OutSystems Platform this.Version.ToString() βthis.BetaVersion

Checklist for OutSystems Platform Server Installation

This checklist describes the procedures you need to perform to install, upgrade, or update OutSystems Platform Server. If you haven't already, read the System Requirements and Network Requirements technical notes to understand what it takes to install OutSystems Platform.

In order to customize the checklist content for your particular installation requirements, you need to select below the kind of installation, the corresponding roles, operating system and other properties for the machine you'll be configuring. You should do this for each machine in order to have a checklist for each one of them.

It may prove useful to print each of the generated checklists. Once you have selected the necessary items for one machine, you'll be ready to print it out. Afterwards, you can move on to another checklist configuration.

Please select which kind of task you'll be doing:

This checklist should be used when you are installing a new standalone server, a new farm installation or adding new Front-end Servers to a previous installation. If you are simply trying to upgrade an existing installation, you should use one of the other installation types.

This checklist should be used when you want to upgrade your existing system to a new release. This happens when the Major or Minor number changes (M.m.b.r). Besides fixes for reported problems, new releases usually provide new features.

This checklist should be used when you want to update your existing system to a new revision. This happens when the Major and Minor numbers are the same, but the Build or Revision number changes (M.m.b.r). Revisions usually only include fixes to reported problems.

Please select which role or combination of roles this machine will be responsible for:

Deployment Controller Servers are responsible for compiling applications and publishing the compilation to all Front-end Servers. You can only have one Deployment Controller Server per farm. Select this role if the machine you're installing will be performing only this role.

Front-end Servers are responsible for running all deployed applications. You can have as many Front-end Servers per farm as you want. Select this role if the machine you're installing will be performing only this role.

The Database is where the platform stores all its data. All other machines in your farm or standalone installation will need access to this machine in order to work. Select this role if the machine you're installing will be performing only this role.

Deployment Controller Servers are responsible for compiling applications and publishing the compilation to all Front-end Servers. You can only have one Deployment Controller Server per farm.

Front-end Servers are responsible for running all deployed applications. You can have as many Front-end Servers per farm as you want.

Select this combination if the machine will accumulate the roles of Deployment Controller Server and Front-end Server.

Deployment Controller Servers are responsible for compiling applications and publishing the compilation to all Front-end Servers. You can only have one Deployment Controller Server per farm.

The Database is where the platform stores all its data. All other machines in your farm or standalone installation will need access to this machine in order to work.

Select this combination if the machine will accumulate the roles of Deployment Controller Server and Database.

Deployment Controller Servers are responsible for compiling applications and publishing the compilation to all Front-end Servers. You can only have one Deployment Controller Server per farm.

Front-end Servers are responsible for running all deployed applications. You can have as many Front-end Servers per farm as you want.

The Database is where the platform stores all its data. All other machines in your farm or standalone installation will need access to this machine in order to work.

Select this combination if the machine will accumulate the roles of Deployment Controller Server, Front-end Server and Database.

Please select what type of installation you'll be doing:

A Standalone installation is one where the single Front-end Server in the installation is also the Deployment Controller Server. It may also be the Database.

A Farm installation is one where two or more machines will be Front-end Servers or the single Front-end Server is not the same machine as the Deployment Controller Server. One of the Front-end Servers in this installation may accumulate the role of Deployment Controller Server or you can have a separate machine dedicated to that role.

Please select which Application Server you'll be using on this machine:

JBoss Enterprise Application Platform 6.4

Wildfly 8.2.0 Final

Oracle WebLogic 12c

Please select which operating system you'll be using on this machine:

Linux Red Hat Server 7.X - 64 bit

Linux Red Hat Server 6.X - 64 bit

Linux Red Hat Server 5.X - 64 bit

Linux CentOS 5.X - 64 bit

Linux CentOS 6.X - 64 bit

Oracle Linux 6.X - 64 bit

Other operating system. This option only applies to the SMS Gateway or Oracle Database machines.

Please select which database software you'll be using:

Oracle Database

Oracle Database on Amazon RDS

MySQL Database 5.7

MySQL Database 5.7 on Amazon RDS

MySQL Database 5.6

MySQL Database 5.6 on Amazon RDS

Overview

The document is organized in the following sections:

In each section there is a list of topics that you have to test in order to successfully install OutSystems Platform Server.
The mandatory topics are the ones that must be checked in order to have a certified installation, i.e. the requirements necessary to guarantee that OutSystems supports your installation.
The mandatory topics are in red and the icon associated is *.
On the other hand, the optional topics are only recommended and you are not forced to check them.
The optional topics are in plain text and the icon associated is .

Pre-installation check list

In this section you have a list of all the issues that you must validate before installing the software.

OutSystems Platform Server

Topics that you must check before start installing OutSystems Platform Server.

When installing without an Internet connection there may be dependency errors in packages required by OutSystems Platform.
In this case, please download the dependencies from a machine with Internet connection, and then use the downloaded packages to install them in the target machine.
See the documentation for yumdownloader, which is a tool provided by the package yum-utils.


In order to follow this checklist, you will need credentials for the Red Hat Customer Portal. If you do not have them, please contact your IT before proceeding.

In order to follow this checklist, you will need credentials for the Oracle Network with a valid support identifier. If you do not have them, please contact your IT before proceeding.
* Amazon RDS dimension:
  • The minimum recommended size for a database instance is the medium size, that is, the Instance class should be at least "db.m1.medium". This is specified when you create the instance.
Amazon RDS time zones:
  • In order to have your infrastructure working with OutSystems Platform, you need to have all front-ends using the same time zone than the database.
    You can set the RDS database time zone when you are creating the instance. For instance, you must have your front-ends using the same time zone you defined for the database.

    For more information about Amazon RDS time zones for Oracle check this page.
Amazon RDS time zones:
  • You must configure your front-end using the same time zone as the RDS.
Amazon RDS High-availability:
  • To choose the Multi-AZ option, you have to enable it while creating the database, in DB instance details, pick Yes for Multi-AZ deployment option. You can also change it in an existing Oracle RDS database in the AWS Management Console -> Instance actions -> Modify.
File System Partitions:
  • If you want to increase performance and stability of OutSystems Platform, plan ahead the installation of the Operating System so that you will have two extra partitions available:
    • One partition for the OutSystems Platform installation
    • One partition for the JBoss Application Server
    • One partition for the Wildfly Application Server
    • One partition for the WebLogic Application Server
* Register with Red Hat Subscription Management:
  • Go to the Red Hat Customer Portal and log in to your account.
  • Locate the system you're installing the Platform on.
    • If you can't find your system, it means that it is not registered with Red Hat Subscription Management and you must register it.
      • As the root user, ensure the Red Hat Subscription Manager package is installed:
        • yum install subscription-manager
      • As the root user, register the system:
        • subscription-manager register
  • Once your system is registered, you must attach it to the subscriptions to which your system is entitled. This can be done on the Red Hat Customer Portal, or via the command line.
    • As the root user, check which subscriptions are available for your system:
      • subscription-manager list --available
    • As the root user, repeat the following command for each subscription that the system is entitled to:
      • subscription-manager attach --pool=<POOL_ID> , where <POOL_ID> is retrieved from the output of the previous command
  • Once your system is attached to your subscriptions, you must enable the required repositories:
    • As the root user, check if the required repositories are available (if they aren't, you may need to change your subscription):
      • subscription-manager repos --list
      • You will need the following repositories to be available (if they aren't, you may need to change your subscription):
        • JBoss Enterprise Application Platform 6.4 (RHEL this.OperatingSystem.GetRepositoryVersion() Server): subscription-manager repos --enable jbappplatform-6.4-x86_64-server-this.OperatingSystem.GetRepositoryVersion()-rpm
        • JBoss Enterprise Application Platform 6.4 (RHEL this.OperatingSystem.GetRepositoryVersion() Server): subscription-manager repos --enable jb-eap-6.4-for-rhel-this.OperatingSystem.GetRepositoryVersion()-server-rpms
        • Applicable only to Oracle JDK, skip this step if you using OpenJDK

          Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Oracle Java: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-restricted-maintenance-oracle-java-rpms
* Red Hat Enterprise Linux 7.X x64: Red Hat Enterprise Linux 6.X x64: Red Hat Enterprise Linux 5.X x64: CentOS Linux 5.X x64: CentOS Linux 6.X x64: Oracle Linux 6.X x64:
  • As the root user, make sure the following packages are installed:
    • Shell
      • yum install bash
    • Communication (ssh shells)
      • yum install openssh-clients
    • Firewall (iptables)
      • yum install iptables
      • yum install iptables-services
    • Utilities
      • yum install zip unzip
      • yum install bc
      • yum install dos2unix
      • yum install patch
      • yum install net-tools
    • X server - only necessary to install Oracle Database Server tools.
  • Iptables configuration:
    • As the root user, set iptables service to auto-start:
      • chkconfig iptables on
      • systemctl enable iptables
      • systemctl start iptables
      • systemctl enable ip6tables
      • systemctl start ip6tables
    • As the root user, open the following ports:
      • 2033, 12000, 12001, 12002, 12003 - OutSystems Services default communication ports
      • 7001, 7002 - AdminServer default communication ports
      • 5556 - NodeManager default communication port
        • You can open a port in iptables by running the following command (as the root user):
        • iptables -I INPUT -p tcp --dport [PORT] -j ACCEPT
        • You can store the iptables settings permanently by running the following command (as the root user):
        • service iptables save
    • As the root user, stop and disable firewalld (it interferes with iptables):
      • systemctl stop firewalld
      • systemctl disable firewalld
      • systemctl mask firewalld
  • If you decide to install a different firewall follow these additional steps:
    • As the root user, set iptables service to not auto-start:
      • chkconfig iptables off
      • systemctl disable iptables
      • systemctl stop iptables
      • systemctl disable ip6tables
      • systemctl stop ip6tables
    • Set port redirection:
      • 8080 redirect to 80;
      • 8443 redirect to 443;
    • Open the following ports:
      • 8080, 8443 - JBoss default communication ports;
      • 8080, 8443 - WebLogic default communication ports;
      • All ports that must be open in iptables
Register with Red Hat Subscription Management:
  • Go to the Red Hat Customer Portal and log in to your account.
  • Locate the system you're installing the Platform on.
    • If you can't find your system, it means that it is not registered with Red Hat Subscription Management and you should register it.
      • As the root user, ensure the Red Hat Subscription Manager package is installed:
        • yum install subscription-manager
      • As the root user, register the system:
        • subscription-manager register
  • Once your system is registered, you should attach it to the subscriptions to which your system is entitled. This can be done on the Red Hat Customer Portal, or via the command line.
    • As the root user, check which subscriptions are available for your system:
      • subscription-manager list --available
    • As the root user, repeat the following command for each subscription that the system is entitled to:
      • subscription-manager attach --pool=<POOL_ID> , where <POOL_ID> is retrieved from the output of the previous command
  • Once your system is attached to your subscriptions, you should enable the required repositories:
    • As the root user, check if the required repositories are available (if they aren't, you may need to change your subscription):
      • subscription-manager repos --list
      • You will need the following repositories to be available (if they aren't, you may need to change your subscription):
        • Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Supplementary: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-supplementary-rpms
        • Applicable only to Oracle JDK, skip this step if you using OpenJDK

          Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Oracle Java: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-restricted-maintenance-oracle-java-rpms
* Oracle 11g R2 or 12c R1/R2 Database:
  • Ensure you install Oracle 11g R2 or 12c R1/R2
  • When creating the database in Oracle 11g R2 or 12c R1, make sure the block size is set to at least 8KB
  • When creating the database in Oracle 12c R2, make sure the block size is set to:
  • When creating the database, set the following NLS parameters:
    NLS_LANGUAGE AMERICAN
    NLS_TERRITORY AMERICA
    NLS_CHARACTERSET AL32UTF8 (Unicode support)
    or
    WE8MSWIN1252 (no Unicode support)
    NLS_DATE_FORMAT DD-MON-RR
    NLS_SORT BINARY
  • Choosing AL32UTF8 for Unicode support allows applications to handle non-western characters.
    For more information on this subject please refer to Recommended Database Character Sets.
  • The minimum recommended limit of Oracle system processes and sessions is 250. Higher values might be required for highly loaded environments, so adjust accordingly.
    • To display the current limit of system processes and sessions in your database, execute the following statement as sysdba: SELECT Value FROM v$parameter WHERE Name='processes' or Name='sessions';
    • To change the number of system processes of your database, execute a statement like:
      ALTER SYSTEM SET processes=250 SCOPE=spfile;
      ALTER SYSTEM SET sessions=250 SCOPE=spfile;
      followed by a database restart
  • If the patch to fix Oracle bug 1782025, Doc ID 223515 is not installed, then when creating the database, make sure that the CURSOR_SHARING system parameter is set to the Default value ("Exact")
    • To check if the patch is installed, use "opatch lsinventory". For more information, check opatch.
    • To check the current value execute as the sysdba user: show parameters cursor_sharing
    • It should show "EXACT" on the Value column. If not, run the following query to change it: alter system set cursor_sharing='EXACT'
* Oracle 12c R1/R2 Adaptive Optimizer:
  • Running Oracle 12c database with the adaptive optimizer feature enabled results in serious performance degradation. As such, the adaptive optimizer feature must be disabled.
    • If you are using Oracle 12c R1 without patch 22652097, you must follow these steps to disable the OPTIMIZER_ADAPTIVE_FEATURES:
      • Execute the following statement as sysdba:
        ALTER SYSTEM SET optimizer_adaptive_features=false SCOPE=spfile;
      • Restart the database
    • If you are using Oracle 12c R2 or Oracle 12c R1 with patch 22652097 installed, you must ensure that OPTIMIZER_ADAPTIVE_PLANS (default is true) and OPTIMIZER_ADAPTIVE_STATISTICS (default is false) are set to their default values:
      • Execute the following statement as sysdba:
        ALTER SYSTEM SET optimizer_adaptive_plans=true SCOPE=BOTH;
        ALTER SYSTEM SET optimizer_adaptive_statistics=false SCOPE=BOTH;

      • Restart the database

      For more information about the changes in the Adaptive Optimizer introduced in Oracle 12c R2 (or Oracle 12c R1 with patch 22652097), please check this Oracle blog post.
* Oracle 11g R2 or 12c R1/R2 Services:
  • Make sure that Oracle services are running.
Install latest Oracle Database updates
* MySQL Database:
  • Ensure you use MySQL 5.6.(5+)
  • Ensure you use MySQL 5.7.(22+)
  • Make sure the following configurations are set on the mysqld section
    • Make sure sql mode is set to "STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
    • Make sure innodb_file_per_table is set to 1
    • Make sure default-storage-engine is set to INNODB
    • Make sure lower_case_table_names is set to 1
    • Make sure max_allowed_packet is set to at least 128M
    • Make sure log_bin_trust_function_creators is set to 1
    • Make sure innodb_log_file_size is set to at least 1280M
    • Make sure character-set-client-handshake is set to FALSE
    • Make sure character-set-server is set to utf8mb4
    • Make sure collation-server is set to at least utf8mb4_unicode_ci
  • Make sure the following configurations are set on the client section
    • Make sure default-character-set is set to at least utf8mb4
  • Make sure the following configurations are set on the mysql section
    • Make sure default-character-set is set to at least utf8mb4
  • Restart the MySQL database server for configurations to take effect

This can be done by editing the MySQL configuration file:
  • Linux: /etc/my.cnf

The file should look like this:
		[mysqld]
		sql_mode=STRICT_TRANS_TABLES,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION
		lower_case_table_names=1
		max_allowed_packet=128M
		default-storage-engine=INNODB
		log_bin_trust_function_creators=1
		innodb_log_file_size=1280M
		innodb_file_per_table=1
		character-set-client-handshake = FALSE
		character-set-server = utf8mb4
		collation-server = utf8mb4_unicode_ci
		
		[client]
		default-character-set = utf8mb4

		[mysql]
		default-character-set = utf8mb4
		
If you have extra configuration make sure there are no duplicate settings.
* MySQL Database:
  • Ensure you use MySQL 5.6.(5+)
  • Ensure you use MySQL 5.7.(22+)
  • Make sure sql mode is set to "STRICT_TRANS_TABLES"
  • Make sure innodb_file_per_table is set to 1
  • Make sure default-storage-engine is set to INNODB
  • Make sure lower_case_table_names is set to 1
  • Make sure max_allowed_packet is set to at least 128M
  • Make sure log_bin_trust_function_creators is set to 1
  • Make sure innodb_log_file_size is set to at least 1280M
  • Make sure character_set_client_handshake is set to FALSE
  • Make sure character_set_server is set to utf8mb4
  • Make sure collation_server is set to at least utf8mb4_unicode_ci
This can be done through the DB Parameter Group capability of Amazon RDS
* Install Ant (1.9+):
  • Please download the Ant (1.9+) zip archive from the official site:
    http://ant.apache.org/bindownload.cgi.
  • As the root user, unzip to /opt the downloaded archive: unzip apache-ant-1.9.*.zip -d /opt/
*

Install either Open JDK or Oracle JDK (you must only install one of them)

Install Open JDK (1.8 x64):
  • As the root user, make sure the following package is installed:
    • Open Java Development Kit 1.8.0
      • yum install java-1.8.0-openjdk-devel
  • Set Java version system wide. As the root user, execute:
    • echo JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep java-1.8.0-openjdk | sort -t_ -n -k2 | tail -1) > /etc/sysconfig/outsystems
Install Oracle's Java SDK (1.8 x64):
  • Please download from the official site:
    http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html.
  • As the root user, execute the installer: rpm -i jdk-*-linux-x64.rpm
    • Install Java into a location that is accessible by all users.
    • For the purpose of this document, we assume Java will be installed to /usr/java/jdk1.8.0_* folder.
  • Set Java version system wide. As the root user, execute:
    JAVA_HOME="/usr/java/`ls /usr/java/ | grep jdk1.8.0 | sort -t_ -n -k2 | tail -1`"
    mkdir -p /usr/lib/jvm
    alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 16999
    alternatives --install /usr/lib/jvm/java-1.8.0 java_sdk_1.8.0 $JAVA_HOME/ 16999
  • Override the system wide java version. As the root user, execute:
    alternatives --set java $JAVA_HOME/bin/java
    alternatives --set java_sdk_1.8.0 $JAVA_HOME/
  • Confirm that the system wide java version is correct. As the root user, execute: alternatives --config java
    • You should see an output containing the path /usr/java/jdk1.8.0_*/bin/java selected.
    • As the root user, make sure the following package is installed:
      • Oracle Java Development Kit 1.8.0
        • yum install java-1.8.0-oracle-devel
    • If your RedHat subscription does not entitle you to install Oracle Java SDK (1.8 x64) via yum:
      • Please download the Linux x64 RPM from the official site:
        http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html.
      • As the root user, execute the installer: rpm -i jdk-*-linux-x64.rpm
        • Install Java into a location that is accessible by all users.
        • For the purpose of this document, we assume Java will be installed to /usr/java/jdk1.8.0_* folder.
      • Set Java version system wide. As the root user, execute:
        JAVA_HOME="/usr/java/`ls /usr/java/ | grep jdk1.8.0 | sort -t_ -n -k2 | tail -1`"
        mkdir -p /usr/lib/jvm
        alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 16999
        alternatives --install /usr/lib/jvm/java-1.8.0 java_sdk_1.8.0 $JAVA_HOME/ 16999
      • Override the system wide java version. As the root user, execute:
        alternatives --set java $JAVA_HOME/bin/java
        alternatives --set java_sdk_1.8.0 $JAVA_HOME/
      • Confirm that the system wide java version is correct. As the root user, execute: alternatives --config java
        • You should see an output containing the path /usr/java/jdk1.8.0_*/bin/java selected.
* Install Wildfly Application Server (8.2.0 Final):
  • Download the file wildfly-8.2.0.Final.zip from the official site:
    http://wildfly.org/downloads/.
    • For the purpose of this document, we assume Wildfly will be installed to /opt/wildfly-8.2.0.Final folder.
  • As the root user, uncompress the Wildfly installation file to /opt: unzip wildfly-8.2.0.Final.zip -d /opt/
Mount Wildfly in a separate partition:
  • If you have a partition reserved for the Wildfly Application Server, move the directory /opt/wildfly-8.2.0.Final/standalone to the alternate partition, and create a mount point to it at /opt/wildfly-8.2.0.Final/standalone.
* Install WebLogic Application Server:
  • Please download the Oracle WebLogic Server 12.1.3 Generic Installer from the official site: http://www.oracle.com/technetwork/middleware/weblogic/downloads/wls-main-097127.html.
  • As the root user, create a user for WebLogic and disable password ageing:
    useradd -s /sbin/nologin -U wls_outsystems
    chage -m 0 -M 99999 -I -1 -E -1 wls_outsystems
  • Make sure the downloaded fmw_12.1.3.0.0_wls.jar is copied to /home/wls_outsystems/
  • As the root user, create a file named /home/wls_outsystems/oraInst.loc with the following content:
    ###################
    # oraInst.loc file
    ###################
    inventory_loc=/home/wls_outsystems/oraInventory/
    inst_group=wls_outsystems
  • As the root user, create a file named /home/wls_outsystems/response.file.rsp with the following content:
    ####################
    # response.file.rsp
    ####################
    [ENGINE]
    Response File Version=1.0.0.0.0
    [GENERIC]
    #The oracle home location. This can be an existing Oracle Home or a new Oracle Home
    ORACLE_HOME=/opt/Oracle/Middleware
    #Set this variable value to the Installation Type selected. e.g. WebLogic Server, Coherence, Complete with Examples.
    INSTALL_TYPE=WebLogic Server
    #Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
    MYORACLESUPPORT_USERNAME=
    #Provide the My Oracle Support Password
    MYORACLESUPPORT_PASSWORD=<SECURE VALUE>
    #Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
    DECLINE_SECURITY_UPDATES=true
    #Set this to true if My Oracle Support Password is specified
    SECURITY_UPDATES_VIA_MYORACLESUPPORT=false
    #Provide the Proxy Host
    PROXY_HOST=
    #Provide the Proxy Port
    PROXY_PORT=
    #Provide the Proxy Username
    PROXY_USER=
    #Provide the Proxy Password
    PROXY_PWD=<SECURE VALUE>
    #Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port]
    COLLECTOR_SUPPORTHUB_URL=
  • As the root user, make sure the created files can be read by everyone
    chmod a+r /home/wls_outsystems/oraInst.loc /home/wls_outsystems/response.file.rsp
  • As the root user, install WebLogic:
    mkdir -p /opt/Oracle/Middleware
    chown -R wls_outsystems:wls_outsystems /opt/Oracle

    Note: the following command is a single line

    su - wls_outsystems -s /bin/bash -c "umask 0027; java -jar -d64 /home/wls_outsystems/fmw_12.1.3.0.0_wls.jar -silent -invPtrLoc /home/wls_outsystems/oraInst.loc -responseFile /home/wls_outsystems/response.file.rsp"
* Creating a WebLogic domain for OutSystems:
  • As the root user, create a file named /home/wls_outsystems/configDomain.py with the following content:
    ################################
    # WebLogic silent configuration
    ################################

    #Customization Zone
    username='<insert weblogic username>'
    password='<insert weblogic password>'
    server_name='<insert server name here>'
    machine_ip='<insert machine ip here>'
    #End of Customization Zone

    readTemplate('/opt/Oracle/Middleware/wlserver/common/templates/wls/wls.jar')
    cmo.setProductionModeEnabled(true)

    # Setting Administration Server listen address/port
    cd('Servers/AdminServer')
    set('ListenAddress','')
    set('ListenPort', 7001)

    # Setting the username/password
    cd('/Security/base_domain/User/weblogic')
    cmo.setName(username)
    cmo.setPassword(password)

    # Create Managed Server
    cd('/')
    server = create(server_name, 'Server')
    server.setListenAddress('')
    server.setListenPort(8080)

    # Create Machine
    cd('/')
    machine_name= server_name + '_machine'
    machine = create(machine_name, 'Machine')
    cd('/Machine/' + machine_name)
    nodeMgr = create(machine_name, 'NodeManager')
    nodeMgr.setListenAddress(machine_ip)
    nodeMgr.setListenPort(5556)

    # Map server to machine
    cd('/')
    cd('/Servers/')
    cd(server_name)
    currentServer = cmo;
    cd('/Machine/' + machine_name)
    currentServer.setMachine(cmo)

    setOption('OverwriteDomain', 'true')
    writeDomain('/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain')

    closeTemplate()
    exit()
  • Please edit the region #Customization Zone, and provide the following information:
    • In the username property, and password property enter the name and credentials for the WebLogic Administrator account.
      OutSystems Platform will require these credentials later on.
    • In the server_name property, enter an appropriate Name for the Managed Server.

      Suggestion: Use the server hostname as the Managed Server name.

    • In the machine_ip property, enter the Machine IP of the Server.
  • As the root user, make sure the create file can be read by everyone
    chmod a+r /home/wls_outsystems/configDomain.py
  • As the root user, execute the following instruction to create the WebLogic domain for OutSystems:
    su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/wlserver/common/bin/wlst.sh /home/wls_outsystems/configDomain.py"
  • As the root user, delete the recently created files:
    rm -f /home/wls_outsystems/oraInst.loc /home/wls_outsystems/response.file.rsp /home/wls_outsystems/configDomain.py
* Install required WebLogic patches:
  • As the root user, check which patches are applied to your WebLogic, by running the following code and looking for the Patch ID of the installed patches: su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch lsinventory"
  • If you have the patch 18123824, as the root user, uninstall the patch by running the following code:
    • su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch rollback -id 18123824"
  • If you have the patch 21370953, as the root user, uninstall the patch by running the following code:
    • su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch rollback -id 21370953"
  • If you do not have the patch 25987810 applied to your WebLogic, please download patch 25987810, for Oracle WebLogic 12.1.3 from the official Oracle Support site.
    • As the root user, install the patch by following the instructions in the README.txt file that comes with the patch: mv p25987810_121300_Generic.zip /home/wls_outsystems/
      su - wls_outsystems -s /bin/bash -c "unzip -d /home/wls_outsystems/ /home/wls_outsystems/p25987810_121300_Generic.zip"
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch apply /home/wls_outsystems/25987810/"
  • If you do not have the patch 27919943 applied to your WebLogic, please download patch 27919943, for Oracle WebLogic 12.1.3 from the official Oracle Support site.
    • As the root user, install the patch by following the instructions in the README.txt file that comes with the patch: mv p27919943_121300_Generic.zip /home/wls_outsystems/
      su - wls_outsystems -s /bin/bash -c "unzip -d /home/wls_outsystems/ /home/wls_outsystems/p27919943_121300_Generic.zip"
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch apply /home/wls_outsystems/27919943/"
Workaround for NodeManager SSL configuration:
  • By default, WebLogic configures the Node Manager to operate over SSL, which means that the Node Manager host must have a valid certificate and that the Administration Server needs to trust that certificate before being able to communicate with that Node Manager.

    OutSystems strongly recommends that you properly configure your SSL certificates. For more information on how to configure certificates between the Node Managers and the Administration Server, please see http://docs.oracle.com/middleware/1213/wls/SECMG/ssl_overview.htm#SECMG718 .

    If you are sure that you do not want to configure SSL certificates between the Node Managers and the Administration Server you can manually disable it.

    Note that this procedure reduces the security level of the communication between Node Managers and Administration Server

    As the root user, execute:
    • Disable NodeManager secure listener:
      su - wls_outsystems -s /bin/bash -c "sed -i.bak s/SecureListener=true/SecureListener=false/g /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/nodemanager/nodemanager.properties 2>&1 > /dev/null"
    • Start WebLogic:
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/startWebLogic.sh"
    • Open the WebLogic console at http://<AdministrationServer>:7001/console
      • Click the Lock & Edit button
      • Go to the outsystems_domain and expand Environment
      • Click on Machines
      • Select the machine associated with the node you are configuring
      • Click on the Node Manager tab
      • Change Type to Plain
      • Save and Activate Changes
    • Stop WebLogic:
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/stopWebLogic.sh"
* Extending the existing outsystems_domain - Unpacking the Domain's template
  • As the root user, copy the outsystems_domain.jar template file available from the Administration Server host to the Front-End server.
    • Check The Controller's checklist Instructions, on how to generate this file, if you haven't done it yet.
  • As the root user, execute the following line to unpack your domain's template using the wls_outsystems user: mv outsystems_domain.jar /home/wls_outsystems/
    chown wls_outsystems:wls_outsystems /home/wls_outsystems/outsystems_domain.jar
    su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/oracle_common/common/bin/unpack.sh -domain=/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain -template=/home/wls_outsystems/outsystems_domain.jar"
  • After unpack the the outsystems domain, change the listen address of the node manager to listen requests from this machine.
    As the root user, execute the following line changing the Administration_Server_Address and Front_End_Address placeholders accordingly:

    Note: the following command is a single line

    su - wls_outsystems -s /bin/bash -c "sed -i.bak s/ListenAddress=<Administration_Server_Address>/ListenAddress=<Front_End_Address>/g /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/nodemanager/nodemanager.properties 2>&1 > /dev/null"
* Changing startup memory parameters for OutSystems:
  • As the root user, execute the following instructions:

    Note: the following command is a single line

    echo -e "JAVA_OPTIONS=\"\${JAVA_OPTIONS} -XX:MetaspaceSize=256m -XX:MinMetaspaceFreeRatio=20 -XX:MaxMetaspaceFreeRatio=40\"\nexport JAVA_OPTIONS" >> /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/setDomainEnv.sh

    Note: the following command is a single line

    sed -i 's,^export JAVA_OPTIONS[^\n]*,JAVA_OPTIONS="${JAVA_OPTIONS} -XX:MetaspaceSize=256m -XX:MinMetaspaceFreeRatio=20 -XX:MaxMetaspaceFreeRatio=40"\nexport JAVA_OPTIONS,' /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/startNodeManager.sh
* Preparing to extend the outsystems_domain - Making an outsystems_domain template file
  • As the root user, execute the following line to pack your domain's template using the wls_outsystems user su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/oracle_common/common/bin/pack.sh -domain=/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain -managed=true -template=/home/wls_outsystems/outsystems_domain.jar -template_name=outsystems_domain"
  • This template will be used later by each Front-End.
* Extending the existing outsystems_domain - Registering a new Front-End:
  • At this stage you'll need an Admininstration Server running and reachable from the Front-End. Please complete the Controller's checklist prior to this step, if you have not done it yet.
  • Creating a Machine and Managed Server in the AdminServer's console:
    • Open the WebLogic console at http://<AdministrationServer>:7001/console
      • Click the Lock & Edit button
      • Go to the outsystems_domain and expand Environment
      • Click on Machines
      • Create a new Machine:
        • Enter an appropriate Name for the Machine
          • Suggestion: Use the server hostname appended with _machine as the Machine name.
        • Select the appropriate Node Manager Type (SSL or Plain, consistent with the rest of your environment)
        • Enter the Machine IP as the Node Manager listen address
        • Leave 5556 as the Node Manager listen port
        • Press the Finish button
      • Create a new Server:
        • Enter an appropriate Name for the Server
          • Suggestion: Use the server hostname as the Managed Server name.
        • Leave the Listen Address empty
        • Enter 8080 as the Server Listen Port
        • Press the Finish button
        • Click on the newly created Server
        • Associate the server with the machine created just before
        • Enable SSL Listen Port and enter 8443 as the SSL Listen Port
        • Save and Activate Changes
Workaround for NodeManager SSL configuration:
  • By default, WebLogic configures the Node Manager to operate over SSL, which means that the Node Manager host must have a valid certificate and that the Administration Server needs to trust that certificate before being able to communicate with that Node Manager.

    OutSystems strongly recommends that you properly configure your SSL certificates. For more information on how to configure certificates between the Node Managers and the Administration Server, please see http://docs.oracle.com/middleware/1213/wls/SECMG/ssl_overview.htm#SECMG718 .

    If you are sure that you do not want to configure SSL certificates between the Node Managers and the Administration Server you can manually disable it.

    Note that this procedure reduces the security level of the communication between Node Managers and Administration Server

    As the root user, execute:
    • Disable NodeManager secure listener:
      su - wls_outsystems -s /bin/bash -c "sed -i.bak s/SecureListener=true/SecureListener=false/g /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/nodemanager/nodemanager.properties 2>&1 > /dev/null"
Mount WebLogic in a separate partition:
  • If you have a partition reserved for the WebLogic Application Server, move the directory /opt/Oracle/Middleware to the alternate partition, and create a mount point to it at /opt/Oracle/Middleware.
*

Ensure that the clocks of all Front-end servers are synchronized

Synchronizing the clocks of all Front-end servers will prevent clock skew problems that can impact the experience of users accessing your applications.

Legend: * Mandatory; Optional.

Installation check list

In this section you have a list of all the steps that you must follow to guarantee that the software was successfully installed.

OutSystems Platform Server

This section provides the steps that you must follow to successfully install your Deployment Controller Server or Front-end Server.

* If until now you have not installed OutSystems Platform in your Deployment Controller Server you should follow the Deployment Controller Server checklist up until the point where you are instructed to resume the current checklist. You can access the Deployment Controller Server checklist in this document by selecting the Deployment Controller Server role at the top of this page.
* Install the OutSystems yum repository:
  • As the root user, execute: rpm -i http://yum.outsystems.net/this.Version.ToString()/noarch/outsystems-repo.rpm
    • To install without internet connection, download the rpm from the above location, and then execute (as root user): rpm -i outsystems-repo.rpm
* Install Deployment Controller Server and/or Front-end Server:
  • As the root user, execute: yum install outsystems-agileplatform-jboss6-eap outsystems-agileplatform outsystems-agileplatform-libs yum install outsystems-agileplatform-wildfly8 outsystems-agileplatform outsystems-agileplatform-libs yum install outsystems-agileplatform-weblogic outsystems-agileplatform outsystems-agileplatform-libs
    • To install without internet connection or to install a specific OutSystems Platform Server version, download the rpms outsystems-agileplatform-10*.noarch.rpm outsystems-agileplatform-libs-*.noarch.rpm outsystems-agileplatform-jboss6-eap-*.noarch.rpm outsystems-agileplatform-wildfly8-*.noarch.rpm outsystems-agileplatform-weblogic-*.noarch.rpm from the "OutSystems yum repository", and then execute (as root user): yum --disablerepo=* install outsystems-agileplatform-*.noarch.rpm
    yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm
  • OutSystems Platform Server files will be installed to /opt/outsystems/platform.
  • Copy the Controller's /opt/outsystems/platform/private.key to the same location on each Front-End Server.
  • Copy the Controller's /etc/outsystems/server.hsconf to the same location on each Front-End Server.
* Enable weblogic-outsystems-adminserver service:
  • As the root user, execute: chkconfig --levels 345 weblogic-outsystems-adminserver on
    • OutSystems Platform requires the AdminServer to be available.
      OutSystems recommends to enable the weblogic-outsystems-adminserver service in the deployment controller node, as it will automatically start and stop the AdminServer whenever required.
Mount JBoss in a separate partition:
  • If you have a partition reserved for the JBoss Application Server, move the directory /var/lib/jbossas/standalone to the alternate partition, and create a mount point to it at /var/lib/jbossas/standalone.
Mount OutSystems Platform Server in a separate partition:
  • If you have a partition reserved for OutSystems Platform Server, move the directory /opt/outsystems/platform to the alternate partition, and create a mount point to it at /opt/outsystems/platform.
* Execute the Platform Database creation script:
  • You can find in the Deployment Controller Server at /opt/outsystems/platform/db/RDS_runtime_oracle_creation.sql. This file allows you to create users, tablespaces and grants the necessary permissions. By default, when executing this file, the following objects will be created:
    • Users: OSADMIN, OSRUNTIME, OSLOG
    • Tablespaces: OSSYS, OSIDX, OSUSR, OSLOG
    • Grants:
      • OSADMIN: Create Session, Create View, Create Table, Alter Session, Create Sequence, Create Procedure, Create Trigger
      • OSRUNTIME: Create Session
      • OSLOG: Create Session
  • Please check with your Database Administrator how to do this according to your database environment. At the very least, you should make sure the file paths, tablespaces and users don't clash with existing objects in the database.
  • If you change any of these settings, remember to do so throughout the file.
  • You'll need the usernames, passwords and tablespaces used in this script to configure OutSystems Platform Server later on.
  • Connect to your Oracle instance with a user that can create databases and use the customized script to create the database.
* Execute the Platform Database creation script:
  • You can find in the Deployment Controller Server at /opt/outsystems/platform/db/runtime_oracle_creation.sql. This file allows you to create users, tablespaces and grants the necessary permissions. By default, when executing this file, the following objects will be created:
    • Users: OSADMIN, OSRUNTIME, OSLOG
    • Tablespaces: OSSYS, OSIDX, OSUSR, OSLOG
    • Grants:
      • OSADMIN: Create Session, Create View, Create Table, Alter Session, Create Sequence, Create Procedure, Create Trigger
      • OSRUNTIME: Create Session
      • OSLOG: Create Session
  • Please check with your Database Administrator how to do this according to your database environment. At the very least, you should make sure the file paths, tablespaces and users don't clash with existing objects in the database.
  • If you change any of these settings, remember to do so throughout the file.
  • You'll need the usernames, passwords and tablespaces used in this script to configure OutSystems Platform Server later on.
  • Connect to your Oracle instance with a user that can create databases and use the customized script to create the database.
* Execute the OutSystems Platform Server session creation script:
  • You can find it at /opt/outsystems/platform/db/session_oracle_creation.sql
  • This allows you to configure the tablespace, the tablespace's datafile location, the user and password. By default, the objects are set to:
    • Tablespace: OSSTATE
    • User: OSSTATE
  • If you change any of these settings, remember to do so throughout the file.
  • Run this script like you did with the script to create the data model of OutSystems Platform.
* Execute the OutSystems Platform Server session creation script:
  • You can find it at /opt/outsystems/platform/db/RDS_session_oracle_creation.sql
  • This allows you to configure the tablespace, the tablespace's datafile location, the user and password. By default, the objects are set to:
    • Tablespace: OSSTATE
    • User: OSSTATE
  • If you change any of these settings, remember to do so throughout the file.
  • Run this script like you did with the script to create the data model of OutSystems Platform.
* Execute the Platform Database creation script:
  • You can find it in the Deployment Controller Server at /opt/outsystems/platform/db/runtime_mysql_creation.sql. This file allows you to create users schemas and the necessary permissions. Please make sure you change the default passwords! By default, when executing this file, the following objects will be created:
    • Schema: outsystems
    • Users: OSADMIN, OSRUNTIME, OSLOG
    • Grants:
      • OSADMIN: SELECT on information_Schema , All privileges outsystems schema
      • OSRUNTIME: SELECT, INSERT, UPDATE, DELETE, EXECUTE, CREATE ROUTINE, ALTER ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES
      • OSLOG: SELECT, INSERT, UPDATE, DELETE, EXECUTE, CREATE TEMPORARY TABLES, LOCK TABLES
  • Please check with your Database Administrator how to do this according to your database environment. At the very least, you should make sure the file paths, tablespaces and users don't clash with existing objects in the database.
  • If you change any of these settings, remember to do so throughout the file.
  • You'll need the usernames, passwords and tablespaces used in this script to configure OutSystems Platform Server later on.
  • Connect to your MySQL instance with a user that can create databases and use the customized script to create the database.
* Execute the OutSystems Platform Server session creation script:
  • You can find it at /opt/outsystems/platform/db/session_mysql_creation.sql
  • This allows you to configure the schema the user and password. Please make sure you change the default passwords By default, the objects are set to:
    • Schema: outsystems_session
    • User: OSSTATE
    • Run this script like you did with the script to create the data model of OutSystems Platform.
* At this point you need the database users and schemas for use by OutSystems Platform. For instructions on creating them, access the Database checklist in this document.
To do this, select the Database role at the top of this page.
Workaround for First Database Connection performance issue on low entropy systems
  • Oracle OJDBC driver is affected by the java.security.SecureRandom API limitation JDK bug 6521844.
  • In low entropy systems such as virtual machines the time to obtain the first DB connection can be unusually high.


    To assess you machine level of entropy you can get an estimate by executing the following command:

    cat /proc/sys/kernel/random/entropy_avail

    The issue can occur in machines with an entropy estimate lower than 300.


    You can workaround this issue by changing the securerandom.source property in the file java.security to:

    securerandom.source=file:/dev/./urandom

    To find the correct java.security file you can use the following command:

    find $(alternatives --display java | grep points | grep -Po '[\/].*[\/]')../ -name java.security


    Note that this procedure reduces the DB connection security. It makes it easier for an attacker to decrypt the password in the network.

    However only the initial login is affected, it is a very short operation therefore the vulnerability is low.

*

Applicable only to Oracle JDK, skip this step if you using OpenJDK

Download strong Cryptographic Support extension:
Install SAP Connector Libraries:
  • Download the SAP Connector for Java 3.0.x for Linux 64bit from SAP Service Marketplace.
  • Unpack the Connector and copy the sapjco3.jar and libsapjco3.so files to the /opt/outsystems/platform/thirdparty/lib/ folder.
NOTE
  • This step is only required if you are going to integrate OutSystems Platform with your SAP.
  • If this step is done later, after you have installed the Platform, you must repeat the mandatory steps below.
* Configure Deployment Controller Server services:
  • As the root user, execute: /opt/outsystems/platform/serviceconfigurator.sh -controller
* Configure Front-end Server services:
  • As the root user, execute: /opt/outsystems/platform/serviceconfigurator.sh -frontend
* Configure OutSystems Platform:
  • Start the OutSystems Configuration Tool. As the root user, execute: /opt/outsystems/platform/configurationtool.sh
    • Configure OutSystems Platform Database
    • Define the password for the Platform Server administrator account.
    • If you had previously defined this password, you may skip this step.

      Remember that your password:
      • Is case sensitive;
      • Must be at least 6 characters long;
      • Cannot be equal to or contain your username;
    • Do not skip the Farm Settings.
    • In the Farm configurations, set the Deployment Controller Server hostname. This network address will be used by this node to reach the deployment controller node.
    • In the Farm configurations, set the Local IP Address for Front-End Registration. This network address will be used by the Deployment Controller server to reach this Front-End node.
    • For the OutSystems Platform configurations use the default values.
    • Do not skip the WebLogic Settings: Choose the appropriate Managed Server.
    • Enter the address of the machine where WebLogic Administration Console is installed, the port, username and password.
    • Upon completion, the OutSystems Platform Database and the Session Database schema will be created.
    • When asked, please execute the following actions:
      • Restart the Application Server
      • Restart the OutSystems Services
      • Run the Service Center installation
      These are mandatory steps, otherwise OutSystems Platform won't install properly
* Install an SSL certificate:
* Configure SSL.
  • Open the /opt/outsystems/platform/connectors/wildfly/standalone-outsystems-factorydefault.xml file.
  • Copy the security-realm name="SecureApplicationRealm" element that is commented to the same location at $WILDFLY_HOME/standalone/configuration/standalone-outsystems.xml file.
    NOTE: Do not forget to change the password.
  • Also copy the https-listener element that is commented to the same location at $WILDFLY_HOME/standalone/configuration/standalone-outsystems.xml file.
    NOTE: In case you have changed the max-post-size attribute in the http-element, put the same value in this element too.
  • Restart Wildfly by executing service wildfly-outsystems restart
* Use the Glassfish RI JAXB Provider for web services in WebLogic:
  • The default JAXB Provider has issues that cause, in some cases, the incorrect execution of the platform's web service feature while having no advantages for the current implementation.
  • Make sure WebLogic is set to use the Glassfish RI JAXB Provider:
    • Open the WebLogic console at http://<AdministrationServer>:7001/console
      • You may need to allow incoming traffic through port 7001, you can add a temporary rule to iptables by running the following command (as the root user):
      • iptables -I INPUT -p tcp --dport 7001 -j ACCEPT
      • To restore iptables rules you can restart the service by running the following command (as the root user):
      • service iptables restart
    • Expand "Environment" under the "outsystems_domain" in the Domain Structure.
    • Select "Servers".
    • Select your Managed Server.
    • Select "Server Start" Tab
    • Ensure the "Arguments" text box contains the following: -Dcom.sun.xml.ws.spi.db.BindingContextFactory=com.sun.xml.ws.db.glassfish.JAXBRIContextFactory -Djavax.xml.bind.JAXBContext=com.sun.xml.bind.v2.ContextFactory
    • Restart your Managed Server by running the following command: service weblogic-outsystems restart

Legend: * Mandatory; Optional.

Post-installation check list

In this section you have a list of all the steps that you check after installing OutSystems software.

OutSystems Platform Server

After installing OutSystems Platform Server, check the following topics.

Configure Internal Network:
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the Network Security screen (Administration -> Security -> Network Security)
  • Validate and change the Internal Network addresses in accordance to your specific network policies. If you do not enter any addresses (i.e. leave the box empty), then Internal Network configurations will not be enforced and access to your internal applications (including ServiceCenter and LifeTime) will not be restricted to any addresses.

NOTE: If you are changing your Internal Network configuration, please ensure that it includes the IP address used by LifeTime to access the environment.

* Upload your license:
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the licensing screen (Administration -> Licensing)
  • Click Upload New License and select the .lic file you got from the OutSystems Network
  • If you don't have a license file, click the Request New License and follow the instructions
* Configure Service Center:
  • Launch Service Center, log on using your administrator credentials for Platform Server and go to Administration -> Environment Configuration (http://<yourserver>/ServiceCenter)
  • Set the environment's Hostname
  • Set the environment's Running mode to Development or Production
  • Press the Apply button
* Install System Components:

System Components should only be installed once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

  • NOTE: In case you don't have a Web browser in the Production environment, copy the OSP file to a machine with a Web browser and execute the following steps there.
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the solutions screen (Factory -> Solutions)
  • Click Upload and Publish a Solution and select the System_Components.osp file in the installation directory (e.g.: /opt/outsystems/platform/)
  • Click 1-Click Publish, or Prepare Publish if you have 2-Stage deployment active.
Configure Users administrator:

The Administrator user should only be configured once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the eSpaces screen (Factory -> eSpaces)
  • Search for Users and click in the eSpace name
  • Click Single Sign-On tab
  • Click Configure Administrator user
  • Set the password for the Administrator user
  • Click Apply
* Install OutSystems Now:

OutSystems Now should only be installed once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

  • Go to OutSystems Now in Forge
  • Go to the tab Versions
  • Download the latest Application version that is supported by your Platform Version (e.g. download the latest P10 version)
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the applications screen (Factory -> Applications)
  • Click Publish an Application and select the .oap you have just downloaded
  • Click 1-Click Publish.
Install Silk UI Mobile:

You need to have a new license file from OutSystems Licensing with mobile apps generation capabilities.

Silk UI Mobile should only be installed once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

  • Go to Silk UI Mobile in Forge
  • Go to the tab Versions
  • Download the latest Application version that is supported by your Platform Version (e.g. download the latest P10 version)
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the applications screen (Factory -> Applications)
  • Click Publish an Application and select the .oap you have just downloaded
  • Click 1-Click Publish.
* LifeTime - only available for the Enterprise Edition:

LifeTime should only be installed in a dedicated environment. Installing it in more than one environment may lead to erroneous behaviors.

If you are applying this checklist to LifeTime environment, continue with the following procedures. Otherwise skip this step.

Read the LifeTime Installation and Configuration Tech Note to learn more.

Execute this step to install LifeTime in this environment:
  • NOTE: In case you don't have a Web browser in the Production environment, copy the OSP file to a machine with a Web browser and execute the following steps there.
  • Log in to ServiceCenter using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the solutions screen (Factory -> Solutions)
  • Click Upload and Publish a Solution and select the LifeTime.osp file in the Platform Server installation directory (e.g.: /opt/outsystems/platform/).
  • Click 1-Click Publish, or Prepare Publish if you have 2-Stage deployment active.
  • Log in to LifeTime to set up your infrastructure (http://<yourserver>/lifetime)
Business Activity Monitoring:
  • Install graphviz in the front-end servers: wget -O /etc/yum.repos.d/graphviz-rhel.repo http://www.graphviz.org/graphviz-rhel.repo
    yum install graphviz graphviz-gd
    yum install graphviz graphviz-gd
  • Install GraphViz Services this.Version.ToString(). You can download it here.
  • Install Business Activity Monitoring this.Version.ToString(). You can download it here.
NOTE: If you are using Business Process Technology, the installation of Business Activity Monitoring this.Version.ToString() is highly recommended.

Legend: * Mandatory; Optional.

Platform Server Release Upgrade Steps

This section provides the steps that you must follow in order to successfully upgrade OutSystems Platform Server with a new software release. This happens when the Major or Minor number changes (M.m.b.r).

The mandatory topics are the ones that must be checked in order to have a certified installation, i.e. consist in the requirements necessary to guarantee that OutSystems supports your installation. The mandatory topics are in red and the icon associated is *. On the other hand, the optional topics are only recommended and you are not forced to check them. The optional topics are in plain text and the icon associated is .

Platform Server Revision Update Steps

This section provides the steps that you must follow in order to successfully update OutSystems Platform Server with a new software revision. This happens when the Major, Minor and Build numbers are the same, but the Build or Revision number changes (M.m.b.r). Whenever a new revision is issued, the previous one must be considered deprecated and unsupported.

The steps sequence for the Front-end Server profile should be applied in each one of the Front-end Servers.

When installing without internet connection there may be dependency errors, please download the necessary dependencies from the Red Hat Customer Portal.

Description Server
* Recreate the machine:
  • Prepare a new machine with the same specification as the one running the older platform's version.
    In case of any doubts, check the OutSystems Platform's system requirements.
  • All following instructions must be performed in this new machine.

Deployment Controller Server

Front-end Server

Backup the current configurations files:
  • To speed up the reactivation of the OutSystems Platform after upgrade and to keep your custom configurations, you should backup the following configuration files from the old machine:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • JBoss Application Server configurations used by OutSystems Platform: $JBOSS_HOME/bin/standalone-outsystems.conf and $JBOSS_HOME/bin/standalone-outsystems-mq.conf
  • In a step ahead, you will be instructed to copy these files to the new machine.

Deployment Controller Server

Front-end Server

Backup the current configurations files:
  • To speed up the reactivation of the OutSystems Platform after upgrade and to keep your custom configurations, you should backup the following configuration files from the old machine:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
  • In a step ahead, you will be instructed to copy these files to the new machine.
  • In case you have done any custom configurations for the JBoss Application Server configurations used by OutSystems Platform, look for them in the $JBOSS_HOME/bin/standalone-outsystems.conf and $JBOSS_HOME/bin/standalone-outsystems-mq.conf files.
  • After the platform installation you will be also instructed to adapt your custom configurations to the new $WILDFLY_HOME/bin/standalone-outsystems.conf and $WILDFLY_HOME/bin/standalone-outsystems-mq.conf files.

Deployment Controller Server

Front-end Server

Backup the current configurations files:
  • To speed up the reactivation of the OutSystems Platform after upgrade and to keep your custom configurations, you should backup the following configuration files from the old machine:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
  • In a step ahead, you will be instructed to copy these files to the new machine.
  • In case you have done any custom configurations for the WebLogic Server configurations used by OutSystems Platform, look for them in the Server Start tab in each server at the Administration Console.
  • After the platform installation you will be also instructed to insert your custom configurations in the Administration Console of the WebLogic Server.

Deployment Controller Server

Front-end Server

*

Ensure that the clocks of all Front-end servers are synchronized

Synchronizing the clocks of all Front-end servers will prevent clock skew problems that can impact the experience of users accessing your applications.

Front-end Server

* Register with Red Hat Subscription Management:
  • Go to the Red Hat Customer Portal and log in to your account.
  • Locate the system you're installing the Platform on.
    • If you can't find your system, it means that it is not registered with Red Hat Subscription Management and you must register it.
      • As the root user, ensure the Red Hat Subscription Manager package is installed:
        • yum install subscription-manager
      • As the root user, register the system:
        • subscription-manager register
  • Once your system is registered, you must attach it to the subscriptions to which your system is entitled. This can be done on the Red Hat Customer Portal, or via the command line.
    • As the root user, check which subscriptions are available for your system:
      • subscription-manager list --available
    • As the root user, repeat the following command for each subscription that the system is entitled to:
      • subscription-manager attach --pool=<POOL_ID> , where <POOL_ID> is retrieved from the output of the previous command
  • Once your system is attached to your subscriptions, you must enable the required repositories:
    • As the root user, check if the required repositories are available (if they aren't, you may need to change your subscription):
      • subscription-manager repos --list
      • You will need the following repositories to be available (if they aren't, you may need to change your subscription):
        • JBoss Enterprise Application Platform 6.4 (RHEL this.OperatingSystem.GetRepositoryVersion() Server): subscription-manager repos --enable jbappplatform-6.4-x86_64-server-this.OperatingSystem.GetRepositoryVersion()-rpm
        • JBoss Enterprise Application Platform 6.4 (RHEL this.OperatingSystem.GetRepositoryVersion() Server): subscription-manager repos --enable jb-eap-6.4-for-rhel-this.OperatingSystem.GetRepositoryVersion()-server-rpms
        • Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Supplementary: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-supplementary-rpms
        • Applicable only to Oracle JDK, skip this step if you using OpenJDK

          Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Oracle Java: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-restricted-maintenance-oracle-java-rpms

Deployment Controller Server

Front-end Server

Register with Red Hat Subscription Management:
  • Go to the Red Hat Customer Portal and log in to your account.
  • Locate the system you're installing the Platform on.
    • If you can't find your system, it means that it is not registered with Red Hat Subscription Management and you should register it.
      • As the root user, ensure the Red Hat Subscription Manager package is installed:
        • yum install subscription-manager
      • As the root user, register the system:
        • subscription-manager register
  • Once your system is registered, you should attach it to the subscriptions to which your system is entitled. This can be done on the Red Hat Customer Portal, or via the command line.
    • As the root user, check which subscriptions are available for your system:
      • subscription-manager list --available
    • As the root user, repeat the following command for each subscription that the system is entitled to:
      • subscription-manager attach --pool=<POOL_ID> , where <POOL_ID> is retrieved from the output of the previous command
  • Once your system is attached to your subscriptions, you should enable the required repositories:
    • As the root user, check if the required repositories are available (if they aren't, you may need to change your subscription):
      • subscription-manager repos --list
      • You will need the following repositories to be available (if they aren't, you may need to change your subscription):
        • Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Supplementary: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-supplementary-rpms
        • Red Hat Enterprise Linux this.OperatingSystem.GetRepositoryVersion() Server - Oracle Java: subscription-manager repos --enable rhel-this.OperatingSystem.GetRepositoryVersion()-server-restricted-maintenance-oracle-java-rpms

Deployment Controller Server

Front-end Server

* Red Hat Enterprise Linux 7.X x64: Red Hat Enterprise Linux 6.X x64: Red Hat Enterprise Linux 5.X x64: CentOS Linux 5.X x64: CentOS Linux 6.X x64: Oracle Linux 6.X x64:
  • As the root user, make sure the following packages are installed:
    • Shell
      • yum install bash
    • Communication (ssh shells)
      • yum install openssh-clients
    • Firewall (iptables)
      • yum install iptables
      • yum install iptables-services
    • Utilities
      • yum install zip unzip
      • yum install dos2unix
      • yum install patch
      • yum install net-tools
    • X server - only necessary to install Oracle Database Server tools.
  • Iptables configuration:
    • As the root user, set iptables service to auto-start:
      • chkconfig iptables on
      • systemctl enable iptables
      • systemctl start iptables
      • systemctl enable ip6tables
      • systemctl start ip6tables
    • As the root user, open the following ports:
      • 2033, 12000, 12001, 12002, 12003 - OutSystems Services default communication ports
        • You can open a port in iptables by running the following command (as the root user):
        • iptables -I INPUT -p tcp --dport [PORT] -j ACCEPT
        • You can store the iptables settings permanently by running the following command (as the root user):
        • service iptables save
    • As the root user, stop and disable firewalld (it interferes with iptables):
      • systemctl stop firewalld
      • systemctl disable firewalld
      • systemctl mask firewalld
  • If you decide to install a different firewall follow these additional steps:
    • As the root user, set iptables service to not auto-start:
      • chkconfig iptables off
      • systemctl disable iptables
      • systemctl stop iptables
      • systemctl disable ip6tables
      • systemctl stop ip6tables
    • Set port redirection:
      • 8080 redirect to 80;
      • 8443 redirect to 443;
    • Open the following ports:
      • 8080, 8443 - JBoss default communication ports;
      • All ports that must be open in iptables

Deployment Controller Server

Front-end Server

* Install required WebLogic patches:
  • As the root user, check which patches are applied to your WebLogic, by running the following code and looking for the Patch ID of the installed patches: su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch lsinventory"
  • If you have the patch 18123824, as the root user, uninstall the patch by running the following code:
    • su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch rollback -id 18123824"
  • If you have the patch 21370953, as the root user, uninstall the patch by running the following code:
    • su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch rollback -id 21370953"
  • If you do not have the patch 25987810 applied to your WebLogic, please download patch 25987810, for Oracle WebLogic 12.1.3 from the official Oracle Support site.
    • As the root user, install the patch by following the instructions in the README.txt file that comes with the patch: mv p25987810_121300_Generic.zip /home/wls_outsystems/
      su - wls_outsystems -s /bin/bash -c "unzip -d /home/wls_outsystems/ /home/wls_outsystems/p25987810_121300_Generic.zip"
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch apply /home/wls_outsystems/25987810/"
  • If you do not have the patch 27919943 applied to your WebLogic, please download patch 27919943, for Oracle WebLogic 12.1.3 from the official Oracle Support site.
    • As the root user, install the patch by following the instructions in the README.txt file that comes with the patch: mv p27919943_121300_Generic.zip /home/wls_outsystems/
      su - wls_outsystems -s /bin/bash -c "unzip -d /home/wls_outsystems/ /home/wls_outsystems/p27919943_121300_Generic.zip"
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch apply /home/wls_outsystems/27919943/"

Deployment Controller Server

Front-end Server

* Install Ant (1.9+):
  • Please download the Ant (1.9+) zip archive from the official site:
    http://ant.apache.org/bindownload.cgi.
  • As the root user, unzip to /opt the downloaded archive: unzip apache-ant-1.9.*.zip -d /opt/

Deployment Controller Server

Front-end Server

*

Install either Open JDK or Oracle JDK (you must only install one of them)

Install Open JDK (1.8 x64):
  • As the root user, make sure the following package is installed:
    • Open Java Development Kit 1.8.0
      • yum install java-1.8.0-openjdk-devel
  • Set Java version system wide. As the root user, execute:
    • echo JAVA_HOME=/usr/lib/jvm/$(ls /usr/lib/jvm/ | grep java-1.8.0-openjdk | sort -t_ -n -k2 | tail -1) > /etc/sysconfig/outsystems
Install Oracle's Java SDK (1.8 x64):
  • Please download the Linux x64 RPM from the official site:
    http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html.
  • As the root user, execute the installer: rpm -i jdk-*-linux-x64.rpm
    • Install Java into a location that is accessible by all users.
    • For the purpose of this document, we assume Java will be installed to /usr/java/jdk1.8.0_* folder.
  • Set Java version system wide. As the root user, execute:
    JAVA_HOME="/usr/java/`ls /usr/java/ | grep jdk1.8.0 | sort -t_ -n -k2 | tail -1`"
    mkdir -p /usr/lib/jvm
    alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 16999
    alternatives --install /usr/lib/jvm/java-1.8.0 java_sdk_1.8.0 $JAVA_HOME/ 16999
  • Override the system wide java version. As the root user, execute:
    alternatives --set java $JAVA_HOME/bin/java
    alternatives --set java_sdk_1.8.0 $JAVA_HOME/
  • Confirm that the system wide java version is correct. As the root user, execute: alternatives --config java
    • You should see an output containing the path /usr/java/jdk1.8.0_*/bin/java selected.
    • As the root user, make sure the following package is installed:
      • Oracle Java Development Kit 1.8.0
        • yum install java-1.8.0-oracle-devel
    • If your RedHat subscription does not entitle you to install Oracle Java SDK (1.8 x64) via yum:
      • Please download the Linux x64 RPM from the official site:
        http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html.
      • As the root user, execute the installer: rpm -i jdk-*-linux-x64.rpm
        • Install Java into a location that is accessible by all users.
        • For the purpose of this document, we assume Java will be installed to /usr/java/jdk1.8.0_* folder.
      • Set Java version system wide. As the root user, execute:
        JAVA_HOME="/usr/java/`ls /usr/java/ | grep jdk1.8.0 | sort -t_ -n -k2 | tail -1`"
        mkdir -p /usr/lib/jvm
        alternatives --install /usr/bin/java java $JAVA_HOME/bin/java 16999
        alternatives --install /usr/lib/jvm/java-1.8.0 java_sdk_1.8.0 $JAVA_HOME/ 16999
      • Override the system wide java version. As the root user, execute:
        alternatives --set java $JAVA_HOME/bin/java
        alternatives --set java_sdk_1.8.0 $JAVA_HOME/
      • Confirm that the system wide java version is correct. As the root user, execute: alternatives --config java
        • You should see an output containing the path /usr/java/jdk1.8.0_*/bin/java selected.

Deployment Controller Server

Front-end Server

* Install Wildfly Application Server (8.2.0 Final):
  • Download the file wildfly-8.2.0.Final.zip from the official site:
    http://wildfly.org/downloads/.
    • For the purpose of this document, we assume Wildfly will be installed to /opt/wildfly-8.2.0.Final folder.
  • As the root user, uncompress the Wildfly installation file to /opt: unzip wildfly-8.2.0.Final.zip -d /opt/

Deployment Controller Server

Front-end Server

Mount Wildfly in a separate partition:
  • If you have a partition reserved for the Wildfly Application Server, move the directory /opt/wildfly-8.2.0.Final/standalone to the alternate partition, and create a mount point to it at /opt/wildfly-8.2.0.Final/standalone.

Deployment Controller Server

Front-end Server

* Install WebLogic Application Server:
  • Please download the Oracle WebLogic Server 12.1.3 Generic Installer from the official site: http://www.oracle.com/technetwork/middleware/weblogic/downloads/wls-main-097127.html.
  • As the root user, create a user for WebLogic and disable password ageing:
    useradd -s /sbin/nologin -U wls_outsystems
    chage -m 0 -M 99999 -I -1 -E -1 wls_outsystems
  • Make sure the downloaded fmw_12.1.3.0.0_wls.jar is copied to /home/wls_outsystems/
  • As the root user, create a file named /home/wls_outsystems/oraInst.loc with the following content:
    ###################
    # oraInst.loc file
    ###################
    inventory_loc=/home/wls_outsystems/oraInventory/
    inst_group=wls_outsystems
  • As the root user, create a file named /home/wls_outsystems/response.file.rsp with the following content:
    ####################
    # response.file.rsp
    ####################
    [ENGINE]
    Response File Version=1.0.0.0.0
    [GENERIC]
    #The oracle home location. This can be an existing Oracle Home or a new Oracle Home
    ORACLE_HOME=/opt/Oracle/Middleware
    #Set this variable value to the Installation Type selected. e.g. WebLogic Server, Coherence, Complete with Examples.
    INSTALL_TYPE=WebLogic Server
    #Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
    MYORACLESUPPORT_USERNAME=
    #Provide the My Oracle Support Password
    MYORACLESUPPORT_PASSWORD=<SECURE VALUE>
    #Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
    DECLINE_SECURITY_UPDATES=true
    #Set this to true if My Oracle Support Password is specified
    SECURITY_UPDATES_VIA_MYORACLESUPPORT=false
    #Provide the Proxy Host
    PROXY_HOST=
    #Provide the Proxy Port
    PROXY_PORT=
    #Provide the Proxy Username
    PROXY_USER=
    #Provide the Proxy Password
    PROXY_PWD=<SECURE VALUE>
    #Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port]
    COLLECTOR_SUPPORTHUB_URL=
  • As the root user, make sure the created files can be read by everyone
    chmod a+r /home/wls_outsystems/oraInst.loc /home/wls_outsystems/response.file.rsp
  • As the root user, install WebLogic:
    mkdir -p /opt/Oracle/Middleware
    chown -R wls_outsystems:wls_outsystems /opt/Oracle

    Note: the following command is a single line

    su - wls_outsystems -s /bin/bash -c "umask 0027; java -jar -d64 /home/wls_outsystems/fmw_12.1.3.0.0_wls.jar -silent -invPtrLoc /home/wls_outsystems/oraInst.loc -responseFile /home/wls_outsystems/response.file.rsp"

Deployment Controller Server

Front-end Server

* Creating a WebLogic domain for OutSystems:
  • As the root user, create a file named /home/wls_outsystems/configDomain.py with the following content:
    ################################
    # WebLogic silent configuration
    ################################

    #Customization Zone
    username='<insert weblogic username>'
    password='<insert weblogic password>'
    server_name='<insert server name here>'
    machine_ip='<insert machine ip here>'
    #End of Customization Zone

    readTemplate('/opt/Oracle/Middleware/wlserver/common/templates/wls/wls.jar')
    cmo.setProductionModeEnabled(true)

    # Setting Administration Server listen address/port
    cd('Servers/AdminServer')
    set('ListenAddress','')
    set('ListenPort', 7001)

    # Setting the username/password
    cd('/Security/base_domain/User/weblogic')
    cmo.setName(username)
    cmo.setPassword(password)

    # Create Managed Server
    cd('/')
    server = create(server_name, 'Server')
    server.setListenAddress('')
    server.setListenPort(8080)

    # Create Machine
    cd('/')
    machine_name= server_name + '_machine'
    machine = create(machine_name, 'Machine')
    cd('/Machine/' + machine_name)
    nodeMgr = create(machine_name, 'NodeManager')
    nodeMgr.setListenAddress(machine_ip)
    nodeMgr.setListenPort(5556)

    # Map server to machine
    cd('/')
    cd('/Servers/')
    cd(server_name)
    currentServer = cmo;
    cd('/Machine/' + machine_name)
    currentServer.setMachine(cmo)

    setOption('OverwriteDomain', 'true')
    writeDomain('/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain')

    closeTemplate()
    exit()
  • Please edit the region #Customization Zone, and provide the following information:
    • In the username property, and password property enter the name and credentials for the WebLogic Administrator account.
      OutSystems Platform will require these credentials later on.
    • In the server_name property, enter an appropriate Name for the Managed Server.

      Suggestion: Use the server hostname as the Managed Server name.

    • In the machine_ip property, enter the Machine IP of the Server.
  • As the root user, make sure the create file can be read by everyone
    chmod a+r /home/wls_outsystems/configDomain.py
  • As the root user, execute the following instruction to create the WebLogic domain for OutSystems:
    su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/wlserver/common/bin/wlst.sh /home/wls_outsystems/configDomain.py"
  • As the root user, delete the recently created files:
    rm -f /home/wls_outsystems/oraInst.loc /home/wls_outsystems/response.file.rsp /home/wls_outsystems/configDomain.py

Deployment Controller Server

Follow the next steps if you want to use Open JDK as an alternative to Oracle JDK.

If you already using Open JDK, skip this step.

  • As the root user, execute:

    Install Open JDK
    yum install java-1.8.0-openjdk-devel

    Configure alternatives for java, choosing the option that includes jre-1.8.0-openjdk
    alternatives --config java

    Configure alternatives for javac, choosing the option that includes java-1.8.0-openjdk
    alternatives --config javac

    Save the path for javac (it will look something like /usr/lib/jvm/java-1.8.0-openjdk.x86_64/bin/javac )

    The parent directory of the bin folder will be your new JAVA_HOME (/usr/lib/jvm/java-1.8.0-openjdk.x86_64)

    Edit /etc/sysconfig/outsystems file, and set the property JAVA_HOME to the new home
    New line will look like: JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk.x86_64

    It's important that the JAVA_HOME will be the SDK one, and not the JRE, or critical errors will occur.

    Please ensure the path was extracted from the javac command, and not the java one.

Deployment Controller Server

Front-end Server

* Install the new OutSystems Platform Server revision:
  • As the root user, execute: yum update outsystems-agileplatform-jboss6-eap outsystems-agileplatform outsystems-agileplatform-libs yum update outsystems-agileplatform-wildfly8 outsystems-agileplatform outsystems-agileplatform-libs yum update outsystems-agileplatform-weblogic outsystems-agileplatform outsystems-agileplatform-libs
    • To install without internet connection or to install a specific OutSystems Platform Server version, download the rpms outsystems-agileplatform-*.noarch.rpm outsystems-agileplatform-libs-*.noarch.rpm outsystems-agileplatform-jboss6-eap-*.noarch.rpm outsystems-agileplatform-wildfly8-*.noarch.rpm outsystems-agileplatform-weblogic-*.noarch.rpm from the "OutSystems yum repository", and then execute (as root user): yum --disablerepo=* --nogpgcheck update outsystems-agileplatform-*.noarch.rpm
    yum --nogpgcheck update outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck update outsystems-agileplatform-*.noarch.rpm

Deployment Controller Server

Front-end Server

* Install required WebLogic patches:
  • As the root user, check which patches are applied to your WebLogic, by running the following code and looking for the Patch ID of the installed patches: su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch lsinventory"
  • If you do not have the patch 21370953 applied to your WebLogic, please download patch 21370953, for Oracle WebLogic 12.1.3 from the official Oracle Support site.
  • As the root user, install the patch by following the instructions in the README.txt file that comes with the patch: mv p21370953_121300_Generic.zip /home/wls_outsystems/
    unzip -d /home/wls_outsystems/ /home/wls_outsystems/p21370953_121300_Generic.zip
    su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/OPatch/opatch apply -jdk $JAVA_HOME /home/wls_outsystems/21370953/"

Deployment Controller Server

Front-end Server

Workaround for NodeManager SSL configuration:
  • By default, WebLogic configures the Node Manager to operate over SSL, which means that the Node Manager host must have a valid certificate and that the Administration Server needs to trust that certificate before being able to communicate with that Node Manager.

    OutSystems strongly recommends that you properly configure your SSL certificates. For more information on how to configure certificates between the Node Managers and the Administration Server, please see http://docs.oracle.com/middleware/1213/wls/SECMG/ssl_overview.htm#SECMG718 .

    If you are sure that you do not want to configure SSL certificates between the Node Managers and the Administration Server you can manually disable it.

    Note that this procedure reduces the security level of the communication between Node Managers and Administration Server

    As the root user, execute:
    • Disable NodeManager secure listener:
      su - wls_outsystems -s /bin/bash -c "sed -i.bak s/SecureListener=true/SecureListener=false/g /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/nodemanager/nodemanager.properties 2>&1 > /dev/null"
    • Start WebLogic:
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/startWebLogic.sh"
    • Open the WebLogic console at http://<AdministrationServer>:7001/console
      • Click the Lock & Edit button
      • Go to the outsystems_domain and expand Environment
      • Click on Machines
      • Select the machine associated with the node you are configuring
      • Click on the Node Manager tab
      • Change Type to Plain
      • Save and Activate Changes
    • Stop WebLogic:
      su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/stopWebLogic.sh"

Deployment Controller Server

* Preparing to extend the outsystems_domain - Making an outsystems_domain template file
  • As the root user, execute the following line to pack your domain's template using the wls_outsystems user su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/oracle_common/common/bin/pack.sh -domain=/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain -managed=true -template=/home/wls_outsystems/outsystems_domain.jar -template_name=outsystems_domain"
  • This template will be used later by each Front-End.

Deployment Controller Server

* Extending the existing outsystems_domain - Unpacking the Domain's template
  • As the root user, copy the outsystems_domain.jar template file available from the Administration Server host to the Front-End server.
    • Check The Controller's checklist Instructions, on how to generate this file, if you haven't done it yet.
  • As the root user, execute the following line to unpack your domain's template using the wls_outsystems user: mv outsystems_domain.jar /home/wls_outsystems/
    chown wls_outsystems:wls_outsystems /home/wls_outsystems/outsystems_domain.jar
    su - wls_outsystems -s /bin/bash -c "/opt/Oracle/Middleware/oracle_common/common/bin/unpack.sh -domain=/opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain -template=/home/wls_outsystems/outsystems_domain.jar"
  • After unpack the the outsystems domain, change the listen address of the node manager to listen requests from this machine.
    As the root user, execute the following line changing the Administration_Server_Address and Front_End_Address placeholders accordingly:

    Note: the following command is a single line

    su - wls_outsystems -s /bin/bash -c "sed -i.bak s/ListenAddress=<Administration_Server_Address>/ListenAddress=<Front_End_Address>/g /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/nodemanager/nodemanager.properties 2>&1 > /dev/null"

Front-end Server

* Extending the existing outsystems_domain - Registering a new Front-End:
  • Creating a Machine and Managed Server in the AdminServer's console:
    • Open the WebLogic console at http://<AdministrationServer>:7001/console
      • Click the Lock & Edit button
      • Go to the outsystems_domain and expand Environment
      • Click on Machines
      • Create a new Machine:
        • Enter an appropriate Name for the Machine
          • Suggestion: Use the server hostname appended with _machine as the Machine name.
        • Select the appropriate Node Manager Type (SSL or Plain, consistent with the rest of your environment)
        • Enter the Machine IP as the Node Manager listen address
        • Leave 5556 as the Node Manager listen port
        • Press the Finish button
      • Create a new Server:
        • Enter an appropriate Name for the Server
          • Suggestion: Use the server hostname as the Managed Server name.
        • Leave the Listen Address empty
        • Enter 8080 as the Server Listen Port
        • Press the Finish button
        • Click on the newly created Server
        • Associate the server with the machine created just before
        • Enable SSL Listen Port and enter 8443 as the SSL Listen Port
        • Save and Activate Changes

Front-end Server

* Changing startup memory parameters for OutSystems:
  • As the root user, execute the following instructions:

    Note: the following command is a single line

    echo -e "JAVA_OPTIONS=\"\${JAVA_OPTIONS} -XX:MetaspaceSize=256m -XX:MinMetaspaceFreeRatio=20 -XX:MaxMetaspaceFreeRatio=40\"\nexport JAVA_OPTIONS" >> /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/setDomainEnv.sh

    Note: the following command is a single line

    sed -i 's,^export JAVA_OPTIONS[^\n]*,JAVA_OPTIONS="${JAVA_OPTIONS} -XX:MetaspaceSize=256m -XX:MinMetaspaceFreeRatio=20 -XX:MaxMetaspaceFreeRatio=40"\nexport JAVA_OPTIONS,' /opt/Oracle/Middleware/wlserver/user_projects/domains/outsystems_domain/bin/startNodeManager.sh

Deployment Controller Server

Front-end Server

* Install the new OutSystems yum repository:
  • As the root user, execute: rpm -U http://yum.outsystems.net/this.Version.ToString()/noarch/outsystems-repo.rpm
    • To install without internet connection, download the rpm from the above location, and then execute (as root user): rpm -U outsystems-repo.rpm

Deployment Controller Server

Front-end Server

* Install the new OutSystems Platform Server release:
  • As the root user, execute: yum install outsystems-agileplatform-jboss6-eap outsystems-agileplatform outsystems-agileplatform-libs yum install outsystems-agileplatform-wildfly8 outsystems-agileplatform outsystems-agileplatform-libs yum install outsystems-agileplatform-weblogic outsystems-agileplatform outsystems-agileplatform-libs
    • To install without internet connection or to install a specific OutSystems Platform Server version, download the rpms outsystems-agileplatform-*.noarch.rpm outsystems-agileplatform-libs-*.noarch.rpm outsystems-agileplatform-jboss6-eap-*.noarch.rpm outsystems-agileplatform-wildfly8-*.noarch.rpm outsystems-agileplatform-weblogic-*.noarch.rpm from the "OutSystems yum repository", and then execute (as root user): yum --disablerepo=* --nogpgcheck install outsystems-agileplatform-*.noarch.rpm
    yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm

Deployment Controller Server

Front-end Server

Workaround for First Database Connection performance issue on low entropy systems
  • Oracle OJDBC driver is affected by the java.security.SecureRandom API limitation JDK bug 6521844.
  • In low entropy systems such as virtual machines the time to obtain the first DB connection can be unusually high.


    To assess you machine level of entropy you can get an estimate by executing the following command:

    cat /proc/sys/kernel/random/entropy_avail

    The issue can occur in machines with an entropy estimate lower than 300.


    You can workaround this issue by changing the securerandom.source property in the file java.security to:

    securerandom.source=file:/dev/./urandom

    To find the correct java.security file you can use the following commands:

    source /etc/sysconfig/outsystems

    find ${JAVA_HOME}/ -name java.security


    Note that this procedure reduces the DB connection security. It makes it easier for an attacker to decrypt the password in the network.

    However only the initial login is affected, it is a very short operation therefore the vulnerability is low.

Deployment Controller Server

Front-end Server

*

Applicable only to Oracle JDK, skip this step if you using OpenJDK

Download strong Cryptographic Support extension:

Deployment Controller Server

Front-end Server

* Install an SSL certificate:
  • Follow the instructions in the "How-to install an SSL Certificate for the OutSystems Platform" article and install an SSL Certificate

Deployment Controller Server

Front-end Server

* Configure SSL.
  • Open the /opt/outsystems/platform/connectors/wildfly/standalone-outsystems-factorydefault.xml file.
  • Copy the security-realm name="SecureApplicationRealm" element that is commented to the same location at $WILDFLY_HOME/standalone/configuration/standalone-outsystems.xml file.
    NOTE: Do not forget to change the password.
  • Also copy the https-listener element that is commented to the same location at $WILDFLY_HOME/standalone/configuration/standalone-outsystems.xml file.
    NOTE: In case you have changed the max-post-size attribute in the http-element, put the same value in this element too.
  • Restart Wildfly by executing service wildfly-outsystems restart

Deployment Controller Server

Front-end Server

Workaround for First Database Connection performance issue on low entropy systems
  • Oracle OJDBC driver is affected by the java.security.SecureRandom API limitation JDK bug 6521844.
  • In low entropy systems such as virtual machines the time to obtain the first DB connection can be unusually high.


    To assess you machine level of entropy you can get an estimate by executing the following command:

    cat /proc/sys/kernel/random/entropy_avail

    The issue can occur in machines with an entropy estimate lower than 300.


    You can workaround this issue by changing the securerandom.source property in the file java.security to:

    securerandom.source=file:/dev/./urandom

    To find the correct java.security file you can use the following commands:

    source /etc/sysconfig/outsystems

    find ${JAVA_HOME}/ -name java.security


    Note that this procedure reduces the DB connection security. It makes it easier for an attacker to decrypt the password in the network.

    However only the initial login is affected, it is a very short operation therefore the vulnerability is low.

Deployment Controller Server

Front-end Server

Install SAP Connector Libraries:
  • Download the SAP Connector for Java 3.0.x for Linux 64bit from SAP Service Marketplace.
  • Unpack the Connector and copy the sapjco3.jar and libsapjco3.so files to the /opt/outsystems/platform/thirdparty/lib/ folder.
NOTE
  • This step is only required if you are going to integrate OutSystems Platform with your SAP.
  • If this step is done later, after you have upgraded the Platform, you must repeat the mandatory steps below.

Deployment Controller Server

Front-end Server

* Upgrade the Platform Database schema:
  • Start the OutSystems Configuration Tool. As the root user, execute: /opt/outsystems/platform/configurationtool.sh
    Use the default values.
  • Define the password for the Platform Server administrator account.
  • If you had previously defined this password, you may skip this step.

    Remember that your password:

    • Is case sensitive;
    • Must be at least 6 characters long;
    • Cannot be equal to or contain your username;
  • Answer Yes if a message shows up asking to restart the Application Server.
  • Answer Yes if a message shows up asking to start the OutSystems Scheduler Service.
  • Answer Yes when a message shows up asking you to run the Service Center installation.
  • Answer No if a message shows up asking to start the OutSystems Scheduler Service.
  • Answer No when a message shows up asking you to run the Service Center installation.

Deployment Controller Server

Front-end Server

Restore the configurations files:
  • In case you want to restore the platform configurations from the old machine you can now copy the saved files to the same locations:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown outsystems:outsystems /etc/outsystems/server.hsconf
      chmod 640 /etc/outsystems/server.hsconf
      chown outsystems:outsystems /opt/outsystems/platform/private.key
      chmod 640 /opt/outsystems/platform/private.key
  • In case you want to restore the JBoss Application Server configurations from the old machine you can now copy the saved files:
    • JBoss Application Server configurations used by OutSystems Platform: /usr/share/jbossas/bin/standalone-outsystems.conf and /usr/share/jbossas/bin/standalone-outsystems-mq.conf
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown jboss:jboss /usr/share/jbossas/bin/standalone-outsystems.conf
      chmod 640 /usr/share/jbossas/bin/standalone-outsystems.conf
      chown jboss:jboss /usr/share/jbossas/bin/standalone-outsystems-mq.conf
      chmod 640 /usr/share/jbossas/bin/standalone-outsystems-mq.conf

Deployment Controller Server

Front-end Server

Restore the configurations files:
  • In case you want to restore the platform configurations from the old machine you can now copy the saved files to the same locations:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown outsystems:outsystems /etc/outsystems/server.hsconf
      chmod 640 /etc/outsystems/server.hsconf
      chown outsystems:outsystems /opt/outsystems/platform/private.key
      chmod 640 /opt/outsystems/platform/private.key
  • In case you want to apply the same custom configurations that you had in the JBoss Application Server from the old machine you can now adapt them to /opt/wildfly-8.2.0.Final/bin/standalone-outsystems.conf and /opt/wildfly-8.2.0.Final/bin/standalone-outsystems-mq.conf.
    Do not copy those application server configuration files from the old machine to the new one, since this may cause the application server to misbehave.

Deployment Controller Server

Front-end Server

Restore the configurations files:
  • In case you want to restore the platform configurations from the old machine you can now copy the saved files to the same locations:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown outsystems:outsystems /etc/outsystems/server.hsconf
      chmod 640 /etc/outsystems/server.hsconf
      chown outsystems:outsystems /opt/outsystems/platform/private.key
      chmod 640 /opt/outsystems/platform/private.key
  • In case you want to apply the same custom configurations that you had in the WebLogic Server from the old machine you can now adapt and add them to in the Server Start tab in each server at the Administration Console.

Deployment Controller Server

Front-end Server

* Configure OutSystems Platform:
  • Start the OutSystems Configuration Tool. As the root user, execute: /opt/outsystems/platform/configurationtool.sh
    Use the default values.
  • Define the password for the Platform Server administrator account.
  • If you had previously defined this password, you may skip this step.

    Remember that your password:
    • Is case sensitive;
    • Must be at least 6 characters long;
    • Cannot be equal to or contain your username;
  • Answer Yes if a message shows up asking to start the OutSystems Scheduler Service.
  • Answer Yes when a message shows up asking you to run the Service Center installation.
  • Answer No if a message shows up asking to start the OutSystems Scheduler Service.
  • Answer No when a message shows up asking you to run the Service Center installation.

Deployment Controller Server

Front-end Server

* Install the new OutSystems Platform Server revision:
  • As the root user, execute: yum update outsystems-agileplatform-jboss6-eap outsystems-agileplatform outsystems-agileplatform-libs yum update outsystems-agileplatform-wildfly8 outsystems-agileplatform outsystems-agileplatform-libs yum update outsystems-agileplatform-weblogic outsystems-agileplatform outsystems-agileplatform-libs
    • To install without internet connection or to install a specific OutSystems Platform Server version, download the rpms outsystems-agileplatform-*.noarch.rpm outsystems-agileplatform-libs-*.noarch.rpm outsystems-agileplatform-jboss6-eap-*.noarch.rpm outsystems-agileplatform-wildfly8-*.noarch.rpm outsystems-agileplatform-weblogic-*.noarch.rpm from the "OutSystems yum repository", and then execute (as root user): yum --disablerepo=* --nogpgcheck update outsystems-agileplatform-*.noarch.rpm
    yum --nogpgcheck update outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck update outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck update outsystems-agileplatform-*.noarch.rpm

Front-end Server

* Install the new OutSystems Platform Server release:
  • As the root user, execute: yum install outsystems-agileplatform-jboss6-eap yum install outsystems-agileplatform-wildfly8 yum install outsystems-agileplatform-weblogic
    • To install without internet connection or to install a specific OutSystems Platform Server version, download the rpms outsystems-agileplatform-*.noarch.rpm outsystems-agileplatform-libs-*.noarch.rpm outsystems-agileplatform-jboss6-eap-*.noarch.rpm outsystems-agileplatform-wildfly8*.noarch.rpm outsystems-agileplatform-weblogic-*.noarch.rpm from the "OutSystems yum repository", and then execute (as root user): yum --disablerepo=* --nogpgcheck install outsystems-agileplatform-*.noarch.rpm
    yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm yum --nogpgcheck install outsystems-agileplatform-*.noarch.rpm

Front-end Server

Workaround for First Database Connection performance issue on low entropy systems
  • Oracle OJDBC driver is affected by the java.security.SecureRandom API limitation JDK bug 6521844.
  • In low entropy systems such as virtual machines the time to obtain the first DB connection can be unusually high.


    To assess you machine level of entropy you can get an estimate by executing the following command:

    cat /proc/sys/kernel/random/entropy_avail

    The issue can occur in machines with an entropy estimate lower than 300.


    You can workaround this issue by changing the securerandom.source property in the file java.security to:

    securerandom.source=file:/dev/./urandom

    To find the correct java.security file you can use the following commands:

    source /etc/sysconfig/outsystems

    find ${JAVA_HOME}/ -name java.security


    Note that this procedure reduces the DB connection security. It makes it easier for an attacker to decrypt the password in the network.

    However only the initial login is affected, it is a very short operation therefore the vulnerability is low.

Front-end Server

*

Applicable only to Oracle JDK, skip this step if you using OpenJDK

Download strong Cryptographic Support extension:

Front-end Server

Restore the configurations files:
  • In case you want to restore the platform configurations from the old machine you can now copy the saved files to the same locations:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown outsystems:outsystems /etc/outsystems/server.hsconf
      chmod 640 /etc/outsystems/server.hsconf
      chown outsystems:outsystems /opt/outsystems/platform/private.key
      chmod 640 /opt/outsystems/platform/private.key
  • In case you want to restore the JBoss Application Server configurations from the old machine you can now copy the saved files:
    • JBoss Application Server configurations used by OutSystems Platform: /usr/share/jbossas/bin/standalone-outsystems.conf and /usr/share/jbossas/bin/standalone-outsystems-mq.conf
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown jboss:jboss /usr/share/jbossas/bin/standalone-outsystems.conf
      chmod 640 /usr/share/jbossas/bin/standalone-outsystems.conf
      chown jboss:jboss /usr/share/jbossas/bin/standalone-outsystems-mq.conf
      chmod 640 /usr/share/jbossas/bin/standalone-outsystems-mq.conf

Front-end Server

Workaround for First Database Connection performance issue on low entropy systems
  • Oracle OJDBC driver is affected by the java.security.SecureRandom API limitation JDK bug 6521844.
  • In low entropy systems such as virtual machines the time to obtain the first DB connection can be unusually high.


    To assess you machine level of entropy you can get an estimate by executing the following command:

    cat /proc/sys/kernel/random/entropy_avail

    The issue can occur in machines with an entropy estimate lower than 300.


    You can workaround this issue by changing the securerandom.source property in the file java.security to:

    securerandom.source=file:/dev/./urandom

    To find the correct java.security file you can use the following commands:

    source /etc/sysconfig/outsystems

    find ${JAVA_HOME}/ -name java.security


    Note that this procedure reduces the DB connection security. It makes it easier for an attacker to decrypt the password in the network.

    However only the initial login is affected, it is a very short operation therefore the vulnerability is low.

Front-end Server

Restore the configurations files:
  • In case you want to restore the platform configurations from the old machine you can now copy the saved files to the same locations:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown outsystems:outsystems /etc/outsystems/server.hsconf
      chmod 640 /etc/outsystems/server.hsconf
      chown outsystems:outsystems /opt/outsystems/platform/private.key
      chmod 640 /opt/outsystems/platform/private.key
  • In case you want to apply the same custom configurations that you had in the JBoss Application Server from the old machine you can now adapt them to /opt/wildfly-8.2.0.Final/bin/standalone-outsystems.conf and /opt/wildfly-8.2.0.Final/bin/standalone-outsystems-mq.conf.
    Do not copy those application server configuration files from the old machine to the new one, since this may cause the application server to misbehave.

Front-end Server

Restore the configurations files:
  • In case you want to restore the platform configurations from the old machine you can now copy the saved files to the same locations:
    • OutSystems Platform configuration file: /etc/outsystems/server.hsconf
    • OutSystems Platform private key (available since Platform version 9.0.1+): /opt/outsystems/platform/private.key
    • After copy the files, execute the following commands as root user to set up the right file owners and permissions:
      chown outsystems:outsystems /etc/outsystems/server.hsconf
      chmod 640 /etc/outsystems/server.hsconf
      chown outsystems:outsystems /opt/outsystems/platform/private.key
      chmod 640 /opt/outsystems/platform/private.key
  • In case you want to apply the same custom configurations that you had in the WebLogic Server from the old machine you can now adapt and add them to in the Server Start tab in each server at the Administration Console.

Front-end Server

Install SAP Connector Libraries:
  • Download the SAP Connector for Java 3.0.x for Linux 64bit from SAP Service Marketplace.
  • Unpack the Connector and copy the sapjco3.jar and libsapjco3.so files to the /opt/outsystems/platform/thirdparty/lib/ folder.
NOTE
  • This step is only required if you are going to integrate OutSystems Platform with your SAP.
  • If this step is done later, after you have upgraded the Platform, you must repeat the mandatory steps below.

Front-end Server

* Configure OutSystems Platform:
  • Copy the Controller's /opt/outsystems/platform/private.key to the same location, unless the file already exists.
  • Start the OutSystems Configuration Tool. As the root user, execute: /opt/outsystems/platform/configurationtool.sh
    Use the default values.
  • Answer No if a message shows up asking to start the OutSystems Scheduler Service.
  • Answer No when a message shows up asking you to run the Service Center installation.

Front-end Server

* Configure OutSystems Platform:
  • Copy the Controller's /opt/outsystems/platform/private.key to the same location.
  • Start the OutSystems Configuration Tool. As the root user, execute: /opt/outsystems/platform/configurationtool.sh
    Use the default values.
  • Answer Yes if a message shows up asking to restart the Application Server.
  • Answer No if a message shows up asking to start the OutSystems Scheduler Service.
  • Answer No when a message shows up asking you to run the Service Center installation.

Front-end Server

* Platform upgrade:
  • As the root user, execute: /opt/outsystems/platform/scinstall.sh

Deployment Controller Server

* Use the Glassfish RI JAXB Provider for web services in WebLogic:
  • The default JAXB Provider has issues that cause, in some cases, the incorrect execution of the platform's web service feature while having no advantages for the current implementation.
  • Make sure WebLogic is set to use the Glassfish RI JAXB Provider:
    • Open the WebLogic console at http://<AdministrationServer>:7001/console
      • You may need to allow incoming traffic through port 7001, you can add a temporary rule to iptables by running the following command (as the root user):
      • iptables -I INPUT -p tcp --dport 7001 -j ACCEPT
      • To restore iptables rules you can restart the service by running the following command (as the root user):
      • service iptables restart
    • Expand "Environment" under the "outsystems_domain" in the Domain Structure.
    • Select "Servers".
    • Select your Managed Server.
    • Select "Server Start" Tab
    • Ensure the "Arguments" text box contains the following: -Dcom.sun.xml.ws.spi.db.BindingContextFactory=com.sun.xml.ws.db.glassfish.JAXBRIContextFactory -Djavax.xml.bind.JAXBContext=com.sun.xml.bind.v2.ContextFactory

Deployment Controller Server

Front-end Server

* Configure Internal Network:

If your previous installation had any Internal Network configurations, they have been updated to the new format.

  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the Network Security screen (Administration -> Security -> Network Security)
  • Validate and change the Internal Network addresses in accordance to your specific network policies. If you do not enter any addresses (i.e. leave the box empty), then Internal Network configurations will not be enforced and access to your internal applications (including ServiceCenter and LifeTime) will not be restricted to any addresses.

NOTE: If you are changing your Internal Network configuration, please ensure that it includes the IP address used by LifeTime to access the environment.

Deployment Controller Server

* Upload a new license file:

You need to obtain a new license file from OutSystems Licensing.

  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the licensing screen (Administration -> Licensing)
  • Click Request New License and download the license file for your environment
  • Click Upload New License and select the .lic file you downloaded.

Front-end Server

* System Components:

System Components should only be updated once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

NOTE: The upgrade of system components should be done in the development environment with developer's supervision. If you already have the System_Components deployed and customized, you will need to merge your customized version with /opt/outsystems/platform/System_Components.osp.

Update System Components:

  • NOTE: In case you don't have a Web browser in the Production environment, copy the OSP file to a machine with a Web browser and execute the above steps there.
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the solutions screen (Factory -> Solutions)
  • Click Upload and Publish a Solution and select the /opt/outsystems/platform/System_Components.osp file
  • Click 1-Click Publish

Front-end Server

* Update OutSystems Now:

OutSystems Now should only be updated once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

  • Go to OutSystems Now in Forge
  • Go to the tab Versions
  • Download the latest Application version that is supported by your Platform Version (e.g. download the latest P10 version)
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the applications screen (Factory -> Applications)
  • Click Publish an Application and select the .oap you have just downloaded
  • Click 1-Click Publish.

Front-end Server

Update Silk UI Mobile:

The upgrade of Silk UI Mobile should be done in the development environment with developer's supervision. You need to have a new license file from OutSystems Licensing with mobile apps generation capabilities.

Silk UI Mobile should only be updated once per environment. In a Farm installation, any Front-End server can be used to perform this operation.

  • Go to Silk UI Mobile in Forge
  • Go to the tab Versions
  • Download the latest Application version that is supported by your Platform Version (e.g. download the latest P10 version)
  • Log in to Service Center using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the applications screen (Factory -> Applications)
  • Click Publish an Application and select the .oap you have just downloaded
  • Click 1-Click Publish.

Front-end Server

* LifeTime - only available for the Enterprise Edition:

LifeTime should only be installed in a dedicated environment. Update it before the others.

Installing LifeTime in more than one environment may lead to erroneous behaviors.

If you are applying this checklist to LifeTime environment, continue with the following procedures. Otherwise skip this step.

Read the LifeTime Installation and Configuration Tech Note to learn more.

Please refer to the new application promotion functionality and redesigned permission model posts on the community for more information on the differences introduced by LifeTime in P9 Amsterdam (9.0.1.x)

Execute this step to install LifeTime in this environment:
  • NOTE: In case you don't have a Web browser in the Production environment, copy the OSP file to a machine with a Web browser and execute the above steps there.
  • Log in to ServiceCenter using your administrator credentials for Platform Server (http://<yourserver>/ServiceCenter)
  • Go to the solutions screen (Factory -> Solutions)
  • Click Upload and Publish a Solution and select the LifeTime.osp file in the Platform Server installation directory (e.g.: /opt/outsystems/platform/).
  • Click 1-Click Publish, or Prepare Publish if you have 2-Stage deployment active.
  • If the deployment is paused and you receive the message:
    Please check the Impact Analysis messages before continuing the solution publish.
    Click Continue to proceed.
  • Log in to LifeTime to set up your infrastructure (http://<yourserver>/lifetime)

Front-end Server

Business Activity Monitoring:
  • Install graphviz in the front-end servers: wget -O /etc/yum.repos.d/graphviz-rhel.repo http://www.graphviz.org/graphviz-rhel.repo
    yum install graphviz graphviz-gd
    yum install graphviz graphviz-gd
  • Install Business Activity Monitoring this.Version.ToString(). You can download it here.
NOTE: If you are using Business Process Technology, the installation of Business Activity Monitoring this.Version.ToString() is highly recommended.

Deployment Controller Server

Front-end Server

* Republish all the modules:

You need to republish all modules in your environment to update them, so they use the corrections and improvements from the new version. In a production environment, this should be done with developer supervision. Typically, you should use a solution in Service Center containing all extensions and eSpaces to update all the modules at once.

Deployment Controller Server

* Republish all modules:

For the development environment, you need to manually republish all modules in your factory to update them, so they use the corrections and improvements from the new version.

  • You will need a Microsoft Windows machine with Service Studio this.Version.ToString() and Integration Studio this.Version.ToString() installed.
  • Connect to your environment, open and republish all modules, one by one, using Service Studio for eSpaces and Integration Studio for extensions.
  • When all modules are upgraded, publish the "Current Version" of a solution that includes all the modules

For the other environments, it's recommended to stage the solution from a previously upgraded environment.

In a production environment, this should be done with developer supervision.

NOTE: Ensure that you do not overwrite the System Components modules if your factory already includes some of these components.

Deployment Controller Server

* Configure OutSystems Platform:
  • Start the OutSystems Scheduler Service. As the root user, execute: service outsystems start scheduler

Deployment Controller Server

Front-end Server

Legend: * Mandatory; Optional.

Tuning and Security Check list

In this section you have a list of issues that you should check in a production environment. These issues are useful to improve the performance and security of your system.

Tuning your systems

Check the following issues to improve the performance of your system.

*
Adjust the limit of inotify instances from the operating system.
  • To avoid reaching the limit of inotify instances, OutSystems recommends to increase the default values from the operating system to at least 1024.
    To do it so execute the following steps:
      i) Execute the cat /proc/sys/fs/inotify/max_user_instances command to check value being used by your environment
      ii) If its below 1024 edit /etc/sysctl.conf and add/replace this line: fs.inotify.max_user_instances=1024
      iii) Execute the following command to make the value active without needing to restart your environment: echo 1024 > /proc/sys/fs/inotify/max_user_instances
*
To allow bigger files be uploaded to the server, edit /usr/share/jbossas/standalone/configuration/standalone-outsystems.xml and increase the max-post-size in each connector element under jboss web subsystem.
To allow bigger files be uploaded to the server, edit /opt/wildfly-8.2.0.Final/standalone/configuration/standalone-outsystems.xml and increase the max-post-size in each listener element under undertow subsystem.
For information regarding the max post size, see The HTTP connector from JBossWeb. Undertow subsystem configuration.
Adjust the maximum number of Wildfly worker threads to match your environment needs.
  • By default, this number is calculated and auto-configured from the number of available CPUs and cores.
  • The default number of worker threads might be too low if there is a high number of requests that can take a long time to process.
    For example, if you expect to have a significant number of simultaneous debugger sessions or your applications include long timer executions.
  • Change the number of worker threads by editing /opt/wildfly-8.2.0.Final/standalone/configuration/standalone-outsystems.xml and adjusting the io-threads and task-max-threads attributes of the <worker name="default"> configuration
  • Example: <worker name="default" io-threads="300" task-max-threads="300"/>

Legend: * Mandatory; Optional.

Making your system more secure

Check the following issues to improve the security of your system.

Red Hat Linux Manuals: See Firewalls reference in Red Hat Linux Manuals.
* Disabling SSLv3 to prevent POODLE Vulnerability.
  • Execute source /etc/sysconfig/outsystems

  • Edit the $JBOSS_HOME/standalone/configuration/standalone-outsystems.xml file.
  • Find all HTTPS connectors ( attribute secure="true" and sub element <ssl> present )
  • Add a protocol="TLSv1,TLSv1.1,TLSv1.2" attribute at the end of the ssl element.

  • Edit the $JBOSS_HOME/bin/standalone-outsystems.conf file.
  • Add the line JAVA_OPTS="$JAVA_OPTS -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2" at the end of the file.

  • Restart jboss by executing service jboss-outsystems restart
* Disabling SSLv3 to prevent POODLE Vulnerability.
  • Open the WebLogic console at http://<AdministrationServer>:7001/console
    • You may need to allow incoming traffic through port 7001, you can add a temporary rule to iptables by running the following command (as the root user):
    • iptables -I INPUT -p tcp --dport 7001 -j ACCEPT
    • To restore iptables rules you can restart the service by running the following command (as the root user):
    • service iptables restart
  • Press the "Lock and Edit" button.
  • Expand "Environment" under the "outsystems_domain" in the Domain Structure.
  • Select "Servers".
  • Select your Managed Server.
  • Select "Server Start" Tab
  • Ensure the "Arguments" text box contains the following: -Dweblogic.security.SSL.protocolVersion=TLS1 -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
  • Press the "Save" and "Activate Changes" buttons.
  • Restart your Managed Server by running the following command: service weblogic-outsystems restart
* Disabling SSLv3 to prevent POODLE Vulnerability.
  • Execute source /etc/sysconfig/outsystems

  • Edit the $WILDFLY_HOME/standalone/configuration/standalone-outsystems.xml file.
  • Find all HTTPS connectors ( attribute secure="true" and sub element <ssl> present )
  • Add a protocol="TLSv1,TLSv1.1,TLSv1.2" attribute at the end of the ssl element.

  • Edit the $WILDFLY_HOME/bin/standalone-outsystems.conf file.
  • Add the line JAVA_OPTS="$JAVA_OPTS -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2" at the end of the file.

  • Restart Wildfly by executing service wildfly-outsystems restart
* Enforcing security for your environment or applications
  1. If you have already configured your infrastructure in LifeTime, log in to LifeTime using your Administrator credentials for Platform Server:
    • Go to the Infrastructure screen.
    • Click on Environment Security.
    • Enable HTTP Strict Transport Security, which will instruct browsers to only do HTTPS requests, for all Web Applications. In Mobile Applications this is always false and can't be changed.
    • Force HTTPS for screens, which will cause all HTTP requests to be redirected to HTTPS, for all Web Applications. In Mobile Applications this is always true and can't be changed.
    • Force HTTPS for integrations, which will cause all exposed integrations to require HTTPS, for all Web Applications. In Mobile Applications this is always true and can't be changed.
    • Enable and define a Content Security Policy that will apply to all your Web Applications. In Mobile Applications this is always false and can't be changed.

    NOTE: If you do not want to enable security for the whole environment, you can enable it per Web Application, in the application details screen.

  2. If you haven't configured your infrastructure in LifeTime yet, log in to ServiceCenter using your Administrator credentials for Platform Server:
    • Go to the Environment Security screen (Administration > Environment Security).
    • Enable HTTP Strict Transport Security, which will instruct browsers to only do HTTPS requests, for all Web Applications. In Mobile Applications this is always false and can't be changed.
    • Force HTTPS for screens, which will cause all HTTP requests to be redirected to HTTPS, for all Web Applications. In Mobile Applications this is always true and can't be changed.
    • Force HTTPS for integrations, which will cause all exposed integrations to require HTTPS, for all Web Applications. In Mobile Applications this is always true and can't be changed.
    • Enable and define a Content Security Policy that will apply to all your Web Applications. In Mobile Applications this is always false and can't be changed.

    NOTE: If you do not want to enable security for the whole environment, you can enable it per Web Application, in the application details screen.
By default, WebLogic user accounts get locked for a period of time when a number of invalid login attempts exceed the specified Lockout Threshold.
  • To be able to unlock your Administrator Account, in case it happens, go to the Administration Server Console (http://<AdministrationServer>:7001/console), and create a secondary Administrator Account considering:
    • Give the user a unique name that cannot be easily guessed.
    • Do not use system, admin or administrator for your system administrator user accounts.
    • Do not deploy a domain that can be accessed with the username weblogic and the password welcome1
    • The passwords for user accounts on production machines should be difficult to guess and should be guarded carefully.
Get more info about WebLogic Best Practices .
Oracle Linux: See Firewalls reference in the Security Guide in Oracle Manuals.

Legend: * Mandatory; Optional.

See Also

As mentioned above sections, you might need to consult the following: