Section - 1 : OIDG Extension Deployment


Copy the following files from the OIDG release package to /<user home base>/Chef/OIDG/

/SrvVirt/ OSBExtensionsCustomizationFile.xml

/SrvVirt/ SVIntegrations_SrvVirt.sbar

/DataSrv/ OIDX_DSL_MQ_EXTN.ear

Copy IBM WebSphere MQ Libraries:

The IBM libraries used by the MQ Transport are not included in the Data service MQ Extension Application deployment and must be provided and configured using the following steps.

  • In a WebSphere MQ installation, locate the following JAR files at
  • %WEBSPHERE_HOME% /AppServer/installedConnectors directory, where %WEBSPHERE_HOME% is something like “C:\IBM\WebSphere”:

    • com.ibm.ws.sib.client.thin.jms_8.5.0.jar
    • com.ibm.ws.orb_8.5.0.jar
    • com.ibm.ws.ejb.thinclient_8.5.0.jar
    • com.ibm.mq.allclient.jar

  • Copy the JAR files to the %DOMAIN_HOME%/lib directory of Application machine.

Configuration files setup:

  • Copy ‘OIDXMQ.properties’ file from build’s ‘Documentation’ folder and modify the properties values appropriately and place the properties file in application Config folder. Properties values will be provided by WebSphere MQ installer.
  • If SSL is enable in WMQ Server this property is needed, OIDXMQ properties file has a oidx.wmq.ssl.truststore.file.name property value is name of the trust store file generate in below section ‘Generate Keys using java Keytool’ (example : OIDXMQTrust.jks)

Generating Keys using java keytool:

  1. If SSL is enable in WMQ Server then this below configuration is need.
  2. WebSphere MQ installer admin guy provide SSL certificates, by using that SSL certificates need to generate the security trust key by following steps.
  3. Copy MQ Server SSL certificates to weblogic server machine any location path.
  4. Find the JDK Home location path in weblogic server machine <JDK_HOME>
  5. Go to certificate location path and import the certificate to trust key by using below commands, both root and queue manager certificates need to import.
  6. Copy the generated trust key to OIDX_CONFIG_DIR folder.

Root certificate

<JDK_HOME>/bin/keytool -import -alias <alias root name> -file <root certificate XXXX.cer> -keystore < Trust key name OIDXMQTrust.jks> -storepass <Trust key password>

Queue manager certificate

<JDK_HOME>/bin/keytool -import -alias <alias queue manager name> -file <queue manger certificate XXXX.cer> -keystore < Same name has given above ‘Trust key name OIDXMQTrust.jks’> -storepass <Same password has given above ‘Trust key password’>

Viewing imported certificates in trust key

<JDK_HOME>/bin/keytool -list -v -keystore < Trust key name OIDXMQTrust.jks> -storepass <Trust key password>

Note: Please follow the below screens for references

{b}Figure: Keytool import commands

{b}Figure: Keytool list of keys command

OIDG Extension installation using Chef scripts:

Navigate to ‘/scratch/Chef/scripts/OIDG_Automation/<InstallationType> _12.2.1.3/OIDG-ExtensionInstallation/chef

Note: Mention Installation type based on the installation type.

Example: SingleNode or VerticalCluster or HorizontalCluster

run: sh oidg_config_extn.sh with root user

Linux User/Group Section

  1. Linux Username
    • Example: oracle (the user you installed Fusion Middleware with)
  2. FMW Products Installed Group
    • Example: oinstall or oracle (the user group you installed Fusion Middleware with)

Middleware Section

OIDG Fusion Middleware HOME Path:

Enter the middleware home path including Oracle_Home

OIPA Server Input Section

Provide the OIPA server inputs

Credentials Input Section

WebLogic Credentials

  • Set the WebLogic User Password
    • You have to use this password for WebLogic login after domain creation.

OIPA Credentials

  • Enter the OIPA user Password
  • Enter TLM user password
    • This user is for authentication with the TLMIntegrationService proxy.
  • Set the OIDG user Password
  • Set the oipsuser password

Confirmation

Please verify and resolve any errors that have occurred before running sh install_oidg_Extn.sh

After the processing will get the below response for the manual steps

Defining JNDI Providers

JNDI Provider resources are required by OSB components to locate and communicate with Enterprise Java Beans (EJB) components.

  1. Log on to the Service Bus console (http://hostname:port/sbconsole), where “hostname:port” are the host name and port of your administration server.
  2. In the project explorer, navigate to All Projects → System → JNDI Providers.
  3. Verify that TLMIntegration_JNDIProvider is defined.

    If it is defined, skip steps 3-7. If not, continue with the rest of the steps.

  4. In the upper left corner of the page, click Create to begin a new update session.
  5. Right-click the JNDI Providers folder to display the context menu, then click Create → Create JNDI Provider.
  6. Figure 3.1.1 - Create JNDI Provider
  7. In the Create JNDI dialog, enter “TLMIntegration_JNDIProvider” for Resource Name. Click Create.
  8. Figure 3.1.2 - Create JNDI Dialog
  9. On the JNDI Definition page, fill in the following fields:
    1. Provider URL – the host name or IP and port of the managed server to which OIDX_POC_DSL is targeted (Example: “t3://hostname:port”) i.e. ‘AML Server’.
    2. Initial Context Factory – select “weblogic.jndi.WLInitialContextFactory”
    3. User Name, New Password, and Confirm Password – the login credentials for the server. Usually credentials are the same as administration server login credentials.
  10. Figure 3.1.3 - JNDI Definition
  11. Click Save located on the upper-right corner of the page.
  12. Figure 3.1.4 - Save Icon
  13. Click Activate button to reflect the changes in SB Console.

Creating Security Policies

  1. Log in to the WebLogic Enterprise Manager (<hostname>:< Admin Server Port Number>/em) with WebLogic credentials.
  2. WebLogic Domain → Security → System Policies.
  3. Figure 3.1.5 - Weblogic Enterprise
  4. Under Search section, select Name as Includes.
  5. Figure 3.1.6 - Search Section
  6. Search for the existing OIDX grant.
  7. Figure 3.1.7 - Search Box
  8. Select the OIDX_POC_DSL grant in the search results and click Create Like.
  9. In the edit dialog, update the Codebase field with the MQ Extension EAR name.
  10. Ex:

    ‘file:${oracle.deployed.app.dir}/OIDX_DSL_MQ_EXTN${oracle.deployed.app.ext}’

    {b}Figure: Codebase MQ EXTN EAR Name

  11. 7. Select the CredentialAccessPermission and Click Edit.
  12. {b}Figure: Credential Access Permission Edit

  13. Examine the Resource Name value. This is what identifies the CSF resource, it will already refer to mapName=oracle.wsm.security. We need to using another map, then update existing ‘mapName=oracle.wsm.security ‘to'mapName=scb.extension.security' value and then Click OK.
  14. {b}Figure: Edit Permission

  15. Click OK again.

OIDG Extension Post Script Installation

  • After completing the steps in 'OIDG Installation Manual Steps' topic run the following command from root to complete the installation.
  • Command:

    sh install_oidg_Extn_post.sh (from root)

  • Please check the status of Chef Script: Finished (or) Failed

Note: End of Extension Part.