Oracle® Application Server Enterprise Deployment Guide 10g Release 3 (10.1.3.2.0) Part Number B32125-02 |
|
|
View PDF |
Installing and Configuring the Web and Application Tiers
Configuring Session State Replication for the OC4J_Apps and OC4J_WebCenter Instance
Configuring APPHOST1 and APPHOST2 for the RAC Database
Configuring Network Communication
Configuring Application Authentication and Authorization
WebCenter Application Deployment and Migration Utilities (Optional)
The myWebCenterApplication Tier consists of multiple computers hosting middle-tier Oracle Application Server instances. Each instance can contain multiple Oracle Containers for J2EE instances on which you deploy applications. In the complete configuration, requests are balanced among the OC4J instances on the application tier computers to create a performant and fault tolerant application environment.
Note:
When the Application Server Control application and the JSSO application are in the same OC4J instance, complex application deployments through the Application Server Control may consume the majority of resources in the JVM, and affect single sign-on. Ideally, the Application Server Control and JSSO should reside in separate OC4J instances.The Web Tier(WEBHOST1 and WEBHOST2) consists of Oracle HTTP Servers. Figure 1-1, "Enterprise Deployment Architecture for myWebCenter.com with JSSO and Oracle Internet Directory" shows the Application Tier (APPHOST1 and APPHOST2) and Web tiers.
Note:
These instructions assume installation of Oracle HTTP Server based on Apache 1.3.33 from the Oracle WebCenter Suite from the product CD. However, you may install Oracle HTTP Server based on Apache 2.0 from the Companion CD instead. If you choose to do this, note that the path to the Oracle HTTP Server configuration file for the Oracle HTTP Server from the Companion CD is:ORACLE_HOME
/ohs/conf/httpd.conf
Ensure that the system, patch, kernel and other requirements are met as specified in the installation guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticports.ini
file from the Disk1/stage/Response
directory to a local directory, such as TMP. You will provide the path to this file during installation.
Edit the staticport.ini
file to assign the following custom ports:
Oracle HTTP Server port = 7777
Note:
Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature to install the the Application Server Tier ensures that the port assignments will be consistent, if the ports are correctly specified in the file and the port is not already in use. If a port is incorrectly specified, the Oracle Universal Installer will assign the default port. If a port is already in use, the Oracle Universal Installer will select the next available port.Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Oracle Application Server WebCenter 10.1.3.2.0 installation screen appears.
Specify an installation directory for the instance.
Select Advanced Installation.
Click Next.
A confirmation dialog appears.
Click Yes.
A progress dialog appears, then the Select Installation Type screen appears.
Select Oracle HTTP Server and click Next.
The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini
file, and click Next.
The Specify Instance Name screen appears.
Specify the instance name and click Next.
The Cluster Topology Configuration screen appears.
Check the box to configure the instance to be part of an Oracle Application Server cluster.
Specify the multicast address and port.
Note:
An example of a multicast address is225.0.0.20
, with port 8001
. The address and port should be the same for each computer in a farm.Click Install.
The Configuration Assistants screen appears. When the configuration process completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Verify that the installation was successful by viewing the Oracle HTTP Server instance. Start a browser and access:
http://
WEBHOST1
:7777
or
http://
WEBHOST2
:7777
Note:
TheORACLE_HOME
/install/readme.txt
file contains the URLs for the installation and a command to verify the status of processes.If you installed the Oracle HTTP Server based on Apache 2.0 from the Companion CD on WEBHOST1 and WEBHOST2, the instance name on both computers will be the default name assigned by the installer. In a cluster, you will want the instance names to be unique when you view the instances with the opmnctl @cluster status
command. Follow these steps to rename an instance:
Stop the instance by issuing this command:
opmnctl stopall
Modify the ORACLE_HOME
/opmn/conf/opmn.xml
file to change the instance id and name as shown:
<ias-instance id="IAS-1 name="IAS-1">
Replace both occurrences of the existing instance name (IAS-1 in the example) with a unique instance name.
Save and close the file.
Restart the instance by issuing this command:
opmnctl startall
Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Start the Oracle Universal Installer using one of these commands:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Oracle WebCenter Suite 10.1.3.2.0 installation screen appears.
Specify an installation directory for the instance, or leave the default.
Select Advanced Installation and click Next.
A confirmation dialog appears.
Click Yes.
A progress dialog appears, then the Select Installation Type screen appears.
Select Oracle WebCenter Framework and click Next.
The Specify Port Configuration Options screen appears.
Select Automatic and click Next.
The Administration Settings screen appears.
Specify the instance name, provide and confirm the administrator password, and on the APPHOST1 installation only, select the Start ASControl in this instance home checkbox and click Next.
The Cluster Topology Configuration screen appears.
Check the box to configure the instance to be part of an Oracle Application Server cluster, and check the box to access the instance from a separate Oracle HTTP Server.
Specify the multicast address and port.
Note:
An example of a multicast address is225.0.0.20
, with port 8001
. The address and port should be the same for each computer in a farm.Click Install.
The Configuration Assistants screen appears. When the configuration process completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
WebCenter application customizations are stored in MDS on the file system. When you predeploy a WebCenter Application, you must specify an MDS location on APPHOST1 and APPHOST2. A shared file system is used for high availability (see Figure 1-1, Figure 1-2 and Figure 1-3). The locations must be identical. You can use any location on the file system, observing these conditions:
On Microsoft Windows, the drive letter must be the same on both systems: for example, system 1 and system 2 must both refer to the location as X:\mds
; it cannot be D:\mds
on one system and and E:\mds
on the other system.
On UNIX, the mount point must be identical: system 1 and system 2 must refer to the same directory, such as /oracle/webcenter
.
In a clustered environment, you need only execute the predeployment tool once to produce the target EAR file, and then you deploy that EAR file on other OC4J instances. For more information about the predeployment for deploying WebCenter applications, see the Oracle WebCenter Framework Developer's Guide.
WebCenter applications can consume portlets such as Web Services for Remote Portlets (WSRP) or Portal Developer Kit (PDK-Java) portlets hosted by a portlet producer. The portlet producers store portlet customizations, or preferences, in a preference store that resides in a database or on a file system. In an enterprise deployment, you put the preference store on a database that is configured for high availability, such as a Real Application Clusters database or a cold failover cluster database.A portlet preference store is different from MDS in purpose and implementation. MDS stores application metadata and can reside only on a file system, as described in Chapter3, "Specifying an Oracle Metadata Services (MDS) Location".
By default, the PDK-Java and WSRP producers that are located in the OC4J_WebCenter instances are configured to use the file-based preference store. For high availability, you configure the preference store to use a database. To do this, you must set up a schema for the preference store in the database, configure the producer, and map preference store connection details to a JDBC data source.
Navigate to the ORACLE_HOME
/bin
directory.
Connect to SQL*Plus using the SYS account and SYSDBA database administrator role.
Issue this command (substituting the Oracle home path):
@ORACLE_HOME
/j2ee/home/database/wsrp/dbprefstore.sql
When prompted, create a user name and password for the WSRP and PDK-Java preference store database schema. This user name and password will be used in the command in Chapter3, "Creating the WebClipping Schema".
A database preference store is created and the schema populated with the required database objects.
Create the schema by issuing this command (shown on multiple lines for readability):
ORACLE_HOME/jdk/bin/java -classpath ORACLE_HOME/lib/xmlparserv2.jar:ORACLE_HOME/jdbc/lib/ojdbc14.jar:ORACLE_HOME/portal/jlib/wce.jar oracle.portal.wcs.Installer -installSchema -username preference store schema user -password preference store schema user password -dburl jdbc:oracle:thin:@//database host:database port/database service name
Substitute Oracle home values, user name, password, and database information where indicated with italics.
Add a new data source entry that maps the connection details for the preference store schema to a JDBC data source. You can use any data source that has its JNDI location set to jdbc/portletPrefs
.
Access the Application Server Control Console at http://
hostname
:
port
/em/
and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.
Click the link for the OC4J_WebCenter instance.
Click Administration.
The Administration Tasks list appears.
Click the Go to Task icon for JDBC Resources under the Services task.
The JDBC Resources page appears.
Click Create in the Connection Pools section.
The Create Connection Pool - Application page appears.
Click Continue (leave the default selections).
The Create Connection Pool page appears.
Specify the following values:
Name: The name of the connection pool, for example, OracleWSRPPool
.
Connection Factory Class: Leave the default value.
JDBC URL: The JDBC URL for the Oracle database that contains the schema for the application. For example:
jdbc:oracle:thin:@//custdbhost.mycompany.com:1521/service name
Username: The username for the database that contains the schema for this application.
Use Cleartext Password/Password: N/A
Use Indirect Password/Indirect Password: Select this radio button and provide the indirect password for the database that contains the schema for this application.
Click Finish.
The JDBC Resources page appears.
Click the Test Connection icon for the newly created connection.
Click Create in the Data Sources section.
The Create Data Source - Application & Type page appears.
Click Continue (leave the defaults).
The Create Data Source - Managed Data Source page appears.
Specify the following values:
Name: The name of the data source, for example, WSRP_PREF_DS
.
JNDI Location: jdbc/portletPrefs
Transaction Level: Leave the default.
Connection Pool: OracleWSRPPool
(created in prior step)
Login Timeout: Leave the default.
Click Finish.
Edit the ORACLE_HOME
/j2ee/
OC4J_instance
/applications/
application name
/
optional web module name
/WEB-INF/web.xml
file to specify a database preference store for each application (replace OC4J_instance, application name, and, if applicable, optional web module name with the applicable names). Modify (or, if necessary, add under the web-app
tag) the env-entry-value
as shown in the example:
<env-entry>
<env-entry-name>oracle/portal/wsrp/server/persistentStore</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>Database</env-entry-value>
</env-entry>
Access the Application Server Control Console at http://hostname:port/em/ and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.Check the box in the Select column for the OC4J_WebCenter instance.
Click Restart.
Map the connection details for the preference store schema to a JDBC data source. You can use any data source that has its JNDI location set to jdbc/portletPrefs
.
Access the Application Server Control Console at http://
hostname
:
port
/em/
and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.
Click the link for the home instance.
Click Administration.
The Administration Tasks list appears.
Click the Go to Task icon for JDBC Resources under the Services task.
The JDBC Resources page appears.
Click Create in the Connection Pools section.
The Create Connection Pool - Application page appears.
Click Continue (leave the default selections).
The Create Connection Pool page appears.
Specify the following values:
Name: The name of the connection pool, for example, OracleWSRPPool
.
Connection Factory Class: Leave the default value.
JDBC URL: The JDBC URL for the Oracle database that contains the schema for the application. For example:
jdbc:oracle:thin:@//custdbhost.mycompany.com:1521/service name
Username: The username for the database that contains the schema for this application.
Use Cleartext Password/Password: N/A
Use Indirect Password/Indirect Password: Select this radio button and provide the indirect password for the database that contains the schema for this application.
Click Finish.
The JDBC Resources page appears.
Click the Test Connection icon for the newly created connection.
Click Create in the Data Sources section.
The Create Data Source - Application & Type page appears.
Click Continue (leave the defaults).
The Create Data Source - Managed Data Source page appears.
Specify the following values:
Name: The name of the data source, for example, PDK_PREF_DS
.
JNDI Location: jdbc/portletPrefs
Transaction Level: Leave the default.
Connection Pool: OraclePDKPool
(created in prior step)
Login Timeout: Leave the default.
Click Finish.
Update the OmniPortlet producer to use a database preference store:
Open the ORACLE_HOME
/j2ee/OC4J_WebCenter/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml
file.
Modify the the preferenceStore
tag to use the database preference store.
<preferenceStore class="oracle.portal.provider.v2.preference.DBPreferenceStore"> <name>omniPortletprefStore</name> <connection>jdbc/PooledConnection</connection> </preferenceStore>
Update the PDK-Java sample producers to use a database preference store.
Open the ORACLE_HOME
/j2ee/OC4J_WebCenter/applications/jpdk/jpdk/WEB-INF/providers/
provider name
/provider.xml
file.
Modify the the preferenceStore
tag to use the database preference store, substituting provider name with the application name.
<preferenceStore class="oracle.portal.provider.v2.preference.DBPreferenceStore"> <name>provider name</name> <connection>jdbc/PooledConnection</connection> </preferenceStore>
Update the WebClipping producers to use a database repository (by default, it uses MDS, a file-based storage location, as its repository).
Open the ORACLE_HOME
/j2ee/OC4J_WebCenter/applications/portalTools/webClipping/WEB-INF/providers/webClipping/provider.xml
file.
Update the repositoryInfo tag as shown, substituting current values for mysid, webclipping user, and password (these are the same values provided when creating the schema for the preference store in Chapter3) and, if necessary, the customer database host and port:
<repositoryInfo class="oracle.portal.wcs.provider.info.DatabaseInformation"> <useRAA>false</useRAA> <databaseHost>custdbhost.mycompany.com</databaseHost> <databasePort>1521</databasePort> <databaseSid>mysid</databaseSid> <databaseUsername>webclipping user</databaseUsername> <databasePassword>password</databasePassword> <useASO>false</useASO> </repositoryInfo>
Access the Application Server Control Console at http://hostname:port/em/ and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.Check the box in the Select column for the OC4J_WebCenter instance.
Click Restart.
When Java Object Cache is configured in a clustered environment, it requires a list of all cluster members' IP addresses and port numbers to share objects and coordinate across the cluster. This list must be specified in the discoverer
attribute of the javacache.xml
file. All caches cooperating in the same cache system must specify exactly the same set of IP addresses and port numbers, in the same order. To configure this, perform the following steps:
Modify the ORACLE_HOME
/portal/conf/javacache.xml
file and the ORACLE_HOME
/javacache/admin/javacache.xml
file to configure or add the isDistributed
and discoverer
elements as shown in Example 3-1.
Access the Application Server Control Console at http://hostname:port/em/ and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.
Check the box in the Select column for the OC4J_WebCenter instance.
Click Restart.
Check the box in the Select column for the OC4J_Apps instance.
Click Restart.
Check the box in the Select column for the home instance.
Click Restart.
Configure the HTTP proxy for OmniPortlet and OracleAS Web Clipping by performing the following steps (the Load Balancing Router must already be configured):
Open the provider.xml
file, located at:
OmniPortlet:
ORACLE_HOME
/j2ee/OC4J_WebCenter/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml
WebClipping:
ORACLE_HOME
/j2ee/OC4J_WebCenter/applications/portalTools/webClipping/WEB-INF/providers/webClipping/provider.xml
Update the proxyInfo
tag as shown:
<proxyInfo class="oracle.portal.provider.v2.ProxyInformation"> <httpProxyHost>proxy.mycompany.com</httpProxyHost> <httpProxyPort>80</httpProxyPort> <dontProxyFor>*.mycompany.com</dontProxyFor> <proxyUseAuth>true</proxyUseAuth> <proxyType>Basic</proxyType> <proxyRealm>realm1</proxyRealm> <proxyUseGlobal>false</proxyUseGlobal> <proxyUser>scott</proxyUser> <proxyPassword>!tiger</proxyPassword> </proxyInfo>
Access the Application Server Control Console at http://hostname:port/em/ and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.Check the box in the Select column for the OC4J_WebCenter instance.
Click Restart.
Verify that OmniPortlet and the OracleAS Web Clipping providers work properly through the Load Balancing Router, by accessing the test pages at these URLs:
http://mywebcenter.com/portalTools/omniPortlet/providers/omniPortlet
Note:
If the "No Portlets Available" message appears under the Portlet Information section in the OmniPortlet Provider test page, then OmniPortlet is not configured correctly. If OmniPortlet is configured correctly, then the OmniPortlet and Simple Parameter Form portlets are available on the test page.http://mywebcenter.com/portalTools/webClipping/providers/webClipping
In this release, there are some limitations to Oracle Content DB functionality:
Oracle Content DB does not provide single sign-on support. In Oracle Content DB server failover situations, users will have to log in to the servers again.
Any in-flight transactions (such as uploading a file) or transactions that require multiple steps (such as creation of a group) will be lost in the event of server failure, and will have to be restarted.
Users will need to re-launch the user interface in the event of server failure (the session established on the failed server is no longer valid).
Oracle Content DB agents can only be run on one computer. If the computer operating the agent fails, the system administrator must manually start the agents on the other computer. These agents perform housekeeping tasks for the Oracle Content DB server. Their failure does not cause Oracle Content DB server failure, but over time, with out the agents operating, the server's performance and scalability will be degraded.
Before you install the Oracle Content DB instances, review the "Requirements for Oracle Content Database" section in the installation guide for the platform you are using.
The procedures for the Oracle Content DB instances on CTHOST1 and CTHOST2 differ slightly; this section contains a separate procedure for each. The directions for CTHOST2 apply to any additional instances installed.
Note:
Before you begin installing the Oracle Content DB instances, a Real Application Clusters (RAC) database must be installed and configured on CUSTDBHOST1 and CUSTDBHOST2, and the database character set must be ALT32UTF8. If it is not, an error occurs and installation cannot proceed.Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Start the Oracle Universal Installer using one of these commands:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The WebCenter Suite 10.1.3.2.0 Installation screen appears.
Specify an installation directory for the instance, or leave the default.
Select Advanced Installation and click Next.
A confirmation dialog appears.
Click Yes.
A progress dialog appears, then the Select Installation Type screen appears.
Select Oracle Content Database and click Next.
The Specify Port Configuration Options screen appears.
Select Manual, provide a path to the staticports.ini
file, and click Next.
The Administration Settings screen appears.
Specify an instance name for the application server instance.
Specify and confirm the administrator password for the application server instance.
Click Next.
The Specify Database Information screen appears.
Provide the SYS password, the hostname and port (in RAC database format CUSTDBHOST1:1521^CUSTDBHOST2:1521), and the service name, and click Next.
The Specify Content Database Schema Password screen appears.
Establish and confirm the Oracle Content DB schema password and click Next.
The Specify User Repository Info screen appears.
Select Directory Based, select Oracle Internet Directory (or any LDAP service available), provide the connection information, and click Next.
The Cluster Topology screen appears.
Enter 225.0.0.1 for the IP Address and 8001 for the port and click Next.
The Summary screen appears.
Click Install.
The Preparing to Install dialog appears, then the Install screen appears.
The Configuration Assistants screen appears. When the configuration process completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Start the Oracle Universal Installer using one of these commands:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The WebCenter Suite 10.1.3.2.0 Installation screen appears.
Specify an installation directory for the instance, or leave the default.
Select Advanced Installation and click Next.
A confirmation dialog appears.
Click Yes.
A progress dialog appears, then the Select Installation Type screen appears.
Select Oracle Content Database and click Next.
The Specify Port Configuration Options screen appears.
Select Manual and click Next.
The Administration Settings screen appears.
Specify an instance name for the application server instance.
Specify and confirm the administrator password for the application server instance.
Click Next.
The Specify Database Information screen appears.
Provide the SYS password, the hostname and port (in RAC database format CUSTDBHOST1:1521^CUSTDBHOST2:1521), and the service name, and click Next.
The Specify Content Database Schema Password screen appears.
Provide the schema password and click Next.
The Specify User Repository Info screen appears.
Provide the user name and password for the selected LDAP service, and click Next.
The Cluster Topology page appears.
Enter 225.0.0.1 for the IP Address and 8001 for the port and click Next.
The Summary screen appears.
Click Install.
The Preparing to Install dialog appears, then the Install page appears.
The Configuration Assistants page appears. When the configuration process completes, the End of Installation page appears.
Click Exit, and then confirm your choice to exit.
Configure a virtual IP address on the Load Balancing Router that listens on port 80 and maps to Oracle HTTP Server on WEBHOST1 and WEBHOST2, with no stick session enabled.
Edit the file to disable the Oracle HTTP Server as shown:
<ias-component id="HTTP_Server" status="
disabled
">
Issue this command in ORACLE_HOME
/opmn/bin
:
opmnctl stopall
opmnctl startall
Oracle Content DB now receives requests from the Oracle HTTP Servers on WEBHOST1 and WEBHOST2.
Open the Oracle HTTP Server configuration file:
Apache 1.3:
ORACLE_HOME
/Apache/Apache/conf/httpd.conf
Apache 2.0:
ORACLE_HOME
/ohs/conf/httpd.conf
Perform the following steps:
Add the LoadModule certheaders_module
directive for the appropriate platform.
UNIX Apache 1.3:
LoadModule certheaders_module libexec/mod_certheaders.so
UNIX Apache 2.0; use this directive if you plan to use Apache 2.0 on UNIX:
LoadModule certheaders_module modules/mod_certheaders.so
Windows:
LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
Add the lines shown to create a NameVirtualHost
directive and a VirtualHost
container for mywebcenter.mycompany.com and port 80.
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName mywebcenter.mycompany.com Port 443 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit SimulateHTTPS On </VirtualHost> <VirtualHost *:7777> ServerName mywebcenter-producers.mycompany.com Port 7777 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit </VirtualHost>
Notes:
TheLoadModule
directives (in particular, the LoadModule rewrite_module
directive) must appear in the httpd.conf
file at a location preceding the VirtualHost
directives. The server must load all modules before it can execute the directives in the VirtualHost
container.
It is a good idea to create the VirtualHost
directives at the end of the httpd.conf
file.
The LoadModule rewrite_module
directive must appear before the LoadModule certheaders_module
directive.
Add the lines shown to create a NameVirtualHost
directive and a VirtualHost
container for ctdb.mycompany.com and port 80.
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName ctdb.mycompany.com Port 443 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit SimulateHTTPS On </VirtualHost>
Add the lines shown to create a NameVirtualHost
directive and a VirtualHost
container for portlets.mycompany.com and port 80.
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName portlets.mycompany.com Port 443 ServerAdmin you@your.address RewriteEngine On RewriteOptions inherit SimulateHTTPS On </VirtualHost>
Save the httpd.conf
file.
Restart the Oracle HTTP Server using these commands in ORACLE_HOME
/opmn/bin
:
opmnctl stopall
opmnctl startall
Verify that you can access this URL:
https://mywebcenter.mycompany.com/content/
Note:
When producers are registered, the address is:http://mywebcenter-producers.com:7777/...
Access the Oracle Enterprise Manager 10g Application Server Control Console at:
https://mywebcenter.com/em
Select the instance.
Select OC4J_Content.
On the Applications tab, select the content link.
Select Content DB Extension.
On the Administration tab, select Go to Task next to Domain Properties.
Update the IFS.DOMAIN.APPLICATION.ApplicationHost
to the Load Balancing Router Virtual IP host name.
Update the IFS.DOMAIN.APPLICATION.ApplicationPort
to the Load Balancing Router Virtual IP port.
Update the IFS.DOMAIN.APPLICATION.ApplicationUseHttps
to true
.
Issue these commands in ORACLE_HOME
/opmn/bin
:
opmnctl stopall
opmnctl startall
Access this URL:
http://mywebcenter.com/content
Log in as the administrator (orcladmin
user, Oracle Internet Directory administrator password).
Access the Application Server Control Console at http://
APPHOST
:
port
/em/
and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.
Select the Oracle Content DB instance.
Select the OC4J_Content instance.
Click Applications.
Click Content.
Click Go to Task next to Domain Properties.
Update the IFS.DOMAIN.APPLICATION.ApplicationHost
to the Load Balancing Router virtual IP name and IFS.DOMAIN.APPLICATION.ApplicationPort
to the Load Balancing Router virtual IP port.
Issue this command in CONTENT_DB_ORACLE_HOME
/opmn/bin
on CTHOST1 and CTHOST2:
opmnctl reload
Application Server Control Console stores certain local state information that does not get replicated to another active Application Server Control Console. This includes things such as JMX Notification Subscriptions and Received Notifications. If you use JMX notifications, you may wish to disable the second Application Server Control Console so that Oracle HTTP Server does not route requests to it. This will ensure that notifications subscriptions are not changed or deleted on the instance receiving requests (causing the two instances to be out of synchronization). You can disable routing to one of the Application Server Control Consoles by setting the ohs-routing
tag in the default-web-site.xml
file for the second Application Server Control Console to false
as shown:
<web-app application="ascontrol" load-on-startup="true" name="ascontrol" ohs-routing="false" root="/em"/>
You can set ohs-routing
to true
if you need to use the secondary Application Server Control Console for failover. You will need to use some backup and recovery procedure in order to restore the state of notification subscriptions and received notifications from the primary Application Server Control Console to the secondary.If you have two Application Server Control Consoles active, be aware of the following:
If you change the administrator password on the managed OC4J instances, you will have to make the same change to the stored administrator password on all Application Server Control Console instances. When Oracle HTTP Server directs requests to an Application Server Control Console that does not have the correct password, attempts to connect to the managed instance will fail and Application Server Control Console will prompt for the new administrator password.
On login, Application Server Control Console displays a warning on the Cluster Topology page that there are multiple instances running.
Use the netstat
command to identify occupied ports:
netstat -an
The AJP port range is 12501-12600. Note the port numbers in this range that do not appear in the output of the netstat
command; these are the ports you can assign to OC4J instances.
After you have installed all of the components on the Application Tier, you will be able to identify the port numbers that need to be opened on the firewall. This depends on the number of application server instances and types of components installed. In general, the process of configuring the firewall involves these steps:
For each installed instance, determine the component types and their designated port ranges (for example, the home instance and any instances you create) by examining the ORACLE_HOME/opmn/conf/opmn.xml/opmn.xml
file. Example 3-2 shows components and default ports in the opmn.xml
file. In the example, the OC4J Admin
instance is listening on port 12501. Another instance, Apps
, occupies port 12502.
Determine the ports in use with the netstat
command:
netstat -an
Configure the firewall to open only the ports in use.
Example 3-2 Oracle Application Server components and port ranges in opmn.xml
<opmn xmlns="http://www.oracle.com/ias-instance"> <log path="$ORACLE_HOME\opmn\logs\opmn.log" comp="internal;ons;pm" rotation-size="1500000" /> <debug path="$ORACLE_HOME\opmn\logs\opmn.dbg" comp="internal" rotation-size="1500000" /> <notification-server> <port local="6100" remote="6200" request="6003" /> <ssl enabled="true" wallet-file="$ORACLE_HOME\opmn\conf\ssl.wlt\default" /> <topology> <discover list="*225.0.0.20:8001" /> </topology> </notification-server> ... <ias-component id="OC4J"> <process-type id="Admin" module-id="OC4J" status="enabled"> ... <port id="default-web-site" range="*12501*" protocol="ajp"/> ... </process-type> <process-type id="OC4J_WP" module-id="OC4J" status="enabled"> ... <port id="default-web-site" range="*12502*" protocol="ajp"/> </process-type> </ias-component> ...
Note that the AJP ports used by applications fall within the range 12501-12600. Ensure that all of the AJP ports used by OC4J applications are open on the firewall between the Web server and the application. If a port is not open, the following error occurs when access to the application from the Web tier is attempted (that is, when the URL web host
:
port
/
application
is requested):
mod_oc4j: request to OC4J apphost1.us.oracle.com:12501 failed: Connect failed (errno=110)
This error creates an entry in a log file in the ohs/logs
directory.
Because there is a firewall between the instances clustered on the Web tier and the instances clustered on the Application tier, you must configure a cross-topology gateway to enable communication between the clusters. In the gateway configuration, one server on each side of the firewall is an entry point into the cluster. These instructions designate APPHOST1 and WEBHOST1 as the gateway servers, but any server may be designated the gateway server. The remote port is used for communication with the gateway server; it is designated in the <gateway>
subelement in opmn.xml
as shown in bold.
Follow these steps to specify gateway servers on the Application Tier and the Web Tier:
Open the APPHOST1_ORACLE_HOME
/opmn/conf/opmn.xml
file.
Create the <gateway>
subelement as shown in the example:
<notification-server>
<port local="6101" remote="6201" request="6004"/>
<ssl enabled="true" wallet-file="$ORACLE_HOME\opmn\conf\ssl.wlt\default"/>
<topology>
<discover list="*225.0.0.20:8001"/>
<gateway list="apphost1.mycompany.com:6200&apphost2.mycompany.com:6200&webhost1.mycompany.com:6200&webhost2.mycompany.com:6200/"/>
</topology>
</notification-server>
...
Note:
6201 is the OPMN remote port onAPPHOST1, and 6202 is the OPMN remote port on WEBHOST1. You must view theopmn.xml
file on each server to determine the port values needed for the configuration.Issue this command in APPHOST1_ORACLE_HOME
/opmn/bin
:
opmnctl reload
Copy the <gateway>
subelement to:
The WEBHOST1_ORACLE_HOME
/opmn/conf/opmn.xml
file
The WEBHOST2_ORACLE_HOME
/opmn/conf/opmn.xml
file
The APPHOST1_ORACLE_HOME
/opmn/conf/opmn.xml
file
Issue the opmnctl reload
command in:
WEBHOST1_ORACLE_HOME
/opmn/bin
WEBHOST2_ORACLE_HOME
/opmn/bin
APPHOST1_ORACLE_HOME
/opmn/bin
Note:
For more information, see "Configuring Cross-Topology Gateways" in the Oracle Containers for J2EE Configuration and Administration Guide.Access the Application Server Control Console at http://
hostname
:
port
/em/
and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.
Click the application server instance link.
The Application Server page appears.
Click Create OC4J Instance.
The Create OC4J Instance page appears.
Name the instance OC4J_Apps
and leave the default group selection.
Check the Start this OC4J instance after creation checkbox.
Click Create.
The Processing: Create OC4J Instance page appears with a progress message, then the Application Server page appears with the newly created instance.
Click the link for the OC4J_Apps instance.
The OC4J:OC4J_Apps page appears.
Click Administration.
The Administration page appears.
Click the icon for the Identity Management task (in the Security section).
The Identity Management page appears.
Click Configure.
The Configure Identity Management: Connect Information page appears.
Specify the Load Balancing Router (oid.mycompany.com) for the Oracle Internet Directory host, cn=orcladmin for the Oracle Internet Directory User DN, and 389 for the non-SSL Oracle Internet Directory port.
Click Next.
The Configure Identity Management: Application Server Control page appears.
Click the Use Oracle Identity Management Security Provider checkbox.
Click Next.
The Configure Identity Management: Deployed Applications page appears.
Click Configure.
The Identity Management page appears with a confirmation message that the OC4J_Apps instance was successfully associated with Oracle Internet Directory, and a prompt to restart OC4J_Apps.
Click Restart.
A warning message appears.
Click Yes.
A status message appears, then the Cluster Topology page reappears with a message that the instance was restarted.
Note:
If the application uses JAAS permissions (for example, if it uses ADF Security authorization) then the permissions need to be migrated to Oracle Internet Directory. See the Oracle WebCenter Framework Developer's Guide, "Using the OracleAS JAAS Provider Migration Tool".Predeploy the application by issuing this command (shown on multiple lines for readability):
ORACLE_HOME/jdk/bin/java -jar ORACLE_HOME/adfp/lib/portlet-client-deploy.jar -predeploy -source myWebCenterArchive.ear -target target.ear -configuration config.xml -profile Template
Substitute Oracle home values where indicated with italics, and substitute the EAR file name for myWebCenterArchive.ear and target.ear.
Deploy the application by following these steps:
Click the link for the OC4J_Apps instance.
The OC4J: OC4J_Apps page appears.
Click Applications.
The Applications page appears.
Click Deploy.
The Deploy: Select Archive page appears.
Provide the location of the EAR file you predeployed and click Next.
The Deploy: Application Attributes page appears.
Provide the application name and click Next.
The Deploy: Deployment Settings page appears.
Click the icon for the Select Security Provider task.
The Deployment Settings: Select Security Provider page appears.
Select Oracle Identity Management from the Security Provider drop-down list.
Click OK.
The Deploy: Deployment settings page appears with an information message that the deployment plan was updated successfully.
Click Cancel.
The OC4J: OC4J_Apps page appears.
Migrate security information:
Create an LDIF file by issuing this command (shown on multiple lines for readability):
java oracle.security.jazn.tools.JAZNMigrationTool -D binddn -w password -h host name -p 389 -sr jazn.com -st xml -dt ldap -sf ORACLE_HOME/j2ee/OC4J_Apps/applications/webCenterArchive1/adf/META-INF/app-jazn-data.xml -df ORACLE_HOME/temp/migrate.ldif -m all
Substitute password, host name, and Oracle home values where indicated with italics.
Import the LDIF file into Oracle Internet Directory by issuing this command (shown on multiple lines for readability):
ldapmodify -h host name -p 389 -D jazn.com -w password -f ORACLE_HOME/temp/migrate.ldif -v -c -o ORACLE_HOME/temp errors_ldiffile
Substitute host name, password, host name, and Oracle home values where indicated with italics.
Configure role mapping manually in the deployed ORACLE_HOME/j2ee/OC4J_Apps/application-deployments/application name/orion-application.xml file:
Set jaas-mode
to doASPrivileged
as follows:
<jazn provider="LDAP" jaas-mode="doAsPrivileged"/>
Set security-role-mapping to users
as follows:
<security-role-mapping name="users">
<group name="users" />
</security-role-mapping>
Access the Application Server Control Console at http://hostname:port/em/ and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.Check the box in the Select column for the OC4J_Apps instance.
Click Restart.
Access the Application Server Control Console at http://
hostname
:
port
/em/
and log in with the oc4jadmin password set during installation.
The Cluster Topology page appears.
Select the OC4J_Apps instance.
The OC4J:OC4J_Apps page appears.
Click Applications.
Click the default application.
The Application: default page appears.
Click Administration.
Click the icon for Clustering Properties in the Properties section.
The Clustering Properties page appears showing that the parent application is not clustered.
Click the radio button for Override parent application clustering settings and select Enable from the drop-down list.
The Replication Properties selections appear with Peer-Peer Replication selected as the default.
Leave the default and click OK.
The Application: default page appears with a confirmation message that the changes were applied.
Return to the Cluster Topology page and select the OC4J_WebCenter instance.
The OC4J:OC4J_WebCenter page appears.
Click Applications.
Click the default application.
The Application: default page appears.
Click Administration.
Click the icon for Clustering Properties in the Properties section.
The Clustering Properties page appears showing that the parent application is not clustered.
Click the radio button for Override parent application clustering settings and select Enable from the drop-down list.
The Replication Properties selections appear with Peer-Peer Replication selected as the default.
Leave the default and click OK.
The Application: default page appears with a confirmation message that the changes were applied.
Add an empty <distributable/>
tag to:
ORACLE_HOME
/j2ee/OC4J_Apps/applications/
application name
/
web module name
/WEB-INF/web.xml
ORACLE_HOME
/j2ee/OC4J_WebCenter/applications/
application name
/
web module name
/WEB-INF/web.xml
The tag must be added for all Web modules that are part of a clustered application.
Return to the Cluster Topology page and restart the OC4J_Apps and OC4J_WebCenter instances.
Add the RAC database hostname and remote port identifiers:
<notification-server>
<port local="6100" remote="6200" request="6003"/>
<ssl enabled="false" wallet-file="$ORACLE_HOME\opmn\conf\ssl.wlt\default"/>
<topology>
<nodeslist="apphost1:6200,apphost2:6200,webhost1:6200,webhost2:6200,infradbhost1:6200,infradbhost2:6200"/>
</topology>
</notification-server>
Save and close the file.
Open the ORACLE_HOME
/j2ee/OC4J_WebCenter/config/data-sources.xml
file.
Add the RAC node information:
<?xml version = '1.0' encoding = 'UTF-8'?> <data-sources xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/data-sources-10_1.xsd" schema-major-version="10" schema-minor-version="1"> <managed-data-source connection-pool-name="Example Connection Pool" jndi-name="jdbc/OracleDS" name="OracleDS"/> <managed-data-source connection-pool-name="OracleWSRPPool" jndi-name="jdbc/portletPrefs" name="WSRP_PREF_DS"/> <connection-pool name="Example Connection Pool"> <connection-factory factory-class="oracle.jdbc.pool.OracleDataSource" user="scott" password="tiger" url="jdbc:oracle:thin:@//localhost:1521/ORCL"/> </connection-pool> <connection-pool name="OracleWSRPPool"> <connection-factory factory-class="oracle.jdbc.pool.OracleDataSource" user="pref1" password="pref1" url="jdbc:oracle:thin:@//(DESCRIPTION =(ADDRESS = (PROTOCOL = TCP)(HOST = infradbhost1)(PORT = 1521))(ADDRESS = PROTOCOL = TCP)(HOST = infradbhost2)(PORT = 1521))(LOAD_BALANCE=yes)(CONNECT_DATA=(SERVER = DEDICATED)(SERVICE_NAME = stork)))"/> </connection-pool> </data-sources>
Save and close the file.
Issue this command in ORACLE_HOME
/opmn/bin
:
opmnctl reload
After the installation and configuration is complete, configure the network communication as described in this section. Table 3-1 lists the ports open on each firewall.Configure the Load Balancing Router to:
Receive requests on http://webcenter.mycompany.com, port 443
Receive requests on http://ctdb.mycompany.com, port 443
Receive requests on http://portlets.mycompany.com, port 443
Receive requests on http://portlets.mycompany.com, port 7777
Receive requests on http://sso.mycompany.com, port 443
Balance requests with SSL acceleration to WEBHOST1, WEBHOST2 on port 7777
Configure the firewall for communication into DMZ1:
http://WEBHOST1:7777
http://WEBHOST2:7777
ONS remote port 6200 on WEBHOST1 and WEBHOST2
Configure the firewall for communication into and out of DMZ2:
http://APPHOST1 (J2EE with WebCenter components) AJP ports 12501-12510
http://APPHOST2 (J2EE with WebCenter components) AJP ports 12501-12510
ONS remote port 6200 on APPHOST1 and APPHOST2
NIP/NAP ports for Oracle COREid Access and Identity (default values are 6021 and 6022) for communication from WEBHOST1 and WEBHOST2 to IDMHOST1 and IDMHOST2.
Configure the firewall for communication into DMZ3:
INFRADBHOST1 INFRADBHOST2 database with listener on port 1521
Table 3-1 Open ports between firewall zones
Firewall Zones | Ports | Purpose |
---|---|---|
DMZ1 to DMZ2 |
12510-12510 |
WEBHOST1 and WEBHOST2, to access APPHOST1 and APPHOST2 AJP ports |
DMZ1 to DMZ2 |
6200, 6201 |
OPMN cluster gateway |
DMZ2 to DMZ1 |
7777 |
Communication to Oracle Content DB |
DMZ1 to DMZ2 |
6021, 6022 |
WEBHOST1 and WEBHOST2 to IDMHOST1 and IDMHOST2 |
DMZ2 to DMZ1 |
6021, 6022 |
IDMHOST1 and IDMHOST2 to WEBHOST1 and WEBHOST2 |
DMZ2 to DMZ3 |
1521 |
Database access |
DMZ2 to DMZ3 |
389, 636 |
Oracle Internet Directory server access |
In order to ensure consistent availability of all services, ensure that the connection time out values for all Oracle Application Server components are set to a lower time out value than that on the firewall and Load Balancing Router. If the firewall or Load Balancing Router drops a connection without sending a TCP close notification message, then Oracle Application Server components will continue to try to use the connection when it is no longer available.
The tasks you have to perform depend on the authentication method you will use for myWebCenter. If you want user login sessions to persist after a failover event, you will need to use single sign-on.
myWebCenter with JSSO and Oracle Internet Directory
Perform these steps:
"Steps to Use the Oracle Identity Management Security Provider" and "Settings for Authentication Method with Oracle Identity Management" in the Oracle Containers for J2EE Security Guide, Chapter 8.
myWebCenter with Oracle Application Server Single Sign-On
Perform these steps:
"Steps to Use the Oracle Identity Management Security Provider" and "Settings for Authentication Method with Oracle Identity Management" in the Oracle Containers for J2EE Security Guide, Chapter 8.
You will need to follow these steps on both Oracle Application Server instances (APPHOST1 and APPHOST2), to configure Java SSO for the ascontrol
(for Application Server Control Console) application in the home instances:
Access the Oracle Enterprise Manager 10g Application Server Control Console and perform these steps:
Click the link for the home instance.
The OC4J:home page appears.
Click Applications.
The applications are listed.
Click Expand All.
Select the javasso
application and click Start.
This warning message appears:
Java SSO is not properly configured. This is often caused when you are running multiple Java SSO applications in the cluster that use different shared symmetric keys. Please configure all Java SSO applications in the cluster to use the same shared symmetric key. You can do this from Java SSO Configuration page.
Click Configure Java SSO.
A confirmation message appears that the SSO configuration was completed and will take effect after the instances are restarted.
Click Restart.
A confirmation message appears.
Click Yes.
The instance is restarted. When configuring the home instance, the system terminates your login session and you must log back in to continue the setup.
Scroll to the Administration section and click Java SSO Configuration.
The Java SSO Configuration page appears.
Click Participating Applications.
The applications are listed.
Click the check box for the applications to be Java SSO enabled.
Click Apply.
There are several migration utilities available that can help you deploy WebCenter applications:
Oracle WebCenter Framework Developer's Guide, "Using Lifecycle Tools to Predeploy an Existing .ear File
Oracle WebCenter Framework Developer's Guide, "Using the OracleAS JAAS Provider Migration Tool"
Oracle WebCenter Framework Developer's Guide, "Usage Notes for the OracleAS JAAS Provider Migration Tool"
Oracle WebCenter Framework Developer's Guide, "OracleAS JAAS Provider Migration Tool Command Syntax and Options"
Oracle WebCenter Framework Developer's Guide, "Using the PDK-Java Preference Store Migration and Upgrade Utility"