The following steps must be performed before starting the upgrade during downtime:
Perform the steps in this section only if the upgrade to Release 12 is from Release 8 or Release 9. Skip this step if your starting point is Release 10. Starting in Release 10, all LifeCycle Management (LCM) operations use LCM schemas instead of SYS schemas. The LCM Schema Seed utility updates the environment so that Release 12 upgrade tasks use LCM users instead of the SYS user.
Before running this utility, check if the environment has Database Vault enabled. If it is enabled, then DVOWNER credentials must be available in the Credential Store Framework (CSF).
To run the utility, perform the following steps :
Create a work directory with read and write permissions, referred to as WORK_DIR
.
Download and unzip patch 21167623 in WORK_DIR
, which creates the following directories:
bin
ext/jlib/ext_jlib_jars/fapatchset/techpatch.jar
pcu/pcubundle.zip
sql
config
patches (the required patches are located in the following subdirectory)
fusionapps/patch/
rcu (this directory is used for the next step)
Download appsrcu
from the REPOSITORY_LOCATION
to the rcu
directory created in the previous step.
cp REPOSITORY_LOCATION/installers/apps_rcu/linux/rcuHome_fusionapps_linux.zip WORK_DIR/rcu cd WORK_DIR/rcu unzip rcuHome_fusionapps_linux.zip
Run the lcmSchemaSeedUtil.sh
utility from the bin directory created in Step 3 as follows:
This utility assumes that rcuHome_fusionapps_linux.zip
was unzipped in WORK_DIR/
rcu
unless a different location using the -rculoc
parameter is specified.
cd WORK_DIR/bin lcmSchemaSeeding.sh -appbase APPLICATIONS_BASE [-rculoc directory_name]
Review the log files located in APPLICATIONS_CONFIG/
lcm/lss_logs
.
LCM Schema Seed Utility for Solaris
The LCM Schema Seed Utility performs the following activities, which are internally orchestrated using the Tech Patch Utility (TPU) framework:
Applies the required LCM patches using OPatch
Runs a Password Change Utility (PCU) to seed the credentials for the 6 new schemas in the CSF
Runs the Repository Creation Utility (RCU) to create the new schemas
Runs the various SQL grant scripts to configure the new schemas properly
To make the LCM Seed Utility work for Solaris environments, run RCU separately by performing the following steps:
Create a work directory with read and write permissions, referred to as WORK_DIR
.
Download apps_rcu_11g
from the REPOSITORY_LOCATION
to the rcu
directory created in Step 1 as shown in the following example:
cp REPOSITORY_LOCATION/installers/apps_rcu_11g/linux/rcuHome_fusionapps_linux.zip WORK_DIR/rcu cd WORK_DIR/rcu unzip rcuHome_fusionapps_linux.zip
Set JAVA_HOME
and PATH
on the Solaris Machine.
Download and unzip patch 21189887 into a WORK_DIR
on the Solaris machine and run the WORK_DIR/bin/lcmSchemaSeeding.sh
in preRCU
mode. The Schema Seed Utility will apply the patches, run PCU, and then pause/exit. For example:
./lcmSchemaSeeding.sh -appbase <APPTOP> -rculoc <RCU location> -mode preRCU
Ensure that the JAVA_HOME
environment variable is set properly on the Linux machine.
rcu
to the Linux Machine as follows:
cp REPOSITORY_LOCATION/installers/apps_rcu_11g/linux/rcuHome_fusionapps_linux.zip WORK_DIR/rcu cd WORK_DIR/rcu unzip rcuHome_fusionapps_linux.zip
Unzip patch 21189887 into a WORK_DIR
on the Linux machine and run the WORK_DIR/bin/rcuWrapper_solaris.sh
script as follows:
./rcuWrapper_solaris.sh -rculoc <RCU location> -jdbcstring <JDBC connect string of database> -instancedir <Complete network path of instance dir>
LCM_SUPER_ADMIN LCM_USER_ADMIN LCM_EXP_ADMIN LCM_OBJECT_ADMIN DVACCTMGR DVOWNER
After creating the schemas, run the lcmSchemaSeeding.sh
script in postRCU
mode from the Solaris machine as follows:
./lcmSchemaSeeding.sh -appbase <APPTOP> -rculoc <RCU location> -mode postRCU
To ensure that all database schemas are registered in the credential store, perform the following steps on the primordial host, only once:
PCU_LOCATION/
fusionapps/applications
directory. PCU_LOCATION
is a folder specified as a property in PRIMORDIAL.properties
. This location must be within APPLICATIONS_CONFIG
. For example:
APPLICATIONS_CONFIG/lcm/tmp/pcu
Unzip SHARED_LOCATION/
11.12.x.0.0/Repository/installers/pre_install/pcubundle.zip
into PCU_LOCATION/
fusionapps/applications
.
cd PCU_LOCATION/fusionapps/applications/lcm/util/bin
JAVA_HOME
environment variable before running any commands in this section as follows:
setenv JAVA_HOME=java_home_location
All commands in this section must be run from PCU_LOCATION
/fusionapps/applications/lcm/util/bin
.
Run the templateGen
utility to create the csf_template.ini
template file as follows:
(UNIX) ./templateGen.sh -appbase APPLICATIONS_BASE -codebase PCU_LOCATION
For the -appbase
argument, specify the complete directory path to the APPLICATIONS_BASE
directory.
Refer to the following example commands:
(UNIX) ./templateGen.sh -appbase APPLICATIONS_BASE -codebase PCU_LOCATION
The templateGen
utility generates the following template files in the PCU_LOCATION/
fusionapps/applications/lcm/util/config
directory when the -codebase
option is used:
standard_template.ini
csf_template.ini
validation_template.ini
system_user_template.ini
standard_template.properties
csf_template.properties
The command also generates the pcu_output.xml
file in the same directory.
Make a copy of csf_template.ini
from the PCU_LOCATION
/fusionapps/applications/lcm/util/config
directory. In this example, the copy is named csf_plain.ini
.
Manually edit csf_plain.ini
as follows:
Set the master_password
property to the Master Orchestration Password you previously selected.
For each line that contains #text#
or #password#
, replace #text#
or #password#
with the correct value for the environment. Note that this password must be a minimum of 8 characters long and it must contain at least one alphabetic character and at least one numeric or special character.
Do not replace #text<WLS.USER>#,#password<WLS.PASSWORD>#
as they are used internally by PCU preseeding tools.
To prevent incorrect results, do not alter csf_plain.ini
beyond these changes.
Create an encrypted version of csf_plain.ini
and delete the clear-text input file. This step requires an encryption tool, such as the lcmcrypt
tool or the Linux gpg
tool, which takes an encrypted file and a passphrase and writes the decrypted contents to the standard output. In the following example, using lcmcrypt
, the command reads the passphrase from the standard input and produces an encrypted output file, csf_plain.ini.enc
:
(UNIX) echo master_password | ./lcmcrypt.sh -nonInteractive -encrypt -inputfile complete_directory_path/csf_plain.ini
Run iniGen.sh
in non-interactive mode, which also requires a decryption tool, to take an encrypted file and a passphrase and write the decrypted contents to the standard output. The following example uses lcmcrypt
:
(UNIX) echo master_password | ./lcmcrypt.sh -nonInteractive -decrypt -inputfile complete_directory_path/csf_plain.ini.enc | ./iniGen.sh -nonInteractive -templatefile PCU_LOCATION/fusionapps/applications/lcm/util/config/csf_template.ini -outputfile PCU_LOCATION/fusionapps/applications/lcm/util/config/csf_encrypted.ini -appbase APPLICATIONS_BASE -codebase PCU_LOCATION
The call to lcmcrypt
reads the passphrase from the standard input and writes the clear text version of csf_plain.ini.enc
to the standard output, which is then piped to the standard input of iniGen.sh
. iniGen.sh
uses the value of the master_password
property to encrypt all other passwords in the generated input file. It also alters the value of the master_password
property back to master_password=ignore_me
in the generated input file.
Update the CSF_ENCRYPTED_FILE
property in ORCH_LOCATION/
config/
POD_NAME/
PRIMORDIAL.properties
with the full directory path and file name for PCU_LOCATION
/fusionapps/applications/lcm/util
/config/csf_encrypted.ini
. For more information, see Table 11-2.
Do not use special characters, such as @, _, $, or #, when seeding passwords. The native Repository Creation Utilities (RCUs) for Enterprise Data Quality (EDQ) and Business Intelligence Cloud (BI_CLOUD) do not support creating the schema with special characters. If special characters are used, the password must be enclosed in quotes. However, the native RCUs for EDQ and BI_CLOUD do not support such characters.
On the clean up, the log files are copied from <staging directory>/fusionapps/applications/lcm/util/logs
to <normal_mode_log_directory>/preupg_<timestamp>
and the configuration files are copied from <staging directory>/fusionapps/applications/lcm/util/config
to <normal_mode_template_directory>/preupg_<timestamp>
. These include the wallets that were also generated in wallet directory <staging directory>/fusionapps/applications/lcm/util/config
.
For more information about the utilities used in this process, see Password and Certificate Management in the Oracle Fusion Applications Administrator's Guide.
Perform this procedure only if the upgrade to Fusion Applications Release 12 is from Release 8 or Release 9. Skip this step if the starting point is Release 10.
To prepare passwords for system users, perform the following steps:
Make a copy of system_user_template.ini
from the PCU_LOCATION/
fusionapps/applications/lcm/util/config
directory. In this example, the copy is named system_user_plain.ini
.
Manually edit system_user_plain.ini
as follows:
Set the master_password
property to the Master Orchestration Password previously selected.
For each line that contains #text# or #password#, replace #text# or #password# with the correct value for the environment. Note that this password must be a minimum of 8 characters long and it must contain at least one alphabetic character and at least one numeric or special character.
Do not replace #text<WLS.USER>#
, and #password<WLS.PASSWORD>#
. They are used internally by the SchemaPasswordChangeTool
.
MANDATORY: To prevent incorrect results, do not alter system_user_plain.ini
beyond these changes.
Create an encrypted version of system_user_plain.ini
and delete the clear-text input file. This step requires an encryption tool, such as the lcmcrypt
tool or the Linux gpg
tool, which takes an encrypted file and a passphrase and writes the decrypted contents to the standard output. In the following example, using lcmcrypt
, the command reads the passphrase from the standard input and produces an encrypted output file, system_user_plain.ini.enc
:
(UNIX)
echo password | ./lcmcrypt.sh -nonInteractive -encrypt -inputfile complete_directory_path/system_user_plain.ini
Run iniGen.sh
in non-interactive mode. Running this script also requires a decryption tool to take an encrypted file and a passphrase, and write the decrypted contents into the standard output. The following example uses lcmcrypt
:
(UNIX) echo password | ./lcmcrypt.sh -nonInteractive -decrypt -inputfile complete_directory_path/system_user_plain.ini.enc | ./iniGen.sh -nonInteractive -templatefile PCU_LOCATION/fusionapps/applications/lcm/util/config/system_user_template.ini -outputfile PCU_LOCATION/fusionapps/applications/lcm/util/config/system_user_encrypted.ini -appbase APPLICATIONS_BASE -codebase PCU_LOCATION
The call to lcmcrypt
reads the passphrase from the standard input and writes the clear text version of system_user_plain.ini.enc
to the standard output, which is then piped to the standard input of iniGen.sh
.
iniGen.sh
uses the value of the master_password
property to encrypt all other passwords in the generated input file. It also alters the value of the master_password
property back to master_password=ignore_me
in the generated input file.
Run the OPSS dup tool by following the steps listed in OPSS: How to Delete Duplicate Permission Entries in Fusion Apps Environment (Doc ID 2223825.1) available on My Oracle Support. To view this document, perform the following steps:
Go to My Oracle Support.
Click Sign In and log in using your My Oracle Support login name and password.
Click the Knowledge tab.
In the Enter search terms field, enter “Doc ID 2223825.1”
The Knowledge Base Search Results are displayed.
Click the document's hyperlink to view it.
Perform the following steps to upgrade to Oracle Fusion Applications Release 12 (11.12.x.0.0):
Pause Point 1 - Run RUP Lite for OVM in Pre-Root Mode (Oracle VM Only)
Pause Point 2- Upgrade Oracle Identity Management to Release 12
Pause Point 4- Run RUP Lite for OVM in Post-Root Mode (Oracle VM Only)
Pause Point 5 - Create the Incremental Provisioning Response File
Update Status to Success (Incremental Provisioning Response File)
Resume Upgrade Orchestrator (Incremental Provisioning Response File)
Before running RUP Installer, the following pre-upgrade steps must be performed:
The Database Credential Store (DBCS) Wallet Retrofit Utility runs on the Fusion Applications (FA) middle tier. As part of the DBCS Wallet Retrofit process, you must extract the credentials for all common users, the TDE wallet password (if any), and the Credential Store Framework (CSF) on the FA middle tier to a temporary wallet file. Then, run CCU on one of the database (DB) hosts in a special mode, which merges the contents of the temporary wallet into the DBCS wallet, creating the DBCS wallet in case it does not already exist. Finally, copy the updated DBCS wallet file to the other DB host.
Review the following steps before starting Upgrade Orchestrator:
Ensure that the steps in Prepare for the Release 12 Upgrade Before Downtime, Update the Oracle Fusion Applications and Oracle Identity Management Databases, and Run Pre-Downtime Checks have been successfully completed.
Optionally, perform the mandatory backup of Oracle Fusion Applications at this time. If this is chosen, it is possible to immediately resume orchestration when reaching the pause point for this backup.
If running on a Solaris platform, set the environment variables that are described in Environment Variables Required for Solaris.
Start Upgrade Orchestrator during downtime by running the following commands on all host types, including the respective scaled out hosts. See Options for the Orchestration Command When Starting Orchestration. The value POD_NAME
, for the -pod
argument, refers to the directory created in Unzip Orchestration.zip. The Master Orchestration Password, which was created in Preliminary Steps, is required.
If the DISPLAY variable is set, confirm it is accessible. If the DISPLAY variable is not set, run unset/unsetenv DISPLAY
before running orchestration.
Upgrade Orchestrator runs the tasks listed in the following table:
Table 6-2 Tasks Run During the PreDowntime and DowntimePreFA Phase
Task Name | Phase Name | Task ID | Host Types | Notes | |
---|---|---|---|---|---|
Verify current environment setup |
PreDowntime |
VerifySetupPlugin |
Primordial |
NA |
|
Validate Mandatory Orchestration Properties |
PreDowntime |
PropertyValidationPlugin |
All |
NA |
|
Validate Host Type |
PreDowntime |
HostTypeValidatePlugin |
All |
NA |
|
Validate RUP Lite for OVM Properties |
PreDowntime |
RupLiteOvmValidatePlugin |
All |
NA |
|
Register Database Schema Information |
PreDowntime |
RegisterDBSchemaInfo |
Primordial |
NA |
|
Validate Oracle Identity Management Setup |
PreDowntime |
IDMPreValidate |
IDM and Configuration |
This task may fail. If it fails, ignore the error and proceed. |
|
Download Email Template from OIM |
PreDowntime |
DownloadEmailTemplate |
IDM |
This task may fail. If it fails, ignore the error and proceed. |
|
Run PreUpgrade Tasks |
DowntimePreFA |
PreUpgradeTasks |
Primordial |
NA |
|
Export OWSM Repository |
DowntimePreFA |
ExportOWSMRepository |
Primordial |
NA |
|
Back up files in Smart Clone Environment (Oracle VM only) |
DowntimePreFA |
BackupFilesForSmartClone |
Primordial |
NA |
|
Disable Index Optimization |
DowntimePreFA |
DisableIndexOptimization |
Primordial |
NA |
|
Back Up the OPSS Security Store |
DowntimePreFA |
Backup OPSS |
Primordial |
NA |
|
Stop All Servers |
DowntimePreFA |
StopAllServers |
Primordial, Midtier |
NA |
|
Set CrashRecoveryEnabled Property to False |
DowntimePreFA |
DisableCrashRecoveryEnabled |
Primordial |
NA |
|
Stop OPMN Control Processes |
DowntimePreFA |
StopOPMNProcesses |
Primordial, OHS, Midtier |
NA |
|
Stop Node Managers |
DowntimePreFA |
StopNodeManager |
Primordial, Midtier |
NA |
|
Stop IIR Server on Midtier host |
DowntimePreFA |
StopIIRPlugin |
Midtier |
NA |
|
Uninstall IIR Server (If IIR is configured on primordial or Midtier) |
DowntimePreFA |
UninstallIIRPlugin |
Primordial |
NA |
|
Stopping Oracle Identity Management - AUTHOHS |
DowntimePreFA |
StopOHS |
IDM |
This task may fail. If it fails, ignore the error and proceed. |
|
Stopping Oracle Identity Management - OIM |
DowntimePreFA |
StopOIM |
IDM |
This task may fail. If it fails, ignore the error and proceed. |
|
Stopping Oracle Identity Management -OID |
DowntimePreFA |
StopOID |
IDM |
This task may fail. If it fails, ignore the error and proceed. |
Upgrade Orchestrator can exit for either a failure, a pause point, or upon successful completion. When orchestrator exits on failure, review the log files and take the appropriate corrective action. Then resume Orchestrator using the commands specified in this section.
For information about monitoring the progress of the upgrade, see Monitor Upgrade Orchestration Progress.
For information about troubleshooting, see the Monitor and Troubleshoot the Upgrade.
If the orchestration commands result in any hanging tasks on any host, do not use ctrl-C or ctrl-Z to exit. Update the status of the task that is hanging by using the commands in Upgrade Orchestrator Hangs. After exiting and fixing the issue that caused the hanging, restart Upgrade Orchestrator, using the commands specified in this section, on the hosts that were forced to exit.
If Oracle Fusion Applications is not running on an Oracle VM environment, proceed to Pause Point 2- Upgrade Oracle Identity Management to Release 12.
If Oracle Fusion Applications is running on an Oracle VM environment, orchestration pauses RUP Lite for OVM can be run in pre-root mode as the root user on the primordial, OHS, Midtier, and IDM hosts. Perform the steps in Run RUP Lite for OVM in Pre-Root Mode (Oracle VM Only).
After successful completion of running RUP Lite for OVM in pre-root mode, update the task status to success
by performing the following steps:
Resume orchestration on all host types, including the respective scaled out hosts, using the commands in Run Upgrade Orchestrator During Downtime, Steps 1 through 4.
For the steps to upgrade Oracle Identity Management (IDM) that are appropriate for your environment, see Upgrade Oracle Identity Management to Release 12.
Orchestration pauses after first RUP installer is completed. No manual step is required.
Recover From CAS Corruption Caused by Out of Memory Error During Attaching CAS Store (Solaris Only)
An out of memory error during attaching CAS store may happen in the first RUP Installer. You can check for these errors in the APPTOP/fusionapps/applications/cfgtoollogs/opatch/obrepoXXX.log
.
[Jan 21, 2017 12:03:50 PM] [INFO] [OPSR-TIME] Loading CAS libraries [Jan 21, 2017 12:03:50 PM] [INFO] [OPSR-TIME] CAS library loaded [Jan 21, 2017 12:03:50 PM] [INFO] [OPSR-TIME] CAS - attaching cas store [Jan 21, 2017 1:39:07 PM] [INFO] attachMain error: Corrupt master view: java.lang.OutOfMemoryError: Direct buffer memory [Jan 21, 2017 1:39:07 PM] [INFO] Stack Description: oracle.glcm.opatch.content.errors.FileWriteException: Corrupt master view: java.lang.OutOfMemoryError: Direct buffer memory
Remove the .cas
directory from the APPLTOP/fusionapps/applications/
directory.
Fix the memory setting in the oraparam.ini
under APPLTOP/fusionapps/applications/oui
by updating the memory setting for JRE_MEMORY_OPTIONS
from -mx1024m
to -mx3072m
.
obrepo attach
command:
OH/OPatch/obrepo attach -oh <OH location> -jdk <jdk location> -invPtrLoc <inventory pointer location for oraInst.loc>
APPLTOP/fusionapps/applications/OPatch/obrepo attach -oh APPLTOP/fusionapps/applications -jdk /u01/repository/jdk -invPtrLoc /u01/APPLTOP/fusionapps/applications/oraInst.loc
Resume with second RUP Installer.
Update the task status to success on all hosts by performing the following steps:
Resume orchestration on all host types, including the respective scaled out hosts, by performing Steps 1 through 4 as listed in Run Upgrade Orchestrator During Downtime.
Table 6-3 Tasks Run During Various Downtime Phases
Task Name | Phase Name | Task ID | Host Types |
---|---|---|---|
Run RUP Lite for Domain Configuration |
DowntimeDuringFA Phase |
RunRUPLiteForDomainsConfig |
Primordial, Midtier |
Start Node Managers |
DowntimeDuringFA Phase |
StartNodeManager |
Primordial, Midtier |
Start OPMN Control Processes |
DowntimeDuringFA Phase |
StartOPMNProcesses |
Primordial, OHS, Midtier, |
Update Topology Information and Worker Details |
DowntimeDuringFA Phase |
UpdateTopologyInfoPlugin |
Primordial, Midtier |
Run Oracle Fusion Applications RUP Installation Part 2 of 2 |
DowntimeDuringFA Phase |
RunSecondRUPInstaller |
Primordial |
Start Remote Workers for Applying Database Patches in Distributed Mode |
DowntimeDuringFA Phase |
StartRemoteWorkersPlugin |
Primordial, Midtier |
Clean up Worker Details Information for the Topology |
DowntimeDuringFA Phase |
CleanupTopologyInfoPlugin |
Primordial, Midtier |
Run Vital Signs Checks |
DowntimePostFA Phase |
VitalSignsChecks |
Primordial |
Prepare for Oracle Fusion Applications Web Tier Upgrade |
DowntimePostFA Phase |
CopyWebtierUpgradeToCentralLoc |
Primordial |
Stop Oracle Fusion Applications - APPOHS |
DowntimePostFA Phase |
StopOPMNProcesses |
OHS |
Remove Conflicting Patches for Oracle Fusion Applications Web Tier Oracle Homes |
DowntimePostFA Phase |
RemoveConflictingPatches |
OHS |
Upgrade Oracle Fusion Applications OHS Binaries |
DowntimePostFA Phase |
UpgradeOHSBinary |
OHS |
Upgrade Oracle Fusion Applications OHS Configuration |
DowntimePostFA Phase |
UpgradeOHSConfig |
OHS |
Star OPMN Control Processes |
DowntimePostFA Phase |
StartOPMNProcesses |
OHS |
Run RUP Lite for BI |
DowntimePostFA Phase |
RunRUPLiteForBI |
Midtier |
Run RUP Lite for Domain Configuration in online mode |
DowntimePostFA Phase |
RunRUPLiteForDomainsConfigOnline |
Primordial, Midtier |
Run RUP Lite for OVM in Online Mode as Application User |
DowntimePostFA Phase |
RupLiteOvmOnline |
Primordial, OHS, Midtier, IDM |
If Oracle Fusion Applications is running on an Oracle VM environment, orchestration pauses RUP Lite for OVM can be run in post-root mode as the root user on the primordial, OHS, Midtier, and IDM hosts. Perform the steps listed in Run RUP Lite for OVM in Post-Root Mode (Oracle VM Only) .
success
by performing the following steps:Resume orchestration on the Midtier hosts using the command in Run Upgrade Orchestrator During Downtime, Step 2.
Upgrade Orchestrator runs the tasks in the following table:
Table 6-4 Tasks Run During the DowntimePostFA Phase
Task Name | Task ID | Host Types |
---|---|---|
Set CrashRecoveryEnabled Property to True |
EnableCrashRecoveryEnabled |
Primordial |
Run Post Upgrade Health Checks |
PostUpgradeChecks |
Primordial, OHS, Midtier |
Run Data Quality Checks |
DataQualityChecks |
Primordial |
Orchestration pauses if one of the conditions described in Prepare Incremental Provisioning is met, so a response file for running incremental provisioning can be created. Perform the steps in Create an Extended Provisioning Response File in Oracle Fusion Applications Installation Guide.
Then, proceed to Update Status to Success (Incremental Provisioning Response File).
After successfully creating the response file for manual incremental provisioning, update the task status to success
on the primordial host as follows:
(Unix) cd ORCH_LOCATION/bin ./orchestration.sh updateStatus -pod POD_NAME -hosttype PRIMORDIAL -hostname host_name -release 11.12.x.0.0 -phase DowntimePostFA -taskid CreateIpResponseFilePausePointTask -taskstatus success
Resume orchestration on the primordial host, using the commands in Run Upgrade Orchestrator During Downtime, Step 1.
If the PERFORM_INCREMENTAL_PROVISIONING
property is set to true
in the pod.properties
file, orchestration pauses at this point, so incremental provisioning can be performed manually. Perform the steps listed in Perform Incremental Provisioning in the Oracle Fusion Applications Installation Guide.
<APPTOP>/instance/fapatch/FUSION_env.properties
on the CommonDomain AdminServer host. The values of the following properties in the file should be edited to specify the host and port of the OID where the OPSS policy store lives:
POLICY_STORE_LDAP_HOSTNAME=<fully qualified OID host name>
POLICY_STORE_LDAP_PORT=<OID port>
POLICY_STORE_CONNECT_PROTOCOL_SSL=<Yes/No>
Set the value to Yes or No depending on whether the policy store communicates with Fusion Application in secure mode or not.
This is required to be done only if Incremental Provisioning is run to add new provisioning offerings during upgrade and should be done only after Incremental Provisioning is complete and before 'postUpgradeCleanup'
step of upgrade is run as part of the resumed upgrade flow.
If the policy store OID host and port is not known, please refer to the response file used to provision the environment initially. The values are found in properties OAM_OPSS_HOST and OAM_OPSS_PORT
respectively of the response file.
Then, proceed to Update Status to Success (Incremental Provisioning).
If the PERFORM_INCREMENTAL_PROVISIONING
property is set to false, this pause point does not occur and orchestration continues with the tasks listed in Table 6-5.
After successfully performing manual incremental provisioning, update the task status to success
on the primordial, OHS, and Midtier hosts:
Resume orchestration on all host types, including the respective scaled out hosts, using the commands in Run Upgrade Orchestrator During Downtime, Steps 1 through 3.
Upgrade Orchestrator runs the tasks shown in the following table:
Table 6-5 Tasks Run For the Language Pack Upgrade
Task Name | Task ID | Host Types |
---|---|---|
Run Post Incremental Provisioning Health Checks |
PostIPChecks |
Primordial, OHS, Midtier |
Run Post Upgrade GeneralSystem Health Checks |
GeneralSystemChecks |
Primordial, OHS, Midtier |
Update Topology Information and Worker Details |
UpdateTopologyInfoPlugin |
Primordial, Midtier |
Runs Configuration Actions for all Installed Languages |
LanguagePackConfig |
Primordial, Midtier |
Run Post Language Pack Health Checks |
PostLangPackChecks |
Primordial |
Perform Post Upgrade Configuration |
PostUpgradeConfiguration |
Primordial |
Run Post Upgrade Cleanup Tasks |
PostUpgradeCleanup |
Primordial |
Upgrade Orchestrator generates the Oracle Fusion Applications Orchestration Report upon successful completion of the upgrade, which is reviewed as a post-upgrade task. To continue with the upgrade after all tasks complete successfully, proceed to Run Post-Upgrade Tasks.
This section describes the detailed steps required only by the following default pause points:
Before performing an upgrade to Release 12 (11.12.x.0.0), check the Oracle Fusion Applications Technical Known Issues - Release 12 (Doc ID 2224140.1) for the latest information on required patches.
Perform the following steps to manually upgrade the Oracle Identity Management domain to Release 12 (11.12.x.0.0):
For more information about the Oracle Identity Management domain, see Overview of Upgrade Patches and About Identity Management Domain, Nodes and Oracle homes.
Oracle Identity Management for Oracle Fusion Applications 11g, Release 12 (11.12.x.0.0) includes patches for the following products that are installed in the Oracle Identity Management domain:
Oracle IDM Tools
Oracle Access Manager
Oracle WebGate
Oracle Internet Directory
The Oracle Fusion Applications Release 12 Identity Management software and patches for the appropriate platform are available in the Oracle Fusion Applications repository under SHARED_LOCATION/
11.12.x.0.0/
Repository/
installers
. Review the individual patch Readme
files before applying them.
This section describes the nodes and Oracle homes in the Identity Management domain for Oracle Fusion Applications 11g Release 12 (11.12.x.0.0).
Identity Management (IDM) Node
WEBLOGIC_ORACLE_HOME
: (For IDM provisioned environments, this is IDM_BASE/
products/dir/wlserver_10.3
):
Oracle WebLogic Server
IDM_ORACLE_HOME
: This is also known as the OID_ORACLE_HOME
. (For IDM provisioned environments, this is IDM_BASE/
products/dir/oid
). The following Oracle Identity Management products are installed in this Oracle home:
Oracle Internet Directory
Oracle Virtual Directory
Oracle Directory Services Manager
IDM_ORACLE_COMMON_HOME
: (For IDM provisioned environments, this is IDM_BASE/
products/dir/oracle_common
). The following Oracle Identity Management products are installed in this Oracle home:
Oracle Platform Security Services (OPSS)
Oracle Web Services Manager (OWSM)
Database Node
RDBMS_ORACLE_HOME
: This is the ORACLE_HOME
of the Oracle Database. Apply mandatory database patches to this Oracle home.
Perform the following tasks to upgrade Oracle Identity Management:
Ensure that the environment meets the following requirements before installing or uninstalling the patch:
Verify the OUI Inventory
OPatch needs access to a valid OUI inventory to apply patches. Validate the OUI inventory with the following command:
opatch lsinventory
If the command errors out, contact Oracle Support for assistance in validating and verifying the inventory setup before proceeding.
Confirm the executables appear in the system PATH
.
The patching process uses the unzip
and the OPatch
executables. After setting the ORACLE_HOME environment, confirm whether the following executables exist, before proceeding to the next step.
which opatch
which unzip
For more information about OPatch, see the Patching Oracle Fusion Middleware with Oracle OPatch section in the Oracle Fusion Middleware Patching Guide.
To stop the servers and processes, perform the following steps:
In the Oracle Identity Management domain, stop all Oracle Identity Management services and processes using the following sequence. Do not stop the database:
Stop the following servers and processes:
Oracle HTTP Server
Oracle Identity Manager managed servers
Oracle SOA managed servers
Oracle Identity Federation managed servers
Oracle Access Manager managed servers
Oracle Directory Services Manager
Oracle WebLogic Administration Server for the Oracle Identity Management domain
Oracle Virtual Directory
Oracle Internet Directory
For more information about specific commands for stopping components, see Stop and Start Identity Management Related Servers.
At a minimum, create the following backups:
Middleware home directory (including the Oracle home directories inside the Middleware home)
Local domain home directory
Local Oracle instances
Domain home and Oracle instances on any remote systems that use the Middleware home
The database
Ensure the backup includes the schema version registry table, as each Fusion Middleware schema has a row in this table. The name of the schema version registry table is SYSTEM.SCHEMA_VERSION_REGISTRY$
.
The Configurations and Stores—specifically, all data under the root node of the LDAP store
Any Oracle Identity Federation Java Server Pages (JSP) that was customized
The patching process overwrites JSPs included in the oif.ear
file. After completing the patching process, restore the custom JSPs.
In addition to the preceding backups, Oracle recommends performing your organization's typical backup processes.
Refer to the Backing Up Your Middleware Home, Domain Home and Oracle Instances, Backing Up Your Database and Database Schemas, and Backing Up Additional Configuration Information sections in the Oracle Fusion Middleware Patching Guide for detailed information about creating the backups.
The Database Client patches are available under the SHARED_LOCATION/
11.12.x.0.0/
Repository/
installers/dbclient/patch
directory. Follow the patch Readme
and apply all patches in the directory. To apply all patches, proceed as follows:
Set the Oracle home to RDBMS_ORACLE_HOME
, for example, ORACLE_HOME/u01/oid/oid_home
.
Go to the patch directory as follows:
cd SHARED_LOCATION/11.12.x.0.0/Repository/installers/dbclient/patch
Run opatch
using the napply
option.
Ensure the patches listed in Update the Oracle Fusion Applications and Oracle Identity Management Databases are applied on the Identity Management database to keep both Oracle Fusion Applications and Identity Management databases synchronized. To apply the patches, follow the steps listed in Update the Oracle Fusion Applications and Oracle Identity Management Databases.
Run RUP Lite for OVM in pre-root mode locally on every node on the Oracle VM, for example, primordial, Midtier, IDM, and OHS. Use the -i option to point to the Release 12 rupliteovm/metadata
directory that was set up as part of the pre-upgrade preparation in Prepare RUP Lite for OVM. Run this command as super user (root) as follows:
setenv JAVA_HOME java_home_directory cd /u01/lcm/rupliteovm bin/ruplite.sh pre-root -i ORCH_LOCATION/config/POD_NAME/11.12.x.0.0/rupliteovm/metadata
Then, proceed to Update Status to Success (Oracle VM Only).
rupliteovm/metadata
directory that was set up as part of the pre-upgrade preparation in Prepare RUP Lite for OVM. Run this command as super user (root) as follows:setenv JAVA_HOME java_home_directory cd /u01/lcm/rupliteovm bin/ruplite.sh post-root -I ORCH_LOCATION/config/POD_NAME/11.12.x.0.0/rupliteovm/metadata