6 Cloning Oracle Access Manager Environment

The out-of-place upgrade procedure discussed in this guide explains how to perform a cloned upgrade of Oracle Access Manager 11g to Oracle Access Manager 12c.

This chapter includes the following topics:

• Cloning the Database
  
• Cloning the Oracle Binaries
  
• Cloning the Access Domain
  

Cloning the Database

You can take a copy of your existing environment and then upgrade that copy. If you encounter issues during the upgrade, you will have the existing environment as a fallback.

For more information, see Performing an Upgrade via a Cloned Environment.

• Cloning the Database Using the Export/Import Method
  
• Cloning the 11g Environment Using the Test-To-Production (T2P) Process
  

Cloning the Database Using the Export/Import Method

On your 11g environment, export the data from your database to an export file.

To export the data, do the following:

1. Install an Oracle database of the version you want to use. This database can be a single instance database, a real applications cluster (RAC) database, a standard database, or a container database with OAM in a separate pluggable databse (PDB).

2. Make a directory on the source and the destination OCI hosts.

3. Create a database directory object pointing to this location on the source and destination databases.

4. Export the source database.

   Note:

   If you are using a RAC database, make sure you have a TNS connection which is forced to a specific instance/PDB unless you want to create the directories on each node. IADUPG is an example of a RCU prefix.

5. Copy the generated file to the destination database host.

6. Extract DDL from the source database. The import will only import the data you have extracted from the source database, it will not create any tablespaces or users, and not having those present will cause the import to fail. This can be resolved by extracting the DDL for these objects from the database. To do this:

   1. Create a file called extract_ddl.sql using an editor of your choice, with the following content:

      set pages 0
      set feedback off
      set heading off
      set long 5000
      set longchunksize 5000
      set lines 200
      set verify off 
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true);
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true);
      accept PREFIX char prompt 'Enter RCU Prefix:'
      accept PDBNAME char prompt 'Enter PDB:'
      spool ddl.sql
      select 'alter session set container=&&PDBNAME;'
      from dual
      /
      SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) 
      from  dba_tablespaces
      where tablespace_name like '&&PREFIX%'
      /
      set lines 600
      SELECT DBMS_METADATA.GET_DDL('USER',USERNAME)  
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      /
      set lines 200
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%_IAU_APPEND'
      and USERNAME NOT LIKE '%_IAU_VIEWER'
      /
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%TLOGS'
      and USERNAME NOT LIKE '%JMS'
      /
      
      spool off
      set pages 0
      set feedback off
      set heading off
      set long 5000
      set longchunksize 5000
      set lines 200
      set verify off 
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true);
      exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true);
      accept PREFIX char prompt 'Enter RCU Prefix:'
      accept PDBNAME char prompt 'Enter PDB:'
      spool ddl.sql
      select 'alter session set container=&&PDBNAME;'
      from dual
      /
      SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) 
      from  dba_tablespaces
      where tablespace_name like '&&PREFIX%'
      /
      set lines 600
      SELECT DBMS_METADATA.GET_DDL('USER',USERNAME)  
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      /
      set lines 200
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%_IAU_APPEND'
      and USERNAME NOT LIKE '%_IAU_VIEWER'
      /
      SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) 
      
      from DBA_USERS
      where USERNAME like '&&PREFIX%'
      and USERNAME NOT LIKE '%TLOGS'
      and USERNAME NOT LIKE '%JMS'
      /
      
      spool off

      Note:

      The lines in Bold are applicable only if your target database is a PDB. This SQL assumes that all the objects are created using the RCU prefix. If you have created objects without the prefix (for example tablespaces/users for JMS or TLogs), you will need to add these manually.

   2. Execute the file in SQL Plus:

      SQL> @extract_ddl

7. Copy the generated file to the destination database host.

8. Create TNS entry for the Pluggable Database in OCI, if necessary.

9. Validate that the target database meets all of the criteria of Oracle Access Manager. For more information, see Installing and Configuring the Oracle Access Management Software in Installing and Configuring Oracle Identity and Access Management.

10. Create a database restore point to roll back the transaction, if required.

11. Create the Tablespaces/Users for Oracle Access Manager.

    To do this execute the script (ddl.sql) you generated earlier (in step 6).

    Execute the file in SQL Plus:

    SQL> @ddl

    Carefully review the output and correct errors, if any.

12. Import the data into the destination database. This database need not be at the same database version as the source.

    export ORACLE_BASE=/u01/app/oracle
    export ORACLE_HOME=${ORACLE_BASE}/product/12.2.0.1/dbhome_1
    export GRID_HOME=/u01/app/12.2.0.1/grid
    export PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch
    export DB_NAME=iamcdb_phx1g8
    export ORACLE_SID=iamcdb
    
    impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=oam_system.dmp LOGFILE=oam_system_imp.log FULL=YES;
    impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=full_oam.dmp LOGFILE=full_oam_imp.log FULL=YES;
    

13. Create a database service in OCI with the same name as the primary.

    srvctl add service -db iamcdb_phx1g8 -service onpremservice -rlbgoal SERVICE_TIME -clbgoal SHORT -pdb iadpdb
    srvctl start service -db iamcdb_phx1g8 -service onpremservice 
    srvctl status service -db iamcdb_phx1g8 -service onpremservice

    After you have imported the schemas, it is important to check that the following query returns rows that are consistent with your deployment. This table should have been imported as part of the steps above. If it fails to do so, you must populate the table with values from your source system.

    set linesize 100
    col comp_id for a10
    col comp_name for a50
    col version for a10
    select comp_id, comp_name, version, status, upgraded from system.schema_version_registry;
    

Cloning the 11g Environment Using the Test-To-Production (T2P) Process

Complete the following steps to move the installations from a source environment to a target environment:

• Prepare your source environment. See Preparing the Source Environment.

• Prepare your target environment. See Preparing the Target Environment.

• Install Oracle database software on the target environment, but do not create a database. See Installing the Database on the Target Environment.

• Clone the database from the Source Environment to the Target Environment using RMAN. See Installing the Database on the Target Environment

• Move Oracle Access Manager to the target environment. See Moving Identity Management Components to a Target Environment.

• Move a copy of the Middleware home for the component or suite from the source environment to the target environment using the copyBinary and pasteBinary scripts. See Moving the Middleware Home and the Binary Files.

• Move a copy of the configuration of components. In most cases, you use the copyConfig, extractMovePlan, and pasteConfig scripts such as UMS user messaging preferences, data for Oracle WebCenter Portal applications, or Oracle Web Cache configuration files. Modify any information that is specific to the new environment such as host name or ports. See Moving Oracle Fusion Middleware Components

  Note:

  Before running pasteConfig on the target, connect to the cloned database and verify that all the schemas/data from the source environment are present.

Cloning the Oracle Binaries

Following options are available for cloning the Oracle binaries:

• Use the preferred backup/restore tools to archive and transfer the MW_HOME binaries and OraInventory directories.

• Use the Oracle FMW T2P process. See Cloning the 11g Environment Using the Test-To-Production (T2P) Process.

This section includes the following topics:

• Using Backup/Restore Tools to Clone the Access Domain
  

Using Backup/Restore Tools to Clone the Access Domain

Note:

You can take a back up with the domain and NodeManagers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.

Take a backup:

Complete the following steps to take a backup of your source environment binaries and Oracle Inventory:

1. Using your preferred backup tool, take a backup of the following locations on the source site:

   • oraInventory

   • MW_HOME

   For example, a command on OAMHOST1 may appear as follows:

   tar cfzP /u01/oracle/backups/oamhost1_binaries.tar.gz /u01/oracle/oraInventory MW_HOME

2. Repeat the command on any supplementary nodes using the separate product binary volumes.

   Note:

   When using the shared filesystem volumes for the Oracle products MW_HOME locations, you should take only the binary backups from one host per volume.

   For example, a command on OAMHOST2 may appear as follows:

   tar cfzP /u01/oracle/backups/oamhost2_binaries.tar.gz /u01/oracle/oraInventory MW_HOME

3. Copy the resulting backup files to their appropriate target environment hosts.

Restore the backup

Using your preferred extraction tool, extract the backup to your target environment nodes.

Note:

When using the shared filesystem volumes for the Oracle products MW_HOME locations, you should restore only the binary backups to one host per volume.

For example:

On OAMHOST1, run the following command:

tar xvfzP oamhost1.tar.gz

On OAMHOST2, run the following command:

tar xvfzP oamhost2.tar.gz

Cloning the Access Domain

Following options are available for cloning the Access domain:

• Use your preferred backup/restore tools to archive and transfer the DOMAIN_HOME, NodeManager, and other necessary directories.

• Use the Oracle FMW T2P process. See Cloning the 11g Environment Using the Test-To-Production (T2P) Process.

This section contains the following topics:

• Using Backup/Restore Tools to Clone the Access Domain
  
• Starting the OAM Domain
  
• Cloning Using the Test-To-Production (T2P) Process
  

Using Backup/Restore Tools to Clone the Access Domain

Note:

You can take a back up with the domain and Node Managers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.

Take a backup:

Following steps are available to take a backup of the source environment binaries and Oracle Inventory:

1. Using your preferred backup tool, take a backup of the following locations on the source site:

   • ASERVER_HOME

   • MSERVER_HOME

   • Keystores

   • Nodemanager

   Note:

   If you have a combined DOMAIN_HOME rather than a segregated one, as described in the Enterprise Deployment Guide, include DOMAIN_HOME rather than ASERVER_HOME and MSERVER_HOME.

   For example, a command on OAMHOST1 may appear as follows:

   tar cfvzP /u01/oracle/config/backups/oamhost1_accessdomain.tar.gz \
      ASERVER_HOME \
      MSERVER_HOME \
      /u01/oracle/config/keystores \
      /u01/oracle/config/nodemanager/OAMHOST1 \
      /u01/oracle/config/nodemanager/OAMHOST2 \
      /u01/oracle/config/nodemanager/IADADMINVHN \
      /u01/oracle/runtime/domains/IAMAccessDomain

2. Repeat the command on any supplementary nodes. For example, a command on OAMHOST2 may appear as follows:

   tar cfzP /u01/oracle/backups/oamhost2_accessdomain.tar.gz /u02/private/oracle/config/domains/IAMAccessDomain

3. Copy the resulting backup files to their appropriate target environment hosts.

4. Delete any lock and log files in the domain that have been replicated from the source environment.

   • Remove any lock files for all NodeManager folders on the appropriate cloned environment hosts by running the following command:

     find /u01/oracle/config/nodemanager -type f -name "*.lck" -exec rm -f {} \;

   • Remove any lock files from the ASERVER_HOME and MSERVER_HOME folders on the appropriate cloned environment hosts by running the following command:

     Note:

     If you have a combined DOMAIN_HOME rather than a segregated one as described in the Enterprise Deployment Guide, include DOMAIN_HOME rather than ASERVER_HOME and MSERVER_HOME.

     For example, on OAMHOST1, run the following command:

     find  ASERVER_HOME \
         -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
     find  MSERVER_HOME \
         -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
     

     For example, on OAMHOST2, run the following command:

     find  MSERVER_HOME \
         -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
     

   • Optionally, remove the old log files from the NodeManager and Managed Server folders in the cloned domain:

     For example, on OAMHOST1, run the following command:

     find /u01/oracle/config/nodemanager/OIMHOST1 \
         -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \;
     find /u01/oracle/config/nodemanager/OIMHOST2 \
         -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \;
     
     find /u01/oracle/config/nodemanager/IGDADMINVHN \
         -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \;
      
     find ASERVER_HOME/servers/AdminServer/logs \
         -type f ! -size 0c -print -exec rm -f {} \+
      
     find MSERVER_HOME/servers/*/logs \
         -type f ! -size 0c -print -exec rm -f {} \+
     

     For example, on OAMHOST2, run the following command:

     find MSERVER_HOME/servers/*/logs \ -type f ! -size 0c -print -exec rm -f {} \+

Restore the Access Domain in the Cloned Environment

Using your preferred extraction tool, extract the backup to your target environment nodes.

For example:

On OAMHOST1, run the following command:

tar xvfzP oamhost1_accessdomain.tar.gz

On OAMHOST2, run the following command:

tar xvfzP oamhost2_accessdomain.tar.gz

Starting the OAM Domain

After successfully restoring the backup to the target environment instances, do the following to start the domain:

• Start the Node Manager for the ASERVER_HOME.

• Start the Node Manager for the MSERVER_HOME.

• Start the administration server.

• Start the OAM managed servers.

• Start the policy manager managed servers.

Cloning Using the Test-To-Production (T2P) Process

Perform the cloning using the T2P process. See Cloning the 11g Environment Using the Test-To-Production (T2P) Process.