New Instance Top or $INST_TOP creation in R12 [ for DMZ Configuration or Configuring shared APPL_TOP or Multi node configuration ]

Some times you need to create new instance top for reverse proxy configuration in DMZ zone or creating shared appl_top configuration. So, for testing purpose I have created a new $inst_top on same server. This new
instance top can be configured for reverse proxy configuration or further shared $APPL_TOP configuration.

For testing we have one linux server. There is a Vision instance. Lets show how to configure a new node in same linux server.
The current url for this vision instance is =
Our goal is to access the server from another url say = from a new instance top.

1. Create a Home for the Virtually External R12 Tier

Create a new directory where you want to create the new instance top.

$mkdir virtual_external

2. Create a new Context File for the Virtually External Release 12 Web Node

Run the following command.

$ cd $COMMON_TOP/clone/bin
$ perl contextfile=/d01/Vision/inst/apps/VIS_ffflinux01/appl/admin/VIS_ffflinux01.xml outfile=/d01/virtual_external/V121_external.xml

Give the following inputs. The most important things are mentioned in bold.

Log file located at /d01/virtual_external/log/CloneContext_0407111810.log
Provide the values required for creation of the new APPL_TOP Context file.
Target System Hostname (virtual or normal) [ffflinux01] : external
Target System Database SID : VIS
Target System Database Server Node [external] : ffflinux01
Target System Base Directory : /d01/Vision/
Target System Tools ORACLE_HOME Directory [/d01/Vision/apps/tech_st/10.1.2] :
Target System Web ORACLE_HOME Directory [/d01/Vision/apps/tech_st/10.1.3] :
Target System APPL_TOP Directory [/d01/Vision/apps/apps_st/appl] :
Target System COMMON_TOP Directory [/d01/Vision/apps/apps_st/comn] :
Target System Instance Home Directory [/d01/Vision/inst] :
Username for the Applications File System Owner [oafna] :
Group for the Applications File System Owner [oafna] :
Target System Root Service [enabled] :
Target System Web Entry Point Services [enabled] :
Target System Web Application Services [enabled] :
Target System Batch Processing Services [enabled] :
Target System Other Services [disabled] :
Do you want to preserve the Display [ffflinux01:0.0] (y/n) ? : n
Target System Display [external:0.0] :
Do you want the the target system to have the same port values as the source system (y/n) [y] ? :
Complete port information available at /d01/virtual_external/out/VIS_external/portpool.lst
UTL_FILE_DIR on database tier consists of the following directories.
  1. /usr/tmp
Choose a value which will be set as APPLPTMP value on the target node [1] : 1
Creating the new APPL_TOP Context file from :
The new APPL_TOP context file has been created :
Log file located at /d01/virtual_external/log/CloneContext_0407111810.log
Check Clone Context logfile /d01/virtual_external/log/CloneContext_0407111810.log for details.

3. Edit the created context file manually

A. Create the s_config_home directory per the following example:

Get the name of the directory needed for s_config_home:
$ grep s_config_home /d01/virtual_external/V121_external.xml
<config_home oa_var="s_config_home">/space/v121/inst/apps/V121_external< /config_home>

and then create the directory as the directory structure you get from the above command.
$ mkdir d01/virtual_external/......

Similar to the above example, also create directories for the following:

B. Check for conflicts using the PortPool check utility:

As always, this should be run as applmgr from the applmgr environment.

$ which java

$ grep s_port_pool /space/virtualext/V121_external.xml
<PORT_POOL oa_var="s_port_pool">2</PORT_POOL>

In the following command, the "-e" parameter refers to the context file and the "-pool" parameter refers to the value of s_port_pool within that context file. In my case the command becomes the following since my context file had s_port_pool of 2:
$ java oracle/apps/ad/util/PortPool -e /space/virtualext/V121_external.xml -pool 2
Log file located at PortPool_08091845.log
PORT POOL 2 is in use
Now check the above log for conflicts (using your own log file name, of course).
$ grep RC-50204 PortPool_08091845.log
RC-50204: Error: - Web SSL Port in use: Port Value = 4443
RC-50204: Error: - ONS Local Port in use: Port Value = 6100
RC-50204: Error: - ONS Remote Port in use: Port Value = 6200
RC-50204: Error: - ONS Request Port in use: Port Value = 6500
RC-50204: Error: - Web Listener Port in use: Port Value = 8000
RC-50204: Error: - OC4J JMS Port Range for Oacore in use: Port Value = 23000
RC-50204: Error: - OC4J JMS Port Range for Forms in use: Port Value = 23500
RC-50204: Error: - OC4J JMS Port Range for Oafm in use: Port Value = 24500
RC-50204: Error: - OC4J AJP Port Range for Oacore in use: Port Value = 21500
RC-50204: Error: - OC4J AJP Port Range for Forms in use: Port Value = 22000
RC-50204: Error: - OC4J AJP Port Range for Oafm in use: Port Value = 25000
RC-50204: Error: - OC4J RMI Port Range for Oacore in use: Port Value = 20000
RC-50204: Error: - OC4J RMI Port Range for Forms in use: Port Value = 20500
RC-50204: Error: - OC4J RMI Port Range for Oafm in use: Port Value = 25500

For the most part, the specific ports DO have to be changed, but the port ranges do not. In almost all cases, the port ranges supplied are large enough to comfortably accomodate both web tiers.

For example:

Before: (this isn't the only 4443 in the context file)

<web_ssl_port oa_var="s_webssl_port" oa_type="PORT" base="4443" step="1"
range="-1" label="Web SSL Port">4443</web_ssl_port>
<web_ssl_port oa_var="s_webssl_port" oa_type="PORT" base="4444" step="1"
range="-1" label="Web SSL Port">4444</web_ssl_port>

I have not changed Web Listener Port 8002 as I want to access the external server from same node 8002.

Troubleshooting Tip:
If a port number is called out as busy, the PortPool program will only call out the first entry in the context file that uses that port. There may be other entries also using that port such as in my case where "Web SSL Port" was called out, but the following parameter ALSO had to be changed:
<httpslistenparameter oa_var="s_https_listen_parameter">4443</httpslistenparameter>
This oversight on an early trial run through this procedure had caused apache to fail to start because:
[crit] (98)Address already in use: make_sock: could not bind to port 4443
Re-running PortPool to check your work even after your changes DOES find problems like this.

C. Towards the top of the context file are numerous entries of the form "s_isXXX" which may be set to either yes or no since they were copied from the original context file. These indicate the purpose of the node and for this example the virtually external tier is only a web node and should be changed appropriately:

<TIER_DB oa_var="s_isDB">NO</TIER_DB>
<TIER_ADMIN oa_var="s_isAdmin">NO</TIER_ADMIN>
<TIER_WEB oa_var="s_isWeb">YES</TIER_WEB>
<TIER_FORMS oa_var="s_isForms">NO</TIER_FORMS>
<TIER_NODE oa_var="s_isConc">NO</TIER_NODE>
<TIER_NODEDEV oa_var="s_isConcDev">NO</TIER_NODEDEV>
<TIER_WEBDEV oa_var="s_isWebDev">YES</TIER_WEBDEV>

Continuing on with Note:380490.1, option 2.4: 1. Set the webentry point, s_webentryhost, to the reverse proxy server hostname. 2. Set the webentry domain, s_webentrydomain, to the domain name of the reverse proxy server. 3. Set the active webport, s_active_webport, to the reverse proxy listener port. 4. Set the webentry protocol, s_webentryurlprotocol, to the webentry point protocol e.g.; "http" or "https". 5. Set the login page, s_login_page, to <webentry protocol>://<webentry point>.<webentry domain>:<active webport>. Replace <webentry protocol>, <webentry point>, <webentry domain>, and <active webport> with their respective values. 6. Set the reverse proxy server address, s_server_ip_address to the IP address of the reverse proxy server. 7. Confirm that the value of s_oc4j_cluster_nodes indicates the actual middle tier and free port and not the name of the reverse proxy server. For example:

Original (clearly wrong):

<oc4j_cluster_nodes oa_var="s_oc4j_cluster_nodes"></oc4j_cluster_nodes>
Change (Use internal tier hostname and new port. This port is the same as the s_ons_remoteport which may be busy. See "Outstanding Issues 1, below) :
<oc4j_cluster_nodes oa_var="s_oc4j_cluster_nodes"></oc4j_cluster_nodes>

And also set ons_remoteport to a free port and same as s_oc4j_cluster_nodes.
<ons_remoteport oa_var="s_ons_remoteport" oa_type="PORT" base="6200" step="1" range="-1" label="ONS Remote Port">6204</ons_remoteport>

8. If your reverse proxy server is also working as an SSL accelerator, then remove the '#' to use ssl_terminator.conf in ssl terminated environments. In XML syntax, this means:

Change the following line from this:
     <sslterminator oa_var="s_enable_sslterminator">#</sslterminator>
to this:
     <sslterminator oa_var="s_enable_sslterminator"/>

The need for this is detailed in Note:376700.1-Enabling SSL in Release 12

4. Instantiate the New Configuration Files and Profile Options Based on the New Context File

The DMZ configuration requires the use of the new ServResp profile option hierarchy for the profile options.  If you haven't already done so, change the profile options hierarchy type to ServResp by executing the txkChangeProfH.sql SQL script as shown below:
sqlplus apps/apps @$FND_TOP/patch/115/sql/txkChangeProfH.sql SERVRESP 

5. Run AutoConfig

Enter the full path to the Context file: /d01/virtual_external/V121_external.xml Enter the APPS user password: xxxx
AutoConfig completed successfully.

6. Source the new env file. Excute $ command from new $INST_TOP to start the server. Check the url in your browser.


  1. The PortPool test may not detect the port conflict with "s_ons_remoteport" and this will prevent OPMN from starting.
Full opmn log files can be found here-> /d01/virtualext/inst/apps/VIS_external/logs/ora/10.1.3/opmn
/space/v121/inst/apps/V121_external/logs/ora/10.1.3/opmn> more opmn.log
08/08/10 02:41:36 [ons-listener],6200: BIND (Address already in use)
This can be fixed with just one more edit to the AutoConfig context file as mentioned above.

References ->

  1. The above article is based on Implementing a Reverse Proxy Alone in a DMZ Configuration - R12 [ID 726953.1] , but, I have made several changes.
  2. Note 384248.1-Sharing the Application Tier File System in Oracle E-Business Suite 12

See related article here

No comments :