- Migrating Oracle Java Cloud Service Instances to Oracle WebLogic Server for OCI Using WDT
- Migrate an Instance
- Edit the Domain Model and Copy It to the Target Instance
Edit the Domain Model and Copy It to the Target Instance
Oracle WebLogic Deploy Tool (WDT) exports a domain as a YAML file, which is referred to as the metadata model. Modify the YAML file so that it matches the configuration of your target Oracle Java Cloud Service instance.
For security purposes, WDT excludes the values of all password configuration attributes in the model file.
The domain model syntax allows you to externalize variables in a separate properties file. Oracle recommends that you use a separate file to configure the passwords that are required in your domain configuration, including data source and keystore passwords. To refer to a variable in the model file, use the @@PROP:<property_name>@@
format .
- Using a Secure Copy (SCP) client, download the model file and archive file from the Administration Server node in your source instance to your local computer.
scp -i <privatekey> opc@<source_admin_IP>:/tmp/<source_domain>.* .
- Create a backup copy of the model file.
cp <source_domain>.yaml <source_domain>.yaml.bak
- Open the
<source_domain>.yaml
model file in a text editor. - If necessary, find the names of all servers, clusters and machines in the model file, and replace them with the corresponding server, cluster and machine names of your target instance.
Note:
If the first eight characters of the source instance name are the same as the first eight characters in the target instance name, then this step is not required.Example:
... Cluster: MyTarget_cluster: ... Server: MyTarget_adminserver: ... Machine: MyTarget_machine_1 MyTarget_server_1: ... Machine: MyTarget_machine_1 Cluster: MyTarget_cluster ServerTemplate: MyTarget_cluster_Template JTAMigratableTarget: Cluster: MyTarget_cluster UserPreferredServer: MyTarget_server_1 ... MigratableTarget: MyTarget_server_1 (migratable): Cluster: MyTarget_cluster UserPreferredServer: MyTarget_server_1 ... ServerTemplate: MyTarget_cluster_Template: Cluster: MyTarget_cluster JTAMigratableTarget: Cluster: MyTarget_cluster ... UnixMachine: MyTarget_machine_1: ... JDBCSystemResource: 'MyDataSource': Target: MyTarget_cluster ... CoherenceClusterSystemResource: DataGridConfig: Target: MyTarget_cluster ... Application: MyApp: Target: MyTarget_cluster
- Find and remove the following applications from the model file, if they exist:
OraJaaSmon
sample-app
__auth-mgmt-app
In the following example, remove the highlighted lines.
Application: OraJaaSmon: SourcePath: wlsdeploy/applications/OraJaaSmon.war ModuleType: war StagingMode: nostage Target: MyTarget_adminserver 'sample-app': SourcePath: 'wlsdeploy/applications/sample-app.war' ModuleType: war StagingMode: stage Target: MyTarget_cluster '__auth-mgmt-app': SourcePath: 'wlsdeploy/applications/__auth-mgmt-app.war' ModuleType: war StagingMode: stage Target: MyTarget_adminserver
- Find and remove all occurrences of the following attributes from the model file:
ListenAddress
NodeManagerPasswordEncrypted
CredentialEncrypted
FrontendHost
Note:
If you want to reuse the source instance (Oracle Java Cloud Service) ports, then you need to consider Load Balancer configuration and security rules in target instance (Oracle WebLogic Server for OCI). - Find and remove the
NMProperties
node from the model file. - For each server in the model file, find and remove the
PublicAddress
attribute from the following defaultNetworkAccessPoint
nodes:channel-dep
SecuredExternAdmin
ExternAdmin
SecuredExternContent
ExternContent
In the following example, the highlighted line should be removed.
Server: MyInstan_adminserver: ... NetworkAccessPoint: 'channel-dep': ... PublicAddress: 203.0.113.10
- Find the
PublicAddress
attribute of any customNetworkAccessPoint
nodes in the model file (not in the previous list, in step 7), and replace the current value with the corresponding public IP address that is assigned to your target instance.Example:Server: MyInstan_adminserver: ... NetworkAccessPoint: MyChannel: ... PublicAddress: <target_IP>
- Find and remove all occurrences of the following attributes, under
domaininfo
:AdminUserName
AdminPassword
- Within the
SecurityConfiguration
node in your model file, remove theRealm
node and any child nodes, if they exist.In the following example, remove the highlighted lines.SecurityConfiguration: ... Realm: myrealm: ...
- Within the
SecurityConfiguration
node in your model file, remove theNodeManagerPasswordEncrypted
attribute.In the following example, remove the highlighted lines.SecurityConfiguration: ... NodeManagerPasswordEncrypted: ...
- For each server in the model file, find the
Arguments
attribute within theServerStart
node:- If you configured any custom startup arguments for a server in your source instance, then replace the current value of
Arguments
with the custom arguments only. - If you did not configure any custom startup arguments for a server, then remove the entire
Arguments
line and theServerStart
node.
In the following example, the server has custom startup arguments:
MyInstan_server_1: ... ServerStart: Arguments: '-Dmy.custom.arg=true'
- If you configured any custom startup arguments for a server in your source instance, then replace the current value of
- Create a file named
wdt.properties
. - If the servers in your source instance are configured to use custom identity and trust keystore files, then update the model file with the keystore passwords.If you are enabling SSL on Oracle WebLogic Server for OCI, then complete the instructions at Configure SSL for a Domain.
- Enter the required passwords for your keystores and private keys as properties in the
wdt.properties
file.Example:keystore1.password=<your_password> trustkeystore1.password=<your_password> privatekey1.password=<your_password>
- For each server in your model file, find the following attributes, and replace the current placeholder values with references to the corresponding properties:
CustomIdentityKeyStorePassPhraseEncrypted
CustomTrustKeyStorePassPhraseEncrypted
Example:
Server: MyInstan_server_1: ... CustomIdentityKeyStorePassPhraseEncrypted: '@@PROP:keystore1.password@@' CustomTrustKeyStorePassPhraseEncrypted: '@@PROP:trustkeystore1.password@@'
- For each server in your model file, find the
ServerPrivateKeyPassPhraseEncrypted
attribute in theSSL
node, and then replace the current placeholder values with a reference to the corresponding property.Example:Server: MyInstan_server_1: ... SSL: ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'
- For each server in your model file, if the
CustomIdentityKeyStoreType
orCustomTrustKeyStoreType
attribute is set to the valueKSS
, then set the location of your KSS keystores.Add the following attributes to the server, if not already present:CustomIdentityKeyStoreFileName: <keystore_url>
CustomTrustKeyStoreFileName: <trust_keystore_url>
Example:
Server: MyInstan_server_1: ... CustomIdentityKeyStoreType: KSS CustomTrustKeyStoreType: KSS CustomIdentityKeyStoreFileName: 'kss://system/mykeystore' CustomTrustKeyStoreFileName: 'kss://system/trust'
- Add the following attributes to the
SSL
node for your administration server, if they are not already present:Enabled: true
ListenPort: 9072
Example:
Server: MyInstan_adminserver: ... SSL: Enabled: true ListenPort: 9072 ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'
- For each managed server in your model file, add the following attributes to the
SSL
node, if they are not already present:Enabled: true
ListenPort: 9074
Example:
Server: MyInstan_server_1: ... SSL: Enabled: true ListenPort: 9074 ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'
Note:
If the application database is an Oracle Cloud Infrastructure database and it is in a different VCN than the target instance, then to enable communication between WebLogic servers and the database, you might have to complete the VNC pairing process. See .
- Enter the required passwords for your keystores and private keys as properties in the
- If your source instance includes custom Java Database Connectivity (JDBC) data sources, then provide the location and password of the application databases in Oracle Cloud
Infrastructure.
- Identify the OCI DB data sources found within the
JDBCSystemResource
node in your model file. - Enter the required passwords for your data sources as properties in the
wdt.properties
file.Example:datasource1.password=<your_password> datasource2.password=<your_password>
- For each data source in your model file, find the
PasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Example:JDBCSystemResource: MyDataSource1: ... JdbcResource: ... JDBCDriverParams: URL: ... PasswordEncrypted: '@@PROP:datasource1.password@@'
- For each data source in your model file, find the
URL
attribute and replace the current value with the URL to the corresponding Oracle Cloud Infrastructure Database.The following table shows the URL format to use, depending on the Oracle Database version, and whether you created a Virtual Machine (VM) or Bare Metal database type.
Database Version Database Type URL Format 12c VM jdbc:oracle:thin:@//<db_hostname>-scan.<db_domain>:<db_port>/<pdb_name>.<db_domain>
12c Bare Metal jdbc:oracle:thin:@//<db_hostname>.<db_domain>:<db_port>/<pdb_name>.<db_domain>
11g VM jdbc:oracle:thin:@//<db_hostname>-scan.<db_domain>:<db_port>/<db_unique_name>.<db_domain>
11g Bare Metal jdbc:oracle:thin:@//<db_hostname>.<db_domain>:<db_port>/<db_unique_name>.<db_domain>
If you did not specify a PDB name when you created an Oracle Cloud Infrastructure Database that is running Oracle Database 12c, the default name is
<db_name>_pdb1
.The following example shows a Virtual Machine database named
myappdb
, that is running Oracle Database 12c, and contains a PDB namedpdb1
:JDBCDriverParams: URL: jdbc:oracle:thin:@//myappdb-scan.mydbsubnet.myvcn.oraclevcn.com:1521/pdb1.mydbsubnet.myvcn.oraclevcn.com
- Identify the OCI DB data sources found within the
- If your source instance includes custom Java Database Connectivity (JDBC) data sources for Autonomous databases, then provide the password of the new or existing autonomous databases in Oracle Cloud Infrastructure.
- Identify the Autonomous database data sources found within the
JDBCSystemResource
node in your model file. - Enter the required passwords for your data sources as properties in the
wdt.properties
file.Example:atpdatasource1.password=<your_password> atpdatasource2.password=<your_password>
- For each data source in your model file, find the
PasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Example:JDBCSystemResource: MyDataSource1: ... JdbcResource: ... JDBCDriverParams: URL: ... PasswordEncrypted: '@@PROP:atpdatasource1.password@@'
- Ensure the following properties match with your target instance directory hierarchy.
oracle.net.tns_admin
: Full path to the location of the unzipped autonomous db wallet on target instance.javax.net.ssl.trustStore
: Full path to the location of the truststore.jks on target instance.javax.net.ssl.keyStore
: Full path to the location of the keystore.jks on target instance.
Example:JDBCSystemResource: MyDataSource1: ... JdbcResource: ... JDBCDriverParams: ... Properties: oracle.net.tns_admin: Value: /u01/data/domains/MyTarget_domain/config/MyAutonomousDBWallet javax.net.ssl.trustStore: Value: /u01/data/domains/MyTarget_domain/config/MyAutonomousDBWallet/truststore.jks javax.net.ssl.keyStore: Value: /u01/data/domains/MyTarget_domain/config/MyAutonomousDBWallet/keystore.jks
Note:
In this example, the folder/u01/data/domains/MyTarget_domain/config/
must already exist in the target instance. However,MyAutonomousDBWallet
is a new directory where the wallet was unzipped.
- Identify the Autonomous database data sources found within the
- If your source instance includes any Foreign JNDI Providers, Foreign JMS Servers, JMS Bridge Destinations, or Store-and-Forward (SAF) Contexts, then provide the locations and passwords for these external resources.
- Identify the
ForeignJNDIProvider
nodes in your model file. - Enter the required passwords for your Foreign JNDI Providers as properties in the
wdt.properties
file.Example:foreignjndi1.password=<your_password>
- For each
ForeignJNDIProvider
node in your model file, find thePasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Also update theProviderUrl
attribute if the location of this JNDI server is different than the JNDI server in the source environment.Example:
ForeignJNDIProvider: MyJNDIProvider1: PasswordEncrypted: '@@PROP:foreignjndi1.password@@' ProviderUrl: 't3://myjndiserver.example.com:9073'
- Identify the
ForeignServer
nodes in your model file. - Enter the required passwords for your Foreign JMS Servers as properties in the
wdt.properties
file.Example:foreignjms1.password=<your_password>
- For each
ForeignServer
node in your model file, find thePasswordEncrypted
andJNDIPropertiesCredentialEncrypted
attributes, and replace the current placeholder value with a reference to the corresponding properties.Also update theConnectionURL
attribute if the location of this JMS server is different than the JMS server in the source environment.Example:
ForeignServer: MyForeignJMS1: ConnectionURL: 't3://myjms.example.com:9073' JNDIPropertiesCredentialEncrypted: '@@PROP:foreignjms1.password@@' ForeignConnectionFactory: MyForeignJMS1Factory: PasswordEncrypted: '@@PROP:foreignjms1.password@@'
- Identify the
JMSBridgeDestination
nodes in your model file. - Enter the required passwords for your JMS Bridge Destinations as properties in the
wdt.properties
file.Example:jmsbridge1.password=<your_password>
- For each
JMSBridgeDestination
node in your model file, find theUserPasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Also update theConnectionURL
attribute if the location of this bridge destination is different than the bridge destination in the source environment.Example:
JMSBridgeDestination: MyBridgeDest1: ConnectionURL: 't3://myjms.example.com:9073' UserPasswordEncrypted: '@@PROP:jmsbridge1.password@@'
- Identify the
SAFLoginContext
nodes in your model file. - Enter the required passwords for your Store-and-Forward Contexts as properties in the
wdt.properties
file.Example:saf1.password=<your_password>
- For each
SAFLoginContext
node in your model file, find thePasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Also update theLoginURL
attribute if the Store-and-Forward destination server is different than the server in the source environment.Example:
SAFLoginContext: MySAF1: PasswordEncrypted: '@@PROP:saf1.password@@' LoginURL: 't3://myjms.example.com:9073'
- Identify the
- If your source instance includes any JavaMail sessions, then provide the passwords for these mail sessions.
- Identify the
MailSession
nodes in your model file. - Enter the required passwords for your mail sessions as properties in the
wdt.properties
file.Example:mailsession1.password=<your_password>
- For each
MailSession
node in your model file, find theSessionPasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Example:MailSession: MyMailSession1: SessionPasswordEncrypted: '@@PROP:mailsession1.password@@'
- For each
MailSession
node in your model file, find theProperties
attribute and replace any password placeholder values with references to the corresponding properties.Example:MailSession: MyMailSession1: Properties: ... mail.smtp.password: '@@PROP:mailsession1.password@@' mail.imap.password: '@@PROP:mailsession1.password@@'
- Identify the
- If your source instance includes any custom WebLogic Diagnostic Framework (WLDF) REST notification endpoints, then provide the locations and passwords for these endpoints.
- Identify the
RestNotification
nodes in your model file. - Enter the required passwords for your notification endpoints as properties in the
wdt.properties
file.For example:restnotification1.password=<your_password>
- For each
RestNotification
node in your model file, find theHttpAuthenticationPasswordEncrypted
attribute and replace the current placeholder value with a reference to the corresponding property.Also update theEndpointUrl
attribute if the destination server is different than the server in the source environment.Example:
RestNotification: MyNotification1: HttpAuthenticationPasswordEncrypted: '@@PROP:restnotification1.password@@' EndpointUrl: 'http://myserver.example.com:9073/notify'
- Identify the
- Use a Secure Copy (SCP) client to upload files to the Administration Server node in your target instance.
scp -i <privatekey> <source_files> opc@<target_admin_IP>:/<destination> scp -i <privatekey> wdt.properties opc@<target_admin_IP>:/<destination>
If you are using a private subnet, use the following command to upload the files to the Administration Server node in your target instance:scp -i <path_to_privatekey> -o ProxyCommand="ssh -W %h:%p -i <path_to_privatekey> opc@<Public_IP>" <source_files> opc@<target_admin_IP>:/<destination>