Prerequisites for Upgrading to Enterprise
Manager Cloud Control 13c Release 2
1.First latest PSU patch needs to be applied in GRID and ORACLE home.
In my case latest patch of that time was as below
|
CRS service brought down successfully on home /u01/app/product/12.1.0/gridStart applying binary patch on home /u01/app/oracle/product/12.1.0/db_1
Binary patch applied successfully on home /u01/app/oracle/product/12.1.0/db_1Start applying binary patch on home /u01/app/product/12.1.0/grid
/u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/opatchauBinary patch applied successfully on home /u01/app/product/12.1.0/gridStarting CRS service on home /u01/app/product/12.1.0/grid
Postpatch operation log file location: /u01/app/product/12.1.0/grid/cfgtoollogs/crsconfig/hapatch_2016-12-19_02-06-48PM.log
CRS service started successfully on home /u01/app/product/12.1.0/gridStarting database service on home /u01/app/oracle/product/12.1.0/db_1
Database service successfully started on home /u01/app/oracle/product/12.1.0/db_1Preparing home /u01/app/oracle/product/12.1.0/db_1 after database service restarted
No step execution required………
Prepared home /u01/app/oracle/product/12.1.0/db_1 successfully after database service restartedTrying to apply SQL patch on home /u01/app/oracle/product/12.1.0/db_1
SQL patch applied successfully on home /u01/app/oracle/product/12.1.0/db_1Verifying patches applied on home /u01/app/product/12.1.0/grid
Patch verification completed with warning on home /u01/app/product/12.1.0/gridVerifying patches applied on home /u01/app/oracle/product/12.1.0/db_1
Patch verification completed with warning on home /u01/app/oracle/product/12.1.0/db_1OPatchAuto successful.
——————————–Summary——————————–
Patching is completed successfully. Please find the summary as follows:
Host:orcldb
SIDB Home:/u01/app/oracle/product/12.1.0/db_1
Summary:
==Following patches were SKIPPED:
Patch: /u01/app/grid/24412235/21436941
Reason: This patch is not applicable to this specified target type – “oracle_database”
Patch: /u01/app/grid/24412235/24007012
Reason: This patch is not applicable to this specified target type – “oracle_database”
==Following patches were SUCCESSFULLY applied:
Patch: /u01/app/grid/24412235/23854735
Log: /u01/app/oracle/product/12.1.0/db_1/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_13-59-18PM_1.log
Patch: /u01/app/grid/24412235/24006101
Log: /u01/app/oracle/product/12.1.0/db_1/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_13-59-18PM_1.log
Host:orcldb
SIHA Home:/u01/app/product/12.1.0/grid
Summary:
==Following patches were SUCCESSFULLY applied:
Patch: /u01/app/grid/24412235/21436941
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log
Patch: /u01/app/grid/24412235/23854735
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log
Patch: /u01/app/grid/24412235/24006101
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log
Patch: /u01/app/grid/24412235/24007012
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log
OPatchauto session completed at Mon Dec 19 14:11:39 2016
Time taken to complete the session 15 minutes, 53 seconds
Optimizer Adaptive Feature Disabling Requirements
Ensure that you disable the optimizer adaptive feature (optimizer_adaptive_features=FALSE) in the Oracle Database that houses the Management Repository. To do so, follow these steps:
1. Disable the optimizer adaptive feature by setting the optimizer_adaptive_features parameter to FALSE. To do so, run the following SQL command:
alter system set optimizer_adaptive_features=false scope=both
2. Restart the database.
3. Verify that the changes have taken effect. To do so, run the following SQL command:
show parameter adaptive;
You should see the following output:
NAME TYPE VALUE
———————————————————————
optimizer_adaptive_features boolean FALSE
Login and Logoff Trigger Setting Verification Requirements
SQL> SELECT owner,trigger_name FROM sys.dba_triggers WHERE TRIGGERING_EVENT LIKE ‘LOGOFF%’ AND status=’ENABLED’;
OWNER
——————————————————————————–
TRIGGER_NAME
——————————————————————————–
GSMADMIN_INTERNAL
GSMLOGOFF
SQL> alter trigger GSMADMIN_INTERNAL.GSMLOGOFF disable;
Trigger altered.
Selectively Skipping Some Job Type Updates for Reduced Downtime
of Your Enterprise Manager System
To skip or postpone some job types from being upgraded, follow these steps:
1. Identify the job types that you want to exclude from being upgraded during the
downtime.
To do so, as a SYSMAN user, log in to the database that houses the Oracle
Management Repository, and run the following query. Particularly look for the
job types that have a large number of active executions.
SELECT job_type, COUNT(1) as n_execs
FROM MGMT_JOB_EXEC_SUMMARY
JOIN MGMT_JOB_TYPE_INFO USING (job_type_id)
WHERE status NOT IN (3,4,5,8,18,19,23)
GROUP BY job_type
HAVING COUNT(1) > 5000
ORDER BY COUNT(1) DESC;
2. Exclude the other job types you identified.
To do so, run the following query to exclude a job type from the
MGMT_PARAMETERS table. For each job type you want to exclude, you must
run one INSERT statement. For example, if you have three job types to exclude,
then run the INSERT statement three times, each with a job type you want to
exclude.
INSERT INTO MGMT_PARAMETERS(parameter_name, parameter_value)
VALUES (‘mgmt_job_skip_job_type_upg.1’, ‘<job type>’);
EMKEY Copy Requirements
[IN CASE OF MULTI-OMS UPGRADE, PERFORM THIS STEP ONLY FOR THE
FIRST OMS UPGRADE]
Ensure that you copy the emkey from the existing OMS to the existing Management
Repository. To do so, run the following command on the OMS you are about to
upgrade. Here, <ORACLE_HOME> refers to the Oracle home of the OMS.
[oracle@orcl middleware]$ /u01/app/oemcc/middleware/bin/emctl config emkey -copy_to_repos -sysman_pwd sysm4n4dm1n
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
The EMKey has been copied to the Management Repository. This operation will cause the EMKey to become unsecure.
After the required operation has been completed, secure the EMKey by running “emctl config emkey -remove_from_repos”.
Check status now
[oracle@orcl middleware]$ /u01/app/oemcc/middleware/bin/emctl status emkey
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
The EMKey is configured properly, but is not secure. Secure the EMKey by running “emctl config emkey -remove_from_repos”.
Stop Cloud Control now
Stop Cloud Control
export OMS_HOME=/u01/app/oemcc/middleware
export AGENT_HOME=/u01/app/oemcc/agent/agent_inst
$OMS_HOME/bin/emctl stop oms -all
$AGENT_HOME/bin/emctl stop agent
$OMS_HOME/bin/emctl extended oms jvmd stop -all
$OMS_HOME/bin/emctl extended oms adp stop –all
Now you can start Installation of oracle cloud control 13cR2
1.Create required directory where we need to install new software
Create a directory for the new installation.
/u01/app/oemcc13cR2/Middleware
2.Run installer now from the download and unzipped location.
$ chmod u+x em13200_linux64.bin $ ./em13200_linux64.bin
Please uncheck the security updates checkbox and click the “Next” button.
Click the “Yes” button the subsequent warning dialog.
If you wish to check for updates, enter the required details, or check the “Skip” option and click the “Next” button.
If you have performed the prerequisites as described, the installation should pass all prerequisite checks. Click the “Next” button.
Select the “Upgrade an existing Enterprise Manager System” option. Select the “One-System Upgrade” option. Select the OMS to be upgraded, then click the “Next” button.
Enter the new middleware home location, I used “/u01/app/oemcc13cR2/Middleware”, then click the “Next” button.
Enter the passwords for the SYS and SYSMAN users and check both the check boxes, then click the “Next” button.
If you want to change ASM password,you can use below:-
orapwd file=’+DATA’ dbuniquename=’OEMCC01′ password=xxx
Now you get warning as “The upgrade process has detected MD5 certificate usage for some agent-OMS communication”
I have referred below metalink note for securing all clients and OMS
EM 13.2: SHA2 Certificate Pre-upgrade Verification for OMS & Agent (Doc ID 2179909.1)
Please create CA certificates
Download the zip file SecureCommunicationScan.zip to the OMS host. Archive contains three folders (/bin, /data, /metadata).
Unzip SecureCommunicationScan.zip to SecureCommunicationScan Directory
Install/setup of Deployment Procedure
Register Deployment Procedure
$OMS_HOME/bin/emctl register oms metadata -service procedures -core -sysman_pwd XXXXX -file /home/oracle/SecureCommunicationScan/metadata/procedure/Secure_communications_scan.xml
Register Software Library
emctl register oms metadata -service swlib -file “/home/oracle/SecureCommunicationScan/metadata/procedure/Secure_communications_scan.xml” -core
Execution of Deployment Procedure:-
Create input file CheckForMD5Usage.input with below values as template and replace the sample with the values from your environment.
#*****BEGIN FILE*******
agentBeingTested.0.name=appl:1838
agentBeingTested.0.type=oracle_emd
agentBeingTested.0.defaultHostCred=NAME:SYSMAN:appl
agentBeingTested.1.name=orcldb:1838
agentBeingTested.1.type=oracle_emd
agentBeingTested.1.defaultHostCred=NAME:SYSMAN:orcl
#Add more agents
Mgmt_Rep_Outer.0.name=Management Services and Repository
Mgmt_Rep_Outer.0.type=oracle_emrep
Mgmt_Rep_Outer.0.defaultHostCred=NAME:SYSMAN:CREDNAME
util_loc=/home/oracle/SecureCommunicationScan/
dbusername=sysman
dbpasswd=XXX
connectstr=(DESCRIPTION\=(ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=TCP)(HOST\=orcldb)(PORT\=1613)))(CONNECT_DATA\=(SID\=OEMCC01l)))
#*******END FILE********
$OMS_HOME/bin/emcli submit_procedure -name=CheckForMD5Usage -input_file=data:/home/oracle/CheckForMD5Usage.input
Run the command below to create a new OEM Certificate Authority
[oracle@orcl ~]$ $OMS_HOME/bin/emctl secure createca
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Creating CA… Started.
Enter Enterprise Manager Root (SYSMAN) Password :
Successfully created CA with ID 2
Please stop OMS and restart
[oracle@orcl ~]$ $OMS_HOME/bin/emctl stop oms
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Stopping Oracle Management Server…
Oracle Management Server Successfully Stopped
Oracle Management Server is Down
JVMD Engine is Down
[oracle@orcl ~]$ $OMS_HOME/bin/emctl start oms
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Starting Oracle Management Server…
WebTier Successfully Started
Oracle Management Server Successfully Started
Oracle Management Server is Up
JVMD Engine is Up
Starting BI Publisher Server …
BI Publisher Server Already Started
BI Publisher Server is Up
Check the login now with SYSMAN
[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli login -username=SYSMAN
Enter password :
Login successful
Please secure all clients now
[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli get_ca_info -details > agentlist.txt
Let us check the agentlist.txt file and secure agent using below command for each hosts where agents are running.
[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli secure_agents -agt_names=”appl:3872″ -username=”oracle” -password=”XXX”
Summary :
Number of valid agents provided for secure : 1, Filtered : 0, Selected : 1
Details :
Number of agents provided for secure (input) : 1
After merging and removing invalid/duplicate agents : 1
Job “SECUREAGENTS JOB 2016-Dec-22 01:48:37” submitted for securing 1 agents
Job ID: 443A783632C06169E0531224540AF536
Execution ID: 443A783632C36169E0531224540AF536
Please check the list now
Please make a report now which will show list of clients already secured.
[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli get_ca_info -details
Info about CA with ID: 1
CA is not configured
Signature algorithm : sha512
Key strength : 1024
DN: CN=orcl, C=US, ST=CA, L=EnterpriseManager on orcl, OU=EnterpriseManager on orcl, O=EnterpriseManager on orcl
Serial# : -2835457060041615466
Valid From: Wed Nov 09 09:50:34 PET 2016
Valid Till: Sun Nov 08 09:50:34 PET 2026
There are no Agents registered with CA ID 1
Info about CA with ID: 2
CA is configured
Signature algorithm : sha512
Key strength : 1024
DN: CN=orcl, C=US, ST=CA, L=CA2, OU=EnterpriseManager on orcl, O=EnterpriseManager on orcl
Serial# : -4458307202098057612
Valid From: Tue Dec 20 03:12:48 PET 2016
Valid Till: Sat Dec 19 03:12:48 PET 2026
Number of Agents registered with CA ID 2 is 16
app:3872
dbl:3872
Now please secure OMS now
[oracle@orcl ~]$ $OMS_HOME/bin/emctl secure oms -console
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Securing OMS… Started.
Enter Enterprise Manager Root (SYSMAN) Password :
Enter Agent Registration Password :
Securing OMS… Successful
Restart OMS
Please proceed next.
Please check which plugins will be upgraded.
Select any additional plug-ins you want to deploy, then click the “Next” button.
Enter the WebLogic details, then click the “Next” button. Just add a number on to the end of the OMS Instance Base Location specified by default. I used “/u01/app/oemcc13cR2/gc_inst”.
BI published to share location is disabled.
Accept the default ports by clicking the “Next” button.
Please review information, click the “Upgrade” button.
Wait while the installation and configuration take place.
When prompted, run the root scripts, then click the “OK” button.
Make note of the URLs, then click the “Close” button to exit the installer
This information is also available at:
/u01/app/oemcc13cR2/Middleware/install/setupinfo.txt
Please review the URL now.
See the following for information pertaining to your Enterprise Manager installation:
Use the following URL to access:
1. Enterprise Manager Cloud Control URL: https://orcl:7803/em
2. Admin Server URL: https://orcl:7102/console
3. BI Publisher URL: https://orcl:9803/xmlpserver
The following details need to be provided while installing an additional OMS:
1. Admin Server Host Name: orcl
2. Admin Server Port: 7102
You can find the details on ports used by this deployment at : /u01/app/oemcc13cR2/Middleware/install/portlist.ini
NOTE:
An encryption key has been generated to encrypt sensitive data in the Management Repository. If this key is lost, all encrypted data in the Repository becomes unusable.
A backup of the OMS configuration is available in /u01/app/oemcc13cR2/gc_inst/em/EMGC_OMS1/sysman/backup on host orcl. See Cloud Control Administrators Guide for details on how to back up and recover an OMS.
NOTE: This backup is valid only for the initial OMS configuration. For example, it will not reflect plug-ins installed later, topology changes like the addition of a load balancer, or changes to other properties made using emctl or emcli. Backups should be created on a regular basis to ensure they capture the current OMS configuration. Use the following command to backup the OMS configuration:
/u01/app/oemcc13cR2/Middleware/bin/emctl exportconfig oms -dir <backup dir>
Please upgrade the agent now
Please run root.sh from following directory in OEMCC Cloud control server.
cd /u01/app/oemcc/agent/agent_13.2.0.0.0
sh root.sh
Please run root.sh to all client servers
For other added servers:-
Please run root.sh in all agents
[root@olg1prbscsdbf02 agent_13.2.0.0.0]#
cd /u01/oemcc/agent_13.2.0.0.0
sh root.sh
Reference:-
EM 13.2: SHA2 Certificate Pre-upgrade Verification for OMS & Agent (Doc ID 2179909.1)