Gavin's Blog

Oracle Beehive was announced at Oracle Openworld yesterday by Chuck Rozwat and Charles Phillips.

From the OTN Site:

Oracle Beehive provides an integrated set of collaboration services built on a single, scalable, open, and enterprise-class collaboration platform. Beehive allows users to access their collaborative information through familiar clients while enabling IT to consolidate collaborative infrastructure and implement people-centric applications with a centrally managed, secure, and compliant environment built on Oracle technology.

• Downloading, installing
• Installed, now what?
• Integrating with OID
• Integrating with SSO
• My favorite, installing Beehive in a DMZ - yes, it's already been solved for you!

If you can't wait until my next post (days, not months like before...) here's some stuff for you.

First, have a read of the documents over at the Oracle Technology site,
If you're itching to start installing... go to Oracle By Example, and see how the OBE guys do it.
If you want to start talking to others about Beehive, hit the forums.

Later, I'll talk about Migrating to Beehive from Oracle 10gCollaboration Suite, and MSExchange, co-existence with Exchange and a few other bits and pieces.

Stay tuned. First up, installing Beehive.

G

Let's have a look at installing the new Oracle® Beehive 1.3.

We'll start off with a nice easy install. Two servers, database and mid tier, I'm using chemical elements for naming conventions these days so whenever you see stronium, think database, whenever you see radium, think midtier... ok? Let's get started

A few other facts for the install...

• Oracle Enterprise Linux 5 (Carthage)
• 2GB RAM
• Oracle Beehive 1.3
• Oracle Database 11.1.0.6 32bit

OK, I'm going to be running through the Oracle® Beehive Installation Guide so if you want to have that up as we go through it might make more sense...

I'm not going to get into the nitty-gritty, you can read as well as I can (plus things might change after I write this). There's a few prereqs to get through for each server version for Beehive, no surprises there.

As mentioned before, I'll be installing it against 11.1.0.6, so we need to check the prereqs for this as well.

I've added a few other patches to the database ORACLE_HOME to help things along, coz, as you can see from the Beehive install guide, they don't mention 11g just yet... so I'm trying something out here... lets hope it works. If not I'll drop back to 10g.

Lets call the database buzz13. I'll still make sure the minimum init.ora parameters are as defined in the doc, chances are the installer will check that...

ie
java_pool_size 50M (52428800)
job_queue_processes 10
processes 150
undo_retention 3600

Archive logging is on.

By the way, I'm just using dbca with the general database template so it's nice and quick.

While we're waiting for the database to finish off, lets start the mid tier install. Remember radium is our midtier server.

I spose I should take some screenshots for you hey...

OK. Here's the database going in (in the background) with the beehive installer just starting up, I run VNC on one machine and send all output to that. (easier..)

I won't show all the screens, just the important ones. Like this one, just the standard install for now.

And this, prereqs done..

I'm doing an install only. We can do the configure later. (So I've got a point to go to if it doesn't like my 11g database).

OK, so while that's going in, lets check on the database install.... all done, good. Let's quickly check it over. Off to the trusty Enterprise Console.

All looks good. OK. So Beehive has finished installing. The database is ready.

The beehive installer told me where to run the configuration wizard from:

$ORACLE_HOME/beehive/oobwiz/configWizard

Off we go.

OK, this bit needs some thinking about. Well, at least for me. It would probably be quite easy for you guys and gals that are implementing Beehive at work... But for me to make something up that I recognise and make sense...

OK, how about this:

Enterprise: ACME
Organization: Consulting
Instance: instance131a
Site: HeadQuarters

I hope this makes sense later on. Just remember if you're following along in later posts to remember what I've called it and what you've called it. No use you trying to shutdown BEEAPP_instance131a.radium. - that's mine. Get it? you will...

Anyway, onwards

It hasn't stumbled with the database, thats good.

Um, OK. It's done. Installed. How easy was that.

Next post, we'll look at the Post-Installation Procedures.
Here's something we'll probably need for that:

[orabee@radium ~]$ beectl modify_property --component _AuthenticationService --name AuthStoreType --value ldap

But more about that later.

G

Let's look at a few things you'll need to do after installing Beehive, but before you start migrating users...

If you haven't installed Beehive yet, check out my last post.

OK, here we go. According the the Oracle® Beehive Installation Guide - Post Installation Procedures, here's what we have to do:

• Using Oracle Beehive Command-Line Utility
• Configuring Oracle Beehive to Listen on Ports Less Than 1024
• Opening Ports Required by Oracle Beehive for FTP
• Configuring DMZ Instances
• Integrating and Synchronizing LDAP with Oracle Beehive
• Configuring SSL
• Configuring TLS
• Configuring SSL for LDAP Integration
• Enabling AJPS
• Configuring Oracle Beehive E-mail
• Configuring Oracle Secure Enterprise Search
• Configuring Oracle Single Sign-On
• Configuring External Oracle BPEL Process Manager with Oracle Beehive
• Installing Oracle Beehive Integration for Outlook
• Configuring Oracle Beehive Integration for Zimbra
• Cloning Oracle Beehive
• Performing Oracle Beehive Administration Console Post-Installation Procedures

Seems like a big list! Let's do a few this time and see how we go.

Using Oracle Beehive Command-Line Utility, oh, easy. beectl is the fella. Here's the link - Get used to the syntax and use of beectl. Everything becomes a lot easier if you know how to use it, scripting, admin, start/stop etc. etc.

Configuring Oracle Beehive to Listen on Ports Less Than 1024 - According to the Administrators notes, specifically the section "Modifying Oracle Beehive Ports using Privileged Port Numbers" (that was obvious wasn't it...) here's what we need to do.

• Change permissions on the .apachectl executable. (if changing Apache)
• Change permissions on the hasbind executable.
• Create /etc/cap.ora file
• Add the username and ports to the cap.ora file
• viola! hey presto, privileged ports allowed, now go configure it.

Here's what I did:

[orabee@radium ~]$ ls -l $ORACLE_HOME/Apache/Apache/bin/.apachectl $ORACLE_HOME/beehive/bin/hasbind
-rwx------ 1 orabee oinstall 31734 Aug 2 03:19 hasbind
-rwxr-x--- 1 orabee oinstall 1703780 Aug 14 18:46 .apachectl

[orabee@radium ~]$ sudo chown root $ORACLE_HOME/Apache/Apache/bin/.apachectl
[orabee@radium ~]$ sudo chmod a+sx $ORACLE_HOME/Apache/Apache/bin/.apachectl
[orabee@radium ~]$ sudo chown root $ORACLE_HOME/beehive/bin/hasbind
[orabee@radium ~]$ sudo chmod a+sx $ORACLE_HOME/beehive/bin/hasbind

[orabee@radium ~]$ ls -l $ORACLE_HOME/Apache/Apache/bin/.apachectl $ORACLE_HOME/beehive/bin/hasbind
-rwsr-s--x 1 root oinstall 1703780 Aug 14 18:46 .apachectl
-rws--s--x 1 root oinstall 31734 Aug 2 03:19 hasbind

[orabee@radium ~]$ sudo cat "
+user orabee: bind port 25,143,80
" > /etc/cap.ora

[orabee@radium ~]$ ls -l /etc/cap.ora
-rw-r--r-- 1 root root 31 Aug 13 22:00 /etc/cap.ora

Now time to configure Beehive.

You can see from the following the ports it's currently using:

[orabee@radium ~]$ beectl list_ports --format xml
...
<row>
<column name="Protocol">HTTP</column>
<column name="Listening Port">7778</column>
<column name="Virtual Port">7778</column>
<column name="Defining Component">ohs_instance131a.radium</column>
<column name="Property Name">HttpListenPort</column>
<column name="Listening Component">ohs_instance131a.radium</column>
</row>
<row>
<column name="Protocol">HTTPS</column>
<column name="Listening Port">4444</column>
<column name="Virtual Port">4444</column>
<column name="Defining Component">ohs_instance131a.radium</column>
<column name="Property Name">HttpSslListenPort</column>
<column name="Listening Component">ohs_instance131a.radium</column>
</row>

[orabee@radium ~]$ beectl modify_property --component ohs_instance131a.radium --name HttpListenPort --value 80

[orabee@radium ~]$ beectl modify_property --component _VIRTUAL_SERVER --name HttpPort --value 80

Then, (and get used to this bit...) Activate the configuration, and modify the local config files

[orabee@radium ~]$ beectl activate_configuration
[orabee@radium ~]$ beectl modify_local_configuration_files

To change the SMTP and IMAP, it's a little different... We'd already added it to /etc/cap.ora so we don't need to worry about that.

Actually, let's wait for another day to configure these ports... but in case you're itching to.. it looks something like:

[orabee@radium ~]$ modify_port --protocol SMTP --port <port_number>
[orabee@radium ~]$ modify_port --protocol IMAP --port <port_number>

Next time, ftp port change, then the cool one - DMZ install.

Deploying Beehive instances in a DMZ is a lot simpler than I first expected. Yes, a few manual steps are required, and a few scripts to be run, but if you're used to working in DMZ, it's nothing different.

You've seen the screenshots from my main install, this isn't much different except in the product selection screen..

That and the fact that the installer doesn't ask for anything related to the existing installation.

OK, let's get into it. BTW, I know we were going through the list of things to do... which means I should be doing the Opening Ports Required by Oracle Beehive for FTP. But FTP is so boring and old...

Fine, you win, I'll do the ftp config... but I'm doing it quickly coz the DMZ is much cooler...

First, figure out what's already there...
[orabee@radium ~]$ beectl list_ports --format xml
...big long list.... look for FTP...
<row>
<column name="Protocol">FTP</column>
<column name="Listening Port">2121</column>
<column name="Virtual Port">2121</column>
<column name="Defining Component">_FtpService</column>
<column name="Property Name">Port</column>
<column name="Listening Component">BTI_InstanceA</column>
</row>
<row>
<column name="Protocol"></column>
<column name="Listening Port">2120</column>
<column name="Virtual Port"></column>
<column name="Defining Component">_FtpService</column>
<column name="Property Name">DefaultDataPort</column>
<column name="Listening Component">BTI_InstanceA</column>
</row>
<row>
<column name="Protocol"></column>
<column name="Listening Port">12121</column>
<column name="Virtual Port"></column>
<column name="Defining Component">_FtpService</column>
<column name="Property Name">DataConnectionPort</column>
<column name="Listening Component">BTI_InstanceA</column>
</row>
...
(which means, if you don't do anything, you can still FTP to port 2121, anyway.)

[orabee@radium ~]$ beectl modify_port --protocol FTP --port 21
Changes to configuration repository are not activated.
Successfully stored the property for component id 742db13f-a00f-4fdc-95b7-764364a81064.
Then the usual:
[orabee@radium ~]$ beectl activate_configuration ; beectl modify_local_configuration_files
[orabee@radium ~]$ beectl restart --component _FTPService
[orabee@radium ~]$ netstat -an |grep 21 |grep LISTEN
tcp 0 0 0.0.0.0:21451 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21300 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21401 0.0.0.0:* LISTEN

Waaiiitt aa miiinuuuteee.... that doesn't quite look right, we've just changed it to port 21, which means I should be seeing tcp 0.0.0.0.0:21 LISTEN...

Oh, hang on. Did I edit the cap.ora file for ftp in the last post...no. OK.

So, update /etc/cap.ora to add port 21.
[orabee@radium ~]$ cat /etc/cap.ora
+user orabee: bind port 25,143,80,21

Better, now restart from the beginning... modify_property, activate_config, modify_local, restart service...

[orabee@radium ~]$ netstat -an |grep 21 |grep LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN

MUUCCCHH better... let's give it a quick whirl..

[gavin@home ~]$ ftp radium 21
Connected to radium.
220 The service is ready for new user.
Name (radium:gavin): beeadmin
331 User name accepted. Need password for beeadmin.
Password:
230 You are logged in.
Remote system type is UNIX.
ftp> pwd
Remote directory: /
ftp> bye

OK. so NOW can I go onto the DMZ?.. Thankyou. OK. here we go.

Once again, I'll be basing it on the Beehive Install Guide for Linux, specifically this section. And continuing the theme of using chemical elements for servers, the DMZ server is called gallium.

Nothing different, except as I mentioned above, the screen where you select DMZ instead of Standard...

You'll need to read up on what's included and excluded from the DMZ install. But the big one is, beectl doesn't work, which means opmn is your friend here.

I'm now going to jump across to the DMZ Config section to continue.

First thing, configure the wallet on the DMZ instance...

[oracle@gallium ~]$ mv $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default_OLD
[oracle@gallium ~]$ cd $ORACLE_HOME/bin
[oracle@gallium bin]$ ./orapki wallet create -wallet $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default -auto_login -pwd XXXXXX

Edit the bti.properties file to include the correct wallet directory
[oracle@gallium ~]$ vi $ORACLE_HOME/beehive/conf/bti.properties

Edit the opmn.xml file to change the wallet directory
[oracle@gallium ~]$ vi $ORACLE_HOME/opmn/conf/opmn.xml
...
<notification-server interface="ipv4">
<port local="6101" remote="6201" request="6004"/>
<ssl enabled="true" wallet-file="$ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default"/>
</notification-server>
...

OK. We now need to join the opmns together, the existing Mid tier install, and the new DMZ install.
On the original (in my case, radium) server, find the ports used for ons.
[orabee@radium conf]$ grep "port local" opmn.xml
<port local="6100" remote="6200" request="6003"/>

Now on the DMZ server (gallium) edit the opmn.xml file to include all midtiers.
<ssl enabled="true" wallet-file="$ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default"/>
<topology>
<nodes list="radium.au.oracle.com:6200"/>
</topology>
</notification-server>

Restart opmn.
[oracle@gallium bin]$ ./opmnctl stopall ; ./opmnctl startall
opmnctl: stopping opmn and all managed processes...
opmnctl: starting opmn and all managed processes...
[oracle@gallium bin]$ ./opmnctl status
Processes in Instance: dmz1.gallium
---------------------------------+--------------------+---------+---------
ias-component | process-type | pid | status
---------------------------------+--------------------+---------+---------
BTI | BTI | 25446 | Alive
ASG | ASG | N/A | Down
HTTP_Server | HTTP_Server | 25445 | Alive

Find the ONS ports for this DMZ server :
[oracle@gallium conf]$ grep "port local" opmn.xml
<port local="6101" remote="6201" request="6004"/>

Find a few things from the bti.properties file as well...
[oracle@gallium conf]$ cat bti.properties
ServerPort=21300
PersistentId=183284364
...
NumberOfClientWorkers=1

If you've got a firewall between the servers...(and you should... it's a DMZ people!!) Now's the time to get some ports open. Check which ones by finding the AJP ports on the original server.

[orabee@radium conf]$ beectl list_components --type ManagedOc4j
---------------+----------------------------------------------------------------
Component type | Component identifier
---------------+----------------------------------------------------------------
ManagedOc4j | BEEAPP_instance131a
...
[orabee@radium conf]$ beectl list_properties --component BEEAPP_instance131a
Property name | Property value
--------------------------+-----------------------------------------------------
AjpPortMaxValue | 12600
AjpPortMinValue | 12501

Open from 12501-12504 for Beehive, + an extra 2 for Zimbra if you'll be doing that later...

OK, now we've got all the information to add the DMZ to the cluster.

This is what I ran.
[orabee@radium conf]$ beectl add_dmz_home_instance --hostname gallium --opmn_request_port 6004 --opmn_remote_port 6201 --bti_server_port 21300 --bti_unique_id 183284364 --no_of_client_workers 1

Changes to configuration repository are not activated.
Successfully created configuration for the DMZ installation in the central repository.
Component identifier of the DMZ BeehiveInstance is e99569a5-2a2c-4a73-a765-d322677b7c94

Awesome, now the obligatory activate&modify... this time with a slight twist...
[orabee@radium conf]$ beectl activate_configuration ; beectl modify_local_configuration_files --log_level FINEST
..get ready for a big chunk of debug...

OK. Time to check if things are working using $ORACLE_HOME/opmn/bin/opmnctl @cluster status -l

Hmm. Neither are showing each other, yet...Ahh, OPMN log on gallium gives us the reason.

08/10/01 18:01:53 [ons-secure] Connection 8,radium,6200 SSL handshake failed

I think this could be the default wallet on the original beehive server not being right... maybe? let's change it and see...

[orabee@radium 1.3.1]$ mv $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default_OLD
[orabee@radium 1.3.1]$ $ORACLE_HOME/bin/orapki wallet create -wallet $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default/ -auto_login -pwd XXXXXX

[orabee@radium 1.3.1]$ beectl modify_property --component beehive_instance_instance131a --name WalletDir --value $ORACLE_HOME/Apache/Apache/conf/ssl.wlt/default

[orabee@radium 1.3.1]$ beectl obfuscate
Specify the value for secure option --password (The text you type will not be displayed as it is entered):
Enter value for password: XXXXXX
[orabee@radium 1.3.1]$ beectl modify_secure_property --component beehive_instance_instance131a --name WalletPassword --value XXXXXX --obfuscated
[orabee@radium 1.3.1]$ beectl activate_configuration ; beectl modify_local_configuration_files

This could make or break it.... it's restarting everything, well, almost everything.

Hmm. still not working. And that message is still coming up in the opmn.log... I might change it to ssl=false to see if my hunch is right.

Well well well. What do we have here...

[oracle@gallium logs]$ $ORACLE_HOME/opmn/bin/opmnctl @cluster status
Processes in Instance: instance131a.radium
---------------------------------+--------------------+---------+---------
ias-component | process-type | pid | status
---------------------------------+--------------------+---------+---------
BTI | BTI | 25693 | Alive
ASG | ASG | N/A | Down
OC4JGroup:default_group | OC4J:BEECORE | 26240 | Alive
OC4JGroup:default_group | OC4J:BEEAPP | 26477 | Alive
OC4JGroup:default_group | OC4J:BEEMGMT | 26072 | Alive
OC4JGroup:default_group | OC4J:oc4j_soa | 25756 | Alive
HTTP_Server | HTTP_Server | 25721 | Alive

Processes in Instance: dmz1.gallium
---------------------------------+--------------------+---------+---------
ias-component | process-type | pid | status
---------------------------------+--------------------+---------+---------
BTI | BTI | 26528 | Alive
ASG | ASG | N/A | Down
HTTP_Server | HTTP_Server | 26527 | Alive

Final test... Let's login to the DMZ

Nice!

I'll keep investigating this ssl thingy here. But in the meantime, enjoy your installing.

Next time, OID. More cool stuff. When will it end! I hear you say.