8 Cloning Oracle Access Manager Environment
The out-of-place upgrade procedure discussed in this guide explains how to perform a cloned upgrade of Oracle Access Manager 11g to Oracle Access Manager 12c.
This chapter includes the following topics:
- Cloning the Database
- Cloning the Oracle Binaries
- Cloning the Configuration
- Upgrading the Cloned Environment
Parent topic: Out-of-Place Cloned Upgrade of Oracle Access Manager
Cloning the Database
You can take a copy of your existing environment and then upgrade that copy. If you encounter issues during the upgrade, you will have the existing environment as a fallback.
For more information, see Performing an Upgrade via a Cloned Environment.
- Methods for Cloning Databases
- Cloning the Database Using the Export/Import Method
- Cloning the Database Using RMAN
Parent topic: Cloning Oracle Access Manager Environment
Methods for Cloning Databases
There are different methods of cloning a database and each method has its own merits.
Note:
Oracle Identity and Access Management 12c does not support Oracle Access Manager and Oracle Identity Manager configured to use the same database schema prefix. Before you upgrade, if both products co-exist and share the same database schemas, you must first split the database into two different prefixes and schema sets.You can use the following options to clone the database:
Option 1 – Database Export Import
-
Suitable for smaller sized databases.
-
Allows movement between versions. For example, 12.1.0.3 to 19c.
-
Allows movement into Container Databases/Private Databases.
-
Is a complete copy; redoing the exercise requires data to be deleted from the target each time.
-
No ongoing synchronization.
-
During cut-over the source system will need to be frozen for updates.
Option 2 – Duplicate Database Using RMAN
-
Suitable for databases of any size.
-
Takes a back up of an entire database.
-
The database version and patch level should be the same on both the source and destination.
-
Database upgrades will need to be performed as a separate task.
-
CDP/PDB migration will have to be done as a separate exercise.
-
No ongoing synchronization.
-
During cut-over, you should freeze the source system for updates.
Option 3 – Dataguard Database
-
Suitable for databases of any size.
-
Takes a back up of an entire database.
-
Database upgrades will need to be performed as a separate task.
-
CDP/PDB migration will have to be done as a separate exercise.
-
Ongoing synchronisation; Database can be opened to test the upgrade and closed again to keep data synchronized with the source system.
Note:
You should choose the solution based on your requirements.
Parent topic: Cloning the Database
Cloning the Database Using the Export/Import Method
On your 11g environment, export the data from your database to an export file.
To export the data, do the following:
-
Install an Oracle database of the version you want to use. This database can be a single instance database, a real applications cluster (RAC) database, a standard database, or a container database with OAM in a separate pluggable databse (PDB).
-
Make a directory on the source and the destination target hosts.
-
Create a database directory object pointing to this location on the source and destination databases.
-
Export the source database.
Note:
If you are using a RAC database, make sure you have a TNS connection which is forced to a specific instance/PDB unless you want to create the directories on each node. IADUPG is an example of a RCU prefix. -
Copy the generated file to the destination database host.
-
Extract DDL from the source database. The import will only import the data you have extracted from the source database, it will not create any tablespaces or users, and not having those present will cause the import to fail. This can be resolved by extracting the DDL for these objects from the database. To do this:
-
Create a file called extract_ddl.sql using an editor of your choice, with the following content:
set pages 0 set feedback off set heading off set long 5000 set longchunksize 5000 set lines 200 set verify off exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true); exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true); accept PREFIX char prompt 'Enter RCU Prefix:' accept PDBNAME char prompt 'Enter PDB:' spool ddl.sql select 'alter session set container=&&PDBNAME;' from dual / SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) from dba_tablespaces where tablespace_name like '&&PREFIX%' / set lines 600 SELECT DBMS_METADATA.GET_DDL('USER',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' / set lines 200 SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%_IAU_APPEND' and USERNAME NOT LIKE '%_IAU_VIEWER' / SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%TLOGS' and USERNAME NOT LIKE '%JMS' / spool off set pages 0 set feedback off set heading off set long 5000 set longchunksize 5000 set lines 200 set verify off exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true); exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true); accept PREFIX char prompt 'Enter RCU Prefix:' accept PDBNAME char prompt 'Enter PDB:' spool ddl.sql select 'alter session set container=&&PDBNAME;' from dual / SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) from dba_tablespaces where tablespace_name like '&&PREFIX%' / set lines 600 SELECT DBMS_METADATA.GET_DDL('USER',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' / set lines 200 SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%_IAU_APPEND' and USERNAME NOT LIKE '%_IAU_VIEWER' / SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%TLOGS' and USERNAME NOT LIKE '%JMS' / spool off
Note:
The lines in Bold are applicable only if your target database is a PDB. This SQL assumes that all the objects are created using the RCU prefix. If you have created objects without the prefix (for example tablespaces/users for JMS or TLogs), you will need to add these manually.
-
Execute the file in SQL Plus:
SQL> @extract_ddl
-
-
Copy the generated file to the destination database host.
-
Create TNS entry for the Pluggable Database in the target system, if necessary.
-
Validate that the target database meets all of the criteria of Oracle Access Manager. See Installing and Configuring the Oracle Access Management Software.
-
Create a database restore point to roll back the transaction, if required.
-
Create the Tablespaces/Users for Oracle Access Manager.
To do this execute the script (
ddl.sql
) you generated earlier (in step 6).Execute the file in SQL Plus:
SQL> @ddl
Carefully review the output and correct errors, if any.
-
Import the data into the destination database. This database need not be at the same database version as the source.
export ORACLE_BASE=/u01/app/oracle export ORACLE_HOME=${ORACLE_BASE}/product/12.2.0.1/dbhome_1 export GRID_HOME=/u01/app/12.2.0.1/grid export PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch export DB_NAME=iamcdb_phx1g8 export ORACLE_SID=iamcdb impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=oam_system.dmp LOGFILE=oam_system_imp.log FULL=YES; impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=full_oam.dmp LOGFILE=full_oam_imp.log FULL=YES;
-
Create a database service in the target system with the same name as the primary.
srvctl add service -db iamcdb_phx1g8 -service onpremservice -rlbgoal SERVICE_TIME -clbgoal SHORT -pdb iadpdb srvctl start service -db iamcdb_phx1g8 -service onpremservice srvctl status service -db iamcdb_phx1g8 -service onpremservice
After you have imported the schemas, it is important to check that the following query returns rows that are consistent with your deployment. This table should have been imported as part of the steps above. If it fails to do so, you must populate the table with values from your source system.
set linesize 100 col comp_id for a10 col comp_name for a50 col version for a10 select comp_id, comp_name, version, status, upgraded from system.schema_version_registry;
Parent topic: Cloning the Database
Cloning the Database Using RMAN
Clone the database from the source environment to the target environment by using RMAN. See Transferring Data with RMAN.
Parent topic: Cloning the Database
Cloning the Oracle Binaries
Following options are available for cloning the Oracle binaries:
-
Using your preferred backup/restore tools to archive and transfer the MW_HOME binaries and OraInventory directories.
-
Using the Oracle FMW T2P process.
This section includes the following topics:
Parent topic: Cloning Oracle Access Manager Environment
Using Backup/Restore Tools to Clone the Access Domain
Note:
You can take a back up with the domain and NodeManagers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.
Take a backup:
Complete the following steps to take a backup of your source environment binaries and Oracle Inventory:
-
Using your preferred backup tool, take a backup of the following locations on the source site:
-
oraInventory
-
MW_HOME
For example, a command on
OAMHOST1
may appear as follows:tar cfzP /u01/oracle/backups/oamhost1_binaries.tar.gz /u01/oracle/oraInventory MW_HOME
-
-
Repeat the command on any supplementary nodes using the separate product binary volumes.
Note:
When using the shared filesystem volumes for the Oracle products
MW_HOME
locations, you should take only the binary backups from one host per volume.For example, a command on
OAMHOST2
may appear as follows:tar cfzP /u01/oracle/backups/oamhost2_binaries.tar.gz /u01/oracle/oraInventory MW_HOME
-
Copy the resulting backup files to their appropriate target environment hosts.
Restore the backup
Note:
When using the shared filesystem volumes for the Oracle products
MW_HOME
locations, you should restore only the
binary backups to one host per volume.
For example:
On OAMHOST1, run the following command:
tar xvfzP oamhost1.tar.gz
On OAMHOST2, run the following command:
tar xvfzP oamhost2.tar.gz
Parent topic: Cloning the Oracle Binaries
Cloning the Oracle Binaries Using T2P
You can use this method as an alternative to the backup/restore method.
Move a copy of the Middleware home for the component or suite from the source
environment to the target environment using the copyBinary
and
pasteBinary
scripts. See Moving the Middleware Home and the Binary
Files.
Parent topic: Cloning the Oracle Binaries
Cloning the Configuration
Following options are available for cloning the configuration:
-
Using your preferred backup/restore tools to clone the configuration.
- Using the T2P process.
- Using Backup/Restore Tools to Clone the Access Domain
- Cloning the Configuration Using T2P
- Starting the OAM Domain
Parent topic: Cloning Oracle Access Manager Environment
Using Backup/Restore Tools to Clone the Access Domain
Note:
You can take a back up with the domain and Node Managers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.
Take a backup:
Following steps are available to take a backup of the source environment binaries and Oracle Inventory:
-
Using your preferred backup tool, take a backup of the following locations on the source site:
-
Application Server domain home (
ASERVER_HOME
) -
Managed Server domain home if you have a separate location as described in the EDG (
MSERVER_HOME
) -
Keystores
-
Nodemanager
Note:
If you have a combinedDOMAIN_HOME
rather than a segregated one, as described in the Enterprise Deployment Guide, includeDOMAIN_HOME
rather thanASERVER_HOME
andMSERVER_HOME
.For example, a command on
OAMHOST1
may appear as follows:tar cfvzP /u01/oracle/config/backups/oamhost1_accessdomain.tar.gz \ ASERVER_HOME \ MSERVER_HOME \ /u01/oracle/config/keystores \ /u01/oracle/config/nodemanager/OAMHOST1 \ /u01/oracle/config/nodemanager/OAMHOST2 \ /u01/oracle/config/nodemanager/IADADMINVHN \ /u01/oracle/runtime/domains/IAMAccessDomain
-
-
Repeat the command on any supplementary nodes. For example, a command on
OAMHOST2
may appear as follows:tar cfzP /u01/oracle/backups/oamhost2_accessdomain.tar.gz /u02/private/oracle/config/domains/IAMAccessDomain
-
Copy the resulting backup files to their appropriate target environment hosts.
-
Delete any lock and log files in the domain that have been replicated from the source environment.
-
Remove any lock files for all
NodeManager
folders on the appropriate cloned environment hosts by running the following command:find /u01/oracle/config/nodemanager -type f -name "*.lck" -exec rm -f {} \;
-
Remove any lock files from the
ASERVER_HOME
andMSERVER_HOME
folders on the appropriate cloned environment hosts by running the following command:Note:
If you have a combined
DOMAIN_HOME
rather than a segregated one as described in the Enterprise Deployment Guide, includeDOMAIN_HOME
rather thanASERVER_HOME
andMSERVER_HOME
.For example, on
OAMHOST1
, run the following command:find ASERVER_HOME \ -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \; find MSERVER_HOME \ -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
For example, on
OAMHOST2
, run the following command:find MSERVER_HOME \ -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
-
Optionally, remove the old log files from the
NodeManager
and Managed Server folders in the cloned domain:For example, on
OAMHOST1
, run the following command:find /u01/oracle/config/nodemanager/OIMHOST1 \ -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \; find /u01/oracle/config/nodemanager/OIMHOST2 \ -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \; find /u01/oracle/config/nodemanager/IGDADMINVHN \ -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \; find ASERVER_HOME/servers/AdminServer/logs \ -type f ! -size 0c -print -exec rm -f {} \+ find MSERVER_HOME/servers/*/logs \ -type f ! -size 0c -print -exec rm -f {} \+
For example, on
OAMHOST2
, run the following command:find MSERVER_HOME/servers/*/logs \ -type f ! -size 0c -print -exec rm -f {} \+
-
Restore the Access Domain in the Cloned Environment
Using your preferred extraction tool, extract the backup to your target environment nodes.
For example:
On OAMHOST1, run the following command:
tar xvfzP oamhost1_accessdomain.tar.gz
On OAMHOST2, run the following command:
tar xvfzP oamhost2_accessdomain.tar.gz
Parent topic: Cloning the Configuration
Cloning the Configuration Using T2P
copyConfig
extractMovePlan
pasteConfig
To modify the host name or ports that is specific to the new environment, see Moving Oracle Fusion Middleware Components
Note:
Before runningpasteConfig
on the target environment, connect to the cloned
database and verify that all the schemas/data from the source environment are
present.
Parent topic: Cloning the Configuration
Starting the OAM Domain
After successfully restoring the backup to the target environment instances, do the following to start the domain:
-
Start the Node Manager for the Administration Server.
-
Start the Node Manager for the Managed Servers (if different).
-
Start the administration server.
-
Start the OAM managed servers.
-
Start the policy manager managed servers.
Parent topic: Cloning the Configuration
Upgrading the Cloned Environment
After cloning the environment, you should perform some sanity checks to ensure that it is working as desired. After verifying that the environment is functioning as expected, take a backup of the environment and perform the upgrade as described in In-Place Upgrade of Oracle Access Manager.
Parent topic: Cloning Oracle Access Manager Environment