Change the Database Schema Password Manually

To change the password for the database schemas used by your Oracle SOA Cloud Service instance manually, you must modify the configuration of both the database and your WebLogic Server domain.

For Oracle SOA Cloud Service instances provisioned in Oracle Cloud Infrastructure Classic:

• If the instance was created after November 2017 (release 18.2.5), you can use the Oracle SOA Cloud Service Console to change the database schema password. See Change the Database Schema Password Using the Oracle SOA Cloud Service Console.
• If the instance was created before November 2017 (release 18.2.5), you must use the manual steps provided here.

For Oracle SOA Cloud Service instances provisioned in Oracle Cloud Infrastructure, you must use the manual steps provided here.

The following summary shows the high-level tasks to perform. Detailed steps are below.

1. Update each infrastructure repository schema's password on the database deployment.

2. If the WebLogic Servers are running and the WebLogic Server Administration Console is accessible, change the password for all the corresponding data sources from the Weblogic Server Administration Console.

3. If the WebLogic Servers are not running and WebLogic Server console is inaccessible, manually change the passwords in the WebLogic Server configuration.

4. Update the bootstrap credentials using the WebLogic Scripting Tool (WLST).

5. Start the Administration Server with the Node Manager, and then start the Managed Servers.

To change the database schema password manually:

1. Update each repository schema's password on the database deployment.

    If the schema prefix is already known, go to Step b.

   1. Use the ssh command to connect to the Administration Server and get the value of the schema prefix.  

      ssh -i private_key opc@IP_address_of_admin_server_VM
      cat /u01/app/oracle/private/schemaPrefix

      The schema prefix value returned is similar to the following:

      SP255951777

   2. Log in to the database deployment node.

      ssh -i ssh_key opc@DB_vm_ip_address
      sudo su oracle

   3. Connect to the database deployment.

      sqlplus / as sysdba

      Use the username provided when provisioning the database deployment.

      If your database deployment is Oracle Database Classic Cloud Service 12c, the following step is also required:

      alter session set container=PDB1 

      Use the PDB name provided during Oracle SOA Cloud Service provisioning.

   4. Change the password for the infrastructure repository schema users.

      For Fusion Middleware 12.1.3	For Fusion Middleware 12.2.1.x
      schema_prefix_IAU schema_prefix_IAU_APPEND schema_prefix_IAU_VIEWER schema_prefix_MDS schema_prefix_OPSS schema_prefix_STB	schema_prefix_DBFS schema_prefix_ESS schema_prefix_IAU schema_prefix_IAU_APPEND schema_prefix_IAU_VIEWER schema_prefix_MDS schema_prefix_OPSS schema_prefix_SOAINFRA schema_prefix_STB schema_prefix_UMS schema_prefix_WLS schema_prefix_WLS_RUNTIME

      Change the password for each of the schema users pertaining to the WebLogic Server version on the database deployment. For example:

      ALTER USER schema_prefix_IUA identified by new_password;

      The password must start with a letter, be between 8 and 30 characters long, and contain at least one number. The password can optionally include the special characters: $ # _.

   5. Unlock all the user accounts on the database to cover for the case that they are locked due to repeated login failures after password expiry.

      ALTER USER schema_prefix_IAU ACCOUNT UNLOCK;

      Note:

      If the WebLogic Administration Server is running and the WebLogic Administration Console is accessible, follow Step 2, else go to Step 3.
2. Update all the datasources from the WebLogic Server Administration Console to reflect the new password.
   1. Log in to the WebLogic Administration Console and navigate to the Services — Datasources menu on the Domain Structure box.
   2. Click Lock & Edit.
   3. For each datasource, navigate to the Datasource Name — Configuration — Connection Pool tab and update the Password and Confirm Password field with the new password.
   4. Click Save, then Activate. 
   5. Stop all the WebLogic Servers.

      From the WebLogic Administration Console, click Servers under Environments in the Domain Structure section.

      Under the Control tab, select all of the servers and click Shutdown —Force Shutdown Now.

      Proceed to Step 4.

3. If the WebLogic Server is not running or the Administration Console is not accessible:
   1. Encrypt the new schema password and Update Data Source Configuration files:

      ssh -i private_key opc@ipaddress_of Admin_VM
      sudo su oracle
      cd /u01/data/domain/domain_name

      Ensure WebLogic Servers are not running. If running, stop the processes:

      Find the process IDs:

      ps -ef | grep java

      Kill processes:

      kill -9 pid

      then run:

      . domain_home/bin/setDomainEnv.sh

   2. Run the WebLogic Encryption Utility and enter the password you set for the database schemas:

      /u01/jdk/bin/java weblogic.security.Encrypt
       password: new password for the schema user

   3. Note the encrypted password output for future reference.

      The following example shows an encrypted password:

      AES}JHyrhOMB5hVRuDU/pV0qX86qz98ZV0xWXBSEAANA4Gs=

   4. Update the new password in the datasource xml files:

      cd domain_home/domain_name/config/jdbc

      Open the datasource xml files found in the domain_home/domain_name/config/jdbc directory that need to be updated with the new encrypted password:

      For Fusion Middleware 12.1.3

      For Fusion Middleware 12.2.1.x

      LocalSvcTblDataSource-jdbc.xml opss-auditview-jdbc.xml mds-owsm-jdbc.xml opss-datasource-jdbc.xml opss-audit-jdbc.xml

      EDNDataSource-jdbc.xml EDNLocalTxDataSource-jdbc.xml ess-oracle-int-jdbc.xml ess-oracle-jdbc.xml ess-oracle-xa-jdbc.xml LocalSvcTblDataSource-jdbc.xml mds-ess-jdbc.xml mds-owsm-jdbc.xml mds-soa-jdbc.xml opss-audit-jdbc.xml opss-auditview-jdbc.xml opss-datasource-jdbc.xml OraSDPMDataSource-jdbc.xml SOADataSource-jdbc.xml SOALocalTxDataSource-jdbc.xml wlsbjmsrpDataSource-jdbc.xml WLSSchemaDataSource-jdbc.xml

4. Update the bootstrap credentials with the new password for the SCHEMA_PREFIX_OPSS user using the WebLogic Scripting Tool (WLST):
   1. Use the ssh command to connect to the Administration Server VM:

      ssh -i private_key opc@AdminServerVM_IP_address

   2. Change to the oracle user:

      sudo su - oracle

   3. Start WLST:

      /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh

   4. Run the modifyBootStrapCredential command. Specify the full path to the jps-config.xml file.

      Use the following syntax:

      wls:/offline>modifyBootStrapCredential(jpsConfigFile='/u01/data/domains/domain_name/config/fmwconfig/jps-config.xml',username='schema_prefix_OPSS',password='new_password_set_for_this_schema_user')

5. Start the Administration Server through the Node Manager and then the Managed Servers.
   1. Use the ssh command to connect to the Administration Server:

      ssh -i private_key opc@AdminServerVM_IP_address

   2. Change to the oracle user:

      sudo su - oracle

   3. Start WLST.

      /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh

   4. Connect to the Node Manager.
      Before running the command, get the required values of some of the variables involved.

      • Host name — On the command prompt, type hostname.

      • Node Manager port number, domain name, domain home — Open the nodemanager.properties files to determine the respective values.

        For 11g:

        u01/app/oracle/middleware/wlserver_10.3/common/nodemanager/nodemanager.properties

        For 12c:

        /u01/data/domains/domain_name/nodemanager/nodemanager.properties

      • Administration Server name —

        cd /u01/data/domains/domain_name/servers.

        Look for the server name ending in adminserver.

      Run the nmConnect command.

      nmConnect('weblogic_username','weblogic_password','hostname','domain_name','domain_home/domain_name','ssl')

   5. Start the Administration Server.

      nmStart("admin_server_name")

   6. After the Administration Server has status RUNNING, access the WebLogic Administration Console and start the Managed Servers.

      • Click on Servers under Environments in the Domain Structure section.

      • Under the Control tab, select the Managed Servers and click Start.

6. Update the wallet password. See Update the DBFS Wallet Password.
7. Restart the Oracle SOA Cloud Service instance from the Oracle SOA Cloud Service Console. See Stop, Start, or Restart an Oracle SOA Cloud Service Instance