Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) 11g Release 7 (11.1.7) Part Number E21032-21 |
|
|
PDF · Mobi · ePub |
This chapter describes how to provision Identity Management.
It contains the following sections:
This section introduces the provisioning process.
There are eight stages to provisioning. These stages are:
preverify - This checks that each of the servers being used in the topology satisfies the minimum requirements of the software being installed and configured.
install - This installs all of the software required by the installation.
preconfigure - This does the following:
Creates OID and seeds it with Users/Groups.
Creates OVD
Configures ODSM
Creates the WebLogic Domain
Creates OHS instance
configure - This does the following:
Associates the Policy Store to OID
Starts managed servers as necessary
Associates OAM with OID
Configure OIM
configure-secondary - This does the following:
Integrates Weblogic Domain with Webtier
Register webtier with domain
Integrate OAM and OIM
postconfigure - This does the following:
Register OID with Weblogic Domain
SSL Enable OID and OVD
Tune OID
Run OIM Reconciliation
Configure UMS Mail Server
Generate OAM Keystore
Configure OIF
Configure Webgates
startup - This starts up all components in the topology
validate - This performs a number of checks on the built topology to ensure that everything is working as it should be.
Each stage must be completed on each host in the topology before the next stage can begin. Failure of a stage will necessitate a cleanup and restart.
You must process hosts in the following order:
LDAP Host 1
LDAP Host 2
Identity and Access Management Host 1
Identity and Access Management Host 2
Web Host 1
Web Host 2
This equates to the following order for hosts in this guide:
LDAPHOST1
LDAPHOST2
IDMHOST1
IDMHOST2
WEBHOST1
WEBHOST2
The following sections describe the procedure for performing provisioning.
Section 9.2.4, "Copy Provisioning Files to WEBHOST1 and WEBHOST2"
Section 9.2.5, "Copying WebGate Configuration Files to WEBHOST1 and WEBHOST2"
Provisioning is accomplished by running the command runIDMProvisioning.sh
a number of times on each host in the topology.
BEFORE embarking on the provisioning process, read this entire section. There are extra steps detailed below which must be performed during the process.
You MUST run each command on each host in the topology before running the next command.
Before running the provisioning tool, set the following environment variables:
Set ANT_HOME
to: REPOS_HOME
/provisioning/ant
Set JAVA_HOME
to: REPOS_HOME
/jdk6
The commands you must run are:
runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preverify runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target install runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target preconfigure runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target configure-secondary runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target postconfigure runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target startup runIDMProvisioning.sh -responseFile IDMLCM_HOME/provisioning/bin/provisioning.rsp -target validate
It is important that you take a backup of the file systems and databases at the following points:
Prior to starting provisioning.
At the end of the installation phase.
Upon completion of provisioning
It is not supported to restore a backup at any phase other than those three.
After performing the install phase on the primoridial host (IDMHOST1), you must download Patch 16708003and apply it on IDMHOST1.
If you are not sharing your provisioning directory onto the WEBHOSTs, you must manually copy the following directories from IDMHOST1 to the local provisioning directories on those hosts. You must do this BEFORE running the install on those hosts.
SHARED_CONFIG_DIR
/lcmconfig/topology
SHARED_CONFIG_DIR
/lcmconfig/credconfig
For example:
scp -r SHARED_CONFIG_DIR/lcmconfig/topology WEBHOST1:SHARED_CONFIG_DIR/lcmconfig/ scp -r SHARED_CONFIG_DIR/lcmconfig/credconfig WEBHOST1:SHARED_CONFIG_DIR/lcmconfig/
When configuring WebGate during the postconfigure stage, the provisioning tool requires access to files created on the primordial host. So BEFORE postconfigure is run on WEBHOST1 and WEBHOST2, you must copy the entire directory ASERVER_HOME
/output
to the same location on WEBHOST1 and WEBHOST2.
For example:
scp -r IDMHOST1:$ASERVER_HOME/output WEBHOST1:$ASERVER_HOME
Note:
Before making the copy, you might need to manually create the directory ASERVER_HOME
on WEBHOST1 and WEBHOST2. After provisioning is complete, you can remove this directory from WEBHOST1 and WEBHOST2.
To help keep track of the provisioning process, print this check list from the PDF version of this guide. Run each stage on the hosts shown, and add a check mark to the corresponding row when that run is complete.
Provisioning Stage | Host | Complete |
---|---|---|
Preverify |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
WEBHOST1 |
||
WEBHOST2 |
||
Install |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
Copy Provisioning Files |
IDMHOST1 |
|
WEBHOST1 |
||
WEBHOST2 |
||
Install |
IDMHOST2 |
|
WEBHOST1 |
||
WEBHOST2 |
||
Preconfigure |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
WEBHOST1 |
||
WEBHOST2 |
||
Configure |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
WEBHOST1 |
||
WEBHOST2 |
||
Configure Secondary |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
WEBHOST1 |
||
WEBHOST2 |
||
Post Configure |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
Copy WebGate Files |
WEBHOST1 |
|
WEBHOST2 |
||
Post Configure |
WEBHOST1 |
|
WEBHOST2 |
||
Startup |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
WEBHOST1 |
||
WEBHOST2 |
||
Validate |
LDAPHOST1 |
|
LDAPHOST2 |
||
IDMHOST1 |
||
IDMHOST2 |
||
WEBHOST1 |
||
WEBHOST2 |