15 Setting Up Middleware as a Service

This chapter describes to set up middleware as a service. It contains the following sections:

Getting Started
Defining Roles and Assigning Users
Adding Hosts
Configuring Privilege Delegation Settings
Configuring the Software Library
Loading Provisioning Profiles to the Software Library
Creating a Middleware Home
Configuring and Saving the Deployment Procedure

Getting Started

This section helps you get started by providing an overview of the steps involved in setting up middleware as a service (MWaaS). Before you set up MWaaS, you must download and deploy the required plug-ins. For more details, see Section 2.1, "Installing Virtualization and the Cloud Plug-ins"

Table 15-1 Getting Started with MWaaS

Step	Task	Role
1	Define roles for administrators and self service users. See Defining Roles and Assigning Users.	Super Administrator
2	Install the Management Agent on unmanaged hosts so that they can be monitored by Enterprise Manager. Adding Hosts.	Cloud Administrator
3	Configure Privilege Delegation Settings on your managed hosts. Configuring Privilege Delegation Settings.	Super Administrator
4	Configure the storage location for the Software Library. See Configuring the Software Library	Cloud Administrator
5	Load Middleware Provisioning profiles into the Software Library. See Loading Provisioning Profiles to the Software Library.	Self Service Administrator
6	Create a Middleware Home. See Creating a Middleware Home.	Self Service Administrator
7	Create a Configured Deployment Procedure. See Configuring and Saving the Deployment Procedure.	Self Service Administrator

Figure 15-1shows the sequence of steps required to enable middleware as a service.

Figure 15-1 Enabling MWaaS as a Service

Defining Roles and Assigning Users

Oracle Enterprise Manager supports different classes of Oracle users, depending upon the environment you are managing and the context in which you are using Oracle Enterprise Manager. User privileges provide a basic level of security in Enterprise Manager. They are designed to control user access to data and to limit the kinds of SQL statements that users can execute. When creating a user, you grant privileges to enable the user to connect to the database, to run queries and make updates, to create schema objects, and more.A role is a collection of Enterprise Manager resource privileges, or target privileges, or both, which you can grant to administrators or to other roles. These roles can be based upon geographic location (for example, a role for Canadian administrators to manage Canadian systems), line of business (for example, a role for administrators of the human resource systems or the sales systems), or any other model. By creating roles, an administrator needs only to assign the role that includes all the appropriate privileges to his team members instead of having to grant many individual privileges.To set up a Private Middleware Cloud in Enterprise Manager, you create users for each of these roles:

EM_CLOUD_ADMINISTRATOR: Users with this role are responsible for setting up and managing the cloud infrastructure. This role is responsible for creating the PaaS Infrastructure Zones and for the infrastructure cloud operations for performance and configuration management.
EM_SSA_ADMINISTRATOR: Users have the privilege to define the self service role. They can define quotas and constraints for the self service users and grant them access privileges. Users with this role have provisioning designer privileges, can create and view patch plans, and support the plug-in lifecycle on the Management Agent.

EM_SSA_USER: Users with this role can access the Middleware Self Service Portal.

The table below lists the roles associated with each user.

User Profile	EM_CLOUD_ADMINISTRATOR	EM_SSA_ADMINISTRATOR	EM_SSA_USER
Minimum roles required to create a user	`EM_CLOUD_ADMINISTRATOR` `PUBLIC` `EM_USER`	`EM_SSA_ADMINISTRATOR` `PUBLIC` `EM_USER`	`EM_SSA_USER`
Roles to be removed when creating a user	NONE	NONE	`PUBLIC` `EM_USER`
	Additional roles may be added as required

Creating a Custom Role for Self Service Application Users

The Cloud Management Self Service Portal allows self service users to provision and manage their own cloud services. Self service users need access only to the Self Service Portal and the resources allocated to them. These capabilities are inherent in the predefined EM_SSA_USER role. Since the functions performed by the EM_CLOUD_ADMINISTRATOR and EM_SSA_ADMINISTRATOR roles are consistent across Enterprise Manager, these ready-to-use roles can be used as they are. On the other hand, the EM_SSA_USER role is used for quota assignment, and to limit access to Middleware Pools and Service Templates. Hence the predefined role needs to be modified to create custom SSA user roles that are based on the standard EM_SSA_ROLE role. To create a custom SSA user role, follow these steps:

Log in to Enterprise Manager as a Super Administrator user.
From the Setup menu, select Security, then select Roles.
Click Create in the Roles page to launch the Create Role wizard.
Provide a name and description (SSA_DEV_ROLES) for the role and click Next.
From the list of Available Roles, select the EM_SSA_USER role and move it to the Selected Roles table. Click Next.
Accept the default target privileges and click Next.
Accept the default resource privileges and click Next.
Skip the Create Role: Administrators step and click Next.
Review the changes and click Finish to create the custom SSA user (SSA_DEV_USERS) role.

Creating a User and Assigning Roles

To create a user called SSA_USER1 and grant the custom role created earlier (SSA_DEV_USERS), follow these steps:

Log in to Enterprise Manager as a Super Administrator user.
From the Setup menu, select Security, then select Administrators.
Click Create in the Administrators page to launch the Create Administrator wizard.
Enter the name and password for the user (SSA_USER1) and create Next.
From the list of Available Roles, select the SSA_DEV_USERS role and move it to the Selected Roles table. Remove the EM_USER and PUBLIC roles from the Selected Roles table. Click Next.
Accept the default target privileges and click Next.
Accept the default resource privileges and click Next.
Review all the changes and click Finish to create the SSA_USER1 user.

Note:

Repeat these steps to create other users. For the Cloud Administrator and SSA Administrator users, the EM_USER and PUBLIC roles must not be removed.

Adding Hosts

Oracle Management Agent (Management Agent) is one of the core components of Enterprise Manager Cloud Control. It works in conjunction with the plug-ins to monitor the targets running on a managed host.

If the host targets have not been discovered, you must install Oracle Management Agents on your unmanaged hosts to monitor them in Enterprise Manager.

Note:

If the Management Agent has not been upgraded to 12.1.0.3 then following options will not work:

Create and Delete Data Sources
Start and Stop Applications
View List of Data Sources
View Application URLs

To install the Management Agent on an unmanaged server, follow these steps:

Log in to Enterprise Manager as an EM_CLOUD_ADMINISTRATOR user.
From the Setup menu, select Add Target, then select Add Target Manually.
Select the Add Host Targets option and click Add Host.
Add the host names and select the platform. Check the Self Update console, if the Agent software for the desired platform is listed as not available, click Next.
Provide the Agent Install Location, click in the Instance directory field to auto-generate the path, create a named credential for the agent user (provide access to root user either by using sudo or pbrun), and clear the value in the port field (this will enable automatic selection of the port), click Next.
Review all entered values, and click Deploy Agent.
Track the progress of agent deployment on the Add Host Status page. The agent deployment takes between 5-10 minutes.
Select Targets, then select Hosts to navigate to the Hosts page. Confirm if all the hosts are listed on the page.
Note:
- You can deploy the Management Agent on a maximum of 16 servers at a time. The total time required will thus increase if the Management Agent is deployed to a large number of servers.
- Verify if the AS plugin has been successfully deployed. From the Setup menu, select Extensibility, then select Plug-ins. Select Oracle Fusion Middleware, then select Deploy On, then select Management Agent. Add the required agent on the target hosts and click Deploy.

Configuring Privilege Delegation Settings

Privilege delegation allows a logged-in user to perform an activity with the privileges of another user. Sudo and PowerBroker are privilege delegation tools that allow a logged-in user to be assigned these privileges. These privilege delegation settings will be used for all provisioning and patching activities on these hosts.

To configure privilege delegation settings on cloud hosts, follow these steps:

Create a Privilege Setting Template.
1. Log in to Enterprise Manager as a Super Administrator user.
2. From the Setup menu, select Security, then select Privilege Delegation.
3. Under the Related Links section, click the Manage Privilege Delegation Setting Templates link.
4. Select Sudo or PowerBroker from the Create list and click Go.
5. Enter a template name, and the Sudo or PowerBroker command to be used on the target hosts. Sample values are provided in the description for the command fields. For example, the command for sudo is /usr/bin/sudo -u %RUNAS% %COMMAND%
6. Click Save.
  Note:
  - If you select the PowerBroker option, you can specify an optional value in the PowerBroker Password Prompt field.
  - Check the path to the sudo or pbrun executable. For example, if you are using sudo, you can check this by opening a terminal to one of the hosts and run the command which sudo. The command returns the path to the executable.
Deploy the template to the hosts.
1. From the Setup menu, select Security, then select Privilege Delegation.
2. Click Manage Privilege Delegation Settings Templates in the Related Links section.
3. Select the template that you have created and click Apply.
4. Click Add Targets and choose the hosts for which the template is to be applied.
5. Click Select to select the hosts and click Apply.
6. On the Past Apply Operations page, check the Status column for all hosts. A job has been submitted to all hosts to apply this privilege delegation setting.
7. Refresh the page using the browser refresh button, or click Go on this page to refresh the status for all hosts.
8. From the Setup menu, select Security, then select Privilege Delegation to navigate to the Privilege Delegation page. Click the Show link in the Status column to confirm that the privilege delegation settings have been applied on all hosts.

Configuring the Software Library

Oracle Software Library (Software Library) is a repository that stores software patches, virtual appliance images, reference gold images, application software and their associated directive scripts. It allows maintaining versions, maturity levels, and states of entities.

The software entities can be automatically mass-deployed to provision software, software updates, and servers using Enterprise Manager Cloud Control in a reliable and repeatable manner. These provisioning operations, which are unattended and can be scheduled, lead to substantial cost savings.Besides acting as a repository for certified software entities, the Software Library is a logical interface between the deployment models and the automation framework required to perform a large number of patching and provisioning tasks. To configure the storage location for the Software Library, follow these steps:

Log in to Enterprise Manager as an EM_CLOUD_ADMINISTRATOR user.
From the Setup menu, select Provisioning and Patching, then select Software Library.
Select OMS Shared File System in the Storage Type list and click Add...

If you are using the OMS Agent Filesystem location, see the note in Creating a PaaS Infrastructure Zone for setting up administrator credentials.
Specify a Name and Location that is accessible to all OMSes and click OK.

Note:
Because the storage location for the Software Library must be accessible to all OMSes as local directories, in a multi-OMS scenario, you must set up a clustered file system using OCFS2, NFS, ACFS, or DBFS. For single OMS systems, any local directory is sufficient. Ensure that sufficient storage space (more than 100 GB for production deployment of Enterprise Manager) has been allocated for the Software Library as this storage space is used to store all the cloud components.
A job is executed to upload all the ready-to-use content. This may take 15 to 30 minutes depending on your disk speed.

Loading Provisioning Profiles to the Software Library

The EM_ADMINISTRATOR can create provisioning profiles that can be used by operators for mass deployment. Provisioning profiles can be used to standardize deployments and help reduce errors when deployment procedures are configured.

Three out-of-the-box provisioning profiles with different heap size settings (Small: 1.5 GB, Medium: 3 GB, and Large: 6 GB) are provided. To use these profiles, you must import or load them to the Software Library by using the following command:

emctl partool deploy -parFile <YOUR_LOCAL_DIR>/<file_name>.par -force -repPasswd <SYSMAN_PWD>

When imported, these profiles are copied under the Oracle Supplied Fusion Middleware Provisioning Profiles/10.3.6.0/linux64 directory in the Software Library. These profiles can then be used to create services templates that can be used provision one or more service instances. See Setting Up the Self Service Portal for details on creating service templates.

Note:

The provisioning profiles must be JRF enabled.
As the sample provisioning profiles do not contain the Oracle Middleware Home Gold Image component, you must ensure that the Middleware Homes (WebLogic 10.3.6.0) have been created on the selected destination host(s) when they are provisioned.
The maximum heap value of all the servers in the profile must have an appropriate -Xmx setting in multiples of 256. For example, -Xmx512m, -Xmx1024m, and so on. You must define the -Xmx server setting to ensure that the MWaaS memory metric and quota checking feature works properly. The value of the memory metric for a MWaaS service is the sum of the maximum heap available for all servers in the service.
Scale up operations are supported only with non-SSL profiles.

Creating a Middleware Home

A Middleware Home consists of the WebLogic Server Home (such as SOA Home, WebCenter Home, WebTier Home, and so on) and optionally, one or more Oracle Homes. The Middleware Home must be created on all the hosts that are part of the PaaS Infrastructure Zone. See Creating a PaaS Infrastructure Zone for details. If the Middleware Home has not been created on a host, that host cannot be a part of the Middleware Pool.

Note:

If you have a Middleware Home installed on your machine and it has been discovered in Enterprise Manager, this step is not required.

To create a Middleware Home in Enterprise Manager, follow these steps:

From the Enterprise menu, select Provisioning and Patching, then select Middleware Provisioning. The Middleware Provisioning page appears.
The profiles that have been uploaded are listed in the Profile section.
Select the Provision Middleware Deployment Procedure from the Deployment Procedures region and click Launch.
Select Provision from Oracle Middleware Home Gold Image option. Click the Search icon and select one of the two profiles as the image to use for the oracle home. Click Next.
In the Destinations page, click Add Hosts. Select a host and specify the Host Credentials. You can either use named credentials or specify new credentials.
In the Destination Locations section, select Create New Middleware Home and specify a non-existing middleware home directory. Click Next.
Accept the default values in this page and click Submit. You will see the Procedure Activity page where you can monitor the job you just submitted to ensure it completes correctly. A middleware home is created in the specified directory.

Configuring and Saving the Deployment Procedure

You can configure and save a Middleware Provisioning deployment procedure. This configured deployment procedure can then be used by the EM_SSA_ADMINISTRATOR while creating a Middleware Service Template. To customize the deployment procedure, follow these steps:

Log into Enterprise Manager as an EM_SSA_ADMINISTRATOR user.
From the Enterprise menu, select Provisioning and Patching, then select Middleware Provisioning. The Middleware Provisioning page appears.
The profiles that have been uploaded are listed in the Profile section. The profile you select must contain only one cluster with one WebLogic Server.
Select the Provision Middleware Deployment Procedure from the Deployment Procedures region and click Launch.
Select Provision from WebLogic Domain Provisioning Profile option. Click the Search icon and select one of the profiles as the image to use for the oracle home. Click Next.
Click Save. Enter a name for the customized deployment procedure and click Next.

The MWaaS feature will not work if any variables in the deployment procedure are locked.
After the deployment procedure has been saved, click Cancel to exit the current deployment procedure. You will see the new customized deployment procedure listed in the Deployment Procedures table in the Middleware Provisioning page. The saved deployment procedure can now be used while creating a service template.

Note:
The configured deployment procedure you have created must contain only one cluster with one WebLogic Server.