This chapter provides instructions for installing RSB. The complete installation of RSB can be broadly divided into 4 phases:
Download
Configuration
Compilation
Deployment
Note: If there is an existing WebLogic installation on the server, you must upgrade to WebLogic 10.3.6. All middleware components associated with WebLogic server should be upgraded to 11.1.1.7.Back up the weblogic.policy file ($WLS_HOME/wlserver_10.3/server/lib) before upgrading your WebLogic server, because this file could be overwritten. Copy over the weblogic.policy backup file after the WebLogic upgrade is finished and the post patching installation steps are completed. |
The following sections describe the process of installing the RSB product.
In this phase, you have to download all the necessary archive files.
Download RsbKernel14.1.1ForAll14.x.xApps_eng_ga.zip
to a directory in Linux/Unix. The rsb-home will be created inside this directory. Extract the archive file.
unzip RsbKernel14.1.1ForAll14.x.xApps_eng_ga.zip
RsbAppServiceDecoratorPak<rsb_major_version>For<app><app_version>
_eng_ga.zip
to rsb
-home/download-home/all-app-service-decorator
directory. Do not extract the files.RsbServiceIntegrationFlowPak<rsb_major_version>For<service-name>_eng_ga.zip
to rsb
-home/download-home/all-functional-service-int-flow
directory. Do not extract the files.IntegrationGuide
<rsb_major_version>ForAll14.x.xApps_eng_ga.zip
to rsb-home/download-home/integration-guide
directory. Do not extract the files.
RsbAdministrationApp<rsb_major_version>ForAll14.x.xApps_eng_ga.zip
to rsb
-home/download-home/admin-app
directory. Do not extract the files.For example:
export JAVA_HOME=/usr/bin/java/1.7.0
check-version-and-unpack.sh
Note: Please run the command uname -n and make sure that the output matches exactly with hostname of the machine. This is important since hostname is a part of the names of many internal configuration attributes. |
Edit rsb-home/deployment-home/conf/rsb-deployment-env-info.properties to configure the following properties:
JAVA_HOME
rsb-deployment-env-info.service-provider-app-in-scope-for-integration
rsb-deployment-env-info.service-requester-app-in-scope-for-integration
rsb-osb-container.domain-name
rsb-osb-container.<domain-name>.home
rsb-osb-container.<domain-name>.cluster-name
rsb-osb-container.<domain-name>.<cluster-name>.http-url (Cluster port is the port of http proxy server )
rsb-osb-container.<domain-name>.admin-server-http-url
rsb-osb-container.<domain-name>.admin-server-connection-url
rsb-osb-container.<domain-name>.<cluster-name>.managed-servers: It is a comma-separated list of managed servers in the cluster, excluding the http proxy managed server.
rsb-osb-container.<domain-name>.<cluster-name>.<managed-server>.managed-server-connection-url: Repeat this property for all the managed servers in the cluster.
service-infrastructure-db.jdbc-url
edge-app-container.<app>.connection-url: The host:port of the edge-application.
global.app-service-end-point-url-pattern: The pattern of edge service URLs. (Note: This is different if the service is hosted on glassfish Vs WebLogic 12c)
rib.home.path: It is an optional field, to be given only if a valid rib-home is present.
Following table lists the various properties and their example values:
Property | Value (Illustration) |
JAVA_HOME | /usr/java/jdk1.7.0_51 |
rsb-osb-container.domain-name | rsb_domain |
rsb-osb-container.<domain>.home | rsb-osb-container.rsb-domain.home =/u00/rsb/Oracle/Middleware/user_projects/do mains/rsb_domain |
rsb-osb-container.<domain>.cluster-name | rsb-osb-container.rsb_domain.cluster-name=rsb_cluster |
rsb-osb-container.<domain>.<cluster name>.http-url
(Cluster port is the port of http proxy server ) |
rsb-osb-container.rsb_domain.rsb_cluster.http-url=http://rsbhost:7004 |
rsb-osb-container.<domain>.admin-server-http-url | rsb-osb-container.rsb_domain.admin-server-http-url=http://rsbhost:7001 |
rsb-osb-container.<domain>.admin-server-connection-url | rsb-osb-container.rsb_domain.admin-server-connection-url=t3://rsbhost:7001 |
rsb-osb-container.<domain>.<cluster name>.managed-servers
(Comma separated list of managed servers in the cluster, excluding the http proxy managed server) |
rsb-osb-container.rsb_domain.rsb_cluster.managed-servers=rsb_server1,rsb_server2 |
rsb-osb-container.<domain>.<cluster name>.<managed server>.managed-server-connection-url
(Repeat this property for all the managed servers in the cluster) |
rsb-osb-container.rsb_domain.rsb_cluster.rsb_server1.managed-server-connection-url=t3://rsbhost:7002 |
service-infrastructure-db.jdbc-url | jdbc:oracle:thin:@rsbhost:1521:rra1 |
edge-app-container.<app>.connection-url
(the host:port of the edge application) |
edge-app-container.sim.connection-url=t3://rsbhost:8080 |
global.app-service-end-point-url-pattern
(The pattern of edge service URLs. Note: This is different if the service is hosted on glassfish Vs WebLogic) |
http://<HTTP_HOSTNAME>:<HTTP_PORT>/<SERVICE_NAME>Service/<SERVICE_NAME>Bean |
rib.home.path
(optional) |
rib1@ribhost:/u00/rib1/rib2/Rib1400ForAll14xxApps/rib-home |
Additional steps for Policy A configuration
If RSB is configured with Security Policy A, perform the following additional steps:
Property configuration in rsb
-deployment-env-info.properties
:
rsb-osb-container.<domain>.<cluster>.https-url: The property provides the HTTPS URL of the http proxy managed server.
Override the <decorator>.app-service-end-point-url to use https protocol and SSL port. This can be done at global level OR app level too, but it is recommended to test single service end to end with SSL first during initial stabilization.
Following table lists the various properties and their example values:
Property | Value (Illustration) |
rsb-osb-container.rsb_domain.rsb_cluster.https-url | rsb-osb-container.rsb_domain.rsb_cluster.http-url=https://rsbhost:7104 |
<decorator>.app-service-end-point-url
oms-AdvancedShipmentNotification-AppServiceDecorator.app-service-end-point-url |
https://rsbhost:7102/AdvancedShipmentNotificationBean/AdvancedShipmentNotificationService |
Security Configuration: Download edge app service WSDL files.
cd rsb-home/service-assembly-home/bin download-app-service-wsdl.sh
Create Policy Mapping File: Create security policy mapping file.
generate-rsb-decorator-security-config.sh
Additional steps for Policy B configuration
If RSB is configured with Policy B, perform the following additional steps:
Security Configuration: Download edge app web service WSDL files.
cd rsb-home/service-assembly-home/bin download-app-service-wsdl.sh
Create Policy Mapping File: Create security policy mapping file.
generate-rsb-decorator-security-config.sh
Setup Security Credentials: Setup security credentials for Message Protection.
setup-message-protection-security-credentials.sh
Setup security credentials and compile:
cd rsb-home/service-assembly-home/bin rsb-compiler.sh-setup-security-credential
During the compilation step, credentials need to be provided for the following aliases.
sidb-jdbc-user-alias
admin-server-user-alias
rsb-admin-user-alias
Example:
Alias Name | Value (Illustration) |
sidb-jdbc-user-alias | <soainfra schema> |
admin-server-user-alias | <weblogic user> |
rsb-admin-user-alias | <rsb user> |
The -setup-security-credential option creates or updates the wallet file in deployment-home/conf/security folder. The wallet file contains userids and passwords in encrypted form. However it is possible to decrypt the information programmatically by anyone who has access to this file. Hence it is a good idea to lock down this folder from unauthorized users. You may use the following command to remove read access to this folder:
chmod 700 rsb-home/deployment-home/conf/security
Note: If the security credentials are already setup for the above aliases (in a previous compilation attempt), compilation can be directly carried out as follows: |
cd rsb-home/service-assembly-home/bin
rsb-compiler.sh
Start Admin Server, Proxy Server and Managed servers:
cd <domainHome>/bin startManagedWebLogic.sh <managed server><AdminServer URL>
For example:
startManagedWebLogic.sh "qa_test_managedServer_1" "http://rsbhost:17001"
Prepare instrumentation configurations for WebLogic server.
cd rsb-home/deployment-home/bin rsb-deployer.sh -prepare-wls
If RSB is configured with Policy B, perform the following steps before proceeding further. For unsecured configuration or RSB configuration with Policy A, move directly to Step b.
Copy Script: Copy security scripts to RSB server.
cd rsb-home/integration-lib/rsb-tools/scripts scp generate-pki-certificate-keystore-for-osb.sh <user>@<host>:/<domainHome>/config/ scp import-remote-server-public-key-certificate-into-keystore.sh <user>@<host>:/<domainHome>/config/ scp export-server-public-key-certificate-from-keystore.sh <user>@<host>:/<domainHome>/config/
Generate Certs and Key store: Generate private key, public key and key store for the RSB server (To be done in the RSB server).
<domainHome>/bin/setDomainEnv.sh
(This command must be run in the current shell. Prefix the command with a period and a space character)
cd <domainHome>/config generate-pki-certificate-keystore-for-osb.sh
You will be asked for a keystore password and private key password. Please note the passwords. You will have to provide the same passwords in subsequent steps.
Note: If you are getting the certificate from a CA, do not run the above command. Instead, create a keystore with the name<hostname>-keystore.jks where hostname is the short hostname of the server (output of hostname -s command) and then import the certificate and key (public key and private key) to the key store. You may use the following command to import to the keystore. |
java utils.ImportPrivateKey -certfile <certificate file> -keyfile <private key file> -keyfilepass <private key password> -keystore <hostname>-keystore.jks -storepass <keystore password> -alias <hostname>-public-private-key-alias -keypass <private key password>
Copy app server certificate(s).
Copy edge app certificate file(s) to <wlsHome>/config of the RSB server. The file name must be <remote-host>-certificate.der.
Note: See RSB Security Guide for instructions to export certificate from edge app server.
Import app server certificate(s):
Import all the edge app server public key certificates to RSB server's keystore. If the edge apps are deployed in different servers, import all the certificates to the keystore (To be done in the RSB server):
cd <domainHome>/config import-remote-server-public-key-certificate-into-keystore.sh <app> <remote-host>
For example:
import-remote-server-public-key-certificate-into-keystore.sh cm <hostname>
For the keystore password, provide the password you specified in the step b.
Configure RSB Server: Configure the RSB server to use the key store generate in the previous steps.
cd rsb-home/deployment-home/bin configure-rsb-app-server-for-security-policy-b.sh
For the keystore password and private key password, provide the passwords you specified in the step ii.
Restart Servers: Restart Admin and Managed Servers.
Deploy all the decorators.
Deploy one decorator at a time.
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-rsb-service <OSB Project jar>
For example, rsb-deployer.sh -deploy-rsb-service igs-ASNInPublishing-AppServiceDecorator.jar
Deploy all the decorators of an app at a time.
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-all-rsb-service-for-app <appName>
For example, rsb-deployer.sh -deploy-all-rsb-service-for-app igs
Deploy all the decorators of all apps in scope at a time.
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-all-rsb-service
Deploy rib4oms injector service.
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-rsb-service RibOmsToRsbOmsRouting-ServicesIntegrationFlow.jar
Deploy RSB Admin app i.e. Retail Integration Console (RIC):
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-admin-app
If RSB policy B is configured, perform the following step else jump to Step 7:
Export Certificate: Copy the script from integration-lib. Export the certificate, so that it can be used by the service consumers. (To be done in the RSB server).
cd <wlsHome>/config
export-server-public-key-certificate-from-keystore.sh
Restart all the servers i.e. Admin Server, managed servers and proxy server.
Note: By default the maximum number of in-memory sessions for WebLogic web applications is unlimited. This setting can be misused by external attackers to create unlimited number of sessions by accessing the web application. In such cases it is possible that the WebLogic server run out of memory and eventually crash. So it is required to limit the number of sessions to a reasonable number (e.g., 100). The settings can be changed through the admin console of the WebLogic server. Follow the steps below to change this configuration setting:
|