OID is going to used as the default naming service for a number of databases and the procedure below describes the steps used to make this achievable. For obvious reasons, I’ll have to mask some of the details.
Please note, as per the documentation configuration should be done right at the end after installing the IDM patchset, but we ran into an issue while running config.sh using that procedure, ultimately Oracle asked us to run the config.sh before installing the patchset. So you configure using 11.1.1.2 & then install the 11.1.1.3 patchset
Software
Software | Source |
Jdk 64 bit | jdk-6u18-linux-x64.bin |
Weblogic Server | wls1032_generic.jar |
WLS patchset 10.3.3 | p9618487_1033_Generic.zip |
RCU | ofm_rcu_linux_11.1.1.3.0_disk1_1of1.zip |
IDM 11.1.1.2 | ofm_idm_linux_11.1.1.2.0_64_disk1_1of1.zip |
IDM patchset 11.1.1.3 | p9585609_111130_Linux-x86-64.zip |
Ensure Certification & Prerequisites
Ensure nodemanager process is killed and ListenPort=7403 is present in file /app/oracle/Middleware/wlserver_10.3/common/emnodemanager/nodemanager.properties
The database which OID will use as a repository will need to have the following parameters set.
Set aq_tm_processes initialization process on the database to be more than 1.
SQL> alter system set aq_tm_processes=2 scope=both;
System altered.
SQL>
SQL> alter system set open_cursors=500 scope=both;
System altered.
SQL> grant execute on DBMS_LOCK to PUBLIC;
Grant succeeded.
SQL> grant execute on DBMS_JOB to PUBLIC;
Grant succeeded.
SQL>
The above two grant statements were added, because of an issue we will face without them, when we try to configure OID at the end of install.
Create the database schema for OID using RCU
RCU Documentation
Download RCU from
run rcu from RcuHome
[oracle@pxxxxxx001 bin]$ pwd
/app/oracle/stage/rcuHome/bin
[oracle@pxxxxxx001 bin]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 bin]$ ./rcu
Install 64-bit JDK for Linux
64-bit Weblogic Server does not come with its own JDK, we would have to install it separately.
Note id used ( ID 1063587.1)
[oracle@pxxxxxx001 oracle]$ mkdir -p /app/oracle/jdk16
[oracle@pxxxxxx001 oracle]$
Place the downloaded file (jdk-6u18-linux-x64.bin) in the folder created above.
[oracle@pxxxxxx001 jdk16]$ pwd
/app/oracle/jdk16
[oracle@pxxxxxx001 jdk16]$ ls -l
total 82896
-rw-r–r– 1 oracle oinstall 84794182 May 7 13:32 jdk-6u18-linux-x64.bin
Change permissions on the file
chmod 770 jdk-6u18-linux-x64.bin
Run the install file as oracle user
./jdk-6u18-linux-x64.bin
Accept the licence agreement and enter yes when prompted.
JDK is now installed under /app/oracle/jdk16/jdk1.6.0_18.
Please note that this JDK will be used by weblogic server and should never be updated/upgraded, unless requested by Oracle. |
Add the JAVA_HOME environment variable to .bash_profile for oracle user
JAVA_HOME=/app/oracle/jdk16/jdk1.6.0_18
export JAVA_HOME
Confirm the java version you just installed
[oracle@pxxxxxx001 ~]$ $JAVA_HOME/bin/java -version
java version “1.6.0_18″
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)
[oracle@pxxxxxx001 ~]$
Install Oracle Weblogic Server
Run the installer as follows
[oracle@pxxxxxx001 ~]$ cd /app/oracle/stage/
[oracle@pxxxxxx001 stage]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 stage]$ export PATH=$JAVA_HOME/bin:$PATH
[oracle@pxxxxxx001 stage]$ which java
/app/oracle/jdk16/jdk1.6.0_18/bin/java
[oracle@pxxxxxx001 stage]$ java -version
java version “1.6.0_18″
Java(TM) SE Runtime Environment (build 1.6.0_18-b07)
Java HotSpot(TM) 64-Bit Server VM (build 16.0-b13, mixed mode)
[oracle@pxxxxxx001 stage]$ java -d64 -jar wls1032_generic.jar
Extracting 0%……………………………………………………………………………………….100%
Add the following to .bash_profile for oracle user
MW_HOME=/app/oracle/Middleware
export MW_HOME
Install Oracle Identity Management Software
Start the installer as follows
[oracle@pxxxxxx001 Disk1]$ pwd
/app/oracle/stage/Disk1
[oracle@pxxxxxx001 Disk1]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 Disk1]$ ./runInstaller
Starting Oracle Universal Installer…
Checking Temp space: must be greater than 80 MB. Actual 2047 MB Passed
Checking swap space: must be greater than 500 MB. Actual 2047 MB Passed
[root@pxxxxxx001 ~]# /app/oracle/oraInventory/createCentralInventory.sh
Setting the inventory to /app/oracle/oraInventory
Setting the group name to oinstall
Creating the Oracle inventory pointer file (/etc/oraInst.loc)
Changing permissions of /app/oracle/oraInventory to 770.
Changing groupname of /app/oracle/oraInventory to oinstall.
The execution of the script is complete
[root@pxxxxxx001 ~]#
The memory was later on increased to 2Gb as you can see on the current server.
[root@pxxxxxx001 ~]# /app/oracle/Middleware/Oracle_IDM1/oracleRoot.sh
[root@pxxxxxx001 ~]#
Add the ORACLE_HOME variable to .bash_profile of the oracle user
ORACLE_HOME=/app/oracle/Middleware/Oracle_IDM1
export ORACLE_HOME
ORACLE_INSTANCE=/app/oracle/Middleware/asinst_1
export ORACLE_INSTANCE
Configure Oracle Internet Directory
[oracle@pxxxxxx001 ~]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 ~]$ echo $ORACLE_HOME
/app/oracle/Middleware/Oracle_IDM1
[oracle@pxxxxxx001 ~]$ $ORACLE_HOME/bin/config.sh
Starting Fusion Middleware Configuration Wizard
ORACLE_HOME set as /app/oracle/Middleware/Oracle_IDM1
PATH set as /app/oracle/Middleware/Oracle_IDM1/bin:/usr/kerberos/bin:/usr/local/bin:/bin:/usr/bin:/app/local/home/oracle/bin
LD_LIBRARY_PATH set as /app/oracle/Middleware/Oracle_IDM1/lib
Starting Oracle Universal Installer…
Checking swap space: must be greater than 500 MB. Actual 1537 MB Passed
Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2010-06-30_09-38-12AM. Please wait …[oracle@pxxxxxx001 ~]$ Log: /app/oracle/oraInventory/logs/install2010-06-30_09-38-12AM.log
Confirm Successful OID Configuration
[oracle@pxxxxxx001 ~]$ $ORACLE_INSTANCE/bin/opmnctl status -l
Processes in Instance: asinst_1
———————————+——————–+———+———-+————+———-+———–+——
ias-component | process-type | pid | status | uid | memused | uptime | ports
———————————+——————–+———+———-+————+———-+———–+——
oid1 | oidldapd | 24979 | Alive | 1488345871 | 424468 | 0:14:53 | N/A
oid1 | oidldapd | 24977 | Alive | 1488345870 | 95572 | 0:14:53 | N/A
oid1 | oidmon | 24970 | Alive | 1488345869 | 85144 | 0:14:54 | LDAPS:3131,LDAP:3060
EMAGENT | EMAGENT | 23956 | Alive | 1488345868 | 65920 | 0:18:52 | N/A
[oracle@pxxxxxx001 ~]$
Connect to ODSM to ensure successful OID installation
Enter http://pdc2oid001.onelondon.tfl.local:7005/odsm in the browser
As this is the first time, we will have to create a connection to OID.
Now that it is confirmed we can see our Domain in ODSM, close it and proceed further.
OEM Fusion Middleware Control
Go to http://pdc2oid001.onelondon.tfl.local:7001/em in the browser
Stop OID & Fusion Middleware
We need to stop the processes and apply patchesets to upgrade Weblogic Server & IDM Suite.
./stopoid
Update Oracle Weblogic Server to 10.3.3
The download file for updating WLS to 10.3.3 is p9618487_1033_Generic.zip, this was downloaded from Oracle
[oracle@pxxxxxx001 stage]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 stage]$ ls -ltr
total 1824176
-rw-r–r– 1 oracle oinstall 933513950 Apr 21 10:55 wls1033_upgrade_generic.jar
-rw-r–r– 1 oracle oinstall 897 Apr 21 13:49 README.txt
-rw-r–r– 1 oracle oinstall 932598292 Jun 24 12:57 p9618487_1033_Generic.zip
[oracle@pxxxxxx001 stage]$ export PATH=$JAVA_HOME/bin:$PATH
[oracle@pxxxxxx001 stage]$ java -d64 -jar wls1033_upgrade_generic.jar
Extracting 0%……………………………………………………………………………………….100%
We do not have internet connectivity on the servers.
Backup the oraInventory directory
[oracle@pxxxxxx001 oracle]$ ls -l
total 476
drwxr-xr-x 3 oracle oinstall 4096 Jun 24 11:24 jdk16
drwx—— 2 root root 16384 Jun 24 09:57 lost+found
drwxr-x— 9 oracle oinstall 4096 Jun 24 14:28 middleware
drwxrwx— 5 oracle oinstall 4096 Jun 24 12:00 oraInventory
-rw-r–r– 1 oracle oinstall 450305 Jun 24 14:33 oraInventory_24june.zip
drwxr-xr-x 2 oracle oinstall 4096 Jun 24 14:29 stage
[oracle@pxxxxxx001 oracle]$
Apply the Identity Management Update Patchset
The file p9585609_111130_Linux-x86-64.zip was downloaded from support.oracle.com
[oracle@pxxxxxx001 Disk1]$ pwd
/app/oracle/stage/Disk1
[oracle@pxxxxxx001 Disk1]$ export DISPLAY=10.236.116.36:0.0
[oracle@pxxxxxx001 Disk1]$ ./runInstaller
Starting Oracle Universal Installer…
Checking Temp space: must be greater than 80 MB. Actual 2046 MB Passed
Checking swap space: must be greater than 512 MB. Actual 1963 MB Passed
Checking monitor: must be configured to display at least 256 colors. Actual 16777216 Passed
Preparing to launch Oracle Universal Installer from /tmp/OraInstall2010-07-01_02-31-05PM. Please wait …[oracle@pxxxxxx001 Disk1]$ Log: /app/oracle/oraInventory/logs/install2010-07-01_02-31-05PM.log
[root@pxxxxxx001 ~]# /app/oracle/Middleware/Oracle_IDM1/oracleRoot.sh
Finished product-specific root actions.
Finished product-specific root actions.
[root@pxxxxxx001 ~]#
Post patch tasks
Run the oidRoot.sh file to restore the file permissions
[root@pxxxxxx001 ~]# cd /app/oracle/Middleware/Oracle_IDM1/
[root@pxxxxxx001 Oracle_IDM1]# ./oidRoot.sh
/app/oracle/Middleware/Oracle_IDM1
Finished root actions for OID
[root@pxxxxxx001 Oracle_IDM1]#
Confirm ldap is working
[oracle@pxxxxxx001 oracle]$ cd $ORACLE_HOME/bin
[oracle@pxxxxxx001 bin]$ ./ldapbind -p 3060
bind successful
[oracle@pxxxxxx001 bin]$ ./ldapbind -p 3131 -U 1
bind successful
Net Services Configuration in OID 11g
[oracle@pxxxxxx001 bin]$ pwd
/app/oracle/Middleware/Oracle_IDM1/bin
[oracle@pxxxxxx001 bin]$ ls net*
netca netca_deinst.sh netmgr
[oracle@pxxxxxx001 bin]$ ./netca &
This error is because OID 11g by default does not allow automatic binding
To fix, do the following:
Enable Anonymous Binding
Login to the Fusion Middleware Control at http://pdc2oid001.onelondon.tfl.local:7001/em
Click on the Topology button above, this should open a new window as below
Right click on the oid1 and select Administration->Server Properties
Your old window should now change to the following
Click on ‘Anonymous Bind’ drop down and change it ‘Allows’, then click Apply.
You have successfully changed the setting.
Now, continue with Net Services Configuration.
Enable Directory Usage
Click Finish
Import an existing tnsnames.ora file into the directory
The tnsnames.ora file on the OID server in location /app/oracle/Middleware/Oracle_IDM1/network/admin had the following entries
DBARPR1.osgrid.onelondon.tfl.local =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = scan.osgrid.onelondon.tfl.local)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = DBARPR1.osgrid.onelondon.tfl.local)
)
)
CPESS01.osgrid.onelondon.tfl.local =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = scan.osgrid.onelondon.tfl.local)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = CPESS01.osgrid.onelondon.tfl.local)
)
)
CPESP01.osgrid.onelondon.tfl.local =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = scan.osgrid.onelondon.tfl.local)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = CPESP01.osgrid.onelondon.tfl.local)
)
)
tdepd1.tdgrid.onelondon.tfl.local =
(DESCRIPTION =
(ADDRESS_LIST =
(ADDRESS = (PROTOCOL = TCP)(HOST = scan.tdgrid.onelondon.tfl.local)(PORT = 1521))
)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = tdepd1.tdgrid.onelondon.tfl.local)
)
)
Start Oracle Net Manager
[oracle@pxxxxxx001 bin]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 bin]$ which netmgr
/app/oracle/Middleware/Oracle_IDM1/bin/netmgr
[oracle@pxxxxxx001 bin]$ netmgr
Note: If the tnsnames.ora file were are trying to import is in a different location to the default /app/oracle/Middleware/Oracle_IDM1/network/admin, then we can actually select the location of the file by clicking on File -> Open Network Configuration…
Now click on Command->Directory->’Export Net Service Names…’
Enter authentication details in the resulting box
A wizard should popup
Because we have databases belonging to both OSGRID & TDGRID, two different clusters, we will be given an option to choose which one we want to import, we will have to do it one by one.
Now that one of the cluster is completed, lets export the other cluster databases.
Confirm Imported Names Services
Click on Directory->Service Naming and you should see the databases just imported.
Complete. The Oracle Net Manager can be closed now.
Creating Net Services Aliases
From Documentation:
There are two main uses of net service aliases:
- Use a net service alias as a way for clients to refer to a database service or net service name by another name.
- Use a net service alias in one Oracle Context for a database service or net service name in a different Oracle Context. This enables a database service or net service name to be defined once in the directory server, and referred to by clients that use other Oracle Contexts.
Start the Oracle Net Manager
[oracle@pxxxxxx001 ~]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 ~]$ /app/oracle/Middleware/Oracle_IDM1/bin/netmgr &
[1] 23514
[oracle@pxxxxxx001 ~]$
Click on Aliases and then choose Edit->Create from the menu on top.
Enter the alias & select the database for which the alias is from the drop-down below. Click Create.
Go to any client machine (configured to access OID net services) and check the new alias is working.
Check tnsping
U:\> tnsping oemrep
TNS Ping Utility for 32-bit Windows: Version 10.2.0.4.0 – Production on 06-JUL-2
010 13:05:13
Copyright (c) 1997, 2007, Oracle. All rights reserved.
Used parameter files:
C:\oracle\product\10.2.0\client_1\NETWORK\ADMIN\sqlnet.ora
Used LDAP adapter to resolve the alias
Attempting to contact (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=sc
an.osgrid.onelondon.tfl.local)(PORT=1521)))(CONNECT_DATA=(SERVER=DEDICATED)(SERV
ICE_NAME=DBARPR1.osgrid.onelondon.tfl.local)))
OK (90 msec)
U:\>
Connect to the database using the new alias
U:\> sqlplus system@oemrep
SQL*Plus: Release 11.1.0.6.0 – Production on Tue Jul 6 13:06:45 2010
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production
With the Partitioning, Real Application Clusters, Automatic Storage Management,
OLAP,
Data Mining and Real Application Testing options
SQL> select name from v$database;
NAME
———
DBARPR1
SQL>
Adding a new Net Service Name to OID
Start the Oracle Net Manager
[oracle@pxxxxxx001 ~]$ export DISPLAY=10.xxx.116.xx:0.0
[oracle@pxxxxxx001 ~]$ /app/oracle/Middleware/Oracle_IDM1/bin/netmgr &
[1] 23514
[oracle@pxxxxxx001 ~]$
Click the test button
Click the change login to enter a valid username & password
Now, click the test button once again
Click close, then Finish on the next dialog.
Confirm from a client
U:\> tnsping dbtest1
TNS Ping Utility for 32-bit Windows: Version 10.2.0.4.0 – Production on 06-JUL-2
010 13:32:53
Copyright (c) 1997, 2007, Oracle. All rights reserved.
Used parameter files:
C:\oracle\product\10.2.0\client_1\NETWORK\ADMIN\sqlnet.ora
Used LDAP adapter to resolve the alias
Attempting to contact (DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=sc
an.osgrid.onelondon.tfl.local)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=DBTEST1.o
sgrid.onelondon.tfl.local)))
OK (50 msec)
U:\> sqlplus system@dbtest1.onelondon.tfl.local
SQL*Plus: Release 11.1.0.6.0 – Production on Tue Jul 6 13:33:58 2010
Copyright (c) 1982, 2007, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 – 64bit Production
With the Partitioning, Automatic Storage Management, OLAP, Data Mining
and Real Application Testing options
SQL> select name from v$database;
NAME
———
DBTEST1
SQL>
OID Client side Configuration
To ensure that the clients resolve Oracle Net Services Names using OID, the following two files have to be modified.
The files ldap.ora & sqlnet.ora should be located in the $TNS_ADMIN folder of the client machine and should have the following contents in them.
#ldap.ora DIRECTORY_SERVERS= (pxxxxxx001.onelondon.tfl.local:3060:3131) DEFAULT_ADMIN_CONTEXT = “dc=onelondon,dc=tfl,dc=local” DIRECTORY_SERVER_TYPE = OID |
#sqlnet.ora SQLNET.AUTHENTICATION_SERVICES= (NTS) NAMES.DIRECTORY_PATH= (LDAP, EZCONNECT, TNSNAMES) NAMES.DEFAULT_DOMAIN = onelondon.tfl.local |
The above files are automatically generated by Oracle Net Manager.
Deploy Agent to the OID Server
Log into Grid Control 11g & go to Deployments page
Click on Install Agent
Click on Fresh Install
Click Continue at the bottom of the page
Run root.sh
Now, run the root.sh script (/app/oracle/agent11g/root.sh) to complete the deployment.
Add AGENT_HOME variable
Add the following to .bash_profile file of the oracle user
AGENT_HOME=/app/oracle/agent11g
export AGENT_HOME
Login back into a new session connecting to oracle user on the OID server and run the following command:
[oracle@pxxxxxx001 ~]$ $AGENT_HOME/bin/emctl status agent
Oracle Enterprise Manager 11g Release 1 Grid Control 11.1.0.1.0
Copyright (c) 1996, 2010 Oracle Corporation. All rights reserved.
—————————————————————
Agent Version : 11.1.0.1.0
OMS Version : 11.1.0.1.0
Protocol Version : 11.1.0.0.0
Agent Home : /app/oracle/agent11g
Agent binaries : /app/oracle/agent11g
Agent Process ID : 8195
Parent Process ID : 8165
Agent URL : https://pxxxxxx001.onelondon.tfl.local:3872/emd/main/
Repository URL : https://pdc2oas003.onelondon.tfl.local:4900/em/upload
Started at : 2010-07-06 10:06:25
Started by user : oracle
Last Reload : 2010-07-06 10:06:25
Last successful upload : 2010-07-06 10:08:28
Total Megabytes of XML files uploaded so far : 2.17
Number of XML files pending upload : 0
Size of XML files pending upload(MB) : 0.00
Available disk space on upload filesystem : 24.52%
Last successful heartbeat to OMS : 2010-07-06 10:09:31
—————————————————————
Agent is Running and Ready
[oracle@pxxxxxx001 ~]$
Check the new Agent in Grid Control
Login to Grid Control and click on Setup-> Agents
Note: It might take a while for the agent to show a normal Up status in Grid Control, give it about 15 minutes before you start worrying about the status of the Agent.
OID Start & Stop scripts
The following scripts have been made to make starting & stopping of OID easier.
To Start
Login to pxxxxxx001 using your username and sudo into oracle, then run the command
./startoid
To Stop
Login to pxxxxxx001 using your username and sudo into oracle, then run the command
./stopoid
OID Status Check
Login to pxxxxxx001 using your username and sudo into oracle, then run the command
./statusoid
[oracle@pxxxxxx001 ~]$ cat startoid ################################################################## ################################################################## ## ##Script Name: startoid ##Description: Starts all the components required for OID ## Does not start the database! ##Author : V Andem ##Date : 01/Jul/2010 ## ################################################################## ################################################################## /app/oracle/Middleware/user_projects/domains/IDMDomain/bin/startWebLogic.sh > /dev/null 2>&1 & echo “waiting 20 seconds for Weblogic Server to come up…” sleep 20 /app/oracle/Middleware/wlserver_10.3/server/bin/startNodeManager.sh > /dev/null 2>&1 & echo “waiting 20 seconds for NodeManager to come up…” sleep 20 $ORACLE_INSTANCE/bin/opmnctl startall $ORACLE_INSTANCE/bin/opmnctl status -l /app/oracle/Middleware/user_projects/domains/IDMDomain/bin/startManagedWebLogic.sh wls_ods1 t3://pxxxxxx001:7001 > /dev/null 2>&1 & echo “waiting 20 seconds for Weblogic Managed Components to come up…” sleep 20 echo “Starting the Agent process” /app/oracle/agent11g/bin/emctl start agent /app/oracle/agent11g/bin/emctl status agent |
[oracle@pxxxxxx001 ~]$ cat stopoid ################################################################## ################################################################## ## ##Script Name: stopoid ##Description: Stops all the OID components ## Does not stop the database! ##Author : V Andem ##Date : 01/Jul/2010 ## |
More Here
Courtesy:http://venuandem.wordpress.com/2010/07/14/oracle-internet-directory-oid-11g-installation/