8 Upgrading an Oracle Identity Management Cold Failover Cluster Environment

This chapter describes how to upgrade an Oracle Identity Management Cold Failover Cluster environment to Oracle Fusion Middleware 11g.

This upgrade procedure involves the following tasks:

Task 1: Preparing for Upgrading Your Oracle Fusion Middleware Cold Failover Cluster Environment
Task 2: Install Oracle WebLogic Server and Create the Middleware Home
Task 3: Install Oracle Internet Directory and Oracle Directory Integration Platform
Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation
Task 5: Upgrade Oracle Internet Directory and Oracle Directory Integration Platform
Task 6: Verify the Upgrade of Oracle Internet Directory and Oracle Directory Integration Platform
Task 7: Configuring the Upgraded Components for Active-Passive Deployments

8.1 Task 1: Preparing for Upgrading Your Oracle Fusion Middleware Cold Failover Cluster Environment

The procedures in this chapter provide instructions for upgrading high availability environments supported in Oracle Application Server 10g Release 2 (10.1.2) and 10g (10.1.4.0.1).

Before you begin, review the following sections for important prerequisite for the upgrade process.

Oracle Identity Management 10g Components Must Be Installed and Running on IDMHOST1

It is assumed that your Oracle Identity Management 10g components are installed and runningon IDMHOST1. This is important because the Oracle Identity Management 11g components that you are upgrading must be installed on the same host as the Oracle Identity Management 10g components.

Only Oracle Internet Directory and Oracle Directory Integration Platform Components are Upgraded to 11g

As part of this procedure, only Oracle Internet Directory and Oracle Directory Integration Platform are upgraded to Oracle Fusion Middleware 11g. For more information about the differences between the components available in Oracle Application Server 10g and Oracle Fusion Middleware 11g, see Section 3.1, "Summary of the Oracle Identity Management 10g and 11g Components".

Understanding Oracle Fusion Middleware Cold Failover Cluster for 11g

Oracle Fusion Middleware provides an active-passive model for all its components using Oracle FMW Cold Failover Clusters. In an Oracle FMW Cold Failover Cluster configuration, two or more application server instances are configured to serve the same application workload but only one is active at any particular time.

For more information, see "Oracle Fusion Middleware Cold Failover Cluster Topology Concepts" in the Oracle Fusion Middleware High Availability Guide.

Database High Availability and Version Requirements

For information database requirements for upgrade, as well as additional upgrade information for Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware Upgrade Planning Guide.

Additional Resources

For information about the supported high availability topologies in Oracle Fusion Middleware 11g, see the Oracle Fusion Middleware High Availability Guide.

Before you begin these procedures, review the procedures and prerequisites available in Chapter 4, "Upgrading Your Oracle Internet Directory Environment".

8.2 Task 2: Install Oracle WebLogic Server and Create the Middleware Home

To install Oracle WebLogic Server and create the middleware home, refer to "Installing Oracle WebLogic Server" in the Oracle Fusion Middleware Installation Guide for Oracle Identity Management.

For more information about the Middleware home, see "Understanding Oracle Fusion Middleware Concepts" in the Oracle Fusion Middleware Administrator's Guide.

When you install Oracle WebLogic Server, make a note of the complete path to the Middleware home. You will need this information later in the upgrade procedure.

8.3 Task 3: Install Oracle Internet Directory and Oracle Directory Integration Platform

To install and configure Oracle Internet Directory and Oracle Directory Integration Platform 11g:

Locate the Oracle Identity Management CD–ROM.

Alternatively, you can download and unpack the installation kit from the Oracle Technology Network:
```
http://www.oracle.com/technology/
```
If you are installing from the CD–ROM, then navigate to the root directory of the CD–ROM.

Or, if you downloaded and unpacked the software from the Oracle Technology Network, then change directory to the Disk1 directory in the location where you unpacked the software.
Start Oracle Universal Installer:

On UNIX systems, enter the following command to install Repository Creation Utility:
```
./runInstaller
```
On Windows systems, double-click the setup.exe file.
Refer to Table 8-1 for specific instructions about how to respond to each screen in the Oracle Identity Management installation and configuration tool.

For more information, refer to the Oracle Fusion Middleware Installation Guide for Oracle Identity Management or click Help for general information about the prerequisites and prompts required during an Oracle Virtual Directory installation.
When the installation and configuration is complete, exit from the Oracle Identity Management installation and configuration tool.

Table 8-1 Summary of Screens for Installing and Configuring Oracle Internet Directory and Oracle Directory Integration Platform on IDMHOST1

Screen	Instructions
Welcome	Click Next.
Select Installation Type	Select Install and Configure. Click Next.
Prerequisite Checks	Click Next.
Select Domain	Select Create New Domain and enter the domain details. For the purposes of this exercise, enter `IDMDomain` in the Domain Name field. Click Next.
Specify Installation Location	Specify the following values: Middleware Home Location: Enter the complete path to the Middleware home you created in "Task 2: Install Oracle WebLogic Server and Create the Middleware Home". Oracle Home Directory: For the purposes of this example, enter `idmcfc` as the name of the Oracle home directory. WebLogic Server Directory: This is usually the `wlserver_10.3` inside the Middleware home. Oracle Instance Location: Enter a path for the Oracle instance. This directory can be any acccessible directory location; unlike the Oracle home, it does not need to be inside the Middleware home. Oracle Instance Name: For the purposes of this example, enter `cfcidm_instance`.
Configure Components	Select the following components: Oracle Internet Directory Oracle Directory Integration Platform Oracle Directory Services Manager Do not select the Clustered check box.
Configure Ports	Select Auto Port Configuration. Click Next.
Specify Schema Database	Select Use Existing Schema. In the Connect String field, enter the connect string to each nodes in the Real Application Clusters (RAC) database. Separate each node with a carot symbol (`^`). For example: INFRADBHOST1.MYCOMPANY.COM:1521:IDMDB1^INFRADBHOST2.MYCOMPANY.com:1521:IDMDB2@IDMEDG.MYCOMPANY.COM Enter the ODS schema password in the Password field. Note that the ODS schema is used by Oracle Internet Directory. By default, the password for the ODS schema is the `ias_admin` password you provided when you installed Oracle Internet Directory 10g. However, the password might have been changed using the `oidpasswd` utility, which is documented in the Oracle Identity Management 10g User Reference. Click Next.
Upgrade Scenario Detected Warning dialog box	This warning indicates that you have correctly selected the Oracle Internet Directory 10g schemas (ODS). You install Oracle Internet Directory 11g against the 10g schema and then later use the Upgrade Assistant to upgrade the schema to 11g. Click Yes.
OID Password	Enter the Administrator password for Oracle Internet Directory instance.
Installation Summary	Review the selections to ensure that they are correct (if they are not, click Back to modify selections on previous screens), and click Install.
Installation Progress	On UNIX systems, a dialog appears, prompting you to run the `oracleRoot.sh` script. Open a window and run the script, following the prompts in the window. Click OK.
Configuration	Multiple configuration assistants are launched in succession; this process can be lengthy. When it completes, the Installation Complete screen appears. Click Finish, and then confirm your choice to exit.

8.4 Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation

Before you upgrade run the Upgrade Assistant, use the following procedure to ensure that Oracle Internet Directory and Oracle Directory Integration Platform 10g and 11g are up and running on the host.

Step 1 Verify the status of Oracle Internet Directory 10g instance

For example, you can use the opmnctl command:

ORACLE_HOME/opmm/bin/opmnctl status
Processes in Instance: cfc.mycompany.com
-------------------+--------------------+---------+---------
ias-component      | process-type       |     pid | status  
-------------------+--------------------+---------+---------
DSA                | DSA                |     N/A | Down   
LogLoader          | logloaderd         |     N/A | Down   
dcm-daemon         | dcm-daemon         |     N/A | Down   
HTTP_Server        | HTTP_Server        |   26117 | Alive  
OID                | OID                |   26121 | Alive

Step 2 Verify the status of the Oracle Directory Integration Platform 10g instance

For example, on a UNIX system, you can use the ps command and the grep command to search for the odisrv process in the resulting output:

$ ps -ef | grep odisrv
oracle     15711 15552  0 21:17 pts/0    00:00:00 grep odisrv
oracle    21597     1  0 Feb18 ?        00:00:00 /bin/sh
/u01/app/oracle/product/10g/idm/odisrv instance=1 configset=0 port=636 sslauth=1 host=idmhost1.mycompany.com

Step 3 Verify the status of the Oracle Internet Directory 11g instance

Use the following OPMN command to verify that Oracle Internet Directory is up and running:

ORACLE_INSTANCE/opmnctl status

The output of the command should be similar to the following example:

Processes in Instance: oid_instance1
---------------------------------+--------------------+---------+---------
ias-component                    | process-type       |     pid | status  
---------------------------------+--------------------+---------+---------
oid1                             | oidldapd           |   31394 | Alive   
oid1                             | oidmon             |   31384 | Alive

Use the ldapbind command-line tool to ensure that you can connect to each Oracle Internet Directory instance and the LDAP Virtual Server. The ldapbind tool enables you to determine whether you can authenticate a client to a server.

For non-SSL:

ldapbind -h idmhost1.mycompany.com -p 389 -D "cn=orcladmin" -q

For SSL:

ldapbind -h idmhost1.mycompany.com -p 636 -D "cn=orcladmin" -q -U 1

where:

U = SSL authentication mode
1 = No authentication required
2 = One way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).
3 = Two way authentication required. With this option, you must also supply a wallet location (-W "file:/home/my_dir/my_wallet") and wallet password (-P wallet_password).

Step 4 Verify the status of the Oracle Directory Integration Platform 11g instance

Validate the Oracle Directory Integration Platform installation by using the WLST dipStatus command. To run this command, follow these steps:

Set the ORACLE_HOME environment variable to the directory where you installed the Identity Management binaries. For example:
```
export ORACLE_HOME=/u01/app/oracle/product/11g/fmw_home/ods
```
Set the WLS_HOME environment variable to the directory where you installed the WebLogic Server.

For example:
```
export WLS_HOME=/u01/app/oracle/product/11g/fmw_home/wlserver_10.3
```

Run the following command:

$ORACLE_HOME/bin/dipStatus -h <hostName> -p <port> -D <wlsuser>

For example, on IDMHOST1, the command and successful output are shown below:

$ORACLE_HOME/bin/dipStatus
    -h idmhost1.mycompany.com 
    -p 7005 
    -D weblogic
    [Weblogic user password]
     Connection parameters initialized.
     Connecting at idmhost1.mycompany.com:7005, with userid "weblogic"..
     Connected successfully.
     ODIP Application is active at this host and port.

Step 5 Verify Oracle Directory Services Manager (ODSM)

Verify the Oracle Directory Services Manager installation by bringing up the ODSM Administration Console in a web browser.

The URL to access the ODSM Administration Console is:

http://hostname.mycompany.com:<port>/odsm/faces/odsm.jspx

For example, on IDMHOST1, enter this URL:

http://idmhost1.us.oracle.com:7005/odsm/faces/odsm.jspx

8.5 Task 5: Upgrade Oracle Internet Directory and Oracle Directory Integration Platform

Use the Oracle Fusion Middleware Upgrade Assistant to upgrade the Oracle Internet Directory and Oracle Directory Integration Platform 10g instances on IDMHOST1 to 11g:

Change directory the ORACLE_HOME/bin directory of the Oracle Fusion Middleware installation.
Enter the following command to start the Upgrade Assistant.

On UNIX system:
```
./ua
```
On Windows systems:
```
ua.bat
```
The Upgrade Assistant displays the Welcome screen.
Click Next to display the Select Operation screen.
Select Upgrade Identity Management Instance on the Select Operation screen.
Refer to Table 8-2 for a description of the Upgrade Assistant screens that require input from you during an Oracle Internet Directory and Oracle Directory Integration Platform upgrade.
After the Target Database Details screen, the Upgrade Assistant performs the following tasks and provides the progress on each task:
- Examines the components and schemas to be upgraded and verifies that they can be upgraded successfully.
- Provides a summary of the components to be upgraded so you can verify that Upgrade Assistant is upgrading the components and schemas you expect.
- Provides a progress screen so you can see the status of the upgrade as it proceeds.
- Alerts you of any errors or problems that occur during the upgrade.
  
  See Also:
  "Troubleshooting Your Upgrade" in the Oracle Fusion Middleware Upgrade Planning Guide for specific instructions for troubleshooting problems that occur while running the Upgrade Assistant
- Displays the End of Upgrade screen, which confirms that the upgrade was complete.
Exit the Upgrade Assistant.

Table 8-2 Upgrade Assistant Screens That Require Input During an Oracle Internet Directory and Oracle Directory Integration Platform Upgrade

Upgrade Assistant Screen	Description
Specify Source Home	Select the 10g Release 2 (10.1.2) or 10g (10.1.4) source Oracle home. If the Oracle home you want to upgrade does not appear in the drop-down lists, see "Source Oracle Home Not Listed by OracleAS Upgrade Assistant" in the Oracle Fusion Middleware Upgrade Planning Guide.
Specify Destination Instance	Enter the complete path to the 11g Oracle instance, or click Browse to locate the instance directory.
Specify WebLogic Server	Enter the host and Administration Server port for the Oracle WebLogic Server you configured in "Task 2: Install Oracle WebLogic Server and Create the Middleware Home". Note this information is required if you are upgrading Oracle Directory Integration Platform. It is also required if you associated your Oracle Internet Directory 11g installation with Oracle WebLogic Server.
Warning Dialog Box	The Upgrade Assistant displays this warning dialog box if the source Oracle home contains Oracle Application Server components that are not installed and configured in the destination Oracle instance. This warning appears, for example, if the source Oracle home contains an instance of Oracle HTTP Server, which is not available in the 11g Oracle home. If the information in the dialog box is accurate and you understand which components will be upgraded, click Yes to continue. Otherwise, click No and verify which components are installed and configured in each 11g Oracle instance.
Specify Upgrade Options	Select the upgrade options you want to apply to the Oracle Identity Management upgrade: Use source Oracle home ports in destination: If you want to migrate the port assignments used by your Oracle Application Server 10g Oracle home to your new Oracle Fusion Middleware Oracle instance. Note if you select this option, you will not be able to run both the 10g and 11g middle tiers at the same time; otherwise, port conflicts will occur. Start destination components after successful upgrade: if you want the Upgrade Assistant to automatically start the components in the destination Oracle home after the upgrade is complete. If you do not select this option, then you will have to manually start the destination instance after the upgrade. Click Help to display more information about the upgrade options on this screen.
Specify OID Details	Use this screen to enter the details required to connect to the Oracle Internet Directory 10g instance, including the password to the Oracle Internet Directory super user account (`cn=orcladmin`). For more information, click Help.
Specify Database Details	Use this screen to enter the details required to connect to the database where the Oracle Identity Management schemas reside, including the host, service name, port, and SYS password for the database. Note the following important information about this screen: You must enter the password for the ODS schema password. The default ODS password is the same as the Oracle Application Server administrator password, but this password can be changed after installation, using the OID Database Password Utility. The instructions for identifying a Real Application Clusters (RAC) database are different, depending upon whether you are identifying the RAC database that contains the Oracle Internet Directory (ODS) schema or a RAC database that is being used for Oracle Directory Integration Platform. For more information, see Section 4.4.3.2, "About Specifying Real Application Clusters (RAC) Database Details on the Specify Database Details Screen".
Root action required screen	This is only if you are using privileged port on a UNIX system. A configuration script needs to be run as root before upgrade can proceed. Leaving this window open, open another window, and run the `upgroot.sh` file as root: When the script has completed, return to the Upgrade Assistant and click OK.

8.6 Task 6: Verify the Upgrade of Oracle Internet Directory and Oracle Directory Integration Platform

Use Steps 3 through 5 of Section 8.4, "Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation" to verify that the upgraded Oracle Application Server Identity Management components are up and running.

8.7 Task 7: Configuring the Upgraded Components for Active-Passive Deployments

Use the following steps to configure the upgraded components in an active-passive high availability environment.

Note that these steps reference specific sections in the Oracle Fusion Middleware High Availability Guide, which provides comprehensive instructions for configuring hight availability in Oracle Fusion Middleware 11g:

Task 7a: Transform the Infrastructure Components for Cold Failover Clusters
Task 7b: Transforming Oracle Internet Directory and Its Clients for Cold Failover Clusters

8.7.1 Task 7a: Transform the Infrastructure Components for Cold Failover Clusters

Transform the infrastucture components that support the Oracle Internet Directory environment. For each step in this process, refer to the corresponding procedure in the Oracle Fusion Middleware High Availability Guide:

Table 8-3 Steps to Transform the Infrastructure Components for Cold Failover Cluster

Step #	Description	Section in Oracle Fusion Middleware High Availability Guide
1	Transform the Oracle WebLogic Server administration server	"Transforming the Administration Server for Cold Failover Clusters"
2	Transform the wls_ods managed server	"Transforming Oracle WebLogic Managed Servers"
3	Transform the Oracle WebLogic Server node manager	"Transforming Node Manager"
4	Transform the Fusion Middleware Control	"Transforming Oracle Enterprise Manager"
5	Transform the Oracle Process Manager and Notification Server (OPMN)	"Transforming Oracle Process Management and Notification Server"
6	Transform the Oracle HTTP Server	"Transforming Oracle HTTP Server"

8.7.2 Task 7b: Transforming Oracle Internet Directory and Its Clients for Cold Failover Clusters

After you have transformed the infrastructure components for Cold Failover Cluster, you can do the same for the upgraded Oracle Internet Directory 11g instance.

Refer to "Transforming Oracle Internet Directory and Its Clients" in the Oracle Fusion Middleware High Availability Guide.

8.8 Task 8: Configure Fusion Middleware Control to Monitor the Upgraded Components

After the Cold Failover Cluster transformation, the Oracle Enterprise Manager Fusion Middleware Control cannot display the correct status for some of the upgraded components.

To fix this problem, you must modify specific Fusion Middleware Control configuration files so they reference to the virtual host name used for the Cold Failover transformation instead of the physical host name.

Follow the steps below to update the Fusion Middleware Control configuration files:

Stop the Oracle Enterprise Manager Fusion Middleware Control agent:
```
ORACLE_HOME/bin/emctl stop agent
```
Modify the emd.properties file in the Oracle instance directory:
1. Change directory to the following directory in the Oracle instance:
```
ORACLE_INSTANCE/emagent/em_agent_name/sysman/config
```
2. Make a backup copy of the emd.properties file:
  
  For example, on UNIX systems:
```
cp emd.properties emd.properties.bak
```
3. Edit the emd.properties file so it references the virtual host name, rather than the physical host name.
  
  For example, if the physical host name is host1.mycompany.com and the virtual host name is cfcvip.mycompany.com, then you must change the reference accordingly in the following attributes in the emd.properties file:
  
  REPOSITORY_URL
  
  EmdWalletSrcUrl
  
  emd_url
Modify the targets.xml file in the Oracle instance:
1. Change directory to the emd directory of the Oracle instance:
```
INSTANCE_HOME/emagent/em_agent_name/sysman/emd
```
2. Make a backup copy of the targets.xml file:
  
  For example, on UNIX systems:
```
cp targets.xml targets.xml.bak
```
3. Modify targets.xml, as follows:
  
  Modify the entries related to host and oracle_emd so they reference the virtual host name (for example, cfcvip.mycompany.com):
  
  For example:
```
<Targets AGENT_TOKEN="ad4e5899e7341bfe8c36ac4459a4d569ddbf03bc">
    <Target TYPE="oracle_emd" NAME=cfcvip.mycompany.com:5157"/>
    <Target TYPE="host" NAME=cfcvip.mycompany.com
                        DISPLAY_NAME=cfcvip.mycompany.com/>
</Targets>
```
  Remove all other <Target> entries in the file.
Modify the targets.xml file in the domain directory:
1. Change directory to the following directory in the Oracle WebLogic Server domain directory inside the Middleware home:
  
  MW_HOME/user_projects/domains/domain_name/sysman/state
2. Make a backup copy of the targets.xml file:
  
  For example, on UNIX systems:
```
cp targets.xml targets.xml.bak
```
3. Edit the targets.xml file and change all occurrences of the physical host name to the virtual host name.
  
  For example, change all occurrences of host1.mycompany.com to cfcvip.mycompany.com.
Modify the topology.xml file in the domain directory:
1. Change directory to the following location in the domain directory inside the Middleware home:
```
MW_HOME/user_projects/domains/domainName/opmn
```
2. Make a backup copy of the topology.xml file:
  
  For example, on UNIX systems:
```
cp topology.xml topology.xml.bak
```
3. Edit the topology.xml file and change all occurrences of the physical host name to the virtual host name.
  
  For example, change all occurrences of host1.mycompany.com to cfcvip.mycompany.com.
Restart the administration server for the Oracle WebLogic Server domain.

Restart the Oracle Enterprise Manager Fusion Middleware Control agent:

INSTANCE_HOME/emagent/em_agent_name/emctl start agent
INSTANCE_HOME/emagent/em_agent_name/emctl status agent

8.9 Task 9: Verify the Upgraded High Availability Environment

This section provides the steps to verify the transformation of the infrastructure and Oracle Identity Management components to Cold Failover Cluster:

Use the Virtual Hostname instead of the physical hostname to display the Fusion Middleware Control and the Oracle WebLogic Server Administration Console in your Web browser. The URLs are listed below:
- Fusion Middleware Control: http://VirtualHostname:port/em
- Oracle WebLogic Server Console: http://VirtualHostname:port/console
For example use a web browser and access the following consoles:
- Fusion Middleware Control: http://idmhost-vip.mycompany.com/em
- Oracle WebLogic Server Console: http://idmhost-vip.mycompany.com
Verify that the Oracle Identity Management 11g components are up and running. Use steps 3 through 5 in Section 8.4, "Task 4: Verify the Oracle Internet Directory and Oracle Directory Integration Platform Installation".