Oracle® Application Server Administrator's Guide
10g Release 2 (10.1.2) Part No. B13995-01 |
|
![]() Previous |
![]() Next |
This chapter provides procedures for changing the Infrastructure Services used by a middle-tier instance.
It contains the following topics:
Changing the Oracle Internet Directory or Oracle HTTP Server Ports on Identity Management
Changing Oracle Internet Directory from Dual Mode to SSL Mode
Changing the Metadata Repository Used by a Middle-Tier Instance
Changing the Metadata Repository Used by Identity Management
Most middle-tier instances use Infrastructure Services, such as Identity Management Services and the Metadata Repository. These services are usually assigned during installation.
After installation, you may want to change the Infrastructure Services used by a middle-tier instance. For example, you may want to use an Identity Management Service on a different host. Or, you may want to use a different Metadata Repository.
You can change Infrastructure services using the Infrastructure Page on the Oracle Enterprise Manager 10g Application Server Control Console, shown in Figure 9-1. Notice that the page enables you to change the Identity Management or the Metadata Repository used by a middle-tier instance.
Figure 9-1 Application Server Control Console Infrastructure Page
You must change Infrastructure Services when you change any of the following:
The HTTP OracleAS Single Sign-On port number on an Identity Management installation
The Oracle Internet Directory non-SSL or SSL port number
The Oracle Internet Directory Mode (Dual-mode or SSL)
The host that Identity Management or the OracleAS Metadata Repository resides on
You cannot simply use the wizard to change from one Infrastructure service to another. You must first perform manual tasks in order to create and prepare the new Infrastructure service. This chapter provides the following supported procedures for changing Infrastructure services:
Changing the Oracle Internet Directory or Oracle HTTP Server Ports on Identity Management
Use this procedure if you need to change the Oracle Internet Directory listener port or the HTTP listener port for Oracle Internet Directory on an Identity Management installation. In addition to changing the port numbers, you must update middle-tier instances with the new port information, which requires changing Infrastructure services.
Changing Oracle Internet Directory from Dual Mode to SSL Mode
Use this procedure if you would like to change the Oracle Internet Directory mode from non-SSL to SSL. In addition to changing the mode, you must update middle-tier instances with the new mode, which requires changing Infrastructure services.
Moving Identity Management to a New Host
Use this procedure if you would like to move your Identity Management installation, and its associated Metadata Repository, to a new host. After you perform the move, you must update middle-tier instances with the new host information for Identity Management, which requires changing Infrastructure services.
Changing the Metadata Repository Used by a Middle-Tier Instance
Use this procedure if you would like to move the Metadata Repository used for product metadata by middle-tier instances to a new host.
To change the Oracle Internet Directory non-SSL or SSL port on an Identity Management installation, refer to Section 4.4.2, "Changing Oracle Internet Directory Ports".
To change the Oracle HTTP Server non-SSL or SSL listen port on an Identity Management installation, which effectively changes the OracleAS Single Sign-On port, refer to Section 4.4.3, "Changing the HTTP Server Port on Identity Management".
When you install Identity Management, you are asked to choose a mode for Oracle Internet Directory. The default mode is dual mode, which allows some components to access Oracle Internet Directory using non-SSL connections. During the installation, you can choose SSL mode, which specifies that all components must use SSL when connecting to the directory.
If you did not choose SSL mode during the installation, and would like to change to SSL mode after installation, you can follow the procedure in this section. It includes changing the mode of the Oracle Internet Directory, and updating middle-tier instances to use the new mode.
This procedure contains the following tasks:
Task 1: Stop Middle-Tier Instances
Stop all middle-tier instances that use Oracle Internet Directory. Using the Application Server Control Console, navigate to the Instance Home Page for each middle-tier instance and click Stop All. Be sure to leave Application Server Control running.
Task 2: Change the Oracle Internet Directory Mode
Perform this task on the Infrastructure that contains Oracle Internet Directory.
Create a file named mod.ldif
that contains the following lines:
dn:cn=configset0,cn=osdldapd,cn=subconfigsubentry changetype:modify replace:orclsslenable orclsslenable:1
Run the following command:
ldapmodify -D cn=orcladmin -w orcladmin_passwd -p oid_port -v -f mod.ldif
In the example, oid_port
is the non-SSL Oracle Internet Directory port. This is listed as OIDport
in ORACLE_HOME
/config/ias.properties
.
Note that if you are using Oracle Application Server Cold Failover Cluster, you must use the following command:
ldapmodify -D cn=orcladmin -w orcladmin_passwd -h virtual_hostname
-p oid_port -v -f mod.ldif
In the example, virtual_hostname
is the virtual hostname of the Oracle Application Server Cold Failover Cluster.
Stop the entire instance that contains Oracle Internet Directory:
emctl stop iasconsole opmnctl stopall
Edit the following file:
(UNIX) ORACLE_HOME/ldap/admin/ldap.ora (Windows) ORACLE_HOME\ldap\admin\ldap.ora
Modify the following line to remove the non-SSL port number:
DIRECTORY_SERVERS=(myhost.myco.com::sslport)
Save and close the file.
(UNIX) ORACLE_HOME/config/ias.properties (Windows) ORACLE_HOME\config\ias.properties
Change the SSLOnly
parameter as follows:
SSLOnly=true
Save and close the file.
Start the entire instance that contains Oracle Internet Directory:
opmnctl startall emctl start iasconsole
Task 3: Change Middle-Tier Instances to Use SSL Mode
In each middle-tier instance, run the Change Identity Management wizard and restart the instance:
Using the Application Server Control Console, navigate to the Instance Home Page for the middle-tier instance.
Click Infrastructure.
On the Infrastructure Page, in the Identity Management section, click Change.
On the Internet Directory page:
Host: Enter the fully-qualified name of the Oracle Internet Directory host.
Port: Enter the SSL Oracle Internet Directory port number.
Use only SSL connections with Internet Directory: Check this box.
Click Next.
On the Login page:
User Name: Enter cn=orcladmin
, or the distinguished name of a user in the iASAdmins
group.
Password: Enter the password for the user.
Click Next.
On the Validation page, you will receive informational messages regarding the validation of this operation. If you receive any error message, follow the instructions for investigating them. Otherwise, if the operation is valid, click Finish.
Edit ORACLE_HOME
/ldap/admin/ldap.ora
in the middle-tier Oracle home to remove the non-SSL port number. Change the following line from:
DIRECTORY_SERVERS = (replica_host:replica_oid_port:replica_ssl_oid_port)
to the following:
DIRECTORY_SERVERS = (replica_host::replica_ssl_oid_port)
When the operation is finished, start the components in the middle-tier instance.
Click Home to navigate back to the Instance Home Page.
Click Start All.
This section provides a procedure for moving Identity Management to a new host. This procedure involves creating a replica (or copy) of the original Identity Management on a different host, along with its own new Metadata Repository, and then changing the middle-tier instance to use the new Identity Management.
The following are sample uses for this procedure:
You have an existing Identity Management and associated Metadata Repository that is used by one or more middle-tier instances. Your organization intends to replace the current Identity Management host with a new system. You can use this procedure to create a replica of the Identity Management, along with its own Metadata Repository, and change your middle-tier instances to use the new Identity Management. You can then retire the original host.
You would like to create a failover environment for your Identity Management. You can use this procedure to create a replica of the current Identity Management, along with its own Metadata Repository. You can keep the replica running so it stays in sync with the original Identity Management. You can perform regular exports of data in the original Metadata Repository and save them. In the event that you lose the original Identity Management, you can import the data to the new Metadata Repository, and change your middle-tier instances to use the new Identity Management. Refer to Section 9.4.4, "Strategy for Performing Failover with this Procedure" for more information.
For both the original and new installations, the Identity Management and Metadata Repository can exist in the same Oracle home, or in separate Oracle homes (same or different host). If they are in separate Oracle homes, perform the operations on each in their own Oracle home.
For both the original and new installations, the Identity Management components (OracleAS Single Sign-On, Oracle Internet Directory, Delegated Administration Services, Directory Integration and Provisioning) may exist in the same Oracle home, or may exist in separate Oracle homes (same or different host). If they exist in separate Oracle homes, perform the operations on each in their own Oracle home.
The Metadata Repository used by middle-tier instances for product metadata is not affected by this procedure.
If the middle-tier instances use product metadata in the same Metadata Repository that the original Identity Management uses, they will continue to use that Metadata Repository after they have changed to the new Identity Management. If you want, you can change them to use a different Metadata Repository after you have finished moving Identity Management. Refer to Section 9.5, "Changing the Metadata Repository Used by a Middle-Tier Instance".
If the middle-tier instances use a separate Metadata Repository for product metadata, they will continue to use that Metadata Repository after they have changed to the new Identity Management.
This procedure does not take OracleAS Certificate Authority into consideration.
See Also: Oracle Application Server Certificate Authority Administrator's Guide for information on updating OracleAS Certificate Authority when changing Identity Management services |
An overview of the procedure is as follows:
You have an original Identity Management (also called the Master) used by one or more middle-tier instances. The Identity Management has a Metadata Repository. You install and setup a new Identity Management (also called the Replica). This Identity Management has its own Metadata Repository. The Oracle Internet Directory in the new Identity Management is an LDAP-based Replica of the original Oracle Internet Directory. Replication takes place constantly from the original Oracle Internet Directory to the new Oracle Internet Directory.
Figure 9-2 shows a sample of this setup.
Figure 9-2 Original Host (Master) and New Host (Replica)
You perform the following tasks to change to the new Identity Management. The tasks are shown in Figure 9-3.
Task 1: Migrate OracleAS Single Sign-On and Directory Integration and Provisioning data from the original Metadata Repository (Master) to the new Metadata Repository (Replica)
Task 2: Change the middle-tier instances to use the new Metadata Repository.
Task 3: Stop the LDAP-based replication.
Figure 9-3 Changing from Original to New Identity Management
This procedure contains the following tasks:
Task 1: Install and Set Up the New Identity Management and Metadata Repository
Task 2: Migrate OracleAS Single Sign-On and Directory Integration and Provisioning Data
Task 3: Change Middle-Tier Instances to the New Identity Management
Task 1: Install and Set Up the New Identity Management and Metadata Repository
In this task, you install and set up the new Identity Management and its associated Metadata Repository. The new Identity Management is an LDAP-based replica of the original Identity Management.
Read Section H.1, "About LDAP-based Replicas" to learn about LDAP-based Replicas and how they are used for this procedure.
Follow the procedure in Section H.2, "Installing and Setting Up an LDAP-Based Replica" to install and set up the new Identity Management and Metadata Repository.
Task 2: Migrate OracleAS Single Sign-On and Directory Integration and Provisioning Data
In this task, you migrate the OracleAS Single Sign-On and Directory Integration and Provisioning Data from the original Metadata Repository to the new Metadata Repository. The source for the migration is the original Metadata Repository (Master) and the target for the migration is the new Metadata Repository (Replica).
This procedure contains the following tasks:
Migrate the Directory Integration and Provisioning Data
Note: Make sure theORACLE_HOME and ORACLE_SID environment variables are set before you begin. This applies to all platforms.
|
Migrate the OracleAS Single Sign-On Data
To migrate the OracleAS Single Sign-On data:
Obtain the ORASSO
schema password on the master:
MASTER_HOME/bin/ldapsearch -p master_oid_port -h master_host -D "cn=orcladmin" -w master_orcladmin_passwd -b "orclresourcename=orasso, orclreferencename=master_global_db_name, cn=ias infrastructure databases, cn=ias, cn=products, cn=oraclecontext" -s base "objectclass=*" orclpasswordattribute
This command prints the ORASSO
password in a line like the following:
orclpasswordattribute=LAetjdQ5
Export the OracleAS Single Sign-On data from the master, ensuring that the ORACLE_HOME
environment variable is set before you run this command:
MASTER_HOME/sso/bin/ssomig -export -s orasso -p master_orasso_passwd -c master_db_name -log_d $MASTER_HOME/sso/log
master_orasso_passwd
is the ORASSO
password obtained in the previous step.
Copy the ssomig.dmp
and ssoconf.log
files from the master to the replica, preserving the exact full path for each file:
cp MASTER_HOME/sso/log/ssomig.dmp REPLICA_HOME/sso/log/ssomig.dmp cp MASTER_HOME/sso/log/ssoconf.log REPLICA_HOME/sso/log/ssoconf.log
Obtain the ORASSO
schema password on the replica:
REPLICA_HOME/bin/ldapsearch -p replica_oid_port -h replica_host -D "cn=orcladmin" -w replica_orcladmin_password -b "orclresourcename=orasso, orclreferencename=replica_global_db_name, cn=ias infrastructure databases, cn=ias, cn=products, cn=oraclecontext" -s base "objectclass=*" orclpasswordattribute
Import the OracleAS Single Sign-On data to the replica:
REPLICA_HOME/sso/bin/ssomig -import -overwrite -s orasso -p replica_orasso_passwd -c replica_db_name -log_d $REPLICA_HOME/sso/log -discoforce
replica_orasso_passwd
is the ORASSO
password obtained in the previous step.
Validation step: Verify that the export and import of OracleAS Single Sign-On succeeded.
Verify that the OracleAS Single Sign-On migration tool reported success. You can also check the following log files for errors:
MASTER_HOME/sso/log/ssomig.log REPLICA_HOME/sso/log/ssomig.log
See Also: Oracle Application Server Single Sign-On Administrator's Guide for information on interpreting messages in the log files |
Migrate the Directory Integration and Provisioning Data
To migrate your Directory Integration and Provisioning Data:
See Also: Directory Integration and Provisioning Data documentation in the Oracle Internet Directory Administrator's Guide for running the following commands using the HTTPS port in environments in which the Oracle Internet Directory HTTP port is disabled |
Stop the Directory Integration and Provisioning Data server on the master:
MASTER_HOME/bin/oidctl server=odisrv instance=1 stop
Migrate the Directory Integration and Provisioning Data:
MASTER_HOME/bin/dipassistant reassociate -src_ldap_host master_host -src_ldap_port master_oid_port -dst_ldap_host replica_host -dst_ldap_port replica_oid_port -src_ldap_passwd master_orcladmin_passwd -dst_ldap_passwd replica_orcladmin_passwd
This command prints log messages to:
MASTER_HOME/ldap/odi/log/reassociate.log
Stop the Directory Integration and Provisioning Data server on the replica:
REPLICA_HOME/bin/oidctl server=odisrv instance=1 stop
Register the Directory Integration and Provisioning Data server on the replica:
REPLICA_HOME/bin/odisrvreg -D "cn=orcladmin" -w replica_orcladmin_passwd -h replica_host -p replica_oid_port
Start the Directory Integration and Provisioning Data server on the replica:
REPLICA_HOME/bin/oidctl server=odisrv instance=1 flags="port=replica_oid_port" start
Task 3: Change Middle-Tier Instances to the New Identity Management
In each middle-tier instance, run the Change Identity Management wizard and restart the instance:
Using the Application Server Control Console, navigate to the Instance Home Page for the middle-tier instance.
Click Infrastructure.
On the Infrastructure Page, in the Identity Management section, click Change.
Follow the steps in the wizard for supplying the new Identity Management information.
When the wizard is finished, navigate to the Instance Home Page and start your instance by clicking Start All.
If you have a problem changing the middle-tier instances to the new host, check to make sure replication is running and try again.
Task 4: Stop Replication
Stop the replication between the original Identity Management and the new Identity Management (replica) by running the following command in the new Identity Management Oracle home:
oidctl connect=global_db_name server=oidrepld instance=1 flags="-p oid_port" stop
In the example, global_db_name
is the global db name of the new Identity Management. (This is referred to as replica_db_name
in Section H.2, "Installing and Setting Up an LDAP-Based Replica".)
In the example, oid_port
is the non-SSL Oracle Internet Directory port in the new Identity Management. (This is referred to as replica_oid_port
in Section H.2.)
As mentioned in Section 9.4.1, "Sample Uses for this Procedure", you can modify this procedure to perform failover for Identity Management. This enables you to move your middle-tier instances to the new Identity Management in case the original is lost.
To perform failover:
Install and set up the new Identity Management as described in Task 1: Install and Set Up the New Identity Management and Metadata Repository.
Export Oracle Application Server Single Sign-On and Directory Integration and Provisioning Data on a regular basis from the original Metadata Repository. You do not need to import the data into the new Metadata Repository. You only need to export the data and copy the files to the new Metadata Repository Host. Refer to Task 2: Migrate OracleAS Single Sign-On and Directory Integration and Provisioning Data.
If you lose the original Identity Management:
Stop replication. Refer to Task 4: Stop Replication.
Import your most recent copy of the Oracle Application Server Single Sign-On and Directory Integration and Provisioning Data into the new Identity Management repository. Refer to Task 2: Migrate OracleAS Single Sign-On and Directory Integration and Provisioning Data.
Change the middle-tier instances to use the new Identity Management. Refer to Task 3: Change Middle-Tier Instances to the New Identity Management.
This section provides a procedure for changing the Metadata Repository used by a middle-tier instance. This procedure involves making a copy of the original Metadata Repository on a different host, and then changing the middle-tier instance to use the new Metadata Repository.
The following are sample uses for this procedure:
You have an existing Metadata Repository that is used by one or more middle-tier instances. Your organization intends to replace the current Metadata Repository host with a new system. You can use this procedure to copy the Metadata Repository to the new host and change your middle-tier instances to use the new Metadata Repository. You can then retire the original host.
You would like to move a Metadata Repository from a host in your test environment, to a host in your Production Environment. You can use this procedure to copy the Metadata Repository from the test to production host, and change your test middle-tier instances to use the new Metadata Repository.
The middle-tier instances must use Identity Management
The Identity Management installation must not use the original Metadata Repository for its Identity Management schemas; it must use a separate Metadata Repository
The original Metadata Repository:
Must be used for product metadata and DCM management only (it cannot be used by Identity Management)
Must be registered with Oracle Internet Directory
The new Metadata Repository:
Must not be registered with Oracle Internet Directory initially. During the procedure, you will register it with the same Oracle Internet Directory as the original Metadata Repository.
Must be created with the same Oracle home, datafile location, SID, and global database name as the original Metadata Repository. You will eventually change the global database name to a unique name.
OracleAS Certificate Authority is not supported by this procedure and must not be configured in your environment
If the Metadata Repository is used for OracleAS Clusters, the cluster members will not be accessible until all members of the cluster have been changed over to the new Metadata Repository
An overview of the procedure is as follows:
You have an original Metadata Repository. It is used by one or more middle-tier instances for product metadata. The middle-tier instances use Identity Management, and the Metadata Repository is registered with Oracle Internet Directory in that Identity Management.
Figure 9-4 shows a sample original Metadata Repository (orcl1.myco.com
).
The following table shows sample attributes for the original Metadata Repository:
Attribute | Original Metadata Repository | New Metadata Repository |
---|---|---|
Oracle home | /private/oraHome
|
N/A |
Datafile location | /private/oraHome/oradata
|
N/A |
SID | orcl1
|
N/A |
Global db name | orcl1.myco.com
|
N/A |
Registered with Oracle Internet Directory? | Yes | N/A |
You create a copy of the original Metadata Repository by installing a new Metadata Repository, backing up the original Metadata Repository, and restoring to the new Metadata Repository.
Figure 9-5 shows sample original and new Metadata Repositories.
Figure 9-5 Original Metadata Repository and New Metadata Repository
The following table shows sample attributes for the original and new Metadata Repositories:
Attribute | Original Metadata Repository | New Metadata Repository |
---|---|---|
Oracle home | /private/oraHome
|
/private/oraHome
|
Datafile location | /private/oraHome/oradata
|
/private/oraHome/oradata
|
SID | orcl1
|
orcl1
|
Global db name | orcl1.myco.com
|
orcl1.myco.com
|
Registered with Oracle Internet Directory? | Yes | No |
You perform the following steps to change to the new Metadata Repository. The steps are shown in Figure 9-6.
Task 1: Change the global db name of the new Metadata Repository to a unique name (in this sample, orcl2.myco.com
).
Task 2: Register the new Metadata Repository with the same Oracle Internet Directory as the old Metadata Repository.
Task 3: Change the middle-tier instances to use the new Metadata Repository.
Figure 9-6 Changing from the Original to the New Metadata Repository
Attribute | Original Metadata Repository | New Metadata Repository |
---|---|---|
Oracle home | /private/oraHome
|
/private/oraHome
|
Datafile location | /private/oraHome/oradata
|
/private/oraHome/oradata
|
SID | orcl1
|
orcl1
|
Global db name | orcl1.myco.com
|
orcl2.myco.com
|
Registered with Oracle Internet Directory? | Yes | Yes |
If you are using the scenario where you no longer require the original Metadata Repository, you can discard the original Metadata Repository.
This procedure contains the following tasks:
Task 4: Configure Ultra Search Metadata in the New Metadata Repository
Task 5: Change the Global DB Name for the New Metadata Repository
Task 6: Register the New Metadata Repository with Oracle Internet Directory
Task 7: Change Middle-Tier Instances to the New Metadata Repository
Before You Begin
If your middle-tier instances use OracleAS Portal and Oracle Ultra Search, you will need to supply the WKSYS
schema password later in this procedure in Task 4: Configure Ultra Search Metadata in the New Metadata Repository. You should obtain this password now from the old Metadata Repository.
Note: For information on how to obtain the WKSYS password, see Section 6.3, "Viewing OracleAS Metadata Repository Schema Passwords" |
Task 1: Install the New Metadata Repository
Install the new Metadata Repository as follows:
Make sure to install the Metadata Repository into an Oracle home that has the same path as the old Metadata Repository Oracle home.
Use Oracle Universal Installer to install the Metadata Repository.
Choose to install an Infrastructure.
Choose to install a Metadata Repository only.
Do not register the Metadata Repository with Oracle Internet Directory.
Specify the same SID and global db name as the old Metadata Repository.
Specify the same datafile location as the old Metadata Repository.
Task 2: Back Up the Original Metadata Repository
In this task, you create a backup of the original Metadata Repository. This task provides the steps for doing this using Oracle Recovery Manager, however, if you are an experienced DBA, you can back up the Metadata Repository according to your standard practices.
Perform all of the steps in this task on the original Metadata Repository host.
Create directories to store backup files and log files. For example:
mkdir -p BACKUP_DIR/log_files mkdir -p BACKUP_DIR/db_files
Make sure the original Metadata Repository is up and running.
Connect to the database as a user with SYSDBA privileges.
Make sure you have set the ORACLE_HOME
and ORACLE_SID
environment variables before you run the SQL*Plus command.
Obtain the DBID of the original Metadata Repository using SQL*Plus:
SQL> SELECT DBID FROM v$database;
Make note of this value; you will use it later in the procedure.
Create a file named BACKUP_DIR
/cold_backup.rcv
that contains the following lines. In the file, substitute the full path for BACKUP_DIR
.
shutdown immediate; startup mount; configure controlfile autobackup on; configure controlfile autobackup format for device type disk to 'BACKUP_DIR/db_files/%F'; run { allocate channel dev1 device type disk format 'BACKUP_DIR/db_files/%U'; backup database plus archivelog; release channel dev1; }
Run Oracle Recovery Manager to back up the Metadata Repository.
You can run Oracle Recovery Manager on the Metadata Repository host as follows (the following is a single command; type it all on one line):
ORACLE_HOME/bin/rman target / cmdfile=BACKUP_DIR/cold_backup.rcv > BACKUP_DIR/log_files/backup.log
Note that the preceding command contains a forward slash "/" character.
You can run Oracle Recovery Manager from another host on the network as follows (the following is a single command; type it all on one line):
ORACLE_HOME/bin/rman target SYS/oracle@trgt cmdfile=BACKUP_DIR/cold_backup.rcv > BACKUP_DIR/log_files/backup.log
Copy the backup directories to the new host. You do not need to use the same path for BACKUP_DIR
on the new host.
BACKUP_DIR/log_files BACKUP_DIR/db_files
Task 3: Restore the Backup to the New Metadata Repository
In this task you restore the backup to the new Metadata Repository.
Perform all of the steps in this task on the new Metadata Repository host.
Make sure the new Metadata Repository is down:
sqlplus "sys/SYS_PASSWORD as sysdba"
SQL> shutdown immediate;
Regenerate the password file:
On UNIX:
mv ORACLE_HOME/dbs/orapwORACLE_SID ORACLE_HOME/dbs/orapwORACLE_SID.old ORACLE_HOME/bin/orapwd file=ORACLE_HOME/dbs/orapwORACLE_SID password=new_password
On Windows:
move ORACLE_HOME\database\PWDORACLE_SID.ora ORACLE_HOME\database\PWDORACLE_SID.ora.old ORACLE_HOME\bin\orapwd file=ORACLE_HOME\database\PWDORACLE_SID.ora password=new_password
In the examples, new_password
is the new SYS
password. You can use the old SYS password, or set it to a new password.
Start the new Metadata Repository but do not mount it:
SQL> startup nomount;
Create a file named BACKUP_DIR
/restore.rcv
that contains the following lines. In the file, substitute the full path for BACKUP_DIR
and the DBID
value you obtained in the previous task for dbid
.
set dbid=DBID; connect target /; set controlfile autobackup format for device type disk to 'BACKUP_DIR/db_files/%F'; restore controlfile from autobackup; startup mount force; run { allocate channel dev1 device type disk format 'BACKUP_DIR/db_files/%U'; restore database; release channel dev1; alter database open resetlogs; }
Run Oracle Recovery Manager to restore the Metadata Repository.
If you are logged in on the host machine for the Metadata Repository, run the following command:
ORACLE_HOME/bin/rman cmdfile=BACKUP_DIR/restore.rcv > BACKUP_DIR/log_files/restore.log
If you are accessing the host machine for the Metadata Repository from another machine on the network, edit the following file:
BACKUP_DIR/restore.rcv
Make sure the file contains the following line:
TARGET SYS/oracle@trgt
Run the following command:
ORACLE_HOME/bin/rman cmdfile=BACKUP_DIR/restore.rcv > BACKUP_DIR/log_files/restore.log
After you restore using Oracle Recovery Manager, determine if the TEMP
tablespace has a datafile by connecting to the database as a user with SYSDBA
privileges and running the following command in SQL*Plus:
SQL> select file_name from dba_temp_files where tablespace_name like 'TEMP';
If the preceding command does not return any files, do the following steps:
Check if the following file exists on your system:
ORADATA_DIRECTORY/db_name
/temp01.dbf
If the file exists, enter the following command:
SQL> alter tablespace "TEMP" add tempfile 'ORADATA_DIRECTORY/ db_name/temp01.dbf' size 5120K reuse autoextend on next 8k maxsize unlimited;
If the file does not exist, enter the following command:
SQL> alter tablespace "TEMP" add tempfile 'ORADATA_DIRECTORY/ db_name/temp01.dbf' size 5120K autoextend on next 8k maxsize unlimited;
Note that the preceding commands can be typed on one line, and db_name
is the first portion of the new global db name.
Task 4: Configure Ultra Search Metadata in the New Metadata Repository
Perform this task on the new Metadata Repository.
Make sure the ORACLE_HOME
and ORACLE_SID
environment variables are set.
Run the following commands:
cd ORACLE_HOME/ultrasearch/admin sqlplus "sys/SYS_PASSWORD as sysdba" SQL> @wk0config.sql WKSYSPW JDBC_CONNSTR LAUNCH_ANYWHERE ""
(Note the two double quotes at the end of the preceding command.)
In the example:
WKSYSPW
is the password of the WKSYS
schema that you obtained at the beginning of this procedure.
JDBC_CONNSTR
is the JDBC connection string host
:
port
:
SID
, for example: myhost:1521:testdb
.
LAUNCH_ANYWHERE
is TRUE
if the Metadata Repository is in Real Application Cluster mode, otherwise FALSE
. For this procedure, you should set it to FALSE
.
Task 5: Change the Global DB Name for the New Metadata Repository
In this task, you change the global db name of the new Metadata Repository to a new, unique name so you can register it with Oracle Internet Directory.
Perform all of the steps in this task on the new Metadata Repository host.
Run the following commands to set up the database:
sqlplus "sys/SYS_PASSWORD as sysdba"
SQL> alter system switch logfile;
SQL> alter database backup controlfile to trace resetlogs;
Check the spfile using SQL*Plus:
SQL> select value from v$parameter where name='spfile';
If the previous command returns no rows, you can skip this step.
If the previous command returns output like the following:
VALUE ---------------------------------- ?/dbs/spfile@.ora
run the following command to create a pfile from the spfile:
On Unix:
SQL> create pfile='ORACLE_HOME/dbs/initORACLE_SID.ora' from spfile;
On Windows:
SQL> create pfile='%ORACLE_HOME%\database\initORACLE_SID.ora' from spfile;
In the example, ORACLE_SID is the SID of the original and new Metadata Repository.
Shut down the new Metadata Repository:
SQL> shutdown immediate;
The database must be shut down with SHUTDOWN NORMAL
or SHUTDOWN IMMEDIATE
. You should not use SHUTDOWN ABORT
.
Rename the spfile so the pfile will be used when the database instance is restarted:
On Unix:
cd ORACLE_HOME/dbs mv spfileORACLE_SID.ora spfileORACLE_SID.ora.save
On Windows:
cd ORACLE_HOME\database rename spfileORACLE_SID.ora spfileORACLE_SID.ora.save
Edit the following file:
On UNIX:
ORACLE_HOME/dbs/initORACLE_SID.ora
On Windows:
ORACLE_HOME\database\initORACLE_SID.ora
Update the db_name
to the new db name (the first portion of the new global db name). For example, if the new global db name is orcl1.myco.com
, the value of db_name
should be orcl1
. Note that this is not necessarily (nor likely) the same value as the SID on the new Metadata Repository.
Also, update all other instances of the old db_name to the new db_name. Specifically, you should update directory paths that contain the old db_name. If the directory paths are not updated, when you run the ccf.sql
script in step 16, the script will fail.
Rename the following directory with the new db_name
:
ORADATA_DIRECTORY/db_name
Rename the control files so they do not exist later when the new ones are created:
cd ORADATA_DIRECTORY/db_name mv control01.ctl control01.ctl.old mv control02.ctl control02.ctl.old mv control03.ctl control03.ctl.old
Rename the following directory with the new db_name
:
(UNIX) ORACLE_HOME/admin/db_name (Windows) ORACLE_HOME\..\admin\db_name
Note that on Windows, the admin
directory is in the same directory as the Oracle home.
Edit the following file:
On UNIX:
ORACLE_HOME/admin/db_name/pfile/init.ora.NNNNNNNNNNNNN
On Windows:
ORACLE_HOME\..\admin\db_name\pfile\init.ora.NNNNNNNNNNNNN
Note that the filename includes a random number at the end.
Change all instances of the old db name to the new db name; do not update the SID. To do this, change the old db name in all directory paths and the db_name
parameter.
Change to the trace file directory:
cd ORACLE_HOME/admin/db_name/udump
Note that the preceding is the default location for the trace file directory. This location can be overridden by the user_dump_dest
parameter in initORACLE_SID
.ora or spfileORACLE_SID
.ora.
Locate the trace file; it has a name of the form ORACLE_SID
_ora_NNNNN
.trc, where NNNNN
is a number. Choose the trace file with the most recent modification date.
Copy the contents of the trace file, starting from the line with "STARTUP NOMOUNT"
down to the end of the file, into a new file named BACKUP_DIR
/ccf.sql
.
Do not copy any the following lines, if they exist:
*** TIMESTAMP kcrr.c
ARCH: Archival disabled due to shutdown: 1089
Edit BACKUP_DIR
/ccf.sql
as follows (an example of ccf.sql
after performing the edits in this step is shown in Example 9-1.)
Update the following line with the new global db name and change "REUSE
" to "SET
":
Before modification:
CREATE CONTROLFILE REUSE DATABASE "OLD_GLOBAL_DB_NAME" RESETLOGS ...
After modification:
CREATE CONTROLFILE SET DATABASE "NEW_GLOBAL_DB_NAME" RESETLOGS ...
Remove the line that appears in one of the following two forms:
# STANDBY LOGFILE -- STANDBY LOGFILE
Comment out the following lines, if they exist, with "REM", as shown:
REM RECOVER DATABASE USING BACKUP CONTROLFILE REM VARIABLE RECNO NUMBER; REM EXECUTE :RECNO := SYS.DBMS_BACKUP_RESTORE.SETCONFIG('CONTROLFILE AUTOBACKUP','ON'); REM VARIABLE RECNO NUMBER; REM EXECUTE :RECNO := SYS.DBMS_BACKUP_ RESTORE.SETCONFIG('CONTROLFILEAUTOBACKUP FORMAT FOR DEVICE TYPE','DISK TO BACKUP_DIR/db_files/%F'); REM ALTER TABLESPACE TEMP ADD TEMPFILE 'ORACLE_HOME/TEMP01.DBF' SIZE 5242880 AUTOEXTEND ON MAXSIZE 4294950912 REUSE;
Change all comment symbols to "REM". Depending on your platform, the comment symbol may be "#" or "--".
Example 9-1 Example ccf.sql File after Edits
STARTUP NOMOUNT
CREATE CONTROLFILE set DATABASE "NEW DATABASE" RESETLOGS ARCHIVELOG
MAXLOGFILES 50
MAXLOGMEMBERS 5
MAXDATAFILES 100
MAXINSTANCES 1
MAXLOGHISTORY 226
LOGFILE
GROUP 1 '/private1/inst/oradata/orcl/redo01.log' SIZE 50M,
GROUP 2 '/private1/inst/oradata/orcl/redo02.log' SIZE 50M,
GROUP 3 '/private1/inst/oradata/orcl/redo03.log' SIZE 50M
DATAFILE
'/private1/inst/oradata/orcl/system01.dbf',
'/private1/inst/oradata/orcl/undotbs01.dbf',
'/private1/inst/oradata/orcl/drsys01.dbf',
'/private1/inst/oradata/orcl/dcm.dbf',
'/private1/inst/oradata/orcl/portal.dbf',
'/private1/inst/oradata/orcl/ptldoc.dbf',
'/private1/inst/oradata/orcl/ptlidx.dbf',
'/private1/inst/oradata/orcl/ptllog.dbf',
'/private1/inst/oradata/orcl/oca.dbf',
'/private1/inst/oradata/orcl/discopltc1.dbf',
'/private1/inst/oradata/orcl/discopltm1.dbf',
'/private1/inst/oradata/orcl/oss_sys01.dbf',
'/private1/inst/oradata/orcl/wcrsys01.dbf',
'/private1/inst/oradata/orcl/uddisys01.dbf',
'/private1/inst/oradata/orcl/ip_dt.dbf',
'/private1/inst/oradata/orcl/ip_rt.dbf',
'/private1/inst/oradata/orcl/ip_idx.dbf',
'/private1/inst/oradata/orcl/ip_lob.dbf',
'/private1/inst/oradata/orcl/attrs1_oid.dbf',
'/private1/inst/oradata/orcl/battrs1_oid.dbf',
'/private1/inst/oradata/orcl/gcats1_oid.dbf',
'/private1/inst/oradata/orcl/gdefault1_oid.dbf',
'/private1/inst/oradata/orcl/svrmg1_oid.dbf',
'/private1/inst/oradata/orcl/ias_meta01.dbf'
CHARACTER SET WE8MSWIN1252
;
REM Configure RMAN configuration record 1
REM VARIABLE RECNO NUMBER;
REM EXECUTE :RECNO := SYS.DBMS_BACKUP_RESTORE.SETCONFIG('CONTROLFILE
AUTOBACKUP','ON');
REM Configure RMAN configuration record 2
REM VARIABLE RECNO NUMBER;
REM EXECUTE :RECNO := SYS.DBMS_BACKUP_RESTORE.SETCONFIG('CONTROLFILE AUTOBACKUP
FORMAT FOR DEVICE TYPE','DISK TO /private1/inst/backup_dir/db_files/%F');
REM Recovery is required if any of the datafiles are restored backups,
REM or if the last shutdown was not normal or immediate.
REM RECOVER DATABASE USING BACKUP CONTROLFILE
REM Database can now be opened zeroing the online logs.
ALTER DATABASE OPEN RESETLOGS;
REM No tempfile entries found to add.
Edit the following script:
BACKUP_DIR/ccf.sql
Replace the old db_name
with the new db_name
throughout the script.
Run the ccf.sql
script:
SQL> @BACKUP_DIR/ccf.sql
Change the global db name in the database:
SQL> alter database rename global_name to NEW_GLOBAL_DB_NAME;
Update the service name and the global db name to the new global db name in the following file:
(UNIX) ORACLE_HOME/network/admin/tnsnames.ora (Windows) ORACLE_HOME\network\admin\tnsnames.ora
Note that you should not change the SID.
(UNIX) ORACLE_HOME/config/ias.properties (Windows) ORACLE_HOME\config\ias.properties
Change the InfrastructureDBCommonName
parameter to the new global db name.
Task 6: Register the New Metadata Repository with Oracle Internet Directory
In this task, you register the new Metadata Repository with the same Oracle Internet Directory used by the original Metadata Repository. To do this, you run Oracle Application Server Metadata Repository Creation Assistant (OracleAS Metadata Repository Creation Assistant), a wizard that guides you through the registration.
Note: OracleAS Metadata Repository Creation Assistant is available on the "OracleAS Metadata Repository Creation Assistant" CD-ROM. |
Using SQL*Plus, log in to the new Metadata Repository as SYS with SYSDBA privileges.
Run the following commands:
SQL> execute dbms_ias_version.set_component_loading(component_id=>'MRC', component_name=>'Oracle Application Server Metadata Repository Version', schema_name=>'SYS'); SQL> execute dbms_ias_version.set_component_valid(component_id=>'MRC');
Verify that the following command returns the following value:
SQL> select comp_name, version, status from app_registry where comp_id='MRC'; COMP_NAME VERSION STATUS ----------------------------------------------------- --------- ------- Oracle Application Server Metadata Repository Version 10.1.2.0.0 VALID
Register the new Metadata Repository with Oracle Internet Directory.
See Also: Oracle Application Server Metadata Repository Creation Assistant User's Guide for more information on how to perform the following steps |
Install OracleAS Metadata Repository Creation Assistant into its own Oracle home on the host where the new Metadata Repository resides. In the Select a Product to Install screen, choose Oracle Application Server Repository Creation Assistant.
Run OracleAS Metadata Repository Creation Assistant as follows:
(UNIX) ORACLE_HOME_RepCA/runRepca (Windows) ORACLE_HOME_RepCA\runRepca.bat
The wizard will guide you through the process.
When the process is finished, an ldap.ora
file will be created in the OracleAS Metadata Repository Creation Assistant Oracle home. Copy this file to the new Metadata Repository Oracle home.
Copy the file from:
(UNIX) ORACLE_HOME_RepCA/network/admin/ldap.ora (Windows) ORACLE_HOME_RepCA\network\admin\ldap.ora
To:
(UNIX) ORACLE_HOME_NEW_METADATA_REPOSITORY/network/admin/ldap.ora (Windows) ORACLE_HOME_NEW_METADATA_REPOSITORY\network\admin\ldap.ora
Task 7: Change Middle-Tier Instances to the New Metadata Repository
On each middle-tier instance you want to change to the new Metadata Repository, run the Change Metadata Repository wizard and restart the instance:
Using the Application Server Control Console, navigate to the Instance Home Page for the middle-tier instance.
Make sure all components except Management are down. If not, click Stop All to stop them. Note that this will not stop Management.
Click Infrastructure.
On the Infrastructure Page, in the Metadata Repository section, click Change.
Follow the steps in the wizard for supplying the new Metadata Repository information.
When the wizard is finished, navigate to the Instance Home Page and start your instance by clicking Start All.
Task 8: Update the Farm Name
Run the following command in the Oracle home of one of the middle-tier instances that you changed to use the new Metadata Repository in the previous task:
ORACLE_HOME/dcm/bin/dcmctl resetFarmName new_farm_name
In the example, new_farm_name
is the global db name of the new Metadata Repository.
Note: You only need to run the command in one middle-tier instance. The command will update all other instances. |
This section provides a procedure for changing the Metadata Repository used by Identity Management. This procedure involves making a copy of the original Metadata Repository on a different host, and then changing the Identity Management components to use the new Metadata Repository.
The following are sample uses for this procedure:
You have an Identity Management installation using a Metadata Repository. You would like to move the Metadata Repository to different host so you can retire the original Metadata Repository.
Your current Metadata Repository host is overloaded and you would like to move the Metadata Repository to a host that can handle a heavier load.
The Metadata Repository is used by Identity Management only. It may not be used by middle-tier instances for product metadata.
The Identity Management installation may reside in one Oracle home, or its components may be distributed across several Oracle homes.
The original Metadata Repository must not reside on the same host as the Identity Management installation.
The new Metadata Repository:
Must reside on a different host than the original Metadata Repository. That host must use the same operating system platform as the original.
Must use the same Oracle home, datafile location, SID, and global database name as the original Metadata Repository.
May use a different database listener port than the original, if desired.
This procedure contains the following tasks:
Task 7: Start Oracle Internet Directory Using Special Commands
Task 8: Update the Oracle Internet Directory Database Registration
Task 9: Stop Oracle Internet Directory Using Special Commands
Task 1: Install the New Metadata Repository
Install the new Metadata Repository as follows:
Make sure to install the Metadata Repository into an Oracle home that has the same path as the old Metadata Repository Oracle home.
Use Oracle Universal Installer to install the Metadata Repository.
Choose to install an Infrastructure.
Choose to install a Metadata Repository only.
Do not register the Metadata Repository with Oracle Internet Directory.
Specify the same SID and global db name as the old Metadata Repository.
Specify the same datafile location as the old Metadata Repository.
Task 2: Shut Down Your Environment
Shut down your environment as follows:
Shut down all middle-tier instances that use Identity Management.
Run the following command in the Identity Management Oracle home:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl stopall (Windows) ORACLE_HOME\opmn\bin\opmnctl stopall
If the Identity Management installation is distributed across several Oracle homes, run the command in the Oracle Internet Directory Oracle home.
If you use OracleAS Certificate Authority, stop it as follows:
ORACLE_HOME/oca/bin/ocactl stop
Task 3: Back Up the Original Metadata Repository
In this task, you create a backup of the original Metadata Repository. This task provides the steps for doing this using Oracle Recovery Manager, however, if you are an experienced DBA, you can back up the Metadata Repository according to your standard practices.
Perform all of the steps in this task on the original Metadata Repository host.
Create directories to store backup files and log files. For example:
mkdir -p BACKUP_DIR/log_files mkdir -p BACKUP_DIR/db_files
Make sure the original Metadata Repository is up and running.
Make sure you have set the ORACLE_HOME
and ORACLE_SID
environment variables before you run the SQL*Plus command.
Obtain the DBID of the original Metadata Repository using SQL*Plus:
SQL> SELECT DBID FROM v$database;
Make note of this value; you will use it later in the procedure.
Create a file named BACKUP_DIR
/cold_backup.rcv
that contains the following lines. In the file, substitute the full path for BACKUP_DIR
.
shutdown immediate; startup mount; configure controlfile autobackup on; configure controlfile autobackup format for device type disk to 'BACKUP_DIR/db_files/%F'; run { allocate channel dev1 device type disk format 'BACKUP_DIR/db_files/%U'; backup database plus archivelog; release channel dev1; }
Run Oracle Recovery Manager to back up the Metadata Repository.
You can run Oracle Recovery Manager on the Metadata Repository host as follows (the following is a single command; type it all on one line):
ORACLE_HOME/bin/rman target / cmdfile=BACKUP_DIR/cold_backup.rcv > BACKUP_DIR/log_files/backup.log
Note that the preceding command contains a forward slash "/" character.
You can run Oracle Recovery Manager from another host on the network as follows (the following is a single command; type it all on one line):
ORACLE_HOME/bin/rman target SYS/oracle@trgt cmdfile=BACKUP_DIR/cold_backup.rcv > BACKUP_DIR/log_files/backup.log
Copy the backup directories to the new host. You do not need to use the same path for BACKUP_DIR
on the new host.
BACKUP_DIR/log_files BACKUP_DIR/db_files
Task 4: Restore the Backup to the New Metadata Repository
In this task you restore the backup to the new Metadata Repository.
Perform all of the steps in this task on the new Metadata Repository host.
Make sure the new Metadata Repository is down:
sqlplus "sys/SYS_PASSWORD as sysdba"
SQL> shutdown immediate;
Regenerate the password file:
On UNIX:
mv ORACLE_HOME/dbs/orapwORACLE_SID ORACLE_HOME/dbs/orapwORACLE_SID.old ORACLE_HOME/bin/orapwd file=ORACLE_HOME/dbs/ orapwORACLE_SID password=new_password
On Windows:
mv ORACLE_HOME\database\PWDORACLE_SID.ora ORACLE_HOME\database\ PWDORACLE_SID.ora.old ORACLE_HOME\bin\orapwd file=ORACLE_HOME\database\PWDORACLE_SID.ora password=new_password
In the example, new_password
is the new SYS
password. You can use the old SYS password, or set it to a new password.
Start the new Metadata Repository but do not mount it:
SQL> startup nomount;
Create a file named BACKUP_DIR
/restore.rcv
that contains the following lines. In the file, substitute the full path for BACKUP_DIR
and the DBID
obtained in the previous task.
set dbid=DBID; connect target /; set controlfile autobackup format for device type disk to 'BACKUP_DIR/db_files/%F'; restore controlfile from autobackup; startup mount force; run { allocate channel dev1 device type disk format 'BACKUP_DIR/db_files/%U'; restore database; release channel dev1; alter database open resetlogs; }
Run Oracle Recovery Manager to restore the Metadata Repository:
ORACLE_HOME/bin/rman cmdfile=BACKUP_DIR/restore.rcv > BACKUP_DIR/log_files/restore.log
After you restore using Oracle Recovery Manager, determine if the TEMP
tablespace has a datafile by connecting to the database as a user with SYSDBA
privileges and running the following command in SQL*Plus:
SQL> select file_name from dba_temp_files where tablespace_name like 'TEMP';
If the preceding command does not return any files, add a datafile:
SQL> alter tablespace "TEMP" add tempfile 'ORADATA_DIRECTORY/ \ db_name/temp01.dbf' size 5120K autoextend on next 8k maxsize unlimited;
In the example, db_name
is the first portion of the new global db name.
Note that the preceding command creates a file called temp01.dbf
and adds it to the TEMP
tablespace. If the temp01.dbf
file already exists in the directory, add a "reuse" clause to the command:
SQL> alter tablespace "TEMP" add tempfile 'ORADATA_DIRECTORY/ \ db_name/temp01.dbf' size 5120K reuse autoextend on next 8k maxsize unlimited;
Task 5: Update Oracle Internet Directory
In the Oracle Internet Directory home, update the following file with the new Metadata Repository hostname (and, optionally, the new port number);
ORACLE_HOME/network/admin/tnsnames.ora
After you modify the file, use the tnsping command to make sure you can reach the new Metadata Repository:
ORACLE_HOME/bin/tnsping net_service_name
For example:
ORACLE_HOME/bin/tnsping orcl
Task 6: Shut Down the Original Metadata Repository
Shut down the original Metadata Repository using your usual procedure.
Task 7: Start Oracle Internet Directory Using Special Commands
Start Oracle Internet Directory by running the following commands in the Oracle Internet Directory home (do not use opmnctl
):
Set the ORACLE_SID
environment variable to the new Metadata Repository SID (the default is orcl
).
Start the Oracle Internet Directory monitor:
(UNIX) ORACLE_HOME/bin/oidmon start (Windows) ORACLE_HOME\bin\oidmon start
Start the Oracle Internet Directory server:
(UNIX) ORACLE_HOME/bin/oidctl server=oidldapd configset=0 instance=1 start (Windows) ORACLE_HOME\bin\oidctl server=oidldapd configset=0 instance=1 start
Task 8: Update the Oracle Internet Directory Database Registration
Update Oracle Internet Directory with the new Metadata Repository hostname and, optionally, new port number.
Start Oracle Directory Manager:
(UNIX) ORACLE_HOME/bin/oidadmin
(Windows) Start > Programs > Oracle Application Server -
OracleHome > Integrated Management Tools > Oracle Directory Manager
Log in to Oracle Directory Manager.
In the System Objects frame:
Expand Entry Management.
Expand cn=Oracle Context.
Select the DBName for the OracleAS Metadata Repository. For example, if the DBName is the default, orcl
, select cn=ORCL.
On the Properties tab, update the HOST
parameter in the orclnetdescstring
field with the new hostname. Update the PORT
parameter if you have changed the port number.
Click Apply.
Task 9: Stop Oracle Internet Directory Using Special Commands
Stop Oracle Internet Directory by running the following commands in the Oracle Internet Directory home (do not use opmnctl
):
Set the ORACLE_SID
environment variable to the new Metadata Repository SID (the default is orcl
).
Stop the Oracle Internet Directory server:
(UNIX) ORACLE_HOME/bin/oidctl server=oidldapd configset=0 instance=1 stop (Windows) ORACLE_HOME\bin\oidctl server=oidldapd configset=0 instance=1 stop
Stop the Oracle Internet Directory monitor:
(UNIX) ORACLE_HOME/bin/oidmon stop (Windows) ORACLE_HOME\bin\oidmon stop
Task 10: Start Your Environment
Start your environment as follows:
Start the Identity Management installation by running the following command in the Identity Management Oracle home:
(UNIX) ORACLE_HOME/opmn/bin/opmnctl startall (Windows) ORACLE_HOME\opmn\bin\opmnctl startall
If the Identity Management installation is distributed across several Oracle homes, run the command in the Oracle Internet Directory home.
Start all middle-tier instances that use Identity Management.
Task 11: Update OracleAS Certificate Authority
If you use OracleAS Certificate Authority:
Associate it with the new MetaData Repository:
ORACLE_HOME/oca/bin/ocactl updateconnection
Start OracleAS Certificate Authority:
ORACLE_HOME/oca/bin/ocactl start