7 Setting Up Node Manager for an Enterprise Deployment

This chapter describes how to configure Node Manager in accordance with enterprise deployment recommendations.

This chapter includes the following topics:

• Section 7.1, "Prerequisites for Setting Up Node Manager"

• Section 7.2, "Setting Up Node Manager for FINHOST2"

• Section 7.3, "Creating the Identity Keystore on FINHOST2"

7.1 Prerequisites for Setting Up Node Manager

Before setting up Node Manager, ensure the following:

• You are starting with a clean machine, if it is the first time it is being setup

• The /etc/hosts file has proper entries. To verify, ping this machine with the fully qualified name of the machine.

• The user created on FINHOST2 should be the same as the user on FINHOST1

• The directory structure /u01/oracle (ORACLE_BASE) is mounted to same shared file system as FINHOST1

• The directory structure /u02/local/oracle/config on FINHOST2 has been created

• The initial Oracle Fusion Financials deployment on FINHOST1 has already been done and verified by provisioning

7.2 Setting Up Node Manager for FINHOST2

Do the following:

1. Run the following command:

   FINHOST2> cd ORACLE_BASE/config/nodemanager
   

2. In the nodemanager directory, copy the content of the node-specific directory to FINHOST2. In this case, FINHOST1 is the node-specific directory.

   FINHOST2> cp -r FINHOST1 FINHOST2
   

3. Change directory to FINHOST2. You should see the following files:

   nm_data.properties   nodemanager.log   startNodeManagerWrapper.sh
   nodemanager.domains  nodemanager.properties
   

   Note:

   Manually delete any lock files that may be present. For example, nodemanager.log.lck.

4. In the nodemanager.domains file, edit all the domain paths that are local to FINHOST2. For example, FinancialDomain=/u02/local/oracle/config/domains/FINHOST2/FinancialDomain.

   Note:

   Because BIDomain is a bit different, an example path would be BIDomain=/u02/local/oracle/config/domains/FINHOST1/BIDomain.

5. In the startNodeManagerWrapper.sh file, change NM_HOME to ORACLE_BASE/config/nodemanager/FINHOST2.

6. In the nodemanager.properties file:

   • Add or modify the following lines:

     KeyStores=CustomIdentityAndCustomTrust
     CustomIdentityKeyStoreFileName=ORACLE_BASE/config/keystores/FINHOST2_fusion_identity.jks
     CustomIdentityPrivateKeyPassPhrase=keypassword
     CustomIdentityAlias=FINHOST2_fusion
     

     Note:

     keypassword is the password given in the ORACLE_BASE/products/provisioning/plan/provisioning.plan file.

   • Ensure that the path to the local machine /u02/local/oracle/nodemanager/ exists, and that the LogFile value is pointing to /u02/local/oracle/nodemanager/FINHOST2.log.

   • Ensure that the path for DomainsFile and NodeManagerHome are correct for FINHOST2.

7.3 Creating the Identity Keystore on FINHOST2

Provisioning has created the identity keystore FINHOST1_fusion_identity.jks for FINHOST1. Subsequently, the identity keystore FINHOST2_fusion_identity.jks must be created for FINHOST2.

Do the following to create the keystore:

1. Change directory to ORACLE_BASE/config/keystores.

   Ensure the FINHOST1_fusion_identity.jks and fusion_trust.jks files are present.

2. Back up fusion_trust.jks to fusion_trust.jks.org.

3. Run the following command to set the CLASSPATH:

   FINHOST2> source ORACLE_BASE/products/fusionapps/wlserver_10.3/server/
   bin/setWLSEnv.sh
   

   Ensure that the CLASSPATH has been set:

   FINHOST2> which keytool
   

   The output should point to the ORACLE_BASE/products/fusionapps/jdk6/jre/bin/keytool.

4. Run the following command to create the keypair for FINHOST2_fusion_identity.jks:

   FINHOST2> keytool -genkeypair -keyalg RSA -alias FINHOST2_fusion -keypass 
   keypassword -keystore FINHOST2_fusion_identity.jks -storepass keystorepassword 
   -validity 180 -dname 'CN=FINHOST2, OU=defaultOrganizationUnit, O=defaultOrganization, C=US' 
   

   where

   • keystorepassword is the password given in the ORACLE_BASE/products/provisioning/plan/provisioning.plan file

   • keypassword is the password given in the ORACLE_BASE/products/provisioning/plan/provisioning.plan file

   Notes:

   • It is recommended to keep the commands in a file and then execute it.

   • Since the passwords in the response and plan files are encrypted, take note of or save the passwords when you are creating these files.

5. Run the following command to export the certs:

   FINHOST2> keytool -exportcert -alias FINHOST2_fusion 
   -keystore FINHOST2_fusion_identity.jks  
   -storepass keystorepassword -rfc -file /tmp/appIdentityKeyStore.jks
   

   Note:

   If the alias FINHOST2_fusion exists, run this command to delete it:

   keytool -delete -alias FINHOST2_fusion -keystore fusion_trust.jks 
   -storepass keystorepassword
   

   The following command will display the certificates in the trust keystore:

   keytool -list -keystore fusion_trust.jks -storepass 
   keystorepassword
   

6. Run the following command to import the certs:

   FINHOST2> keytool -importcert -noprompt -alias FINHOST2_fusion -file
   /tmp/appIdentityKeyStore.jks -keystore fusion_trust.jks -storepass 
   keystorepassword
   

7. Verify that the file FINHOST2_fusion_identity.jks has been created in the directory ORACLE_BASE/config/keystores directory.

8. Start Node Manager on FINHOST2 by running the following command:

   ORACLE_BASE/config/nodemanager/FINHOST2/startNodeManagerWrapper.sh &