1. Deploying JD Edwards EnterpriseOne on Linux Learning Path
  2. Performing Common Setup for All Linux Servers

Performing Common Setup for All Linux Servers

This section describes these common setup tasks that must be performed on all Linux servers that are deployed by JD Edwards EnterpriseOne One-Click Provisioning:

Prerequisite

You must have a Linux server for all the servers that will be deployed by JD Edwards EnterpriseOne One-Click Provisioning except for the Deployment Server, which must be a Microsoft Windows server. At a minimum, One-Click Provisioning includes the deployment of the Provisioning Server, Database Server, Enterprise Server, and WebLogic Server.

General

The following general prerequisites are required for each Linux server:

  1. Ensure that each machine has umask set to 0022.

    To set umask permanently, add below the command to the bashrc(~/.bashrc) for both the root and the opc users:

    umask 0022

  2. Ensure that the host name of a Linux server contains only alphanumeric values. For all servers, you cannot use special characters, except a hyphen (-).

  3. Log in as the root user.

  4. Verify the /etc/ssh/sshd_config file contains this setting:

    ClientAliveInterval 3600

    Ensure that the setting exists, is set properly to 3600, and is not commented out.

  5. Verify the /etc/ssh/sshd_config file has the SSH connection over IPV6 disabled by using this setting:

    AddressFamily inet

    Ensure that the setting exists, is set properly to inet (not any), and is not commented out.

  6. Verify the /etc/sudoers file either does not contain the following setting or that the setting is disabled in the file:

    Defaults requiretty

    Tip: You can use this command to edit the /etc/sudoers file:

    sudo visudo

  7. Also in the /etc/sudoers file, set the opc user to have passwordless sudo access by adding this entry:

    opc ALL=(ALL) NOPASSWD: ALL

  8. You must disable IPV6 using the following command:

    sudo vi /etc/sysctl.conf

    Ensure that these settings within the /etc/sysctl.conf file are set in order to disable IPV6 protocol:

    net.ipv6.conf.default.disable_ipv6=1

    net.ipv6.conf.all.disable_ipv6=1

  9. You must ensure that the fully qualified domain name (FQDN) in the /etc/hostname file does not include the localdomain suffix. For example, if the following setting exists in your /etc/hostname file:

    sqeweb111.localdomain

    For example, if the setting sqeweb111.localdomain exists in your /etc/hostname file, remove the .localdomain suffix.

Enable Inbound Ports in the Firewall for Compute Instances

You must enable inbound ports in the firewall service for each Linux server to enable the functionality of the Provisioning Server to provision each Linux server.

  1. For each JD Edwards EnterpriseOne server, repeat this command as necessary to specify open ports in the firewall:

    sudo firewall-cmd --zone=public --add-port=<PORT>/tcp --permanent

    In the preceding command, <PORT> is the number of the port that must be open. The ports that must be open are listed in the following table.

    Linux Server Firewall Port List

    Component

    Inbound Ports to Open

    Provisioning Server

    22

    445

    3000

    5150

    8998

    8999

    7000-7001

    14501-14502

    Oracle Database

    22

    5150

    <DB_PORT>

    14502-14510

    Enterprise Server

    22

    5150

    6017-6022

    14502-14510
    Web Server

    22

    5150

    <WLS_ADMIN_PORT> See Note 1

    <SSL_ACCESS_PORT> See Note 2 <SSL_ACCESS_PORT-1> See Note 3

    14502-14520
    Note: 1 This is the Admin Port on which the Admin Server is running. This value is set by the user while creating a WebLogic domain.
    Note: 2 This SSL port must be opened to enable the Server Manager Console to complete the tasks.
    Note: 3 This port number is equal to the value of the SSL port minus one. This port must be opened to enable the Server Manager to complete the provisioning tasks. For example, if you have specified the port value as 8081 in the One-Click Provisioning Console, you must open 8080 port (8081-1).

    Also, you must open a port for each of the WebLogic Servers. For example, if you have the following environment and server combinations, you should open eight ports: four SSL ports for the port numbers specified by using the Provisioning Console, and four non-SSL ports. The value of each non-SSL port must be the value of the SSL port minus one.

    • DV HTML
    • PD HTML
    • DV AIS
    • PD AIS

  2. After all the ports are opened in the firewall for each server, use these commands to reload the firewall:

    systemctl stop firewalld

    systemctl start firewalld

Disable SELINUX and Reboot Machines

After you have configured the firewall, use this procedure to disable SELINUX and reboot the machine for the changes to take effect.

  1. Use this command to check the status of Security Enhanced Linux (SELINUX):

    sudo getenforce

    If the returned status is either Enforcing or Permissive, you must temporarily disable the extra security restriction provided by SELINUX by modifying this file:

    /etc/selinux/config

    Edit the /etc/selinux/config file to change the SELINUX= setting to this value:

    SELINUX=disabled

  2. When you change any security settings, such as disabling SELINUX as described in the preceding step, you must reboot the machine using this command:

    shutdown -r now

  3. If you reboot to enable security settings, after the reboot is complete, run sudo getenforce to confirm that the status of SELINUX is Disabled.

Set Up Users and Groups

Perform these tasks to set up additional users and groups on each Linux server:

  1. Create the opc user using this command:

    sudo useradd -d /home/opc -m -s /bin/bash opc

  2. If the /u01 mount point does not exist, create it using this command:

    sudo mkdir /u01

  3. Use this command to ensure that the /u01 mount point has proper permissions to allow the One-Click Provisioning process to subsequently create requisite folders:

    sudo chmod 770 /u01

  4. Create the dba, oracle, and opc groups using these commands:

    sudo groupadd -g nnnn dba

    sudo groupadd -g nnnn oracle

    sudo groupadd -g nnnn opc

    In the above commands, nnnn is the ID with which the group will be created. You must use a free value which ideally should be above 1000. You can determine used group IDs> with the id command.

  5. Create the oracle user and add it to the oracle group using this command:

    sudo useradd -d /home/oracle -m -s /bin/bash oracle

  6. Add the opc user to the oracle group and the oracle user to the dba group and the oracle group using these commands:

    sudo usermod -a -G oracle opc

    sudo usermod -a -G oracle oracle

    sudo usermod -a -G dba oracle

  7. Set /u01 as owned by the oracle group using this command:

    sudo chgrp oracle /u01

Install Requisite YUM Packages

You must install a specific set of packages from the YUM repository onto the One-Click Provisioning Server and each additional Linux-based Server in the JD Edwards EnterpriseOne environment which include:

  • Provisioning Server
  • Compute Oracle Database Server
  • Enterprise Server
  • WebLogic Server
Important: Ensure that you have enabled your YUM repository. This functionality is required to install YUM packages that are prerequisites to set up each JD Edwards EnterpriseOne server. If you had not enabled your YUM repository before you ran One-Click to set up the JD Edwards EnterpriseOne servers, then you must enable it and manually install and update all required YUM packages as listed below.

The following lists are the required packages sorted sorted in an alphabetic order. You can create a script to install the packages one at a time, or all at once. In either case, confirm that when each command runs, it returns either of these results:

Complete

or

Nothing to do

Note: If you run all the YUM packages at once, using a single command, you may encounter error conditions where a package may not install as expected due to dependency or other technical issues with the package or library. Further, this behavior is unpredictable and can vary according to system conditions. The resolution of such error conditions is the responsibility of your system administrator and is beyond the scope of this document. If you need help resolving YUM issues, your Linux administrator should open a service request with the Oracle Linux support team. Additionally, various Linux OS images may be delivered with some of the packages that are installed by default. You can use the following commands to cross-check which packages are already installed and those that you need to manually install.
Important: It is recommended that you run YUM install commands as the root user. For example:

sudo su

yum install -y bind-utils

Provisioning Server

Ensure the VM instance for the Provisioning Server contains these YUM packages:

bind-utils

gcc.x86_64

gcc-c++.x86_64

ksh.x86_64

unzip.x86_64

zip.x86_64

zlib-devel.x86_64

openssl-devel

Tip: The following is an example of the commands to include the above package list.
Note: The Samba install is a separate command.

yum install -y zip.x86_64 unzip.x86_64 bind-utils ksh.x86_64 gcc-c++.x86_64 gcc.x86_64 zlib-devel.x86_64 openssl-devel

yum install 4.18.6-3.0.3.el8_9 -y

The following library must be added using the command:

sudo dnf install --enablerepo=ol8_codeready_builder libyaml-devel -y

Compute Oracle Database Server

Ensure the VM instance for the Compute Oracle Database Server contains these YUM packages:

Note: For users who have previously set up servers using a previous version of the Oracle database, the package names below with strikethrough are not required for the currently supported version.

bind-utils

compat-libcap1.x86_64

compat-libstdc++-33.x86_64

compat-openssl10.x86_64

gcc.x86_64

gcc-c++.x86_64

glibc.i686

glibc.x86_64

glibc-devel.x86_64

ksh.x86_64

libaio.x86_64

libaio-devel.x86_64

libgcc.x86_64

libstdc++.x86_64

libstdc++-devel.x86_64

libX11.x86_64

libXau.x86_64

libxcb.x86_64

libXext.x86_64

libXi.x86_64

libXtst.x86_64

make.x86_64

sysstat.x86_64

unzip.x86_64

zip.x86_64

Enterprise Server

Important: Usually, the order in which you run YUM updates is not a factor. However, there is a known dependency on the installation order for certain packages so you should install packages in the order shown below. If other dependencies arise, they should be resolved by your Linux administrator.

Ensure the VM instance for the Enterprise Server contains these YUM packages:

Note: For users who have previously set up servers using a previous version of Linux, the package names below with strikethrough are not required for OL8, while the names in bold are new requirements.

compat-libcap1.x86_64

compat-libstdc++-33.i686

compat-libstdc++-33.x86_64

elfutils-libelf-devel.x86_64

file

gcc.x86_64

gcc-c++.x86_64

glibc.i686

glibc.x86_64

glibc-devel.i686

glibc-devel.x86_64

ksh.x86_64

libaio.i686

libaio.x86_64

libaio-devel.i686

libaio-devel.x86_64

libgcc.i686

libgcc.x86_64

libnsl.x86_64

libstdc++.i686

libstdc++.x86_64

libstdc++-devel.x86_64

libX11.i686

libX11.x86_64

libXau.i686

libXau.x86_64

libxcb.i686

libxcb.x86_64

libXext.i686

libXext.x86_64

libXi.i686

libXi.x86_64

libXtst.i686

libXtst.x86_64

make.x86_64

ncompress

oracle-database-preinstall-19c.x86_64

sysstat.x86_64

unixODBC.x86_64

unixODBC-devel.x86_64

unzip.x86_64

zlib.i686

zlib.x86_64

zip.x86_64

zlib-devel.i686

zlib-devel.x86_64

nss-softokn-freebl.x86_64

nss-softokn-freebl.i686

WebLogic Server

Ensure the VM instance for the WebLogic Server contains these YUM packages:

Note: For users who have previously set up servers using a previous version of WebLogic Server, the package names below with strikethrough are not required for the currently supported version, while the names in bold are new requirements.

bind-utils

glibc.i686

glibc.x86_64

glibc-devel.x86_64

ksh.x86_64

libnsl.x86_64

net-tools

unzip.x86_64

zip.x86_64

zlib-devel.x86_64