Monday, June 15, 2015
Monday, June 08, 2015
Wrong Java version on Unified Directory Server
Wrong version Java
After losing the battle with the OS guys for control over java, I keep stumbling upon environments that have wrong java versions due to the fact java is installed in /usr/java, or /usr/bin.In such cases, this is the result:
which java
/usr/bin/java
As I do not have control over /usr/bin, I install java in /oracle/middleware/java, so I would
like which java
/oracle/middleware/java/jre/bin/java
Adapting OUD
Luckily, adapting OUD to use another Java proves quite easy; just alter $MW_HOME/asinst_1/OUD/lib/set-java-home and $MW_HOME/asinst_1/OUD/config/java.properties to point to the correct java environment, and bounce the ldap server.Wednesday, June 03, 2015
OAM PS3
Identity and Access Management Patch Set 3
It has been launched last week. I have seen it in March, during a partner event in Paris, and there are quite a few changes and improvements to get exited about.Install over previous (not upgrade)
I cloned my PS2 OAM machine, and the plan is to get PS3 running asap. So, I fire up the V11.1.1.9 RCU, and drop the existing schemas.Install OUD V11.1.1.9.0
Yep - that's new as well...
[oracle@oam ~]$ /mnt/orainst/Software/OFM/11.1.2.3.0/oud_11.1.2.3.0/Disk1/runInstaller -jreLoc $JAVA_HOME
Install WebLogic
Same as before, 10.3.6.0 - but with a load of patches. These will require you run JSSE!A list of patches (but hold on downloading each of these!) :
18398295 (FSG4) This Oracle WebLogic Server patch is required only if you are using Multi Byte Character Set.Bit of an odd remark for an OAM installation guide, as OAM practically dictates you use AL32UTF8 for the standard characterset in your repository database.
14404715 (ZARV) This is a mandatory Oracle WebLogic Server patch. 16844206 (NPM3) This is a mandatory Oracle WebLogic Server patch.Looks like that is only on MS Win, as the description is "WLST CANNOT GET ENV ON WINDOWS SERVER 12 WITH MINIMAL ENV"
13964737 (YVDZ) This is a mandatory Oracle WebLogic Server patch when running Oracle WebLogic Server on Oracle JDK 7. After you apply this patch to your WebLogic Server Middleware home, you must start the Node Manager, the WebLogic Administration Server, and the various Managed Servers with Java Secure Socket Extension (JSSE) enabled. To start the Node Manager with JSSE enabled, see the "Set the Node Manager Environment Variables" topic in Node Manager Administrator's Guide for Oracle WebLogic Server. After starting Node Manager with JSSE enabled, you must start the WebLogic Administration Server and Managed Servers with JSSE enabled. For more information, see the "Using the JSSE-Enabled SSL Implementation" topic in Securing Oracle WebLogic Server. 14174803 (IMWL) This is a mandatory Oracle WebLogic Server patch when running Oracle WebLogic Server on Oracle JDK 7. After you apply this patch to your WebLogic Server Middleware home, you must start the Node Manager, the WebLogic Administration Server, and the various Managed Servers with Java Secure Socket Extension (JSSE) enabled. To start the Node Manager with JSSE enabled, see the "Set the Node Manager Environment Variables" topic in Node Manager Administrator's Guide for Oracle WebLogic Server. After starting Node Manager with JSSE enabled, you must start the WebLogic Administration Server and Managed Servers with JSSE enabled. For more information, see the "Using the JSSE-Enabled SSL Implementation" topic in Securing Oracle WebLogic Server. 17938462 (XECL) This is a mandatory Oracle WebLogic Server patch when running Oracle WebLogic Server on Oracle JDK 7. 13114768 (56MM) This is a mandatory Oracle WebLogic Server patch. 15865825 (CM69) This is a mandatory Oracle WebLogic Server patch. 14809365 (XA6W) This is a mandatory Oracle WebLogic Server patch.Apart from all that, I would also apply 20181997 (YUIS): WLS PATCH SET UPDATE 10.3.6.0.11
Install OAM
[oracle@oam ~]$ /mnt/orainst/Software/OFM/11.1.2.3.0/Disk1/runInstaller -jreLoc $JAVA_HOME
You no longer need to kludge the refhost.xml file:
WLS Patching
cd /oracle/middleware/utils/bsu
mkdir cache_dir
cd cache_dir
unzip /mnt/orainst/Software/weblogic/p20181997_1036_Generic.zip
cd ..
./bsu.sh -install -patch_download_dir=/oracle/middleware/utils/bsu/cache_dir -patchlist=YUIS -prod_dir=/oracle/middleware/wlserver_10.3
Remove README.txt from the cache_dir, and repeat for- p17938462_1036_Generic.zip (XECL)
- p13964737_1036_Generic.zip (YVDZ)
- p15865825 (CM69)
- p14809365 (XA6W)
- p14404715 (ZARV)
- p14174803 (IMWL)
See MOS DocID 1997891.1 (bugs resolved by WLS 10.3.6.0.11).
p13114768_1036_Generic.zip (56MM) is not listed in this document, yet reports it cannot co-exist with YUIS:
[oracle@oam bsu]$ ./bsu.sh -install -patch_download_dir=/oracle/middleware/utils/bsu/cache_dir -patchlist=56MM -prod_dir=/oracle/middleware/wlserver_10.3
Checking for conflicts...
Conflict(s) detected - resolve conflict condition and execute patch installation again
Conflict condition details follow:
Patch 56MM is mutually exclusive and cannot coexist with patch(es): YUIS
Configure
OUD
OUD - has been done on previous entries. Some things have changed; the default memory assignments could be a bit less (although I could not get them below 1GB initial). Also, there's the possibility for DIP integration directly in OUD (i.e. not needing the ODSM weblogic stack???):OAM
Has also been done before, but there are slight differences:Do NOT start the OAM stack, yet! You (still) need to follow chapter 11 "Configuring Database Security Store ... "
cd /oracle/middleware/oracle_common/common/bin
./wlst.sh /oracle/middleware/Oracle_IDM1/common/tools/configureSecurityStore.py \
-d /oracle/user_projects/domains/oam_domain -c IAM -m create -p [your OPSS password]
Start it up
Enable autostart (Production Mode)
cd /oracle/user_projects/domains/oam_domain
mkdir -p servers/AdminServer/security
vi servers/AdminServer/security/boot.properties
/oracle/user_projects/domains/oam_domain/startWebLogic.sh
One thing that I noticed, was the amount of logging during the initial startup: it has been decreased enormously! You will seeSEVERE: Failed to communicate with any of configured Access Server, ensure that it is up and running., but that is an configuration issue that I will take care of. Several other errors (Primary Keys violated...) seem to have no effect; after about 5 minutes, I can login to the new interface (yet again...):
Getting rid of the SEVERE error
Login to the WLS console (http://your_oam_host:7001/console), navigate to the security realm MyRealm, go to the Providers tab, and delete IAMSuiteAgent:Finalize WLS Patching
One of the results of patching WLS is the prerequisite to use JSSE. The easiest way is to set the "Use JSSE" flag for all managed servers (WLS console, Lock and Edit, Environment, Servers, Select a server, navigate to the SSL tab, scroll to the bottom, click 'Enhanced', and -at the bottom- enable JSSE). After applying the changes, stop all servers.For the node manager, edit the startNodeManager.sh script and add the following lines somewhere at the top of the file:
JAVA_OPTIONS="-Dweblogic.ssl.JSSEEnabled=true"
export JAVA_OPTIONS
Somewhere around line 40 will do. File is located at /oracle/middleware/wlserver_10.3/server/bin/startNodeManager.shFor all other, command line initiated scripts, introduce the following environment variables:
JAVA_OPTIONS="-Dweblogic.ssl.JSSEEnabled=true"
export JAVA_OPTIONS
Starting the admin server will show this is the logging:Starting WLS with line: /oracle/jdk1.7.0_76/bin/java -server -Xms1024m -Xmx2048m -XX:PermSize=256m -XX:MaxPermSize=512m -Dweblogic.Name=AdminServer -Djava.security.policy=/oracle/middleware/wlserver_10.3/server/lib/weblogic.policy -Dweblogic.ProductionModeEnabled=true -Dweblogic.ssl.JSSEEnabled=true
Subscribe to:
Posts (Atom)