|
Oracle® Application Server Enterprise Deployment Guide
10g Release 2 (10.1.2) for Windows or UNIX B13998-03 |
|
 Previous |
 Next |
|
Oracle® Application Server Enterprise Deployment Guide
10g Release 2 (10.1.2) for Windows or UNIX B13998-03 |
|
|
Previous |
Next |
This chapter provides instructions for creating the Application and Web Server tiers of the myPortalCompany architecture, distributing the software components into the DMZs shown in the Enterprise Deployment architecture depicted in Figure 2-2.
Before you perform the tasks in this chapter, a two-node Real Application Clusters (RAC) database must be installed. In this chapter, the server names for the database hosts are APPDBHOST1 and APPDBHOST2. Ideally, these are separate physical databases from INFRADBHOST1 and INFRADBHOST2. In addition to isolating the security components, separate application databases provide the flexibility needed to maintain and tune application and security parameters separately.
This chapter contains the following topics:
Section 7.1, "Installing the Metadata Repository for the Application Infrastructure"
Section 7.2, "Configuring the Load Balancing Router or Proxy Server"
Section 7.3, "Installing the Application Tier"
Section 7.4, "Testing the Application Server Tier"
Section 7.5, "Configuring Custom Java Portal Development Kit (JPDK) Providers"
Section 7.6, "Setting the OracleAS Single Sign-On Query Path URL for External Applications"
|
Note: For detailed information on OracleAS Portal and its configurations, see the Oracle Application Server Portal Configuration Guide. |
You must install the OracleAS Metadata Repository before you install components into the Application Infrastructure. Oracle Application Server provides a tool, the Oracle Application Server Metadata Repository Creation Assistant, to create the OracleAS Metadata Repository in an existing database.
The OracleAS Metadata Repository Creation Assistant is available on the OracleAS Metadata Repository Creation Assistant CD-ROM or the Oracle Application Server DVD-ROM. You install the OracleAS Metadata Repository Creation Assistant in its own, separate Oracle home.
To install the OracleAS Metadata Repository, you must perform these steps:
Install the OracleAS Metadata Repository Creation Assistant, following the steps in Section 4.1.1.
Ensure that the database meets the requirements specified in the "Database Requirements" section of the Oracle Application Server Metadata Repository Creation Assistant User's Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using. In addition, ensure that:
The database computer has at least 512 MB of swap space available for execution of the OracleAS Metadata Repository Creation Assistant
There are no dependencies of any kind related to the ultrasearch directory in the database's Oracle home. The OracleAS Metadata Repository Creation Assistant replaces this directory with a new version, renaming the existing version of the directory to ultrasearch_timestamp.
Execute the OracleAS Metadata Repository Creation Assistant, following the steps in Section 4.1.2 or Section 4.1.3.
To install into a database using raw devices, follow the steps in Section 7.1.1, "Installing the Metadata Repository in a Database Using Raw Devices".
To install into a database using Oracle Cluster File System, follow the steps in Section 7.1.2, "Installing the Metadata Repository in an Oracle Cluster File System (OCFS)".
Perform the post-installation step described in Section 4.1.4.
Follow these steps to install the Metadata Repository into an existing two-node Real Application Clusters (RAC) database using raw devices:
Create raw devices for the Oracle Application Server Metadata Repository, using the values in Section B.2, "Tablespace Mapping to Raw Devices Sample File".
|
Tip: The command to create tablespaces is specific to the volume manager used. For example, the command to create a tablespace in VERITAS Volume Manager isvxassist.
|
Create a file to map the tablespaces to the raw devices. Each line in the file has the format:
tablespace name=raw device file path
You can use the sample file shown in Example B-1, "Tablespace to Raw Device Mapping (Sample File)", replacing the file paths with the paths on your system. Append a 1 to the tablespace names, as shown in the sample file.
|
Note: Creating the sample file is not mandatory; you can enter the tablespace values into the Specify Tablespace Information screen during execution of the OracleAS Metadata Repository Creation Assistant. |
Populate the DBCA_RAW_CONFIG environment variable with the full path and filename of the tablespace mapping file.
Ensure that the database and listener are running.
Ensure that the NLS_LANG environment variable is not set to a non-English locale, or is set to american_america.us7ascii, with one of the following commands:
unsetenv NLS_LANG
setenv NLS_LANG american_america.us7ascii
|
Note: If you need to, you can set NLS_LANG to its original value after executing the OracleAS Metadata Repository Creation Assistant. |
Start the OracleAS Metadata Repository Creation Assistant from the OracleAS Metadata Repository Creation Assistant Oracle home with this command:
runRepca
The Welcome screen appears.
Click Next.
The Specify Oracle Home screen appears.
In the Oracle Home field, specify the full path of the database Oracle home.
In the Log File Directory field, specify the full path of the directory on the current computer in which you want the OracleAS Metadata Repository Creation Assistant to write its log files. Ensure correct input for the Log File Directory on this screen, as you will not be able to change it after you have proceeded beyond this screen.
Click Next.
The Select Operation screen appears.
Select Load and Register and click Next.
The Specify Database Connection screen appears.
Enter the SYS user name and password and the host and port information. For example:
infradbhost1.mycompany.com:1521,infradbhost2.mycompany.com:1521
Click Next.
The Specify Storage Options screen appears.
Select Regular or Cluster File System.
The Specify Tablespace Information screen appears, displaying the values from the file specified by the DBCA_RAW_CONFIG environment variable.
Correct the values, if necessary, and click Next.
The Warning: Check Disk Space dialog appears if your SYSTEM and UNDO tablespaces are set to autoextend.
Check the disk space as specified in the dialog and click OK.
The Specify Oracle Internet Directory Connect screen appears.
Enter the virtual host name for the Oracle Internet Directory, oid.mycompany.com, and port 389.
The Specify Login for Oracle Internet Directory screen appears.
Enter the user name and password to log in to Oracle Internet Directory. Note that:
The user must belong to the iASAdmins group.
You can provide the user's simple name (for example, jdoe) or the user's Distinguished Name (DN) (for example, cn=orcladmin).
If the Oracle Internet Directory has multiple realms, you must enter the realm that contains the specified user. (The realm value is not used if you log in as cn=orcladmin, since the superuser does not belong to any realm.)
Click Next.
The Specify Oracle Context screen appears.
Specify the location in Oracle Internet Directory in which the OracleAS Metadata Repository will be installed, and click Next.
The Loading Repository screen appears. The tablespaces and schemas are created and populated.
The Success screen appears.
Click OK.
The OracleAS Metadata Repository Creation Assistant exits.
Follow these steps to install the Metadata Repository into an existing two-node Real Application Clusters (RAC) database using an OCFS file system:
Ensure that the database and listener are running.
Start the OracleAS Metadata Repository Creation Assistant from the OracleAS Metadata Repository Creation Assistant Oracle home with this command:
runRepca
The Welcome screen appears.
Click Next.
The Specify Oracle Home screen appears.
In the Oracle Home field, specify the full path of the database Oracle home.
In the Log File Directory field, specify the full path of the directory on the current computer in which you want the OracleAS Metadata Repository Creation Assistant to write its log files. Ensure correct input for the Log File Directory on this screen, as you will not be able to change it after you have proceeded beyond this screen.
Click Next.
The Select Operation screen appears.
Select Load and Register and click Next.
The Specify Database Connection screen appears.
Enter the SYS user name and password and the host and port information. For example:
infradbhost1.mycompany.com:1521,infradbhost2.mycompany.com:1521
Click Next.
The Specify Storage Options screen appears.
Select Regular or Cluster File System.
The Specify Tablespace Information screen appears.
Select a directory option (Use Same Directory for All Tablespaces or Use Individual Directories for Each Tablespace) and complete the remaining fields. When specifying a directory, ensure that it is an existing, writable directory with sufficient free space. Click Next.
The Warning: Check Disk Space dialog appears if your SYSTEM and UNDO tablespaces are set to autoextend.
Check the disk space as specified in the dialog and click OK.
The Specify Oracle Internet Directory Connect screen appears.
Enter the virtual host name for the Oracle Internet Directory, oid.mycompany.com, and port 389.
The Specify Login for Oracle Internet Directory screen appears.
Enter the user name and password to log in to Oracle Internet Directory. Note that:
The user must belong to the iASAdmins group.
You can provide the user's simple name (for example, jdoe) or the user's Distinguished Name (DN) (for example, cn=orcladmin).
If the Oracle Internet Directory has multiple realms, you must enter the realm that contains the specified user. (The realm value is not used if you log in as cn=orcladmin, since the superuser does not belong to any realm.)
Click Next.
The Specify Oracle Context screen appears.
Specify the location in Oracle Internet Directory in which the OracleAS Metadata Repository will be installed, and click Next.
The Loading Repository screen appears. The tablespaces and schemas are created and populated.
The Success screen appears.
Click OK.
The OracleAS Metadata Repository Creation Assistant exits.
If you are using a Load Balancing Router, it must be configured to enable the following:
A virtual IP address (VIP1) that listens for requests to portal.mycompany.com on port 443 (an HTTPS listening port), and balances them to the Application tier OracleAS Web Cache running on APPHOST1 port 7777 (an HTTP listening port). You must configure the Load Balancing Router to perform the protocol conversion.
The virtual IP address VIP1 listens for requests to portal.mycompany.com on port 7777 (an HTTP listening port), and balances them to the Application tier OracleAS Web Cache on APPHOST1 port 7777 (an HTTP listening port). Port 7777 on the Load Balancing Router receives the HTTP loop-back requests made by the Parallel Page Engine on APPHOST1. This 7777 port also receives requests from the Portal Metadata Repository for web provider design time messages. This configuration may require a Network Address Translation (NAT) rule in the Load Balancing Router in order for the loop-back request from the PPE to succeed.
|
Note: For security reasons, port 7777 on the Load Balancing Router should not be visible to external users. |
The virtual IP address VIP1 listens for requests to portal.mycompany.com on port 9401 (an HTTP listening port), and balances them to the Application Tier OracleAS Web Cache on APPHOST1 port 9401 (an HTTP listening port). Port 9401 port on the Load Balancing Router receives invalidation messages from the OracleAS Portal Repository when content that is cached in OracleAS Web Cache becomes stale. This configuration might require a Network Address Translation (NAT) rule in the Load Balancing Router in order for the invalidation requests from the OracleAS Portal repository to succeed.
|
Note: VIP1 listens on 443 for external traffic, on port 7777 for Parallel Page Engine loop-back messages, and port 9401 for invalidation messages.For security reasons, port 9401 on the Load Balancing Router should not be visible to external users. |
HTTP monitoring of OracleAS Web Cache. The Load Balancing Router must be configured to detect an inoperative computer and stop routing requests to it until it is functioning again. Two OracleAS Web Cache ports must be monitored: the HTTP request port and the invalidation port.
To monitor port 7777, use the following URL in the Load Balancing Router configuration:
hostname:port/_oracle_http_server_webcache_static_.html
For example:
http://apphost1.mycompany.com:7777/_oracle_http_server_webcache_static_.html
If the Load Balancing Router receives a response from this URL, then the OracleAS Web Cache instance is running. If not, then the process or the server is down, and the Load Balancing Router will forward all requests to the surviving computer.
To monitor port 9401, use the following URL in the Load Balancing Router configuration:
http://hostname.domain.com:9401
For example:
http://apphost1.mycompany.com:9401
The Load Balancing Router sends an HTTP request to this URL; the response header resembles the following:
HTTP/1.0
The Load Balancing Router must be configured to detect the string HTTP in the first line of the response header. Thus, when the Load Balancing Router detects HTTP in the first line of the response header, the invalidation port is available. If not, then all invalidation requests are routed to the surviving computer.
If you are using a proxy server, follow the instructions in Section 9.2, "Configuring a Reverse Proxy for OracleAS Portal and OracleAS Single Sign-On".
|
Note: You must also update the sqlnet.ora file to prevent connection time outs related to the Load Balancing Router and firewall. See Section 4.1.5, "Configuring the Time out Value in the sqlnet.ora File". |
Follow the tasks in this section to install the Application Tier components (APPHOST1 and APPHOST2) into the Application tier:
Section 7.3.1, "Installing the First Application Server on APPHOST1"
Section 7.3.3, "Configuring the First Application Server on APPHOST1"
Section 7.3.4, "Installing the Second Application Server on APPHOST2"
Section 7.3.5, "Configuring the Second Application Server on APPHOST2"
Section 7.3.6, "Configuring OracleAS Web Cache Clusters"
Section 7.3.7, "Configuring Load Balancing and Monitoring"
Section 7.3.8, "Enabling Session Binding on OracleAS Web Cache Clusters"
Section 7.3.9, "Modifying the Oracle Application Server Welcome Page"
Follow these steps to install an Oracle Application Server middle tier on APPHOST1:
Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticport.ini file from the Disk1/stage/Response directory to a local directory, such as TMP.
Edit the staticport.ini file to assign the following custom ports:
Oracle HTTP Server port = 7777 Oracle HTTP Server Listen port = 7778 Web Cache HTTP Listen port = 7777 Web Cache Administration port = 9400 Web Cache Invalidation port = 9401 Web Cache Statistics port = 9402 Application Server Control port = 1810
|
Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature as described to install the Application Server Tier ensures that the port assignments will be consistent with the documentation in this section, if the ports are correctly specified in the file and the port is not already in use. Otherwise:
See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information. Port 80 is open on the firewall only to accept and redirect requests using the HTTP (non-secure) protocol. Requests using the HTTP protocol (in the form http://www.mycompany.com) are redirected to port 443. Requests using the HTTPS, or secure, protocol (in the form https://www.mycompany.com) are managed by port 443. |
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory directory and the operating system group that has write permission to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for installation (Source)
The name and path to the Oracle home (Destination)
Specify the path and click Next.
The Select a Product to Install screen appears.
Figure 7-1 Oracle Universal Installer Select a Product to Install Screen
Select Oracle Application Server 10g, as shown in Figure 7-1, and click Next.
The Select Installation Type screen appears.
Figure 7-2 Oracle Universal Installer Select Installation Type Screen
Select Portal and Wireless, as shown in Figure 7-2, and click Next.
The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met and click Next.
The Select Configuration Options screen appears.
Figure 7-3 Oracle Universal Installer Select Configuration Options Screen
Select OracleAS 10g Portal, as shown in Figure 7-3, and click Next.
The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini file, and click Next.
The Register with Oracle Internet Directory screen appears.
Figure 7-4 Oracle Universal Installer Register with Oracle Internet Directory Screen
Enter the host name and port of the Oracle Internet Directory load balancing router. Do not select the SSL configuration option.
Click Next.
The Specify OID Login screen appears.
Enter the user name and the password and click Next.
The Select OracleAS 10g Metadata Repository screen appears, displaying a drop-down list of connect strings that the installer detected.
Select the connect string for the application Metadata Repository database (on APPDBHOST1 and APPDBHOST2) and click Next.
The Specify Instance Name and ias_admin Password screen appears.
Specify an instance name and the Oracle Application Server administrator's password and click Next.
The Summary screen appears.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the root.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
Verify that the installation was successful by accessing the OracleAS Portal page at:
http://apphost1.mycompany.com:7777/pls/portal
Access the ORACLE_HOME/portal/conf/iasconfig.xml file. The contents of the file are shown in the subsequent example:
<IASConfig XSDVersion="1.0"> <IASInstance Name="portal1.apphost1.mycompany.com" Host="apphost1.mycompany.com"> <WebCacheComponent ListenPort="7777" InvalidationPort="9401" InvalidationUsername="invalidator" InvalidationPassword="@Bc1McTtma3AWSaWWNcKWrL8My70JWKuGzA==" SSLEnabled="false" AdminPort="9400"/> <EMComponent ConsoleHTTPPort="1810" SSLEnabled="false"/> </IASInstance> <IASInstance Name="iAS-1.oid.mycompany.com" Host="oid.mycompany.com"> <OIDComponent AdminPassword="@BQawXztGTg7lxfli+kN/597S10OHPbDXFQ==" AdminDN="cn=orcladmin" SSLEnabled="false" LDAPPort="389"/> </IASInstance> <PortalInstance DADLocation="/pls/portal" SchemaUsername="portal" SchemaPassword="@BRnRWTvlme0pk1rSfv/X5oS3LtsWk8wKTA==" ConnectString="cn=ptmr,cn=oraclecontext"> <WebCacheDependency ContainerType="IASInstance" Name="portal1.apphost1.mycompany.com"/> <OIDDependency ContainerType="IASInstance" Name="iAS-1.oid.mycompany.com"/> <EMDependency ContainerType="IASInstance" Name="portal1.apphost1.mycompany.com"/> </PortalInstance> </IASConfig>
|
Note: The valueportal1 in the IASInstance element is the instance name specified in step 22.
|
The Load Balancing Router must be configured to:
Balance requests to portal.mycompany.com on port 443 (an HTTPS listening port) to the Application tier OracleAS Web Cache running on APPHOST1 port 7777 (an HTTP listening port).
Balance requests to portal.mycompany.com on port 7777 (an HTTP listening port) to the Application tier OracleAS Web Cache on APPHOST1 port 7777 (an HTTP listening port). Port 7777 on the Load Balancing Router receives the HTTP loop-back requests made by the Parallel Page Engine on APPHOST1. This configuration requires a Network Address Translation (NAT) rule in the Load Balancing Router in order for the loop-back request from the PPE to succeed.
Balance requests to portal.mycompany.com on port 9401 (an HTTP listening port) to the Application Tier OracleAS Web Cache on APPHOST1 port 9401 (an HTTP listening port). Port 9401 port on the Load Balancing Router receives invalidation messages from the OracleAS Portal Repository when content that is cached in OracleAS Web Cache becomes stale. This configuration might require a Network Address Translation (NAT) rule in the Load Balancing Router in order for the invalidation requests from the OracleAS Portal repository to succeed.
Monitor OracleAS Web Cache. The Load Balancing Router must be configured to detect an inoperative computer and stop routing requests to it until it is functioning again. Two OracleAS Web Cache ports must be monitored: the HTTP request port and the invalidation port.
Use this URL in the Load Balancing Router configuration to monitor HTTP request port 7777:
host name:port/_oracle_http_server_webcache_static_.html
for example:
http://apphost1.mycompany.com:7777/_oracle_http_server_webcache_static_.html
To monitor invalidation port 9401, use this URL:
http://apphost1.mycompany.com:9401/_oracle_http_server_webcache_static_.html
Upon installation of the first application server, the iasconfig.xml file shown at the end of Section 7.3.1 yields an OracleAS Web Cache configuration with the functionality shown in Figure 7-5.
Figure 7-5 Pre-Configuration Listener Setup on First Application Server
The configuration of the OracleAS Portal application server tier on APPHOST1 consists of the following tasks:
Follow these steps to use the SSL Configuration Tool to configure SSL on APPHOST1:
Set the ORACLE_HOME environment variable to the Oracle home in which OracleAS Portal resides.
Verify that the Oracle Internet Directory server is running by issuing this command in ORACLE_HOME/bin:
Create a file, ORACLE_HOME/configMyPortal.xml file to include the following:
<sslconfig> <mid_tier> <virtual_address ssl="on" host="portal.mycompany.com" port="443" inv_port="9401" ssl_terminate="lbr"/> <lbr loopback_port="7777"/> </mid_tier> </sslconfig>
Issue this command in ORACLE_HOME/bin:
./SSLConfigTools -config_w_file ORACLE_HOME/configMyPortal.xml -opwd orcladmin password -ptl_inv_pwd webcache invalidation password
In the preceding command, orcladmin password is the Oracle administrator password, and webcache invalidation password is the invalidation password for OracleAS Web Cache.
Log in to the OracleAS Single Sign-On Administration page as the Administrator, and use the Administer Partner Applications page to delete the entry for the partner application apphost1.mycompany.com.
Configure the OmniPortlet and Web Clipping Provider registration URLs to go through the HTTP port of the Load Balancing Router:
Access the OracleAS Portal page at https://portal.mycompany.com/pls/portal and log in as the portal administrator.
Click the Navigator link.
Click the Providers tab.
Click the Registered Providers link.
Click the Edit Registration link.
Click the Connection tab and change the beginning of the provider registration URL from https://portal.mycompany.com/ to http://portal.mycompany.com:7777/.
Perform steps e and f for the Web Clipping Provider.
To prevent access to Oracle Enterprise Manager 10g from the outside, the link provided by OracleAS Portal must be changed back to point to the internal server. To do this, on APPHOST1, issue the following command in ORACLE_HOME/portal/conf:
ptlconfig -dad portal -em
You must configure the OracleAS Portal Tools providers (OmniPortlet and OracleAS Web Clipping) to work in this configuration. Follow these steps on APPHOST1 to configure the Portal Tools Provider:
Configure OmniPortlet to use a shared preference store. (By default, the OmniPortlet provider uses the file-based preference store. However, in a multiple middle tier environment, you must use a shared preference store, such as the database preference store DBPreferenceStore.) To configure OmniPortlet to use DBPreferenceStore, perform the following steps:
Navigate to the directory ORACLE_HOME/j2ee/OC4J_Portal/applications/jpdk/jpdk/doc/dbPreferenceStore.
Create a user on the database containing the PORTAL schema, and grant create resource and connect privileges, using the create user and grant connect commands in SQL*Plus. Substitute the actual password in the following command. Do not use the default password of welcome, as this poses a security risk.
create user prefstore identified by password;
grant connect, resource to prefstore;
Connect as user prefstore and execute the jpdk_preference_store2.sql script by issuing this command:
@jpdk_preference_store2
Edit the ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml file to add the entry in the subsequent example:
<data-source class="com.evermind.sql.DriverManagerDataSource" name="omniPortletprefStore" location="jdbc/UnPooledConnection" xa-location="jdbc/xa/XAConnection" ejb-location="jdbc/PooledConnection" connection-driver="oracle.jdbc.driver.OracleDriver" username="prefstore" password="password" url="jdbc:oracle:thin:@(description=(address_list= (address=(host=appdbhost1.mycompany.com)(protocol=tcp)(port=1521)) (address=(host=appdbhost2.mycompany.com)(protocol=tcp)(port=1521)) (load_balance=yes)(failover=yes))(connect_data=(service_name= db9i)))" inactivity-timeout="30" />
|
Note: Embedding passwords in deployment and configuration files poses a security risk. If you do not want to use a clear text password in thedata-sources.xml file, you can create an indirect password by following the steps in Section 7.3.3.4, "Creating an Indirect Password".
|
Edit the ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml file to edit the preferenceStore tag as shown in the subsequent example:
<provider class="oracle.webdb.reformlet.ReformletProvider"> <vaultId>0</vaultId> <session>true</session> <preferenceStore class="oracle.portal.provider.v2.preference.DBPreferenceStore"> <name>omniPortletprefStore</name> <connection>jdbc/PooledConnection</connection> </preferenceStore>
Restart the OC4J_Portal instance.
Optionally, you can change the settings for the HTTP proxy configuration, or the repository used by OmniPortlet and OracleAS Web Clipping.
You can change the settings on the Portal Tools Edit Provider pages accessible from the Portal Tools providers' test pages. The test pages are located at the following URLs:
OmniPortlet provider test page on APPHOST1:
http://apphost1.mycompany.com:7777/portalTools/omniPortlet/providers/omniPortlet
Web Clipping provider test page on APPHOST1:
http://apphost1.mycompany.com:7777/portalTools/webClipping/providers/webClipping
Verify that OmniPortlet and the Web Clipping Provider work properly through the HTTP port of the Load Balancing Router, by accessing the test pages at the following URLs:
OmniPortlet Provider:
http://portal.mycompany.com:7777/portalTools/omniPortlet/providers/omniPortlet
|
Note: If the "No Portlets Available" message appears under the Portlet Information section in the OmniPortlet Provider test page, then the provider may not be configured correctly. Review Step 1 to ensure correct configuration. The Portlet Information section should list the following:OmniPortlet Simple Parameter Form |
Web Clipping Provider:
http://portal.mycompany.com:7777/portalTools/webClipping/providers/webClipping
|
Note: If, while accessing the test pages, you are prompted to examine the site's certificate, accept the certificate. |
As an alternative to using a cleartext password in the data-sources.xml file, you can create an indirect password by following these steps:
Edit the ORACLE_HOME/j2ee/OC4J_Portal/config/jazn-data.xml file to add the prefstore user in the jazn.com realm, as shown in bold:
<realm> <name>jazn.com</name> <users> <user> <name>prefstore</name> <display-name>OmniPortlet prefstore</display-name> <description>OmniPortlet prefstore</description> <credentials>!welcome</credentials> </user> <user> ...
Edit the ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml file again to use the indirect password by replacing the password attribute as follows:
password="->jazn.com/prefstore"
Access the following URL:
https://login.mycompany.com/pls/orasso
Refresh the Portlet Repository so that the Portal Tools portlets appear in the Portlet Builders folder in the Portlet Repository:
Log in as the portal administrator, and click the Builder link.
Click the Administrator tab.
Click the Portlets sub-tab.
Click the Refresh Portlet Repository link in the Portlet Repository portlet.
The refresh operation continues in the background.
|
Note: If you execute ptlconfig at any time after completing the steps in Section 7.3.3.3, "Configuring the Portal Tools Providers on APPHOST1" you must repeat the steps in this section. |
When a cached OracleAS Portal object is modified, the OracleAS Portal metadata repository database sends an invalidation message to OracleAS Web Cache to invalidate that object. Since the target configuration has two instances of OracleAS Web Cache, the invalidation message must be load balanced across both OracleAS Web Cache instances. This is an example of component level load balancing.
Before you proceed with this verification, ensure that messages can be sent from the computer hosting the database to the Load Balancing Router. To do this, issue the following command from INFRADBHOST1 and INFRADBHOST2:
telnet portal.mycompany.com 9401
Verify that no connection failure message is returned.
You must first configure a certificate in Oracle Enterprise Manager 10g on APPHOST1 in order to successfully monitor the OracleAS Portal metrics using the Oracle Enterprise Manager 10g Application Server Control Console. Perform these steps to configure the Application Server Control Console to recognize the Certificate Authority that was used by the Web Site to support HTTPS:
Obtain the Certificate of the Web site's Certificate Authority, as follows:
In Microsoft Internet Explorer, connect to the HTTPS URL of the application server you are attempting to monitor.
Double-click the lock icon at the bottom of the browser screen, which indicates that you have connected to a secure Web site. The browser displays the Certificate dialog box, which describes the Certificate used for this Web site. Other browsers offer a similar mechanism to view the Certificate detail of a Web Site.
Click the Certificate Path tab, and select the first entry in the list of certificates.
Click View Certificate to display a second Certificate dialog box.
Click the Details tab in the Certificate window.
Click Copy to File to display the Certificate Manager Export wizard.
In the Certificate Manager Export wizard, select Base64 encoded X.509 (.CER) as the format you want to export, and save the certificate to a text file with an easily identifiable name, such as ias_certificate.cer.
Open the certificate file using a text editor, and confirm that the content of the certificate file looks similar to the content in the subsequent example:
-----BEGIN CERTIFICATE-----
MIIDBzCCAnCgAwIBAgIQTs4NcImNY3JAs5edi/5RkTANBgkqhkiG9w0BAQQFADCB
...
base64 certificate content
...
-----END CERTIFICATE-----
Update the list of Certificate Authorities, as follows:
Locate the b64InternetCertificate.txt file in the ORACLE_HOME/sysman/config directory. This file contains a list of Base64 Certificates.
Edit the b64InternetCertificate.txt file and add the contents of the certificate file you just exported to the end of the file, taking care to include all the Base64 text of the certificate, including the BEGIN and END lines.
Use the orapki utility to update the monwallet Oracle wallet by issuing the following command:
ORACLE_HOME/bin/orapki wallet add -wallet ORACLE_HOME/sysman/config/monwallet -trusted_cert -cert certificate location
In the preceding command, certificate location is the full path to the location of the ias_certificate.cer file.
When prompted, enter a password for the monwallet wallet file. The default password is welcome.
Perform these steps to enable monitoring of the Load Balancing Router's front-end host and port settings for OracleAS Portal:
Locate the OracleAS Portal targets, for example, TYPE="oracle_portal".
Edit the PortalListeningHostPort property so that it points to the Load Balancing Router. For example:
<Property NAME="PortalListeningHostPort" VALUE="https://portal.mycompany.com:443"/>
Save and close the targets.xml file.
Reload the targets.xml file in the Application Server Control Console by issuing this command in ORACLE_HOME/bin:
emctl reload
Restart the Application Server Control Console by issuing the following commands in ORACLE_HOME/bin:
emctl stop iasconsole
emctl start iasconsole
Perform the following tests:
Access OracleAS Web Cache and Oracle HTTP Server through the Load Balancing Router with following URL:
https://portal.mycompany.com
Test the connection to the Oracle Application Server Metadata Repository through the Load Balancing Router, by accessing the following URL:
https://portal.mycompany.com/pls/portal/htp.p?cbuf=test
The response should be test. If this is the result, the Oracle Application Server middle-tier was able to connect to the OracleAS Metadata Repository. If it is not, review APPHOST1_ORACLE_HOME/Apache/Apache/logs/error_log and APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/application-deployments/portal/OC4J_Portal_default_island_1/application.log for information on how to resolve the error.
Test the Oracle AS Portal using following URL (ensure that you can log in):
https://portal.mycompany.com/pls/portal
Verify that content is being cached in OracleAS Web Cache on APPHOST1, using Web Cache Administrator. Under Monitoring, click Popular Requests. Select Cached from the Filtered Objects drop-down list, and click Update.
If you accessed OracleAS Portal, portal content (for example, URLs that contain /pls/portal) will appear. If there is no portal content, open another browser and log in to OracleAS Portal. Return to the Popular Requests page, and click Update to refresh the page content.
Add a portlet to a page, and then verify that the new content is present. If the new content does not display properly, or if errors occur, then the OracleAS Web Cache invalidation is not configured correctly.
Follow these steps to install an Oracle Application Server middle tier on APPHOST2:
Ensure that the system, patch, kernel and other requirements are met as specified in the Oracle Application Server Installation Guide. You can find this guide in the Oracle Application Server platform documentation library for the platform and version you are using.
Copy the staticport.ini file from the Disk1/stage/Response directory to a local directory, such as TMP.
Edit the staticport.ini file to assign the following custom ports:
Oracle HTTP Server port = 7777 Oracle HTTP Server Listen port = 7778 Web Cache HTTP Listen port = 7777 Web Cache Administration port = 9400 Web Cache Invalidation port = 9401 Web Cache Statistics port = 9402 Application Server Control port = 1810
|
Notes: Ensure that these ports are not already in use by any other service on the computer. Using the Static Ports feature as described to install the Application Server Tier ensures that the port assignments will be consistent with the documentation in this section, if the ports are correctly specified in the file and the port is not already in use. Otherwise:
See Section B.3, "Using the Static Ports Feature with Oracle Universal Installer" for more information. |
Start the Oracle Universal Installer as follows:
On UNIX, issue this command: runInstaller
On Windows, double-click setup.exe
The Welcome screen appears.
Click Next.
On UNIX systems, the Specify Inventory Directory and Credentials screen appears.
Specify the directory you want to be the oraInventory directory and the operating system group that has write permission to it.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the orainstRoot.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Specify File Locations screen appears with default locations for:
The product files for installation (Source)
The name and path to the Oracle home (Destination)
|
Note: Ensure that the Oracle home directory path for APPHOST2 is the same as the path to the Oracle home location of APPHOST1. For example, if the path to the Oracle home on APPHOST1 is:
then the path to the Oracle home on APPHOST2 must be:
All instructions for copying files from one computer to another assume this convention. |
Specify the path and click Next.
The Select a Product to Install screen appears.
Figure 7-6 Oracle Universal Installer Select a Product to Install Screen
Select Oracle Application Server 10g, as shown in Figure 7-6, and click Next.
The Select Installation Type screen appears.
Figure 7-7 Oracle Universal Installer Select Installation Type Screen
Select Portal and Wireless, as shown in Figure 7-7, and click Next.
The Confirm Pre-Installation Requirements screen appears.
Ensure that the requirements are met and click Next.
The Select Configuration Options screen appears.
Figure 7-8 Oracle Universal Installer Select Configuration Options Screen
Do not select any configuration options, as shown in Figure 7-8, and click Next.
|
Note: Selecting the Oracle Application Server 10g Portal option in this screen now will overwrite the previously created configuration entries. For more information, refer to the Oracle Application Server Portal Configuration Guide, section titled "Configuring OracleAS Portal During and After Installation". |
The Specify Port Configuration Options screen appears.
Select Manual, specify the location of the staticports.ini file, and click Next.
The Register with Oracle Internet Directory screen appears.
Figure 7-9 Oracle Universal Installer Register with Oracle Internet Directory Screen
Enter the host name and port of the Oracle Internet Directory load balancing router. Do not select the SSL configuration option.
Click Next.
The Specify OID Login screen appears.
Enter the user name and the password and click Next.
The Select OracleAS 10g Metadata Repository screen appears, displaying the connect string for the repository database that the installer detected.
Click Next.
The Specify Instance Name and ias_admin Password screen appears.
Specify an instance name and the Oracle Application Server administrator's password that you specified in the first installation and click Next.
|
Note: The passwords must be the same in order to use OracleAS Web Cache clustering functionality. |
The Summary screen appears.
Click Next.
On UNIX systems, a dialog appears, prompting you to run the root.sh script.
Open a window and run the script, following the prompts in the window.
Return to the Oracle Universal Installer screen and click Next.
The Configuration Assistants screen appears. Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the End of Installation screen appears.
Click Exit, and then confirm your choice to exit.
The configuration of the OracleAS Portal application server tier on APPHOST2 consists of the following tasks:
Configuring the Oracle HTTP Server with the Load Balancing Router on APPHOST2
Configuring the Parallel Page Engine Loop-Back with the Load Balancing Router on APPHOST2
Modifying the Portal Dependency Settings (iasconfig.xml) File on APPHOST2
The first task is to configure OracleAS Portal, using the Oracle Enterprise Manager 10g Application Server Control Console. Follow these steps to configure OracleAS Portal, beginning on the Application Server page:
Click Configure Component.
The Select Component page appears.
Select Portal from the drop-down list.
The Login page appears.
Enter the ias_admin password and click Finish.
The configuration process may take 10-20 minutes to complete.
Before you continue with the OracleAS Portal application server configuration, ensure that the following is configured:
You are able to resolve portal.mycompany.com from APPHOST2, either with DNS or with an entry in the hosts file, such that it contacts the Load Balancing Router. To ensure you can resolve portal.mycompany.com:
Issue this command from APPHOST2:
nslookup portal.mycompany.com
The IP address for the Load Balancing Router should be returned.
You are able to contact port 7777 on portal.mycompany.com from APPHOST2. Issue this command on APPHOST2:
telnet portal.mycompany.com 7777
Verify that no connection failure message is returned.
This step associates the components on which OracleAS Portal depends with the Load Balancing Router, portal.mycompany.com on port 443.
Access the Oracle Enterprise Manager 10g Application Server Control Console.
Click the link for the APPHOST2 installation.
Click the HTTP Server link.
Click the Administration link.
Click Advanced Server Properties.
Open the httpd.conf file.
Perform the following steps:
Add the LoadModule certheaders_module directive for the appropriate platform.
UNIX:
LoadModule certheaders_module libexec/mod_certheaders.so
Windows:
LoadModule certheaders_module modules/ApacheModuleCertHeaders.dll
Add the following lines to create a NameVirtualHost directive and a VirtualHost container for portal.mycompany.com and port 443.
NameVirtualHost *:7778<VirtualHost *:7778>ServerName portal.mycompany.comPort 443ServerAdminyou@your.addressRewriteEngine OnRewriteOptions inheritSimulateHttps On</VirtualHost>
|
Notes: TheLoadModuleLoadModule rewrite_module directive) must appear in the httpd.conf file at a location preceding the VirtualHost directives. The server must load all modules before it can execute the directives in the VirtualHost container.
It is a good idea to create the VirtualHost directives at the end of the |
Create a second NameVirtualHost directive and a VirtualHost container for apphost2.mycompany.com and port 7777.
NameVirtualHost *:7778<VirtualHost *:7778>ServerName apphost2.mycompany.comPort 7777ServerAdminyou@your.addressRewriteEngine OnRewriteOptions inherit</VirtualHost>
Save the httpd.conf file, and restart the Oracle HTTP Server when prompted.
Copy the APPHOST1_ORACLE_HOME/Apache/modplsql/conf/dads.conf file to APPHOST2_ORACLE_HOME/Apache/modplsql/conf/.
Copy the APPHOST1_ORACLE_HOME/Apache/oradav/conf/oradav.conf file to APPHOST2_ORACLE_HOME/Apache/oradav/conf/.
Copy the APPHOST1_ORACLE_HOME/Apache/modplsql/conf/cache.conf file to APPHOST2_ORACLE_HOME/Apache/modplsql/conf/cache.conf.
Save the manual configuration changes to the DCM repository by issuing this command in APPHOST2_ORACLE_HOME/dcm/bin:
dcmctl updateconfig -ct ohs
Use the Application Server Control Console to access the mod_plsql configuration pages.
Select the portal DAD and click Edit.
Click Apply.
The required mod_rewrite and mod_oc4j directives are added.
In this step, you enable (non-SSL) loop-back communication between the Load Balancing Router and the Parallel Page Engines on APPHOST1 and APPHOST2. If the OracleAS Web Cache on APPHOST1 is down, the Parallel Page Engine can loop back to the OracleAS Web Cache on APPHOST2 through the Load Balancing Router to reach Portal Services. This is an example of component-level high availability.
Follow these steps to create the loop-back configuration:
Open the APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portal/portal/WEB-INF/web.xml file.
Locate the Page servlet section and add the lines shown in bold:
<servlet> <servlet-name>page</servlet-name> <servlet-class>oracle.webdb.page.ParallelServlet</servlet-class> <init-param> <param-name>useScheme</param-name> <param-value>http</param-value> </init-param> <init-param> <param-name>usePort</param-name> <param-value>7777</param-value> </init-param> <init-param> <param-name>httpsports</param-name> <param-value>443</param-value> </init-param> </servlet>
Save the web.xml file.
The configuration now provides component-level high availability, since if the OracleAS Web Cache on APPHOST1 is down, the Parallel Page Engine can loop back to the OracleAS Web Cache on APPHOST2, through the Load Balancing Router, to reach Portal Services.
Save the manual configuration changes in the Distributed Configuration Management repository by issuing the following command on APPHOST2 in ORACLE_HOME/dcm/bin:
dcmctl updateconfig
Restart all components on APPHOST2 by issuing the following command in ORACLE_HOME/opmn/bin:
opmnctl stopall
opmnctl startall
The Portal Dependency Settings file iasconfig.xml must contain the correct host, port and farm name to enable access to OracleAS Portal and perform OracleAS Web Cache invalidation.
You must propagate the configuration changes made to Portal Tools providers on APPHOST1 to APPHOST2 by following these steps:
Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml file to:
APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/omniPortlet/WEB-INF/providers/omniPortlet/provider.xml
Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/webClipping/WEB-INF/providers/webClipping/provider.xml file to:
APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/applications/portalTools/webClipping/WEB-INF/providers/webClipping/provider.xml
Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml file to:
APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/config/data-sources.xml.
Copy the APPHOST1_ORACLE_HOME/j2ee/OC4J_Portal/config/jazn-data.xml file to:
APPHOST2_ORACLE_HOME/j2ee/OC4J_Portal/config/jazn-data.xml
Restart the OC4J_Portal instance.
Back up the APPHOST2_ORACLE_HOME/Apache/Apache/conf/osso/osso.conf file.
Use FTP binary mode to copy the APPHOST1_ORACLE_HOME/Apache/Apache/conf/osso/osso.conf file to APPHOST2_ORACLE_HOME/Apache/Apache/conf/osso.
Synchronize the DCM repository with the values in the obfuscated osso.conf file by issuing the following command: $ORACLE_HOME/Apache/Apache/bin/ssotransfer $ORACLE_HOME/Apache/Apache/conf/osso/osso.conf
|
Note: This does not create any new partner applications; it enables the partner application portal.mycompany.com forAPPHOST1 and APPHOST2. |
Issue this command in ORACLE_HOME/dcm/bin:
dcmctl updateconfig
Restart the components on APPHOST2 by issuing these commands in APPHOST2_ORACLE_HOME/opmn/bin:
opmnctl stopall
opmnctl startall
Access the following URL:
https://login.mycompany.com/pls/orasso
Log in to the OracleAS Single Sign-On Administration page as the Administrator, and use the Administer Partner Applications page to delete the entry for the partner application apphost2.mycompany.com.
To cluster the OracleAS Web Cache instances, you will perform the configuration steps on APPHOST1 and propagate them to APPHOST2.
From the Oracle Enterprise Manager Application Server Control, you can access the Web Cache Manager, the graphical user interface provided for editing the configuration stored in the webcache.xml file. Start the Oracle Application Server instance on APPHOST1, then follow these steps to access the Web Cache Manager from the System Components page:
Access the Web Cache Administrator at:
http://apphost1.mycompany.com:9400/webcacheadmin
The Web Cache Administrator password dialog appears.
For the user name, enter ias_admin or administrator, and enter the OracleAS Web Cache administrator password.
The Web Cache Manager page appears. A scrollable frame on the left side of the window contains groups of configuration elements. To access an element, click its link. The content area of the page is then populated with the values for that element.
Click Clustering in the Properties section.
The Clustering page appears.
In the Cluster Members table, click Add.
The Add Cache to Cluster page appears.
Enter the following information for APPHOST2:
Host Name: apphost2.mycompany.com
Admin. Port: 9400
Protocol for Admin. Port: HTTP
Cache Name: apphost2.mycompany.com-Webcache
Capacity: 20
Click Submit.
Click the Origin Server link in the Origin Servers, Sites, and Load Balancing section.
The Origin Server page appears.
Click Add under the Application Web Servers table.
The Add Application Web Server page appears.
Enter the following information:
Hostname: apphost2.mycompany.com
Port: 7778
Routing: ENABLED
Capacity: 30
Failover Threshold: 5
Ping URL: /
Ping Interval: 10
Protocol: HTTP
Click Submit.
Click the Site-to-Server Mapping link in the Origin Servers, Sites, and Load Balancing section.
The Site-to-Server Mapping page appears.
Select the mapping for the Load Balancing Router site (portal.mycompany.com) from the table and click Edit Selected.
The Edit/Add Site-to-Server Mapping page appears.
In the Select Application Web Servers section, select an application Web server specified in the Origin Servers page for apphost2.mycompany.com (apphost1.mycompany.com is already mapped).
Click Submit.
Click Apply Changes.
In the Cache Operations page, click Propagate.
The changes are propagated to apphost2.mycompany.com.
Click Restart.
OracleAS Web Cache is restarted on APPHOST1 and APPHOST2. OracleAS Web Cache on APPHOST1 begins to balance requests to the Oracle HTTP Server and OC4J_Portal instances on APPHOST2.
After the clustering operation is completed, OracleAS Web Cache on APPHOST1 will start balancing requests to the Oracle HTTP Server and OC4J_Portal instances running on APPHOST2. Repeat the steps in Section 7.3.3.8, "Testing the Configuration on APPHOST1" to confirm that the Oracle HTTP Server and OC4J_Portal instances on APPHOST2 were configured properly.
|
Tip: If these tests yield unsatisfactory or unexpected results, revisit the configuration steps performed to identify the cause. If the site is accepting live traffic, you might find it useful to temporarily remove the new OracleAS Web Cache instance from the cluster, revisiting the configuration while the new middle tier is completely off-line. After the problem is resolved, you can redo the clustering operation and perform the validation again. |
Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings
You must first configure a certificate in Oracle Enterprise Manager 10g on APPHOST2 in order to successfully monitor the OracleAS Portal metrics using the Oracle Enterprise Manager 10g Application Server Control Console. Perform the steps in Section 7.3.3.7, "Enabling Monitoring of the Load Balancing Router's OracleAS Portal Host and Port Settings" to configure the Application Server Control Console to recognize the Certificate Authority that was used by the Web Site to support HTTPS.
Follow the steps in Section 7.3.2, "Configuring Load Balancing and Monitoring" (substituting APPHOST2) to configure the Load Balancing Router to recognize the second application server instance.
The Session Binding feature in OracleAS Web Cache is used to bind user sessions to a given origin server to maintain state for a period of time. Although almost all components running in a default OracleAS Portal middle tier are stateless, session binding is required for two reasons:
The Web Clipping Studio, used by both the OracleAS Web Clipping Portlet and the Web Page Data Source of OmniPortlet, uses HTTP session to maintain state, for which session binding must be enabled.
Enabling session binding forces all the user requests to go to a specific OracleAS Portal middle-tier, resulting in a better cache hit ratio for the portal cache.
Follow these steps on APPHOST1 or APPHOST2 to enable session binding in OracleAS Web Cache:
Access the Web Cache Administrator at:
http://apphost1.mycompany.com:9400
The Web Cache Administrator password dialog appears.
Enter the OracleAS Web Cache administrator password.
The Web Cache Manager page appears. A scrollable frame on the left side of the window contains groups of configuration elements. To access an element, click its link. The content area of the page is then populated with the values for that element.
Click the Session Binding link in the Origin Servers, Sites, and Load Balancing section.
The Session Binding page appears.
Select the Load Balancing Router site, portal.mycompany.com:443, from the table and click Edit Selected.
The Edit Session Binding window opens.
Select Any Set-Cookie from the Please select a session drop-down list.
Select Cookie-based from the Please select a session binding mechanism drop-down list.
Click Submit.
Click Apply Changes.
On the Cache Options page, click Propagate.
The changes are propagated to the OracleAS Web Cache instance on the other computer.
Click Restart.
OracleAS Web Cache is restarted on APPHOST1 and APPHOST2.
The default Welcome page for the Oracle Application Server provides a link to the Oracle Application Server Farm page. When you access the secure server's Welcome page, access is provided to the Farm page (through the link in the Oracle Application Server Logins section), which displays the internal server name and port in the URL when the Farm page is accessed. This behavior is contraindicated by the security policy to hide internal server names, and should be modified.
To ensure that internal server names are not exposed by the Oracle Application Server Welcome page on the external server, you can do one of the following:
Subsitute a custom index.html page for the external server
Modify the external server's standard index.html page to eliminate the following content:
Oracle Application Server Logins
To manage and monitor Oracle Application Server, log on to Oracle Enterprise Manager 10g Application Server Control:
username: ias_admin
password: specified during install
To register a Web provider that is exposed over SSL, you must have a copy of the root certificate of the certificate authority used by the Web provider. If the Web provider is using an unknown or uncommon certificate authority, you must add the appropriate root certificate (using Base-64 encoded X.509 format) to the set of trusted certificates recognized by the Oracle database hosting the OracleAS Metadata Repository containing the OracleAS Portal schema.
If the Portal schema is located in an OracleAS Metadata Repository Creation Assistant database, and if the release of that Oracle Database is earlier than 10g (10.1.0.x), then you do not need to perform these steps.
To register Web providers or provider groups, perform these steps:
Navigate to the ORACLE_HOME/javavm/lib/security directory in the Oracle home containing the Oracle database that hosts the OracleAS Metadata Repository containing the OracleAS Portal schema.
Create a backup of the truststore file cacerts, for example, cacerts.bak.
Issue this command to add the required certificate to the trust store:
ORACLE_HOME/jdk/bin/keytool -import -alias alias name -file root certificate file name -trustcacerts -v -keystore $ORACLE_HOME/javavm/lib/security/cacerts
Provide the trust store password, and type yes when prompted for confirmation.
The Federated Portal Adapter uses the Oracle HTTP Server rewrite rules to simplify URLs for registering providers. By default, these rewrite rules are only specified for HTTP communication.
Follow these steps to enable the Federated Portal Adapter for SSL:
Edit the Virtual Hosts section of the ORACLE_HOME/Apache/Apache/conf/ssl.conf file as follows:
## SSL Virtual Host Context
##
#
# NOTE: this value should match the SSL Listen directive set previously in this
# file otherwise your virtual host will not respond to SSL requests.
#
<VirtualHost _default_:3011>
# General setup for the virtual host
DocumentRoot /u01/app/oracle/product/as10g/Apache/Apache/htdocs
ServerName apphost1.mycompany.com
ServerAdmin you@your.address
ErrorLog /u01/app/oracle/product/as10g/Apache/Apache/logs/error_log
TransferLog "/u01/app/oracle/product/as10g/Apache/Apache/logs/access_log"
Port 3001
SSLEngine on
SSLCipherSuite
SSL_RSA_WITH_RC4_128_MD5:SSL_RSA_WITH_RC4_128_SHA:SSL_RSA_WITH_3DES_EDE_CBC_SHA:SSL_RSA_WITH_DES_CBC_SHA:SSL_RSA_EXPORT_WITH_RC4_40_MD5:S
SL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSLWallet file:/u01/app/oracle/product/as10g/Apache/Apache/conf/ssl.wlt/default
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory /u01/app/oracle/product/as10g/Apache/Apache/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /u01/app/oracle/product/as10g/Apache/Apache/logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x
%{SSL_CIPHER}x \"%r\" %b"
RewriteEngine on
RewriteOptions inherit
</VirtualHost>
Issue this command in ORACLE_HOME/dcm/bin to update the Distributed Configuration Management repository with the changes:
dcmctl updateconfig
Restart the Oracle Application Server instance by issuing these commands in ORACLE_HOME/opmn/bin:
opmnctl stopall
opmnctl startall
If OracleAS Portal was configured using Oracle Enterprise Manager, the Oracle Ultra Search instance is not configured automatically. Therefore, the Ultra Search Administration link in OracleAS Portal will not work. To set this up, you must create an Oracle Ultra Search instance. For instructions, see the Oracle Ultra Search Administrator's Guide.
After you create an Oracle Ultra Search instance, perform the steps in this section to enable Oracle Ultra Search access to secure Web sites, and register OracleAS Portal as a content source.
For Oracle Ultra Search to access secure Web sites, you must import certificates into the crawler's trust store and the OC4J JVM's trust store.By default, the OC4J JVM recognizes certificates of well-known certificate authorities. However, if the secure portal instance uses a self-signed certificate or a certificate signed by an unknown certificate authority, then that certificate must be imported into the OC4J JVM's trust store. The OC4J JVM default trust store is located at ORACLE_HOME/jdk/jre/lib/security/cacerts.To add the required certificate to the trust store, perform the following steps:
Navigate to ORACLE_HOME/jdk/jre/lib/security.
Create a backup of the trust store file cacerts (for example, cacerts.bak).
Issue this command to add the required certificate to the trust store:
$ORACLE_HOME/jdk/bin/keytool -import -alias aliasName -file root certificate file name -trustcacerts -v -keystore $ORACLE_HOME/jdk/jre/lib/security/cacerts
Provide the trust store password, and type Yes when prompted for confirmation.
Repeat Steps 1 through 4 on the Oracle Application Server Infrastructure that contains the Oracle Ultra Search crawler.
To register OracleAS Portal as an Oracle Ultra Search content source:
Access the Ultra Search administration tool by clicking Ultra Search Administration in the Services portlet.
|
Note: By default, the Services portlet is on the Portal sub-tab of the Administer tab on the Portal Builder page. |
Log in.
On the Instances tab, select the instance to manage.
Click Apply to set the instance.
On the Crawler tab, enter the Cache Directory Location and the Crawler Log File Directory.
|
Note: These directories are on the Oracle Application Server middle tier computer. For example, you could enter/tmp for the Cache Directory Location and /tmp for the Crawler Log File Directory.
|
On the Sources tab, click the Oracle Sources sub-tab, choose Oracle Portal (Crawlable) from the Create Source drop-down list and click Go.
(Optional) Edit the OracleAS Portal data source and customize the types of documents the Oracle Ultra Search crawler should process. HTML and plain text are the default document types that the crawler will always process, but you can add other document types such as MS Word Doc, MS Excel Doc, PDF, and so on.
Enter OracleAS Portal registration details:
Enter the Portal Name.
Change the /pls URL format in 10.1.4. For the URL base, enter the base URL for the portal. Use the format:
http://host:port/pls/portal DAD/portal schema
For example:
http://apphost1.mycompany.com:7777/pls/portal/portal
Click Register Portal.
Select the page groups that you would like to create data sources for and then click Create Portal Data Sources. (Optional: Edit each of the portal data sources to add content types for processing. For example, you can add the MS Word Doc, MS Excel Doc, or PDF Doc types.)
|
Note: A page group is available as a crawlable data source when:
See the Oracle Application Server Portal User's Guide for more information. |
On the Schedules tab, schedule the indexing of the portal data sources:
Click Create New Schedule and enter a name for the schedule.
Click Proceed to Step 2 and specify synchronization schedule details.
Click Proceed to Step 3, select Portal from the drop down list and then click Get Sources.
Move the sources over to the Assigned Sources box and click Finish. (Optional: Click the Status link for the source to run the synchronization immediately.)
After you have registered OracleAS Portal as an Oracle Ultra Search content source, you can register the Oracle Ultra Search provider with OracleAS Portal.
The complete configuration is shown in Figure 7-10.
Figure 7-10 Final Application Server Configuration: APPHOST1 and APPHOST2
To ensure that it is working as it should, perform the following tests:
Ensure that all components on APPHOST2 are running.
Issue this command ORACLE_HOME/opmn/bin to query the components' status:
opmnctl status
If necessary, issue this command in ORACLE_HOME/opmn/bin:
opmnctl startall
Stop all components on APPHOST1 by issuing this command in ORACLE_HOME/opmn/bin:
opmnctl stopall
Access OracleAS Web Cache and Oracle HTTP Server through the Load Balancing Router with following URL:
https://portal.mycompany.com
Test the connection to Oracle Application Server Metadata Repository through the Load Balancing Router, by accessing the following URL:
https://portal.mycompany.com/pls/portal/htp.p?cbuf=test
The response should be test. If this is the result, the Oracle Application Server middle-tier was able to connect to the OracleAS Metadata Repository. If it is not, review these files for information on how to resolve the error:
Test the Oracle AS Portal using following URL (ensure that you can log in):
https://portal.mycompany.com/pls/portal
Verify that content is being cached in OracleAS Web Cache on APPHOST2, using Web Cache Administrator. Under Monitoring, click Popular Requests. Select Cached from the Filtered Objects drop-down list, and click Update.
If you accessed OracleAS Portal, portal content (for example, URLs that contain /pls/portal) will appear. If there is no portal content, open another browser and log in to OracleAS Portal. Return to the Popular Requests page, and click Update to refresh the page content.
Add a portlet to a page, and then verify that the new content is present. If the new content does not display properly, or if errors occur, then the OracleAS Web Cache invalidation is not configured correctly.
Repeat steps 3 through 7, first ensuring that all components on APPHOST1 are running, and all components on APPHOST2 are stopped. (Refer to steps 1 and 2 for the commands to do this.)
Repeat steps 3 through 7, first ensuring that all components on APPHOST1 and APPHOST2 are running. (Refer to steps 1 and 2 for the commands to do this.)
There are two types of JPDK providers: custom JPDK providers, which are created by users, and seeded JPDK providers, such as the OracleAS Portal Tools (Web Clipping and OmniPortlet) providers, which are created by the OracleAS Portal installation. This section recommends a deployment scheme, and explains how to configure the custom JPDK providers.
|
Note: In multiple middle tier environments that use aLoad Balancing Router, all JPDK applications must be re-registered with the Load Balancing Router URL. This URL or port need not be accessible from outside of the firewall; port 7777, which is configured for the Parallel Page Engine loop back, can also be used for the JPDK registration port. You could also designate a separate URL for the JPDK applications on a separate Virtual IP address of the Load Balancing Router. |
If you are using custom J2EE applications with session APIs, and you need to replicate state between the JPDK instances on multiple middle tiers, you must deploy JPDK and custom J2EE applications on separate OC4J instances. The applications can then use OC4J session state replication, with OC4J islands, to automatically replicate the session state across multiple processes in an application server instance, and in a cluster, across multiple application instances operating on different computers.
Follow these steps to deploy custom JPDK providers:
Use the Oracle Enterprise Manager 10g Application Server Control Console to create a new OC4J instance named OC4J_JPDK on APPHOST1 and APPHOST2.
Use the Application Server Control Console to deploy the custom providers in the OC4J_JPDK instances on APPHOST1 and APPHOST2.
Use the Application Server Control Console to start the OC4J_JPDK on APPHOST1 and APPHOST2.
Configure your provider registration URL to go through the Load Balancing Router, and verify that the provider works properly through the Load Balancing Router, by accessing the test page at the following URL:
http://portal.mycompany.com:7777/<webApp>/providers/<provider name>
A Manually Managed OracleAS Cluster provides the following load balancing and high availability services to a group of Oracle Application Server instances:
Replication of session state across instances in the cluster
Load balancing of requests among instances in the cluster
Transparent failover of requests to a surviving instance in the cluster
A Manually Managed OracleAS Cluster does not provide configuration management services to the cluster (automatic synchronization of instance configurations within the cluster). You must make configuration changes on each instance in the cluster.
|
Note: See the Oracle Application Server High Availability Guide for a complete discussion of types of clusters. |
The following tasks are required to configure a Manually Managed OracleAS Cluster of the Oracle Application Server instances hosting the OC4J_JPDK instances. Follow the steps in each of the sections listed to configure the Manually Managed OracleAS Cluster:
To operate stateful applications, you must replicate the state among OC4J instances in the Manually Managed OracleAS Cluster. This section explains how to configure state replication for Web applications and EJB applications in the OC4J instances.
Perform these steps on APPHOST1 and APPHOST2 to configure state replication:
Start Oracle Enterprise Manager 10g Application Server Control Console.
Click the link for the instance you want to configure.
The Application Server page appears.
Click OC4J_JPDK in the System Components table.
The OC4J:OC4J_JPDK page appears.
Click Administration.
Click Replication Properties in the Instance Properties column.
Select the Replicate session state checkbox in the Web Applications section.
Leave the Multicast Host and Multicast Port fields blank.
|
Note: You may provide a multicast host IP address and port number (if you do not, the default is IP address 230.0.0.1 and port 23791). The IP address must be within the range 224.0.0.2 through 239.255.255.255.Do not use the same multicast address for HTTP and EJB. |
Click Apply.
A confirmation page appears with the message "Replication properties have been applied."
Click OK.
You must configure J2EE applications to operate in a cluster. To configure the applications, you must edit the web.xml and orion-web.xml files for each application on APPHOST1 and APPHOST2. Follow the steps in this section to configure the applications for clustering.
Start Oracle Enterprise Manager 10g Application Server Control Console.
Click the link for the instance you want to configure.
The Application Server page appears.
Click OC4J_JPDK in the System Components table.
The OC4J:OC4J_JPDK page appears.
Click Applications.
Click the name of the web application to configure in the Deployed Applications section.
The Application page for the application appears.
Edit the orion-web.xml file as follows:
Click the module name in the Web Modules section.
The Web Module page for the module appears.
Click Advanced Properties.
The Edit orion-web.xml page appears.
Edit the file to add the cluster-config tag within the orion-web-app tag. An example of an added cluster-config tag is shown in the following lines.
<orion-web-app ... >
...
<cluster-config/>
...
</orion-web-app>
Click Apply.
A confirmation page appears with the message "Changes have been applied to orion-web.xml."
Click No to answer the prompt to restart the server. You will restart the instance after completing all of the required edits.
The Edit orion-web.xml page appears.
Restart the OC4J_JPDK instances by issuing this command on APPHOST1 and APPHOST2:
opmnctl restartproc ias-component=OC4J
The mod_oc4j module of the Oracle HTTP Server routes HTTP requests to OC4J instances. mod_oc4j identifies requests by their URL prefix, or root context, and routes them to the application associated with that root context. By communicating with OPMN, mod_oc4j can determine the status of an OC4J instance (running or stopped), and route requests only to running instances.
Using the Oc4jMount directive in the ORACLE_HOME/Apache/Apache/conf/mod_oc4j.conf file, you can specify request routing destinations for OC4J applications, and designate APPHOST1 and APPHOST2 as failover candidates for one another.
Follow these steps on APPHOST1 and APPHOST2:
On the Oracle Enterprise Manager 10g page, select the instance from the Standalone Instances section.
The Application Server page for the instance appears.
Click the HTTP_Server link.
The HTTP Server page appears.
Click Administration.
A list of links appears.
Click Advanced Server Properties.
A list of configuration files appears.
Click the mod_oc4j.conf link.
The Edit mod_oc4j.conf screen appears.
Add an Oc4JMount directive to specify the instance to which requests should be load balanced. For example:
Oc4jMount path instance://APPHOST1instance:OC4J_Portal,APPHOST2instance:OC4J_Portal
In the preceding example, path specifies the URI pattern of the request (such as the context root or application directory, that is, /myapp/*). APPHOST1 and APPHOST2 specify the instance names of the Oracle Application Server instances.
|
Tip: To determine the Oracle Application Server instance names, issue this command inAPPHOST1_ORACLE_HOME/dcm/bin and APPHOST2_ORACLE_HOME/dcm/bin:
|
Click Apply.
A confirmation page appears with the message "Configuration changes have been saved. The HTTP Server must be restarted for the changes to take effect. Would you like to restart now?"
Click Yes.
A confirmation page appears with the message "HTTP_Server has been restarted."
Click OK.
The Edit mod_oc4j.conf screen appears.
Click the Application Server link.
The Application Server page appears.
This section explains how to set the URL for the OracleAS Single Sign-On query path. You need only perform this task if you are using external applications.
OracleAS Portal maintains the URL prefix of OracleAS Single Sign-On, which accesses certain information through HTTP requests from the database using the UTL_HTTP package. These requests must be made over the HTTP protocol (rather than HTTPS). Consesquently, even if OracleAS Portal and OracleAS Single Sign-On are configured to use HTTPS, OracleAS Single Sign-On must still have access to an HTTP port, so that it can support these interfaces. The purpose of the requests is to:
Obtain the list of external applications to allow customization of the External Applications portlet.
Map OracleAS Single Sign-On user names to external application user names.
Perform these steps to set the URL:
Configure the Load Balancing Router (login.mycompany.com) with an internal network address translated port 7777, to receive requests from the OracleAS Portal database and pass them to both OracleAS Single Sign-On Oracle HTTP Servers.
Log on to OracleAS Portal as the portal administrator.
Click the Administer tab.
Click the Portal tab.
Click Global Settings in the Services portlet.
Click the SSO/OID tab.
Edit the Query Path URL Prefix under SSO Server Settings. Enter a URL for OracleAS Single Sign-On, for example:
http://login.mycompany.com:7777pls/orasso
Allow OracleAS Portal to access the single sign-on server using the HTTP protocol.
In the ORACLE_HOME/sso/conf/sso_apache.conf file, uncomment and modify (as shown in bold) this directive:
<Location "/pls/orasso/*[Aa][Pp][Pp][Ss]_[Ll][Ii][Ss][Tt]">
Order deny,allow
Deny from all
Allow from fully qualified OracleAS Portal host name
</Location>
Save and close the file.
Issue this command in ORACLE_HOME/dcm/bin:
dcmctl updateconfig
Configure the rule for the Load Balancing Router. The example, for the Big IP Load Balancing Router, is presented for illustration only. In practice, you should ensure that any access rule you apply is consistent with the load balancing router in use.
if (client_addr != <infrastructure db IP> netmask 255.255.255.0 and
(http_uri starts_with
"/pls/orasso/orasso.wwsso_app_admin.external_apps_list" or
http_uri starts_with
"/pls/orasso/orasso.wwsso_app_admin.validate_user")) {
discard
}
else {
use pool SSO
}
Connection availability for OracleAS Portal is governed by the pool of connections to the OracleAS Portal database. The default idle time out for the pooled database connections is 15 minutes, and is configurable with the PlsqlIdleSessionCleanupInterval parameter. See the Oracle HTTP Server Administrator's Guide for information on setting this parameter.
In order to prevent intermittent connection problems when accessing OracleAS Portal, the time out value for this parameter must always be lower than the firewall time out settings between the Oracle Application Server middle tier and the OracleAS Portal database, and the Load Balancing Router time out settings. If it is not, OracleAS Portal will try to use a pooled connection that has already been timed out by the firewall, and errors will occur.
