Oracle® Application Server Enterprise Deployment Guide
10g Release 2 (10.1.2) for Windows or UNIX B13998-03 |
|
Previous |
Next |
This chapter provides instructions for creating the Data, E-Business and Web Server tiers, distributing the software components into the DMZs shown in the Enterprise Deployment architecture for myJ2EECompany shown in Figure 2-1.
Before you perform the tasks in this chapter, a two-node Real Application Clusters (RAC) database must be installed. In this chapter, the server names for the database hosts are APPDBHOST1 and APPDBHOST2. Ideally, these are separate physical databases from INFRADBHOST1 and INFRADBHOST2. In addition to isolating the security components, separate application databases provide the flexibility needed to maintain and tune application and security parameters separately.
This chapter contains the following topics:
Section 6.1, "Installing and Configuring the Security Infrastructure"
Section 6.2, "Configuring the Load Balancing Router or Proxy Server"
Section 6.3, "Installing and Configuring the Application Tier"
Section 6.4, "Installing and Configuring the Web Tier"
Section 6.5, "Configuring the Manually Managed Oracle Application Server Cluster"
Section 6.6, "Configuring the Oracle HTTP Server with the Load Balancing Router"
Section 6.7, "Configuring OC4J Routing"
Section 6.8, "Configuring Application Authentication and Authorization"
The security infrastructure for myJ2EECompany contains the components depicted in Figure 4-16, "Data Tier Configuration". The Security Infrastructures for myJ2EECompany and myPortalCompany differ in one aspect: the myJ2EECompany architecture does not have an Identity Management tier as part of its Security Infrastructure. The Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider is used instead of Oracle Application Server Single Sign-On, so there is no Identity Management Tier in the myJ2EECompany configuration. The OracleAS JAAS Provider is referred to as the JAZN LDAP User Manager in the Deploy Applications: User Manager screen in the Oracle Enterprise Manager 10g Application Server Control Console.
The Oracle Internet Directory administration utility oiddas
is required for Oracle Internet Directory administration. oiddas
is installed in the application server environment with the Oracle Internet Directoryserver.
To install and configure this security infrastructure:
Follow all instructions in Section 4.1, "Installing the Oracle Application Server Metadata Repository for the Security Infrastructure".
Follow all instructions in Section 4.2, "Installing the Oracle Internet Directory Instances in the Data Tier".
Follow all instructions in Section 4.3, "Configuring the Virtual Server to Use the Load Balancing Router".
Follow all instructions in Section 4.4, "Testing the Data Tier Components".
If you are using a Load Balancing Router (myapp.mycompany.com, shown in Figure 2-1, "Enterprise Deployment Architecture for myJ2EECompany.com"), it must be configured to receive client requests and balance them to the two Oracle HTTP Server instances on the Web tier. See the load balancing router documentation for instructions.
If you are using a proxy server, follow the instructions in Section 9.2, "Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On".
The application tier consists of multiple computers hosting middle tier Oracle Application Server instances in an Oracle Application Server File-Based Farm. Each instance contains multiple Oracle Application Server Containers for J2EE instances, hosting deployed applications. In the complete configuration, requests are balanced among the OC4J instances on the application tier computers to create a performant and fault tolerant application environment. Figure 2-1, "Enterprise Deployment Architecture for myJ2EECompany.com", shows the application tier (APPHOST1 and APPHOST2).
Follow these steps to install the first Oracle Application Server middle tier on APPHOST1:
Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticports.ini
file from the Disk1/stage/Response
directory to a local directory, such as TMP. You will provide the path to this file during installation.
Edit the staticport.ini
file to assign the following custom ports:
Oracle HTTP Server port = 7777 Oracle HTTP Server Listen port = 7778 Application Server Control port = 1810
Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature to install the the Application Server Tier ensures that the port assignments will be consistent, if the ports are correctly specified in the file and the port is not already in use. If a port is incorrectly specified, the Oracle Universal Installer will assign the default port. If a port is already in use, the Oracle Universal Installer will select the next available port.See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information. |
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory
directory and the operating system group that has write permission to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh
script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for installation (Source)
The name and path to the Oracle home (Destination)
Click Next.
The Select a Product to Install screen appears.
Figure 6-1 Oracle Universal Installer Select a Product to Install Screen
Select Oracle Application Server 10g, as shown in Figure 6-1, and click Next.
The Select Installation Type screen appears.
Figure 6-2 Oracle Universal Installer Select Installation Type Screen
Select J2EE and Web Cache, as shown in Figure 6-2, and click Next.
The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met and click Next.
The Select Configuration Options screen appears.
Figure 6-3 Oracle Universal Installer Select Configuration Options Screen
Select OracleAS 10g Farm Repository, as shown in Figure 6-3, and click Next.
The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini
file, and click Next.
The Select Repository Type screen appears.
Figure 6-4 Oracle Universal Installer Select Repository Type Screen
Select Create a new OracleAS File-based Farm for this instance, as shown in Figure 6-4, and click Next.
The Specify Instance Name and ias_admin Password screen appears.
Specify an instance name and the Oracle Application Server administrator's password and click Next.
The Summary screen appears.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the root.sh
script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Verify that the installation was successful by viewing the application server instance in Oracle Enterprise Manager 10g. Start a browser and access:
http://
hostname
:1810
Follow these steps to install the second Oracle Application Server middle tier on APPHOST2:
Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticports.ini
file from the Disk1/stage/Response
directory to a local directory, such as TMP. You will provide the path to this file during installation.
Edit the staticport.ini
file to assign the following custom ports:
Oracle HTTP Server port = 7777 Oracle HTTP Server Listen port = 7778 Application Server Control port = 1810
Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature to install the Application Server Tier ensures that the port assignments will be consistent, if the ports are correctly specified in the file and the port is not already in use. If a port is incorrectly specified, the Oracle Universal Installer will assign the default port. If a port is already in use, the Oracle Universal Installer will select the next available port.See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information. |
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory
directory and the operating system group that has write permission to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh
script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for installation (Source)
The name and path to the Oracle home (Destination)
Click Next.
The Select a Product to Install screen appears.
Figure 6-5 Oracle Universal Installer Select a Product to Install Screen
Select Oracle Application Server 10g, as shown in Figure 6-5, and click Next.
The Select Installation Type screen appears.
Figure 6-6 Oracle Universal Installer Select Installation Type Screen
Select J2EE and Web Cache, as shown in Figure 6-6, and click Next.
The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met and click Next.
The Select Configuration Options screen appears.
Figure 6-7 Oracle Universal Installer Select Configuration Options Screen
Select OracleAS 10g Farm Repository, as shown in Figure 6-7, and click Next.
The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini
file, and click Next.
Figure 6-8 Oracle Universal Installer Select Repository Type Screen
Select Join an existing OracleAS File-based Farm, as shown in Figure 6-8, and click Next.
The Specify File-based Farm Repository screen appears.
Ensure that the DCM daemon is running on APPHOST1 by following these steps:
Open a window and issue this command in APPHOST1_ORACLE_HOME
/opmn/bin
:
opmnctl status
Verify that the dcm-daemon appears as below (status Alive
):
Processes in Instance: OrclAS1.apphost1.mycompany.com -------------------+--------------------+---------+--------- ias-component | process-type | pid | status -------------------+--------------------+---------+--------- LogLoader | logloaderd | N/A | Down dcm-daemon | dcm-daemon | 28685 | Alive DSA | DSA | N/A | Down HTTP_Server | HTTP_Server | 28802 | Alive OC4J | home | 28810 | Alive
If the dcm-daemon status is Down
, issue this command:
opmnctl startproc ias-component=dcm-daemon
Return to the Oracle Universal Installer and specify the host name of APPHOST1, and the DCM Discovery Port on which the OracleAS File-based Farm Repository listens, and click Next.
The Specify Instance Name and ias_admin Password screen appears.
Specify an instance name and the Oracle Application Server administrator's password and click Next.
The Summary screen appears.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the root.sh
script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Verify that the installation was successful by viewing the application server instance in Oracle Enterprise Manager 10g. Start a browser and access:
http://
hostname
:1810
Follow the steps in this section on APPHOST1 only to create OC4J instances. The instances you create will be replicated to APPHOST2 when you join the instances to a DCM-Managed OracleAS Cluster, joining APPHOST1 first. The first member of the DCM-Managed OracleAS Cluster provides the base configuration to the entire cluster.
On the Oracle Enterprise Manager 10g Farm page, select the APPHOST1 instance.
The Application Server page for the instance appears.
Click Create OC4J Instance.
The Create OC4J Instance page appears.
Enter the name for the OC4J instance and click Create.
Note: Do not use a host name, Oracle home, or an IP address in the OC4J instance name. |
A confirmation screen appears.
Click OK.
The Application Server page appears.
Follow the steps in this section on APPHOST1 only to deploy applications. The applications you deploy will be replicated to APPHOST2 when you join the instances to a DCM-Managed OracleAS Cluster, joining APPHOST1 first. The first member of the DCM-Managed OracleAS Cluster provides the base configuration to the entire cluster.
Before you perform the steps in this section, you must perform the steps in Section 5.2, "Option 2: Using the Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider". Otherwise, JAZN LDAP User Manager will not appear as a selection so that you can perform Step 8.
On the Oracle Enterprise Manager 10g Farm page, select the APPHOST1 instance.
The Application Server page for the instance appears.
Click the link for the OC4J instance for the application deployment.
The page for the OC4J instance appears.
Click the Applications link.
The Applications page for the OC4J instance appears.
Click Deploy EAR File.
The Deploy Application page appears.
Click Browse and navigate to the EAR file you want to deploy.
The J2EE Application field is populated with the path to the EAR file.
Complete the Application Name field and click Continue.
The Deploy Application: URL Mapping for Web Modules screen appears.
Specify the URL mapping for the application and click Next.
The Deploy Application: User Manger screen appears.
Select Use JAZN LDAP User Manager and click Next.
The Deploy Application: Review screen appears, with the name of the EAR file to deploy, the deployment destination instance, and the URL mapping specified. (If you need to change any information, you can click the Back button to navigate to the previous screen).
Click Deploy.
A confirmation screen appears.
Click OK.
The Applications page for the OC4J instance appears with the application in the Deployed Applications table.
Modify the ORACLE_HOME
/j2ee/
oc4j instance
/application-deployments/
application name
/orion-application.xml
file to remove auth-method="SSO"
from the <jazn>
tag.
Note: By default, when an application is deployed using Oracle Enterprise Manager 10g to specify use of the JAZN LDAP User Manager, Application Server Control Console automatically sets the auth-method to "SSO", so you must remove the auth-method="SSO" when OracleAS Single Sign-On is not used for authentication. |
The Oracle Application Server instances on the Application Tier can be treated as one entity by clients and the system administrator if they belong to a DCM-Managed OracleAS Cluster.
The Oracle Application Server Farm (to which all of the application server instances belong, currently as standalone instances) was created during installation. Creating a cluster and its member instances is a two-step process: first, you create the cluster, then, you join instances to it.
Follow these steps on the Application Tier to create a DCM-Managed OracleAS Cluster:
On the Oracle Enterprise Manager 10g Farm page, click Create Cluster.
The Create Cluster page appears.
Enter the cluster name and click Create.
A confirmation screen appears.
Click OK.
The Farm page appears.
Follow these steps on the Application Tier to join the Oracle Application Server instances to the DCM-Managed OracleAS Cluster on APPHOST1:
On the Oracle Enterprise Manager 10g Farm page, select the APPHOST1 instance.
Click Join Cluster.
The Join Cluster page appears.
Select the cluster created in Section 6.3.5.1 and click Join.
A confirmation screen appears.
Click OK.
The Farm page appears.
Start the cluster created in Section 6.3.5.1.
Start the APPHOST1 instance.
Select the APPHOST2 instance.
Click Join Cluster.
The Join Cluster page appears.
Select the cluster created in Section 6.3.5.1 and click Join.
A confirmation screen appears.
Click OK.
The Farm page appears.
Start the APPHOST2 instance.
Verify that the OC4J applications deployed on APPHOST1 are accessible from APPHOST2.
You must modify the Oracle Enterprise Manager 10g Application Server Control Console to prevent display of internal server names. Follow the instructions on Section 7.3.9, "Modifying the Oracle Application Server Welcome Page".
The Web Tier consists of multiple standalone Oracle HTTP Servers, which route requests to the OC4J instances on the application tier computers.
Obtain the standalone Oracle HTTP Server from the Oracle Application Server Companion CD, included in the Oracle Application Server CD Pack. Follow these steps to install an Oracle HTTP Server on WEBHOST1 and WEBHOST2:
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory
directory and the operating system group that has write permission to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh
script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for installation (Source)
The name and path to the Oracle home (Destination)
Click Next.
The Select a Product to Install screen appears.
Figure 6-9 Oracle Universal Installer Select a Product to Install Screen
Select Web Server Services, as shown in Figure 6-9, and click Next.
The Select Installation Type screen appears.
Figure 6-10 Oracle Universal Installer Select Installation Type Screen
Select Oracle HTTP Server with Apache 1.3 and click Next.
The Summary screen appears.
Click Install.
The Install screen appears. When processing completes, the Next button activates.
Click Next.
The Configuration Assistants screen appears. When the configuration completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Verify that the installation was successful by viewing the Oracle HTTP Server server home page. Start a browser and access http://
hostname
:7777
.
To enable communication between the Web Server Tier and the Application Tier, you must create a Manually Managed Oracle Application Server Cluster of the standalone Oracle HTTP Servers and the DCM-Managed OracleAS Cluster on the Application Tier. You do this by editing the ons.conf
file, the configuration file for the Oracle Notification Server component of Oracle Process Manager and Notification Server. The Oracle Notification Server is the transport mechanism for communication between Oracle Application Server components. It operates according to a publish-subscribe model, in which a component receives notifications through its subscription to ONS. For a complete description of OPMN functionality, see the Oracle Process Manager and Notification Server Administrator's Guide.
The ons.conf
file on WEBHOST1 and WEBHOST2 must contain the hostname and Oracle Notification Server remote listening port of each server in the Manually Managed OracleAS Cluster. For example, the ons.conf
file for the DCM-Managed OracleAS Cluster for myJ2EE would resemble the following:
nodes=apphost1.mycompany.com:6201,apphost2.mycompany.com:6202, webhost1.mycompany.com:6200,webhost2.mycompany.com:6203
The ONS remote listening port of each server is identified in the opmn.xml
file by the remote
attribute of the notification-server
element, shown in bold in the example opmn.xml
file for webhost1.mycompany.com
.
<?xml version="1.0" encoding="UTF-8" ?>
- <opmn xmlns="http://www.mycompany.com/ias-instance">
- <notification-server>
<port local="6100" remote="6200" request="6003" />
<log-file path="$ORCL_HOME\opmn\logs\ons.log" level="4"rotation-size=.../>
<ssl enabled="true" wallet-file="$ORACLE_HOME\opmn\conf\ssl.wlt\default" />
</notification-server>
Follow these steps to configure the Manually Managed OracleAS Cluster:
Copy the ons.conf
file from APPHOST1 to WEBHOST1.
Add the host names for WEBHOST1 and WEBHOST2 to the file.
Copy the file to WEBHOST2.
Reload OPMN on WEBHOST1 and WEBHOST2 by issuing this command:
opmnctl reload
This procedure associates incoming requests with the Load Balancing Router hostname and port in the myJ2EECompany configuration shown in Figure 2-1. Perform these steps on WEBHOST1 and WEBHOST2:
Open the Oracle HTTP Server configuration file:
ORACLE_HOME
/Apache/Apache/conf/httpd.conf
Perform the following steps:
Add the LoadModule certheaders_module
directive for the appropriate platform.
UNIX:
LoadModule certheaders_module libexec/mod_certheaders.so
Windows:
LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
Add the following lines to create a NameVirtualHost
directive and a VirtualHost
container for myapp.mycompany.com and port 443.
NameVirtualHost *:7777
<VirtualHost *:7777>
ServerName myapp.mycompany.com
Port 443
ServerAdmin
you@your.address
RewriteEngine On
RewriteOptions inherit
SimulateHttps On
</VirtualHost>
Notes: TheLoadModule directives (in particular, the LoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container.
It is a good idea to create the |
Save the httpd.conf
file.
Restart the components using these commands in ORACLE_HOME
/opmn/bin
:
opmnctl stopall
opmnctl startall
mod_oc4j, an Oracle HTTP Server module, performs the request routing to the OC4J instances over the AJP13 protocol. The routing configuration is specified in the mod_oc4j.conf
file. (The mod_oc4j.conf
file is referenced by the main server configuration file for Oracle HTTP Server, httpd.conf
, with an Include
directive.) The mod_oc4j.conf
file is located in:
ORACLE_HOME
/Apache/Apache/conf/mod_oc4j.conf
For complete descriptions of all directives and their uses, see the Oracle HTTP Server Administrator's Guide.
The default file at installation resembles Example 6-1:
Example 6-1 mod_oc4j.conf File
LoadModule oc4j_module modules/ApacheModuleOc4j.dll <IfModule mod_oc4j.c> <Location /oc4j-service> SetHandler oc4j-service-handler Order deny,allow Deny from all Allow from localhost my-pc.mycompany.com my-pc </Location> Oc4jMount /j2ee/* Oc4jMount /webapp home Oc4jMount /webapp/* home Oc4jMount /cabo home Oc4jMount /cabo/* home Oc4jMount /IsWebCacheWorking home Oc4jMount /IsWebCacheWorking/* home </IfModule>
Before you configure mod_oc4j.conf
on WEBHOST1 and WEBHOST2, copy the mod_oc4j.conf
file from APPHOST1 to WEBHOST1.
Follow these steps on WEBHOST1:
Open the ORACLE_HOME
/Apache/Apache/conf/mod_oc4j.conf
file.
Add an Oc4JConnTimeout
directive to specify a time out value smaller than the time out value used by the firewall between the Web tier and the Application Tier. For example:
Oc4jConnTimeout 10
Modify the Oc4JMount
directives to specify the cluster to which requests should be load balanced. Example 6-2 shows the directive for routing to a cluster.
The syntax for the Oc4JMount directive is:
Oc4jMount path [destination]
path is the context root of the application and destination is an ajp13 destination, a cluster, or an instance. cluster
is the default destination type. Example 6-2 shows complete syntax of the directive for a cluster destination, the default destination type. It is not necessary to specify the OC4J instance when routing requests to applications deployed in the home
OC4J instance.
Example 6-2 OC4JMount Directive to Route to FAQApp in the J2EEApps cluster
Oc4jMount /FAQApp/* cluster://myCluster:myOC4JInstance
Save and close the file.
Copy the file from WEBHOST1 to WEBHOST2.
Restart the Oracle HTTP Server on WEBHOST1 and WEBHOST2.
The Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider (also referred to as JAZN) LDAP-based provider is used for authentication and authorization to the OC4J applications.
In the myJ2EECompany configuration, this provider is used without Oracle Application Server Single Sign-On, because communication to the data tier is prohibited (Oracle Application Server Single Sign-On requires Portal Services access to the database). This section explains how to configure the Oracle Application Server instances on the application tier to use the JAZN LDAP provider.
For instructions on how to use Oracle Enterprise Manager 10g to manage the data in this provider, see Chapter 8 in the Oracle Application Server Containers for J2EE Security Guide.
To configure an Oracle Application Server instance to use the JAZN LDAP provider, follow the instructions in Section 5.2, "Option 2: Using the Oracle Application Server Java Authentication and Authorization Service (JAAS) Provider".