Вы находитесь на странице: 1из 37

Installation notes for Installing OID standalone a.k.a. Presentation Notes

Mark Luszczynski Arch Coal, Inc.

1

Purpose and Scope

2

1.1

High level overview of steps

2

2 Why a global naming system

3

3 Linux Server

Requirements

4

3.1

Linux VM settings

4

3.2

Disable selinux

4

3.3

Firewall issues ( iptables )

4

3.4

Kernel parameters

5

3.5

Create database to hold OID data

5

4 Download the OID software

 

6

5 OID Installation

7

5.1

Getting started screens

7

5.2

Software options

9

5.3

Start the install

14

5.4

Enable anonymous binds

15

6 Manage Service Names

 

16

6.1

sqlnet.ora change

16

6.2

ldap.ora

16

6.3

Net Manager

17

6.3.1

Load OID from tnsnames.ora

18

6.3.2

Adding a Service Name

 

18

6.4

Proving that it’s working

22

7 OID Process control

 

23

7.1

Environment variables

23

7.2

OID Management

23

8 Patch to 11.1.1.6

 

24

8.1

Finding the patchset

24

8.2

Applying the software patch

25

8.3

Applying the database schema patch

29

9 Adding Nodes

 

30

9.1

Set up additional node

30

9.2

Configure replication

30

9.2.1

Set your environment

 

30

9.2.2

Remtool on first node

30

9.2.3

Seed the 2nd node

31

9.3

Start replication on both nodes

31

9.4

Confirming replication

32

10

Miscellaneous Topics

33

10.1 Auto stop/start for linux

 

33

10.2 Using Round Robin DNS

34

10.3 Manually adding

ldap entries

35

10.4 View all ldap tns

entries

35

1

Purpose and Scope

The goal is to use Oracle Internet Directory for a centralized naming authority for oracle service names.

This document describes, in detail, the steps for the different tasks associated with installing Oracle

Internet Directory in a stand-alone configuration without the full Fusion Middleware install.

behind this document is to reduce all the pertinent information regarding the install steps into one document to produce a repeatable procedure.

The idea

The focus is on the steps required to accomplish this objective and not on all the other features and theory of Oracle Identity Management.

If you are planning to use Oracle Identity Management for Single Sign-on and the like, do not use this procedure.

1.1 High level overview of steps

The install of Oracle Internet Directory process requires several discrete steps. Below is a summary of the steps that will be discussed in detail in this document.

Provision a server

Create a database for OID

Download OID

Install OID 11.1.1.2

Verify operation

Patch OID to 11.1.1.6

Add additional nodes (replication)

Verify replication and operation

2

Why a global naming system

The advantages of managing anything centrally is always a benefit in a fast-changing environment with many configurable end points.

In the oracle world, tnsnames.ora files have been around for a long time. As installation sizes grow, it can become very cumbersome to maintain dozens if not hundreds of tnsnames.ora files that sit on individual servers and desktops.

The tnsnames.ora file is logically equivalent to an /etc/hosts file on unix or

c:\Windows\System32\drivers\etc on windows.

converted to an IP address by querying a central DNS server.

Normally for an IP connection the address or url is

Think of a DNS server as a master

‘/etc/hosts’ that everybody can access.

Your local hosts file would only be used if you wanted to create

your own alias for an IP address that is not registered in your company’s DNS.

For many years, the oracle client has been able to leverage aliases in the DNS. This is known as the host

naming method.

must listen on port 1521 and so on. It is not useful for failover/standby configurations.

All databases

This works very well if you can live with all the default sqlnet settings.

To resolve a database name via a DNS alias, simply have the DNS administrator add a ‘CNAME’ alias record for the database name. This cname entry must point to the hosting server for the database.

Eg: mydb.com

CNAME myhost.com

You will also need to make sure that every client’s sqlnet.ora file contains a

names.directory_path=(hostname,

)

line.

Oracle Corp created Oracle Names several years ago as a central naming service. Oracle Internet Directory.

This was replaced with

Oracle Internet Directory is an ldap server that logically functions as the directory for oracle tns

information. ( It is capable of much more but that is beyond the scope of this presentation. )

host naming method, OID does allow for tns entries with all the optional settings such as failover and load

balancing.

Unlike the

After the first Oracle Internet Directory node is created, you will want to have one or more additional

OID nodes to provide redundancy.

Setting this up is also discussed in this document.

Oracle also offers a methodology for leveraging an existing Microsoft Active Directory (AD) as the

naming authority.

This approach is not considered in this presentation.

3

Linux Server Requirements

This presentation focuses on using Redhat Linux as the o/s. choose to use Oracle Enterprise Linux or Centos.

The procedure should be the same if you

OID is not certified against any version of Linux 6 as of this writing.

Enterprise Linux as vmware and OEL 5 do not get along.

says a patch is due in May 2012.

3.1 Linux VM settings

We were unable to use Oracle

Oracle says it’s vmware’s problem; Vmware

We did not wish to wait so we proceeded with Redhat 5.7.

We used these settings for our OID vm’s:

Memory

4G

Software f/s

20G

Database f/s

5G

The linux o/s software is installed in the usual fashion. You will later probably need to download additional packages required by OID and the database software.

3.2 Disable selinux

Selinux will get in the way when you are running the install.

than try to work with it.

The simplest solution is to disable it rather

In our project, we did not attempt to work with selinux on.

To disable permanently, edit the file /etc/sysconfig/selinux and change the SELINUX line as follows:

SELINUX=disabled

To disable temporarily, then as root:

echo 0 >/selinux/enforce

3.3 Firewall issues ( iptables )

The Linux firewall service is called iptables.

If this service is on, by default it will block OID ports.

You can add entries to iptables to allow OID traffic but you must be root to do this. ( This example assumes ports 3060 and 3131 for OID )

# iptables -A RH-Firewall-1-INPUT -p tcp -m state \ --state NEW -m tcp --dport 3060 -j ACCEPT

# iptables -A RH-Firewall-1-INPUT -p tcp -m state \ --state NEW -m tcp --dport 3131 -j ACCEPT

The other possibility is to turn it off

# service iptables stop

3.4

Kernel parameters

Kernel parameters can be permanently adjusted by changing the /etc/sysctl.conf file.

These settings will be sufficient for OID.

kernel.shmall = 4294967296 kernel.shmmni = 4096 kernel.sem = 250 32000 100 128 fs.file-max = 6815744 net.ipv4.ip_local_port_range = 9000 65500 net.core.rmem_default = 262144 net.core.wmem_default = 262144 net.core.rmem_max = 4194304 net.core.wmem_max = 1048576 fs.aio-max-nr = 1048576

After making changes to this file, the easiest thing to do is reboot. This will be a good test to verify that

the firewall and selinux changes ‘stick’ after reboot. dynamically if you really don’t want to reboot )

( Linux kernel parameters can also be modified

3.5 Create database to hold OID data

It is recommended to create a separate database which will hold the OID data. You can create this database in any standard fashion you wish but there are three requirements:

1. The character set must be

2. The nationalcharacter set must be

3. The spfile parameter, processes, must be a minimum of 500

AL32UTF8

AL16UTF16

As the database doesn’t have much redo activity, we chose to host the database on the same vm as the

OID server. You of course can locate the database anywhere you wish. up this database.

And of course, you should back

We used the latest and greatest Oracle database which is 11.2.0.3 as of this writing.

will complain that version 11.2.0.3 is not ‘equal to or higher than 11.1.0.7’. You can ignore this warning.

The OID installer

4

Download the OID software

Now we are ready to download the software.

sounds.

Downloading the exact correct software isn’t as easy as it

The software is available on technet.oracle.com

Go to this link:

http://www.oracle.com/technetwork/middleware/downloads/oid-11g-161194.html

Click the

Click the as usual. Here is where the first opportunity to waste time

as usual.

Here is where the first opportunity to waste time comes in.

be led to believe that the most current Identity Management listing is the software to download.

When the software page appears, one might

However, if you attempt to install OID using Identity Management 11.1.1.3 you will be told by the installer that this is a patchset.

The correct base software to download is further down the page in the ‘Earlier Identity and Access Management’ section.

in the ‘Earlier Identity and Access Management’ section. After the installation, there is a software patch

After the installation, there is a software patch to apply as well.

This will be described in a later step.

5

OID Installation

After unzipping etc, change to the Disk1 directory which contains runInstaller for OID.

Then type the command:

./runInstaller

The Oracle documentation used in this section is the Oracle FMW Installation Guide for Oracle Identity

Management:

http://docs.oracle.com/cd/E12839_01/install.1111/e12002/oid.htm

5.1 Getting started screens

In a moment or two, the welcome screen appears.

screens In a moment or two, the welcome screen appears. Click the Button to get started.

Click the

In a moment or two, the welcome screen appears. Click the Button to get started. Select

Button to get started.

the welcome screen appears. Click the Button to get started. Select the ‘Install and Configure’ Option

Select the ‘Install and Configure’ Option

Step 3 is the Prerequisites Check

At this point, you may need to install additional linux packages.

point, you may need to install additional linux packages. The installer will tell you which required

The installer will tell you which required linux packages are missing. Consult with your linux

administrator on installing the needed packages.

gui system-config-packages or command line yum to install the oracle required packages.

If you have the root access yourself, you can either use

Yum example: yum install gcc-c++.x86_64

Kernel parameters should have already been addressed in section 3.4

5.2

Software options

After successfully meeting all the Prerequisite Checks the Step 4 screen will start the sequence of prompting for details regarding the OID installation.

of prompting for details regarding the OID installation. Select ‘Configure Without a Domain’ as we are

Select ‘Configure Without a Domain’ as we are installing OID without the FMW framework.

Step 5 will prompt you for software locations and the ‘oracle instance’ name. In this context, oracle instance refers to the software instance, not a database.

instance refers to the software instance, not a database. You will probably want to change the

You will probably want to change the default locations presented by the installer. Although not required,

we have placed the ‘Oracle Instance’ ( OID instance that is ) inside the middleware home. instance name at the default of asinst_1.

We left the

Step 6 presents the usual ‘Specify Security Updates’ prompt.

6 presents the usual ‘Specify Security Updates’ prompt. You can choose to enter the information or

You can choose to enter the information or leave it blank.

The Step 7 screen is probably the most important one. This is where you are going to tell the installer that we are installing OID only.

going to tell the installer that we are installing OID only. Make sure your selection matches

Make sure your selection matches the above before continuing. Oracle Internet Directory must be the only item with a check mark.

Step 8 – OID ports

For linux, ports 3060 and 3131 are selected by default. Step 9 prompts for details

For linux, ports 3060 and 3131 are selected by default.

Step 9 prompts for details about the database that you created earlier. In this example, database oradba4 was created on server oidsrv1.

example, database oradba4 was created on server oidsrv1. At this point, the install is prompting for

At this point, the install is prompting for a DBA account signon ( not the ODS schema ). You will be prompted for that later.

If you are using a database newer than 11.1, you get this puzzling message. It can be ignored.

than 11.1, you get this puzzling message. It can be ignored. Step 10 prompts for the

Step 10 prompts for the passwords for the database schemas required for OID.

for the passwords for the database schemas required for OID. The ODS schema will contain the

The ODS schema will contain the data for Oracle Internet Directory. maintenance operations. Be sure to make a record of it.

This password will be needed for

The ODSSM schema apparently is not used in a stand-alone OID installation. password to date.

I have not needed the

Step 11 will prompt for information regarding your ldap configuration.

prompt for information regarding your ldap configuration. On this screen, you set the default ‘realm’ for

On this screen, you set the default ‘realm’ for your OID.

The ‘Administrator User Name’ will be the signon used to maintain your Oracle Internet Directory

service name information. This will be the password you use most.

using Net Manager to modify the tns data that it stored in your directory.

For example you will need it when

5.3

Start the install

You are then presented with the install summary.

the install You are then presented with the install summary. Click on the Install button to

Click on the Install button to start

After several minutes, you will be prompted to run a script as root:

minutes, you will be prompted to run a script as root: Run the script as indicated,

Run the script as indicated, then click on OK.

The install will now continue through several more steps.

After the installation is complete the status screen should look similar to the following:

the status screen should look similar to the following: The software install is now complete. running.

The software install is now complete.

running. You can go ahead and exit the installer.

Your Oracle Internet Directory processes should be up and

5.4 Enable anonymous binds

In order for clients to be able to query the ldap server which contains the OID information, you will have to enable anonymous binds.

To do this, you will need an ldif file which are essentially commands for the ldap server.

Create a file /tmp/anon.ldif and add these lines

dn: cn=oid1,cn=osdldapd,cn=subconfigsubentry changetype: modify replace: orclAnonymousBindsFlag orclAnonymousBindsFlag: 1

Then apply the file

ldapmodify -p 3060 -D cn=orcladmin -w <password> -f /tmp/anon.ldif

6

Manage Service Names

Now that you have installed Oracle Internet Directory, you are naturally interested to see if it actually works.

The easiest way to do this is from your desktop. If you installed a full sqlnet client, then you should already have the Net Manager in the menu.

However, you must first make some configuration changes in your pc’s network/admin directory so that it will look at the ldap directory.

In a typical install, the admin directory is in <something>\product\11.2.0\client_1\network\admin

Make a note of these changes as these will also need to be done once on each desktop or server when you are ready to fully deploy OID to your enterprise.

6.1 sqlnet.ora change

In the sqlnet.ora file, you need to ensure that LDAP is one of the search options. In the example below, the names.directory_path line has been changed so that OID will be searched first, prior to looking at any local tnsnames.ora that may exist.

NAMES.DIRECTORY_PATH=(LDAP,TNSNAMES)

6.2 ldap.ora

You will also need an

ldap directory is being used as well as the list of servers to query. In the example below, there are two

ldap servers listed.

ldap.ora file in the same directory. This file tells the oracle client which type of

DIRECTORY_SERVERS=( oidsrv1:3060:3131, oidsrv2:3060:3131 ) DEFAULT_ADMIN_CONTEXT = "dc=aci,dc=corp,dc=net" DIRECTORY_SERVER_TYPE = OID

Note that the DEFAULT_ADMIN_CONTEXT must match the ‘Realm’ that you entered during Step 11 of the OID install.

Unfortunately, at this time, the list of ldap servers is processed sequentially.

distribute this ldap.ora to all clients, everybody will hit oidsrv1.

if oidsrv1 is down. It would be nice if the oracle client had an option to pick one at random for pseudo

load-balancing.

for this feature in ldap.ora.

This means that if you

The second server will only see traffic

I have filed an enhancement SR

Currently tns entries allow this sort of load-balancing.

6.3

Net Manager

Now we are ready to fire up Net Manager.

In Windows 7, you will find it in the Oracle – OraClient11g_home1 menu tree.

will find it in the Oracle – OraClient11g_home1 menu tree. The opening screen appears. Click on

The opening screen appears.

OraClient11g_home1 menu tree. The opening screen appears. Click on the + next to Directory, then click

Click on the + next to Directory, then click on the + next to Service Naming.

Now you will be prompted for the ldap signon. This will be the same credentials you entered during Step 11 of the install.

Service name entries can be added either manually, or by loading in an existing tnsnames.ora file.

6.3.1

Load OID from tnsnames.ora

As you get ready to deploy your Oracle Internet Directory, you probably really do not want to hand enter

all the service names. Manager.

Fortunately, there is a way to load your ‘golden’ tnsnames.ora into OID using Net

to load your ‘golden’ tnsnames.ora into OID using Net To load a tnsnames.ora file into OID,

To load a tnsnames.ora file into OID, you use what Net Manager calls ‘Export’. A little confusing at first.

Select Command from the menu, then Directory, then Export Net Service Names.

6.3.2 Adding a Service Name

This example demonstrates how to add a new service name directly. This is how you will add new entries.

service name directly. This is how you will add new entries. Although not immediately obvious you

Although not immediately obvious you must first select ‘Service Naming’ and then press the green + to start the process of adding an ldap service name entry.

Now you will be prompted for the details regarding your service. You will recognize that these are the same elements that would comprise a corresponding tnsnames.ora entry.

Equivalent to mark1= Equivalent to (PROTOCOL=TCP) OID Installation Mark Luszczynski 19

Equivalent to

mark1=

Equivalent to mark1= Equivalent to (PROTOCOL=TCP) OID Installation Mark Luszczynski 19

Equivalent to

(PROTOCOL=TCP)

Equivalent to (HOST=devdb1)(PORT=1521) Equivalent to (SERVICE_NAME=fred1) OID Installation Mark Luszczynski 20

Equivalent to

(HOST=devdb1)(PORT=1521)

Equivalent to (HOST=devdb1)(PORT=1521) Equivalent to (SERVICE_NAME=fred1) OID Installation Mark Luszczynski 20

Equivalent to

(SERVICE_NAME=fred1)

Your entry will look like this:

Your entry will look like this: Here is an example of a service name with failover.

Here is an example of a service name with failover. Notice that there are multiple Address tabs.

of a service name with failover. Notice that there are multiple Address tabs. OID Installation Mark

6.4

Proving that it’s working

If you’re like me, at this point you will be thinking, “I’ve loaded my service names into OID and that’s all well and good but prove to me that the thing is working”.

The tnsping utility is what you want to use.

Simply issue a tnsping against one of your service names.

Simply issue a tnsping against one of your service names. If you see ‘Used LDAP Adapter’

If you see ‘Used LDAP Adapter’ then your OID resolution is working.

See section 10.4 if you want to see your entries in ldap form.

7

OID Process control

When the installer finished, it started the OID processes.

Of course, there will come a time when you need to shut these down for patches or whatever. There are several basic commands that stop and start the OID stack.

7.1 Environment variables

Because the stack contains multiple layers, there are several environment variables that have to be in linux for these commands to work seamlessly.

One suggestion is to create a oidenv script that you can run to set these.

export ORACLE_HOME=/orabase/orahomes/oid/Oracle_IDM1 export ORACLE_INSTANCE=/orabase/orahomes/oid/asinst_1 export INSTANCE_NAME=asinst_1 export COMPONENT_NAME=oid1 export NLS_LANG=AMERICAN_AMERICA.AL32UTF8

PATH=${ORACLE_HOME}/bin:${ORACLE_HOME}/ldap/bin:${ORACLE_INSTANCE}/bin:${PATH};export PATH

These variable settings must match the entries you made during Step 5 of the install.

By adding the paths for each of the bin directories, you can save some typing.

Most of the examples presented in this document rely on this script having been run.

7.2 OID Management

The basic command to start, stop and view status are opmnctl and oidctl

opmnctl startall opmnctl stopall

opmnctl status

-- starts all components ( including replication once it’s setup ) -- stops all components ( including replication once it’s setup )

-- reports status of OID components except for replication

We haven’t installed replication yet but to view the status of replication there is a separate command.

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status

These commands have lots of other options but these are the ones needed for basic management.

See section 10.1 for information on having OID start and stop on server bootup and shutdown.

8

Patch to 11.1.1.6

The base version has a more recent patchset available.

There are two parts. There is a an upgrade for the OID software as well as the ODS database schema.

As of this writing, it is Version 11.1.1.6.

8.1 Finding the patchset

Log in to Oracle Support. After signing on, click on the tab, ‘Patches and Updates’ to get to…

on, click on the tab, ‘Patches and Updates’ to get to… then select ‘Latest Patchsets’. Mouse

then select ‘Latest Patchsets’.

Updates’ to get to… then select ‘Latest Patchsets’. Mouse over ‘Oracle Fusion Middleware’ and navigate to

Mouse over ‘Oracle Fusion Middleware’ and navigate to your platform and select the second 11.1.1.6

A list of Fusion Middleware components appears. We are interested in the patch for Oracle Identity Management:

are interested in the patch for Oracle Identity Management: Download the patch and unzip as usual.

Download the patch and unzip as usual.

8.2 Applying the software patch

The official documentation for running the patch starts at:

http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_installer.htm#CBHFDHJC

First, shutdown the OID stack using

opmnctl stopall

Change to the directory containing the unzipped patchset, cd to Disk1 and run the runInstaller utility.

patchset, cd to Disk1 and run the runInstaller utility. Click ‘Next’ to continue. OID Installation Mark

Click ‘Next’ to continue.

The next screen asks about software updates.

The next screen asks about software updates. Select ‘Skip Software Updates’, then Next. Select ‘Install Software

Select ‘Skip Software Updates’, then Next.

updates. Select ‘Skip Software Updates’, then Next. Select ‘Install Software – Do Not Configure’, then

Select ‘Install Software – Do Not Configure’, then Next

The prerequisites are checked again. There should not be any surprises here. Next to continue.

The following screen gives us an opportunity to mess things up.

following screen gives us an opportunity to mess things up. IMPORTANT: Notice that the installer does

IMPORTANT: Notice that the installer does not know where your current middleware home is.

You need to retype the correct home.

You entered this in Step 5 of the original install.

Two confirmation screens appear.

5 of the original install. Two confirmation screens appear. Click ‘Yes’ to continue. This next one

Click ‘Yes’ to continue.

This next one looks scary but is ok….

to continue. This next one looks scary but is ok…. … click ‘Yes’ to continue. OID

… click ‘Yes’ to continue.

The Security Updates nag screen appears again if it isn’t configured.

As with other installs, you are presented with the pre-install summary.

installs, you are presented with the pre-install summary. Start the install In a few minutes the

Start the install

In a few minutes the install will complete:

the install In a few minutes the install will complete: Then you are prompted to run

Then you are prompted to run a script as root.

complete: Then you are prompted to run a script as root. After running the script, return

After running the script, return to the installer and click ‘OK’, then ‘Finish’.

8.3

Applying the database schema patch

The Fusion Middleware patches use a utility called, psa, to apply patches to schemas.

The pertinent manual chapters are:

http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_installer.htm - BABHJBFG and http://docs.oracle.com/cd/E23943_01/doc.1111/e16793/patch_set_assistant.htm - BABEBGEJ

You can either use psa in GUI mode, or more simply give it a response file to use. NOTE: if you use commandline and a response file, psa still expects to see an X server even though it does not produce any graphical output ( kind of reminds one of the old days when the oracle installer used to need this for silent installs )

Create a response file, such as

[GENERAL] fileFormatVersion = 3

[OID.OID11]

pluginInstance = 2

/tmp/psa_1116.rsp, containing these lines:

OID.databaseType = Oracle Database OID.schemaUserName = ODS OID.dbaUserName = sys as sysdba OID.databaseConnectionString = oidsrv1:1521/oradba4 OID.cleartextDbaPassword = yoursyspassword

The databaseConnectionString is specified using the so called ‘ezconnect’ syntax: //dbhost:port/dbname. The host name of the database must be specified after the //; the database name containing the ODS

schema is specified after the slash. changed as well.

If you are using a listener port other than 1521, that will need to be

To run psa with the response file, simply issue:

$ORACLE_HOME/bin/psa -response /tmp/psa1116.rsp

This produces output similar to the following:

Oracle Fusion Middleware Patch Set Assistant 11.1.1.6.0 Log file is located at:

/orabase/orahomes/oid/oracle_common/upgrade/logs/psa2012-03-28-11-37-47AM.log

Using response file /home/oracle/psa1116.rsp for input Oracle Internet Directory schema examine is in progress Oracle Internet Directory schema examine finished with status: succeeded Oracle Internet Directory schema upgrade is in progress Oracle Internet Directory schema upgrade finished with status: succeeded

At this point, restart Oracle Internet Directory to confirm it is all working

opmnctl startall

9

Adding Nodes

To add high availability and redundancy to our Oracle Internet Directory deployment, we need to add one or more additional nodes. These nodes will replicate amongst each other once everything is set up.

9.1 Set up additional node

On the next server node, apply the steps in chapters 3, 5, and 8

9.2 Configure replication

On the Oracle support site, there is an excellent document which concisely describes the replication set up

steps. The document number is 1372095.1.

Kudos to the author(s) of the document.

The steps in that document are the source material for the steps listed below and were used in our installation.

Conventions used in the examples below:

oidserver1

Second server: oidserver2

First server:

Database: oradba1 Database: oradba2

In this scenario, we have successfully installed OID on server oidserver1. This OID instance uses the database oradba1 as its backend database.

Now we want to set up multi-master replication to the second node we just built. This is oidserver2 using database oradba2.

9.2.1 Set your environment

On your first node, set your environment as described in section 7.1

9.2.2 Remtool on first node

Use the remtool utility and answer the prompts

$ remtool –paddnode

Enter directory details:

Enter hostname of host running OID server : oidserver1 Enter port on which OID server is listening : 3060 Enter replication dn password : <ODS password of 1 st node>

(See step 10 of the install)

<Output suppressed>

Enter consumer directory details:

Enter hostname of host running OID server : oidserver2 Enter port on which OID server is listening : 3060 Enter replication dn password : <ODS password of 2 nd node>

Enter replica type [1 - LDAP read-only replica; 2 - LDAP updateable replica; 3 - LDAP multimaster replica] : 3

<Output suppressed>

List of available naming contexts in supplier replica ldap://orasrv02:3060 1. * [replicate whole directory]

Enter naming context [Enter "e" to end selection] : *

( type *, not 1 )

Enter naming context [Enter "e" to end selection] : e

Following naming contexts will be included for replication:

------------------------------------------------------------------------------

1. * Do you want to continue? [y/n] : y

------------------------------------------------------------------------------

Selected naming contexts have been included for replication.

------------------------------------------------------------------------------

9.2.3 Seed the 2nd node

To get the second OID node to seed itself from the first, we need to create an ldif file.

Log on to the second server and set your environment as mentioned previously.

Create a text file such as /tmp/seed.ldif

dn: orclreplicaid=oidserver2_oradba2,cn=replication configuration changetype: modify replace: orclreplicastate orclreplicastate: 0

( Notice that the orclreplicaid is comprised of the hostname and the database name of the second OID instance. )

Then apply this file to the second node:

ldapmodify -p 3060 -D cn=orcladmin -w <ODS password of 2 nd node> \ -f /tmp/seed.ldif

9.3 Start replication on both nodes

On the first OID server issue the command:

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 \ flags="host=oidserver1 port=3060" start

On the second OID server issue the command:

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 \ flags="host=oidserver2 port=3060" start

Note: You won’t usually need to start the replication this way. From now on, when you issue opmnctl startall, it will also start the replication.

Note: the OIDDB refers to a service name entry which exists in OID’s own tnsnames.ora file. It is an alias for the database that you created.

When the second node is in synch, you will see an entry in its oidrepld.log like the following:

"[2011-10-26T04:37:52+00:00] [OID] [NOTIFICATION:16] [] [OIDREPLD] [host:

oidserver2t] [pid: 27563] [tid: 1] Reader(Transport):: gslrbsbBootStrap:

BOOTSTRAP DONE SUCCESSFULLY"

You can query the status of replication on a node with the following:

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status

As far as I know, this is the only way to query the status of replication.

If you need to stop only the replication, you can use this command to stop the replication component on a given host.

oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 \ flags="host=oidserver2 port=3060" stop

9.4 Confirming replication

Since ‘seeing is believing’, you can create an entry in one node and verify that it replicates to the other.

If you want to use Net Manager for this and you want to change something in the second node, you have to change the order of directory_servers in your ldap.ora ( see section 6.2 )

You can also add ldap entries manually as described in section 10.23

10

Miscellaneous Topics

10.1 Auto stop/start for linux

Here is one approach to creating an autostart script for Oracle Internet Directory on linux servers.

This example assumes that the database is co-resident on the same server.

script (setoidenv) that sets all the environment variables for Oracle Internet Directory as described previously.

It also assumes you have a

/etc/init.d/oid:

#!/bin/sh

 

#

#

oid:

Oracle Internet Directory

#

#

chkconfig:

- 95 5

#

description: Oracle Internet Directory LDAP Server

#

#

Startup/shutdown for Oracle Internet Directory

#

02/03/12 Mark Luszczynski

#

start () { echo -n $"Starting Oracle Internet Directory: " su - oracle -c "lsnrctl start" su - oracle -c "dbstart" su - oracle -c ". setoidenv ; opmnctl startall" RETVAL=$? return $RETVAL

}

stop () { # stop daemon echo -n $"Stopping Oracle Internet Directory: " su - oracle -c ". setoidenv; opmnctl stopall" su - oracle -c "dbshut" RETVAL=$?

}

status () { echo -n $"Querying Oracle Internet Directory: " su - oracle -c ". setoidenv; opmnctl status ; oidctl connect=OIDDB server=oidrepld instance=1 componentname=oid1 status" RETVAL=$?

}

restart() {

}

stop

start

case $1 in start)

 

start

;;

stop)

 

stop

;;

restart)

 

restart

;;

status)

 

status

RETVAL=$?

;;

*)

echo $"Usage: $prog {start|stop|restart|status}" exit 3

esac

exit $RETVAL

Use the chkconfig command to have this script included in startups and shutdowns

/sbin/chkconfig --level 2345 oid on

10.2 Using Round Robin DNS

As mentioned, the standard oracle sqlnet client will not load balance between a list of directory servers that have been specified in the DIRECTORY_SERVERS line of the ldap.ora. ( Although somewhere I read that the jdbc clients do this – can’t remember where ).

In the case of server failure, there is a 30 second ( perhaps 15 ) timeout before the client tries the next

server in the list.

OID server ever sees any action.

Unfortunately, if you send the same ldap.ora file to all clients and servers, only the first

DNS provides a way for us to set up one entry that has several possible addresses. This is called Round

Robin DNS.

for ‘www.diapers.com’, your client will receive back two possible IP addresses in a random order. Most apps will only use the first one and will be the actual IP you will address when browsing your diapers.

www.diapers.com is an example of one.

When your tcp client makes the DNS resolve call

ipconfig /displaydns

www.diapers.com

----------------------------------------

Record Name

: www.diapers.com

1

Record Type

.

.

.

.

.

.

:

Time To Live

.

.

.

.

: 240

Data Length

.

.

.

.

.

:

4

Section .

.

.

: Answer

A

(Host) Record

 

: 72.22.187.68

Record Name

: www.diapers.com

Record Type

.

.

.

.

.

.

:

1

Time To Live

.

.

.

.

: 240

Data Length

.

.

.

.

.

:

4

Section .

.

.

: Answer

A

(Host) Record

 

: 75.98.67.132

The one drawback with this method, is that while it gives you good pseudo load balancing, failing over to

another address in the list could take as long as the “Time To Live” setting.

dns client how often it needs to go back to the DNS server to refresh the info regarding this entry.

The TTL setting tells your

The actual DNS entry for your oid might look like this:

oid.archcoal.com 300 IN A 10.10.10.1 oid.archcoal.com 300 IN A 10.10.10.2

300 is the Time To Live ( TTL ) in seconds.

10.3 Manually adding ldap entries

If you just love your command line and want to add an Oracle Internet Directory service name manually, here’s an example of how you would add an entry:

Create an ldif file which will be read in by the ldapadd command.

Eg: /tmp/addnew.ldif

dn: cn=aci,cn=corp,cn=net objectclass: top objectclass: orclNetService cn: mydb

orclNetDescString: (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)(HOST = myhost)(PORT =1521))) (CONNECT_DATA = (SID = mydb)))

This is the service name

To add this new service name "mydb" to OID, use the "ldapadd" command:

ldapadd -D "cn=orcladmin" -w <password> \ -h oidsrv1 -p 389 -v -f /tmp/addnew.ldif

10.4 View all ldap tns entries

If you’re more curious and you want to see the contents in ldap form dumped directly from the ldap directory you can use this command:

ldapsearch -h <oidserver> -p 3060 -D cn=orcladmin -w <password> \ -b "cn=OracleContext,dc=aci,dc=corp,dc=net" \ -s one "objectclass=orclNetService"

The server name is the hostname of the OID server. The password needed is the password for cn=orcladmin. The –b option needs to include your default realm.

This produces output like:

cn=ORADBA2,cn=OracleContext,dc=aci,dc=corp,dc=net

objectclass=top objectclass=orclNetService

cn=ORADBA2

orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=acioem)(PORT

=1521)))(CONNECT_DATA=(SERVICE_NAME=ORADBA2)))

orclnetdescname=000:cn=DESCRIPTION_0

cn=PRDWHSE1,cn=OracleContext,dc=aci,dc=corp,dc=net

objectclass=top

objectclass=orclNetService

cn=PRDWHSE1

orclnetdescstring=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=acidb1)(PORT

=1521)))(CONNECT_DATA=(SERVICE_NAME=prdwhse1)))

orclnetdescname=000:cn=DESCRIPTION_0

10.5 Moving the OID database

If the occasion should arise that you want to move a database that contains the OID schema, this is fairly easy once you know what to change.

Steps:

Shut down the OID instance ( opmnctl stopall )

Shut down its database

Move the entire database to its new server

Start database on new server

On the OID server, in the directory $ORACLE_INSTANCE/config , modify the tnsnames.ora and

tnsnames_copy.ora files. These files have an entry for OIDDB.

( Not sure what the purpose of _copy

is )

Start OID ( opmnctl startall )