This chapter describes how to upgrade Access Manager (Access Manager) high availability environments to Oracle Access Management Access Manager 11g Release 2 (11.1.2.2.0) on Oracle WebLogic Server.
Note:
Before proceeding, check if your existing Access Manager version is supported for high availability upgrade. For more information on supported starting points for high availability upgrade, see Section 1.5, "Supported Starting Points for Upgrading High Availability Environments".This chapter includes the following sections:
Section 15.1, "Understanding Access Manager High Availability Upgrade Topology"
Section 15.3, "Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2"
Section 15.7, "Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1"
Section 15.8, "Updating Binaries of WebLogic Server and Access Manager on OAMHOST2"
Section 15.9, "Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2"
Figure 15-1 shows the Access Manager cluster set up that can be upgraded to 11.1.2.2.0 by following the procedure described in this chapter.
Figure 15-1 Access Manager High Availability Upgrade Topology
On OAMHOST1
, the following installations have been performed:
An Access Manager instance has been installed in the WLS_OAM1
Managed Server.
A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.
On OAMHOST2
, the following installations have been performed:
An Access Manager instance has been installed in the WLS_OAM2
Managed Server.
A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OAMHOST1
becomes unavailable.
The instances in the WLS_OAM1
and WLS_OAM2
Managed Servers on OAMHOST1
and OAMHOST2
are configured in a cluster named OAM_CLUSTER
.
Table 15-1 lists the steps to upgrade Access Manager high availability environment illustrated in Figure 15-1 to 11.1.2.2.0.
Table 15-1 Access Manager High Availability Upgrade Roadmap
Task No | Task | For More Information |
---|---|---|
1 |
Review the Access Manager high availability upgrade topology, and identify |
See, Understanding Access Manager High Availability Upgrade Topology |
2 |
Shut down the Administration Server and all the Managed Servers on |
See, Shutting Down Administration Server and Managed Servers on OAMHOST1 and OAMHOST2 |
3 |
Back up the existing environment. |
|
4 |
Upgrade |
|
5 |
If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages |
|
6 |
If you are upgrading Oracle Access Manager 11.1.1.5.0 environments, redeploy Access Manager Server applications and shared libraries on |
See, Redeploying Access Manager Server Applications and Shared Libraries on OAMHOST1 |
7 |
Update the binaries of Oracle WebLogic Server and Access Manager on |
See, Updating Binaries of WebLogic Server and Access Manager on OAMHOST2 |
8 |
Start the WebLogic Administration Server and the Managed Servers on |
See, Starting Administration Server and Managed Servers on OAMHOST1 and OAMHOST2 |
Before you begin the upgrade process, you must stop the WebLogic Administration Server and all of the Access Manager Managed Servers on OAMHOST1
and OAMHOST2
in the following order:
Stop the Access Manager Managed Servers on both OAMHOST1
and OAMHOST2
.
Stop the WebLogic Administration Server on OAMHOST1
.
For information about stopping the Managed Server, see Section 2.8.1, "Stopping the Managed Server(s)".
For information about stopping the Administration Server, see Section 2.8.2, "Stopping the WebLogic Administration Server".
After stopping all the servers, you must back up the following before proceeding with the upgrade process:
MW_HOME
directory (Middleware home directory), including the Oracle Home directories inside Middleware home on both OAMHOST1
and OAMHOST2
.
Access Manager Domain Home directory on both OAMHOST1
and OAMHOST2
.
Following Database schemas:
Oracle Access Manager schema
MDS schema
Audit and any other dependent schema
For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.
In order to upgrade the Access Manager high availability environment to 11.1.2.2.0, you must first upgrade OAMHOST1
which has the active Administration Server. The following are some of the important tasks involved in upgrading OAMHOST1
to 11.1.2.2.0:
Upgrading Oracle WebLogic Server to 10.3.6.
Upgrading the Access Manager binaries to 11.1.2.2.0.
Upgrading the database schemas.
Copying the modified domain mbean configurations.
Upgrading the system configuration.
The procedure to upgrade OAMHOST1
depends on your starting point.
If your starting point is Oracle Access Management Access Manager 11g Release 2 (11.1.2.1.0), follow the instructions described in Chapter 3, "Upgrading Oracle Access Manager 11g Release 2 (11.1.2.x.x) Environments" to upgrade OAMHOST1
to 11.1.2.2.0.
If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), follow the instructions described in Chapter 9, "Upgrading Oracle Access Manager 11g Release 1 (11.1.1.x.x) Environments" to upgrade OAMHOST1
to 11.1.2.2.0.
If your starting point is Oracle Access Manager 11g Release 1 (11.1.1.5.0), you must upgrade the packages oracle.dogwood.top
and oracle.oam.server
from 11g Release 1 (11.1.1.5.0) to 11g Release 2 (11.1.2.2.0) by running the domain updater utility (com.oracle.cie.domain-update_1.0.0.0.jar
) on OAMHOST1
. OAMHOST1
is the host on which Administration Server is running. This step updates the domain-info.xml
.
Note:
If your starting point is Access Manager 11g Release 2 (11.1.2.1.0) or 11g Release 2 (11.1.2), skip this task.To upgrade the necessary Oracle Access Manager packages to 11.1.2.2.0, complete the following steps on OAMHOST1
:
Go to the directory $ORACLE_HOME
/oaam/upgrade
. The domain updater utility com.oracle.cie.domain-update_1.0.0.0.jar
file is located in this directory.
Upgrade the package oracle.dogwood.top
11.1.1.5.0 to 11.1.2.2.0 by running the following command:
java -cp
$MW_HOME
/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater
<DOMAIN_HOME>
oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0
For example:
java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.dogwood.top:11.1.1.5.0,:11.1.2.2.0
Upgrade the package oracle.oam.server
11.1.1.5.0 to 11.1.2.2.0 by running the following command:
java -cp
$MW_HOME
/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater
<DOMAIN_HOME>
oracle.oam.server:11.1.1.5.0,:11.1.2.2.0
For example:
java -cp /scratch/Oracle/Middleware/utils/config/10.3/config-launch.jar:./com.oracle.cie.domain-update_1.0.0.0.jar com.oracle.cie.external.domain.DomainUpdater /scratch/Oracle/Middleware/user_projects/domains/OAMDomain oracle.oam.server:11.1.1.5.0,:11.1.2.2.0
On OAMHOST1
, you must redeploy Access Manager server applications and shared libraries, and target the applications and shared libraries to OAM_CLUSTER
, for the following reasons:
To uptake new shared libraries that Access Manager server applications are dependent on.
To uptake newer versions of Access Manager Administration and Managed Server applications.
For information about redeploying Access Manager server applications and shared libraries, see Section 9.16, "Redeploying Oracle Access Management Access Manager Servers and Shared Libraries".
Note:
If you have already performed this task as part of Section 15.5, "Upgrading OAMHOST1 to 11.1.2.2.0", skip this section.After you upgrade the Access Manager environment on OAMHOST1
, you must update the binaries of Oracle WebLogic Server and Access Manager to 10.3.6 and 11.1.2.2.0 versions respectively on OAMHOST2
by completing the following tasks:
Oracle Identity and Access Management 11.1.2.2.0 is certified with Oracle WebLogic Server 11g Release 1 (10.3.6). Therefore, if your existing Oracle Identity Manager environment is using Oracle WebLogic Server 10.3.5 or the previous versions, you must update the Oracle WebLogic Server binaries to 10.3.6 by completing the following steps:
Download the WebLogic 10.3.6 Upgrade Installer from Oracle Technology Network.
For more information, see "Downloading an Upgrade Installer From My Oracle Support" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
Run the Upgrade Installer in graphical mode to upgrade your WebLogic Server.
For more information, see "Running the Upgrade Installer in Graphical Mode" in the Oracle Fusion Middleware Installation Guide for Oracle WebLogic Server.
To update the existing Access Manager binaries to Access Manager 11.1.2.2.0, you must use the Oracle Identity and Access Management 11g Release 2 (11.1.2.2.0) Installer. During the procedure, specify the location of your existing Middleware Home. This upgrades the Access Manager binaries 11.1.2.2.0.
For information about updating Access Manager binaries to 11.1.2.2.0, see Section 2.4, "Updating Oracle Identity and Access Management Binaries to 11g Release 2 (11.1.2.2.0)".
Start the WebLogic Administration Server and the Access Manager Managed Servers on OAMHOST1
and OAMHOST2
in the following order:
Start the WebLogic Administration Server on OAMHOST1
.
Start the Access Manager Managed Servers on OAMHOST1
and OAMHOST2
.
For more information about starting the WebLogic Administration Server, see Section 2.9.2, "Starting the WebLogic Administration Server".
For more information about starting the Managed Servers, see Section 2.9.3, "Starting the Managed Server(s)".
This section describes troubleshooting methods for some of the common problems that might occur during the upgrade process.
Note:
For information about the issues that you might encounter during the upgrade process, and their workarounds, see Oracle Fusion Middleware Release Notes.This section contains the following topics:
If you had enabled Multi-Data Centre (MDC) feature in your 11.1.2.x.x setup, you must re-register the MDC partners and enable the MDC functionality that is added in 11.1.2.2.0. To do this, complete the following steps post-upgrade:
In each Data Centre (DC), remove the MDC partners by running the following WebLogic Scripting Tool (WLST) command:
removePartnerForMultiDataCentre=("
<cluster_ID>
")
For example:
removePartnerForMultiDataCentre("cluster1")
You must run this command for each of the MDC partners. For more information about using the removePartnerForMultiDataCentre()
command, see "removePartnerForMultiDataCentre" in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.
In 11.1.2.2.0, fail over for the MDC partners are supported. Therefore, you must specify the primary and secondary servers for each of the MDC partners using the Access Manager console. To do this, complete the following steps:
Log in to the Access Manager 11.1.2.2.0 console using the following URL:
http://
oam_admin_server_host
:
oam_admin_server_port
/oamconsole
Navigate to SSO Agents.
Modify the Primary Server and Secondary Server for each of the MDC partners.
Add the modified MDC partners to the respective Data Centres using the following command:
addPartnerForMultiDataCentre(propfile="
../MDC_properties/partnerInfo.properties
")
While running this command, make sure you use the updated partnerInfo.properties
file. You must run this command for each of the MDC partners. For more information about using the addPartnerForMultiDataCentre()
command, see "addPartnerForMultiDataCentre" in the Oracle Fusion Middleware Administrator's Guide for Oracle Access Management.
Verify that the MultiDataCenterPartners section in each of the MDC partner profile contains the following settings instead of the Hostname and Port:
<Setting Name="PrimaryHostPort" Type="xsd:string"> <Setting Name="SecondaryHostPort" Type="xsd:string">