6 Cloning Oracle Access Manager Environment
The out-of-place upgrade procedure discussed in this guide explains how to perform a cloned upgrade of Oracle Access Manager 11g to Oracle Access Manager 12c.
This chapter includes the following topics:
Parent topic: Out-of-Place Cloned Upgrade of Oracle Access Manager
Cloning the Database
You can take a copy of your existing environment and then upgrade that copy. If you encounter issues during the upgrade, you will have the existing environment as a fallback.
For more information, see Performing an Upgrade via a Cloned Environment.
- Cloning the Database Using the Export/Import Method
- Cloning the 11g Environment Using the Test-To-Production (T2P) Process
Parent topic: Cloning Oracle Access Manager Environment
Cloning the Database Using the Export/Import Method
On your 11g environment, export the data from your database to an export file.
To export the data, do the following:
-
Install an Oracle database of the version you want to use. This database can be a single instance database, a real applications cluster (RAC) database, a standard database, or a container database with OAM in a separate pluggable databse (PDB).
-
Make a directory on the source and the destination OCI hosts.
-
Create a database directory object pointing to this location on the source and destination databases.
-
Export the source database.
Note:
If you are using a RAC database, make sure you have a TNS connection which is forced to a specific instance/PDB unless you want to create the directories on each node. IADUPG is an example of a RCU prefix. -
Copy the generated file to the destination database host.
-
Extract DDL from the source database. The import will only import the data you have extracted from the source database, it will not create any tablespaces or users, and not having those present will cause the import to fail. This can be resolved by extracting the DDL for these objects from the database. To do this:
-
Create a file called extract_ddl.sql using an editor of your choice, with the following content:
set pages 0 set feedback off set heading off set long 5000 set longchunksize 5000 set lines 200 set verify off exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true); exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true); accept PREFIX char prompt 'Enter RCU Prefix:' accept PDBNAME char prompt 'Enter PDB:' spool ddl.sql select 'alter session set container=&&PDBNAME;' from dual / SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) from dba_tablespaces where tablespace_name like '&&PREFIX%' / set lines 600 SELECT DBMS_METADATA.GET_DDL('USER',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' / set lines 200 SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%_IAU_APPEND' and USERNAME NOT LIKE '%_IAU_VIEWER' / SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%TLOGS' and USERNAME NOT LIKE '%JMS' / spool off set pages 0 set feedback off set heading off set long 5000 set longchunksize 5000 set lines 200 set verify off exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'SQLTERMINATOR', true); exec dbms_metadata.set_transform_param (dbms_metadata.session_transform, 'PRETTY', true); accept PREFIX char prompt 'Enter RCU Prefix:' accept PDBNAME char prompt 'Enter PDB:' spool ddl.sql select 'alter session set container=&&PDBNAME;' from dual / SELECT DBMS_METADATA.GET_DDL('TABLESPACE',Tablespace_name) from dba_tablespaces where tablespace_name like '&&PREFIX%' / set lines 600 SELECT DBMS_METADATA.GET_DDL('USER',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' / set lines 200 SELECT DBMS_METADATA.GET_GRANTED_DDL ('SYSTEM_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%_IAU_APPEND' and USERNAME NOT LIKE '%_IAU_VIEWER' / SELECT DBMS_METADATA.GET_GRANTED_DDL ('OBJECT_GRANT',USERNAME) from DBA_USERS where USERNAME like '&&PREFIX%' and USERNAME NOT LIKE '%TLOGS' and USERNAME NOT LIKE '%JMS' / spool off
Note:
The lines in Bold are applicable only if your target database is a PDB. This SQL assumes that all the objects are created using the RCU prefix. If you have created objects without the prefix (for example tablespaces/users for JMS or TLogs), you will need to add these manually.
-
Execute the file in SQL Plus:
SQL> @extract_ddl
-
-
Copy the generated file to the destination database host.
-
Create TNS entry for the Pluggable Database in OCI, if necessary.
-
Validate that the target database meets all of the criteria of Oracle Access Manager. For more information, see Installing and Configuring the Oracle Access Management Software in Installing and Configuring Oracle Identity and Access Management.
-
Create a database restore point to roll back the transaction, if required.
-
Create the Tablespaces/Users for Oracle Access Manager.
To do this execute the script (
ddl.sql
) you generated earlier (in step 6).Execute the file in SQL Plus:
SQL> @ddl
Carefully review the output and correct errors, if any.
-
Import the data into the destination database. This database need not be at the same database version as the source.
export ORACLE_BASE=/u01/app/oracle export ORACLE_HOME=${ORACLE_BASE}/product/12.2.0.1/dbhome_1 export GRID_HOME=/u01/app/12.2.0.1/grid export PATH=$PATH:$ORACLE_HOME/bin:$ORACLE_HOME/OPatch export DB_NAME=iamcdb_phx1g8 export ORACLE_SID=iamcdb impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=oam_system.dmp LOGFILE=oam_system_imp.log FULL=YES; impdp \"SYS/Password@IADPDB AS SYSDBA\" DIRECTORY=orcl_full DUMPFILE=full_oam.dmp LOGFILE=full_oam_imp.log FULL=YES;
-
Create a database service in OCI with the same name as the primary.
srvctl add service -db iamcdb_phx1g8 -service onpremservice -rlbgoal SERVICE_TIME -clbgoal SHORT -pdb iadpdb srvctl start service -db iamcdb_phx1g8 -service onpremservice srvctl status service -db iamcdb_phx1g8 -service onpremservice
After you have imported the schemas, it is important to check that the following query returns rows that are consistent with your deployment. This table should have been imported as part of the steps above. If it fails to do so, you must populate the table with values from your source system.
set linesize 100 col comp_id for a10 col comp_name for a50 col version for a10 select comp_id, comp_name, version, status, upgraded from system.schema_version_registry;
Parent topic: Cloning the Database
Cloning the 11g Environment Using the Test-To-Production (T2P) Process
Complete the following steps to move the installations from a source environment to a target environment:
-
Prepare your source environment. See Preparing the Source Environment.
-
Prepare your target environment. See Preparing the Target Environment.
-
Install Oracle database software on the target environment, but do not create a database. See Installing the Database on the Target Environment.
-
Clone the database from the Source Environment to the Target Environment using RMAN. See Installing the Database on the Target Environment
-
Move Oracle Access Manager to the target environment. See Moving Identity Management Components to a Target Environment.
-
Move a copy of the Middleware home for the component or suite from the source environment to the target environment using the
copyBinary
andpasteBinary
scripts. See Moving the Middleware Home and the Binary Files. -
Move a copy of the configuration of components. In most cases, you use the
copyConfig
,extractMovePlan
, andpasteConfig
scripts such as UMS user messaging preferences, data for Oracle WebCenter Portal applications, or Oracle Web Cache configuration files. Modify any information that is specific to the new environment such as host name or ports. See Moving Oracle Fusion Middleware ComponentsNote:
Before running
pasteConfig
on the target, connect to the cloned database and verify that all the schemas/data from the source environment are present.
Parent topic: Cloning the Database
Cloning the Oracle Binaries
Following options are available for cloning the Oracle binaries:
-
Use the preferred backup/restore tools to archive and transfer the MW_HOME binaries and OraInventory directories.
-
Use the Oracle FMW T2P process. See Cloning the 11g Environment Using the Test-To-Production (T2P) Process.
This section includes the following topics:
Parent topic: Cloning Oracle Access Manager Environment
Using Backup/Restore Tools to Clone the Access Domain
Note:
You can take a back up with the domain and NodeManagers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.
Take a backup:
Complete the following steps to take a backup of your source environment binaries and Oracle Inventory:
-
Using your preferred backup tool, take a backup of the following locations on the source site:
-
oraInventory
-
MW_HOME
For example, a command on
OAMHOST1
may appear as follows:tar cfzP /u01/oracle/backups/oamhost1_binaries.tar.gz /u01/oracle/oraInventory MW_HOME
-
-
Repeat the command on any supplementary nodes using the separate product binary volumes.
Note:
When using the shared filesystem volumes for the Oracle products
MW_HOME
locations, you should take only the binary backups from one host per volume.For example, a command on
OAMHOST2
may appear as follows:tar cfzP /u01/oracle/backups/oamhost2_binaries.tar.gz /u01/oracle/oraInventory MW_HOME
-
Copy the resulting backup files to their appropriate target environment hosts.
Restore the backup
Note:
When using the shared filesystem volumes for the Oracle products
MW_HOME
locations, you should restore only the
binary backups to one host per volume.
For example:
On OAMHOST1, run the following command:
tar xvfzP oamhost1.tar.gz
On OAMHOST2, run the following command:
tar xvfzP oamhost2.tar.gz
Parent topic: Cloning the Oracle Binaries
Cloning the Access Domain
Following options are available for cloning the Access domain:
-
Use your preferred backup/restore tools to archive and transfer the
DOMAIN_HOME
,NodeManager
, and other necessary directories. -
Use the Oracle FMW T2P process. See Cloning the 11g Environment Using the Test-To-Production (T2P) Process.
This section contains the following topics:
- Using Backup/Restore Tools to Clone the Access Domain
- Starting the OAM Domain
- Cloning Using the Test-To-Production (T2P) Process
Parent topic: Cloning Oracle Access Manager Environment
Using Backup/Restore Tools to Clone the Access Domain
Note:
You can take a back up with the domain and Node Managers online or offline. However, Oracle recommends to execute the backup with all FMW processes shutdown.
Take a backup:
Following steps are available to take a backup of the source environment binaries and Oracle Inventory:
-
Using your preferred backup tool, take a backup of the following locations on the source site:
-
ASERVER_HOME
-
MSERVER_HOME
-
Keystores
-
Nodemanager
Note:
If you have a combinedDOMAIN_HOME
rather than a segregated one, as described in the Enterprise Deployment Guide, includeDOMAIN_HOME
rather thanASERVER_HOME
andMSERVER_HOME
.For example, a command on
OAMHOST1
may appear as follows:tar cfvzP /u01/oracle/config/backups/oamhost1_accessdomain.tar.gz \ ASERVER_HOME \ MSERVER_HOME \ /u01/oracle/config/keystores \ /u01/oracle/config/nodemanager/OAMHOST1 \ /u01/oracle/config/nodemanager/OAMHOST2 \ /u01/oracle/config/nodemanager/IADADMINVHN \ /u01/oracle/runtime/domains/IAMAccessDomain
-
-
Repeat the command on any supplementary nodes. For example, a command on
OAMHOST2
may appear as follows:tar cfzP /u01/oracle/backups/oamhost2_accessdomain.tar.gz /u02/private/oracle/config/domains/IAMAccessDomain
-
Copy the resulting backup files to their appropriate target environment hosts.
-
Delete any lock and log files in the domain that have been replicated from the source environment.
-
Remove any lock files for all
NodeManager
folders on the appropriate cloned environment hosts by running the following command:find /u01/oracle/config/nodemanager -type f -name "*.lck" -exec rm -f {} \;
-
Remove any lock files from the
ASERVER_HOME
andMSERVER_HOME
folders on the appropriate cloned environment hosts by running the following command:Note:
If you have a combined
DOMAIN_HOME
rather than a segregated one as described in the Enterprise Deployment Guide, includeDOMAIN_HOME
rather thanASERVER_HOME
andMSERVER_HOME
.For example, on
OAMHOST1
, run the following command:find ASERVER_HOME \ -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \; find MSERVER_HOME \ -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
For example, on
OAMHOST2
, run the following command:find MSERVER_HOME \ -type f \( -name "*.lck" -or -name "*.lok" \) -print -exec rm -f {} \;
-
Optionally, remove the old log files from the
NodeManager
and Managed Server folders in the cloned domain:For example, on
OAMHOST1
, run the following command:find /u01/oracle/config/nodemanager/OIMHOST1 \ -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \; find /u01/oracle/config/nodemanager/OIMHOST2 \ -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \; find /u01/oracle/config/nodemanager/IGDADMINVHN \ -type f \( -name '*.log' -or -name '*.out' \) -print -exec rm -f {} \; find ASERVER_HOME/servers/AdminServer/logs \ -type f ! -size 0c -print -exec rm -f {} \+ find MSERVER_HOME/servers/*/logs \ -type f ! -size 0c -print -exec rm -f {} \+
For example, on
OAMHOST2
, run the following command:find MSERVER_HOME/servers/*/logs \ -type f ! -size 0c -print -exec rm -f {} \+
-
Restore the Access Domain in the Cloned Environment
Using your preferred extraction tool, extract the backup to your target environment nodes.
For example:
On OAMHOST1, run the following command:
tar xvfzP oamhost1_accessdomain.tar.gz
On OAMHOST2, run the following command:
tar xvfzP oamhost2_accessdomain.tar.gz
Parent topic: Cloning the Access Domain
Starting the OAM Domain
After successfully restoring the backup to the target environment instances, do the following to start the domain:
-
Start the Node Manager for the
ASERVER_HOME
. -
Start the Node Manager for the
MSERVER_HOME
. -
Start the administration server.
-
Start the OAM managed servers.
-
Start the policy manager managed servers.
Parent topic: Cloning the Access Domain
Cloning Using the Test-To-Production (T2P) Process
Perform the cloning using the T2P process. See Cloning the 11g Environment Using the Test-To-Production (T2P) Process.
Parent topic: Cloning the Access Domain