Oracle B32100-01 User's Manual
Contents
1. where lt ORACLE_SID gt is the value of your database SID These log files contain database password information If possible you should remove these files from the system after reviewing their contents These log files are not required for the operation of OracleAS Metadata Repository Silent and Non Interactive Installation B 11 Deinstallation B 9 Deinstallation You can perform a silent deinstallation of Oracle Application Server by supplying a silent deinstallation parameter to the response file you used for installation Add the following parameter to your installation response file REMOVE_HOMES lt ORACLE_HOME to be removed gt For example REMOVE_HOME local_location oracle_home Note You still need to follow the deinstallation steps described in Appendix D Deinstallation and Reinstallation One of the key steps is to run the deconfig tool before running the silent deinstallation command The silent deinstallation command only replaces the step where you run the installer interactively to deinstall the instance To perform a silent deinstallation use the deinstall parameter when entering the command prompt gt runInstaller silent deinstall responseFile absolute_path_and_filename B 12 Oracle Application Server Installation Guide C Default Port Numbers By default the installer assigns port numbers to components from a set of default port numbers This appendi2. cccccseeseeees 9 7 9 5 1 Installation Orders sersa erase ine eet ina a ten Actin wi ar 9 8 9 5 2 Installing OracleAS Metadata Repository cesses cssssssseesesssesseeseseseseeees 9 9 9 5 3 Installing OracleAS Cluster Identity Management on the First Node 9 9 9 5 3 1 Create staticportS itil File ive cise diciescveveed eetvacs n a i aE 9 9 9 5 3 2 Disable TCP Monitoring on Load Balancer for First Node cece 9 10 9 5 3 3 Configure the Load Balancer to Return Immediately to the Calling Client 9 10 9 5 3 4 Ensure that the OracleAS Metadata Repository Is Not Registered with any Oracle Internet Directory a ccdenuawsliidiaceitieasconteestecnesecsioaaaniaeuthaeseutiaseaeivaesdueastved evans anet 9 10 9 5 3 5 Select the Same Components for Each Node eee ceceeeeeeeeeeeeees 9 10 9 5 3 6 Run the Installer c shes nnen a bind nian diaclncd shana aariaa aait 9 10 9 5 4 Installing OracleAS Cluster Identity Management on Subsequent Nodes 9 12 9 6 Installing a Distributed OracleAS Cluster Identity Management Configuration 9 15 9 6 1 Installation Order ssena E G EE AR Pee we Seater ede ees 9 17 9 6 2 Installing OracleAS Metadata Repository eee ce ceeseseeseeeceseeeneneseneneees 9 17 9 6 3 Installing Oracle Internet Directory on the First Node ccccccscsesestetesesteteseeeenenens 9 17 9 6 3 1 Set up staticports ind Filesnsssniunpa na aa at 9 17 9 6 3 2 Select the Same Components for Each Installation
3. DEINSTA L_LIST oracle iappserver infrastructure 10 1 4 0 1 oracle iappserver infrastructure szl_ PortListSelect YES COMPONENT_LANGUAGES private jdoe mystaticports ini en INSTALL_TYPE Infrastructure_Meta oracl oracl oracl oracl oracl oracl oracl oracl oooeoooo oO lappserver infrastructure b_configureMETA true lappserver infrastructure b_configureOID false lappserver infrastructure b_configureSSO false lappserver infrastructure b_configureSS0O false lappserver infrastructure b_configureDAS false lappserver infrastructure b_configureDIP false lappserver infrastructure b_configureOCA false lappserver infrastructure b_launchEMCA false oracle iappserver infrastructure b_launchOHS true szRegisterMetaStatus y B 6 Oracle Application Server Installation Guide copy the CD ROMs to the hard drive the installer will prompt you to switch CD ROMs during installation To complete the installation without any prompting you must copy the contents of the CD ROMs to the hard drive and specify Create the Response File szIdentityAdminContext dc mycompany dc com s_dnSelection Custom DN s_dnCntval United States s_dncustom CN AS Certificate Authority OU MyOrg 0O MyCompany C US sl_keylengthInfo 2048 sl_ocmInfo adminpassword adminpassword s_nameForDBAGrp dba s_nameForOPERGrp dba Specify Database Configuration Options
4. Table 1 1 summarizes the products available in Oracle Application Server 10 10 1 4 0 1 and the books where the installation instructions are located Table 1 1 Product and Installation Documentation Locations Product See This Documentation for Installation Details OracleAS Infrastructure Chapter 4 Installing OracleAS Infrastructure Oracle Identity Federation Oracle Identity Federation Administrator s Guide Oracle Identity Management Appendix A Installing the Oracle Identity Management Grid Control Plug in Grid Control Plug in OracleAS Metadata Repository Oracle Application Server Metadata Repository Creation Assistant User s Guide in an existing database Oracle Access Manager Oracle Access Manager Installation Guide 1 2 Oracle Application Server Installation Guide Recommended Topologies 1 3 Recommended Topologies Table 1 2 provides a road map of where to find information about the supported 10g 10 1 4 0 1 topologies Table 1 2 Recommended Topologies Topology See This Documentation for Details 10 1 4 0 1 OracleAS Infrastructure Topologies An Oracle Application Server instance containing all Oracle Identity Management components in one Oracle home Section 1 3 1 Installing Oracle Identity Management in a Single Oracle Home Two Oracle Homes one containing Oracle HTTP Server OracleAS Single Sign On and Oracle Delegated Administration Services and the other conta
5. s se ssssssssssseseeseesieseeseeseess 9 18 9 6 3 3 Start the Installer zreszta belek Aor ie A a aoar Eoin 9 18 9 6 4 Installing Oracle Internet Directory on Subsequent Node ccce sees 9 19 9 6 4 1 Staticports ini File Not Needed sirisisenininp srn nnn naaa 9 19 9 6 4 2 Select the Same Components for Each Installation ccccccceeeeceeteeeeeeeees 9 19 9 6 4 3 Start the Installer inrsin esas cst ecccvec este aiaeei a aaa eaan aana sleet esha A a AR Ea iai 9 19 9 6 5 Installing OracleAS Single Sign On and Oracle Delegated Administration Services on Fach NOG KEE E E E E EE E eeeecttae es 9 21 9 6 5 1 Setup staticports ini Files s th iis an n ea Bt eR nk te eet 9 21 9 6 5 2 Start the Installer epena e aoaaa ceeded dg ato sas das evs vec a osetia helene beens 9 22 9 7 Post InstallatiOr St ps iiyn a ae e AT 9 24 9 7 1 Cluster the OC4J_Security Instance for State Replication First Oracle Delegated Administration Services node only s sssssnesnssinsrisinsinsrinrrnsrinrinrensrinnrnnrinrnennnnea 9 24 9 7 2 Changing the Ports for Oracle Internet Directory s sessesessesssesiesississssirsirsiesessesees 9 25 9 7 3 Update targets xml Case 2 Only o ccccccceceseccccseeecscscseseseececsssesescesessssnesesssensnesesenenes 9 25 viii 10 11 9 8 Installing Middle Tiers Against OracleAS Cluster Identity Management Configurations a es saeden gua atdage E neue A N da er sea veins see datiee ag ocisy stv EE pe vec eeee ae 9
6. b orclapplicationcommonname orasso_ssoserver cn sso cn products cn oraclecontext s base objectclass seealso Values you need to provide oidhostname name of the computer running Oracle Internet Directory Example dbmachine mydomain com oidport port number on which Oracle Internet Directory is listening Example 389 password password for the cn orcladmin user 2 If the command in the preceding step does not return the name of the metadata repository then run the following commands a Run this command first to get the orclreplicaid value which you need for the next command prompt gt ldapsearch h oidhostname p oidport D cn orcladmin w password Oracle Application Server Installation Guide Groups Required to Install Middle Tiers b s base objectclass orclreplicaid b Then run this command prompt gt ldapsearch h oidhostname p oidport D cn orcladmin w password b orclreplicaid value_from_previous_command cn replication configuration s base objectclass seealso This returns a seealso value in the format cn Metadata repository DB Name cn oraclecontext 5 4 Groups Required to Install Middle Tiers When you install middle tiers the installer prompts you to log in to Oracle Internet Directory Log in as a user who is a member of these groups a Section 5 4 1 Groups Required to Install Against the Desired Metadata Repository a Section 5 4 2 Groups Required to
7. 1 Install the OracleAS Metadata Repository first See Section 4 22 Installing OracleAS Metadata Repository in a New Database ity Management components Alternatively you can install the OracleAS Metadata Repository in an existing database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details 2 Then install the Oracle Identity Management components See Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory 4 4 Oracle Application Server Installation Guide Tips for Installing Oracle Identity Management Components Separately Table 4 3 Cont OracleAS Infrastructure Configurations Configuration Description How to Insiall OracleAS Metadata Repository Identity Management components Oracle Directory Integration and Provisioning Oracle Delegated Administration Services OracleAS Single Sign On OracleAS Certificate Authority In this configuration the OracleAS Metadata Repository runs on one computer Oracle Internet Directory runs on a second computer and the remaining Oracle Identity Management components run on a third computer To install this configuration 1 Install the OracleAS Metadata Repository first See Section 4 22 Installing OracleAS Metadata Repository in a New Database Alternatively you can install the OracleAS Metadata Repository in an exi
8. 400 MHz or faster Checked by Installer Yes Memory The memory requirements provided for the various installation types represents enough physical memory to install and run Oracle Application Server However for most production sites you should configure at least 1 GB of physical memory For sites with substantial traffic increasing the amount of memory further may improve your performance For Java applications you should either increase the maximum heap allocated to the OC4J processes or configure additional OC4J processes to utilize this memory See the Oracle Application Server Performance Guide for details To determine the optimal amount of memory for your installation the best practice is to load test your site Resource requirements can vary substantially for different applications and different usage patterns In addition some operating system utilities for monitoring memory can overstate memory usage partially due to the representation of shared memory The preferred method for determining memory requirements is to monitor the improvement in performance resulting from the addition of physical memory in your load test Refer to your platform vendor documentation for information on how to configure memory and processor resources for testing purposes OracleAS Infrastructure OracleAS Metadata Repository and Identity Management 1 GB Identity Management only 1 GB a OracleAS Metadata Repository only 1 GB Oracle Ident
9. DVD ROM users Insert the Oracle Application Server DVD ROM into the DVD ROM drive Run the Oracle Universal Installer using the command shown after the notes Installing the Oracle Identity Management Grid Control Plug in A 1 Installing Oracle Identity Management Grid Control Plug in Notes a Be sure you are not logged in as the root user when you start the Oracle Universal Installer The installer gives an error message if you try to run it as the root user a Do not start the installation inside the mount_point directory If you do then you may not be able to eject the installation disk The cd command below changes your current directory to your home directory CD ROM prompt gt ed prompt gt mount_point 1014IMGCDisk1 runInstaller DVD ROM Locate the Grid Control Plug in directory and execute runinstaller Hard Drive prompt gt cd disk1_directory prompt gt runInstaller where disk1_directory is the directory where you unzipped the Disk 1 file This launches Oracle Universal Installer through which you can install Oracle Identity Management Grid Control Plug in A 3 Installing Oracle Identity Management Grid Control Plug in Before installing the Oracle Identity Management Grid Control Plug in you must stop any running Management Service Stop the Management Service using the following command prompt gt ORACLE_HOME opmn bin opmnctl stopall where ORACLE_HOME is the home for Oracle Manageme
10. Installing OracleAS Single Sign On and Oracle Delegated Administration Services on Each Node 9 6 1 Installation Order To create a distributed OracleAS Cluster Identity Management configuration 1 Install OracleAS Metadata Repository in your existing database 2 Install Oracle Internet Directory on each node You run the installer on each node separately Note If you want to configure Oracle Internet Directory to listen on SSL ports only perform this configuration after you have installed OracleAS Single Sign On and Oracle Delegated Administration Services Oracle Internet Directory needs to be listening on both SSL and non SSL ports when you install OracleAS Single Sign On and Oracle Delegated Administration Services 3 Install OracleAS Single Sign On and Oracle Delegated Administration Services on each node You run the installer on each node separately 4 Install middle tiers 9 6 2 Installing OracleAS Metadata Repository To install the OracleAS Metadata Repository in your existing database you use the OracleAS RepCA See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details 9 6 3 Installing Oracle Internet Directory on the First Node You run the installer on each node separately to install the Oracle Identity Management components 9 6 3 1 Set up staticports ini File When installing Oracle Internet Directory on the first node you do not need a load balancer
11. The staticports ini file uses the same format as the ORACLE_ HOME install portlist ini file which is created after an Oracle Application Server installation If you have installed Oracle Application Server and you want to use the same port numbers in another installation you can use the portlist ini file from the first installation as the staticports ini file for subsequent installations However note this difference in staticports ini the line Oracle Management Agent port corresponds to Enterprise Manager Agent port in portlist ini 2 5 3 2 Error Conditions that Will Cause the Installer to Use Default Ports Instead of Specified Ports Check your staticports ini file carefully because a mistake can cause the installer to use default ports without displaying any warning Here are some things that you should check a Ifyou specify the same port for more than one component the installer will use the specified port for the first component but for the other components it will use the components default ports The installer does not warn you if you have specified the same port for multiple components a Ifyou specify different ports for one component on multiple lines the installer assigns the default port for the component The installer does not warn you if you have specified different ports for one component 2 12 Oracle Application Server Installation Guide Ports If you specify the same port for one component o
12. s Guide for details on changing the Oracle Internet Directory ports 9 7 3 Update targets xml Case 2 only The following configuration steps are needed only in the installation scenario described in Section 9 4 2 Case 2 Client HTTPS gt Load Balancer HTTPS gt Oracle HTTP Server In this case the oracle_sso_server entry in the targets xm1 file on each physical host of the cluster must be reconfigured to monitor the local SSL port Note Keep in mind that the hostname should remain the same Please do not change the hostname Perform the following steps to update targets xm1 on each node of the cluster 1 Back up the targets xm1 file cp ORACLE_HOME sysman emd targets xml ORACLE_HOME sysman emd targets xml BACKUP 2 Open the file and find the oracle_sso_server target type Within this target entry locate and edit the following two attributes a MHTTPPort the server SSL port number a HTTPProtocol the server protocol which in this case is HTTPS For example you could update the two attributes this way lt Property NAME HTTPPort VALUE 4443 gt lt Property NAME HTTPProtocol VALUE HTTPS gt 3 Save and close the file 4 Reload the OracleAS console ORACLE _HOME bin emctl reload Installing in High Availability Environments OracleAS Cluster Identity Management 9 25 Installing Middle Tiers Against OracleAS Cluster Identity Management Configurations 9 8 Installin
13. 3 13 3 3 13 4 3 13 5 3 14 Oracle Home Directory insti nied ata a a e ce thie eet E E 3 1 Installing in an Existing Oracle Home cccceesccsesessseesesessseseseesseseseseenseesessesesesees 3 2 Installing in a Non Empty Oracle Home ccccccececcscsesesescscscseeseecsesnseecscsessensnesseesees 3 2 Can T Use Symbolic Links Zeini cede loseretardes lecsrerdss deuce e a e a 3 2 First Time Installation of Any Oracle Product c ccccceccccceceescececeseececeeeeenesesecesesenenecenens 3 2 Installing Additional La guageSsimsesssnsseinisnniss iirin sni 3 3 Oracle Application Server Instances and Instance Names s ssessssiesissessssserisesseseesees 3 3 The ias_admin User and Restrictions on its PaSSWOL c ccccccesscsssseesseesssesseeessecsseeesseeeseees 3 4 Comparing Installing Components against Configuring Component cccee sees 3 5 Where Does the Installer Write Files 00 0 cccecsccsscsssesscessessceeseeseesceseecsecseessecsecsaecseesseenseerees 3 5 Why Do I Need to be Able to Log In as Root at Certain Times During Installation 3 6 Running root sh During Installation ccc cece cece ceeeeseecececenensneceseseeesesesesesesesenesanees 3 6 Can I Modify Other Oracle Application Server Instances During Installation 3 6 Connecting to Oracle Internet Directory Through SSL Connections ccccecceseeeenenene 3 7 Obtaining Software from Oracle E Delivery c ccccceescccccsssesesescs
14. Check that the clocks on the computers running the masters and replicas are within 250 seconds of each other 6 3 Installation Order To install Oracle Internet Directory in replicated mode you need a master Oracle Internet Directory and one or more Oracle Internet Directory replicas You install them in the following order 1 Install the master Oracle Internet Directory first 2 Install the Oracle Internet Directory replicas The installer will prompt you to enter connect information for the master Oracle Internet Directory 6 4 Installing a Master Oracle Internet Directory The procedure for installing a master Oracle Internet Directory is the same as installing a regular non replicated Oracle Internet Directory You can install the master Oracle Internet Directory against an existing database or you can install it with a new database Notes a Inthe Select Configuration Options screen you must select Oracle Internet Directory You can select other components to configure as desired a Also in the Select Configuration Options screen you do not need to select High Availability and Replication Select this option only if you are installing this Oracle Application Server instance in a high availability configuration a Ifyou select the High Availability and Replication option in Select Configuration Options screen the installer displays the Select High Availability Option screen In this do not select the Replication opti
15. Click Next Select Manual and enter the fullpath to your staticports ini file in the provided field You need to use staticports ini file for OracleAS Cluster Identity Management configurations See Section 9 5 3 1 Create staticports ini File Click Next When you install on the first node you need to specify an OracleAS Metadata Repository that is not registered with an Oracle Internet Directory When you install on subsequent nodes then the OracleAS Metadata Repository is registered with the Oracle Internet Directory on the first node Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the names of all the nodes where the Real Application Clusters database is running and the port numbers Use the format hosti domain com port1 host2 domain com port2 Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next Select OracleAS Cluster Identity Management and click Next Enter a name for the new OracleAS Cluster Identity Management Note that the cluster name is case sensitive Oracle recommends that you record the cluster name for use during installations on subsequent nodes Example cluster1 Click Next Select the suggested namespace or enter a custom namespace for the lo
16. Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example oid_das ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 9 6 4 Installing Oracle Internet Directory on Subsequent Nodes Before performing the steps in this section you must have installed Oracle Internet Directory on the first node as described in Section 9 6 3 Installing Oracle Internet Directory on the First Node 9 6 4 1 Staticports ini File Not Needed You do not need a staticports ini file for this installation because the installer will configure this Oracle Internet Directory to use the same ports as the Oracle Internet Directory on the first node The Oracle Internet Directory on the first node must be up and running 9 6 4 2 Select the Same Components for Each Installation If you are setting up the second node a
17. Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example oid_dip ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Step 4 Install OracleAS Single Sign On and Oracle Delegated Administration Services Install these components in an OracleAS Cluster Identity Management configuration In this configuration you install them on the local disks of each node You perform these installations separately Pre Installation steps Because this installation is actually an OracleAS Cluster Identity Management installation you can follow the OracleAS Cluster Identity Management setup steps in Chapter 9 Installing in High Availability Environments OracleAS Cluster Identity Management a Section 9 2 1 Use the Same Path for the Oracle Home Directory recommended a Section 9 2 2 Synchron
18. Fe Attribute Uniqueness Management FillAudit Log Management View Properties Only Non null Values All C Advanced gt Le Change Log Management OMEntry Management eta en OracleContext 03 cn Computers cn Extended Properties createtinestanp EOE ed SQA cn Groups EQ on 1ASDB acolo feneorcladin DQ cn OracleDBAQUsers description Quners of this Repository DQ cn OracleDBCreators o en OracleDBSecurityAdmins E cn OracleNetAdmins G U cn Products displayname Repository Owners SQI en Calendar ay dn en Repository Ouners orc ReferenceName iasdb us oracle cc amp WW on Common BE nocif iersnane aa DAA cn DAS i modifytimestamp tember 12 2003 4 40 47 AM UTC Q cn Dynamic Services EQ cn EMai lServerContainer objectclass ee UniqueNames X i orclGroup Q cn EServices lorclACPGroup 3 cn ESM top E 3 cn Forns I cecuae Cee gt GA cr 1AS cn orcladmin G A cn 1AS Infrastructure Dat ota orclReferenceName iasd Q cn Associated Mid t pair cn Repository Mid t pository Ouner fad Help Repository Quners 5 8 1 3 Navigating to Component Groups The component groups are listed in Table 5 3 The general navigation path is as follows See Figure 5 5 for a screenshot 1 Expand the top level entry Oracle Internet Directory Servers 2 Expand the specific Oracle Internet Directory 3 Expand the following entries Entry Management gt cn OracleContext gt cn Products 4 Expand the particul
19. HTTP_Server module id OHS gt lt module data gt lt ias component gt b Perform the following command to stop OPMN prompt gt ORACLE_HOME opmn bin opmnctl stopall c Perform the following command to start OPMN prompt gt ORACLE_HOME opmn bin opmnctl startall 1 8 Oracle Application Server Installation Guide Recommended Topologies 6 Configure the standalone Oracle HTTP Server in Oracle Home 1 See Configuring Standalone Oracle HTTP Server with Oracle Application Server in Oracle HTTP Server Administering a Standalone Deployment Based on Apache 2 0 in the 10g Release 2 10 1 2 or 10g Release 3 10 1 3 documentation library Product and Installation Overview 1 9 Recommended Topologies 1 10 Oracle Application Server Installation Guide 2 Requirements Before installing Oracle Application Server ensure that your computer meets the requirements described in this chapter Table 2 1 Sections in This Chapter Section Highlights Section 2 1 Using OracleMetaLink to Obtain the Latest Oracle Application Server Hardware and Software Requirements Describes how to find the most current requirements for Oracle Application Server 10g 10 1 4 0 1 Section 2 2 System Requirements Lists requirements such as supported processor speed memory disk space and swap space Section 2 3 Software Requirements Lists requirements such as supported operating systems operating system pa
20. Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next Select Virtual Host and click Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next Note This is a critical screen when installing the infrastructure in an OracleAS Cold Failover Cluster If you do not see this screen check the following a Return to the Select High Availability or Replication Option screen and ensure that you selected Virtual Host a Return to the Select Configuration Options screen and ensure that you selected High Availability and Replication Virtual Hostname Enter the virtual hostname for the OracleAS Cold Failover Cluster configuration Example vhost mydomain com Click Next Installing in High Availability Environments OracleAS Cold Failover Cluster 8 23 Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster Table 8 7 Cont Installing Oracle Internet Directory and Oracle Directory Integration Platform Screen Action 8 Specify Instance Name Instance Name
21. You can set up and configure the load balancer later However it is recommended that the port numbers used by Oracle Internet Directory and by the load balancer are the same To do this create a staticports ini file to specify port numbers that you want Oracle Internet Directory to use Your load balancer will use the same port numbers for LDAP communications The staticports ini file should contain these lines Oracle Internet Directory port port_num Oracle Internet Directory SSL port port_num Installing in High Availability Environments OracleAS Cluster Identity Management 9 17 Installing a Distributed OracleAS Cluster Identity Management Configuration 9 6 3 2 Select the Same Components for Each Installation If you are setting up the second node as a failover to the first node then you must select the same set of components in the Select Configuration Options screen for each installation For example if you select Oracle Internet Directory and Oracle Directory Integration Platform on the first node you need to select them when installing on subsequent nodes 9 6 3 3 Start the Installer To install Oracle Internet Directory on the first node follow the steps in Table 9 6 To install Oracle Internet Directory on subsequent nodes see Section 9 6 4 Installing Oracle Internet Directory on Subsequent Nodes Key Points a You must select the same components in the Select Configuration Options screen on all nodes For
22. a Read Section 8 10 1 If You Plan to Install Middle Tiers on OracleAS Cold Failover Cluster Nodes 8 11 Installing Regular Middle Tiers on OracleAS Cold Failover Cluster Nodes If you install middle tiers that are not in a cold failover cluster configuration on the same nodes as an OracleAS Cold Failover Cluster infrastructure then the ports used for the middle tiers must be different from the ones used for any OracleAS Infrastructure installed on the same cluster The ports must also be different from those used for other Oracle Homes on the same node To check the ports assigned to components in any Oracle Home see the Ports page on the Application Server Control Console When you install the middle tiers you should use a staticports ini file See Section 2 5 3 Using Custom Port Numbers the Static Ports Feature for details 8 34 Oracle Application Server Installation Guide 9 Installing in High Availability Environments OracleAS Cluster Identity Management This chapter describes how to install Oracle Application Server in OracleAS Cluster Identity Management configurations a Section 9 1 OracleAS Cluster Identity Management Introduction a Section 9 2 Pre Installation Steps for OracleAS Cluster Identity Management a Section 9 3 About Oracle Internet Directory Passwords a Section 9 4 About Configuring SSL and Non SSL Ports for Oracle HTTP Server a Section 9 5 Installing an OracleAS Cluster
23. between client load balancer and Oracle HTTP Server Three cases are possible Case 1 Communications between clients and the load balancer use HTTP and communications between the load balancer and Oracle HTTP Server also use HTTP See Section 9 4 1 Case 1 Client HTTP gt Load Balancer HTTP gt Oracle HTTP Server a Case 2 Communications between clients and the load balancer use HTTPS and communications between the load balancer and Oracle HTTP Server also use HTTPS See Section 9 4 2 Case 2 Client HTTPS gt Load Balancer HTTPS gt Oracle HTTP Server a Case 3 Communications between clients and the load balancer use HTTPS but communications between the load balancer and Oracle HTTP Server use HTTP See Section 9 4 3 Case 3 Client HTTPS gt Load Balancer HTTP gt Oracle HTTP Server Note Because the values you specify in this dialog override the values specified in the staticports ini file you should not specify port numbers for the Oracle HTTP Server Listen port in the staticports ini file 9 4 1 Case 1 Client HTTP gt Load Balancer HTTP gt Oracle HTTP Server HTTP Listener Port Enter the port number that you want to use as the Oracle HTTP Server Listen port This will be the value of the Listen directive in the httpd conf file Enable SSL Do not select this option The installer tries the default port number for the SSL port HTTP
24. gt lt CompositeMembership gt Configuration Assistants E 1 Description of Oracle Application Server Configuration Assistants lt MemberOf TYPE oracle_ias NAME instance2 domain com gt lt CompositeMembership gt lt Target gt 5 If an optional configuration assistant fails and it does not have any dependencies run the remaining configuration assistants Uncheck the cancelled optional configuration assistant highlight and check the next listed configuration assistant and click Retry 6 If configuration assistant failure occurs when running configuration assistant execution commands on the command line then re run the configuration assistant execution command again You can use the generated script file named configtoolcmds p1 located in the ORACLE_HOME bin directory to execute the failed configuration assistant again The configtoolcmds pl1 script is generated after you exit the installer During silent or non interactive installation the configtoolcmds pl1 script is generated immediately after configuration assistant failure 7 Ifyou see a Fatal Error Reinstall message find the cause of the problem by analyzing the log files You cannot recover from a fatal error by correcting the problem and continuing You must remove the current installation and reinstall Oracle Application Server The following tasks describe the recovery procedure a Deinstall the failed installation using the procedure described in Appe
25. initial password 5 1 unlocking F 5 Component Owners group 5 3 components configuring vs installing 3 5 default port numbers C 1 how to assign custom port numbers 2 10 Index how to install on separate computers 4 4 OracleAS Infrastructure components 4 2 ports used by components 4 11 configuration assistant errors Database configuration assistant F 7 database configuration assistant F 8 OPMN configuration assistant Start DAS Instance F 9 OPMN configuration assistant Start HTTP Server F 8 OPMN configuration assistant Start OracleAS Certificate Authority F 9 OracleAS Randomize Password configuration assistant F 7 configuration assistants E 1 dependencies E 1 descriptions of E 2 error codes E 2 fatal errors E 2 troubleshooting E 1 configuring components 3 5 copying CD ROM DVD to hard drive 2 22 CPU requirements 2 3 custom ports see static ports D database administrator groups 2 16 Database configuration assistant errors F 7 harmless error messages F 8 database name reusing F 12 dba group 2 17 deconfig tool D 1 log files D 3 default port numbers 2 9 C 1 deinstallation D 1 deconfig tool D 1 of Oracle Single Sign On instances in OracleAS Cluster Identity Management D 4 of OracleAS Cluster Identity Management D 5 of OracleAS Cold Failover Cluster D 4 OracleAS Infrastructure D 5 overview D 3 silent mode B 12 Index 1 troubleshooting F 11 Deployment Delegation Cons
26. not have to log in as the cn orcladmin superuser to perform the installations This chapter contains the following sections Section 5 1 Default Users in Oracle Internet Directory Section 5 2 Groups in Oracle Internet Directory Section 5 3 Groups Required to Configure or Deinstall Components Section 5 4 Groups Required to Install Middle Tiers Section 5 5 Groups Required to Install Additional Metadata Repositories Section 5 6 Example of Installation with Different Users Section 5 7 How to Create Users in Oracle Internet Directory Section 5 8 How to Add Users to Groups in Oracle Internet Directory Section 5 9 Contents of a New Oracle Internet Directory Section 5 10 On the Specify Login for Oracle Internet Directory Screen What Username and Realm Do I Enter 5 1 Default Users in Oracle Internet Directory When you install Oracle Internet Directory it has two users cn orcladmin and orcladmin cn orcladmin is the Oracle Internet Directory superuser This user has all the privileges to perform all tasks in Oracle Internet Directory The initial password for cn orcladmin is the same as the password for the ias_ admin user for the Oracle Application Server instance You specified this password during installation cn orcladmin is the owner of the objects created in the same installation session For example if you installed Oracle Internet Directory OracleAS Metadata Configuring Oracle Internet Director
27. the installer does not prompt you to swap CD ROMs It can find all the files if they are in the proper locations see Figure 2 1 Space Requirement Ensure that the hard drive contains enough space to hold the contents of the CD ROMs or the application_server directory on the DVD ROM Each CD ROM contains approximately 650 MB This means that if you are copying three CD ROMs you need approximately 1 9 GB of disk space On the DVD ROM the application_server directory is approximately 1 6 GB 2 22 Oracle Application Server Installation Guide Network Topics This space is in addition to the space required for installing Oracle Application Server listed in Table 2 2 To Copy the CD ROMs 1 Create a directory structure on your hard drive as shown in Figure 2 1 You need to create a parent directory called OracleAS_10g in the example but you can name it anything you like and under the parent directory create subdirectories called Disk1 Disk2 and so on The names of the subdirectories must be DiskN where Nis the CD ROM number Figure 2 1 Directory Structure for Copying CD ROMs to Disk OracleAS_10g Disk1 Disk2 Disk3 Contents Contents Contents of Disk1 of Disk2 of Disk3 2 Copy the contents of each CD ROM into the corresponding directory prompt gt cp pr cdrom_mount_point 10 1 4disk1 path to hard drive Disk1 prompt gt cp pr cdrom_mount_point 10 1 4disk2 path to hard drive Disk2 Repeat for each
28. the password that you entered in the first installation You cannot use the passwords that you entered in subsequent installations Accessing the Oracle Internet Directory includes a Logging into Oracle Delegated Administration Services URL http hostname port oiddas a Logging into OracleAS Single Sign On URL http hostname port pls orasso 9 4 Oracle Application Server Installation Guide About Configuring SSL and Non SSL Ports for Oracle HTTP Server a Connecting to Oracle Internet Directory using the Oracle Directory Manager You still need the passwords that you entered in subsequent installations for logging into Application Server Control 9 4 About Configuring SSL and Non SSL Ports for Oracle HTTP Server When you are installing OracleAS Cluster Identity Management configurations the installer displays the Specify HTTP Load Balancer Host and Listen Ports screen This screen has two sections Inthe load balancer section you specify the load balancer s HTTP virtual server name and port number You also indicate whether the port is for SSL or non SSL requests a Inthe Oracle HTTP Server section you specify the port number that you want for the Oracle HTTP Server Listen port You also indicate whether the port is for SSL or non SSL requests The virtual server and the Oracle HTTP Server Listen port can use different port numbers You use this screen to set up the type of communication SSL or non SSL
29. 2 19 DISPLAY a piaia pn aa a a a aa Meets a havea nee E A a 2 19 TMP and ITMPDIR sieniin a i a NNAS 2 20 TNS ADMIN aae aae a eenaa aa a a Aue eee Amie a a aaae aaria 2 20 The ete AHOstS PO e o T E E t e K N E E 2 21 Location of the Default Oracle Identity Management Realm sn ssnssssssssrsrtsssssrtssst s 2 21 Hostname for OracleAS Single Sign On se sssessssssssississesrsesiesesresnsesiesisseesenntenieseenenss 2 21 Network TOPICS si Surihani 2 22 Installing on Multihomed Multi IP Computers cccccesseseesceseseeeecenenesesnetenenens 2 22 Copying CD ROMs or DVD ROM to Hard Drive and Installing from the Hard Drive gd ub tags en cia E fa eae Zeta acha vba aueduhigddesetl ged A igs saeathenrtesdedececians 2 22 Installing from a Remote CD ROM or DVD ROM Drive ecceececsteteteseeeeeneeesees 2 23 Installing on Remote CoMmputerS ccccescccesesssesesesesenssesesescsessesesescssseseecsesessseseecsees 2 24 Installing on NFS Mounted Storage c cccccccceseseccseeesescscseseseecscsssnssseecesesensneseseeenes 2 25 Running Multiple Instances from One Installation ccccccccseseseeteteeeeeeeteseeeenenens 2 25 Support for NIS and NIS otsiti e n E E aaa dase 2 26 Prerequisite Checks Performed by the Installer cccccccecseseeneteeseeeetesceeeenesesesneeneeees 2 26 Things You Should Know Before Starting the Installation 3 1 3 1 1 3 1 2 3 2 3 3 3 4 3 5 3 6 3 7 3 8 3 9 3 10 3 11 3 12 3 13 3 13 1 3 13 2
30. 20 Installing OracleAS Infrastructure 0 cece cececccsesesescscseseseececseseseeceseesssnesesesesesenessseseneees 4 12 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory 4 14 4 22 Installing OracleAS Metadata Repository in a New Database eens 4 15 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory saninin an ienaa eae deanai aa eenaa e eraat a Eee Ta eA aeeie aaeeea EAEan aet 4 16 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory ash ssnciichid teltat eins nt biaaetlor vie th neeteh aes Mais Seaaatavioeanesevetinaee aves 4 18 4 25 Installing Oracle Internet Directory Only c cc ccccceeeecececeesescscsesesesescssseseececsssnsneseeeees 4 20 4 26 Installing OCA and OracleAS Metadata Repository Only ccccccscescesesesteeeescstenenenens 4 21 4 27 Install Fragment The First Few Screens of the Installation eee 4 23 4 28 Install Fragment The Last Few Screens of the Installation 0 0c cee teens 4 25 4 29 Install Fragment Database Screens cccececcscsssessesesssesesesesescsesesesescsesesesescscssseseecsesessseeceees 4 26 4 30 Install Fragment OCA Screens ccc ceccccsesececsessnesescscsesesescsescsesesescsssssescscscsssnseecesessnesesenenes 4 27 Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 1 Default Users in Oracle Internet Direc
31. 3 10 1 3 CD Pack For Oracle Home 3 follow the installation instructions in Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory On the Select Configuration Options screen perform the following steps a Select Oracle Internet Directory a Do not select Oracle Application Server Single Sign On a Do not select Oracle Application Server Delegated Administration Services a Select Oracle Directory Integration Platform a Do not select Oracle Application Server Certificate Authority OCA a Select High Availability and Replication For Oracle Home 2 follow the installation instructions in Section 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory On the Select Configuration Options screen perform the following steps a Do not select Oracle Internet Directory a Select Oracle Application Server Single Sign On a Select Oracle Application Server Delegated Administration Services a Do not select Oracle Directory Integration Platform a Do not select Oracle Application Server Certificate Authority OCA a Select High Availability and Replication On Oracle Home 2 and 3 perform the following commands to disable Oracle HTTP Server a Edit the ORACLE_HOME opmn bin opmn xm1 file to change the Oracle HTTP Server status to disabled as shown in bold lt ias component id HTTP_Server status disabled gt lt process type id
32. 30 Install Fragment OCA Screens for details 6 6 Oracle Application Server Installation Guide Installing an Oracle Internet Directory Replica Table 6 1 Cont Installing an Oracle Internet Directory Replica with a New Database Screen Action 10 11 Specify Database Schema 12 13 Specify Database Configuration Options Passwords Specify Instance Name and ias_admin Password Global Database Name Enter a name for the OracleAS Metadata Repository database Append the domain name of your computer to the database name Example orcl mydomain com Note Ensure that the master Oracle Internet Directory does not already contain a registration for a database with the same global database name or SID The installer checks this for you SID Enter the system identifier for the OracleAS Metadata Repository database Typically this is the same as the global database name but without the domain name The SID must be unique across all databases The SID cannot be longer than eight characters Example orcl Select Database Character Set Select the character set to use Specify Database File Location Enter the full path to the parent directory for the data files directory This parent directory must already exist and you must have write permissions in this directory The installer will create a subdirectory in this parent directory and the subdirectory will have the same name as the SID The data files w
33. 5 Installing an Oracle Internet Directory Replica ceceeecccssseseseseeseteesescseesesescsssnseeecseees 6 5 6 5 1 Overview of Installing a Replica 0 eee cece csesesseeesesssssseesesessssseseseseseeesesesesesenees 6 5 6 5 2 Installing an Oracle Internet Directory Replica with a New Database 00 6 5 6 5 3 Installing an Oracle Internet Directory Replica against an Existing Database 6 8 6 6 Accessing OracleAS Single Sign On and Oracle Delegated Administration Services 6 10 Installing in High Availability Environments Overview 7 1 Overview of High Availability Configurations ccccceccsssesesesccneseeecscsseesescseneeceeenen 7 1 7 1 1 OracleAS Cold Failover Cluster cccccccccsccsscssessscessessesssescessecsesceccseeseecseceeceaecasceseeeesenees 7 1 7 1 2 OracleAS Clusters hainn a a a a i a r anaia a idee 7 3 7 1 3 OracleAS Disaster ReCOVELY asieran r E E e E 7 4 7 1 4 Summary of Differences niai isie ae rrea ver ne ia oe a E aea RE EESE 7 4 7 2 Installation Order for High Availability Configurations ss sssssessesssesissesssssseseeseesseseesens 7 4 7 3 Requirements for High Availability Configurations ss sssessssessisresiesississssssesiesessesneesees 7 5 7 3 1 Check Minimum Number of Nodes c cccccssssssssssssessessecsseaeceeceseceeseseseseseeeeseseeceeeseenaes 7 5 7 3 2 Check That Groups Are Defined Identically on All Nodes cccccccccectsteesesteteteseees 7 5 7 3 3 Check the
34. A load balancer distributes requests equally among the active instances An OracleAS Cold Failover Cluster configuration High Availability for Oracle Identity Federation in the in which two or more Oracle Identity Federation Oracle Application Server High Availability Guide instances serve the same content but only one instance is active at any one time OracleAS Cold Failover Cluster or Real High Availability for OracleAS Metadata Repository in the Application Clusters configurations for OracleAS Oracle Application Server High Availability Guide Metadata Repository 10 1 4 0 1 OracleAS Infrastructure with Existing 10 1 2 or 10 1 3 Environments 10 1 2 or 10 1 3 Middle Tiers Configure a 10 Configuring 10 1 2 and 10 1 3 Middle Tiers to Use OracleAS Release 2 10 1 2 or 10g Release 3 10 1 3 Infrastructure in the Oracle Application Server middle tier instance to use a new 10g 10 1 4 0 1 Administrator s Guide OracleAS Infrastructure Moving Identity Management to a New Host in Oracle This topology also supports associating a 10 Application Server Administrator s Guide Release 2 10 1 2 or 10g Release 3 10 1 3 middle tier instance with a new 10g 10 1 4 0 1 Oracle Identity Management for the following scenarios Changing from a Test to a Production Environment in the Oracle Application Server Administrator s Guide Moving to anew host a Creating a failover environment a Moving applications f
35. Cold Failover Cluster topology two or more Oracle Application Server instances are configured to serve the same application workload but only one instance is active at any particular time These instances run on two different nodes in a hardware cluster These two nodes also have access to a shared storage on which you install the Oracle home for the Oracle Application Server instance One of the nodes in the hardware cluster is the active node It mounts the shared storage and runs the Oracle Application Server instance The other node is the passive or standby node It runs only when the active node fails During the failover event the Installing in High Availability Environments Overview 7 1 Overview of High Availability Configurations passive node mounts the shared storage and runs the Oracle Application Server instance The most common properties of an OracleAS Cold Failover Cluster configuration include a Shared storage The Oracle home for the Oracle Application Server instance is typically installed on storage that is shared by the nodes in the OracleAS Cold Failover Cluster topology The passive Oracle Application Server instance has access to the same Oracle binaries configuration files and data as the active instance a Virtual hostname During OracleAS Infrastructure installation you can specify a virtual hostname in the Specify Virtual Hostname screen This OracleAS Infrastructure virtual hostname can be manage
36. Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 9 How to Create Users in Oracle Internet Directory 3 Install OracleAS Infrastructure OracleAS Metadata Repository only userB was added to the iAS Admins group so that userB can perform this installation See Section 5 5 Groups Required to Install Additional Metadata Repositories The installer registers this new repository with Oracle Internet Directory by creating the orcl1 oracle com entry userB becomes a member of the Repository Owners group and the Mid Tier Admins group for the new repository 4 Install Portal and Wireless Middle Tier userB was added to these groups a Mid Tier Admins group of orcll oracle com so that userB can use the repository for this middle tier a Trusted Application Admins required for installing OracleAS Portal IAS amp User Management Application Admins required for installing OracleAS Portal and OracleAS Wireless iAS Admins required for installing OracleAS Portal and OracleAS Wireless The installer registers this middle tier with Oracle Internet Directory by creating the PW1 entry The middle tier becomes a member of the Associated Mid Tiers group for orcll oracle com 5 7 How to Create Users in Oracle Internet Directory You can create users in Oracle Internet Directory using the Self Service Console which is part of the Oracle Delegated Administration Services See the Or
37. Contents of a New Oracle Internet Directory 5 9 Contents of a New Oracle Internet Directory When you install OracleAS Infrastructure with Oracle Internet Directory OracleAS Metadata Repository and Oracle Delegated Administration Services the Oracle Internet Directory contains the following objects Figure 5 6 a Global groups as listed in Table 5 1 a The cn orcladmin superuser a The orcladmin user belonging to the default realm a An entry for the metadata repository registered with the Oracle Internet Directory This metadata repository is associated with the groups listed in Table 5 2 The cn orcladmin superuser is a member of the Repository Owners group An application entity entry for the Oracle Delegated Administration Services component This component is associated with the groups listed in Table 5 3 The cn orcladmin superuser is a member of the Component Owners group To enable other users to install additional instances of Oracle Delegated Administration Services log in as cn orcladmin in Oracle Directory Manager and add the users to the Component Owners group See Section 5 8 1 Using Oracle Directory Manager to Add Users to Groups Figure 5 6 Contents of a New Oracle Internet Directory Oracle Context IAS Admins Trusted Application Admins DAS Application Entit IAS amp User Mgmt Infrastructure DB IAS Instances DAS Application Entity Application Admins orcl oracle com Component Associated Ow
38. DBCA Failures shows such an error a The etc and the var opt oracle directories must not contain a tnsnames ora file These requirements are necessary to prevent conflicts between the Net configuration files for different Oracle products If you need to set TNS_ADMIN or if you have the tnsnames ora file in etc or var opt oracle do the following steps before installing Oracle Application Server 1 If you have the tnsnames ora file in etc or var opt oracle move the file from these directories to a different directory Alternatively you can rename the file 2 Make sure the TNS_ADMIN environment variable is not set Example C shell unsetenv TNS_ADMIN Example Bourne or Korn shell unset TNS_ADMIN After installation you can merge the contents of the newly created tnsnames ora file with your existing tnsnames ora file 2 20 Oracle Application Server Installation Guide The etc hosts File 2 9 The etc hosts File Although the contents of the etc hosts file affect these items m Section 2 9 1 Location of the Default Oracle Identity Management Realm Section 2 9 2 Hostname for OracleAS Single Sign On the installer provides alternative methods for you to enter the values that you want without editing the hosts file See the following subsections for details 2 9 1 Location of the Default Oracle Identity Management Realm The installer reads the hosts file to construct the location of the default O
39. DVD 3 9 OUI_LHOSTNAME parameter 2 21 S screens database 4 26 first few infrastructure 4 23 last few infrastructure 4 25 OracleAS Certificate Authority 4 27 security tips for silent and non interactive installations B 11 SEMMSL errors F 4 SHMMAX errors F 4 silent installations B 1 deinstalling B 12 post installation steps B 11 pre installation steps B 2 security tips B 11 silentInstall log B 11 Specify Login for Oracle Internet Directory screen 5 16 Specify Namespace in Internet Directory screen 2 21 4 11 SSL connecting to Oracle Internet Directory using 3 7 post installation configuration 11 2 starting grid control plug in installer A 1 starting Oracle Universal Installer 3 8 static ports 2 10 examples 2 13 not working 2 12 staticports ini file 2 10 creating 2 11 for OracleAS Cold Failover Cluster 8 32 format 2 10 in OracleAS Disaster Recovery 10 3 su command 2 19 swap command 2 4 swap space requirement 2 4 symbolic links using 3 2 synchronize clocks for OracleAS Cluster Identity Management 9 3 SYS SYSTEM user passwords 4 10 system requirements 2 2 Index 6 T tmp directory 3 6 space required in 2 4 TNS_ADMIN environment variable 2 20 F 8 tnsnames ora file 2 20 topologies 10 1 4 0 1 identity federation 1 3 10 1 4 0 1 infrastructure 1 3 distributed identity management with integrated HTTP server 1 5 distributed identity management with standalone HTTP serv
40. Each site has two nodes running middle tiers and a node running OracleAS Infrastructure Data Synchronization For OracleAS Disaster Recovery to work data between the production and standby sites must be synchronized so that failover can happen very quickly Configuration changes done at the production site must be synchronized with the standby site You need to synchronize two types of data The synchronization method depends on the type of data a Use Oracle Data Guard to synchronize data in the OracleAS Metadata Repository databases on the production and standby sites You can configure Oracle Data Guard to perform the synchronization a Use the backup and recovery scripts to synchronize data outside of the database such as data stored in configuration files See the Oracle Application Server High Availability Guide for details on how to use Oracle Data Guard and the backup and recovery scripts 10 2 Oracle Application Server Installation Guide Setting up the OracleAS Disaster Recovery Environment Figure 10 1 OracleAS Disaster Recovery Environment Production Site Standby Site External hostname prodmid1 External hostname standbymid1 IP 138 1 2 333 IP 213 2 2 330 Internal hostname asmid1 Internal hostname asmid1 F External hostname standbymid2 Middle Ter Fy ee pro amie Ecole Tigr IP 213 2 2 331 _ _ Pi Internal hostname asmid2 nternal hostname asmid2 Middle Tier Mid
41. Example vhost mydomain com Click Next Installing in High Availability Environments OracleAS Cold Failover Cluster 8 9 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration Table 8 2 Cont Installing OracleAS Infrastructure in an OracleAS Cold Failover Cluster Infrastructure Screen Action 7 OCA screens If you selected Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen the installer displays screens for configuring OCA See Section 4 30 Install Fragment OCA Screens for details 8 Specify Database Global Database Name Enter a name for the OracleAS Metadata Repository Configuration Options database Append a domain name to the database name This domain name for the global database name can be different from your network domain name The domain name portion of the global database name has the following naming restrictions a Can contain only alphanumeric underscore _ minus and pound characters a Must not be longer than 128 characters The database name portion of the global database name has the following naming restrictions a Must contain alphanumeric characters only Must not be longer than eight characters a Must not contain PORT or HOST in uppercase characters If you want the name to contain host or port use lowercase characters Example orcl mydomain com Note Be sure that you do not enter two or more periods together for exa
42. Internet Directory and the scenarios where you decide whether to register or not Table 4 4 Database Registration Scenarios Scenario Registration Schema Passwords Install and configure the OracleAS Metadata Repository Automatic Randomized and Oracle Internet Directory in the same installation session For steps see Section 4 20 Installing OracleAS Infrastructure Install the OracleAS Metadata Repository against an Automatic Randomized existing Oracle Internet Directory See Section 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory Installing OracleAS Infrastructure 4 7 Contents of the OracleAS Metadata Repository Table 4 4 Cont Database Registration Scenarios Scenario Registration Schema Passwords Install an Oracle Internet Directory against an existing Automatic Randomized the metadata OracleAS Metadata Repository repository schemas are given new See Section 4 25 Installing Oracle Internet Directory randomized passwords Only Install the OracleAS Metadata Repository only without Yes Randomized installing Oracle Identity Management components and you choose to register it with Oracle Internet Directory This scenario applies to installing it in a new database or in an existing database To install OracleAS Metadata Repository in a new database see Section 4 22 Installing OracleAS Metadata Repository in a New Database To install OracleAS M
43. Internet Directory Replica against an Existing Database 6 5 1 Overview of Installing a Replica When installing an Oracle Internet Directory replica remember the following In the Select Configuration Options screen you must select Oracle Internet Directory and High Availability and Replication In the Select High Availability Option screen select Replication When the installer prompts you to enter connect information for the master Oracle Internet Directory you need to connect as the Oracle Internet Directory superuser cn orcladmin You need to know the password for the superuser The master Oracle Internet Directory must not already contain a registration for a database with the same global database name or SID as the OracleAS Metadata Repository to be used for the replica The OracleAS Metadata Repository for the replica cannot already be registered with any Oracle Internet Directory 6 5 2 Installing an Oracle Internet Directory Replica with a New Database Follow these steps to install an Oracle Internet Directory replica with a new database Table 6 1 Installing an Oracle Internet Directory Replica with a New Database Screen Action I Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select a Product to Install screen select Oracle Application Server Infrastructure 10g a Inthe Sel
44. Languages See Section 3 4 Installing Additional Languages for details Click Next Installing OracleAS Infrastructure 4 23 Install Fragment The First Few Screens of the Installation Table 4 12 Cont First Few Screens of the Installation Screen Action 8 Select Installation Type 9 Upgrade Existing Oracle9iAS Infrastructure 10 Confirm Pre Installation Requirements The options displayed on this screen depend on what you selected in the Select a Product to Install screen The installation types for OracleAS Infrastructure are Identity Management and Metadata Repository a Identity Management Metadata Repository Click Next If you get an error message saying that the TMP environment variable is not set it means that the default temp directory does not have enough space You can either set the TMP environment variable to point to a different directory or free up enough space in the default temp directory For details on the TMP environment variable see Section 2 8 5 TMP and TMPDIR This screen appears if the installer detects an Infrastructure Release 2 9 0 2 instance on the computer and you selected to install OracleAS Infrastructure This screen presents you with the option to upgrade the existing Release 2 9 0 2 Infrastructure or install the current version of the OracleAS Infrastructure If you want to upgrade see the Oracle Application Server Upgrade and Compatibility Guide Ver
45. Management components 9 6 5 1 Set up staticports ini File If you want to use custom ports for components other than Oracle HTTP Server you need to create a staticports ini file for this installation If you want custom ports for Oracle HTTP Server you specify them in the Specify HTTP Load Balancer Host and Listen Ports screen If you specify custom ports for Oracle HTTP Server also in the staticports ini file and you also specify ports in the screen mentioned above the ports specified in the screen take precedence To avoid specifying Oracle HTTP Server ports in the staticports ini file the staticports ini file must not contain these lines Oracle HTTP Server port port_num Oracle HTTP Server Listen port port_num Oracle HTTP Server SSL port port_num Oracle HTTP Server Listen SSL port port_num If you have a staticports ini file you should also use the same file for installations on subsequent nodes Installing in High Availability Environments OracleAS Cluster Identity Management 9 21 Installing a Distributed OracleAS Cluster Identity Management Configuration 9 6 5 2 Start the Installer Key Points a Inthe Specify OracleAS Cluster screen for the first node select Create a New Cluster For the second node select Join an Existing Cluster to join the cluster that you created when installing on the first node a Inthe Specify HTTP Load Balancer Host and Ports screen enter the name of the HTTP virtual
46. Options screen perform the following steps Select Oracle Internet Directory Do not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Do not select Oracle Application Server Certificate Authority OCA Select High Availability and Replication 3 For Oracle Home 1 follow the installation instructions in Section 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory On the Select Configuration Options screen perform the following steps Do not select Oracle Internet Directory Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Do not select Oracle Directory Integration Platform Do not select Oracle Application Server Certificate Authority OCA 1 6 Oracle Application Server Installation Guide Recommended Topologies a Select High Availability and Replication 4 On Oracle Home 2 perform the following commands to disable Oracle HTTP Server a Edit the ORACLE_HOME opmn bin opmn xm1 file to change the Oracle HTTP Server status to disabled as shown in bold lt ias component id HTTP_Server status disabled gt lt process type id HTTP_Server module id O0HS gt lt module data gt lt ias component gt b Perform the following command to stop OPMN prompt gt ORACLE_HOME opmn
47. Oracle Internet Directory Which groups are necessary depends on which components you are installing See Section 5 3 Groups Required to Configure or Deinstall Components for details Password Enter the password for the username Realm Enter the realm against which to validate the username This field appears only if your Oracle Internet Directory has multiple realms Click Next If you select Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen the installer displays screens where you need to enter OCA information See Section 4 30 Install Fragment OCA Screens Enter information for the OracleAS Metadata Repository database See Section 4 29 Install Fragment Database Screens Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example infra ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The L
48. Properties of the oracle User cccccccsesessccsssesesesescesesescscsssesesesesesnseseecseens 7 5 7 3 4 Check for Previous Oracle Installations on All NodeS ccccccccccssessecsecssecseceseeseeeseeeees 7 6 Installing in High Availability Environments OracleAS Cold Failover Cluster 8 1 OracleAS Cold Failover Cluster Introduction ccccecceesssesseecseeeceeceeceeeaeesecnecaeeeeeeeaeeaeenes 8 1 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster cccccccsssesseteteseeeesesesesnenenene 8 2 8 2 1 Map the Virtual Hostname and Virtual IP Address ccc cceetetee ce eeseeeeeeeeeees 8 2 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes cccccceeeeeees 8 4 8 2 3 Review Recommendations for Automatic Storage Management ASM 000 8 5 8 2 4 Check That Clusterware Is Running Automated Failovers Only cccccseseeteeees 8 5 8 2 5 Modify listener ora file for Existing Database cccccsseseccscsesesesescseneseseeeseseeseecseees 8 5 8 3 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration 0 8 6 8 3 1 OracleAS Cold Failover Cluster Infrastructure Overview of Installation Steps 8 8 8 3 2 OracleAS Cold Failover Cluster Infrastructure Details of Installation Steps 8 8 8 4 Installing a Distributed OracleAS Cold Failover Cluster Infrastructure Configuration PEE EE E A EE E E E dives 8 11 8 4 1 Distributed OracleAS Cold Failover Clus
49. SQA cn OracleDBSecuritydmins ay displaynanes Component Ouners SQ cn OracleNetAdmins dn en Component Duners orclApplicationConmonName DASAPF 9 02 cn Products modifiersnames fsorcladmin 03 en Calendar RTRT Geptenber 12 2003 4 41 06 An UT EAA cn Common GA cn DpAS 3 cn Attribute Conf igura cn Operat ionURLs groupOF Uni queNames orclApplicationCommonNa pe en Associated Mid ti cn orcladmin cn Component Owners objectclass o cn Dynamic Services EQ cn EMai lServerContainer T anmo pinag uniquemember 5 8 2 Using Deployment Delegation Console to Add Users to Groups Using the Deployment Delegation Console which is installed as part of Oracle Delegated Administration Services you can add users to or remove users from the following groups Repository Owners a Mid Tier Administrators Component Owners Note You can add users to these groups only if these groups have existing members other than the cn orcladmin superuser If the only member of these groups is the superuser then you have to use Oracle Directory Manager to add users to these groups See Section 5 8 1 Using Oracle Directory Manager to Add Users to Groups To add users to these groups 5 14 Oracle Application Server Installation Guide How to Add Users to Groups in Oracle Internet Directory 1 Ensure that the Oracle Delegated Administration Services and Oracle Internet Directory are
50. Select Configuration Options 3 Specify Port Configuration Options 4 Specify Namespace in Internet Directory 5 OCA screens 6 Oracle Database screens 7 Specify Instance Name and ias_admin Password Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Identity Management and Metadata Repository Select Oracle Internet Directory Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Select Oracle Application Server Certificate Authority OCA if you want to configure your own certificate authority which can issue certificates for users and servers Do not select High Availability and Replication Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file Click Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace
51. To create a distributed OracleAS Cold Failover Cluster Identity Management configuration against an existing cold failover cluster database perform these steps Installing in High Availability Environments OracleAS Cold Failover Cluster 8 21 Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration Table 8 6 Overview of Installation Steps for Distributed OracleAS Cold Failover Cluster Identity Management Configuration Step Description 1 Perform Pre Installation Steps Pre installation tasks described in Section 8 2 include Section 8 2 1 Map the Virtual Hostname and Virtual IP Address Section 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes a Section 8 2 3 Review Recommendations for Automatic Storage Management ASM 2 Install OracleAS Metadata Repository Install OracleAS Metadata Repository on your existing cold failover cluster database 3 Install Oracle Internet Directory and Oracle Install the Oracle Internet Directory and Oracle Directory Directory Integration Platform Integration Platform components 4 Install OracleAS Single Sign On and Oracle Install the OracleAS Single Sign On and Oracle Delegated Delegated Administration Services Administration Services components 8 6 2 Distributed OracleAS Cold Failover Cluster Identity Management Details of Installation Steps Step 1 Perform Pre Installation Steps Perform the pre installation ste
52. a multihomed computer A multihomed computer is associated with multiple IP addresses This is typically achieved by having multiple network cards on the computer Each IP address is associated with a hostname additionally you can set up aliases for the hostname By default Oracle Universal Installer uses the OUI_HOSTNAME environment variable setting to find the hostname If OUI_HOSTNAME is not set and you are installing on a computer that has multiple network cards Oracle Universal Installer determines the hostname by using the first name in the etc hosts file Clients must be able to access the computer using this hostname or using aliases for this hostname To check ping the hostname from the client computers using the short name hostname only and the full name hostname and domain name Both must work 2 10 2 Copying CD ROMs or DVD ROM to Hard Drive and Installing from the Hard Drive Instead of installing from the Oracle Application Server CD ROMs or DVD ROM you can copy the contents of the CD ROMs or DVD ROM to a hard drive and install from there This might be easier if you plan to install many instances of Oracle Application Server on your network or if the computers where you want to install Oracle Application Server do not have CD ROM or DVD ROM drives You can install from remote CD ROM or DVD ROM drives see Section 2 10 3 Installing from a Remote CD ROM or DVD ROM Drive When you install from the hard drive
53. active node fails then a failover event occurs The passive node takes over and becomes the active node It mounts the shared storage and runs the processes Configurations You can install OracleAS Cold Failover Cluster in these configurations Installing in High Availability Environments OracleAS Cold Failover Cluster 8 1 Pre Installation Steps for OracleAS Cold Failover Cluster OracleAS Cold Failover Cluster Infrastructure See Section 8 3 Distributed OracleAS Cold Failover Cluster Infrastructure See Section 8 4 OracleAS Cold Failover Cluster Identity Management See Section 8 5 Distributed OracleAS Cold Failover Cluster Identity Management See Section 8 6 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster Before installing Oracle Application Server in an OracleAS Cold Failover Cluster perform these procedures Section 8 2 1 Map the Virtual Hostname and Virtual IP Address Section 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes Section 8 2 3 Review Recommendations for Automatic Storage Management ASM Section 8 2 4 Check That Clusterware Is Running Automated Failovers only Section 8 2 5 Modify listener ora file for Existing Database Note In addition to the requirements listed in this chapter ensure that you meet the requirements described in Section 7 3 Requirements for High Availability Configurations 8 2 1 Map the Virtual Hostname and Virtual I
54. admin User and Restrictions on its Password The installer prompts you to specify the password for the ias_admin user The ias_ admin user is the administrative user for Oracle Application Server instances To manage Oracle Application Server instances using Application Server Control you log in as ias_admin On a computer you can install multiple Oracle Application Server instances each with its own unique instance name but the name of the administrative user is ias_admin for all instances The password for the ias_admin user can be different for each instance Password for the ias_admin User The password for the ias_admin user must conform to Oracle Internet Directory s password policy Ifyou are using the Oracle Internet Directory that is shipped with this release of Oracle Application Server and you did not change the default password policy passwords have the following restrictions a The minimum length is five alphanumeric characters a Atleast one of the characters must be a number 3 4 Oracle Application Server Installation Guide Where Does the Installer Write Files If you are using any other version of Oracle Internet Directory for example you are using an existing Oracle Internet Directory your Oracle Internet Directory administrator might have defined a different password policy The password you enter for the ias_admin user must conform to the existing Oracle Internet Directory s password policy I
55. an Oracle Internet Directory or do not know its connect information select No Click Next This screen appears only if you selected Yes in the previous screen Username Enter the username for logging into Oracle Internet Directory The user must belong to the iAS Admins group in Oracle Internet Directory Password Enter the password Realm This field appears only if your Oracle Internet Directory contains multiple realms Enter the name of the realm against which to authenticate the user Click Next Virtual Hostname Enter the name of the virtual host Click Next 8 30 Oracle Application Server Installation Guide Post Installation Steps for OracleAS Cold Failover Cluster Table 8 10 Cont Installing the OracleAS Metadata Repository Only Screen Action 7 Oracle Database screens Enter information for the OracleAS Metadata Repository database See Section 4 29 Install Fragment Database Screens Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 8 9 Post Installation Steps for OracleAS Cold Failover Cluster Section 8 9 1 Edit the ORACLE_HOME Apache Apache htdocs index html File Section 8 9 2 Copy the var opt oracle Directory to the Other Node m Section 8 9 3 Running Database Console against a Cold Failover Cluster Database a Section 8 9 4 Create a Clusterware Agent for Automatic Failover 8 9 1 Edit the OR
56. an OracleAS Cold Failover Cluster Identity Management Configuration Figure 8 3 shows an OracleAS Cold Failover Cluster Identity Management configuration This configuration is suitable if you have the OracleAS Metadata Repository database in a separate highly available environment and you want to use an active passive configuration for the Oracle Identity Management components You install the Oracle Identity Management components on a shared disk different from the share disk that contains the OracleAS Metadata Repository database This configuration includes two clustered nodes storage devices local to each node 8 14 Oracle Application Server Installation Guide Installing an OracleAS Cold Failover Cluster Identity Management Configuration a two shared disks that can be accessed by both nodes One shared disk contains the Oracle home for the database on which you will load the OracleAS Metadata Repository and on the other shared disk you will install Oracle Identity Management During normal operation node 1 which is the primary node is the active node It mounts both shared disks to access the Oracle Identity Management and database files runs the Oracle Identity Management and database processes and handles all requests If node 1 goes down for any reason the clusterware fails over the Oracle Identity Management and database processes to node 2 Node 2 becomes the active node mounts both shared disks ru
57. assign different owners and users for each repository Table 5 2 Groups Associated with Each Metadata Repository Registered with Oracle Internet Directory Group Description Repository Owners The user who installs the metadata repository becomes a member of this group DN cn Repository Owners Repository Owners have the following privileges orclReferenceName dbName cn IAS Infrastructure Databases cn IAS a De register this repository cn Products cn OracleContext Add remove users to from this group Add remove users to from the Mid Tier Admins group for this repository Add remove middle tier instances to from this repository All privileges of the Mid Tier Administrators group Mid Tier Administrators Mid Tier Administrators have the following privileges DN cn Repository Mid tiers Add remove middle tier instances from the Associated Middle Tiers group orclReferenceName dbName for this repository This is required to install a middle tier or to configure a cn IAS Infrastructure middle tier component to use a different repository Databases cn IAS cn Products cn OracleContext Access metadata for the repository database object Associated Middle Tiers Members of this group are middle tier instances associated with this metadata ae 1 4 repository The middle tier instances are added to this group during installation ped ere a You do not have to add the instances manually to this group cn
58. be able to find the file The installer will then assign default ports for all the components and it will do this without displaying any warning Difference from Previous Release In 10g 9 0 4 you used command line options to specify the staticports ini file In this release you specify the file in the new Specify Port Configuration Options screen 2 5 3 1 Format of the staticports ini File The staticports ini file has the following format Replace port_num with the port number that you want to use for the component J2EE and HTTP Server 2 10 Oracle Application Server Installation Guide Ports Oracle HTTP Server port port_num Oracle HTTP Server Listen port port_num Oracle HTTP Server SSL port port_num Oracle HTTP Server Listen SSL port port_num Oracle HTTP Server Diagnostic port port_num Java Object Cache port port_num DCM Discovery port port_num Oracle Notification Server Request port port_num Oracle Notification Server Local port port_num Oracle Notification Server Remote port port_num Application Server Control port port_num Application Server Control RMI port port_num Oracle Management Agent port port_num Log Loader port port_num ASG port port_num Infrastructure Oracle Internet Directory port port_num Oracle Internet Directory SSL port port_num Oracle Certificate Authority SSL Server Authentication port port_num Oracle Certificate Author
59. following command prompt gt ORACLE_HOME opmn bin opmnctl stopproc ias component HTTP_Server Then re run the OPMN Configuration Assistant Start HTTP Server F 8 Oracle Application Server Installation Guide Installation Problems and Solutions F 3 17 OPMN Configuration Assistant Start DAS Instance Failures Problem The OPMN Configuration Assistant Start DAS Instance fails when you re run it Solution The problem is that the Oracle Delegated Administration Services instance is already running Before re running the configuration assistant stop the Oracle Delegated Administration Services instance with the following command prompt gt ORACLE_HOME opmn bin opmnctl stopproc ias component 0C4J_Security Then re run the OPMN Configuration Assistant Start DAS Instance F 3 18 OPMN Configuration Assistant Start OCA Failures Problem The OPMN Configuration Assistant Start OCA fails when you re run it Solution The problem is that the OCA instance is already running Before re running the configuration assistant stop the OCA instance with the following command prompt gt ORACLE_HOME opmn bin opmnctl stopproc ias component 0C4J instancename oca Then re run the OPMN Configuration Assistant Start OCA F 3 19 WARNING DCM service may not be available at this time Problem When installing the first node of an OracleAS Cluster Identity Management the Java Security Configuration Assistant may return the followin
60. for each Zip file you downloaded c oraAS10g Disk1 c oraAS10g Disk2 etc If you plan burn the files on a CD ROM create a separate CD ROM from the contents of each directory Do not burn a CD ROM containing the Zip file itself you need the unzipped contents of the Zip files to do the installation When you burn the files to CD ROM the contents of each disc must be at the root of the CD image To install from CD ROM or from your hard drive see Section 3 15 Starting the Oracle Universal Installer 3 14 Setting the Mount Point for the CD ROM or DVD The Oracle Application Server CD ROMs are in RockRidge format The DVD is in DVD format To mount the first disc 1 Insert Oracle Application Server disk 1 into the disk drive 2 Create the SD_CDROM directory if it does not already exist usr bin mkdir SD_CDROM 3 Enter a command similar to the following usr sbin mount F cdfs o rr dev dsk cxdytz SD_CDROM In the preceding example SD_CDROM is the disk mount point directory and dev dsk cxdytz is the device name for the disk device for example dev dsk c0d2t0 3 15 Starting the Oracle Universal Installer 1 If you are installing from a CD ROM or DVD ROM and your computer does not mount CD ROMs or DVDs automatically you need to set the mount point manually See Section 3 14 Setting the Mount Point for the CD ROM or DVD for details 2 Loginas the oracle user 3 If you are installing Oracle Applica
61. in Internet Directory Screen Click Next If you select Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen the installer displays screens where you need to enter OCA information See Section 4 30 Install Fragment OCA Screens Enter information for the OracleAS Metadata Repository database See Section 4 29 Install Fragment Database Screens Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example infra ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Installing OracleAS Infrastructure 4 13 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory Perform this procedure to install Oracle Identity Management components
62. in the var opt oracle directory If a node does not contain this file then it does not have an oraInventory directory that will be used by the installer You can check the next node 2 For nodes that contain the oraInst 1loc file rename the file and the oraInventory directory The installer then prompts you to enter a location for a new oralInventory directory For example enter the following commands as root cat var opt oracle oraInst loc inventory_loc localfs app oracle oraInventory inst_group dba mv var opt oracle oraInst loc var opt oracle oraInst loc orig mv localfs app oracle oraInventory localfs app oracle oraInventory orig Because the oraInst 1oc file and the Oracle Installer Inventory directory are required only during the installation of Oracle software and not at runtime renaming them and restoring them later does not affect the behavior of any installed Oracle software on any node Make sure that the appropriate oraInst 1loc file and Oracle Installer Inventory directory are in place before starting the Oracle Universal Installer Note For an OracleAS Disaster Recovery configuration the correct oraInst 1loc file and associated oraInventory directory are required during normal operation not just during installation 7 6 Oracle Application Server Installation Guide 8 Installing in High Availability Environments OracleAS Cold Failover Cluster This chapter desc
63. ip address For example enter the following command if lan0 2 is available usr sbin ifconfig lan0 2 138 1 12 191 Note You must use the same NETMASK and BROADCAST values for this interface as those used for the primary public network interface 1an0 in this example Modify the ifconfig commands in this step to include the appropiate netmask and broadcast options 6 Check that the virtual IP address is configured correctly 1 Use the instructions listed in step 3 to confirm the new entry for the primary public interface available_index entry created in step 5 2 Try to connect to the node using the virtual hostname and virtual IP address from another node For example entering both of the following commands Installing in High Availability Environments OracleAS Cold Failover Cluster 8 3 Pre Installation Steps for OracleAS Cold Failover Cluster from a different node should provide a login to the node you configured in this procedure telnet hostname domain telnet ip_address For example enter telnet vhost mydomain com telnet 138 1 12 191 On Failover If the active node fails then the secondary node takes over If you do not have a clusterware agent to map the virtual IP from the failed node to the secondary node then you have to do it manually You have to remove the virtual IP mapping from the failed node and map it to the secondary node 1 On the failed node remove the virtual IP address by r
64. is the metadata repository that the middle tier will use for its product metadata To use a second metadata repository for a J2EE and Web Cache middle tier you have different options depending on which J2EE and Web Cache features you need a If you need both the Oracle Identity Management Access feature and the Database Based Farm feature you need to register the second metadata repository with the Oracle Internet Directory If you need only the Database Based Farm feature you do not need to register the second metadata repository The reason for this is that you might not have an Oracle Internet Directory Figure 4 1 shows a topology that involves two metadata repositories It uses four computers Computer 1 runs a metadata repository and Oracle Identity Management components The Oracle Identity Management components use this metadata repository Computer 2 has a metadata repository that is registered with the Oracle Internet Directory running on Computer 1 Computer 3 has a Portal and Wireless middle tier This middle tier knows to use the metadata repository on Computer 1 for its product metadata because it was registered with that metadata repository during installation Computer 4 also has a Portal and Wireless middle tier This middle tier knows to use the metadata repository on Computer 2 for its product metadata because it was registered with that metadata repository during installation Installing OracleAS Infrastruc
65. log files Troubleshooting F 1 Installation Problems and Solutions 2 Remove the failed installation by following the steps in Appendix D Deinstallation and Reinstallation 3 Correct the issue that caused the error 4 Restart the installation F 3 Installation Problems and Solutions This section describes common installation problems and solutions Section F 3 1 Location of Log Files Section F 3 2 Linking Failed ORA Errors Section F 3 3 Prerequisite Checks Fail at the Start of Installation Section F 3 4 Message About Installing in a Non Empty Directory Section F 3 5 Messages About SHMMAX and SEMMSL Section F 3 6 Installer Disappears After Running the Pre Installation Checks Section F 3 7 Unable to Clean Up a Failed Installation Section F 3 8 Forgot the Password for the cn orcladmin Account Section F 3 9 cn orcladmin Account Becomes Locked Section F 3 10 User Interface Does Not Display in the Desired Language or Does Not Display Properly Section F 3 11 Installer Does Not Display Correct Database Name for OracleAS Metadata Repository Section F 3 12 Configuration Assistant Failures General Section F 3 13 OracleAS Randomize Password Configuration Assistant Failures Section F 3 14 Database Configuration Assistant DBCA Failures Section F 3 15 Harmless Error Message from Database Configuration Assistant DBCA Section F 3 16 OPMN Configuration Assistant Start H
66. may report the following WARNING DCM service may not be available at this time to synchronize SORACLE_ HOME j2ee home config jazn data xml file Refer to Section F 3 19 WARNING DCM service may not be available at this time for information on how to correct this problem after the installation is finished See Also The Oracle Application Server High Availability Guide for more information on load balancer requirements 9 5 3 4 Ensure that the OracleAS Metadata Repository Is Not Registered with any Oracle Internet Directory When you perform the installation on the first node you need to specify an OracleAS Metadata Repository that is not registered with any Oracle Internet Directory The installer checks for this If the installer finds that the OracleAS Metadata Repository is already registered with an Oracle Internet Directory then it assumes that you are installing on subsequent nodes and that you want to join the cluster that was created when you installed on the first node It prompts you for the existing cluster name and the connect information for the Oracle Internet Directory 9 5 3 5 Select the Same Components for Each Node You must select the same components in the Select Configuration Options screen when installing on each node For example if you select Oracle Internet Directory OracleAS Single Sign On and Oracle Delegated Administration Services on the first node you must select these same set of components on subsequ
67. names namespace in Oracle Internet Directory 4 11 Network Appliance filers 2 25 network requirements 2 2 network topics 2 22 installing from hard drive 2 22 installing from remote CD ROM DVD drive 2 23 installing on multihomed computers 2 22 NFS storage 2 25 remote installations 2 24 NFS installations configuring Oracle HTTP Server 11 2 NFS storage 2 25 NIS and NIS 2 26 NLS_LANG environment variable 11 2 non interactive installations B 1 B 2 deinstalling B 12 log files B 11 post installation steps B 11 pre installation steps B 2 security tips B 11 O oinstall group 2 16 3 3 operating system groups 2 16 dba group 2 17 for database administration 2 16 for inventory directory 2 16 groups command 2 18 oinstall group 2 16 OSDBA group 2 17 OSOPER group 2 17 operating system users 2 17 groups command 2 18 oracle user 2 17 operating system version 2 2 OPMN configuration assistant Start DAS Instance re running F 9 OPMN configuration assistant Start HTTP Server re running F 8 OPMN configuration assistant Start OracleAS Certificate Authority re running F 9 Oracle Data Guard for OracleAS Disaster Recovery 10 2 10 6 Oracle database port 1521 issue 2 13 Oracle Delegated Administration Services 4 6 and mod_osso 11 3 cn orcladmin superuser 5 2 dependency on OracleAS Single Sign On 4 6 deploying on a separate host 4 12 groups required for installation 5 4 Oracle Directory Integrat
68. need Oracle HTTP Server to use SSL you can set it up after installation See the Oracle HTTP Server Administrator s Guide for details 3 13 Obtaining Software from Oracle E Delivery You can obtain Oracle products from Oracle E Delivery at http edelivery oracle com Oracle products are distributed as E Packs An E Pack is an electronic version of the software that is also available to Oracle Customers on CD ROM or DVD ROM 3 13 1 Finding and Downloading the Oracle Application Server 10g 10 1 4 0 1 E Pack Refer to the CD Media Pack description or the list of products that you purchased on your Oracle Ordering Document Then view the License List to help you decide which Product Pack you need to select in order to search for the appropriate E Pack s to download Prior to downloading verify that the product you are looking for is in the License and Options section of the E Pack README Oracle recommends that you print the README for reference 3 13 2 Finding Required and Optional Downloads Refer to the README link that is on each E Pack Download page In addition to listing the licensable products and options contained in the pack the README lists downloadable files that are required to run each product and which downloadable files are optional Oracle recommends that you print the README for reference 3 13 3 Disk Space Requirements In addition to having the required disk space necessary to install and run your Oracle softwar
69. not guaranteed to be synchronized in real time but the data become identical within an acceptable time interval For More Information This chapter provides information from an installation point of view For in depth information on replication see the following guides a For information on Oracle Internet Directory replication concepts and administration see the Oracle Internet Directory Administrator s Guide a For information on Oracle Internet Directory replication deployment scenarios see the Oracle Identity Management Infrastructure Administrator s Guide Types of Replication There are two types of replication During installation you select the type of replication that you want a Section 6 1 1 Fan Out Replication LDAP Replication a Section 6 1 2 Multimaster Replication Advanced Replication Installing Oracle Internet Directory in Replicated Mode 6 1 Oracle Internet Directory Replication Overview 6 1 1 Fan Out Replication LDAP Replication In fan out replication one Oracle Internet Directory is the master and the other Oracle Internet Directory instances are called the Oracle Internet Directory replicas In one way fan out replication clients modify the data in the master Oracle Internet Directory only The master then propagates the changes to the replicas These replicas in turn can update other Oracle Internet Directory replicas In two way fan out replication clients modify the data in
70. oraInventory directory The silentInstall lt time_stamp gt 1log file contains the following line if the installation was successful The installation of OracleAS lt Installation Type gt was successful The installActions lt time_stamp gt 1log file contains specific information for each Oracle Application Server installation type See Also Appendix E Configuration Assistants Note Application Server Control Configuration Assistant and DCM Repository Backup Assistant success messages appear for first time installation of Oracle Application Server B 8 Security Tips for Silent and Non Interactive Installations One of the pieces of information in the response file is the installation password The password information is in clear text To minimize security issues regarding the password in the response file follow these guidelines Set the permissions on the response files so that they are readable only by the operating system user who will be performing the silent or non interactive installation If possible remove the response files from the system after the silent or non interactive installation is completed If you are installing the OracleAS Metadata Repository in silent or non interactive mode the installer creates these log files a ORACLE HOME admin lt ORACLE _SID gt create lt ORACLI EJ __SID gt log m ORACLE _HOME cfgtoollogs lt ORACLE_SID gt log
71. s_dbRetChar Unicode standard UTF 8 AL32UTF8 s_dbSid mr s_globalDBName mr mycompany com b_loadExampleSchemas false Specify Database Management Option s_dlgEMEmailNotificationSelected N s_dlgEMOptionSelected Use Database Control for Database Management s_dlgEMCentralAgentSelected No Agents Found s_dlgEMSMTPServer s_dlgEMEmailAddress Specify Database File Storage Option s_DataorASMret File System s_mountPoint local_location oradata Specify Backup and Recovery Options s_dlgRBOEnableAutoBackups Do not enable Automated backups Specify Database Schema Passwords s_superAdminPasswdType S s_superAdminSamePasswd schemapassword s_superAdminSamePasswdAgain schemapassword Select Database Configuration s_dlgStarterDBConfigCreateStarterDB Create a starter database s_dlgStarterDBConfigOptionSelected General Purpose oracle oid oidca s_silentinstallflag 1 oracle iappserver infrastructure b_configureCentralMon false szOIDwithSSLStatus N nValidationOID2 0 nValidat ionOID 0 nValidationRepository 0 oracle iappserver instance szl_ InstanceInformation instancename instancepassword instancepassword oracle iappserver instance nValidationInstanceInfo 0 oracle apache apache s_group dba oracle apache apache s_groupid dba oracle iappserver iapptop szl_InstanceInformation instancepassword Silent and Non Interactive Installation B 7 Create the Response File B 5 4 3 Exam
72. server of the load balancer and the associated port You also enter the port number for Oracle HTTP Server on this screen a Also in the Specify HTTP Load Balancer Host and Ports screen you need to specify the same HTTP virtual server name and port number for all nodes However you can specify different port numbers for Oracle HTTP Server on each node as long as your load balancer is configured to communicate with the specified port on that node Table 9 8 Steps for Installing Oracle Delegated Administration Services and OracleAS Single Sign On ina Distributed OracleAS Cluster Identity Management Configuration Screen Action Select Configuration Options Specify Port Configuration Options Select High Availability Option Create or Join an OracleAS Cluster Identity Management Specify New OracleAS Cluster Name or Specify Existing OracleAS Cluster Name Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes In the Select Installation Type screen select Oracle Identity Management Do not select Oracle Internet Directory Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform if you need this component Do not select Oracle Application Server Certificate Authority OCA Select High Availability an
73. the 127 0 0 1 address 127 0 0 1 localhost 213 2 2 330 asmidl oracle com asmidl 213 2 2 331 asmid2 oracle com asmid2 213 2 2 110 asinfra oracle com asinfra c Ensure that the hosts line in the etc nsswitch conf file has files as the first item hosts files nis dns The entry specifies the ordering of the name resolution If another method is listed first then the node will use the other method to resolve the hostname Note Restart the nodes after editing these files Verifying that the Nodes Resolve the Hostnames Correctly After making the changes and restarting the nodes check that the nodes resolve the hostnames properly by running the following commands On the middle tier nodes on both sites run the hostname command This should return the internal hostname For example the command should return asmid1 if you run it on prodmid1 and standbymid1 prompt gt hostname asmid1 On each node ping the other nodes in the environment using the internal hostname as well as the external hostname The command should be successful For example from the first midtier node prodmid1 run the following commands prompt gt ping prodinfra ping the production infrastructure node PING prodinfra 56 data byes 64 bytes from prodinfra oracle com 138 1 2 111 icmp_seq 0 time 0 ms aG prompt gt ping iasinfra ping the production infrastructure node PING iasinfra 56 data byes 64 bytes from iasinfra oracle
74. the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details 1 3 2 Installing a Distributed Oracle Identity Management with an Integrated Oracle HTTP Server In this topology there are two Oracle Homes as depicted in Figure 1 2 The first Oracle Home contains Oracle HTTP Server OracleAS Single Sign On and Oracle Delegated Administration Services The second Oracle Home contains Oracle Internet Directory and Oracle Directory Integration Platform This topology can be associated with a 10g Release 2 10 1 2 or 10g Release 3 10 1 3 middle tier Product and Installation Overview 1 5 Recommended Topologies Figure 1 2 Cluster with a Distributed Oracle Identity Management with an Integrated Oracle HTTP Server Oracle Home 1 Oracle Home 2 OC4J SSO DAS Application Server Control OracleAS Metadata Repository Requirements The requirements are the same as those listed in Chapter 2 Requirements Installation Sequence To install this topology 1 Install OracleAS Metadata Repository on a shared disk It is recommended that you install OracleAS Metadata Repository in an existing database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details 2 For Oracle Home 2 follow the installation instructions in Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory On the Select Configuration
75. the section on standby site cloning in Oracle Application Server High Availability Guide for more information Oracle database server home for an OracleAS Metadata Repository configuration created using OracleAS Metadata Repository Creation Assistant a OracleAS Disaster Recovery full site upgrade from OracleAS 10g 9 0 4 to OracleAS 10g 10 1 2 0 2 see the chapter on OracleAS Disaster Recovery site Installing in High Availability Environments OracleAS Disaster Recovery 10 9 Patching OracleAS Guard Release 10 1 2 0 0 with Release 10 1 2 0 2 upgrade procedure in Oracle Application Server High Availability Guide for more information OracleAS Guard patch upgrade from OracleAS 10g 10 1 2 0 0 to OracleAS 10g 10 1 2 0 2 see Section 10 5 Patching OracleAS Guard Release 10 1 2 0 0 with Release 10 1 2 0 2 for more information If this is an upgrade installation of OracleAS Guard make a copy of your dsa conf configuration file to save your current settings for your OracleAS Guard environment After running the OracleAS 10g 10 1 2 0 2 standalone install kit of OracleAS Guard you can restore your saved dsa conf configuration file with your settings to continue using the same settings for the upgraded OracleAS Guard environment To run the OracleAS 10g 10 1 2 0 2 standalone install kit of OracleAS Guard run the kit in the following directory path On UNIX systems Disk2 asg install runInstaller Choose the type
76. two databases on the same computer this could degrade performance See Section 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory for details In the Select Configuration Options screen select Oracle Application Server Certificate Authority OCA only a Install OCA with its own OracleAS Metadata Repository 4 19 How to Deploy Oracle Delegated Administration Services on a Separate Host To configure Oracle Delegated Administration Services in a separate Oracle Home you perform a standalone installation of it To do this select the Identity Management installation type and on the Configuration Options screen select Delegated Administration Services 4 20 Installing OracleAS Infrastructure Perform this procedure to install an OracleAS Metadata Repository and Oracle Identity Management components This procedure provides a complete OracleAS Infrastructure in a single Oracle home If you want to use an existing Oracle Internet Directory see Section 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory If you want to use an existing database for the OracleAS Metadata Repository see the Oracle Application Server Metadata Repository Creation Assistant User s Guide 4 12 Oracle Application Server Installation Guide Installing OracleAS Infrastructure Table 4 5 Steps for Installing OracleAS Infrastructure Screen Action 1 2
77. use OracleAS Cold Failover Cluster type to characterize the cluster solution For example a OracleAS Cold Failover Cluster Identity Management a OracleAS Cold Failover Cluster Infrastructure From the entry point of an Oracle Application Server system content cache to the back end layer data sources all the tiers that are crossed by a client request can be configured in a redundant manner either in an active active configuration using OracleAS Clusterss or in an active passive configuration using OracleAS Cold Failover Clusters See Chapter 8 Installing in High Availability Environments OracleAS Cold Failover Cluster for installation details 7 1 2 OracleAS Clusters Oracle Application Server provides an active active model for all its components with OracleAS Clusters In an OracleAS Clusters two or more Oracle Application Server instances are configured to serve the same application workload These instances typically run on different nodes You need an external load balancer in front of the nodes Clients direct requests to these nodes through the load balancer which then sends the requests to one of the nodes for processing The load balancer uses its own algorithm to decide which node to send a request to The most common properties of an OracleAS Clusters configuration include a Identical instance configuration The instances are meant to serve the same workload or application Their identical configuration guarant
78. you can reset it See the Oracle Application Server Administrator s Guide for details 3 7 Comparing Installing Components against Configuring Components When you select components on the Select Configuration Options screen the installer installs and configures the selected components For the unselected components the installer still installs them but does not configure them In most cases you can configure components that you did not select on the Select Configuration Options screen after installation using the Application Server Control See the Oracle Application Server Administrator s Guide for details 3 8 Where Does the Installer Write Files The installer writes files to the following directories Table 3 1 Directories Where the Installer Writes Files Directory Description Oracle home directory This directory contains Oracle Application Server files You specify this directory when you install Oracle Application Server Things You Should Know Before Starting the Installation 3 5 Why Do I Need to be Able to Log In as Root at Certain Times During Installation Table 3 1 Cont Directories Where the Installer Writes Files Directory Description Inventory directory When you install the first Oracle product on a computer you specify this directory which the installer uses to keep track of which Oracle products are installed on the computer In subsequent installations the installer uses the same invent
79. 1 5 8 1 1 Navigating to Global Group ccccccsssssseesesesesssesescsesssesesescseseseecscsessseseeceees 5 11 5 8 1 2 Navigating to Metadata Repository Groups cccecccssesceceesesesteneeseseeteeseeeees 5 12 5 8 1 3 Navigating to Component Groups ccccccseeseeeseececseseesseesesesseececeesesesesseesseneneees 5 13 5 8 2 Using Deployment Delegation Console to Add Users to Group5S ccceecees 5 14 5 9 Contents of a New Oracle Internet Directory c ccccccccsecsesteteteseecesesesseneenesesesneeneeeenes 5 16 5 10 On the Specify Login for Oracle Internet Directory Screen What Username and Realm Do I BIGOT E E A S E su steisunsduauhateatbant E EN T E 5 16 Installing Oracle Internet Directory in Replicated Mode 6 1 Oracle Internet Directory Replication Overview ssssssssssisesissessessenrirsissisnentensessessenneenees 6 1 6 1 1 Fan Out Replication LDAP Replication ccccc ccc ce ceeeeseseeceeeseeecesecenenenesesenens 6 2 6 1 2 Multimaster Replication Advanced Replication ccccccecccesesesecsenesesescseeeeeeeeees 6 2 6 2 IREQUITETMEN ES eiro ua erae Teo aee aE Aa ls RA OE a eE E A EEEE 6 3 6 2 1 Database Requirements sissies i e EENE E EE A E E e 6 3 6 2 2 Clock Synchronization mpe e a beats inves ses e E ates cutee 6 4 6 3 Installation Order isis e ea raaa a ioare ew ee I RA eS 6 4 6 4 Installing a Master Oracle Internet Directory ccccc cece cece cscs ceeseseececeeenecececeseseneneeesees 6 4 6
80. 26 Installing in High Availability Environments OracleAS Disaster Recovery 10 1 10 2 10 2 1 10 2 2 10 2 3 10 2 4 10 3 10 3 1 10 3 2 10 4 10 5 10 6 OracleAS Disaster Recovery Introduction 0 0 ccc ee ceeee cece ceeecseeseseeesesenetetssenenes 10 1 Setting up the OracleAS Disaster Recovery Environmentt ccccccseeeeenseseseeseteseseeees 10 3 Ensure Nodes Are Identical at the Operating System Level cccsecseseeeteneene 10 3 Set Up staticports ini Flessen nis a r a aeei 10 3 Set Up Identical Hostnames on Both Production and Standby Sites 10 4 If You Want to Use OracleAS Cold Failover Cluster on the Production Site 10 8 Installing Oracle Application Server in an OracleAS Disaster Recovery Environment 10 8 Installing the OracleAS Infrastructure ccccceccsesesesesesesesesescscsesesescseseseseecsesssneeeesees 10 9 Installitig Middle Tiefs eninsnnen ainei n a i Sa E 10 9 Installing the OracleAS 10g 10 1 2 0 2 Standalone Install of OracleAS Guard into Oracle Homes voruenn a a a a Ea E apa aaae adasia 10 9 Patching OracleAS Guard Release 10 1 2 0 0 with Release 10 1 2 0 2 cee 10 10 What to Read Nexte enin met iaai o e a ee eaa A iae miner 10 11 Post Installation Tasks 11 1 11 2 11 3 11 4 11 5 11 6 11 6 1 11 6 2 11 7 11 7 1 11 8 11 9 State of Oracle Application Server Instances After Installation eee 11 1 Passwords for Oracle Application Server COMPONENMS c ccccceecseseteseecen
81. 3 8 27 installing in OracleAS Disaster Recovery 10 9 installing Oracle Internet Directory only 4 20 installing OracleAS Certificate Authority 4 21 installing OracleAS Metadata Repository only 4 15 OracleAS Metadata Repository component 4 2 OracleAS Metadata Repository 4 2 contents of 4 8 groups required to install 5 8 incorrect name shown F 6 installing in existing database 4 6 installing in new database 4 15 port 1521 2 11 registering with Oracle Internet Directory 4 7 used by OracleAS Single Sign On 5 6 using multiple 4 9 OracleAS Metadata Repository installation type 4 3 OracleAS Personalization groups required for installation 5 6 OracleAS Portal groups required for installation 5 5 OracleAS Randomize Password configuration assistant rerunning F 7 OracleAS Reports Services groups required for installation 5 6 OracleAS Single Sign On dependency for Oracle Delegated Administration Services 4 6 groups required for installation 5 4 obsolete URLs on Administration screen F 11 OracleAS Metadata Repository used by 5 6 specifying hostname on command line 2 21 OracleAS Wireless groups required for installation 5 6 OracleASCluster Identity Management DCM warning F 9 OracleBI Discoverer groups required for installation 5 6 oralnst loc file 2 16 oralnventory directory 2 16 3 2 orcladmin user 5 2 password 5 2 OSDBA group 2 17 OSOPER group 2 17 P passwd command 2 18 passwords for cn orcladmin
82. 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 9 6 Installing a Distributed OracleAS Cluster Identity Management Configuration In this configuration you need an existing database that is already running ina configuration that is supported by OracleAS RepCA Oracle recommends running the database in a high availability environment such as a Real Application Clusters database This database will contain the OracleAS Metadata Repository You also need two nodes to run OracleAS Single Sign On and Oracle Delegated Administration Services components and two additional nodes to run Oracle Internet Directory These nodes are accessed through load balancers See Figure 9 2 Oracle Directory Integration Platform Is Started on the First Node Only The installer starts Oracle Directory Integration Platform only on the first node even though you selected it on subsequent nodes as well On subsequent nodes the installer configures Oracle Directory Integration Platform but does not start it If You Want Oracle Internet Directory to Listen on SSL Ports Only If you want Oracle Internet Directory to listen on SSL ports only perform this configuration after you have installed OracleAS Single Sign On and Oracle Delegated Administration Services You nee
83. 48 bit key length Longer key lengths provide greater security but require more time to issue each new certificate Click Next Installing OracleAS Infrastructure 4 27 Install Fragment OCA Screens Table 4 15 Cont OCA Screens Screen Action 4 Specify OCA Administrator s Password and Confirm Password Specify and confirm the Administrator s password for the OCA administrator The password has the following restrictions Password It must contain at least eight characters It must contain at least one alphabetic character It must contain at least one non alphabetic character for example a number Its first character cannot be a number You need this password to manage OCA This password is also used by the OCA Configuration Assistant You can change the password after installation using the ocact1 command See the OCA Online Help for details Click Next 4 28 Oracle Application Server Installation Guide 5 Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges When you install certain infrastructure components the installer prompts you for a username to log in to Oracle Internet Directory For the installation to complete successfully this user must belong to certain groups in Oracle Internet Directory The groups that are required depend on what you are installing By putting users into groups you allow other users to perform installations Users do
84. 7 Properties of the Operating System User Who Runs the Installer Item Description Login name You can use any name for the user This guide refers to the user as the oracle user Group identifier The primary group of the oracle user must have write permission for the oraInventory directory See Section 2 6 1 Create a Group for the Inventory Directory for more information about this group You can use any name for the group This guide uses the name oinstall Home directory The home directory for the oracle user can be consistent with the home directories of other users Requirements 2 17 Environment Variables Table 2 7 Cont Properties of the Operating System User Who Runs the Installer Item Description Login shell The default login shell can be the C Bourne or Korn shell Note Use the oracle user only for installing and running Oracle products Do not use root as the oracle user To create the oracle user 1 Enter a command similar to the following usr sbin useradd g oinstall G dba oper oracle In this command The g option specifies the primary group which must be the Oracle Inventory group for example oinstall The G option specifies the secondary groups which must include the OSDBA group and if required the OSOPER group for example dba or dba oper 2 Set the password of the oracle user passwd oracle To check which groups an operating system us
85. ACLE_HOME Apache Apache htdocs index html File In the ORACLE_HOME Apache Apache htdocs index html file change all occurrences of the physical hostname example node1 to the virtual hostname example vhost where node1 appears as a hostname Note that if node1 is used as part of the Oracle Application Server instance name do not change it 8 9 2 Copy the var opt oracle Directory to the Other Node After the OracleAS Infrastructure installation is complete copy the var opt oracle directory from the node where you performed the installation to the other node in the OracleAS Cold Failover Cluster This ensures that you can run the installer to update the Oracle home from either node in the cluster Be sure to keep the two var opt oracle directories in sync Whenever you run the installer to update the infrastructure you need to copy the oracle directory to the other node The var opt oracle directory is not used during runtime by Oracle Application Server It is used only by the installer 8 9 3 Running Database Console against a Cold Failover Cluster Database Before you can start stop or check the status of Database Console against a cold failover cluster database you need to set the ORACLE_HOSTNAME environment variable to the virtual hostname For example in Figure 8 1 the virtual hostname is vhost mydomain com You would set ORACLE_HOSTNAME as follows C shell setenv ORACLE_HOSTNAME vhost mydomain com Bourne or Ko
86. AS Metadata Repository and a new Oracle Internet Directory Note that if there is an existing Oracle Application Server 10g database on the system where you plan to install OracleAS Infrastructure you must perform the steps in Section 8 2 5 Modify listener ora file for Existing Database prior to installation 8 8 Oracle Application Server Installation Guide Installing an OracleAS Cold Failover Cluster Infrastructure Configuration Key Points a The destination directory must be on the shared disk Remember to select High Availability and Replication in the Select Configuration Options screen By default this option is not selected a You enter the virtual hostname in the Specify Virtual Hostname screen Installer Screens Run the installer and follow the screen sequence shown in Table 8 2 Table 8 2 Installing OracleAS Infrastructure in an OracleAS Cold Failover Cluster Infrastructure Screen Action 1 2 Select Configuration Options 3 Specify Port Configuration Options 4 Select High Availability or Replication Option 5 Specify Namespace in Internet Directory 6 Specify Virtual Hostname Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Identity Management and Metadata Repository Select Oracle Internet Directory Select Ora
87. Application Server environment backup after each successful patchset upgrade and after each successful configuration change Post Installation Tasks 11 5 What to Do Next 11 6 Oracle Application Server Installation Guide A Installing the Oracle Identity Management Grid Control Plug in This appendix describes how to install Oracle Identity Management Grid Control Plug in and Oracle Identity Management Grid Control Plug in Agent It contains the following sections Section A 1 Installation Requirements Section A 2 Starting the Grid Control Plug in Installer Section A 3 Installing Oracle Identity Management Grid Control Plug in Section A 4 Installing Oracle Identity Management Grid Control Plug in Agent A 1 Installation Requirements Before installing Oracle Identity Management Grid Control Plug in or Oracle Identity Management Grid Control Plug in Agent you must install Oracle Enterprise Manager 10g Release 2 Grid Control 10 2 0 1 0 or later A 2 Starting the Grid Control Plug in Installer 1 If you are installing from a CD ROM or DVD ROM and your computer does not mount CD ROMs or DVDs automatically you need to set the mount point manually See Section 3 14 Setting the Mount Point for the CD ROM or DVD for details Log in as the oracle user If you are installing from your hard drive go to the next step CD ROM users Insert the CD that contains the Grid Control Plug in into the CD ROM drive
88. B 5 4 1 Example Response File for OracleAS Infrastructure Oracle Identity Management Only Section B 5 4 2 Example Response File for OracleAS Infrastructure OracleAS Metadata Repository Only Section B 5 4 3 Example Response File for OracleAS Infrastructure Identity Management and OracleAS Metadata Repository a Section B 5 4 4 Example Response File for Oracle Identity Federation Note Be sure that you read the description of each parameter value in the provided sample files and edit value accordingly for your environment B 5 4 1 Example Response File for OracleAS Infrastructure Oracle Identity Management Only The following shows an example of a response file for a silent installation of OracleAS Infrastructure as described in Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory Note that if you do not copy the CD ROMs to the hard drive the installer will prompt you to switch CD ROMs during installation To complete the installation without any prompting you must copy the contents of the CD ROMs to the hard drive and specify the LOCATION_FOR_DISKn parameters RESPONSEFILE_VERSION 2 2 1 0 0 UNIX_GROUP_NAME dba FROM_LOCATION mount_point Disk1 stage products xml FROM_LOCATION_CD_LABEL Oracle Application Server 10g LOCATION_FOR_DISK2 path to disk2 files ORACLE_HOME local_location oracle_home ORACLE_HOME_NAME oracle_imhome_n
89. CD ROM To run the installer from the copied files invoke the runInstaller executable from the Disk1 directory Run it from the computer that will be running Oracle Application Server prompt gt path to hard drive Disk1 runInstaller To Copy the application_server Directory from the DVD ROM 1 optional Create a directory to contain the application_server directory 2 Copy the application_server directory from the DVD ROM to your hard disk prompt gt cp pr dvd_mount_point application_server path to hard drive To run the installer from the copied files invoke the runInstaller executable from the computer that will be running Oracle Application Server prompt gt path to hard drive application_server runInstaller 2 10 3 Installing from a Remote CD ROM or DVD ROM Drive If the computer where you want to install Oracle Application Server does not have a CD ROM or DVD ROM drive you can perform the installation from a remote CD ROM or DVD ROM drive You can run the installer on a remote computer remote_computer but have the installer screens display on your local computer local_computer The installer will install Oracle Application Server on the remote computer Requirements 2 23 Network Topics Allow remote_computer to display on local_computer You need to run this command on the local computer s console local_computer gt xhost remote_computer If you do not run xhost you might get an Xlib er
90. Checked by Installer No Space in tmp or directory 400 MB To determine the amount of free disk space in the tmp directory use the bdf command prompt gt bdf tmp If the tmp directory does not have enough free space you can specify a different directory by setting the TMP or TMPDIR environment variable See Section 2 8 5 TMP and TMPDIR for details Checked by Installer Yes Swap space 1 5 GB of available swap space To determine the amount of available swap space use the following command prompt gt usr sbin swapinfo a If necessary see your operating system documentation for information on how to configure additional swap space Checked by Installer Yes Supported browsers Oracle Enterprise Manager 10g is supported on the following browsers a Microsoft Internet Explorer 6 0 SP2 supported on Microsoft Windows only Netscape 7 2 a Mozilla 1 7 You can download Mozilla from http www mozilla org a Firefox 1 0 4 You can download Firefox from http www mozilla org Safari 1 2 2 0 on Apple Macintosh computers For the most current list of supported browsers check the OracleMetaLink site http metalink oracle com Checked by Installer No However if you access Oracle Enterprise Manager 10g using a non supported browser you will get a warning message 2 4 Oracle Application Server Installation Guide Software Requirements 2 2 1 Installing from the Console or X Wind
91. DISPLAY a Cshell setenv DISPLAY localhost 0 0 Start System Administration Manager SAM usr sbin sam Choose the Kernel Configuration area then choose the Configurable Parameters area Check the value or formula specified for each of these parameters and if necessary modify that value or formula If necessary see the SAM online help for more information on completing this step Exit from SAM If you modified the value specified for any parameter reboot the system sbin shutdown r now If necessary when the system restarts log in and switch user to root Many Oracle Application Server components such as Oracle HTTP Server OracleAS Web Cache and Oracle Enterprise Manager 10g use ports You can have the installer assign default port numbers or use port numbers that you specify Section 2 5 1 Checking If a Port Is in Use Section 2 5 2 Using Default Port Numbers Section 2 5 3 Using Custom Port Numbers the Static Ports Feature Section 2 5 4 If Port 1521 Is in Use 2 8 Oracle Application Server Installation Guide Ports Why the Default Port for Oracle HTTP Server Is Port 7777 and Not Port 80 By default the installer configures Oracle HTTP Server to use port 7777 not port 80 Port 7777 is the default port because on UNIX components that use port numbers lower than 1024 require additional steps to be done as the root user before the components can run Because the installer does not hav
92. Deinstalling OracleAS Infrastructure ccccccccecccssesesescscseeeececssseseececssenesesesesesseesessseseneees D 5 D 6 1 Deinstallati on Order aeeie e eaoaai eena eaa cae aaa bs ce saa asthe biden les gbataas See Masha aden bag od D 5 D 6 2 Deinstallatlon Steps neroni E a a a aas a kav dessa aon R EEES D 5 D 7 Harmless Errors in the Log File ssssssssessesseessesessessesssestesesstententesensrisnesnentesresnnsnenteenesnesnente D 7 D 8 Cleaning Up Oracle Application Server Processes cccccccseseststeteseeeeneseseeceeneseansnenenes D 8 D 9 REITS talla TO A EEEE E S A cvatoutduscssss cede cunt sancen twseueoceiceshensacs teen cote D 8 DAO Troubleshootingess c teiarisctas dite sami E Er E Era tet Eaa D 8 Configuration Assistants E 1 Troubleshooting Configuration Assistants ccccscseseescecesesssseneeseseseeseseeceenesesesnaneneneess E 1 E 1 1 General Tips sib siieee tie Si cork ite a eee denise cota Jigs heats E 1 E 1 2 Configuration Assistant Result Codes ccccccsssesssesesssesescsceseseescscssseesescsesesseceeees E 2 E 2 Description of Oracle Application Server Configuration Assistants cccccsseeeeees E 2 Troubleshooting F 1 TOS Piles 6 ropesncseyr iink ahe en ct E sooth col eect E eta c E Pantie trie A F 1 F 2 General Troubleshooting Tips cccccccsesecccscsesesescscsesesesescscsssescecessessseececsssnsnesececessnsnesesenes F 1 F 3 F 3 1 F 3 2 F 3 3 F 3 4 F 3 5 F 3 6 F 3 7 F 3 8 F 3 9
93. Directory being installed See Section 3 6 The ias_admin User and Restrictions on its Password for password requirements Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Installing Oracle Internet Directory in Replicated Mode 6 7 Installing an Oracle Internet Directory Replica 6 5 3 Installing an Oracle Internet Directory Replica against an Existing Database Follow these steps to install an Oracle Internet Directory replica against an existing database Table 6 2 Installing an Oracle Internet Directory Replica against an Existing Database Screen Action 1 2 Select Configuration Options 3 Specify Port Configuration Options 4 Specify Repository 5 Select High Availability or Replication Option Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select a Product to Install screen select Oracle Application Server Infrastructure 10g a Inthe Select Installation Type screen select Identity Management Select Oracle Internet Directory Select High Availability and Replication The other options on this screen are optional Select Oracle Application Server Single Sign On Oracle Application Server Delegated Administration Services Oracle Directory Integration Platform an
94. Example 2 within an enterprise you could have separate realms for internal users and external users The realm name for the external users could be externalUsers Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 17 On the Specify Login for Oracle Internet Directory Screen What Username and Realm Do Enter 5 18 Oracle Application Server Installation Guide 6 Installing Oracle Internet Directory in Replicated Mode This chapter describes how to install Oracle Internet Directory in replicated mode that is how to install Oracle Internet Directory masters and replicas This chapter contains the following sections Section 6 1 Oracle Internet Directory Replication Overview a Section 6 2 Requirements a Section 6 3 Installation Order a Section 6 4 Installing a Master Oracle Internet Directory a Section 6 5 Installing an Oracle Internet Directory Replica a Section 6 6 Accessing OracleAS Single Sign On and Oracle Delegated Administration Services 6 1 Oracle Internet Directory Replication Overview To run Oracle Internet Directory in a replication environment means that you have more than one Oracle Internet Directory each with its own OracleAS Metadata Repository The Oracle Internet Directory instances synchronize the data in the metadata repositories so that the data in the repositories are loosely consistent This means that the data in the repositories are
95. F 3 10 F 3 11 F 3 12 F 3 13 F 3 14 F 3 15 F 3 16 F 3 17 F 3 18 F 3 19 F 3 20 F 3 21 F 3 22 F 4 F 4 1 F 4 2 F 4 3 F 4 4 F 5 Index Installation Problems and Solutions ccsccesssssssesseseeseeseesceeceecacescesecaecaceeceaesaeeneuecnecaeeaseaes F 2 Location Of Log Files its cctiecccscccetsecncscieecteccestesciacadstoesttescatensteetiatateies tite lato seSistevds civterets F 2 Linking Failed ORA Errors i ccsssisvsuc cess secs obese eanu a r i aa bedss F 3 Prerequisite Checks Fail at the Start of Installation cece cece ee neneeees F 3 Message About Installing in a Non Empty DirectOry cccccccsceesesteteseeeesesestenenenens F 3 Messages About SHMMAX and SEMMSL c ccccsescssesesessesetescecesesssesnsesesesceeesesssnenenenens F 4 Installer Disappears After Running the Pre Installation Checks F 4 Unable to Clean Up a Failed Installation 00 0 0 ccc ccc cceeeececeeeesnececesensneceeeeenes F 5 Forgot the Password for the cn orcladmin Account cccecccesseseseseeeteecseseseseseeeeees F 5 cn orcladmin Account Becomes Locked 0 eceessssescssseceeecsceecseeecneeseneeseseseneeseneeseneees F 5 User Interface Does Not Display in the Desired Language or Does Not Display Properly omeen erae eenaa eaat aE aa A erai aaa idide p asaina k Rieneke F 5 Installer Does Not Display Correct Database Name for OracleAS Metadata Repository aa E A E este v fh at E vars leettell Ae it ede eee ieee F 6 Configuration As
96. IAS Infrastructure Members of this group have the following privilege Databases cn IAS cn Products cn OracleContext Access metadata for the repository database object and its schemas 5 2 3 Groups for Each Component Oracle Application Server components also have groups in Oracle Internet Directory Each component has a Component Owners group and an Associated Middle Tiers group as described in Table 5 3 Table 5 3 Groups Associated with Each Component Group Description Component Owners Component Owners have the following privileges DN cn Component Owners Add remove owners for this component orclApplicationCommonName component CommonName cn componentName cn Products cn OracleContext a Associate additional middle tiers with this component De register this component Associated Middle Tiers Members of this group are middle tier instances DN cn Associated Mid tiers orclApplicationCommonName component CommonName cn componentName cn Products cn OracleContext Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 3 Groups Required to Configure or Deinstall Components Figure 5 6 shows these groups for the Oracle Delegated Administration Services component 5 3 Groups Required to Configure or Deinstall Components Table 5 4 shows the groups that a user needs to belong to in order to configure or deinstall Oracle Application Server components Th
97. Identity Management Configuration m Section 9 6 Installing a Distributed OracleAS Cluster Identity Management Configuration a Section 9 7 Post Installation Steps a Section 9 8 Installing Middle Tiers Against OracleAS Cluster Identity Management Configurations 9 1 OracleAS Cluster Identity Management Introduction In OracleAS Cluster Identity Management configurations the Oracle Identity Management components and the OracleAS Metadata Repository run on separate nodes All the nodes in an OracleAS Cluster Identity Management configuration are active Requests from clients such as middle tiers are directed to a load balancer which then directs the requests to one of the active nodes See Figure 9 1 These nodes can belong to a hardware cluster but this is not required These configurations are called OracleAS Cluster Identity Management because the OracleAS Single Sign On and Oracle Delegated Administration Services components are clustered This means that these components are configured identically across nodes Database OracleAS Metadata Repository Requirement You need an existing OracleAS Metadata Repository before installing an OracleAS Cluster Identity Management configuration You can install OracleAS Metadata Repository in one of the following methods a Install OracleAS Metadata Repository in a new database by using the Oracle Application Server installer Installing in High Availability Envi
98. Install Middle tier Components 5 4 1 Groups Required to Install Against the Desired Metadata Repository To install middle tiers against a metadata repository the user must belong to these groups IAS Admins group a Mid Tier Admins group for the metadata repository to be used with the middle tier When the installer prompts for the OracleAS Metadata Repository to use with this middle tier the installer displays only the metadata repositories for which the user is a mid tier admin For example in Figure 5 2 userA can see only the repository for orcl oracle com and userB can see only the repository for orcll oracle com 5 4 2 Groups Required to Install Middle tier Components To install middle tier components such as OracleAS Portal and OracleAS Wireless the user must belong to additional groups See Table 5 4 for a list of components and required groups 5 4 3 Example Figure 5 1 shows an Oracle Internet Directory with one metadata repository and one middle tier instance userA can install middle tiers against the orcl metadata repository because userA belongs to the Mid Tier Admins and the IAS Admins groups userA can also install middle tier components because userA belongs to the Trusted Application Admins group the IAS amp User Management Application Admins group and the Component Owners group for Wireless Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 7 Groups Required t
99. L Select this option if this port is for SSL communications only Click Next 10 Specify Instance Name Instance Name Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example das_sso ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example wel come99 Click Next 11 Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Installing in High Availability Environments OracleAS Cluster Identity Management 9 23 Post Installation Steps 9 7 Post Installation Steps After installing Oracle Identity Management components on all nodes reconfigure your load balancer to direct requests to all nodes Before you started the installation you had configured the load balancer to direct requests to node 1 only See Section 9 2 4 Configure Your LDAP Virtual Server This section contains the following post installation steps a Section 9 7 1 Cluster the OC4J_Security I
100. Load Balancer Hostname Enter the name of the virtual server on the load balancer configured to handle HTTP requests HTTP Load Balancer Port Enter the port number that the HTTP virtual server listens on This will be the value of the Port directive in the httpd conf file Enable SSL Do not select this option Installing in High Availability Environments OracleAS Cluster Identity Management 9 5 About Configuring SSL and Non SSL Ports for Oracle HTTP Server Example Table 9 1 Example for Case 1 Values in Screen Resulting Values in Configuration Files HTTP Listener Port 8000 In httpd conf Enable SSL Unchecked Port 80 HTTP Load Balancer Port 80 Listen 8000 Enable SSL Unchecked Poca cone Port lt default port number assigned by installer gt Listen lt default port number assigned by installer gt 9 4 2 Case 2 Client HTTPS gt Load Balancer HTTPS gt Oracle HTTP Server HTTP Listener Port Enter the port number that you want Oracle HTTP Server to listen on This will be the value of the Listen directive in the ssl conf file Enable SSL Select this option HTTP Load Balancer Hostname Enter the name of the virtual server on the load balancer configured to handle HTTPS requests HTTP Load Balancer Port Enter the port number that the HTTP virtual server listens on This will be the value of the Port directive in the ssl conf file Enable SSL This option has been automatically selected
101. N and DBSNMP Users When you install the OracleAS Metadata Repository in a new database the installer prompts you to set the passwords for the SYS SYSTEM SYSMAN and DBSNMP 4 10 Oracle Application Server Installation Guide How to Determine Port Numbers Used by Components users which are privileged users for the database The passwords for these users have the following restrictions a Passwords must be shorter than 30 characters a Passwords can contain only alphanumeric characters from your database character set the underscore _ the dollar sign and the number sign a Passwords must begin with an alphabetic character Passwords cannot begin with a number the underscore _ the dollar sign or the number sign a Passwords cannot be Oracle reserved words The Oracle SQL Reference lists the reserved words You can find this guide on Oracle Technology Network http www oracle com technology documentation Or you can just avoid using words that sound like they might be reserved words a Passwords cannot be the default passwords which are change_on_install and manager 4 15 Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets If you use characters in the NE8ISO8859P10 or CEL8ISO8859P14 character sets make sure that your database uses the Unicode character set AL32UTF8 If you are installing a new database select AL32UTF8 in the Specify Database Configuration Options screen The reason fo
102. Node 1 Node 2 Node 2 Primary Node Active Secondary Node i Secondary Node Active Physical IP 123 45 67 22 Physical IP i Physical IP 123 45 67 33 45 67 123 45 67 33 lt on failover OracleAS Infrastructure OracleAS Infrastructure y y Storage oralnventory Directory The figure shows a two nodes running clusterware a storage devices local to each node a storage device that can be accessed by both nodes You install OracleAS Infrastructure on this shared storage device During normal operation one node node 1 acts as the active node It mounts the shared storage to access the OracleAS Infrastructure files runs OracleAS Infrastructure processes and handles all requests If the active node goes down for any reason the clusterware fails over OracleAS Infrastructure processes to the other node node 2 which now becomes the active node It mounts the shared storage runs the processes and handles all requests These nodes appear as one computer to clients through the use of a virtual address To access the OracleAS Infrastructure clients including middle tier components and applications use the virtual address associated with the cluster The virtual address is associated with the active node node 1 during normal operation node 2 if node 1 goes down Clients do not need to know which node node 1 or node 2 is servicing requests You use the virtual hostname in URLs that ac
103. Note Do not perform this procedure if you are deinstalling a middle tier 1 Start up Oracle Directory Manager Oracle home refers to the home where you installed Oracle Internet Directory prompt gt ORACLE_HOME bin oidadmin 2 Inthe Connect screen enter the Oracle Internet Directory connect information Log in as the Oracle Internet Directory superuser cn orcladmin 3 Expand Entry Management gt cn OracleContext gt cn Products gt cn Portal gt cn UltraSearch gt cn Database Instances gt orclA pplicationCommonName infrastructure_database_name 4 Delete all the child entries under orclApplicationCommonName infrastructure_ database_name starting with the inner most child entry To delete an entry right click each child entry and select Delete from the pop up menu Click Yes in the Confirmation dialog When deleting child entries you may get some error messages You can ignore these error messages 5 After you have deleted all the entries under orclApplicationCommonName infrastructure_database_name right click this entry and delete it 6 Expand Entry Management Expand the Default Subscriber entry You need to expand each term separately For example if your default subscriber is dc us dc oracle dc com you need to expand dc com then expand dc oracle then expand dc us Then expand cn OracleContext gt cn Products gt cn Portal gt cn UltraSearch gt cn Database Instances gt cn infrastructure
104. OME sysman config n ORACLE_HOME sysman webapps emd WEB INF config Oracle Enterprise Manager files exist The installer runs this check only if you are expanding a middle tier or if you are reinstalling Oracle Application Server in the same Oracle home The installer checks that these files exist A ORACLE_HOME sysman config iasadmin properties D ORACLE_ HOME sysman webapps emd WEB INF config consoleConfig xml 2 28 Oracle Application Server Installation Guide 3 Things You Should Know Before Starting the Installation This chapter contains the following topics a Section 3 1 Oracle Home Directory a Section 3 2 Can I Use Symbolic Links a Section 3 3 First Time Installation of Any Oracle Product a Section 3 4 Installing Additional Languages Section 3 5 Oracle Application Server Instances and Instance Names a Section 3 6 The ias_admin User and Restrictions on its Password a Section 3 7 Comparing Installing Components against Configuring Components a Section 3 8 Where Does the Installer Write Files a Section 3 9 Why Do I Need to be Able to Log In as Root at Certain Times During Installation m Section 3 10 Running root sh During Installation a Section 3 11 Can I Modify Other Oracle Application Server Instances During Installation a Section 3 12 Connecting to Oracle Internet Directory Through SSL Connections a Section 3 13 Obtaining Softw
105. ORACLE Oracle Application Server Installation Guide 10g 10 1 4 0 1 for HP UX Itanium B32100 01 September 2006 Oracle Application Server Installation Guide 10g 10 1 4 0 1 for HP UX Itanium B32100 01 Copyright 2006 Oracle All rights reserved Primary Authors Brintha Bennet Megan Ginter Contributors Rupesh Das Nagesh Jayaram Suresh Kesavan Arun Kuzhimattathil Sonal Pandey Divya Shankar Janelle Simmons Shashidhara Varamballi The Programs which include both the software and documentation contain proprietary information they are provided under a license agreement containing restrictions on use and disclosure and are also protected by copyright patent and other intellectual and industrial property laws Reverse engineering disassembly or decompilation of the Programs except to the extent required to obtain interoperability with other independently created software or as specified by law is prohibited The information contained in this document is subject to change without notice If you find any problems in the documentation please report them to us in writing This document is not warranted to be error free Except as may be expressly permitted in your license agreement for these Programs no part of these Programs may be reproduced or transmitted in any form or by any means electronic or mechanical for any purpose If the Programs are delivered to the United States Government or anyone licensing or using the P
106. On the Add Patch File to Patch Cache screen fill in the following fields Patch File Enter the location of the Grid Control Plug in Agent patch Patch Number Enter 6050709 as the patch number Patch Type Select Patch set Created On This field is automatically filled in with the current date Description Enter a description for the patch Product Family Select Oracle System Management Products Installing the Oracle Identity Management Grid Control Plug in A 3 Installing Oracle Identity Management Grid Control Plug in Agent Product Click on the flashlight icon and select Intelligent Agent from the box Release Enter 10 2 0 3 0 as the release number Note that you must enter the numbers manually Do not use any of the numbers from the list Platform Select the operating system for the patch Language Select your language Click Upload to upload the patchset 5 On the Patch Cache screen select the patchset to be applied and click Patch 6 On the Patch Select Destination screen select Oracle Homes in the Destination Type box 7 Under Available Homes select the Oracle Home s where the patch should be applied and click Move 8 Click Next 9 On the Patch Set Credentials screen enter the Username and Password for the Oracle Home and click Next 10 On the Patch Stage or Apply screen click Next 11 On the Patch Schedule screen specify when the patch should be applied in the Schedule Patch Job sectio
107. Oracle Application Server Things You Should Know Before Starting the Installation 3 9 Starting the Oracle Universal Installer 3 10 Oracle Application Server Installation Guide Installing OracleAS Infrastructure This chapter contains the following sections Table 4 1 Contents of This Chapter Topics Procedures Section 4 1 Infrastructure Installation Types Section 4 2 Why Would I Select the Different Infrastructure Installation Types Section 4 3 Order of Installation for the Infrastructure Section 4 4 Can I Install Components on Separate Computers Section 4 5 Tips for Installing Oracle Identity Management Components Separately Section 4 6 Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration Platform Components Section 4 7 Can I Configure Components After Installation Section 4 8 Can I Use an Existing Database for the OracleAS Metadata Repository Section 4 9 Can I Use an Existing Oracle Internet Directory Section 4 10 Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password Randomization Section 4 11 Contents of the OracleAS Metadata Repository Section 4 12 Can I Use Multiple Metadata Repositories Section 4 13 What High Availability Options Does Oracle Application Server Support Section 4 14 Restrictions on the Passwords for the SYS SYSTEM SYSMAN and DBSNMP Users S
108. P Address Each node in an OracleAS Cold Failover Cluster configuration is associated with its own physical IP address In addition the active node in the cluster is associated with a virtual hostname and virtual IP address This allows clients to access the OracleAS Cold Failover Cluster using the virtual hostname Virtual hostnames and virtual IP addresses are any valid hostname and IP address in the context of the subnet containing the hardware cluster Note Map the virtual hostname and virtual IP address only to the active node Do not map the virtual hostname and IP address to both active and secondary nodes at the same time When you failover only then map the virtual hostname and IP address to the secondary node which is now the active node Before attempting to complete this procedure ask the system or network administrator to review all the steps required The procedure will reconfigure the network settings on the cluster nodes and may vary with differing network implementations The following example configures a virtual hostname called vhost mydomain com with a virtual IP of 138 1 12 191 1 Register the virtual hostname and IP address with DNS for the network For example register the vhost mydomain com 138 1 12 191 pair with DNS 8 2 Oracle Application Server Installation Guide Pre Installation Steps for OracleAS Cold Failover Cluster 2 Add the following line to the etc hosts file on t
109. P Server Listen SSL port 443 2 5 4 If Port 1521 Is in Use The installer configures port 1521 for the OracleAS Metadata Repository listener version 10 1 0 3 This port cannot be changed through the staticports ini file Note If your computer has a listener that uses the IPC protocol with the EXTPROC key you should change the key to have some other value This is because the OracleAS Metadata Repository listener requires access to the EXTPROC key If port 1521 on your computer is already in use by an existing application such as Oracle database listener or some other application you might have to take some action before running the installer See the following sections for details m Section 2 5 4 1 If Port 1521 Is In Use by an Existing Oracle Database Section 2 5 4 2 If Port 1521 Is In Use by Some Other Application 2 5 4 1 If Port 1521 Is In Use by an Existing Oracle Database If you are installing a new database for the OracleAS Metadata Repository on a computer that is already running an Oracle database ensure that the listeners for both databases do not conflict Requirements 2 13 Ports You might be able to use the same listener for both the existing database and the OracleAS Metadata Repository database You have to consider the version of the existing listener as well as the port number Table 2 5 shows scenarios and outcomes You can change the OracleAS Metadata Repository listener to use a dif
110. Port Enter the port configured on this load balancer to handle LDAP SSL connections Click Next 8 Specify Oracle Internet Username Enter the username to log in to Oracle Internet Directory accessed Directory Login through the load balancer host and port specified in the previous screen Log in as the Oracle Internet Directory superuser cn orcladmin or as a user who belongs to the necessary groups in Oracle Internet Directory Which groups are necessary depends on which components you are installing See Section 5 3 Groups Required to Configure or Deinstall Components for details Password Enter the password for the username Realm Enter the realm against which to validate the username This field appears only if your Oracle Internet Directory has multiple realms Click Next 9 Specify HTTP Load See Section 9 4 About Configuring SSL and Non SSL Ports for Oracle HTTP Balancer Host and Ports Server for details The values entered on this screen should be the same for every node HTTP Listener Port Enter the port number that you want Oracle HTTP Server to listen on Enable SSL Select this option if you want to configure Oracle HTTP Server for SSL on this port HTTP Load Balancer Hostname Enter the name of the HTTP virtual server configured on your load balancer Enter the same virtual server name that you configured on the load balancer HTTP Load Balancer Port Enter the port for the HTTP virtual server Enable SS
111. RESTART_SYSTEM lt Value Unspecified gt CLUSTER_NODES lt Value Unspecified gt OUI_HOSTNAME infra_host mycompany com PreReqConfigSelections n_ValidationPreReqConfigSelections 0 TOPLEVEL_COMPONENT oracle iappserver infrastructure 10 1 4 0 1 DEINSTALL_LIST oracle iappserver infrastructure 10 1 4 0 1 oracle iappserver infrastructure szl_ PortListSelect YES private jdoe mystaticports ini COMPONENT_LANGUAGES en INSTALL_TYPE Infrastructure oracle iappserver infrastructure b_configureMETA true oracle iappserver infrastructure b_configureOID true oracle iappserver infrastructure b_configureSSO true oracle iappserver infrastructure b_configureDAS true oracle iappserver infrastructure b_configureDIP true oracle iappserver infrastructure b_configureOCA true oracle iappserver infrastructure b_configureHA false oracle iappserver infrastructure b_launchEMCA true oracle iappserver infrastructure b_launchOHS true szRegisterMetaStatus N szIdentityAdminContext dc mycompany dc com B 8 Oracle Application Server Installation Guide Create the Response File s_dnSelection Custom DN s_dnCntval United States s_dncustom CN My Certificate Authority OU MyOrg O MyCompany C US sl_keylengthInfo 2048 sl_ocmInfo adminpassword adminpassword s_nameForDBAGrp dba s_nameForOPERGrp dba Specify Database Configuration Options s_dbRetChar Unico
112. SM instances that are in use by databases from other homes during the de installation of a database Oracle home 8 2 4 Check That Clusterware Is Running Automated Failovers only If you plan to automate failovers in the OracleAS Cold Failover Cluster then each node in a cluster must be running hardware vendor clusterware To check that the clusterware is running use the command appropriate for your clusterware 8 2 5 Modify listener ora file for Existing Database If there is an existing database on the system on which you are installing and you are performing an installation that includes OracleAS Metadata Repository you need to modify the listener ora file for the existing database before proceeding with the installation Perform the following steps to modify the listener ora file 1 Make sure you set the ORACLE_HOME and ORACLE_SID environment variables for the existing database Stop the listener for the database prompt gt lsnrctl stop Open the listener ora file which is located at ORACLE_HOME network admin listener ora where ORACLE_HOME is the home for the existing database Locate the LISTENER entry in the file LISTENER Installing in High Availability Environments OracleAS Cold Failover Cluster 8 5 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration DESCRIPTION_LIST DESCRIPTION ADDRESS_LIST ADDRESS PROTOCOL TCP HOST
113. SSL 636 but see 636 13130 Oracle Internet Directory the Note on 13159 SSL port page 2 10 13161 13199 Oracle Application Server Certificate Authority OCA Server Authentication Virtual Host SSL 6600 6600 6619 Oracle Certificate Authority SSL Server Authentication port Mutual Authentication Virtual Host SSL 6601 6600 6619 Oracle Certificate Authority SSL Mutual Authentication port Oracle Application Server Guard Oracle Application Server Guard 7890 7890 7895 ASG port OracleAS Metadata Repository Oracle Net Listener 1521 1521 Not settable through staticports ini Oracle Identity Federation Oracle Identity Federation Uses the same port as Oracle HTTP Server Listener C 3 Ports to Open in Firewalls If you plan to install Oracle Application Server behind a firewall you need to open certain ports in the firewall during installation and during runtime Default Port Numbers C 3 Ports to Open in Firewalls For a 10g 10 1 4 0 1 instance you need access to Oracle Internet Directory OracleAS Metadata Repository Oracle Notification Server and SJP ports You need to open the following ports used by these components in the firewall a LDAP port 389 LDAP SSL port 636 a SQL Net 2 port 1521 a OPMN ONS remote port 6200 a OC4J AJP port 12501 Note The port numbers listed here are the default ports for the components You may have different ports in your environment C 4 Oracle Appli
114. Single Sign On on a different tier a if you want to install the OracleAS Metadata Repository in an existing cold failover cluster database Figure 8 4 shows a distributed OracleAS Cold Failover Cluster Identity Management configuration It consists of two nodes running Oracle Delegated Administration Services and OracleAS Single Sign On These nodes are accessed through a load balancer two nodes running in an active passive configuration These nodes will run the existing cold failover cluster database Oracle Internet Directory and Oracle Directory Integration Platform a storage devices local to each node a two shared disks One shared disk contains the database Oracle home On the other shared disk you will install Oracle Internet Directory and Oracle Directory Integration Platform a firewalls to separate the tiers Tier Running the Oracle Internet Directory Oracle Directory Integration Platform and Database In this tier during normal operation the active node mounts the shared disks to access the Oracle Identity Management and database runs the Oracle Internet Directory Oracle Directory Integration Platform and database processes and handles all requests If the active node goes down for any reason the clusterware fails over the processes to the secondary node node 2 which becomes the new active node mounts the shared disks runs the processes and handles all requests To access the active node client
115. TP Server Welcome page http vhost mydomain com 7777 Oracle HTTP Server secure mode https vhost mydomain com 4443 Application Server Control http vhost mydomain com 1156 8 20 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration Figure 8 4 Distributed OracleAS Cold Failover Cluster Identity Management Configuration Distributed OracleAS Cold Failover Cluster Identity Management Configuration On this tier Identity Management includes AF Load Balancer OracleAS Single Sign On i Oracle Delegated Administration Services Oracle Home for Identity Management Virtual Hostname vhost mydomain com On this tier Identity Virtual IP 123 45 67 11 Management includes Oracle Internet Directory Note that the nodes in this tier are active active I I I I Oracle Directory Integration Metadata i and Provisioning K Se DIP on failover i I Y Hardware Cluster Node 1 Node 2 Primary Node Active Secondary Node Physical IP Physical IP 123 45 67 22 123 45 67 33 i on failover y Ga Install OracleAS Metadata Repository in this database Shared Storage Oracle Home for Identity Management Oracle home for existing database Shared Storage 8 6 1 Distributed OracleAS Cold Failover Cluster Identity Management Overview of Installation Steps
116. TTP Server Diagnostic port 7200 7200 7299 Oracle HTTP Server Diagnostic port OracleAS Single Sign On OracleAS Single Sign On z Uses the same port as Oracle HTTP Server Listener Oracle Enterprise Manager 10g Application Server Control Application Server Control Console 1156 1156 1810 Application Server 1829 18100 Control port 18119 C 2 Oracle Application Server Installation Guide Ports to Open in Firewalls Table C 1 Cont Default Port Numbers and Ranges Grouped by Component Port Number Component Default Port Range Name in staticports ini Oracle Management Agent 1157 1157 18120 Oracle Management 18139 Agent port Application Server Control RMI 1850 1850 1869 Application Server 18140 18159 Control RMI port Application Server Control Console SSL 1156 1156 1810 This port number is assigned 1829 18100 after installation when you 18119 configure Application Server Control for SSL See the Oracle Application Server Administrator s Guide for details Enterprise Manager Console HTTP port orcl 5500 5500 5559 Not settable through staticports ini Enterprise Manager Agent port orcl 1831 Not settable through staticports ini Log Loader 44000 44000 44099 Log Loader port Oracle Internet Directory Oracle Internet Directory 389 but see 389 13060 Oracle Internet Directory the Note on 13129 port page 2 10 Oracle Internet Directory
117. TTP Server Failures Section F 3 17 OPMN Configuration Assistant Start DAS Instance Failures Section F 3 18 OPMN Configuration Assistant Start OCA Failures Section F 3 19 WARNING DCM service may not be available at this time Section F 3 20 OracleAS Cluster Identity Management Cluster Configuration Assistant Fails Section F 3 21 OracleAS Cluster Identity Management Installation Fails on Second Oracle Internet Directory Node Section F 3 22 OracleAS Cluster Identity Management Installation Fails on Second Oracle Delegated Administration Services and OracleAS Single Sign On Node F 3 1 Location of Log Files There are two sets of log files The installer writes the following log files F 2 Oracle Application Server Installation Guide Installation Problems and Solutions oraInventory_location logs installActionstimestamp log oraInventory_location logs oraiInstalltimestamp err oraiInventory_location logs oraiInstalltimestamp out Oracle_Home install make log a The configuration assistants write log files in the ORACLE_HOME cfgtoollogs directory Note that if you want to access the log files created by the configuration assistants you need to exit the installer first The log files are inaccessible if the installer is still in use F 3 2 Linking Failed ORA Errors Problem Linking failed and ORA errors were displayed during installation Solution Exit the insta
118. Universal Installer database screens 4 26 disappears after pre installation checks F 4 first few screens infrastructure 4 23 last few screens infrastructure 4 25 log files F 1 OracleAS Certificate Authority screens 4 27 prerequisite checks 2 26 starting 3 8 where it writes files 3 5 oracle user 2 17 7 5 ORACLE_HOME environment variable 2 19 Index 4 ORACLE_SID environment variable 2 19 OracleAS Certificate Authority adding after installation 4 12 groups required for installation 5 5 in silent and non interactive installations B 2 installing 4 21 OracleAS Cluster groups required for installation 5 5 OracleAS Cluster Identity Management 9 1 cluster configuration assistant failure F 10 configuring LDAP virtual server 9 3 configuring load balancer 9 3 configuring SSL and non SSL ports 9 5 deinstalling D 5 deinstalling Oracle Single Sign On Instances D 4 installation failure F 10 installing 9 7 installing middle tiers 9 26 installing on first node 9 9 installing on subsequent nodes 9 12 introduction 9 1 Oracle Internet Directory passwords 9 4 post installation steps 9 24 pre installation steps 9 2 OracleAS Cold Failover Cluster 8 1 ASM recommendations 8 5 clusterware agents 8 5 deinstalling D 4 failover 8 4 in OracleAS Disaster Recovery environment 10 8 installing middle tiers 8 32 installing Oracle Delegated Administration Services and OracleAS Single Sign O
119. _ and pound characters Must not be longer than eight characters a Must not contain PORT or HOST in uppercase characters If you want the name to contain host or port use lowercase characters Example orcl mydomain com Note Be sure that you do not enter two or more periods together for example orcl mydomain com The installer does not check for this and this will lead to errors later during the installation process SID Enter the system identifier for the OracleAS Metadata Repository database Typically this is the same as the global database name but without the domain name The SID must be unique across all databases on this system SIDs have the following naming restrictions a Must contain alphanumeric characters only Must not be longer than eight characters a Must not contain PORT or HOST in uppercase characters If you want the name to contain host or port use lowercase characters Example orcl Database Character Set Select the character set to use See also Section 4 15 Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets Database File Location Enter the full path to the parent directory for the data files directory This parent directory must already exist and you must have write permissions in this directory The installer will create a subdirectory in this parent directory and the subdirectory will have the same name as the SID The data files will be placed in this subdirectory Example If yo
120. _2 mydomain com Virtual IP 123 45 67 111 on failover Node 3 Y Primary Node Active Physical IP 123 45 67 222 Node 4 C Secondary Node Physical IP 123 45 67 333 on failover lt lt Virtual Hostname vhost mydomain com Virtual IP 123 45 67 11 Metadata Repository OID DIP on failover Node 1 Node 2 Primary Node Active Secondary Node Physical IP Physical IP 123 45 67 22 123 45 67 33 I On failover OracleAS Infrastructure oralnventory Directory Shared Storage Installing in High Availability Environments OracleAS Cold Failover Cluster 8 25 Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster 8 7 1 Oracle Delegated Administration Services and OracleAS Single Sign On in OracleAS Cold Failover Cluster Overview of Installation Steps Table 8 8 Overview of Steps for Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster Step Description 1 Perform Pre Installation Steps Pre installation tasks described in Section 8 2 include Section 8 2 1 Map the Virtual Hostname and Virtual IP Address You need two sets of virtual hostnames one set for OracleAS Metadata Repository and Oracle Internet Directory and a second set for Oracle Delegated Administration Services and OracleAS Single Sign On Section 8 2 2 Set Up a File Syst
121. _database_name 7 Delete all the child entries under cn infrastructure_database_name starting with the inner most child entry To delete an entry right click each child entry and select Delete from the pop up menu Click Yes in the Confirmation dialog When deleting child entries you may get some error messages You can ignore these error messages 8 After you have deleted all the entries under en infrastructure_database_name right click this entry and delete it 9 Click Apply F 4 4 Deconfiguration Failed on Distributed OracleAS Cluster Identity Management Problem When running deconfiguring the first OracleAS Single Sign On node on a Distributed OracleAS Cluster Identity Management configured as in Section 9 4 2 Case 2 Client HTTPS gt Load Balancer HTTPS gt Oracle HTTP Server the Deconfig tool fails The log file located at ORACLE_HOME sso log ssoreg 1log has the following error Unable to open file SORACLE_HOME Apache Apache conf osso osso conf Please check the file path SSO registration tool failed Please check the error in this log file correct the problem and re run the tool Troubleshooting F 13 Need More Help Solution The Deconfig tool failed because it was unable to find the SORACLE_ HOME Apache Apache conf osso osso https conf file Perform the following steps to correct this problem P 1 Create a link from osso https conf to osso conf cd SORACLE_HOME Apach
122. a Repository Only The following shows an example of a response file for a silent installation of OracleAS Infrastructure as described in Section 4 22 Installing OracleAS Metadata Repository in a New Database Note that if you do not the LOCATION_FOR_DISKn parameters RESPONSEFILE_VERSION 2 2 1 0 0 UNIX_GROUP_NAME dba EXT_SESSION false FROM_LOCATION mount_point Disk1 stage products xml FROM_LOCATION_CD_LABEL Oracle Application Server 10g LOCATION_FOR_DISK2 path to disk2 files ORACLE_HOME local_location oracle_home ORACLE_HOME_NAME oracle_mrhome_name SHOW_SPLASH_SCREEN false SHOW_WELCOME_PAGE false SHOW_INSTALL_PROGRESS_PAGE false SHOW_COMPONENT_LOCATIONS_PAGE false SHOW_CUSTOM_TREE_PAGE false SHOW_SUMMARY_PAGE false SHOW_REQUIRED_CONFIG_TOOL_PAGE false SHOW_OPTIONAL_CONFIG_TOOL_PAGE false SHOW_RELEASE_NOTES false SHOW_ROOTSH_CONFIRMATION false SHOW_END_SESSION_PAGE false SHOW_EXIT_CONFIRMATION false N N S S EXT_SESSION_ON_FAIL false HOW_DEINSTALL_CONFIRMATION false HOW_DEINSTALL_PROGRESS false oracle iappserver infrastructure SHOW_IAS_COMPONENT_CONFIG_PAGE false ACCEPT_LICENSE_AGREEMENT true RESTART_SYSTEM lt Value CLUSTER_NODES lt Value Unspecified gt Unspecified gt OUI_HOSTNAME mr_host mycompany com PreReqConfigSelections n_ValidationPreReqConfigSelections 0 TOPLEVEL_COMPONENT oracle iappserver infrastructure 10 1 4 0 1
123. a language that you did not install the user interface can display text in that language and or in English or it can display square boxes caused by missing fonts instead of text 3 5 Oracle Application Server Instances and Instance Names When you install the infrastructure what you get is an Oracle Application Server instance The installer prompts you to provide a name for the Oracle Application Server instance you are installing For example you can name an instance infra This name can be different from the Oracle home name You cannot change this name after installation Oracle Application Server appends the hostname and domain name to the given instance name to form a complete instance name For example if you are installing an instance on a computer named c1 and you name the instance infral1 then the full name of the instance is infral cl mydomain com assuming the domain name is mydomain com Things You Should Know Before Starting the Installation 3 3 The ias_admin User and Restrictions on its Password Valid Characters in Instance Names Instance names can consist only of the alphanumeric characters A Z a z 0 9 and the _ underscore character The maximum length for an instance name is 64 characters Restrictions on Oracle Application Server Instance Names Do not use the hostname of the computer when naming Oracle Application Server instances If you are planning to place the Oracle Application Server ins
124. acle Internet Directory Administrator s Guide for details Note You cannot connect to Oracle Internet Directory as the cn orcladmin superuser using the Oracle Delegated Administration Services consoles To connect to Oracle Internet Directory as the superuser use Oracle Directory Manager 5 8 How to Add Users to Groups in Oracle Internet Directory To add users to groups in Oracle Internet Directory you can use these tools Oracle Directory Manager is a Java based tool for managing Oracle Internet Directory a Oracle Delegated Administration Services is a Web based tool intended for end users to perform tasks such as changing their passwords and editing their personal information If users have the proper privileges they can also use this tool to create groups and users Note You cannot log in to Oracle Internet Directory as the cn orcladmin superuser using Oracle Delegated Administration Services In cases where you have to log in as the superuser to add users to groups or to perform other Oracle Internet Directory related tasks you have to use Oracle Directory Manager 5 10 Oracle Application Server Installation Guide How to Add Users to Groups in Oracle Internet Directory 5 8 1 Using Oracle Directory Manager to Add Users to Groups When you have to log in as the cn orcladmin superuser to add users to groups you have to use Oracle Directory Manager instead of Oracle Delegated Administration Servi
125. agement components on node 1 Install Oracle Identity Management components on node 2 Bo ON BE SN Install Oracle Identity Management components on node 3 9 2 4 2 Load Balancer Does Not Support LDAP Service Monitoring If your load balancer does not support LDAP service monitoring then configure your LDAP virtual server to direct requests to node 1 only before starting the installation After you complete an installation on a node then you can add that node to the virtual server For example if you have three nodes 1 Configure the LDAP virtual server to direct requests to node 1 only Install Oracle Identity Management components on node 1 Install Oracle Identity Management components on node 2 Add node 2 to the LDAP virtual server Install Oracle Identity Management components on node 3 Add node 3 to the LDAP virtual server ROB ON 9 3 About Oracle Internet Directory Passwords In OracleAS Cluster Identity Management configurations you install Oracle Internet Directory on multiple nodes and in each installation you enter the instance password in the Specify Instance Name and ias_admin Password screen The password specified in the first installation is used as the password for the cn orcladmin and orcladmin users not just in the first Oracle Internet Directory but in all Oracle Internet Directory installations in the cluster This means that to access the Oracle Internet Directory on any node you have to use
126. ailover Cluster Nodes 8 34 vii 9 Installing in High Availability Environments OracleAS Cluster Identity Management 9 1 OracleAS Cluster Identity Management Introduction cc cece cceeeee cece eeeeeeeesesenees 9 1 9 2 Pre Installation Steps for OracleAS Cluster Identity Management cccccceeeenenees 9 2 9 2 1 Use the Same Path for the Oracle Home Directory recommended cc ces 9 2 9 2 2 Synchronize Clocks on All Nodes cccccccceccccceeseseecscssseseeceseesssnesecesssenesesecessnesesesenees 9 3 9 2 3 Configure Virtual Server Names and Ports for the Load Balancer cccccceees 9 3 9 2 4 Configure Your LDAP Virtual Servet cece ee ceeseeescecessseceeenesessneseseeseseeees 9 3 9 2 4 1 Load Balancer Supports LDAP Service Monitoring ee cseeeeee sete neeeees 9 4 9 2 4 2 Load Balancer Does Not Support LDAP Service Monitoring 9 4 9 3 About Oracle Internet Directory Passwords cccccccsessccceeeececscssseececesesenesesesessnesesesanees 9 4 9 4 About Configuring SSL and Non SSL Ports for Oracle HTTP Server ccceeeeeeeeees 9 5 9 4 1 Case 1 Client HTTP gt Load Balancer HTTP gt Oracle HTTP Server 9 5 9 4 2 Case 2 Client HTTPS gt Load Balancer HTTPS gt Oracle HTTP Server 9 6 9 4 3 Case 3 Client HTTPS gt Load Balancer HTTP gt Oracle HTTP Server 9 6 9 5 Installing an OracleAS Cluster Identity Management Configuration
127. alancer must have SSL acceleration capabilities or you must add a separate SSL Accelerator The conversion from HTTPS to HTTP happens before Oracle HTTP Server receives the request The SSL accelerator must be properly configured prior to installation The installer does not check for this The installer will change the following lines a Inopmn xml1 the installer sets the ssl enabled line in the Oracle HTTP Server section to true a Inhttpd conf the installer adds the following lines LoadModule certheaders_module libexec mod_certheaders so SimulateHttps on Example Table 9 3 Example for Case 3 Values in Screen Resulting Values in Configuration Files HTTP Listener Port 9000 In httpd conf Enable SSL Unchecked Port 443 HTTP Load Balancer Port 443 Listen 9000 Enable SSL Checked In ssl conf Port lt default port number assigned by installer gt Listen lt default port number assigned by installer gt 9 5 Installing an OracleAS Cluster Identity Management Configuration In this configuration you need an existing database that is already running in a configuration supported by the OracleAS RepCA Oracle recommends running the database in a high availability environment such as a Real Application Clusters database You also need additional nodes at least two nodes to run Oracle Identity Management components In this configuration Oracle Internet Directory OracleAS Single Sign On and Oracle Delegated Adminis
128. ame SHOW_SPLASH_SCREEN false SHOW_WELCOME_PAGE false SHOW_INSTALL_PROGRESS_PAGE false SHOW_COMPONENT_LOCATIONS_PAGE false S S S S S S S S HOW_CUSTOM_TREE_PAGE false HOW_SUMMARY_PAGE false HOW_REQUIRED_CONFIG_TOOL_PAGE false HOW_OPTIONAL_CONFIG_TOOL_PAGE false HOW_RELEASE_NOTES false HOW_ROOTSH_CONFIRMATION false HOW_END_SESSION_PAGE false HOW_EXIT_CONFIRMATION false NEXT_SESSION false B 4 Oracle Application Server Installation Guide Create the Response File NEXT_SESSION_ON_FAIL false SHOW_DEINSTALL_CONFIRMATION false SHOW_DEINSTALL_PROGRESS false oracle iappserver infrastructure SHOW_IAS_COMPONENT_CONFIG_PAGE false ACCEPT_LICENSE_AGREEMENT true RESTART_SYSTEM lt Value Unspecified gt CLUSTER_NODES lt Value Unspecified gt OUI_HOSTNAME im_host mycompany com PreReqConfigSelections n_ValidationPreReqConfigSelections 0 TOPLEVEL_COMPONENT oracle iappserver infrastructure 10 1 4 0 1 DEINSTALL_LIST oracle iappserver infrastructure 10 1 4 0 1 oracle iappserver infrastructure szl_ PortListSelect YES private jdoe mystaticports ini COMPONENT_LANGUAGES en INSTALL_TYPE Infrastructure_ID oracle iappserver infrastructure b_configureMETA false oracle iappserver infrastructure b_configureOID true oracle iappserver infrastructure b_configureSSO true oracle iappserver infrastructure b_configureDAS true oracle iappserver infrastructure b_confi
129. ame B 11 23 U ia64 1221911087 unlimited user license In this example the version of HP UX Itanium 11i is 11 23 2 To determine whether the bundle is installed enter the following command usr sbin swlist grep BUNDLE If the bundle is not installed download it from the following Web site and install it http www software hp com SUPPORT_PLUS qpk html 3 To determine whether a bundle or product is installed enter the following command usr sbin swlist l product more If a required product is not installed you must install it See your operating system or software documentation for information about installing products 4 To determine whether a patch is installed enter a command similar to the following usr sbin swlist l patch grep PHKL_29198 Alternatively to list all installed patches enter the following command 2 6 Oracle Application Server Installation Guide Kernel Parameters usr sbin swlist l patch more If a required patch is not installed download it from the following URL and install it http itresourcecenter hp com 2 4 Kernel Parameters The computers on which you plan to install OracleAS Metadata Repository require their kernel parameters to be set to the minimum values listed in the following sections a Section 2 4 1 Kernel Parameter Settings for OracleAS Metadata Repository 2 4 1 Kernel Parameter Settings for OracleAS Metadata Repository Verify that the kernel
130. ame Oracle Internet Directory make sure you configure OracleAS Single Sign On before Oracle Delegated Administration Services This is because Oracle Delegated Administration Services depends on mod_osso which will not be set up during installation unless the Oracle Internet Directory it points to already has OracleAS Single Sign On configured If you have an Oracle Identity Management installation that includes Oracle Directory Integration Platform but does not include Oracle Internet Directory you will still see an Oracle Internet Directory process in the opmnct1 status output This is because oidmon must be installed and started in order to start the Oracle Directory Integration Platform process 4 6 Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration Platform Components These components are optional but you might want to install them because they provide the following services Oracle Delegated Administration Services provide a browser based interface to Oracle Internet Directory Users can use the interface to perform tasks such as changing their passwords searching for other users in the directory and creating groups Users can even create additional users if they have the proper privilege Oracle Directory Integration Platform enables you to integrate applications and third party LDAP directories with Oracle Internet Directory You can use Oracle Directory Integration Platform to synchroniz
131. ample opt oracle oraInventory Specify Operating System group name Select the operating system group that will have write permission for the inventory directory Example oinstall Click Next 4 RunorainstRoot sh This screen appears only if this is the first installation of any Oracle product on this computer Run the orainstRoot sh script in a different shell as the root user The script is located in the oralnventory directory After running the script click Continue 5 Specify File Locations Name Enter a name to identify this Oracle home The name can consist of alphanumeric and the underscore _ characters only and cannot be longer than 128 characters Example OH_INFRA Path Enter the full path to the destination directory This is the Oracle home If the directory does not exist the installer creates it If you want to create the directory beforehand create it as the oracle user do not create it as the root user Example opt oracle infra Click Next 6 Specify Hardware This screen appears only if the computer is part of a hardware cluster Cluster Installation Mode If you are installing an infrastructure select the computers in the hardware cluster where you want to install the infrastructure You can select multiple computers or you can just select the current computer Click Next 7 Select a Product to Install Select Oracle Application Server Infrastructure 10g If you need to install additional languages click Product
132. and cannot be deselected This is because you selected Enable SSL for the HTTP Listener In opmn xm1 the installer sets the ss1 enabled line in the Oracle HTTP Server section to true Example Table 9 2 Example for Case 2 Values in Screen Resulting Values in Configuration Files HTTP Listener Port 90 In httpd conf Enable SSL Checked Port lt default port number assigned by installer gt HTTP Load Balancer Port 443 Listen lt default port number assigned by installer gt Enable SSL Checked meci tose Port 443 Listen 90 Note that in this case you will have to perform an additional post configuration step See Section 9 7 3 Update targets xml Case 2 only 9 4 3 Case 3 Client HTTPS gt Load Balancer HTTP gt Oracle HTTP Server HTTP Listener Port Enter the port number that you want Oracle HTTP Server to listen on This will be the value of the Listen directive in the httpd conf file Enable SSL Do not select this option HTTP Load Balancer Hostname Enter the name of the virtual server on the load balancer configured to handle HTTPS requests 9 6 Oracle Application Server Installation Guide Installing an OracleAS Cluster Identity Management Configuration HTTP Load Balancer Port Enter the port number that the HTTP virtual server listens on This will be the value of the Port directive in the httpd conf file Enable SSL Select this option Note that in this configuration the load b
133. ar component for example cn DAS whose groups you want to add users to 5 Expand orclApplicationCommonName appName where appName is specific to the component and application server instance If you have installed multiple instances of a component you would see multiple instances of this entry 6 Click the group to which you want to add users Figure 5 5 shows Oracle Directory Manager with the Component Owners group for Oracle Delegated Administration Services selected Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 13 How to Add Users to Groups in Oracle Internet Directory Figure 5 5 Using Oracle Directory Manager to Add Users to the Component Users Group for the Oracle Delegated Administration Services Component Oracle Directory Manager File Edit View Operation Help E JaA ag bE DHX DY ORACLE System Objects n sts cn DAS orclApplicationCommonName DASApp cn Component Owners D Oracle Internet Directory Servers OB cn orcladmin broeser sun 3060 leyAccess Control Management D Eyattribute Uniqueness Management Component Owners AjAudit Log Management ls Change Log Management OEntry Management ota en OracleContext createtimestamp ber 12 2003 4 41 08 AN UTC aie cn Computers creatorsname fnorclamin Saa OQ cn Extended Properties EA cn Groups description Quners of this Component QI cn IASDB SQA cn OracleDBAQUsers SA cn OracleDBCreators ie ie aa
134. are from Oracle E Delivery a Section 3 14 Setting the Mount Point for the CD ROM or DVD a Section 3 15 Starting the Oracle Universal Installer 3 1 Oracle Home Directory The directory in which you install Oracle Application Server is called the Oracle home During installation you specify the full path to this directory and a name for this Oracle home For example you can install OracleAS Infrastructure in opt oracle OraHome_ Infra and you can name it Infra Names of Oracle homes must be 128 characters or fewer and can contain only alphanumeric characters and underscores Things You Should Know Before Starting the Installation 3 1 Can Use Symbolic Links Notes Spaces are not allowed anywhere in the Oracle home directory path For example you cannot install in opt oracle app server Infra because of the space character in app server The installer does not check for this until several screens after you have entered the path If you plan to install a middle tier and an infrastructure on the same computer you must install them in different Oracle home directories The installer does not allow you to install a middle tier and an infrastructure in the same Oracle home Tip If you install multiple Oracle Application Server instances for example an OracleAS Infrastructure and a middle tier on the same computer create scripts for setting the environment for each instance This is to ensure tha
135. asha IN A 138 1 2 444 asinfra asha IN A 138 1 2 111 remote_infra asha IN A 213 2 2 110 On the standby site the DNS entries look like this asmid1 asha IN A 213 2 2 330 asmid2 asha IN A 213 2 2 331 asinfra asha IN A 213 2 2 110 remote_infra asha IN A 138 1 2 111 Method 2 Edit the etc hosts file on each node on both sites This method does not involve configuring DNS servers but you have to maintain the hosts file on each node in the OracleAS Disaster Recovery environment For example if an IP address changes you have to update the files on all the nodes and restart the nodes Method 2 Details a On each node on the production site include these lines in the etc hosts file The IP addresses resolve to nodes on the production site Note Inthe hosts file be sure that the line that identifies the current node comes immediately after the localhost definition the line with the 127 0 0 1 address 127 0 0 1 localhost 138 1 2 333 asmidl oracle com asmidl 138 1 2 444 asmid2 oracle com asmid2 138 1 2 111 asinfra oracle com asinfra b On each node on the standby site include these lines in the hosts file The IP addresses resolve to nodes on the standby site 10 6 Oracle Application Server Installation Guide Setting up the OracleAS Disaster Recovery Environment Note Inthe hosts file be sure that the line that identifies the current node comes immediately after the localhost definition the line with
136. ast Few Screens of the Installation for details 4 22 Installing OracleAS Metadata Repository in a New Database Perform this procedure to create a new database and populate it with the OracleAS Metadata Repository This procedure does not install any Oracle Identity Management components Installing OracleAS Infrastructure 4 15 Installing Oracle Identity Management Components Only Including Oracle Internet Directory Table 4 7 Steps for Installing OracleAS Metadata Repository in a New Database Screen Action 1 Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Metadata Repository 2 Select Configuration Do not select High Availability and Replication Optioris Click Next 3 Register OracleAS If you already have an Oracle Internet Directory and know its connect information Metadata Repository select Yes and enter the name of the computer where Oracle Internet Directory is running and the port number See Section 4 17 How to Determine Port Numbers Used by Components if you do not know the port number Use Only SSL Connections with this Oracle Internet Directory Select this option if you want Oracle Application Server components to use only SSL to connect to Oracle Internet Directory If you do not have an Oracle Internet Directory or do not know its con
137. astructure The installation steps are similar to that for OracleAS Cold Failover Cluster See Section 8 3 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration for the screen sequence Note the following points a Select Configuration Options screen be sure you select High Availability and Replication See Table 8 2 step 2 a Specify Virtual Hostname screen enter an alias as the virtual address for example asinfra oracle com See Table 8 2 step 6 10 3 2 Installing Middle Tiers You can install any type of middle tier that is compatible with Oracle Application Server 10g 10 1 4 0 1 See the Oracle Application Server Upgrade and Compatibility Guide for more information To install a middle tier see the Oracle Application Server Installation Guide for the release Note the following points a When the installer prompts you to register with Oracle Internet Directory and asks you for the Oracle Internet Directory hostname enter the alias of the node running OracleAS Infrastructure for example asinfra oracle com 10 4 Installing the OracleAS 10g 10 1 2 0 2 Standalone Install of OracleAS Guard into Oracle Homes OracleAS 10g 10 1 2 0 2 standalone install of OracleAS Guard is located on Companion CD Disk 2 This standalone install of OracleAS Guard can be installed in the following environments a Inits own home in the case when you are cloning an instance or topology to a new standby system see
138. ation Platform if you need the services provided by these components See Section 4 6 Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration Platform Components Select Oracle Application Server Certificate Authority OCA if you want to configure your own certificate authority which can issue certificates for users and servers Do not select High Availability and Replication Click Next 3 Specify Port If you want to use default ports for the components select Automatic Configuration Options If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file Click Next 4 Specify Repository Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next 5 Specify Namespace in Select the suggested namespace or enter a custom namespace for the location of Internet Directory the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment nee
139. bin opmnctl stopall c Perform the following command to start OPMN prompt gt ORACLE_HOME opmn bin opmnctl startall 1 3 3 Installing a Distributed Oracle Identity Management with a Standalone Oracle HTTP Server In this topology there are three Oracle Homes as depicted in Figure 1 3 The first Oracle Home contains Oracle HTTP Server The second Oracle Home contains OracleAS Single Sign On and Oracle Delegated Administration Services The second Oracle Home contains Oracle Internet Directory and Oracle Directory Integration Platform This topology can be associated with a 10g Release 2 10 1 2 or 10g Release 3 10 1 3 middle tier Figure 1 3 Cluster with a Distributed Oracle Identity Management with a Standalone Oracle HTTP Server Oracle Home 1 Oracle Home 3 OC4J SSO DAS Application Server Control OracleAS Metadata Repository Product and Installation Overview 1 7 Recommended Topologies Requirements The requirements are the same as those listed in Chapter 2 Requirements Installation Sequence To install this topology 1 Install OracleAS Metadata Repository on a shared disk It is recommended that you install OracleAS Metadata Repository in an existing database See Oracle Application Server Metadata Repository Creation Assistant User s Guide for details Install Oracle HTTP Server with Apache 2 0 from Oracle Application Server Companion CD included in the 10g Release 2 10 1 2 or 10g Release
140. bled components In this case the home OC4J instance is disabled F 3 21 OracleAS Cluster Identity Management Installation Fails on Second Oracle Internet Directory Node Problem After successfully installing Oracle Internet Directory on the first node of an OracleAS Cluster Identity Management the installation of Oracle Internet Directory fails on the second node Solution Perform the following steps to correct the problem 1 Run the following command to connect to the database prompt gt sqlplus ods password 2 Remove the registry information for node 2 from the IMCFREGISTRY table SQL gt delete from IMCFREGISTRY where IASINSTANCE node2_instance_name 3 Remove the PROCESS information from ODS_PROCESS SQL gt delete from ods_process where hostname node2_hostname 4 Remove OIDMON information from ODS_SHM SQL gt delete from ods_shm where NODENAME node2_hostname 5 Commit the changes to the database and exit SQL gt commit SQL gt exit F 3 22 OracleAS Cluster Identity Management Installation Fails on Second Oracle Delegated Administration Services and OracleAS Single Sign On Node Problem After successfully installing Oracle Delegated Administration Services and OracleAS Single Sign On on the first node of an OracleAS Cluster Identity Management the installation of Oracle Delegated Administration Services and OracleAS Single Sign On fails on the second node F 10 Oracle Applicat
141. cation Server Installation Guide D Deinstallation and Reinstallation This appendix guides you through the deinstallation and reinstallation process for Oracle Application Server Section D 1 Deconfig Tool a Section D 2 Deinstallation Procedure Overview a Section D 3 Deinstalling OracleAS Cold Failover Cluster Installations a Section D 4 Deinstalling OracleAS Single Sign On Instances in OracleAS Cluster Identity Management a Section D 5 Deinstalling OracleAS Cluster Identity Management a Section D 6 Deinstalling OracleAS Infrastructure a Section D 7 Harmless Errors in the Log File a Section D 8 Cleaning Up Oracle Application Server Processes a Section D 9 Reinstallation a Section D 10 Troubleshooting D 1 Deconfig Tool In this release there is a tool called the Deconfig tool that you need to run as part of the deinstallation procedure This tool removes entries in OracleAS Metadata Repository and Oracle Internet Directory for the Oracle Application Server instance that you want to deinstall The Deconfig tool does not remove partner application entries If you need to remove partner application entries follow the steps in Section F 4 1 Obsolete Partner URLs Still Remain on the OracleAS Single Sign On Administration Screen The Deconfig tool does not remove OracleAS Clusters from the farm If you are deinstalling OracleAS Clusters you will need to run the dcmct1 removecluster com
142. cation of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next 9 11 Installing an OracleAS Cluster Identity Management Configuration Table 9 4 Cont Steps for Installing OracleAS Cluster Identity Management on the First Node Screen Action 8 9 Specify Host and Port for LDAP Specify HTTP Listen Port Load Balancer Host and Port 10 Specify Instance Name 11 and ias_admin Password The values you enter in this screen depend on your scenario There are two possible scenarios Scenario 1 You have configured a virtual server on your load balancer to handle LDAP traffic from Oracle Delegated Administration Services and OracleAS Single Sign On to Oracle Internet Directory Scenario 2 You do not have a load balancer Hostname In scenario 1 enter the name of the virtual server in this field Enter the same virtual server name that you configured on the load balancer In scenario 2 if the Oracle Internet Directory is highly available enter the virtual hostname of the computer running Oracle Internet Directory For Oracle Internet Directory deployments that are not highly available enter the physical hostname of the computer running Oracle Internet Directory Notes on th
143. ccount unlock 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory Perform this procedure to install Oracle Identity Management components without installing an OracleAS Metadata Repository 4 16 Oracle Application Server Installation Guide Installing Oracle Identity Management Components Only Including Oracle Internet Directory Follow this procedure to configure Oracle Internet Directory against a remote OracleAS Metadata Repository You have installed the OracleAS Metadata Repository in an existing database see the Oracle Application Server Metadata Repository Creation Assistant User s Guide or in a new database Section 4 22 Installing OracleAS Metadata Repository in a New Database Prerequisite OracleAS Metadata Repository that is not already registered with any Oracle Internet Directory Table 4 8 Steps for Installing Oracle Identity Management Components Only Including Oracle Internet Directory Screen Action 1 Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Oracle Identity Management 2 Select Configuration Select Oracle Internet Directory Options Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services and or Oracle Directory Integr
144. ces To add users using Oracle Directory Manager 1 Start up Oracle Directory Manager ORACLE HOME refers to the home directory where Oracle Internet Directory is installed prompt gt cd ORACLE_HOME bin prompt gt oidadmin In the Oracle Directory Manager Connect screen enter the connect information for Oracle Internet Directory a User Enter cn orcladmin a Password Enter the password for cn orcladmin a Server and Port Click the icon at the right of the field to enter the name of the computer running Oracle Internet Directory and the port number on which Oracle Internet Directory is listening a Click Login On the left side navigate to the group to which you want to add users Select the group on the left side to display its attributes on the right side To navigate to global groups see Section 5 8 1 1 Navigating to Global Groups To navigate to metadata repository groups see Section 5 8 1 2 Navigating to Metadata Repository Groups To navigate to component groups see Section 5 8 1 3 Navigating to Component Groups Add new users to the group by adding the DNs of the users to the uniquemember attribute 5 8 1 1 Navigating to Global Groups The global groups are listed in Table 5 1 The general navigation path is as follows See Figure 5 3 for a screenshot 1 2 3 Expand the top level entry Oracle Internet Directory Servers Expand the specific Oracle Internet Directory Expan
145. cesesescsesesesesescseseseseseseens 3 7 Finding and Downloading the Oracle Application Server 10g 10 1 4 0 1 E Pack 3 7 Finding Required and Optional Downloads ccccesesseeseesssetescetesesesnsteteseseeeeseseseenans 3 7 Disk Space Reqg irementsrns neksen na iiin ea a e N coc evotedss 3 7 Software Requirements for Unzipping Files sssssssssssessessessessetississesnentensisnessneneenees 3 7 Extracting Software from the Zip Files ccccssesesesssssssesesesesesescseeesesesssseeecsees 3 8 Setting the Mount Point for the CD ROM or DVD ccccccccccesesteteeseecetescenenesesesesneseseseeeenens 3 8 5 3 15 Starting the Oracle Universal Installer cccceccesecsessesesccesesescsesesesesescseseseecsesssnseseeeesens 3 8 Installing OracleAS Infrastructure 4 1 Infrastructure Installation Types cece cesses cesssseseecesesesseesesesessssesesesseseesesesesseeeees 4 1 4 2 Why Would I Select the Different Infrastructure Installation Types ccccceeeeeees 4 2 4 3 Order of Installation for the Infrastructure ccceccecesessesecseeececeeseceeecceeceaeaeeeenecaecaeeeseaeeaees 4 3 4 4 Can I Install Components on Separate Computers cccccecccsesesceceesesesteteeeseeeeesesesteenens 4 4 4 5 Tips for Installing Oracle Identity Management Components Separately cccccce 4 5 4 6 Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration Platform Component c cccece cec
146. cess the infrastructure For example if vhost mydomain com is the virtual hostname the URLs for the Oracle HTTP Server and the Application Server Control would look like the following URL for Example URL Oracle HTTP Server Welcome page http vhost mydomain com 7777 Oracle HTTP Server secure mode https vhost mydomain com 4443 Installing in High Availability Environments OracleAS Cold Failover Cluster 8 7 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration URL for Example URL Application Server Control http vhost mydomain com 1156 Oracle Application Server Middle Tiers You can install and run the middle tiers on other nodes nodes that are not running OracleAS Infrastructure During installation you set up the middle tiers to use services from the OracleAS Infrastructure installed on the shared storage device You can also install and run the middle tiers on the cluster nodes without using an OracleAS Cold Failover Cluster configuration for the middle tiers In this case you install middle tiers using the regular installation process If you do this make sure the middle tier ports will not conflict with the OracleAS Infrastructure ports when a failover occurs 8 3 1 OracleAS Cold Failover Cluster Infrastructure Overview of Installation Steps To set up an OracleAS Cold Failover Cluster Infrastructure configuration perform these steps Table 8 1 Overview of Ins
147. cle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Select Oracle Application Server Certificate Authority OCA if you want a certificate authority Select High Availability and Replication Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file in the provided field Click Next Select Virtual Host and click Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next Note This is a critical screen when installing the infrastructure in an OracleAS Cold Failover Cluster If you do not see this screen check the following a Return to the Select High Availability or Replication Option screen and ensure that you selected Virtual Host a Return to the Select Configuration Options screen and ensure that you selected High Availability and Replication Virtual Hostname Enter the virtual hostname for the OracleAS Cold Failover Cluster configuration
148. cleAS Cold Failover Cluster Step 2 Install OracleAS Infrastructure Ina distributed OracleAS Cold Failover Cluster Infrastructure configuration you install both OracleAS Metadata Repository and Oracle Identity Management components except for OracleAS Single Sign On Oracle Delegated Administration Services and OCA in the same Oracle home by selecting Identity Management and OracleAS Metadata Repository in the Select Installation Type screen This option creates a new database for the OracleAS Metadata Repository and a new Oracle Internet Directory The steps are the same as those listed in step 2 Install OracleAS Infrastructure on page 8 8 except that in the Select Configuration Options screen do not select OracleAS Single Sign On Oracle Application Server Delegated Administration Services and OracleAS Certificate Authority OCA Step 3 Perform Post Installation Steps The following step is required only if you meet both of these requirements You plan to use the Automatic Storage Management ASM feature of Oracle Database 10g for the OracleAS Metadata Repository a Your computer does not have an existing Oracle Database 10g Installing in High Availability Environments OracleAS Cold Failover Cluster 8 13 Installing an OracleAS Cold Failover Cluster Identity Management Configuration If you meet these requirements you need to configure the CSS daemon on the other node The CSS daemon synchronizes ASM instances wit
149. com Vv Mid Tier Associated Admins Mid Tiers Repository Owners Associated Mid Tiers Members Members Members Members Members orcladmin J2EE orcladmin orcladmin PW1 userA A userB userB The numbers in the figure correspond to these steps 1 Install OracleAS Infrastructure including Oracle Internet Directory and OracleAS Metadata Repository This first installation creates an Oracle Internet Directory and a metadata repository The installer registers the metadata repository with Oracle Internet Directory by creating the orcl oracle com entry The orcladmin user becomes a member of the Repository Owners group and the Mid Tier Admins group for this repository 2 Install J2EE and Web Cache Middle Tier userA was added to the following groups a Mid Tier Admins group of orcl oracle com This enables userA to use the orcl oracle com repository for this middle tier Note that this group is required only if you install the J2EE and Web Cache middle tier with the OracleAS Database Based Cluster option If you install the middle tier without this option userA does not need to belong to this Mid Tier Admins group a iAS Admins group The installer registers this middle tier with Oracle Internet Directory by creating the J2EE entry The J2EE is the name of the middle tier instance specified by userA The middle tier becomes a member of the Associated Mid Tiers group for orcl oracle com
150. com 138 1 2 111 icmp_seq 0 time 0 ms RE prompt gt ping iasmid2 ping the second production midtier node PING iasmid2 56 data byes 64 bytes from iasmid2 oracle com 138 1 2 444 icmp_seq 0 time 0 ms aE prompt gt ping prodmid2 ping the second production midtier node PING prodmid2 56 data byes 64 bytes from prodmid2 oracle com 138 1 2 444 icmp_seq 0 time 0 ms SC prompt gt ping standbymidl ping the first standby midtier node PING standbymid1 56 data byes 64 bytes from standbymidl oracle com 213 2 2 330 icmp_seq 0 time 0 ms Installing in High Availability Environments OracleAS Disaster Recovery 10 7 Installing Oracle Application Server in an OracleAS Disaster Recovery Environment aE 10 2 4 If You Want to Use OracleAS Cold Failover Cluster on the Production Site On the production site of a OracleAS Disaster Recovery system you can set up the OracleAS Infrastructure to run in a OracleAS Cold Failover Cluster configuration In this case you have two nodes in a hardware cluster and you install the OracleAS Infrastructure on a shared disk See Chapter 8 Installing in High Availability Environments OracleAS Cold Failover Cluster for details Figure 10 4 Infrastructure in an OracleAS Cold Failover Cluster Configuration Production Site Standby Site OracleAS Cold Failover Cluster unchanged Nodes running middle tiers unchanged To set up OracleAS Cold Failover Cl
151. ctions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 4 26 Installing OCA and OracleAS Metadata Repository Only Perform this procedure to install the OCA and the OracleAS Metadata Repository components only Prerequisites Oracle Internet Directory version 9 0 4 or later Installing OracleAS Infrastructure 4 21 Installing OCA and OracleAS Metadata Repository Only Table 4 11 Steps for Installing OCA and OracleAS Metadata Repository Screen Action 1I 2 Select Configuration Options 3 Specify Port Configuration Options 4 Register with Oracle Internet Directory 5 Specify Oracle Internet Directory Login 6 OCA screens 7 Oracle Database screens 8 Specify Instance Name and ias_admin Password Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Identity Management and OracleAS Metadata Repository Do not select Oracle Internet Directory because you want to use an existing one Do not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Do not select Oracle Directory Integration Platform Select Oracle Application Ser
152. ctl restartproc ias component HTTP_Server 5 Once mod_osso is configured you can configure Oracle Delegated Administration Services using the Application Server Control See the Oracle Internet Directory Administrator s Guide for details 11 4 Oracle Application Server Installation Guide What to Do Next 11 8 Components that Require Post Installation Tasks If you plan to use any of the components listed in Table 11 2 you need to perform some steps specific to the component after installation before you can use the component Table 11 2 lists the component guides that describe the steps Table 11 2 Components Requiring Post Installation Steps Component Guide That Describes the Post Installation Steps OracleAS Certificate Authority Oracle Application Server Certificate Authority Administrator s Guide 11 9 What to Do Next After installing Oracle Application Server you should read the Oracle Application Server Administrator s Guide Specifically you should read the Getting Started After Installing Oracle Application Server chapter You should also perform a complete Oracle Application Server environment backup after installing Oracle Application Server This enables you to restore a working environment in case something goes wrong For details on how to perform a complete Oracle Application Server environment backup see the Oracle Application Server Administrator s Guide You should also perform a complete Oracle
153. ctory 6 Specify Instance Name and ias_admin Password Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example infra ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restri
154. d Enter the user s password Hostname and Port Enter the names of all the nodes where the Real Application Clusters database is running and the port numbers Use the format host1 domain com port1 host2 domain com port2 Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next 5 Warning This warning reminds you that you are installing this instance as part of an OracleAS Cluster Identity Management and that you need to synchronize the clocks on the nodes in the cluster See Section 9 2 2 Synchronize Clocks on All Nodes Click OK Installing in High Availability Environments OracleAS Cluster Identity Management 9 13 Installing an OracleAS Cluster Identity Management Configuration Table 9 5 Cont Steps for Installing OracleAS Cluster Identity Management on Subsequent Screen Action 10 11 Specify Existing Oracle Application Server Clusters Name Specify ODS Password Specify Host and Port for LDAP Warning Specify Oracle Internet Directory Login Specify HTTP Load Balancer Host and Ports Specify an existing OracleAS Cluster Identity Management for the current instance to join The cluster was created during a previous identical installation Note that the cluster name is case sensitive Example cluster1 Click Next Enter the password for the ODS schema in the Oracl
155. d Oracle Internet Directory to be listening on both SSL and non SSL ports when you install OracleAS Single Sign On and Oracle Delegated Administration Services Installing in High Availability Environments OracleAS Cluster Identity Management 9 15 Installing a Distributed OracleAS Cluster Identity Management Configuration Figure 9 2 Distributed OracleAS Cluster Identity Management Configuration Distributed OracleAS Cluster Identity Management Configuration ce Load Balancer On this tier Identity Management includes Oracle Delegated Administration Services OracleAS Single Sign On Oracle Home for Identity Management inventory Directory inventory Directory Firewall On this tier Identity Management includes Oracle Internet Directory Oracle Directory Integration and Provisioning J J OID OID F DIP a DIP inventory Directory inventory Directory Firewall 9 Oracle Home for Database with OracleAS Metadata Repository Subsections a Section 9 6 1 Installation Order 9 16 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cluster Identity Management Configuration a Section 9 6 2 Installing OracleAS Metadata Repository m Section 9 6 3 Installing Oracle Internet Directory on the First Node a Section 9 6 4 Installing Oracle Internet Directory on Subsequent Nodes a Section 9 6 5
156. d Replication Click Next Select Manual and enter the fullpath to your staticports ini file in the provided field You need to use staticports ini file for OracleAS Cluster Identity Management configurations See Section 9 6 5 1 Set up staticports ini File Click Next Select OracleAS Cluster Identity Management and click Next For the first node select Create a New OracleAS Cluster For subsequent nodes select Join an Existing Cluster Click Next For the first node enter a name for a new OracleAS Cluster Identity Management Example cluster1 For subsequent nodes enter the name of the existing OracleAS Cluster Identity Management Note Be very sure that the cluster name you enter is correct The installer does not perform any checks on this name If the name is incorrect the installation will fail Click Next 9 22 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cluster Identity Management Configuration Table 9 8 Cont Steps for Installing Oracle Delegated Administration Services and OracleAS Single Sign On in a Distributed OracleAS Cluster Identity Management Configuration Screen Action 7 Specify Host and Port for The installer will use the values on this screen to connect to Oracle Internet LDAP Directory Hostname Enter the LDAP virtual server name of the load balancer Enter the same virtual server name that you configured on the load balancer SSL
157. d by a hardware cluster or a load balancer and is used by the middle tier and OracleAS Infrastructure components to access the OracleAS Infrastructure This is regardless of whether the OracleAS Infrastructure is in a single node installation in the OracleAS Cold Failover Cluster solution or in the OracleAS Clusters solution The virtual hostname is associated with a virtual IP This is the name that gives the Oracle Application Server middle tiers a single system view of the OracleAS Infrastructure with the help of a hardware cluster or load balancer This name IP entry must be added to the DNS that the site uses so that the middle tier nodes can associate with the OracleAS Infrastructure without having to add this entry into their local etc hosts or equivalent file For example if the two physical hostnames of the hardware cluster are nodel mycompany com and node2 mycompany com the single view of this cluster can be provided by the name selfservice mycompany com In the DNS selfservice maps to the virtual IP address of the OracleAS Infrastructure which either floats between nodei and node2 via a hardware cluster or maps to nodel and node2 by a load balancer all without the middle tier knowing which physical node is active and actually servicing a particular request See Also Oracle Application Server High Availability Guide You cannot specify a virtual hostname during Oracle Application Server middle tier installation but you can s
158. d or Oracle Application Server Certificate Authority OCA if you need these components Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file in the provided field Click Next Enter information for the OracleAS Metadata Repository that you want to use for the replica Notes a This OracleAS Metadata Repository cannot already be registered with any Oracle Internet Directory The master Oracle Internet Directory which you will specify in step 7 must not already contain a registration for a database with the same global database name or SID as this OracleAS Metadata Repository The installer does not check this for you Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next This screen is required to install a replica If you do not see this screen return to the Select Configuration Options screen and ensure you sel
159. d the Oracle home Troubleshooting F 3 Installation Problems and Solutions directory that you specified If you later try to install again in the same directory which contains some files created by the installer the installer gives a warning that the directory is not empty Steps to take 1 In the warning dialog click No to return to the Specify File Locations screen 2 In the Specify File Locations screen click Installed Products This displays the Inventory screen If your Oracle home is listed in the Inventory screen then you have to deinstall the Oracle home See Appendix D Deinstallation and Reinstallation for details If your Oracle home is not listed in the Inventory screen then you can just delete the files from the Oracle home and continue with the installation F 3 5 Messages About SHMMAX and SEMMSL Problem The installer displays messages about SHMMAX and SEMMSL when installing the OracleAS Metadata Repository Solution Check the following in the etc systen file a The installer does not recognize commented out entries in the etc system file for kernel parameters It reads the commented out entries and fails if the commented lines are below the required values You have to remove such lines from the file The installer ignores entries in the file that have syntax errors Make sure that the lines for the required kernel parameters do not have any syntax errors The installer does not read very la
160. d the following entries Entry Management gt cn OracleContext gt cn Groups Click the group to which you want to add users Figure 5 3 shows Oracle Directory Manager with the iASAdmins group selected Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 11 How to Add Users to Groups in Oracle Internet Directory Figure 5 3 Using Oracle Directory Manager to Add Users to Global Groups Oracle Directory Manager File Edit View Operation Help E IJa Las be DOTY ORACLE System Objects P orcladmin bro try Management cn O0racleContext cn Groups cn iASAdmins gt Ls Change Log Management O Entry Management f en OracleContext View Properties Only Non null Values All C Advanced ie ie QA cn Computers cnt iASAdmins 3 cn Extended Properties 9 03 cn Groups DAA cn ASPAdmins S cn authenticationServices createtimestamp ber 12 2003 4 30 21 AM UTC ju cn Common Group Attributes creatorsname fnorclamin e QA cn Common User Attributes 1an 3 cn ComputerAdmins Z description Group of IAS Administrators o cen CRL dmins QA cn IAS amp User Mgmt Applicati g g 7 en iASAdmins ee ou en O0racleContextAdmins displaynane IAS Administrators PQA cn 0racleDASAccountAdminGrou dn EneifGhdains eneGroupa cnsOracleContext Q cn OracleDASAdminGroup nodifiersnane SQ cn OracleDASConf iguration OQ cn OracleDASCreateGroup PQA cn OracleDASCreateUser Oo cen O0racleDASDeleteGr
161. db_hostname PORT db_port In this example db_hostname is the fully qualified hostname for the existing database and db_port is the port for the existing database 5 Add an ADDRESS entry to the ADDRESS_LIST entry for the new Oracle Application Server instance LISTENER DESCRIPTION_LIST DESCRIPTION ADDRESS_LIST ADDRESS PROTOCOL TCP HOST db_hostname PORT db_port ADDRESS PROTOCOL TCP HOST new_hostname PORT new_port In this example new_hostname is the fully qualified hostname for the new Oracle Application Server instance and new_port is the port for the new Oracle Application Server instance See Section 2 5 4 1 If Port 1521 Is In Use by an Existing Oracle Database for information on ensuring that the database listeners to not conflict 6 Start the listener for the existing database prompt gt lsnrctl start 8 3 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration Figure 8 1 shows an OracleAS Cold Failover Cluster Infrastructure configuration 8 6 Oracle Application Server Installation Guide Installing an OracleAS Cold Failover Cluster Infrastructure Configuration Figure 8 1 OracleAS Cold Failover Cluster Infrastructure Configuration Normal Mode Failover Mode Virtual Hostname vhost mydomain com Virtual Hostname vhost mydomain com Virtual IP 123 45 67 11 Virtual IP 123 45 67 11 Li on failover l
162. de standard UTF 8 AL32UTF8 s_dbSid inf7296 s_globalDBName infra_host mycompany com b_loadExampleSchemas false Specify Database Management Option s_dlgEMEmailNotificationSelected N s_dlgEMOptionSelected Use Database Control for Database Management s_dlgEMCentralAgentSelected No Agents Found s_dlgEMSMTPServer s_dlgEMEmailAddress Specify Database File Storage Option s_DataorASMret File System s_mountPoint local_location oradata Specify Backup and Recovery Options s_dlgRBOEnableAutoBackups Do not enable Automated backups Specify Database Schema Passwords s_superAdminPasswdType S s_superAdminSamePasswd schemapassword s_superAdminSamePasswdAgain schemapassword Select Database Configuration s_dlgStarterDBConfigCreateStarterDB Create a starter database s_dlgStarterDBConfigOptionSelected General Purpose oracle oid oidca s_silentinstallflag 1 oracle iappserver infrastructure b_configureCentralMon false szOIDwithSSLStatus N nValidationOID2 0 nValidationOID 0 nValidationRepository 0 oracle iappserver instance szl_ InstanceInformation instancename instancepassword instancepassword oracle iappserver instance nValidationInstanceInfo 0 oracle apache apache s_group dba oracle apache apache s_groupid dba oracle iappserver iapptop szl_InstanceInformation instancepassword B 5 4 4 Example Response File for Oracle Identity Federation The following shows an example of a res
163. des single sign on access to Oracle and third party Web applications a Oracle Delegated Administration Services Provides trusted proxy based administration of directory information by users and application administrators a OracleAS Metadata Repository Provides a collection of schemas used by other Oracle Application Server components a Oracle Enterprise Manager 10g Application Server Control Console Enables you to manage and configure the OracleAS Infrastructure This guide focuses on installation instructions for OracleAS Infrastructure See Section 1 2 Where Do I Find Installation Instructions for My Product for the location of installation instructions for other components You can integrate Oracle Application Server 10g 10 1 4 0 1 Identity Management with an existing Oracle Application Server environment that includes 10g 9 0 4 10g Release 2 10 1 2 or 10g Release 3 10 1 3 middle tier 10g 9 0 4 or 10g Release 2 10 1 2 OracleAS Metadata Repository You can integrate Oracle Application Server 10g 10 1 4 0 1 Metadata Repository with an existing Oracle Application Server environment that includes a 10g Release 2 10 1 2 middle tier 10g 9 0 4 or 10g Release 2 10 1 2 Identity Management See Also Oracle Application Server Upgrade and Compatibility Guide for more information about which specific versions are compatible with 10g 10 1 4 0 1 1 2 Where Do Find Installation Instructions for My Product
164. different components in each installation Configurations You can install OracleAS Cluster Identity Management in these configurations a OracleAS Cluster Identity Management See Section 9 5 a Distributed OracleAS Cluster Identity Management See Section 9 6 9 2 Pre Installation Steps for OracleAS Cluster Identity Management Before installing an OracleAS Cluster Identity Management configuration you need to set up the following items a Section 9 2 1 Use the Same Path for the Oracle Home Directory recommended a Section 9 2 2 Synchronize Clocks on All Nodes a Section 9 2 3 Configure Virtual Server Names and Ports for the Load Balancer a Section 9 2 4 Configure Your LDAP Virtual Server 9 2 1 Use the Same Path for the Oracle Home Directory recommended For all the nodes that will be running Oracle Identity Management components use the same full path for the Oracle home This practice is recommended but not required 9 2 Oracle Application Server Installation Guide Pre Installation Steps for OracleAS Cluster Identity Management 9 2 2 Synchronize Clocks on All Nodes Synchronize the system clocks on all nodes so they are running within 250 seconds of each other When synchronizing the system clocks make sure the clocks are set to the same time zone Note If you do not synchronize the clocks then there will be inconsistent operation attributes in the directory entries and inconsistent behavior o
165. dle Tier OracleAS Infrastructure OracleAS Infrastructure Oracle D once OracleAS Metadata Repositor race Pata OracleAS Metadata Repositor Hostname prodinfra Hostname standbyinfra Alias asinfra Alias asinfra IP 138 1 2 111 IP 213 2 2 110 10 2 Setting up the OracleAS Disaster Recovery Environment Before you can install Oracle Application Server in an OracleAS Disaster Recovery environment you have to perform these steps a Section 10 2 1 Ensure Nodes Are Identical at the Operating System Level a Section 10 2 2 Set Up staticports ini File Section 10 2 3 Set Up Identical Hostnames on Both Production and Standby Sites a Section 10 2 4 If You Want to Use OracleAS Cold Failover Cluster on the Production Site 10 2 1 Ensure Nodes Are Identical at the Operating System Level Ensure that the nodes are identical with respect to the following items a The nodes are running the same version of the operating system The nodes have the same operating system patches and packages a You can install Oracle Application Server in the same directory path on all nodes 10 2 2 Set Up staticports ini File The same component must use the same port number on the production and standby sites For example if Oracle HTTP Server is using port 80 on the production site it must also use port 80 on the standby site To ensure this is the case create a staticports ini file for use during installation This file enab
166. ds If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next Installing OracleAS Infrastructure 4 17 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory Table 4 8 Cont Steps for Installing Oracle Identity Management Components Only Including Oracle Internet Directory Screen Action 6 Enter information to Provide the information as prompted by the OCA screens See Section 4 30 Install configure OCA Fragment OCA Screens for details 7 Specify Instance Name Instance Name Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example id_mgmt ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next 8 Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 4 24 Installing Oracle Identity Managem
167. e Before doing a silent or non interactive installation you must provide information specific to your installation in a response file The installer will fail if you attempt an installation using a response file that is not configured correctly Response files are text files that you can create or edit in a text editor B 5 1 Creating Response Files from Templates Templates for response files are available in the stage Response directory on Disk 1 of the Oracle Application Server CD ROM Response file templates are available for the following installation types Table B 1 Response File Templates in the stage Response Directory Installation Type Filename OracleAS Infrastructure Oracle oracle iappserver infrastructure Infrastructure rsp Identity Management and OracleAS Metadata Repository OracleAS Infrastructure Oracle oracle iappserver infrastructure Infrastructure_ID rsp Identity Management only OracleAS Infrastructure OracleAS oracle iappserver infrastructure Infrastructure_Meta rsp Metadata Repository only Oracle Identity Federation oracle iappserver security fed Core rsp See the template files for descriptions of the parameters in the file Note For Boolean parameters specify either true or false B 5 2 Creating Response Files by Using the Record Mode in the Installer You can run the installer in record mode to save your inputs to a file that you can use later as a response file Th
168. e you ll need to have sufficient disk space to download all the required software files and have enough disk space to extract them After extracting the software from the Zip files you can burn them onto CD ROM and install from them or install from your computer s hard drive 3 13 4 Software Requirements for Unzipping Files All Oracle E Delivery files have been archived using Info ZIP s highly portable Zip utility After downloading one or more of the archives you will need the UnZip utility to extract the files You must unzip the archive on the platform for which it was intended For example if you download the file for the Solaris Operating System SPARC version of Oracle Application Server you must unzip the file on a Solaris Operating System SPARC computer If you unzip the file on a Windows computer and then move the stage area to a Solaris Operating System SPARC machine the stage area files will be corrupted because Windows will not preserve the case sensitivity or the permission bits of UNIX file names Things You Should Know Before Starting the Installation 3 7 Setting the Mount Point for the CD ROM or DVD 3 13 5 Extracting Software from the Zip Files Verify that the file size of your downloaded file matches the file size displayed on E Delivery Unzip each Zip file to its own temporary directory For example create a directory structure called oraAS10g on your hard drive c oraAS10g Then create a new directory
169. e Apache conf osso ln osso https conf osso conf 2 Run the Deconfig tool again F 5 Need More Help If this appendix does not solve the problem you encountered try these other sources a Oracle Application Server Release Notes available on the Oracle Technology Network http www oracle com technology documentation a OracleMetaLink http metalink oracle com If you do not find a solution for your problem open a service request F 14 Oracle Application Server Installation Guide A adding users to groups using Deployment Delegation Console 5 14 using Oracle Directory Manager 5 11 additional languages 3 3 ASM recommendations for OracleAS Cold Failover Cluster 8 5 Associated Middle Tiers group 5 3 backup and recovery in OracleAS Disaster Recovery environment 10 2 post installation 11 2 browser requirement 2 4 C CD ROM copying to hard drive 2 22 format of 3 8 mount point 3 8 character sets NE8ISO8859P10 and CEL8ISO8859P14 4 11 CLASSPATH environment variable 2 19 clocks synchronizing for OracleAS Cluster Identity Management 9 3 cluster topologies installing distributed identity management with integrated HTTP server 1 5 installing distributed identity management with standalone HTTP server 1 7 _CLUSTER_NETWORK_NAME_ environment variable 10 5 clusterware agents for OracleAS Cold Failover Cluster 8 5 cn orcladmin superuser 5 1 and Delegated Administration Services 5 2
170. e Management ASM feature of Oracle Database 10g for the OracleAS Metadata Repository a Your computer does not have an existing Oracle Database 10g If you meet these requirements you need to configure the Cluster Synchronization Services CSS daemon on the other node The CSS daemon synchronizes ASM instances with the database instances that use the ASM instances for database file storage To configure the CSS daemon 1 Stop all the processes in the OracleAS Cold Failover Cluster Infrastructure home 2 Stop the CSS daemon You can do this by running the following command as root sbin init d init cssd 3 Fail over the IP and the disk to the other node 4 On the other node run the following command as root SORACLE_HOME root sh ORACLE_HOME is where you installed the OracleAS Cold Failover Cluster Infrastructure 8 4 Installing a Distributed OracleAS Cold Failover Cluster Infrastructure Configuration Figure 8 2 shows a distributed OracleAS Cold Failover Cluster Infrastructure configuration This configuration is similar to the configuration described in Section 8 3 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration except that the OracleAS Single Sign On and Oracle Delegated Administration Services components are installed separately on other nodes in an active active configuration Installing in High Availability Environments OracleAS Cold Failover Cluster 8 11 Installing a Dis
171. e Oracle Application Server Globalization Guide for details including a list of files that set this variable You might need to edit the value of the NLS_LANG variable in these files 2 Check that the NLS_LANG setting in the ORACLE_HOME opmn conf opmn xml file is identical to the NLS_LANG environment variable Example The NLS_LANG setting in the opmn xm1 file might look something like this lt environment gt lt variable id TMP value tmp gt lt variable id NLS_LANG value JAPANESE_JAPAN JA16SJIS gt lt environment gt 11 2 Oracle Application Server Installation Guide Component Configuration After Installation 11 7 Component Configuration After Installation If you did not configure a component during installation that is you did not select the component in the Select Configuration Options screen you can configure some components after installation Some components have dependencies that you have to complete before you can configure the component Section 11 7 1 Configuring mod_ osso Required for Oracle Delegated Administration Services describes how to configure mod_osso which has to be configured before you can configure Oracle Delegated Administration Services 11 7 1 Configuring mod_osso Required for Oracle Delegated Administration Services If you did not configure Oracle Delegated Administration Services during installation you can do it after installation using Oracle Enterprise Ma
172. e data in all directories and to send notifications to applications when data in Oracle Internet Directory changes for example when you add users or groups to Oracle Internet Directory 4 7 Can I Configure Components After Installation If you did not configure a component during installation that is you did not select the component in the Select Configuration Options screen you can configure some components after installation You cannot configure Oracle Internet Directory after installation You need to install and configure Oracle Internet Directory through the installer See Section 11 7 Component Configuration After Installation for details 4 8 Can I Use an Existing Database for the OracleAS Metadata Repository You can install the OracleAS Metadata Repository in a new database or in an existing database If you want to install the OracleAS Metadata Repository in an existing database see Oracle Application Server Metadata Repository Creation Assistant User s Guide for details 4 6 Oracle Application Server Installation Guide Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password Randomization 4 9 Can I Use an Existing Oracle Internet Directory You can use an existing Oracle Internet Directory instead of having the installer create anew one You might want to do this if your applications need to authenticate users that are already stored in your Oracle Internet Directory Duri
173. e installer cannot detect which ports are used by the 8 32 Oracle Application Server Installation Guide Installing Middle Tiers Against an OracleAS Cold Failover Cluster Infrastructure infrastructure For example if the infrastructure is running on the primary node but you want to install the middle tier on the secondary node the installer is unable to detect which ports the infrastructure is using In this situation you need to set up a staticports ini file to specify port numbers for the middle tier See Section 2 5 3 Using Custom Port Numbers the Static Ports Feature for details P To see which ports the infrastructure is using view the ORACLI HOME install portlist ini file where ORACLE_HOME refers to the directory where you installed the infrastructure 8 10 1 2 Rename the var opt oracle Directory Used for the Infrastructure Set up the environment so that the middle tier will have its own inventory directory instead of using the same inventory directory used by the infrastructure To do this you need to rename the var opt oracle directory to something else so that the installer will prompt you to enter a new inventory directory The following example renames it to oracle infra prompt gt su Password root_password cd var opt mv oracle oracle infra When the installer prompts for the inventory directory specify a directory on the local storage or on a disk other than the one where you installed
174. e is an example of the command s output bin lsnrctl VERSION LSNRCTL Copyright c 1991 2004 Oracle Connecting to for HPUX Version 10 1 0 5 Production on 23 SEP 2005 19 15 32 All rights reserved DESCRIPTION ADDRESS PROTOCOL TCP HOST plhpxm11 us oracle com PORT 1521 TNSLSNR for HPUX Version 10 1 0 5 Production TNS for HPUX Version 10 1 0 4 0 Production Unix Domain Socket IPC NT Protocol Adaptor for HPUX Version 10 1 0 4 0 Production Oracle Bequeath NT Protocol Adapter for HPUX Version 10 1 0 4 0 Production TCP IP NT Protocol Adapter for HPUX Version 10 1 0 4 0 Production The command completed successfully 2 5 4 1 1 Scenario 1 Existing Listener Uses Port 1521 and Listener Version Is Earlier Than 10 1 0 2 Listeners earlier than version 10 1 0 2 are not compatible with the OracleAS Metadata Repository from this Oracle Application Server release What you need to do is to install the OracleAS Metadata Repository which installs a version 10 1 0 3 listener You can then use this new listener to service your existing database and the OracleAS Metadata Repository database 1 Stop the existing listener before you install the OracleAS Metadata Repository 2 14 Oracle Application Server Installation Guide Ports prompt gt ORACLE_HOME bin 1snrctl stop ORACLE_HOME is the home directory for your existing database If you do not stop the existing listener the in
175. e port values for scenario 2 see Section 9 2 3 Configure Virtual Server Names and Ports for the Load Balancer for details a The same port numbers will be used for the Oracle Internet Directory on subsequent nodes SSL Port In scenario 1 enter the port configured on the virtual server to handle SSL LDAP connections In scenario 2 enter the port that you want Oracle Internet Directory to use for SSL connections The standard port number for SSL LDAP connections is 636 but you can use any port that you want Click Next See Section 9 4 About Configuring SSL and Non SSL Ports for Oracle HTTP Server for details HTTP Listener Port Enter the port number that you want Oracle HTTP Server to listen on Enable SSL Select this option if you want to configure Oracle HTTP Server for SSL on this port HTTP Load Balancer Hostname Enter the name of the HTTP virtual server configured on your load balancer Enter the same virtual server name that you configured on the load balancer HTTP Load Balancer Port Enter the port for the HTTP virtual server Enable SSL Select this option if this port is for SSL communications only Click Next Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server I
176. e rene rene reeeeeeneeeeereseeesennesieeseneeniee 4 6 4 7 Can I Configure Components After Installation 0 cc ccc cesses eeceeeeeneneseseseneseesenens 4 6 4 8 Can I Use an Existing Database for the OracleAS Metadata Repository ccccseeee 4 6 4 9 Can I Use an Existing Oracle Internet Directory cccccccesccceseseeneneesesteteescenenesesesnsenesees 4 7 4 10 Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password RanGomiZation ceictcoveciscevesedletetet eves ed a a aa ear e eaae aaa a anaiba 4 7 4 11 Contents of the OracleAS Metadata RepOSitOry cccccccceseesesteteeseecesesssnsnseeseseeneeseseans 4 8 4 12 Can I Use Multiple Metadata Repositories ccccccscescsesesesteteeseecesescsssneeeseseeneeseseans 4 9 4 13 What High Availability Options Does Oracle Application Server Support 4 10 4 14 Restrictions on the Passwords for the SYS SYSTEM SYSMAN and DBSNMP Users 4 10 4 15 Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets cccceceeees 4 11 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen n 4 11 4 17 How to Determine Port Numbers Used by Components cccccccccessseeetsteeseesetetesnenenens 4 11 4 18 Can I Add OCA After Installation ccc ccccscsscessseseesceesecscessecsecsecascsecesseseseseseeseseeersees 4 12 4 19 How to Deploy Oracle Delegated Administration Services on a Separate Host 4 12 4
177. e root access it has to use a port greater than 1024 If you want Oracle HTTP Server to use a different port such as port 80 use the static ports feature which enables you to specify port numbers for components Although you can change the port number after installation it is easier to set the port number during installation 2 5 1 Checking If a Port Is in Use To check if a port is being used you can run the netstat command as follows prompt gt netstat an grep portnum 2 5 2 Using Default Port Numbers If you want to use the default port numbers for components you do not have to do anything See Appendix C Default Port Numbers for a list of the default port numbers and ranges Make sure that at least one port is available in the port range for each component If the installer is unable to find a free port in the range the installation will fail Requirements 2 9 Ports Note a Inthe default configuration of the etc services file includes ports 389 and 636 for LDAP and LDAP SSL These happen to be the default ports for Oracle Internet Directory This means that if you want to use these port numbers for Oracle Internet Directory you must either delete or comment out these lines in the etc services file To comment out a line add a at the beginning of the line as shown ldap 389 tcp ldap 389 udp ldaps 636 tcp ldaps 636 udp Lightweight Directory Access Protocol Lightweight Directory Acce
178. e user who installs and configures the components becomes the owner of the components Table 5 4 Oracle Internet Directory Groups Required to Configure Components To Configure This Component User Must Be a Member of ALL Listed Groups Infrastructure Components OracleAS Metadata Repository To register OracleAS Metadata Repository against Oracle Internet Directory you must log in to Oracle Internet Directory as a user who belongs to the iAS Admins group Oracle Internet Directory In OracleAS Cluster Identity Management environments to in the f stall subsequent Oracle Internet Directory instances after irst one you must be the Oracle Internet Directory superuser cn orcladmin Oracle Delegated Administration Services Trusted Application Admins iAS Admins Mid Tier Admins group for the metadata repository used by OracleAS Single Sign On If you are unsure which metadata repository is used by OracleAS Single Sign On see To Determine the Metadata Repository Used by OracleAS Single Sign On on page 5 6 Component Owners for the Oracle Delegated Administration Services component Note This is required only if you are installing multiple instances of Oracle Delegated Administration Services When you are installing the second and subsequent instances then you need to belong to the Component Owners group You do not need to be a member when you install the first Oracle Delegated Administration Services in
179. eAS Metadata Repository The ODS schema is the main schema used by Oracle Internet Directory By default the ODS password is the same as the ias_admin password the password that you entered in the Specify Instance Name and ias_admin Password screen Click Next The values you enter on this screen are the same as the values you entered when you did the installation on the first node The installer uses these values to connect to the Oracle Internet Directory on the first node Hostname Enter the LDAP virtual server name of the load balancer Enter the same virtual server name that you configured on the load balancer SSL Port Enter the port configured on this load balancer to handle LDAP SSL connections Click Next This warning reminds you to setup the LDAP virtual server to direct requests to existing OracleAS Cluster Identity Management nodes and then add this node to the LDAP virtual server after installation See Section 9 2 4 Configure Your LDAP Virtual Server Click OK Username Enter the username to log in to Oracle Internet Directory You need to log in as the Oracle Internet Directory superuser cn orcladmin Password Enter the password for the username Realm Enter the realm against which to validate the username This field appears only if your Oracle Internet Directory has multiple realms Click Next See Section 9 4 About Configuring SSL and Non SSL Ports for Oracle HTTP Server for details The value
180. ect Installation Type screen select Identity Management and Metadata Repository 2 Select Configuration Select Oracle Internet Directory Options Select High Availability and Replication The other options on this screen are optional Select Oracle Application Server Single Sign On Oracle Application Server Delegated Administration Services Oracle Directory Integration Platform and or Oracle Application Server Certificate Authority OCA if you need these components Click Next Installing Oracle Internet Directory in Replicated Mode 6 5 Installing an Oracle Internet Directory Replica Table 6 1 Cont Installing an Oracle Internet Directory Replica with a New Database Screen Action 3 Specify Port Configuration Options Select High Availability or Replication Option Select Oracle Internet Directory Replication Mode Specify Oracle Internet Directory Master Node Specify Master Oracle Internet Directory Login Specify Namespace in Internet Directory OCA screens If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file in the provided field Click Next This screen is required to install a replica This screen appears only if you selected High Availability and Replication in the Select Configuration Options screen Selec
181. ected High Availability and Replication Select Replication Click Next 6 8 Oracle Application Server Installation Guide Installing an Oracle Internet Directory Replica Table 6 2 Cont Installing an Oracle Internet Directory Replica against an Existing Database Screen Action 10 11 12 Select Oracle Internet Directory Replication Mode Specify Oracle Internet Directory Master Node Specify Master Oracle Internet Directory Login Specify Namespace in Internet Directory OCA screens Specify Instance Name and ias_admin Password Select One way LDAP Replication if you want to use fan out replication in one direction Select Two way LDAP Replication if you want to use fan out replication in one direction Select Advanced Replication if you want multimaster replication Click Next Hostname Enter the name of the computer running the master Oracle Internet Directory Port Enter the port at which the master Oracle Internet Directory is listening Do not select Use only SSL connections with this Oracle Internet Directory If you want Oracle Internet Directory to run in SSL only mode you can make this configuration change after installation See the Oracle Application Server Administrator s Guide for details Click Next Username Enter cn orcladmin because you have to connect to the master Oracle Internet Directory as the superuser Password Enter the password for the superuser Clic
182. ection 4 15 Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Section 4 17 How to Determine Port Numbers Used by Components Section 4 18 Can I Add OCA After Installation Section 4 19 How to Deploy Oracle Delegated Administration Services on a Separate Host a Section 4 20 Installing OracleAS Infrastructure 0 Section 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory a Section 4 22 Installing OracleAS Metadata Repository in a New Database a Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory a Section 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory a Section 4 25 Installing Oracle Internet Directory Only a Section 4 26 Installing OCA and OracleAS Metadata Repository Only a Section 4 27 Install Fragment The First Few Screens of the Installation Section 4 28 Install Fragment The Last Few Screens of the Installation Section 4 29 Install Fragment Database Screens Section 4 30 Install Fragment OCA Screens 4 1 Infrastructure Installation Types Infrastructure components can be grouped into Oracle Identity Management components and the OracleAS Metadata Repository component Table 4 2 describes these components In
183. ecurity Developer Tools Provides a APIs for developing federation and secure web services applications Oracle Access Manager Provides a state of the art solution for centralized identity administration and access control Oracle Identity Manager Provides a powerful and flexible enterprise identity management system that automatically manages users access privileges within enterprise IT resources Oracle Virtual Directory Provides Internet and industry standard LDAP and XML views of existing enterprise identity information without synchronizing or moving data from its native locations In addition to the Identity and Access Management Suite this release provides a revision of OracleAS Infrastructure which includes the following Oracle Identity Management components and OracleAS Metadata Repository Oracle Internet Directory A scalable robust LDAP V3 compliant directory service implemented on the Oracle Database Product and Installation Overview 1 1 Where Do Find Installation Instructions for My Product a Oracle Directory Integration Platform A component of Oracle Internet Directory designed to perform directory synchronization with third party directory products Oracle Application Server Certificate Authority A component that issues revokes renews and publishes X 509V3 certificates to support PKI based strong authentication methods a Oracle Application Server Single Sign On OracleAS Single Sign On Provi
184. ed See Section 2 5 Ports Monitor The installer checks that the monitor is configured to display at least 256 colors Display permission The installer checks that the user has permissions to display on the monitor specified by the DISPLAY environment variable DISPLAY environment variable The installer checks that the DISPLAY environment variable is set Requirements 2 27 Prerequisite Checks Performed by the Installer Table 2 9 Cont Prerequisite Checks Performed by the Installer Item Description TNS_ADMIN environment variable The TNS_ADMIN environment variable must not be set There must not be a tnsnames ora file in the etc or var opt oracle directories DBCA_RAW_CONFIG environment variable If you are installing the OracleAS Infrastructure in a Real Application Clusters environment you need to set this environment variable to point to a file that describes the locations of your raw partitions Cluster file system The installer checks that you are not installing Oracle Application Server in a cluster file system CFS Oracle Enterprise Manager directories are writable The installer runs this check only if you are expanding a middle tier or if you are reinstalling Oracle Application Server in the same Oracle home The installer checks that these directories are writable by the operating system user running the installer n ORACLE_HOME sysman emd ORACLE_H
185. ed Administration Services OracleAS Single Sign On Oracle Internet Directory 7 OracleAS Directory Integration x and Provisioning C gt Firewall Oracle Home for Database with OracleAS Metadata Repository Subsections a Section 9 5 1 Installation Order Section 9 5 2 Installing OracleAS Metadata Repository Section 9 5 3 Installing OracleAS Cluster Identity Management on the First Node a Section 9 5 4 Installing OracleAS Cluster Identity Management on Subsequent Nodes 9 5 1 Installation Order To create an OracleAS Cluster Identity Management configuration 1 Install the OracleAS Metadata Repository in your existing database 2 Install the Oracle Identity Management on each node You run the installer on each node separately 9 8 Oracle Application Server Installation Guide Installing an OracleAS Cluster Identity Management Configuration Note If you want to configure Oracle Internet Directory to listen on SSL ports only perform this configuration after you have installed Oracle Identity Management Oracle Internet Directory needs to be listening on both SSL and non SSL ports when you install OracleAS Single Sign On and Oracle Delegated Administration Services 3 Install middle tiers 9 5 2 Installing OracleAS Metadata Repository To install the OracleAS Metadata Repository in your existing database you use the OracleAS RepCA See the Oracle A
186. ee_mod_osso log Oracle Net Configuration Assistant Configures the database listener and the middle tiers to use LDAP naming by default ORACLE_HOME cfgtoollogs installActionstimestamp log Register DCM Plug Ins With Oracle Enterprise Registers DCM plug ins with Oracle Enterprise Manager 10g ORACLE_HOME cfgtoollogs configtoolstimestamp log Manager 10g ORACLE_HOME dcm 1logs dcmct1_logs Configuration Assistant Replication For ASR replica installations it writes the new ORACLE_HOME 1dap log remtool log Configuration Oracle Internet Directory metadata to the master Assistant Oracle Internet Directory For LDAP replica installations it configures LDAP based replication between the master Oracle Internet Directory and the new Oracle Internet Directory replica with default configuration It then starts the Oracle Internet Directory replication server and helps configure Oracle Internet Directory replication Before running this configuration assistant check that the Oracle Internet Directory servers for the master and the new replica are up and running E 6 Oracle Application Server Installation Guide Description of Oracle Application Server Configuration Assistants Table E 2 Cont Oracle Application Server Configuration Assistants Configuration Assistant Description Log File Location Single Sign On Configures OracleAS Single Sign On ORACLE_HOME sso log s
187. eed to run the root sh script as the root user The root sh script detects settings of environment variables and enables you to enter the full path of the local bin directory Use silent installation of Oracle Application Server when there are similar installations on more than one computer Additionally use silent install when performing the Oracle Application Server installation from a remote location using the command line Silent and Non Interactive Installation B 1 Non Interactive Installation B 2 Non Interactive Installation Non interactive installations also use a response file to automate the Oracle Application Server installation In non interactive installations there is graphical output and users may enter input Non interactive installation of Oracle Application Server is also accomplished by supplying the Oracle Universal Installer with a response file but without specifying the silent flag on the command line The response file is a text file containing variables and parameter values which provide answers to the installer prompts If you have not provided responses to all of the installer prompts you need to enter information during the installation If this is a first time installation of Oracle Application Server you must create the oralnst loc file before starting File creation is described in Section B 3 Pre Installation Following installation of Oracle Application Server you need to run the root sh scrip
188. eeeeeecececeneeeeeneseeeseseneteseseeenes 2 10 2 5 3 2 Error Conditions that Will Cause the Installer to Use Default Ports Instead of j oleen i ntes POTS i E E decesseadnavaceususes tbetsiieassedeciedsteancenavedsdievads heupesdetes 2 12 2 5 3 3 Examplese erasan Ee r EEA E E E R e 2 13 2 5 4 If Port 1521 Isin User cease cca ciwatc Siecle ne Seek a ee 2 13 2 5 4 1 If Port 1521 Is In Use by an Existing Oracle Database 0 cece 2 13 2 5 4 2 If Port 1521 Is In Use by Some Other Application cee eeeeeees 2 15 2 6 2 6 1 2 6 2 2 7 2 8 2 8 1 2 8 2 2 8 3 2 8 4 2 8 5 2 8 6 2 9 2 9 1 2 9 2 2 10 2 10 1 2 10 2 2 10 3 2 10 4 2 10 5 2 10 6 2 10 7 2 11 Operating System Groups ie nape anaa aeni aai aea aaraa aei fa Dikau See taa Seas ienaa Eee Earias 2 16 Create a Group for the Inventory Directory ss ss sssssertsssseestesssesstssteestesntesstesstesseen te 2 16 Create Groups for Database Administrators c ccc cenesescstsneneeseeceneeseetenenens 2 16 Operating Syster Userin an oaa na dea oa tac a a aara eiaa a e a aei buses 2 17 Environment Variables i stishiestectesieessta sheen teaciesttensteatecsthhaistiteatteaaees aa steeteroee nae 2 18 Environment Variable Tip sists j ccecccesiloscestesevsecreths e e y E A E Eaa 2 18 ORACLE_HOME and ORACLE_SID ssseseessessssesssesreessestststsssrterststsestsrtteststsrtessesesesesst 2 19 PATH CLASSPATH and LD_LIBRARY_PATH ssesessesssessssissessertessrsrsessesesrsesssrreese
189. ees F 12 Unable to Reuse Database Name cccccccesessesesescesescsesteesesesceeescscscananeneseeeesesesesanenens F 12 Deconfiguration Failed on Distributed OracleAS Cluster Identity Management F 13 NeedsMore Gl 2 iste soe strrecsesetescssss eracdscst a S A E tec cldasens F 14 xi xii Preface The Oracle Application Server Installation Guide covers requirements new features in the Oracle Universal Installer Oracle Application Server concepts that affect installation installation procedures and troubleshooting tips In addition this guide also provides some sample topologies for installing and running Oracle Application Server Intended Audience This guide is intended for users who are comfortable running some system administration operations such as creating users and groups adding users to groups and installing operating system patches on the computer where Oracle Application Server is going to be installed Users who are installing Oracle Application Server need root access to run some scripts Documentation Accessibility Our goal is to make Oracle products services and supporting documentation accessible with good usability to the disabled community To that end our documentation includes features that make information available to users of assistive technology This documentation is available in HTML format and contains markup to facilitate access by the disabled community Accessibility standards will co
190. ees that they deliver identical responses to the same request Note that some configuration properties are allowed to be instance specific such as local host name information Managed as a virtual single instance Changes in configuration made to one instance usually need to be propagated to the other instances in an active active topology Independent operation The loss of one Oracle Application Server instance in an active active topology should not affect the ability of the other instances to continue to serve requests The advantages of an OracleAS Clusters configuration include a Increased availability An active active topology has built in redundancy multiple Oracle Application Server instances run the same components Loss of one instance can be tolerated because other instances can continue to serve the same requests Installing in High Availability Environments Overview 7 3 Installation Order for High Availability Configurations a Increased scalability and performance Multiple identically configured instances provide the capability to have a distributed workload shared among different machines and processes New instances can also be added as the demand of the application grows In general the term OracleAS Clusters describes clustering at the Oracle Application Server instance level However if it is necessary to call out the specific type of instances being clustered this document will use OracleAS Cluster
191. eeseseeteneeneees 11 1 NES Installations icsicecd ior atest a tes cl evo a E E E ste 11 2 Backup atid ReCOv Gry nren enia Sita aE E ii DENA titted tea itees 11 2 COE stot ct cpa Oy olen eh cata as ob nets E E cebu cada Gb oad baled cud Rides E 11 2 Operating System Locale and NLS_LANG Environment Variable 0cccee 11 2 Check the Operating System Locale ccccccccce cece ceeeseecscseseseececscssseseesssessneseeenenes 11 2 Check the NLS_LANG Settings siseasi aiii iaia 11 2 Component Configuration After Installation sssseessssssestsssssttssteestesstesntenteestesntesstentenes 11 3 Configuring mod_osso Required for Oracle Delegated Administration Services 11 3 Components that Require Post Installation Tasks cccccccscsteseseeteteseecenesesesneneneneeeees 11 5 What todo NeXT eroe aorar a oz cba A cae i eE oE e RE a a eel eE E eN e Se EE 11 5 Installing the Oracle Identity Management Grid Control Plug in A 1 A 2 A 3 A 4 Installation Requirements ccccccccccscsesescscsesesesescscseseseecsescssseseecscsssesescecssensnesecesessneseeesenes A 1 Starting the Grid Control Plug in Installer cece sccecscsesesescsesesesesescseseseecscscssseseeceees A 1 Installing Oracle Identity Management Grid Control Plug in eee A 2 Installing Oracle Identity Management Grid Control Plug in Agent eee A 3 Silent and Non Interactive Installation B 1 B 2 B 3 B 4 B 4 1 B 5 B 5 1 Silent Installations isian ipi
192. einstalling an instance that includes the Oracle Internet Directory or OracleAS Single Sign On components you need to run the Deconfig tool as the Oracle Internet Directory superuser cn orcladmin If the instance does not include Oracle Internet Directory or OracleAS Single Sign On then you need to run the tool as a user with the proper privileges as shown in Table 5 4 6 Start the installer prompt gt ORACLE_HOME oui bin runInstaller D 6 Oracle Application Server Installation Guide Harmless Errors in the Log File 7 Follow these steps in the installer a Welcome screen Click Deinstall Products b Inventory screen Select the instance you want to deinstall and click Remove c Confirmation screen Verify the components selected for deinstallation Click Yes to continue d Deinstallation Progress screen Monitor the progress of the deinstallation e Exit the installer when the deinstallation is complete 8 Delete any remaining files in the deleted instance s Oracle home directory prompt gt rm rf SORACLE_HOME 9 Remove lines for the deinstalled infrastructure instance from the var opt oracle oratab file Towards the end of the file you should see lines that specify the Oracle home directory If you are deinstalling an infrastructure instance that contains a metadata repository there will be two lines in the file one line that begins with a a one line that begins with the database SID You need to rem
193. elect Oracle Application Server Certificate Authority OCA if you want to configure your own certificate authority which can issue certificates for users and servers Do not select High Availability and Replication Click Next 3 Specify Port If you want to use default ports for the components select Automatic Configuration Options If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file Click Next 4 Register with Oracle Hostname Enter the name of the computer where Oracle Internet Directory is Internet Directory running SSL Port Enter the SSL port at which Oracle Internet Directory is listening See Section 4 17 How to Determine Port Numbers Used by Components if you do not know the port number Click Next 5 Specify Oracle Internet Username Enter the username to log in to Oracle Internet Directory You must log Directory Login in as a user who belongs to the necessary groups in Oracle Internet Directory Which groups are necessary depends on which components you are installing See Section 5 3 Groups Required to Configure or Deinstall Components for details Password Enter the password for the username Realm Enter the realm against which to validate the username This field appears only if your Oracle Internet Directory has multiple realms Click Next 6 Specify ODS Password Enter the password for the ODS sch
194. elect the user that you want to add to the Repository Owners group and click Select Click Submit on the Manage Repository Owners page 1 Click the Repository tab This displays all the metadata repositories for which you are an owner Select the metadata repository to which you want to add a user and click Manage Administrators On the page that displays the current administrators click Add Enter the first few characters of the user s name in the Search field and click Go If you leave the Search field empty and click Go you would get a list of all users in Oracle Internet Directory Select the user that you want to add to the Mid Tier Administrators group and click Select Click Submit on the Manage Administrators page 1 Click the Components tab This displays all the components for which you are an owner Select the component to which you want to add a user and click Manage Owners On the page that displays the current component owners click Add Enter the first few characters of the user s name in the Search field and click Go If you leave the Search field empty and click Go you would get a list of all users in Oracle Internet Directory Select the user that you want to add to the Component Owners group and click Select Click Submit on the Manage Component Owners page Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 15
195. em That Can Be Mounted from Both Nodes You need two shared disks one for each set of nodes Section 8 2 3 Review Recommendations for Automatic Storage Management ASM 2 optional Create staticports ini Files If you wish create two staticports ini files one for each set of nodes 3 Install OracleAS Metadata Repository and Oracle Internet Directory From node 1 install OracleAS Metadata Repository and Oracle Internet Directory on the shared disk The steps are the same as those listed in step 2 Install OracleAS Infrastructure on page 8 8 except that in the Select Configuration Options screen do not select OracleAS Single Sign On and Oracle Application Server Delegated Administration Services 4 Install Oracle Delegated Administration Services and OracleAS Single Sign On from Node 3 From node 3 install Oracle Delegated Administration Services and OracleAS Single Sign On on the shared disk 5 Stop the OracleAS Infrastructure Processes on Node 1 From node 1 stop the OracleAS Infrastructure processes 6 Stop the OracleAS Infrastructure Processes on Node 3 From node 1 stop the OracleAS Infrastructure processes 7 Perform Post Installation Steps This post installation step configures the CSS daemon This step is required only if you are using ASM Automatic Storage Management feature of the Oracle database and you do not have an existing Oracle database 8 7 2 Oracle Delega
196. ema in the OracleAS Metadata Repository The ODS schema is the main schema used by Oracle Internet Directory By default the ODS password is the same as the ias_admin password the password that you entered in the Specify Instance Name and ias_admin Password screen Click Next Installing OracleAS Infrastructure 4 19 Installing Oracle Internet Directory Only Table 4 9 Cont Steps for Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory Screen Action 7 Enter information to configure OCA 8 Specify Instance Name and ias_admin Password Provide the information as prompted by the OCA screens See Section 4 30 Install Fragment OCA Screens for details Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example id_mgmt ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screen
197. ent Components Only Excluding Oracle Internet Directory Perform this procedure to install Oracle Identity Management components without installing an OracleAS Metadata Repository or Oracle Internet Directory Use this procedure to install additional OracleAS Single Sign On Oracle Delegated Administration Services or Oracle Directory Integration Platform components against an existing Oracle Internet Directory Prerequisites OracleAS Metadata Repository Oracle Internet Directory version 9 0 4 or later 4 18 Oracle Application Server Installation Guide Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory Table 4 9 Steps for Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory Screen Action 1 Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Oracle Identity Management 2 Select Configuration Do not select Oracle Internet Directory Options Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services and or Oracle Directory Integration Platform if you need the services provided by these components See Section 4 6 Do I Need the Oracle Delegated Administration Services or the Oracle Directory Integration Platform Components S
198. ent nodes 9 5 3 6 Run the Installer Follow the steps in Table 9 4 Key Points for Installing on the First Node a Inthe Select Configuration Options screen select High Availability and Replication in addition to selecting the components Inthe Select High Availability or Replication Option screen select OracleAS Cluster Identity Management 9 10 Oracle Application Server Installation Guide Installing an OracleAS Cluster Identity Management Configuration Screen Table 9 4 Steps for Installing OracleAS Cluster Identity Management on the First Node Action Select Configuration Options Specify Port Configuration Options Specify Repository Select High Availability or Replication Option Specify New Oracle Application Server Clusters Name Specify Namespace in Internet Directory Installing in High Availability Environments OracleAS Cluster Identity Management Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes In the Select Installation Type screen select Identity Management Select Oracle Internet Directory Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Do not select Oracle Application Server Certificate Authority OCA Select High Availability and Replication
199. entity Management components on a separate computer from OracleAS Metadata Repository then the OracleAS Metadata Repository will need network access to the Oracle Identity Management components See also Chapter 1 Product and Installation Overview which describes configurations involving multiple computers and distributed components 4 5 Tips for Installing Oracle Identity Management Components Separately If you are installing Oracle Identity Management components separately keep the following guidelines in mind when choosing which components to configure in the Select Configuration Options screen a You cannot install and configure more than one OCA against the same OracleAS Metadata Repository You can install and configure more than one OracleAS Single Sign On Oracle Delegated Administration Services or Oracle Directory Installing OracleAS Infrastructure 4 5 Do Need the Oracle Delegated Administration Services or the Oracle Directory Integration Platform Components Integration Platform against the same OracleAS Metadata Repository If you want to configure more than one Oracle Internet Directory against the same OracleAS Metadata Repository see the Oracle Internet Directory Administrator s Guide You must select at least one component to configure Otherwise the installation will not succeed If you configure OracleAS Single Sign On and Oracle Delegated Administration Services in separate installations against the s
200. environment variable includes ORACLE_HOME 1ib a the PATH environment variable includes ORACLE_HOME 1ib and ORACLE_HOME network lib ORACLE_HOME cfgtoollogs infratool_instance_jazn log Infrastructure Registers mod_osso plugs mod_osso into Oracle mod_osso HTTP Server and provides integration with Configuration OracleAS Single Sign On to authenticate users Assistant The registration enables Oracle HTTP Server installed with OracleAS Infrastructure to act as a partner application to OracleAS Single Sign On Applications that run under Oracle HTTP Server can register and protect their URL with mod_osso When the URL is requested mod_osso authenticates the user with OracleAS Single Sign On to allow access to the URL ORACLE_HOME config infratool_mod_osso log ORACLE_HOME cfgtoollogs infratool_mod_osso log Infrastructure Registers the Infrastructure schemas with Oracle Schema Internet Directory Configuration Assistant Before running this configuration assistant check that a the LD_LIBRARY_PATH environment variable includes ORACLE_HOME 1ib32 and ORACLE_HOME network lib a the LD_LIBRARY_PATH_64 environment variable includes ORACLE_HOME lib a the PATH environment variable includes ORACLE_HOME lib and ORACLE_HOME network lib a the Internet Directory Configuration Assistant and the Database Configuration Assistant w
201. er 1 7 high availability 1 3 identity management in a single oracle home 1 4 with 10 1 2 middle tiers 1 4 with 10 1 3 middle tiers 1 4 supported 1 3 to 1 9 troubleshooting F 1 configuration assistants E 1 deinstallation F 11 general tips F 1 Trusted Application Admins group 5 2 U UNIX commands groupadd 2 16 passwd 2 18 useradd 2 18 Use Only SSL Connections With This Oracle Internet Directory button 3 7 user interface problems F 5 User Management Application Admins group 5 2 useradd command 2 18 users operating system see operating system users users Oracle Internet Directory see Oracle Internet Directory users V var opt oracle directory 3 6 oralnst loc file 2 16 virtual hostname OracleAS Cold Failover Cluster 8 7 8 15 8 19 virtual IP 7 2 virtual server configuring HTTP for OracleAS Cluster Identity Management 9 3 configuring LDAP virtual server for OracleAS Cluster Identity Management 9 3 pointing to node 1 initially for OracleAS Cluster Identity Management 9 3 W Welcome page URL for 11 1
202. er Refer to the X emulator documentation for instructions on how to change the color model or visual settings 2 10 5 Installing on NFS Mounted Storage To run Oracle Application Server on NFS systems you have to use a certified NFS mounted storage system Currently Oracle Application Server is certified to run on these NFS systems a Network Appliance NetApp filers The NetApp system should be exported to at least the remote install user and remote root user You can do this using export fs command prompt gt exportfs i vol voll Before installing verify that the NFS mount setuid permission is set to suid The nosuid option will cause the install to fail To check the latest certification list for any updates visit Oracle Technology Network http www oracle com technology 2 10 6 Running Multiple Instances from One Installation Oracle Application Server components are intended to be run only on the computer where they are installed You cannot run the components on remote computers even though the computers can access the files through NFS Figure 2 2 Run Oracle Application Server Only on the Computer Where It Is Installed Computer A If OracleAS is installed on this computer OracleAS components must run on this computer only Although other computers can access OracleAS files installed on C
203. er any more Note Step c above is very important You only need to run one listener the new listener to support both databases 2 5 4 1 2 Scenario 2 Existing Listener Uses Port 1521 and Listener Version Is 10 1 0 2 or Later The existing listener will support both the existing database and the OracleAS Metadata Repository The installer will perform this configuration automatically The listener can be running during installation 2 5 4 1 3 Scenario 3 Existing Listener Uses a Port Other Than 1521 You will end up running two listeners one for the existing database and one for the OracleAS Metadata Repository regardless of the version of the existing listener The existing listener can be running during installation because it is not using port 1521 2 5 4 2 If Port 1521 Is In Use by Some Other Application If you have some other application listening on port 1521 you need to reconfigure it to listen on a different port If that is not possible shut it down while you install the Requirements 2 15 Operating System Groups OracleAS Metadata Repository After installation you can reconfigure the OracleAS Metadata Repository to use a port other than 1521 See the Oracle Application Server Administrator s Guide for instructions on how to do this 2 6 Operating System Groups You need to create operating system groups in these situations a Ifyou plan to install Oracle Application Server on a computer that does no
204. er belongs to run the groups command with the name of the user For example prompt gt groups oracle For more information about operating system users and groups see your operating system documentation or contact your system administrator 2 8 Environment Variables The operating system user who will be installing Oracle Application Server needs to set or unset the following environment variables Table 2 8 summarizes whether you set or unset an environment variable Table 2 8 Environment Variable Summary Environment variable Set or Unset ORACLE HOME and Must not be set ORACLE_SID PATH CLASSPATH and Must not contain references to directories in any Oracle home LD_LIBRARY_PATH directories DISPLAY Set it to the monitor where you want the installer window to appear TMP and TMPDIR Optional If unset defaults to tmp TNS_ADMIN Must not be set 2 8 1 Environment Variable Tips Here are some tips when working with environment variables 2 18 Oracle Application Server Installation Guide Environment Variables a If you set environment variables in the profile file they might not be read To ensure environment variables are set to the correct values check their values in the shell where you will be running the installer To check the value of environment variables use the env command This displays all the currently defined environment variables and their values env Ifyou use
205. er the same fully qualified host name in the installer Note The installer does not check the load balancer Make sure the load balancer is properly configured and enabled before running the installer In addition check the following a Check that the virtual server names are associated with IP addresses and are part of your DNS The nodes that will be running Oracle Application Server must be able to resolve these virtual server names 9 2 4 Configure Your LDAP Virtual Server Configure the LDAP virtual server on your load balancer to direct requests to node 1 initially The procedure to add additional nodes differs depending upon whether or not your load balancer supports LDAP service monitoring Installing in High Availability Environments OracleAS Cluster Identity Management 9 3 About Oracle Internet Directory Passwords Note that these procedures apply only to the LDAP virtual server configured on your load balancer They do not apply to the HTTP virtual server configured on your load balancer 9 2 4 1 Load Balancer Supports LDAP Service Monitoring If your load balancer supports LDAP service monitoring then you can add all the nodes to the LDAP virtual server before starting the installation For example if you have three nodes 1 Configure the LDAP virtual server to direct requests to node 1 only Add node 2 to the LDAP virtual server Add node 3 to the LDAP virtual server Install Oracle Identity Man
206. ere run successfully ORACLE_HOME config schemaload log ORACLE_HOME cfgtoollogs schemaload log Infrastructure Removes ACL entries on the SSO schema Upgrade Instance Configuration Assistant Before running this configuration assistant check that a the LD_LIBRARY_PATH environment variable includes ORACLE_HOME 1ib32 and ORACLE_HOME network lib a the LD_LIBRARY_PATH_64 environment variable includes ORACLE_HOME 1ib ORACLE_HOME config infratool_infra_upgrade log E 4 Oracle Application Server Installation Guide Description of Oracle Application Server Configuration Assistants Table E 2 Cont Oracle Application Server Configuration Assistants Configuration Assistant Description Log File Location Internet Directory Starts up Oracle Internet Directory loads the LDAP ORACLE_HOME cfgtoollogs oidca 1log Configuration schemas and sets up the Oracle Identity Assistant Management realm Before running this configuration assistant check that the database was created successfully the listener is up and running and the tnsnames ora file is configured Java Security Changes the default password and sets or reassigns ORACLE_HOME cfgtoollogs jaznca log Configuration new passwords for JAAS security Assistant OC4J Integrates OC4J with Application Server Control It ORACLE_HOME cfgtoollogs Configuration performs the following steps config
207. ese lines k Select OracleAS Metadata Repository Page Error Alert Error validating repository on multiple hosts and ports A database hostname or port is missing it means that your OracleAS Metadata Repository database name contains PORT or HOST in uppercase characters To fix the problem change the name of the database so that it does not contain PORT or HOST in uppercase characters F 3 12 Configuration Assistant Failures General This section describes general tips for troubleshooting configuration assistant failures See the next sections for specific configuration assistant failures See also Appendix E Configuration Assistants Problem Configuration assistant failed Solution Configuration assistants fail from a variety of causes Some things you can check are F 6 Oracle Application Server Installation Guide Installation Problems and Solutions Check that the listener database and Oracle Internet Directory associated with the OracleAS Infrastructure are up and running If not start them up and click the Retry button to rerun the configuration assistant that failed Check the log files for the failed configuration assistant to determine the problem The log files are located in the ORACLE_HOME cfgtoollogs directory Fix the problem indicated in the log file and click Retry to rerun the failed configuration assistant F 3 13 OracleAS Randomize Password Configuration Assistant Failures Before re
208. etadata Repository in an existing database see theOracle Application Server Metadata Repository Creation Assistant User s Guide Install the OracleAS Metadata Repository only without No The schemas are locked and the installing Oracle Identity Management components passwords are expired and you choose not to register it with Oracle Internet Directory This scenario applies to installing it in a new database or in an existing database In the last two scenarios the installer asks you if you want to register the OracleAS Metadata Repository with an Oracle Internet Directory If you answer yes you provide connect information for the Oracle Internet Directory If you answer no the installer does not register the OracleAS Metadata Repository with an Oracle Internet Directory Note If you did not register the OracleAS Metadata Repository with an Oracle Internet Directory during installation you can register it later using the Oracle Application Server Repository Creation Assistant See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details 4 11 Contents of the OracleAS Metadata Repository The OracleAS Metadata Repository contains schemas that can be grouped into these categories a Product Metadata schemas These schemas are used by middle tier components such as OracleAS Portal and OracleAS Wireless a Oracle Identity Management schemas These schemas are used by O
209. example if you select both Oracle Internet Directory and Oracle Directory Integration Platform on the first node you must select them on subsequent nodes in this tier Table 9 6 Steps for Installing Oracle Internet Directory in a Distributed OracleAS Cluster Identity Management on the First Node Screen Action I 2 Select Configuration Options 3 Specify Port Configuration Options 4 Specify Repository Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes In the Select Installation Type screen select Oracle Identity Management Select Oracle Internet Directory Do not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform if you need this component Do not select Oracle Application Server Certificate Authority OCA Select High Availability and Replication Click Next Select Manual and enter the fullpath to your staticports ini file in the provided field You need to use staticports ini file for OracleAS Cluster Identity Management configurations See Section 9 6 3 1 Set up staticports ini File Click Next When you install on the first node you need to specify an OracleAS Metadata Repository that is not already registered with an Oracle Internet Directory When you install on s
210. except Oracle Internet Directory and the OracleAS Metadata Repository Prerequisite Oracle Internet Directory version 9 0 4 or later You would perform this procedure in cases where you already have an Oracle Internet Directory and its associated OracleAS Metadata Repository and you want to a Install OCA with its own OracleAS Metadata Repository or a Install another OracleAS Metadata Repository for Oracle Internet Directory replication You cannot use this procedure to install other Oracle Identity Management components OracleAS Single Sign On Oracle Delegated Administration Services or Oracle Directory Integration Platform To install Oracle Identity Management components without OracleAS Metadata Repository follow the procedure in Section 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory Table 4 6 Steps for Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory Screen Action 1 2 Select Configuration Options 3 Specify Port Configuration Options 4 Register with Oracle Internet Directory Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Identity Management and Metadata Repository Do not select Oracle Internet Directory because you want to use an existing one Do
211. ext If you selected Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen the installer displays screens for configuring OCA See Section 4 30 Install Fragment OCA Screens for details Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example id_mgmt ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 8 18 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration 8 6 Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration This configuration is suitable a if you want to run Oracle Internet Directory and Oracle Directory Integration Platform on the same tier as your database and Oracle Delegated Administration Services and OracleAS
212. f the password state policies As a result you will see unwanted instance failovers 9 2 3 Configure Virtual Server Names and Ports for the Load Balancer Configure your load balancer with two virtual server names and associated ports a Configure a virtual server name for LDAP connections For this virtual server you need to configure a port for SSL connections Note It is recommended that the same port you configured for SSL connections on the LDAP virtual server is configured as the SSL port for Oracle Internet Directory on the nodes on which you will be installing Oracle Internet Directory a Configure a virtual server name for HTTP connections For this virtual server you also need to configure a port for either SSL or non SSL connections If you want the client to connect to the load balancer using HTTPS configure a port for SSL connections If you want the client to connect to the load balancer using HTTP configure a port for non SSL connections Note The ports for the HTTP virtual server can be different from the Oracle HTTP Server Listen ports The installer will prompt you for the virtual server names and port numbers Enter the same virtual server name in the installer that you used to configure the LDAP and HTTP virtual servers The virtual server name may or may not be fully qualified For example if you used a fully qualified host name when you configured the LDAP virtual server then you must ent
213. f you installed Oracle Application Server on an NFS disk you need to edit the LockFile directive in the ORACLE_HOME Apache Apache conf httpd conf file so that it points to a local disk This file is used by the Oracle HTTP Server component See the Oracle HTTP Server Administrator s Guide for details 11 4 Backup and Recovery After installation would be a good time to start backing up the files and to set up your backup and recovery strategy See the Oracle Application Server Administrator s Guide for details 11 5 SSL By default most components are not configured for SSL To enable SSL see the SSL section in the Oracle Application Server Administrator s Guide 11 6 Operating System Locale and NLS_LANG Environment Variable If you installed Oracle Application Server in a non English language environment please check your settings as described in these sections a Section 11 6 1 Check the Operating System Locale Section 11 6 2 Check the NLS_LANG Setting 11 6 1 Check the Operating System Locale To make sure the default locale is set properly verify that the LC_ALL or LANG environment variables are set with the appropriate values To check the current setting run the locale command prompt gt locale 11 6 2 Check the NLS_LANG Setting To check the NLS_LANG setting 1 Make sure the value of the NLS_LANG environment variable is compatible with the default locale setting of the operating system See th
214. ferent port after installation See the Oracle Application Server Administrator s Guide for details Table 2 5 Scenarios and Outcomes if You Have an Existing Database on the Computer Where You Want to Install the OracleAS Metadata Repository Version of the Existing Listener Existing Listener Uses Port 1521 Existing Listener Uses a Port Other Than 1521 Earlier than 10 1 0 2 You need two listeners one for the existing database and one for the OracleAS Metadata Repository See Section 2 5 4 1 1 Scenario 1 Existing Listener Uses Port 1521 and Listener Version Is Earlier Than 10 1 0 2 You need two listeners one for the existing database and one for the OracleAS Metadata Repository See Section 2 5 4 1 3 Scenario 3 Existing Listener Uses a Port Other Than 1521 10 1 0 2 or later The existing listener supports both the existing database and the OracleAS Metadata Repository See Section 2 5 4 1 2 Scenario 2 Existing Listener Uses Port 1521 and Listener Version Is 10 1 0 2 or Later You need two listeners one for the existing database and one for the OracleAS Metadata Repository See Section 2 5 4 1 3 Scenario 3 Existing Listener Uses a Port Other Than 1521 To check the listener version run the following command prompt gt ORACLE_HOME bin l1snrctl VERSION where ORACLE HOME is the home directory for your database You can also use the same command to check the listener port Her
215. g Middle Tiers Against OracleAS Cluster Identity Management Configurations Pre Installation Before starting the middle tier installation configure the LDAP load balancer that you are using for Oracle Internet Directory so that it points to only one Oracle Internet Directory node Installation When installing middle tiers against OracleAS Cluster Identity Management configurations follow the steps for middle tier installation described in Oracle Application Server Installation Guide for the middle tier release you are using When the installer prompts for the Oracle Internet Directory host and port enter the LDAP virtual host name configured on the load balancer and the associated port Post Installation After installing the middle tiers you can reconfigure the LDAP load balancer to point to all the Oracle Internet Directory nodes 9 26 Oracle Application Server Installation Guide 10 Installing in High Availability Environments OracleAS Disaster Recovery This chapter describes how to install Oracle Application Server in OracleAS Disaster Recovery configurations OracleAS Disaster Recovery is one of the high availability environments supported by Oracle Application Server Contents of this chapter a Section 10 1 OracleAS Disaster Recovery Introduction a Section 10 2 Setting up the OracleAS Disaster Recovery Environment Section 10 3 Installing Oracle Application Server in an OracleAS Disaster Recovery E
216. g OCA and you are using an existing Repository Specify OCA Oracle Internet Directory and you are using an existing OracleAS Metadata Repository The Oracle Internet Directory must contain the registration for the OracleAS Metadata Repository that you want to use Select the OracleAS Metadata Repository that you want OCA to use Click Next OCA uses the DN specified on this screen to populate the Issuer field of certificates Distinguished Name that it issues Typical DN Use this section if your DN uses only the attributes listed in this section You do not have to fill in all the attributes specified in this section Only the o organization attribute is required Note that the single quote character is not a valid character in any of the attributes Common Name CN Enter the name that you want on the certificate This name must be different from your hostname Example John Doe Organizational Unit OU Enter the name of your division or department Example Sales Organization O Enter the name of your company or organization Example Oracle Corporation a Country C Select your country from the drop down list Custom DN If your DN uses attributes not listed in the Typical DN section specify your DN in this section Click Next Select OCA Key Length Key Length bits Select the key length used in RSA algorithm to sign all certificates issued by OCA Oracle recommends that you use at least a 20
217. g components 3 5 installing from hard drive 2 22 installing in non empty directory F 3 installing the grid control plug in A 1 installing the grid control plug in agent A 3 instance names 3 3 how they are used 3 4 reusing F 12 valid characters 3 4 inventory directory 3 2 3 6 group for 2 16 location of 2 16 IP installing on a computer with multiple IP addresses 2 22 requirements 2 2 IPC protocol 2 13 K kernel parameters 2 7 checking on Linux 2 8 setting on Linux 2 8 L languages installing additional 3 3 LD_LIBRARY_PATH environment variable 2 19 linking failed F 3 Linux checking kernel parameters 2 8 setting kernel parameters 2 8 load balancer configuring for OracleAS Cluster Identity Management 9 3 log files F 1 from non interactive installations B 11 location of F 2 memory requirements 2 3 reducing 2 5 middle tiers groups required for installation 5 7 installing against OracleAS Cluster Identity Management 9 26 installing against OracleAS Cold Failover Cluster 8 32 installing in OracleAS Disaster Recovery 10 9 installing on OracleAS Cold Failover Cluster 8 34 Mid Tier Administrators group 5 3 mod_osso configuration 11 3 mount point for CD ROM 3 8 mount point for DVD 3 8 multihomed computers installing on 2 22 N name resolution OracleAS Disaster Recovery 10 4 using DNS servers 10 4 using hosts file 10 6 names of instances see instance
218. g message WARNING DCM service may not be available at this time to synchronize SORACLE_ HOME j2ee home config jazn data xml file This is due to a failure in updating the DCM repository and could happen if your load balancer virtual server is not configured to return immediately to the calling client when the backend services to which it forwards traffic are unavailable Solution Perform the following steps to correct the problem 1 Run the following command after installation completes prompt gt ORACLE_HOME dcm bin dcemctl updateConfig ct jazn 2 Verify that the dcmct1 updateConfig command did not return any errors 3 Use the following command to verify that the password is correct prompt gt ORACLE_HOME jdk bin java Doracle security jazn config jazn install jazn xml jar jazn jar checkpasswd jazn com admin pw admin_password Troubleshooting F 9 Installation Problems and Solutions F 3 20 OracleAS Cluster Identity Management Cluster Configuration Assistant Fails Problem During the installation of OracleAS Cluster Identity Management the Cluster Configuration Assistant failed because the cluster name was typed incorrectly or the cluster was not available Solution To cluster the instance you must use the dcmct1 joincluster command instead of Application Server Control You cannot use Application Server Control in this case because Application Server Control cannot cluster instances that contain disa
219. gtoollogs dipca log Integration when configured with Oracle Internet Directory Platform Before running this configuration assistant make Configuration sure Oracle Internet Directory is properly Assistant configured o Server Configures Oracle HTTP Server registers it ORACLE_HOME Apache Apache logs e with Oracle Enterprise Manager 10g 7 Application Server Control and adds an entry to the ORACLE_HOME Apache Apache ORACLE_HOME sysman emd targets xml file httpd log ORACLE_HOME cfgtoollogs configtoolstimestamp log Infrastructure Registers the OracleAS Metadata Repository with ORACLE_HOME cfgtoollogs Database Oracle Internet Directory infratool_ldaporacfg log Registration Assistant Configuration Assistants E 3 Description of Oracle Application Server Configuration Assistants Table E 2 Cont Oracle Application Server Configuration Assistants Configuration Assistant Description Log File Location Infrastructure Updates the ORACLE_HOME config ORACLE_HOME config Instance ias properties file registers the instance with infratool_instance_jazn log Configuration Oracle Internet Directory and creates the essistant ldap ora file with Oracle Internet Directory credentials in the ORACLE_HOME network admin file Before running this configuration assistant check that a the LD_LIBRARY_PATH environment variable includes ORACLE_HOME 1ib32 and ORACLE_HOME network 1lib a the LD_LIBRARY_PATH_64
220. gureDIP true oracle iappserver infrastructure b_configureOCA true oracle iappserver infrastructure b_configureHA false oracle iappserver infrastructure b_launchEMCA true oracle iappserver infrastructure b_launchOHS true Meta Repository Connection Info for OID oracle iappserver iappdialog szl_RepositoryUserInput sys syspassword mr_ host mycompany com 1521 mr mycompany com Meta Repository Connection Info for OCA oracle iappserver iappdialog szl_OCARepositoryUserInput mr_ host mycompany com 1521 mr mr mycompany com szIdentityAdminContext dc mycompany dc com s_dnSelection Custom DN s_dnCntval United States s_dncustom CN My Certificate Authority OU MyOrg O MyCompany C US sl_keylengthInfo 2048 sl_ocmInfo adminpassword adminpassword oracle oid oidca s_silentinstallflag 1 oracle iappserver infrastructure b_configureCentralMon false szOIDwithSSLStatus N nValidationOID2 0 nValidationOID 0 nValidationRepository 0 oracle iappserver instance szl_ InstanceInformation instancename instancepassword instancepassword oracle iappserver instance nValidationInstanceInfo 0 oracle apache apache s_group dba oracle apache apache s_groupid dba oracle iappserver iapptop szl_InstanceInformation instancepassword Silent and Non Interactive Installation B 5 Create the Response File B 5 4 2 Example Response File for OracleAS Infrastructure OracleAS Metadat
221. h the database instances that use the ASM instances for database file storage To configure the CSS daemon 1 Stop all the processes in the OracleAS Cold Failover Cluster Infrastructure home 2 Stop the CSS daemon You can do this by running the following command as root sbin init d init cssd 3 Fail over the IP and the disk to the other node 4 On the other node run the following command as root ORACLE_HOME root sh ORACLE_HOME is where you installed the OracleAS Cold Failover Cluster Infrastructure Step 4 Install OracleAS Single Sign On and Oracle Delegated Administration Services You install OracleAS Single Sign On and Oracle Delegated Administration Services on the local disks of each node You perform these installations separately Pre Installation Steps This installation is actually an OracleAS Cluster Identity Management installation As such you perform the OracleAS Cluster Identity Management setup steps in Chapter 9 Installing in High Availability Environments OracleAS Cluster Identity Management a Section 9 2 1 Use the Same Path for the Oracle Home Directory recommended a Section 9 2 2 Synchronize Clocks on All Nodes a Section 9 2 3 Configure Virtual Server Names and Ports for the Load Balancer Installation Steps The steps are the same as those listed in Section 9 6 5 Installing OracleAS Single Sign On and Oracle Delegated Administration Services on Each Node 8 5 Installing
222. ha IN A 138 1 2 111 Do the same for the standby site Use the same domain name that you used for the production site asmid1 asha IN A 213 2 2 330 asmid1l asha IN A 213 2 2 331 asinfra asha IN A 213 2 2 110 Configure the DNS resolver to point to the internal DNS servers instead of the external DNS server In the etc resolv conf file for each node on the production site replace the existing name server IP address with the IP address of the internal DNS server for the production site Installing in High Availability Environments OracleAS Disaster Recovery 10 5 Setting up the OracleAS Disaster Recovery Environment Do the same for the nodes on the standby site but use the IP address of the internal DNS server for the standby site d Create a separate entry for Oracle Data Guard in the internal DNS servers This entry is used by Oracle Data Guard to ship redo data to the database on the standby site In the next example the remote_infra entry points to the infrastructure node on the standby site This name is used by the TNS entries on both the production and standby sites so that if a switchover occurs the entry does not have to be changed Figure 10 3 Entry for Oracle Data Guard in the Internal DNS Servers Production Site Standby Site asinfra 138 1 2 111 asinfra 213 2 2 110 remote_infra 213 2 2 11 0 On the production site the DNS entries look like this asmid1 asha IN A 138 1 2 333 asmid2
223. have other Oracle Internet Directory instances that are replicas Clients can update data in any Oracle Internet Directory master or replica The Oracle Internet Directory instances propagate the changes among themselves 6 2 Oracle Application Server Installation Guide Requirements Figure 6 2 Example of Multimaster Replication Advanced Replication lt gt OracleAS Advanced Replicatic Read Write In multimaster replication Oracle Internet Directory instances use the Oracle Database Advanced Replication protocol to communicate with each other The Select Oracle Internet Directory Replication Mode screen in the installer uses the term Advanced Replication to refer to multimaster replication The procedure for installing a master Oracle Internet Directory is the same as installing a regular non replicated Oracle Internet Directory The procedure for installing replicas is different When installing a replica you must select the High Availability and Replication option in the Select Configuration Options screen and you need to provide connect information to the master Oracle Internet Directory The Oracle Application Server instance that runs the Oracle Internet Directory master or replica can also run other Oracle Application Server components such as the OracleAS Metadata Repository OracleAS Single Sign On Oracle Delegated Administration Services and or Oracle Directory Integration Platform 6 2 Requirements Chec
224. he LD_LIBRARY_PATH environment variable to contain SORACLE_ HOME 1ib32 and SORACLE_HOME network 1lib c Set the LD_LIBRARY PATH_64 environment variable to contain SORACLI HOME 1lib jes d Run the following command all on one line Note for the classpath parameter do not type any space characters after the colon characters as indicated by lt no spaces gt prompt gt ORACLE_HOME jdk bin java classpath ORACLE_HOME sso lib ossoreg jar lt no spaces gt SORACLE_HOME jlib ojmisc jar lt no spaces gt SORACLE_HOME jlib repository jar lt no spaces gt SORACLE_HOME j2ee home jazn jar S ORACLE_HOME jdk lib dt jar lt no spaces gt SORACLE_HOME jdk 1lib tools jar ORACLE_HOME jlib infratool jar Post Installation Tasks 11 3 Component Configuration After Installation oracle ias configtool UseInfrastructure i f SORACLE_HOME config infratool_mod_osso properties h OIDhost p OIDport u OIDadminName w OIDclearText Password o ORACLE HOME m ASinstanceName infra infraGlobalDBName mh host sso true sslp sslPort sslf false Table 11 1 describes the parameters where you have to supply values Table 11 1 Parameters for Configuring mod_osso Parameter Description h OIDhost Specifies the name of the computer where Oracle Internet Directory is running You can determine this value from the OIDhost parameter in the ORACLE_ HOME config ias properties file p OIDport Specifies the port number on
225. he active node ip_address hostname domain hostname For example 138 1 12 191 vhost mydomain com vhost 3 Determine the primary public network interface The primary public network interface for Ethernet encapsulation is typically 1an0 on HP UX Itanium usr bin netstat i Using this command search for a network interface that has an Address value of the physical hostname of the node 4 Find an available index number for the primary public network interface Using the same command in step 3 determine an available index number for an addition IP address to the primary public network interface For example on HP UX Itanium if the following is the output of the usr bin netstat i command and 1an0 is determined to be the primary public interface in step 3 then lan0 2 is available for an additional IP address Name Mtu Network Address Ipkts Opkts lan0 1 1500 datacenter www2 mydomain com 1050265 734793 lan1 1500 none none 0 0 land 1500 datacenterl wwwi mydomain com 39783928 41833023 100 4136 loopback localhost 1226188 1226196 Do not use 0 as the index number because interface 0 is typically the same as just interface on most systems For example lano 0 is the same as 1an0 on HP UX Itanium 5 Add the virtual IP address to the primary public network interface by running the following command as the root user using the available index number from step 4 usr sbin ifconfig primary_public_interface available_index
226. he default name of the inventory directory is oraInventory If you are unsure if there is already an inventory directory on the computer look in the var opt oracle oraInst 1oc file This file lists the location of the inventory directory and the group who owns it If the file does not exist the computer does not have Oracle products installed on it 2 6 2 Create Groups for Database Administrators This section applies only if you plan to install the OracleAS Metadata Repository in a new database created by the installer When the database is not mounted and database authentication is unavailable the database uses operating system groups to determine user privileges The database recognizes these groups and privileges 2 16 Oracle Application Server Installation Guide Operating System User Table 2 6 Privileges for the OSDBA and OSOPER Groups Group Description OSDBA This is the database administrator group Users in this group are granted SYSDBA privileges OSOPER Users in this group are granted SYSOPER privileges which comprise privileges required for basic maintenance These include database startup and shutdown and other privileges required for database operation SYSOPER privileges are a subset of SYSDBA privileges You need to create operating system groups for these groups If you want an operating system group called dba to have SYSDBA privileges 1 Create the dba group 2 Ensure that the user running
227. heck the ORACLE_ HOME install portlist ini file to see the assigned ports Requirements 2 11 Ports Notes on Choosing Port Numbers a Port numbers cannot be greater than 65535 Ifyou use a port number less than 1024 for a component you must run the component as the root user Ifyou use a port number less than 1024 for a component the installer will not be able to start up the component at the end of installation You may need to configure the component first before you can start it up See the appropriate component documentation for details a You still have to comment out ports 389 and 636 in the etc services file if you want to use these port numbers for Oracle Internet Directory See the Note on page 2 10 for details The installer verifies that the ports specified in the file are available by checking memory This means that it can only detect ports that are being used by running processes It does not look in configuration files to determine which ports an application is using If the installer detects that a specified port is not available it displays an alert The installer will not assign a port that is not available To fix this 1 Edit the staticports ini file to specify a different port or shut down the application that is using the port 2 Click Retry The installer re reads the staticports ini file and verifies the entries in the file again Using portlist ini as the staticports ini File
228. his document Convention Meaning boldface Boldface type indicates graphical user interface elements associated with an action or terms defined in text or the glossary italic Italic type indicates book titles emphasis or placeholder variables for which you supply particular values monospace Monospace type indicates commands within a paragraph URLs code in examples text that appears on the screen or text that you enter 1 Product and Installation Overview This chapter describes what is contained in Oracle Application Server and recommended topologies It contains the following sections Section 1 1 Product Overview Section 1 2 Where Do I Find Installation Instructions for My Product Section 1 3 Recommended Topologies 1 1 Product Overview Oracle Application Server is made up of a middle tier and OracleAS Infrastructure You deploy and run your applications on the middle tiers The infrastructure provides services that are used by middle tiers These services can be shared by one or more middle tiers Oracle Application Server 10g 10 1 4 0 1 provides a comprehensive Identity and Access Management solution The Identity and Access Management Suite includes Oracle Internet Directory Provides scalable robust LDAP V3 compliant directory services implemented on the Oracle Database Oracle Identity Federation Provides standards based multi protocol and cross domain single sign on Oracle S
229. ify that your computer meets all the requirements Click Next Figure 4 2 summarizes the screen sequence 4 24 Oracle Application Server Installation Guide Install Fragment The Last Few Screens of the Installation Figure 4 2 Sequence for the First Few Screens in the Installation Welcome If this is the first Oracle product to be installed on Specify Inventory Directory this computer and Credentials Run orainstRoot sh located in the inventory directory Specify File Locations If the computer is part of hardware cluster Specify Hardware Cluster Installation Mode Oracle Application Server 10g Oracle Application Server Infrastructure 10g Select a Product to Install Oracle Application Server Developer Kits 10g Select Installation Type For OracleAS Infrastructure e Identity Management and Metadata Repository e Identity Management e Metadata Repository For Oracle Application Server middle tier e J2EE and Web Cache e Portal and Wireless e Business Intelligence and Forms Confirm Pre Installation Requirements 4 28 Install Fragment The Last Few Screens of the Installation The last few screens of the installer are described in this section because they are the same for all installations Most installation procedures in this chapter refer to this section as their end point Table 4 13 Last Few Screens in the Installation Screen Action 1 Summary Verify your selecti
230. igh Availability and Replication Click Next Select Automatic The installer configures Oracle Internet Directory to use the same ports as the Oracle Internet Directory on the first node Click Next Enter the same connect information that you entered for the first Oracle Internet Directory Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next This warning reminds you that you are installing this instance as part of an OracleAS Cluster Identity Management and that you need to synchronize the clocks on the nodes in the cluster See Section 9 2 2 Synchronize Clocks on All Nodes Click OK Enter the password for the ODS schema in the OracleAS Metadata Repository The ODS schema is the main schema used by Oracle Internet Directory By default the ODS password is the same as the ias_admin password the password that you entered in the Specify Instance Name and ias_admin Password screen Click Next 9 20 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cluster Identi
231. ill be placed in this subdirectory Example If you enter u02 oradata and the SID is orc1 then the data files will be located in u02 oradata orcl Click Next Set the passwords for these privileged database schemas SYS SYSTEM SYSMAN and DBSNMP You can set different passwords for each schema or you can set the same password for all the schemas See Section 4 14 Restrictions on the Passwords for the SYS SYSTEM SYSMAN and DBSNMP Users for rules on setting passwords for these accounts Click Next Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example infra ias_admin Password and Confirm Password Enter and confirm the password for the ias_admin user This is the administrative user for this infrastructure instance This password will also become the password for the following users a the Oracle Internet Directory superuser cn orcladmin a the Oracle Internet Directory database user ods a the replication DN which is the identity used by the replication server The DN is cn replication dn orclreplicaid replica_ID cn replication configuration where replica_ID is the replica ID of the Oracle Internet
232. ing installation click the Product Languages button in the Select a Product to Install screen To see which languages are installed by default see Section 3 4 Installing Additional Languages If you are serving non English content and forgot to click the Product Languages in the installation the user interface might not display properly because the required fonts were not installed You can fix this by installing the fonts from the OracleAS Metadata Repository Upgrade Assistant and Utilities CD ROM or from the Oracle Application Server DVD ROM 1 Insert and mount the OracleAS Metadata Repository Upgrade Assistant and Utilities CD ROM or the Oracle Application Server DVD ROM 2 CD ROM Copy the contents of the utilities fonts directory on the CD ROM to the ORACLE_HOME jdk jre 1lib fonts directory DVD ROM Copy the contents of the repca_utilities utilities fonts directory on the DVD ROM to the ORACLE_HOME jdk jre lib fonts directory F 3 11 Installer Does Not Display Correct Database Name for OracleAS Metadata Repository Problem During middle tier installation in the Select OracleAS Metadata Repository screen which is the screen where you select the OracleAS Metadata Repository that you want to use for the middle tier the installer does not display correctly the names of the available OracleAS Metadata Repository databases Solution Check the log file oraInventory logs installActionstimestamp 1log If you see th
233. ing steps to correct the problem 1 2 Review the installation log files listed in Section F 1 Log Files Review the log files for the failed configuration assistant Configuration assistant log files are listed in Section E 2 Description of Oracle Application Server Configuration Assistants Try to fix the issue that caused the error If the failed configuration assistant has any dependencies then run the dependencies again You must do this even if the dependency completed successfully Run the failed configuration assistant again by selecting the configuration assistant in the installer and clicking Retry If the configuration assistant fails again after you click Retry remove the tmp EM_CONFIG_INSTALL 1k file and re run the configuration assistant again If the configuration assistant fails again after you click Retry remove the component entry from the ORACLE_HOME sysman emd targets xml file For example the following lines show the Oracle Containers for J2EE entry in the targets xml file lt Target TYPE 0c4j NAME instance2 domain com_home DISPLAY_NAME home VERSION 1 3 DISABLED TRUE gt lt Property NAME HTTPMachine VALUE stacu02 us oracle com gt lt Property NAME OracleHome VALUE local_host oracle product 10 1 4IM OracleAS gt lt Property NAME version VALUE 9 0 4 gt lt AssocTargetInstance ASSOC_TARGET ias TYPE oracle_ias NAME instance2 domain com
234. ing ways a Use Oracle Enterprise Manager 10g Application Server Control Installing OracleAS Infrastructure 4 11 Can Add OCA After Installation Click the Ports link on the Enterprise Manager home page This takes you to a page that lists all ports in use and the suggested port ranges for different components a Lookin the ORACLE_HOME install portlist ini file ORACLE_HOME refers to the directory containing the Oracle Application Server installation Note that if you change a component s port number after installation the portlist ini file is not updated The portlist ini file is not updated after installation 4 18 Can I Add OCA After Installation If you installed OracleAS Infrastructure but did not select to configure OCA and later decide that you want to use OCA you have to install it in a separate Oracle home You cannot install it in an existing Oracle home When you install OCA in a new Oracle home you can install it on the same or different computer as the OracleAS Infrastructure You can also install it with its own OracleAS Metadata Repository or install it against an existing OracleAS Metadata Repository a Install OCA only OCA will share the OracleAS Metadata Repository that you installed earlier If you are installing OCA on the same computer as the OracleAS Infrastructure instance you might want to consider this option for performance reasons The second option requires running
235. ining Oracle Internet Directory and Oracle Directory Integration Platform Section 1 3 2 Installing a Distributed Oracle Identity Management with an Integrated Oracle HTTP Server Three Oracle Homes one containing Oracle HTTP Server a second containing OracleAS Single Sign On and Oracle Delegated Administration Services and a third containing Oracle Internet Directory and Oracle Directory Integration Platform Section 1 3 3 Installing a Distributed Oracle Identity Management with a Standalone Oracle HTTP Server An enterprise data center for J2EE applications that uses one of the following methods for user authentication OracleAS Single Sign On a Oracle Access Manager a Oracle Application Server Java Authentication and Authorization Service JAAS Provider LDAP Each of these topologies contains a web tier an application tier and a data tier The three tiers are separated by firewalls myJ2EECompany in the Oracle Application Server Enterprise Deployment Guide Oracle Identity Federation Topologies An Oracle Identity Federation instance configured with OracleAS Infrastructure so that it is integrated with OracleAS Single Sign On Deploying Oracle Identity Federation with OracleAS Single Sign On in the Oracle Identity Federation Administrator s Guide An Oracle Identity Federation instance configured with OracleAS Infrastructure and Oracle Access Manager Deploying Oracle Identity Fede
236. inistration ow Services 1 sso i Oracle Directory Integration and DAS DIP on failover Provisioning f Node 1 Node 2 Primary Node Active Secondary Node Physical IP Physical IP 123 45 67 22 123 45 67 33 Shared Storage Oracle Home for Identity Management Inventory Directory Oracle home for existing database Shared Storage 8 5 1 OracleAS Cold Failover Cluster Identity Management Overview of Installation Steps To create an OracleAS Cold Failover Cluster Identity Management configuration against an existing cold failover cluster database perform these steps Table 8 4 Overview of Installation Steps for OracleAS Cold Failover Cluster Identity Management Configuration Step Description 1 Perform Pre Installation Steps Pre installation tasks described in Section 8 2 include Section 8 2 1 Map the Virtual Hostname and Virtual IP Address Section 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes Section 8 2 3 Review Recommendations for Automatic Storage Management ASM 2 Install OracleAS Metadata Repository Install OracleAS Metadata Repository on your existing cold failover cluster database 3 Install the Oracle Identity Management Install the Oracle Identity Management components Components 8 16 Oracle Application Server Installation Guide Installing an OracleAS Cold Failover Cluster Identity Management Configuration 8 5 2 Orac
237. ion Platform 4 6 groups required for installation 5 4 Oracle Directory Manager adding users to groups 5 11 Oracle E Delivery 3 7 Index 3 Oracle Enterprise Manager Application Server Control URL 11 1 Oracle home directory 3 1 Oracle HTTP Server in NFS installations 11 2 Oracle Internet Directory 5 1 adding users to groups 5 10 cn orcladmin superuser 5 1 connecting using SSL 3 7 contents of new 5 16 creating users 5 10 default users 5 1 groups 5 2 5 4 groups required for installation 5 4 groups required to install components 5 4 groups required to install middle tiers 5 7 installing 4 20 namespace 4 11 OracleAS Metadata Repository registration 4 7 orcladmin user 5 2 realms 5 16 supported versions 4 7 using existing 4 7 Oracle Internet Directory groups Associated Middle Tiers 5 3 Component Owners 5 3 IAS Admins 5 2 Mid Tier Administrators 5 3 Repository Owners 5 3 Trusted Application Admins 5 2 User Management Application Admins 5 2 Oracle Internet Directory passwords for OracleAS Cluster Identity Management 9 4 Oracle Internet Directory ports reserved in etc services file 2 10 Oracle Internet Directory Replication fan out replication 6 2 installing master Oracle Internet Directory 6 4 installing replica 6 5 multimaster replication 6 2 overview 6 1 requirements 6 3 Oracle Internet Directory users adding to groups 5 10 cn orcladmin 5 1 creating 5 10 orcladmin 5 1 Oracle
238. ion Server Installation Guide Deinstallation Problems and Solutions Solution Perform the following steps to correct the problem 1 Start Oracle Directory Manager prompt gt cd ORACLE_HOME bin prompt gt oidadmin 2 Navigate to the entry orclApplicationCommonName ORASSO_SSOSERVER cn SSO cn Products cn OracleContext 3 Remove the instance name of the failed middle tier from the values of the attribute labeledURI 4 If there are no more instance names listed in the values of the attribute labeleduURI then remove the entry orclApplicationCommonName ORASSO_SSOSERVER cn SSO cn Products cn OracleContext F 4 Deinstallation Problems and Solutions This section describes common problems related to deinstallation a Section F 4 1 Obsolete Partner URLs Still Remain on the OracleAS Single Sign On Administration Screen a Section F4 2 Unable to Reuse Instance Name of a Deleted Instance a Section F 4 3 Unable to Reuse Database Name a Section F 4 4 Deconfiguration Failed on Distributed OracleAS Cluster Identity Management F 4 1 Obsolete Partner URLs Still Remain on the OracleAS Single Sign On Administration Screen Problem After deinstallation some partner application entries that are obsolete remain on the OracleAS Single Sign On Administration screen Solution Run the command to de register the entries for the obsolete partner applications The command is similar to the command for registrati
239. ion Steps To set up a distributed OracleAS Cold Failover Cluster Infrastructure configuration perform these steps Table 8 3 Overview of Installation Steps for Distributed OracleAS Cold Failover Cluster infrastructure Step Description 1 Perform Pre Installation Steps Pre installation tasks described in Section 8 2 include Section 8 2 1 Map the Virtual Hostname and Virtual IP Address Section 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes a Section 8 2 3 Review Recommendations for Automatic Storage Management ASM 2 Install OracleAS Infrastructure In this step you install OracleAS Infrastructure on the shared storage You install all components except OracleAS Single Sign On Oracle Delegated Administration Services and OCA 3 Perform Post Installation Steps This post installation step configures the CSS daemon This step is required only if you are using ASM Automatic Storage Management feature of the Oracle database and you do not have an existing Oracle database 4 Install OracleAS Single Sign On and Oracle In this step you install OracleAS Single Sign On and Oracle Delegated Administration Services Delegated Administration Services 8 4 2 Distributed OracleAS Cold Failover Cluster Infrastructure Details of Installation Steps Step 1 Perform Pre Installation Steps Perform the pre installation steps listed in Section 8 2 Pre Installation Steps for Ora
240. irectory perform these steps 1 Start up Oracle Directory Manager Oracle home refers to the home where you installed Oracle Internet Directory prompt gt ORACLE_HOME bin oidadmin 2 Inthe Connect screen enter the Oracle Internet Directory connect information Log in as the Oracle Internet Directory superuser cn orcladmin 3 Expand Entry Management gt cn OracleContext gt cn Products gt cn IAS gt cn IAS Instances Under cn IAS Instances select the instance that you want to delete From the menu select Edit gt Delete Expand Entry Management gt cn OracleContext gt cn Groups Select cn IASAdmins SNS m e In the Properties tab remove the instance from the uniquemember field by editing the field Do not select Edit gt Delete from the menu 9 Click Apply F 4 3 Unable to Reuse Database Name Problem You get an error when you try to use the same global database name or SID as the one that you deleted Solution You might see this problem if you deinstall OracleAS Metadata Repository but not Oracle Internet Directory and you want to reuse the Oracle Internet Directory and the same database name or SID when you install another OracleAS Metadata Repository The Oracle Internet Directory still contains the name of the deleted OracleAS Metadata Repository You need to remove this name before you can reuse it F 12 Oracle Application Server Installation Guide Deinstallation Problems and Solutions
241. is feature is useful if you need to perform the same installation on different computers To run the installer in record mode 1 Start up the installer with the record and destinationFile parameters prompt gt path to runInstaller record destinationFile newResponseFile Replace newResponseFile with the full path to the response file that you want the installer to create Example opt oracle myInfraResponse rsp 2 Enter your values in the installer screens The installer will write these values to the file specified in the destinationFile parameter When you get to the Summary screen the installer automatically writes all your values to the specified file At this point you can complete the installation on this computer or you can exit without performing the installation Secure information such as passwords is not written to the file so you must modify the response file before you can use it B 5 3 Variables to Modify in the Response Files For all installation types modify the following variables Silent and Non Interactive Installation B 3 Create the Response File UNIX_GROUP_NAME FROM_LOCATION ORACLE _HOME szl_PortListSelect oracle iappserver instance szl_InstanceInformation See the response file for descriptions of the parameters in the file B 5 4 Example Response Files The following sections shows example response files for the following Oracle Application Server installation types Section
242. isted in Chapter 2 Requirements plus requirements specific to the high availability configuration that you plan to use The common requirements are a Section 7 3 1 Check Minimum Number of Nodes Section 7 3 2 Check That Groups Are Defined Identically on All Nodes a Section 7 3 3 Check the Properties of the oracle User a Section 7 3 4 Check for Previous Oracle Installations on All Nodes 7 3 1 Check Minimum Number of Nodes You need at least two nodes in a high availability configuration If a node fails for any reason the second node takes over 7 3 2 Check That Groups Are Defined Identically on All Nodes Check that the etc group file on all nodes in the cluster contains the operating system groups that you plan to use You should have one group for the oralnventory directory and one or two groups for database administration The group names and the group IDs must be the same for all nodes See Section 2 6 Operating System Groups for details 7 3 3 Check the Properties of the oracle User Check that the oracle operating system user which you log in as to install Oracle Application Server has the following properties a Belongs to the oinstall group and to the osdba group The oinstall group is for the oralnventory directory and the osdba group is a database administration group See Section 2 6 Operating System Groups for details Installing in High Availability Environments Overview 7 5 Requi
243. ity Federation 512 MB Note a The installer checks the amount of memory on your computer and will warn you if your computer does not meet the minimum memory requirements To determine the amount of memory enter the following command usr sbin dmesg grep Physical Checked by Installer Yes Requirements 2 3 System Requirements Table 2 2 Cont System Requirements Item Requirement Disk space OracleAS Infrastructure OracleAS Metadata Repository and Oracle Identity Management 6 5 GB You can install the data files for the OracleAS Metadata Repository database on a disk that is different from the disk where you are installing OracleAS Infrastructure If you do this make sure the disk for the Oracle Home has at least 3 5 GB of free space and the disk for the data files has at least 3 0 GB of free space Oracle Identity Management only 3 GB OracleAS Metadata Repository only 6 5 GB Oracle Identity Federation 2 3 GB The installer may display inaccurate disk space requirement figures Refer to the figures listed above for disk space requirements To determine the amount of free disk space use the bdf command prompt gt bdf dir Replace dir with the Oracle home directory or with the parent directory if the Oracle home directory does not exist yet For example if you plan to install Oracle Application Server in opt oracle infra you can replace dir with opt oracle or opt oracle infra
244. ity SSL Mutual Authentication port port_num The easiest way to create the file is to use the staticports ini file on the CD ROM Disk 1 or DVD ROM as a template 1 Copy the staticports ini file from the CD ROM or DVD ROM to your hard disk Table 2 4 Location of the staticports ini File on CD ROM and DVD ROM Media Location of staticports ini File CD ROM Disk 1 mount_point 1014disk1 stage Response staticports ini DVD ROM mount_point application_server stage Response staticports ini 2 Edit the local copy the file on the hard disk to include the desired port numbers You do not need to specify port numbers for all components in the staticports ini file Ifa component is not listed in the file the installer uses the default port number for that component Note that the staticports ini may contain ports for components that are not included in 10g 10 1 4 0 1 You cannot change the port used by the OracleAS Metadata Repository port 1521 during installation but you can do so after installation See the Oracle Application Server Administrator s Guide for details The following example sets the Application Server Control port and some OracleAS Web Cache ports For components not specified the installer will assign the default port numbers Application Server Control port 2000 Oracle Internet Directory port 2001 Oracle Internet Directory SSL port 2002 When installation is complete you can c
245. ize Clocks on All Nodes a Section 9 2 3 Configure Virtual Server Names and Ports for the Load Balancer Installation steps The installation steps are described in Section 9 6 5 Installing OracleAS Single Sign On and Oracle Delegated Administration Services on Each Node 8 7 Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster The configuration described in this section is similar to that described in Section 8 4 Installing a Distributed OracleAS Cold Failover Cluster Infrastructure Configuration The difference is that in the configuration described in this section OracleAS Single Sign On and Oracle Delegated Administration Services run in an OracleAS Cold Failover Cluster configuration You need two sets of clustered nodes See Figure 8 5 One set runs the OracleAS Metadata Repository and Oracle Internet Directory and another set runs Oracle Delegated Administration Services and OracleAS Single Sign On For each set you need a shared storage and a virtual hostname You install Oracle homes for the various Oracle Application Server components on the shared storage 8 24 Oracle Application Server Installation Guide Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster Figure 8 5 Oracle Delegated Administration Services and OracleAS Single Sign On in a Cold Failover Cluster Virtual Hostname vhost
246. k Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next If you selected Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen the installer displays screens for configuring OCA See Section 4 30 Install Fragment OCA Screens for details Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example id_mgmt ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance This password will also become the password for the following users a the Oracle Internet Directory superuser cn orcladmin a the Oracle Internet Directory database user ods a the replication DN which is the identity used by the replication server The DN is cn replication dn orclreplicaid replica_ID cn replication configuration where rep
247. k that you meet the following requirements for installing Oracle Internet Directory in replication mode a Section 6 2 1 Database Requirements a Section 6 2 2 Clock Synchronization 6 2 1 Database Requirements Each Oracle Internet Directory whether master or replica needs its own OracleAS Metadata Repository You can install it with a new OracleAS Metadata Repository or against an existing OracleAS Metadata Repository If installing against an existing OracleAS Metadata Repository you can create an existing OracleAS Metadata Repository in two different ways a You can install it by selecting the OracleAS Metadata Repository option in the Select Installation Type screen a You can install the OracleAS Metadata Repository in an existing database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details on how to load the OracleAS Metadata Repository in an existing database Installing Oracle Internet Directory in Replicated Mode 6 3 Installation Order If you are installing against an existing OracleAS Metadata Repository the OracleAS Metadata Repository must not be already registered with another Oracle Internet Directory If you specify an OracleAS Metadata Repository that is already registered with an Oracle Internet Directory the installer assumes you are installing a high availability environment and it does not display the replication options 6 2 2 Clock Synchronization
248. ld Failover Cluster and that the file system is repairable from either node if a node fails To check that the file system can be mounted from either node do the following steps 1 Set up and mount the file system from node 1 8 4 Oracle Application Server Installation Guide Pre Installation Steps for OracleAS Cold Failover Cluster Unmount the file system from node 1 Mount the file system from node 2 using the same mount point that you used in step 1 Unmount it from node 2 and mount it on node 1 because you will be running the installer from node 1 Note Only one node of the OracleAS Cold Failover Cluster should mount the file system at any given time File system configuration files on all nodes of the cluster should not include an entry for the automatic mount of the file system upon a node restart or execution of a global mount command For example on UNIX platforms do not include an entry for this file system in etc vfstab file 8 2 3 Review Recommendations for Automatic Storage Management ASM If you plan to use ASM instances for the OracleAS Metadata Repository database consider these recommendations If you plan to use ASM with Oracle database instances from multiple database homes on the same node then you should run the ASM instance from an Oracle home that is different from the database homes The ASM home should be installed on every cluster node This prevents the accidental removal of A
249. le tep java t oracle net config ServiceAlias lt init gt Compiled Code net config Service lt init gt Compiled Code net config DatabaseService lt init gt Compiled Code sysman assistants util NetworkUtils registerDBWithDirSrvc NetworkUtils j sysman assistants dbca backend DirServiceStep executePreReqImp1 Compiled sysman assistants dbca backend PrerequisiteStep executeImpl Prerequisite 149 sysman assistants dbca backend Step execute Compiled Code Troubleshooting F 7 Installation Problems and Solutions at oracle sysman assistants dbca backend PostDBCreationStep executeImpl Compiled Code at oracle sysman assistants dbca backend Step execute Compiled Code at oracle sysman assistants dbca backend Host ModeRunner run Compiled Code at java lang Thread run Thread java 466 ERROR oracle sysman assistants util NetAPIException Solution This error occurs if the TNS_ADMIN environment variable is set The TNS_ADMIN environment variable should not be set see Section 2 8 6 TNS_ADMIN If it is set unset it and rerun DBCA by clicking the Retry button in the Configuration Assistants screen F 3 15 Harmless Error Message from Database Configuration Assistant DBCA If you see the following error copying OC4J config files message in your log file the message is harmless and can be ignored Nov 25 2004 9 07 30 PM oracle sysman emcp EMConfig updateReposVars INFO Updating file ASInstalls ASInfra sysman emd
250. le Application Server on the remote computer 1 Allow remote_computer to display on local_computer You need to run this command on the local computer s console local_computer gt xhost remote_computer If you do not run xhost you might get an Xlib error similar to Failed to connect to server Connection refused by server or Can t open display when starting the installer On local_computer perform a remote login using telnet or rlogin to remote_ computer Log in as the oracle user as described in Section 2 7 Operating System User Ensure that the user has set the environment variables correctly as described in Section 2 8 Environment Variables local_computer gt rlogin 1 oracle remote_computer mydomain com ee OR local_computer gt telnet remote_computer mydomain com 2 24 Oracle Application Server Installation Guide Network Topics 3 Set the DISPLAY environment variable on remote_computer to point to local_ computer Example C shell remote_computer gt setenv DISPLAY local_computer mydomain com 0 0 Example Bourne or Korn shell remote_computer gt DISPLAY local_computer mydomain com 0 0 export DISPLAY 4 Run the installer See Section 3 15 Starting the Oracle Universal Installer Note You can use a PC X emulator to run the installer if it supports a PseudoColor color model or PseudoColor visual Set the PC X emulator to use a PseudoColor visual and then start the install
251. le home a OracleAS Developer Kits into an Oracle9iAS middle tier 9 0 2 9 0 3 9 0 4 or 10 1 2 Oracle home a OracleAS Developer Kits into an Oracle Developer Suite 9 0 2 9 0 4 or 10g 10 1 4 0 1 Oracle home a OracleAS Infrastructure into any Oracle9iAS 9 0 2 9 0 3 or 9 0 4 Oracle home OracleAS Infrastructure into an Oracle Application Server 10g 10 1 4 0 1 middle tier or OracleAS Developer Kits Oracle home a OracleAS Infrastructure into an Oracle Developer Suite 9 0 2 9 0 4 or 10g 10 1 4 0 1 Oracle home a OracleAS Infrastructure or middle tier into an Oracle home installed from the Business Intelligence CD ROM Port 1521 The installer displays a warning if port 1521 is in use by any application including database listeners of any version You need to stop the application that is using port 1521 then click OK in the warning dialog If it is a database listener that is using port 1521 you might be able to use it for the metadata repository database See Section 2 5 4 If Port 1521 Is in Use for details If it is another application that is using port 1521 you need to stop it or configure it to use a different port Alternatively you can change the database listener to use a port other than 1521 but you can do this only after installation See the Oracle Application Server Administrator s Guide for details Static port conflicts The installer checks the ports listed in the staticports ini file if specifi
252. leAS Cold Failover Cluster Identity Management Details of Installation Steps Perform the following steps to install Oracle Application Server in an OracleAS Cold Failover Cluster Identity Management configuration Step 1 Perform Pre Installation Steps Perform the pre installation steps listed in Section 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster Step 2 Install OracleAS Metadata Repository Use the OracleAS RepCA to install the OracleAS Metadata Repository in an existing database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details If you do not have an existing database you can use the installer to create one Note that you have to create the database with a virtual hostname The database should run in an active passive configuration typically on a hardware cluster See Section 8 8 Installing Only the OracleAS Metadata Repository in an OracleAS Cold Failover Cluster Environment for details Step 3 Install the Oracle Identity Management Components You install the Oracle Identity Management on the other shared disk Follow the installation steps described in Table 8 5 Key Points a When the installer prompts you for the Oracle home path enter a path on the shared disk Make sure that both nodes can access this path a Inthe Select High Availability or Replication Option screen select Virtual Host Inthe Specify Virtual Hostname screen enter the virtual hostname In
253. les you to specify port numbers for each component See Section 2 5 3 Using Custom Port Numbers the Static Ports Feature for details Installing in High Availability Environments OracleAS Disaster Recovery 10 3 Setting up the OracleAS Disaster Recovery Environment 10 2 3 Set Up Identical Hostnames on Both Production and Standby Sites The names of the corresponding nodes on the production and standby sites must be identical so that when you synchronize data between the sites you do not have to edit the data to fix the hostnames For the Infrastructure Nodes For the node running the infrastructure set up a virtual name To do this specify an alias for the node in the etc hosts file For example on the infrastructure node on the production site the following line in the hosts file sets the alias to asinfra 138 1 2 111 prodinfra asinfra On the standby site the following line sets the node s alias to asinfra 213 2 2 110 standbyinfra asinfra When you install OracleAS Infrastructure on the production and standby sites you specify this alias asinfra in the Specify Virtual Hostname screen The configuration data will then contain this alias for the infrastructure nodes For the Middle Tier Nodes For the nodes running the middle tiers you cannot set up aliases like you did for the infrastructure nodes because the installer does not display the Specify Virtual Hostname screen for middle tier installations When i
254. lica_ID is the replica ID of the Oracle Internet Directory being installed See Section 3 6 The ias_admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Installing Oracle Internet Directory in Replicated Mode 6 9 Accessing OracleAS Single Sign On and Oracle Delegated Administration Services 6 6 Accessing OracleAS Single Sign On and Oracle Delegated Administration Services To access OracleAS Single Sign On or Oracle Delegated Administration Services on the replica node you have to use the password for the orcl admin user on the master Oracle Internet Directory not the replica Oracle Internet Directory Example 1 Enter the URL for OracleAS Single Sign On or Oracle Delegated Administration Services in your browser For OracleAS Single Sign On the URL is http host port pls orasso For Oracle Delegated Administration Services the URL is http host port oiddas host specifies the name of the computer where you installed the Oracle Internet Directory replica port specifies the port number on which Oracle HTTP Server is listening To log in enter orcladmin as the user name and the password you entered when you installed the master Oracle Internet Directory If you enter the password for the replica Oracle Internet Directory the logi
255. ling Additional Languages By default the installer installs Oracle Application Server with text in English and in the operating system language If you need additional languages click the Product Languages button in the Select a Product to Install screen When you select additional languages to install the installer installs text in the selected languages It also installs fonts required to display the languages For some components languages are installed only if you select them during installation In this case if you access the application in a language that is not available it will fall back on the server locale language For other components available languages are installed regardless of what you select during installation In this case however fonts are installed only for the languages that are explicitly selected When you access the application it uses text in your language because the language was installed However if you do not have the appropriate fonts to render the text the text appears as square boxes This usually applies to the Chinese Japanese and Korean languages You can install fonts after installation See Section F 3 10 User Interface Does Not Display in the Desired Language or Does Not Display Properly Note that you cannot install additional languages after installation You must install all languages that you need during installation If you run Oracle Application Server in an environment that uses
256. ller and check the log files for any error message In particular check the ORACLE_HOME install make 1og file Remove the failed installation Before reinstalling Oracle Application Server make sure that your computer meets all the requirements listed in Chapter 2 Requirements Check especially the following requirements Check that the kernel parameters are set to the proper values Note that if you change the value of a kernel parameter you must exit the installer and restart your computer for the new value to take effect a Check that you are installing Oracle Application Server in a valid directory For example you cannot install Oracle Application Server in a database Oracle home See Table 2 9 for a complete list F 3 3 Prerequisite Checks Fail at the Start of Installation Problem The prerequisite checks that are run at the start of installation failed Solution If the prerequisite checks display warnings about missing operating system patches or patch bundles the patch may actually be missing or it may have been superseded If your computer contains the patch that supersedes it you can ignore the warning F 3 4 Message About Installing in a Non Empty Directory Problem The installer displays a message that you are installing into a non empty directory Solution If you started an installation and went beyond the Specify File Locations screen but did not complete the installation the installer has already create
257. lling Oracle Identity Management in a Single Oracle Home ccecee sees 1 4 1 3 2 Installing a Distributed Oracle Identity Management with an Integrated Oracle HTTP DELVE gai fetesus ta ccccteevel ends couuan tet dank caates Tra a a eset Daas aaea E EERS 1 5 1 3 3 Installing a Distributed Oracle Identity Management with a Standalone Oracle HTTP A D A E PAETE TETT ETE dates dducsdactha genes cadsavedst agdougibs ETTA 1 7 2 Requirements 2 1 Using OracleMetaLink to Obtain the Latest Oracle Application Server Hardware and Software Requirements cai cet Seire ar i a A e E AA eea AAE 2 1 2 2 System RequireMentts sipini aeea aaaea a EE E EE E TT E e aaah 2 2 2 2 1 Installing from the Console or X Windows s ssssssssssssesssssessiesissesnensinsinsessnnneesienresesneenees 2 5 2 2 2 Tips for Reducing Memory Usage rrisnin 2 5 2 3 Software Requirements mnis ae a a ap e a aa E a aaea 2 5 2 4 Kernel Parameters 2 4218 endian eenia a aiee atiae SE ae ME ee ee 2 7 2 4 1 Kernel Parameter Settings for OracleAS Metadata Repository cccecce sees 2 7 2 5 POPS EEEE dl EEE TEE ANAE E A T AE cease lens 2 8 2 5 1 Checking If a Port Isin Useri Sivseds cesesete iiss shed a e a a A ESERE NES 2 9 2 5 2 Using Default Port Numbers itis sit cetccccidsciccecciececccctlccccacceesliccscsescdusctesesdsbatesscdsdansdvestes 2 9 2 5 3 Using Custom Port Numbers the Static Ports Feature 00 0 ccc eee 2 10 2 5 3 1 Format of the staticports ini File eee ce
258. mand after deinstalling the instances See Section D 5 Deinstalling OracleAS Cluster Identity Management for details To run the Deconfig tool run the Perl interpreter on the ORACLE_ HOME bin deconfig p1 script Use the Perl interpreter provided with Oracle Application Server prompt gt cd ORACLE_HOME bin prompt gt ORACLE_HOME perl bin perl deconfig pl u oid_user w password r realm dbp sys_db_password Deinstallation and Reinstallation D 1 Deconfig Tool If you run it without all of the parameters the tool prompts you for the necessary information Note For security reasons it is not recommended that you specify the password on the command line The Deconfig tool will prompt you for the password if you do not specify it on the command line D 1 1 Parameters u oid_user Specify the Oracle Internet Directory user You can specify the Oracle Internet Directory user using the user s simple name or the user s distinguished name DN For example the user s simple name can be jdoe mycompany com which corresponds to the DN cn jdoe l us dc mycompany dc com The Oracle Internet Directory user needs to have privileges for deinstalling the components that are configured in the Oracle Application Server instance that you want to deinstall These privileges are the same as for installing and configuring the component For example if you are deinstalling an OracleAS Infrastructure insta
259. mber Component Default Port Range Name in staticports ini Oracle Process Manager and Notification Server OPMN Oracle Notification Server Request Port 6003 6003 6099 Oracle Notification Server Request port Oracle Notification Server Local Port 6100 6100 6199 Oracle Notification Server Local port Oracle Notification Server Remote Port 6200 6200 6299 Oracle Notification Server Remote port Oracle Application Server Containers for J2EE OC4J OC4J AJP 12501 12501 12600 Not settable through staticports ini OC4J RMI 12401 12401 12500 Not settable through staticports ini JMS 12601 12601 12700 Not settable through staticports ini IIOP 13301 13301 13400 Not settable through staticports ini IIOPS1 13401 13401 13500 Not settable through staticports ini HOPS2 13501 13501 13600 Not settable through staticports ini Oracle HTTP Server Oracle HTTP Server Listen Port 7777 7777 7877 Oracle HTTP Server Listen port Oracle HTTP Server Listen SSL 4443 4443 4543 Oracle HTTP Server Listen 8250 8350 SSL port Oracle HTTP Server Port 7777 7777 7877 Oracle HTTP Server port Oracle HTTP Server SSL Port 4443 443 4443 4543 Oracle HTTP Server SSL 8250 8350 port Java Object Cache 7000 7000 7099 Java Object Cache port DCM Discovery 7100 7100 7199 DCM Discovery port Port Tunneling 7501 7501 7599 Not settable through staticports ini Oracle H
260. meet both of these requirements You plan to use the Automatic Storage Management ASM feature of Oracle Database 10g for the OracleAS Metadata Repository Your computer does not have an existing Oracle Database 10g If you meet these requirements you need to configure the CSS daemon on the other node The CSS daemon synchronizes ASM instances with the database instances that use the ASM instances for database file storage To configure the CSS daemon 1 Stop all the processes in the OracleAS Cold Failover Cluster Infrastructure home 2 Stop the CSS daemon You can do this by running the following command as root sbin init d init cssd 3 Fail over the IP and the disk to the other node Installing in High Availability Environments OracleAS Cold Failover Cluster 8 29 Installing Only the OracleAS Metadata Repository in an OracleAS Cold Failover Cluster Environment 4 On the other node run the following command as root SORACLE_HOME root sh ORACLE_HOME is where you installed the OracleAS Cold Failover Cluster Infrastructure 8 8 Installing Only the OracleAS Metadata Repository in an OracleAS Cold Failover Cluster Environment This section describes how to install the OracleAS Metadata Repository in a new database that is the installer will create a new database for you and populate it with the OracleAS Metadata Repository You can use this database in an OracleAS Cold Failover Cluster environment Pre
261. metalink oracle com Table 2 3 Software Requirements for HP UX 11i version 2 Itanium Systems Item Requirement Operating HP UX 11i Version 2 11 23 Itanium or higher System Requirements 2 5 Software Requirements Table 2 3 Cont Software Requirements for HP UX 11i version 2 Itanium Systems Item Requirement Patches for 11 11 m BUNDLE11i B 11 23 0409 3 Patch Bundle for HP UX 11i v2 B 11 23 or higher September 2004 versions PHSS_31850 11 23 assembler patch PHSS_31851 11 23 Integrity Unwind Library PHSS_31854 11 23 milli cumulative patch a PHSS_31855 11 23 aC Runtime IA A 05 60 PA A 03 60 a PHSS_33275 PHSS_32213 11 23 linker fdp cumulative patch a PHSS_33276 11 23 Math Library Cumulative Patch The following patches are required by JDK 1 4 2 05 or higher JDK 1 4 2 05 is installed with this release Refer to the HP Support site for a list of all JDK patches a PHCO_31553 pthread library cumulative patch PHKL_31500 11 23 Sept04 base patch a PHSS_32213 11 23 Aries cumulative patch The following patches are required if ANSI C and C are installed on the system PHSS_33278 aC Compiler A 06 02 a PHSS_33277 HP C Compiler A 06 02 PHSS_33279 u2comp be patch To ensure that the system meets these requirements follow these steps 1 To determine which version of HP UX Itanium is installed enter the following command uname a HP UX hostn
262. min Account Becomes Locked for instructions on how to unlock the account F 3 9 cn orcladmin Account Becomes Locked Problem The cn orcladmin account becomes locked after ten failed attempts to connect This is controlled by the password policy Ten failed attempts is the default value Solution If you know the cn orcladmin password you can unlock the account by running the following command prompt gt ORACLE_HOME bin oidpasswd connect dbsid unlock_su_acct true where dbsid is the SID for the database For example prompt gt ORACLE_HOME bin oidpasswd connect orcl unlock_su_acct true OID DB user password enter_ODS_password OID superuser account unlocked successfully The command prompts for the password of the ODS schema By default the ODS password is the same as for the cn orcladmin and ias_admin accounts which you entered during installation To change the password policy see the Oracle Internet Directory Administrator s Guide F 3 10 User Interface Does Not Display in the Desired Language or Does Not Display Properly Problem Messages do not appear in the desired language or messages are not displayed correctly Solution Currently Oracle Application Server does not support adding or removing languages after installation Troubleshooting F 5 Installation Problems and Solutions If you are serving non English content be sure you add all the languages that you need during installation To add languages dur
263. mple orcl mydomain com The installer does not check for this and this will lead to errors later during the installation process SID Enter the system identifier for the OracleAS Metadata Repository database Typically this is the same as the global database name but without the domain name The SID must be unique across all databases SIDs have the following naming restrictions a Must contain alphanumeric characters only Must not be longer than eight characters a Must not contain PORT or HOST in uppercase characters If you want the name to contain host or port use lowercase characters Example orcl Database Character Set Select the character set to use See also Section 4 15 Support for NE8ISO8859P10 and CEL8ISO8859P14 Characters Sets Database File Location Enter the full path to the parent directory for the data files directory This parent directory must already exist and you must have write permissions in this directory The installer will create a subdirectory in this parent directory and the subdirectory will have the same name as the SID The data files will be placed in this subdirectory Example If you enter u02 oradata and the SID is orc1 then the data files will be located in u02 oradata orcl Click Next 9 Specify Database Schema Set the passwords for these privileged database schemas SYS SYSTEM SYSMAN Passwords and DBSNMP You can set different passwords for each schema or you can set the same passw
264. n F 4 Deinstallation Problems and Solutions Section F 5 Need More Help The installer writes the following log files oraInventory_location logs installActionstimestamp log oraInventory_location logs oraiInstalltimestamp err oraInventory_location logs oraiInstalltimestamp out F 2 General Troubleshooting Tips If you encounter an error during installation Read the Oracle Application Server Release Notes for the latest updates The release notes are available with the platform specific documentation The most current version of the release notes is available on Oracle Technology Network http www oracle com technology documentation Verify that your computer meets the requirements specified in Chapter 2 Requirements If you entered incorrect information on one of the installation screens return to that screen by clicking Back until you see the screen If a configuration assistant failed check the log file for that configuration assistant Section E 2 Description of Oracle Application Server Configuration Assistants lists the configuration assistants and the location of their log files If you do not see log files from some configuration assistants in the ORACLE_HOME cfgtoollogs directory exit the installer This causes the installer to copy the log files to that directory If an error occurred while the installer is copying or linking files 1 Note the error and review the installation
265. n On Oracle Application Server Delegated Administration Services Oracle Application Server Certificate Authority OCA a Inthe Specify Port Configuration Options screen select Manual and enter the fullpath to the staticports ini file that you created in the previous step Step 4 Install Oracle Delegated Administration Services and OracleAS Single Sign On from Node 3 From node 3 install Oracle Delegated Administration Services and OracleAS Single Sign On on the shared disk by following the steps in Table 8 9 Key Points a When the installer prompts you for the Oracle home path enter a path on the shared disk Make sure that both nodes can access this path a Inthe Select High Availability or Replication Option screen select Virtual Host Inthe Specify Virtual Hostname screen enter the virtual hostname Table 8 9 Installing Oracle Delegated Administration Services and OracleAS Single Sign On Screen Action 1 Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Note In the Select Installation Type screen select Oracle Identity Management 2 Select Configuration Do not select Oracle Internet Directory Options Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Do not select Oracle Directory Integration Platform Do not select Oracle Application Server Ce
266. n Server Processes If you forgot to shut down Oracle Application Server processes before starting the installation you have to kill the processes because the files for these processes are deleted To check for processes that are still running run the ps command prompt gt ps ef To kill a process use the kill command prompt gt kill 9 process_id You can determine the process_id from the ps command If you need to shut down the dcmct1 shell process you can try exiting the shell by typing exit D 9 Reinstallation The installer does not allow reinstallation of an Oracle Application Server instance in a directory that already contains an Oracle Application Server instance To reinstall Oracle Application Server in the same directory you have to deinstall and then install it D 10 Troubleshooting See Section F 4 Deinstallation Problems and Solutions for help with common deinstallation problems D 8 Oracle Application Server Installation Guide E Configuration Assistants This appendix lists the configuration assistants and the location of their log files Section E 1 Troubleshooting Configuration Assistants Section E 2 Description of Oracle Application Server Configuration Assistants E 1 Troubleshooting Configuration Assistants Contents Section E 1 1 General Tips Section E 1 2 Configuration Assistant Result Codes E 1 1 General Tips If a configuration assistant fails try the follow
267. n addition to the password policy defined in Oracle Internet Directory the password for the ias_admin user has these restrictions a Passwords must be shorter than 30 characters a Passwords can contain only alphanumeric characters from your database character set the underscore _ the dollar sign and the number sign a Passwords must begin with an alphabetic character Passwords cannot begin with a number the underscore _ the dollar sign or the number sign a Passwords cannot be Oracle reserved words The Oracle Database SQL Reference lists the reserved words You can find this guide on Oracle Technology Network http www oracle com technology documentation Or you can just avoid using words that sound like they might be reserved words Note When entering your password check that the state of the Caps Lock key is what you want it to be Passwords are case sensitive You must remember the password because you need to enter it to perform the following tasks a When you log on to Application Server Control to manage Oracle Application Server you log on as the ias_admin user a For middle tier installations if you want to install a larger middle tier in an ORACLE_HOME that already contains a middle tier for example you want to install the Portal and Wireless type over an existing J2EE and Web Cache type you must enter the existing password during the installation If you forget the password
268. n and click Next 12 Review the details on the Patch Summary screen and click Next A 4 Oracle Application Server Installation Guide Silent and Non Interactive Installation This appendix describes how to install Oracle Application Server in silent mode This appendix contains the following topics a Section B 1 Silent Installation a Section B 2 Non Interactive Installation a Section B 3 Pre Installation a Section B 4 Notes for Silent and Non Interactive Installations a Section B 5 Create the Response File a Section B 6 Start the Installation a Section B 7 Post Installation Section B 8 Security Tips for Silent and Non Interactive Installations a Section B 9 Deinstallation B 1 Silent Installation Silent installation eliminates the need to monitor the Oracle Application Server installation because there is no graphical output and no input by the user Silent installation of Oracle Application Server is accomplished by supplying the Oracle Universal Installer with a response file and specifying the silent flag on the command line The response file is a text file containing variables and parameter values which provide answers to the installer prompts If this is a first time installation of Oracle Application Server you must create the oralnst loc file before starting File creation is described in Section B 3 Pre Installation Following installation of Oracle Application Server you n
269. n for all web applications The load on startup property will be automatically set to true for all web modules M Replicate session state Multicast Host IP Multicast Port l 6 Select the Replicate session state checkbox Optionally you can provide the multicast host IP address and port number If you do not provide the host and port for the multicast address it defaults to host IP address 230 230 0 1 and port number 9127 The host IP address must be between 224 0 0 2 through 239 255 255 255 Do not use the same multicast address for both HTTP and EJB multicast addresses 9 24 Oracle Application Server Installation Guide Post Installation Steps Note When choosing a multicast address ensure that the address does not collide with the addresses listed in http www iana org assignments multicast addresses Also if the low order 23 bits of an address is the same as the local network control block 224 0 0 0 224 0 0 255 then a collision may occur To avoid this problem provide an address that does not have the same bits in the lower 23 bits of the address as the addresses in this range 9 7 2 Changing the Ports for Oracle Internet Directory Although it is recommended that the ports for the LDAP virtual server and the Oracle Internet Directory are the same it is possible for the ports to be different See the section Changing Oracle Internet Directory Ports in the Oracle Application Server Administrator
270. n in cold failover cluster configuration 8 24 installing regular middle tiers 8 34 installing the OracleAS Metadata Repository 8 30 introduction 8 1 mapping virtual hostname 8 2 mapping virtual IP address 8 2 post installation steps 8 31 pre installation steps 8 2 setting up mountable file system 8 4 staticports ini file 8 32 URLs 8 7 8 15 8 19 virtual hostname 8 7 8 15 8 19 OracleAS Cold Failover Cluster Identity Management 8 14 installing 8 17 overview of installation steps 8 16 OracleAS Cold Failover Cluster Infrastructure 8 6 8 8 8 13 8 27 installing 8 8 overview of installation steps 8 8 OracleAS Disaster Recovery 10 1 data synchronization 10 2 installation steps 10 8 installing middle tiers 10 9 installing OracleAS Infrastructure 10 9 name resolution 10 4 Oracle Data Guard 10 6 setting up 10 3 setting up identical hostnames 10 4 staticports ini file 10 3 with OracleAS Cold Failover Cluster 10 8 OracleAS Forms Services groups required for installation 5 6 OracleAS Infrastructure 4 1 components 4 2 deinstalling D 5 Identity Management components 4 2 installation order 4 3 installation types 4 1 4 2 installing 4 12 installing against existing Internet Directory 4 14 installing Identity Management components 4 16 installing Identity Management components against existing Internet Directory 4 18 installing in OracleAS Cold Failover Cluster 8 8 8 1
271. n multiple lines the installer assigns the default port for the component The installer does not warn you if you have specified the same port on multiple lines a Ifyou have syntax errors in the staticports ini file for example if you omitted the character for a line the installer ignores the line For the components specified on such lines the installer assigns the default ports The installer does not display a warning for lines with syntax errors If you misspell a component name the installer assigns the default port for the component Names of components in the file are case sensitive The installer does not display a warning for lines with unrecognized names If you specify a non numeric value for the port number the installer ignores the line and assigns the default port number for the component It does this without displaying any warning a Ifyou specify a relative path to the staticports ini file for example staticports ini orjust staticports ini the installer will not find the file The installer continues without displaying a warning and it will assign default ports to all components You must specify a full path to the staticports ini file 2 5 3 3 Example This example configures Oracle HTTP Server to use ports 80 and 443 Create a staticports ini file that includes the following lines Oracle HTTP Server port 80 Oracle HTTP Server Listen port 80 Oracle HTTP Server SSL port 443 Oracle HTT
272. n on to the Single Sign On server using the hostname by itself without the domain name If you want to require a domain name when connecting to the Single Sign On server you can edit the hosts file to include the domain name If you do not want to edit the file you can use the OUI_HOSTNAME command line parameter to the installer to override the value in hosts For example prompt gt mount_point 1014disk1 runInstaller OUI_HOSTNAME myserver mydomain com Requirements 2 21 Network Topics 2 10 Network Topics Typically the computer on which you want to install Oracle Application Server is connected to the network has local storage to contain the Oracle Application Server installation has a display monitor and has a CD ROM or DVD ROM drive This section describes how to install Oracle Application Server on computers that do not meet the typical scenario It covers the following cases a Section 2 10 1 Installing on Multihomed Multi IP Computers a Section 2 10 2 Copying CD ROMs or DVD ROM to Hard Drive and Installing from the Hard Drive a Section 2 10 3 Installing from a Remote CD ROM or DVD ROM Drive a Section 2 10 4 Installing on Remote Computers a Section 2 10 5 Installing on NFS Mounted Storage m Section 2 10 6 Running Multiple Instances from One Installation a Section 2 10 7 Support for NIS and NIS 2 10 1 Installing on Multihomed Multi IP Computers You can install Oracle Database on
273. n will not succeed 6 10 Oracle Application Server Installation Guide Installing in High Availability Environments Overview This chapter provides an overview of the high availability configurations supported by Oracle Application Server Subsequent chapters provide the details This chapter also lists the common requirements Contents of this chapter a Section 7 1 Overview of High Availability Configurations a Section 7 2 Installation Order for High Availability Configurations m Section 7 3 Requirements for High Availability Configurations 7 1 Overview of High Availability Configurations This chapter provides only a brief overview of the high availability configurations in Oracle Application Server For a complete description of the configurations see the Oracle Application Server High Availability Guide Oracle Application Server supports the following types of high availability configurations at installation time Note that there are multiple variants of each type a Section 7 1 1 OracleAS Cold Failover Cluster a Section 7 1 2 OracleAS Clusters a Section 7 1 3 OracleAS Disaster Recovery Section 7 1 4 Summary of Differences For a quick summary of the high availability configurations see Section 7 1 4 Summary of Differences 7 1 1 OracleAS Cold Failover Cluster Oracle Application Server provides an active passive model for its components using OracleAS Cold Failover Clusters In an OracleAS
274. nager 10g Application Server Control Oracle Delegated Administration Services requires OracleAS Single Sign On and mod_osso mod_osso is an Oracle HTTP Server module that communicates with the Single Sign On server If mod_osso is not configured you have to configure it before you can configure Oracle Delegated Administration Services Here are the steps 1 Ensure that OracleAS Single Sign On is configured against Oracle Internet Directory This is done for you if you have installed and configured these two components from the installer 2 Check if mod_osso is configured in the ORACLE_HOME where you want to configure Oracle Delegated Administration Services Examine the following line in the ORACLE_ HOME Apache Apache conf httpd conf file ORACLE_HOME refers to the directory where you want to configure Oracle Delegated Administration Services include ORACLE_HOME Apache Apache conf mod_osso conf If the line starts with then it is commented out and mod_osso is not configured in this installation Perform step 3 to configure mod_osso If the line is not commented out mod_osso is already configured You can go ahead and configure Oracle Delegated Administration Services using Application Server Control Go to step 5 3 To configure mod_osso manually perform these steps a Set the ORACLE_HOME environment variable to the full path of the directory where you want to configure Oracle Delegated Administration Services b Set t
275. nager 10g components These components are always installed and configured regardless of which installation type you selected See the next section Section 4 2 Why Would I Select the Different Infrastructure Installation Types 4 2 Why Would Select the Different Infrastructure Installation Types By separating the infrastructure into Oracle Identity Management components and OracleAS Metadata Repository the installer enables you to install the OracleAS Infrastructure components over multiple computers For example you can install the OracleAS Metadata Repository on one computer and the Oracle Identity Management components on another computer Within the Oracle Identity Management option you can install Oracle Identity Management components over multiple computers as well These options also enable you to create a new database or use an existing database for the OracleAS Metadata Repository Selecting either the OracleAS Metadata Repository or the OracleAS Metadata Repository and Oracle Identity Management option causes the installer to create a new database and populate it with the OracleAS Metadata Repository To use an existing database see Section 4 8 Can I Use an Existing Database for the OracleAS Metadata Repository 4 2 Oracle Application Server Installation Guide Order of Installation for the Infrastructure 4 3 Order of Installation for the Infrastructure If you plan to install both OracleAS Metadata Reposit
276. nce that is running Oracle Delegated Administration Services and OracleAS Single Sign On make sure the user has privileges to configure these components For a list of components and groups that grant the privileges see Section 5 3 Groups Required to Configure or Deinstall Components If you want to run the tool as the Oracle Internet Directory superuser be sure to use cn orcladmin and not just orcladmin These are two different users If you want more details about these users see Section 5 1 Default Users in Oracle Internet Directory w password Specify the password for the Oracle Internet Directory user r realm Specify the realm in which to authenticate the user This value is required only if your Oracle Internet Directory has more than one realm dbp sys_db_password Specify the password for the SYS user in the database This is the OracleAS Metadata Repository database used by Oracle Internet Directory This value is required only if you are deinstalling an Oracle Identity Management only instance that has Oracle Internet Directory configured If you specify this parameter and it is not needed the password value is simply not used help or h You can also run the Deconfig tool with the h or help parameter to display help prompt gt ORACLE_HOME perl bin perl deconfig pl h sor prompt gt ORACLE_HOME perl bin perl deconfig pl help D 2 Oracle Application Server Installation Guide Deinstallation Proced
277. ndix D Deinstallation and Reinstallation b Correct the cause of the fatal error c Reinstall Oracle Application Server d If the fatal error reoccurs then you must remove all Oracle installations from your computer E 1 2 Configuration Assistant Result Codes If a configuration assistant fails the bottom half of the installation screen displays the error message and the configuration assistant writes its result code Table E 1 to the following log file oraInventory logs installActionstimestamp log Table E 1 Result Codes for Configuration Assistants Result Code Description 0 Configuration assistant succeeded 1 Configuration assistant failed 1 Configuration assistant cancelled E 2 Description of Oracle Application Server Configuration Assistants Table E 2 lists the Oracle Application Server configuration assistants in alphabetical order Different installations use different configuration assistants depending on installation type and configuration options you selected Note that the paths below use as the directory delimiter You might need to change it for your system For example use if you are on a Windows system E 2 Oracle Application Server Installation Guide Description of Oracle Application Server Configuration Assistants Table E 2 Oracle Application Server Configuration Assistants Configuration Assistant Description Log File Location Application Starts the O
278. nect information select No Click Next 4 Specify Oracle Internet This screen appears only if you selected Yes in the previous screen Directory Login ae f Username Enter the username for logging into Oracle Internet Directory The user must belong to the iAS Admins group in Oracle Internet Directory Password Enter the password Realm This field appears only if your Oracle Internet Directory contains multiple realms Enter the name of the realm against which to authenticate the user Click Next 5 Oracle Database screens Enter information for the OracleAS Metadata Repository database See Section 4 29 Install Fragment Database Screens 6 Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 7 Unlock the dcm schema and set its password This step is required only if you want to use the metadata repository for database clustering of middle tier instances 1 Set the ORACLE_HOME environment variable to point to the full path of the directory where you installed the OracleAS Metadata Repository 2 Set the ORACLE _SID environment variable to the SID of the OracleAS Metadata Repository 3 Unlock the dcm schema and set its password using SQL Plus The following alter user command sets the password to welcome1 but you can set it to any value prompt gt ORACLE_HOME bin sqlplus sys password as sysdba SQL gt alter user dcm identified by welcomel a
279. ners Mid Tiers Members Repository Owners Mid tier Admins IAS Instances en orcladmin Members cn orcladmin 5 10 On the Specify Login for Oracle Internet Directory Screen What Username and Realm Do Enter The installer displays the Specify Login for Oracle Internet Directory screen a when you are installing OracleAS Infrastructure and you are using an existing Oracle Internet Directory a when you are installing a middle tier that requires an infrastructure 5 16 Oracle Application Server Installation Guide On the Specify Login for Oracle Internet Directory Screen What Username and Realm Do Enter This screen prompts you to enter a username and password to log in to Oracle Internet Directory Username In the Username field enter either the simple username or the user s DN Simple username example j doe DN example cn orcladmin The user must belong to specific groups for installing and configuring certain components See Table 5 4 for details If you want to specify the superuser enter cn orcladmin not just orcladmin Realm The Realm field appears only if your Oracle Internet Directory contains more than one realm The username that you enter is authenticated against the specified realm If you are unsure what the realm name is contact your Oracle Internet Directory administrator Example 1 in a hosted deployment the realm name could be similar to the name of the hosted company XYZCorp
280. ners group for the metadata repository Component Owners group for the OracleAS Wireless component Note This group is applicable only when you are installing additional OracleAS Wireless instances It does not apply for the first OracleAS Wireless installation For subsequent OracleAS Wireless installations you can perform the installation as the same Oracle Internet Directory user who performed the first installation If you want to allow a different Oracle Internet Directory user to install OracleAS Wireless you have to add this user to the Component Owners group for the Wireless application entity a n addition the user must be one of the owners of the OracleAS Wireless application entity To determine the name of the OracleAS Wireless application entity run the following command from the first OracleAS Wireless installation prompt gt ORACLE_HOME wireless bin getAppEntityName sh Then add the user as a component owner for this application entity You can do this using the Deployment Delegation Console or the Oracle Directory Manager OracleAS Reports Services iAS Admins OracleAS Forms Services a Mid Tier Admins or Repository Owners group for the metadata repository OracleAS Personalization OracleBI Discoverer 5 6 To Determine the Metadata Repository Used by OracleAS Single Sign On 1 Run the following command all on one line prompt gt ldapsearch h oidhostname p oidport D cn orcladmin w password
281. ng the infrastructure installation do not select Oracle Internet Directory in the Select Configuration Options screen You need to provide the connect information hostname port username password for the existing Oracle Internet Directory The Oracle Internet Directory must be version 9 0 4 or later Note that Oracle Internet Directory version 9 2 x is not supported To determine the Oracle Internet Directory version make sure that Oracle Internet Directory is up and running Then run the following command prompt gt oidldapd version The oidldapd command can be found in the ORACLE_HOME bin directory where ORACLE HOME is the root directory where you installed Oracle Internet Directory 4 10 Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password Randomization The OracleAS Metadata Repository and the Oracle Internet Directory work closely together Before you can use an OracleAS Metadata Repository in most cases ensure that it is registered with an Oracle Internet Directory An exception to this rule is when you want to use a J2EE and Web Cache middle tier with the Database Based Farm feature but without the Oracle Identity Management Access feature In this case you need an OracleAS Metadata Repository but it need not be registered with an Oracle Internet Directory Table 4 4 shows the scenarios where the installer automatically registers the OracleAS Metadata Repository with an Oracle
282. ngle Sign On and the Repository API are configured Configuration Assistants E 5 Description of Oracle Application Server Configuration Assistants Table E 2 Cont Oracle Application Server Configuration Assistants Configuration Assistant Description Log File Location OracleAS Instance Configuration Assistant Adds an entry for the instance to the ORACLE_HOME config target2add xml file ORACLE_HOME cfgtoollogs configtoolstimestamp log OracleAS Randomize Password Configuration Assistant Changes the default password of all schemas None Oracle Identity Management oneoff Patch Configuration Assistant Automatically applies the OC4J and database patches using the OPatch tool ORACLE_HOME cfgtoollogs imoneoffpatchcatimestamp log Oracle mod_osso Configuration Assistant Registers mod_osso during installation plugs mod_osso into Oracle HTTP Server and provides integration with OracleAS Single Sign On to authenticate users The registration enables Oracle HTTP Server installed with the Oracle Application Server middle tier to act as a partner application to OracleAS Single Sign On Applications running under Oracle HTTP Server can register and protect their URL with mod_osso When the URL is requested mod_osso authenticates the user with OracleAS Single Sign On to allow access to the URL ORACLE_HOME config j2ee_mod_osso log ORACLE_HOME cfgtoollogs j2
283. not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Do not select Oracle Directory Integration Platform Select Oracle Application Server Certificate Authority OCA if you want to configure your own certificate authority which can issue certificates for users and servers Do not select High Availability and Replication Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file Click Next Hostname Enter the name of the computer where Oracle Internet Directory is running SSL Port Enter the SSL port at which Oracle Internet Directory is listening See Section 4 17 How to Determine Port Numbers Used by Components if you do not know the port number Click Next 4 14 Oracle Application Server Installation Guide Installing OracleAS Metadata Repository in a New Database Table 4 6 Cont Steps for Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory Screen Action 5 Specify Oracle Internet Directory Login 6 OCA screens 7 Oracle Database screens 8 Specify Instance Name and ias_admin Password Username Enter the username to log in to Oracle Internet Directory You must log in as a user who belongs to the necessary groups in
284. ns the processes and handles all requests To access the active node in an OracleAS Cold Failover Cluster clients including middle tier components and applications use the virtual hostname associated with the OracleAS Cold Failover Cluster The virtual hostname is associated with the active node node 1 during normal operation node 2 if node 1 goes down Clients do not need to know which node primary or secondary is servicing requests You also use the virtual hostname in URLs that access the infrastructure For example if vhost mydomain com is the name of the virtual host the URLs for the Oracle HTTP Server and the Application Server Control would look like the following URL for Example URL Oracle HTTP Server Welcome page http vhost mydomain com 7777 Oracle HTTP Server secure mode https vhost mydomain com 4443 Application Server Control http vhost mydomain com 1156 Installing in High Availability Environments OracleAS Cold Failover Cluster 8 15 Installing an OracleAS Cold Failover Cluster Identity Management Configuration Figure 8 3 OracleAS Cold Failover Cluster Identity Management Configuration OracleAS Cold Failover Cluster Identity Management Configuration Virtual Hostname vhost mydomain com Identity Management includes Virtual IP 123 45 67 11 Oracle Internet Directory OracleAS Single Sign On 4 Daden angis Sa Metadata Repository f Li Oracle Delegated Adm
285. nspecified gt OUI_HOSTNAME fed_host mycompany com PreReqConfigSelections n_ValidationPreReqConfigSelections 0 TOPLEVEL_COMPONENT oracle iappserver security fed 10 1 4 0 1 DEINSTALL_LIST oracle iappserver security fed 10 1 4 0 1 SELECTED_LANGUAGES en INSTALL_TYPE Basic n_DefAdvTypeInstal1 0 nValidationConfigSelection 0 startupProcesses Federation Record Store in LDAP Server iASinstanceName fed s_OSFSserverID fed fed_host mycompany com iASinstancePW instancepassword iASinstancePWConfirm instancepassword B 6 Start the Installation To make the installer use the response file specify the location of the response file that you want to use as a parameter when starting the installer To perform a non interactive installation prompt gt setenv DISPLAY hostname 0 0 B 10 Oracle Application Server Installation Guide Security Tips for Silent and Non Interactive Installations prompt gt runInstaller responseFile absolute_path_and_filename To perform a silent installation use the silent parameter prompt gt runInstaller silent responseFile absolute_path_and_filename B 7 Post Installation The success or failure of the non interactive and silent installations is logged in the installActions lt time_stamp gt 1log file Additionally the silent installation creates the silentInstall lt time_stamp gt 1log file The log files are created in the
286. nstalling middle tiers the installer determines the hostname automatically by calling the gethostname function You want to be sure that for each middle tier node on the production site the corresponding node on the standby site returns the same hostname To do this set up a local or internal hostname which could be different from the public or external hostname You can change the names of the nodes on the standby site to match the names of the corresponding nodes on the production site or you can change the names of the nodes on both production and standby sites to be the same This depends on other applications that you might be running on the nodes and whether changing the node name will affect those applications 1 On the nodes whose local names you want to change reconfigure the node so that the hostname command returns the new local hostname Note The procedure to change the hostname of a system differs between different operating systems Contact the system administrator of your system to perform this step Note also that changing the hostname of a system will affect installed software that has a dependency on the previous hostname Consider the impact of this before changing the hostname 2 Enable the other nodes in the OracleAS Disaster Recovery environment to be able to resolve the node using the new local hostname You can do this in one of two ways Method 1 Set up separate internal DNS servers for the p
287. nstance for State Replication First Oracle Delegated Administration Services node only a Section 9 7 2 Changing the Ports for Oracle Internet Directory Section 9 7 3 Update targets xml Case 2 only 9 7 1 Cluster the OC4J_Security Instance for State Replication First Oracle Delegated Administration Services node only To ensure that Oracle Application Server maintains the state of stateful Web applications across DCM Managed OracleAS Cluster you need to configure state replication for the Web applications Configure state replication only on the first node where Oracle Delegated Administration Services is installed To configure state replication for the OC4J_Security instance do the following 1 Using the Application Server Control Console navigate to the Application Server Home page for the instance that contains Oracle Delegated Administration Services Select the OC4J_SECURITY link on the Application Server Home page Select the Administration link on the OC4J Home Page Select the Replication Properties link in the Instance Properties area ame o Scroll down to the Web Applications section Figure 9 3 shows this section Figure 9 3 Web State Replication Configuration Replication Properties Page Refreshed May 19 2006 7 04 06 PME TIP Changes here affect all OC4J instances in cluster SSODAScluster Web Applications TIP Setting session state replication here will enable session state replicatio
288. nstances and Instance Names for instance name details Example id_mgmt ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 9 5 4 Installing OracleAS Cluster Identity Management on Subsequent Nodes You run the installer on each node where you want to install Oracle Identity Management components Use this procedure to install Oracle Identity Management components on nodes other than the first For the first node see Section 9 5 3 Installing OracleAS Cluster Identity Management on the First Node 9 12 Oracle Application Server Installation Guide Installing an OracleAS Cluster Identity Management Configuration Key Points for Installing on Subsequent Nodes a Use the same staticports ini file that you used for installing on the first node to ensure that the same component on all nodes uses the same port number Note that the Oracle Internet Directory ports specified in staticports ini will not be used by the installer The installer queries the first Oracle Identity Management installation for the Oracle Internet Directory ports a Inthe Specify HTTP Load Balancer Host and Ports screen e
289. nt products and services from third parties Oracle is not responsible for the availability of or any content provided on third party Web sites You bear all risks associated with the use of such content If you choose to purchase any products or services from a third party the relationship is directly between you and the third party Oracle is not responsible for a the quality of third party products or services or b fulfilling any of the terms of the agreement with the third party including delivery of products or services and warranty obligations related to purchased products or services Oracle is not responsible for any loss or damage of any sort that you may incur from dealing with any third party Contents BAG xchat sae sh abt cen A EEE ealt Soe yah onde ibaa Gati cha A Seth Gah E xiii Intended Audience sin 0820 Moca e n A eve ovo Ble ie OE a Oo eb leh eS be deiin xiii Documentation Accessibility senep E a E E a cane sates peevutensesectcesseresevess xiii Related DO GUmen S T a ews al esl Boe has ecw itn os eee ete xiv Ea Eai aT EA A AEN E PA TEE EA A EA IE E EE N A E E A xiv 1 Product and Installation Overview 1 1 Product OVERVIEW uenn a shown e apa ea bi eee iann iie 1 1 1 2 Where Do I Find Installation Instructions for My Product s sssssesssssesississessressesisseeseess 1 2 1 3 Recommended Topologies scccscciisiesicssieccesscussele suscavebs cevdesboscoveannseslevcadetevecseendisleeddesenses 1 3 1 3 1 Insta
290. nt Service After stopping the Management Service wait at least four minutes before installing the Oracle Identity Management Grid Control Plug in so that the Management Service can completely shut down Perform the following steps to install Oracle Identity Management Grid Control Plug in Table A 1 Steps for Installing Oracle Identity Management Grid Control Plug in Screen Action 1 Start the installer See Section A 2 Starting the Grid Control Plug in Installer for details 2 Welcome Click Next 3 Specify Home Details Path Select the full path of the directory that contains Oracle Enterprise Manager 10g Release 2 Grid Control 10 2 0 1 0 or later from the drop down box Note that when you select the path the Name field will be automatically updated with the correct name for the Oracle Home Click Next A 2 Oracle Application Server Installation Guide Installing Oracle Identity Management Grid Control Plug in Agent Table A 1 Cont Steps for Installing Oracle Identity Management Grid Control Plug in Screen Action 4 Repository Database Password Enter the password for the SYS user Administrator Password Click Next 5 Summary Verify your selections and click Install 6 Install Progress This screen shows the progress of the installation 7 Configuration Assistants This screen shows the progress of the configuration assistants Configuration assistants configure componen
291. nter the name of the HTTP virtual server of the load balancer and the associated port You also enter the port number for Oracle HTTP Server on this screen Follow the steps in Table 9 5 Table 9 5 Steps for Installing OracleAS Cluster Identity Management on Subsequent Nodes Screen Action 1 Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes In the Select Installation Type screen select Oracle Identity Management 2 Select Configuration Select Oracle Internet Directory Options Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Do not select Oracle Application Server Certificate Authority OCA Select High Availability and Replication Click Next 3 Specify Port Select Manual and enter the fullpath to your staticports ini file in the provided Configuration Options field You need to use staticports ini file for OracleAS Cluster Identity Management configurations See Section 9 5 3 1 Create staticports ini File Click Next 4 Specify Repository Specify the OracleAS Metadata Repository that is registered with the Oracle Internet Directory on the first node Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Passwor
292. ntinue to evolve over time and Oracle is actively engaged with other market leading technology vendors to address technical obstacles so that our documentation can be accessible to all of our customers For more information visit the Oracle Accessibility Program Web site at http www oracle com accessibility Accessibility of Code Examples in Documentation Screen readers may not always correctly read the code examples in this document The conventions for writing code require that closing braces should appear on an otherwise empty line however some screen readers may not always read a line of text that consists solely of a bracket or brace Accessibility of Links to External Web Sites in Documentation This documentation may contain links to Web sites of other companies or organizations that Oracle does not own or control Oracle neither evaluates nor makes any representations regarding the accessibility of these Web sites xiii TTY Access to Oracle Support Services Oracle provides dedicated Text Telephone TTY access to Oracle Support Services within the United States of America 24 hours a day seven days a week For TTY support call 800 446 2398 Related Documents For additional information see the following manuals a Oracle Application Server Administrator s Guide a Oracle Application Server Concepts a Oracle Application Server High Availability Guide Conventions xiv The following text conventions are used in t
293. nvironment a Section 10 4 Installing the OracleAS 10g 10 1 2 0 2 Standalone Install of OracleAS Guard into Oracle Homes a Section 10 5 Patching OracleAS Guard Release 10 1 2 0 0 with Release 10 1 2 0 2 a Section 10 6 What to Read Next 10 1 OracleAS Disaster Recovery Introduction Use the OracleAS Disaster Recovery environment when you want to have two physically separate sites in your environment One site is the production site and the other site is the standby site The production site is active while the standby site is passive the standby site becomes active when the production site goes down OracleAS Disaster Recovery supports a number of basic topologies for the configuration of the Infrastructure and middle tier on production and standby sites OracleAS Disaster Recovery supports these basic topologies Symmetrical topologies strict mirror of the production site with collocated Oracle Identity Management and OracleAS Metadata Repository Infrastructure Asymmetrical topologies simple asymmetric standby topology with collocated Oracle Identity Management and OracleAS Metadata Repository Infrastructure Separate OracleAS Metadata Repository for OracleAS Portal with collocated Oracle Identity Management and OracleAS Metadata Repository Infrastructure the Departmental Topology Distributed Application OracleAS metadata Repositories with Non collocated Oracle Identity Management and OracleAS Metadata Reposit
294. o Install Additional Metadata Repositories Figure 5 1 Contents of Oracle Internet Directory with One Infrastructure and One Middle Tier Oracle Context Wireless Application Entity Component Associated Owners Mid Tiers Infrastructure DB orcl oracle com T Members l Repository Mid tier IAS orcladmin I Owners Admins Instances userA l i Members Members Members l orcladmin orcladmin Portal and Wireless 1 l userA l l l l Cae eae oe ea E Trusted Application IAS amp User Mgmt IAS Admins Adme Application Admins Members Members Members orcladmin orcladmin orcladmin userA userA userA 5 5 Groups Required to Install Additional Metadata Repositories To install additional metadata repositories a user must be a member of the IAS Admins group After installation the user then becomes a member of the Repository Owners group for that metadata repository 5 6 Example of Installation with Different Users Figure 5 2 shows an Oracle Internet Directory with two metadata repositories and two middle tiers installed by different users 5 8 Oracle Application Server Installation Guide Example of Installation with Different Users Figure 5 2 Oracle Internet Directory with Two Metadata Repositories and Two Middle Tiers Oracle Context IAS Instances Members IAS IAS Admins orcladmin userA userB Infrastructure DB orcl1 oracle
295. of install that you want Choose Typical for most installations Choose Custom or Reinstall for upgrading from an older release of OracleAS Guard to the current release Enter the ias_admin account password to continue the installation 10 5 Patching OracleAS Guard Release 10 1 2 0 0 with Release 10 1 2 0 2 If you already have an OracleAS Disaster Recovery environment set up using OracleAS Guard Release 10 1 2 0 0 you can patch OracleAS Guard in your environment to take advantage of new features and support for the topologies described in Section 10 1 OracleAS Disaster Recovery Introduction To patch your OracleAS Disaster Recovery environment follow these basic steps 1 Stop the OracleAS Guard server in all OracleAS 10 1 2 0 0 Oracle homes on both production and standby sites using the following opmnctl command On UNIX systems lt ORACLE_HOME gt opmn bin opmnctl stopall 2 Install the OracleAS 10g 10 1 2 0 2 standalone install of OracleAS Guard into each Oracle home on the production and standby sites If multiple Oracle homes exist on the same system ensure that different ports are configured for each of the OracleAS Guard servers in this configuration file Because this is an upgrade installation of OracleAS Guard make a copy of your dsa conf configuration file to save your current settings for your OracleAS Guard environment After running the OracleAS 10g 10 1 2 0 2 standalone install kit of OracleAS Guard you can rest
296. ole adding users to groups 5 14 directories integration with third party 4 11 disk space requirements 2 4 DISPLAY environment variable 2 19 distributed OracleAS Cluster Identity Management 9 15 deconfig failed F 13 installing Oracle Internet Directory on first node 9 17 installing Oracle Internet Directory on subsequent nodes 9 19 installing OracleAS Single Sign On and Oracle Delegated Administration Services 9 21 distributed OracleAS Cold Failover Cluster Identity Management 8 19 installing 8 22 overview of installation steps 8 21 distributed OracleAS Cold Failover Cluster Infrastructure 8 11 installing 8 13 overview of installation steps 8 13 distributing components 4 4 DNS server for name resolution OracleAS Disaster Recovery 10 4 DVD copying to hard drive 2 22 format of 3 8 mount point 3 8 E environment variables 2 18 _CLUSTER_NETWORK_NAME_ 10 5 CLASSPATH 2 19 DISPLAY 2 19 LD_LIBRARY_PATH 2 19 NLS_LANG 11 2 ORACLE HOME 2 19 ORACLE_SID 2 19 PATH 2 19 set in profile file 2 19 sucommand and 2 19 TNS_ADMIN 2 20 error codes from configuration assistants E 2 etc group file 7 5 etc hosts file 2 21 etc resolve conf file 10 5 etc services file blocking ports 389 and 636 2 10 EXTPROC key 2 13 F failover OracleAS Cold Failover Cluster 8 4 fatal errors E 2 first time installation of any Oracle product 3 2 font problems F 5 Index 2 G grid cont
297. ome where you installed the OracleAS Metadata Repository and Oracle Internet Directory 1 Stop the Application Server Control prompt gt ORACLE_HOME bin emctl stop iasconsole 8 28 Oracle Application Server Installation Guide Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster 2 Stop the components prompt gt ORACLE_HOME opmn bin opmnctl stopall 3 Stop the OracleAS Metadata Repository a Set the ORACLE HOME environment variable to the OracleAS Infrastructure home b Set the ORACLE_SID environment variable to the SID of the OracleAS Metadata Repository for example orc1 c Stop the OracleAS Metadata Repository instance prompt gt ORACLE_HOME bin sqlplus nolog SQL gt connect SYS as SYSDBA SQL gt shutdown SQL gt quit d Stop the listener prompt gt ORACLE_HOME bin 1snrctl stop e Stop the Oracle Enterprise Manager 10g 10g Database Control prompt gt ORACLE_HOME bin emctl stop dbconsole Step 6 Stop the OracleAS Infrastructure Processes on Node 3 Stop the processes that are running in the Oracle home where you installed Oracle Delegated Administration Services and OracleAS Single Sign On 1 Stop the Application Server Control prompt gt ORACLE_HOME bin emctl stop iasconsole 2 Stop the components prompt gt ORACLE_HOME opmn bin opmnctl stopall Step 7 Perform Post Installation Steps The following step is required only if you
298. omputer A they should not run OracleAS components from that installation For a computer to run OracleAS components it must have its own OracleAS installation Requirements 2 25 Prerequisite Checks Performed by the Installer 2 10 7 Support for NIS and NIS You can install and run Oracle Application Server in NIS and NIS environments 2 11 Prerequisite Checks Performed by the Installer Table 2 9 lists the checks performed by the installer Table 2 9 Prerequisite Checks Performed by the Installer Item Description Operating system version See Table 2 3 for supported versions Operating system patches See Section 2 3 Software Requirements for a list of required patches Operating system kernel See Section 2 4 Kernel Parameters for a list of required kernel parameters parameters Memory See Table 2 2 for recommended values Swap space See Table 2 2 for recommended values TMP space See Table 2 2 for recommended values Instance name The installer checks that the computer on which you are installing Oracle Application Server does not already have an instance of the same name Oracle home directory name The installer checks that the Oracle home directory name does not contain any spaces Path to Oracle home directory The installer checks that the path to the Oracle home directory is not longer than 127 characters Oracle home directory The installer checks that the Oracle home directory doe
299. on because this option is for installing a replica Oracle Internet Directory not a master Oracle Internet Directory You can use any of the procedures in Chapter 4 Installing OracleAS Infrastructure to install a master Oracle Internet Directory Examples a To install a master Oracle Internet Directory with a new database follow the procedure in Section 4 20 Installing OracleAS Infrastructure a To install a master Oracle Internet Directory with an existing database follow the procedure in Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory or Section 4 25 Installing Oracle Internet Directory Only You can also install a master Oracle Internet Directory in high availability environments See Chapter 8 Installing in High Availability Environments OracleAS Cold Failover Cluster and Chapter 9 Installing in High Availability Environments OracleAS Cluster Identity Management for details 6 4 Oracle Application Server Installation Guide Installing an Oracle Internet Directory Replica 6 5 Installing an Oracle Internet Directory Replica You can install an Oracle Internet Directory replica against an existing database or you can install it with a new database Contents of this section Section 6 5 1 Overview of Installing a Replica Section 6 5 2 Installing an Oracle Internet Directory Replica with a New Database Section 6 5 3 Installing an Oracle
300. on except that the update_mode parameter is set to DELETE Make sure your LD_LIBRARY_PATH environment variable contains ORACLE_ HOME 1ib32 and that your LD_LIBRARY_PATH_64 environment variable contains SORACLE_HOME 1ib Then run the command all on one line prompt gt ORACLE_HOME jdk bin java jar SORACLE_HOME sso 1lib ossoreg jar oracle_home_path SORACLE_HOME site_name hostname domain config_mod_osso TRUE mod_osso_url http hostname domain port u userid update_mode DELETE Troubleshooting F 11 Deinstallation Problems and Solutions For site_name hostname domain specify the computer where the middle tier is installed Include also the domain name For mod_osso_url http hostname domain port specify the computer where the middle tier is installed and the port number on which Oracle HTTP Server is listening For u userid specify the operating system user who can start up the middle tier processes For a detailed explanation of the parameters see chapter 4 of the Oracle Application Server Single Sign On Administrator s Guide F 4 2 Unable to Reuse Instance Name of a Deleted Instance Problem You get an error when you try to name a new Oracle Application Server instance using the name of an instance that you deleted Solution The name of the deleted instance must be removed from Oracle Internet Directory before you can reuse it To remove entries for a deleted instance from Oracle Internet D
301. on Server Installation Guide Deinstalling OracleAS Infrastructure D 5 Deinstalling OracleAS Cluster Identity Management To deinstall an OracleAS Cluster Identity Management perform the following steps 1 Deinstall all instances that contain OracleAS Single Sign On except for the last instance installed Use the steps in Section D 4 Deinstalling OracleAS Single Sign On Instances in OracleAS Cluster Identity Management to perform the deinstallation 2 Deinstall the last OracleAS Single Sign On instance using the steps in Section D 6 Deinstalling OracleAS Infrastructure 3 If you are using a Distributed OracleAS Cluster Identity Management deinstall the Oracle Internet Directory instances using the steps in Section D 6 Deinstalling OracleAS Infrastructure 4 After deinstalling all instances remove the OracleAS Cluster Identity Management from its farm by running the dcmct1 removecluster command prompt gt ORACLE_HOME dcm bin dcmctl removecluster cl cluster_name D 6 Deinstalling OracleAS Infrastructure This section describes how to deinstall OracleAS Infrastructure instances It includes the following topics a Section D 6 1 Deinstallation Order a Section D 6 2 Deinstallation Steps D 6 1 Deinstallation Order The OracleAS Infrastructure instance could contain all the OracleAS Infrastructure components or it could contain only a subset of the components because you have a distributed OracleAS Inf
302. on Tasks a Section 11 9 What to Do Next 11 1 State of Oracle Application Server Instances After Installation After installation the components that you have configured are started up unless you have configured them to use ports lower than 1024 in which case you have to start them up manually You can view the Welcome page and the Application Server Control page in a browser The URLs for these pages are shown in the last screen of the installer You can view the contents of the last screen in the file ORACLE_HOME install setupinfo txt You can use scripts or you can use the Oracle Enterprise Manager 10g Application Server Control to start and stop Oracle Application Server instances See the Oracle Application Server Administrator s Guide for details 11 2 Passwords for Oracle Application Server Components By default all passwords for Oracle Application Server components with the exception of the OracleAS Metadata Repository schema passwords are set to be the same as the Oracle Application Server instance password For security reasons you should change the passwords of the various components to have different values See the Oracle Application Server Administrator s Guide and the component guides in the Oracle Application Server Documentation Library for details on how to alter the passwords for the components you have installed Post Installation Tasks 11 1 NFS Installations 11 3 NFS Installations I
303. only iAS Admins Oracle Identity Management Access and Farm Repository Database Based or File Based iAS Admins Mid Tier Admins or Repository Owners group for the metadata repository Portal and Wireless and Business Intelligence and Forms Middle tier Components OracleAS Portal Trusted Application Admins IAS amp User Management Application Admins iAS Admins Mid Tier Admins or Repository Owners group for the metadata repository Component Owners group for the OracleAS Portal component Note This group is applicable only when you are installing additional OracleAS Portal instances It does not apply for the first OracleAS Portal installation For subsequent OracleAS Portal installations you can perform the installation as the same Oracle Internet Directory user who performed the first installation If you want to allow a different Oracle Internet Directory user to install OracleAS Portal you have to add this user to the Component Owners group for the Portal application entity Configuring Oracle Internet Directory for Oracle Application Server Installation Privileges 5 5 Groups Required to Configure or Deinstall Components Table 5 4 Cont Oracle Internet Directory Groups Required to Configure Components To Configure This Component User Must Be a Member of ALL Listed Groups OracleAS Wireless IAS amp User Management Application Admins a iAS Admins a Mid Tier Admins or Repository Ow
304. ons and click Install 2 Install Progress This screen shows the progress of the installation 3 Runroot sh Note Do not run the root sh script until this dialog appears 1 When you see this dialog run the root sh script in a different shell as the root user The script is located in this instance s Oracle home directory 2 Click OK 4 Configuration Assistants This screen shows the progress of the configuration assistants Configuration assistants configure components 5 End of Installation Click Exit to quit the installer Installing OracleAS Infrastructure 4 25 Install Fragment Database Screens 4 29 Install Fragment Database Screens If you are installing a new database for the OracleAS Metadata Repository the installer displays the following screens Table 4 14 Database Screens Screen Action 1 Specify Database Global Database Name Enter a name for the OracleAS Metadata Repository Configuration Options database Append a domain name to the database name This domain name for the global database name can be different from your network domain name The domain name portion of the global database name has the following naming restrictions Can contain only alphanumeric underscore _ minus and pound characters Must not be longer than 128 characters The database name portion of the global database name has the following naming restrictions Can contain only alphanumeric underscore
305. or information about obtaining and installing XVFB or other virtual frame buffer solutions Search OTN for frame buffer Requirements 2 19 Environment Variables 2 8 5 TMP and TMPDIR The installer uses a temporary directory for swap space The installer checks for the TMP and TMPDIR environment variables to locate the temporary directory If this environment variable does not exist the installer uses the tmp directory If you want the installer to use a temporary directory other than tmp set the TMP and TMPDIR environment variables to the full path of an alternate directory The oracle user must have right permission for this directory and the directory must meet the requirements listed in Table 2 2 Example C shell setenv TMP tmp2 setenv TMPDIR tmp2 Example Bourne or Korn shell TMP tmp2 export TMP TMPDIR tmp2 export TMPDIR If you do not set this environment variable and the default directory does not have enough space then the installer displays an error message that says the environment variable is not set You can either set the environment variable to point to a different directory or free up enough space in the default directory In either case you have to restart the installation 2 8 6 TNS ADMIN This section describes two requirements a The TNS_ADMIN environment variable must not be set If set it can cause errors during installation Section F 3 14 Database Configuration Assistant
306. ord for all the schemas See Section 4 14 Restrictions on the Passwords for the SYS SYSTEM SYSMAN and DBSNMP Users for rules on setting passwords for these accounts Click Next 8 10 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cold Failover Cluster Infrastructure Configuration Table 8 2 Cont Installing OracleAS Infrastructure in an OracleAS Cold Failover Cluster Infrastructure Screen Action 10 Specify Instance Name Instance Name Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have 11 more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example infra ias_admin Password and Confirm Password Enter and confirm the password for the ias_admin user This is the administrative user for this infrastructure instance See Section 3 6 The ias_admin User and Restrictions on its Password for password requirements Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Step 3 Perform Post Installation Steps The following step is required only if you meet both of these requirements You plan to use the Automatic Storag
307. ore your saved dsa conf configuration file with your settings to continue using the same settings for the upgraded OracleAS Guard environment On UNIX systems lt ORACLE_HOME gt dsa dsa conf 3 Start the OracleAS Guard server in all OracleAS 10 1 2 0 0 Oracle homes on both production and standby sites using the following opmnctl command On UNIX systems 10 10 Oracle Application Server Installation Guide What to Read Next lt ORACLE_HOME gt opmn bin opmnctl startall lt ORACLE_HOME gt opmn bin opmnctl startproc ias component DSA 10 6 What to Read Next For information on how to manage your OracleAS Disaster Recovery environment such as setting up Oracle Data Guard and configuring the OracleAS Metadata Repository database see the Oracle Application Server High Availability Guide Installing in High Availability Environments OracleAS Disaster Recovery 10 11 What to Read Next 10 12 Oracle Application Server Installation Guide 11 Post Installation Tasks Contents a Section 11 1 State of Oracle Application Server Instances After Installation a Section 11 2 Passwords for Oracle Application Server Components a Section 11 3 NFS Installations Section 11 4 Backup and Recovery a Section 11 5 SSL m Section 11 6 Operating System Locale and NLS_LANG Environment Variable a Section 11 7 Component Configuration After Installation Section 11 8 Components that Require Post Installati
308. ory directory var opt oracle This directory contains information on locations of Oracle homes directory on the computer If you installed Oracle9iAS Release 2 9 0 2 on your computer this directory also contains files that provide information for Oracle Enterprise Manager 10g tmp directory The installer writes files needed only during installation to a temporary directory By default the temporary directory is tmp To specify a different directory set the TMP environment variable See Section 2 8 5 TMP and TMPDIR for details 3 9 Why Do I Need to be Able to Log In as Root at Certain Times During Installation At least once during installation the installer prompts you to log in as the root user and run a script You need to be root because the script edits files in the var opt oracle directory 3 10 Running root sh During Installation The installer prompts you to run the root sh script in a separate window This script creates files in the local bin directory usr 1local bin by default If the script finds files of the same name it prompts you if you want to override the existing files You should back up these files you can do this from another window then overwrite them The following lines show the prompts from the root sh script The default values are enclosed in square brackets Enter the full pathname of the local bin directory usr local bin The file dbhome already exists in us
309. ory Infrastructure In a symmetric topology each node in the standby site corresponds to a node in the production site This includes the nodes running both OracleAS Infrastructure and Installing in High Availability Environments OracleAS Disaster Recovery 10 1 OracleAS Disaster Recovery Introduction middle tiers In an asymmetric topology the number of instances required on the standby site are fewer than the number on the production site and the number of instances required on the standby site must be the minimum set of instances required to run your site in the event of a switchover or failover operation As a small variation to this environment you can set up the OracleAS Infrastructure on the production site in an OracleAS Cold Failover Cluster environment See Section 10 2 4 If You Want to Use OracleAS Cold Failover Cluster on the Production Site for details For these supported topologies OracleAS Guard will be installed in every Oracle home on every system that is part of your production and standby topology configured for the OracleAS Disaster Recovery solution OracleAS Guard can be installed as a standalone install kit located on OracleAS Companion CD 2 See Section 10 4 Installing the OracleAS 10g 10 1 2 0 2 Standalone Install of OracleAS Guard into Oracle Homes for more information about when this standalone kit should be installed Figure 10 1 shows an example symmetric OracleAS Disaster Recovery environment
310. ory and Oracle Identity Management components on the same computer select the Oracle Identity Management and OracleAS Metadata Repository option The installer installs the components in the proper order See Section 4 20 Installing OracleAS Infrastructure for the step by step procedure If you plan to install the infrastructure components on separate computers install them in this order 1 Install the OracleAS Metadata Repository You can have the installer create a new database and populate it with the OracleAS Metadata Repository or you can run the Oracle Application Server Repository Creation Assistant to install the OracleAS Metadata Repository in an existing database Note that you cannot register the OracleAS Metadata Repository with Oracle Internet Directory at this point because you do not have an Oracle Internet Directory yet The registration is done in the next step See a Section 4 22 Installing OracleAS Metadata Repository in a New Database a For information on how to install the OracleAS Metadata Repository in an existing database see the Oracle Application Server Metadata Repository Creation Assistant User s Guide 2 Install the Oracle Identity Management components The installer prompts you to enter the connect information for the OracleAS Metadata Repository database See Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory for the step by ste
311. oup QA cn OracleDASDeleteUser SQA cn OracleDASEditGroup en orcladmin PQA cn OracleDASEditUser pair cn 0racleDASGroupPriv SQA cn 0racleDASServicefdminGro SQA cn OracleDASUserPriv i orc lApplicationCommonName biforms_m16 iasdi et a ey Pa objectclass ea cn oraclemanageextendedprefe 9 cn OraclePasswordAccessiblel help 5 8 1 2 Navigating to Metadata Repository Groups The metadata repository groups are listed in Table 5 2 The general navigation path is as follows See Figure 5 4 for a screenshot 1 Expand the top level entry Oracle Internet Directory Servers 2 Expand the specific Oracle Internet Directory 3 Expand the following entries Entry Management gt cn OracleContext gt cn Products gt cn IAS gt cn IAS Infrastructure Databases gt orclReferenceName dbName where dbName is the name of the OracleAS Metadata Repository database 4 Click the group to which you want to add users Figure 5 4 shows Oracle Directory Manager with the Repository Owners group for the orcl us oracle com database selected 5 12 Oracle Application Server Installation Guide How to Add Users to Groups in Oracle Internet Directory Figure 5 4 Using Oracle Directory Manager to Add Users to Metadata Repository Groups Oracle Directory Manager File Edit View Qperation Help EJL Jag HRADNY SE ORACLE System Ob 3 cnEIAS Inf us oracle com cn Repository Owners iAccess Control Management A gt
312. ove both lines For example if the infrastructure instance is installed in privatel infra and it includes a metadata repository whose SID is orcl the lines would look like the following orcl privatel infra N privatel infra N D 7 Harmless Errors in the Log File If you get the following unable to delete file and unable to find make file errors in the oraInstalltimestamp err file after you deinstall J2EE and Web Cache or Portal and Wireless instances these are harmless error messages Ignoring Exception during de install oracle sysman oii 0i1il 0iilDeinstallException An error occurred during runtime oracle sysman oii oiil 0iilDeinstallException An error occurred during runtime Ignoring Exception during de install oracle sysman oii oiil 0iilDeinstallException Unable to delete file home j2ee sysman emd targets xml oracle sysman oii o0iil 0iilDeinstallException Unable to delete file home j2ee sysman emd targets xml at instantiateFileEx deinstallAction instantiateFileEx java 935 Ignoring Exception during de installoracle sysman oii oiil 0iilDeinstallException Unable to find make file home j2ee network 1lib ins_net_client mk oracle sysman oii oiil 0iilDeinstallException Unable to find make file home j2ee network 1lib ins_net_client mk at ssmakeux deinstallAction ssmakeux java 246 Deinstallation and Reinstallation D 7 Cleaning Up Oracle Application Server Processes D 8 Cleaning Up Oracle Applicatio
313. ows If you are performing the installation from the console or X Windows then add the following line to the etc pam d xdm file session required pam_limits so 2 2 2 Tips for Reducing Memory Usage If you need to reduce memory consumption Configure only the components that you need After installation start up only the components that you need See the Oracle Application Server Administrator s Guide for details Run Application Server Control only when you need to administer an instance In most cases you do not need Application Server Control running all the time If you are running multiple Oracle Application Server instances on one computer each Application Server Control can consume a lot of memory Running Application Server Control only when you need it can free up memory for other components Configure Application Server Control so that it can manage multiple instances See the Oracle Application Server Administrator s Guide for details 2 3 Software Requirements Check that the software listed in Table 2 3 is installed on the system The procedure that follows the table describes how to ensure the correct software is installed on the system Note Oracle Application Server 10g 10 1 4 0 1 is certified with the following Operating System specific software For the most current list of supported Operating System specific software for example JDK version Operating System version check OracleMetaLink http
314. p procedure The installer registers the OracleAS Metadata Repository with the newly created Oracle Internet Directory See Section 4 10 Registration of OracleAS Metadata Repository in Oracle Internet Directory and Password Randomization for details about registration Installing Only the OracleAS Metadata Repository Does Not Give You an Oracle Application Server Instance If you install only the OracleAS Metadata Repository when installing the infrastructure the installer creates a new database and populates it with the OracleAS Metadata Repository schemas This instance is different from other Oracle Application Server instances in the following ways The installer does not prompt you to name this Oracle Application Server instance a At the end of installation Oracle Enterprise Manager 10g Application Server Control is not started up because it is not configured for this instance You do not need it to manage this instance which consists of only the metadata repository database To manage this instance you use database management tools For more information see the chapter Introduction to Administration Tools in the Oracle Application Server Administrator s Guide a At the end of installation Oracle HTTP Server is also not started up because you do not need it to manage this instance Installing OracleAS Infrastructure 4 3 Can Install Components on Separate Computers 4 4 Can Install Components on Separate Comp
315. parameters shown in the following table are set either to the formula shown or to values greater than or equal to the recommended value shown The procedures following the table describe how to verify and set the values Parameter Recommended Formula or Value ksi_alloc_max nproc 8 max_thread_proc 3000 maxdsiz 2063835136 2 GB maxdsiz_64bit 2147483648 2 GB maxfiles 2048 maxfiles_lim 2048 maxssiz 134217728 128 MB maxssiz_64bit 1073741824 1 GB maxupre nproc 9 10 msgmap 2 msgmni msgmni 4096 msgseg 32767 msegtql 4096 ncsize ninode 1024 nfile 15 nproc 2048 nflocks 4096 ninode 8 nproc 2048 nkthread nproc 7 4 16 nproc 4096 semmni 4096 semmns semmni 2 semmnu nproc 4 semvmx 32767 Requirements 2 7 Ports Parameter Recommended Formula or Value shmmax The size of physical memory or 0X40000000 1073741824 whichever is greater Note To avoid performance degradation the value should be greater than or equal to the size of the SGA shmmni 512 shmseg 120 tcp_conn_request_max 2048 vps_ceiling 64 To view the current value specified for these kernel parameters and to change them if necessary follow these steps 1 2 5 Ports Optionally set the DISPLAY environment variable to specify the display of the local system Bourne Bash or Korn shell DISPLAY localhost 0 0 export
316. pears only if your Oracle Internet Directory has multiple realms Click Next Note This is a critical screen when installing in an OracleAS Cold Failover Cluster If you do not see this screen check the following a Return to the Select High Availability or Replication Option screen and ensure that you selected Virtual Host a Return to the Select Configuration Options screen and ensure that you selected High Availability and Replication Virtual Hostname Enter the virtual hostname for the OracleAS Cold Failover Cluster configuration Example vhost_2 mydomain com Click Next Instance Name Enter a name for the instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example sso_das ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details Step 5 Stop the OracleAS Infrastructure Processes on Node 1 Stop the processes that are running in the Oracle h
317. ple Response File for OracleAS Infrastructure Identity Management and OracleAS Metadata Repository The following shows an example of a response file for a silent installation of OracleAS Infrastructure as described in Section 4 20 Installing OracleAS Infrastructure Note that if you do not copy the CD ROMs to the hard drive the installer will prompt you to switch CD ROMs during installation To complete the installation without any prompting you must copy the contents of the CD ROMs to the hard drive and specify the LOCATION_FOR_DISKn parameters RESPONSEFILE_VERSION 2 2 1 0 0 UNIX_GROUP_NAME dba FROM_LOCATION mount_point Disk1 stage products xml FROM_LOCATION_CD_LABEL Oracle Application Server 10g LOCATION_FOR_DISK2 path to disk2 files ORACLE_HOME local_location oracle_home ORACLE_HOME_NAME oracle_infrahome_name SHOW_SPLASH_SCREEN false SHOW_WELCOME_PAGE false SHOW_INSTALL_PROGRESS_PAGE false SHOW_COMPONENT_LOCATIONS_PAGE false SHOW_CUSTOM_TREE_PAGE false SHOW_SUMMARY_PAGE false S S S S S S N N S S HOW_REQUIRED_CONFIG_TOOL_PAGE false HOW_OPTIONAL_CONFIG_TOOL_PAGE false HOW_RELEASE_NOTES false HOW_ROOTSH_CONFIRMATION false HOW_END_SESSION_PAGE false HOW_EXIT_CONFIRMATION false EXT_SESSION false EXT_SESSION_ON_FAIL false HOW_DEINSTALL_CONFIRMATION false HOW_DEINSTALL_PROGRESS false oracle iappserver infrastructure SHOW_IAS_COMPONENT_CONFIG_PAGE false ACCEPT_LICENSE_AGREEMENT true
318. plication Server 10g 10 1 4 0 1 hardware and software requirements included in this guide were accurate at the time this manual was released to Requirements 2 1 System Requirements manufacturing For the most up to date information about hardware and software requirements refer to OracleMetaLink http metalink oracle com After logging into OracleMetaLink click Certify From the resulting Web page you can view the latest certifications by product platform and product availability 2 2 System Requirements Table 2 2 lists the system requirements for running Oracle Application Server The installer checks many of these requirements at the start of the installation process and warns you if any of them is not met To save time you can manually check only the ones that are not checked by the installer Refer to Table 2 2 to see which requirements are not checked by the installer You can also run the system checks performed by the installer without doing an installation by running the runInstaller command as shown The runInstaller command is on the Oracle Application Server CD ROM Disk 1 or DVD ROM in the application_server directory CD ROM prompt gt mount_point 1014disk1 runInstaller executeSysPrereqs DVD ROM prompt gt mount_point application_server runInstaller executeSysPrereqs The results are displayed on the screen as well as written to a log file For more information on the types of checks perfo
319. ponse file for a silent installation of Oracle Identity Federation as described in Oracle Identity Federation Administrator s Guide Silent and Non Interactive Installation B 9 Start the Installation Note that if you do not copy the CD ROMs to the hard drive the installer will prompt you to switch CD ROMs during installation To complete the installation without any prompting you must copy the contents of the CD ROMs to the hard drive and specify the LOCATION_FOR_DISKn parameters RESPONSEFILE_VERSION 2 2 1 0 0 UNIX_GROUP_NAME dba FROM_LOCATION mount_point Disk1 stage products xml FROM_LOCATION_CD_LABEL Oracle Application Server 10g LOCATION_FOR_DISK2 path to disk2 files ORACLE_HOME local_location oracle_home ORACLE_HOME_NAME oracle_fedhome_name SHOW_SPLASH_SCREEN false SHOW_WELCOME_PAGE false SHOW_INSTALL_PROGRESS_PAGE false SHOW_COMPONENT_LOCATIONS_PAGE false SHOW_CUSTOM_TREE_PAGE false SHOW_SUMMARY_PAGE false S S S S S S N N S S HOW_REQUIRED_CONFIG_TOOL_PAGE false HOW_OPTIONAL_CONFIG_TOOL_PAGE false HOW_RELEASE_NOTES false HOW_ROOTSH_CONFIRMATION false HOW_END_SESSION_PAGE false HOW_EXIT_CONFIRMATION false EXT_SESSION false EXT_SESSION_ON_FAIL false HOW_DEINSTALL_CONFIRMATION false HOW_DEINSTALL_PROGRESS false oracle iappserver security fed SHOW_IAS_COMPONENT_CONFIG_PAGE false ACCEPT_LICENSE_AGREEMENT true RESTART _SYSTEM lt Value Unspecified gt CLUSTER_NODES lt Value U
320. pplication Server Metadata Repository Creation Assistant User s Guide for details 9 5 3 Installing OracleAS Cluster Identity Management on the First Node Run the installer on each node where you want to install Oracle Identity Management components Note that the procedure for installing Oracle Identity Management components on the first node is different from installing the components on subsequent nodes To install the components on subsequent nodes see Section 9 5 4 Installing OracleAS Cluster Identity Management on Subsequent Nodes Subsections a Section 9 5 3 1 Create staticports ini File a Section 9 5 3 2 Disable TCP Monitoring on Load Balancer for First Node a Section 9 5 3 4 Ensure that the OracleAS Metadata Repository Is Not Registered with any Oracle Internet Directory a Section 9 5 3 5 Select the Same Components for Each Node a Section 9 5 3 6 Run the Installer 9 5 3 1 Create staticports ini File If you want to use custom ports for components other than Oracle HTTP Server or Oracle Internet Directory you need to create a staticports ini file for this installation If you want custom ports for Oracle HTTP Server or Oracle Internet Directory you specify them in the Specify HTTP Load Balancer Host and Listen Ports and the Specify Host and Port for LDAP screens If you specify custom ports for Oracle HTTP Server and Oracle Internet Directory also in the staticports ini file and you also specif
321. ps listed in Section 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster Step 2 Install OracleAS Metadata Repository Use the OracleAS RepCA to install the OracleAS Metadata Repository in an existing database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details If you do not have an existing database you can use the installer to create one Note that you have to create the database with a virtual hostname See Section 8 8 Installing Only the OracleAS Metadata Repository in an OracleAS Cold Failover Cluster Environment for details Step 3 Install Oracle Internet Directory and Oracle Directory Integration Platform Install the Oracle Internet Directory and Oracle Directory Integration Platform components on the other shared disk Follow the installation steps described in Table 8 7 Key Points a Inthe Select Installation Type screen select Identity Management a Inthe Select Configuration Options screen select Oracle Internet Directory Oracle Directory Integration Platform and High Availability and Replication a Inthe Select High Availability or Replication Option screen select Virtual Host a Inthe Specify Virtual Hostname screen enter the virtual hostname Installer Screens 8 22 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration Table 8 7 Installing Oracle Internet Directo
322. r the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example infra_oca ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next Finish the installation See Section 4 28 Install Fragment The Last Few Screens of the Installation for details 4 22 Oracle Application Server Installation Guide Install Fragment The First Few Screens of the Installation 4 27 Install Fragment The First Few Screens of the Installation The first few screens of the installer are described here because they are the same for all installations Most installation procedures in this chapter refer to this section as their starting point Table 4 12 First Few Screens of the Installation Screen Action 1 Start the installer See Section 3 15 Starting the Oracle Universal Installer for details 2 Welcome Click Next 3 Specify Inventory This screen appears only if this is the first installation of any Oracle product on this Directory and computer Credentials Enter the full path of the inventory directory Enter a full path to the inventory directory Enter a directory that is different from the Oracle home directory for the product files Ex
323. r local bin Overwrite it y n n y Copying dbhome to usr local bin The file oraenv already exists in usr local bin Overwrite it y n n y Copying oraenv to usr local bin The file coraenv already exists in usr local bin Overwrite it y n n y Copying coraenv to usr local bin After you run root sh you may see warnings that begin with chmod WARNING Corresponding set ID also disabled You may ignore these warnings 3 11 Can Modify Other Oracle Application Server Instances During Installation During the installation of an Oracle Application Server instance you should not change the configuration or passwords of other installations in your environment For example if there is an OracleAS Infrastructure installation in your environment you should not modify it during the installation of a middle tier 3 6 Oracle Application Server Installation Guide Obtaining Software from Oracle E Delivery 3 12 Connecting to Oracle Internet Directory Through SSL Connections When you install OracleAS Infrastructure or middle tiers you can specify that Oracle Application Server components connect to Oracle Internet Directory only through SSL connections On screens where you specify the hostname and port for Oracle Internet Directory you can select the Use Only SSL Connections With This Oracle Internet Directory option Note that Oracle HTTP Server is not set up for SSL connections during installation If you
324. r this is that Java does not support the NE8ISO8859P10 or CEL8ISO8859P14 character sets If you configure the database to use a character set not supported by Java you will get an Unsupported IANA character encoding error in OracleAS Portal 4 16 What Do Enter in the Specify Namespace in Internet Directory Screen The distinguished name DN that you specify on this screen will be designated as the namespace in Oracle Internet Directory where users and groups are administered Select the suggested namespace if it meets your deployment requirements If not enter a DN that you want in the custom namespace field The installer determines the suggested namespace from the etc hosts file See Section 2 9 The etc hosts File If you plan to integrate your Oracle Identity Management components with a third party directory you should specify the DN of a namespace that matches the DN of the default namespace in the third party directory See the Oracle Internet Directory Administrator s Guide for details on integration with third party directories 4 17 How to Determine Port Numbers Used by Components During installation you might need to know port numbers used by certain Oracle Application Server components For example if you install OracleAS Infrastructure against an existing Oracle Internet Directory the installer prompts for the Oracle Internet Directory hostname and port number You can get a list of port numbers in the follow
325. racle Identity Management realm It displays this location in the Specify Namespace in Internet Directory screen The hosts file should use the following format ip_address fully_qualified_hostname short_hostname Example 123 45 67 89 primaryHost mydomain com primaryHost In the preceding example the location of the default Oracle Identity Management realm would look like dc mydomain dc com If the file uses a different format the installer displays an incorrect value in the screen For example if the hosts file contains 123 45 67 89 primaryHost primaryHost mydomain com lt incorrect format the installer would display dc primaryHost dc com as the default Oracle Identity Management realm This is probably not the value that you want for the default Oracle Identity Management realm Tip If you need the hosts file to use a different format you can edit the file to use the required format perform the installation then revert the file back to its original format after installation If you are unable or unwilling to edit the hosts file you can enter the desired value for the default Oracle Identity Management realm in the Custom Namespace field on the Specify Namespace in Internet Directory screen 2 9 2 Hostname for OracleAS Single Sign On If you are installing OracleAS Single Sign On and your hosts file contains only the hostname of your computer without the domain name then you will only be able to sig
326. racle Identity Management components such as Oracle Internet Directory OracleAS Single Sign On and OCA Management schemas These schemas are used by components such as DCM 4 8 Oracle Application Server Installation Guide Can Use Multiple Metadata Repositories If you are interested in seeing the names of all the schemas see the Oracle Application Server Metadata Repository Creation Assistant User s Guide 4 12 Can I Use Multiple Metadata Repositories You can install multiple metadata repositories to increase performance This enables different components in your topology to use different metadata repositories To use multiple metadata repositories follow these guidelines To enable a Portal and Wireless or a Business Intelligence and Forms middle tier to use a second metadata repository for product metadata a Install the second metadata repository and register it with the Oracle Internet Directory You can do this using the installer or the OracleAS RepCA Use the installer to create a new database containing the OracleAS Metadata Repository or use the OracleAS RepCA to install the OracleAS Metadata Repository in an existing database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details b When you install the Portal and Wireless or the Business Intelligence and Forms middle tier select the second metadata repository from the list of registered repositories This
327. racle Management Agent and the ORACLE_HOME cfgtoollogs Server Control Application Server Control to deploy applications configtoolstimestamp log Configuration through the Oracle Enterprise Manager 10g Assistant Application Server Control Database Configures the OracleAS Metadata Repository for ORACLE_HOME cfgtoollogs Configuration OracleAS Infrastructure configtoolstimestamp log Assistant Database Migrates an older version of the infrastructure ORACLE_HOME assistants dbma logs Migration database to the current version of the infrastructure Assistant database Before running this migration assistant make sure the database is up and running Database Enables cluster configuration for selected databases ORACLE_HOME config managed infratool_dcm_repository log OracleAS Cluster Assistant ORACLE_HOME cfgtoollogs infratool_dcm_repository log DCM Repository Enables you to back up your DCM repository ORACLE_HOME dcm logs Backup Assistant Delegated Sets up the Oracle Delegated Administration ORACLE_HOME cfgtoollogs dasca log Administration Services URL in Oracle Internet Directory and adds Service the necessary access control privileges to the DAS Configuration entity Assistant Before running this configuration assistant make sure the Infrastructure Instance Configuration Assistant was run successfully Directory Registers and starts the directory integration server ORACLE_HOME cf
328. rastructure installation Here are some common scenarios and their deinstallation order If you have an Oracle Identity Management OracleAS Metadata Repository instance you have only one instance to deinstall If you installed Oracle Identity Management and OracleAS Metadata Repository separately 1 Deinstall the Oracle Identity Management instance 2 Deinstall the OracleAS Metadata Repository If you have a distributed Oracle Identity Management 1 Deinstall the instance s that are running OracleAS Single Sign On Oracle Delegated Administration Services Oracle Directory Integration Platform and or OCA 2 Deinstall the instance running Oracle Internet Directory 3 Deinstall the OracleAS Metadata Repository D 6 2 Deinstallation Steps 1 Log in as the operating system user who installed the instance you want to deinstall Deinstallation and Reinstallation D 5 Deinstalling OracleAS Infrastructure 2 If OCA is configured on the instance you want to deinstall run the following commands prompt gt ORACLE_HOME oca bin ocactl stop prompt gt ORACLE_HOME oca bin cmdeinst ocaAdminPassword oidAdminPassword Replace ocaAdminPassword with the password of the OCA administrator Replace oidAdminPassword with the password of the Oracle Internet Directory user who installed OCA The user must belong to the following groups Trusted Application Admins a iAS Admins a Repository Owners group for the metadata reposi
329. ration with Oracle Access Manager in the Oracle Identity Federation Administrator s Guide High Availability Topologies An OracleAS Cluster Identity Management configuration in which two or more Oracle Identity Management instances serve the same content A load balancer distributes requests equally among the active instances Chapter 9 Installing in High Availability Environments OracleAS Cluster Identity Management An OracleAS Cold Failover Cluster configuration in which two or more OracleAS Infrastructure or Oracle Identity Management instances serve the same content but only one instance is active at any one time Chapter 8 Installing in High Availability Environments OracleAS Cold Failover Cluster Product and Installation Overview 1 3 Recommended Topologies Table 1 2 Cont Recommended Topologies Topology See This Documentation for Details An OracleAS Disaster Recovery configuration in Chapter 10 Installing in High Availability Environments which a standby site mirrors a production site OracleAS Disaster Recovery During normal operation the production site handles all the requests If the production site goes down the standby site takes over and handles all the requests An active active topology in which two or more High Availability for Oracle Access Manager in the Oracle Oracle Access Manager instances serve the same Application Server High Availability Guide content
330. rements for High Availability Configurations a Has write privileges on remote directories 7 3 4 Check for Previous Oracle Installations on All Nodes Check that all the nodes where you want to install in a high availability configuration do not have existing oraInventory directories Details of all Oracle software installations are recorded in the Oracle Installer Inventory directory Typically this directory is unique to a node and named oraInventory The directory path of the Oracle Installer Inventory directory is stored in the oraInst 1oc file The existence of this file on a node confirms that the node contains some Oracle software installation Since the high availability configurations require installations on multiple nodes with Oracle Installer Inventory directories on a file system that may not be accessible on other nodes the installation instructions in this chapter and subsequent chapters for high availability configurations assume that there have not been any previous installations of any Oracle software on any of the nodes that are used for this high availability configuration The oraInst 1oc file and the Oracle Installer Inventory directory should not exist on any of these nodes prior to these high availability installations To check if a node contains an oraInventory directory that could be detected by the installer 1 On each node check for the existence of the oraInst 1loc file This file is stored
331. rep config repository variables ov 25 2004 9 07 35 PM oracle sysman emcp EMConfig addPortEntries NFO Updating file ASInstalls ASInfra install portlist ini ov 25 2004 9 07 35 PM oracle sysman emcp EMConfig updateEmdProps NFO Updating file ASInstalls ASInfra sysman config emd properties ov 25 2004 9 07 35 PM oracle sysman emcp EMConfig updateConfigFiles NFO targets xml file is updated successfully ov 25 2004 9 07 35 PM oracle sysman emcp EMConfig updateEmomsProps FO Updating file SInstalls ASInfra sysman config emoms properties ov 25 2004 9 07 35 PM oracle sysman emcp EMConfig updateConfigFiles NFO emoms properties file is updated successfully Nov 25 2004 9 07 40 PM oracle sysman emcp EMConfig copyOC4JDir WARNING Error copying OC4J config files from ASInstalls ASInfra oc4j j2ee OC4J_DBConsole to ASInstalls ASInfra oc4j j2ee 0C4J_DBConsole_hostname domain_portaldb Nov 25 2004 9 07 40 PM oracle sysman emcp EMConfig startOMS INFO Starting the DBConsole Nov 25 2004 9 08 26 PM oracle sysman emcp EMConfig perform INFO DBConsole is started successfully Pe HEn HBHBHBH SB F 3 16 OPMN Configuration Assistant Start HTTP Server Failures Problem The OPMN Configuration Assistant Start HTTP Server fails when you re run it Solution The problem is that Oracle HTTP Server is already running Before re running the configuration assistant stop Oracle HTTP Server with the
332. requisites a Check that you have configured a virtual hostname and virtual IP If there is an existing Oracle Application Server 10g database on the system where you plan to install OracleAS Metadata Repository you must perform the steps in Section 8 2 5 Modify listener ora file for Existing Database prior to installation Table 8 10 Installing the OracleAS Metadata Repository Only Screen Action I 2 Select Configuration Options 3 Select High Availability Option 4 Register Oracle Application Server Metadata Repository 5 Specify Oracle Internet Directory login 6 Specify Virtual Hostname Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Metadata Repository Select High Availability and Replication Click Next Select Virtual Host Click Next If you already have an Oracle Internet Directory and know its connect information select Yes and enter the name of the computer where Oracle Internet Directory is running and the port number See Section 4 17 How to Determine Port Numbers Used by Components if you do not know the port number Use Only SSL Connections with this Oracle Internet Directory Select this option if you want Oracle Application Server components to use only SSL to connect to Oracle Internet Directory If you do not have
333. rge values greater than 2 GB correctly It interprets the very large values as small values Make sure the values for the required kernel parameters are under 2 GB F 3 6 Installer Disappears After Running the Pre Installation Checks Problem The installer disappears after running pre installation checks Solution The directory that is the mount point of the CD ROM or DVD ROM was mounted with incorrect permissions and this caused the pwd command to not work correctly When you run pwd it returns cannot determine current directory To fix 1 Unmount the CD ROM 2 Change permissions of the mount directory to 755 3 Remount the CD ROM The installer should now run correctly F 4 Oracle Application Server Installation Guide Installation Problems and Solutions F 3 7 Unable to Clean Up a Failed Installation If your installation was not successful you have to deinstall it first before you can install Oracle Application Server again Refer to Appendix D Deinstallation and Reinstallation for instructions F 3 8 Forgot the Password for the cn orcladmin Account Problem You forgot the password for the cn orcladmin account Solution You can reset the password in the database The DSE root attribute name is orclsupassword Note that after a certain number of failed attempts to connect the cn orcladmin account becomes locked In this case you have to unlock the account See the next section Section F 3 9 cn orclad
334. ri aaia eraann wide A cdots aaao ataa aaa B 1 Non Interactive Installation ssseisniniiaa ena naa a r a aai B 2 Pre Jnstallati N ni a a Reece eia ea E aE B 2 Notes for Silent and Non Interactive Installations ccccscessecsessecescesseeeseseeeeseeeeseeeeeees B 2 Installing OracleAS Certificate Authority essesesssseessessseseesessesrsnsiesessessseniestssessnenteseesee B 2 Create the Response Pile cies ccss cscesccetevcvscse ies cetesistes E E ER A R EE B 3 Creating Response Files from Templates cccccccccssesssssteeseseesesescsnenssesesesnensseseecenens B 3 B 5 2 Creating Response Files by Using the Record Mode in the Installer B 3 B 5 3 Variables to Modify in the Response Files ccceccccssesesesescscesescscseseseseecsesesnseecses B 3 B 5 4 Example Response Biles nei conse ste ectiecseeinies tee Stat sgs aed E esterase herr Sicko E B 4 B 5 4 1 Example Response File for OracleAS Infrastructure Oracle Identity Management ORLY eskesses scott cotecnatamenenl A va aralened angie E E daa Tenet B 4 B 5 4 2 Example Response File for OracleAS Infrastructure OracleAS Metadata Repository Only malri ietie ennen ana enia atagan ai ee eaae iatea ia aR B 6 B 5 4 3 Example Response File for OracleAS Infrastructure Identity Management and OracleAS Metadata Repository c cccccscesccsseeseeseeeeeneeeseenseeeeesecneeesecnseeneeeaeens B 8 B 5 4 4 Example Response File for Oracle Identity Federation ssssssssssssssss
335. ribes how to install Oracle Application Server in OracleAS Cold Failover Cluster configurations Section 8 1 OracleAS Cold Failover Cluster Introduction Section 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster Section 8 3 Installing an OracleAS Cold Failover Cluster Infrastructure Configuration Section 8 4 Installing a Distributed OracleAS Cold Failover Cluster Infrastructure Configuration Section 8 5 Installing an OracleAS Cold Failover Cluster Identity Management Configuration Section 8 6 Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration Section 8 7 Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster Section 8 8 Installing Only the OracleAS Metadata Repository in an OracleAS Cold Failover Cluster Environment Section 8 9 Post Installation Steps for OracleAS Cold Failover Cluster Section 8 10 Installing Middle Tiers Against an OracleAS Cold Failover Cluster Infrastructure Section 8 11 Installing Regular Middle Tiers on OracleAS Cold Failover Cluster Nodes 8 1 OracleAS Cold Failover Cluster Introduction In OracleAS Cold Failover Cluster configurations you have an active and a passive node and shared storage that can be accessed by either node During normal operation the active node runs Oracle Application Server processes and processes requests from clients If the
336. ring the deinstallation because the clusterware agents are trying to fail over the resources D 4 Deinstalling OracleAS Single Sign On Instances in OracleAS Cluster Identity Management If you have multiple OracleAS Single Sign On instances installed in a cluster against the same Oracle Internet Directory and you would like to deinstall some of the instances but keep others running perform the following steps before running the Deconfig tool Note that if the OracleAS Single Sign On instance that you wish to deinstall was the last instance to be installed against the Oracle Internet Directory you should not perform this step Instead perform the steps in Section D 6 Deinstalling OracleAS Infrastructure 1 Open the file located at ORACLE_ HOME deconfig DeconfigWrapper properties for editing 2 Search for the line that begins with SSO For example the line might look like the following SSO OraHome_1 jdk bin java jar OraHome_1 sso lib ossoca jar deinstall OraHome_1 OID_USER OID_PASSWORD 3 Comment out the line by adding a pound character at the beginning of the line In the example above the line would be changed to look like the following SSO OraHome_1 jdk bin java jar OraHome_1 sso lib ossoca jar deinstall OraHome_1 SOID_USER OID_PASSWORD After modifying the file perform the steps in Section D 6 Deinstalling OracleAS Infrastructure to complete the deinstallation D 4 Oracle Applicati
337. rmed see Section 2 11 Prerequisite Checks Performed by the Installer Table 2 2 System Requirements Item Requirement Operating system HP UX 11i Version 2 11 23 Itanium or higher See Section 2 3 Software Requirements for a list of required patches Checked by Installer Yes Network You can install Oracle Application Server on a computer that is connected to a network or on a standalone computer not connected to the network If you are installing Oracle Application Server on a standalone computer you can connect the computer to a network after installation You have to perform some configuration tasks when you connect it to the network see theOracle Application Server Administrator s Guide for details Checked by Installer No IP The computer s IP address must be static Oracle Application Server does not support HP UX systems using DHCP Oracle Application Server supports DHCP computers on Linux and Microsoft Windows Checked by Installer No Hostname Ensure that your hostnames are not longer than 255 characters Checked by Installer No 2 2 Oracle Application Server Installation Guide System Requirements Table 2 2 Cont System Requirements Item Requirement Processor type 64 bit HP UX Itanium processor To determine the processor type run the following command prompt gt usr bin getconf KERNEL _BITS Checked by Installer No Processor speed
338. rn shell oe ORACLE_HOSTNAME vhost mydomain com export ORACLE_HOSTNAME Installing in High Availability Environments OracleAS Cold Failover Cluster 8 31 Installing Middle Tiers Against an OracleAS Cold Failover Cluster Infrastructure After setting the variable you can then run the emct1 action dbconsole commands where actionis start stop or status for example emct1 start dbconsole 8 9 4 Create a Clusterware Agent for Automatic Failover An OracleAS Cold Failover Cluster environment provides the framework for a manual failover of OracleAS Infrastructure To achieve automatic failover you must set up an agent using the clusterware An example of automatic failover is setting up the secondary node to monitor the heart beat of the primary node and when the secondary node detects that the primary node is down the virtual IP address shared storage and all the OracleAS Infrastructure processes are failed over to the secondary node 8 10 Installing Middle Tiers Against an OracleAS Cold Failover Cluster Infrastructure This section describes how to install middle tiers that are not in a cold failover cluster configuration against an OracleAS Cold Failover Cluster infrastructure For non cold failover cluster middle tiers to work with OracleAS Infrastructure in an OracleAS Cold Failover Cluster you can install the middle tiers on computers outside the cluster or on nodes within the cluster Note The preferred solu
339. roduction and standby sites This configuration allows nodes on each site production or standby to resolve hostnames within the site Above the internal DNS servers are the corporate or external DNS servers The internal DNS servers forward 10 4 Oracle Application Server Installation Guide Setting up the OracleAS Disaster Recovery Environment non authoritative requests to the external DNS servers The external DNS servers do not know about the existence of the internal DNS servers See Figure 10 2 Figure 10 2 Method 1 Using DNS Servers Production Site Standby Site Method 1 Details a Make sure the external DNS names are defined in the external DNS zone Example prodmid1l us oracle com IN A 138 1 2 333 prodmid2 us oracle com IN A 138 1 2 444 prodinf us oracle com IN A 138 1 2 111 standbymidl us oracle com IN A 213 2 2 330 standbymid2 us oracle com IN A 213 2 2 331 standbyinf us oracle com IN A 213 2 2 110 At the production site create a new zone at the production site using a domain name different from your external domain name To do this populate the zone data files with entries for each node in the OracleAS Disaster Recovery environment For the infrastructure node use the virtual name or alias For the middle tier nodes use the node name the value in etc nodename The following example uses asha as the domain name for the new zone asmid1 asha IN A 138 1 2 333 asmid2 asha IN A 138 1 2 444 asinfra as
340. rograms on behalf of the United States Government the following notice is applicable U S GOVERNMENT RIGHTS Programs software databases and related documentation and technical data delivered to U S Government customers are commercial computer software or commercial technical data pursuant to the applicable Federal Acquisition Regulation and agency specific supplemental regulations As such use duplication disclosure modification and adaptation of the Programs including documentation and technical data shall be subject to the licensing restrictions set forth in the applicable Oracle license agreement and to the extent applicable the additional rights set forth in FAR 52 227 19 Commercial Computer Software Restricted Rights June 1987 Oracle USA Inc 500 Oracle Parkway Redwood City CA 94065 The Programs are not intended for use in any nuclear aviation mass transit medical or other inherently dangerous applications It shall be the licensee s responsibility to take all appropriate fail safe backup redundancy and other measures to ensure the safe use of such applications if the Programs are used for such purposes and we disclaim liability for any damages caused by such use of the Programs Oracle JD Edwards PeopleSoft and Siebel are registered trademarks of Oracle Corporation and or its affiliates Other names may be trademarks of their respective owners The Programs may provide links to Web sites and access to conte
341. rol plug in installing A 1 starting the installer A 1 grid control plug in agent installing A 3 groupadd command 2 16 groups operating system see operating system groups groups Oracle Internet Directory 5 2 adding users to 5 10 groups command 2 18 H high availability environments etc group file 7 5 installation order 7 4 oracle user 7 5 OracleAS Cluster Identity Management 9 1 OracleAS Cold Failover Cluster 8 1 OracleAS Disaster Recovery 10 1 overview 7 1 requirements 7 5 summary of differences 7 4 hostname requirement 2 2 hosts file for name resolution OracleAS Disaster Recovery 10 6 IAS Admins group 5 2 ias_admin user 3 4 password for 3 4 Identity Management Access groups required for installation 5 5 Identity Management components 4 2 installing 4 16 installing Oracle Delegated Administration Services 4 6 installing Oracle Internet Directory only 4 20 installing OracleAS Certificate Authority and Metadata Repository 4 21 installing OracleAS Single Sign On 4 6 installing separately 4 5 installing without Internet Directory 4 18 Identity Management default realm location 2 21 infrastructure see OracleAS Infrastructure installActions log B 11 installation documentation locations 1 2 installation order for OracleAS Infrastructure 4 3 installation types OracleAS Infrastructure 4 1 4 2 installer see Oracle Universal Installer installing additional languages 3 3 installin
342. rom a test environment to a new production environment The remainder of this section addresses the recommended topologies for installing OracleAS Infrastructure instances It contains the following topics a Section 1 3 1 Installing Oracle Identity Management in a Single Oracle Home a Section 1 3 2 Installing a Distributed Oracle Identity Management with an Integrated Oracle HTTP Server a Section 1 3 3 Installing a Distributed Oracle Identity Management with a Standalone Oracle HTTP Server 1 3 1 Installing Oracle Identity Management in a Single Oracle Home This topology has all of the Oracle Identity Management components installed in the same Oracle home as depicted in Figure 1 1 This topology can be associated with a 10g Release 2 10 1 2 or 10g Release 3 10 1 3 middle tier 1 4 Oracle Application Server Installation Guide Recommended Topologies Figure 1 1 Oracle Identity Management in a Single Oracle Home Oracle Home 1 Oracle HTTP Server OC4J SSO DAS Application Server Control OracleAS Metadata Repository Requirements The requirements are the same as those listed in Chapter 2 Requirements Installation Sequence Perform an installation of Oracle Identity Management as described in Section 4 23 Installing Oracle Identity Management Components Only Including Oracle Internet Directory It is recommended that you install OracleAS Metadata Repository in an existing database See
343. ronments OracleAS Cluster Identity Management 9 1 Pre Installation Steps for OracleAS Cluster Identity Management a Install the OracleAS Metadata Repository in an existing database using the OracleAS RepCA See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for supported database configurations For OracleAS Cluster Identity Management configurations Oracle recommends using a high availability database configuration such as Real Application Clusters or cold failover cluster You can only install one OracleAS Cluster Identity Management on an OracleAS Metadata Repository Note For OracleAS Cluster Identity Management configurations you never select the Oracle Identity Management and OracleAS Metadata Repository option in the installer You always select the Oracle Identity Management option This is why you need an existing OracleAS Metadata Repository Always Select the Same Components Because the installer clusters the components in an OracleAS Cluster Identity Management configuration you need to select the same components in the Select Configuration Options screen for all the nodes in the cluster For example if you select Oracle Internet Directory OracleAS Single Sign On and Oracle Delegated Administration Services for the installation on node 1 then you have to select the same set of components in subsequent installations Clustering will fail if you select
344. ror similar to Failed to connect to server Connection refused by server or Can t open display when starting the installer On local_computer perform a remote login using telnet or rlogin to remote_ computer Log in as the oracle user as described in Section 2 7 Operating System User Ensure that the user has set the environment variables correctly as described in Section 2 8 Environment Variables local_computer gt rlogin 1 oracle remote_computer mydomain com OR local_computer gt telnet remote_computer mydomain com Set the DISPLAY environment variable on remote_computer to point to local_ computer Example C shell remote_computer gt setenv DISPLAY local_computer mydomain com 0 0 Example Bourne or Korn shell remote_computer gt DISPLAY local_computer mydomain com 0 0 export DISPLAY Run the installer See Section 3 15 Starting the Oracle Universal Installer Note You can use a PC X emulator to run the installer if it supports a PseudoColor color model or PseudoColor visual Set the PC X emulator to use a PseudoColor visual and then start the installer Refer to the X emulator documentation for instructions on how to change the color model or visual settings 2 10 4 Installing on Remote Computers You can run the installer on a remote computer remote_computer but have the installer screens display on your local computer local_computer The installer will install Orac
345. rtificate Authority OCA Select High Availability and Replication Click Next Installing in High Availability Environments OracleAS Cold Failover Cluster 8 27 Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster Table 8 9 Cont Installing Oracle Delegated Administration Services and OracleAS Single Sign On Screen Action 8 Specify Port Configuration Options Select High Availability Option Register with Oracle Internet Directory Specify Oracle Internet Directory Login Specify Virtual Hostname Specify Instance Name and ias_admin Password Select Manual and enter the fullpath to your staticports ini file in the provided field You created the staticports ini file in step 2 optional Create staticports ini Files on page 8 26 Click Next Select Virtual Host and click Next Enter connect information for the Oracle Internet Directory that you installed earlier Hostname Enter the virtual hostname to access the Oracle Internet Directory host SSL Port Enter the SSL port on which Oracle Internet Directory is listening See Section 4 17 How to Determine Port Numbers Used by Components if you do not know the port number Click Next Username Enter the username to log in to the Oracle Internet Directory Password Enter the password for the username Realm Enter the realm against which to validate the username This field ap
346. running 2 Display the Deployment Delegation Console page The URL is http hostname port oiddas ui oidinstallhome hostname specifies the name of the computer where you installed Oracle Delegated Administration Services port specifies the port on which Oracle HTTP Server is listening 3 Click Login 4 Enter a username and password to log in to Oracle Internet Directory and click Login The login user must have sufficient privileges to allow you to add users to the desired group To add users to this group Log in as a user who belongs to Repository Owners the same Repository Owners group Mid Tier Administrators the Repository Owners group for the same repository Component Owners the same Component Owners group 5 Perform the steps to add the user to the desired group To add the user to the Repository To add the user to the Mid Tier Owners group Administrators group To add the user to the Component Owners group 1 Click the Repository tab This displays all the metadata repositories for which you are an owner Select the metadata repository to which you want to add a user and click Manage Owners On the page that displays the current owners click Add Enter the first few characters of the user s name in the Search field and click Go If you leave the Search field empty and click Go you would get a list of all users in Oracle Internet Directory S
347. running OracleAS Randomize Password Configuration Assistant you need to perform these steps 1 2 3 Start Oracle Directory Manager Enter the Oracle Internet Directory hostname port user name and password Expand Entry Management gt cn OracleContext gt cn Products gt cn IAS gt cn IAS Infrastructure Databases Select orclreferencename your_globaldb_name For each schema under the your_globaldb_name tree there is an orclreferencename entry For the orclreferencename entry a Change the value of the orclpassword attribute to the schema name For example if wireless is the schema name change the orclpassword attribute value to wireless Change orclflexattributel to false Click Apply Perform these steps for all the schemas except ODS and OEM_REPOSITORY Using SQL Plus log in to the database where the OracleAS Randomize Password Configuration Assistant failure is occurring and run the following script prompt gt sqlplus sys password as sysdba SQL gt ORACLE_HOME assistants dbca admin unlock sql password specifies the password for the SYS user Rerun the OracleAS Randomize Password Configuration Assistant F 3 14 Database Configuration Assistant DBCA Failures Problem DBCA fails with the following error Open wallet failedoracle net config ServiceAliasException va 1137 ode a a a a a at oracle C a S a t oracle t oracle t oracle t oracle t orac
348. ry and Oracle Directory Integration Platform Screen Action 1 2 Select Configuration Options 3 Specify Port Configuration Options 4 Specify Repository 5 Select High Availability or Replication Option 6 Specify Namespace in Internet Directory 7 Specify Virtual Hostname Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Note In the Select Installation Type screen select Identity Management Select Oracle Internet Directory Do not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Do not select Oracle Application Server Certificate Authority OCA Select High Availability and Replication Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file in the provided field Click Next Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port
349. s Items to Remove or Clean Up To deinstall Oracle Application Server instances you have to clean up the items listed in Table D 1 The procedures are described later in this appendix Table D 1 Items to Deinstall Item to Clean Up Tool to Use Files from the Oracle home directory Installer If the installer does not remove all the files you can remove the remaining files using the rm command Entries for the deleted instance in the Inventory directory Installer Deinstallation and Reinstallation D 3 Deinstalling OracleAS Cold Failover Cluster Installations Table D 1 Cont Items to Deinstall Item to Clean Up Tool to Use Instance name from Farm page Installer Entries for the deleted instance in the You have to remove the entries manually See t le direct AVAT ODE econ Step 9 on page D 7 if you ar e deinstalling OracleAS Infrastructure Entries for the deleted instance in Oracle Internet Deconfig tool Directory The installer does not permit custom deinstallation of individual components D 3 Deinstalling OracleAS Cold Failover Cluster Installations If you are deinstalling an OracleAS Cold Failover Cluster installation 1 Stop the clusterware agents or packages that monitor and fail over the environment See your clusterware documentation for details 2 Then perform the steps described in this appendix If you do not take the resources offline the installer will hang du
350. s including middle tier components and applications use the virtual hostname The virtual hostname is associated with the active node which is the primary node during normal operation the secondary node upon failover Clients do not need to know which node primary or secondary is servicing requests You need to use the virtual hostname in URLs to access the active node For example if vhost mydomain com is the virtual hostname the URLs for the Oracle HTTP Server and the Application Server Control for this tier would look like the following URL for Example URL Oracle HTTP Server Welcome page http vhost mydomain com 7777 Oracle HTTP Server secure mode https vhost mydomain com 4443 Application Server Control http vhost mydomain com 1156 Installing in High Availability Environments OracleAS Cold Failover Cluster 8 19 Installing a Distributed OracleAS Cold Failover Cluster Identity Management Configuration Tier Running Oracle Delegated Administration Services and OracleAS Single Sign On Note that the nodes in this tier are not clustered Both nodes are active at the same time and you install the files locally on each node To access these nodes clients go through a load balancer For example if the name of the load balancer is loadbalancel mydomain com the URLs for the Oracle HTTP Server and the Application Server Control for this tier would look like the following URL for Example URL Oracle HT
351. s type to characterize the cluster solution For example two or more Oracle Identity Management instances are known as OracleAS Cluster Identity Management For details on OracleAS Cluster Identity Management see Chapter 9 Installing in High Availability Environments OracleAS Cluster Identity Management 7 1 3 OracleAS Disaster Recovery OracleAS Disaster Recovery configurations have the following characteristics a A production site and a standby site that mirrors the production site Typically these sites are located some distance from each other to guard against site failures such as floods fires or earthquakes During normal operation the production site handles all the requests If the production site goes down the standby site takes over and handles all the requests a Each site has all the hardware and software to run It contains nodes for running OracleAS Infrastructure and the middle tiers load balancers and DNS servers OracleAS Disaster Recovery includes OracleAS Infrastructure and middle tiers For details see Chapter 10 Installing in High Availability Environments OracleAS Disaster Recovery 7 1 4 Summary of Differences Table 7 1 summarizes the differences among the high availability configurations Table 7 1 Differences Among the High Availability Configurations OracleAS Cold OracleAS Disaster Failover Cluster OracleAS Clusters Recovery Node configuration Active Passive Ac
352. s a failover to the first node then you must select the same set of components in the Select Configuration Options screen for each installation For example if you select OracleAS Single Sign On and Oracle Delegated Administration Services on the first node you need to select them when installing on subsequent nodes 9 6 4 3 Start the Installer To install Oracle Internet Directory on subsequent nodes follow these steps Installing in High Availability Environments OracleAS Cluster Identity Management 9 19 Installing a Distributed OracleAS Cluster Identity Management Configuration Table 9 7 Steps for Installing Oracle Internet Directory in a Distributed OracleAS Cluster Identity Management on Subsequent Nodes Screen Action lL 2 Select Configuration Options 3 Specify Port Configuration Options 4 Specify Repository 5 Warning 6 Specify ODS Password Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes In the Select Installation Type screen select Oracle Identity Management Select Oracle Internet Directory Do not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform if you need this component Do not select Oracle Application Server Certificate Authority OCA Select H
353. s for Each Component 5 2 1 Global Groups Table 5 1 describes the groups that affect all Oracle Application Server instances and components registered with Oracle Internet Directory Table 5 1 Global Groups Group Description IAS Admins IAS Admins have the following privileges DN cn IASAdmins cn groups a Install and register new metadata repositories AS Admins have cn OracleContext no privileges to manage existing repositories already registered with Oracle Internet Directory Install middle tiers Trusted Application Admins To install Oracle Identity Management OracleAS Portal or OracleAS Wireless components you must belong to several groups one of which is the Trusted Application Admins group Table 5 4 lists the required groups for each component DN cn Trusted Application Admins cn groups cn OracleContext IAS amp User Management Application To install OracleAS Portal or OracleAS Wireless you must belong to Admins several groups one of which is the IAS amp User Management DN cn IAS amp User Mgmt Application Application Admins group Table 5 4 lists the required groups for each Admins cn groups cn OracleContext component 5 2 Oracle Application Server Installation Guide Groups in Oracle Internet Directory 5 2 2 Groups for Each Metadata Repository Each metadata repository registered with Oracle Internet Directory has its own groups as described in Table 5 2 This enables you to
354. s ini file in the provided field Click Next Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next Select Virtual Host and click Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next Note This is a critical screen when installing the infrastructure in an OracleAS Cold Failover Cluster If you do not see this screen check the following a Return to the Select High Availability or Replication Option screen and ensure that you selected Virtual Host a Return to the Select Configuration Options screen and ensure that you selected High Availability and Replication Virtual Hostname Enter the virtual hostname for the OracleAS Cold Failover Cluster configuration Example vhost mydomain com Click N
355. s not contain any files that contents might interfere with the installation 2 26 Oracle Application Server Installation Guide Prerequisite Checks Performed by the Installer Table 2 9 Cont Prerequisite Checks Performed by the Installer Item Description Oracle home directory You should install Oracle Application Server in a new directory Here are some examples of installations that are not allowed a Any type of Oracle Application Server into an 8 0 8i 9 0 1 or 9 2 database Oracle home a Any type of Oracle Application Server into an Oracle Management Service Oracle home Any type of Oracle Application Server into an Oracle Collaboration Suite Oracle home Any type of Oracle Application Server into an Oracle HTTP Server standalone Oracle home a Any type of Oracle Application Server into an OracleAS Web Cache standalone Oracle home a Any type of Oracle Application Server into an Oracle9i Developer Suite 9 0 2 Oracle home a Any type of Oracle Application Server into an Oracle Containers for J2EE standalone Oracle home Any type of Oracle Application Server into an Oracle9iAS 1 0 2 2 Oracle home Oracle Application Server middle tier into an infrastructure 9 0 2 9 0 4 or 10g 10 1 4 0 1 Oracle home a Oracle Application Server middle tier into an Oracle9iAS 9 0 2 9 0 3 or 9 0 4 middle tier Oracle home a OracleAS Developer Kits into an infrastructure 9 0 2 9 0 4 or 10g 10 1 4 0 1 Orac
356. s of the Installation for details 4 25 Installing Oracle Internet Directory Only Perform this procedure to install an Oracle Internet Directory Prerequisite OracleAS Metadata Repository Table 4 10 Steps for Installing Oracle Internet Directory Screen Action I 2 Select Configuration Options 3 Specify Port Configuration Options Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Notes a Inthe Select Installation Type screen select Identity Management Select Oracle Internet Directory Do not select Oracle Application Server Single Sign On Do not select Oracle Application Server Delegated Administration Services Do not select Oracle Directory Integration Platform Do not select Oracle Application Server Certificate Authority OCA Do not select High Availability and Replication Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file Click Next 4 20 Oracle Application Server Installation Guide Installing OCA and OracleAS Metadata Repository Only Table 4 10 Cont Steps for Installing Oracle Internet Directory Screen Action 4 Specify Repository 5 Specify Namespace in Internet Dire
357. s you enter on this screen are the same as the values you entered when you did the installation on the first node HTTP Listener Port Enter the port number that you want Oracle HTTP Server to listen on Enable SSL Select this option if you want to configure Oracle HTTP Server for SSL on this port HTTP Load Balancer Hostname Enter the name of the HTTP virtual server configured on your load balancer Enter the same virtual server name that you configured on the load balancer HTTP Load Balancer Port Enter the port for the HTTP virtual server Enable SSL Select this option if this port is for SSL communications only Click Next 9 14 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cluster Identity Management Configuration Table 9 5 Cont Steps for Installing OracleAS Cluster Identity Management on Subsequent Screen Action 12 Specify Instance Name Instance Name Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example id_mgmt ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section
358. sistant Failures General ccccccccsseeescceeeeececeeeeseececesenesenenenenes F 6 OracleAS Randomize Password Configuration Assistant Failures 0ccceee F 7 Database Configuration Assistant DBCA Failures 00 0 0 cccccesesecccesesceeseeeeeceees F 7 Harmless Error Message from Database Configuration Assistant DBCA F 8 OPMN Configuration Assistant Start HTTP Server Failures 00 0 0 eee F 8 OPMN Configuration Assistant Start DAS Instance Failures 0 0 0 0 eee F 9 OPMN Configuration Assistant Start OCA Failures ccccececcceseeeteeceeeeeeeeeeees F 9 WARNING DCM service may not be available at this time cesses seeseeeeeees F 9 OracleAS Cluster Identity Management Cluster Configuration Assistant Fails F 10 OracleAS Cluster Identity Management Installation Fails on Second Oracle Internet Directory Node csmi inira iata E Aa Ear E ARE Ean EET ee deea CLEANS aaie ii F 10 OracleAS Cluster Identity Management Installation Fails on Second Oracle Delegated Administration Services and OracleAS Single Sign On Node F 10 Deinstallation Problems and Solutions cccceesssesssesesesescsenesesescsesesesescsesssesescsesssnessesees F 11 Obsolete Partner URLs Still Remain on the OracleAS Single Sign On Administration SCLEOMY sess a e E sa avitetsvcsa dane E a gea a a aa eaa aa rii a T F 11 Unable to Reuse Instance Name of a Deleted Instance c ccccecccceeeteteteesteteee
359. soca log r Before running this configuration assistant check that Oracle Internet Directory OracleAS Metadata ORACLE_HOME sso log ssoreg log Repository and the Repository API are configured Unlock Metadata Unlocks the schemas in the OracleAS Metadata ORACLE_HOME config Repository Repository This configuration assistant is run for infratool_unlock_schema log Schemas Oracle Identity Management installations Configuration Assistant Use Infrastructure Updates the ORACLE_HOME config ORACLE_HOME config Configuration ias properties file registers the instance with j2ee_instance_jazn log Assistant Oracle Internet Directory and creates the ldap ora file with Oracle Internet Directory credentials in the ORACLE_HOME network admin directory Before running this configuration assistant check that the PATH environment variable includes the ORACLE_HOME 1ib and ORACLE HOME directories ORACLE_HOME cfgtoollogs j2ee_instance_jazn log Configuration Assistants E 7 Description of Oracle Application Server Configuration Assistants E 8 Oracle Application Server Installation Guide F Troubleshooting This appendix describes solutions to common problems that you might encounter when installing Oracle Application Server It contains the following sections F 1 Log Files Section F 1 Log Files Section F 2 General Troubleshooting Tips Section F 3 Installation Problems and Solutions Sectio
360. ss Protocol LDAP protocol over TLS SSL was sldap LDAP protocol over TLS SSL was sldap 1 1 1 1 If you do not comment out or remove the lines from etc services then the installer will not assign ports 389 and 636 It assigns a number from the port number range for Oracle Internet Directory Refer to Appendix C 2 Default Port Numbers for a list of default port numbers The installer will not assign port numbers that are specified in the etc services file If you do not want the installer to assign a specific port number then add the port number to the etc services file For example if you want to reserve port 7777 for an application you can add something like the following line to etc services myApplication 7777 tcp The installer will not assign port 7777 to any component if this line exists in the etc services file 2 5 3 Using Custom Port Numbers the Static Ports Feature To instruct the installer to assign custom port numbers for components 1 Create a file containing the component names and port numbers Section 2 5 3 1 Format of the staticports ini File describes the file format This file is typically called the staticports ini file but you can name it anything you want 2 In the installer on the Specify Port Configuration Options screen select Manual and enter the full path to the staticports ini file If you do not specify the full path to the file the installer will not
361. ssssissisesseesees B 9 B 6 Start the Installations ia e ee ae eed adh oth bt aE ae Te E a B 10 B 7 Post l stalla tioii eaa asa ERa Eaa aeara B 11 B 8 Security Tips for Silent and Non Interactive Installations cece eect eee B 11 B 9 De imstallati onise cen a EN E ia dana EA R E E B 12 Default Port Numbers C 1 Method of Assigning Default Port Numbers ssssssssssessessssissiesesssesiestesessreniesessessrenreseenee C 1 C 2 Defarilt Port Numper Se aee ae er a a aa losis delesed svaccsdetecdslustusivicedslssucecdindewaevvees C 1 C 3 Ports to Open in Firewalls sineresia a cll e cl E ccdus avons ca RE A RER R REEE C 3 Deinstallation and Reinstallation D 1 Decontg Tool rire geris E EE wctvtociea NE E E R E E E E N R D 1 D 1 1 PATATCLETS wires uoe e A E E Sa E a a E a ccadbewstetesh nae D 2 D 1 2 Log Files Generated by the Deconfig Tool ss ssssessssssssississesrsrsieseesessresinsinsessnesneseesne D 3 D 2 Deinstallation Procedure OVerview sccscsesesscesesseseesecseescesesaeseecesecaecaeeseaecaeeeseecsenaeaeeaes D 3 D 3 Deinstalling OracleAS Cold Failover Cluster Installations 00 0 0 cece eects eeeeees D 4 D 4 Deinstalling OracleAS Single Sign On Instances in OracleAS Cluster Identity Management x sscvccziiscvsctiade desis fees aneia dienaren aaa bodan An aeei aoas Ea Raani i Carinha isio didi widna D 4 D 5 Deinstalling OracleAS Cluster Identity Management s ssssssssssssissesssssssrisssssersisessesseene D 5 D 6
362. st Time Installation of Any Oracle Product If Oracle Application Server is the first Oracle product to be installed on a computer the installer displays a screen where you specify an inventory directory also called the oralnventory directory This inventory directory is used by the installer to keep track of all Oracle products installed on the computer The inventory directory is separate from the Oracle home directory for Oracle Application Server 3 2 Oracle Application Server Installation Guide Oracle Application Server Instances and Instance Names To ensure other users in the oinstall group have access to the inventory directory so that they can install Oracle products do not use the oracle user s home directory as the inventory directory because home directories might not have the proper permissions set up for the oinstall1 group Instead you can put the inventory directory in the opt oracle directory for example opt oracle oraiInventory If you have installed an Oracle product previously on the computer the installer uses the existing inventory directory Ensure that you have write permissions on that directory The best way of ensuring this is to run the installer as the same operating system user who installed the existing Oracle products Oracle recommends creating an operating system user to perform all tasks related to installation of Oracle products See Section 2 7 Operating System User 3 4 Instal
363. stallation will fail 2 Install the OracleAS Metadata Repository See any of the procedures that install an OracleAS Metadata Repository in Chapter 4 Installing OracleAS Infrastructure for example Section 4 20 Installing OracleAS Infrastructure or Section 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory 3 Update the configuration file of the new listener as necessary The name of the listener configuration file is Listener ora located in the ORACLE_ HOME network admin directory a Check network address entries in the existing listener s configuration file If the existing listener s configuration file contains only the following network addresses TCP Port 1521 IPC key EXTPROC you do not have to edit the OracleAS Metadata Repository listener s configuration file for network addresses If the configuration file contains other network addresses you need to add them to the OracleAS Metadata Repository listener s configuration file b Check SID_DESC entries in the existing listener s configuration file If the existing listener s configuration file contains SID_DESC entries for the existing database you need to add these entries to the OracleAS Metadata Repository listener s configuration file c Do not start the existing listener version earlier than 10 1 0 2 Now that the new listener supports both databases you do not need to run the existing listen
364. staller Screens Table 8 5 Installing Oracle Identity Management Components Screen Action 1 Start up the installer and complete the first few screens See Section 4 27 Install Fragment The First Few Screens of the Installation for details Note In the Select Installation Type screen select Oracle Identity Management 2 Select Configuration Select Oracle Internet Directory Options Select Oracle Application Server Single Sign On Select Oracle Application Server Delegated Administration Services Select Oracle Directory Integration Platform Select Oracle Application Server Certificate Authority OCA if you want a certificate authority Select High Availability and Replication Click Next Installing in High Availability Environments OracleAS Cold Failover Cluster 8 17 Installing an OracleAS Cold Failover Cluster Identity Management Configuration Table 8 5 Cont Installing Oracle Identity Management Components Screen Action 3 Specify Port Configuration Options 4 Specify Repository 5 Select High Availability or Replication Option 6 Specify Namespace in Internet Directory 7 Specify Virtual Hostname 8 OCA screens 9 Specify Instance Name and ias_admin Password 10 If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticport
365. stalling OracleAS Infrastructure 4 1 Why Would Select the Different Infrastructure Installation Types Table 4 2 OracleAS Infrastructure Components Infrastructure Components Description Oracle Identity These components provide directory security and user Management components management functionality Some of these components have schemas in the OracleAS Metadata Repository Oracle Internet Directory a OracleAS Single Sign On a Oracle Delegated Administration Services a Oracle Directory Integration Platform a OracleAS Certificate Authority OracleAS Metadata OracleAS Metadata Repository is a collection of schemas used Repository by other Oracle Application Server components The schemas can be grouped into these categories Product metadata a Oracle Identity Management metadata m Management metadata See Section 4 11 Contents of the OracleAS Metadata Repository for details When you install the infrastructure the installer asks if you want to install the Oracle Identity Management components OracleAS Metadata Repository or both These are the installation types for the OracleAS Infrastructure a Oracle Identity Management and OracleAS Metadata Repository a Oracle Identity Management a OracleAS Metadata Repository In addition to the components listed in Table 4 2 when you install the OracleAS Infrastructure you also get the Oracle HTTP Server Oracle Containers for J2EE and Oracle Enterprise Ma
366. stance See Section 5 8 1 Using Oracle Directory Manager to Add Users to Groups for steps on how to add users to groups OracleAS Single Sign On You must install OracleAS Single Sign On as the superuser cn orcladmin Oracle Directory Integration Platform iAS Admins Trusted Application Admins Admin for Oracle Directory Integration Platform which is identified by cn dipadmingrp cn odi cn oracle internet directory Mid Tier Admins group for the metadata repository used by OracleAS Single Sign On If you are unsure which metadata repository is used by OracleAS Single Sign On see To Determine the Metadata Repository Used by OracleAS Single Sign On on page 5 6 5 4 Oracle Application Server Installation Guide Groups Required to Configure or Deinstall Components Table 5 4 Cont Oracle Internet Directory Groups Required to Configure Components To Configure This Component User Must Be a Member of ALL Listed Groups OCA configured against an existing m OracleAS Metadata Repository Trusted Application Admins iAS Admins Repository Owners group for the existing metadata repository OCA configured against a new m OracleAS Metadata Repository that is you are installing and configuring OCA and OracleAS Metadata Repository in the same installation session Trusted Application Admins iAS Admins J2EE and Web Cache Middle tier Features Oracle Identity Management Access
367. sting database See the Oracle Application Server Metadata Repository Creation Assistant User s Guide for details Install Oracle Internet Directory See Section 4 25 Installing Oracle Internet Directory Only Install the remaining Oracle Identity Management components See Section 4 24 Installing Oracle Identity Management Components Only Excluding Oracle Internet Directory l gt Oracle Internet Directory gt OracleAS Metadata Repository dentity Management components Oracle Directory Integration and Provisioning Oracle Delegated Administration Services OracleAS Single Sign On OracleAS Certificate Authority F OracleAS Certificate Authority O racleAS Metadata Repository In this configuration you want OCA to use its own OracleAS Metadata Repository for security reasons Other Oracle Identity Management components use another OracleAS Metadata Repository To install this configuration 1 Install OracleAS Metadata Repository and Oracle Identity Management components but not OCA You can install all these items in the same Oracle home see the first configuration or you can distribute them The figure shows a distributed configuration Install OCA with its own OracleAS Metadata Repository See Section 4 21 Installing OracleAS Infrastructure Against an Existing Oracle Internet Directory Note that if you install Oracle Id
368. superuser 5 1 for ias_admin user 3 4 for orcladmin user 5 2 for SYS SYSTEM users 4 10 randomization of schema passwords 4 7 PATH environment variable 2 19 port 1521 2 11 2 15 already in use 2 13 portlist ini file 2 11 ports 2 8 choosing port numbers 2 12 how to determine 4 11 list of default port numbers C 1 static ports 2 10 using default port numbers 2 9 ports 389 and 636 2 10 post installation steps 11 1 for silent or non interactive installations B 11 OracleAS Cluster Identity Management 9 24 OracleAS Cold Failover Cluster 8 31 pre installation steps for silent and non interactive installations B 2 prerequisite checks 2 26 failures F 3 processor 2 3 Product Languages button 3 3 profile file 2 19 R RAM requirements 2 3 realms 5 16 record mode in the installer B 3 registering OracleAS Metadata Repository 4 7 remote installations 2 23 2 24 Repository Owners group 5 3 requirements browser 2 4 disk space 2 4 environment variables 2 18 for multihomed computers 2 22 hostname 2 2 IP 2 2 kernel parameters 2 7 memory 2 3 network 2 2 operating system version 2 2 processor 2 3 swap space 2 4 response files B 1 Index 5 creating B 3 creating using the record mode B 3 examples B 4 specifying on command line B 10 templates B 3 reusing database name F 12 root user 3 6 root sh 3 6 runInstaller command executeSysPrereqs parameter 2 2 on CD ROM 3 9 on
369. t Replication and click Next Select One way LDAP Replication if you want to use fan out replication in one direction Select Two way LDAP Replication if you want to use fan out replication in both directions Select Advanced Replication if you want multimaster replication Click Next Hostname Enter the name of the computer running the master Oracle Internet Directory Port Enter the port at which the master Oracle Internet Directory is listening Do not select Use only SSL connections with this Oracle Internet Directory If you want Oracle Internet Directory to run in SSL only mode you can make this configuration change after installation See the Oracle Application Server Administrator s Guide for details Click Next Username Enter cn orcladmin because you have to connect to the master Oracle Internet Directory as the superuser Password Enter the password for the superuser Click Next Select the suggested namespace or enter a custom namespace for the location of the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next If you selected Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen the installer displays screens for configuring OCA See Section 4
370. t as the root user The root sh script detects settings of environment variables and enables you to enter the full path of the local bin directory Use non interactive installation of Oracle Application Server when there are specific screens you want to observe during installation B 3 Pre installation 1 Login as the root user prompt gt su 2 Create an empty file 3 Exit from the root user exit B 4 Notes for Silent and Non Interactive Installations This section describes special cases that are applicable when you are performing silent or non interactive installations a Section B 4 1 Installing OracleAS Certificate Authority B 4 1 Installing OracleAS Certificate Authority If you are installing OCA check the following If you are installing OCA against an existing Oracle Internet Directory make sure the Oracle Internet Directory has OracleAS Single Sign On configured If not the OCA Configuration Assistant will fail a Ifyou are installing OCA with a new Oracle Internet Directory make sure you are also configuring OracleAS Single Sign On If not the OCA Configuration Assistant will fail In interactive mode the installer performs the checks for you and displays a warning if the requirements are not met However in silent or non interactive mode the installer is not able to display a warning B 2 Oracle Application Server Installation Guide Create the Response File B 5 Create the Response Fil
371. t have Oracle products create a group to own the inventory directory Refer to Section 2 6 1 Create a Group for the Inventory Directory If you plan to install the OracleAS Metadata Repository in a new database that is one created by the installer create groups for database administrators Refer to Section 2 6 2 Create Groups for Database Administrators To create the oinstall group enter the following command usr sbin groupadd oinstall For more information about operating system users and groups see your operating system documentation or contact your system administrator 2 6 1 Create a Group for the Inventory Directory If you plan to install Oracle Application Server on a computer that does not have Oracle products create a group to own the inventory directory The installer writes its files in the inventory directory to keep track of the Oracle products installed on the computer This guide uses the name oinstal1 for this operating system group By having a separate group for the inventory directory you allow different users to install Oracle products on the computer Users need write permission for the inventory directory They can achieve this by belonging to the oinstal1 group For the first time installation of any Oracle product on a computer the installer displays a screen where you enter a group name for the inventory directory and a screen where you enter the location of the inventory directory T
372. t you run the binaries from the proper Oracle home Environment variables that you need to set include ORACLE_HOME and PATH 3 1 1 Installing in an Existing Oracle Home Generally you cannot install Oracle Application Server in an existing Oracle home See Oracle home directory on page 2 27 for a list of combinations that are not allowed 3 1 2 Installing in a Non Empty Oracle Home You cannot install Oracle Application Server in a directory that already contains some files except for the cases mentioned in Section 3 1 1 Installing in an Existing Oracle Home For example if you cancel an installation or if an installation failed you have to clean up the directory before you can reinstall Oracle Application Server in it Also the installer cannot repair an installation See Section F 3 4 Message About Installing in a Non Empty Directory for instructions on how to clean up the directory 3 2 Can I Use Symbolic Links You can create symbolic links before installing Oracle Application Server and use them during installation For example if you run the following commands prompt gt mkdir home basedir prompt gt 1n s home basedir home linkdir then when you run the installer you can specify home 1inkdir as the Oracle Home After installation you cannot create symbolic links to the Oracle Home You also may not move the Oracle Home to a different location and create a symbolic link to the original Oracle Home 3 3 Fir
373. tallation Steps for OracleAS Cold Failover Cluster Infrastructure Step Description 1 Perform Pre Installation Steps Pre installation tasks described in Section 8 2 include Section 8 2 1 Map the Virtual Hostname and Virtual IP Address Section 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes Section 8 2 3 Review Recommendations for Automatic Storage Management ASM 2 Install OracleAS Infrastructure Install OracleAS Infrastructure on the shared storage 3 Perform Post Installation Steps This post installation step configures the CSS daemon This step is required only if you are using ASM Automatic Storage Management feature of the Oracle database and you do not have an existing Oracle database 8 3 2 OracleAS Cold Failover Cluster Infrastructure Details of Installation Steps This section lists the steps for installing OracleAS Infrastructure in an OracleAS Cold Failover Cluster Infrastructure configuration Step 1 Perform Pre Installation Steps Perform the pre installation steps listed in Section 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster Step 2 Install OracleAS Infrastructure For OracleAS Cold Failover Cluster Infrastructure you install both OracleAS Metadata Repository and Oracle Identity Management in the same Oracle home by selecting Identity Management and Metadata Repository in the Select Installation Type screen This option creates a new database for the Oracle
374. tance in an OracleAS Cluster the instance name must not contain the following a hostname or IP address of any computer in the OracleAS Cluster Oracle home of any Oracle Application Server installation in the OracleAS Cluster How Oracle Application Server Uses Instance Names Instance names are important because Oracle Application Server uses them to uniquely identify instances This means that if you install multiple Oracle Application Server instances on the same computer for example an OracleAS Infrastructure and a J2EE and Web Cache instance you must give them different names When you administer Oracle Application Server using Oracle Enterprise Manager 10g Application Server Control or Application Server Control for short the instance name appears on the screens You can click the instance name to see details about the instance such as the components that are installed in that instance if the components are running or stopped and the log files for the components The Application Server Control is a browser based administration tool for Oracle Application Server See the Oracle Application Server Administrator s Guide for details about this administration tool In addition some dcmct1 commands require an instance name as a parameter demct1 is a command line tool for administering Oracle Application Server instances See the Distributed Configuration Management Administrator s Guide for details about demctl 3 6 The ias_
375. tches software packages and Linux x86 64 certification informations Section 2 4 Kernel Parameters Lists required values for kernel parameters Section 2 5 Ports Describes how to configure components to use ports other than the default ports Section 2 6 Operating System Groups Describes why the operating system user who installs Oracle Application Server should belong to certain operating system groups Section 2 7 Operating System User Describes why you should create an operating system user to install Oracle Application Server Section 2 8 Environment Variables Describes how to set or unset environment variables required for installation Section 2 9 The etc hosts File Describes how the installer uses the information in the hosts file This section also describes how to specify the same information without editing the file Section 2 10 Network Topics Describes network issues such as installing Oracle Application Server on a remote computer using a remote CD ROM DVD ROM drive or installing from a hard disk Section 2 11 Prerequisite Checks Performed by the Installer Lists the items checked by the installer such as length of the Oracle home name and whether or not the Oracle home directory already contains another Oracle product 2 1 Using OracleMetaLink to Obtain the Latest Oracle Application Server Hardware and Software Requirements The Oracle Ap
376. ted Administration Services and OracleAS Single Sign On in OracleAS Cold Failover Cluster Details of Installation Steps Step 1 Perform Pre Installation Steps Perform the pre installation steps listed in Section 8 2 Pre Installation Steps for OracleAS Cold Failover Cluster Step 2 optional Create staticports ini Files If you wish you may set up two staticports ini files one for each set of nodes For information on staticports ini see Section 2 5 3 Using Custom Port Numbers the Static Ports Feature 8 26 Oracle Application Server Installation Guide Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster Step 3 Install OracleAS Metadata Repository and Oracle Internet Directory Install OracleAS Metadata Repository and Oracle Internet Directory in the same Oracle home by selecting Identity Management and OracleAS Metadata Repository in the Select Installation Type screen This option creates a new database for the OracleAS Metadata Repository and a new Oracle Internet Directory The steps are the same as those listed in step 2 Install OracleAS Infrastructure on page 8 8 with these differences a Inthe Select Configuration Options screen select these components options Oracle Internet Directory Oracle Directory Integration Platform High Availability and Replication Do not select these components Oracle Application Server Single Sig
377. ter Infrastructure Overview of Installation SEEPS E E ETTE E A denies 8 13 8 4 2 Distributed OracleAS Cold Failover Cluster Infrastructure Details of Installation EIn o E vanagieasdvanaceasdagoasatoaaaacesduisasoadiandgatidavacrioubesaauna 8 13 8 5 Installing an OracleAS Cold Failover Cluster Identity Management Configuration 8 14 8 5 1 OracleAS Cold Failover Cluster Identity Management Overview of Installation Steps E E E E E A 8 16 8 5 2 OracleAS Cold Failover Cluster Identity Management Details of Installation Steps bwanehdzauwaieescenssidinel cites sachs tovaasbeyseelan cdannantacencdusasabtestetactesta aaabedsupebstcateash hada deesaagestante 8 17 8 6 Installing a Distributed OracleAS Cold Failover Cluster Identity Management COMPS UTATION sertie oen aat aAa ES es e aE aaa aa A aa aeaa e ae TARE EEEa 8 19 8 6 1 Distributed OracleAS Cold Failover Cluster Identity Management Overview of Installation Steps at ia o a ara E EA E N Ea T EAE N 8 21 8 6 2 Distributed OracleAS Cold Failover Cluster Identity Management Details of Installation Steps sieti eranen saceviecepstecestea dens iniedi tines iteasnasesdudstenuccussdestscvaseneubesasbes 8 22 8 7 Installing Oracle Delegated Administration Services and OracleAS Single Sign On in an OracleAS Cold Failover Cluster o cccccce cece ara a ap A aaa aa A eraai AEG AEEA 8 24 8 7 1 Oracle Delegated Administration Services and OracleAS Single Sign On in OracleAS Cold Failover Clus
378. ter Overview of Installation Steps ccccesceeeeeseeteeneeeteenees 8 26 8 7 2 Oracle Delegated Administration Services and OracleAS Single Sign On in OracleAS Cold Failover Cluster Details of Installation Steps cccccescseesecseeeteeteeeteeeaeenes 8 26 8 8 Installing Only the OracleAS Metadata Repository in an OracleAS Cold Failover Cluster BAVIFONMEN ontore aren eane Ee aa a EAE Eae AE EREE AEAEE EAE ESANEAN E SS ARa Et 8 30 8 9 Post Installation Steps for OracleAS Cold Failover Cluster c ccc eee nese 8 31 8 9 1 Edit the ORACLE _HOME Apache Apache htdocs index html File 8 31 8 9 2 Copy the var opt oracle Directory to the Other Node cec sees ee eeeeeeeeees 8 31 8 9 3 Running Database Console against a Cold Failover Cluster Database 8 31 8 9 4 Create a Clusterware Agent for Automatic Failover c cccsccsscstesesceeeeeessseeneenens 8 32 8 10 Installing Middle Tiers Against an OracleAS Cold Failover Cluster Infrastructure 8 32 8 10 1 If You Plan to Install Middle Tiers on OracleAS Cold Failover Cluster Nodes 8 32 8 10 1 1 Create a staticports ini File for the Middle Tier cece teenies 8 32 8 10 1 2 Rename the var opt oracle Directory Used for the Infrastructure 8 33 8 10 2 Procedure for Installing Middle Tiers Against an OracleAS Cold Failover Cluster TNfPAStHUCHULE iie inaani anet e ie aaia aaa a Ea AEAEE 8 33 8 11 Installing Regular Middle Tiers on OracleAS Cold F
379. the OracleAS Infrastructure When the middle tier installation is complete do the following rename operations prompt gt su Password root_password cd var opt mv oracle oracle mt see 1 mv oracle infra oracle see 2 1 This command renames the oracle directory created by the installer when it installed the middle tier 2 This command renames the oracle infra directory back to oracle The var opt oracle directory is not used during Oracle Application Server runtime The only time you need it is when you run the installer for example to de install an instance or to expand an instance Be sure the correct oracle directory is in place before you run the installer 8 10 2 Procedure for Installing Middle Tiers Against an OracleAS Cold Failover Cluster Infrastructure To install middle tiers against OracleAS Infrastructure in an OracleAS Cold Failover Cluster follow the middle tier installation procedures as documented in Oracle Application Server Installation Guide for the middle tier release but with these differences a Inthe Register with Oracle Internet Directory screen enter the virtual hostname in the Hostname field If you are installing the middle tier on an OracleAS Cold Failover Cluster node you must follow these additional requirements Installing in High Availability Environments OracleAS Cold Failover Cluster 8 33 Installing Regular Middle Tiers on OracleAS Cold Failover Cluster Nodes
380. the installer is a member of the dba group If you want a different operating system group to have SYSDBA privileges or if you want to associate SYSDBA and SYSOPER privileges with different groups ensure the user running the installer does not belong to the dba group If the user running the installer does not belong to the dba group the installer displays a screen where you can enter the names of groups to have the database administrator privileges The screen has two fields one for the OSDBA group and one for the OSOPER group refer to Table 2 6 You can enter the same operating system group for both fields 2 7 Operating System User Create an operating system user to install and upgrade Oracle products This guide refers to this user as the oracle user The oracle user running the installer must have write permission for these directories a the Oracle home directory which contains files for the product you are installing the inventory directory which is used by the installer for all Oracle products If the computer contains other Oracle products you might already have a user for this purpose Look in the var opt oracle oraiInst 1oc file This file lists the location of the inventory directory and the group who owns it If the file does not exist the computer does not have Oracle products installed on it If you do not already have a user for installing Oracle products create a user with the following properties Table 2
381. the master Oracle Internet Directory and the replicas Changes made to any node are propagated to the other nodes Figure 6 1 Example of One Way Fan Out Replication LDAP Replication 5 4 B 4 p EO OF GC gt LDAP Master Replica Read Write Full Replica Read Only Partial Replica Read Only In fan out replication Oracle Internet Directory instances use the LDAP protocol to communicate with each other The Select Oracle Internet Directory Replication Mode screen in the installer uses the term LDAP Replication to refer to fan out replication The procedure for installing a master Oracle Internet Directory is the same as installing a regular non replicated Oracle Internet Directory The procedure for installing replicas is different When installing a replica you must select the High Availability and Replication option in the Select Configuration Options screen and you need to provide connect information to the master Oracle Internet Directory The Oracle Application Server instance that runs the Oracle Internet Directory master or replica can also run other Oracle Application Server components such as the OracleAS Metadata Repository OracleAS Single Sign On Oracle Delegated Administration Services and or Oracle Directory Integration Platform 6 1 2 Multimaster Replication Advanced Replication In multimaster replication you have one or more master Oracle Internet Directory instances You can also
382. the su command to switch users for example switching from the root user to the oracle user check the environment variables when you are the new user because the environment variables might not be passed to the new user This can happen even if you run su with the parameter su user root user su oracle env 2 8 2 ORACLE_HOME and ORACLE_SID These environment variables must not be set 2 8 3 PATH CLASSPATH and LD_LIBRARY_PATH Edit your PATH CLASSPATH and LD_LIBRARY_PATH environment variables so that they do not reference any Oracle home directories 2 8 4 DISPLAY Set the DISPLAY environment variable to point to the X server that will display the installer The format of the DISPLAY environment variable is hostname display_number screen_number Example C shell setenv DISPLAY test mydomain com 0 0 Example Bourne or Korn shell DISPLAY test mydomain com 0 0 export DISPLAY You can test the display by running the xclock program bin x11 xclock Oracle Application Server requires a running X server during installation only The frame buffer X server installed with your operating system requires that you remain logged in and have the frame buffer running during installation If you do not wish to do this then you must use a virtual frame buffer such as X Virtual Frame Buffer XVFB or Virtual Network Computing VNC Visit Oracle Technology Network http www oracle com technology f
383. till use a virtual hostname via a hardware cluster or load balancer by following the post installation configuration steps for cold failover cluster middle tiers a Failover procedure An active passive configuration also includes a set of scripts and procedures to detect failure of the active instance and to failover to the passive instance while minimizing downtime The advantages of an OracleAS Cold Failover Cluster configuration include m Increased availability If the active instance fails for any reason or must be taken offline an identically configured passive instance is prepared to take over at any time a Reduced operating costs In an active passive configuration only one set of processes is up and serving requests Management of the active instance is generally less than managing an array of active instances 7 2 Oracle Application Server Installation Guide Overview of High Availability Configurations Application independence Some applications may not be suited to an active active configuration This may include applications which rely heavily on application state or on information stored locally An active passive configuration has only one instance serving requests at any particular time In general the term OracleAS Cold Failover Cluster describes clustering at the Oracle Application Server instance level However if it is necessary to call out the specific type of instances being clustered this document will
384. tion Server on a multihomed computer create the OUI_HOSTNAME environment variable Set this variable to point to the hostname of the computer on which you are installing Oracle Application Server See Also a Section 2 10 1 Installing on Multihomed Multi IP Computers 4 If you are installing from your hard drive go to the next step 3 8 Oracle Application Server Installation Guide Starting the Oracle Universal Installer CD ROM users Insert Oracle Application Server Disk 1 into the CD ROM drive DVD ROM users Insert the Oracle Application Server DVD ROM into the DVD ROM drive 5 Run the Oracle Universal Installer using the command shown after the notes Notes a Be sure you are not logged in as the root user when you start the Oracle Universal Installer The installer gives an error message if you try to run it as the root user a Do not start the installation inside the mount_point directory If you do then you may not be able to eject the installation disk The cd command below changes your current directory to your home directory CD ROM prompt gt cd prompt gt mount_point 10 1 4disk1 runInstaller DVD ROM prompt gt cd prompt gt mount_point application_server runInstaller Hard Drive prompt gt cd disk1_directory prompt gt runInstaller where disk1_directory is the directory where you unzipped the Disk 1 file This launches Oracle Universal Installer through which you install
385. tion is to install and run the non cold failover cluster middle tiers on nodes outside the OracleAS Cold Failover Cluster 8 10 1 If You Plan to Install Middle Tiers on OracleAS Cold Failover Cluster Nodes If you plan to install a non cold failover cluster middle tier on an OracleAS Cold Failover Cluster node primary or secondary perform these tasks before installing the middle tier a Section 8 10 1 1 Create a staticports ini File for the Middle Tier Section 8 10 1 2 Rename the var opt oracle Directory Used for the Infrastructure 8 10 1 1 Create a staticports ini File for the Middle Tier Ensure that the ports used by the middle tier are not the same as the ports used by the infrastructure The reason is that the infrastructure can fail over from the primary to the secondary node and vice versa and there must not be any port conflicts on either node The same ports must be reserved for the infrastructure on both nodes If the infrastructure is running on the same node where you want to install the middle tier the installer can detect which ports are in use and select different ports for the middle tier For example if the infrastructure is running on the primary node and you run the installer on the primary node to install the middle tier then the installer can assign different ports for the middle tier However if the infrastructure is running on a node different from where you want to install the middle tier th
386. tive Active Active Passive Hardware cluster Yes No Optional hardware cluster required only if you installed the OracleAS Infrastructure in an OracleAS Cold Failover Cluster configuration Virtual hostname Yes No Yes Load balancer No Yes No Shared storage Yes No No 1 Geographic load balancer may be used to perform site name switchover 7 2 Installation Order for High Availability Configurations For all high availability configurations you install the components in the following order 7 4 Oracle Application Server Installation Guide Requirements for High Availability Configurations 1 OracleAS Metadata Repository 2 Oracle Identity Management components If you are distributing the Oracle Identity Management components you install them in the following order a Oracle Internet Directory and Oracle Directory Integration Platform b OracleAS Single Sign On and Oracle Delegated Administration Services 3 Middle tiers Note that you can install middle tiers before the other components and reassociate them with the high availability configuration following installation of the other components 7 3 Requirements for High Availability Configurations This section describes the requirements common to all high availability configurations In addition to these common requirements each configuration has its own specific requirements See the individual chapters for details Note You still need to meet the requirements l
387. toolstimestamp log Assistani a Add entries to the targets xml1 file s Add entries to the iasadmin properties file This configuration assistant requires the deploy ini file OC4J Instance Configures OC4J instances for deployed Oracle ORACLE_HOME cfgtoollogs Configuration Application Server applications configtoolstimestamp log Assistant OPMN Starts OPMN and OPMN managed processes ORACLE_HOME cfgtoollogs Configuration configtoolstimestamp log Assistant ORACLE_HOME cfgtoollogs ipm log ORACLE_HOME cfgtoollogs ons log OPMN Starts Oracle Delegated Administration Services ORACLE_HOME cfgtoollogs Configuration instance through OPMN configtoolstimestamp log Assistant start DAS instance ORACLE_HOME cfgtoollogs ipm log ORACLE_HOME cfgtoollogs ons log OPMN Starts OCA through OPMN ORACLE_HOME cfgtoollogs Configuration configtoolstimestamp log Assistant start OCA ORACLE_HOME cfgtoollogs ipm log ORACLE_HOME cfgtoollogs ons log OPMN Starts Oracle HTTP Server through OPMN ORACLE_HOME cfgtoollogs Configuration configtoolstimestamp log Assistant start Oracle HTTP ORACLE_HOME cfgtoollogs Server HTTP_Server 1 OCA Configures a self signed certificate authority ORACLE_HOME cfgtoollogs Configuration integrated with OracleAS Single Sign On for oca_install log Assistant authentication Before running this configuration assistant check that Oracle Internet Directory OracleAS Metadata Repository OracleAS Si
388. tory 0 cecc eee ee ceeseecesesesseeeesesesssssseesessesesesees 5 1 5 2 Groups in Oracle Internet Directory irsisiatuhassss nsyi iskia 5 2 5 2 1 Global Groups piispan ie besa a lanes bessdsestatdesiveevet a E 5 2 5 2 2 Groups for Each Metadata Repository cceccc sce ce cseseeeeeesesssesseeseseseseseeeseseesenees 5 3 5 2 3 Groups for Each Component c ccccsccccsssesescscseseseecscssseseseecscessnsnececscsssesnececesensneseseeeens 5 3 5 3 Groups Required to Configure or Deinstall Components 0 0 0 sete ceeeeeeeeeseneeenees 5 4 5 4 Groups Required to Install Middle Tiers cccccccc cesses cs csesesescscseseseececesseseececessssneseeseenens 5 7 vi 5 4 1 Groups Required to Install Against the Desired Metadata Repository ccccs 5 7 5 4 2 Groups Required to Install Middle tier Components se ssssssssssssssissessssresressesssseesens 5 7 5 4 3 Example 2 accsheasia en iiit Glin dees tei th ER AER EEA EETA Gavin 5 7 5 5 Groups Required to Install Additional Metadata Repositories ccccsseeeseseseeneens 5 8 5 6 Example of Installation with Different Users ccccsssccsssesesesescseneescscesesesescsesnseseeeenens 5 8 5 7 How to Create Users in Oracle Internet Directory eee seeeeeeeeeteneseeeeeees 5 10 5 8 How to Add Users to Groups in Oracle Internet Directory ccccccsseceneteesesteteeeeeees 5 10 5 8 1 Using Oracle Directory Manager to Add Users to Groups ccccccceeseeceneeneeeeees 5 1
389. tory used by OCA The ocact1 stop command stops OCA services The cndeinst command performs the following actions a removes OCA entries from Oracle Internet Directory removes data from tables in the oca schema removes OCA files created by the OCA Configuration Assistant during installation 3 If Oracle Directory Integration Platform is configured and running in the instance you want to deinstall stop the Oracle Directory Integration Platform server Ensure that Oracle Internet Directory is running You can stop Oracle Directory Integration Platform by running the following command prompt gt cd ORACLE_HOME bin prompt gt oidctl connect db_connect_string server odisrv instance 1 stop db_connect_string is the TNS alias as listed in the file ORACLE_ HOME network admin tnsnames ora For any additional Oracle Directory Integration Platform servers that you started you must stop them too See the instructions in the Oracle Identity Management Integration Guide 4 If Oracle Internet Directory is configured as a replica you need to delete this node from the directory replication group DRG See Chapter 25 Oracle Internet Directory Replication Administration in the Oracle Internet Directory Administrator s Guide for steps 5 Run the Deconfig tool prompt gt cd ORACLE_HOME bin prompt gt ORACLE_HOME perl bin perl deconfig pl parameters See Section D 1 Deconfig Tool for parameter details Note If you are d
390. tration Services run on each node If you want to distribute these components see Section 9 6 Installing a Distributed OracleAS Cluster Identity Management Configuration These nodes are accessed through a load balancer See Figure 9 1 You install the OracleAS Metadata Repository in your existing database then install Oracle Identity Management components against this database Oracle Directory Integration Platform Is Started on the First Node Only The installer starts Oracle Directory Integration Platform only on the first node even though you selected it on subsequent nodes as well On subsequent nodes the installer configures Oracle Directory Integration Platform but does not start it If You Want Oracle Internet Directory to Listen on SSL Ports Only If you want Oracle Internet Directory to listen on SSL ports only perform this configuration after you have installed Oracle Identity Management You need Oracle Installing in High Availability Environments OracleAS Cluster Identity Management 9 7 Installing an OracleAS Cluster Identity Management Configuration Internet Directory to be listening on both SSL and non SSL ports when you install OracleAS Single Sign On and Oracle Delegated Administration Services Figure 9 1 OracleAS Cluster Identity Management Configuration OracleAS Cluster Identity Management Configuration Load Balancer On this tier Identity Management includes OracleAS Delegat
391. tributed OracleAS Cold Failover Cluster Infrastructure Configuration Figure 8 2 Distributed OracleAS Cold Failover Cluster Infrastructure Configuration Distributed OracleAS Cold Failover Cluster Infrastructure Configuration iE oe Load Balancer In this tier Identity Management includes o Oracle Delegated Administration Services OracleAS Single Sign On Note that the nodes in this tier are active active x Virtual Hostname vhost mydomain com Virtual IP 123 45 67 11 Metadata Repository OID DIP on failover Node 1 Primary Node Active Physical IP 123 45 67 22 Node 2 Secondary Node Physical IP 123 45 67 33 I On failover OracleAS Infrastructure oralnventory Directory Shared Storage In a distributed OracleAS Cold Failover Cluster Infrastructure configuration you run the OracleAS Metadata Repository Oracle Internet Directory and Oracle Directory Integration Platform in an active passive configuration However the OracleAS Single Sign On and Oracle Delegated Administration Services components run in an active active configuration You have a load balancer to direct requests to the nodes running these components 8 12 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cold Failover Cluster Infrastructure Configuration 8 4 1 Distributed OracleAS Cold Failover Cluster Infrastructure Overview of Installat
392. ts Note that the configuration assistants will take at least 30 minutes to complete 8 End of Installation Click Exit to quit the installer Following installation perform the following command to start the Management Service prompt gt ORACLE_HOME opmn bin opmnctl startall where ORACLE_HOME is the home for Oracle Enterprise Manager 10g Release 2 Grid Control A 4 Installing Oracle Identity Management Grid Control Plug in Agent The Oracle Identity Management Grid Control Plug in Agent should always be installed on the same computer as the Oracle Identity Management components If Oracle Identity Management and Oracle Enterprise Manager Grid Control are not installed on the same host then the Oracle Management Agent must be installed on the same host as Oracle Identity Management before the Oracle Identity Management Grid Control Plug in Agent can be installed See Oracle Enterprise Manager Grid Control Installation and Basic Configuration for details on installing Oracle Management Agent Perform the following steps to install Oracle Identity Management Grid Control Plug in Agent 1 Log on to the Oracle Enterprise Manager 10g Grid Control Console using the following URL http oms_host oms_port em 2 Click the Deployments tab 3 Click View Patch Cache 4 If this is your first time installing the Grid Control Plug in Agent click Upload Patch File If you have already uploaded the patch skip to the next step
393. ture 4 9 What High Availability Options Does Oracle Application Server Support Figure 4 1 Multiple Metadata Repositories in Use Computer 1 Ss as i ie ie Se a Se si Se a I I I 7 Oracle 1 Both metadata repositories are eee i Single Internet registered in the Internet Directory Sign On Directory I Identity i Portal I Management orta and Product Metadata_ i Wireless 1 Metadata i Repository 1 l l I L Computer4 9 EE J Computer 2 pe Product Metadata Wireless Metadata Repository 2 Notes a Ifyou are installing multiple metadata repositories on the same computer each metadata repository must have a unique global database name and system identifier SID If you are registering multiple metadata repositories with the same Oracle Internet Directory each metadata repository must have a unique global database name and SID If not the Oracle Internet Directory Configuration Assistant will fail when you install the second metadata repository with the same name 4 13 What High Availability Options Does Oracle Application Server Support Oracle Application Server can run in the following high availability environments OracleAS Cold Failover Cluster a OracleAS Cluster Identity Management a OracleAS Disaster Recovery See Chapter 7 Installing in High Availability Environments Overview for details 4 14 Restrictions on the Passwords for the SYS SYSTEM SYSMA
394. ty Management Configuration Table 9 7 Cont Steps for Installing Oracle Internet Directory in a Distributed OracleAS Cluster Identity Management on Subsequent Nodes Screen Action 7 Specify Oracle Internet Username Enter the username to log in to the first Oracle Internet Directory i Directory Login You must log in as the Oracle Internet Directory superuser cn orcladmin Password Enter the password for the username Realm Enter the realm against which to validate the username This field appears only if your Oracle Internet Directory has multiple realms Click Next 8 Specify Instance Name Instance Name Enter a name for this infrastructure instance Instance names can and ias_admin Password contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a computer the instance names must be unique See Section 3 5 Oracle Application Server Instances and Instance Names for instance name details Example oid_das ias_admin Password and Confirm Password Set the password for the ias_admin user This is the administrative user for the instance See Section 3 6 The ias_ admin User and Restrictions on its Password for restrictions on the password Example welcome99 Click Next 9 6 5 Installing OracleAS Single Sign On and Oracle Delegated Administration Services on Each Node You run the installer on each node separately to install these Oracle Identity
395. u enter u02 oradata and the SID is orc1 then the data files will be located in u02 oradata orcl Click Next 2 Specify Database Schema Set the passwords for these privileged database schemas SYS SYSTEM SYSMAN Passwords and DBSNMP You can set different passwords for each schema or you can set the same password for all the schemas Click Next 4 26 Oracle Application Server Installation Guide Install Fragment OCA Screens 4 30 Install Fragment OCA Screens If you select Oracle Application Server Certificate Authority OCA in the Select Configuration Options screen when you are installing an OracleAS Infrastructure the installer displays the screens listed in Table 4 15 Note that you cannot install more than one OCA against the same OracleAS Metadata Repository When you are installing Oracle Identity Management components only against an existing OracleAS Metadata Repository be sure that the metadata repository does not already have an instance of OCA configured against it Example You install OracleAS Metadata Repository and Oracle Identity Management components including OCA on a computer Then if you try to install additional Oracle Identity Management components including OCA on the same or different computer against the same OracleAS Metadata Repository this installation would fail Table 4 15 OCA Screens Screen Action 3 Select OracleAS Metadata This screen appears only if you are configurin
396. ubsequent nodes then the OracleAS Metadata Repository is registered with the Oracle Internet Directory on the first node Username Enter the username to use to log in to the OracleAS Metadata Repository database The user must have DBA privileges Password Enter the user s password Hostname and Port Enter the name of the computer where the database is running and the port number at which it is listening Use the format host port Service Name Enter the service name of the database Note that the service name must include the database domain name Example orcl mydomain com Click Next 9 18 Oracle Application Server Installation Guide Installing a Distributed OracleAS Cluster Identity Management Configuration Table 9 6 Cont Steps for Installing Oracle Internet Directory in a Distributed OracleAS Cluster Identity Management on the First Node Screen Action 5 Select High Availability Select OracleAS Cluster Identity Management and click Next or Replication Option 6 Specify Namespace in Select the suggested namespace or enter a custom namespace for the location of Internet Directory the default Oracle Identity Management realm Ensure the value shown in Suggested Namespace meets your deployment needs If not enter the desired value in Custom Namespace See Section 4 16 What Do I Enter in the Specify Namespace in Internet Directory Screen Click Next 7 Specify Instance Name Instance Name
397. unning the following command as the root user usr sbin ifconfig configured_interface down For example enter the following command if lan0 2 is configured with the virtual IP address usr sbin ifconfig lan0 2 down Note Use the commands in step 3 of the previous procedure to confirm that the virtual IP address has been removed 2 On the secondary node add the virtual IP address On the secondary node follow steps 2 to 6 of the previous procedure to add and confirm the virtual IP address on the secondary node 8 2 2 Set Up a File System That Can Be Mounted from Both Nodes Although the hardware cluster has shared storage you need to create a file system on this shared storage such that both nodes of the OracleAS Cold Failover Cluster can mount this file system You will use this file system for the following directories Oracle home directory for the Oracle Application Server instance a The oraInventory directory For disk space requirements see Section 2 2 System Requirements If you are running a volume manager on the cluster to manage the shared storage refer to the volume manager documentation for steps to create a volume Once a volume is created you can create the file system on that volume If you do not have a volume manager you can create a file system on the shared disk directly Ensure that the hardware vendor supports this that the file system can be mounted from either node of the OracleAS Co
398. ure Overview D 1 2 Log Files Generated by the Deconfig Tool The Deconfig tool writes its log file to the ORACLE_ HOME cfgtoollogs DeconfigureWrapper log file D 2 Deinstallation Procedure Overview Follow these high level steps to deinstall Oracle Application Server 1 Deinstall middle tier instances first See Oracle Application Server Installation Guide for the middle tier platform and release for deinstallation instructions a Run the Deconfig tool on the instance b Run the installer and click the Deinstall Products button c Clean up any remaining files 2 Then deinstall OracleAS Infrastructure instances The deinstallation details are provided later in this chapter a Run the Deconfig tool on the instance b Run the installer and click the Deinstall Products button c Clean up any remaining files Note a Ifyou used OracleAS RepCA to install the OracleAS Metadata Repository on an existing database and you want to remove the OracleAS Metadata Repository select the Remove option in OracleAS RepCA You can also use OracleAS RepCA to remove the registration from Oracle Internet Directory a Ifyou remove an infrastructure instance all middle tier instances that depend on that infrastructure will no longer work If you want to keep the middle tier instances you can configure them to use services from another infrastructure See the Oracle Application Server Administrator s Guide for detail
399. uster in this environment use the virtual IP address instead of the physical IP address for asinfra asha on the production site The following example assumes 138 1 2 120 is the virtual IP address asmid1 asha IN A 138 1 2 333 asmid2 asha IN A 138 1 2 444 asinfra asha IN A 138 1 2 120 this is a virtual IP address remote_infra asha IN A 213 2 2 110 On the standby site you still use the physical IP address for asinfra asha but the remote_infra asha uses the virtual IP address asmid1l asha IN A 213 2 2 330 asmid2 asha IN A 213 2 2 331 asinfra asha IN A 213 2 2 110 physical IP address remote_infra asha IN A 138 1 2 120 virtual IP address 10 3 Installing Oracle Application Server in an OracleAS Disaster Recovery Environment Install Oracle Application Server as follows 10 8 Oracle Application Server Installation Guide Installing the OracleAS 10g 10 1 2 0 2 Standalone Install of OracleAS Guard into Oracle Homes Note For all of the installations be sure to use staticports ini to specify port numbers for the components See Section 10 2 2 Set Up staticports ini File 1 Install OracleAS Infrastructure on the production site 2 Install OracleAS Infrastructure on the standby site 3 Start the OracleAS Infrastructure in each site before installing the middle tiers for that site 4 Install middle tiers on the production site 5 Install middle tiers on the standby site 10 3 1 Installing the OracleAS Infr
400. uters You already know that you can install Oracle Application Server instances on separate computers In addition you can also distribute components over multiple computers This is especially useful for infrastructure components You might want to do this to improve performance security scalability and availability of infrastructure services Examples a The OracleAS Infrastructure uses an Oracle database to contain the OracleAS Metadata Repository You can install this database on its own computer a You can install the Oracle Identity Management components in the infrastructure on one or more computers Table 4 3 shows some possible OracleAS Infrastructure configurations Table 4 3 OracleAS Infrastructure Configurations Configuration Description How to Install In this configuration the OracleAS Metadata Repository and the Oracle Identity Management components run from the same Oracle home I OracleAS Metadata Repository i Identity Management components To install this configuration install the OracleAS Metadata Repository and the Oracle Identity Management components at the same time For installation steps see Section 4 20 Installing OracleAS Infrastructure In this configuration the OracleAS Metadata Repository and the Oracle Identity Management components run on separate computers a OracleAS Metadata Repository OracleAS Metadata Repository To install this configuration
401. ver Certificate Authority OCA Do not select High Availability and Replication Click Next If you want to use default ports for the components select Automatic If you do not want to use the default ports and you have created a staticports ini file select Manual and enter the fullpath to your staticports ini file Click Next Hostname Enter the name of the computer where Oracle Internet Directory is running SSL Port Enter the SSL port at which Oracle Internet Directory is listening See Section 4 17 How to Determine Port Numbers Used by Components if you do not know the port number Click Next Username Enter the username to log in to Oracle Internet Directory You must log in as a user who belongs to the Trusted Application Admins group and to the iAS Admins group in Oracle Internet Directory Password Enter the password for the username Realm Enter the realm against which to validate the username This field appears only if your Oracle Internet Directory has multiple realms Click Next Enter information to configure OCA See Section 4 30 Install Fragment OCA Screens Enter information for the OracleAS Metadata Repository database See Section 4 29 Install Fragment Database Screens Instance Name Enter a name for this infrastructure instance Instance names can contain alphanumeric characters and the _ underscore character If you have more than one Oracle Application Server instance on a compute
402. which Oracle Internet Directory is listening You can determine this value from the OIDport parameter in the ORACLE_HOME config ias properties file u OIDadminName Specifies the login name for Oracle Internet Directory Use the superuser cn orcladmin W OIDclearText Password Specifies the password for the Oracle Internet Directory user 0 ORACLE_HOME Specifies the full path to the directory where you installed OracleAS Infrastructure m ASinstanceName Specifies the name of the OracleAS Infrastructure instance where you want to configure mod_osso You can determine this value from the ASname parameter in the ORACLE_ HOME config ias properties file infra infraGlobalDBname Specifies the name of the OracleAS Metadata Repository database You can determine this value from the InfrastructureDBCommonName parameter in the ORACLE_ HOME config ias properties file mh host Specifies the full hostname including the domain name of the computer where you want to configure Oracle Delegated Administration Services sslp sslPort Specifies the SSL port for Oracle Internet Directory You can determine this value from the O Dsslport parameter in the ORACLE_HOME config ias properties file 4 Restart OC4J and Oracle HTTP Server You can do this using the opmnct1 command prompt gt ORACLE_HOME opmn bin opmnctl restartproc ias component 0C4J prompt gt ORACLE_HOME opmn bin opmn
403. x contains a list of these port numbers If you want to use a different set of port numbers you have to create a file called staticports ini in which you list the port numbers that you want to use See Section 2 5 3 Using Custom Port Numbers the Static Ports Feature for details This appendix contains the following sections a Section C 1 Method of Assigning Default Port Numbers a Section C 2 Default Port Numbers a Section C 3 Ports to Open in Firewalls C 1 Method of Assigning Default Port Numbers The installer assigns default port numbers to each component using the following method 1 The installer checks if the default port number is in use If it is not in use the installer assigns it to the component 2 If the default port number is already in use by an Oracle product or by any running application the installer tries the lowest number in the port number range It keeps trying the port numbers in the range until it finds one that is available C 2 Default Port Numbers Table C 1 lists the default port numbers for components The last column Name in staticports ini specifies the component name as it appears in the staticports ini file which enables you to override the default port numbers See Section 2 5 3 Using Custom Port Numbers the Static Ports Feature for details Default Port Numbers C 1 Default Port Numbers Table C 1 Default Port Numbers and Ranges Grouped by Component Port Nu
404. y for Oracle Application Server Installation Privileges 5 1 Groups in Oracle Internet Directory Repository and Oracle Delegated Administration Services the cn orcladmin user is created and becomes a member of the Repository Owners group and the DAS Component Owners group cn orcladmin also becomes a member of the iAS Admins group Note that you cannot log in to Oracle Internet Directory as the superuser cn orcladmin using Oracle Delegated Administration Services To log in as cn orcladmin you must use the Oracle Directory Manager The orcladmin user is also created when you install Oracle Internet Directory The DN for this user is cn orcladmin cn users lt default realm DN gt The initial password for orcladmin is the same as the password for the ias_ admin user for the Oracle Application Server instance You specified this password during installation You can log in to Oracle Internet Directory as orcladmin using Oracle Delegated Administration Services to manage other Oracle Internet Directory users You can do this because orcladmin is a valid OracleAS Single Sign On user For more information on the cn orcladmin and orcladmin users see the Oracle Internet Directory Administrator s Guide 5 2 Groups in Oracle Internet Directory Groups in Oracle Internet Directory can be classified into these categories a Section 5 2 1 Global Groups Section 5 2 2 Groups for Each Metadata Repository a Section 5 2 3 Group
405. y ports in the screens mentioned above the ports specified in the screens take precedence To avoid specifying Oracle HTTP Server and Oracle Internet Directory ports in the staticports ini file the staticports ini file must not contain these lines Oracle HTTP Server port port_num Oracle HTTP Server Listen port port_num Oracle HTTP Server SSL port port_num Oracle HTTP Server Listen SSL port port_num Oracle Internet Directory port port_num Oracle Internet Directory SSL port port_num Installing in High Availability Environments OracleAS Cluster Identity Management 9 9 Installing an OracleAS Cluster Identity Management Configuration If you have a staticports ini file you should also use the same file for installations on subsequent nodes 9 5 3 2 Disable TCP Monitoring on Load Balancer for First Node Before installing on the first node you must make sure that TCP monitoring is not enabled for the Virtual IP on the first node 9 5 3 3 Configure the Load Balancer to Return Immediately to the Calling Client It is highly recommended that you configure the load balancer virtual server to return immediately to the calling client when the backend services to which it forwards traffic are unavailable This is preferred over the client disconnecting on its own after a timeout based on the TCP IP settings on the client machine If your load balancer is not configured this way the Java Security Configuration Assistant
Download Pdf Manuals
Related Search