4 Upgrading Oracle Access Manager Highly Available Environments

Describes the process of upgrading an Oracle Access Manager highly available environments from 12c (12.2.1.3.0) to 12c (12.2.1.4.0).

Topics

• About the Oracle Access Manager Multinode Upgrade Process
  Review the topology and the roadmap for an overview of the upgrade process for Oracle Access Manager highly available environments.
• Backing up the 12c (12.2.1.3.0) Middleware Home Folder on OAMHOSTs
  Backup the 12c (12.2.1.3.0) Middleware Home on both OAMHOST1 and OAMHOST2.
• Stopping Servers and Processes
  Before you upgrade the configurations, you must shut down all of the pre-upgrade processes and servers, including the Weblogic Admin, Managed, and Node Manager servers that are running on the intended OAMHOST.
• Uninstalling the Software on an OAMHOST
  Follow the instructions in this section to start the Uninstall Wizard and remove the software.
• Installing Product Distributions on OAMHOSTs
  Install the binaries on an OAMHOST.
• Starting the Servers on OAMHOSTs
  After you upgrade Oracle Access Manager on an OAMHOST, start the servers.

About the Oracle Access Manager Multinode Upgrade Process

Review the topology and the roadmap for an overview of the upgrade process for Oracle Access Manager highly available environments.

The steps you take to upgrade your existing domain will vary depending on how your domain is configured and which components are being upgraded. Follow only those steps that are applicable to your deployment.

Upgrade Topology

The following topology shows the Oracle Access Manager cluster set up that can be upgraded to 12c (12.2.1.4.0) by following the procedure described in this chapter.

Figure 4-1 Oracle Access Manager High Availability Upgrade Topology

Description of "Figure 4-1 Oracle Access Manager High Availability Upgrade Topology"

On OAMHOST1, the following installations have been performed:

• An Oracle Access Server has been installed in the WLS_OAM1 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the active Administration Server.

On OAMHOST2, the following installations have been performed:

• An Oracle Access Server has been installed in the WLS_OAM2 Managed Server.

• A WebLogic Server Administration Server has been installed. Under normal operations, this is the passive Administration Server. You make this Administration Server active if the Administration Server on OAMHOST1 becomes unavailable.

The instances in the WLS_OAM1 and WLS_OAM2 Managed Servers on OAMHOST1 and OAMHOST2 are configured in a cluster named OAM_CLUSTER.

Note:

This topology diagram is only for illustration purposes. Typical customer topologies may have more than two OAM server nodes in their cluster. They may also have a separate cluster of OAM Policy Manager server nodes.

Table 4-1 Tasks for Upgrading Oracle Access Manager Highly Available Environments

Task	Description
Required If you have not done so already, review the introductory topics in this guide and complete the required pre-upgrade tasks.	See: Introduction to Upgrading Oracle Identity and Access Management to 12c (12.2.1.4.0) Pre-Upgrade Requirements
Required Create backup of the existing 12c (12.2.1.3.0) Middleware home folders on OAMHOSTs	See Backing up the 12c (12.2.1.3.0) Middleware Home Folder on OAMHOSTs.
Required on OAMHOST1 Shut down the 12c environment (stop all Administration and Managed Servers) on OAMHOST1. Ensure that the Database is up during the upgrade.	WARNING: Failure to shut down your servers during an upgrade may lead to data corruption. See Stopping Servers and Processes.
Required on OAMHOST1 On OAMHOST1, uninstall Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) in the existing Oracle home.	See Uninstalling the Software on an OAMHOST.
Required on OAMHOST1 On OAMHOST1, install Infrastructure (JRF) 12c (12.2.1.4.0) and Oracle Access Manager 12c (12.2.1.4.0) in the existing Oracle home.	See Installing Product Distributions on OAMHOSTs.
Required on OAMHOST1 Start the servers on OAMHOST1.	See Starting the Servers.
Required on OAMHOST2 Shut down the 12c environment (stop all Managed Servers) on OAMHOST2. Ensure that the Database is up during the upgrade.	WARNING: Failure to shut down your servers during an upgrade may lead to data corruption. See Stopping Servers and Processes.
Required on OAMHOST2 On OAMHOST2, uninstall Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.3.0) in the existing Oracle home.	See Uninstalling the Software on an OAMHOST.
Required on OAMHOST2 On OAMHOST2, install Infrastructure (JRF) 12c (12.2.1.4.0) and Oracle Access Manager 12c (12.2.1.4.0) in the existing Oracle home.	See Installing Product Distributions on OAMHOSTs.
Required on OAMHOST2 Start the node manager and managed servers on OAMHOST2.	See Starting the Servers.

Backing up the 12c (12.2.1.3.0) Middleware Home Folder on OAMHOSTs

Backup the 12c (12.2.1.3.0) Middleware Home on both OAMHOST1 and OAMHOST2.

As a backup, copy and rename the 12.2.1.3.0 Middleware home folder on OAMHOST1 and OAMHOST2.

For example:

From /u01/app/fmw/ORACLE_HOME to /u01/app/fmw/ORACLE_HOME_old

Stopping Servers and Processes

Before you upgrade the configurations, you must shut down all of the pre-upgrade processes and servers, including the Weblogic Admin, Managed, and Node Manager servers that are running on the intended OAMHOST.

An Oracle Fusion Middleware environment can consist of an Oracle WebLogic Server domain, an Administration Server, multiple managed servers, Java components, system components such as Identity Management components, and a database used as a repository for metadata. The components may be dependent on each other, so they must be stopped in the correct order.

Note:

• The procedures in this section describe how to stop the existing, pre-upgrade servers and processes using the WLST command-line utility or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager.
• Stop all of the servers in your deployment, except for the Database. The Database must be up during the upgrade process.

To stop your pre-upgrade Fusion Middleware environment, navigate to the pre-upgrade domain and follow the steps below.

Step 1: Stop the Managed Servers

Depending on the method you followed to start the managed servers, follow one of the following methods to stop the WebLogic Managed Server:

Method 1: To stop a WebLogic Server Managed Server not managed by Node Manager:

• (UNIX) DOMAIN_HOME/bin/stopManagedWebLogic.sh managed_server_name admin_url

• (Windows) DOMAIN_HOME\bin\stopManagedWebLogic.cmd managed_server_name admin_url

When prompted, enter your user name and password.

Method 2: To stop a WebLogic Server Managed Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required managed server.
• Click Shutdown.

Method 3: To stop a WebLogic Server Managed Server using node manager, run the following commands:

wls:/offline>nmConnect('nodemanager_username','nodemanager_password',
            'AdminServerHostName','5556','domain_name',
            'DOMAIN_HOME','nodemanager_type')

wls:/offline>nmKill('ManagedServerName')

Step 2: Stop the Administration Server

When you stop the Administration Server, you also stop the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

Follow one of the these methods to stop the Administration Server:

Method 1: To stop the Administration Server not managed by Node Manager:

• (UNIX) DOMAIN_HOME/bin/stopWebLogic.sh

• (Windows) DOMAIN_HOME\bin\stopWebLogic.cmd

When prompted, enter your user name, password, and the URL of the Administration Server.

Method 2: To stop the Administration Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required admin server.
• Click Shutdown.

Method 3: To stop a WebLogic Server Managed Server using Node Manager, run the following commands:

wls:/offline>nmConnect('nodemanager_username','nodemanager_password',
            'AdminServerHostName','5556','domain_name',
            'DOMAIN_HOME','nodemanager_type')

wls:/offline>nmKill('AdminServer')

Step 3: Stop Node Manager

To stop Node Manager, run the following command:

kill $(ps -ef | grep nodemanager | awk '{print $2}')

Step 4: Validate if any WLS components are running

To validate if any WLS components, like, Administration Server, Managed Server, or Node Manager are running, run the following command:

$ ps -ef |grep java

The output must return only the grep process.

For example:

oracle   14709 14410  0 19:07
pts/0    00:00:00 grep --color=auto java

If any other java process is listed other than the above grep command, they identify and stop the listed java process.

Uninstalling the Software on an OAMHOST

Follow the instructions in this section to start the Uninstall Wizard and remove the software.

If you want to uninstall the product in a silent (command-line) mode, see Running the Oracle Universal Installer for Silent Uninstallation in Installing Software with the Oracle Universal Installer.

• Starting the Uninstall Wizard
  
• Selecting the Product to Uninstall
  
• Navigating the Uninstall Wizard Screens
  

Starting the Uninstall Wizard

Start the Uninstall Wizard:

1. Change to the following directory:
   (UNIX) ORACLE_HOME/oui/bin
   (Windows) ORACLE_HOME\oui\bin
2. Enter the following command:
   (UNIX) ./deinstall.sh
   (Windows) deinstall.cmd

Selecting the Product to Uninstall

Because multiple products exist in the Oracle home, ensure that you are uninstalling the correct product.

After you run the Uninstall Wizard, the Distribution to Uninstall screen opens.

From the drop-down menu, select the Oracle Fusion Middleware 12c (12.2.1.3.0) Identity and Access Management product and click Uninstall.

Note:

The Uninstall Wizard displays the Distribution to Uninstall screen only if it detects more than one product distribution in the Oracle home from where you initate the wizard. If only Oracle Fusion Middleware 12c (12.2.1.3.0) Identity and Access Management product distribution is available, the Uninstall Wizard will display the Deinstallation Summary screen.

Note:

Do not select Weblogic Server for FMW 12.2.1.3.0.

The uninstallation program shows the screens listed in Navigating the Uninstall Wizard Screens.

Note:

You can uninstall Oracle Fusion Middleware Infrastructure after you uninstall OIM or OAM software by running the Uninstall Wizard again. Before doing so, ensure that there are no other products using the Infrastructure, as those products will no longer function once the Infrastructure is removed. You will not encounter the Distribution to Uninstall screen if no other software depends on Oracle Fusion Middleware Infrastructure. See, Uninstalling Oracle Fusion Middleware Infrastructure in Installing and Configuring the Oracle Fusion Middleware Infrastructure

Navigating the Uninstall Wizard Screens

The Uninstall Wizard shows a series of screens to confirm the removal of the software.

If you need help on screen listed in the following table, click Help on the screen.

Table 4-2 Uninstall Wizard Screens and Descriptions

Screen	Description
Welcome	Introduces you to the product Uninstall Wizard.
Uninstall Summary	Shows the Oracle home directory and its contents that are uninstalled. Verify that this is the correct directory. If you want to save these options to a response file, click Save Response File and enter the response file location and name. You can use the response file later to uninstall the product in silent (command-line) mode. See Running the Oracle Universal Installer for Silent Uninstall in Installing Software with the Oracle Universal Installer. Click Deinstall, to begin removing the software.
Uninstall Progress	Shows the uninstallation progress.
Uninstall Complete	Appears when the uninstallation is complete. Review the information on this screen, then click Finish to close the Uninstall Wizard.

Note:

• Repeat these steps for uninstalling WebLogic Server for FMW 12.2.1.3.0.

  You will be reinstalling the Oracle binaries into the same ORACLE_HOME location.

• After the product is uninstalled, ensure that the ORACLE_HOME folder exists. During the initial 12.2.1.3.0 install, if the default location was ORACLE_HOME, that is /user_projects, then the domain-registry.xml file will reside in ORACLE_HOME.

Complete the following steps to clean this directory:

1. After both OAM and WLS are uninstalled, run the following command:

   $ ls -al

   Following is an example of the output:

   total 28
   drwxr-x---. 6 <USER> <GROUP> 4096 Apr  2 20:27 .
   drwxr-x---. 6 <USER> <GROUP> 4096 Jul  9  2019 ..
   drwxr-x---. 5 <USER> <GROUP> 4096 Mar 23 17:48 cfgtoollogs
   -rw-r-----. 1 <USER> <GROUP>  225 Jul  9  2019 domain-registry.xml
   drwxr-x---. 7 <USER> <GROUP> 4096 Mar 26 17:12 .patch_storage
   drwxr-x---. 4 <USER> <GROUP> 4096 Jul  9  2019 user_projects
   drwxr-x---. 3 <USER> <GROUP> 4096 Apr  2 20:26 wlserver
   

2. Go to the ORACLE_HOME location. If the user_projects directory and the domain-registry.xml file are present, take their backup. They need to be restored after the upgrade is complete. After taking the backup, delete all the files in ORACLE_HOME.

Installing Product Distributions on OAMHOSTs

Install the binaries on an OAMHOST.

Complete the following steps:

1. After uninstalling the 12c (12.2.1.3.0) product on an OAMHOST, install the following products on the OAMHOST.

   • Oracle Fusion Middleware Infrastructure 12c (12.2.1.4.0)

   • Oracle Identity and Access Management 12c (12.2.1.4.0)

   • Any additional distributions for your pre-upgrade environment

   For more information, see Installing Product Distributions.

Note:

In 12c (12.2.1.4.0), there is no requirement to perform schema upgrade or configurations, so the domain remain the same. As a result, we do not have to perform the pack and unpack operations on OAMHOST1 and OAMHOST2.

• Installing Product Distributions
  Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.4.0) distributions on the target system and install them using Oracle Universal Installer.

Installing Product Distributions

Before beginning your upgrade, download Oracle Fusion Middleware Infrastructure and Oracle Access Manager 12c (12.2.1.4.0) distributions on the target system and install them using Oracle Universal Installer.

Note:

• The 12c binaries are installed in a different location from the previous 11g binaries. You can install 12c binaries before any planned downtime for upgrade.
• If you are using Redundant binary locations, ensure that you install the software into each of those redundant locations.

To install the 12c (12.2.1.4.0) distributions:

1. Sign in to the target system.
2. Download the following from Oracle Technology Network or Oracle Software Delivery Cloud to your target system:
   • Oracle Fusion Middleware Infrastructure (fmw_12.2.1.4.0_infrastructure_generic.jar)
   • Oracle Access Manager (fmw_12.2.1.4.0_idm.jar)
   • Any additional distributions for your pre-upgrade environment

   Note:

   If you are upgrading an integrated environment that was set up using Life Cycle Management (LCM) tool, that includes Oracle Access Manager, Oracle Identity Manager, and WebGates, then you must install the respective 12c Web Server (Oracle HTTP Server or Oracle Traffic Director) binaries in the same Oracle Home.

3. Change to the directory where you downloaded the 12c (12.2.1.4.0) product distribution.
4. Start the installation program for Oracle Fusion Middleware Infrastructure:
   • (UNIX) JDK_HOME/bin/java -jar fmw_12.2.1.4.0_infrastructure.jar
   • (Windows) JDK_HOME\bin\java -jar fmw_12.2.1.4.0_infrastructure.jar
5. On UNIX operating systems, the Installation Inventory Setup screen appears if this is the first time you are installing an Oracle product on this host.
   Specify the location where you want to create your central inventory. Make sure that the operating system group name selected on this screen has write permissions to the central inventory location, and click Next.

   Note:

   The Installation Inventory Setup screen does not appear on Windows operating systems.
6. On the Welcome screen, review the information to make sure that you have met all the prerequisites. Click Next.
7. On the Auto Updates screen, select an option:

   • Skip Auto Updates: If you do not want your system to check for software updates at this time.

   • Select patches from directory: To navigate to a local directory if you downloaded patch files.

   • Search My Oracle Support for Updates: To automatically download software updates if you have a My Oracle Support account. You must enter Oracle Support credentials then click Search. To configure a proxy server for the installer to access My Oracle Support, click Proxy Settings. Click Test Connection to test the connection.

   Click Next.
8. On the Installation Location screen, specify the location for the Oracle home directory and click Next.
   For more information about Oracle Fusion Middleware directory structure, see Understanding Directories for Installation and Configuration in Oracle Fusion Middleware Planning an Installation of Oracle Fusion Middleware.
9. On the Installation Type screen, select the following:
   • For Infrastructure, select Fusion Middleware Infrastructure
   • For Oracle Access Manager, select Collocated Oracle Identity and Access Manager.
   Click Next.
10. The Prerequisite Checks screen analyzes the host computer to ensure that the specific operating system prerequisites have been met.
    To view the list of tasks that are verified, select View Successful Tasks. To view log details, select View Log. If any prerequisite check fails, then an error message appears at the bottom of the screen. Fix the error and click Rerun to try again. To ignore the error or the warning message and continue with the installation, click Skip (not recommended).
11. On the Installation Summary screen, verify the installation options that you selected.
    If you want to save these options to a response file, click Save Response File and enter the response file location and name. The response file collects and stores all the information that you have entered, and enables you to perform a silent installation (from the command line) at a later time.

    Click Install to begin the installation.

12. On the Installation Progress screen, when the progress bar displays 100%, click Finish to dismiss the installer, or click Next to see a summary.
13. The Installation Complete screen displays the Installation Location and the Feature Sets that are installed. Review this information and click Finish to close the installer.
14. After you have installed Oracle Fusion Middleware Infrastructure, enter the following command to start the installer for your product distribution and repeat the steps above to navigate through the installer screens:

    (UNIX) JAVA_HOME/bin/java -jar fmw_12.2.1.4.0_idm.jar

    (Windows) JAVA_HOME\bin\java -jar fmw_12.2.1.4.0_idm.jar

Note:

• If your 11.1.2.3.0 setup was deployed using Life Cycle Management (LCM) tool, you must install Oracle HTTP Server 12c (12.2.1.4.0) in the 12c Middleware home. See Preparing to Install and Configure Oracle HTTP Server in Installing and Configuring Oracle HTTP Server.
• By using the opatch tool, apply the latest recommended patchsets from Oracle Support. Complete only the binary installation of patchsets and follow any post-patch steps after the upgrade process is complete. This provides the latest known fixes for upgrade process, if any.

Starting the Servers on OAMHOSTs

After you upgrade Oracle Access Manager on an OAMHOST, start the servers.

You must start the servers in the following order:

Note:

Prior to starting the Administration Server, download Patch 30729380 from My Oracle Support and apply using OPatch, to the OAM node and any other WLS node in the cluster.

1. Start the Node Manager on the required OAMHOST.

2. Start the Administration Server on the required OAMHOST.

3. Start the Oracle Access Manager Managed Servers on the required OAMHOST.

• Starting Servers and Processes
  After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.

Starting Servers and Processes

After a successful upgrade, start all processes and servers, including the Administration Server and any Managed Servers.

The components may be dependent on each other so they must be started in the correct order.

Note:

The procedures in this section describe how to start servers and process using the WLST command line or a script. You can also use the Oracle Fusion Middleware Control and the Oracle WebLogic Server Administration Console. See Starting and Stopping Administration and Managed Servers and Node Manager in Administering Oracle Fusion Middleware.

To start your Fusion Middleware environment, follow the steps below.

Step 1: Start Node Manager

Start the Node Manager in the Administration Server domain home.

Go to the WLS_HOME/server/bin directory and run the following command:

Where, WLS_HOME is the top-level directory for the WebLogic Server installation.

• (UNIX) nohup ./startNodeManager.sh > DOMAIN_HOME/nodemanager/nodemanager.out 2>&1 &

• (Windows) nohup .\startNodeManager.sh > DOMAIN_HOME\nodemanager\nodemanager.out 2>&1 &

Where, DOMAIN_HOME is the Administration server domain home.

Step 2: Start the Administration Server

When you start the Administration Server, you also start the processes running in the Administration Server, including the WebLogic Server Administration Console and Fusion Middleware Control.

Method 1: To start a Administration Server, run the following command:

nohup DOMAIN_HOME/bin/startWeblogic.sh &

Method 2: To start a Administration Server by using node manager, run the following commands:

cd ORACLE_COMMON_HOME/common/bin
./wlst.sh
wlst offline> nmConnect('nodemanager_username','nodemanager_password',
                    'ADMINVHN','5556','domain_name',
                   'DOMAIN_HOME')
nmStart('AdminServer')

Step 3: Start the Managed Servers

Note:

In an HA environment, it is preferred to use the console or node manager to start servers.

Start a WebLogic Server Managed Server by using the Weblogic Console:

• Log into Weblogic console as a weblogic Admin.
• Go to Servers > Control tab.
• Select the required managed server.
• Click Start.