This chapter describes how to prepare the servers for an enterprise deployment.
It contains the following sections:
Before you deploy Oracle Fusion Middleware on new hardware, you must set up the servers you plan to use so that the Oracle Software can work in an optimum fashion. Specifically, you must ensure that:
The servers are running a certified operating system with the required software patches installed.
You have configured the UNIX Kernel correctly.
You have created Users and Groups to own the Oracle software.
The settings described in this chapter are only a guide. After using your Oracle software, you should use operating system utilities to tune the configuration to ensure that you are maximizing the potential of your servers.
Ensure that the server and operating system that you plan to use is a certified combination for the products you plan to use. Refer to Oracle Certification Matrix for details.
In order to use a server in an Oracle Enterprise Deployment you must verify that it meets the minimum specification described in Section 2.4, "Hardware Requirements for an Enterprise Deployment." If you plan to use a different deployment architecture, for example, one with more or fewer components deployed on a different number of boxes, you must check Oracle® Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management to ensure that you have the minimum specification to support the products you plan to deploy on these servers.
If you are deploying to a virtual server environment, ensure that each of the virtual servers meets the minimum requirements.
Ensure that you have sufficient local disk and shared storage is configured as described in Chapter 4, "Preparing Storage for an Enterprise Deployment."
Allow sufficient swap and temporary space. Specifically:
Swap Space–The system must have at least 512MB.
Temporary Space–There must be a minimum of 500MB of free space in /tmp
.
Before performing Identity and Access Management Deployment, you must perform the following tasks:
Install a certified operating system.
Install all necessary patches and packages as listed in the Release Notes.
This section includes the following topics:
The kernel parameter and shell limit values shown below are recommended values only. For production systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information about tuning kernel parameters.
Kernel parameters must be set to a minimum of those below on all nodes in the topology.
The values in the following table are the current Linux recommendations. For the latest recommendations for Linux and other operating systems, see Oracle Fusion Middleware System Requirements and Specifications.
If you are deploying a database onto the host, you might need to modify additional kernel parameters. Refer to the 11g Release 2 Oracle Grid Infrastructure Installation Guide for your platform.
Table 5-1 UNIX Kernel Parameters
Parameter | Value |
---|---|
kernel.sem |
256 32000 100 142 |
kernel.shmmax |
2147483648 or higher |
To set these parameters:
Log in as root
and add or amend the entries in the file /etc/sysctl.conf
.
Save the file.
Activate the changes by issuing the command:
/sbin/sysctl -p
On all UNIX operating systems, the minimum Open File Limit should be 4096.
Note:
The following examples are for Linux operating systems. Consult your operating system documentation to determine the commands to be used on your system.
You can see how many files are open with the following command:
/usr/sbin/lsof | wc -l
To check your open file limits, use the commands below.
C shell:
limit descriptors
Bash:
ulimit -n
Note:
If your limits are already set higher than these values, you do not need to change them.
To change the shell limits, login as root
and edit the /etc/security/limits.conf
file.
Add the following lines:
* soft nofile 65536 * hard nofile 150000 * soft nproc 2048 * hard nproc 16384
Oracle Linux 6 and Red Hat Enterprise Linux 6 Only
To change the shell limits, login as root
and edit the /etc/security/limits.conf
file.
Add the following lines:
* soft nofile 65536 * hard nofile 150000
Also edit: /etc/security/limits.d/90-nproc.conf
Add the following lines:
* soft nproc 2048 * hard nproc 16384
For the most recent suggested values, see Oracle Fusion Middleware System Requirements and Specifications.
After editing the file, reboot the machine.
Before you begin the installation of the Oracle software, ensure that your local /etc/hosts
file is formatted like this:
IP_Address
Fully_Qualified_Name
Short_Name
For example
192.168.30.1
iamhost1.mycompany.com
iamhost1
Your operating system configuration can influence the behavior of characters supported by Oracle Fusion Middleware products.
On UNIX operating systems, Oracle highly recommends that you enable Unicode support by setting the LANG
environment variable to a locale with the UTF-8 character set. This enables the operating system to process any character in Unicode. Oracle SOA Suite technologies, for example, are based on Unicode.
Set the LANGUAGE environment variable as follows:
LANG=en_GB.UTF-8
If the operating system is configured to use a non-UTF-8 encoding, Oracle SOA Suite components may function in an unexpected way. For example, a non-ASCII file name might make the file inaccessible and cause an error. Oracle does not support problems caused by operating system constraints.
The enterprise deployment requires that certain hosts, such as those running the WebLogic Administration Server or SOA managed servers, use virtual IP addresses. You must enable the appropriate IP address on each server.
Chapter 3, "Preparing the Network for an Enterprise Deployment" describes the mapping of IP Addresses to servers.
This section includes the following topics:
Section 5.6.1, "Summary of the Required Virtual IP Addresses"
Section 5.6.2, "Enabling a Virtual IP Address on a Existing Network Interface"
Virtual IP Addresses are required for failover of the WebLogic Administration Server, regardless of whether other Oracle Fusion Middleware components are installed later or not.
You associate the Administration Server with a virtual IP address. This allows the Administration Server to be started on a different host if the primary host fails.
Check that the virtual host is enabled as follows:
Table 5-2 Virtual Hosts for Domain
VIP | Enabled on Host (Distributed) | Enabled on Host (Consolidated) |
---|---|---|
IADADMINVHN.mycompany.com |
OAMHOST1 |
IAMHOST1 |
IGDADMINVHN.mycompany.com |
OIMHOST1 |
IAMHOST1 |
OIMHOST1VHN.mycompany.com |
OIMHOST1 |
IAMHOST1 |
OIMHOST2VHN.mycompany.com |
OIMHOST2 |
IAMHOST2 |
SOAHOST1VHN.mycompany.com |
OIMHOST1 |
IAMHOST1 |
SOAHOST2VHN.mycompany.com |
OIMHOST2 |
IAMHOST2 |
Note:
This is the DNS name associated with the floating IP address. It is not the DNS name of the virtual host configured on the load balancer.
To enable only the physical IP addresses listed in Table 5-2, on IAMHOST1 and IAMHOST2:
Use the ifconfig
command to create the virtual IP address:
ifconfig subinterface virtual_ip_address netmask netmask_value
For example, on IAMHOST1, enter the following:
ifconfig bond0:1 192.168.20.3 netmask 255.255.240.0
For each virtual IP address you define, update the ARP caches using the following command:
arping -b -A -c 3 -I bond0 192.168.20.3
As shown in Chapter 4, "Preparing Storage for an Enterprise Deployment," you must make shared storage available to each host that will use it.
Mount shared storage as follows:
Table 5-3 Mounting Shared Storage
Topology | Volume | Mount Point | Mounted on Hosts | Directory Tier | Temporary |
---|---|---|---|---|---|
Consolidated |
|
|
IAMHOST1 IAMHOST2 |
No |
|
|
|
IAMHOST1 IAMHOST2 LDAPHOST1 LDAPHOST2 |
N/A |
No |
|
|
|
WEBHOST1 WEBHOST2 IAMHOST1 IAMHOST2 |
N/A |
Yes |
|
Distributed |
|
|
OAMHOST1 OAMHOST2 OIMHOST1 OIMHOST2 |
No |
|
|
|
LDAPHOST1 LDAPHOST2 |
No |
||
|
|
OAMHOST1 OAMHOST2 OIMHOST1 OIMHOST2 |
N/A |
No |
|
|
|
WEBHOST1 WEBHOST2 OAMHOST1 OAMHOST2 OIMHOST1 OIMHOST2 LDAPHOST1 LDAPHOST2 |
N/A |
Yes |
Note the following points:
Each host must have appropriate privileges set within the NAS or SAN so that it can write to the shared storage.
Temporary mounts are only required during provisioning and patching.
If your directory tier is placed into a dedicated zone, you must share the ORACLE_BASE
between the two directory hosts in a distributed topology.
If WEBHOST1 and WEBHOST2 are in the DMZ, ORACLE_BASE
is not shared between those two hosts.
Follow the best practices of your organization for mounting shared storage. This section provides an example of how to do this on UNIX or Linux using NFS storage.
Note:
The user ID used to create a shared storage file system owns and has read, write, and execute privileges for those files. Other users in the operating system group can read and execute the files, but they do not have write privileges. For more information about installation and configuration privileges, see the "Understanding Installation and Configuration Privileges and Users" section in the Oracle Fusion Middleware Installation Planning Guide.
You must create and mount shared storage locations so that each application tier host can see the same location for the binary installation.
You use the following command to mount shared storage from a NAS storage device to a linux host. If you are using a different type of storage device or operating system, refer to your manufacturer documentation for information about how to do this.
To mount shared storage on a host, use a command similar to the following:
mount -t nfs nasfiler:volume mountpoint
For example:
mount -t nfs nasfiler:VOL1/OracleIAM /u01/oracle
Where nasfiler
is the name of the shared storage device.
Using the mount
command as described mounts the shared storage until the host is rebooted. Once rebooted, the storage must be remounted to the host.
To ensure that storage is made available following a host reboot, place an entry into the file /etc/fstab
which looks like the following:
nasfiler:VOL1/OracleIAM /u01/oracle nfs auto,rw,bg,hard,nointr,proto=tcp,vers=3,timeo=300,rsize=32768,wsize=32768
Note:
The shared storage can be a NAS or SAN device. The following illustrates an example of creating storage for a NAS device from OAMHOST1. The options may differ depending on the specific storage device.
mount -t nfs -o rw,bg,hard,nointr,proto=tcp,vers=3,timeo=300,rsize=32768,wsize=32768 nasfiler:VOL1/OracleIAM /u01/oracle
Contact your storage vendor and machine administrator for the correct options for your environment.
Ensure that you can read and write files to the newly mounted directories by creating a test file in the shared storage location you just configured.
For example:
cd /u01/oracle/products touch testfile
Verify that the owner and permissions are correct:
ls -l testfile
Then remove the file:
rm testfile
Create the following users and groups either locally or in your NIS or LDAP server. This user is the Oracle Software Owner.
The instructions below are for creating the users locally. Refer to your NIS documentation for information about creating these users/groups in your NIS server.
Groups
You must create the following groups on each node.
oinstall
dba
To create the groups, use the following command as root:
groupadd groupname
For example
groupadd -g 500 oinstall groupadd -g 501 dba
Users
You must create the following users on each node.
oracle
–The owner of the Oracle software. You may use a different name. The primary group for this account must be oinstall
. The account must also be in the dba
group.
Notes:
The group oinstall
must have write privileges to all the file systems on shared and local storage that are used by the Oracle software.
Each group must have the same Group ID on every node.
Each user must have the same User ID on every node.
The user and group should exists at the NIS server due to the NFSv4 mount requirement.
To create users use the following command as root:
useradd -g primary group -G optional groups -u userid username
For example:
useradd -g oinstall -G dba -u 500 oracle