As it was mentioned in my previous post, Identity and Access Management is the main prerequisite of Fusion Applications provisioning – therefore it is the first thing to start with in overall process. Prepare at least two servers, one for Identity and Access Management and second for Fusion Applications as currently it is not supported to have both products sharing the same machine. However, my recommendation is to split components between four servers in order to gain more performance and manageability. The easiest way of course is to leverage virtualisation for that purpose, but please be ready for large amounts of RAM and disk space. Here is what official documentation states for typical HW requirements (or minimum, meant not for a production case):
Plan the hardware resources accordingly depending on the purpose of your environment. For the POC the above numbers should be sufficient. In my blog posts I will be using four server topology – two separate database servers for Identity and Access Management databases (IDMDBHOST) and Fusion Applications database (FADBHOST) as well as two additional application servers holding IdM (IDMHOST) and FA (FAHOST) software data respectively.
Oracle Fusion Applications is supported on the following platforms:
- Linux x86-64
- Oracle Solaris
- IBM AIX on POWER Systems (64-Bit)
- Microsoft Windows x64 (64-Bit)
I am going to cover installation on Linux x86-64 only. For the typical installation it is enough just to install oracle-validated rpm package in order to meet all the OS prerequisites for Identity and Access Management (or if your OS is Oracle Enterprise Linux, it should be there already), even though there are some additional steps to be done on Fusion Applications application tier – I will cover them later.
PREPARE IDM DATABASES
There is a need for two databases (can be also fit in one, but not recommended) for Identity (Oracle Internet Directory) and Policy (Identity and Access Management) stores of Fusion Applications. One can install them either using Provisioning Wizard that is shipped in the installation media or the standard Oracle Database installer. We’ll be using the second option.
1) Make your staging area available on IdM database server (you can use native NFS for that purpose) and proceed with database installation:
[root@faidmdb /]# mkdir /fusion_media [root@faidmdb /]# mount -t nfs falab:/u01/fa_11.1.7 /fusion_media [oracle@faidmdb /]# cd /fusion_media/installers/database/Disk1 [oracle@faidmdb /]# ./runInstaller
Make sure to use AL32UTF8 as Character Set. This is Identity and Access management requirement.
Using the same approach create another database called IDMDB for Identity and Access Management.
2) Perform database patching and post steps:
2.1) Change database parameters to accommodate Identity and Access Management requirements:
In OIDDB –
[oracle@faidmdb ~]$ . oraenv ORACLE_SID = [IDMDB] ? OIDDB The Oracle base remains unchanged with value /u01/app/oracle sqlplus / as sysdba <<! alter system set aq_tm_processes=1 scope=spfile; alter system set dml_locks=300 scope=spfile; alter system set job_queue_processes=10 scope=spfile; alter system set open_cursors=1000 scope=spfile; alter system set session_max_open_files=100 scope=spfile; alter system set sessions=500 scope=spfile; alter system set processes=2500 scope=spfile; alter system set session_cached_cursors=700 scope=spfile; alter system set "_b_tree_bitmap_plans"=FALSE scope=spfile; ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 10 PASSWORD_LIFE_TIME UNLIMITED PASSWORD_GRACE_TIME UNLIMITED PASSWORD_LOCK_TIME UNLIMITED PASSWORD_REUSE_TIME UNLIMITED PASSWORD_REUSE_MAX UNLIMITED; shu immediate !
In IDMDB –
[oracle@infuseidmdb ~]$ . oraenv ORACLE_SID = [oracle] ? IDMDB The Oracle base has been set to /u01/app/oracle sqlplus / as sysdba <<! alter system set aq_tm_processes=1 scope=spfile; alter system set dml_locks=300 scope=spfile; alter system set job_queue_processes=10 scope=spfile; alter system set open_cursors=2000 scope=spfile; alter system set session_max_open_files=100 scope=spfile; alter system set sessions=700 scope=spfile; alter system set processes=700 scope=spfile; alter system set session_cached_cursors=700 scope=spfile; ALTER PROFILE DEFAULT LIMIT FAILED_LOGIN_ATTEMPTS 10 PASSWORD_LIFE_TIME UNLIMITED PASSWORD_GRACE_TIME UNLIMITED PASSWORD_LOCK_TIME UNLIMITED PASSWORD_REUSE_TIME UNLIMITED PASSWORD_REUSE_MAX UNLIMITED; shu immediate; !
Please note that altering the default user profile is required for avoiding password expiration issues in future which lead to IdM malfunction.
2.2) Perform database patching:
[oracle@faidmdb ~]$ lsnrctl stop [oracle@faidmdb ~]$ cd $ORACLE_HOME [oracle@faidmdb ~]$ unzip -o /fusion_media/installers/database/opatch/p6880880_112000_Linux-x86-64.zip export ORACLE_HOME=/u01/app/oracle/product/11.2.0 export PATH=$ORACLE_HOME/OPatch:$PATH cd /fusion_media/installers/database/psu/14275605 opatch apply
If you face the warning like below, you can safely ignore it as per the MoS note Opatch warning: overriding commands for target xxxx (Doc ID 1448337.1):
OPatch found the word "warning" in the stderr of the make command. Please look at this stderr. You can re-run this make command. Stderr output: ins_precomp.mk:19: warning: overriding commands for target `pcscfg.cfg' /u01/app/oracle/product/11.2.0/precomp/lib/env_precomp.mk:2160: warning: ignoring old commands for target `pcscfg.cfg' /u01/app/oracle/product/11.2.0/precomp/lib/ins_precomp.mk:19: warning: overriding commands for target `pcscfg.cfg' /u01/app/oracle/product/11.2.0/precomp/lib/env_precomp.mk:2160: warning: ignoring old commands for target `pcscfg.cfg'
Continue with patching, a lot of small patches will be applied here:
cd /fusion_media/installers/database/patch opatch napply
2.3) Perform patching post steps. Repeat this on both OIDDB and IDMDB databases:
cd /fusion_media/installers/database/patch/14013094/files/rdbms/admin sqlplus / as sysdba startup @prvtstas.plb @prvtstai.plb @prvtstat.plb cd /fusion_media/installers/database/patch/14058884 sqlplus / as sysdba alter user ctxsys identified by ctxsys account unlock; conn ctxsys/ctxsys @?/ctx/admin/drig.pkh conn / as sysdba alter user ctxsys identified by ctxsys account lock; cd /fusion_media/installers/database/patch/15832953 sqlplus / as sysdba @?/sqlpatch/15832953/postinstall.sql cd /fusion_media/installers/database/patch/14029429 sqlplus / as sysdba ALTER SESSION SET CURRENT_SCHEMA=CTXSYS; @?/ctx/admin/drilist.pkh @?/ctx/admin/drisgp.pkh @?/ctx/admin/drvddl.pkh @?/ctx/admin/dr0ddl.pkh @?/ctx/admin/drisgp.plb @?/ctx/admin/dr0tree.plb @?/ctx/admin/drvddl.plb @?/ctx/admin/dr0ddl.plb @?/ctx/admin/drvxtab.plb Then run the patch script ?/ctx/admin/ctxpatch11203.sql: sqlplus "/ as sysdba" alter user ctxsys identified by ctxsys account unlock; exit sqlplus /nolog @?/ctx/admin/ctxpatch11203 ctxsys shu immediate cd $ORACLE_HOME/rdbms/lib make -f ins_rdbms.mk ioracle cd /fusion_media/installers/database/patch/14698700 sqlplus / as sysdba @?/sqlpatch/14698700/postinstall.sql
Startup both databases, listener and create XATRANS views:
cd $ORACLE_HOME/rdbms/admin sqlplus / as sysdba @xaview.sql
LOAD IDM SCHEMAS USING REPOSITORY CREATION UTILITY (RCU)
You run RCU to create the collection of schemas used by Identity Management and Management Services. Since we have two databases for Oracle Internet Directory and Identity and Access Management, we’ll have to run rcu twice (once for each database for specific component). First unzip the rcu that is located in staging directory:
cd /fusion_media/installers/fmw_rcu/linux unzip rcuHome.zip
Run rcu for Oracle Internet Directory database (OIDDB)
cd /fusion_media/installers/fmw_rcu/linux/bin ./rcu
Make sure you only select the Oracle Internet Directory component
Click Next and Finish until it loads the schemas into database. Repeat the same steps for IDMDB database except for component selection as it should be Identity and Access Manager as in a screenshot below. Please note that some additional components are selected automatically. This is an expected behaviour and you should leave it as is:
IMPORTANT – you should leave the prefix as FA. As of now this value is hardcoded in Identity and Access Management provisioning (LCM) and therefore not changeable.
After initial load is completed, it is advised to gather statistics. In OIDDB:
exec DBMS_STATS.GATHER_SCHEMA_STATS(OWNNAME=> 'ODS', ESTIMATE_PERCENT=>DBMS_STATS.AUTO_SAMPLE_SIZE, DEGREE=>8, OPTIONS=>'GATHER AUTO', NO_INVALIDATE=>FALSE);
exec DBMS_STATS.GATHER_SCHEMA_STATS(OWNNAME=> 'FA_OIM', ESTIMATE_PERCENT=>DBMS_STATS.AUTO_SAMPLE_SIZE, DEGREE=>8, OPTIONS=>'GATHER AUTO', NO_INVALIDATE=>FALSE);
The last steps is to backup both databases. We are now ready for Identity and Access Management provisioning.
Pingback: Fusion Applications bare metal provisioning series Part I: Obtaining the right software and documentation | Oracle APPS DBA days