OCI Load Balancing distributes traffic across multiple web servers. You'll provision the load balancer as a virtual resource just like any other resource. Oracle MAA recommends that you provision the load balancer onto its own subnet (private or public).
Verify that the OCI Load Balancer Prerequisites for PeopleSoft are Met
Before provisioning OCI Load Balancing, make sure that the following configurations are correct:
- All PIA web server domains must have the same cookie name and network domain specified in the
$PS_CFG_HOME/webserv/domain/applications/peoplesoft/PORTAL.war/WEB-INF/weblogic.xml
file.For this project, the Oracle WebLogic domain is
HR92U033
and the file location is:$PS_CFG_HOME/webserv/HR92U033/applications/peoplesoft/PORTAL.war/WEB-INF/weblogic.xml
. - Define the cookies in the XML file.
Within this XML file, we specified our cookie as follows:
<cookie-name>iad-hcm-8080-PORTAL-PSJSESSIONID</cookie-name><cookie-domain>.appprivatesu.ebscloudmaavcn.oraclevcn.com</cookie-domain>
The cookie domain is the network domain name associated with the private subnet
app_private_subnet
. Make sure all PIA WebLogic server domains have the exact same cookie and network domain names in their respectiveweblogic.xml
file. - Create an SSL bundle with the certificate files in PEM format.
This bundle is uploaded during or after you create a load balancer. After creating the load balancer, click the Certificates link to upload the certificate bundle. You must upload the certificate bundle before associating it with the listener that will be SSL-enabled. Consult your corporate security team for what is required by your company for your SSL certificates.
Provision OCI Load Balancer
Provision your Oracle Cloud Infrastructure (OCI) Load Balancer.
The following is a high-level overview. For more information on specifics, see Creating a Load Balancer in the OCI documentation.
- Open the navigation menu, click Networking, and then click Load balancers. Click Load balancer.
- Choose a Compartment.
- Click Create load balancer.
- Complete the Add details page for your environment.
For Bandwidth, we used the following in the example:
- Shape: 400 megabits per second for our test environment
- Display name:
IAD_PSFT_LBaaS_PROD
You can change the load balancer's bandwidth shape after creating the load balancer.
- Complete the Choose backends page for your environment.
The following are some of the selections used for the example:
- Load balancer policy: Weighted round robin traffic distribution policy.
- Session persistence:
iad-hcm-8080-PORTAL-PSJSESSIONID
- SSL enablement: If you choose to have the backend servers SSL- enabled, then select the Use SSL check box and complete the fields.
We did not select this in our test environment.
- Health check: You must define the health check.
It is applied to all available backend servers to determine their health according to your configuration. The load balancer will not route traffic to an unhealthy backend server. The table defines the attributes we specified for our example's health check:
Attribute Value Protocol HTTP Since SSL is terminated at the load balancer, HTTP is selected.
Port 8080 HTTP port for all PIA web servers.
Interval in milliseconds 10000 Number of milliseconds between each check. 10000ms = 10 seconds
Timeout milliseconds 3000 Number of milliseconds that the check will wait before timing out. 3000 = 3 seconds.
Number of retries 3 Number of attempts to get a response from a given backend server.
Status code 200 The expected successful status code for HTTP GET calls.
URL path (URI) /
Starting path, normally the root path of
/
.Response Body RegEx .*
Regular expression that allows any response returned from the HTML page to be acceptable.
- Complete the Configure listener page for your environment.
- Complete the Manage logging page for your environment.
Configure PeopleSoft for SSL Termination at OCI Load Balancer
Configure PeopleSoft to use your new SSL-terminated load balancer. This configuration is required so that dynamically generated URL redirects use the https
protocol. Copy your current PeopleSoft Internet Architecture (PIA) web profile and adjust it to use your SSL configuration.
- Log in to the PIA Web application as a PeopleSoft administrator, such as
PS
.- User: PeopleSoft Admin User,
PS
- User: PeopleSoft Admin User,
- Copy the current or active web profile, as the
PS
user.- User: PeopleSoft Admin User,
PS
- Click the navigation bar icon.
- Click Navigator.
- Click PeopleTools.
You might need to scroll through the options.
- Click Web Profile.
You might need to scroll through the options.
- Click Copy Web Profile.
- Click Search.
You don't need to enter anything into the search box.
- Click on an active web profile from the list, such as PROD.
- Enter a name, such as
PROD_SSL
, in the To field. - Click Save.
- Click the Home icon.
- User: PeopleSoft Admin User,
- Configure the copied web profile.
- User: PeopleSoft Admin User,
PS
- Click the navigation bar icon.
- Click Navigator.
If you're in the same session as Step 2, then the navigator remembers where you are.
- Click Web Profile Configuration.
- Click Search.
You don't need to enter anything in the search box.
- Click an active web profile from the list, such as PROD_SSL that you just created.
- Click the Virtual Addressing tab.
- Protocol: Enter
https
(lower case) for Default Addressing. - Port: Enter 443 for the default port, or enter different port.
Leaving it blank will default to port 443.
- Click Save.
- Exit the application.
- User: PeopleSoft Admin User,
- Modify the PIA
configuration.properties
file on each PIA web domain server.- Node: All PIA web nodes
- User:
psadm2
- SSH to a PIA web server.
- Edit the PIA
configuration.properties
file to change theWebProfile
setting to the modified web profile.$ cd /peoplesoft/local/ps_config/webserv/PIA domain/applications/peoplesoft/PORTAL.war/WEB-INF/psftdocs/site-name
In this example, the following is the modification:
$ cd /peoplesoft/local/ps_config/webserv/HR92U033/applications/peoplesoft/PORTAL.war/WEB-INF/psftdocs/ps
- Create a backup of the
configuration.properties
file.$ cp configuration.properties configuration.properties.backup
- Edit the
configuration.properties
file and set theWebProfile
profile toWebProfile=PROD_SSL
.Note that we commented out the original setting:
# WebProfile=PROD Original web profileWebProfile=PROD_SSL
- Save the file.
- Restart the PIA web server, using the PeopleSoft Startup and Shutdown Scripts.
We assume these scripts are in the administrator account’s PATH.
- Node: All PIA web nodes
- User:
psadm2
$ stopWS.sh $ startWS.sh
- Repeat Step 4 and Step 5 for each PIA web server.
- Issue
firewall-cmd
commands on each PIA web compute instance, asroot
, to allow traffic from the load balancer onto each PIA web server compute instance.- Node: All PIA web server compute instances
- User:
root
The following are the commands for our example environment:
$ firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=10.0.105.0/24 port port=8080 protocol=tcp accept' –permanent $ firewall-cmd --reload
- Check the load balancer backend servers to ensure they each come up with a status of OK.
It may take a few minutes for the status to change from a red diamond Critical to a yellow triangle Warning, and then to a green OK.
At this point, you should be able to log in to the PeopleSoft application through the OCI Load Balancer using a URL similar to the following:
https://load balancer alias name.VCN domain/ psc/ps//?cmd=login&languageCd=ENG
The URL for our example environment is:
https://psfthcm.appprivatesu.ebscloudmaavcn.oraclevcn.com/psc/ps//?cmd=login&languageCd=ENG