This chapter describes how to upgrade your existing Oracle Identity Manager (IDM) environment for Oracle Fusion Applications to Release 12 (11.12.x.0.0). Perform the steps in this chapter after you have completed Resume Upgrade Orchestrator (Oracle VM Only).
Review the following flowchart and roadmap for an overview of the upgrade process for IDM for FA to Release 12.
Figure 7-1 Upgrade Process Flowchart for IDM for FA
The following table lists the high-level steps that you need to perform to upgrade to Oracle Fusion Applications Release 11.12.x.0.0:
Table 7-1 Tasks for Upgrading IDM for FA to Release 12
Task | Required | Description |
---|---|---|
Review pre-upgrade requirements |
Required |
The pre-upgrade requirements include having your Oracle Fusion Applications IDM on Release 8 or 9 and backing up the IDM middle tier and database. See Pre-Upgrade Requirements. |
Identify your IDM topology |
Required |
Identify your IDM topology to choose the right upgrade procedure for your system. See Identify your IDM Topology. |
Disconnect Enterprise IDM integrations |
Required only if your IDM for FA is integrated with Enterprise IDM |
If your IDM for FA is integrated with Enterprise IDM, you must disconnect integrations. See Disconnect Enterprise IDM Integrations. |
Upgrade your type I IDM for FA |
Required only if your IDM environment was set up using IDM provisioning scripts |
After reviewing the requirements and confirming that you have the Type I IDM topology, run the upgrade steps. For the complete procedure, see Upgrade Type I IDM Environments. |
Upgrade your type II IDM for FA |
Required only if your IDM environment was not set up using IDM provisioning scripts |
After reviewing the requirements and confirming that you have the Type II IDM topology, run the upgrade steps. For the complete procedure, see Upgrade Type II IDM Environments. |
Reconnect Enterprise IDM integrations |
Required only if your IDM for FA is integrated with Enterprise IDM |
If your IDM for FA is integrated with Enterprise IDM and you disconnected integrations, you can now reconnect them. See Reconnect Enterprise IDM Integrations. |
Update Status to Success |
Required |
After successfully upgrading your IDM, update the task status to “success” on the IDM host. See Update Status to Success. |
Resume Upgrade Orchestrator to Upgrade Oracle Fusion Applications |
Required |
The IDM for FA upgrade process to Release 12 is complete. You can now resume Upgrade Orchestrator and continue with Pause Point 3. See Resume Upgrade Orchestrator to Upgrade Oracle Fusion Applications. |
The upgrade steps will vary according to the type of IDM installation you have.
Type I: IDM installation that was performed using IDM provisioning scripts without any subsequent manual scale out steps
Type II: IDM installation that was not performed using IDM provisioning scripts. This type also includes cases where a single node or EDG option was selected during your IDM provisioning and manual scale out was performed for second instances
lcmconfig
folder exists under the shared configuration folder. For example:
<SHARED_CONFIG>/lcmconfig/topology/topology.xmlWhere
<SHARED_CONFIG>
: /u01/IDMTOP/config
This folder is specific to the type I environment or provisioned using IDM provisioning scripts without any subsequent manual IDM scale out steps.
Perform this steps only if your IDM for FA is integrated with Enterprise IDM. You must disconnect integrations by cloning your IDM environment. The cloning process involves the following high-level steps:
Clone the IDM1 environment using the clone tool.
Perform sanity testing to ensure IDM2 is working correctly.
Rewire FA to point to IDM2.
Perform sanity testing to ensure FA is working correctly.
Upgrade IDM1 to a supported version.
Clone your IDM environment by following the steps as listed in Cloning Procedure in the Oracle Fusion Applications Cloning and Content Movement Administrator's Guide.
Perform sanity tests on IDM2 to ensure it is working correctly by following the steps as listed in Perform Validation Steps in the Oracle Fusion Applications Cloning and Content Movement Administrator's Guide.
/etc/hosts
should now point to IDM2. FA interactions with IDM is controlled by entries in the /etc/hosts
file of the FA machines. The following is an example file:
192.0.2.1 hostname.example.com hostname 192.0.2.1 idmhost1.osc.uk.example.com idmhost1 192.0.2.1 fahost1.osc.uk.example.com fahost1 192.0.2.1 scmhost1.osc.uk.example.com scmhost1 192.0.2.1 policystore.osc.uk.example.com policystore 192.0.2.1 idstore.osc.uk.example.com idstore
Update your FA OHS configuration. OHS configuration contains information about URL redirects, for example, sso.example.com
. This configuration needs to be updated to point to the new IP addresses of IDM2 instead of the existing IP of IDM1.
Perform sanity tests to ensure FA is working correctly.
This section describes how to upgrade type I IDM environments.
All of the perl files mentioned in the following sections are present under SHARED_LOCATION/idmUpgrade
.
All of the steps must be executed serially.
Before the upgrade of your type I IDM environment, perform the following tasks:
Obtain SHARED_LOCATION/11.12.x.0.0/idmUpgrade
as follows:
Unzip the patch 25734394 that you downloaded in Copy and Unzip idmUpgrade.zip into the machine that contains the IDM nodes.
Update the upgradeOnPremise.properties
file in the unzipped location, then modify the default values as applicable and provide values for all properties listed in the file. For more information about these properties, see IDM for FA Upgrade Properties Files.
Note:
Use the updatedupgradeOnPremise.properties
for all type I upgrade commands.Create the rcu
folder under FA_REPOSITORY/installers
.
Unzip the contents of <FA_REPOSITORY>/installers/fmw_rcu/linux/rcuHome.zip
into the rcu
folder.
rcu
folder recursively:
chmod -R 755 rcu
OID and OID scaled out (if present)
OIM and OIM scaled out (if present)
OHS and OHS scaled out (if present)
The following preValidateOnPremise.pl
script must be executed serially on each IDM node, including the scaled out nodes:
perl preValidateOnPremise.pl <node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
REPOSITORY_LOCATION
: Fusion Applications Release 12 repository.
preValidateOnPremise
command in the following order:
OID
perl preValidateOnPremise.pl OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
perl preValidateOnPremise.pl OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
OIM
perl preValidateOnPremise.pl OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
perl preValidateOnPremise.pl OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
OHS
perl preValidateOnPremise.pl OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
perl preValidateOnPremise.pl OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches upgradeOnPremise.properties
Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue. Rerun preValidate
and ensure it is successful.
After running the preValidate
script on your type I environment, manually download the OIM email template as follows:
Log in to the OIM host.
Go to the idmUpgrade
unzip location.
exportOIMDataOnPremise.pl
as follows:
perl exportOIMDataOnPremise.pl upgradeOnPremise.properties <SHARED_UPGRADE_LOCATION>/<podName>/emailTemplateDir/emailtemplate.xmlWhere
SHARED_UPGRADE_LOCATION
: It is located in pod.properties
, and its default value is /u01/sharedupgradelocation
.
Confirm that the status message at the end of the run is successful. If the script gives an error, check the error message and resolve the issue. Then, rerun exportOIMDataOnPremise.pl
and ensure it is successful.
Stop all IDM services by running the following command on all IDM nodes:
perl stopIDMOnPremise.pl <node type> upgradeOnPremise.properties
stopIDMOnPremise.pl
command in the following order:
OHS
perl stopIDMOnPremise.pl OHS-SO upgradeOnPremise.propertiesIf the environment is not scaled out, run the following command on the OHS node:
perl stopIDMOnPremise.pl OHS upgradeOnPremise.properties
OIM
perl stopIDMOnPremise.pl OIM-SO upgradeOnPremise.propertiesIf the environment is not scaled out, run the following command on the OIM node:
perl stopIDMOnPremise.pl OIM upgradeOnPremise.properties
OID
perl stopIDMOnPremise.pl OID-SO upgradeOnPremise.propertiesIf the environment is not scaled out, run the following command on the OID node:
perl stopIDMOnPremise.pl OID upgradeOnPremise.properties
Upgrade the binary files used by IDM components by running the following command on all IDM nodes:
perl idmUpgradeOnPremise.pl -node=<node type> -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
Where
REPOSITORY_LOCATION
: Fusion Applications Release 12 repository.
idmUpgradeOnPremise.pl
command in the following order:
OID
perl idmUpgradeOnPremise.pl -node=OID -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
perl idmUpgradeOnPremise.pl -node=OID-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
OIM
perl idmUpgradeOnPremise.pl -node=OIM -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
perl idmUpgradeOnPremise.pl -node=OIM-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
OHS
perl idmUpgradeOnPremise.pl -node=OHS -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
perl idmUpgradeOnPremise.pl -node=OHS-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=binary
Update the IDM configuration to Release 12 level by running the following config
upgrade commands on all IDM nodes:
perl idmUpgradeOnPremise.pl -node=<node type> -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
REPOSITORY_LOCATION
: Fusion Applications Release 12 repository.
idmUpgradeOnPremise.pl
command in the following order:
OID
perl idmUpgradeOnPremise.pl -node=OID -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
perl idmUpgradeOnPremise.pl -node=OID-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
OIM
perl idmUpgradeOnPremise.pl -node=OIM -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
perl idmUpgradeOnPremise.pl -node=OIM-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
If you are on a Solaris platform, after running this command on OIM perform the steps listed in Re-create IDM Schemas Manually (Solaris Only).OHS
perl idmUpgradeOnPremise.pl -node=OHS -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
perl idmUpgradeOnPremise.pl -node=OHS-SO -repoLocs=REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=./upgradeOnPremise.properties -mode=config
During IDM upgrade on Solaris platforms, the OIM Config step displays the following message in the IDM upgrade console:
On non-Linux platforms, run the rcu from a Linux machine. Please follow the manual steps documented in the IDM Upgrade Guide to load the required schemas and resume Upgrade.
To confirm that the upgrade was successful, run the following post-upgrade validation command on all IDM nodes:
perl postvalidateOnPremise.pl <node type> upgradeOnPremise.properties
idmUpgradeOnPremise.pl
command in the following order:
OID
perl postvalidateOnPremise.pl OID upgradeOnPremise.properties
perl postvalidateOnPremise.pl OID-SO upgradeOnPremise.properties
OIM
perl postvalidateOnPremise.pl OIM upgradeOnPremise.properties
perl postvalidateOnPremise.pl OIM-SO upgradeOnPremise.properties
OHS
perl postvalidateOnPremise.pl OHS upgradeOnPremise.properties
perl postvalidateOnPremise.pl OHS-SO upgradeOnPremise.properties
Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue.
After upgrade, you can start/stop the IDM components on a given node using the IDM provisioning start/stop scripts as described in Start and Stop All IDM Components on a Host.
This section describes the upgrade process for the type II IDM environments that have been installed using Oracle's A-team's one click installation scripts or by following the instructions in Fusion Middleware Enterprise Deployment Guide for Oracle Identity and Access Management.
This upgrade process reuses the database from the old environment and creates an entirely new parallel IDM environment, and involves the following high-level steps:
Run the Discovery Tool to discover your environment topology and configuration.
Set up a parallel True-up IDM environment matching the release of the current environment.
Migrate the configuration and artifacts from the existing environment.
Upgrade the true-up environment.
Note:
Do not clean the source environment until after the entire upgrade of the true-up environment is completed.All of the perl files mentioned in the following sections are present under SHARED_LOCATION/idmUpgrade
.
All of the steps must be executed serially.
Before the upgrade of your type II IDM environment, perform the following tasks:
Ensure that the user running the upgrade is the same user used for the installation of the IDM home. This user must have read/write access to the staging directories throughout the upgrade cycle.
Create stagedir
folder under SHARED_LOCATION
. stagedir
is the directory in the SHARED_LOCATION
that contains the artifacts generated by the Discovery tool.
Confirm that you have permission on stagedir
and that it is shared across all IDM hosts.
Verify that Webgate is configured on the OHS SO Node. If it is not configured, follow the steps as listed in Webgate Is Not configured on the OHS SO Node.
Table 7-2 FA IDM Patches for Type II Upgrades
Release | Environment | Patch Number |
---|---|---|
Release 8 |
Linux non-provisioned environment |
26504255 |
Release 8 |
Sparc non-provisioned environment |
26504255 |
Release 9 |
Linux non-provisioned environment |
26639496 |
Release 9 |
Sparc non-provisioned environment |
26639496 |
Obtain the SHARED_LOCATION/11.12.x.0.0/idmUpgrade
file as follows:
Unzip the patch 25734394 that you downloaded in Copy and Unzip idmUpgrade.zip into a location under SHARED_LOCATION//11.12.x.0.0
.
The directory must be writable and have at least 100MB empty space.
If the environment is spread across multiple machines, then the staging directory needs to be on a network shared and write-accessible from all IDM nodes.
Unzip the idmUpgrade.zip
file parallel to stagedir
in the SHARED_DIR
directory.
/u01/IDMTOP
: Both IDMTOP
and stagedir
must be shared across the OID and the OIM hosts, including SO hosts. The only exception is for the OHS hosts when they are in DMZ.
/u02/local/IDMTOP
: Local folder on each of the IDM hosts.
Ensure the u01
and u02
folders are created under root ("/")
with the same user and group that the existing IDM environment has.
Create the rcu
folder under FA_REPOSITORY/installers
.
Unzip the contents of <FA_REPOSITORY>/installers/fmw_rcu/linux/rcuHome.zip
into the rcu
folder.
rcu
folder recursively:
chmod -R 755 rcu
OID and OID scaled out (if present)
OIM and OIM scaled out (if present)
OHS and OHS scaled out (if present)
The topology discovery tool introspects the existing IDM environment to discover information that will be needed for setting up a parallel true-up environment.
Discovery also generates the following artifacts based on the existing environment to stage directory (stagedir
). These artifacts are used during the migration and upgrade processes. No additional input is necessary:
credconfig
: Folder that contains the discovery wallet
upgradeProps
: Folder that contains the upgrade wallet
idmMigration
: Folder that contains the migration wallet
discoverycache
: Folder that contains a list of the files required for migration
upgradeOnPremise.properties
: File that contains auto-generated properties required for the On-Premise upgrade. There are 2 properties that you can customize, OPSS_DB_PASSWORD
and OIF_11GR2_SINGNING_KEY_PWD
as they are new passwords. For more information about this file, see IDM for FA Upgrade Properties Files.
topology.xml
: File that contains information about the IDM topology such as server hosts, ports, mw_homes
, oracle_homes
, etc. related to source environment.
dest-topology.xml
: File that contains information about the IDM topology such as server hosts, ports, mw_homes
, oracle_homes
etc. related to destination true-up tar.
logs
: Folder that contains logs of the discovery tool. By default, the migration and the upgrade logs are pointed to the same location.
idmMigration.properties
: File that contains the properties required for the On-Premise migration. There are certain optional parameters that you can customize in this auto-generated file, such as LOG_DIR
.
Before running the discovery tool, perform the following steps. Note that if your environment has OIF and it is not up during discovery, then OIF will not be part of the upgrade process.
Set the following environment variables:
JAVA_HOME
to a valid JDK6 install in all IDM hosts.
MW_HOME
on the Admin Server machine to a Middleware Home location, for example, /u01/oracle/products/app
.
Ensure all IDM servers are up and running. If any of the servers is not running, the discovery fails and the next step of migration cannot be run.
On the IDM host where adminserver is present, and then on other hosts.
If OID and OIM are on separate nodes, first run discovery on the OIM host where adminserver
is present, then on the OIM scaled-out node, and then on the OID nodes.
If your set up has IDM nodes on different machines (including scaled out support), the discovery tool will have to be run serially on each IDM node.
Figure 7-2 Discovery Flow
Ensure stagedir
is shared between IDM hosts.
Run Discovery on IDM hosts as follows:
SHARED_LOCATION/idmUpgrade/discovery/bin ./idmdisc.sh -stagedir <location of the staging directory>
Note:
SHARED_LOCATION
should be shared across all nodes. Since idmUpgrade
and stagedir
are under SHARED_LOCATION
, they are automatically shared across machines.-topology
: The discovery tool updates the topology.xml
file, which contains information about all IDM nodes. For more information about this file, see Discover Topology.
-credconfig
: During the discovery process, the tool will prompt you for passwords to connect to IDM servers and services. These passwords will be stored in the credconfig
file to be used during later stages of upgrade. Both the topology.xml
file and credconfig
will be created inside stagedir
.
-logDir
: The location of the file where all discovery logs will be placed.
Verify whether stagedir
is shared between IDM and OHS hosts:
Run Discovery on OHS1.
Run Discovery on OHS2.
Copy the contents of the stagedir
from the IDM hosts to the stagedir
of OHS1.
stagedir
is shared between OHS1 and OHS2.
Run Discovery on OHS1.
Run Discovery on OHS2.
Copy the topology.xml
and dest-topology.xml
from the stagedir
of OHS2 to the stagedir
of the IDM hosts.
Run Discovery on OHS1.
Copy the contents of the stagedir
from the OHS1 to the stagedir
of OHS2.
Run Discovery on OHS2.
Copy the topology.xml
and dest-topology.xml
from the stagedir
of OHS2 to the stagedir
of the IDM hosts.
Oracle IDM Discovery Utility succeeded.
Discovery Questionnaire
The Discovery tool formulates some questions while being run. During the questionnaire, certain user names are set as defaults. Based on the relevance of values in your environment, you can either choose to use the same default user names as such by pressing enter or change them accordingly.
Note:
The words in parenthesis are defaulted values. You must change them accordingly.Table 7-3 Questions Formulated by the Discovery Tool
Question | Answer | Description |
---|---|---|
Is Note that if the OHS host(s) is in DMZ and |
Y |
Verify if the |
Are all IDM servers up and running, please confirm? [Y/N]: |
Y |
Verify that the servers are up and running. If they are, then enter Y. If you enter N, the discovery tool exits. |
Enter Weblogic Server (WLS) admin user name for domain |
Your username |
If the IDM Domain administrator is |
Enter password: |
Your password |
The IDM domain administrator password. |
Enter Oracle Identity Manager (OIM) admin user ( |
Your password |
The OIM admin user’s (usually |
Enter IDStore policy RW user, under user search DN ( |
Your username |
The |
Enter IDStore policy RW user password: |
Your password |
The |
Enter Oracle Access Manager (OAM) admin user name ( |
Your username |
The OAM admin user, also used to login to the OAM console. Here since it is different to the default, the value provided is oamAdminUser. |
Enter password for admin user DN cn=oamadmin,cn=Users,dc=us,dc=oracle,dc=com: |
Your password |
The OAM admin user password. |
Enter OIM DB sys password: |
Your password |
The OIM DB sys user password. |
Enter Oracle Internet Directory(OID) admin user name (cn=orcladmin): |
Your username |
The OID admin user. |
Enter Oracle Internet Directory(OID) admin password for cn=orcladmin: |
Your password |
The OID admin user password. |
Enter OID DB sys password: (OID DB sys user password) |
Your password |
The OID DB sys user password. |
Enter Oracle Virtual Directory (OVD) admin user name (cn=orcladmin): |
Your username |
The OVD admin user. |
Enter Oracle Virtual Directory(OVD) admin password for cn=orcladmin: |
Your password |
The OVD admin user password. |
A true-up environment is an entirely new IDM environment, which behaves exactly like the current IDM installation. Your true-up environment will conform to the layout and structure of an environment that has been provisioned using the IDM provisioning scripts provided by Oracle.
This section contains the following topics:
Before setting up your true-up environment, ensure you meet the following prerequisites:
The true-up environment must be set up on the /u01/IDMTOP
and /u02/local/IDMTOP
directories.
Ensure that the directories are owned by the same user who owns the current IDM installation.
To set up the binary files, you need the True-up tars.
To obtain these tars, use the patch 26504255 you downloaded in Copy and Unzip idmUpgrade.zip. The tars must be unzipped accordingly under root.
The patch contains the following zip files:
p26504255_111230_Linux-x86-64_1of5.zip
p26504255_111230_Linux-x86-64_2of5.zip
p26504255_111230_Linux-x86-64_3of5.zip
p26504255_111230_Linux-x86-64_4of5.zip
p26504255_111230_Linux-x86-64_5of5.zip
p26504255_111230_SOLARIS64_1of6.zip
p26504255_111230_SOLARIS64_2of6.zip
p26504255_111230_SOLARIS64_3of6.zip
p26504255_111230_SOLARIS64_4of6.zip
p26504255_111230_SOLARIS64_5of6.zip
p26504255_111230_SOLARIS64_6of6.zip
To ensure that the files are not corrupted, you can compare the checksum of the files listed above against the digests after downloading them.
ohs.tar.gz
oid.tar.gz
oimX.tar.gz
X
: is a digit.
cd / tar -zxvf <stagedir>/oid.tar.gz --keep-old-files
On the OIM node, run the following command:
cd / tar -zxvf <stagedir>/oim.tar.gz --keep-old-files
cd / tar -zxvf <stagedir>/ohs.tar.gz --keep-old-files
Note:
Do not use the option'--keep-old-files'
with the tar command on Solaris platforms.The tars will set up oracle homes and instance homes for IDM components inside the /u01
and /u02
directories.
This section describes how to migrate the configuration to the true-up environment. This section contains the following sections:
Before running migration, ensure the following prerequisites are met:
Stop only the IDM source environment. To minimize downtime, you can keep the services running when the binaries are set up and only shut down before the migration.
Ensure that your administrator passwords or schema passwords do not expire in the next 7 days.
Ensure that stagedir
is shared and mounted on same path on all hosts. This way when the stagedir
is passed during the invocation of migration on each host, the same directory path is passed.
cd SHARED_LOCATION/idmUpgrade
perl idmMigrateOnPremise.pl -node=<node type> -stagedir=<stage dir>
idmMigrateOnPremise.pl
command on each node in the following order:
OID
perl idmMigrateOnPremise.pl -node=OID -stagedir=<location of staging directory>
If the environment is scaled out, run the following commands on the OID scaled out node:
perl idmMigrateOnPremise.pl -node=OID-SO -stagedir=<location of staging directory>
OIM
perl idmMigrateOnPremise.pl -node=OIM -stagedir=<location of staging directory>
perl idmMigrateOnPremise.pl -node=OIM-SO -stagedir=<location of staging directory>
OHS
perl idmMigrateOnPremise.pl -node=OHS -stagedir=<location of staging directory>
perl idmMigrateOnPremise.pl -node=OHS-SO -stagedir=<location of staging directory>
idmMigrateOnPremise.pl
and ensure it is successful.After running migration, you must perform the following task:
After migration, you can start/stop the IDM components on a given node using the IDM provisioning start/stop scripts as described in Start and Stop All IDM Components on a Host.
After completing migration, you must manually register OID instances to enable the OID and OVD status to be shown in EM console.
$OID_INST_HOME/bin/opmnctl registerinstance -adminHost ADMINSERVER_HOST -adminPort ADMINSERVER_PORT -adminUsername ADMIN_USERAfter running this command, you are prompted for the admin user password.
Note:
You must perform this on each of the OID instances involved in the IDM setup.Check the server status.
Check the cluster status.
Check the data sources.
Ensure that all the deployments are either in "Running" or "Installed" state.
Log in to the EM console.
OIM Tests
xelsysadm
and perform the following steps:
Verify requests as follows:
Create a Request, such as updating the phone number information for xelsysadm
.
Go to your inbox and verify whether the request has come for approval.
Click the task, and click Approve in the Actions tab.
Click the refresh icon. The request comes back. Approve it again.
Ensure that the request’s details page shows the correct information.
Click users, and then search xelsysadm
.
Ensure that the phone number for xelsysadm
is modified.
Create a new user.
Log in using the newly created user.
Change the password for the user.
Log out and log in again with the same user using the new password.
In the left pane, under Event Management, click Reconciliation.
In the left pane, under System Management, click Scheduler.
Run any full reconciliation job, for example, LDAP User Create and Update Full Reconciliation.
Run any incremental reconciliation job, for example, LDAP User Create and Update Reconciliation.
OAM Tests
Log in to the OAM console.
The following preValidateOnPremise.pl
script must be executed serially on each IDM node, including the scaled out nodes:
perl preValidateOnPremise.pl <node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
Where
REPOSITORY_LOCATION
: Fusion Applications Release 12 repository.
STAGE_DIR
: Location of stagedir.
preValidateOnPremise
command in the following order:
OID
perl preValidateOnPremise.pl OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
perl preValidateOnPremise.pl OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
OIM
perl preValidateOnPremise.pl OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
perl preValidateOnPremise.pl OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
OHS
perl preValidateOnPremise.pl OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
perl preValidateOnPremise.pl OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches STAGE_DIR/upgradeOnPremise.properties
Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue. Rerun preValidate
and ensure it is successful.
After running the preValidate
script on your type II environment, manually download the OIM email template as follows:
Log in to the OIM host.
Go to the idmUpgrade
unzip location.
exportOIMDataOnPremise.pl
as follows:
perl exportOIMDataOnPremise.pl STAGE_DIR/upgradeOnPremise.properties <SHARED_UPGRADE_LOCATION>/<podName>/emailTemplateDir/emailtemplate.xml
WhereSHARED_UPGRADE_LOCATION
: It is located in pod.properties
, and its default value is /u01/sharedupgradelocation
.
Confirm that the status message at the end of the run is successful. If the script gives an error, check the error message and resolve the issue. Then, rerun exportOIMDataOnPremise.pl
and ensure it is successful.
Stop all IDM services by running the following command on all IDM nodes:
perl stopIDMOnPremise.pl <node type> STAGE_DIR/upgradeOnPremise.properties
Where
STAGE_DIR
: Location of stagedir.
stopIDMOnPremise.pl
command in the following order:
OHS
perl stopIDMOnPremise.pl OHS-SO STAGE_DIR/upgradeOnPremise.properties
If the environment is not scaled out, run the following command on the OHS node:
perl stopIDMOnPremise.pl OHS STAGE_DIR/upgradeOnPremise.properties
OIM
perl stopIDMOnPremise.pl OIM-SO STAGE_DIR/upgradeOnPremise.properties
If the environment is not scaled out, run the following command on the OIM node:
perl stopIDMOnPremise.pl OIM STAGE_DIR/upgradeOnPremise.properties
OID
perl stopIDMOnPremise.pl OID-SO STAGE_DIR/upgradeOnPremise.properties
If the environment is not scaled out, run the following command on the OID node:
perl stopIDMOnPremise.pl OID STAGE_DIR/upgradeOnPremise.properties
Upgrade the binary files used by IDM components by running the following command on all IDM nodes:
perl idmUpgradeOnPremise.pl -node=<node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
Where
REPOSITORY_LOCATION
: Fusion Applications Release 12 repository.
STAGE_DIR
: Location of stagedir.
idmUpgradeOnPremise.pl
command in the following order:
OID
perl idmUpgradeOnPremise.pl -node=OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
perl idmUpgradeOnPremise.pl -node=OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
OIM
perl idmUpgradeOnPremise.pl -node=OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
perl idmUpgradeOnPremise.pl -node=OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
OHS
perl idmUpgradeOnPremise.pl -node=OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
perl idmUpgradeOnPremise.pl -node=OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=binary
Update the IDM configuration to Release 12 level by running the following config
upgrade commands on all IDM nodes:
perl idmUpgradeOnPremise.pl -node=<node type> REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
Where
REPOSITORY_LOCATION
: Fusion Applications Release 12 repository.
STAGE_DIR
: Location of stagedir.
idmUpgradeOnPremise.pl
command in the following order:
OID
perl idmUpgradeOnPremise.pl -node=OID REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
perl idmUpgradeOnPremise.pl -node=OID-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
OIM
perl idmUpgradeOnPremise.pl -node=OIM REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
perl idmUpgradeOnPremise.pl -node=OIM-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=configIf you are on a Solaris platform, after running this command on OIM perform the steps as listed in Re-create IDM Schemas Manually (Solaris Only).
OHS
perl idmUpgradeOnPremise.pl -node=OHS REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
perl idmUpgradeOnPremise.pl -node=OHS-SO REPOSITORY_LOCATION/installers,SHARED_LOCATION/11.12.x.0.0_post_repo_patches -props=STAGE_DIR/upgradeOnPremise.properties -mode=config
To confirm that the upgrade was successful, run the following post-upgrade validation command on all IDM nodes:
perl postvalidateOnPremise.pl <node type> STAGE_DIR/upgradeOnPremise.properties
Where
STAGE_DIR
: Location of stagedir.
idmUpgradeOnPremise.pl
command in the following order:
OID
perl postvalidateOnPremise.pl OID STAGE_DIR/upgradeOnPremise.properties
perl postvalidateOnPremise.pl OID-SO STAGE_DIR/upgradeOnPremise.properties
OIM
perl postvalidateOnPremise.pl OIM STAGE_DIR/upgradeOnPremise.properties
perl postvalidateOnPremise.pl OIM-SO STAGE_DIR/upgradeOnPremise.properties
OHS
perl postvalidateOnPremise.pl OHS STAGE_DIR/upgradeOnPremise.properties
perl postvalidateOnPremise.pl OHS-SO STAGE_DIR/upgradeOnPremise.properties
Confirm that the status message at the end of the run is successful on each node. If the script gives an error, check the error message and resolve the issue.
After upgrade, you can start/stop the IDM components on a given node using the IDM provisioning start/stop scripts as described in Start and Stop All IDM Components on a Host.
If your IDM for FA is integrated with Enterprise IDM and you disconnected integrations as listed in Disconnect Enterprise IDM Integrations, then you must reconnect them by following the steps listed in Getting Started with Oracle Fusion Applications Bridge for Active Directory (Doc ID 2309139.1) available on My Oracle Support.
success
on the IDM host as follows:
(Unix) cd ORCH_LOCATION/bin ./orchestration.sh updateStatus -pod POD_NAME -hosttype IDM -hostname host_name -release 11.12.x.0.0 -phase DowntimePreFA -taskid UpgradeIDMPausePointPlugin -taskstatus success
pod.properties
file, using the command in Run Upgrade Orchestrator During Downtime, Step 4:
HOSTNAME_IDMOID
HOSTNAME_IDMOIM
HOSTNAME_IDMOHS
Table 7-4 Tasks Run During Various Downtime Phases
Task Name | Phase Name | Task ID | Host Types |
---|---|---|---|
Run Upgrade Readiness (During Downtime) Checks |
DowntimePreFA |
DuringDowntimeChecks |
Primordial, OHS, Midtier |
Remove Conflicting Patches for Oracle Fusion Middleware Component Oracle Homes |
DowntimePreFA |
RemoveConflictingPatches |
Primordial |
Upgrade JDK |
DowntimePreFA |
UpgradeJDK |
Primordial |
Run RUP Lite for OVM in Offline Mode as Application User |
DowntimePreFA |
RupLiteOvmOffline |
Primordial, OHS, Midtier, IDM |
Run Oracle Fusion Applications RUP Installation Part 1 of 2 |
DowntimeDuringFA Phase |
RunFirstRUPInstaller |
Primordial |
This section describes some properties files used in the IDM for FA Upgrade to Release 12 (11.12.x.0.0).
upgradeOnPremise.properties
Note:
The optional parameters are usually defaulted or introspected. You can change them if the property values differ in your environment.Property Name | Mandatory | Default Value | Description |
---|---|---|---|
DB_OIM_SYS_PASSWORD |
Yes |
Blank |
Password for the IDM sys DB |
DB_IDSTORE_SYS_PASSWORD |
Yes |
Blank |
Password for the OID sys DB |
NODE_MANAGER_PWD |
Yes |
Blank |
Password for the Node manager |
OID_IDSTORE_ORCLADMIN_PASSWORD |
Yes |
Blank |
Password for the OID admin user |
OVD_IDSTORE_ORCLADMIN_PASSWORD |
Yes |
Blank |
OVD admin user password |
OAM_ADMINUSER_PASSWORD |
Yes |
Blank |
Password for the OAM Admin user |
OIM_XELSYADM_PASSWORD |
Yes |
Blank |
Password for the OIM user xelsysadm |
IDM_DOMAIN_ADMIN_PASSWORD |
Yes |
Blank |
Password for the WLS Domain administrator user |
OAM_SW_USER_PWD |
Yes |
Blank |
Password for the OAM Software User account |
IDSTORE_USERSEARCHBASE |
Yes |
|
User search base |
IDSTORE_GROUPSEARCHBASE |
Yes |
|
Group search base |
ID_STORE_SEARCH_BASE |
Yes |
|
Search base for all |
TOPOLOGY_XML_FILE_LOC |
Yes |
|
Location of the topology.xml file |
START_STOP_SCRIPT_WORKING_DIR |
Yes |
|
Location of IDM Provisioning Start/Stop scripts |
IDMLCM_HOME |
Yes |
|
Location of IDMLCM home |
IDMUTILS_HOME |
Yes |
|
Location of Oracle IDMUTILS |
OID_JAVA_HOME |
Yes |
|
Location of OID MW JAVA HOME |
OIM_JAVA_HOME |
Yes |
|
Location of OIM MW JAVA HOME |
OHS_JAVA_HOME |
Yes |
|
Location of OHS MW JAVA HOME |
NODE_MANAGER_USER=admin |
No |
admin |
Node manager username |
OID_USER=cn=orcladmin |
No |
orcladmin |
OID admin username |
OVD_USER=cn=orcladmin |
No |
orcladmin |
OVD admin username |
IDSTORE_OAMADMINUSER=oamAdminUser |
No |
oamAdminUser |
OAM Admin user used to login to oamconsole |
IDM_DOMAIN_ADMIN=weblogic_idm |
No |
weblogic_idm |
IDM weblogic domain administrator username |
IDSTORE_OAMSOFTWAREUSER=oamSoftwareUser |
No |
oamSoftwareUser |
OamSoftwareUser present in OAM configuration |
FA_POLICYSTORE_NAME=cn=FAPolicies |
No |
cn=FAPolicies |
FA Policy store name |
AGENT_ID=Webgate_IDM |
No |
Webgate_IDM |
Webgate Agent ID |
APP_DOMAIN=IAMSuite |
No |
IAMSuite |
Application Domain Name |
HOST_IDENTIFIER=IAMSuiteAgent |
No |
IAMSuiteAgent |
Host identifier related to application domain |
ACCESS_CLIENT_PASSPHRASE_USER=user |
No |
user |
Access client passphrase user |
ACCESS_CLIENT_PASSPHRASE_PWD= |
No |
If not provided, the password is introspected |
Access client passphrase password |
NAP_GLOBAL_PASSPHRASE_USER=user |
No |
user |
NAP global passphrase user |
OPSS_DB_PASSWORD= |
No |
If not provided, it is defaulted to the OAM schema password |
New password for OPSS DB schema |
OIF_11GR2_SINGNING_KEY_PWD= |
No |
If not provided, it is defaulted to the OAM schema password |
New password required by OIF keystore for signing |
IS_OVD_SPLIT_CONFIGURE=false |
No |
If configured, set it to true |
Flag to identify if OVD Split Profile is configured or not |
SHADOW_ENTRIES_USER_CONTAINER_DN=cn=shadowentries |
No |
cn=shadowentries |
Container in Oracle Internet Directory when OVD split profile is configured |
The following table shows the location of the IDM Upgrade and migration log files:
Note:
These values may change based on the customization you perform to theLOG_DIR
property in the upgrade and migration properties file.Table 7-5 Log Files Location
Log | Location |
---|---|
Type I Upgrade |
|
Type II Migration |
|
Type II Upgrade |
|