This chapter lists the upgrade tasks that need to be performed as part of the upgrade process.
Note:
This chapter contains the upgrade tasks that are common to different upgrade scenarios. You do not have to perform all the tasks described in this chapter. Refer to the Section 1.6, "Documentation Roadmap" for the upgrade roadmap.This chapter includes the following topics:
Section 2.1, "Reviewing System Requirements and Certification"
Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)"
Section 2.5, "Creating Database Schemas Using Repository Creation Utility"
Before performing any installation, upgrade, or migration, you should read the system requirements and certification documents to ensure that your environment meets the minimum requirements for the products you are installing or upgrading to.
Oracle Fusion Middleware System Requirements and Specifications
This document contains information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches.
Oracle Fusion Middleware Supported System Configurations
This document contains information related to supported installation types, platforms, operating systems, databases, JDKs, and third-party products.
For interoperability and compatibility issues that may arise when installing, refer to Oracle Fusion Middleware Interoperability and Compatibility Guide.
This document contains important information regarding the ability of Oracle Fusion Middleware products to function with previous versions of other Oracle Fusion Middleware, Oracle, or third-party products. This information is applicable to both new Oracle Fusion Middleware users and existing users who are upgrading their existing environment.
To back up the existing environment, you must stop all the servers, and back up the following:
MW_HOME
directory, including the Oracle Home directories inside Middleware Home
Domain Home directory
Database schemas
For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.
To upgrade Oracle WebLogic Server to 10.3.6, complete the following steps:
Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.
For more information, see "Downloading an Upgrade Installer From My Oracle Support" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.
For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
To update the existing Oracle Identity and Access Management binaries to 11.1.2.2.0, you must use the Oracle Identity and Access Management 11.1.2.2.0 installer. To do this, perform the following tasks:
Starting the Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) Installer
Installing Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0)
For more information on obtaining Oracle Fusion Middleware 11g software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
This topic explains how to start the Oracle Identity and Access Management Installer.
Notes:
If you are installing on an IBM AIX operating system, you must run the rootpre.sh
script from the Disk1
directory before you start the Installer.
Starting the Installer as the root
user is not supported.
Start the Installer by doing the following:
On UNIX:
Move from your present working directory to the directory where you extracted the contents of the Installer to.
Move to the following location:
cd Disk1
Run the following command:
./runInstaller -jreLoc <full path to the JRE directory>
For example:
./runInstaller -jreLoc <MW_HOME>/jdk160_29/jre
On Windows:
Move from your present working directory to the directory where you extracted the contents of the Installer to.
Move to the following location:
cd Disk1
Run the following command:
setup.exe -jreLoc <full path to the JRE directory>
For Example:
setup.exe -jreLoc <MW_HOME>\jdk160_29\jre
Note:
If you do not specify the-jreLoc
option on the command line when using the Oracle JRockit JDK, the following warning message is displayed:
-XX:MaxPermSize=512m is not a valid VM option. Ignoring
This warning message does not affect the installation. You can continue with the installation.
On 64-bit platforms, when you install Oracle WebLogic Server using the generic jar file, the jrockit_1.6.0_29
directory is not created in your Middleware Home. You must enter the absolute path to the JRE folder from where your JDK is located.
Use the Oracle Identity and Access Management 11.1.2.2.0 Installer to upgrade existing Oracle Identity and Access Management binaries to 11.1.2.2.0:
After you start the Installer, the Welcome screen appears.
Click Next on the Welcome screen. The Install Software Updates screen appears. Select whether or not you want to search for updates. Click Next.The Prerequisite Checks screen appears. If all prerequisite checks pass inspection, click Next. The Specify Installation Location screen appears.
On the Specify Installation Location screen, point to the Middleware Home to your existing Middleware Home installed on your system.
In the Oracle Home Directory field, specify the path of the existing Oracle Identity and Access Management Home. This directory is also referred to as <IAM_HOME>
in this book.
Click Next. The Installation Summary screen appears.
The Installation Summary screen displays a summary of the choices that you made. Review this summary and decide whether you want to proceed with the installation. If you want to modify any of the configuration settings at this stage, select a topic in the left navigation page and modify your choices. To continue installing Oracle Identity and Access Management, click Install. The Installation Progress screen appears.
Monitor the progress of your installation. The location of the installation log file is listed for reference. After the installation progress reaches 100%, click OK. If you encounter any issue, check the log file. For information about locating the log files, see "Locating Installation Log Files" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
Note:
If you cancel or abort when the installation is in progress, you must manually delete the<IAM_HOME>
directory before you can reinstall the Oracle Identity and Access Management software.
To invoke online help at any stage of the installation process, click Help on the installation wizard screens.
The Installation Complete screen appears. On the Installation Complete screen, click Finish.
This installation process copies the 11.1.2.2.0 Oracle Identity and Access Management software to your system.
For more information, see "Installing and Configuring Oracle Identity and Access Management (11.1.2.2.0)" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
To create 11.1.2.2.0 Database schemas, you must use Repository Creation Utility (RCU). When you create new schemas, do not delete your existing schemas, and do not use the old schema name, as you will need the old schema credentials while exporting the Access Data.
To create the database schemas, perform the following tasks:
Download the Repository Creation Utility. For information about obtaining Repository Creation Utility, see "Obtaining RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Start the Repository Creation Utility from the location where you downloaded it. For information about starting Repository Creation Utility, see "Starting RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Create the necessary schemas using Repository Creation Utility. For information about creating schemas, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
To upgrade the existing schemas to 11.1.2.2.0, you must use the Patch Set Assistant. To upgrade the database schemas, perform the following tasks:
Before running Patch Set Assistant, you should make sure that your database is running and that the schemas are supported for upgrade. To check this, run the following SQL command:
SELECT OWNER, VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY;
Table 2-1 lists the schemas and their versions supported for upgrade:
Table 2-1 Schemas and Their Versions Supported for Upgrade
Schema Name | Schema Version(s) Supported for Upgrade |
---|---|
Oracle Access Manager (OAM) |
11.1.1.3.0 11.1.2.1.0 |
Oracle Adaptive Access Manager (OAAM) |
11.1.1.3.0 11.1.2.0.0 |
Oracle Identity Manager (OIM) |
11.1.1.3.0 11.1.1.5.0 11.1.1.7.0 11.1.2.0.0 11.1.2.1.0 |
Oracle Privileged Account Manager (OPAM) |
11.1.2.0.0 11.1.2.1.0 |
Oracle Platform Security Services (OPSS) |
11.1.1.6.0 |
To start Patch Set Assistant, do the following:
Move from your present working directory to the <MW_HOME>/oracle_common/bin
directory by running the following command on the command line:
cd <MW_HOME>/oracle_common/bin
Run the following command:
./psa
Move from your present working directory to the <MW_HOME>\oracle_common\bin
directory by running the following command on the command line:
cd <MW_HOME>\oracle_common\bin
Execute the following command:
psa.bat
After starting the Patch Set Assistant Installer, follow the instructions on the screen to update your schemas.
Follow the instructions in Table 2-2 to update your schemas:
Table 2-2 Patch Set Assistant Screens
Screen | Description |
---|---|
Welcome |
This page introduces you to the Patch Set Assistant. |
Select Component |
Select the component you wish to upgrade. |
Prerequisite |
Verify that you have satisfied the database prerequisites. |
Schema |
Specify your database credentials to connect to your database, then select the schema you want to update. Note that this screen appears once for each schema that must be updated as a result of the component you selected on the Select Component screen. |
Examine |
This page displays the status of the Patch Set Assistant as it examines each component schema. Verify that your schemas have a "successful" indicator in the Status column. |
Upgrade Summary |
Verify that the schemas are the ones you want to upgrade. |
Upgrade Progress |
This screen shows the progress of the schema upgrade. |
Upgrade Success |
Once the upgrade is successful, you get this screen. |
You can verify the schema upgrade by checking out the log files. The Patch Set Assistant writes log files in the following locations:
On UNIX:
<MW_HOME>/oracle_common/upgrade/logs/psa/psatimestamp.log
On Windows:
<MW_HOME>\oracle_common\upgrade\logs\psa\psatimestamp.log
Some components create a second log file named psatimestamp.out
in the same location.
The timestamp
reflects the actual date and time when Patch Set Assistant was run.
If any failures occur when running Patch Set Assistant, you can use these log files to help diagnose and correct the problem. Do not delete them. You can alter the contents of the log files by specifying a different -logLevel
from the command line.
Some of the operations performed by Patch Set Assistant may take longer to complete than others. If you want to see the progress of these long operations, you can see this information in the log file, or you can use the following query:
SELECT VERSION, STATUS, UPGRADED FROM SCHEMA_VERSION_REGISTRY WHERE OWNER='schema_name';
In the query results, the STATUS
field is either UPGRADING
or UPGRADED
during the schema patching operation, and becomes VALID
when the operation is completed.
This section describes how to upgrade Oracle Platform Security Services (OPSS).
Upgrading Oracle Platform Security Services is required to upgrade the configuration and policy stores to 11.1.2.2.0. It upgrades the jps-config.xml
file and policy stores.
To upgrade Oracle Platform Security Services for LDAP- or DB-based store, complete the following steps:
Run the following command from the location MW_HOME
/oracle_common/common/bin
to launch the WebLogic Scripting Tool (WLST):
On UNIX:
./wlst.sh
On Windows:
wlst.cmd
Run the following command to upgrade OPSS:
upgradeOpss(jpsConfig="<absolute_path_to_old_version_jps-config.xml_file>", jaznData="<absolute_path_to_new_version_OOTB_JAZN_data_file>", auditStore="<absolute_path_to_OOTB_audit-store.xml_file>", jdbcDriver="<jdbc_driver>", url="<jdbc_ldap_url>", user="<jdbc_ldap_user>", password="<jdbc_ldap_password>"], upgradeJseStoreType="true/false"])
Table 2-3 describes the arguments of the upgradeOpss
command:
Table 2-3 Arguments to be Specified While Running upgradeOpss command
Argument | When to Use? | Mandatory/Optional | Description |
---|---|---|---|
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 1 (11.1.1.x.x) or 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is mandatory for both DB-based and LDAP-based store. |
Specify the absolute path to the location of 11.1.2.x.x The The |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 1 (11.1.1.x.x) or 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is mandatory for both DB-based and LDAP-based store. |
Specify the absolute path to the location of 11.1.2.x.x out-of-the-box The system-jazn-data.xml file is typically located in the directory |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is optional for both DB-based and LDAP-based store. |
Specify the absolute path to the location of 11.1.2.x.x out-of-the-box If unspecified, it defaults to the file |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is required only in case of DB-based store. |
Specify the JDBC driver to the store. |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is mandatory for both DB-based and LDAP-based store. |
Specify the JDBC URL or LDAP URL in the format:
If unspecified, the JDBC URL or LDAP URL is read from the configuration file. |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is mandatory in case of DB-based store, whereas it is optional for LDAP-based store. |
Specify the JDBC user name or LDAP bind name. If not specified, the value is read from the configuration file. In case of LDAP-based store, the user performing the upgrade must have read and write privileges to the schema, the root node, and all nodes under In case of a DB-based store, perform the upgrade as the OPSS DB schema user. |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is mandatory in case of DB-based store, whereas it is optional for LDAP-based store. |
Specify the JDBC password in case of DB-based store, or the LDAP bind password in case of LDAP-based store. If not specified, it is read from the configuration file. |
|
Use this argument if you are upgrading Oracle Identity and Access Management 11g Release 2 (11.1.2.x.x) to 11g Release 2 (11.1.2.2.0). |
This argument is optional for both LDAP-based and DB-based store. |
This argument indicates whether the store type configuration (in the file Set the value of this argument to The default value is |
For example:
On UNIX:
upgradeOpss(jpsConfig="/Oracle/Middleware/user_projects/domains/oes_domain/config/fmwconfig/jps-config.xml", jaznData="/oracle/middleware/oracle_common/modules/oracle.jps_11.1.1/domain_config/system-jazn-data.xml", jdbcDriver="oracle.jdbc.OracleDriver", url="jdbc:oracle:thin:@host:1234/db123", user="R2_OPSS", password="password123", upgradeJseStoreType="true")
On Windows:
upgradeOpss(jpsConfig="C:\\Oracle\\Middleware\\user_projects\\domains\\oes_domain\\config\\fmwconfig\\jps-config.xml", jaznData="C:\\oracle\\middleware\\oracle_common\\modules\\oracle.jps_11.1.1\\domain_config\\system-jazn-data.xml", jdbcDriver="oracle.jdbc.OracleDriver", url="jdbc:oracle:thin:@host:1234/db123", user="R2_OPSS", password="password123", upgradeJseStoreType="true")
To stop the WebLogic Administration Server and the Managed Server(s), refer to the following sections:
You must stop the Managed Server(s) first, and then the WebLogic Administration Server.
To stop the Managed Server(s), do the following:
On UNIX:
Move from your present working directory to the MW_HOME
/user_projects/domains/
domain_name
/bin
directory by running the following command on the command line:
cd
MW_HOME
/user_projects/domains/
domain_name
/bin
Run the following command to stop the servers:
./stopManagedWebLogic.sh
managed_server_name admin_url admin_username password
where
managed_server_name
is the name of the Managed Server.
admin_url
is URL of the WebLogic administration console. Specify it in the format http://
host
:
port
/console
. Specify only if the WebLogic Administration Server is on a different computer.
admin_username
is the username of the WebLogic Administration Server.
password
is the password of the WebLogic Administration Server.
For example:
./stopManagedWebLogic.sh oim_server1 http://host.example.com:7001/console weblogic password123
On Windows:
Move from your present working directory to the MW_HOME
\user_projects\domains\
domain_name
\bin
directory by running the following command on the command line:
cd
MW_HOME
\user_projects\domains\
domain_name
\bin
Run the following command to stop the Managed Servers:
stopManagedWebLogic.cmd
managed_server_name admin_url admin_username password
where
managed_server_name
is the name of the Managed Server.
admin_url
is URL of the WebLogic administration console. Specify it in the format http://
host
:
port
/console
. specify only if the WebLogic Administration Server is on a different computer.
admin_username
is the username of the WebLogic Administration Server.
password
is the password of the WebLogic Administration Server.
For example:
stopManagedWebLogic.cmd oim_server1 http://host.example.com:7001/console weblogic password123
For more information, see "Stopping the Stack" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.
To stop the WebLogic Administration Server, do the following:
On UNIX:
Run the following commands:
cd
MW_HOME
/user_projects/domains/
domain_name
/bin
./stopWebLogic.sh
On Windows:
Run the following commands:
cd
MW_HOME
\user_projects\domains\
domain_name
\bin
stopWebLogic.cmd
To stop the Node Manager, close the command shell in which it is running.
Alternatively, after having set the attribute QuitEnabled
to true
(the default is false
) in nodemanager.properties
file, you can use WLST command to connect to the Node Manager and shut it down. For more information, see "stopNodeManager" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
To start the WebLogic Administration Server and the Managed Server(s), refer to the following sections:
To start the Node Manager, you must run the command startNodeManager.sh
(on UNIX) or startNodeManager.cmd
(on Windows) from the location $WL_HOME
/server/bin
.
For more information, see "startNodeManager" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.
To start the WebLogic Administration Server, do the following:
On UNIX:
Run the following commands:
cd
MW_HOME
/user_projects/domains/
domain_name
/bin
./startWebLogic.sh
On Windows:
Run the following commands:
cd
MW_HOME
\user_projects\domains\
domain_name
\bin
startWebLogic.cmd
To start the Managed Server(s), do the following:
On UNIX:
Move from your present working directory to the MW_HOME
/user_projects/domains/
domain_name
/bin
directory by running the following command on the command line:
cd
MW_HOME
/user_projects/domains/
domain_name
/bin
Run the following command to start the Managed Servers:
./startManagedWebLogic.sh
managed_server_name admin_url admin_username password
where
managed_server_name
is the name of the Managed Server
admin_url
is URL of the administration console. Specify it in the format http://
host
:
port
/console
. Specify only if the WebLogic Administration Server is on a different computer.
admin_username
is the username of the WebLogic Administration Server.
password
is the password of the WebLogic Administration Server.
For example:
./startManagedWebLogic.sh oim_server1 http://host.example.com:7001/console weblogic password123
On Windows:
Move from your present working directory to the MW_HOME
\user_projects\domains\
domain_name
\bin
directory by running the following command on the command line:
cd
MW_HOME
\user_projects\domains\
domain_name
\bin
Run the following command to start the Managed Servers:
startManagedWebLogic.cmd
managed_server_name admin_url admin_username password
where
managed_server_name
is the name of the Managed Server.
admin_url
is URL of the administration console. Specify it in the format http://
host
:
port
/console
. Specify only if the WebLogic Administration Server is on a different computer.
admin_username
is the username of the WebLogic Administration Server.
password
is the password of the WebLogic Administration Server.
For example:
startManagedWebLogic.cmd oim_server1 http://host.example.com:7001/console weblogic password123
For more information, see "Starting the Stack" in the Oracle Fusion Middleware Installation Guide for Oracle Identity and Access Management.