8 Cloning Oracle Access Manager Environment

The out-of-place upgrade procedure discussed in this guide explains how to perform a cloned upgrade of Oracle Access Manager 11g to Oracle Access Manager 12c.

This chapter includes the following topics:

• Cloning the Database
  
• Cloning the Oracle Binaries
  
• Cloning the Configuration
  
• Upgrading the Cloned Environment
  

Cloning the Database

You can take a copy of your existing environment and then upgrade that copy. If you encounter issues during the upgrade, you will have the existing environment as a fallback.

For more information, see Performing an Upgrade via a Cloned Environment.

• Methods for Cloning Databases
  
• Cloning the Database Using the Export/Import Method
  
• Cloning the Database Using RMAN
  

Methods for Cloning Databases

There are different methods of cloning a database and each method has its own merits.

Note:

Oracle Identity and Access Management 12c does not support Oracle Access Manager and Oracle Identity Manager configured to use the same database schema prefix. Before you upgrade, if both products co-exist and share the same database schemas, you must first split the database into two different prefixes and schema sets.

You can use the following options to clone the database:

Option 1 – Database Export Import

• Suitable for smaller sized databases.

• Allows movement between versions. For example, 12.1.0.3 to 19c.

• Allows movement into Container Databases/Private Databases.

• Is a complete copy; redoing the exercise requires data to be deleted from the target each time.

• No ongoing synchronization.

• During cut-over the source system will need to be frozen for updates.

Option 2 – Duplicate Database Using RMAN

• Suitable for databases of any size.

• Takes a back up of an entire database.

• The database version and patch level should be the same on both the source and destination.

• Database upgrades will need to be performed as a separate task.

• CDP/PDB migration will have to be done as a separate exercise.

• No ongoing synchronization.

• During cut-over, you should freeze the source system for updates.

Option 3 – Dataguard Database

• Suitable for databases of any size.

• Takes a back up of an entire database.

• Database upgrades will need to be performed as a separate task.

• CDP/PDB migration will have to be done as a separate exercise.

• Ongoing synchronisation; Database can be opened to test the upgrade and closed again to keep data synchronized with the source system.

Note:

You should choose the solution based on your requirements.

Cloning the Database Using the Export/Import Method

On your 11g environment, export the data from your database to an export file.

To export the data, do the following:

1. Install an Oracle database of the version you want to use. This database can be a single instance database, a real applications cluster (RAC) database, a standard database, or a container database with OAM in a separate pluggable databse (PDB).

2. Make a directory on the source and the destination target hosts.

3. Create a database directory object pointing to this location on the source and destination databases.

4. Export the source database.

   Note:

   If you are using a RAC database, make sure you have a TNS connection which is forced to a specific instance/PDB unless you want to create the directories on each node. IADUPG is an example of a RCU prefix.

5. Copy the generated file to the destination database host.

6. Extract DDL from the source database. The import will only import the data you have extracted from the source database, it will not create any tablespaces or users, and not having those present will cause the import to fail. This can be resolved by extracting the DDL for these objects from the database. To do this:

   1. Create a file called extract_ddl.sql using an editor of your choice, with the following content:

      set pages 0
      set feedback off
      set heading off
      set long 5000
      set longchunksize 5000
      set lines 200
      set verify off 
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true);
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true);
      accept PREFIX char prompt 'Enter RCU Prefix:'
      accept PDBNAME char prompt 'Enter PDB:'
      spool ddl.sql
      select 'alter session set container=&&PDBNAME;'
      from dual
      /
      SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) 
      from  dba_tablespaces
      where tablespace_name like '&&PREFIX%'
      /
      set lines 600
      SELECT DBMS_METADATA.GET_DDL('USER',USERNAME)  
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      /
      set lines 200
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%_IAU_APPEND'
      and USERNAME NOT LIKE '%_IAU_VIEWER'
      /
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%TLOGS'
      and USERNAME NOT LIKE '%JMS'
      /
      
      spool off
      set pages 0
      set feedback off
      set heading off
      set long 5000
      set longchunksize 5000
      set lines 200
      set verify off 
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true);
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true);
      accept PREFIX char prompt 'Enter RCU Prefix:'
      accept PDBNAME char prompt 'Enter PDB:'
      spool ddl.sql
      select 'alter session set container=&&PDBNAME;'
      from dual
      /
      SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) 
      from  dba_tablespaces
      where tablespace_name like '&&PREFIX%'
      /
      set lines 600
      SELECT DBMS_METADATA.GET_DDL('USER',USERNAME)  
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      /
      set lines 200
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%_IAU_APPEND'
      and USERNAME NOT LIKE '%_IAU_VIEWER'
      /
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%TLOGS'
      and USERNAME NOT LIKE '%JMS'
      /
      
      spool off

      Note:

      The lines in Bold are applicable only if your target database is a PDB. This SQL assumes that all the objects are created using the RCU prefix. If you have created objects without the prefix (for example tablespaces/users for JMS or TLogs), you will need to add these manually.

   2. Execute the file in SQL Plus:

      SQL> @extract_ddl

7. Copy the generated file to the destination database host.

8. Create TNS entry for the Pluggable Database in the target system, if necessary.

9. Validate that the target database meets all of the criteria of Oracle Access Manager. See Installing and Configuring the Oracle Access Management Software.

10. Create a database restore point to roll back the transaction, if required.

11. Create the Tablespaces/Users for Oracle Access Manager.

    To do this execute the script (ddl.sql) you generated earlier (in step 6).

    Execute the file in SQL Plus:

    SQL> @ddl

    Carefully review the output and correct errors, if any.

12. Import the data into the destination database. This database need not be at the same database version as the source.

    export ORACLE_BASE=/u01/app/oracle
    export ORACLE_HOME=${ORACLE_BASE}/product/12.2.0.1/dbhome_1
    export GRID_HOME=/u01/app/12.2.0.1/grid
    export PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch
    export DB_NAME=iamcdb_phx1g8
    export ORACLE_SID=iamcdb
    
    impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=oam_system.dmp LOGFILE=oam_system_imp.log FULL=YES;
    impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=full_oam.dmp LOGFILE=full_oam_imp.log FULL=YES;
    

13. Create a database service in the target system with the same name as the primary.

    srvctl add service -db iamcdb_phx1g8 -service onpremservice -rlbgoal SERVICE_TIME -clbgoal SHORT -pdb iadpdb
    srvctl start service -db iamcdb_phx1g8 -service onpremservice 
    srvctl status service -db iamcdb_phx1g8 -service onpremservice

    After you have imported the schemas, it is important to check that the following query returns rows that are consistent with your deployment. This table should have been imported as part of the steps above. If it fails to do so, you must populate the table with values from your source system.

    set linesize 100
    col comp_id for a10
    col comp_name for a50
    col version for a10
    select comp_id, comp_name, version, status, upgraded from system.schema_version_registry;
    

Cloning the Database Using RMAN

Clone the database from the source environment to the target environment by using RMAN. See Transferring Data with RMAN.

Cloning the Oracle Binaries

Following options are available for cloning the Oracle binaries:

• Using your preferred backup/restore tools to archive and transfer the MW_HOME binaries and OraInventory directories.

• Using the Oracle FMW T2P process.

This section includes the following topics:

• Using Backup/Restore Tools to Clone the Access Domain
  
• Cloning the Oracle Binaries Using T2P
  

Using Backup/Restore Tools to Clone the Access Domain

Note:

You can take a back up with the domain and NodeManagers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.

Take a backup:

Complete the following steps to take a backup of your source environment binaries and Oracle Inventory:

1. Using your preferred backup tool, take a backup of the following locations on the source site:

   • oraInventory

   • MW_HOME

   For example, a command on OAMHOST1 may appear as follows:

   tar cfzP /u01/oracle/backups/oamhost1_binaries.tar.gz /u01/oracle/oraInventory MW_HOME

2. Repeat the command on any supplementary nodes using the separate product binary volumes.

   Note:

   When using the shared filesystem volumes for the Oracle products MW_HOME locations, you should take only the binary backups from one host per volume.

   For example, a command on OAMHOST2 may appear as follows:

   tar cfzP /u01/oracle/backups/oamhost2_binaries.tar.gz /u01/oracle/oraInventory MW_HOME

3. Copy the resulting backup files to their appropriate target environment hosts.

Restore the backup

Using your preferred extraction tool, extract the backup to your target environment nodes.

Note:

When using the shared filesystem volumes for the Oracle products MW_HOME locations, you should restore only the binary backups to one host per volume.

For example:

On OAMHOST1, run the following command:

tar xvfzP oamhost1.tar.gz

On OAMHOST2, run the following command:

tar xvfzP oamhost2.tar.gz

Cloning the Oracle Binaries Using T2P

You can use this method as an alternative to the backup/restore method.

Move a copy of the Middleware home for the component or suite from the source environment to the target environment using the copyBinary and pasteBinary scripts. See Moving the Middleware Home and the Binary Files.

Cloning the Configuration

Following options are available for cloning the configuration:

• Using your preferred backup/restore tools to clone the configuration.

• Using the T2P process.

• Using Backup/Restore Tools to Clone the Access Domain
  
• Cloning the Configuration Using T2P
  
• Starting the OAM Domain
  

Using Backup/Restore Tools to Clone the Access Domain

Note:

You can take a back up with the domain and Node Managers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.

Take a backup:

Following steps are available to take a backup of the source environment binaries and Oracle Inventory:

1. Using your preferred backup tool, take a backup of the following locations on the source site:

   • Application Server domain home (ASERVER_HOME)

   • Managed Server domain home if you have a separate location as described in the EDG (MSERVER_HOME)

   • Keystores

   • Nodemanager

   Note:

   If you have a combined DOMAIN_HOME rather than a segregated one, as described in the Enterprise Deployment Guide, include DOMAIN_HOME rather than ASERVER_HOME and MSERVER_HOME.

   For example, a command on OAMHOST1 may appear as follows:

   tar cfvzP /u01/oracle/config/backups/oamhost1_accessdomain.tar.gz \
      ASERVER_HOME \
      MSERVER_HOME \
      /u01/oracle/config/keystores \
      /u01/oracle/config/nodemanager/OAMHOST1 \
      /u01/oracle/config/nodemanager/OAMHOST2 \
      /u01/oracle/config/nodemanager/IADADMINVHN \
      /u01/oracle/runtime/domains/IAMAccessDomain

2. Repeat the command on any supplementary nodes. For example, a command on OAMHOST2 may appear as follows:

   tar cfzP /u01/oracle/backups/oamhost2_accessdomain.tar.gz /u02/private/oracle/config/domains/IAMAccessDomain

3. Copy the resulting backup files to their appropriate target environment hosts.

4. Delete any lock and log files in the domain that have been replicated from the source environment.

   • Remove any lock files for all NodeManager folders on the appropriate cloned environment hosts by running the following command:

     find /u01/oracle/config/nodemanager -type f -name "*.lck" -exec rm -f {} \;

   • Remove any lock files from the ASERVER_HOME and MSERVER_HOME folders on the appropriate cloned environment hosts by running the following command:

     Note:

     If you have a combined DOMAIN_HOME rather than a segregated one as described in the Enterprise Deployment Guide, include DOMAIN_HOME rather than ASERVER_HOME and MSERVER_HOME.

     For example, on OAMHOST1, run the following command:

     find  ASERVER_HOME \
         -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
     find  MSERVER_HOME \
         -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
     

     For example, on OAMHOST2, run the following command:

     find  MSERVER_HOME \
         -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
     

   • Optionally, remove the old log files from the NodeManager and Managed Server folders in the cloned domain:

     For example, on OAMHOST1, run the following command:

     find /u01/oracle/config/nodemanager/OIMHOST1 \
         -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \;
     find /u01/oracle/config/nodemanager/OIMHOST2 \
         -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \;
     
     find /u01/oracle/config/nodemanager/IGDADMINVHN \
         -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \;
      
     find ASERVER_HOME/servers/AdminServer/logs \
         -type f ! -size 0c -print -exec rm -f {} \+
      
     find MSERVER_HOME/servers/*/logs \
         -type f ! -size 0c -print -exec rm -f {} \+
     

     For example, on OAMHOST2, run the following command:

     find MSERVER_HOME/servers/*/logs \ -type f ! -size 0c -print -exec rm -f {} \+

Restore the Access Domain in the Cloned Environment

Using your preferred extraction tool, extract the backup to your target environment nodes.

For example:

On OAMHOST1, run the following command:

tar xvfzP oamhost1_accessdomain.tar.gz

On OAMHOST2, run the following command:

tar xvfzP oamhost2_accessdomain.tar.gz

Cloning the Configuration Using T2P

You can clone the configuration using the T2P method. This method is an alternative to the backup/recovery option. The advantage of using T2P is that it enables you to change the host names during the process. You can move a copy of the configuration of components such as UMS (User Messaging Service) messaging preferences, Oracle Identity Management configuration files, and so on, by using the following scripts:

• copyConfig
• extractMovePlan
• pasteConfig

To modify the host name or ports that is specific to the new environment, see Moving Oracle Fusion Middleware Components

Note:

Before running pasteConfig on the target environment, connect to the cloned database and verify that all the schemas/data from the source environment are present.

Starting the OAM Domain

After successfully restoring the backup to the target environment instances, do the following to start the domain:

• Start the Node Manager for the Administration Server.

• Start the Node Manager for the Managed Servers (if different).

• Start the administration server.

• Start the OAM managed servers.

• Start the policy manager managed servers.

Upgrading the Cloned Environment

After cloning the environment, you should perform some sanity checks to ensure that it is working as desired. After verifying that the environment is functioning as expected, take a backup of the environment and perform the upgrade as described in In-Place Upgrade of Oracle Access Manager.