© Tushar Thakker 2015

Tushar Thakker, Pro Oracle Fusion Applications, 10.1007/978-1-4842-0983-7_6

6. Provision Identity Management Environment

Tushar Thakker

(1)Param Labs, Dubai, United Arab Emirates

After creating the IDM provisioning response file, we will now proceed to installing the Identity Management environment for Fusion Applications. So far no component from the selected topology except the database has been installed and all our installation-related responses were stored in a plain-text response file. The provisioning process will use this response file to fetch the required installation-related parameters. In the beginning of this chapter, we will look at various interfaces available for Identity Management provisioning, followed by understanding individual phases of the IDM provisioning process. Later we will see proceed to an example installation process using both interface options.

Identity Management Provisioning Interfaces

We have two interface options for provisioning an Identity Management environment. We can use either of these options to yield the same provisioned environment, installation log files, status information, and so on. Note that we have similar options for Oracle Fusion Applications as well, so the same concept will apply in case of the Fusion Applications provisioning.

  • GUI-based wizard: This is essentially same response-based wizard that we have used for creating or updating a response file earlier. This is only to be used for the primordial host. Once each phase is completed on the primordial host, you need to wait until it is completed on the other hosts using the command-line interface. For a single H-host topology, it is recommended you use the GUI-based wizard for provisioning. For a single host, you need to run it only on one node. As soon as the phase is complete, you can move on to the next phase.

  • Command-line interface (CLI): This is the recommended method of provisioning for a multi-host installation. Although you can use this interface for all nodes, including the primordial host, the ability to understand the progress of the phase in a non-graphical interface will be limited. So it is possible to use GUI-based provisioning on the primordial host and CLI-based provisioning for other hosts, including the primary, secondary, and DMZ hosts once the respective phase on the primordial host is complete. In addition to this, in case of manual cleanup and restore, you also need to use the command-line interface.

Tip

Although the GUI-based installer gives you much more visibility and monitoring capability, the CLI (the command-line interface) always completes without any issues. When using GUI for older releases of Fusion Applications, you might need to download the patch 16708003 from the Oracle Support portal and apply it immediately after the Install phase has completed to fix an issue that it may encounter in the Configure phase. However, for recent releases of Identity Management provisioning frameworks, this is not required.

Identity Management Provisioning Phases

The Identity Management provisioning process includes the same following phases that we will see during the Fusion Applications provisioning, but the actions you take during these phase are different depending on the products being provisioned. We will discuss each of these phases and which actions are performed during each in detail when we look at the screens for specific phases during the installation.

  • Preverify: Checks whether required the operating system, databases, and other prerequisites are fulfilled.

  • Install: Installs Oracle Fusion Applications Binaries.

  • Preconfigure: Creates the WebLogic domain and configures the directory servers and Web server.

  • Configure: Performs the Oracle Identity Manager configuration.

  • Configure Secondary: Performs the Oracle Identity Manager and Oracle Access Manager integration.

  • Postconfigure: Configures WebGate identity federation. Performs tuning, OIM reconciliation, and SSL configuration.

  • Startup: Starts all services that are in the enabled state.

  • Validate: Validates all component services and verifies service URLs for all components.

Figure 6-1 shows the Identity Management provisioning phases and their order of execution, along with the failure or success actions.

A335101_1_En_6_Fig1_HTML.jpg
Figure 6-1. Identity Management provisioning phases

Possible States of an IDM Provisioning Phase

Each provisioning phase that has already been initiated has the following possible states.

  • STARTED : This means the phase is currently running.

  • COMPLETED : This means the phase has completed doing its actions and performing post-completion actions.

  • ENDED : This means the phase has finished and is ready to move on to the next phase on this host. For IDM provisioning, COMPLETED and ENDED are AT nearly the same time, but for Fusion Applications provisioning, these two phases have distinct meanings. You will understand the difference between COMPLETED and ENDED more during Fusion Applications provisioning.

  • FAILED : This means the entire phase or part of it has failed. For example, the entire phase except OIM-related activities have failed. In both cases the phaseguard file for the phase will have FAILED status.

  • ABORTSIGNALED : This means that the user pressed Cancel during the provisioning process and the phase was aborted. The status first becomes ABORTSIGNALED and once the provisioning processes have existed completely, it changes to FAILED.

Note that all of these phases must run in the given sequence. Only if the predecessor phase is successful can the next phase start. Provisioning framework controls this by a directory named phaseguards. Accordingly, the installer will create a file named <phase>-<hostname>-<status>.grd in the <INSTALLATION_BASE>/provisioning/phaseguards directory. Upon restarting the provisioning process, the installer detects the current status of each phase based on the phaseguards and proceeds accordingly.

Tip

Before you begin Identity Management provisioning, back up the database since at the moment automatic cleanup and restore of IDM provisioning is not supported. Although this is not mandatory, it will help you reduce the time needed to restart the installation in case of failure.

Provisioning Identity Management Using the Wizard

Launch the Identity Management Provisioning wizard as follows. Make sure JAVA_HOME is set correctly and pointing to the jdk6 directory we created earlier.

Note

Make sure that you have at least 35 GB of free disk space for provisioning Identity Management.

[fusion@idmhost ∼]$ export JAVA_HOME=/app/oracle/jdk6

[fusion@idmhost ∼]$ cd /app/provisioning/tools/idmlcm/provisioning/bin/

[fusion@idmhost bin]$ ./idmProvisioningWizard.sh

Upon launching the installer, you will see an informational Welcome screen, as shown in Figure 6-2. It cautions the user to ensure that the prerequisites are already performed before proceeding with installation.

A335101_1_En_6_Fig2_HTML.jpg
Figure 6-2. Identity Management Provisioning wizard welcome screen

Since you are provisioning the Identity Management environment, ensure that a provisioning response file has already been created. Also make sure that the installation media has been extracted to the installation repository location and is available on all hosts. If you have restarted the database servers in between, make sure that the IDM database and listener have been started.

Once you check these settings, click Next to proceed to the wizard option selection screen, as shown in Figure 6-3.

A335101_1_En_6_Fig3_HTML.jpg
Figure 6-3. Identity Management Provisioning option selection screen

You have seen the screen in Figure 6-3 earlier when creating a new Identity Management environment provisioning response file. The first option is related to the IDM database (disabled for the current release), while options 2 and 3 are related to the provisioning response file creation and update. In this case we will select option 4, which is to provision an Identity Management environment.

The wizard asks you to enter the response file name with the full path. Enter the path of the response file created in the previous step. Alternatively, you can click on Browse to locate the file in the directory tree. Make sure to select the file with the .rsp extension, not with .summary.

Once the response file’s name has been provided, click Next to proceed to the Response File Description screen, as shown in Figure 6-4.

A335101_1_En_6_Fig4_HTML.jpg
Figure 6-4. Response File Description screen

The Response File Description screen contains the same values that we selected during the response file creation in the last chapter. Review the details and click Next unless you are planning to change any values in the review screens coming up next. If you are planning to modify any values in next screens, then change the response file version to any user-defined value, for example to Ver 2.0.

Once you click Next, the Install Location Configuration screen shows the installation location and details as entered during the response file creation, as shown in Figure 6-5.

A335101_1_En_6_Fig5_HTML.jpg
Figure 6-5. Installation Location Configuration screen

If you want to change any of these location parameters, you need not recreate or modify the response file manually. Instead the installer enables you to select it right from this screen and the installer will use the updated parameters. We have already gone through details of the following fields in the last chapter while creating response file, so you already know the importance of them.

Review the information provided and update it if required. Click Next to continue to the Configuration Review screen, as shown in Figure 6-6.

A335101_1_En_6_Fig6_HTML.jpg
Figure 6-6. Configuration Review screen

The Review Provisioning Configuration screen allows you to review any of the following configurations and modify them if necessary in the subsequent screens.

  • Node topology configuration

  • Virtual hosts configuration

  • Common passwords

  • OID configuration

  • ODSM configuration

  • OHS configuration

  • OAM configuration

  • OIM configuration

  • Load balancer configuration

Tip

Although reviewing these configurations is optional, it may be wise to do so if you are having the slightest doubt about any of the section details. Any incorrect detail may lead to installation failure.

If you have selected any of these checkboxes, the wizard will launch the response file update screens related to the selected configuration. Otherwise, click Next to continue to the Installation Summary screen, as shown in Figure 6-7.

A335101_1_En_6_Fig7_HTML.jpg
Figure 6-7. Identity Management pre-provisioning summary screen

Review the pre-provisioning summary before starting the actual provisioning process. Any changes you made before this step will be updated automatically in the response and summary files. These changes are also reflected in the Summary shown in Figure 6-7, which makes it easier for you to review in single-tree view. Click Next to save the changes (if any) in the response file and proceed with the prerequisite checks.

Before we look at each of these phases, it is important to understand the common layout of the Provisioning wizard so that you can better understand the further screens and any errors encountered during the installation.

IDM Provisioning Wizard Layout During the Provisioning Phases

From this phase onward, the installation screen layout will look similar until the end of the installation. So it is necessary to understand the layout. The screen is mainly divided into the following three panels:

  • Left panel: Shows the list of steps required during the installation. It highlights the current step and shows the recently completed step along with next step in the queue.

  • Top panel: Shows the following information.

    • Host: The name of the host where the phase is running.

    • Status: Current status of the phase. It can be Starting, Restarting, Completed, Failed, or Aborted.

    • Log: You can click on the log icon to open the log file for this phase (not only product but the overall phase).

    • Domains: The list of domains on which this phase has to run. For IDM provisioning, it will be only the IDMDomain.

  • Bottom panel: The following are important elements in the bottom panel of the screen.

    • Retry Button: Remains disabled until any phase has failed.

    • Back Button: Active only until the Prerequisite Checks screen. From the next screen onward, this button is always disabled and the only way to go back is to cancel the installation and start from beginning after cleanup.

    • Next Button: Active only after the phase has successfully completed. All other times it remains disabled.

    • Cancel Button: You can click this button at any time during the installation to abort the phase. The status of the phase will become ABORTED and the Retry button will be activated if you want to restart the installation.

    • Messages Text Area: This textbox is not visible until you select any action item in the screen. This textbox will contain any errors or warnings encountered in the particular activity. If you want to see all the errors or warnings during the phase, you should select the top menu item, called Build Messages for Orchestration Product Family.

Now let's proceed to the Prerequisites Check step shown in Figure 6-8.

A335101_1_En_6_Fig8_HTML.jpg
Figure 6-8. Prerequisite Checks screen

The Prerequisites Checks or Preverify phase checks for all the prerequisites required for the installation, including disk space, operating system version, OS parameters and utilities, port availability, database reachability, required memory size, and so on. It validates these parameters based on the topology selected, so you may see same parameters with different values being checked.

Depending on how critical the parameter being checked is, it will either show a warning or an error message. The installer will show errors and warnings in the bottom pane. If there are any errors or warnings, resolve the issues and click Retry to restart the Prerequisites Check phase. You can find the installation logs at <CONFIG_DIR>/provisioning/logs; for example, /app/oracle/config/provisioning/logs/idmhost.paramlabs.com.

The following log files correspond to this phase. Review these files for detailed error logs.

runIDMProvisioning-preverify.out

runIDMProvisioning-preverify.log

You can see following phaseguard files at <IDM_BASE>/provisioning/phaseguards the end of the installation.

preverify-idmhost.paramlabs.com-STARTED.grd

preverify-idmhost.paramlabs.com-COMPLETED.grd

preverify-idmhost.paramlabs.com-ENDED.grd

Once the prerequisites check is successful, click Next to proceed with the install phase, as shown in Figure 6-9. Remember that the Back button is no longer available after this phase.

A335101_1_En_6_Fig9_HTML.jpg
Figure 6-9. Installation phase status screen

The Installation phase installs all the required software, including the Oracle Fusion middleware binaries. Once the required software binaries are installed, it will apply all the available patches in the installer media for the Oracle Fusion middleware components, including Oracle HTTP Server, the IDM suite, and the WebLogic patches. It invokes OPatch or the WebLogic smart update, depending on the component being patched.

The log files generated at the <CONFIG_DIR>/provisioning/logs directory are as follows. Review these log files in case there are any errors or warnings.

runIDMProvisioning-install-logstatus.log

runIDMProvisioning-install.log

runIDMProvisioning-install.out

The phaseguard files for this phase generated at the <IDM_BASE>/provisioning/phaseguards directory are as follows.

install-idmhost.paramlabs.com-STARTED.grd

install-idmhost.paramlabs.com-COMPLETED.grd

install-idmhost.paramlabs.com-ENDED.grd

Once the installation phase is successful, click Next to continue with the preconfigure phase, as shown in Figure 6-10.

A335101_1_En_6_Fig10_HTML.jpg
Figure 6-10. Preconfigure phase status screen

The Preconfigure phase performs the following activities.

  • Configure the Oracle Internet Directory (OID) and Oracle Virtual Directory (OVD)

  • Prepare the identity store by seeding OID with the required users/groups

  • Create the Oracle WebLogic domain

  • Create the Oracle HTTP Server (OHS) instance

  • Extend the domain to configure Oracle Directory Service Manager (ODSM)

The following log files are generated at <CONFIG_DIR>/provisioning/logs during this phase.

runIDMProvisioning-preconfigure.log

runIDMProvisioning-preconfigure-logstatus.log

runIDMProvisioning-preconfigure.out

The following phaseguard files are generated at <IDM_BASE>/provisioning/phaseguards during this phase.

preconfigure-idmhost.paramlabs.com-STARTED.grd

application-<component>-preconfigure-COMPLETED.grd

preconfigure-idmhost.paramlabs.com-COMPLETED.grd

preconfigure-idmhost.paramlabs.com-ENDED.grd

Once the Preconfigure phase is successful, the Next button will be activated again. Click Next to proceed with the configure phase, as shown in Figure 6-11.

A335101_1_En_6_Fig11_HTML.jpg
Figure 6-11. Configure phase status screen

The following activities are performed during the configure phase.

  • Configure Oracle Access Manager

  • Configure Oracle Identity Manager and SOA

  • Associate Policy Store with Identity Store (OID)

  • Associate Oracle Access Manager with OID

The following are the important log files for this phase in same location.

runIDMProvisioning-configure.log

runIDMProvisioning-configure-logstatus.log

runIDMProvisioning-configure.out

The phaseguard files for this phase (after successful completion) are as follows.

configure-idmhost.paramlabs.com-STARTED.grd

application-<component>-configure-COMPLETED.grd

configure-idmhost.paramlabs.com-COMPLETED.grd

configure-idmhost.paramlabs.com-ENDED.grd

Once the Configure phase is successful, the Next button will be activated again. Click Next to proceed with the Configure Secondary phase, as shown in Figure 6-12.

A335101_1_En_6_Fig12_HTML.jpg
Figure 6-12. Configure Secondary phase status screen

Once the Configure phase is completed, the wizard will proceed to the Configure Secondary phase regardless of whether you have selected single-host or EDG topology. During the Configure Secondary phase, the installer mainly performs the following actions. The reason why these actions are kept in the Configure Secondary phase is that if there are any secondary servers then the configure stage should have completed on all nodes before the following actions can be performed. In this case, there are no second node-specific actions performed.

  • Integrate WebLogic domain with Oracle HTTP Server instance by creating aliases for OAM, OIM, SOA, and ODSM

  • Perform integration of Oracle Access Manager and Oracle Identity Manager

The following are the important log files to look at for this phase in the same location.

runIDMProvisioning-configure-secondary.log

runIDMProvisioning-configure-secondary-logstatus.log

runIDMProvisioning-configure-secondary.out

The phaseguard files for this phase (after successful completion) are as follows.

configure-secondary-idmhost.paramlabs.com-STARTED.grd

application-<component>-configure-secondary-COMPLETED.grd

configure-secondary-idmhost.paramlabs.com-COMPLETED.grd

configure-secondary-idmhost.paramlabs.com-ENDED.grd

Once the Configure Secondary phase is successful, the Next button will be activated again. Click Next to proceed with Postconfigure phase, as shown in Figure 6-13.

A335101_1_En_6_Fig13_HTML.jpg
Figure 6-13. Postconfigure phase status screen

At this stage, we have the base infrastructure of the Identity Management component ready and the installer will move on to perform post-configuration tasks that include but not limited to the following major actions.

  • Configure WebGate and integrate it with the HTTP server

  • Register OID with WebLogic domain IDMDomain

  • Tune and configure SSL for OID

  • Configure OIF (it remains disabled after configuration)

  • Configure and run reconciliation of OIM from the ID store

The following important log files are generated at <CONFIG_DIR>/ provisioning/logs for this phase. Review the log files for detailed execution information as well as for error messages.

runIDMProvisioning-postconfigure.log

runIDMProvisioning-postconfigure-logstatus.log

runIDMProvisioning-postconfigure.out

The phaseguard files for this phase (after successful completion) are as follows.

postconfigure-idmhost.paramlabs.com-STARTED.grd

application-<component>-postconfigure-COMPLETED.grd

postconfigure-idmhost.paramlabs.com-COMPLETED.grd

postconfigure-idmhost.paramlabs.com-ENDED.grd

Once the Postconfigure phase is completed successfully, click Next to proceed to the Startup phase, as shown in Figure 6-14.

A335101_1_En_6_Fig14_HTML.jpg
Figure 6-14. Startup phase status screen
Note

At the end of Postconfigure phase, all the components are already started. The next phase will gracefully bounce them one by one.

The Startup phase attempts to cleanly shut down and restart all services that are enabled for startup. By default, except Oracle Identity Federation (OIF), all services are enabled for startup in this release of the IDM Provisioning wizard. The wizard monitors the state file of each WebLogic managed server being started and once it shows a RUNNING state, it moves to the next component’s startup.

The following are the important log files for this phase, found at <CONFIG_DIR>/ provisioning/logs.

runIDMProvisioning-startup.log

runIDMProvisioning-startup-logstatus.log

runIDMProvisioning-startup.out

The phaseguard files for this phase (after successful completion) are as follows.

startup-idmhost.paramlabs.com-STARTED.grd

application-<component>-startup-COMPLETED.grd

startup-idmhost.paramlabs.com-COMPLETED.grd

startup-idmhost.paramlabs.com-ENDED.grd

Once the Startup phase is successful, the Next button will be activated again. Click Next to proceed with the Validate phase, as shown in Figure 6-15.

A335101_1_En_6_Fig15_HTML.jpg
Figure 6-15. Validation phase status screen

The last phase in Identity Management provisioning is Validate. This phase checks for online status and connectivity for all managed servers and instances, invokes test URLs to make sure the desired response is received, and performs other validations. Any validation error or warning will be displayed in the lower panel. However, in this phase, cleanup is not supported and upon retry all startup-related actions will be performed again.

The following are the important log files for this phase at the same common log location.

runIDMProvisioning-validate.log

runIDMProvisioning-validate-logstatus.log

runIDMProvisioning-validate.out

The phaseguard files for this phase (after successful completion) are as follows.

validate-idmhost.paramlabs.com-STARTED.grd

validate-idmhost.paramlabs.com-COMPLETED.grd

validate-idmhost.paramlabs.com-ENDED.grd

Once the Validate phase completes, the Next button will be activated. Click Next to go to the Post-Installation Summary page, as shown in Figure 6-16.

A335101_1_En_6_Fig16_HTML.jpg
Figure 6-16. Identity Management installation completion summary

Review the post-installation summary details, as shown in Figure 6-16. This page includes all the installed Oracle Fusion Applications products with the configured ports and URLs. The same summary is saved to the default location of <IDMLCM_HOME>/provisioning/bin directory in readable text format. Keep the summary file with your earlier summary files for project documentation.

Click Finish to save the summary and exit the installation wizard.

Provisioning Using the Command-Line Interface (CLI)

As explained earlier, in case of multi-host environments or when the GUI-based installer is not working on specific operating system versions, you may want to provision Identity Management using the command-line interface. The process is essentially the same except here you will initiate each phase manually after completing the previous phase.

Similar to when using the graphical wizard, you will need the already created response file. In this example, the response file generated in an earlier step is located at /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp. We will need to supply this response file at each phase of provisioning. The syntax for the command-line provisioning is as follows.

For the Unix Platform

IDMLCM_HOME/provisioning/bin/runIDMProvisioning.sh -responseFile <filename> -target <phase>

For the Windows Platform

IDMLCM_HOMEprovisioningin unIDMProvisioning.bat -responseFile <filename> -target <phase>

Run Preverify Phase

Let's begin with the Preverify phase. This is the same as the Prerequisites Checks phase, as seen in the Graphical Provisioning wizard. Make sure to finish this phase on all nodes in the topology before starting the next phase. Here is an example of the Preverify phase on a Linux host.

[fusion@idmhost ]$ cd /app/provisioning/tools/idmlcm/provisioning/bin

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target preverify

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 05:35:31.842 TRACE

BUILD SUCCESSFUL

Total time: 20 seconds

Successfully finished preverify.

Proceed with install.

Run Install Phase

Once the Preverify has completed on all nodes, start the Install phase on the primordial node. The syntax for running the Install phase on the Linux operating system is as follows.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target install

...

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 08:32:33.621 TRACE

BUILD SUCCESSFUL

Total time: 150 minutes 24 seconds

Successfully finished install.

Proceed with preconfigure.

Run Preconfigure Phase

Once the Install Phase has completed on all nodes, start the Preconfigure phase on the primordial node. Here is an example of running the Preconfigure phase using the command-line interface on the Linux operating system.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target preconfigure

fusionRepository from rsp file: /stage

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 13:17:42.263 TRACE

BUILD SUCCESSFUL

Total time: 30 minutes 15 seconds

Successfully finished preconfigure.

Proceed with configure.

Run Configure Phase

Once the Preconfigure phase has completed on all nodes, start the Configure phase on the primordial node. The syntax for running the Configure phase on the Linux operating system is as follows.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target configure

fusionRepository from rsp file: /stage

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 13:56:06.366 TRACE

BUILD SUCCESSFUL

Total time: 30 minutes 19 seconds

Successfully finished configure.

Proceed with configure-secondary.

Run Configure Secondary Phase

When Configure phase has completed on all nodes, you can run the Configure Secondary phase on the primordial node. Here is the syntax for our example installation.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target configure-secondary

fusionRepository from rsp file: /stage

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 14:13:07.792 TRACE

BUILD SUCCESSFUL

Total time: 5 minutes 50 seconds

Successfully finished configure-secondary.

Proceed with postconfigure.

Run Post Configure Phase

Once the Configure Secondary phase has completed on all nodes, start the Post Configure phase on the primordial node. The syntax for running the Post Configure phase using the command-line interface on the Linux operating system is as follows.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target postconfigure

fusionRepository from rsp file: /stage

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 15:03:24.987 TRACE

BUILD SUCCESSFUL

Total time: 40 minutes 39 seconds

Successfully finished postconfigure.

Proceed with startup.

Run Startup Phase

After the Post Configure phase has finished on all nodes, move on to the Startup phase to bring up all components on all nodes in the topology. The syntax for running the Startup phase using the command-line interface is as follows.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target startup

...

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 16:02:01.282 TRACE

BUILD SUCCESSFUL

Total time: 28 minutes 34 seconds

Successfully finished startup.

Proceed with validate.

Run Validate Phase

Once the Startup phase has completed, we will go ahead with the final phase of IDM provisioning, which is the Validate phase. Here is an example of running the Validate phase using the command-line interface on the Linux operating system.

[fusion@idmhost bin]$ ./runIDMProvisioning.sh -responseFile /app/provisioning/tools/idmlcm/provisioning/bin/provisioning.rsp -target validate

fusionRepository from rsp file: /stage

*** Checking java and fusion repository setting...

*** Using fusion repository at /stage

*** Valid java version. Using JAVA_HOME environment at /app/oracle/jdk6

*** Using local ant setting at /app/fusion/provisioning/ant

...

2013-11-03 16:30:29.582 TRACE

BUILD SUCCESSFUL

Total time: 2 minutes 56 seconds

Successfully finished validate.

Restarting After a Failed Installation

The Identity Management provisioning framework has option to initiate a cleanup and restore if a phase fails for any reason. But as of the installer bundled with Fusion Applications release 11.1.9, this feature is not supported. It will be supported in future releases.

Once a phase fails while performing any action, the status of the phase changes to FAILED and the installer pauses with the Retry button activated. Once you click the Retry button, it should initiate a cleanup operation followed by a restore to previous phase auto-backup. Since the IDM cleanup and restore options are not yet supported, you will see a message in Figure 6-17 on your screen.

A335101_1_En_6_Fig17_HTML.jpg
Figure 6-17. Cleanup and Restore message box as of Fusion Applications 11.1.9

Once IDM cleanup and restore is supported, you can run cleanup and restore using the command-line interface as well, as follows.

./runIDMProvisioning.sh -responseFile <filename> -target cleanup-<phase>

./runIDMProvisioning.sh -responseFile <filename> -target restore-<phase>

For example, to clean up and restore after failed Configure phase, you use the following:

./runIDMProvisioning.sh -responseFile <filename> -target cleanup-configure

./runIDMProvisioning.sh -responseFile <filename> -target restore-configure

Since you need to do a manual cleanup instead, you have two options when you need to restart the IDM provisioning, as shown in Figure 6-18.

A335101_1_En_6_Fig18_HTML.jpg
Figure 6-18. Options for IDM manual cleanup and restore

It’s important to understand that steps involved in manual cleanup and restore until the feature is enabled in the IDM provisioning framework.

  • Option 1: If you do not make a full database backup before beginning IDM provisioning then this is the preferred method of IDM provisioning cleanup. This includes the following steps.

    a. IDM processes might be running, depending on at which phase the provisioning has failed. Kill all the IDM related processes, if any.

    b. Delete all IDM-related directories created by the wizard under IDM_TOP. For example, /app/oracle/products and /app/oracle/config, and so on.

    c. Start the Repository Creation Utility and select the Drop Repository option to drop the existing repository schemas from the database.

    d. Recreate the repository using RCU’s Create Repository option.

  • Option 2: If you have taken a full (preferably cold) backup of the database before the provisioning was initiated, this is the fastest way to clean up the failed installation. This includes the following steps.

    a. Kill all the IDM related processes if any.

    b. Delete all IDM related directories created by the wizard under IDM_TOP. For example, /app/oracle/products and /app/oracle/config, and so on.

    c. Restore or replace the full/cold backup of the database.

Summary

You should be able to provision an Identity Management environment using the provisioning response file created in last chapter. We have also seen various interface options available for provisioning an Identity Management environment. You should now also know how to restart manually after a failed installation of Identity Management. At this stage, we have our Identity Management environment running and technically configured. But in order to use this for Fusion Applications, we must perform some post-provisioning configurations. We will look at those steps in the next chapter.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.222.114.28