Oracle® Fusion Applications Enterprise Deployment Guide for Financials 11g Release 7 (11.1.7) Part Number E27364-10 |
|
|
PDF · Mobi · ePub |
This chapter describes the provisioning process that is used to install and configure components specifically required for an enterprise deployment.
For general information about provisioning and installation, see the "Overview" chapter in the Oracle Fusion Applications Installation Guide.
This chapter includes the following topics:
Section 5.2, "Prerequisites for Using the Provisioning Process"
Section 5.6, "Starting and Stopping the Provisioned Environment"
Provisioning is the entire set of operations required to install, configure, and deploy applications product offerings from a system point of view. It performs these operations:
Install - operations related to laying down all the component needed to create an Oracle Fusion Applications environment.
Configure - the tailoring of components based on the applications topology, the creating of Managed Server instances and cluster members, and the updating of endpoints and virtual hosts.
Deploy - process that starts the Managed Servers and clusters and facilitates the actual use of product offerings.
Note:
Provisioning does not supply users, tenants, or hardware.
For more information about Oracle Fusion Applications architecture, see "Key Oracle Fusion Applications Concepts" in the Oracle Fusion Applications Administrator's Guide.
Before starting the provisioning process, you must do the following:
Make sure you first install the Oracle Identity Management stack for Oracle Fusion Applications. Follow the instructions in Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition) to install and configure these components.
Keep a record of the configuration details. You must supply them to the Oracle Fusion Applications Provisioning Wizard when you create your provisioning response file. For more information, see Section 5.3.2.16, "Identity Management Configuration Screen."
Make sure you obtain the certificates file from the Oracle Identity Management installation. The installation contains all the Oracle Identity Management certificates.
The following information from the Oracle Identity Management setup is used as input for provisioning and is required. (Note that this information is provided at the plan-generation stage in Figure 5-12 to Figure 5-15):
Superuser of the Oracle Identity Management setup
Identity Store host and port
Identity Store user name and password
Identity Store read-only user name and password
Oracle Identity Management Administration Server host, port, user name, and password
Oracle Identity Management Managed Server hostname and port
Oracle Identity Management HTTP internal endpoint URL
Oracle Identity Management HTTP(s) external endpoint URL
Oracle Access Manager Administration Server host name, port, user name, and password
Oracle Access Manager AAA server host name, port, access-server port, access-server identifier 1 and access-server identifier 2
Oracle Platform Security Services Policy Store host name, port, read-only user name, and password
Oracle Platform Security Services Policy Store JPS root node
Oracle Identity Management database system user login, Oracle Identity Management/Oracle Metadata Services schema password
Make sure all the virtual IPs shown in Table 3-1 in Chapter 3, "Preparing the Network for an Enterprise Deployment" have been created before you start the provisioning process. Ping the VIPs to ensure that they are live, and that the etc/hosts
entries are correct. (The VIPs are required for the scale-out chapters that follow, and not for provisioning.)
Make sure the default system time zones defined are the same on the database servers, Oracle Fusion Applications servers, and web servers. If the default time zones on these servers are different, you will encounter taxonomy errors during the provisioning postconfigure phase.
Set the TZ environment variable on Linux to have a valid time zone ID.
Check the time zone setting using the command: echo $TZ. The tzselect tool may be handy if you need to change the setting.
Oracle WebLogic Server and Oracle Database will then derive JVM and database time zones from their host systems, respectively. JVMs and the database need to be running in the same time zone.
Make sure the following 32-bit libraries are available on the Linux 64-bit operating system before provisioning a new environment. Otherwise, you will encounter an error during installation:
glibc-devel-32bit-2.9-13.2
libgcc43-4.3.3_20081022
libstdc++43-4.3.3_20081022-11.18
gcc-32bit-4.3
libaio-32bit-0.3.104
libaio-devel-32bit-0.3.104
libstdc++43-32bit-4.3.3_20081022
libstdc++43-devel-32bit-4.3.3_20081022
Define your local port range to ensure that it does not overlap with the ports used by JVMs and other servers. This action avoids port conflicts during server startup.
To view: $cat /proc/sys/net/ipv4/ip_local_port_range
To modify: $echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
To make the local port range permanent after server restart, add (or update) the following line in the /etc/sysctl.conf
file: net.ipv4.ip_local_port_range = 32768 61000
Make sure the hosts have enough entropy values in the provisioning hosts. If this value is less than 1000, increase it to a value to a greater value using the rngd
command from root account.
To check the entropy value:
$cat /proc/sys/kernel/random/entropy_avail
To increase the entropy value:
$rngd -r /dev/urandom -o /dev/random
Make sure you use the sh
, ksh
or bash
shell for provisioning and scale-out shell scripts executed from the command line. Since shell scripts for Oracle Fusion Applications and Oracle Fusion Middleware products are written using the Bourne shell (.sh
file extension), these scripts can run from any of these three shells.
Some helpful commands:
To display the shell you currently are using:
$ ps -p $$
To change the current shell to bash
:
$ /bin/bash
To make bash
the default shell for your Linux login account (from root
):
$ /usr/sbin/usermod -s /bin/bash login_account
This section covers the following topics:
Oracle Fusion provisioning repositories consist of multiple installers from Oracle Fusion Middleware and Oracle Fusion Applications. To run the Fusion provisioning process, these installers must be in a predefined directory structure.
This section includes the following topics:
A zipped provisioning repository is included in the Oracle Fusion Applications Product Media Pack. See "Obtaining the Software" in Oracle Fusion Applications Installation Guide for instructions on how to get it.
Extract the contents of all the zipped files to the same target directory (ORACLE_BASE
/repository
) that is on a shared/network drive. By default, the installers are located in REPOSITORY_LOCATION
/installers
.
The provisioning framework supplies the components needed to orchestrate the provisioning process. After the framework is set up, it retrieves the components and installers silently when they are required.
Run the installer from the directory where you created the provisioning repository. For example: REPOSITORY_LOCATION
/installers/faprov/Disk1
.
Note:
If you are running a fresh install or are re-running the installer after cleaning up previously installed products, ensure that no /etc/oraInst.loc
file exists.
To run the installer:
>FINHOST1 ./runInstaller
When prompted, enter the following JRE/JDK location:
REPOSITORY_LOCATION/jdk6
Use the screen information in Table 5-1 as a guide when running the installer.
Note:
In the case of a clean host, that is, one where the /etc/oraInst.loc
file does not exist:
The oraInventory creation panels will display before the Oracle Fusion Applications Provisioning Wizard starts
A confirmation dialog asking you to execute oracleRoot.sh
will display at the end of the installation
On the Specify Inventory Directory screen, specify the location as ORACLE_BASE/oraInventory
Table 5-1 Provisioning Installer Screens
Screen Name | Description |
---|---|
Welcome |
The standard Welcome screen is read-only and appears each time you start the provisioning framework installer. No action is required. Click Next to continue. |
Prerequisite Checks |
Analyzes the host computer to ensure that specific operating system prerequisites have been met. If any prerequisite check fails, the screen displays a short error message at the bottom. Fix the error and click Retry. If you want to ignore the error or warning message, click Continue. Click Abort to stop the prerequisite check process for all components. Click Next to continue. |
Specify Installation Location |
Specify a location where you want to install the provisioning framework ( The Oracle Fusion Applications Provisioning framework must be installed on a shared disk in a location that is accessible to all hosts to be provisioned. Click Next to continue. |
Installation Summary |
Summarizes the selections you have made during this installation session. To change this configuration before installing, select one of the screens from the left navigation pane. Click Save to create a text file (response file) to use if you choose to perform the same installation at a later date. Click Install to continue installing this configuration. |
Installation Progress |
The progress indicator shows the percentage of the installation that is complete and indicates the location of the installation log file. Click Next when the progress indicator shows 100 percent. |
Installation Complete |
Summarizes the installation just completed. If you want to save the details to a text file, click Save and indicate a directory where you want to save the file. Click Finish to dismiss the screen and exit the installer. |
/provisioning Directory Structure:
After installing the provisioning framework, the directories in ORACLE_BASE
/repository/provisioning
should be the following:
ant bin labelInfo.txt lib provisioning-build provisioning-plan template util
Note:
Installation logs are located in the ORACLE_BASE
/oraInventory
directory.
Before provisioning the Oracle Fusion Applications enterprise deployment environment, you must generate the provisioning response file, which will serve as the input for the actual provisioning process. You generate the provisioning response file by completing several Oracle Fusion Applications Provisioning Wizard interview screens to collect the configuration details for your provisioning response file and save the file in a location that is accessible to the provisioning installers. Be sure to make a note of the provisioning response file name and location, as you must supply these when you run the physical installation.
Before launching the Oracle Fusion Applications Provisioning Wizard, set JAVA_HOME
and PATH
. For example:
FINHOST1> export JAVA_HOME=ORACLE_BASE/repository/jdk6 FINHOST1> export PATH=$JAVA_HOME/bin:$PATH
Launch the wizard from any host in the enterprise deployment environment:
FINHOST1> cd ORACLE_BASE/repository/provisioning/bin FINHOST1> ./provisioningWizard.sh
The wizard is launched and the Welcome screen displays. The screen is read-only and displays each time you start the Wizard.
Click Next.
Note:
When using the wizard, you must enter the full path when asked to provide any path file (such as Applications Base, Application Configuration Directory, and so on). Using a symbolic link path will cause provisioning to fail in a later phase.
In this screen, shown in Figure 5-1, select only the following task from the list of options:
Create a New Applications Environment Provisioning Response File - create a provisioning response file for a new Oracle Fusion Applications environment.
Click Next to continue.
In this screen, you can set up a notification preference for security-related updates and installation-related information from Oracle Support.
Email - specify your email address to have updates sent by this method.
I wish to receive security updates via My Oracle Support - specify your My Oracle Support Password to have updates posted to your account.
Click Next to continue.
This screen, shown in Figure 5-2, enables you to select the Oracle Fusion Financials options to configure.
Select only the Oracle Fusion Financials option, shown in Figure 5-2. When selected, the Financials, Procurement, and Projects options are automatically selected.
The information in the message pane displays a cumulative estimate of the number of Managed Servers made available based on the offerings you selected. Click Details to see a breakdown of servers by domain.
Click Next to continue.
This optional screen lets you enter descriptive information to identify this response file, or create another version. This information becomes part of the summary document, and is listed under the Global settings on the Summary screen. It does not affect the content of your response file.
Update the response file name and click Next to continue.
In this screen, shown in Figure 5-3, specify credentials for the node manager and supply the location of the various directories required for installation and configuration actions.
Use the values shown in the screen for your installation.
Node Manager Credentials options - Add the values for the Node Manager credentials, which are used by Node Manager to start the Managed Server.
Installers Directory Location - Specify the location of the repository you created. For example, ORACLE_BASE
/repository
.
Applications Base - The root
directory of all Oracle Fusion Applications and Oracle Fusion Middleware products. Typically, this location is on a shared disk, ORACLE_BASE
/products
.
Applications Configuration Directory - Specify the path of the root directory where you want to write and manage the configuration files for all the domains, and from where the Administration Servers are started. Typically, this location is on a shared disk, ORACLE_BASE
/config
. (Note that ORACLE_BASE
/config
should be empty.)
Enable Local Applications Configuration - Enable this option. When enabled, all the Managed Servers will run locally; only the Administration Server will run from the shared disk. Provisioning will run pack
and unpack
, and will create local domain directories.
Local Applications Configuration - Specify a local-drive location, for example, /u02/local/oracle/config
. This field is required if you selected Enable Local Applications Configuration.
Font Directory - Enter the directory where the TrueType fonts are installed. The location varies on different operating systems, but is typically found at /usr/share/X11/fonts/TTF
.
Oracle Business Intelligence Repository Password options - Specify and confirm a password to allow access to the metadata repository (RPD) for both Oracle Business Intelligence Applications and Oracle Transactional Business Intelligence.
Click Next to continue.
In this screen, shown in Figure 5-4, accept the Applications Base Port value or enter a custom value. If you change the base port default, you must reset the domain port ranges accordingly when setting up firewall port ranges. (The default port range used for Oracle Fusion Applications is from 7000 to 11500.)
The Other Ports section contains the default value for the Node Manager port.
Click Next to continue.
In this screen, shown in Figure 5-5, select Real Application Clusters Database and then click Add to create a line in the table for each instance in the Oracle RAC database. Select a row and click Remove if you need to revise the table. Specify the following information for each instance:
User Name (SYSDBA Role) - the user name of the sysdba
role. This user name is used to upgrade schemas during the configuration phase. Note that the sysdba
fields are not validated, so ensure that you enter the correct values.
Password - the password of the sysdba role.
Host Name - the name of the Oracle RAC virtual host for each instance.
Port - listening port of the database.
Instance Name - the Oracle RAC database instance name
Service Name - the global database name for the transaction database that you installed. Used to distinguish this database instance from other instances of Oracle Database running on the same host.
Click Next to continue.
In this screen, enter the same password for all the accounts if a single password was used during Oracle Fusion Middleware Metadata Repository Creation Utility seeding. However, if different passwords for each account were used during Repository Creation Utility seeding, select Use a different password for each account and enter the passwords.
Note:
It is recommended to use a separate password for each account in the production deployment.
Click Next to continue.
In this screen, enter the Oracle Data Integrator Supervisor Password that was used when the Oracle Fusion Middleware Metadata Repository was loaded into the Oracle RAC database (see Figure 4-7 in Section 4.4, "Loading the Oracle Fusion Applications Repository into the Oracle RAC Database").
Click Next to continue.
In this screen, determine the flow for the remaining wizard interview screens.
One host for all domains - select this option to specify a Host Name if there is only one host and the ports are not changing.
One host per domain - select this option if the domains are to be split among several machines. Use the dropdown list to select a Host Name for each application domain to be created.
One host per application and middleware component - select this option when there are different hosts and ports to be modified.
Click Next to continue.
This screen, shown in Figure 5-6, allows you to create virtual hosts on a single Oracle Web Tier that are either port-based or name-based for each product family domain that is created during installation. Specify an internal and an external port. The values assigned during installation are derived from the default HTTP port you name on this screen.
Web Tier
Install Web Tier in DMZ - select this option if you set up a separate host for web tier installation. This host is set up as a demilitarized zone (DMZ), which does not have access to the shared file system. It cannot be used for any other host deployed, regardless of domain.
Host - enter the name of the host where the Oracle HTTP Server will be installed and configured.
Virtual Host Mode - select IP-based to create new DNS entries to use as virtual hosts. For example, fin.mycompany.com
.
Domain Name - Specify a domain name. This is a mandatoy field. For example, mycompany.com
.
HTTP Port - default port for the Web Tier. Should not require operating system administrator privileges. Use the default values.
HTTPS (SSL) Port - secure port for the Web Tier. Should not require operating system administrator privileges. Use the default values.
Click Next to continue.
This screen, shown in Figure 5-7, contains the configuration details for the domains on the virtual hosts.
Specify the following information for each application domain listed:
Internal Name - the host name or IP address where the Webtier listens on the internal virtual host for this domain.
Internal Port - port for this internal virtual host. Should be visible only from inside the firewall.
External Name - the host name or IP address for the external virtual host for this product family or middleware dependency. The host:port should be visible from outside the firewall.
External Port - port to be used for this external virtual host. The host:port should be visible from outside the firewall.
If you selected Name-based on the Web Tier Configuration screen, specify the following information for each domain listed:
Internal.Name - the DNS name for this internal virtual host. For example, for Financials, the name might be fin-internal.
External.Name - the DNS name for this external virtual host. For example, for Financials, the name might be fin.
If you selected Port-based on the Web Tier Configuration screen, specify the following information for each domain listed:
Internal Port - the port that is visible only from inside the firewall for this domain.
External Port - the port that is visible from outside the firewall for this domain.
Click Next to continue.
This screen, shown in Figure 5-8, enables you to distribute workload evenly across two or more hosts, network links, CPUs, hard drives, or other resources. Check Load Balancing Enabled to take advantage of this feature, and specify:
Internal Load Balancer Configuration - the host and port for the internal Virtual IP (VIP).
External Load Balancer Configuration - the host and port for external Virtual IP (VIP). It must have a publicly available address to be usable.
If you want to stop creating this response file and resume at a later date, click Save. This action creates a partial response file. A partial response file cannot be used to provision an environment.
Click Next to continue.
This screen, shown in Figure 5-9, allows you to create Proxy Settings to enable users who want to use a proxy server to connect to the Internet.
Click Next to continue.
In this screen, shown in Figure 5-10, select Load IDM Configuration from IDM Properties file.
When you are creating a response file or updating an incomplete response file without updates to this screen, shown in Figure 5-10, you will be able to select the IDM properties file to load IDM configuration data. After you select the file, you can review the content and decide if you want to proceed with this file.
Do not load IDM Configuration from IDM Properties file - select this option if you want to manually enter the values on the Identity Management Configuration screens (shown in Figure 5-11 and Figure 5-12) and the Access and Policy Management Configuration screens (shown in Figure 5-13 and Figure 5-14.)
Load IDM Configuration from IDM Properties file - select this option if you want the values on the Identity Management Configuration and Access and Policy Management Configuration screens to default to the values in the IDM properties file (for example, idmsetup.properties
) .
IDM Properties file - enter the location of the file (for example, idmsetup.properties
) on FINHOST1
: ORACLE_BASE
/repository/provisioning/bin/idmsetup.properties
.
Note:
You must copy the idmsetup.properties
file located at IDM_ORACLE_HOME
/idmtop/config/fa
from IDMHOST
to FINHOST1
at ORACLE_BASE
/repository/provisioning/bin/idmsetup.properties
.
IDM Properties file contents - If you have selected a valid IDM properties file, the contents will be displayed. This field is read-only and cannot be modified.
Note:
Even though you loaded the IDM properties file, you still must enter passwords manually in the Identity Management Configuration and the Access and Policy Management Configuration screens (for obvious security reasons). Passwords are not stored in the IDM properties file.
Click Next and then click Continue on the warning window that displays.
Note:
The warning window tells you that you will not be able to change any IDM properties file options once you click Continue and move to the next screen. Subsequently, the only way to change these options is to exit/abandon the partially completed create-response-file process and start the process again, from the beginning (Section 5.3.2, "Creating a New Provisioning Response File").
In these screens, shown in Figure 5-11 and Figure 5-12, enter the Identity Management Configuration parameters for the identity management infrastructure associated with this environment.
Super User Name - enter the name of an existing user that should be granted administrator and functional setup privileges.
Create Administrators Group - check this box to create an "Administrators" group, whose members have specialized privileges for all Oracle Fusion Middleware components.
Create Monitors Group - check this box to create a "Monitors" group, whose members have read-only administrative privileges to Oracle WebLogic domains.
Create Operators Group - check this box to create an "Operators" group, whose members have Monitors privileges to Oracle WebLogic domains.
Note:
The Administrators, Monitors, and Operators LDAP groups are mandatory. If you do not create the Administrators group, the pre-verify target will fail. If you do not create the Operators and Monitors groups, the pre-configure target will fail.
Identity Store Server Type - select "Oracle Virtual Directory" from the dropdown list to indicate the type of identity store you set up.
Important Notes:
If the Oracle Identity Manager being used is in the form of an Oracle Identity Manager enterprise deployment, select the "Oracle Virtual Directory" option.
If a single-node Oracle Identity Manager is used or if, for any reason, Oracle Identity Manager did not configure Oracle Virtual Directory, use the default "Oracle Internet Directory" option.
Use SSL to communicate with Identity Store - this feature is currently not enabled.
Identity Store Host - enter the host or DNS name for your identity store LDAP service. (The value can be the Load Balancer host of the Oracle Identity Management enterprise deployment setup.)
Identity Store Port - port assigned to the identity store.
Identity Store Secure Port - the SSL port for the identity store. (This option is currently not available.)
Identity Store User DN - enter the Distinguished Name of the user you set up with read-write access to the LDAP.
Identity Store Password - enter the password you set up for the user with read-write access to the LDAP.
Identity Store Read-Only User DN - the Distinguished Name of the user with read-only access to the Identity Store LDAP.
Identity Store Read-Only Password - enter the password you set up for the identity store read-only user.
Identity Store User Name Attribute - the type of user name attribute you configured in the identity store. Valid values are: user ID (uid), common name (CN), or email address.
Identity Store User Base DN - enter the root Distinguished Name assigned to the upload of applications user data. This is the root for all the user data in your identity store.
Identity Store Group Base DN - enter the root Distinguished Name for all the group data in your identity store.
OIM Admin Server Host - enter the name of the host where the OIM Administration Server is installed. (This value can be either the host name or the VIP name of host.)
OIM Admin Server Port - the port where the OIM Administration Server listens.
OIM Administrator User Name - enter the OIM (Oracle Identity Manager domain) Oracle WebLogic Server Administration user name.
Note:
This user is different from the "XELSYSADMIN" OIM product administrator user name. The correct OIM (Oracle Identity Manager domain) Oracle WebLogic Server Administration user name is found in the WLSADMIN
property in the idmsetup.properties
file.
OIM Administrator Password - enter the password you set up for the OIM (Oracle Identity Manager domain) Oracle WebLogic Server Administration user.
OIM Managed Server Host - enter the virtual or real host name of the Oracle Identity Manager Managed Server where SPML callback and other OIM services are running. (This value can be either the host name or the VIP name of the host, based on the listen address where the OIM Managed Server is listening.)
OIM Managed Server Port - enter the virtual or real port where the Oracle Identity Manager Managed Server listens.
OIM HTTP Internal Endpoint URL - the access point on the Oracle HTTP Server for Oracle Identity Manager services in an Oracle Identity Management enterprise deployment, or the Oracle Identity Manager Managed Server access point for a non-enterprise deployment. This URL is used for deployment.
Enter the http
termination address of Oracle Access Manager. Terminates at either a load balancer or the Oracle HTTP Server.
OIM HTTP(S) External Endpoint URL - the access point to use for taxonomy. This is not used for deployment. Note that a non-secure connection is used unless you provide an https
URL.
Note:
In a single-node Oracle Identity Manager environment, the IDM properties file does not load any value into this field because secure URL setup is not performed. Subsequently, you will need to copy the non-secure URL from the OIM HTTP Internal Endpoint URL field to the OIM HTTP(S) External Endpoint URL field.
Click Next to continue.
Access and Policy Management Configuration provides identity administration and security functions such as Single Sign-On and policy management. In these screens, shown in Figure 5-13 and Figure 5-14, supply the following parameters to integrate with your existing Oracle Identity Management environment:
OAM Admin Server Host - enter the name of the host where the Oracle Access Manager Administration Server is installed.
OAM Admin Server Port - the port where the Oracle Access Manager Administration Server listens.
OAM Administrator User Name - enter the name you assigned this user when you installed Oracle Access Manager.
OAM Administrator Password - enter the password you assigned this user when you installed Oracle Access Manager.
OAM AAA Server Host - enter the name of the proxy host where Oracle Access Manager is installed. (This value can be either the host name or the VIP name of host.)
OAM AAA Server Port - the port number for the Oracle Access Manager listener on the OAM proxy host..
Access Server Identifier - name used to identify the Oracle Access Server.
Enable Second Primary Oracle Access Manager - select this check box to name a second Primary Oracle Access Manager for high availability.
Second Access Server Identifier - enter the name of the second Primary Oracle Access Manager Server.
Notes:
After connecting to the primary access server, provisioning is able to get the second access server connection information.
However, if you have a second access server in Oracle Identity Manager and you select the option to load the properties from the Oracle Identity Manager setup properties file, you must enter the server name manually. This is necessary because the Oracle Identity Manager setup properties file does not have a property entry that will get the name of the second access server automatically.
Webgate Password/Confirm Password - specify a password for the Resource WebGate. It must contain at least eight alphanumeric characters and at least one digit or punctuation mark. Re-type to Confirm the password. If seeding of security data is disabled, the password must be the existing WebGate password.
Default to Identity Store - the default values of this section depend on whether this field is enabled. If the checkbox is unchecked, which is the default, the OPSS Policy Store Host, OPSS Policy Store Read-Write User Name and OPSS Policy Store Password fields are empty by default and do not inherit values from your identity store.
Use SSL to communicate with OPSS Policy Store - this option is currently not available.
OPSS Policy Store Host - enter the host name for OID where Oracle Platform Security Services (OPSS) policies are to be seeded. (The value can be the Load Balancer host of the Oracle Identity Management enterprise deployment setup.)
OPSS Policy Store Port - number of the OID port for OPSS policy store.
OPSS Policy Store Secure Port - the secure port for OID.
OPSS Policy Store Read-Write User Name - enter the Distinguished Name of the user that you set up with write privileges to the OPSS policy store.
OPSS Policy Store Password - enter the password that you set up for the OPSS policy store user with read-write privileges.
OPSS Policy Store JPS Root Node - enter the Distinguished Name of the node to be used as the OPSS policy root for Oracle Fusion Applications. The field is read-only and the default value is set as cn=FAPolicies
.
Create OPSS Policy Store JPS Root Node - selecting this option creates the OPSS JPS Root Node; since the node was created during the Oracle Identity Management provisioning process, there is no need to select the option here.
IDM Keystore File - enter the location of the JKS keystore containing the certificates for the Oracle Identity Management components. (This option is currently not available.)
IDM Keystore Password - enter the password that you set up for the IDM Keystore File. (This option is currently not available.)
Click Next to continue.
In this screen, shown in Figure 5-15, enter the configuration details you specified when you installed the database for the Oracle Identity Management.
Select Real Application Clusters Database if you have installed an Oracle Identity Management database based on Oracle Real Application Clusters (Oracle RAC). Specify the Service Name.
To identify the Oracle RAC instances, click Add to create a new row in the table. To delete a row, select it and click Remove. Enter the following information for each instance:
Host Name - the name of the Oracle RAC host virtual host for each instance of an Oracle Identity Management database.
Port - listening port of the RDBMS.
Instance Name - the Oracle RAC database instance name
Service Name - the global database name for the transaction database that you installed. Used to distinguish this database instance from other instances of Oracle Database running on the same host.
Specify the database schema and password used to store the Metadata Service (MDS) Repository data for Oracle Web Services Policy Manager.
Schema Owner - the MDS schema in the Oracle Identity Management database that is used by Oracle Web Services Policy Manager.
Schema Owner Password - the password for the MDS schema.
Click Next to continue.
Review the information on this screen. If it is not what you expected or intended, click Back to return to the interview flow screen that must be changed, or click the name of the screen in the left navigation pane.
Descriptive information for this response file (if any) and database connection details are displayed under Global Settings. Each product family Domain to be created is listed along with the configuration details you have previously entered.
If you are satisfied with the information as displayed, specify the following information:
Provisioning Response File Name - the executable file that contains the configuration details of this provisioning response file.
Provisioning Summary - a text document that summarizes the details of this provisioning response file. You cannot use this file to execute the response file.
Directory - the directory path to the location where you save the response file and the summary document.
Make a note of the name and location where you saved the executable file. You must supply this information to the Installation Wizard for other options.
Click Finish to save the file_name
.rsp
and provisioning.summary
files to ORACLE_BASE
/repository/provisioning/bin
.
The provisioning commands that install components perform the following tasks:
Prerequisites for running the provisioning commands
Before running the provisioning commands that run the ant
targets (preverify, install, and so on), do the following:
Check the latest Oracle Fusion Applications release notes for any known workarounds.
Ensure that the preverify target is passed before you move on to other targets.
Ensure that all commands with ant targets say "Build Successful" when they pass.
Set the JAVA_HOME
variable to ORACLE_BASE
/repository/jdk6
.
On FINHOST1
and WEBHOST1
, create the /etc/oraInst.loc
file with the following entries:
inventory_loc=
ORACLE_BASE
/oraInventory
inst_group=usergroup
For commands that fail, use the following location to debug:
ORACLE_BASE/products/logs/provisioning/FINHOST1/ runProvisioning-targetname.log
Notes:
In the provisioning commands that follow in these sections, the -override
parameter takes the option override.properties
. The override.properties
file contains the changes that are required for responseFile
values.
The override.properties
file can be an empty file. The values it contains exist only to overwrite the responseFile
values.
If for any reason you need to run any target again, run the following:
./runProvisioning.sh -responseFile ./file_name.rsp -override ./overrides.properties -target cleanup-targetname
./runProvisioning.sh -responseFile ./file_name.rsp -override ./overrides.properties -target restore-targetname
Then run the target again.
Using Oracle Recovery Manager (RMAN), manually back up both the Oracle Identity Manager file system and database before starting "Run the pre-verify phase". You can use the file-system and database manual backups to rebuild the Oracle Identity Manager environment if you need to repeat the Oracle Fusion Applications provisioning configure phases from the beginning ("Run the pre-verify phase").
Using RMAN, manually back up the Oracle Fusion Applications file systems on both FINHOST1
and WEBHOST1
, and the Oracle Fusion Applications database after completing "Run the installation phase" in this section, and "Run the pre-configure phase" through "Run the post-configure phase" in Section 5.4, "Configuring Components." Also, ensure that the manual backup .tar
files are stored in your own separate restart folder (restart_mb
).
Note:
The provisioning process performs automatic incremental backups of Oracle Fusion Applications file systems on FINHOST1
and WEBHOST1
after completing each provisioning target. The provisioning process then uses these automatic backups to run the current provisioning phase cleanup in order to restore the end of the previous provisioning phase file system. For more information, see "Running Cleanup and Restore" in Oracle Fusion Applications Installation Guide.
The provisioning process does not perform automatic database backups. Instead, it runs the available database undo
script for the current provisioning phase from the code repository to restore the Oracle Fusion Applications database to the end of previous provisioning phase.
However, these automatic file-system backups are useful only if restoring to one immediate provisioning phase. (For example, if you notice some problem in post-configure and you want to repeat all provisioning targets from pre-configure to post-configure, these automatic file-system backups will not work.) In addition, ready-made database undo
scripts are not available in the code repository to restore more than one previous provisioning phase. Consequently, it is recommended that you perform manual backups of file systems and the Oracle Fusion Applications database.
These manual backups can also be used to restore a previous provisioning target if an automatic backup should fail.
Performing a manual backup
Run the following commands for each provisioning target, "Run the installation phase" through "Run the post-configure phase", and for each host in the environment.
tar -C ORACLE_BASE/config -cf ORACLE_BASE/products/restart_mb/ backup_target_name/shared_config.tar . tar -C ORACLE_BASE/products/provisioning -cf ORACLE_BASE/products/restart_mb/ backup_target_name/provisioning.tar . tar -C /u02/local/oracle/config -cf ORACLE_BASE/products/restart_mb/ backup_target_name/local_config.tar .
For more information see "Performing a Manual Backup" in Oracle Fusion Applications Installation Guide.
Cleaning up and restoring from manual backups to repeat multiple configure targets after a configure failure
Do the following:
Find any Oracle Fusion Applications or Oracle WebLogic Server configure processes (except Node Manager processes) running from the ORACLE_BASE
location to be killed:
ps -ef | grep /u01/oracle
Run the following commands to restore the file system:
rm -Rf ORACLE_BASE/config rm -Rf ORACLE_BASE/products/provisioning rm -Rf /u02/local/oracle/config mkdir ORACLE_BASE/config mkdir ORACLE_BASE/products/provisioning mkdir /u02/local/oracle/config tar -xfv ORACLE_BASE/products/restart_mb/backup_target_name/shared_config.tar . -C ORACLE_BASE/config tar -xfv ORACLE_BASE/products/restart_mb/backup_target_name/provisioning.tar . -C ORACLE_BASE/products/provisioning tar -xfv ORACLE_BASE/products/restart_mb/backup_target_name/local_config.tar . -C /u02/local/oracle/config
Recover the Oracle Fusion Applications database from the RMAN backup that was done at the end of "Run the installation phase".
Repeat the provisioning of targets from "Run the pre-configure phase" through the end of the provisioning process.
For this task, WEBHOST1
is the host you configured in Figure 5-6, and WEBHOST1
and FINHOST1
do not have a common shared storage. From FINHOST1
, copy ORACLE_BASE
/repository
to ORACLE_BASE
on WEBHOST1
.
Be sure to maintain the same directory structure on WEBHOST1
.
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1 : ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target preverify
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target preverify
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1 : ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target install
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target install
Note:
If the relative path for the response file (./
file_name
.rsp
) and override properties (./override.properties
) does not work, give a fully qualified path instead.
The provisioning commands that configure components perform the following tasks:
Note:
If any target fails and you have to run the configure stage again, you only need to cleanup/restore the target on that host and then run the target again.
To run cleanup/restore:
./runProvisioning.sh -responseFile ./file_name.rsp -override
./overrides.properties -target cleanup-configure
./runProvisioning.sh -responseFile ./file_name.rsp -override
./overrides.properties -target restore-configure
When the cleanup and restore builds are successful, you can run the configure target again.
This applies to all tasks related to configuring components.
Note:
If the relative path for the response file (./
file_name
.rsp
) and override properties (./override.properties
) does not work, give a fully qualified path instead.
Before running the pre-configure phase, copy the ORACLE_BASE
/products/webtier_dmz_artifacts.zip
file from the FINHOST1
non-DMZ computers to WEBHOST1
ORACLE_BASE
/products
. The webtier_dmz_artifacts.zip
file contains all the required files for the DMZ setup.
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target preconfigure
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target preconfigure
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target configure
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target configure
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target configure-secondary
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target configure-secondary
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target postconfigure
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target postconfigure
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target startup
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target startup
Run the following commands from ORACLE_BASE/
repository/provisioning/bin
:
On FINHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target validate
On WEBHOST1: ./runProvisioning.sh -responseFile ./
file_name
.rsp
-override ./overrides.properties -target validate
When all the scripts have run successfully, Oracle Fusion Financials provisioning is complete. For information about the resulting directory structure, see Section 3.4.1, "Directory Structure."
For information about the tasks these scripts perform, see Oracle Fusion Applications Installation Guide.
To configure an email server as a delivery channel to be used with Oracle Business Intelligence Publisher, see "Adding an E-mail Server" in the chapter "Setting Up Delivery Destinations" in Oracle Fusion Middleware Administrator's Guide for Oracle Business Intelligence Publisher (Oracle Fusion Applications Edition).
After provisioning, there are several tasks you must perform.
After provisioning, access the following URLs, ensuring that the Administration console is visible:
http://fininternal.mycompany.com:7777/console
http://crminternal.mycompany.com:7777/console
http://hcminternal.mycompany.com:7777/console
http://scminternal.mycompany.com:7777/console
http://commoninternal.mycompany.com:7777/console
http://biinternal.mycompany.com:7777/console
http://prjinternal.mycompany.com:7777/console
http://prcinternal.mycompany.com:7777/console
For the following URLs, ensure that the Oracle Fusion Applications login screen is visible.
https://finexternal.mycompany.com/ledger/faces/LedgerWorkArea
https://finexternal.mycompany.com/payables/faces/PaymentLandingPage
https://prcexternal.mycompany.com/procurement/faces/PrcPoPurchasingWorkarea
https://prjexternal.mycompany.com/projectsFinancials/faces/PRJProjectWorkarea
https://commonexternal.mycompany.com/homePage/faces/AtkHomePageWelcome
https://biexternal.mycompany.com/analytics
Other post-installation tasks include the following:
Applying patches to your new environment
Creating upgradeLDAPUsersForSSO.props
Adding privileges to IDStore and Policy Store entities
Reconciling users and roles from the IDStore into Oracle Identity Manager
Deleting Oracle Business Intelligence restart files
For information about performing these tasks, see "Postinstallation Tasks" in Oracle Fusion Applications Installation Guide.
The fastartstop.sh
script offers a wide range of options to start and stop the servers in the provisioned Oracle Fusion Applications environment. The script resides in the following location:
ORACLE_BASE/products/fusionapps/applications/lcm/ad/bin/fastartstop.sh
For example:
./fastartstop.sh -Start|-Stop|-Bounce|-StartBIPS|-StopBIPS -all|-domains domain_name,domain_nameN,domain_nameN|-BIPServerComponents -all|-domains "domain_name(server:all,server:managed_server_name|AdminServer),domain_name(server:all,server:managed_server_name|AdminServer)"|-BIPServerComponents [-componentType OHS |-componentDomain component_domain_name][iasInstance=instance_id][iasComponent=component_id][-processType=component_type] [-clusterType soa] -username user_name -appbase FA_ORACLE_HOME [-loglevel log_level] [-timeout timeout_period] [--help]
For more information, see "Starting and Stopping" in the Oracle Fusion Applications Administrator's Guide.