This chapter describes how to upgrade an Oracle Identity Management Cold Failover Cluster environment to Oracle Fusion Middleware 11g.
This upgrade procedure involves the following tasks:
Task 1: Preparing for Upgrading Your Oracle Fusion Middleware Cold Failover Cluster Environment
Task 2: Install Oracle WebLogic Server and Create the Middleware Home
Task 5: Configure Oracle Internet Directory and Oracle Directory Integration Platform
Task 6: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation
Task 7: Upgrade Oracle Internet Directory and Oracle Directory Integration Platform
Task 8: Verify the Upgrade of Oracle Internet Directory and Oracle Directory Integration Platform
Task 9: Configuring the Upgraded Components for Active-Passive Deployments
Task 10: Configure Fusion Middleware Control to Monitor the Upgraded Components
The procedures in this chapter provide instructions for upgrading high availability environments supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4.0.1).
Before you begin, review the following sections for important prerequisite for the upgrade process.
Oracle Identity Management 10g Components Must Be Installed and Running on IDMHOST1
It is assumed that your Oracle Identity Management 10g components are installed and running on IDMHOST1. This is important because the Oracle Identity Management 11g components that you are upgrading must be installed on the same host as the Oracle Identity Management 10g components.
Only Oracle Internet Directory and Oracle Directory Integration Platform Components are Upgraded to 11g
As part of this procedure, only Oracle Internet Directory and Oracle Directory Integration Platform are upgraded to Oracle Fusion Middleware 11g. For more information about the differences between the components available in Oracle Application Server 10g and Oracle Fusion Middleware 11g, see Section 3.1, "Summary of the Oracle Identity Management 10g and 11g Components".
Understanding Oracle Fusion Middleware Cold Failover Cluster for 11g
Oracle Fusion Middleware provides an active-passive model for all its components using Oracle FMW Cold Failover Clusters. In an Oracle FMW Cold Failover Cluster configuration, two or more application server instances are configured to serve the same application workload but only one is active at any particular time.
For more information, see "Oracle Fusion Middleware Cold Failover Cluster Topology Concepts" in the Oracle Fusion Middleware High Availability Guide.
Database High Availability and Version Requirements
For information database requirements for upgrade, as well as additional upgrade information for Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware Upgrade Planning Guide.
For information about the supported high availability topologies in Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware High Availability Guide.
Before you begin these procedures, review the procedures and prerequisites available in Chapter 4, "Upgrading Your Oracle Internet Directory Environment".
For information about installing Oracle WebLogic Server 11g Release 1 (10.3.4) and creating the middleware home, refer to "Installing Oracle WebLogic Server 11g (10.3.4) and Creating the Oracle Middleware Home" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
For complete instructions for installing the Oracle Identity Management 11g components, including all the prerequisites and system requirements, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
The instructions provided here outline the key installation steps required when installing Oracle Internet Directory and Oracle Directory Integration Platform in preparation for an upgrade of your high availability environment.
To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network (OTN):
http://www.oracle.com/technology
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe file.
In the Installer, choose the Install Software - Do Not Configure option to install Oracle Identity Management components without configuring them during installation. If you choose the Install Software - Do Not Configure option, the Installer installs the component software and then closes. Oracle Identity Management components will not start running after deploying them using the Install Software - Do Not Configure option, as additional configuration is needed.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation tool.
Note:
Ensure that you do not configure a domain after installing the 11.1.1.2.0 Oracle Identity Management software.For complete instructions for installing the Oracle Identity Management 11.1.1.4.0 components, refer to the Oracle Fusion Middleware Patching Guide. Specifically, see the "Installing the Latest Oracle Fusion Middleware Software Using Patch Set Installers" topic in this guide.
For complete instructions on configuring Oracle Internet Directory and Oracle Directory Integration Platform, see the "Configuring Oracle Internet Directory (OID)" and "Configuring Oracle Directory Integration Platform (ODIP)" chapters in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management. For more information, see the "Creating a WebLogic Domain in Graphical Mode" topic in the Oracle Fusion Middleware Creating Domains Using the Configuration Wizard guide.
Before you upgrade run the Upgrade Assistant, use the following procedure to ensure that Oracle Internet Directory and Oracle Directory Integration Platform 10g and 11g are up and running on the host.
For example, you can use the opmnctl command:
ORACLE_HOME/opmm/bin/opmnctl status
Processes in Instance: cfc.mycompany.com
-------------------+--------------------+---------+---------
ias-component | process-type | pid | status
-------------------+--------------------+---------+---------
DSA | DSA | N/A | Down
LogLoader | logloaderd | N/A | Down
dcm-daemon | dcm-daemon | N/A | Down
HTTP_Server | HTTP_Server | 26117 | Alive
OID | OID | 26121 | Alive
For example, on a UNIX system, you can use the ps command and the grep command to search for the odisrv process in the resulting output:
$ ps -ef | grep odisrv oracle 15711 15552 0 21:17 pts/0 00:00:00 grep odisrv oracle 21597 1 0 Feb18 ? 00:00:00 /bin/sh /u01/app/oracle/product/10g/idm/odisrv instance=1 configset=0 port=636 sslauth=1 host=idmhost1.mycompany.com
Use the following OPMN command to verify that Oracle Internet Directory is up and running:
ORACLE_INSTANCE/opmnctl status
The output of the command should be similar to the following example:
Processes in Instance: oid_instance1 ---------------------------------+--------------------+---------+--------- ias-component | process-type | pid | status ---------------------------------+--------------------+---------+--------- oid1 | oidldapd | 31394 | Alive oid1 | oidmon | 31384 | Alive
Use the ldapbind command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind tool enables you to determine whether you can authenticate a client to a server.
For non-SSL:
ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q
For SSL:
ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
where:
U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
export ORACLE_HOME=/u01/app/oracle/product/11g/fmw_home/ods
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server.
For example:
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
Run the following command:
$ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser>
For example, on IDMHOST1, the command and successful output are shown below:
$ORACLE_HOME/bin/dipStatus
-h idmhost1.mycompany.com
-p 7005
-D weblogic
[Weblogic user password]
Connection parameters initialized.
Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
Connected successfully.
ODIP Application is active at this host and port.
Verify the Oracle Directory Services Manager installation by bringing up the ODSM Administration Console in a web browser.
The URL to access the ODSM Administration Console is:
http://hostname.mycompany.com:<port>/odsm/faces/odsm.jspx
For example, on IDMHOST1, enter this URL:
http://idmhost1.us.oracle.com:7005/odsm/faces/odsm.jspx
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:
Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
./ua
On Windows systems:
ua.bat
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Select Operation screen.
Select Upgrade Identity Management Instance on the Select Operation screen.
Refer to Table 13-1 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:
"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade AssistantDisplays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.
Table 13-1 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade
| Upgrade Assistant Screen | Description |
|---|---|
|
Specify Source Home |
Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home. If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide. |
|
Specify Destination Instance |
Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory. |
|
Specify WebLogic Server |
Enter the host and Administration Server port for the Oracle WebLogic Server you configured in "Task 2: Install Oracle WebLogic Server and Create the Middleware Home". Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server. |
|
Warning Dialog Box |
The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance. This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance. |
|
Specify Upgrade Options |
Select the upgrade options you want to apply to the Oracle Identity Management upgrade:
Click Help to display more information about the upgrade options on this screen. |
|
Specify OID Details |
Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the password to the Oracle Internet Directory super user account ( For more information, click Help. |
|
Specify Database Details |
Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database. Note the following important information about this screen:
|
|
Root action required screen |
This is only if you are using privileged port on a UNIX system. A configuration script needs to be run as root before upgrade can proceed. Leaving this window open, open another window, and run the When the script has completed, return to the Upgrade Assistant and click OK. |
Use Steps 3 through 5 of Section 13.6, "Task 6: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation" to verify that the upgraded Oracle Application Server Identity Management components are up and running.
Use the following steps to configure the upgraded components in an active-passive high availability environment.
Note that these steps reference specific sections in the Oracle Fusion Middleware High Availability Guide, which provides comprehensive instructions for configuring high availability in Oracle Fusion Middleware 11g:
Task 9a: Transform the Infrastructure Components for Cold Failover Clusters
Task 9b: Transforming Oracle Internet Directory and Its Clients for Cold Failover Clusters
Transform the infrastructure components that support the Oracle Internet Directory environment. For each step in this process, refer to the corresponding procedure in the Oracle Fusion Middleware High Availability Guide:
Table 13-2 Steps to Transform the Infrastructure Components for Cold Failover Cluster
| Step # | Description | Section in Oracle Fusion Middleware High Availability Guide |
|---|---|---|
|
1 |
Transform the Oracle WebLogic Server administration server |
"Transforming the Administration Server for Cold Failover Clusters" |
|
2 |
Transform the wls_ods managed server |
|
|
3 |
Transform the Oracle WebLogic Server node manager |
|
|
4 |
Transform the Fusion Middleware Control |
|
|
5 |
Transform the Oracle Process Manager and Notification Server (OPMN) |
"Transforming Oracle Process Management and Notification Server" |
|
6 |
Transform the Oracle HTTP Server |
After you have transformed the infrastructure components for Cold Failover Cluster, you can do the same for the upgraded Oracle Internet Directory 11g instance.
Refer to "Transforming Oracle Internet Directory and Its Clients" in the Oracle Fusion Middleware High Availability Guide.
After the Cold Failover Cluster transformation, the Oracle Enterprise Manager Fusion Middleware Control cannot display the correct status for some of the upgraded components.
To fix this problem, you must modify specific Fusion Middleware Control configuration files so they reference to the virtual host name used for the Cold Failover transformation instead of the physical host name.
Follow the steps below to update the Fusion Middleware Control configuration files:
Stop the Oracle Enterprise Manager Fusion Middleware Control agent:
ORACLE_HOME/bin/emctl stop agent
Modify the emd.properties file in the Oracle instance directory:
Change directory to the following directory in the Oracle instance:
ORACLE_INSTANCE/emagent/em_agent_name/sysman/config
Make a backup copy of the emd.properties file:
For example, on UNIX systems:
cp emd.properties emd.properties.bak
Edit the emd.properties file so it references the virtual host name, rather than the physical host name.
For example, if the physical host name is host1.mycompany.com and the virtual host name is cfcvip.mycompany.com, then you must change the reference accordingly in the following attributes in the emd.properties file:
REPOSITORY_URL
EmdWalletSrcUrl
emd_url
Modify the targets.xml file in the Oracle instance:
Change directory to the emd directory of the Oracle instance:
INSTANCE_HOME/emagent/em_agent_name/sysman/emd
Make a backup copy of the targets.xml file:
For example, on UNIX systems:
cp targets.xml targets.xml.bak
Modify targets.xml, as follows:
Modify the entries related to host and oracle_emd so they reference the virtual host name (for example, cfcvip.mycompany.com):
For example:
<Targets AGENT_TOKEN="ad4e5899e7341bfe8c36ac4459a4d569ddbf03bc">
<Target TYPE="oracle_emd" NAME=cfcvip.mycompany.com:5157"/>
<Target TYPE="host" NAME=cfcvip.mycompany.com
DISPLAY_NAME=cfcvip.mycompany.com/>
</Targets>
Remove all other <Target> entries in the file.
Modify the targets.xml file in the domain directory:
Change directory to the following directory in the Oracle WebLogic Server domain directory inside the Middleware home:
MW_HOME/user_projects/domains/domain_name/sysman/state
Make a backup copy of the targets.xml file:
For example, on UNIX systems:
cp targets.xml targets.xml.bak
Edit the targets.xml file and change all occurrences of the physical host name to the virtual host name.
For example, change all occurrences of host1.mycompany.com to cfcvip.mycompany.com.
Modify the topology.xml file in the domain directory:
Change directory to the following location in the domain directory inside the Middleware home:
MW_HOME/user_projects/domains/domainName/opmn
Make a backup copy of the topology.xml file:
For example, on UNIX systems:
cp topology.xml topology.xml.bak
Edit the topology.xml file and change all occurrences of the physical host name to the virtual host name.
For example, change all occurrences of host1.mycompany.com to cfcvip.mycompany.com.
Restart the administration server for the Oracle WebLogic Server domain.
Restart the Oracle Enterprise Manager Fusion Middleware Control agent:
INSTANCE_HOME/emagent/em_agent_name/emctl start agent INSTANCE_HOME/emagent/em_agent_name/emctl status agent
This section provides the steps to verify the transformation of the infrastructure and Oracle Identity Management components to Cold Failover Cluster:
Use the Virtual Hostname instead of the physical hostname to display the Fusion Middleware Control and the Oracle WebLogic Server Administration Console in your Web browser. The URLs are listed below:
Fusion Middleware Control: http://VirtualHostname:port/em
Oracle WebLogic Server Console: http://VirtualHostname:port/console
For example use a web browser and access the following consoles:
Fusion Middleware Control: http://idmhost-vip.mycompany.com/em
Oracle WebLogic Server Console: http://idmhost-vip.mycompany.com
Verify that the Oracle Identity Management 11g components are up and running. Use steps 3 through 5 in Section 13.6, "Task 6: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation".