform these steps to test the Data Tier components:
Ensure that you can connect to each Oracle Internet Directory instance and the Load Balancing Router, using this command:
ldapbind -p 389 -h OIDHOST1
ldapbind -p 389 -h OIDHOST2
ldapbind -p 389 -h oid.mycompany.com
Start the oidadmin tool on each Oracle Internet Directory instance in ORACLE_HOME/bin with this command:
oidadmin
The Data Tier configuration is now as shown in Figure 2-15.
