Oracle® Retail Service Backbone Installation Guide Release 15.0.3.1 F37454-01 |
|
Previous |
Next |
Notations
wlsHome - The home directory of WebLogic. e.g., /u00/rsb/Oracle/Middleware/Oracle_Home
domainHome - The home directory of the domain. e.g., /u00/rsb/Oracle/Middleware/Oracle_Home/user_projects/domains/rsb_domain
app - the application acronym. e.g., sim, rms
HIGHLIGHTED STEPS ARE ADDITIONAL STEPS REQUIRED FOR SECURITY. INSTALLATION WILL WORK WITHOUT ENABLING THE SECURITY
[PolicyA] - These instructions are specific to security policy A configuration
[PolicyB] - These instructions are specific to security policy B configuration
Prerequisites
Task | Notes | Command | Example |
1. [PolicyA][PolicyB]
Security Prerequisite: Secure Edge App Services |
RSB supports security. However, primary lifecycle steps work with/without enabling security | Refer to the document RSB Security Guide for securing app services | |
2. Download and stage all third-party software | |||
3. Install JDK | Version 1.8 | ||
4. Install WebLogic | Version 12.2.1.4 | ||
5. Install Oracle DB server | 19c | ||
6. Install OSB on WebLogic | Version 12.2.1.4 | ||
7. Install RCU | Version 12.2.1.4
The repository for OSB must be created with this tool |
||
8. Create DB schema for OSB | Use Repository Creation Utility (RCU) | <wlsHome>/oracle_common/bin/rcu | Create schema name: RSB_SOAINFRA -Under SOA Infrastructure in RCU
[PolicyA][PolicyB]Create schema name: RSB_MDS - Under Metadata Services in RCU (OWSM domain requires MDS schema) |
9. Configure OSB domain
[PolicyA][Policy B] Create OWSM domain Create a cluster |
Choose OSB (Oracle Service Bus - 12.2.1.4.0). This will select all other required templates
ADF (Oracle JRF - 12.2.1.4.0) Create AdminServer Create 1 managed server for Http Proxy Create 2 managed servers |
cd <wlsHome>/wlserver/common/bin config.sh |
rsb_domain
(See RSB Deployment Architecture.doc in References for detailed instructions) rsb_cluster AdminServer rsb_server1 rsb_server2 [PolicyA] Note: Enable SSL for all the managed servers during creation. This can be done post creation too using WebLogic Console. Environment --> Servers --> Click on <M.Server> --> Check "SSL Listen Port Enabled" --> Specify the port number --> Save --> Activate Session |
10. Install RIB (optional) | A valid RIB home is required for the deployment of RSB, if RIB is enabled. |
Recommended Port Numbers for WebLogic Servers
Each WLS Domain has a unique number in the thousands place value. It starts from 7, increments of 1 | SSL or non SSL is designated by the hundredth place value | Admin Server - Tenth and Unit place value is always 01 | Managed Server - covers unit and tenth place value, starting from 2 increment of 1 | Example |
7XXX - first domain in a machine, 8XXX - second domain in a machine, 9XXX, 10XXX, 11XXX | X0XX for non-SSL
X1XX for SSL |
X001 - for non SSL | X0X2, X0X3, X0X4,...X0X9,X010,X011 - for non SSL | 7001
7101 |
X101 - for SSL | X1X2, X1X3, X1X4,...X1X9,X110,X111 - for SSL |
Prepare WebLogic Server for RSB deployment
Task | Notes | Command | Example |
1. Grant WebLogic permission to access credential wallet | Edit weblogic.policy and add the permission to access credential wallet. |
cd <wlsHome>/wlserver/server/lib vi weblogic.policy |
grant codeBase "file:/u00/rsb/Oracle/Middleware/user_projects/domains/rsb_domain/-" {
permission java.security.AllPermission; permission oracle.security.jps.service.credstore.CredentialAccessPermission "credstoressp.credstore", "read,write,update,delete"; permission oracle.security.jps.service.credstore.CredentialAccessPermission "credstoressp.credstore.*", "read,write,update,delete"; }; |
2. JVM heap size (Optional) | Set maximum and minimum heap size |
cd <domainHome>/bin vi setDomainEnv.sh |
USER_MEM_ARGS="-Xms1024m -Xmx2048m -XX:MaxPermSize=1024m" |
Download
Task | Notes | Command/Example |
1. Download RSB Kernel | Download RsbKernel15.0.4ForAll15.x.xApps_eng_ga.zip to a directory in Linux/Unix. The rsb-home will be created inside this directory. Extract the archive file. | |
2. Download Decorators | Download all RsbAppServiceDecoratorPak<rsb_major_version>For<app ><app_version>_eng_ga.zip to rsb-home/download-home/all-app-service-decorator/ directory. Do not extract the files. | |
3. Download Service Flows | Download all RsbServiceIntegrationFlowPak< rsb_major_version >For<service-name>_eng_ga.zip to rsb-home/download-home/all-functional-service-int-flow directory. Do not extract the files. | |
4. Set JAVA_HOME | Set JAVA_HOME to a JDK 1.8.0+ 64 bit with latest security updates. |
export JAVA_HOME=/usr/bin/java/1.8.0_75 |
5. Check version and unpack | Run the check version and unpack script |
cd rsb-home/download-home/bin check-version-and-unpack.sh |
6. Create tablespaces with names 'RETAIL_DATA' and 'RETAIL_INDEX' | The rsb-deployer.sh script expects permanent Tablespace with correct names created as a prerequisite and will use these Tablespaces to create RSB_SOAINFRA database objects. |
Configure
Edit rsb-home/deployment-home/conf/rsb-deployment-env-info.properties to configure following properties:
Property | Example Value |
JAVA_HOME | /usr/java/jdk1.8.0_75 |
rsb-osb-container.domain-name | rsb_domain |
rsb-osb-container.<domain>.home | rsb-osb-container. rsb-domain.home =/u00/rib1/Oracle/Middleware/user_projects/do mains/rsb_domain |
rsb-osb-container.<domain>.cluster-name | rsb-osb-container.rsb_domain.cluster-name=rsb_cluster |
rsb-osb-container.<domain>.<cluster name>.http-url
(Cluster port is the port of http proxy server ) |
rsb-osb-container.rsb_domain.rsb_cluster.http-url=http://rsbhost:7004 |
[PolicyA] rsb-osb-container.rsb_domain.rsb_cluster.https-url
(Provide the HTTPS URL of the http proxy managed server) |
rsb-osb-container.rsb_domain.rsb_cluster.http-url=https://rsbhost:7104 |
rsb-osb-container.<domain>.admin-server-http-url | rsb-osb-container.rsb_domain.admin-server-http-url=http://rsbhost:7001 |
rsb-osb-container.<domain>.admin-server-connection-url | rsb-osb-container.rsb_domain.admin-server-connection-url=t3://rsbhost:7001 |
rsb-osb-container.<domain>.<cluster name>.managed-servers
(Comma separated list of managed servers in the cluster, excluding the http proxy managed server) |
rsb-osb-container.rsb_domain.rsb_cluster.managed-servers=rsb_server1,rsb_server2 |
rsb-osb-container.<domain>.<cluster name>.<managed server>.managed-server-connection-url
(Repeat this property for all the managed servers in the cluster) |
rsb-osb-container.rsb_domain.rsb_cluster.rsb_server1.managed-server-connection-url=t3://rsbhost:7002 |
service-infrastructure-db.jdbc-url | jdbc:oracle:thin:@dbhost:1521:rra1 |
edge-app-container.<app>.connection-url
(the host:port of the edge application) |
edge-app-container.sim.connection-url=t3://edgeapphost:8080 |
global.app-service-end-point-url-pattern
(The pattern of edge service URLs. Note: This is different if the service is hosted on glassfish Vs WebLogic) |
http://<HTTP_HOSTNAME>:<HTTP_PORT>/<SERVICE_NAME>Service/<SERVICE_NAME>Bean |
rib.home.path
(optional) |
rib1@ribhost:/u00/rib1/rib2/Rib15031ForAll15xxApps/rib-home |
Compile
Task | Notes | Command |
1. [Policy A] [PolicyB]
Security Configuration |
Download edge app service WSDLs |
cd rsb-home/service-assembly-home/bin/ download-app-service-wsdl.sh |
2. [PolicyA]
[PolicyB] Create Policy Mapping file |
Create security policy mapping file |
generate-rsb-decorator-security-config.sh |
3. [PolicyB]
Setup Credentials |
Setup security credentials for Message Protection |
setup-message-protection-security-credentials.sh |
4. Setup credentials and compile | Setup the user IDs and passwords in the wallet file
|
cd rsb-home/service-assembly-home/bin/ rsb-compiler.sh -setup-security-credential |
5. Compile
Note: If step 4 is executed, skip this step. |
Compile the configurations |
cd rsb-home/service-assembly-home/bin/ rsb-compiler.sh |
Deploy
Task | Notes | Command |
1. Start the servers | Start Admin Server, Proxy Server, Managed Servers |
cd <domainHome>/bin startWeblogic.sh startManagedWebLogic.sh <managed server> |
2. Prepare WLS | Prepare instrumentation configurations for WebLogic server |
cd rsb-home/deployment-home/bin rsb-deployer.sh -prepare-wls |
3. Restart Servers | Restart all the servers (Admin + Managed servers) | |
4. [PolicyB]
Copy script |
Copy security scripts to RSB server |
cd rsb-home/integration-lib/rsb-tools/scripts scp generate-pki-certificate-keystore-for-osb.sh <user>@<host>:/<domainHome>/config/ scp import-remote-server-public-key-certificate-into-keystore.sh <user>@<host>:/<domainHome>/config/ scp export-server-public-key-certificate-from-keystore.sh <user>@<host>:/<domainHome>/config/ |
5. [PolicyB]
Generate Certs and Key store |
Generate private key, public key and key store for the RSB server (To be done in the RSB server)
Note: If you are using CA certificates, do not generate certificates. Instead import the certificates to the keystore. |
. <domainHome>/bin/setDomainEnv.sh cd <domainHome>/config generate-pki-certificate-keystore-for-osb.sh |
6. [PolicyB]
Copy app server certificate(s) |
Go to <wlsHome>/config of the remote edge app server and export the public key certificate. Copy the certificate file to < wlsHome >/config of the RSB server. The file name must be <remote-host>-certificate.der | Follow RSB Security Guide for instructions to export certificate |
7. [PolicyB]
Import app server certificate(s) |
Import all the edge app server public key certificates to RSB server's key store. If the edge apps are deployed in different servers, import all the certificates to the keystore (To be done in the RSB server) |
cd <domainHome>/config import-remote-server-public-key-certificate-into-keystore.sh <app> <remote-host> e.g.,
import-remote-server-public-key-certificate-into-keystore.sh cm <hostname>
|
8. [PolicyB]
Configure RSB Serve |
Configure the RSB server to use the key store generate in the previous steps |
cd rsb-home/deployment-home/bin configure-rsb-app-server-for-security-policy-b.sh |
9. [PolicyB]
Restart |
Restart Admin and Managed Servers | |
10. Deploy Decorator | Deploy all the decorators |
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-all-rsb-service |
11. Deploy Injector | Deploy rib4oms injector service |
cd rsb-home/deployment-home/bin rsb-deployer.sh -deploy-rsb-service RibOmsToRsbOmsRouting-ServicesIntegrationFlow.jar |
12. [PolicyB]
Export OSB certificate |
Copy the script from integration-lib
Export the certificate, so that it can be used by the service consumers. (To be done in the RSB server) |
cd <wlsHome>/config export-server-public-key-certificate-from-keystore.sh |
13. Restart | Restart all the servers (Admin + Managed servers) |