Installing the Oracle SOA Suite on Red Hat 6

Peter Lorenzen
16/07-2013

Here is my experiences with installing SOA Suite 11.1.1.7 on Red Hat 6 (64-bit) using Java 7.

First have a look at the documentation:
Oracle Fusion Middleware Download, Installation, and Configuration ReadMe (11.1.1.7.0)
Oracle Fusion Middleware Installation Planning Guide (11.1.1.7.0)
Oracle Fusion Middleware Installation Guide for Oracle SOA Suite and Oracle BPM Suite (11.1.1.7.0)

Overview

Download the software

Please notice

  • Before using the direkt download links to http://download.oracle.com you need to login in to the site and accept a License Agreement. It does not matter which product you choose.

Prepare the OS

I am using Red Hat 6 64-bit. Check the “System Requirements for UNIX Operating Systems”.
Also check “Special Startup Requirements for Linux x86 or Linux x86-64 Operating Systems” in the same document.

This should install the needed packages:

yum install binutils-2*.x86_64 -y
yum install compat-libcap1-1* -y
yum install compat-libstdc++-33*.i686 -y
yum install compat-libstdc++-33*.x86_64 -y
yum install gcc-4*.x86_64 -y
yum install gcc-c++-4*.x86_64 -y
yum install glibc-2*.x86_64 -y
yum install glibc-2*.i686 -y
yum install glibc-devel-2*.i686 -y
yum install libaio-0.*.x86_64 -y
yum install libaio-devel-0.*.x86_64 -y
yum install libgcc-4.*.x86_64 -y
yum install libstdc++-4.*.i686 -y
yum install libstdc++-4.*.x86_64 -y
yum install libstdc++-devel-4.*.x86_64 -y
yum install libXext.i686 -y
yum install libXtst.i686 -y
yum install sysstat-9.*.x86_64 -y
yum install redhat-lsb-4.*.x86_64 -y

Change the open file limits in /etc/security/limits.conf

sed -i '/.*End of file/d' /etc/security/limits.conf
echo "* soft nofile 16384" >> /etc/security/limits.conf
echo "* hard nofile 16384" >> /etc/security/limits.conf
echo "# End of file"  >> /etc/security/limits.conf
cat /etc/security/limits.conf

Change the kernel parameters that need changing. Often the default values are OK.
Normally I only change/add these two and this is really only needed if you use Coherence.

echo "net.core.rmem_max=4192608" >> /etc/sysctl.conf
echo "net.core.wmem_max=4192608" >> /etc/sysctl.conf
/sbin/sysctl -p

Create user, group and directories.

groupadd oinstall
useradd -g oinstall -G oinstall oracle
passwd oracle

mkdir -p /u01/app/oracle/product
mkdir -p /u01/tmp

chown -R oracle:oinstall /u01
chmod -R 750 /u01

Set the umask for the oracle user. If you don’t want to set it in the .bash_profile at least set it manually when installing the software as suggested by Oracle.

su - oracle
echo "umask 027" >> .bash_profile
cat .bash_profile

Enabling Unicode Support in the .bash_profile for the oracle user.

su - oracle
echo "export LANG=\"en_US.UTF-8\"" >> .bash_profile
cat .bash_profile

Install Java

Unzip and untar the downloaded file:

gunzip jdk-7u25-linux-x64.tar.gz
tar xvf jdk-7u25-linux-x64.tar
mv jdk1.7.0_25 /u01/app/oracle/product/.

After I install Java I always create a softlink to the installation directory and reference it everywhere. This makes it is easier later when you have to upgrade.

ln -s /u01/app/oracle/product/jdk1.7.0_25 /u01/app/oracle/product/java_current

Install the latest Java SE CPU patch

Check the Java SE Critical Patch Update (CPU) to see if you need to patch the Java you have installed.
The latest Java SE CPU is from June 2013. It patches update 21 and earlier. I use update 25 so there is no need to patch it.

Until now the Java SE CPU has had its own release schedule but from October it will follow the same schedule as the other Oracle products.

Install the WebLogic Server 10.3.6

Take care when downloading the wls1036_generic.jar file since some browsers will rename it to wls1036_generic.zip.

I use Xming as X Server on Windows. “Xming” currently has a problem with Java 7. When you start the Oracle installer most things work, but under certain conditions you cannot make selections via mouse or keyboard. This stumped me a bit until Simon Haslam pointed out what was going on. Xming is based on Cygwin that currently has a bug. As Simon points out a workaround is to not set -multiwindow on. This works but is not a good solution since you sometime get a mashup of screens.

To get around the problem I temporary install Java 6 and use it during the installation.

/u01/app/oracle/product/java_current/bin/java
-Djava.io.tmpdir=/u01/tmp -jar wls1036_generic.jar -log=wls_install.log

-Djava.io.tmpdir is only needed if there is not enough tmp space.

Below I have ignored the screens where you can sign up for security updates etc.





Here my Java soft link is “ignored” so we have to fix this later.



The Java soft link was “ignored” so we have to fix this:

cd /u01/app/oracle/product/soa
grep -R jdk1.6.0_39 *
find . -type f -exec sed -i "s/\/u01\/app\/oracle\/product\/jdk1.6.0_39/\/u01\
/app\/oracle\/product\/java_current/g" {} \;

Install the latest WebLogic Server PSU patch

Oracle releases quarterly security updates. You can read more about CPU, SPU, PSU and BP patches here.

WebLogic 10.3.6 April 2013 PSU 10.3.6.0.4 patch 16083651 (p16083651_1036_Generic.zip)

Make sure all WebLogic servers are stopped and remove any previously applied Patch Set Update and associated overlay patches.

mkdir /u01/app/oracle/product/soa/utils/bsu/cache_dir
cp D33T.jar /u01/app/oracle/product/soa/utils/bsu/cache_dir/.
cp patch-catalog_19345.xml /u01/app/oracle/product/soa/utils/bsu/
cache_dir/patch-catalog.xml
ls -la /u01/app/oracle/product/soa/utils/bsu/cache_dir

Make sure that the patch-catalog_19345.xml is renamed to patch-catalog.xml!

cd /u01/app/oracle/product/soa/utils/bsu/
./bsu.sh -prod_dir=/u01/app/oracle/product/soa/wlserver_10.3
 -patchlist=D33T -verbose -install

Verify that the patch is installed.

./bsu.sh -prod_dir=/u01/app/oracle/product/soa/wlserver_10.3
 -status=applied -verbose -view

Alternative use.

. /u01/app/oracle/product/soa/wlserver_10.3/server/bin/setWLSEnv.sh
java weblogic.version

For example.

[oracle@wintermute ~]$ java weblogic.version

WebLogic Server 10.3.6.0.4 PSU Patch for BUG16083651 Thu Mar 28 15:24:29 IST 2013
WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050

Install the SOA Suite

cd ofm_soa_generic_11.1.1.7.0/Disk1
./runInstaller -jreLoc /u01/app/oracle/product/java_current/jre

Below I have ignored the screens where you can sign up for security updates etc.








If you press Save you will be prompted for a place to save a response file you can use for silent installation.


If you press Save you will be prompted for a place to store a file with information about the installation.

It contains this.

Install Oracle SOA Suite
        Directory Details
                Middleware Home Location: /u01/app/oracle/product/soa
                Oracle Home Location: /u01/app/oracle/product/soa/Oracle_SOA1
                Application Server Type: WebLogic Server
                Application Server Location: /u01/app/oracle/product/soa
        Disk Space
                Oracle Home Size: 1715 MB
                Available: 166748 MB
        Applications
                Oracle BPEL PM, Mediator, Rules, B2B, Human Workflow
                Oracle Business Activity Monitoring (BAM)
                Oracle Enterprise Manager

Patch the SOA Suite

To find out if there exists any patches that you should install check “Information Center: Oracle SOA Suite 11g [ID 1369339.2]” on MOS and Known Issues for Oracle SOA Products and Oracle AIA Foundation Pack on OTN.

Also make sure you check for SPU patches for the SOA Suite. Currently there are no SPU and no bundle patches for this release.

When you patch the SOA Suite always remember to download and install the latest OPatch version from MOS.

Create database schemas via the RCU

First have a look at the documentation:
Oracle Fusion Middleware Repository Creation Utility User’s Guide

Also have a look at the RCU MOS FAQ: “Oracle Fusion Middleware 11g Repository Creation Utility (RCU) – FAQ [ID 1304790.1]”

Check the database requirements.

SID != Service Name
RCU uses the Service Name when connecting to a database, not the SID. The SID and the Service Name can contain different values.
You can find the Service Name in the database via:

SQL> show parameter service_names

NAME                                 TYPE        VALUE
------------------------------------ ----------- ------------------------------
service_names                        string      xdb.egf

Which schema’s are required?
To figure out which schema’s are required have a look at the documentation.

Tablespaces
You can create tablespaces via the RCU but I prefer to create them myself.
A database will often have a default tablespace called USERS. It often ends up being a mess with all kind of different objects that nobody really knows why are there :-)
You should create separate tablespaces and use them after the kind of data that goes in them: Object size, growth rate, object type (Tables, LOBs, etc.)

create smallfile tablespace SOA_REPO datafile'/u01/app/oracle/oradata/SOATST/soa_repo01.dbf'
 size 150m autoextend on next 100m maxsize 1g extent management local autoallocate;

Start the RCU
cd ofm_rcu_linux_11.1.1.7.0_64_disk1_1of1/rcuHome/bin
./rcu











Configure the SOA Suite

Use config.sh to create a domain. If you experience problems you can enable logging to a file. It is possible to set the log level etc.

The CONFIG_JVM_ARGS is set to speed things up if the system is low on entropy.

export CONFIG_JVM_ARGS=”-Djava.security.egd=file:/dev/./urandom”
cd /u01/app/oracle/product/soa/Oracle_SOA1/common/bin
./config.sh

Below I have ignored the screens where you can sign up for security updates etc.


I only need the SOA Suite and the BPM Suite, so no BAM. Do not select products you do not need. “Basic WebLogic SIP Server Domain” is for example not compatible with the SOA Suite.

I like to keep the domains away from the software installation.

In the past I used to not name the default administrator user weblogic on production servers. Just as an extra precaution so you know that you are logging on to a production server. I have never experienced problems with this. But a the UKOUG conference last year I was told by somebody that you can get in trouble with some of the IDM products if there is no weblogic user.




If you do not select any options on this page the configuration wizard will default create an AdminServer and a soa_server1 with an empty listen address and using port 7001 and 8002. The Node Manager uses port 8001. I like to change listen address, ports etc…






You can use the Summary View drop-down menu to inspect different details about the installation.

Homes overview

There are many homes:

  • Application Home – /u01/app/oracle/applications/soa
  • Domain Home – /u01/app/oracle/domains/soa
  • Middleware Home – /u01/app/oracle/product/soa
  • Oracle Common Home – /u01/app/oracle/product/soa/oracle_common
  • Oracle Home (SOA Suite) – /u01/app/oracle/product/soa/Oracle_SOA1
  • WebLogic Server Home – /u01/app/oracle/product/soa/wlserver_10.3

For more information check the Oracle Fusion Middleware Installation Planning Guide.

Starting the servers

Start the Admin Server:

cd /u01/app/oracle/domains/soa
./startWebLogic.sh

Waite till you see:

<Server started in RUNNING mode>

Now you should be able to access the Admin Console: http://wintermute:7001/console

And the Fusion Middleware Control: http://wintermute:7001/em

Start the Managed Server in another terminal:

cd /u01/app/oracle/domains/soa/bin
./startManagedWebLogic.sh soa_server1

Input username and password when prompted.

It takes a while before soa_server1 reaches the Running state and you will also see a some warnings/errors being reported.

When it reaches the Running state check the status for the deployments in the Admin Server Console. The deployments should all have status Active. There will be a few that has status Installed. These are optional modules that default is not target to anything.

For more information about which modules should be targeted where check the appendix “Targeting Applications and Resources to Servers“.

Java parameters

You can set Java memory parameters in several ways. I normally do it by setting USER_MEM_ARGS in DOMAIN_HOME/bin/startWebLogic.sh. For the SOA Suite the setSOADomainEnv.sh in the same directory overwrites USER_MEM_ARGS so for SOA Suite I use setSOADomainEnv.sh and PORT_MEM_ARGS.

Development Mode

# *************************************************************************
# lorenzen Begin 
# *************************************************************************
if [ "${SERVER_NAME}" = "" ] ; then
        SERVER_NAME="AdminServer"
        export SERVER_NAME
fi
if [ "${SERVER_NAME}" = "AdminServer" ] ; then
  PORT_MEM_ARGS="-Xms256m -Xmx768m -XX:MaxPermSize=350m -Djava.security.egd=file:/dev/./urandom"
elif [ "${SERVER_NAME}" = "soa_server1" ] ; then
  PORT_MEM_ARGS="-Xms768m -Xmx1536m -XX:MaxPermSize=768m -Djava.security.egd=file:/dev/./urandom"
fi
# *************************************************************************
# lorenzen End
# *************************************************************************

Production Mode

# *************************************************************************
# lorenzen Begin 
# *************************************************************************
if [ "${SERVER_NAME}" = "" ] ; then
        SERVER_NAME="AdminServer"
        export SERVER_NAME
fi
if [ "${SERVER_NAME}" = "AdminServer" ] ; then
  PORT_MEM_ARGS="-Xms256m -Xmx768m -XX:MaxPermSize=350m"
elif [ "${SERVER_NAME}" = "soa_server1" ] ; then
  PORT_MEM_ARGS="-Xms1536m -Xmx1536m -XX:MaxPermSize=768m"
fi
# *************************************************************************
# lorenzen End
# *************************************************************************

You also need to comment this out, otherwise the Perm parameters will be set twice.

#if [ "${JAVA_VENDOR}" != "Oracle" ] ; then
#  DEFAULT_MEM_ARGS="${DEFAULT_MEM_ARGS} -XX:PermSize=127m -XX:MaxPermSize=768m"
#  PORT_MEM_ARGS="${PORT_MEM_ARGS} -XX:PermSize=255m -XX:MaxPermSize=768m"
#fi

In Development Mode I have added a parameter to take care of any entropy problems.

In Production Mode -Xms and -Xmx should always contain the same value for Managed Servers.

By the way if you are messing around with different Java installations etc. this is a good blog post.

debugFlag

If you are not running in Production Mode I always set debugFlag to false.
If you do not do this you can get errors like the below, because several servers are trying to use the same port:

ERROR: transport error 202: bind failed: Address already in use
ERROR: JDWP Transport dt_socket failed to initialize, TRANSPORT_INIT(510)
JDWP exit error AGENT_ERROR_TRANSPORT_INIT(197): No transports initialized

So add this:

debugFlag="false"

This should do it:

sed -i 's/debugFlag="true"/debugFlag="false"/g' setDomainEnv.sh

If your developers need the debug ports, make sure each server uses unique ports.

Configuring the Node Manager

I always use the Node Manager (NM) to start and stop WebLogic servers.

1. Set NM user name and password

Use the Admin Console and navigate to the domain. Select Security and then Advanced. Set “NodeManager Username” and “NodeManager Password”:

2. Set the NM type to plain

The NM default uses SSL. I normally do not use SSL for the NM and if you do you should use valid SSL certificates not the default demo certificates.
Navigate to Environment => Machines => machine_1 => Node Manager.
Change Type to Plain.

3. Stop the Admin Server and the Managed Server

Stop them via the Admin Console or just ctrl+c in the two terminals.

4. Start the NM

cd /u01/app/oracle/product/soa/wlserver_10.3/server/bin
./startNodeManager.sh

When you see:

INFO: Secure socket listener started on port 5556

Stop NM again with ctrl+c. The NM has now create it’s setup files and we need to make a couple of changes in nodemanager.properties in:
/u01/app/oracle/product/soa/wlserver_10.3/common/nodemanager

Change these lines:

javaHome=/u01/app/oracle/product/java_current
JavaHome=/u01/app/oracle/product/java_current/jre
ListenAddress=localhost
SecureListener=false
CrashRecoveryEnabled=true
StartScriptEnabled=true

This should do it.

sed -i 's/javaHome=.*/javaHome=\/u01\/app\/oracle\/product\/java_current/g' nodemanager.properties
sed -i 's/JavaHome=.*/javaHome=\/u01\/app\/oracle\/product\/java_current\/jre/g' nodemanager.properties
sed -i 's/ListenAddress=/ListenAddress=localhost/g' nodemanager.properties
sed -i 's/SecureListener=true/SecureListener=false/g' nodemanager.properties
sed -i 's/CrashRecoveryEnabled=false/CrashRecoveryEnabled=true/g' nodemanager.properties
sed -i 's/StartScriptEnabled=false/StartScriptEnabled=true/g' nodemanager.properties

Start the NM again. Wait until you see:

INFO: Plain socket listener started on port 5556

5. Start the Admin Server

In another terminal start the Admin Server:

. /u01/app/oracle/product/soa/wlserver_10.3/server/bin/setWLSEnv.sh
java weblogic.WLST
nmConnect(username='nodemgr', password='manager2', domainName='soa', domainDir='/u01/app/oracle/domains/soa', nmType='plain')
nmStart('AdminServer')

6. Start the Managed Server

When the Admin Server is Running start the Managed Server via the Admin Console.

Notice that things are a bit different if you use Production Mode.

Configure automatic start of the servers

Now everything is running but of cause the NM should not be started manually but automatically when the server boots.

Here is a very simple boot script:
/etc/init.d/soaNodeManager

cd /etc/init.d
chmod 755 soaNodeManager
chkconfig --add soaNodeManager
chkconfig --list soaNodeManager
./soaNodeManager start

Java 7

Because of the mentioned problem with Xming I have used Java 6 during the installation.

Before switching to Java 7 you should read “Using WebLogic Server with JDK 7“.

mkdir /u01/app/oracle/product/jdk1.7.0_25/jre/lib/endorsed
cd /u01/app/oracle/product/soa/modules
cp javax.annotation_* /u01/app/oracle/product/jdk1.7.0_25/jre/lib/endorsed
cp javax.xml.bind_* /u01/app/oracle/product/jdk1.7.0_25/jre/lib/endorsed
cp javax.xml.ws_* /u01/app/oracle/product/jdk1.7.0_25/jre/lib/endorsed
ls /u01/app/oracle/product/jdk1.7.0_25/jre/lib/endorsed

The java_current soft link still points to Java 6 so we should change this:

rm -f /u01/app/oracle/product/java_current
ln -s /u01/app/oracle/product/jdk1.7.0_25 /u01/app/oracle/product/java_current
ls -l /u01/app/oracle/product/java_current

AQ errors

When you start the WebLogic server you might encounter errors like these in the log files.

<Jul 13, 2013 12:29:35 PM CEST> <Warning> <oracle.integration.platform.blocks.event.saq> <SOA-31013> <Error handling message (rolling back).
java.sql.SQLException: ORA-25226: dequeue failed, queue DEV_SOAINFRA.EDN_OAOO_QUEUE is not enabled for dequeue
ORA-06512: at "SYS.DBMS_AQ", line 335
ORA-06512: at "DEV_SOAINFRA.EDN_DEQUEUE_OAOO_DELIVERY", line 14
...
>
<Jul 13, 2013 12:29:10 PM CEST> <Error> <oracle.soa.b2b.transport> <BEA-000000> <AQDequeuer_ReadMessage: A database exception occurred: java.sql.SQLException: ORA-25226: dequeue failed, queue DEV_SOAINFRA.IP_OUT_QUEUE is not enabled for dequeue>

There are more than 20 AQ queues in the schemas the RCU has created. Have a look.

set pagesize 1000
set linesize 1000
select owner,
       name,
       enqueue_enabled,
       dequeue_enabled
  from dba_queues
 where owner like 'DEV%'
 order by owner, name;

For these initial errors errors to go away you only need to enable enqueue/dequeue on 3 of them.

exec dbms_aqadm.start_queue(queue_name => 'DEV_SOAINFRA.EDN_OAOO_QUEUE',enqueue=>true,dequeue=>true);
exec dbms_aqadm.start_queue(queue_name => 'DEV_SOAINFRA.IP_OUT_QUEUE',enqueue=>true,dequeue=>true);
exec dbms_aqadm.start_queue(queue_name => 'DEV_SOAINFRA.IP_IN_QUEUE',enqueue=>true,dequeue=>true);

Miscellaneous

You should audit the Logging settings for the domain and the servers to make sure log rotation is configured.
Notice that .out log files cannot be rotated by WebLogic. The are only rotated when the servers are restarted.
On Windows this is a problem on Linux not so much :-)

But make sure you developers know that:

System.out.println("This is forbidden! Use Java Logging or Log4j");

You should configure “Configuration Archiving” for the domain. Domain => Configuration => General => Advanced. Set “Configuration Archive Enabled” and “Archive Configuration Count”.

When you change the configuration the old configuration files will automatically be save so you can revert to an old version if you get in trouble.

Securing your installation

Have a look at Oracle Fusion Middleware Securing a Production Environment for Oracle WebLogic Server 11g

It is of cause only the top of the iceberg but is a start.

Configure OCM

If your servers has access to the Internet OCM will automatically download the latest version. If not you should download it yourself and install it manually.

. /u01/app/oracle/domains/soa/bin/setDomainEnv.sh
export ORACLE_HOME=/u01/app/oracle/product/soa/utils
export JAVA_HOME=/u01/app/oracle/product/java_current
cd $ORACLE_HOME/ccr/bin
./setupCCR -s 12345678 nobody@cgi.com DK

Verify that it is working:

cd $ORACLE_HOME/ccr/bin
./emCCR start
./emCCR status
./emCCR -register test
./emCCR -verbose test
./emCCR register
./emCCR collect
./emCCR upload
./emCCR disable_target

Feedback

If you feel that I am missing something or find mistakes please tell me. I always want to learn!

{ 4 comments… read them below or add one }

Leave a Comment

Previous post:

Next post: