This chapter lists the upgrade tasks that need to be performed as part of the automated upgrade process.
Note:
This chapter contains the upgrade tasks that are common to different automated upgrade scenarios. Do not perform all of the tasks described in this chapter.For the list of supported automated upgrade scenarios and the documentation roadmap, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".
This chapter includes the following topics:
Section 6.2, "Reviewing System Requirements and Certifications"
Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade"
Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script"
Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script"
Section 6.12, "Stopping All Servers Using stopall.sh Script"
Table 6-1 lists the variables used in this chapter.
Table 6-1 Variables Used in This Chapter and Their Descriptions
Variable | Description |
---|---|
|
This is the location where you copied the upgrade tool |
|
This is the host on which Oracle Access Manager is installed. |
|
This is the host on which Oracle Identity Manager is installed. |
|
This is the host on which Oracle HTTP Server is installed. |
|
This is the host on which Oracle Unified Directory is installed. |
Before performing any installation, upgrade, or migration, you should read the system requirements and certification documents to ensure that your environment meets the minimum requirements for the products you are installing or upgrading to.
Oracle Fusion Middleware System Requirements and Specifications
This document contains information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches.
Oracle Fusion Middleware Supported System Configurations
This document contains information related to supported installation types, platforms, operating systems, databases, JDK, and third-party products.
For interoperability and compatibility issues that may arise when installing, refer to Oracle Fusion Middleware Interoperability and Compatibility Guide.
This document contains important information regarding the ability of Oracle Fusion Middleware products to function with previous versions of other Oracle Fusion Middleware, Oracle, or third-party products. This information is applicable to both new Oracle Fusion Middleware users and existing users who are upgrading their existing environment.
Backup the Database and the file system before you start with the upgrade process. In case of any failure during upgrade, you can restore your environment by restoring the Database and file system that you backed up.
For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.
This section lists the environment variables that you must set before you proceed with the upgrade.
Table 6-2 lists the environment variables to be set. Depending on the platform you are using and the upgrade scenario, set the required environment variables using the command described in the column "Command to be Used".
Table 6-2 Environment Variables to be Set
Variable | Applicable for Platforms | Description | Command to be Used |
---|---|---|---|
|
All platforms |
Specify the absolute path to the JDK location. |
On OAM/OIM/OHS nodes:
|
|
AIX |
Specify the absolute path to the directories where Sybase IQ shared libraries are located. |
On OAM/OIM/OUD/OHS nodes:
|
|
Solaris.Sparc64 Solaris.x64 HPUX.IA64 |
Specify the absolute path to the directories where Sybase IQ shared libraries are located. |
On OAM/OIM/OUD/OHS nodes: On Solaris.Sparc64, run the following commands:
On Solaris.x64, run the following commands:
On HPUX.IA64, run the following commands:
|
|
All platforms |
Specify the perl location. |
On OAM/OIM/OHS nodes:
In the above command, |
|
All platforms |
Set the |
On OAM/OIM/OHS nodes:
In the above command, |
|
AIX |
Set the |
On OHS node:
|
Make sure that the /etc/hosts
file contains both canonical host name (fully qualified host name) along with the host name entry. To verify this, run the following command:
more /etc/hosts
The following is the sample output of this command:
192.0.2.1 myhost.example.com myhost
If the /etc/hosts
file does not contain fully qualified host names, then add the host names, and reboot the system or restart the network system. For example, /etc/rc.d/init.d/network restart
.
You must download the upgrade tool and copy it to any location on the host where you will be performing the upgrade. To do this, complete the following steps:
Download the automated upgrade tool from Oracle Technology Network (OTN). The upgrade tool is available in a zip file named idmUpgrade.zip
as part of the Oracle Identity and Access Management 11.1.2.3.0 shiphome. For information about obtaining 11g Release 2 (11.1.2.3.0) software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
Copy the upgrade tool to any location on the host where you will be performing the upgrade. This location is referred to as SCRIPT_FILE_LOCATION
in this document.
Extract the contents of the idmUpgrade.zip
file by running the following command:
cd
SCRIPT_FILE_LOCATION
;unzip -q idmUpgrade.zip
This command creates a new folder named r2ps3
which contains the script file.
Note:
The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:You must update the upgrade.properties
file located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
with the values for the properties required for your upgrade scenario. The upgrade script uses the values that you specify in this properties file.
To update the upgrade.properties
file, complete the following steps:
Open the upgrade.properties
file located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
, in a text editor.
Set the values for the properties required for your upgrade.
Table 6-3 lists all the properties present in the upgrade.properties
file, their description, default values, and information about when to use this property.
Table 6-3 Properties to be Updated in the upgrade.properties File
Property | Description | When Upgrading | Sample Value |
---|---|---|---|
|
This is the location where logs files are created. |
|
|
|
This is the location where An Oracle wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys.
|
|
|
|
This is the location of The |
|
|
|
This is the location where IDM Start, Stop scripts are present. |
|
|
|
This is the location where IDM LCM library files are present. The IDM LCM library files are used to parse The location of the IDM LCM library files is |
|
|
|
This is the location of the Java home. |
|
|
|
This is the Database |
|
|
|
This is the location where you downloaded Patch Conflict Manager. |
|
|
|
This is the username of the OAM administrator. |
|
|
|
This is the password of the OAM administrator. |
|
|
|
Specify the LDAP Admin user. |
|
|
|
Specify the LDAP Admin password. |
|
|
|
Specify the ID store administrator password. |
|
|
|
Specify the username of the Oracle Adaptive Access Manager administrator. |
|
|
|
Specify the Oracle Adaptive Access Manager administrator password. |
|
|
|
This is the plain port of Oracle BI Publisher. |
|
|
|
This is the SSL port of Oracle BI Publisher. |
|
|
|
Specify the port for Oracle Access Management Policy Manager Managed Server. |
|
|
To perform the pre-validation checks, run the following command from the location SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/
:
perl preValidate.pl -node=
node
-prop=
location_of_upgrade.properties
In this command,
node
refers to the component for which you running this script. Specify one of the following values depending on the component you are upgrading:
WEBTIER
: Specify this value for the -node
argument if you are running the preValidate.pl
script for performing pre-validation checks for Oracle HTTP Server.
DIRECTORY
: Specify this value for the -node
argument if you are running the preValidate.pl
script for performing pre-validation checks for Oracle Unified Directory.
OIM
: Specify this value for the -node
argument if you are running the preValidate.pl
script for performing pre-validation checks for Oracle Identity Manager.
OAM
: Specify this value for the -node
argument if you are running the preValidate.pl
script or performing pre-validation checks for Oracle Access Manager.
location_of_upgrade.properties
refers to the absolute path to the upgrade.properties file. upgrade.properties file is located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
.
The preValidate.pl
script performs a set of pre-validation checks. If any validation fails, you must check the logs generated at the location that you specified for LOG_DIR
property in the upgrade.properties
file.
To verify that the pre-validation checks were performed successfully, check for the following SUCCESS
string in the log file:
SUCCESS: All upgrade properties passed during preValidation process.
If you find the following ERROR
string in the log file, it implies that the pre-validation checks were failed. You must investigate the failed plugins, resolve the issue, and re-run the pre-validation checks.
ERROR: SOME PREVALIDATE TESTS FAILED
If you are upgrading Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.
Note:
If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.To create the database schemas using RCU, perform the following tasks:
Download the Repository Creation Utility 11.1.2.3.0. For information about obtaining Repository Creation Utility, see "Obtaining RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Start the Repository Creation Utility 11.1.2.3.0 from the location where you downloaded it. For information about starting Repository Creation Utility, see "Starting RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Create the necessary schemas using Repository Creation Utility. For information about creating schemas, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.
Note:
Select only BIPLATFORM schema on the Select Components (for Create Operation) screen.The script idmUpgrade.pl
can be used to upgrade both binaries and configurations. The value specified for the argument -mode
while running the script determines if the script is run to upgrade binaries or configuration.
To upgrade Oracle Identity and Access Management binaries or configurations or both, run the following command from the location SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/
:
perl idmUpgrade.pl -node=
node
-repoLocs=
repo_location
-props=
location_of_upgrade.properties
-mode=
mode
In this command,
node
refers to the component for which binary and/or configuration upgrade is performed. Specify one of the following values depending on the component you are upgrading:
WEBTIER
: Specify this value for the -node
argument if you are running the idmUpgrade.pl
script for Oracle HTTP Server.
DIRECTORY
: Specify this value for the -node
argument if you are running the idmUpgrade.pl
script for Oracle Unified Directory.
OIM
: Specify this value for the -node
argument if you are running the idmUpgrade.pl
script for Oracle Identity Manager.
OAM
: Specify this value for the -node
argument if you are upgrading running the idmUpgrade.pl
script for Oracle Access Manager.
repo_location
refers to the absolute path to 11.1.2.3.0 repository location. You can pass a maximum of two repository locations in the command line argument, separated by comma. For example, repo and post-repo locations.
location_of_upgrade.properties
refers to the absolute path to the upgrade.properties
file. upgrade.properties
file is located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
.
mode
refers to the type of upgrade you want to perform.
For binary upgrade, specify binary
as the value for the -mode
argument.
For configuration upgrade, specify config
as the value for the -mode
argument.
For performing both binary and configuration upgrade, specify both
as the value for the -mode
argument. This can be used in case of single node upgrade. If you specify both
as the value for the -mode
argument, the upgrade script performs binary upgrade first followed by the configuration upgrade.
If you do not specify any value for the argument -mode
, the value will be taken as both
, and the script will upgrade the binaries first followed by the configuration.
After you perform binary upgrade and configurations, you must perform the post-validation checks by running the following command:
perl postValidate.pl -node=
node
-prop=
location_of_upgrade.properties
In this command,
node
refers to the component for which the post-validation checks are performed. Specify one of the following values depending on the component you are upgrading:
WEBTIER
: Specify this value for the -node
argument if you are running the postValidate.pl
script to perform post-validation checks for Oracle HTTP Server.
DIRECTORY
: Specify this value for the -node
argument if you are running the postValidate.pl
script to perform post-validation checks for Oracle Unified Directory.
OIM
: Specify this value for the -node
argument if you are running the postValidate.pl
script to perform post-validation checks for Oracle Identity Manager.
OAM
: Specify this value for the -node
argument if you are running the postValidate.pl
script to perform post-validation checks for Oracle Access Manager.
location_of_upgrade.properties
refers to the absolute path to the upgrade.properties
file. upgrade.properties
file is located at SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/upgrade.properties
.
The postValidate.pl
script performs a set of post-validation checks. If any validation fails, you must check the logs generated at the location that you specified for LOG_DIR
property in the upgrade.properties
file.
To verify that the post-validation checks were performed successfully, check for the following SUCCESS
string in the log file:
SUCCESS: All upgrade properties passed during postValidation process.
If you find the following ERROR
string in the log file, it implies that the post-validation checks were failed. You must investigate the failed plugins, resolve the issue, and re-run the post-validation checks.
ERROR: SOME POSTVALIDATE TESTS FAILED
You can use the script stopall.sh
located at SHARED_CONFIG_DIR
/config/scripts
directory to stop all of the servers in the environment. The script stops the components which are installed on a given host in the following order. What is stopped depends on what is installed on the host on which the script is running:
Oracle HTTP Server
Oracle Access Manager Managed Server(s)
Oracle Identity Manager Managed Server(s)
Oracle SOA Suite Managed Server(s)
WebLogic Administration Server
Node Manager
Oracle Unified Directory
To stop all of the servers on a host, run the following command from the location SHARED_CONFIG_DIR
/config/scripts
:
./stopall.sh
Specify the WebLogic and Node Manager administrator passwords when prompted.
This section describes the post-upgrade tasks. You must perform only those tasks that are applicable to your upgrade scenario.
This section contains the following topics:
If you upgraded OIM-OAM Integrated with Oracle Unified Directory (OUD) topology that has Oracle Adaptive Access Manager (OAAM) configured, you must add the following JAVA system property to the IAMAccessDomain
/bin/setDomainEnv.sh
script:
-Djava.security.auth.login.config=${ORACLE_HOME}/designconsole/config/authwl.conf
After you update the JAVA system property in the setDomainEnv.sh
file, restart the OAAM Managed Server (for example, wls_oaam1
).
This section describes the some of the common issues that you might encounter during the upgrade process, and their workaround. This section includes the following topics:
IDM URL Access Issues When Performing Pre-Validation and Post-Validation Checks on HP-UX Itanium
Autologin to OIM Console Fails After Resetting User Password Post OIM/OAM Isolated Upgrade on AIX
Perl Undefined Symbol Error While Running preValidate.pl Script
/xmlpserver and /access URLs not Accessible via OHS Port After Isolated Upgrade
When you perform pre-validation and post-validation checks on HP-UX Itanium by running the preValidate.pl and postValidate.pl scripts respectively, you might encounter failures related to "Checking Web Pages" during IDM urls access checks in Access Manager or Oracle Identity Manager domains. Ignore these messages.
The workaround for this issue is to manually check and confirm the IDM URLs accessibility from the browser.
After you perform OIM or OAM isolated upgrade on AIX, autologin to OIM console fails with the following system error message:
System error. Please re-try your action.If you continue to get this error, please contact the Administrator.
The workaround for this issue is to use the new user credentials to log in to the OIM console.
If your perl version is 5.10.1, the following error is seen when you run the preValidate.pl script to perform pre-validation checks:
Checking webpage $OAM_ADMIN_LBRURL/console Making request to http://host.example.com:port/console... perl: symbol lookup error: /upgrade_script/r2ps3/idmUpgrade/auto/Crypt/SSLeay/SSLeay.so: undefined symbol: Perl_Tstack_sp_ptr
The workaround for this issue is to delete the SSLeay.so
file from the directory SCRIPT_FILE_LOCATION
/r2ps3/idmUpgrade/auto/Crypt/SSLeay/
before you run the automated upgrade script.
After you perform isolated upgrade, that is, upgrading Oracle Identity Manager only or Oracle Access Management only in an environment that is deployed using the Life Cycle Management (LCM) tools, the following URLs are not accessible via Oracle HTTP Server port:
http://
host
:
port
/xmlpserver
http://
host
:
port
/access
The workaround for this issue is as follows:
If you have upgraded Oracle Identity Manager only, add the following lines to the OHS_INSTANCE_HOME
/moduleconf/idm.conf
file, to resolve this issue:
# Oracle BIP console <Location /xmlpserver> SetHandler weblogic-handler WLCookieName JSESSIONID WebLogicHost host.example.com WebLogicPort wls_port WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" </Location>
If you have upgraded Oracle Access Management only, add the following lines to the OHS_INSTANCE_HOME
/moduleconf/idm.conf
file:
<Location /access> SetHandler weblogic-handler WebLogicHost host.example.com WebLogicPort wls_port WLCookieName OAMSESSIONID </Location>