9 Configuring the Host Computers for an Enterprise Deployment

This chapter describes how to prepare the hosts for an enterprise deployment.

It contains the following sections:

• Overview of Configuring the Hosts

• Verifying Your Host and Operating System

• Meeting the Minimum Hardware Requirements

• Meeting Operating System Requirements

• Enabling Unicode Support

• Setting the DNS Settings

• Configuring Users and Groups

• Configuring a Host to Use an NTP (time) Server

• Configuring a Host to Use an NIS/YP Host

• Enabling Virtual IP Addresses

• Mounting Shared Storage onto the Host

9.1 Overview of Configuring the Hosts

Before you deploy Oracle Fusion Middleware, you must set up the hosts you plan to use so that the Oracle software can work in an optimum fashion.

The settings described in this chapter are only a guide. After using your Oracle software, you should use operating system utilities to tune the configuration to ensure that you are maximizing the potential of your hosts.

In the context of Exalogic, the hosts are either compute nodes in physical Exalogic or vServers in virtual Exalogic.

9.2 Verifying Your Host and Operating System

Ensure that the host and operating system that you plan to use is a certified combination for the products you plan to use. Refer to the Oracle Fusion Middleware Supported System Configurations for details.

9.3 Meeting the Minimum Hardware Requirements

In order to use a host in an enterprise deployment, you must verify that it meets the minimum specification described in Section 5.1, "Hardware and Software Requirements for an Enterprise Deployment".

In addition, you must check the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management to ensure that you have the minimum specification to support the products you plan to deploy on your hosts.

If you are deploying to a virtual host environment, ensure that each of the virtual hosts meets the minimum requirements.

Ensure that you have sufficient local disk and that shared storage is configured as described in Chapter 7, "Preparing Storage for an Enterprise Deployment."

Allow sufficient swap and temporary space. Specifically:

• Swap Space–The system must have at least 512MB.

• Temporary Space–There must be a minimum of 2GB of free space in /tmp.

9.4 Meeting Operating System Requirements

Before performing Identity and Access Management Deployment, you must perform the following tasks:

1. Install a certified operating system.

2. Install all necessary patches and packages as listed in the Release Notes for Identity Management.

3. Review the Oracle Fusion Middleware System Requirements and Specifications and ensure that the Operating System requirements are met.

This section includes the following topics:

• Section 9.4.1, "Configuring Kernel Parameters."

• Section 9.4.2, "Setting the Open File Limit."

• Section 9.4.3, "Setting Shell Limits."

• Section 9.4.4, "Validating Local Hosts File."

• Section 9.4.5, "Increasing Huge Page Allocation for Exalogic Deployments."

9.4.1 Configuring Kernel Parameters

The kernel parameter and shell limit values shown below are recommended values only. For production systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information about tuning kernel parameters.

Kernel parameters must be set to a minimum of those below on all nodes in the topology.

The values in the following table are the current Linux recommendations. For the latest recommendations for Linux and other operating systems, see Oracle Fusion Middleware System Requirements and Specifications.

If you are deploying a database onto the host, you might need to modify additional kernel parameters. Refer to the 11g Release 2 Oracle Grid Infrastructure Installation Guide for your platform.

Table 9-1 UNIX Kernel Parameters

Parameter	Value
kernel.sem	256 32000 100 142
kernel.shmmax	2147483648 or higher

To set these parameters:

1. Log in as root and add or amend the entries in the file /etc/sysctl.conf. If the specified parameters do not exist in the file, then add the same.

2. Save the file.

3. Activate the changes by issuing the command:

   /sbin/sysctl -p
   

9.4.2 Setting the Open File Limit

On all UNIX operating systems, the minimum Open File Limit should be 4096.

Note:

The following examples are for Linux operating systems. Consult your operating system documentation to determine the commands to be used on your system.

You can see how many files are open with the following command:

/usr/sbin/lsof | wc -l

To check your open file limits, use the commands below.

C shell:

limit descriptors

Bash:

ulimit -n

9.4.3 Setting Shell Limits

Note:

If your limits are already set higher than these values, you do not need to change them.

Most Linux Versions

To change the shell limits, login as root and edit the /etc/security/limits.conf file.

Add the following lines:

* soft  nofile  150000
* hard  nofile  150000
* soft  nproc   4096
* hard  nproc   16384

Oracle Linux 6 and Red Hat Enterprise Linux 6 Only

To change the shell limits, login as root and edit the /etc/security/limits.conf file.

Add the following lines:

* soft  nofile  150000
* hard  nofile  150000

Also edit: /etc/security/limits.d/90-nproc.conf

Add the following lines:

* soft  nproc   4096
* hard  nproc   16384

For the most recent suggested values, see Oracle Fusion Middleware System Requirements and Specifications.

After editing the file, reboot the machine.

9.4.4 Validating Local Hosts File

Before you begin the installation of the Oracle software, ensure that your local /etc/hosts file is formatted like this:

IP_Address Fully_Qualified_Name Short_Name

For example:

192.168.30.1 oimhost1vhn1.example.com oimhost1vhn1

192.168.30.2 oimhost2vhn1.example.com oimhost2vhn1

192.168.30.3 oimhost1vhn2.example.com oimhost1vhn2

192.168.30.4 oimhost2vhn2.example.com oimhost2vhn2

192.168.30.5 oimhost1vhn3.example.com oimhost1vhn3

192.168.30.6 oimhost2vhn3.example.com oimhost2vhn3

192.168.50.1 idstore.example.com idstore

192.168.50.2 igdinternal.example.com igdinternal

192.168.10.1 iamhost1.example.com iamhost1

192.168.10.2 iamhost2.example.com iamhost2

192.168.10.1 webhost1.example.com webhost1

192.168.10.2 webhost2.example.com webhost2

The exact entries that appear in the /etc/hosts file is dependent on how you are resolving your names, be it local host or DNS. The importance of this step is to validate the format of any entries which do appear in the file.

9.4.5 Increasing Huge Page Allocation for Exalogic Deployments

By default, huge pages are enabled in Exalogic compute nodes. Verify the existing allocation by running.

grep Huge /proc/meminfo

Set the recommended Huge Page allocation to 25000.

To set the Huge Page allocation, run the following command as root in the compute node:

echo 25000  > /proc/sys/vm/nr_hugepages

9.5 Enabling Unicode Support

Your operating system configuration can influence the behavior of characters supported by Oracle Fusion Middleware products.

On UNIX operating systems, Oracle highly recommends that you enable Unicode support by setting the LANG environment variable to a locale with the UTF-8 character set. This enables the operating system to process any character in Unicode. Oracle SOA Suite technologies, for example, are based on Unicode.

Set the LANGUAGE environment variable as follows:

LANG=en_GB.UTF-8

If the operating system is configured to use a non-UTF-8 encoding, Oracle SOA Suite components may function in an unexpected way. For example, a non-ASCII file name might make the file inaccessible and cause an error. Oracle does not support problems caused by operating system constraints.

9.6 Setting the DNS Settings

Configure the host to access your corporate DNS hosts. To do this, update DNS settings by updating the file /etc/resolv.conf.

9.7 Configuring Users and Groups

Create the following groups and user either locally or in your NIS or LDAP server. This user is the Oracle Software Owner.

The instructions below are for creating the user locally. Refer to your NIS documentation for information about creating these groups and user in your NIS server.

Groups

You must create the following groups on each node.

• oinstall

• dba

To create the groups, use the following command as root:

groupadd groupname

For example

groupadd -g 500 oinstall
groupadd -g 501 dba

User

You must create the following user on each node.

• oracle–The owner of the Oracle software. You may use a different name. The primary group for this account must be oinstall. The account must also be in the dba group.

Notes:

• The group oinstall must have write privileges to all the file systems on shared and local storage that are used by the Oracle software.

• Each group must have the same Group ID on every node.

• Each user must have the same User ID on every node.

• The user and group should exists at the NIS server due to the NFSv4 mount requirement.

To create a local user, use the following command as root:

useradd -g primary group -G optional groups -u userid username

For example:

useradd -g oinstall -G dba -u 500 oracle

Note:

To create this user in NIS, refer to your NIS documentation.

9.8 Configuring a Host to Use an NTP (time) Server

All servers in the deployment must have the same time. The best way to achieve this is to use an NTP server. To configure a host to use an NTP server:

1. Determine the name of the NTP server(s) you wish to use. For security reasons, ensure that these are inside your organization.

2. Log in to the host as the root user.

3. Edit the file /etc/ntp.conf to include a list of the time servers. After editing, the file appears as follows:

   server ntphost1.example.com
   server ntphost2.example.com
   

4. Run the following command to synchronize the system clock to the NTP server:

   /usr/sbin/ntpdate ntpserver1.example.com
   /usr/sbin/ntpdate ntpserver2.example.com
   

5. Start the NTP client using the following command:

   service ntpd start
   

6. Validate that the time is set correctly using the date command.

7. To make sure that the server always uses the NTP server to synchronize the time. Set the client to start on reboot by using the following command:

   chkconfig ntpd on
   

9.9 Configuring a Host to Use an NIS/YP Host

If you are using NFS Version 4, configure a directory service or an NIS (Network Information Server). If your organization does not have one already, use the built-in one on the ZFS storage appliance. See Configuring NFS Version 4 (NFSv4) on Exalogic in the Oracle Fusion Middleware Exalogic Machine Owner's Guide for more information.

Once you have configured your NIS host, configure each compute node to use it. Before beginning, determine the host names of the NIS servers you are going to use.

1. Login to the host as root.

2. Edit the /etc/idmapd.conf configuration file:

   vi /etc/idmapd.conf
   

   Set the domain value, as in the following example:

   Domain = example.com
   

3. Restart the rpcidmapd service:

   service rpcidmapd restart
   

4. Update the /etc/yp.conf configuration file, and set the correct domain value, as in the following example:

   vi /etc/yp.conf
   

   Add the following line:

   domain example.com server NIS_Server_hostname_or_IP
   

   Where example.com is the example domain and NIS_Server_hostname_or_IP is the host name or IP address of the NIS host. You must replace these sample values with values appropriate for your environment.

5. Set NIS domain name on the command line:

   domainname NIS_DOMAIN_NAME
   

   For example:

   domainname nisdomain.example.com
   

6. Edit the /etc/nsswitch.conf configuration file:

   vi /etc/nsswitch.conf
   

   Change the following entries:

    passwd:     files nis
    shadow:     files nis
    group:      files nis
    automount:  files nis nisplus
    aliases:    files nis nisplus
   

7. Restart the rpcidmapd service:

   service rpcidmapd restart
   

8. Restart the ypbind service by running the following command:

   service ypbind restart
   

9. Check the yp service by running this command:

   ypwhich
   

10. Verify if you can access Oracle user accounts:

    ypcat passwd
    

11. Add ypbind to your boot sequence, so that it starts automatically after rebooting.

    chkconfig ypbind on
    

9.10 Enabling Virtual IP Addresses

The enterprise deployment requires that certain hosts, such as those running the WebLogic Administration Server or SOA managed servers, use virtual IP addresses. You must enable the appropriate IP address on each host.

This section includes the following topics:

• Section 9.10.1, "Summary of the Required Virtual IP Addresses"

• Section 9.10.2, "Enabling a Virtual IP Address on a Network Interface"

• Section 9.10.3, "Verifying the Required Virtual IP Addresses on the Network"

9.10.1 Summary of the Required Virtual IP Addresses

Virtual IP Addresses are required for failover of the WebLogic Administration Server, regardless of whether other Oracle Fusion Middleware components are installed later or not.

You associate the Administration Server with a virtual IP address. This allows the Administration Server to be started on a different host if the primary host fails.

Check that the virtual host is enabled as follows:

Table 9-2 Logical Virtual IP Addresses Associated with IPoIB Network interfaces

VIP Values	Enabled on Host (Distributed)	Enabled on Host (Consolidated)
IADADMINVHN.example.com	OAMHOST1	IAMHOST1
IGDADMINVHN.example.com	OIMHOST1	IAMHOST2
OIMHOST1VHN1.example.com	OIMHOST1	IAMHOST1
OIMHOST1VHN2.example.com	OIMHOST1	IAMHOST1
OIMHOST1VHN3.example.com	OIMHOST1	IAMHOST1
OIMHOST2VHN1.example.com	OIMHOST2	IAMHOST2
OIMHOST2VHN2.example.com	OIMHOST2	IAMHOST2
OIMHOST2VHN3.example.com	OIMHOST2	IAMHOST2

Note:

Use The Distributed values for Exalogic Virtual.

Use the Consolidated values for Exalogic Physical.

9.10.2 Enabling a Virtual IP Address on a Network Interface

This section describes how to enable a virtual IP address on a network interface. The procedure varies, depending on whether you are using Oracle Enterprise Linux 5 or Oracle Enterprise Linux 6.

Oracle Enterprise Linux 5

If you are using Oracle Enterprise Linux 5, complete the following steps to enable the virtual IP addresses listed in Table 9-2:

1. Use the ifconfig command to create the virtual IP address:

   ifconfig subinterface virtual_ip_address netmask netmask_value
   

   For example, to enable the IP address 192.168.20.3, net mask 255.255.240 on network card bond0, use the following command:

   ifconfig bond0:1 192.168.20.3 netmask 255.255.240.0
   

   Note:

   The example in this section is applicable for both physical and virtual Exalogic deployments.

2. For each virtual IP address you define, update the ARP caches using the following command:

   arping -b -A -c 3 -I bond0 192.168.20.3
   

   This command does not return a response. The section Section 9.10.3, "Verifying the Required Virtual IP Addresses on the Network" describes how to verify if the commands have worked.

Oracle Enterprise Linux 6 or Later

Starting with Oracle Enterprise Linux 6, the ifconfig command is deprecated and is replaced with the ip command. To enable the virtual IP addresses listed in Table 9-2 on Oracle Enterprise Linux 6 or later, complete the following steps:

1. Determine the CIDR notation of the netmask. Each Netmask has a CIDR notation. For example, 255.255.240.0 has a CIDR of 20.

   If the netmask you are adding is the same as the interface, the fastest way to determine this is to examine the existing IP address assigned to the network card. You can do this using the following command:

   ip addr show dev bond0

   The following is a sample output:

   2: bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
   link/ether 00:21:f6:03:85:9f brd ff:ff:ff:ff:ff:ff
   int 192.168.20.1/20 brd 10.248.11.255 scope global bond0
   

   In this example, the CIDR value is the value after /, that is, 20. If you are unsure of the CIDR value, contact your network administrator.

2. Add the IP address 192.168.20.3, net mask 255.255.240 (CIDR20) on network card bond0 using the following command:

   ip addr add 192.168.20.3/20 dev bond0:1

3. For each of the virtual IP addresses you define, update the ARP caches using the following command:

   arping -b -A -c 3 -I bond0 192.168.20.3

Note:

Due to a known issue in the ifconfig utility, during server migration, all VIPs are dropped from the network interface on the machine the WebLogic Managed Server is migrated from. This happens when the VIP is enabled on :0 of the network interface. To workaround the issue, enable the VIPs on the network interface starting with :1.

9.10.3 Verifying the Required Virtual IP Addresses on the Network

Check that each node can communicate with each other node using both physical and virtual host names for example:

ping IADADMINVHN.example.com
ping IGDADMINVHN.example.com
ping OIMHOST1VHN1.example.com
ping OIMHOST1VHN2.example.com
ping OIMHOST1VHN3.example.com
ping OIMHOST2VHN1.example.com
ping OIMHOST2VHN2.example.com
ping OIMHOST2VHN3.example.com

9.11 Mounting Shared Storage onto the Host

As shown in Chapter 7, "Preparing Storage for an Enterprise Deployment," you must make shared storage available to each host that will use it.

This section includes the following topics:

• Section 9.11.1, "Mounting Shared Storage"

• Section 9.11.2, "Validating the Shared Storage Configuration"

9.11.1 Mounting Shared Storage

You must create and mount shared storage locations so that each application tier host can see the same location for the binary installation.

Note:

The shared storage can be a NAS or SAN device. The following illustrates an example of creating storage for a NAS device from OAMHOST1. The options may differ depending on the specific storage device.

mount -t nfs -o rw,bg,hard,nointr,proto=tcp,vers=3,timeo=300,rsize=32768,wsize=32768 nasfiler:VOL1/OracleIAM /u01/oracle

Contact your storage vendor and machine administrator for the correct options for your environment.

You use the following command to mount shared storage from a NAS storage device to a Linux host. If you are using a different type of storage device or operating system, refer to your manufacturer documentation for information about how to do this.

To mount shared storage on a host, use a command similar to the following:

mount -t nfs nasfiler:volume mountpoint

For example:

mount -t nfs nasfiler:/export/IAM/binaries  /u01/oracle/products

Where nasfiler is the name of the shared storage device.

Using the mount command as described mounts the shared storage until the host is rebooted. Once rebooted, the storage must be remounted to the host.

To ensure that the storage is made available following a host reboot, place an entry into the file /etc/fstab which looks like the following:

For NFS 3:

nasfiler:VOL1/OracleIAM /u01/oracle nfs auto,rw,bg,hard,nointr,proto=tcp,vers=3,timeo=300,noaci,rsize=32768,wsize=32768

For NFS 4:

nasfiler:VOL1/OracleIAM /u01/oracle nfs4 rw,bg,hard,nointr,timeo=300,noaci,rsize=131072,wsize=131072,proto=tcp

9.11.2 Validating the Shared Storage Configuration

Ensure that you can read and write files to the newly mounted directories by creating a test file in the shared storage location you just configured.

For example:

cd /u01/oracle/products
touch testfile

Verify that the owner and permissions are correct:

ls -l testfile

Then remove the file:

rm testfile