Wow, that’s a long title. =)
My buddy Alex over at IDM.guru recently put up a posting about how to use the new Oracle Identity Management Deployment wizard to do the entire Fusion Middleware stack as basically a silent install. It’s pretty awesome.
For most of us though, running these things locally consumes a massive VM, so I’ve started using Amazon EC2 instances as my VM’s.
I spent a couple days tweaking the deployment wizard to 1) work, and 2) work on a EC2 instance out of the box. The following is my runbook on how to do this.
*DISCLAIMER*
Following these instructions may end civilization as we know it. I hold no responsibility for your actions =)
/
Also, at the end, there’s some startup stuff that’s not fully worked out. I’m just currently swamped with work, and wanted to release this instead of just sitting on it for another month or two to really polish it up.
Enjoy!
– Create Instance (OEL 6.5 w/ 7.5GB RAM + 120gb HDD)
– Install X11 support
sudo yum install xorg-x11-xauth.x86_64 xorg-x11-server-utils.x86_64
sudo yum groupinstall “X Window System”
log out and then login with -X flag:
ssh -X -i ~/Dropbox/IDMserver.pem [email protected]
– make user oracle
sudo useradd oracle
sudo passwd oracle (make password: Passw0rd)
sudo vi /etc/sudoers
add in this under root line:
oracle ALL=(ALL:ALL) ALL
sudo vi /etc/hosts
127.0.0.1 idmrockstar
sudo vi /etc/sysconfig/network
HOSTNAME=idmrockstar
sudo hostname idmhost
– make some swap space (you need at least 512k, use ‘free’ to check)
sudo dd if=/dev/zero of=/swapfile bs=1024 count=8388608
sudo mkswap /swapfile
sudo swapon /swapfile
sudo vi /etc/fstab
/swapfile swap swap defaults 0 0
free
– get oracle patch
Download Oracle patch for OEL6 from here: https://support.oracle.com/epmos/faces/ui/patch/PatchDetail.jspx?_afrLoop=448240105471014&patchId=18440102&_afrWindowMode=0&_adf.ctrl-state=5zye3movj_79
(ref: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1662923.1)
unzip p18440102_111220_Generic.zip
cp refhost.xml /opt/installers/IDM/installers/iamsuite/Disk1/stage/prereq/linux64
cp refhost.xml /opt/installers/IDM/installers/appdev/Disk1/stage/prereq/linux64
cp refhost.xml /opt/installers/IDM/installers/webgate/Disk1/stage/prereq/linux64
cp refhost.xml /opt/installers/IDM/installers/webtier/Disk1/stage/prereq/linux64
cp refhost.xml /opt/installers/IDM/installers/oud/Disk1/stage/prereq/linux64
cp refhost.xml /opt/installers/IDM/installers/soa/Disk1/stage/prereq/linux64
– Get PreReqs
cd /etc/yum.repos.d
sudo wget –no-check-certificate https://public-yum.oracle.com/RPM-GPG-KEY-oracle-ol6 -O /etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
sudo wget http://public-yum.oracle.com/public-yum-ol6.repo
sudo yum install oracle-rdbms-server-11gR2-preinstall
sudo yum install compat-libstdc++-33-3.2.3-69.el6.i686
sudo yum install glibc-devel.i686 libgcc.i686 libstdc++-devel.i686
sudo yum install libXext.i686
sudo yum install libXtst.i686
sudo yum install compat-libcap1.i686
sudo yum install openmotif22.x86_64
sudo yum -y install binutils-2.17.50.0.6 compat-libstdc++-33-3.2.3 elfutils-libelf-0.125 elfutils-libelf-devel-0.125 elfutils-libelf-devel-static-0.125 gcc-4.1.2 gcc-c++-4.1.2 glibc-2.5-24 glibc-common-2.5 glibc-devel-2.5 glibc-headers-2.5 kernel-headers-2.6.18 ksh-20060214 libaio-0.3.106 libaio-devel-0.3.106 libgcc-4.1.2 libgomp-4.1.2 libstdc++-4.1.2 libstdc++-devel-4.1.2 make-3.81 numactl-devel-0.9.8.i386 sysstat-7.0.2 unixODBC pdksh unixODBC-devel elfutils-libelf-devel compat-db gnome-libs xscreensaver
– Download the installers
cd /opt
sudo mkdir installers
sudo mkdir apps
sudo chown oracle:oracle installers
sudo chown oracle:oracle apps
su oracle
http://www.oracle.com/technetwork/middleware/id-mgmt/downloads/oid-11gr2-2104316.html
– Check the “Accept License Agreement” radio button at the top, then scroll down to “Oracle Identity and Access Management Deployment Repository 11.1.2.2.0”
– Open firebug and goto the Net tab
– Click on “File 1”
– Copy the URL of the file being downloaded with the AuthParam token in it
Another list of tricks: http://www.pythian.com/blog/how-to-download-oracle-software-using-wget-or-curl/
nohup curl –location –cookie ./cookies.txt –insecure “http://download.oracle.com/otn/linux/middleware/11g/111220/ofm_iam_deployment_repo_linux_11.1.2.2.0_64_disk1_3of7.zip” -O ofm_iam_deployment_repo_linux_11.1.2.2.0_64_disk1_3of7.zip > 3.out &
[/TRICK]
nohup wget http://download.oracle.com/otn/linux/middleware/11g/111220/ofm_iam_deployment_repo_linux_11.1.2.2.0_64_disk1_1of7.zip?AuthParam=1398374440_5b7598f158ea0508ffa1dda58d4a802a -O ofm_iam_deployment_repo_linux_11.1.2.2.0_64_disk1_1of7.zip > 1.out &
Repeat the trick to download all 7 files. I think you can do 4 at once, hence nohup.
Unzip all the files
– Download Oracle Database and Install
Use same trick as above to get 11gR2 files for Linux x86-64 here:
http://www.oracle.com/technetwork/database/enterprise-edition/downloads/index.html
Unzip all db files (2)
cd database
./runInstaller
– Uncheck “I wish to…”
– Next >
– Close pop-up
– Create and configure a database
– Next >
– Desktop Class
– Next >
– Single Instance DB
– Next >
– Typical Install
– Next >
(Change the character set to AL32UTF8)
(Change processes from 150 to 500)
(Change OPEN_CURSORS from 300 to 800)
(Change sessions from 248 to 500)
– Oracle base: /opt/apps/oracle
– Software location: /opt/apps/oracle/product/11.2.0/dbhome_1
– Storage Type: File System
– Database file location: /opt/apps/oracle/oradata
– Database edition: Enterprise Edition
– OSDBA Group: oracle
– Global database name: orcl
– Administrative Password: Passw0rd
– Next >
– Inventory Directory: /opt/apps/oraInventory
– oraInventory Group Name: oracle
– Next >
– Fix & Check Again
packages that can be ignored:
libaio-0.3.105 (i386)
compat-libstdc++-33-3.2.3 (i386)
libaio-devel-0.3.105 (i386)
libgcc-3.4.6 (i386)
libstdc++-3.4.6 (i386)
unixODBC-2.2.11 (i386)
unixODBC-devel-2.2.11 (i386)
pdksh-5.2.14
– Check Ignore All
– Next >
– Finish
Global Database Name: orcl
SID: orcl
Server Parameter File name: /opt/apps/oracle/product/11.2.0/dbhome_1/dbs/spfileorcl.ora
Database Control URL: https://localhost:1158/em
Database encryption key: /opt/apps/oracle/product/11.2.0/dbhome_1/localhost_orcl/sysman/config/emkey.ora
– Click OK on popup
– Back in Terminal:
sudo /opt/apps/oracle/product/11.2.0/dbhome_1/root.sh
The following environment variables are set as:
ORACLE_OWNER= oracle
ORACLE_HOME= /opt/apps/oracle/product/11.2.0/dbhome_1
– Back in X, click OK
– Close
– Close
Verify the install
cd /opt/apps/oracle/product/11.2.0/dbhome_1
export ORACLE_HOME=/opt/apps/oracle/product/11.2.0/dbhome_1
export ORACLE_SID=orcl
./sqlplus
Username: sys as sysdba
Password: Passw0rd
– Install Java JDK
cd /opt/installers/java
– Download JRockit 6 Update 37 R28.2.5+
(currently: http://www.oracle.com/technetwork/java/javase/downloads/java-archive-downloads-jrockit-2192437.html)
chmod + x jrockit-jdk1.6.0_45-R28.2.7-4.1.0-linux-x64.bin
./jrockit-jdk1.6.0_45-R28.2.7-4.1.0-linux-x64.bin
– Next
– /opt/apps/java/jrockit-jdk1.6.0_45-R28.2.7-4.1.0
– Next
– Next
– Done
– Run the RCU to create Schemas (run twice to make 2 schemas)
<UNTESTED SILENT INSTALL FOR RCU>
oimpw.txt needs 6 passwords (each on a single line) and oampw.txt needs 7.
# OIM RCU Creation
/opt/installers/IDM/installers/fmw_rcu/linux/rcuHome/bin/rcu -silent -createRepository -connectString localhost:1521:ORCL -dbUser sys -dbRole sysdba -schemaPrefix DEV -component OIM -component MDS -component SOAINFRA -component ORASDPM -component OPSS < //opt/installers/IDM/oimpw.txt
# OAM RCU Creation
/opt/installers/IDM/installers/fmw_rcu/linux/rcuHome/bin/rcu -silent -createRepository -connectString localhost:1521:ORCL -dbUser sys -dbRole sysdba -schemaPrefix DEV2 -component MDS -component IAU -component OPSS -component OAM < /opt/installers/IDM/oampw.txt
to cleanup:
/opt/installers/IDM/installers/fmw_rcu/linux/rcuHome/bin/rcu -silent -dropRepository -databaseType ORACLE -connectString localhost:1521:ORCL -dbUser sys -dbRole sysdba -schemaPrefix DEV -component OIM -component MDS -component SOAINFRA -component ORASDPM -component OPSS < /opt/installers/IDM/oimpw.txt
/opt/installers/IDM/installers/fmw_rcu/linux/rcuHome/bin/rcu -silent -dropRepository -databaseType ORACLE -connectString localhost:1521:ORCL -dbUser sys -dbRole sysdba -schemaPrefix DEV2 -component MDS -component IAU -component OPSS -component OAM < /opt/installers/IDM/oampw.txt
</ UNTESTED SILENT INSTALL FOR RCU>
cd /opt/installers/IDM/installers/fmw_rcu/linux
unzip rcuHome.zip
cd bin
./rcu
– Next >
– Create
– Next >
– Database Type: Oracle Database
– Hostname: idmrockstar
– Port: 1521
– Service Name: orcl
– Username: sys
– Password: Passw0rd
– Role: SYSDBA
(if you can’t get a correct Service name, look inside your tnsnames.ora file)
(vi ./apps/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora)
– Next >
– OK
(Round 1)
– Create a new Prefix: DEV
– Expand Identity Management and check everything but OIM
– Next >
(Round 2)
– Create a new Prefix: DEVOIM
– Expand Identity Management and check only OIM
– Next >
– OK
– Use Same passwords for all schemas
– Password: Passw0rd
– Next >
– Next >
– OK
– OK
– Create
– Close
– Install the Deployment Wizard
export JAVA_HOME=/opt/apps/java/jrockit-jdk1.6.0_45-R28.2.7-4.1.0/
/opt/installers/IDM/installers/idmlcm/Disk1
./runInstaller -jreLoc $JAVA_HOME
– Next >
– Check – Skip Software Updates
– Next >
– Next >
– Oracle Middleware Home: /opt/apps/oracle/fmw/Middleware
– Oracle Home Directory: Oracle_IDMLCM1
– Next >
– Install
– Next >
– Finish
– Run Deployment Wizard to create Response File
cd /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin
./iamDeploymentWizard.sh
– Next >
– Create a New Identity and Access Management Deployment Response File
– Next >
– Uncheck “I wish to …”
– Next >
– Yes
Leave the defaults
– Next >
– OIM-OAM Integrated and Oracle Unified Directory (OUD)
– Next >
– Single Node
– Hostname: idmrockstar
– Next >
Lifecycle Management Store Location: /opt/apps/oracle/fmw/Middleware
Software Repository Location: /opt/installers/IDM
Software Installation Location: /opt/apps/oracle/fmw/Middleware
Shared Configuration Location: /opt/apps/oracle/fmw/Middleware/config
– Next >
Common IAM Password: Passw0rd
For records (usernames):
Weblogic Administrator: weblogic_idm
Node Manager: admin
OAM Administrator: oamadmin
OAM LDAP User: oamLDAP
OAM Oblix Anonymous User: OblixAnonymous
OIM LDAP User: oimLDAP
OIM Administrator: xelsysadm
OUD Administrator: cn=oudadmin
Next >
Port of First OUD Instance: 1389
SSL Port of First OUD Instance: 1636
Identity Store Realm DN: dc=idmrockstar,dc=com
Next >
HTTP Port: 7777
SSL Port: 4443
OIM Admin Front End Port: 7778
Next >
AdminServer Port: 7101
Port: 14000
Next >
Schema Prefix: DEV
Service Name: orcl
Single Instance Database
Host name: idmrockstar
Listener Port: 1521
Next >
Port: 8001
Next >
AdminServer Port: 7001
OAM Port: 14100
Cookie Domain: .idmrockstar (note the period in front of the host name)
Next >
Schema Prefix: DEV
Service Name: orcl
Single Instance Database
Host name: idmrockstar
Listener Port: 1521
Next >
Provisioning Response File Name: provisioning.rsp
Provisioning Summary: provisioning.summary
Directory: /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin
Finish
– Backup environment
Things go wrong, so to be able to easily revert, we take a backup
cd /opt/apps/oracle/fmw
tar cvfz backupOfMiddleware.tgz Middleware/
– Run Deployment Wizard using generated Response File to deploy
export ORACLE_HOME=/opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1
(just to make sure)
cd /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/idm-provisioning-build
cp idm-orchestration-build.xml idm-orchestration-build.xml-BAK
vi idm-orchestration-build.xml
Comment out the following lines: 98, 149, 331, and 332
Modify line 97 to false: <canPhaseStartOnThisHost phase=”install” fail=”false” />
cd /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin
(absolute paths are required when running runIAMDeployment.sh / must wait for one to finish before firing off the next. nohup incase terminal session dies.)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target preverify > preverify.out &
(Time 26 sec)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target install > install.out &
(Time 58 min 5 sec)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target preconfigure > preconfigure.out &
(Time 61 min 8 sec)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target configure > configure.out &
(Time 30 min 21 sec)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target configure-secondary > configure-secondary.out &
(Time 16 min 5 sec)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target postconfigure > postconfigure.out &
(Time 52 min 9 sec)
nohup ./runIAMDeployment.sh -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target startup > startup.out &
(Time 34 min 29 sec)
nohup ./runIAMDeployment.sh -ignoreSysPrereqs true -responseFile /opt/apps/oracle/fmw/Middleware/Oracle_IDMLCM1/provisioning/bin/provisioning.rsp -target validate > validate &
(Time 1 min 20 sec)
– Open the ports in Linux
sudo vi /etc/sysconfig/iptables
add these:
-A INPUT -m state –state NEW -m tcp -p tcp –dport 7001 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 14100 -j ACCEPT
-A INPUT -m state –state NEW -m tcp -p tcp –dport 7777 -j ACCEPT
sudo service iptables restart
– Open the ports in Amazon EC2
Edit the security group to allow these ports on TCP:
– 7001, 14100, 7777
Manual post provisioning steps
(ref: https://support.oracle.com/epmos/faces/DocumentDisplay?id=1662923.1)
Manual Steps required after IAM Deployment process for addressing
bug 18145786 – ADD REQUIRED URLS AS EXCLUDED RESOURCES IN OAM:
____________________________________________________________________________________________________________
Perform the following steps immediately after the IAM deployment process:
1) Log into oamconsole using the user “oamadmin”.
2) Select “Application Domains”.
3) Perform “Search”.
4) Select “IAM Suite”.
5) Select “Resources” and perform “Search”.
Adding New Resources:
6) Select “New Resource”. Add Type as “HTTP”, Host Identifier as “IAMSuiteAgent “, Resource URL as “/soa/**”, Operations as Default values, Protection Level as “Excluded”. Select Apply.
7) Select “New Resource”. Add Type as “HTTP”, Host Identifier as “IAMSuiteAgent “, Resource URL as “/soa-infra/**”, Operations as Default values, Protection Level as “Excluded”. Select Apply.
8) Select “New Resource”. Add Type as “HTTP”, Host Identifier as “IAMSuiteAgent “, Resource URL as “/provisioning-callback/**”, Operations as Default values, Protection Level as “Excluded”. Select Apply.
9) Select “New Resource”. Add Type as “HTTP”, Host Identifier as “IAMSuiteAgent “, Resource URL as “/CertificationCallbackService/**”, Operations as Default values, Protection Level as “Excluded”. Select Apply.
10) Select “New Resource”. Add Type as “HTTP”, Host Identifier as “IAMSuiteAgent “, Resource URL as “/odsm/**”, Operations as Default values, Protection Level as “Excluded”. Select Apply.
Changing Existing Resources:
11) Under IAM Suite -> Resources, Search for “/identity/**” Resource URL. Select Edit option. Change the Protection Level to “Excluded”. Select Apply.
12) Under IAM Suite -> Resources, Search for “/integration/**” Resource URL. Select Edit option. Change the Protection Level to “Excluded”. Select Apply.
How to start everything up from reboot
———————————————————
– Start DB
export ORACLE_HOME=/opt/apps/oracle/product/11.2.0/dbhome_1
export ORACLE_SID=orcl
cd /opt/apps/oracle/product/11.2.0/dbhome_1/bin
./lsnrctl start
./sqlplus
– sys as sysdba
– Passw0rd
– startup
– quit
– Start WebLogic
export ORACLE_HOME=/opt/apps/oracle/fmw/Middleware/
nohup /opt/apps/oracle/fmw/Middleware/config/domains/IAMAccessDomain/startWebLogic.sh > weblogic.out &
– Start Node Manager
nohup /opt/apps/oracle/fmw/Middleware/config/nodemanager/idmhost/startNodeManagerWrapper.sh > nodeManager.out &
– Start OUD
nohup /opt/apps/oracle/fmw/Middleware/config/instances/oud1/OUD/bin/start-ds > oud.out &
– Start OAM
nohup /opt/apps/oracle/fmw/Middleware/config/domains/IAMAccessDomain/bin/startManagedWebLogic.sh wls_oam1 > oam.out &
– Start SOA
nohup /opt/apps/oracle/fmw/Middleware/config/domains/IAMGovernanceDomain/bin/startManagedWebLogic.sh wls_soa1 > soa.out &
– Start OIM
nohup /opt/apps/oracle/fmw/Middleware/config/domains/IAMGovernanceDomain/bin/startManagedWebLogic.sh wls_oim1 > oim.out &
– Start OHS
/opt/apps/oracle/fmw/Middleware/config/instances/ohs1/bin/opmnctl startall