Readme
12c Release 3 (12.3.3.0.0)
E59958-06
September 2017
This Readme file explains how to install and upgrade Oracle Enterprise Manager Ops Center 12c Release 3 (12.3.3.0.0).
Oracle Enterprise Manager Ops Center Readme includes the following:
See the Preparing Your Environment chapter in Oracle Enterprise Manager Ops Center Installation for Oracle Solaris Operating System or the Preparing Your Environment chapter in Oracle Enterprise Manager Ops Center Installation for Linux Operating Systems for prerequisite information.
The OCDoctor is a tool utility that is designed to check systems for installation prerequisites, troubleshoots issues, and tunes systems for the Oracle Enterprise Manager Ops Center installation. For more information, see the OCDoctor chapter in Oracle Enterprise Manager Ops Center Administration. The guide is available in the Oracle Enterprise Manager Ops Center Documentation Library at http://docs.oracle.com/cd/E59957_01/index.htm
See the Oracle Enterprise Manager Ops Center Installation for Oracle Solaris Operating System or the Oracle Enterprise Manager Ops Center Installation for Linux Operating Systems for installation and postinstall configuration instructions.
You can download these documents from the Oracle Enterprise Manager Ops Center Documentation Library at http://docs.oracle.com/cd/E59957_01/index.htm
You can upgrade to version 12.3.3.0.0 from version 12.3.2.0.0 or 12.3.1.0.0. If you are using version 12.3.0.0.0, you must first upgrade to 12.3.1.0.0 or 12.3.2.0.0. Versions 12.2.2.0.0, 12.2.1.0.0, and 12.2.0.0.0 can upgrade directly to version 12.3.0.0.0. You can upgrade to version 12.2.0.0.0 from version 12.1.3.0.0 or version 12.1.4.0.0.
See the Oracle Enterprise Manager Ops Center Upgrade for upgrade procedures.
You can download this document from the Oracle Enterprise Manager Ops Center Documentation Library at http://docs.oracle.com/cd/E59957_01/index.htm
.
You can uninstall the components of Oracle Enterprise Manager Ops Center.
See the Uninstalling and Unconfiguring section of the Oracle Enterprise Manager Ops Center Administration for uninstallation procedures.
You can download this document from the Oracle Enterprise Manager Ops Center Documentation Library at http://docs.oracle.com/cd/E59957_01/index.htm
.
This section explains the known issues that you might encounter when installing, or upgrading to, Oracle Enterprise Manager Ops Center 12c and the possible workarounds available.
For information on known issues related to installation and postinstallation configuration, see the Oracle Enterprise Manager Ops Center Release Notes.
The following are known issues that you might encounter:
Too Many ASR Jobs Are Created When Upgrading Large Environments
Initializing Oracle Solaris 11 Library Fails When Re-Using Existing Oracle Solaris 11 Library
Oracle Solaris 11.2 Import ISO Job Fails With 'Cannot Be Cast' Exception
Association of Network to Oracle Solaris 11 Control Domain Job Fails With Unclear Results
Oracle Solaris 10 Branded Zone Creation Fails: Global Zone Cannot Find OS Image
Discovery of M6 Server Can Fail if PDOM Does Not Respond Correctly
Adding Storage to an LDOM When NFS Base Disk is Not On Primary Leads to Job Error
Delete Oracle SuperCluster From Asset Tree Action Does Not Delete Assets
Newly Configured Network From Outside Ops Center Does Not Appear in the User Interface
ILOM Hostname Is Displayed Instead of OS Hostname For Exadata Cell Asset Name
The Power Status of ILOM Assets Sometimes Shows an Incorrect Status
Execute Operation Is Not Enabled For Groups of Assets if One Asset Is Offline
Unable to Use Console for Manually Created Zone in Agent-Managed Control Domain
Install Fails With Permission Error While Installing SUNWuces.pkg
OS Provisioning From New Remote Proxy Controller Repeatedly Fails with HTTP 500 Error
Service Request Tab Asks for MOS Credentials in Disconnected Mode
Agentless Oracle Solaris 10 Branded Zones Show Incorrect Version in Sh(Solaris)OperatingSystem
Oracle Solaris 11 Kernel Zones With the Same Hostid Are Correlated
Kernel Zone Cannot be Deleted on a Control Domain With a Logical Domain Virtualization Controller
Logical Domains Can Be Created Without Sufficient Memory To Run
After Restoring, a Duplicate Enterprise Controller Appears in the User Interface
During Restore, the Proxyadm Unconfigure -k Option Clears the Local Database
Ops Center Cannot Properly Manage Non-Global Zones Created Using OpenStack
Zstat Produces Excessive Amounts of Data in /var/adm/exacct/zstat-process
Cannot Correlate Kernel Zone Instances if No Hostid in Kernel Zone Operating System
USB VNIC Interfaces Are Not Filtered and Causes Various Issues
Collision Guest Not Repaired After Host ID Change and Refresh
Non-Global Zone Persistent Configuration Should Not Be Updated if Dynamic Reconfiguration Fails
Database Migration From Local 12c to Remote 12c with Container Times Out
LDAP User with Required Roles Unable to Upgrade From 12.2.2 to 12.3
Kernel Zone Using Local Device on LDOM Guest Should Use Device Path Without Slice
Reverting to Earlier Version Without Reverting Customer-Managed Database Can Cause Issues
Ops Center 12.3.1 Solaris 10 Global Zone Shows Kernel Zone Create Action to be Available
Users and Groups Created by Ops Center Installation Not Specified
Zones Using iSCSI Storage Are at Risk to Get Broken During Global Zone Reboot
Unable to Configure an Agent Using Latest Java 6 if Proxy Uses TLS Version 1.1
proxyadm Configure\Start Fails on Java Warning: PICL (libpicl.so.1) is missing
Dynamic Edition of a S10 Branded Zone Should Not Be Allowed in the User Interface
Kernel Zone Creation - IP Missing if Many Connections on the Same Global Zone Lower-link
Kernel Zone Dynamic Add Network Does Not Set Network IP in Kernel Zone Operating System
Could Not Perform Operation After Automatic Recovery on LDOM Guests
Mismatch in Vlan Tagging Information Shown on Network Dashboard and Details Tab
Proxy controller OFFLINE after rollback and subsequent upgrade
After several days, EC gets stuck on waiting for connection to DB
Ops Center fails to register with MOS starting with Java 8 Update 121 and newer
No migration target available for selection to do Ldom guest migration on M8/T8
When you upgrade large environments to version 12.2.0.0.0, too many Auto Service Request (ASR) jobs are created. In some cases the number of ASR jobs can reach the thousands.
Workaround
Disable ASR before beginning the upgrade, upgrade the software, then enable ASR.
Click Administration in the Navigation pane, then select the Enterprise Controller.
Click Disable ASR in the Actions pane.
Upgrade your environment.
Click Administration in the Navigation pane, then select the Enterprise Controller.
Click Enable ASR in the Actions pane.
The installation does not check for the required packages such as ksh
and zlib.i686
on Oracle Linux.
Workaround
Install the ksh
and zlib.i686
packages before or after the Oracle Linux installation.
When reusing an existing Oracle Solaris 11 Package Repository source during configuration of Oracle Enterprise Manager Ops Center, the Oracle Solaris 11 source repository step fails.
In the Storage Libraries section, when you click Initialize Oracle Solaris 11 Software Update Library and enter the URL, an error message is displayed and the job fails.
Workaround
Perform the following steps:
Delete the current Oracle Solaris 11 Library in the user interface.
Create a new library directory for the existing Oracle Solaris 11 Library contents.
Go to the existing library directory, then change to the Ops Center-created directory named for your UUID.
Copy or move the <Library>/<UUID>/data/pkg5.repository and <Library>/<UUID>/data/publisher files to the new library directory.
Initialize the library using the new directory.
If you have an Oracle SuperCluster system with one rack, and you remove the rack in the Oracle Enterprise Manager Ops Center UI, there is no way to recreate the rack.
Workaround
Delete all of the ILOMs of discovered servers within the Oracle SuperCluster.
Repeat the discovery of the Oracle SuperCluster system.
The rack and its server assets are added.
Add all remaining assets into the rack, using the Place/Remove assets in Rack and Place/Remove PDU(s) in Rack actions.
Importing ISO images of Oracle Solaris 11.2 intermittently fails with a "Cannot Be Cast" exception.
Workaround
Apply the workaround found in MOS Note 1663862.1: Memory Management Between ZFS and Applications in Oracle Solaris 11.2.
In an environment with multiple Control Domains that are directly interconnected using statically allocated IPs, attempting to attach a new network can fail with an inconsistent error message. The job indicates that the network plumbing was successful, then fails with an error saying that one or more hosts were not plumbed correctly. The Control Domains are actually left in an intermediate state with a new VNIC, but no IP address assigned.
Solution
Log in to the Control Domain.
Remove the IP address. For example:
ipadm delete-ip <wrong_vnic>
Remove the VNIC. For example:
dladm delete-vnic <wrong_vnic>
Remove the virtual switch. For example:
ldm remove-vswitch <wrong_vswitch>
Log in to the Ops Center UI.
Select the Control Domain and click Refresh in the actions pane.
Workaround
Rerun the job, but provide IP addresses rather than using system-generated IP addresses.
If a Global Zone is in a private network and cannot directly access the Enterprise Controller, it cannot use ISO images stored in the Enterprise Controller library.
Workaround
Copy the ISO image to the target system and use the local copy.
If the PDOM hangs or is slow to respond during an M6 discovery, the system can be displayed as a generic server.
When adding storage to a LDOM guest using a NFS library provided by an alternate root domain (not the primary), the CreateVirtDiskImage job fails in the Create Concrete task on the non-primary root domain.
The Delete Rack action deletes the Oracle SuperCluster rack from the asset tree but does not delete assets such as servers, switches, or storage that belong to the rack.
If you configure a private network on the OS level outside of Oracle Enterprise Manager Ops Center, and the OS instance is the Enterprise Controller OS which is not agent managed, the newly configured network does not appear in the user interface.
Workaround
Restart the Enterprise Controller.
On an Oracle SuperCluster system, in some cases the ILOM hostname is displayed instead of OS hostname for Exadata cells.
The power status of ILOM assets sometimes shows "Off" at Dashboard tab in the user interface, even though the current power status is "On".
When this occurs, the Power On icon in the Actions pane is active and the Power Off icon is inactive.
The "Execute Operation" action is greyed out for groups of Operating System assets if at least one of them is in an unknown/offline state.
Workaround
Select the Operational Plan first and then select the group as a target.
If you manually create a zone in an agent-managed control domain, the console access user is given an incorrect role and cannot access the console.
Workaround 1
The first workaround is to connect to the control domain console, then connect to the zone.
Workaround 2
The second workaround is to give the user the correct role.
Select Administration in the Navigation pane.
Click the Roles tab.
The Roles page is displayed.
Select the oemOCxxxx user from the list of users, where xxxx is a number set by the system.
Click the Manage User Roles icon.
Add the Zone Management role, then click Next.
The Summary page is displayed. Click Finish.
For an LDOM system, the Network Connectivity sub-tab in the Network tab shows no data, even though the Port Connectivity sub-tab correctly shows the ports.
An installation can fail during the Install application packages step when SUNWuces.pkg failed to install. This occurs when the "users" group is an LDAP managed group, not a local group.
Workaround
The first workaround is to continue the installation if it is in progress, or restart the installation if it has been interrupted.
The second workaround is to manually create a local "users" group and manually install the SUNWuces.pkg.
When attempting to OS Provision LDOM guests from a newly installed Proxy Controller, the AI downloads keep failing with an http 500 error showing different URL locations that are noted as the failure points.
For example:
23:23:19 Download: 25862/71703 items 251.0/723.4MB 34% complete (7.4M/s) 23:23:24 Download: 27804/71703 items 338.3/723.4MB 46% complete (14.9M/s) 23:23:29 Download: 30360/71703 items 354.3/723.4MB 48% complete (10.2M/s) 23:23:34 Download: 32781/71703 items 376.3/723.4MB 52% complete (3.8M/s) 23:23:39 Download: 33078/71703 items 403.1/723.4MB 55% complete (4.9M/s) 23:23:45 Download: 33080/71703 items 408.2/723.4MB 56% complete (3.3M/s) 23:23:48 Error occurred during execution of 'generated-transfer-1197-1' checkpoint. 23:23:48 Failed Checkpoints:23:23:4823:23:48 generated-transfer-1197-123:23:4823:23:48 Checkpoint execution error:23:23:4823:23:48 http protocol error: code: 500 reason: Internal Server Error23:23:49 URL: 'http://<IP Address>:8003/IPS/solaris/file/1/bf7046c17838279aaf2639f92317deaf14349673'23:23:4923:23:49 Automated Installation Failed. See install log at /system/volatile//install_logAutomated Installation failedPlease refer to the /system/volatile/install_log file for details
Workaround
Edit the Apache KeepAliveTimeout
and ProxyTimeout
variables to increase them. Doubling the values should resolve the issue, but both can be further increased if necessary.
The KeepAliveTimeout
variable is in the /var/opt/sun/xvm/uce/etc.opt/server/uce_server/httpd.conf
file.
The ProxyTimeout
variable is in the /var/opt/sun/xvm/uce/etc.opt/server/uce_server/ips-proxy.conf
file.
When accessing the Service Request tab, a popup window asks for My Oracle Support credentials, even if the Enterprise Controller is in Disconnected Mode and is not registered with MOS.
Workaround
When the popup appears, click cancel.
Oracle Solaris 10 branded zones on Oracle Solaris 11 have incorrect Sh(Solaris)OperatingSystem properties:
in ShOperatingSystem : isS10 is false
in ShSolarisOperatingSystem : isSol10 is false
Workaround
Provision an Agent Controller on the Oracle Solaris 10 branded zone.
Note:
This issue is fixed in version 12.3.2.
Ops Center relies on a kernel zone hostid to identify it uniquely from the global zone or the kernel zone, and to persist its configuration among different global zones.
If 2 kernel zones have the same hostid, they will correlate together, which means that there will be only 1 kernel zone listed in the UI, and management of a kernel zone may target the other kernel zone with the same hostid.
Having the same hostid is possible if the user manually sets the same hostid for 2 kernel zones, or if the same hostid is generated for 2 KZs configured in the same second.
Workaround
Manually change the hostid for both of the kernel zones, then refresh the global zone.
You cannot delete a kernel zone from Ops Center if it is running on a control domain with a logical domain virtualization controller.
The Delete Zone action fails and no job is executed.
Workarounds
The first workaround is to switch management access to agentless management or to a zone Virtualization Controller, which enables you to delete the kernel zone from the user interface.
The second workaround is to manually delete the kernel zone and refresh the control domain.
Note:
This issue is fixed in version 12.3.1.
The Logical Domain creation process allows the creation of LDoms with 1 GB of memory, but Oracle Solaris 11.2 requires a minimum of 2 GB. The creation job fails and the LDom cannot be used.
Workaround
When creating a Logical Domain with Oracle Solaris 11.2, do not assign it less than 2 GB of memory.
After backing up the Enterprise Controller and restoring from that backup on a new system with the same hostname, a duplicate Enterprise Controller system is displayed in the UI in an unknown state.
Workaround
Delete the missing assets from the user interface. If you cannot delete the missing assets from the user interface, delete the missing assets from CLI.
Launch the CLI on the system hosting the Enterprise Controller.
/opt/SUNWoccli/bin/oc
Type connect to connect to the Enterprise Controller.
Type gear to enter the gear mode.
Type list to list the assets to get the UUID of the asset you want to delete.
Delete the assets by using the following command:
delete -U <UUID> -f
During a restoration of an Enterprise Controller on a new system where the EC will be using a new IP, any remote Proxy Controllers will need to be redirected to the new Enterprise Controller IP. This is done with the proxyadm
command option (added in 12.3.1.0.0) to reconfigure the Proxy Controller to the new Enterprise Controller IP.
From the remote Proxy Controller use:
proxyadm update -s|--satellite-ip <Enterprise Controller IP>
Do not use any form of the proxyadm unconfigure/configure commands for this purpose. This will cause the assets that are connecting through the Proxy Controller to be lost.
Ops Center does not currently support OpenStack. A non-global zone created from OpenStack will be properly discovered in Ops Center (if its global zone is discovered), and Ops Center will be able to change its configuration using Solaris CLI. However, OpenStack does not support changing a non-global zone configuration using an external tool. Do not change the configuration of a non-global zone created with OpenStack, or it will cause issues in OpenStack.
On Oracle Solaris 10 systems, zstat on occasions produces excessive amounts of data in /var/adm/exacct/zstat-process resulting in filesystem fillup in production environment.
Workarounds
A temporary workaround is to run the following command:
svcadm restart svc:/application/xvm/zstat:default
However, this only clears the file temporarily, it will continue to grow.
A permanent workaround tells zstat not to record detailed tracking of system processes. Run the following commands on the system:
% mkdir -p /etc/opt/sun/oc % echo "zstat_exacct_allowed=false" > /etc/opt/sun/oc/zstat.conf % chmod 755 /etc/opt/sun /etc/opt/sun/oc % chmod 644 /etc/opt/sun/oc/zstat.conf % chown -Rh root:sys /etc/opt/sun/oc % /opt/SUNWxvmoc/bin/agentadm stop % /opt/SUNWxvmoc/bin/agentadm start
If a hostid generated in zonecfg is not within the range 0x0 to 0x7fffffff, then there is no hostid in the kernel zone operating system.
As the hostid is the correlation entry in Oracle Enterprise Manager Ops Center, following are the consequences:
If the kernel zone is running, the kernel zone asset is discovered or is removed from the Oracle Enterprise Manager Ops Center as you get the hostid from the OS.
If the kernel zone is not running, the kernel zone asset is recreated with the hostid set.
If the OS of the kernel zone is discovered, an OS is created but it does not correlate with the kernel zone asset as there is no hostid.
Workaround 1
Update the kernel zone to a SRU when the hostid problem is fixed. Remove the operating system of the kernel zone from the Oracle Enterprise Manager Ops Center and rediscover the asset with or without agent.
Workaround 2
Change the hostid in the kernel zone by providing a hostid that it supports using the command:
zonecfg -z <kz> set hostid=...
Remove the image UUID by using the command:
zonecfg -z <kz> remove attr name=image-uuid
Refresh the global zone. This destroys the current kernel zone model and recreates a new one with a new hostid.
If the operating system is running an agent, unconfigure and reconfigure the agent. If the OS is discovered agentlessly, delete the OS asset in Oracle Enterprise Manager Ops Center and rediscover the OS.
The OSP S11 manifest does not have the iSCSI devices information to install the OS to an iSCSI disk. The iSCSI parameters are set incorrectly by CDOM OSP.
Hence, it installs the OS to a local disk.
After discovering a system with a USB VNIC, an extra ethernet fabric appears in the domain model.
During the system discovery, the Oracle Enterprise Manager Ops Center must skip the USB interfaces. But, as the system is discovered with a USB VNIC with an IP plumbed on it, all the USB interfaces are considered as regular interfaces and causes an extra ethernet fabric to appear in the domain model. This leads to incorrect domain model and affects the network functionality.
Oracle Enterprise Manager Ops Center does not support USB network creation or representation.
As the USB network creation or representation is not supported, creating fabric for a USB data link on a server is not useful.
Logical Domains are identified by their domain UUID and their host ID.
Two logical domains managed by Oracle Enterprise Manager Ops Center with the same host ID leads to domain model corruption and an incorrect representation of the logical domains in the user interface with the following instances:
Only one of the two logical domains appears in the navigation tree.
The same logical domain appears under two different control domains in the navigation tree.
For example, consider two domains guest-1 and guest-2 belonging to f1.example.com and f2.example.com respectively, have the same host ID. This leads to the either of the following incorrect representations of the logical domains:
only guest-1 is displayed under f1.example.com in Oracle Enterprise Manager Ops Center UI navigation tree.
guest-1 is displayed twice, under f1.example.com and f2.example.com and guest-2 is not displayed.
Workaround
To repair the guest with the host ID collision, delete all the existing resources of guest in collision with and recreate the guest with a new hostid that does not exists in the Oracle Enterprise Manager Ops Center domain model. The repair procedure is as follows:
Identify the guest in collision using the Oracle Enterprise Manager Ops Center CLI with the following command:
localhost > collisions localhost/collisions > list -t all CRITICAL collision on hostid 11111111 : server | name | UUID | MAC | ---------------------------------------------------------------------------------------------------------------------------- f1.example.com | guest-1 | 0ee154ca-4f80-4e9c-a698-a403baf7b92a | 00:14:4F:FB:72:E9 f2.example.com | guest-2 | bbeb689c-79bf-4954-9afb-ce55f86e307d | 00:14:4F:F9:1B:C0
This indicates that guest-1 and guest-2 are in collision and guest-2 needs to be repaired.
Delete the Operating System asset as a wrong operating system may be displayed in case of collision under a given logical domain.
Select the OS of the logical domain in the left navigation panel.
Select Delete Assets in the Actions pane.
Change the host ID in collision using the following command:
Log in to f2.example.com.
Stop the logical domain using the following command:
ldm stop guest-2
Set a new host ID using the following command:
ldm set-domain hostid=0x22222222 guest-2
Set the hostid-collision-repair
variable using the following command:
ldm set-var hostid-collision-repair=true guest-2
Start the logical domain by using the following command:
ldm start guest-2
Refresh the respective control domain.
Log in to Oracle Enterprise Manager Ops Center user interface.
Select the f2.example.com control domain in the left navigation panel.
Select Refresh in the Actions pane.
The logical domains appear under their respective control domains.
Discover the Operating Systems using Add Assets in the Actions pane.
The operating systems appear under their respective control domains.
When performing dynamic zone management operations, current Oracle Enterprise Manager Ops Center behavior is to update the persisted zone configuration prior to the live zone configuration.
If a job fails to update the live zone configuration, the persisted zone configuration may be updated successfully. To synchronize the live zone configuration with the configuration displayed in Oracle Enterprise Manager Ops Center, restart the non-global zone.
Migrating local 12c database to remote 12c database with container times out after several hours as it was unable to lock an object during migration.
Ops Center migration from local database to remote database fails with the following error:
ORA-04021: timeout occurred while waiting to lock object
The ORA-04021 timeout error is caused by another session locking or using a package that you are attempting to execute. During migration, the Enterprise Controller drops and recreates the remote DB procedure copy_oc_schema
, if it exists from previous migration attempt. If the previous migration was aborted, this may cause a lock hold in the remote schema procedure copy_oc_schema
and the current migration waits until the lock is released or timeout occurs.
Workaround
Apply the solution found in MOS Note 2079362.1: Ops Center migration from local database to remote database fails with error ORA-04021: timeout occurred while waiting to lock object
.
While importing the latest X3-2 firmware zip file, it displays an error.
The following error is displayed:
Error in reading firmware metadata information.
ILOM 3.2.4.26.b r101722
BIOS 17.11.05.00
Server 1.4.2 download
EC: 12.3.1.0.0
The issue is due the metadata file which indicates that the binary file is in the current directory. However, the binary file appears in the parent directory.
Workaround
Manually unzip and upload only the service processor metadata file.
When performing Update Management and Delete Assets actions on a Proxy Controller, the session times out due to inactivity.
The session times out due to the presence of an active old session. This leads to performance issues.
Workaround
Restart the Proxy Controller.
When an agent in an Oracle Solaris 10 non-global zone environment is uninstalled, it does not uninstall the truststore directory.
As a result, when the agent is rediscovered and the agent provisioning job is performed in the non-global zone, it displays the following error:
11/27/2015 03:26:32 PM MET ERROR 'echo mkdir:; /usr/bin/mkdir/zones/smvt-174-148/root//var/tmp/fromProxy/' exited with status: 2 (80055)
Workaround
Manually remove the /var/tmp/fromProxy
when uninstalling the agent controller and rerun the provisioning job.
Note:
This issue is fixed in version 12.3.2.
A LDAP user cannot download or upgrade Oracle Enterprise Manager Ops Center version 12.2.2 to version 12.3. If a LDAP user is used for this action it will impact the download action for all users.
Note:
This issue is fixed in version 12.3.1.
Note:
You can download or upgrade from version 12.3.1 to any later version using an LDAP user, but cannot use an LDAP user when downloading or upgrading from version 12.2.2 to version 12.3 and from version 12.3 to version 12.3.1.
You must have a non-LDAP user with the Ops Center Admin role to initiate the upgrade or to download the updates. If an LDAP user with the Ops Center Admin role is used, then the following error is displayed:
No upgrades found.
If this error is also displayed for local users with Ops Center Admin role, then restart the Enterprise Controller for a non-LDAP user to be able to download the update.
In Oracle Enterprise Manager Ops Center 12.3.1, you cannot use local devices when creating a kernel zone in LDOM.
Oracle Enterprise Manager Ops Center uses full device path when using a LDOM local device in a kernel zone.
The job fails with the following error:
Must be a block device or regular file
Workaround
Use direct LUN access from a SAN library.
Oracle Linux 7.1 is supported for OS provisioning, monitoring and management but not supported for EC installation, PC installation, and OS patching.
Oracle Linux 7.0 is supported for monitoring and management but not supported for OS provisioning, EC installation, PC installation, and OS patching.
Note:
Oracle Linux 6.6 and Oracle 6.7 is not supported for OS patching.
Note:
Starting with version 12.3.2, Oracle Linux 7.0 and 7.1 supports EC and PC installation.
Once you have upgraded to version 12.3.1, if you are using a customer-managed database, you cannot revert to an earlier version by reverting only the Enterprise Controller system to a saved boot environment. You must revert both the Enterprise Controller system and database system to the same pre-upgrade state.
If you revert to an earlier version, all monitoring data gathered since the reversion point is lost.
Do not upgrade the Java version on Oracle Solaris 10 Control Domains or Logical Domains that have LDOM Manager version 3.2 or earlier installed. An issue with the latest version can cause agent communication issues on these systems.
If you have upgraded the Java on these systems to version 1.6.0_101 or higher, downgrade to Java 1.6.0_95.
Ops Center version 12.3.1 displays Create Oracle Kernel Zones action as available for Oracle Solaris 10 global zone.
This option should be available only for Oracle Solaris 11 global zone.
If a deployment plan is initiated to create multiple zones in one job, using LUNs from a SAN library as zone storage, the deployment wizard uses a LUN for each zone from the SAN library as storage. The LUNs used are not locked until the matching zone gets created.
If a second deployment plan is initiated using the same SAN library, when the first deployment plan is still in progress, the deployment wizard will use the same available LUNs for zone storage which were already used earlier.
Therefore, both jobs will partially fail with only a few zones created. Do not submit these kind of jobs in parallel.
When adding an asset to the Enterprise Controller with network that is not associated with any Proxy Controller and if there are multiple Proxy Controllers, then the Job Manager cannot determine the right Proxy Controller for the discovery job and fails with an error.
The following error is displayed:
Job failed at start-up : There was no Network that could access <IP Address>.
The accounts that are created as part of the Oracle Enterprise Manager Ops Center 12c installation are not listed in the documentation.
The following users and groups are created in Oracle Enterprise Manager Ops Center 12c:
Enterprise Controller Users - svctag, allstart, uce-sds, xvm, webservd
Enterprise Controller Groups - jet, uce-sds, webservd
Proxy Controller Users - svctag, allstart, uce-sds
Proxy Controller Groups - jet, uce-sds
The svctag and xvm users are expected to have the default UIDs of 95 and 60, respectively. The UIDs for the other users depend on the OS settings and are not expected to be a specific value.
On an Oracle Solaris platform, when you reboot the global zone hosting the kernel zone based on iSCSI storage, an error is displayed.
Workaround
After the global zone has booted successfully, manually attach zones on the global zone again by using the following command:
zoneadm -z <ngz> attach
The zones disappear from the user interface. Hence refresh the Global zone to add them again.
During the creation of zone with a shared CPU, if you choose the allow override any profile values option, the shared CPU value is changed to dedicated CPU value and hence the creation of kernel zone fails.
The discovery of Kernel Zones using Infiniband is supported, but creating a Kernel Zone with Infiniband from Oracle Enterprise Manager Ops Center user interface is not supported.
If a Proxy Controller uses MD5 certificates, all the Agent Controllers using a latest version of JDK will not be able to register the Proxy Controller. This impacts the discovery, OS Provisioning, and manual installation.
To verify if the Proxy Controller uses MD5 certificates, use the keytool and check the signature algorithm name.
On the Proxy Controller:
For Oracle Solaris: /usr/jdk/latest/bin/keytool -v -list -keystore /etc/cacao/instances/scn-proxy/security/jsse/keystore
For Linux: /usr/java/latest/bin/keytool -v -list -keystore /etc/opt/sun/cacao2/instances/scn-proxy/security/jsse/keystore
On the Agent Controller:
For Oracle Solaris: /usr/jdk/latest/bin/keytool -v -list -keystore /var/opt/sun/xvm/security/jsse/scn-agent/truststore
For Linux: /usr/java/latest/bin/keytool -v -list -keystore /var/opt/sun/xvm/security/jsse/scn-agent/truststore
Workaround 1
On the Enterprise Controller or the Proxy Controller, depending on the operating system used by these systems, upgrade the local cacao to the latest version 2.4.7.0 or later.
For Oracle Solaris 10 and Linux OS, upgrading Oracle Enterprise Manager Ops Center will upgrade the cacao to latest version.
For Oracle Solaris 11 and later, to upgrade the cacao to latest version, use the pkg update entire
command.
Use cacaoadm create-keys command with -n
option and -d <directory>
for cacao to generate new keys in the <directory>
.
mkdir <directory> cacaoadm create-keys -n -d <directory>
Copy the useful files to the following location:
For Oracle Solaris:
cp <directory>/jsse/keystore /etc/cacao/instances/scn-proxy/security/jsse/keystore_new cp <directory>/password /etc/cacao/instances/scn-proxy/security/password_new-U <UUID> -f
For Linux:
cp <directory>/jsse/keystore /etc/opt/sun/cacao2/instances/scn-proxy/security/jsse/keystore_new cp <directory>/password /etc/opt/sun/cacao2/instances/scn-proxy/security/password_new
Follow the Replace the Certificate for the Enterprise Controller or Replace the Certificate for the Proxy Controller procedures as described in the Oracle Enterprise Manager Ops Center Security to propagate the new certificate using the CLI security mode and then activate it.
Workaround 2
This procedure can be applied on Agent Controllers or Virtual Controllers if their Proxy Controller uses MD5 certificates.
Note:
This procedure is not secure and hence not recommended.
Verify if the certificate has the Signature algorithm name as MD5withRSA
in the following location:
On the Proxy Controller:
For Oracle Solaris: /usr/jdk/latest/bin/keytool -v -list -keystore /etc/cacao/instances/scn-proxy/security/jsse/keystore
For Linux: /usr/java/latest/bin/keytool -v -list -keystore /etc/opt/sun/cacao2/instances/scn-proxy/security/jsse/keystore
On the Agent Controller:
For Oracle Solaris: /usr/jdk/latest/bin/keytool -v -list -keystore /var/opt/sun/xvm/security/jsse/scn-agent/truststore
For Linux: /usr/java/latest/bin/keytool -v -list -keystore /var/opt/sun/xvm/security/jsse/scn-agent/truststore
Note:
These commands for the Enterprise Controller or the Proxy Controller will prompt for a password. No password is required here and select Return.
If the MD5withRSA
signature exists, edit the following lines to remove MD5
and MD5withRSA
on the Agent Controller or the Virtual Controllers.
For Oracle Solaris, edit the following lines in the /usr/jdk/latest/jre/lib/security/java.security
file:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 76
For Linux, edit the following lines in the usr/java/latest/jre/lib/security/java.security
file:
jdk.certpath.disabledAlgorithms=MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 76
Restart the Agent Controllers or the Virtual Controllers.
If the Proxy Controller is configured to use only TLS 1.1 and 1.2, the Agent Controller using Java 6 version may not be able to connect.
Workaround
If the agent is installed with JDK version 6u115 or later, you can enable TLS 1.1 to resolve the communication issue with the following steps.
Note:
If the agent is installed with a JDK version lesser than 6u115, you cannot disable TLSv1.0 for agents at the proxy level without losing the agent.
Stop the Agent Controller.
/opt/SUNWxvmoc/bin/agentadm stop -v
Read the current value.
cacaoadm get-param tls-server-version-backup -i scn-agent
Set the value to 1.1.
cacaoadm set-param tls-server-version-backup=TLSv1.1 -i scn-agent
Restart the Agent Controller.
/opt/SUNWxvmoc/bin/agentadm start -v
Installation of a remote Proxy Controller on a Non-Global zone fails as the system does not include the system/picl
package.
Workaround
Install the system/picl
package and retry to configure and start the remote Proxy Controller using the proxyadm
command with the configure and start
subcommands.
The dynamic network edition of a zone is based on the Global Zone Solaris version. For Oracle S10 branded zones, the dynamic network edition should not be allowed.
Workaround
You can start a job when the zone is running. This job will not dynamically edit the zone configuration. You must restart the S10 branded zone at the end of the job for the zone configuration to be updated.
During the discovery of Oracle SPARC S7-2 and Oracle SPARC S7-2L systems, the discovery fails with an error message due to the servicestate
property which is disabled under the /SP/services/ipmi/
file on the service processor.
The following error message is displayed:
Discovery driver reported: Fail to retrieve the ethernet ports IPMI for host <IP> exit with errors: Error: Unable to establish IPMI v2 / RMCP+ session Get Channel Info command failed
This error message does not describe the cause for the failure and the fix for the issue.
Workaround
Log in to the service processor and enable the servicestate
property value by using the following commands:
cd /SP/services/ipmi/ set servicestate=enabled show /SP/services/ipmi/ /SP/services/ipmi Targets: Properties: servicestate = enabled v1_5_sessions = disabled
When creating a Kernel Zone from Oracle Enterprise Manager Ops Center user interface, if the user requires 2 interfaces, in order to connect 2 networks with an IP address in both interface in the Kernel Zone and if both networks are connected on the same interface in the Global Zone that will host the Kernel Zone, then both anets are properly created but one of the IPs may be missing in the Kernel Zone OS (the datalink is not configured in the OS).
Workaround
Create the Kernel Zone without a maximum of 1 network interface from the same Global Zone lower-link. Once the Kernel Zone is created, additional network connections may be added from the same Global Zone lower-link using the Attach Network action.
When adding a new network interface with an IP address to a running kernel zone from its server asset, the new anet will be added only in the persistent zone configuration but does not add in the live zone configuration.
As a consequence, the new IP address will not be set in the kernel zone operating system.
Workaround
Add the new network on a halted kernel zone and reboot the kernel zone at the end of the job in order to add the new anet, then add the IP address from the network tab of the Kernel Zone OS asset.
In some unique scenarios, the usage percentage shown by zpool list and zfs list differ. In such circumstances, the ZPool Usage Percentage would generate false alarms on environments prior to 12.3.2.
This issue has been resolved in 12.3.2. For a fresh Ops center 12.3.2 installation nothing has to be done. For an upgraded environment to 12.3.2, the following steps need to be performed to completely fix the issue:
For all the Managed OS Assets who are part of OC-Global Zone Monitoring Policy:
Go to Message Center, search for all raised incidents against the Alert Monitoring Rule ZPool Usage Percentage and delete them.
For all the Managed OS Assets which are not part of OC-Global Zone Monitoring Policy:
Disable or delete the existing OS Alert Monitoring Rule ZPool Usage Percentage and create the similar Rule but using the Monitoring Attribute as ZPoolUsage.name=*.zpoolUsedSpacePercentage .
To create a new monitoring rule:
For any managed OS asset with the Monitoring tab open in the center pane, click the Add icon.
Select Threshold from the menu.
Enter the monitored attribute as ZPoolUsage.name=*.zpoolUsedSpacePercentage and the description.
Define the amount of time that can elapse before an alert is generated, then define the alert severity parameters and limits.
Click Apply.
After an automatic move of the logical domain guest from a source server to a destination server, launching some operations on the recovered guest (reboot, delete, migrate, connect network, move metadata, automatic recovery) fails.
Error message displayed is as follows:
Could not perform operation because host ID collision has been found. You should apply the repair procedure described in Ops Center documentation and try again (61021).
Workaround
Some operations fail when the host ID collision detection finds two images for the recovered guest, on source server and destination server. This issue will be automatically fixed when the source server is reachable again, since the image gets cleaned once the server is available.
You can also set collision.actions.check.hostid to false. Navigate to Administration > Configuration > Virtualization panel to set the configuration variable. This will prevent checking host ID collisions before launching these operations. After the source server is available again, set the variable back to true.
There is mismatch between vlan tagging information shown on network Dashboard and Network Details tab.
vlan Tagging
attribute value as enabled, whereas Network Details tab shows vlan Tagging
attribute value as enabled only if vlan id is greater than VLAN_MIN value which is currently set to 2, otherwise it shows it as disabled for untagged networks.Workaround
Follow the Network Details tab to get the correct vlan tagging information about the network.
During the Oracle Enterprise Manager Ops Center upgrade with High Availability configuration, when attempting to reconfigure the standby node into the ECHA configuration, the ecadm ha-configure-standby
command will fail with the following error:
scp: /var/opt/sun/xvm/bui/conf/password: No such file or directory
Workaround
On the primary node, if /var/opt/sun/xvm/bui/conf/password
does not exist, execute the following:
echo "trustpass" > /var/opt/sun/xvm/bui/conf/password chmod 400 /var/opt/sun/xvm/bui/conf/password
After executing the above commands, retry the ecadm ha-configure-standby
command on the standby node.
When upgrade fails at a customer site for some reason, rolling back to previous version, the subsequent successful upgrade leaves Proxy Controller in OFFLINE state, until it is manually restarted by the customer. Without restart, the Proxy Controller remains unreachable (OFFLINE), affecting the upgrade of associated Agent Controllers.
Workaround
If Proxy Controller remains unreachable (OFFLINE) after upgrade, use proxyadm stop -w && proxyadm start -w to restart it.
oocli is not able to process correctly with shorter host ids. For example, reporting host ids collisions.
Workaround
Host ids must be 8 characters long with pre-pending zeros if necessary.
/opt/SUNWoccli/bin/oc -e 'connect -u root -p xxxxxxx ; collisions ; check -t hostid -v 0x00999996'
The logs show that after several days, EC seems to be stuck on waiting for connection to DB. It never recovers until EC is restarted. This issue occurs only on Solaris 11.3 Sparc EC.
grep CumulativeFailedConnectionWaitCount /var/cacao/instances/oem-ec/logs/cacao.0 CumulativeFailedConnectionWaitCount:38392 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:38426 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:0 CumulativeFailedConnectionWaitCount:38526
Workaround
Download ojdbc8.jar and ucp.jar and place them in /var/tmp/ on EC. You can download the jar files from
http://www.oracle.com/technetwork/database/features/jdbc/jdbc-ucp-122-3110062.html
Then execute following script on EC.
cp /var/tmp/ojdbc8.jar /opt/sun/n1gc/lib/oracle/
cp /var/tmp/ucp.jar /opt/sun/n1gc/lib/oracle/
rm /opt/sun/n1gc/lib/oracle/ojdbc7.jar
for i in \
/etc/cacao/instances/oem-ec/modules/com.sun.hss.satellite.domain.xml \
/opt/SUNWxvmoc/bin/ecadm; do cp $i $i.old; \
sed -e 's/ojdbc7.jar/ojdbc8.jar/g' $i.old > $i; done
/opt/SUNWxvmoc/bin/satadm stop -w
/opt/SUNWxvmoc/bin/satadm start -w
Ops Center fails to register with MOS starting with Java 8 Update 121 and newer, because these Java releases no longer include the required certificate. This only happens when an unregistered Ops Center tries to register. This includes new or upgraded installation that has not yet been registered, for example, switching from disconnected mode to connected mode and then registering Ops Center. The already registered Ops Center will continue to work. In order to register Ops Center, a Java certificate needs to be imported into the Java truststore.
Workaround
Copy and save the following certificate to a text file /var/tmp/second_chain.crt
Note:
The first line of the saved certificate file should start with:-----BEGIN CERTIFICATE-----
MIIE0DCCBDmgAwIBAgIQJQzo4DBhLp8rifcFTXz4/TANBgkqhkiG9w0BAQUFADBf MQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsT LkNsYXNzIDMgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDYxMTA4MDAwMDAwWhcNMjExMTA3MjM1OTU5WjCByjELMAkGA1UEBhMCVVMx FzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVz dCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZv ciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAz IFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8 RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKzj/i5Vbext0uz/o9+B1fs70Pb ZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhDY2pSS9KP6HBR TdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/ Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNH iDxpg8v+R70rfk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMB AAGjggGbMIIBlzAPBgNVHRMBAf8EBTADAQH/MDEGA1UdHwQqMCgwJqAkoCKGIGh0 dHA6Ly9jcmwudmVyaXNpZ24uY29tL3BjYTMuY3JsMA4GA1UdDwEB/wQEAwIBBjA9 BgNVHSAENjA0MDIGBFUdIAAwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVy aXNpZ24uY29tL2NwczAdBgNVHQ4EFgQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMwbQYI KwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEwHzAHBgUrDgMCGgQU j+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24uY29t L3ZzbG9nby5naWYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8v b2NzcC52ZXJpc2lnbi5jb20wPgYDVR0lBDcwNQYIKwYBBQUHAwEGCCsGAQUFBwMC BggrBgEFBQcDAwYJYIZIAYb4QgQBBgpghkgBhvhFAQgBMA0GCSqGSIb3DQEBBQUA A4GBABMC3fjohgDyWvj4IAxZiGIHzs73Tvm7WaGY5eE43U68ZhjTresY8g3JbT5K lCDDPLq9ZVTGr0SzEK0saz6r1we2uIFjxfleLuUqZ87NMwwq14lWAyMfs77oOghZ tOxFNfeKW/9mz1Cvxm1XjRl4t7mi0VfqH5pLr7rJjhJ+xr3/
-----END CERTIFICATE-----
Execute the following command to import the certificate into the truststore. If prompted for password, enter changeit
For Solaris:
keytool -importcert -file /var/tmp/second_chain.crt -keystore \ /usr/jdk/latest/jre/lib/security/cacerts
For Linux
keytool -importcert -file /var/tmp/second_chain.crt -keystore \ /usr/java/latest/jre/lib/security/cacerts
Output:
% keytool -importcert -file /var/tmp/second_chain.crt -keystore /usr/jdk/latest/jre/lib/security/cacerts
Enter keystore password:
Certificate was added to keystore
You can now proceed with registering Ops Center
If you have already attempted to configure and register Ops Center and it has already failed, then proceed with the certificate installation instructions above and then you should be able to register Ops Center. There is no need to restart the Enterprise Controller while installing the certificate or after.
This can be observed also on M7/T7. The problem is that on following servers, M8/T8 and M7/T7 if we have a guest there and we would like to migrate it to compatible server, target server is not recognized as compatible and not shown in the UI wizard.
Workaround
Restart OC agent on source and target server.
The following documents are related to installing and upgrading Oracle Enterprise Manager Ops Center 12c Release 3 (12.3.3.0.0).
Oracle Enterprise Manager Ops Center Release Notes, 12c Release 3 : This document provides links to other documentation for installing and uninstalling the software. It also includes a list of known issues related to installation and postinstallation configuration.
Oracle Enterprise Manager Ops Center Installation for Oracle Solaris Operating System, 12c Release 3: This document provides detailed instructions on performing a fresh installation of Oracle Enterprise Manager Ops Center on Oracle Solaris systems.
Oracle Enterprise Manager Ops Center Installation for Linux Operating Systems, 12c Release 3: This document provides detailed instructions on performing a fresh installation of Oracle Enterprise Manager Ops Center on Oracle Linux or Red Hat Enterprise Linux systems.
Oracle Enterprise Manager Ops Center Administration Guide, 12c Release 3: This document provides instructions on administering, managing, and uninstalling Oracle Enterprise Manager Ops Center.
You can view these documents in the Oracle Enterprise Manager Ops Center Documentation Library at http://docs.oracle.com/cd/E59957_01/index.htm
.
Oracle® Enterprise Manager Ops Center Readme, 12c Release 3 (12.3.3.0.0)
E59958-06
Copyright © 2007, 2017, Oracle and/or its affiliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services, except as set forth in an applicable agreement between you and Oracle.