Oracle® Fusion Applications Patching Guide 11g Release 7 (11.1.7) Part Number E16602-23 |
|
|
PDF · Mobi · ePub |
The Oracle Identity Management patching framework provides the tools to support updates to Oracle Identity Management software. This chapter introduces the Oracle Identity Management patching framework and its components.
This chapter contains the following topics:
Overview of the Oracle Identity Management Patching Framework
Understanding the Oracle Identity Management Patching Framework Concepts
The primary purpose of the Oracle Identity Management patching framework for Oracle Fusion Applications is to simplify and expedite the maintenance of the code and functionality shipped as part of Oracle Identity Management for the Oracle Fusion Applications suite of products.
The Oracle Identity Management patching framework coordinates the application of multiple patches to an Oracle Identity Management deployment and includes the following features:
Patches all products within the Oracle Identity Management domain, including dependencies
Runs across multiple machines
Uses shared or local storage
Runs during both initial provisioning and on an ongoing basis
Runs in a defined, tier-wise order, minimizing downtime based on the patches being applied
Stops and starts affected servers, as required and when appropriate
Includes the ability to execute post-patch artifact changes
Includes comprehensive state-sharing and reporting
Oracle Identity Management patching framework includes patches for the following products that are installed in the Oracle Identity Management domain:
Oracle Internet Directory
Oracle Virtual Directory
Oracle Directory Services Manager
Oracle Identity Federation
Oracle Access Manager
Oracle Identity Manager
Oracle HTTP Server
Oracle HTTP Server WebGate
Oracle SOA Suite
Oracle WebLogic Server
The Oracle Identity Management patching framework is composed of the Oracle Identity Management Patch Manager and the Oracle Identity Management Patcher tools. These tools work to apply patches to your Oracle Identity Management environment, with complete information of the deployment topology and verifying what services are running on which hosts. Based on the topology and the patches available, a patch session is created that defines and executes a patch plan. The Oracle Identity Management Patch Manager is used to generate the patch plan.
The patch plan is then executed by the Oracle Identity Management Patcher by:
stopping and starting servers
applying patches, as required, in an optimal manner
The Oracle Identity Management Patch Manager is a tool that generates the patch plan and controls the patch session.
The Oracle Identity Management Patch Manager generates the patch plan as follows:
A patch top directory containing patches, classified by each product subdirectory is provided to the tool.
The patch top directory is scanned and initial validations are performed.
The deployment topology is read and analyzed.
The information obtained in Step 2 and Step 3 is combined, and a patch plan is generated using the OPlan
utility. The patch plan is generated in HTML and plain-text formats, as well as binary format used for execution.
The topology data used by the tools is located in the topology store, which is an XML file located at $LCM_CONFIG/topology/topology.xml
. This file is generated by the Oracle Identity Management Provisioning Wizard and contains most of the environment information used by the tools to apply patches. Additionally, the provisioning.plan
file, located at $IDM_TOP/provisioning/plan
, is also used for some tasks.
The Oracle Identity Management Patcher is a per host patch execution engine. The Oracle Identity Management Patcher uses the patch plan generated by the Oracle Identity Management Patch Manager and executes the patch plan steps. These steps are applicable to the host where the Oracle Identity Management Patcher is running.
The Oracle Identity Management Patcher executes the steps until the next step in the patch plan is to be executed on a different host. If the steps in the patch plan are to be executed on a different host, then the Oracle Identity Management Patcher displays a message and exits. You may need to execute the Oracle Identity Management Patcher on a host multiple times if required, during the execution of a given patch plan, as different phases of the patch plan are executed.
The patch plan consists of the following three phases:
Patch Apply Prerequisite Phase (All services will be up)
The prerequisite checks are executed and no changes are made to the deployment. This phase can be executed before you plan your system downtime and apply patches. Any issues can be addressed immediately, which will enable the patches to be applied without any issues during downtime.
Patch Pre-Apply Phase (All services will be down)
All servers which must be down to apply patches are stopped. This is deployment-aware; for example, if the patch top consists solely of an Oracle Access Manager patch, you need not stop every server instance. Only Oracle HTTP Server and Oracle Identity Manager, which depend on Oracle Access Manager, and Oracle Access Manager itself will be stopped. Oracle Internet Directory will remain up during plan execution. This ensures that the downtime is minimized.
Patch Apply Phase (Limited services will be available)
Patches are applied, any artifact changes related to the patches are executed, and servers are started.
The Oracle Identity Management patching framework is installed when you provision an Oracle Identity Management environment using the Oracle Identity Management Provisioning Wizard.
For more information about installing the Oracle Identity Management Provisioning Wizard and the Oracle Identity Management patching framework, see the Oracle Fusion Middleware Enterprise Deployment Guide for Oracle Identity Management (Oracle Fusion Applications Edition).
The following sections detail the patch directory structure and property files you should verify to understand the different patch folders and ensure the correct variable values are set.
When you provision an Oracle Identity Management environment using the Oracle Identity Management Provisioning Wizard, the Oracle Identity Management patching framework directory structure is created as described in Table 6-1.
$IDM_LCM_TOP
: Root of the Oracle Fusion Middleware home where the Oracle Identity Management Provisioning Wizard and Oracle Identity Management patching framework is installed. $IDM_LCM_TOP
contains the executables for the Oracle Identity Management provisioning and patching tools.
$LCM_CONFIG
: Location where the Oracle Identity Management patching framework configuration files are located such as status files, logs and patch plan.
This directory exists under the /config
directory which also holds the WebLogic IDM Domain, OID and OHS instance files. /config
may or may not exist under the $IDM_LCM_TOP
, depending on options selected during the Oracle Identity Management Provisioning Wizard installation.
patch top Directory: Select any directory for organizing the downloaded patches. Create different sub-directories under the selected top-level directory for storing the patches product-wise.
You should download the patches to these sub-directories according to the products they belong to. It is not necessary to unzip the files as both zipped and unzipped formats are supported.
The top-level directory containing these sub-directories is referred to as patch top. Figure 6-1 illustrates the example of a patch top directory structure.
Table 6-1 details the Oracle Identity Management patching framework directory structure.
Table 6-1 Oracle Identity Management patching framework directory structure
Directory Structure | Description |
---|---|
|
Contains the patching framework executables and configuration files. |
|
Contains the Oracle Identity Management Patch Manager and Oracle Identity Management Patcher tools executable files ( |
|
Contains |
|
Contains scripts, property files required by patching framework to start-stop services as well as for applying artifacts. |
|
Contains status files, logs, patch bundles, and patch plan generated by the patching framework when a patch session is started. |
|
Contains the patch bundles created by the Oracle Identity Management Patch Manager from the patch top provided. This patch bundle is used by the Oracle Identity Management Patch Manager tool to generate the patch plan. |
|
Contains the patch plan in a machine-readable format, and other session information that the Oracle Identity Management Patcher uses to execute the patching steps. |
|
Contains host-based files tracking the execution state of each patch plan step. Also contains the Oracle Identity Management Patch Manager and Oracle Identity Management Patcher log files and the patch plan. |
|
Contains the topology store file |
The Oracle Identity Management patching framework requires correct values to be set in the patchtop-contents.properties
file and the env.properties
file.
The downloaded patches have to be organized in the following directory structure:
You should have a top-level patch top directory containing different subdirectories for storing product-wise patches.
The mapping between the products and the relative paths of the subdirectories under the patch top is stored in patchtop-contents.properties
.
The relative paths of the subdirectories should be populated correctly in the file patchtop-contents.properties
under the $IDM_LCM_TOP/patch/config/
directory to ensure that the Oracle Identity Management patching framework can find the patches.
Note:
There is a default structure already supported by the patchtop-content.properties
file. If you do not want to follow the existing directory structure for storing the patches, then ensure that the patchtop-content.properties
file is updated with the relative paths created under the patch top so that the patching framework can find the product-wise patches correctly.
The patchtop-contents.properties
file contents are detailed in Example 6-1.
Example 6-1 patchtop-content.properties file contents
#key: name of Fusion Middleware/Application patch component #value: list of PATCH_TOP subdirectories containing the patches of the component separated by commas. common=oracle_common/patch dir=idm/patch/oid, idm/patch/ovd, pltsec/patch oam=iamsuite/patch/oam, idm/patch odsm=idm/patch/odsm ohs=webtier/patch ohswg=webgate/patch oif=idm/patch/oif, oif/patch oim=iamsuite/patch/oim soa=soa/patch wls=smart_update/weblogic
The targets shown on the left side cannot be modified, but the values on the right side can be updated. These values are the relative paths from the patch top. If these paths are deleted from the file, the Oracle Identity Management patching framework assumes the default path location.
The env.properties
file located at: $IDM_LCM_TOP/patch/config/env.properties
contains all the environment variables required by the Oracle Identity Management patching framework as detailed in Table 6-2. These properties are populated by the provisioning flow. Before running the Oracle Identity Management Patch Manager and Oracle Identity Management Patcher tools, ensure that the environment variables detailed in Table 6-2 are set.
Table 6-2 Environment Variables
Name | Value | Mandatory | Description |
---|---|---|---|
JAVA_HOME |
JDK absolute path |
Yes |
The path pointing to the JDK location. |
IDM_TOP |
IDM_TOP absolute path |
Yes |
The absolute path of the IDM_TOP where IDM products are installed and configurations are stored. |
LCM_CONFIG |
IDMLCM absolute path |
Yes |
Absolute path where the IDMLCM configuration is stored. |
ANT_HOME |
Ant Home |
No |
Absolute path pointing to the root directory of an Apache Ant distribution. It is only required to apply artifact changes, and only for some products. However, without this set, affected artifact changes may not complete. Hence it is recommended to set this value. |
RETURN_MESSAGE_BUFFER_SIZE |
This buffer size includes standard output and error messages stored in log files. |
No |
The size of return message that is stored for each command executed. Affects the size of output printed to console and logs.Available Units:
|
COMMAND_TIMEOUT |
A number and unit. Default value: 3600s (1 hour) |
No |
Timeout value followed by unit. If command execution takes longer then it will be terminated.Permissible units are:
|
The env.properties
file is populated during the provisioning flow. However, if you are administering multiple IDM_TOP
s using a single Oracle Identity Management provisioning and patching tools install, then you should delete the values of the IDM_TOP
and LCM_CONFIG
variables from the env.properties
file and set the correct values.
There is also an option to set the environment variables through the command line using the commands listed. However, ensure that you delete the existing values from the env.properties
file before setting the values. For example, if you are using a POSIX-compliant shell, use the following command:
export JAVA_HOME=<JDK absolute path>
The Oracle Identity Management patching framework consists of the Oracle Identity Management Patch Manager and Oracle Identity Management Patcher tools. The following sections describe how to create and apply the patch plan:
Perform the following steps to create the patch plan using the Oracle Identity Management Patch Manager.
You run Oracle Identity Management Patch Manager by using the command line utility, idmpatchmgr
, located in the $IDM_LCM_TOP/patch/bin
directory ($IDM_LCM_TOP\patch\bin for Windows
). Its shell script sets the environment and calls the utility. For UNIX, the shell script is idmpatchmgr.sh
and for Windows, it is idmpatchmgr.bat
. You can run idmpatchmgr
with various commands and options.
Note:
You must run the Oracle Identity Management Patch Manager on the primordial host to create the patch plan.
The Oracle Identity Management Patch Manager maintains a stateful session to track the patch process coordination with the Oracle Identity Management Patcher tool.
Note:
A new patching session cannot be created until the existing session is completed or is aborted.
The Oracle Identity Management Patch Manager maintains a session file in the
$LCM_CONFIG/patch/session/
directory. The session file has the current state of the Oracle Identity Management Patch Manager patch session. At any given point in time there will be only one or zero active patch sessions existing on the primordial host.The patch session displays one of the following status as detailed in Table 6-3: The status COMPLETE
and INCOMPLETE
are the terminal states; whereas FAILED
and ABORTING
are recoverable states.
Table 6-3 Patch Session Status
State | Description |
---|---|
|
In-progress state. |
|
Halted state in response to a step failing execution. |
|
Halted state in response to the administrator issuing an abort command. |
|
Terminal state where all steps are executed. |
|
Terminal state if a session is aborted, either in response to a step execution failure or otherwise. |
The following command shows the basic syntax for the idmpatchmgr utility:
(UNIX) $IDM_LCM_TOP/patch/bin
/idmpatchmgr.sh command [-options]
(Windows) $IDM_LCM_TOP\patch\bin
\idmpatchmgr.bat command [-options]
In the preceding example, the following variables are used:
command: The idmpatchmgr
utility manages patching-related activities by using one of the commands as described in Table 6-4.
options: The idmpatchmgr
commands accept options by using command-line arguments, as described in the specific sections for each idmpatchmgr
command.
Table 6-4 Oracle Identity Management Patch Manager Commands
Command | Description |
---|---|
apply |
Starts a patch session where selected patches will be deployed. |
rollback |
Starts a patch session where selected patches will be removed. |
abort |
Ends a patch session without completing all planned steps. |
progress |
Displays the status for an ongoing patch session. |
To view additional information for any idmpatchmgr
command, use the following syntax:
(UNIX) $IDM_LCM_TOP/patch/bin
/idmpatchmgr.sh command -help
(Windows) $IDM_LCM_TOP\patch\bin
\idmpatchmgr.bat command -help
To display basic help for the idmpatchmgr
command, enter idmpatchmgr
with no options.
Note: In command syntax examples, the brackets ([]) indicate that the value inside the brackets is optional.
You can create a patch plan which contains instructions for applying patches to an Oracle Identity Management environment by running the idmpatchmgr apply
command. This plan can be executed by running the Oracle Identity Management Patcher tool.
Note:
You must run the Oracle Identity Management Patch Manager on the primordial host to create the patch plan.
Syntax
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatchmgr.sh apply -patchtop
patch_top
(Windows): $IDM_LCM_TOP\patch\bin\idmpatchmgr.bat apply -patchtop
patch_top
Oracle Identity Management Patch Manager performs the following tasks to create the patch plan:
The apply
command validates the given patch top location and validates the existence of the patch session with ACTIVE
or FAILED
status.
If no patch session exists, the patch scanner is internally invoked to validate and generate a composite bundle patch from the provided patch top. This bundle patch is internally used in the plan generation. The composite bundle patch is created in the location: $LCM_CONFIG/patch/patches
.
A patch plan is generated with instructions for applying patches using the topology store information and composite bundle patch.
The apply
command generates the patch plan in the following location in HTML and plain text formats:
$LCM_CONFIG/patch/status/
current-sessionID/manager/
log/PatchInstructions.html
$LCM_CONFIG/patch/status/
current-sessionID/manager/
log/PatchInstructions.text
The patch plan in HTML and plain text formats provides useful information regarding the Oracle Identity Management environment, commands executed by the Oracle Identity Management Patcher, total number of steps, steps that require downtime and so on. This enables you to better understand the Oracle Identity Management patching framework execution flow.
At the time of plan generation, a new patch session is created in ACTIVE
status, with all steps with status PLANNED
. The patch session is stored in the $LCM_CONFIG/patch/session/session
file. The step information is stored in the $LCM_CONFIG/patch/session/step
file.
The log files are generated in the following locations:
Before the session is created:
$LCM_CONFIG/patch/status/log/idmpatchmgr.log
After the session is created:
$LCM_CONFIG/patch/status/
currentSessionID/
manager/log/idmpatchmgr-session.log
Options
Table 6-5 lists the options available for the apply
command.
You run Oracle Identity Management Patcher by using the command line utility, idmpatch
, located in the $IDM_LCM_TOP/patch/bin
directory ($IDM_LCM_TOP\patch\bin
for Windows). Its shell script sets the environment and calls the utility. For UNIX, the shell script is idmpatch.sh
and for Windows, it is idmpatch.bat
.The following command shows the basic syntax for the idmpatch
utility:
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatch.sh run
(Windows) $IDM_LCM_TOP/patch/bin/idmpatch.bat run
Note: You can use the prereq
option to run only the pre-requisites. This will not stop and start the services or apply and rollback patches.
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatch.sh run
-prereq
(Windows) $IDM_LCM_TOP/patch/bin/idmpatch.bat run
-prereq
The Oracle Identity Management Patcher run
command performs the following tasks:
The Oracle Identity Management Patcher run
command validates the existence of a patch session and the availability of one or more steps with status PLANNED
for the host where the tool is running.
If there are one or more steps with status PLANNED
for any other host prior to the above steps, then the Oracle Identity Management Patcher reports that the execution is not possible until execution is complete for the other host.
It creates the following log file named status
with the details:
$LCM_CONFIG/patch/status/
currentSessionID/
hosts/
currentHostName/status
When the Oracle Identity Management Patcher starts executing the patching steps, the status log file is updated with key =
step-id and value = RUNNING
. After setting the status, it extracts the command from the execution step and invokes the command using the step executor. On successful execution of the command, the status log file will be updated with key =
step-id and value = COMPLETED
. The execution continues to the next step from the execution plan for the current host.
If there are no steps to be executed for the current host, it halts the execution and updates the administrator on the next steps to be executed.
The run
command also updates the session status. The next time you use the run
command, the Oracle Identity Management Patch Manager will display the results.
On failure, the status log file will be updated with key =
step-id and value = FAILED
and execution is stopped.
The run
command generates log files in the following locations:
Before the session is created:
$LCM_CONFIG/patch/status/log/idmpatchmgr.log
$LCM_CONFIG/patch/status/log/idmpatch.log
After the session is created:
$LCM_CONFIG/patch/status/
currentSessionID/manager/
log/idmpatchmgr-session.log
$LCM_CONFIG/patch/status/
currentSessionID/
hosts/
hostname/log/idmpatch-session.log
The Oracle Identity Management patching framework supports the application of post patch artifact changes, such as adding an entry within a configuration properties file, or invoking a product MBean. Such changes are optional, and most patches do not include them.
For patches which include them, the Oracle Identity Management Patcher automatically executes the changes after all binary patch application for a single product is completed.
For example, if three patches [1, 2, 3] are applied to Oracle Access Manager within a patch session, and 1 contains an artifact change, the order of operations is [binary 1, binary 2, binary 3, artifact 1].
The post patch artifact changes require additional Perl libraries to perform certain actions such as connecting to the database and executing sql queries. Ensure that DB.pm
is available in the Perl library.
If Perl is not found, set the Perl library location in the $PATH
environment variable using the command and path to DB.pm
as applicable for your deployment. For example:
export PATH=/usr/lib/perl5/5.14:$PATH
Set the ANT_HOME
environment variable in env.properties
or as an environment variable.
The output of the artifact installation is written to the following log file:
$LCM_CONFIG/patch/status/
currentSessionID/
hostname
hosts//log/<patch-id>-artifact.log
If there is any other log file provided in the subroutine as a part of the automation logic, the logs will also be created in the specified location.
The Oracle Identity Management patching framework supports the following scenarios for applying patches:
Post-installation patches are installed immediately after the install phase of provisioning. The Oracle Identity Management Provisioning Wizard invokes the Oracle Identity Management patching framework for installing the post installation patches using additional options. These are applicable only to patching during provisioning.
For example, patches are applied before any server instances are configured, so the Oracle Identity Management Provisioning Wizard is able to bypass the server stop and start steps. Such options are not supported for ongoing patching in this release.
Ongoing patches are applied by the administrator to running, in-production deployment environment. These may be one-off patches addressing a given bug(s) or security issue(s) or "bundle patches" released for Oracle Identity Management products regularly.
The patch plan is generated by the Oracle Identity Management Patch Manager using the command:
./idmpatchmgr.sh apply -patchtop
patchtop location
Then the Oracle Identity Management Patcher is run on the appropriate host using the following command:
./idmpatch.sh run
Error messages are displayed if you run the Oracle Identity Management Patcher on the wrong host.
You can deploy Web tier hosts within a DMZ. For this type of setup, a shared network location accessible to both the primordial host and the DMZ hosts, where the $LCM_CONFIG
directory exists, may not be available.
In this specific case, use the following procedure for running the Oracle Identity Management patching framework on DMZ hosts:
Note:
Only Web tier server instances can be run from the DMZ host. Running and patching other servers is NOT supported.
Generate the patch plan using the Oracle Identity Management Patch Manager apply
command on the primordial host.
Run the Oracle Identity Management Patcher on the non-DMZ hosts using the run
command.
Before running the Oracle Identity Management Patcher on the DMZ host, run the Oracle Identity Management Patch Manager progress
command to generate the patch bundle containing the latest session information for the DMZ hosts.
After you run the progress
command, a patch bundle is generated under $LCM_CONFIG/patch/status/
session id/hosts/
dmz host name/patchbundle.zip
. The patchbundle.zip
file contains the latest session information for executing the Oracle Identity Management Patcher on the DMZ host.
Copy patchbundle.zip
to the DMZ host.
On the DMZ host, extract the zip file under the PARENT directory of $LCM_CONFIG
.
Run the Oracle Identity Management Patcher on the DMZ host using the run
command.
After running the Oracle Identity Management Patcher, copy the status file on the DMZ host from $LCM_CONFIG/patch/status/hosts/
dmz hostname/status
to the primordial host $LCM_CONFIG/patch/status/hosts/
dmz hostname/status
.
Continue running the Oracle Identity Management Patcher on the appropriate host using the run
command.
The following section describes how to monitor and troubleshoot the Oracle Identity Management patch sessions.
The Oracle Identity Management Patch Manager progress
command validates the existence of the patch session and displays the report with the required patch execution steps.
Syntax
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatchmgr.sh progress
(Windows) $IDM_LCM_TOP/patch/bin/idmpatchmgr.bat progress
The Oracle Identity Management Patch Manager progress
command performs the following tasks:
The patch session status is printed on the console and log files.
The Oracle Identity Management Patch Manager gets the current session ID from the $LCM_CONFIG/patch/session/session
file.
If there is an existing valid session, it scans through the list of Oracle Identity Management Patcher status files for that session under:
$LCM_CONFIG/patch/status/
currentSessionID/
hosts/
hostname/status/status
and updates the patch session status accordingly.
Table 6-7 describes the patch step status values and Table 6-8 describes the patch session status values.
Options
Table 6-6 lists the options available for the progress
command.
Table 6-6 progress Command Options
Option | Description | Mandatory |
---|---|---|
|
Displays detailed status information for all tasks in the currently executing phase. |
No |
|
Displays detailed status information for all tasks. |
No |
Status
Table 6-7 describes the patch step status values.
Table 6-7 Patch Step Status
State | Description |
---|---|
|
The step has not been executed by the Oracle Identity Management Patcher. |
|
The step is currently being executed by the Oracle Identity Management Patcher |
|
The step execution failed. |
|
The step execution completed successfully. |
Table 6-8 describes the patch session status values.
Table 6-8 Patch Session Status
State | Description |
---|---|
|
In-progress state. |
|
Halted state in response to a step failing execution. |
|
Halted state in response to the administrator issuing an abort command. |
|
Terminal state where all steps are executed. |
|
Terminal state if a session is aborted, either in response to a step execution failure or otherwise. |
If your patch session is in a HALTED
state due to a failed execution step, you can use the retry
command to run the session after you resolve the issue that caused the failure. Use the retry
command, as shown in the following example:
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatch.sh retry
(Windows) $IDM_LCM_TOP/patch/bin/idmpatch.bat retry
Note: You can use the prereq
option to run only the pre-requisites. This will not stop and start the services or apply and rollback patches.
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatch.sh retry
-prereq
(Windows) $IDM_LCM_TOP/patch/bin/idmpatch.bat retry
-prereq
The Oracle Identity Management Patcher retry
command performs the following tasks:
The Oracle Identity Management Patcher retry
command validates the existence of the patch session with execution step in FAILED
or RUNNING
state for the host where the tool is running. The retry
command identifies the step which is in FAILED
status and starts the patching execution flow from the point of failure.
It validates the existence of the status
file under the
$LCM_CONFIG/patch/status/
currentSessionID/
hosts/
currentHostName/status
folder.
It updates the status log file with key =
step-id and value = RUNNING
and starts the step execution using the step executor. After setting the status it extracts the command from the execution step and invokes the command using the step executor. On successful execution of the command, the status log file will be updated with key =
step-id and value = COMPLETED
. The execution then continues to the next step from the execution plan.
If there are no steps to be executed for the current host, it halts the execution by sending an update to the administrator regarding the further steps to be executed.
The retry
command also updates the session status. The Oracle Identity Management Patch Manager is immediately notified of the results.
However, only in case of a DMZ host, you should copy the status file to the primordial host to notify the DMZ host status to the Oracle Identity Management Patch Manager.
On failure, the status log file will be updated with key = step-id
and value = FAILED
and the execution is halted.
The retry
command generates log files in the following locations:
Before the session is created:
$LCM_CONFIG/patch/status/log/idmpatchmgr.log
$LCM_CONFIG/patch/status/log/idmpatch.log
After the session is created:
$LCM_CONFIG/patch/status/
currentSessionID/
manager/log/idmpatchmgr-session.log
$LCM_CONFIG/patch/status/
currentSessionID/hosts/
hostname/log/idmpatch-session.log
You rollback patches by running the idmpatchmgr.sh rollback
command. The Oracle Identity Management Patch Manager rollback
command validates the given
patch top location and validates the existence of the patch session with the status ACTIVE
or FAILED
.
Note:
A new patching session cannot be created until the existing session is completed or aborted.
Syntax
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatchmgr.sh rollback -patchtop
patch_top
(Windows) $IDM_LCM_TOP/patch/bin/idmpatchmgr.bat rollback -patchtop
patch_top
The Oracle Identity Management Patch Manager rollback
command performs the following tasks:
The rollback
command validates the given patch top location and the existence of the patch session with ACTIVE
or FAILED
status.
If no patch session exists, the patch scanner is internally invoked to validate and generate composite bundle patch from the provided patch top. This bundle patch is internally used to generate the patch plan. The composite bundle patch is created in the location: $LCM_CONFIG/patch/patches
.
If the rollback
command is repeated or if the status of the patch session is ACTIVE
or FAILED
, the Oracle Identity Management Patch Manager displays an error message stating that it cannot execute the rollback
command, since an active or failed patch session already exists. The current session output is displayed.
A patch plan is generated with instructions for rolling back patches using the topology store information and composite bundle patch.
The rollback
command generates the patch plan in the following location in html and text formats:
$LCM_CONFIG/patch/status/
current-sessionID/manager
/log/PatchInstructions.html
$LCM_CONFIG/patch/status/
current-sessionID/manager
/log/PatchInstructions.text
On successful patch plan generation, the Oracle Identity Management Patch Manager starts a new patch session with ACTIVE
status and adds the execution step state for each host as a child to the patch session with status PLANNED
.
The patch session is stored in the $LCM_CONFIG/patch/session/session
file. The steps information is stored in the $LCM_CONFIG/patch/session/step file.
The rollback command generates log files in the following locations:
Before the session is created:
$LCM_CONFIG/patch/status/log/idmpatchmgr.log
$LCM_CONFIG/patch/status/log/idmpatch.log
After the session is created:
$LCM_CONFIG/patch/status/
currentSessionID/
manager/log/idmpatchmgr-session.log
$LCM_CONFIG/patch/status/
currentSessionID/hosts
/hostname/log/idmpatch-session.log
You can cancel a patch session by running the abort
command. It validates the existence of the patch session with status of ACTIVE
/FAILED
/ABORTING
. It changes the status of the patch session to INCOMPLETE
and halts the execution.
Syntax
(UNIX) $IDM_LCM_TOP/patch/bin/idmpatchmgr.sh abort
(Windows) $IDM_LCM_TOP/patch/bin/idmpatchmgr.bat abort
The Oracle Identity Management Patch Manager abort
command performs the following tasks:
The abort
command is a hard abort and you have to manually restore the product where the failure occurred. Depending on factors like your change control requirements and backup strategy you can choose to:
remove all traces of the patch session, by reverting all products.
OR
continue running any products for which patches were successfully applied.
The progress
command will display the session status as INCOMPLETE
.
If you execute the apply
or rollback
command after the abort
command, it starts a new session since the session status is INCOMPLETE
.
To completely delete session information, you can run the abort
command twice or you can start a new session by using the apply
or rollback
command.
For more information about general troubleshooting scenarios for the Oracle Identity Management patching framework, see "Chapter 7, Troubleshooting Identity Management Provisioning" in the Oracle Fusion Middleware Administrator's Guide for Identity Management Provisioning (Oracle Fusion Applications Edition).