Step by step Upgrade cloud control from 13cR1 to 13cR2 (13.2.0.0.0)

Prerequisites for Upgrading to Enterprise
Manager Cloud Control 13c Release 2

1.First latest PSU patch needs to be applied in GRID and ORACLE home.

In my case latest patch of that time was as below

Patch 24412235: GRID INFRASTRUCTURE PATCH SET UPDATE 12.1.0.2.161018 (OCT2016)

Prepatch operation log file location: /u01/app/product/12.1.0/grid/cfgtoollogs/crsconfig/hapatch_2016-12-19_01-58-57PM.log
CRS service brought down successfully on home /u01/app/product/12.1.0/gridStart applying binary patch on home /u01/app/oracle/product/12.1.0/db_1
Binary patch applied successfully on home /u01/app/oracle/product/12.1.0/db_1Start applying binary patch on home /u01/app/product/12.1.0/grid
/u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/opatchauBinary patch applied successfully on home /u01/app/product/12.1.0/gridStarting CRS service on home /u01/app/product/12.1.0/grid
Postpatch operation log file location: /u01/app/product/12.1.0/grid/cfgtoollogs/crsconfig/hapatch_2016-12-19_02-06-48PM.log
CRS service started successfully on home /u01/app/product/12.1.0/gridStarting database service on home /u01/app/oracle/product/12.1.0/db_1
Database service successfully started on home /u01/app/oracle/product/12.1.0/db_1Preparing home /u01/app/oracle/product/12.1.0/db_1 after database service restarted
No step execution required………
Prepared home /u01/app/oracle/product/12.1.0/db_1 successfully after database service restartedTrying to apply SQL patch on home /u01/app/oracle/product/12.1.0/db_1
SQL patch applied successfully on home /u01/app/oracle/product/12.1.0/db_1Verifying patches applied on home /u01/app/product/12.1.0/grid
Patch verification completed with warning on home /u01/app/product/12.1.0/gridVerifying patches applied on home /u01/app/oracle/product/12.1.0/db_1
Patch verification completed with warning on home /u01/app/oracle/product/12.1.0/db_1OPatchAuto successful.

——————————–Summary——————————–

Patching is completed successfully. Please find the summary as follows:

Host:orcldb
SIDB Home:/u01/app/oracle/product/12.1.0/db_1
Summary:

==Following patches were SKIPPED:

Patch: /u01/app/grid/24412235/21436941
Reason: This patch is not applicable to this specified target type – “oracle_database”

Patch: /u01/app/grid/24412235/24007012
Reason: This patch is not applicable to this specified target type – “oracle_database”

==Following patches were SUCCESSFULLY applied:

Patch: /u01/app/grid/24412235/23854735
Log: /u01/app/oracle/product/12.1.0/db_1/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_13-59-18PM_1.log

Patch: /u01/app/grid/24412235/24006101
Log: /u01/app/oracle/product/12.1.0/db_1/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_13-59-18PM_1.log

Host:orcldb
SIHA Home:/u01/app/product/12.1.0/grid
Summary:

==Following patches were SUCCESSFULLY applied:

Patch: /u01/app/grid/24412235/21436941
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log

Patch: /u01/app/grid/24412235/23854735
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log

Patch: /u01/app/grid/24412235/24006101
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log

Patch: /u01/app/grid/24412235/24007012
Log: /u01/app/product/12.1.0/grid/cfgtoollogs/opatchauto/core/opatch/opatch2016-12-19_14-01-50PM_1.log

OPatchauto session completed at Mon Dec 19 14:11:39 2016
Time taken to complete the session 15 minutes, 53 seconds

Optimizer Adaptive Feature Disabling Requirements

Ensure that you disable the optimizer adaptive feature (optimizer_adaptive_features=FALSE) in the Oracle Database that houses the Management Repository. To do so, follow these steps:

1. Disable the optimizer adaptive feature by setting the optimizer_adaptive_features parameter to FALSE. To do so, run the following SQL command:
alter system set optimizer_adaptive_features=false scope=both

2. Restart the database.

3. Verify that the changes have taken effect. To do so, run the following SQL command:
show parameter adaptive;
You should see the following output:
NAME TYPE VALUE
———————————————————————
optimizer_adaptive_features boolean FALSE

 

Login and Logoff Trigger Setting Verification Requirements

SQL> SELECT owner,trigger_name FROM sys.dba_triggers WHERE TRIGGERING_EVENT LIKE ‘LOGOFF%’ AND status=’ENABLED’;

OWNER
——————————————————————————–
TRIGGER_NAME
——————————————————————————–
GSMADMIN_INTERNAL
GSMLOGOFF

SQL> alter trigger GSMADMIN_INTERNAL.GSMLOGOFF disable;

Trigger altered.

Selectively Skipping Some Job Type Updates for Reduced Downtime
of Your Enterprise Manager System

 

To skip or postpone some job types from being upgraded, follow these steps:
1. Identify the job types that you want to exclude from being upgraded during the
downtime.
To do so, as a SYSMAN user, log in to the database that houses the Oracle
Management Repository, and run the following query. Particularly look for the
job types that have a large number of active executions.

SELECT job_type, COUNT(1) as n_execs
FROM MGMT_JOB_EXEC_SUMMARY
JOIN MGMT_JOB_TYPE_INFO USING (job_type_id)
WHERE status NOT IN (3,4,5,8,18,19,23)

GROUP BY job_type
HAVING COUNT(1) > 5000
ORDER BY COUNT(1) DESC;

2. Exclude the other job types you identified.
To do so, run the following query to exclude a job type from the
MGMT_PARAMETERS table. For each job type you want to exclude, you must
run one INSERT statement. For example, if you have three job types to exclude,
then run the INSERT statement three times, each with a job type you want to
exclude.
INSERT INTO MGMT_PARAMETERS(parameter_name, parameter_value)
VALUES (‘mgmt_job_skip_job_type_upg.1’, ‘<job type>’);

 

EMKEY Copy Requirements

[IN CASE OF MULTI-OMS UPGRADE, PERFORM THIS STEP ONLY FOR THE
FIRST OMS UPGRADE]

Ensure that you copy the emkey from the existing OMS to the existing Management
Repository. To do so, run the following command on the OMS you are about to
upgrade. Here, <ORACLE_HOME> refers to the Oracle home of the OMS.

[oracle@orcl middleware]$ /u01/app/oemcc/middleware/bin/emctl config emkey -copy_to_repos -sysman_pwd sysm4n4dm1n
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
The EMKey has been copied to the Management Repository. This operation will cause the EMKey to become unsecure.
After the required operation has been completed, secure the EMKey by running “emctl config emkey -remove_from_repos”.

Check status now

[oracle@orcl middleware]$ /u01/app/oemcc/middleware/bin/emctl status emkey
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Enter Enterprise Manager Root (SYSMAN) Password :
The EMKey is configured properly, but is not secure. Secure the EMKey by running “emctl config emkey -remove_from_repos”.

 

Stop Cloud Control now

Stop Cloud Control

export OMS_HOME=/u01/app/oemcc/middleware
export AGENT_HOME=/u01/app/oemcc/agent/agent_inst

$OMS_HOME/bin/emctl stop oms -all
$AGENT_HOME/bin/emctl stop agent
$OMS_HOME/bin/emctl extended oms jvmd stop -all
$OMS_HOME/bin/emctl extended oms adp stop –all

Now you can start Installation of oracle cloud control 13cR2

1.Create required directory where we need to install new software

Create a directory for the new installation.

/u01/app/oemcc13cR2/Middleware

2.Run installer now from the download and unzipped location.

$ chmod u+x em13200_linux64.bin $ ./em13200_linux64.bin

Please uncheck the security updates checkbox and click the “Next” button.
Click the “Yes” button the subsequent warning dialog.

If you wish to check for updates, enter the required details, or check the “Skip” option and click the “Next” button.

If you have performed the prerequisites as described, the installation should pass all prerequisite checks. Click the “Next” button.

Select the “Upgrade an existing Enterprise Manager System” option. Select the “One-System Upgrade” option. Select the OMS to be upgraded, then click the “Next” button.

Enter the new middleware home location, I used “/u01/app/oemcc13cR2/Middleware”, then click the “Next” button.

Enter the passwords for the SYS and SYSMAN users and check both the check boxes, then click the “Next” button.

If you want to change ASM password,you can use below:-

orapwd file=’+DATA’ dbuniquename=’OEMCC01′ password=xxx

 

Now you get warning as  “The upgrade process has detected MD5 certificate usage for some agent-OMS communication”

I have referred below metalink note for securing all clients and OMS

EM 13.2: SHA2 Certificate Pre-upgrade Verification for OMS & Agent (Doc ID 2179909.1)

Please create CA certificates

Download the zip file SecureCommunicationScan.zip to the OMS host. Archive contains three folders (/bin, /data, /metadata).

Unzip SecureCommunicationScan.zip to SecureCommunicationScan Directory

Install/setup of Deployment Procedure

Register Deployment Procedure

$OMS_HOME/bin/emctl register oms metadata -service procedures -core -sysman_pwd XXXXX -file /home/oracle/SecureCommunicationScan/metadata/procedure/Secure_communications_scan.xml

Register Software Library

emctl register oms metadata -service swlib -file “/home/oracle/SecureCommunicationScan/metadata/procedure/Secure_communications_scan.xml” -core

Execution of Deployment Procedure:-

Create input file CheckForMD5Usage.input with below values as template and replace the sample with the values from your environment.

#*****BEGIN FILE*******
agentBeingTested.0.name=appl:1838
agentBeingTested.0.type=oracle_emd
agentBeingTested.0.defaultHostCred=NAME:SYSMAN:appl
agentBeingTested.1.name=orcldb:1838
agentBeingTested.1.type=oracle_emd
agentBeingTested.1.defaultHostCred=NAME:SYSMAN:orcl
#Add more agents
Mgmt_Rep_Outer.0.name=Management Services and Repository
Mgmt_Rep_Outer.0.type=oracle_emrep
Mgmt_Rep_Outer.0.defaultHostCred=NAME:SYSMAN:CREDNAME
util_loc=/home/oracle/SecureCommunicationScan/
dbusername=sysman
dbpasswd=XXX
connectstr=(DESCRIPTION\=(ADDRESS_LIST\=(ADDRESS\=(PROTOCOL\=TCP)(HOST\=orcldb)(PORT\=1613)))(CONNECT_DATA\=(SID\=OEMCC01l)))
#*******END FILE********

 

$OMS_HOME/bin/emcli submit_procedure -name=CheckForMD5Usage -input_file=data:/home/oracle/CheckForMD5Usage.input

Run the command below to create a new OEM Certificate Authority

[oracle@orcl ~]$ $OMS_HOME/bin/emctl secure createca
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Creating CA… Started.
Enter Enterprise Manager Root (SYSMAN) Password :
Successfully created CA with ID 2

Please stop OMS and restart

[oracle@orcl ~]$ $OMS_HOME/bin/emctl stop oms
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Stopping Oracle Management Server…
Oracle Management Server Successfully Stopped
Oracle Management Server is Down
JVMD Engine is Down

[oracle@orcl ~]$ $OMS_HOME/bin/emctl start oms
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Starting Oracle Management Server…
WebTier Successfully Started
Oracle Management Server Successfully Started
Oracle Management Server is Up
JVMD Engine is Up
Starting BI Publisher Server …
BI Publisher Server Already Started
BI Publisher Server is Up

Check the login now with SYSMAN

[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli login -username=SYSMAN
Enter password :

Login successful

Please secure all clients now

[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli get_ca_info -details > agentlist.txt

Let us check the agentlist.txt file and secure agent using below command for each hosts where agents are running.

[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli secure_agents -agt_names=”appl:3872″ -username=”oracle” -password=”XXX”
Summary :
Number of valid agents provided for secure : 1, Filtered : 0, Selected : 1
Details :
Number of agents provided for secure (input) : 1
After merging and removing invalid/duplicate agents : 1

Job “SECUREAGENTS JOB 2016-Dec-22 01:48:37” submitted for securing 1 agents
Job ID: 443A783632C06169E0531224540AF536
Execution ID: 443A783632C36169E0531224540AF536

Please check the list now

Please make a report now which will show list of clients already secured.

[oracle@orcl ~]$ /u01/app/oemcc/middleware/bin/emcli get_ca_info -details

Info about CA with ID: 1
CA is not configured
Signature algorithm : sha512
Key strength : 1024
DN: CN=orcl, C=US, ST=CA, L=EnterpriseManager on orcl, OU=EnterpriseManager on orcl, O=EnterpriseManager on orcl
Serial# : -2835457060041615466
Valid From: Wed Nov 09 09:50:34 PET 2016
Valid Till: Sun Nov 08 09:50:34 PET 2026
There are no Agents registered with CA ID 1

Info about CA with ID: 2
CA is configured
Signature algorithm : sha512
Key strength : 1024
DN: CN=orcl, C=US, ST=CA, L=CA2, OU=EnterpriseManager on orcl, O=EnterpriseManager on orcl
Serial# : -4458307202098057612
Valid From: Tue Dec 20 03:12:48 PET 2016
Valid Till: Sat Dec 19 03:12:48 PET 2026
Number of Agents registered with CA ID 2 is 16
app:3872
dbl:3872

Now please secure OMS now

[oracle@orcl ~]$ $OMS_HOME/bin/emctl secure oms -console
Oracle Enterprise Manager Cloud Control 13c Release 1
Copyright (c) 1996, 2015 Oracle Corporation. All rights reserved.
Securing OMS… Started.
Enter Enterprise Manager Root (SYSMAN) Password :
Enter Agent Registration Password :
Securing OMS… Successful
Restart OMS

Please proceed next.

Please check which plugins will be upgraded.

Select any additional plug-ins you want to deploy, then click the “Next” button.

Enter the WebLogic details, then click the “Next” button. Just add a number on to the end of the OMS Instance Base Location specified by default. I used “/u01/app/oemcc13cR2/gc_inst”.

BI published to share location is disabled.

Accept the default ports by clicking the “Next” button.

Please review information, click the “Upgrade” button.

Wait while the installation and configuration take place.

When prompted, run the root scripts, then click the “OK” button.

Make note of the URLs, then click the “Close” button to exit the installer

This information is also available at:

/u01/app/oemcc13cR2/Middleware/install/setupinfo.txt

Please review the URL now.

See the following for information pertaining to your Enterprise Manager installation:

Use the following URL to access:

1. Enterprise Manager Cloud Control URL: https://orcl:7803/em
2. Admin Server URL: https://orcl:7102/console
3. BI Publisher URL: https://orcl:9803/xmlpserver

The following details need to be provided while installing an additional OMS:

1. Admin Server Host Name: orcl
2. Admin Server Port: 7102

You can find the details on ports used by this deployment at : /u01/app/oemcc13cR2/Middleware/install/portlist.ini

NOTE:
An encryption key has been generated to encrypt sensitive data in the Management Repository. If this key is lost, all encrypted data in the Repository becomes unusable.

A backup of the OMS configuration is available in /u01/app/oemcc13cR2/gc_inst/em/EMGC_OMS1/sysman/backup on host orcl. See Cloud Control Administrators Guide for details on how to back up and recover an OMS.

NOTE: This backup is valid only for the initial OMS configuration. For example, it will not reflect plug-ins installed later, topology changes like the addition of a load balancer, or changes to other properties made using emctl or emcli. Backups should be created on a regular basis to ensure they capture the current OMS configuration. Use the following command to backup the OMS configuration:
/u01/app/oemcc13cR2/Middleware/bin/emctl exportconfig oms -dir <backup dir>

Please upgrade the agent now

 

Please run root.sh from following directory in OEMCC Cloud control server.

cd /u01/app/oemcc/agent/agent_13.2.0.0.0
sh root.sh

Please run root.sh to all client servers

For other added servers:-

Please run root.sh in all agents

[root@olg1prbscsdbf02 agent_13.2.0.0.0]#
cd /u01/oemcc/agent_13.2.0.0.0

sh root.sh

Reference:-

EM 13.2: SHA2 Certificate Pre-upgrade Verification for OMS & Agent (Doc ID 2179909.1)

Click to access EMUPG.pdf