This chapter describes how to create the WebLogic Server domain for Identity Management.
This chapter includes the following topics:
Section 3.2, "Configuring the WebLogic Server Domain on IDMHOST1"
Section 3.3, "Creating boot.properties for the Administration Server"
Section 3.4, "Enabling Administration Server High Availability"
Section 3.5, "Backing Up the WebLogic Server Domain Configuration"
Ensure that the shared storage volumes for the Middleware Homes are mounted on IDMHOST1 and IDMHOST2 as described in Section 2.4, "Shared Storage and Recommended Directory Structure." The Oracle WebLogic Server binaries will be installed in the shared location.
On IDMHOST1 and IDMHOST2, start the Oracle WebLogic Server installation by running the installer executable file.
Start the Oracle WebLogic Server installer as follows:
On Linux, issue this command:
./wls1032_linux32.bin
Then follow these steps in the installer to install Oracle WebLogic Server on the computer:
On the Welcome screen, click Next.
On the Choose Middleware Home Directory screen, choose a directory on your computer into which the Oracle WebLogic software is to be installed.
For the Middleware Home Directory, specify this value:
/u01/app/oracle/product/fmw
Click Next.
On the Register for Security Updates screen, enter your "My Oracle Support" UserName and Password.
On the Choose Install Type screen, the installation program displays a window in which you are prompted to indicate whether you wish to perform a complete or a custom installation.
Choose Typical.
Click Next.
On the Choose Product Installation Directories screen, specify the following value:
WebLogic Server:
/u01/app/oracle/product/fmw/wlserver_10.3
Click Next.
On the Installation Summary screen, the window contains a list of the components you selected for installation, along with the approximate amount of disk space to be used by the selected components once installation is complete.
Click Next.
On the Installation Complete screen deselect the Run Quickstart check box and then click Done.
Follow these steps to configure the WebLogic Server domain on IDMHOST1:
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Ensure that port numbers 7001 and 5556 are not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7001" netstat -an | grep "5556"
If the ports are in use (if the command returns output identifying the port), you must free them.
On UNIX:
Remove the entries for ports 7001 and 5556 in the /etc/services file if the port is in use by a service and restart the services, or restart the computer.
Copy the staticports.ini file from the Disk1/stage/Response directory to a temporary directory.
Edit the staticports.ini file that you copied to the temporary directory to assign the following custom port:
Domain Port No: 7001
Node Manager Port No: 5556
Start the Oracle Identity Management 11g Installer as follows:
On UNIX, issue this command: runInstaller
The runInstaller file is in the ../install/platform directory where platform is a platform such as Linux or Solaris.
This displays the Specify Oracle Inventory screen.
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
"Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option"
Login as root and run the "/u01/app/oraInventory/createCentralInventory.sh"
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, make sure to check and see:If the /etc/oraInst.loc file exists
If the file exists, the Inventory directory listed is valid
The user performing the installation has write permissions for the Inventory directory
On the Welcome screen, click Next.
On the Select Installation Type screen, select the Install & Configure Option, and then click Next.
On the Prerequisite Checks screen, the installer completes the prerequisite check. If any fail, please fix them and restart your installation.
On the Select Domain screen, select Create New Domain.
Then enter these values for these fields:
User Name: weblogic
User Password: <Enter the user password>
Confirm Password: <Confirm the user password>
Domain Name: IDMDomain
On the Specify Installation Locations screen, specify the following values:
Oracle Middleware Home Location:
/u01/app/oracle/product/fmw
Oracle Home Directory: idm
WebLogic Server Directory:
/u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location:
/u01/app/oracle/admin/admin_inst
Oracle Instance Name: admin_inst
On the Specify Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the check box next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, de-select everything except Enterprise Manager (this is selected by default)
On the Configure Ports screen, select Specify Ports using Configuration file - Path to staticports.ini file and enter the full path name to the staticports.ini file that you edited in the temporary directory.
On the Installation Summary screen, review the choices you made. If you need to make any changes click Back. If you made the correct selections, click Install.
On the Installation Progress screen, view the progress of the installation.
Once the installation is done, the oracleRoot.sh confirmation dialog box displays. This dialog box advises you that a configuration script needs to be run as root before installation can proceed.
Leaving this dialog box open, open another shell window, log in as root, and run the oracleRoot.sh file specified in the dialog box.
On the Configuration Progress screen, view the progress of the configuration.
On the Installation Complete screen, click Finish.
Validate that the domain was created and installed correctly by opening a web browser and accessing the following pages:
WebLogic Server Administration Console at:
http://idmhost1.mycompany.com:7001/console
Oracle Enterprise Manager Fusion Middleware Control at:
http://idmhost1.mycompany.com:7001/em
Log into these consoles using the weblogic user credentials.
This section describes how to create a boot.properties file for the Administration Server on IDMHOST1. The boot.properties file enables the Administration Server to start without prompting for the administrator username and password.
Follow these steps to create the boot.properties file:
On IDMHOST1, go the MW_HOME/user_projects/domains/domainName/servers/AdminServer/security directory. For example:
cd /u01/app/oracle/product/fmw/user_projects/domains/IDMDomain/servers/AdminServer/security/
Use a text editor to create a file called boot.properties under the security directory. Enter the following lines in the file:
username=adminUser password=adminUserPassword
Note:
When you start the Administration Server, the username and password entries in the file get encrypted.For security reasons, minimize the time the entries in the file are left unencrypted. After you edit the file, you should start the server as soon as possible so that the entries get encrypted.
Stop the Administration Server if it is running.
See the "Starting and Stopping Oracle Fusion Middleware" chapter of the Oracle Fusion Middleware Administrator's Guide for information on starting and stopping WebLogic Servers.
Start the Administration Server on IDMHOST1 using the startWebLogic.sh script located under the MW_HOME/user_projects/domains/domainName/bin directory.
Validate that the changes made were successful by opening a web browser and accessing the following pages:
WebLogic Server Administration Console at:
http://idmhost1.mycompany.com:7001/console
Oracle Enterprise Manager Fusion Middleware Control at:
http://idmhost1.mycompany.com:7001/em
Log into these consoles using the weblogic user credentials.
The Oracle Weblogic Administration Server is a singleton application, so it cannot be deployed in an active-active configuration. By default, the Administration Server is only available on the first installed node, and for this enterprise topology, it is available only on idmhost1.mycompany.com. If this node becomes unavailable, then the Administration Server console and the Oracle Enterprise Manager Fusion Middleware Control also becomes unavailable. This is an undesirable scenario. To avoid this scenario, the Administration Server and the applications deployed to it must be enabled for high availability. The enterprise deployment architecture in this guide calls for the deploying the Administration Server on a disk shared between IDMHOST1 and IDMHOST2.
The process described in this guide initially deploys the Administration Server on a local disk and then manually migrates the Administration Server domain configuration to the shared disk mounted on IDMHOST1. This process is necessary to overcome certain design constraints in the Oracle Universal Installer.
The Oracle WebLogic Administration Server must be configured to listen on a virtual IP address to enable it to seamlessly failover from one host to another. In case of a failure, the Administration Server, along with the virtual IP address, can be migrated from one host to another.
However, before the Administration Server can be configured to listen on a virtual IP address, one of the network interface cards on the host running the Administration Server must be configured to listen on this virtual IP address. The steps to enable a virtual IP address are completely dependent on the operating system.
Follow the steps in this section to enable a virtual IP address on IDMHOST1. In a UNIX environment, the commands must be run as the root user:
On IDMHOST1, run the ifconfig command to get the value of the netmask. In a UNIX environment, run this command as the root user. For example:
[root@idmhost1 ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:11:43:D7:5B:06
inet addr:139.185.140.51 Bcast:139.185.140.255 Mask:255.255.255.0
inet6 addr: fe80::211:43ff:fed7:5b06/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10626133 errors:0 dropped:0 overruns:0 frame:0
TX packets:10951629 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4036851474 (3.7 GiB) TX bytes:2770209798 (2.5 GiB)
Base address:0xecc0 Memory:dfae0000-dfb00000
On IDMHOST1, bind the virtual IP address to the network interface card using ifconfig. The syntax and usage for the ifconfig command is shown below. In a UNIX environment, run this command as the root user. Use a netmask value that was obtained in Step 1.
/sbin/ifconfig networkCardInterface VirtualIPAddress netmask netMask
For example:
/sbin/ifconfig eth0:1 139.185.140.200 netmask 255.255.255.0
Update the routing tables using arping. In a UNIX environment, run this command as the root user.
/sbin/arping -q -U -c 3 -I networkCardInterface VirtualIpAddress
For example:
/sbin/arping -q -U -c 3 -I eth0 139.185.140.200
Create a new machine and assign the Administration Server to the new machine using the WebLogic Administration Console:
Log into the Administration Server Console.
In the Change Center, click Lock and Edit to enable configuration changes.
In the Environment section of the Home page, click Machines.
On the Summary of Machines page, select the Machine that is associated with the Administration Server from under the Machines table and click Clone. For example: idmhost1.mycompany.com
On the Clone a Machine page, enter the Name for the Machine under the Machine Identity section and click OK. For example, enter IDMHOST-VIP as the machine name.
On the Summary of Machines page, click the newly created machine link.
On the Settings page for the IDMHOST-VIP machine, select the Servers tab.
Click the Add button under the Servers table.
On the Add a Server to Machine page, choose the Select an existing server, and associate it with this machine option.
Choose the Administration Server from the drop down menu.
Click Finish to associate the Administration Server with the Machine.
Click Activate All Changes under the Change Center to apply all the changes.
To enable the Administration Server to listen on the virtual IP address, follow these steps:
Log into the Administration Server Console.
In the Change Center, click Lock and Edit to enable configuration changes.
In the Environment section of the Home page, click Servers.
On the Summary of Servers page, click the AdminServer (admin) link.
Update the Listen Address for the Administration Server with the virtual IP enabled. Specify idmhost-vip.mycompany.com for the Listen Address.
Save these changes, and then activate the changes.
Stop and then restart the Administration Server.
See the "Starting and Stopping Oracle Fusion Middleware" chapter of the Oracle Fusion Middleware Administrator's Guide for information on starting and stopping WebLogic Servers.
This section provides the steps to enable High Availability for the WebLogic Administration Server and Oracle Enterprise Manager Fusion Middleware Control. Proceed as follows:
Ensure that the shared storage volume for the admin server is mounted on IDMHOST1 as described in Section 2.4, "Shared Storage and Recommended Directory Structure."
Stop the Administration Server running on IDMHOST1.
Stop the Node Manager running on IDMHOST1.
Pack the Admin Server domain using the pack command located under the ORACLE_HOME/common/bin directory. Make sure to pass managed-false to pack the entire domain. Type:
ORACLE_HOME/common/bin/pack.sh -managed=false \ -domain=path_to_installer_created_domain -template=templateName.jar \ -template_name=templateName
For example:
ORACLE_HOME/common/bin/pack.sh -managed=false \
-domain=/u01/app/oracle/product/fmw/user_projects/domains/IDMDomain \
-template=/u01/app/oracle/product/fmw/templates/adminServer.jar \
-template_name=AdminServer_Template
Unpack the Administration Server to the admin server volume on the shared storage using the unpack command located under the ORACLE_HOME/common/bin directory.
ORACLE_HOME/common/bin/unpack.sh -domain=path_to_domain_on_AdminVolume \ -template=templateName.jar -app_dir=path_to_applications_dir_on_AdminVolume
For example:
ORACLE_HOME/common/bin/unpack.sh \
-domain=/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain \
-template=/u01/app/oracle/product/fmw/templates/adminServer.jar \
-app_dir=/u01/app/oracle/admin/IDMDomain/aserver/applications
Start the Node Manager on IDMHOST1 using the startNodeManager.sh script. For example:
/u01/app/oracle/product/fmw/wlserver_10.3/server/bin/startNodeManager.sh > \ /tmp/nm.log &
Start the Administration server from the shared disk on IDMHOST1 using the startWebLogic.sh script. For example:
/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain/bin/startWebLogic.sh \ > /tmp/adminServer.out 2>1 &
After the Administration Server starts up, validate that you can access the WebLogic Server Administration Console and the Oracle Enterprise Manager Fusion Middleware Control using the virtual IP. For example:
To access the WebLogic Administration Server Console using the virtual IP address, open a web browser and enter this URL:
http://idmhost-vip.mycompany.com:7777/console
To access the Oracle Enterprise Manager Fusion Middleware Control using the virtual IP address, open a web browser and enter this URL:
http://idmhost-vip.mycompany.com:7777/em
Log into each by specifying the credentials for the weblogic user.
It is an Oracle best practices recommendation to create a backup file after successfully completing the installation and configuration of each tier or a logical point. Create a backup of the installation after verifying that the install so far is successful. This is a quick backup for the express purpose of immediate restore in case of problems in later steps. The backup destination is the local disk. This backup can be discarded once the enterprise deployment setup is complete. After the enterprise deployment setup is complete, the regular deployment-specific Backup and Recovery process can be initiated. More details are described in the Oracle Fusion Middleware Administrator's Guide.
To back up the installation to this point, back up the Administration Server domain directory. All the configuration files exist under the /u01/app/oracle/admin/IDMDomain/aserver directory. To create a backup to save your domain configuration, use the tar command as shown below:
IDMHOST1> tar cvf edgdomainback.tar /u01/app/oracle/admin/IDMDomain/aserver
For more information about backing up the Oracle WebLogic Server domain configuration, see Section 9.4, "Performing Backups and Recoveries."