6 Tasks Common to Various Automated Upgrade Scenarios

This chapter lists the upgrade tasks that need to be performed as part of the automated upgrade process.

Note:

This chapter contains the upgrade tasks that are common to different automated upgrade scenarios. Do not perform all of the tasks described in this chapter.

For the list of supported automated upgrade scenarios and the documentation roadmap, see Chapter 2, "Understanding the Oracle Identity and Access Management Automated Upgrade".

This chapter includes the following topics:

Section 6.1, "Variables Used in This Chapter"
Section 6.2, "Reviewing System Requirements and Certifications"
Section 6.3, "Backing up the Existing Environment"
Section 6.4, "Setting the Required Environment Variables Necessary for Upgrade"
Section 6.5, "Verifying Hostnames in the Hosts File"
Section 6.6, "Obtaining the Automated Upgrade Tool"
Section 6.7, "Updating the upgrade.properties File"
Section 6.8, "Performing Pre-Validation Checks Using preValidate.pl Script"
Section 6.9, "Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms"
Section 6.10, "Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script"
Section 6.11, "Performing Post-Validation Checks Using postValidate.pl Script"
Section 6.12, "Stopping All Servers Using stopall.sh Script"
Section 6.13, "Post-Upgrade Tasks"
Section 6.14, "Troubleshooting"

6.1 Variables Used in This Chapter

Table 6-1 lists the variables used in this chapter.

Table 6-1 Variables Used in This Chapter and Their Descriptions

Variable	Description
`SCRIPT_FILE_LOCATION`	This is the location where you copied the upgrade tool `idmUpgrade.zip`, and extracted the files.
`OAMHOST` `OAMHOST1` `OAMHOST2`	This is the host on which Oracle Access Manager is installed.
`OIMHOST` `OIMHOST1` `OIMHOST2`	This is the host on which Oracle Identity Manager is installed.
`WEBHOST` `WEBHOST1` `WEBHOST2`	This is the host on which Oracle HTTP Server is installed.
`LDAPHOST` `LDAPHOST1` `LDAPHOST2`	This is the host on which Oracle Unified Directory is installed.

6.2 Reviewing System Requirements and Certifications

Before performing any installation, upgrade, or migration, you should read the system requirements and certification documents to ensure that your environment meets the minimum requirements for the products you are installing or upgrading to.

Oracle Fusion Middleware System Requirements and Specifications

This document contains information related to hardware and software requirements, minimum disk space and memory requirements, and required system libraries, packages, or patches.
Oracle Fusion Middleware Supported System Configurations

This document contains information related to supported installation types, platforms, operating systems, databases, JDK, and third-party products.
For interoperability and compatibility issues that may arise when installing, refer to Oracle Fusion Middleware Interoperability and Compatibility Guide.

This document contains important information regarding the ability of Oracle Fusion Middleware products to function with previous versions of other Oracle Fusion Middleware, Oracle, or third-party products. This information is applicable to both new Oracle Fusion Middleware users and existing users who are upgrading their existing environment.

6.3 Backing up the Existing Environment

Backup the Database and the file system before you start with the upgrade process. In case of any failure during upgrade, you can restore your environment by restoring the Database and file system that you backed up.

For more information about backing up schemas, see Oracle Database Backup and Recovery User's Guide.

6.4 Setting the Required Environment Variables Necessary for Upgrade

This section lists the environment variables that you must set before you proceed with the upgrade.

Table 6-2 lists the environment variables to be set. Depending on the platform you are using and the upgrade scenario, set the required environment variables using the command described in the column "Command to be Used".

Table 6-2 Environment Variables to be Set

Variable	Applicable for Platforms	Description	Command to be Used
`JAVA_HOME`	All platforms	Specify the absolute path to the JDK location.	On OAM/OIM/OHS nodes: `JAVA_HOME=MW_HOME/jdk6` `export JAVA_HOME`
`LIBPATH`	AIX	Specify the absolute path to the directories where Sybase IQ shared libraries are located.	On OAM/OIM/OUD/OHS nodes: `LIBPATH=IDM_UPGRADE_HOME/lib:REPOS_HOME/perl/lib/site_perl/5.10.0/aix-thread-multi-64all/auto/XML/Parser/Expat` `export LIBPATH`
`LD_LIBRARY_PATH`	Solaris.Sparc64 Solaris.x64 HPUX.IA64	Specify the absolute path to the directories where Sybase IQ shared libraries are located.	On OAM/OIM/OUD/OHS nodes: On Solaris.Sparc64, run the following commands: `LD_LIBRARY_PATH=IDM_UPGRADE_HOME/lib:REPOS_HOME/perl/lib/site_perl/5.10.0/sun4-solaris-thread-multi-64/auto/XML/Parser/Expat` `export LD_LIBRARY_PATH` On Solaris.x64, run the following commands: `LD_LIBRARY_PATH=IDM_UPGRADE_HOME/lib:REPOS_HOME/perl/lib/site_perl/5.10.0/i86pc-solaris-thread-multi-64/auto/XML/Parser/Expat` `export LD_LIBRARY_PATH` On HPUX.IA64, run the following commands: `LD_LIBRARY_PATH=IDM_UPGRADE_HOME/lib:REPOSI_HOME/perl/lib/site_perl/5.10.0/IA64.ARCHREV_0-thread-multi-LP64/auto/XML/Parser/Expat` `export LD_LIBRARY_PATH`
`PERL5LIB`	All platforms	Specify the perl location.	On OAM/OIM/OHS nodes: `PERL5LIB=REPOS_HOME/perl/lib/site_perl/5.10.0:REPOS_HOME/perl/lib/5.10.0` `export PERL5LIB` In the above command, `REPOS_HOME` refers to the absolute path to 11.1.2.3.0 repository location.
`PATH`	All platforms	Set the `PATH` variable to point to `JAVA_HOME/bin` & `REPOS_HOME/perl/bin` to use the 64-bit perl version 5.10.0.	On OAM/OIM/OHS nodes: `PATH=JAVA_HOME/bin:REPOS_HOME/perl/bin:$PATH` `export PATH` In the above command, `REPOS_HOME` refers to the absolute path to 11.1.2.3.0 repository location.
`SKIP_ROOTPRE`	AIX	Set the `SKIP_ROOTPRE` environment variable to `TRUE` to ensure that the installer does not prompt you while performing checks.	On OHS node: `SKIP_ROOTPRE=TRUE` `export SKIP_ROOTPRE`

6.5 Verifying Hostnames in the Hosts File

Make sure that the /etc/hosts file contains both canonical host name (fully qualified host name) along with the host name entry. To verify this, run the following command:

more /etc/hosts

The following is the sample output of this command:

192.0.2.1 myhost.example.com myhost

If the /etc/hosts file does not contain fully qualified host names, then add the host names, and reboot the system or restart the network system. For example, /etc/rc.d/init.d/network restart.

6.6 Obtaining the Automated Upgrade Tool

You must download the upgrade tool and copy it to any location on the host where you will be performing the upgrade. To do this, complete the following steps:

Download the automated upgrade tool from Oracle Technology Network (OTN). The upgrade tool is available in a zip file named idmUpgrade.zip as part of the Oracle Identity and Access Management 11.1.2.3.0 shiphome. For information about obtaining 11g Release 2 (11.1.2.3.0) software, see Oracle Fusion Middleware Download, Installation, and Configuration ReadMe.
Copy the upgrade tool to any location on the host where you will be performing the upgrade. This location is referred to as SCRIPT_FILE_LOCATION in this document.
Extract the contents of the idmUpgrade.zip file by running the following command:

cd SCRIPT_FILE_LOCATION;unzip -q idmUpgrade.zip

This command creates a new folder named r2ps3 which contains the script file.

Note:

The instructions for performing an automated upgrade of Oracle Identity and Access Management to 11g Release 2 (11.1.2.3.0) assume you have applied the Oracle Identity and Access Management Automated Upgrade Tool Bundle Patch 2 (11.1.2.3.2). To download this patch, go to the following URL:

https://updates.oracle.com/download/21419345.html

6.7 Updating the upgrade.properties File

You must update the upgrade.properties file located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties with the values for the properties required for your upgrade scenario. The upgrade script uses the values that you specify in this properties file.

To update the upgrade.properties file, complete the following steps:

Open the upgrade.properties file located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties, in a text editor.

Set the values for the properties required for your upgrade.

Table 6-3 lists all the properties present in the upgrade.properties file, their description, default values, and information about when to use this property.

Table 6-3 Properties to be Updated in the upgrade.properties File

Property	Description	When Upgrading	Sample Value
`LOG_DIR`	This is the location where logs files are created.	OIM OAM OIM-OAM-OUD	`/IDM/BASEDIR/logs`
`WALLET_DIR`	This is the location where `cwallet.sso` file is created. An Oracle wallet is a container that stores your credentials, such as certificates, trusted certificates, certificate requests, and private keys. `cwallet.sso` is an auto-login wallet.	OIM OAM OIM-OAM-OUD	`/patchAutomation`
`LCMCONFIG_HOME`	This is the location of `topology.xml` which was created when the setup was deployed using the Deployment tool. The `topology.xml` file contains environment related properties. The `topology.xml` file is located at `LCMCONFIG_HOME/topology/topology.xml`.	OIM OAM OIM-OAM-OUD	`/IDMTOP/lcmdir/provisioning/phaseguards/lcmconfig`
`START_STOP_SCRIPT_WORKING_DIR`	This is the location where IDM Start, Stop scripts are present.	OIM OAM OIM-OAM-OUD	`/IDMTOP/config/scripts`
`IDMLCM_HOME`	This is the location where IDM LCM library files are present. The IDM LCM library files are used to parse `topology.xml` file. The location of the IDM LCM library files is `IDMLCM_HOME/common/lib`.	OIM OAM OIM-OAM-OUD	`/BASEDIR/idmlcm`
`JAVA_HOME`	This is the location of the Java home.	OIM OAM OIM-OAM-OUD	`/IDM/BASEDIR/jdk6`
`DB_SYS_PASSWORD`	This is the Database `sys` password.	OIM OAM OIM-OAM-OUD	`Password1`
`PATCHCONFLICT_TOOL_INSTALLER_LOC`	This is the location where you downloaded Patch Conflict Manager.	OIM OAM OIM-OAM-OUD	`/patchConflict_tool_installer/PCMv6`
`OAM_ADMIN_USER_NAME`	This is the username of the OAM administrator.	OAM OIM-OAM-OUD	`oamadmin`
`OAM_ADMIN_USER_NAME_PASSWORD`	This is the password of the OAM administrator.	OAM OIM-OAM-OUD	`Password1`
`LDAP_ADMIN_USER`	Specify the LDAP Admin user.	OAM OIM-OAM-OUD	`oudadmin`
`LDAP_ADMIN_PASSWORD`	Specify the LDAP Admin password.	OAM OIM-OAM-OUD	`password1`
`IDSTORE_ADMIN_PASSWD`	Specify the ID store administrator password.	OIM OAM OIM-OAM-OUD	`password1`
`OAAM_ADMIN_USER`	Specify the username of the Oracle Adaptive Access Manager administrator.	OAM OIM-OAM-OUD	`oaamadminuser`
`OAAM_ADMIN_PASSWORD`	Specify the Oracle Adaptive Access Manager administrator password.	OAM OIM-OAM-OUD	`password1`
`BIP_SERVER_PORT`	This is the plain port of Oracle BI Publisher.	OIM OIM-OAM-OUD	`9704`
`BIP_SERVER_SSL_PORT`	This is the SSL port of Oracle BI Publisher.	OIM OIM-OAM-OUD	`9804`
`POLICY_MGR_PORT`	Specify the port for Oracle Access Management Policy Manager Managed Server.	OAM OIM-OAM-OUD	`14150`

6.8 Performing Pre-Validation Checks Using preValidate.pl Script

To perform the pre-validation checks, run the following command from the location SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/:

perl preValidate.pl -node=node -prop=location_of_upgrade.properties

In this command,

node refers to the component for which you running this script. Specify one of the following values depending on the component you are upgrading:
- WEBTIER: Specify this value for the -node argument if you are running the preValidate.pl script for performing pre-validation checks for Oracle HTTP Server.
- DIRECTORY: Specify this value for the -node argument if you are running the preValidate.pl script for performing pre-validation checks for Oracle Unified Directory.
- OIM: Specify this value for the -node argument if you are running the preValidate.pl script for performing pre-validation checks for Oracle Identity Manager.
- OAM: Specify this value for the -node argument if you are running the preValidate.pl script or performing pre-validation checks for Oracle Access Manager.
location_of_upgrade.properties refers to the absolute path to the upgrade.properties file. upgrade.properties file is located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties.

The preValidate.pl script performs a set of pre-validation checks. If any validation fails, you must check the logs generated at the location that you specified for LOG_DIR property in the upgrade.properties file.

To verify that the pre-validation checks were performed successfully, check for the following SUCCESS string in the log file:

SUCCESS: All upgrade properties passed during preValidation process.

If you find the following ERROR string in the log file, it implies that the pre-validation checks were failed. You must investigate the failed plugins, resolve the issue, and re-run the pre-validation checks.

ERROR: SOME PREVALIDATE TESTS FAILED

6.9 Creating BIP Schema for Oracle Identity Manager Upgrade on Solaris, IBM AIX, and HP Itanium Platforms

If you are upgrading Oracle Identity Manager on platforms such as Solaris, IBM AIX, and HP Itanium using the automated upgrade tool, you must create the Oracle BI Publisher (BIPLATFORM) schema manually using the Repository Creation Utility (RCU) 11.1.2.3.0 from the machine that is running Linux or Windows operating system.

Note:

If you are upgrading Oracle Identity Manager on Linux, skip this step, as the automated upgrade tool creates the BIPLATFORM schema on Linux.

To create the database schemas using RCU, perform the following tasks:

Obtaining Repository Creation Utility
Starting Repository Creation Utility
Creating Schemas

6.9.1 Obtaining Repository Creation Utility

Download the Repository Creation Utility 11.1.2.3.0. For information about obtaining Repository Creation Utility, see "Obtaining RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.

6.9.2 Starting Repository Creation Utility

Start the Repository Creation Utility 11.1.2.3.0 from the location where you downloaded it. For information about starting Repository Creation Utility, see "Starting RCU" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.

6.9.3 Creating Schemas

Create the necessary schemas using Repository Creation Utility. For information about creating schemas, see "Creating Schemas" in the Oracle Fusion Middleware Repository Creation Utility User's Guide.

Note:

Select only BIPLATFORM schema on the Select Components (for Create Operation) screen.

6.10 Upgrading Oracle Identity and Access Management Binaries and Configuration Using idmUpgrade.pl script

The script idmUpgrade.pl can be used to upgrade both binaries and configurations. The value specified for the argument -mode while running the script determines if the script is run to upgrade binaries or configuration.

To upgrade Oracle Identity and Access Management binaries or configurations or both, run the following command from the location SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/:

perl idmUpgrade.pl -node=node -repoLocs=repo_location -props=location_of_upgrade.properties -mode=mode

In this command,

node refers to the component for which binary and/or configuration upgrade is performed. Specify one of the following values depending on the component you are upgrading:
- WEBTIER: Specify this value for the -node argument if you are running the idmUpgrade.pl script for Oracle HTTP Server.
- DIRECTORY: Specify this value for the -node argument if you are running the idmUpgrade.pl script for Oracle Unified Directory.
- OIM: Specify this value for the -node argument if you are running the idmUpgrade.pl script for Oracle Identity Manager.
- OAM: Specify this value for the -node argument if you are upgrading running the idmUpgrade.pl script for Oracle Access Manager.
repo_location refers to the absolute path to 11.1.2.3.0 repository location. You can pass a maximum of two repository locations in the command line argument, separated by comma. For example, repo and post-repo locations.
location_of_upgrade.properties refers to the absolute path to the upgrade.properties file. upgrade.properties file is located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties.
mode refers to the type of upgrade you want to perform.

For binary upgrade, specify binary as the value for the -mode argument.

For configuration upgrade, specify config as the value for the -mode argument.

For performing both binary and configuration upgrade, specify both as the value for the -mode argument. This can be used in case of single node upgrade. If you specify both as the value for the -mode argument, the upgrade script performs binary upgrade first followed by the configuration upgrade.

If you do not specify any value for the argument -mode, the value will be taken as both, and the script will upgrade the binaries first followed by the configuration.

6.11 Performing Post-Validation Checks Using postValidate.pl Script

After you perform binary upgrade and configurations, you must perform the post-validation checks by running the following command:

perl postValidate.pl -node=node -prop=location_of_upgrade.properties

In this command,

node refers to the component for which the post-validation checks are performed. Specify one of the following values depending on the component you are upgrading:
- WEBTIER: Specify this value for the -node argument if you are running the postValidate.pl script to perform post-validation checks for Oracle HTTP Server.
- DIRECTORY: Specify this value for the -node argument if you are running the postValidate.pl script to perform post-validation checks for Oracle Unified Directory.
- OIM: Specify this value for the -node argument if you are running the postValidate.pl script to perform post-validation checks for Oracle Identity Manager.
- OAM: Specify this value for the -node argument if you are running the postValidate.pl script to perform post-validation checks for Oracle Access Manager.
location_of_upgrade.properties refers to the absolute path to the upgrade.properties file. upgrade.properties file is located at SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/upgrade.properties.

The postValidate.pl script performs a set of post-validation checks. If any validation fails, you must check the logs generated at the location that you specified for LOG_DIR property in the upgrade.properties file.

To verify that the post-validation checks were performed successfully, check for the following SUCCESS string in the log file:

SUCCESS: All upgrade properties passed during postValidation process.

If you find the following ERROR string in the log file, it implies that the post-validation checks were failed. You must investigate the failed plugins, resolve the issue, and re-run the post-validation checks.

ERROR: SOME POSTVALIDATE TESTS FAILED

6.12 Stopping All Servers Using stopall.sh Script

You can use the script stopall.sh located at SHARED_CONFIG_DIR/config/scripts directory to stop all of the servers in the environment. The script stops the components which are installed on a given host in the following order. What is stopped depends on what is installed on the host on which the script is running:

Oracle HTTP Server
Oracle Access Manager Managed Server(s)
Oracle Identity Manager Managed Server(s)
Oracle SOA Suite Managed Server(s)
WebLogic Administration Server
Node Manager
Oracle Unified Directory

To stop all of the servers on a host, run the following command from the location SHARED_CONFIG_DIR/config/scripts:

./stopall.sh

Specify the WebLogic and Node Manager administrator passwords when prompted.

6.13 Post-Upgrade Tasks

This section describes the post-upgrade tasks. You must perform only those tasks that are applicable to your upgrade scenario.

This section contains the following topics:

Adding the Java System Property for Oracle Adaptive Access Manager

6.13.1 Adding the Java System Property for Oracle Adaptive Access Manager

If you upgraded OIM-OAM Integrated with Oracle Unified Directory (OUD) topology that has Oracle Adaptive Access Manager (OAAM) configured, you must add the following JAVA system property to the IAMAccessDomain/bin/setDomainEnv.sh script:

-Djava.security.auth.login.config=${ORACLE_HOME}/designconsole/config/authwl.conf

After you update the JAVA system property in the setDomainEnv.sh file, restart the OAAM Managed Server (for example, wls_oaam1).

6.14 Troubleshooting

This section describes the some of the common issues that you might encounter during the upgrade process, and their workaround. This section includes the following topics:

IDM URL Access Issues When Performing Pre-Validation and Post-Validation Checks on HP-UX Itanium
Autologin to OIM Console Fails After Resetting User Password Post OIM/OAM Isolated Upgrade on AIX
Perl Undefined Symbol Error While Running preValidate.pl Script
/xmlpserver and /access URLs not Accessible via OHS Port After Isolated Upgrade

6.14.1 IDM URL Access Issues When Performing Pre-Validation and Post-Validation Checks on HP-UX Itanium

When you perform pre-validation and post-validation checks on HP-UX Itanium by running the preValidate.pl and postValidate.pl scripts respectively, you might encounter failures related to "Checking Web Pages" during IDM urls access checks in Access Manager or Oracle Identity Manager domains. Ignore these messages.

The workaround for this issue is to manually check and confirm the IDM URLs accessibility from the browser.

6.14.2 Autologin to OIM Console Fails After Resetting User Password Post OIM/OAM Isolated Upgrade on AIX

After you perform OIM or OAM isolated upgrade on AIX, autologin to OIM console fails with the following system error message:

System error. Please re-try your action.If you continue to get this error, please contact the Administrator.

The workaround for this issue is to use the new user credentials to log in to the OIM console.

6.14.3 Perl Undefined Symbol Error While Running preValidate.pl Script

If your perl version is 5.10.1, the following error is seen when you run the preValidate.pl script to perform pre-validation checks:

Checking webpage $OAM_ADMIN_LBRURL/console 
Making request to http://host.example.com:port/console... 
perl: symbol lookup error: 
/upgrade_script/r2ps3/idmUpgrade/auto/Crypt/SSLeay/SSLeay.so:
undefined symbol: Perl_Tstack_sp_ptr

The workaround for this issue is to delete the SSLeay.so file from the directory SCRIPT_FILE_LOCATION/r2ps3/idmUpgrade/auto/Crypt/SSLeay/ before you run the automated upgrade script.

6.14.4 /xmlpserver and /access URLs not Accessible via OHS Port After Isolated Upgrade

After you perform isolated upgrade, that is, upgrading Oracle Identity Manager only or Oracle Access Management only in an environment that is deployed using the Life Cycle Management (LCM) tools, the following URLs are not accessible via Oracle HTTP Server port:

http://host:port/xmlpserver
http://host:port/access

The workaround for this issue is as follows:

If you have upgraded Oracle Identity Manager only, add the following lines to the OHS_INSTANCE_HOME/moduleconf/idm.conf file, to resolve this issue:

# Oracle BIP console 
  <Location /xmlpserver> 
    SetHandler weblogic-handler 
    WLCookieName JSESSIONID 
    WebLogicHost host.example.com 
      WebLogicPort wls_port 

    WLLogFile "${ORACLE_INSTANCE}/diagnostics/logs/mod_wl/oim_component.log" 
  </Location>

If you have upgraded Oracle Access Management only, add the following lines to the OHS_INSTANCE_HOME/moduleconf/idm.conf file:

<Location /access> 
      SetHandler weblogic-handler 
      WebLogicHost host.example.com 
      WebLogicPort wls_port 
      WLCookieName OAMSESSIONID 
   </Location>