Friday, July 22, 2011

High Availability OES 11g Admin

Setting up High Availability (HA) in OES means a lot of things: Redundancy at the data layer (typically database), the admin layer (WebLogic or WebSphere), and depending on the policy model, the decision layer (PDP). HA for the admin is probably the least important of the three, as the PAP isn't part of the runtime typically, but I wanted to address the admin (PAP) layer for the time as it is fresh on my mind and there is a missing parameter in the docs that makes this hard.

The idea is that you would have two WebLogic domains using the same policy store, so that if one domain went down, you could still make policy edits, enroll, distribute changes, etc. As part of the initial post-install configuration for your first OES admin (let's call it instance1), you have to associate the underlying security services (OPSS) with a datastore. Let's assume you want to use database. describes how to do this. The command is:


Table 19-2 shows that you can specify a domain here, but will default to 'oes_domain'. What I've found is that it doesn't really have to match the actual WebLogic domain for this to work, but it is important in the HA configuration. Now say we configure instance2 on the same physical server, say on port 8001. We need to associate this domain as well, but we need to have it join the same policy store as the first domain. The way you do this is to WLST into the second domain (t3://instance2:8001), and run the following:

configureOESAdminServer(servertype="DB_ORACLE", domain=oes_domain, join="true")

Here I explicitly call out the first domain that I am joining, NOT the WebLogic domain name that I am running in. Because I didn't specify domain in instnace1, it default to oes_domain, and so that is what I want to join. Once you restart instance2, then you should be making updates to the same policy store from both OES servers. The join option isn't mentioned on this install page. I'm sure they'll include it once the Enterprise Deployment Guide for is out.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.