This chapter describes how to prepare the hosts for an enterprise deployment.
It contains the following sections:
Before you deploy Oracle Fusion Middleware, you must set up the hosts you plan to use so that the Oracle software can work in an optimum fashion.
The settings described in this chapter are only a guide. After using your Oracle software, you should use operating system utilities to tune the configuration to ensure that you are maximizing the potential of your hosts.
In the context of Exalogic, the hosts are either compute nodes in physical Exalogic or vServers in virtual Exalogic.
Ensure that the host and operating system that you plan to use is a certified combination for the products you plan to use. Refer to the Oracle Fusion Middleware Supported System Configurations for details.
In order to use a host in an enterprise deployment, you must verify that it meets the minimum specification described in Section 5.1, "Hardware and Software Requirements for an Enterprise Deployment".
In addition, you must check the Oracle Fusion Middleware System Requirements and Specifications for Oracle Identity and Access Management to ensure that you have the minimum specification to support the products you plan to deploy on your hosts.
If you are deploying to a virtual host environment, ensure that each of the virtual hosts meets the minimum requirements.
Ensure that you have sufficient local disk and that shared storage is configured as described in Chapter 7, "Preparing Storage for an Enterprise Deployment."
Allow sufficient swap and temporary space. Specifically:
Swap Space–The system must have at least 512MB.
Temporary Space–There must be a minimum of 2GB of free space in /tmp
.
Before performing Identity and Access Management Deployment, you must perform the following tasks:
Install a certified operating system.
Install all necessary patches and packages as listed in the Release Notes for Identity Management.
Review the Oracle Fusion Middleware System Requirements and Specifications and ensure that the Operating System requirements are met.
This section includes the following topics:
The kernel parameter and shell limit values shown below are recommended values only. For production systems, Oracle recommends that you tune these values to optimize the performance of the system. See your operating system documentation for more information about tuning kernel parameters.
Kernel parameters must be set to a minimum of those below on all nodes in the topology.
The values in the following table are the current Linux recommendations. For the latest recommendations for Linux and other operating systems, see Oracle Fusion Middleware System Requirements and Specifications.
If you are deploying a database onto the host, you might need to modify additional kernel parameters. Refer to the 11g Release 2 Oracle Grid Infrastructure Installation Guide for your platform.
Table 9-1 UNIX Kernel Parameters
Parameter | Value |
---|---|
kernel.sem |
256 32000 100 142 |
kernel.shmmax |
2147483648 or higher |
To set these parameters:
Log in as root
and add or amend the entries in the file /etc/sysctl.conf
. If the specified parameters do not exist in the file, then add the same.
Save the file.
Activate the changes by issuing the command:
/sbin/sysctl -p
On all UNIX operating systems, the minimum Open File Limit should be 4096.
Note:
The following examples are for Linux operating systems. Consult your operating system documentation to determine the commands to be used on your system.You can see how many files are open with the following command:
/usr/sbin/lsof | wc -l
To check your open file limits, use the commands below.
C shell:
limit descriptors
Bash:
ulimit -n
Note:
If your limits are already set higher than these values, you do not need to change them.To change the shell limits, login as root
and edit the /etc/security/limits.conf
file.
Add the following lines:
* soft nofile 150000 * hard nofile 150000 * soft nproc 4096 * hard nproc 16384
Oracle Linux 6 and Red Hat Enterprise Linux 6 Only
To change the shell limits, login as root
and edit the /etc/security/limits.conf
file.
Add the following lines:
* soft nofile 150000 * hard nofile 150000
Also edit: /etc/security/limits.d/90-nproc.conf
Add the following lines:
* soft nproc 4096 * hard nproc 16384
For the most recent suggested values, see Oracle Fusion Middleware System Requirements and Specifications.
After editing the file, reboot the machine.
Before you begin the installation of the Oracle software, ensure that your local /etc/hosts
file is formatted like this:
IP_Address
Fully_Qualified_Name
Short_Name
For example:
192.168.30.1 oimhost1vhn1.example.com oimhost1vhn1 192.168.30.2 oimhost2vhn1.example.com oimhost2vhn1 192.168.30.3 oimhost1vhn2.example.com oimhost1vhn2 192.168.30.4 oimhost2vhn2.example.com oimhost2vhn2 192.168.30.5 oimhost1vhn3.example.com oimhost1vhn3 192.168.30.6 oimhost2vhn3.example.com oimhost2vhn3 192.168.50.1 idstore.example.com idstore 192.168.50.2 igdinternal.example.com igdinternal 192.168.10.1 iamhost1.example.com iamhost1 192.168.10.2 iamhost2.example.com iamhost2 192.168.10.1 webhost1.example.com webhost1 192.168.10.2 webhost2.example.com webhost2
The exact entries that appear in the /etc/hosts
file is dependent on how you are resolving your names, be it local host or DNS. The importance of this step is to validate the format of any entries which do appear in the file.
By default, huge pages are enabled in Exalogic compute nodes. Verify the existing allocation by running.
grep Huge /proc/meminfo
Set the recommended Huge Page allocation to 25000
.
To set the Huge Page allocation, run the following command as root in the compute node:
echo 25000 > /proc/sys/vm/nr_hugepages
Your operating system configuration can influence the behavior of characters supported by Oracle Fusion Middleware products.
On UNIX operating systems, Oracle highly recommends that you enable Unicode support by setting the LANG
environment variable to a locale with the UTF-8 character set. This enables the operating system to process any character in Unicode. Oracle SOA Suite technologies, for example, are based on Unicode.
Set the LANGUAGE environment variable as follows:
LANG=en_GB.UTF-8
If the operating system is configured to use a non-UTF-8 encoding, Oracle SOA Suite components may function in an unexpected way. For example, a non-ASCII file name might make the file inaccessible and cause an error. Oracle does not support problems caused by operating system constraints.
Configure the host to access your corporate DNS hosts. To do this, update DNS settings by updating the file /etc/resolv.conf
.
Create the following groups and user either locally or in your NIS or LDAP server. This user is the Oracle Software Owner.
The instructions below are for creating the user locally. Refer to your NIS documentation for information about creating these groups and user in your NIS server.
Groups
You must create the following groups on each node.
oinstall
dba
To create the groups, use the following command as root:
groupadd groupname
For example
groupadd -g 500 oinstall groupadd -g 501 dba
User
You must create the following user on each node.
oracle
–The owner of the Oracle software. You may use a different name. The primary group for this account must be oinstall
. The account must also be in the dba
group.
Notes:
The group oinstall
must have write privileges to all the file systems on shared and local storage that are used by the Oracle software.
Each group must have the same Group ID on every node.
Each user must have the same User ID on every node.
The user and group should exists at the NIS server due to the NFSv4 mount requirement.
To create a local user, use the following command as root
:
useradd -g primary group -G optional groups -u userid username
For example:
useradd -g oinstall -G dba -u 500 oracle
Note:
To create this user in NIS, refer to your NIS documentation.All servers in the deployment must have the same time. The best way to achieve this is to use an NTP server. To configure a host to use an NTP server:
Determine the name of the NTP server(s) you wish to use. For security reasons, ensure that these are inside your organization.
Log in to the host as the root user.
Edit the file /etc/ntp.conf
to include a list of the time servers. After editing, the file appears as follows:
server ntphost1.example.com server ntphost2.example.com
Run the following command to synchronize the system clock to the NTP server:
/usr/sbin/ntpdate ntpserver1.example.com /usr/sbin/ntpdate ntpserver2.example.com
Start the NTP client using the following command:
service ntpd start
Validate that the time is set correctly using the date command.
To make sure that the server always uses the NTP server to synchronize the time. Set the client to start on reboot by using the following command:
chkconfig ntpd on
If you are using NFS Version 4, configure a directory service or an NIS (Network Information Server). If your organization does not have one already, use the built-in one on the ZFS storage appliance. See Configuring NFS Version 4 (NFSv4) on Exalogic in the Oracle Fusion Middleware Exalogic Machine Owner's Guide for more information.
Once you have configured your NIS host, configure each compute node to use it. Before beginning, determine the host names of the NIS servers you are going to use.
Login to the host as root.
Edit the /etc/idmapd.conf
configuration file:
vi /etc/idmapd.conf
Set the domain value, as in the following example:
Domain = example.com
Restart the rpcidmapd
service:
service rpcidmapd restart
Update the /etc/yp.conf
configuration file, and set the correct domain value, as in the following example:
vi /etc/yp.conf
Add the following line:
domain example.com server NIS_Server_hostname_or_IP
Where example.com
is the example domain and NIS_Server_hostname_or_IP is the host name or IP address of the NIS host. You must replace these sample values with values appropriate for your environment.
Set NIS domain name on the command line:
domainname NIS_DOMAIN_NAME
For example:
domainname nisdomain.example.com
Edit the /etc/nsswitch.conf
configuration file:
vi /etc/nsswitch.conf
Change the following entries:
passwd: files nis shadow: files nis group: files nis automount: files nis nisplus aliases: files nis nisplus
Restart the rpcidmapd
service:
service rpcidmapd restart
Restart the ypbind
service by running the following command:
service ypbind restart
Check the yp
service by running this command:
ypwhich
Verify if you can access Oracle user accounts:
ypcat passwd
Add ypbind
to your boot sequence, so that it starts automatically after rebooting.
chkconfig ypbind on
The enterprise deployment requires that certain hosts, such as those running the WebLogic Administration Server or SOA managed servers, use virtual IP addresses. You must enable the appropriate IP address on each host.
This section includes the following topics:
Section 9.10.1, "Summary of the Required Virtual IP Addresses"
Section 9.10.2, "Enabling a Virtual IP Address on a Network Interface"
Section 9.10.3, "Verifying the Required Virtual IP Addresses on the Network"
Virtual IP Addresses are required for failover of the WebLogic Administration Server, regardless of whether other Oracle Fusion Middleware components are installed later or not.
You associate the Administration Server with a virtual IP address. This allows the Administration Server to be started on a different host if the primary host fails.
Check that the virtual host is enabled as follows:
Table 9-2 Logical Virtual IP Addresses Associated with IPoIB Network interfaces
VIP Values | Enabled on Host (Distributed) | Enabled on Host (Consolidated) |
---|---|---|
IADADMINVHN.example.com |
OAMHOST1 |
IAMHOST1 |
IGDADMINVHN.example.com |
OIMHOST1 |
IAMHOST2 |
OIMHOST1VHN1.example.com |
OIMHOST1 |
IAMHOST1 |
OIMHOST1VHN2.example.com |
OIMHOST1 |
IAMHOST1 |
OIMHOST1VHN3.example.com |
OIMHOST1 |
IAMHOST1 |
OIMHOST2VHN1.example.com |
OIMHOST2 |
IAMHOST2 |
OIMHOST2VHN2.example.com |
OIMHOST2 |
IAMHOST2 |
OIMHOST2VHN3.example.com |
OIMHOST2 |
IAMHOST2 |
Note:
Use The Distributed values for Exalogic Virtual.Use the Consolidated values for Exalogic Physical.
This section describes how to enable a virtual IP address on a network interface. The procedure varies, depending on whether you are using Oracle Enterprise Linux 5 or Oracle Enterprise Linux 6.
If you are using Oracle Enterprise Linux 5, complete the following steps to enable the virtual IP addresses listed in Table 9-2:
Use the ifconfig
command to create the virtual IP address:
ifconfig subinterface virtual_ip_address netmask netmask_value
For example, to enable the IP address 192.168.20.3, net mask 255.255.240 on network card bond0, use the following command:
ifconfig bond0:1 192.168.20.3 netmask 255.255.240.0
Note:
The example in this section is applicable for both physical and virtual Exalogic deployments.For each virtual IP address you define, update the ARP caches using the following command:
arping -b -A -c 3 -I bond0 192.168.20.3
This command does not return a response. The section Section 9.10.3, "Verifying the Required Virtual IP Addresses on the Network" describes how to verify if the commands have worked.
Oracle Enterprise Linux 6 or Later
Starting with Oracle Enterprise Linux 6, the ifconfig
command is deprecated and is replaced with the ip
command. To enable the virtual IP addresses listed in Table 9-2 on Oracle Enterprise Linux 6 or later, complete the following steps:
Determine the CIDR notation of the netmask. Each Netmask has a CIDR notation. For example, 255.255.240.0
has a CIDR of 20
.
If the netmask you are adding is the same as the interface, the fastest way to determine this is to examine the existing IP address assigned to the network card. You can do this using the following command:
ip addr show dev bond0
The following is a sample output:
2: bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:21:f6:03:85:9f brd ff:ff:ff:ff:ff:ff int 192.168.20.1/20 brd 10.248.11.255 scope global bond0
In this example, the CIDR value is the value after /
, that is, 20
. If you are unsure of the CIDR value, contact your network administrator.
Add the IP address 192.168.20.3
, net mask 255.255.240
(CIDR20) on network card bond0
using the following command:
ip addr add 192.168.20.3/20 dev bond0:1
For each of the virtual IP addresses you define, update the ARP caches using the following command:
arping -b -A -c 3 -I bond0 192.168.20.3
Note:
Due to a known issue in theifconfig
utility, during server migration, all VIPs are dropped from the network interface on the machine the WebLogic Managed Server is migrated from. This happens when the VIP is enabled on :0
of the network interface. To workaround the issue, enable the VIPs on the network interface starting with :1
.Check that each node can communicate with each other node using both physical and virtual host names for example:
ping IADADMINVHN.example.com ping IGDADMINVHN.example.com ping OIMHOST1VHN1.example.com ping OIMHOST1VHN2.example.com ping OIMHOST1VHN3.example.com ping OIMHOST2VHN1.example.com ping OIMHOST2VHN2.example.com ping OIMHOST2VHN3.example.com
As shown in Chapter 7, "Preparing Storage for an Enterprise Deployment," you must make shared storage available to each host that will use it.
This section includes the following topics:
You must create and mount shared storage locations so that each application tier host can see the same location for the binary installation.
Note:
The shared storage can be a NAS or SAN device. The following illustrates an example of creating storage for a NAS device from OAMHOST1. The options may differ depending on the specific storage device.mount -t nfs -o rw,bg,hard,nointr,proto=tcp,vers=3,timeo=300,rsize=32768,wsize=32768 nasfiler:VOL1/OracleIAM /u01/oracle
Contact your storage vendor and machine administrator for the correct options for your environment.
You use the following command to mount shared storage from a NAS storage device to a Linux host. If you are using a different type of storage device or operating system, refer to your manufacturer documentation for information about how to do this.
To mount shared storage on a host, use a command similar to the following:
mount -t nfs nasfiler:volume mountpoint
For example:
mount -t nfs nasfiler:/export/IAM/binaries /u01/oracle/products
Where nasfiler
is the name of the shared storage device.
Using the mount
command as described mounts the shared storage until the host is rebooted. Once rebooted, the storage must be remounted to the host.
To ensure that the storage is made available following a host reboot, place an entry into the file /etc/fstab
which looks like the following:
For NFS 3:
nasfiler:VOL1/OracleIAM /u01/oracle nfs auto,rw,bg,hard,nointr,proto=tcp,vers=3,timeo=300,noaci,rsize=32768,wsize=32768
For NFS 4:
nasfiler:VOL1/OracleIAM /u01/oracle nfs4 rw,bg,hard,nointr,timeo=300,noaci,rsize=131072,wsize=131072,proto=tcp
Ensure that you can read and write files to the newly mounted directories by creating a test file in the shared storage location you just configured.
For example:
cd /u01/oracle/products touch testfile
Verify that the owner and permissions are correct:
ls -l testfile
Then remove the file:
rm testfile