| Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 1 (11.1.4) Part Number E21032-11 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 1 (11.1.4) Part Number E21032-11 |
|
|
PDF · Mobi · ePub |
This chapter describes how to configure the Oracle Web Tier for an Oracle Identity Management enterprise deployment.
This chapter includes the following topics:
Section 7.3, "Running the Configuration Wizard to Configure the HTTP Server"
Section 7.4, "Configuring the Load Balancer to Route HTTP Requests"
This chapter describes how to associate the Oracle Web Tier with the WebLogic Server domain. Once the Web tier is associated with the WebLogic Server, you can monitor it using the Oracle Fusion Middleware Console.
You then configure the load balancer to route all HTTP requests to WEBHOST1 and WEBHOST2.
The last section describes how to define the directives of the <VirtualHost> section of the httpd.conf file on both OHS servers. You created these virtual host names when you configured the load balancer in Section 3.3, "Configuring the Load Balancers."
Before configuring the Oracle Web Tier software, you must install it on WEBHOST1 and WEBHOST2, as described in Section 6.2, "Installing Oracle HTTP Server." Run the Configuration Wizard to define the instance home, the instance name, and the Oracle HTTP Server component name.
Ensure that port 7777 is not in use. Because Oracle HTTP Server is installed by default on port 7777, you must ensure that port 7777 is not used by any other service on the nodes. To check if this port is in use, run the following command before installing Oracle HTTP Server. You must free the port if it is in use.
netstat -an | grep 7777
Create a file containing the ports used by Oracle HTTP Server. On Disk1 of the installation media, locate the file stage/Response/staticports.ini. Copy it to a file called ohs_ports.ini. Delete all entries in ohs_ports.ini except for OHS PORT and OPMN Local Port. Change the values of those ports to 7777 and 6700, respectively.
Note:
If the port names in the file are slightly different from OHS PORT and OPMN Local Port, use the names in the file.
The steps for configuring the Oracle Web Tier are the same for WEBHOST1 and WEBHOST2.
Perform these steps to configure the Oracle web tier:
Change the directory to the location of the Oracle Fusion Middleware Configuration Wizard:
cd WEB_ORACLE_HOME/bin
Start the Configuration Wizard:
./config.sh
Enter the following information into the configuration wizard:
On the Welcome screen, click Next.
On the Configure Component screen, select: Oracle HTTP Server.
Ensure that Associate Selected Components with WebLogic Domain is NOT selected.
Ensure Oracle Web Cache is NOT selected.
Click Next.
On the Specify Component Details screen, specify the following values:
Enter the following values for WEBHOST1:
Instance Home Location: /u01/app/oracle/admin/web1
Instance Name: web1
OHS Component Name: ohs1
Enter the following values for WEBHOST2:
Instance Home Location: /u01/app/oracle/admin/web2
Instance Name: web2
OHS Component Name: ohs2
Click Next.
On the Configure Ports screen, you use the ohs_ports.ini file you created in Section 7.2, "Prerequisites for Configuring the Web Tier" to specify the ports to be used. This enables you to bypass automatic port configuration.
Select Specify Ports using a Configuration File.
In the file name field specify ohs_ports.ini.
Click Save, then click Next.
On the Specify Security Updates screen, specify these values:
Email Address: The email address for your My Oracle Support account.
Oracle Support Password: The password for your My Oracle Support account.
Select: I wish to receive security updates via My Oracle Support.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct. If they are not, click Back to modify selections on previous screens.
Click Configure.
On the Configuration screen, the wizard launches multiple configuration assistants. This process can be lengthy. When it completes, click Next.
On the Installation Complete screen, click Finish to confirm your choice to exit.
Configure your load balancer to route all HTTP requests to the hosts running Oracle HTTP Server (WEBHOST1, WEBHOST2). The instructions for this configuration will vary depending on which load balancer you use. See you load balancer documentation for specific instructions.
After the installation is completed, check that you can access the Oracle HTTP Server home page using the following URLs:
http://WEBHOST1.mycompany.com:7777/
http://WEBHOST2.mycompany.com:7777/
To configure the virtual hosts complete the following tasks as described in this section.
Section 7.6.1, "Configuring Virtual Hosts by Editing the HTTP Server Configuration Files"
Section 7.6.2, "Configuring Oracle HTTP Server to Run as Software Owner"
Section 7.6.3, "Update Oracle HTTP Server Runtime Parameters"
In order for Oracle Identity Management to work with the load balancer, you must create three virtual hosts.
To do so, create three separate files called admin_vh.conf, oimadmin_vh.conf, sso_vh.conf, and idminternal_vh.conf in ORACLE_INSTANCE/config/OHS/component/moduleconf.
On WEBHOST1 and WEBHOST2, add the following entries to the files:
Add to admin_vh.conf:
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName admin.mycompany.com:80 RewriteEngine On RewriteOptions inherit ServerAdmin you@your.address </VirtualHost>
Add to oimadmin_vh.conf (if using a split domain topology):
NameVirtualHost *:7777 <VirtualHost *:7777> ServerName oimadmin.mycompany.com:80 RewriteEngine On RewriteOptions inherit ServerAdmin you@your.address </VirtualHost>
Add to sso_vh.conf;
<VirtualHost *:7777> ServerName https://sso.mycompany.com:443 RewriteEngine On RewriteOptions inherit UseCanonicalName On </VirtualHost>
Add to idminternal_vh.conf:
<VirtualHost *:7777> ServerName http://idminternal.mycompany.com:80 RewriteEngine On RewriteOptions inherit UseCanonicalName On </VirtualHost>
By default, the Oracle HTTP server runs as the user nobody. In the Identity Management installation, the Oracle HTTP server should run as the Software owner and group.
To cause it to run as the appropriate user and group, edit the file httpd.conf, which is located in ORACLE_INSTANCE/config/OHS/component_name.
Find the section in httpd.conf where User is defined.
Change this section to read:
User User_who_installed_the_software Group Group_under_which_the_HTTP_server_runs
Group is typically the default user group, for example: oinstall.
For example:
<IfModule !mpm_winnt_module> # # If you wish httpd to run as a different user or group, you must run # httpd as root initially and it will switch. # # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User oracle Group oinstall </IfModule>
By default, the Oracle HTTP Server contains parameter values that are suitable for most applications. These values, however, must be adjusted in IDM Deployments.
Proceed as follows:
Edit the file httpd.conf, which is located in:
ORACLE_INSTANCE/config/OHS/component_name
Find the entry that looks like this:
<IfModule mpm_worker_module>
Update the values in this section as follows:
<IfModule mpm_worker_module>
ServerLimit 20
StartServers 2
MaxClients 1000
MinSpareThreads 200
MaxSpareThreads 800
ThreadsPerChild 50
MaxRequestsPerChild 0
AcceptMutex fcntl
LockFile "${ORACLE_INSTANCE}/diagnostics/logs/${COMPONENT_TYPE}/${COMPONENT_NAME}/http_lock"
</IfModule>
Save the file.
Restart the Oracle HTTP Server, as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
Once the installation is completed check that the it is possible to access the Oracle HTTP Server through the following URLs.
http://WEBHOST1.mycompany.com:7777/
http://WEBHOST2.mycompany.com:7777/
https://sso.mycompany.com/
http://idminternal.mycompany.com
It is an Oracle best practices recommendation to create a backup after successfully completing the installation and configuration of each tier, or at another logical point. Create a backup after verifying that the installation so far is successful. This is a quick backup for the express purpose of immediate restoration in case of problems in later steps. The backup destination is the local disk. You can discard this backup when the enterprise deployment setup is complete. After the enterprise deployment setup is complete, you can initiate the regular deployment-specific Backup and Recovery process. For more details, see the Oracle Fusion Middleware Administrator's Guide.
To back up the web tier installation, follow these steps,
Shut down the instance as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
Back up the Middleware home on the web tier. On Linux, use the following command, as root:
tar -cvpf BACKUP_LOCATION/web.tar MW_HOME
Back up the Instance home on the web tier using the following command, as root:
tar -cvpf BACKUP_LOCATION/web_instance.tar ORACLE_INSTANCE
Start the instance as described in Section 20.1, "Starting and Stopping Oracle Identity Management Components."
Note:
Create backups on all machines in the web tier by following the steps shown.
For information about backing up the application tier configuration, see Section 20.6, "Performing Backups and Recoveries."
|
 Copyright © 2004, 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|