Oracle® Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E12035-02 |
|
|
View PDF |
This chapter describes how to install and configure Oracle Directory Integration Platform (DIP) and Oracle Directory Services Manager (ODSM).
This chapter includes the following topics:
Section 5.1, "Extending the Oracle WebLogic Domain with DIP and ODSM"
Section 5.3, "Validating the Application Tier Configuration"
Section 5.4, "Backing Up the Application Tier Configuration"
The application tier consists of multiple computers hosting the Oracle Directory Integration Platform, Oracle Directory Services Manager, and Oracle Access Manager instances. In the complete configuration, requests are balanced among the instances on the application tier computers to create a performant and fault tolerant application environment.
Note:
Oracle Directory Integration Platform uses Quartz to maintain its jobs and schedules in the database. For the Quartz jobs to be run on different Oracle Directory Integration Platform nodes in a cluster, it is recommended that the system clocks on the cluster nodes be synchronized.Follow these steps to install and configure Oracle Directory Integration Platform and Oracle Directory Services Manager on IDMHOST1:
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Ensure that port 7006 is not in use by any service on the computer by issuing these commands for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7006"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7006 in the /etc/services
file and restart the services, or restart the computer.
Copy the staticports.ini
file from the Disk1/stage/Response directory to a temporary directory.
Edit the staticports.ini
file that you copied to the temporary directory to assign the following custom port:
# The port for ODSM Server port ODS Server Port No = 7006
Start the Oracle Identity Management 11g Configuration Assistant by running the config.sh
script located under the ORACLE_HOME
/bin
directory on IDMHOST1. For example:
/u01/app/oracle/product/fmw/idm/bin/config.sh
On the Welcome screen, click Next.
On the Select Domain screen, select Extend Existing Domain and enter the domain details:
Host Name: idmhost1.mycompany.com
Port: 7001
User Name: weblogic
User Password: <enter user password>
Click Next.
On the Specify Installation Location screen, specify the following values (the values for the Oracle Middleware Home Location and the Oracle Home Directory fields are prefilled. The values default to the Middleware Home and Oracle Home previously installed on IDMHOST1 in Section 3.2, "Configuring the WebLogic Server Domain on IDMHOST1":
Oracle Middleware Home Location:
/u01/app/oracle/product/fmw
Oracle Home Directory: idm
WebLogic Server Directory:
/u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location:
/u01/app/oracle/admin/idm_inst1
Oracle Instance Name:
idm_inst1
Click Next.
On the Specify Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the checkbox next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, select Oracle Directory Integration Platform, Management Components - Oracle Directory Services Manager and deselect all the other components.
Select the Clustered check box.
Click Next.
On the Configure Ports screen, select Specify Ports Using Configuration File and enter the full pathname to the staticports.ini
file that you edited in the temporary directory
Click Next.
On the Specify OID Details screen, specify the following:
Hostname: oid.mycompany.com
Port: 389
Username: cn=orcladmin
Password: ******
Click Next.
On the Specify Schema Database screen, specify the following values:
Connect String:
infradbhost1-vip.mycompany.com:1521:idmdb1^infradbhost2-vip.mycompany.com:1521:idmdb2@idmedg.mycompany.com
Note:
The RAC database connect string information needs to be provided in the format host1:port1:instance1^host2:port2:instance2@servicename.During this installation, it is not required for all the RAC instances to be up. If one RAC instance is up, the installation can proceed.
It is required that the information provided above is complete and accurate. Specifically, the correct host, port, and instance name must be provided for each RAC instance, and the service name provided must be configured for all the specified RAC instances.
Any incorrect information entered in the RAC database connect string has to be corrected manually after the installation.
User Name: ODSSM
Password: ******
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Configure.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.
The following sections include the steps for extending the WebLogic Server Domain on IDMHOST2:
Follow these steps to install and configure Oracle Directory Integration Platform and Oracle Directory Service Manager on IDMHOST2:
Ensure that the system, patch, kernel and other requirements are met. These are listed in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management manual in the Oracle Fusion Middleware documentation library for the platform and version you are using.
Ensure that port number 7006 is not in use by any service on the computer by issuing this command for the operating system you are using. If a port is not in use, no output is returned from the command.
On UNIX:
netstat -an | grep "7006"
If the port is in use (if the command returns output identifying the port), you must free it.
On UNIX:
Remove the entries for port 7006 in the /etc/services
file if the port is in use by a service and restart the services, or restart the computer.
Copy the staticports.ini
file from the Disk1/stage/Response
directory to a temporary directory.
Edit the staticports.ini
file that you copied to the temporary directory to assign the following custom port:
#The port for ODSM Server port ODS Server Port No: 7006
Start the Oracle Identity Management 11g Installer as follows:
On UNIX, issue this command: runInstaller
The runInstaller
file is in the ../install/
platform
directory where platform is a platform such as Linux or Solaris.
The Specify Oracle Inventory screen is displayed.
On the Specify Inventory Directory screen, enter values for the Oracle Inventory Directory and the Operating System Group Name. For example:
Specify the Inventory Directory: /u01/app/oraInventory
Operating System Group Name: oinstall
A dialog box appears with the following message:
"Certain actions need to be performed with root privileges before the install can continue. Please execute the script /u01/app/oraInventory/createCentralInventory.sh now from another window and then press "Ok" to continue the install. If you do not have the root privileges and wish to continue the install select the "Continue installation with local inventory" option"
Login as root and run the "/u01/app/oraInventory/createCentralInventory.sh"
This sets the required permissions for the Oracle Inventory Directory and then brings up the Welcome screen.
Note:
The Oracle Inventory screen is not shown if an Oracle product was previously installed on the host. If the Oracle Inventory screen is not displayed for this installation, make sure to check and see:If the /etc/oraInst
file exists
If the file exists, the Inventory directory listed is valid
The user performing the installation has write permissions for the Inventory directory
On the Welcome screen, click Next.
On the Select Installation Type screen, select Install and Configure and then click Next.
On the Prerequisite Checks screen, the installer completes the prerequisite checks. If any fail, please fix them and restart your Installation.
Click Next.
On the Select Domain screen, select the Expand Cluster option and specify these values:
Hostname: idmhost1.mycompany.com
Port: 7001
UserName: weblogic
User Password: <Enter the password for the webLogic user>
Click Next.
On the Specify Installation Location screen, specify these values:
Oracle Middleware Home Location:
/u01/app/oracle/product/fmw
Oracle Home Directory: idm
WebLogic Server Directory:
/u01/app/oracle/product/fmw/wlserver_10.3
Oracle Instance Location:
/u01/app/oracle/admin/idm_inst2
Oracle Instance Name: idm_inst2
Click Next.
On the Email for Security Updates screen, specify these values:
Email Address: Provide the email address for your My Oracle Support account.
Oracle Support Password: Provide the password for your My Oracle Support account.
Check the checkbox next to the I wish to receive security updates via My Oracle Support field.
Click Next.
On the Configure Components screen, de-select all the products except Oracle DIP and Management Components and then click Next.
On the Configure Ports screen, select Specify Ports Using Configuration File and enter the full pathname to the staticports.ini
file that you edited in the temporary directory.
Click Next.
On the Installation Summary screen, review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
On the Installation Progress screen on UNIX systems, a dialog box appears that prompts you to run the oracleRoot.sh
script. Open a window, log in as root, and run the script, following the prompts in the window.
Click Next.
On the Configuration Progress screen, multiple configuration assistants are launched in succession; this process can be lengthy. Wait until it completes.
On the Installation Complete screen, click Finish to confirm your choice to exit.
In the previous section, the installer created a second Managed Server, wls_ods2 on IDMHOST2. However, the Oracle Directory Integration Platform application is not deployed on IDMHOST2 and the newly created Managed Server is not automatically started. Also, the WebLogic Administration Console shows the state of the wls_od2 Managed Server on IDMHOST2 as UNKNOWN.
Follow the post-installation steps in this section to complete the installation and configuration of the Oracle Directory Integration Platform and Oracle Directory Services Manager applications on IDMHOST2.
Follow these steps to copy the Oracle Directory Integration Platform application from IDMHOST1 to IDMHOST2:
On IDMHOST2, create the following directory structure:
MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods2/stage/DIP/11.1.1.1.0
For example:
mkdir -p MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods2/stage/DIP/11.1.1.1.0/
Copy the DIP directory from IDMHOST1 to IDMHOST2.
Copy the following directory on IDMHOST1:
MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods1/stage/DIP/11.1.1.1.0/DIP
to the following location on IDMHOST2:
MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods2/stage/DIP/11.1.1.1.0/
For example, from IDMHOST1, execute this command:
scp -rp MW_HOME/user_projects/domains/IDMDomain/servers/wls_ods1/stage/ DIP/11.1.1.1.0/DIP user@IDMHOST2://MW_HOME/user_projects/domains/IDMDomain/ servers/wls_ods2/stage/DIP/11.1.1.1.0
Set the listen address for the WLS_ODS1
and WLS_ODS2
Managed Servers to the host name of their respective nodes using the Oracle WebLogic Administration Server:
Using a web browser, bring up the Oracle WebLogic Administration Server console and log in using the weblogic
user credentials.
In the left pane of the WebLogic Administration Server Console, click Lock & Edit to edit the server configuration.
In the left pane of the WebLogic Server Administration Console, expand Environment and select Servers.
On the Summary of Servers page, click on the link for the wls_ods1
Managed Server.
On the Settings page for the wls_ods1
Managed Server, update the Listen Address to idmhost1.mycompany.com
. This is the host name of the server where wls_ods1
is running.
Click Save to save the configuration.
Repeat steps 2 to 6 to update the Listen Address for the wls_ods2
Managed Server to idmhost2.mycompany.com
. This is host name of the server where wls_ods2
is running.
Click Activate Changes to update the server configuration.
Follow these steps to start the newly created wls_ods2
Managed Server in a cluster on IDMHOST2:
In the left pane of the Oracle WebLogic Server Administration Console, expand Environment and select Clusters.
Select the cluster (cluster_ods
) containing the Managed Server (wls_ods2
) you want to start.
Select Control.
Under Managed Server Instances in this Cluster, select the check box next to the Managed Server (wls_ods2
) you want to start and click Start.
On the Server Life Cycle Assistant page, click Yes to confirm.
Node Manager starts the server on the target machine. When the Node Manager finishes its start sequence, the server's state is indicated in the State column in the Server Status table.
This section includes steps for validating Oracle Directory Services Manager and Oracle Directory Integration Platform.
Follow these steps to validate the Oracle Directory Services Manager installation:
Bring up the Oracle Directory Services Manager (ODSM) Administration Console in a web browser. The URL to access the ODSM Administration Console is:
http://hostname.mycompany.com:port/odsm/faces.odsm.jspx
For example, on IDMHOST1, enter this URL:
http://idmhost1.mycompany.com:7006/odsm/faces/odsm.jspx
And on IDMHOST2, enter this URL:
http://idmhost2.mycompany.com:7006/odsm/faces/odsm.jspx
Validate that Oracle Directory Services Manager can create connections to Oracle Internet Directory and Oracle Virtual Directory. Follow these steps to create connections to Oracle Internet Directory and Oracle Virtual Directory:
To create connections to Oracle Internet Directory, follow these steps:
Launch Oracle Directory Services Manager from IDMHOST1:
http://idmhost1.mycompany.com:7006/odsm/faces/odsm.jspx
Create a connection to the Oracle Internet Directory virtual host by providing the information shown below in the ODSM Console:
Host: oid.mycompany.com Port: 636 Enable the SSL option User: cn=orcladmin Password: <ldap-password>
To create connections to Oracle Virtual Directory, follow these steps. Create connections to each Oracle Virtual Directory node separately. Using the Oracle Virtual Directory load balancer virtual host from the ODSM Console is not supported:
Launch Oracle Directory Services Manager from IDMHOST1:
http://idmhost1.mycompany.com:7006/odsm/faces/odsm.jspx
Create a direct connection to Oracle Virtual Directory on OVDHOST1 providing the information shown below in the ODSM Console:
Host: ovdhost1.mycompany.com Port: 8899 (The Oracle Virtual Directory proxy port) Enable the SSL option User: cn=orcladmin Password: <ldap-password>
Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus
command. To run this command, follow these steps:
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
export ORACLE_HOME=/u01/app/oracle/product/fmw/idm
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server. For example:
export WLS_HOME=/u01/app/oracle/product/fmw/wlserver_10.3
Run the ORACLE_HOME
/bin/dipStatus -h
hostName
-p
port
-D
wlsuser
command.
For example, on IDMHOST1, the command and output look like this:
ORACLE_HOME/bin/dipStatus -h idmhost1.mycompany.com -p 7006 -D weblogic
[Weblogic user password]
Connection parameters initialized.
Connecting at idmhost1.mycompany.com:7006, with userid "weblogic"..
Connected successfully.
ODIP Application is active at this host and port.
For example, on IDMHOST2, the command and output look like this:
ORACLE_HOME/bin/dipStatus -h idmhost2.mycompany.com -p 7006 -D weblogic
[Weblogic user password]
Connection parameters initialized.
Connecting at idmhost2.mycompany.com:7006, with userid "weblogic"..
Connected successfully.
ODIP Application is active at this host and port.
It is an Oracle best practices recommendation to create a backup file after successfully completing the installation and configuration of each tier or a logical point. Create a backup of the installation after verifying that the install so far is successful. This is a quick backup for the express purpose of immediate restore in case of problems in later steps. The backup destination is the local disk. This backup can be discarded once the enterprise deployment setup is complete. After the enterprise deployment setup is complete, the regular deployment-specific Backup and Recovery process can be initiated. More details are described in the Oracle Fusion Middleware Administrator's Guide.
For information on database backups, refer to the Oracle Database Backup and Recovery User's Guide.
To back up the installation to this point, follow these steps:
Back up the application tier:
Shut down the instance using opmnctl
located under the ORACLE_INSTANCE
/bin
directory:
ORACLE_INSTANCE/bin/opmnctl stopall
Create a backup of the Middleware Home on the application tier as the root
user:
tar -cvpf BACKUP_LOCATION/apptier.tar MW_HOME
Create a backup of the Instance Home on the application tier as the root
user:
tar -cvpf BACKUP_LOCATION/instance_backup.tar ORACLE_INSTANCE
Start up the instance using opmnctl
located under the ORACLE_INSTANCE
/bin
directory:
ORACLE_INSTANCE/bin/opmnctl startall
Perform a full database backup (either a hot or cold backup). Oracle recommends that you use Oracle Recovery Manager. An operating system tool such as tar
can be used for cold backups.
Back up the Administration Server domain directory. This saves your domain configuration. The configuration files all exist under the MW_HOME/user_projects/domains/
domainName directory:
IDMHOST1> tar cvf edgdomainback.tar MW_HOME/user_projects/domains/domainName
Note:
Create backups on all machines in the application tier by following the steps shown above.For information about backing up the application tier configuration, see Section 10.4, "Performing Backups and Recoveries."