Oracle® Fusion Middleware Upgrade Guide for Oracle Identity Management 11g Release 1 (11.1.1) Part Number E10129-02 |
|
|
View PDF |
This chapter describes how to upgrade an Oracle Identity Management Cold Failover Cluster environment to Oracle Fusion Middleware 11g.
This upgrade procedure involves the following tasks:
Task 1: Preparing for Upgrading Your Oracle Fusion Middleware Cold Failover Cluster Environment
Task 2: Install Oracle WebLogic Server and Create the Middleware Home
Task 3: Install Oracle Internet Directory and Oracle Directory Integration Platform
Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation
Task 5: Upgrade Oracle Internet Directory and Oracle Directory Integration Platform
Task 6: Verify the Upgrade of Oracle Internet Directory and Oracle Directory Integration Platform
Task 7: Configuring the Upgraded Components for Active-Passive Deployments
The procedures in this chapter provide instructions for upgrading high availability environments supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4.0.1).
Before you begin, review the following sections for important prerequisite for the upgrade process.
Oracle Identity Management 10g Components Must Be Installed and Running on IDMHOST1
It is assumed that your Oracle Identity Management 10g components are installed and runningon IDMHOST1. This is important because the Oracle Identity Management 11g components that you are upgrading must be installed on the same host as the Oracle Identity Management 10g components.
Only Oracle Internet Directory and Oracle Directory Integration Platform Components are Upgraded to 11g
As part of this procedure, only Oracle Internet Directory and Oracle Directory Integration Platform are upgraded to Oracle Fusion Middleware 11g. For more information about the differences between the components available in Oracle Application Server 10g and Oracle Fusion Middleware 11g, see Section 3.1, "Summary of the Oracle Identity Management 10g and 11g Components".
Understanding Oracle Fusion Middleware Cold Failover Cluster for 11g
Oracle Fusion Middleware provides an active-passive model for all its components using Oracle FMW Cold Failover Clusters. In an Oracle FMW Cold Failover Cluster configuration, two or more application server instances are configured to serve the same application workload but only one is active at any particular time.
For more information, see "Oracle Fusion Middleware Cold Failover Cluster Topology Concepts" in the Oracle Fusion Middleware High Availability Guide.
Database High Availability and Version Requirements
For information database requirements for upgrade, as well as additional upgrade information for Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware Upgrade Planning Guide.
Additional Resources
For information about the supported high availability topologies in Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware High Availability Guide.
Before you begin these procedures, review the procedures and prerequisites available in Chapter 4, "Upgrading Your Oracle Internet Directory Environment".
To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.
For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.
When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.
To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g:
Locate the Oracle Identity Management CD–ROM.
Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
http://www.oracle.com/technology/
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.
Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1
directory in the location where you unpacked the software.
Start Oracle Universal Installer:
On UNIX systems, enter the following command to install Repository Creation Utility:
./runInstaller
On Windows systems, double-click the setup.exe
file.
Refer to Table 8-1 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.
For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.
Table 8-1 Summary of Screens for Installing and Configuring Oracle Internet Directory and Oracle Directory Integration Platform on IDMHOST1
Screen | Instructions |
---|---|
Welcome |
Click Next. |
Select Install and Configure. Click Next. |
|
Prerequisite Checks |
Click Next. |
Select Create New Domain and enter the domain details. For the purposes of this exercise, enter Click Next. |
|
Specify the following values:
|
|
Select the following components:
Do not select the Clustered check box. |
|
Select Auto Port Configuration. Click Next. |
|
Select Use Existing Schema. In the Connect String field, enter the connect string to each nodes in the Real Application Clusters (RAC) database. Separate each node with a carot symbol ( INFRADBHOST1.MYCOMPANY.COM:1521:IDMDB1^INFRADBHOST2.MYCOMPANY.com:1521:IDMDB2@IDMEDG.MYCOMPANY.COM Enter the ODS schema password in the Password field. Note that the ODS schema is used by Oracle Internet Directory. By default, the password for the ODS schema is the Click Next. |
|
This warning indicates that you have correctly selected the Oracle Internet Directory 10g schemas (ODS). You install Oracle Internet Directory 11g against the 10g schema and then later use the Upgrade Assistant to upgrade the schema to 11g. Click Yes. |
|
OID Password |
Enter the Administrator password for Oracle Internet Directory instance. |
Installation Summary |
Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install. |
Installation Progress |
On UNIX systems, a dialog appears, prompting you to run the Open a window and run the script, following the prompts in the window. Click OK. |
Configuration |
Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the Installation Complete screen appears. Click Finish, and then confirm your choice to exit. |
Before you upgrade run the Upgrade Assistant, use the following procedure to ensure that Oracle Internet Directory and Oracle Directory Integration Platform 10g and 11g are up and running on the host.
For example, you can use the opmnctl
command:
ORACLE_HOME/opmm/bin/opmnctl status
Processes in Instance: cfc.mycompany.com
-------------------+--------------------+---------+---------
ias-component | process-type | pid | status
-------------------+--------------------+---------+---------
DSA | DSA | N/A | Down
LogLoader | logloaderd | N/A | Down
dcm-daemon | dcm-daemon | N/A | Down
HTTP_Server | HTTP_Server | 26117 | Alive
OID | OID | 26121 | Alive
For example, on a UNIX system, you can use the ps
command and the grep
command to search for the odisrv
process in the resulting output:
$ ps -ef | grep odisrv oracle 15711 15552 0 21:17 pts/0 00:00:00 grep odisrv oracle 21597 1 0 Feb18 ? 00:00:00 /bin/sh /u01/app/oracle/product/10g/idm/odisrv instance=1 configset=0 port=636 sslauth=1 host=idmhost1.mycompany.com
Use the following OPMN command to verify that Oracle Internet Directory is up and running:
ORACLE_INSTANCE/opmnctl status
The output of the command should be similar to the following example:
Processes in Instance: oid_instance1 ---------------------------------+--------------------+---------+--------- ias-component | process-type | pid | status ---------------------------------+--------------------+---------+--------- oid1 | oidldapd | 31394 | Alive oid1 | oidmon | 31384 | Alive
Use the ldapbind
command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind
tool enables you to determine whether you can authenticate a client to a server.
For non-SSL:
ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q
For SSL:
ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1
where:
U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet"
) and wallet password (-P wallet_password
).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet"
) and wallet password (-P wallet_password
).
Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:
Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
export ORACLE_HOME=/u01/app/oracle/product/11g/fmw_home/ods
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server.
For example:
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
Run the following command:
$ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser>
For example, on IDMHOST1, the command and successful output are shown below:
$ORACLE_HOME/bin/dipStatus -h idmhost1.mycompany.com -p 7005 -D weblogic [Weblogic user password] Connection parameters initialized. Connecting at idmhost1.mycompany.com:7005, with userid "weblogic".. Connected successfully. ODIP Application is active at this host and port.
Verify the Oracle Directory Services Manager installation by bringing up the ODSM Administration Console in a web browser.
The URL to access the ODSM Administration Console is:
http://hostname.mycompany.com:<port>/odsm/faces/odsm.jspx
For example, on IDMHOST1, enter this URL:
http://idmhost1.us.oracle.com:7005/odsm/faces/odsm.jspx
Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:
Change directory the ORACLE_HOME
/bin
directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.
On UNIX system:
./ua
On Windows systems:
ua.bat
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Select Operation screen.
Select Upgrade Identity Management Instance on the Select Operation screen.
Refer to Table 8-2 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
Provides a progress screen so you can see the status of the upgrade as it proceeds.
Alerts you of any errors or problems that occur during the upgrade.
See Also:
"Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade AssistantDisplays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.
Table 8-2 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade
Upgrade Assistant Screen | Description |
---|---|
Specify Source Home |
Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home. If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide. |
Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory. |
|
Enter the host and Administration Server port for the Oracle WebLogic Server you configured in "Task 2: Install Oracle WebLogic Server and Create the Middleware Home". Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server. |
|
Warning Dialog Box |
The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance. This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance. |
Select the upgrade options you want to apply to the Oracle Identity Management upgrade:
Click Help to display more information about the upgrade options on this screen. |
|
Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the password to the Oracle Internet Directory super user account ( For more information, click Help. |
|
Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database. Note the following important information about this screen:
|
|
This is only if you are using privileged port on a UNIX system. A configuration script needs to be run as root before upgrade can proceed. Leaving this window open, open another window, and run the When the script has completed, return to the Upgrade Assistant and click OK. |
Use Steps 3 through 5 of Section 8.4, "Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation" to verify that the upgraded Oracle Application Server Identity Management components are up and running.
Use the following steps to configure the upgraded components in an active-passive high availability environment.
Note that these steps reference specific sections in the Oracle Fusion Middleware High Availability Guide, which provides comprehensive instructions for configuring hight availability in Oracle Fusion Middleware 11g:
Task 7a: Transform the Infrastructure Components for Cold Failover Clusters
Task 7b: Transforming Oracle Internet Directory and Its Clients for Cold Failover Clusters
Transform the infrastucture components that support the Oracle Internet Directory environment. For each step in this process, refer to the corresponding procedure in the Oracle Fusion Middleware High Availability Guide:
Table 8-3 Steps to Transform the Infrastructure Components for Cold Failover Cluster
Step # | Description | Section in Oracle Fusion Middleware High Availability Guide |
---|---|---|
1 |
Transform the Oracle WebLogic Server administration server |
"Transforming the Administration Server for Cold Failover Clusters" |
2 |
Transform the wls_ods managed server |
|
3 |
Transform the Oracle WebLogic Server node manager |
|
4 |
Transform the Fusion Middleware Control |
|
5 |
Transform the Oracle Process Manager and Notification Server (OPMN) |
"Transforming Oracle Process Management and Notification Server" |
6 |
Transform the Oracle HTTP Server |
After you have transformed the infrastructure components for Cold Failover Cluster, you can do the same for the upgraded Oracle Internet Directory 11g instance.
Refer to "Transforming Oracle Internet Directory and Its Clients" in the Oracle Fusion Middleware High Availability Guide.
After the Cold Failover Cluster transformation, the Oracle Enterprise Manager Fusion Middleware Control cannot display the correct status for some of the upgraded components.
To fix this problem, you must modify specific Fusion Middleware Control configuration files so they reference to the virtual host name used for the Cold Failover transformation instead of the physical host name.
Follow the steps below to update the Fusion Middleware Control configuration files:
Stop the Oracle Enterprise Manager Fusion Middleware Control agent:
ORACLE_HOME/bin/emctl stop agent
Modify the emd.properties
file in the Oracle instance directory:
Change directory to the following directory in the Oracle instance:
ORACLE_INSTANCE/emagent/em_agent_name/sysman/config
Make a backup copy of the emd.properties
file:
For example, on UNIX systems:
cp emd.properties emd.properties.bak
Edit the emd.properties
file so it references the virtual host name, rather than the physical host name.
For example, if the physical host name is host1.mycompany.com
and the virtual host name is cfcvip.mycompany.com
, then you must change the reference accordingly in the following attributes in the emd.properties
file:
Modify the targets.xml
file in the Oracle instance:
Change directory to the emd
directory of the Oracle instance:
INSTANCE_HOME/emagent/em_agent_name/sysman/emd
Make a backup copy of the targets.xml
file:
For example, on UNIX systems:
cp targets.xml targets.xml.bak
Modify targets.xml
, as follows:
Modify the entries related to host
and oracle_emd
so they reference the virtual host name (for example, cfcvip.mycompany.com
):
For example:
<Targets AGENT_TOKEN="ad4e5899e7341bfe8c36ac4459a4d569ddbf03bc"> <Target TYPE="oracle_emd" NAME=cfcvip.mycompany.com:5157"/> <Target TYPE="host" NAME=cfcvip.mycompany.com DISPLAY_NAME=cfcvip.mycompany.com/> </Targets>
Remove all other <Target>
entries in the file.
Modify the targets.xml
file in the domain directory:
Change directory to the following directory in the Oracle WebLogic Server domain directory inside the Middleware home:
MW_HOME/user_projects/domains/domain_name/sysman/state
Make a backup copy of the targets.xml
file:
For example, on UNIX systems:
cp targets.xml targets.xml.bak
Edit the targets.xml
file and change all occurrences of the physical host name to the virtual host name.
For example, change all occurrences of host1.mycompany.com
to cfcvip.mycompany.com
.
Modify the topology.xml
file in the domain directory:
Change directory to the following location in the domain directory inside the Middleware home:
MW_HOME/user_projects/domains/domainName/opmn
Make a backup copy of the topology.xml
file:
For example, on UNIX systems:
cp topology.xml topology.xml.bak
Edit the topology.xml
file and change all occurrences of the physical host name to the virtual host name.
For example, change all occurrences of host1.mycompany.com
to cfcvip.mycompany.com
.
Restart the administration server for the Oracle WebLogic Server domain.
Restart the Oracle Enterprise Manager Fusion Middleware Control agent:
INSTANCE_HOME/emagent/em_agent_name/emctl start agent INSTANCE_HOME/emagent/em_agent_name/emctl status agent
This section provides the steps to verify the transformation of the infrastructure and Oracle Identity Management components to Cold Failover Cluster:
Use the Virtual Hostname instead of the physical hostname to display the Fusion Middleware Control and the Oracle WebLogic Server Administration Console in your Web browser. The URLs are listed below:
Fusion Middleware Control: http://VirtualHostname:port/em
Oracle WebLogic Server Console: http://VirtualHostname:port/console
For example use a web browser and access the following consoles:
Fusion Middleware Control: http://idmhost-vip.mycompany.com/em
Oracle WebLogic Server Console: http://idmhost-vip.mycompany.com
Verify that the Oracle Identity Management 11g components are up and running. Use steps 3 through 5 in Section 8.4, "Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation".