Wednesday, August 13, 2014

Oracle Service Bus 12.1.3.0.0 (12c) Installation Guide

1 Required Software

·         Oracle Linux 6.2 (it is assumed this is already installed and an oracle account exists)
·         Oracle open jdk7 (jdk-7u55-linux-x64.rpm)
·         Oracle XE 11.2 database (oracle-xe-11.2.0-1.0.x86_64.rpm.zip)
·         Fusion middleware infrastructure (fmw_12.1.3.0.0_infrastructure.jar)

·         Fusion middleware service bus (fmw_12.1.3.0.0_osb.jar)


2 Installation steps (overview)

Oracle 12c service bus installation steps require diverse components to be installed in a series of steps. Details for each step will be added on the next sections, however the following items list the specific order to be followed when performing this installation.
·         Install JDK
·         Install Oracle database
·         Install fmw infrastructure
·         Install fmw service bus
·         Execute RCU database scripts
·         Create/Update weblogic domain
This guide will provide step by step instructions required when installing a development environment with only 1 admin server and 1 managed server. However these steps could easily be adjusted for 2 or more managed servers. Additionally in order to simplify this development environment, the database being used is Oracle XE which is not officially supported but works for this purpose.

3 Install JDK

Make sure you have downloaded oracle open jdk. Oracle edelivery site contains this and the rest of the required software components. If you get this jdk from oracle consider rpm packaging and extract as follows
                rpm -ivh jdk-7u55-linux-x64.rpm
now use the following commands to make this java your default
                alternatives --install /usr/bin/java java /usr/java/jdk1.7.0_10/bin/java 2
                alternatives --config java


test your java installation with java -version  , the command output should show something like
java version "1.7.0_55"
Java(TM) SE Runtime Environment (build 1.7.0_55-b13)
Java HotSpot(TM) 64-Bit Server VM (build 24.55-b03, mixed mode)

4 Install Oracle XE database


The XE database installation is really straightforward therefore just extract the rpm package with the command unzip oracle-xe-11.2.0-1.0.x86_64.rpm.zip, then navigate to the subdirectory Disk1 and then execute rpm -ivh oracle-xe-11.2.0-1.0.x86_64.rpm



The installation will ask you to execute the following command with root user. Open a different terminal window and execute with root user
/etc/init.d/oracle-xe configure
accept all the defaults except for the password, in my case I used oracle.



Now restart your system just to make sure Oracle XE is running when the system starts, and proceed to the next step.

5 Install fmw Infrastructure


execute the command java -jar fmw_12.1.3.0.0_infrastructure.jar


click ok to set the oracle inventory directory. Now set the middleware home, for simplicity in my case I used /home/oracle/Oracle/Middleware/Oracle_Home


For the installation type pick the option Fusion Middleware Infrastructure, at this moment we don't need the examples. Installation will check all the prerequisites are met. Check the remaining default options and then Install.


at the end you should see a successful screen as the following.


6 Install OSB

In a similar way as the infrastructure installation execute the osb software installation with a command as follows  java -jar fmw_12.1.3.0.0_osb.jar


 Click next to preserve the same oracle inventory directory. When asked for the oracle_home use the previously created oracle_home. In my case this is /home/oracle/Oracle/Middleware/Oracle_Home


Click next on the following default options until installation completes.


7 Execute RCU database scripts

Now that the infrastructure has been installed is time to create the corresponding database schemas.  Make sure JAVA_HOME variable is set, in my case this was set as
export JAVA_HOME=/usr/java/jdk1.7.0_10
Navigate to the directory [Oracle_Home]/oracle/common/bin and execute the rcu creation script as ./rcu


Click next and select create repository / System load and product load.
Now set the Oracle database XE connection parameters, make sure to use an oracle database account with sysdba privileges such as SYS.


Click next and then ignore the alert message acknowledging XE is not supported. This will still work, obviously for a production system use a fully supported Oracle database.
Select the database schemas shown below. You can use a different database prefix if you want, as long as you remember it at the moment of the domain creation.


click next and set the password to be used for each of these database schemas. In my case and for demonstration purposes I use oracle.


Now click next and accept to create the tablespaces.


Click on create and at the end a successful creation screen will show.


8 Create weblogic domain

The first thing is to create a generic weblogic domain that includes only OWSM and is only attached to the AdminServer. Don't create any managed server at this point.  To execute the shell script for the weblogic domain creation execute ./Oracle/Middleware/Oracle_Home/oracle_common/common/bin/config.sh
The first thing to do is set a domain name and location, in my case the domain name will be osbdomain and the location /home/oracle/Oracle/Middleware/Oracle_Home/user_projects/domains/osbdomain.


Now select the components to be installed for this domain, the below screenshot shows the detail. Also note Oracle Service Bus isn't selected. This will make sure OWSM is installed properly without messing up with OSB components.


click next and when asked for the domain credentials set them and take note for future references. In my case I used weblogic for user name and weblogic1 as the password.


Now select the option Development for domain type, also make sure jdk location is properly set and click next


On the next screen fill in all the database parameters and then click on Get RCU Configuration button.


click next and wait until all the database schemas have been tested. On the following screen select Administration Server and then next.


For the Administration Server configuration, fill in the listen address with your hostname in my case is osbhost. For the listen port you can use the default 7001. For the server groups choose JRF-MAN-SVR, WSM-CACHE-SVR, WSMPM-MAN-SVR.


Click next and then create. Wait until domain creation ends.


Now your domain is created and a successful screen will show up.


The domain can be verified by starting up the administration server with ./Oracle/Middleware/Oracle_Home/user_projects/domains/osbdomain/bin/startWebLogic.sh
Once it has started login with a web browser using a url following the pattern http://[hostname]:[listen port]/em such as http://osbhost:7001/em.  If your hostname and/or port is different use that instead.




9 Update weblogic domain to include OSB components

Before updating any weblogic domain make sure the Adminserver isn't running. To execute the shell script to update a weblogic domain do ./Oracle/Middleware/Oracle_Home/oracle_common/common/bin/config.sh
Note this script is the same used when the weblogic domain was initially created. On the first screen select the option update and select the domain previously created, in my case this is osbdomain.


Now select the osb required components as shown on the next screenshot.


click next and on the next screen the osbdomain database parameters should be populated. Confirm the values and click next.

click next in order to test the database connections.


click next and select the option managed servers, clusters and coherence.


Now fill in the osb server values such as osb server name (osb_server1 for me), listen address (osbhost for me), listen port (7003 for me). Also verify the group OSB-MGD-SVRS-COMBINED is chosen.


click next, skip cluster configuration due we are creating only one managed server. Click next and leave the default options for coherence clusters. On the Machine configuration screen click on the tab Unix Machine and then on the Add button. Fill in the unix machine settings. In my case I set LinuxMachine1 as machine name, osbhost as node manager listen address, and 5556 as node manager listen port.


Click next and on the following screen use the blue arrow to assign the servers to the unix machine.


Click on the update button and wait until domain finishes the updating process.


Domain successful update screen will show.


In order to test the domain first start the admin server from a linux terminal and then on a different terminal start the managed server. Use the following commands
./Oracle/Middleware/Oracle_Home/user_projects/domains/osbdomain/bin/startWebLogic.sh
./Oracle/Middleware/Oracle_Home/user_projects/domains/osbdomain/bin/startManagedServer osb_server1

Now login to the EM console in http://osbhost:7001/em and verify the installation.


10 Additional steps

·         When login into the weblogic domain console using a url such as http://osbhost:7001/console and clicking on deployments you will notice the following applications are shown with a warning symbol next to them. To fix this remove the AdminServer as a target for the following applications
o   Service Bus SFTP Transport Provider
o   Service Bus FTP Transport Provider
o   Service Bus Email Transport Provider
o   Service Bus File Transport Provider

Appendix A

Possible roadblocks and solutions
·         If the exception Too many open files is raised then edit /etc/security/limits.conf file and set hard and soft options for the oracle account, for example oracle           soft        nofile     50000.
·         if working in a virtualbox environment and access to shared folder for the oracle account is required. Use the root account to provide access as follows usermod -aG vboxsf oracle




Posted by at 2 comments:

Tuesday, August 5, 2014

How to create a x509 token protection message between UCM and SOA

How to create a x509 token protection message between UCM and SOA
  1. Create a certificate at DOMAINHOME/config/fmwconfig
In my particular environment is /home/oracle/Oracle/Middleware/user_projects/domains/ucm_domain/config/fmwconfig
  1. Use keytool command to create a new certificate
Keytool –genkeypari –keyalg RSA –dname”cn=[user]” –alias signkey –keypass welcome1 –keystore aaronkeystore.jks –storepass welcoem1 –validity 1066
In my particular environment is
[oracle@aaron fmwconfig]$ keytool -genkeypair -keyalg RSA -dname "cn=weblogic" -alias signkey -keypass welcome1 -keystore aaronkeystore.jks -storepass welcome1 -validity 1064
  1. Add policy to UCM. Navigate to Farm_domain >> Application deployments >>  Oracle UCM WebServices >> right click  >> webservices
Click on GenericSoapPort
Attach oracle/wss11_x509_token_with_message_protection_service_policy
Click on override policy configuration  
And add a name for you encryption key “keystore.enc.csf.key”, we will define this key name in the next step

  1. Add certificate to the weblogic server. Weblogic domain >> [your domain name]>> right click >> security >>  Security Provider configuration >> click on the configure keystore
Add your new creatley keystore on the keystore path
  1. Add credentials to weblogic. Navigate to  Weblogic domain >> [your domain name]>> right click >> security >> Credentials
I create a new key named aaronkey

Username is going to be the alias name for this scenario “signkey” that was created on step 1
  1. Enforce security on BPEL
I created a process that connects to GenericSOAP pointing to http://localhost:16200/idcws/GenericSoapPort?WSDL


Click on Configure WS Policies

Add oracle/ws11_x509_token_with_message_protection_client_policy
Click on edit

Add the kesytore.recipient.alias to the key previously created and keystore.sig.csf.key/keystore.enc.csf.key map the crendentials created in the previous step.
Is not mandatory that signature and encryption keys are the same, actually different keys will be better.

  1. Finally test your code
You will see that the connection between UCM and SOA take place and your message is secured by keystores

Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)