Wednesday, August 17, 2011

Fusion Applications: Creating the WebLogic Server Domain for Identity Management

In my previous post I had configure Oracle HTTP server and an Apache LoadBalancer to handle all HTTP(s) traphic for IDM. In this post I will create the Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion Middleware Control. Later on we will extend this domain by adding Oracle Fusion Middleware components such as Oracle Identity Manager and Oracle Access Manager. Furthermore in this post we will configure Oracle HTTP server to handle HTTP(s) traphic for the Administration Server and Enterprise Manager through the loadbalancer.

Enabling ADMINVHN

We first start by associate the Administration Server with a virtual IP address, ADMINVHN.mycompany.com. To enable the virtual IP address log in as root and open file /etc/rc.d/rc.local  and add the following lines:

=======================================================
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

/sbin/ifconfig eth0:1 100.200.140.206 netmask 255.255.255.0
/sbin/arping -q -U -c 3 -I eth0 100.200.140.206

Now open file /etc/hosts and add the following line to associate the virtual IP address to ADMINVDH.mycompany.com

100.200.140.206         ADMINVHN.mycompany.com

Now restart the server and you will end up with your regular IP address and the virtual IP address.



Running the Configuration Wizard to Create a Domain

Start the Configuration Wizard by going to directory /u01/app/oracle/product/fmw/oracle_common/common/bin and issuing
./config.sh

On the Welcome screen choose to create a new Weblogic domain and click on Next.


On the Select Domain Source screen select the following components:

  • Basic WebLogic Server Domain (This is selected automatically and disabled.)

  • Oracle Enterprise Manager [oracle_common]

  • Oracle JRF [oracle_common]

Now the Specify Domain Name and Location screen shows. Fill the fields in as followes.



On the next screen specify the administrator user and password.


On the next screen choose Production Mode. JDK will be selected automatically.


On the next screen select Administration Server and Managed Servers, Clusters and Machines.


On the next screen set Listen address to ADMINVHN.mycomany.com and leave all other fields default.


Leave the next screen, Configure Managed Servers as is and click on Next. Leave the next screen, Configure Clusters as is and click on Next. On the next screen choose Unix Machine and click on the Add icon. Now a line appears in the grid. Set Name field to ADMINHOST and leave all other fields default.


On the next screen select AdminServer from the left pane and click on the right arrow to add this to ADMINHOST. You will end up with the following screen.


Now the Summary screen shows. Click on Create to start the configuration op the AdminServer. If all went well, you will be presented the end screen.


Here you will see the Domain location and the url to access the AdminServer.

To be able to start the AdminServer without it prompting us for the administrator password, first create a directory called security in directory /u01/app/oracle/admin/IDMDomain/aserver/IDMDomain/servers/AdminServer

Then create a file called boot.properties  in this security directory and add the following lines:
username=weblogic
password=[password you specified during install for administrator]

Starting Node Manager

Now start the node manager by going to directory /u01/app/oracle/product/fmw/wlserver_10.3/server/bin and start the following script.
./startNodeManager.sh

After node manager is started you will see that it is listing on port 5556



Open a new terminal window and go to directory /u01/app/oracle/product/fmw/oracle_common/common/bin and start following script.
./setNMProps.sh

This will  set the StartScriptEnabled property to true.

Close this terminal window and go to  the terminal window where the node manager was started. Kill this process by hitting CTLR+Z. Now start the node manager again so that the property change will be effectuated.

Updating the Node Manager Credentials

The Administration server is started by using wlst (WebLogic Scripting Tool ) and connecting to the Node Manager. The configuration wizard of the AdminServer created a default username and password for the Node Manager. We will change this. Start AdminServer by going to directory /u01/app/oracle/admin/IDMDomain/aserver/IDMDomain/bin and issuing
./startWeblogic.sh

You will see the following:


You can see that the AdminServer is running on the virtual IP address and that it is listen to port 7001.

Now start a browser session and type the following url http://ADMINVHN.mycompany.com:7001/console.


Log in with the administrator user (weblogic) and the password you provided during installation. Once logged in clock on the button Lock and Edit, to enable changes to be made. Click on IDMDomain and select tab security and then tab General.


Scroll down to the section Advanced and expand this. Change the NodeManager username and password.


Scroll down and click on the save button at the end of the screen. Now in the left pane click on button Activate Changes to effectuate the adjustments.

Stop AdminServer by opening a new terminal window and go to directory /u01/app/oracle/admin/IDMDomain/aserver/IDMDomain/bin and issue
./stopWeblogic.sh

Now we will start the AdminServer via wlst.

Go to directory /u01/app/oracle/product/fmw/oracle_common/common/bin and issue:
./wlst.sh

After wlst has started connect to the NodeManager by issuing:
nmConnect('oracle','fusionapps', 'FusionIDM','5556', 
'IDMDomain','/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain')

Once conneted issue the following to start the AdminServer
wls:/nm/IDMDomain> nmStart('AdminServer')

The Weblogic Server Administration Console is now accessible again from the browser. Start a browser session and log in with the administrator user weblogic. Click on Lock and Edit. From the left pane select Environment-Servers and click on AdminServer


Click on SSL tab and under Configuration and scroll down to the section Advanced.



Set Hostname Verification to None and click on Save at the bottom of the screen and click on Activate Changes in the left pane.



For the changes to take effect we need to restart the AdminServer. Go to the terminal window with wlst running (if closed, restart wlst) and issue the commands

wls:/nm/IDMDomain> nmKill('AdminServer')
wls:/nm/IDMDomain> nmStart('AdminServer')

Configuring Oracle HTTP Server for the Administration Server

To enable Oracle HTTP Server to route to the Administration Server, we have to set the corresponding mount points in our HTTP Server configuration.

Create a file called admin.conf in directory /u01/app/oracle/admin/ohs_inst1/config/OHS/ohs1/moduleconf and add the following:

<VirtualHost *:7777>

   ServerName admin.mycompany.com:80
   ServerAdmin you@your.address
   RewriteEngine On
   RewriteOptions inherit
   RewriteRule ^/console/jsp/common/logout.jsp /oamsso/logout.html [PT]
   RewriteRule ^/em/targetauth/emaslogout.jsp /oamsso/logout.html [PT]

# Admin Server and EM
   <Location /console>
      SetHandler weblogic-handler
      WebLogicHost ADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>

   <Location /consolehelp>
      SetHandler weblogic-handler
      WebLogicHost ADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>

   <Location /em>
      SetHandler weblogic-handler
      WebLogicHost ADMINVHN.mycompany.com
      WeblogicPort 7001
   </Location>

</VirtualHost>

In above file ServerName is defined as admin.mycompany.com. This is in fact the loadbalancer we should be pointing at. For the server to connect to the loadbalancer on address admin.mycompany.com, add this address to the existing line in the /etc/hosts that point to the loadbalancer we setup in the previous post.
192.168.0.111 oiminternal.mycompany.com sso.mycompany.com admin.mycompany.com

Restart Oracle HTTP server for the changes to take place.

Registering Oracle HTTP Server With WebLogic Server

For the Enterprise Manager to be able to manage and monitor the Oracle HTTP server, we must register the Oracle HTTP server with the domain. To do this, issue the following command:



Setting the Front End URL for the Administration Console

When the Administration Console is accessed using an load balancer, you must change the Administration Server's front end URL so that the user's browser is redirected to the appropriate load balancer address. To make this change, perform the following steps:

Log in to Weblogic Server Administration Console and click on Lock and Edit. Expend Environment - Servers and click on AdminServer. Select tab Protocols and tab HTTP.


Scroll down and change the Frontend Host tot admin.mycompany.com and set Frontend HTTP Port to 80.


Click on Preferences - Shared Preferences (on top of the screen) and deselect Follow Configuration Changes and click on Save.



Restart the AdminServer at this time!

Enabling WebLogic Plug-in

In Enterprise deployments, Oracle WebLogic Server is fronted by Oracle HTTP servers. The HTTP servers are, in turn, fronted by a load balancer, which performs SSL translation. In order for internal loopback URLs to be generated with the https prefix, Oracle WebLogic Server must be informed that it receives requests via the Oracle HTTP Server WebLogic plug-in. Log in the Oracle Weblogic Server Administration Console by starting url http://admin.mycompany.com/console and click on Lock and Edit. Click on IDMDomain and select tab Configuration  and tab Web Applications .


Scroll down and select Weblogic Plug-in Enabled.


Click on Save and Activate the Changes. Restart the Weblogic Administration Server.

We are now able to acces Weblogic Administration Server and Enterprise Manager via the Loadbalancer, via HTTP Server by urls
  • http://admin.mycompany.com/console

  • http://admin.mycompany.com/em
This concludes the configuration of Weblogic Domain. In my next post I will describe the steps to Extend the Weblogic Domain with Oracle Identity Directory.

12 comments:

  1. [...] concludes the configuration of Oracle HTTP server and Loadbalancer. In the next post I will describe the steps needed to Configure a Weblogic Domain and extend it with HTTP [...]

    ReplyDelete
  2. Excellent. You are really awesome.

    I like the way you give advanced configuration details. Many Thanks.

    Regards
    Vijay Chinnasamy

    ReplyDelete
  3. Michael van der Wilden4:58 PM

    Hi Hakan,

    I'm trying to connect to the NodeManager by issuing:
    nmConnect('oracle','fusionapps', 'FusionIDM','5556','IDMDomain','/u01/app/oracle/admin/IDMDomain/aserver/IDMDomain') but it won't start. I'm getting the following error:

    WLSTException: Error occured while performing nmConnect : Cannot connect to NodeManager. : Configuration error while reading domain directory.

    Any idea what's wrong? I've followed exaclty the steps as you mentioned.

    Kind regards,
    Michael

    ReplyDelete
  4. Michael van der Wilden9:30 AM

    Hi Hakan,

    Thanks for the information. I'll give it a try today. Just for your information... I'm installing Fusion Applications following the standard delivered manual of Oracle's installation Guide and started two months ago. After many tries I'm now at the Provisioning Level, but i run up at some problems in the precheck phase when I'm conducting the provisioning itself. That's why I'm interested in your approach, in the hope I can identify why my provisioning fails.
    One of the steps of the provisioning is to check the amount of swap and physical memory and the precheck mentioned that I need 83 Gbyte of swap/fysical memory :-(
    Currently I do have 16Gb of physical RAM in my machine and I can make it to 32Gb if I want to. I can upgrade my Windows server (SBS 2008) also to 32 Gb max. And like your approach, spread the IDM and OFA instances separately.

    Hopefully you can start quickly on the Fusion Application layer as soon as possible.

    Kind regards,
    Michael

    ReplyDelete
  5. [...] my previous post I created the Oracle WebLogic Server Administration Console and Oracle Enterprise Manager Fusion [...]

    ReplyDelete
  6. This is superb, your instructions are very clear....
    I found your post to be very very useful...

    Cheers

    ben

    ReplyDelete
  7. Klaas1:50 PM

    Hi,

    First of all thanks for this blog!
    Im following your tutorial and I just changed the Frontend host URL and restarted the Weblogic server.
    And now I can't login anymore..... How can I reset the host URL without loging in to the admin console?

    ReplyDelete
  8. Klaas,

    Did you install and setup a loadbalancer?
    The frontend url should point to the loadbalancer url, which handles calls to port 80 and 443 and redirects these to HTTP Server and from there to Weblogic.

    Hakan

    ReplyDelete
  9. Hi Hakan,

    No I did not setup a loadbalancer. I think I should have skipped this step....
    admin.mycompany.com is pointing to the IP of this server.

    ReplyDelete
  10. Klaas4:34 PM

    Hi Hakan,

    I can't reach Weblogic Administration Server and Enterprise Manager trough:
    •http://admin.mycompany.com/console
    •http://admin.mycompany.com/em

    but trough
    •http://admin.mycompany.com:7777/console
    •http://admin.mycompany.com:7777/em

    What did I do wrong?

    Thanks in advance.

    ReplyDelete
  11. Klaas,

    You do not have anything running at port 80 so it is logical that http://admin.mycompany.com/console is not reachable.
    You have set your localhost to admin.mycompany.com, so it is logical that http://admin.mycompany.com:7777/console is reachable, because this is in fact the same as http://localhost:7777/console.

    You should install and setup a loadbalancer, see my previous post on how to do this.
    The frontend url should point to the loadbalancer (admin.mycompany.com), which handles calls at port 80 and 443 and redirects these to HTTP Server port 7777 and from there to Weblogic port 7001.

    Hakan

    ReplyDelete
  12. Smijai3:18 PM

    Hi Hakan,
    I am trying to extend the domain (for SOA suite)in welogic 10.3.6 through configuration wizard but I only get the very first screen Welcome screen where when i select "Extend an existing Weblogic Domain" and click on Next button.. I do not get any other screen.
    I am getting no clue what is wrong or how to debug this issue.
    Please suggest

    ReplyDelete