1. Using Oracle SOA Suite on Marketplace in Oracle Cloud Infrastructure
  2. Manage Oracle SOA Suite on Marketplace Instances
  3. Perform Database Operations for an Oracle SOA Suite on Marketplace Instance
  4. Change the Database Schema and Wallet Passwords
  5. Update the Database Schema Password

Update the Database Schema Password

When the database schema password expires, it must be updated. You can update the database schema password using an automation script or perform the steps manually.

Note:

The database schema password must be same for all database schemas.

Update the Database Schema Password Using an Automation Script

Prerequisite: The Administration Server must be up and running.

To update the database schema password using an automation script:

  1. Test database connectivity using the following ping command:
    java -classpath /u01/app/oracle/middleware/wlserver/server/lib/ weblogic.jar
    utils.dbping ORACLE_THIN username password HOST:PORT:DBNAME

  2. Use the ssh command to connect to the Administration Server VM (as the opc user): 

    ssh -i private_key opc@AdminServerVM_IP_address

  3. Change to the oracle user: 

    sudo su - oracle

  4. Navigate to the directory containing automation scripts:

    cd /opt/scripts/runbooks

  5. Run the script to update the database schema password and respond to the prompts for WebLogic Server administration password, RCU schema prefix, and RCU password:

    ./updateDBPassword.sh
  6. Update the wallet password. See Update the DBFS Wallet Password.
  7. Stop and then restart the Managed Servers. It is not necessary to stop and start the Oracle SOA Suite on Marketplace instance. See Stop or Start the Managed Servers.

Update the Database Schema Password Manually

The following summary shows the high-level tasks to update the database schema password manually. Detailed steps are below.

  1. Test database connectivity using the following ping command:
    java -classpath /u01/app/oracle/middleware/wlserver/server/lib/ weblogic.jar
    utils.dbping ORACLE_THIN username password HOST:PORT:DBNAME

  2. Update each infrastructure repository schema's password on the database deployment.

  3. If the WebLogic Servers are running and the WebLogic Server Administration Console is accessible, update the password for all the corresponding data sources from the WebLogic Server Administration Console.

  4. If the WebLogic Servers are not running and the WebLogic Server Administration Console is inaccessible, manually update the passwords in the WebLogic Server configuration.

  5. Update the bootstrap credentials using the WebLogic Scripting Tool (WLST).

  6. Start the Administration Server with the Node Manager, and then start the Managed Servers.

To update the database schema password manually:

  1. Update each infrastructure repository schema's password on the database deployment.

     If the schema prefix is already known, go to Step c.

    1. Use the ssh command to connect to the Administration Server VM (as the opc user) and get the value of the schema prefix.  
      ssh -i private_key opc@AdminServerVM_IP_address
cat /u01/app/oracle/private/schemaPrefix
      The schema prefix value returned is similar to the following:

      SP255951777

    2. Use the ssh command to connect to the Oracle Cloud Infrastructure database deployment node (as the opc user) and change to the oracle user.
      ssh -i ssh_key opc@DMVM_IP_address
sudo su - oracle
    3. Connect to the Oracle Cloud Infrastructure database deployment.
      sqlplus / as sysdba

      Use the username provided when provisioning the database deployment.

      If your database deployment version is 12c, the following step is also required:
      alter session set container=PDB1

      Use the PDB name provided during Oracle SOA Suite provisioning.

    4. Update the password for the infrastructure repository schema users:

      schema_prefix_DBFS

      schema_prefix_ESS

      schema_prefix_IAU

      schema_prefix_IAU_APPEND

      schema_prefix_IAU_VIEWER

      schema_prefix_MDS

      schema_prefix_OPSS

      schema_prefix_SOAINFRA

      schema_prefix_STB

      schema_prefix_UMS

      schema_prefix_WLS

      schema_prefix_WLS_RUNTIME

      Update the password for each of the schema users pertaining to the WebLogic Server version on the database deployment. For example:
      ALTER USER schema_prefix_IUA identified by new_password;

      The password must start with a letter, be between 8 and 30 characters long, and contain at least one number. The password can optionally include the special characters: $, #, _.

    5. Unlock all the user accounts on the database to cover for the case that they are locked due to repeated login failures after password expiry.
      ALTER USER schema_prefix_IAU ACCOUNT UNLOCK;

      Note:

      If the WebLogic Administration Server is running and the WebLogic Administration Console is accessible, follow Step 2, else go to Step 3.
  2. If the WebLogic Servers are running and the WebLogic Server Administration Console is accessible, update the password for all the corresponding data sources from the WebLogic Server Administration Console:
    1. Log in to the WebLogic Administration Console and navigate to the Services > Datasources menu on the Domain Structure box.
    2. Click Lock & Edit.
    3. For each datasource, navigate to the Datasource Name > Configuration > Connection Pool tab and update the Password and Confirm Password field with the new password.
    4. Click Save on this page, and then Activate
    5. Stop all the WebLogic Servers.

      From the WebLogic Administration Console, click on Servers under Environments in the Domain Structure section.

      Under the Control tab, select all of the servers and click Shutdown —Force Shutdown Now.

      Proceed to Step 4.

  3. If the WebLogic Servers are not running and the WebLogic Server Administration Console is inaccessible, manually update the passwords in the WebLogic Server configuration:
    1. Encrypt the new schema password and update the data source configuration files:

      Use the ssh command to connect to the Administration Server VM (as the opc user), change to the oracle user, and go to the domain_name directory: 

      ssh -i private_key opc@AdminServerVM_IP_address
sudo su - oracle
cd /u01/data/domain/domain_name
      Ensure WebLogic Servers are not running. If running, stop the processes:

      Find the process IDs:

      ps -ef | grep java

      Kill processes:

      kill -9 pid
      Run the setDomainEnv script:
      . domain_home/bin/setDomainEnv.sh
    2. Run the WebLogic Encryption Utility and enter the password you set for the database schemas:
      /u01/jdk/bin/java weblogic.security.Encrypt
 password: new_password
    3. Note the encrypted password output for future reference.

      The following example shows an encrypted password:

      AES}JHyrhOMB5hVRuDU/pV0qX86qz98ZV0xWXBSEAANA4Gs=
    4. Update the new password in the datasource xml files.
      cd domain_home/domain_name/config/jdbc

      Open the datasource xml files found in the domain_home/domain_name/config/jdbc directory that need to be updated with the new encrypted password:

      EDNDataSource-jdbc.xml

      EDNLocalTxDataSource-jdbc.xml

      ess-oracle-int-jdbc.xml

      ess-oracle-jdbc.xml

      ess-oracle-xa-jdbc.xml

      LocalSvcTblDataSource-jdbc.xml

      mds-ess-jdbc.xml

      mds-owsm-jdbc.xml

      mds-soa-jdbc.xml

      opss-audit-jdbc.xml

      opss-auditview-jdbc.xml

      opss-datasource-jdbc.xml

      OraSDPMDataSource-jdbc.xml

      SOADataSource-jdbc.xml

      SOALocalTxDataSource-jdbc.xml

      wlsbjmsrpDataSource-jdbc.xml

      WLSSchemaDataSource-jdbc.xml

  4. Update the bootstrap credentials with the new password for the SCHEMA_PREFIX_OPSS user using the WebLogic Scripting Tool (WLST):
    1. Use the ssh command to connect to the Administration Server VM (as the opc user) and change to the oracle user:
      ssh -i private_key opc@AdminServerVM_IP_address
sudo su - oracle
    2. Start WLST:
      /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh
    3. Run the modifyBootStrapCredential command. Specify the full path to the jps-config.xml file.

      Use the following syntax:

      wls:/offline>modifyBootStrapCredential(jpsConfigFile='/u01/data/domains/domain_name/config/fmwconfig/jps-config.xml',username='schema_prefix_OPSS',password='new_password_set_for_this_schema_user')
  5. Start the Administration Server through the Node Manager and then the Managed Servers:
    1. Use the ssh command to connect to the Administration Server VM (as the opc user) and change to the oracle user:
      ssh -i private_key opc@AdminServerVM_IP_address
    2. Start WLST:
      /u01/app/oracle/middleware/oracle_common/common/bin/wlst.sh
    3. Connect to the Node Manager.
      Before running the command, get the required values of some of the variables involved.

      • Host name — At the command prompt, type hostname.

      • Node Manager port number, domain name, domain home — Open the nodemanager.properties files to determine the respective values. 

        /u01/data/domains/domain_name/nodemanager/nodemanager.properties
      • Administration Server name — Go to the servers directory and look for the server name ending in adminserver.
        cd /u01/data/domains/domain_name/servers
      Run the nmConnect command:
      nmConnect('weblogic_username','weblogic_password','hostname','domain_name','domain_home/domain_name','ssl')
    4. Start the Administration Server:
      nmStart("admin_server_name")
    5. After the Administration Server has status RUNNING, access the WebLogic Administration Console and start the Managed Servers.

      • Click Servers under Environments in the Domain Structure section.

      • Under the Control tab, select the Managed Servers and click Start.

  6. Update the wallet password. See Update the DBFS Wallet Password.
  7. Stop and then restart the Managed Servers. It is not necessary to stop and start the Oracle SOA Suite on Marketplace instance. See Stop or Start the Managed Servers.