Adop fs_clone fails with OutOfMemoryError: Java Heap Space Error

Exact Error:

Exception in thread “Thread-1” java.lang.OutOfMemoryError: GC overhead limit exceeded

Solution:

$export CONFIG_JVM_ARGS=”-Xms1024m -Xmx2048m”

$echo $CONFIG_JVM_ARGS
-Xms1024m -Xmx2048m

re-run went fine.

adop phase=fs_clone force=Yes

TNS: Lost Contact ORA-12547

Triggering following error when connect using Sql*Plus

ERROR:
$sqlplus  "/as sysdba"
SQL*Plus: Release 11.1.0.7.0 – Production on Wed May 21 12:46:06 2019
Copyright (c) 1982, 2008, Oracle. All rights reserved.
ERROR:
ORA-12547: TNS:lost contact

CAUSE:

1) to kernel parameters settings
2) Incorrect permissions on the ORACLE executable
3) Insufficient ulimit setting for stack
4) $ORACLE_HOME/rdbms/lib/config.o is 0 bytes
5) Oracle binaries have not been linked correctly

SOLUTION:

1) Please check the notes below that provide the required settings for kernel parameters
Note 169706.1 Oracle Database on AIX,HP-UX,Linux,MacOSX,Solaris,Tru64

2) Please check permissions by running:

$ cd $ORACLE_HOME/bin
$ ls -l oracle
The output should show the correct permission which is:

-rwsr-s–x 1 oracle dba

If not, then please execute the following to correct the permissions:
$ cd $ORACLE_HOME/bin
$ chmod 6751 oracle
$ ls -l oracle

3) Check the current ulimit setting for stack:

ulimit -a

Check the install guide for your specific platform and version of Oracle and set the stack appropriately.

4) Check to ensure the following two files are not 0 bytes:

$ORACLE_HOME/bin/oracle
$ORACLE_HOME/rdbms/lib/config.o

If yes, rename the following file:

$ cd $ORACLE_HOME/rdbms/lib
$ mv config.o config.o.bad

Then, relink the oracle binary:
$ relink oracle

5) Check the alert log for any errors (ORA-00020: maximum number of processes) and solve.

select * from v$resource_limit and check maximum utilization and limit values.

RESOURCE_NAME      MAX_UTILIZATION LIMIT_VALUE
————-           ————————– ————————–
processes      350                350
sessions      380                380

6) If the above does not resolve I suggest that you shutdown the database and listener and then “relink all”

Please refer the ORACLE SUPPORT DOCUMENT ID 422173.1

Deploy an Application using WebLogic Server Administration Console:

1.Login to the administrative console with the administrative credential:
http://host_name:7001/console/

2.Click the Lock&Edit button in the Change Center section to set the server to edit mode.

Want to prevail other user from modifying the my session while i am working on it so i will lock it.

3.Click the Deployments link in the Domain Structure section.

4.In the Summary of Deployments section, click the Install button. The Install Application Assistant opens.

5.Click the upload your file(s) link.

6.Click Next to upload the file to the Oracle WebLogic Server server.

7.Click the radio button next to the ABC.ear file, and Next to continue the deployment.

8.Accept the default value to install this deployment as an application and click Next.

What type of application it is:
install this deployment as an application>> If installing war file, ear file

install this deployment as a Library>> If we deploy ".jar file" so it like king of api or its kind of services

9.Select deployment target.(on which managed server wanted to deploy.

10.Accept all other default values and click Finish to start the deployment process.

Here will be all configuration related information:

1. If wanted we can change the name of the application.
2.What kind of security module wanted to use, DDA only, custom role, and policies, advance etc.
3.Security which can be updated later on.
4.How should this source file made accessible.
5. Plan accessibility.

Now Start the Deployment which is in prepared state, Go to deployments, click on control, click ‘Start’ button. Select ‘Servicing all requests’. Click Yes to continue.

Now the Deployment state comes to ACTIVE status.

Steps to apply patch using ADOP:

1) Download and unzip the patch, Please go through the patch readme before proceeding with patching activity.
2) Source the environment.
$ source <run APPL_TOP path>/APPS<CONTEXT_NAME>.env
3) Check the adop status using below command.
$ adop -status

4) Prepare the system for patching.
$ adop phase=prepare

5) Apply the patch to patch edition.
$ adop phase=apply patches=<patch number>

4) After patch has been applied successfully, Complete with the below patch cycles.
$ adop phase=finalize
$ adop phase=cutover
$ adop phase=cleanup

5) Synchronize the file system, which copy the new run edition code and configuration to the patch file system.
$ adop phase=fs_clone

dbaascli Utility:

dbaascli utility is to perform a variety of life-cycle and administration operations.

Using the dbaascli utility,we can perform:

• Change the password of a database user.
• Start and stop a database.
• Start and stop the Oracle Net listener
• Check the status of the Oracle Data Guard configuration.
• Perform switchover and failover in an Oracle Data Guard configuration.
• Patch the database deployment.
• Perform database recovery.
• Rotate the master encryption key.

Command:

# dbaascli subcommand subcommand-options

Subcommand        Subcommand Options
database                  bounce – shuts down and then restarts the database instance.
                                changepassword – changes the password of the specified user.
                                start– starts the database instance and opens the database.
                                status – displays the open mode of the database and additional information about                                               the database deployment.
                                stop – shuts down the database instance.
--------------------------------------------------------------------------------------------------------------------------
dataguard                 failover – performs a manual failover.
                                 reinstate – reinstates a failed primary database.
                                 status – checks the status of the configuration.
                                 switchover – performs a switchover operation.
--------------------------------------------------------------------------------------------------------------------------
dbpatchm               apply – applies the patch.
                              clonedb – applies a patch to a test deployment.
                              list_patches – displays a list of available patches.
                              list_tools – checks whether any cloud tooling updates are available.
                              prereq – checks the prerequisites of a patch.
                              rollback – rolls back the last deployment patch.
                              switchback – restores database software to a prior state.
                              toolsinst – downloads and applies the patch containing the cloud tooling update.
--------------------------------------------------------------------------------------------------------------------------
dv                        off – disables Oracle Database Vault.
                            on– enables Oracle Database Vault.
--------------------------------------------------------------------------------------------------------------------------
gg                       setup – configures the database as a valid replication database.
                           status – indicates whether the database has been configured as a valid replication                                               database.
--------------------------------------------------------------------------------------------------------------------------
listener                bounce – stops and restarts the listener.
                            start – starts the listener.
                            status – displays the status of the listener, including a summary of listener                                                           configuration settings, listening protocol addresses, and a summary of                                                   services registered with the listener.
                            stop – stops the listener.
--------------------------------------------------------------------------------------------------------------------------
netsec                  config – configures network encryption and network integrity.
                            config encryption– configures network encryption.
                           config integrity – configures network integrity.
                           status – displays network encryption and network integrity configuration                                                             information.
--------------------------------------------------------------------------------------------------------------------------
orec                   duplicate – updates the standby database in a Data Guard configuration.
                          keep list – lists the available long-term backups.
                          keep tag – restores a specific long-term backup and performs recovery.
                         latest – restores the most recent backup and performs complete recovery.
                         list – lists the available normal backups.
                         pitr – restores a specific normal backup and performs recovery.
                         scn – restores the most recent backup and performs recovery through the specified                                        SCN.
--------------------------------------------------------------------------------------------------------------------------
patch                 db apply – applies the database patch.
                          db cleanup – removes temporary files created during database patching operations.
                          db list – displays a list of available database patches.
                          db prereq – checks whether any database updates are available.
                          db switchback – rolls back the last database patch.
                          os apply – applies the OS patch.
                          os list – displays a list of available OS patches.
                          tools apply – downloads and applies the patch containing the cloud tooling update.
                          tools auto disable – disables automatic cloud tooling updates.
                          tools auto enable – enables automatic cloud tooling updates.
                          tools auto execute – downloads and applies the patch containing the latest cloud                                                                     tooling update.
                          tools auto status – checks whether automatic cloud tooling updates are enabled or                                                              disabled.
                          tools list – checks whether any cloud tooling updates are available.
--------------------------------------------------------------------------------------------------------------------------
tde                     rotate masterkey – changes (rotates) the master encryption key.
                          status – displays information about the software keystore, including the type and                                                status.

How Oracle Cloud Infrastructure resources are identified:

These are the different ways,Oracle Cloud Infrastructure resources are identified.

Oracle Cloud IDs (OCIDs):

Most types of Oracle Cloud Infrastructure resources have an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID).
It's included as part of the resource's information in both the Console and API.

To use the API, you need the OCID for your tenancy.

OCIDs syntax:

ocid1.<RESOURCE TYPE>.<REALM>.[REGION][.FUTURE USE].<UNIQUE ID>

where,

ocid1: The literal string indicating the version of the OCID.
resource type: The type of resource (for example, instance, volume, vcn, subnet,user, group, and so on).
realm: The realm the resource is in. A realm is a set of regions that share entities. The only possible value is oc1.
region: The region the resource is in (for example, phx, iad, eu-frankfurt-1). With the introduction of the Frankfurt region, the format switched from a three-character code to a longer string. This part is present in the OCID only for regional resources or those specific to a single availability domain. If the region is not applicable to the resource, this part might be blank.
future use: Reserved for future use. Currently blank.
unique ID: The unique portion of the ID. The format may vary depending on the type of resource or service.
OCIDs Example:

Tenancy:
ocid1.tenancy.oc1..ccccccccba3pv6wkcr4jqae5f44n2b2m
Instance:

ocid1.instance.oc1.phx.abuw4ljrlsfiqw9vzzxb43vyypt4pkodawglp9wqxj

Where to get Tenancy's OCID:

Get the tenancy OCID from the Oracle Cloud Infrastructure Console on the Tenancy Details
page:
1. Open the navigation menu, under Governance and Administration, go to
Administration and click Tenancy Details.

2. The tenancy OCID is shown under Tenancy Information. Click Copy to copy it to your clipboard.

The tenancy OCID looks something like this (notice the word "tenancy" in it):
ocid1.tenancy.oc1..<unique_ID>

Name and Description (IAM Only):

The IAM service requires you to assign a unique, unchangeable name to each of your IAM resources (users, groups, policies, and compartments).The name must be unique.

This requirement is specific to IAM and not the other services.

Names can be used instead of the OCID when writing a policy (for example, Allow
group <GROUP NAME> to manage all-resources in compartment <COMPARTMENT NAME>).

In addition to the name, assign a description to each of your IAM resources(although it can be an empty string). The description does not have to be unique and can be changed whenever required.

Display Name:

The OCI resources we create (other than those in IAM),you can optionally assign a display name.name does not have to be unique and changable it whenever you like.

Resource Tags:

When you have many resources (for example, instances, VCNs, load balancers, and block volumes) across multiple compartments in your tenancy, it can become difficult to track resources used for specific purposes, or to aggregate them, report on them, or take bulk actions on them. Tagging allows you to define keys and values and associate them with resources. You can then use the tags to help you organize and list resources based on your business needs.

There are two types of tags:
Defined tags are set up in your tenancy by an administrator. Only users granted permission to work with the defined tags can apply them to resources.

Free-form tags can be applied by any user with permissions on the resource.

"_ORACLE_SCRIPT" Parameter in oracle 12c

"_ORACLE_SCRIPT"  Parameter  in oracle 12c:

 It used for creating users in 12c pdbs and cdbs without the specification of c## in front of their name.

Suppose you are trying to do an import of users and schema from 10g , 11g to 12c container, creation of users would fail if that parameter is not set to true.

 

Warning:

It is undocumented parameter.

"_ORACLE_SCRIPT"=TRUE PARAMETER Should not be Invoked by Users (Doc ID 2378735.1)

rman full back script

#!/bin/bash
#set -x
#####################################################################
# Script name   : rman_script.bash
# Verison       : 1.0
# Created By    : mmr
# Created Date  : 1st Feb 2018
# Modified By   :
# Modified Date :
# Description   : Script used for take rman backups
#####################################################################
. /u01/PRD/oracle/product/12.1.0.2/PRD_hostname.env

my_sid=$ORACLE_SID
date=`/bin/date +%d%B%Y%H%M`
localv="${my_sid}"_"FULLBKP_"`date +%d%b%Y`
rmanlog="RMAN_"FULL"_"${my_sid}"_"`date +%d%b%Y`".log"
mkdir -p /u01/PRD/backup/$localv

echo "" >> /u01/PRD/backup/$localv/rmanbackup_time.log
echo "" >> /u01/PRD/backup/$localv/rmanbackup_time.log
echo "RMAN Backup started  on `date`" >> /u01/PRD/backup/$localv/rmanbackup_time.log

export NLS_DATE_FORMAT='DD-MON-YYYY HH24:MI:SS'
rman log=/u01/PRD/backup/$localv/$rmanlog target / <<EOF
RUN
{
ALLOCATE CHANNEL ch00 TYPE DISK
ALLOCATE CHANNEL ch01 TYPE DISK;
ALLOCATE CHANNEL ch02 TYPE DISK;
ALLOCATE CHANNEL ch03 TYPE DISK;
ALLOCATE CHANNEL ch04 TYPE DISK;
ALLOCATE CHANNEL ch05 TYPE DISK;
ALLOCATE CHANNEL ch06 TYPE DISK;
ALLOCATE CHANNEL ch07 TYPE DISK;
ALLOCATE CHANNEL ch08 TYPE DISK;
ALLOCATE CHANNEL ch09 TYPE DISK;
BACKUP AS COMPRESSED BACKUPSET
TAG PRDu01_FULL_BKP
FILESPERSET 10
FORMAT '/u01/PRD/backup/$localv/%d_db_u%u_s%s_p%p_t%t_db'
DATABASE plus archivelog;
RELEASE CHANNEL ch00;
RELEASE CHANNEL ch01;
RELEASE CHANNEL ch02;
RELEASE CHANNEL ch03;
RELEASE CHANNEL ch04;
RELEASE CHANNEL ch05;
RELEASE CHANNEL ch06;
RELEASE CHANNEL ch07;
RELEASE CHANNEL ch08;
RELEASE CHANNEL ch09;
}
sql 'alter system archive log current';
run{
ALLOCATE CHANNEL ch00 TYPE DISK;
BACKUP FORMAT '/u01/PRD/backup/$localv/%d_db_u%u_s%s_p%p_t%t_db'  CURRENT CONTROLFILE;
RELEASE CHANNEL ch00;
}
EOF

echo "RMAN BACKUP  ends at `date`" >> /u01/PRD/backup/$localv/rmanbackup_time.log
echo -e "\n"
echo "RMAN logfile: /u01/PRD/backup/$localv/$rmanlog"
echo -e "\n"
echo "******* Exiting script sucessfully !!!! **************"
echo -e "\n"
exit 0;

R12.2 Apache and Weblogic log file locations:

Apache Logs:
============

$IAS_ORACLE_HOME/instances/*/diagnostics/logs/OHS/EBS_web_*/*log

OPMN Log:
=========
$IAS_ORACLE_HOME/instances/*/diagnostics/logs/OPMN/opmn/*

Weblogic Logs:
==============

$IAS_ORACLE_HOME/../wlserver_10.3/common/nodemanager $EBS_DOMAIN_HOME/servers/oa*/logs/*
$EBS_DOMAIN_HOME/servers/forms*/logs/*
$EBS_DOMAIN_HOME/servers/AdminServer/logs/*
$EBS_DOMAIN_HOME/sysman/log/*

Overview of Single Sign-On Integration Options for Oracle E-Business Suite

Oracle Directory Services refers to both Oracle Internet Directory and Oracle Unified Directory.

Oracle has two single sign-on solutions, Oracle Access Manager and Oracle Single Sign-On Server (OSSO).Oracle Access Manager is the preferred solution and forms the basis of Oracle Fusion Middleware 11g. Premier Support for Oracle Single Sign-On ended on December 31, 2011, and all Oracle Single Sign-On users should migrate to Oracle Access Manager. Oracle Single Sign-on Server (OSSO) is no longer being actively developed, and will not be ported to Oracle WebLogic Server.

Oracle Internet Directory and Oracle E-Business Suite user information in FND_USER is synchronized by synchronization events raised by the Workflow-based Business Event System.

Oracle E-Business Suite is not certified to function directly with third-party Access Management products or third-party LDAP products.  Due to dependencies in the integration, Oracle Access Manager and Oracle Internet Directory are mandatory components when integrating with third-party access management systems and third-party LDAP directories.

Oracle Access Manager WebGate is a component of Oracle Access Manager that intercepts HTTP requests and redirects them to the Oracle Access Manager server to determine if and how the resources are allowed to be accessed, and to authenticate the current user if authentication is required.

Oracle E-Business Suite AccessGate is a Java EE application responsible for mapping a single sign-on user to an Oracle E-Business Suite user, and creating the Oracle E-Business Suite session for that user. This application is deployed to a WebLogic Server instance, and is separate from Oracle E-Business Suite.

Various SSO component(OAM EBS Integration Components:):

Oracle Internet Directory (OID):
=================================

Oracle Internet Directory (OID) is Lightweight Directory Access Protocol (LDAP) server from Oracle where all enterprise users are stored. Users in OID are synchronized with users in EBusiness Suite (EBS) using Directory Integration Platform (DIP).Oracle Access Manager(OAM) should use LDAP Server (like OID or Oracle Virtual Directory- OVD pointing to this OID) as its identity store for authentication. There are various version of OID like 10g & 11g(11.1.1.2/3/4/5/6/7), as of Oct 2013 latest OID version is 11.1.1.7. Recommended to use OID version 11.1.17 to integrate with Oracle E-Business Suite R12.1.x/R12.2.x

Directory Integration Platform (DIP):
=======================================

Directory Integration Platform (DIP) 11g is J2EE application deployed on WebLogic server and used for provisioning/synchronization of users/groups across other LDAP servers and applications. DIP consists of two type of engine, Synchronization and Provisioning. Synchronization component is used to sync users/groups between OID and other LDAP servers like Microsoft Active Directory (MS-AD) or IBM Directory Server. Provisioning is used to sync OID with applications like EBS, Portal, and Collaboration Suite. For user synchronization between OID and EBS, DIP uses its provisioning component.

Oracle Directory Services Manager (ODSM):
==========================================

Oracle Directory Services Manager (ODSM) is a web application deployed on WebLogic server and used to manage OID using web browser. Using ODSM you can configure/manage OID, and create/delete users/groups.

Oracle WebLogic Server (WLS)
============================

Oracle WebLogic Server (WLS) is J2EE Application Server from Oracle. WebLogic Domain is logical component in which all resources (Admin Server, Managed Server, Java Database Connectivity(JDBC), Java Messaging Server(JMS)) are deployed/configured. WebLogic Domain consists of one and only one Admin Server and zero or more managed server.

Oracle Access Manager (OAM):
============================
Oracle Access Manager is a J2EE application deployed on Weblogic Server and used as Authentication & Authorization Server. OAM Server consists of OAM Server deployed on WebLogic Managed Server (default port 14100). There is OAM-Proxy server running in background on default port 5575. Agents (WebGate) connect to OAM-Proxy Port. OAMConsole is web application deployed on WebLogic Admin Server (default port 7001). OAM Console application is used to manage configuration, and define/manage policies, authentication schemes.
OAM Configuration is stored in XML file (oam-config.xml) on server and contains all OAM configuration like server name, port, webgate details, and audit store details. If we want to change the admin server port, then we need to shut down admin server and managed server first, then we need to change the listen port under config.xml file and start the admin, managed servers to take the new port. OAM Policy Store is a repository (database) which stores policy (details like which URL is protected and using what authentication/authorization schemes)

Oracle HTTP Server (OHS):
=========================
Oracle HTTP Server is a Web Server from Oracle on which Web Gate is deployed. Users are redirected from EBS Middle Tier to this server for authentication (URL of this server is configured in EBS Profile option “Application Authentication Agent”). OHS acts as proxy server to WebLogic Server on which EBS AccessGate (EBS-AG) is deployed. This OHS server also has mod_wl_ohs configured to forward request to WebLogic Server where Oracle EBusiness Suite AccessGate (EBS-AG) is deployed. E-Business Suite R12 comes with its own OHS server, OHS server mentioned here is different OHS server than one shipped with EBS R12 technology stack.

 Webgate:
===========

WebGates are policy enforcement agents that act as a filter for HTTP requests and communicate with Oracle Access Manager authentication and authorization services.

Webgate is nothing but a policy enforcement point and role of it is any request thats comming to EBS,it will first take that request to oracle access manager for authenticatiocation and authorization.

Web Gate is a web server plug-in (deployed with WebServer like Apache, OHS, IHS) which intercepts user's request and send it to Oracle Access Manager Server to check if user is authenticated/authorized to access requested resource. Web Gate is installed on same machine as WebServer (OHS) and webgate configuration settings are pointed OHS configuration file(httpd.conf). For Web Gate to work an instance of Web Gate must be configured in OAM Server using Remote Registration (REG) utility or OAMConsole and Web Gate must be installed with OHS using same user as OHS.

mod_wl_ohs:
============
This is module in Oracle HTTP Server (OHS) which forward request from OHS to WebLogic
Server where EBS Access Gate is deployed as defined in mod_wl_ohs.conf

Access Gate:
=============

It is nothing but a Java application that comes as a part of patch for oracle EBS thats get deployed on the weblogic server and the role of it is once authentication is is successfull with oracle access manager and request comes back to the EBS application tier with the authenticated used id Access gate will take this user id , connect with EBS database, validate this user one more time to see if user exist in EBS , fnd_users table and if user exist it will link this user with user authenticated came from OAM.Then it will create a session in EBS and allow to access application tier.

EBS AccessGate (EBS-AG) is a Java EE Application that maps a Single Sign-On user (authenticated via OAM) to an Oracle E-Business Suite user (stored in FND_USER table), and creates E-Business Suite session for that user. EBS-AG is deployed on WebLogic Server using ANT script which creates a web application and JDBC connection to EBS Database. Login Page for E-Business Suite is also configured as part of EBS AG.

Profile Option:
================
Profile Option is used in E-Business Suite to update behavior of environment. Profile option which are used in Oracle E-Business Suite are Application SSO Type and Application Authentication Agent.

Application SSO Type (APPS_SSO) - This profile option can be set only at site level from one of four values SSWA, Portal, SSWA w/SSO or Portal w/SSO. To inform E-Business Suite that Single Sign-On is configured and redirect user to Single Sign-On Page and not to Local Login page, set this profile option to either SSWA w/SSO or Portal w/SSO

Application Authentication Agent (APPS_AUTH_AGENT) –
When this profile option is set with "Application SSO Type", user is redirected page generated from this profile option. Lets assume value of profile option "Application SSO Type" is set to http://ohsserver:ohsport/ebsauth_dev/,  then user will be redirected to page http://ohsserver:ohsport/ebsauth_dev/OAMLogin.jsp. Value of profile option "Application Authentication Agent " is set to format http://server:port/<context_root> where server is name of server where Oracle HTTP Server (OHS) with Web Gate is installed, port is OHS Listen Port and context_root is context root defined during AccessGate configuration.

================

1.EBS R12.2 with

•   Access gate
•   Webgate

2.Oracle Access Manager

3.Oracle directory server

  OID(oracle internet directory)
  or
  OUD(oracle unified directory)

Request Flow for E-business Suite integrated with OAM/OID:
==========================================================

User will try to access EBS, they will hit oracle http server there webgate will intercept user request and forward the same request to oracle access manager , OAM will have its own database where policy will be defined arround oracle EBS url to be protected and protected by what authentication scheme,user will be redirected to OAM login page thats generated by or came from policy defined in OAM during integration. once user type credential and submitted to OAM, OAM will pick that user id and password and submitted to the OID for validation user id and password. Once OIDsay authentication is successfull a session will be created in OAM then authenticated user id and one thing that is guid(global user id), these two details will be sent to the webgate then this request will be intercepted by accessgate , Accessgate will pickup the authenticated user id and global user id and take these two details with EBS database, it will again check against the fns_users table and if a user is found with same GUID then a link is being made, then a ICx session will be created at database and a session at application tierand aftre that user can access EBS directy without going to OAM.

1.User access E-Business Suite URL http://<ebs_mid_tier>:<ebs_ohs_port> or http://<ebs_mid_tier>:<ebs_ohs_port/OA_HTML/AppsLogin . EBS checks
that profile option “Application SSO Type” is set to Portal w/SSO or SSWA w/SSO
(w/SSO signifies that EBS is integrated with Single Sign-On Server).

2.EBS then check value of profile option “Application Authentication Agent” (value is set to 
http://<ohs_with_wg>:<ohs_with_wg:port>/<context_root>/ , where <context_root>
is value set during E-Business Suite Access Gate Deployment) and redirect user to value
set for “Application Authentication Agent”.

3.Web Gate deployed with OHS server then check if any token (Cookie) is available in user session
and forwards this request to OAM server for validation.

4.OAM server will then check authentication URL configured for Web Gate (Host:Port or Host 
Identifier) and redirect user to authentication page configured by authentication
URL. User will then type username/password, which OAM will validate against OAM’s
identity store (Oracle Internet Directory). Oracle Internet Directory will validate
username and password against UID (login attribute) and userPassword (password
attribute)

5.On successful authentication OAM will forward response back to WebGate with generate
Cookie

6.Web Gate will then redirect user to E-Business Suite Access Gate for user validation or user
Mapping

7.E-Business Suite Access Gate will take this user ID and map/validate against user in
EBusinessSuite (FND_USER)

8. On successful validation response is returned back to Web Gate
9. Web Gate will forward response to user
10.User with token/cookie from WebGate/Access Gate to E-Business Middle Tier
11. E-Business Suite Middle Tier will generate E-Business Suite specific cookie to user and in subsequent requests, user talks directly to Oracle E-Business Suite until explicit log out or timeout
   Note: User in E-Business Suite (FND_USER) are synchronized with Oracle Internet Directory using Directory Integration Platform’s Provisioning Framework.

==================

Here is a overview of Steps to configure OAM with EBS R12.1

Install Oracle HTTP Server ( OHS)  11g

Deploy & Configure Webgate on OHS 11g

Install Weblogic

Deploy & Configure Accessgate on Weblogic

Integrate Webgate, Accessgate with EBS and OAM/OID

R12.2 has both OHS and Weblogic built-in. So we no longer have to Install OHS and Weblogic for Webgate and Accessgate.

All we have to do is Deploy and Configure Webgate and Accessgate.

Webgate is deployed on top of R12.2 OHS 11g home. Accessgate is deployed as a separate managed server ( oaea_server1 )  on top of R12.2 weblogic.

Oracle EBS native authentication works on FND_USER table which saves the user ID and password, every user gets authenticated to the table using API. 

Authentication is the process by which you verify that someone is who they claim to be. Usually this involves a username and a password. An unauthenticated user is one who has not yet provided credentials in the form of a username and password. 

Authorization is the process of determining whether the person, once identified is permitted to have access to the resource. This is usually determined by finding out if that person is part of a particular group. 

Oracle has two single sign-on solutions, Oracle Access Manager and Oracle Single Sign-On Server (OSSO).

 Oracle Access Manager is the preferred solution and forms the basis of Oracle Fusion Middleware 11g. Premier Support for Oracle Single Sign-On ended on December 31, 2011, and all Oracle Single Sign-On users should migrate to Oracle Access Manager. Oracle Single Sign-on Server (OSSO) is no longer being actively developed, and will not be ported to Oracle WebLogic Server.

 

Architecturally, the single sign-on solutions with Oracle Access Manager or Oracle Single Sign-on are very similar. Both solutions authenticate a user by verifying credentials against a user directory. The user directory service for both solutions is Oracle Internet Directory. Oracle Internet Directory and Oracle E-Business Suite user information in FND_USER is synchronized by synchronization events raised by the Workflow-based Business Event System.

Integration with Oracle Access Manager 11g is achieved through agents and integration with Oracle E-Business Suite can be performed using one of two methods:

Method 1:  Uses the WebGate agent, in conjunction with Oracle E-Business Suite AccessGate.  This method is described in detail in Section 3.1.1.        

Method 2:  Uses the mod_osso agent, and is only for users upgrading from Oracle Single Sign-On Server 10gR3.  This method is described in detail in Section 3.1.2.

 

-------

http://dbafix.blogspot.com/2021/06/oracle-ebs-integration-with-oracle-idcs.html

Updated: Why Does EBS Integration with Oracle Access Manager Require Oracle Internet Directory? >>

https://blogs.oracle.com/ebstech/post/updated-why-does-ebs-integration-with-oracle-access-manager-require-oracle-internet-directory

How to list the applied Patches in Weblogic:

To find List the applied patches in weblogic,do the following.

For Versions Prior 10.3:

Go to your MW_HOME/utils/bsu directory
Run the following command

./bsu.sh -report

Note* If you get any error like “unable to access patch-client.jar” – Execute the setWLSEnv.sh from WL_HOME/server/bin script and retry

For weblogic 12c and above:

Goto MW_HOME/OPatch/ directory
Run the following command
./opatch lspatches

If you are not aware of what is your MW_HOME and what is your WL_HOME.

Look for the weblogic.jar file in your filesystem

$ find /apps -name "weblogic.jar"
/apps/oracle-weblogic/wls12213/wlserver/server/lib/weblogic.jar

WL_HOME = Parent directory of server/lib/weblogic.jar 

therefore /apps/oracle-weblogic/wls12213/wlserver/ is WL_HOME

MW_HOME = Parent directory of WL_HOME

therefore /apps/oracle-weblogic/wls12213 is my MW_HOME

Ways To Find Oracle Weblogic Version:

There are at least 3 different ways to find the version of Oracle Weblogic Server:


1.Using the registry.xml file located in your MW_HOME directory.
Look for a line similar to:
<component name=”WebLogic Server” version=”10.3.4.0″ InstallDir=”/u01/weblogic/Oracle/Middleware/wlserver_10.3″>

2.Using the .product.properties file located in your WLS_HOME directory.
example: /u01/weblogic/Oracle/Middleware/wlserver_10.3 or E:\Oracle\Middleware\wlserver_10.3
Look for a line similar to:
WLS_PRODUCT_VERSION=10.3.4.0

3.Using the Oracle Weblogic Server Administration Console
Use the left hand menu to navigate to Environment -> Servers.� Then, click the [Monitoring] tab. You should see a screen similar to the one below:

Apply patches in 12.2 in downtime mode

Check Patches:
SELECT DISTINCT RPAD(a.bug_number,
11)|| RPAD(e.patch_name,
11)|| RPAD(TRUNC(c.end_date),
12)|| RPAD(b.applied_flag, 4)  BUG_APPLIED
FROM
apps.ad_bugs a,
apps.ad_patch_run_bugs b,
apps.ad_patch_runs c,
apps.ad_patch_drivers d ,
apps.ad_applied_patches e
WHERE
a.bug_id = b.bug_id AND
b.patch_run_id = c.patch_run_id AND
c.patch_driver_id = d.patch_driver_id AND
d.applied_patch_id = e.applied_patch_id AND
a.bug_number in  ('23199810','22748721')
ORDER BY 1 DESC;

select ADOP_SESSION_ID, BUG_NUMBER, STATUS, APPLIED_FILE_SYSTEM_BASE, PATCH_FILE_SYSTEM_BASE, ADPATCH_OPTIONS, NODE_NAME, END_DATE, CLONE_STATUS
from ad_adop_session_patches
order by end_date desc;

Precheck: Spool in file

select count(*) from dba_objects where status='INVALID';

select object_type,count(*) from dba_objects where status='INVALID' group by object_type;



Apply patches in 12.2 in downtime mode::::::::::::::

Bring down services: and start with below:

adop phase=apply patches=22748721 apply_mode=downtime

In case of many patch with merge option:

adop phase=apply patches=23199810,23199810_PTB:u23199810.drv,23199810_DK:u23199810.drv,23199810_NL:u23199810.drv,23199810_F:u23199810.drv,23199810_D:u23199810.drv,23199810_HU:u23199810.drv,23199810_I:u23199810.drv,23199810_PL:u23199810.drv,23199810_PT:u23199810.drv,23199810_RU:u23199810.drv,23199810_ZHS:u23199810.drv,23199810_E:u23199810.drv,23199810_ZHT:u23199810.drv merge=yes apply_mode=downtime

OCI Q/A

Q.What are regions, availability domains, and fault domains?

Oracle Cloud Infrastructure is hosted in regions, each of which contain at least three availability domains. A region is simply a geographic area, such as “Germany” or “US West.”

An availability domain is an isolated, fault-tolerant set of resources consisting of at least one data center. Availability domains don't share infrastructure such as a building, power, or cooling. A failure in one availability domain is unlikely to impact the availability of other availability domains.

A fault domain is a grouping of hardware and infrastructure within an availability domain. Fault domains let you distribute your instances so they're not on the same physical hardware within a single availability domain, thereby introducing another layer of fault tolerance. Each availability domain contains three fault domains. A hardware failure or maintenance on Compute hardware that affects one fault domain doesn't affect instances in other fault domains.

Q. Which Resource is tied to an AD?
1.VCN
2.Route Table
3.Security List
4.Block Volume   
5.Autonomous Data Warehouse.

Answer: 4.Block Volume.

Q.Where are IAM Resources (such as user and group) created?
1.Globally
2.In each region.
3.In each compartment.
4.In each Availability Domain.

Answer: 1.Globally.

Q.Can I attach block storage volumes to a bare metal server DB system?
No, you cannot attach block storage volumes to a bare metal server DB system. However, the Database Cloud Service on virtual machines services uses remote block volumes for databases that are completely managed by the platform.

Q.Does the 2-node RAC shape span across Availability Domains (AD)?
No, the 2-node RAC shape is a set on two servers within the same AD but different racks. Storage is shared across both instances. This set up protects against hardware failures on the instance. For higher availability, we recommend that your set up another 2-node RAC shape in a separate AD.

Q.Which is a customer’s responsibility on an Oracle Cloud Infrastructure database?
A.patching the database and OS

B.creating the first default database on the DBCS server

C.creating an ASM diskgroup for data file or temp file storage

D.installing the operating system (OS), Grid Infrastructure, and database software

Answer: A

Key Concepts and Terminology of Oracle Cloud Infrastructure:

Organizations today can choose between two types of clouds. Traditional clouds offer virtual machines (VMs) that are extremely easy to use but abstract disk, memory and CPU and come with a performance penalty. Bare metal clouds are essentially physical servers that can be deployed on demand and billed hourly.

BARE METAL HOST:
Oracle Cloud Infrastructure provides you control of the physical host (“bare metal”) machine.Bare metal compute instances run directly on bare metal servers without a hypervisor. When you provision a bare metal compute instance, you maintain sole control of the physical CPU, memory, and network interface card (NIC). You can configure and utilize the full capabilities of each physical machine as if it were hardware running in your own data center. You do not share the physical machine with any other tenants.
Bare metal is a single tenant server. This means only you are taking the resources of the server. The server belongs to you and you only.
With bare metal cloud, all of the resources of physical servers are dedicated to a single user and can offer better performance than a comparable virtualized server.

Some of the advantages of bare metal cloud services are:

• Resources dedicated to a single customer
• Greater processing power and input/output operations per second (IOPS)
• More consistent disk and network I/O performance
• Quality of Service (QoS) that guarantees elimination of the noisy neighbor problem in a multitenant environment.
benefit from bare metal is security.

***
Bare metal cloud infrastructure that lets you create networking, compute, and storage resources for your enterprise workloads.

Hypervisor:

What is a hypervisor and how does it differ from bare metal? A hypervisor is an operating system that can create virtual machines (VM) within a bare metal server.

REGIONS AND AVAILABILITY DOMAINS:

Oracle Cloud Infrastructure is hosted in regions and availability domains.A region is a localized geographic area, and an availability domain is one or more data centers located within a region.
A region is composed of one or more availability domains.
Availability domains are isolated from each other, fault tolerant, and very unlikely to fail simultaneously.
As availability domains do not share infrastructure such as power or cooling, or the internal availability domain network, a failure at one availability domain within a region is unlikely to impact the availability of the others within the same region.

Availability domains within the same region are connected to each other by a low latency, high bandwidth network.

***
Region:

Oracle Cloud Infrastructure is hosted in regions and availability domains. A region is a localized geographic area.A region is composed of one or more availability domains.
Regions are completely independent of other regions and can be separated by vast distances—across countries or even continents.

>>>Region: A region is comprised of isolated, completely independent data centers called availability domain.

availability domain:
Oracle Cloud Infrastructure is hosted in regions and availability domains. availability domain is one or more data centers located within a region.
Availability domains are isolated from each other, fault tolerant, and very unlikely to fail simultaneously.

Because availability domains do not share infrastructure such as power or cooling, or the internal availability domain network, a failure at one availability domain within a region is unlikely to impact the availability of the others within the same region.

The availability domains within the same region are connected to each other by a low latency, high bandwidth network, which makes it possible for you to provide high-availability connectivity to the internet and on-premises, and to build replicated systems in multiple availability domains for both high-availability and disaster recovery.

Most Oracle Cloud Infrastructure resources are either region-specific, such as a virtual cloud network, or availability domain-specific, such as a compute instance.

Traffic between availability domains and between regions is encrypted.

Fault Domains:
A fault domain is a grouping of hardware and infrastructure within an availability domain. Each availability domain contains three fault domains.

All Oracle Cloud Infrastructure regions offer core infrastructure services, including the following:

Compute: Compute (Intel based Bare Metal & VM, DenseIO & Standard), Container Engine for Kubernetes, Registry
Storage: Block Volume, File Storage, Object Storage, Archive Storage
Networking: Virtual Cloud Network, Load Balancing, FastConnect (specific partners as available and requested)
Database: Database, Exadata Cloud Service, Autonomous Data Warehouse, Autonomous Transaction Processing
Edge: DNS
Platform: Identity and Access Management, Tagging, Audit.


***
A fault domain is a grouping of hardware and infrastructure within an availability domain.Each availability domain contains three fault domains.

Fault domains let you distribute your instances so that they are not on the same physical hardware within a single availability domain.

A hardware failure or Compute hardware maintenance that affects one fault domain does not affect instances in other fault domains.

Protect against unexpected hardware failures.

Protect against planned outages due to Compute hardware maintenance.

>>>Fault domain : A fault domain is failure isolation boundary with an availability domain.
With AD, we group hardware and infrastructure together into this construct called a FD.
Each AD has three FD.

Oracle Cloud Infrastructure regions offer core infrastructure services:

Compute: Compute (Intel based Bare Metal & VM, DenseIO & Standard), Container Engine for Kubernetes, Registry.

Storage: Block Volume, File Storage, Object Storage, Archive Storage.

Networking: Virtual Cloud Network, Load Balancing, FastConnect (specific partners as available and requested).

Database: Database, Exadata Cloud Service, Autonomous Data Warehouse,Autonomous Transaction Processing.

Edge: DNS

Platform: Identity and Access Management, Tagging, Audit.

CONSOLE:
The simple and intuitive web-based user interface you can use to access and manage Oracle Cloud Infrastructure.

TENANCY:
When you sign up for Oracle Cloud Infrastructure, Oracle creates a tenancy for your company, which is a secure and isolated partition within Oracle Cloud Infrastructure where you can create, organize, and administer your cloud resources.

>> Tenancy is nothing but your account.
>>Equivalent of an account; tenancy contains all of your OCI resources.
    Provisioned with a single, top-level compartment called the ‘root compartment’ — you can create      other compartments

COMPARTMENTS:
A compartment is a collection of related resources (such as instances, virtual cloud networks, block volumes) that can be accessed only by certain groups that have been given permission by an administrator. Compartments allow you to organize and control access to your cloud resources.A compartment should be thought of as a logical group and not a physical container. Whole idea of compartment is to isolate your resources.

When you sign up for Oracle Cloud Infrastructure, Oracle creates your tenancy, which is the root compartment that holds all your cloud resources. You then create additional compartments within the tenancy (root compartment) and corresponding policies to control access to the resources in each compartment.
When you create a cloud resource such as an instance, block volume, or cloud network, you must specify to which compartment you want the resource to belong.

Logical container used to organize and isolate cloud resources; each resource is in exactly one compartment.
Compartments are global and logical; distinct from physical “containers” like Regions and Availability Domains
Resources can be connected/shared across compartments
Compartment cannot be deleted (you can rename )— deep nesting will be allowed in the future.

Compartment Quotas:

This is similar to service limits.Service limit basically means when we create your account , we have specific limits in place like how many compute instance you can create.  Service limit are set by oracle. You can contact oracle to change the service limits.

Difference b/w service limit and compartment quotas:
Services limit are set by oracle where as compartment quotas are set by administrators using policies.

INSTANCE:
An instance is a compute host running in the cloud.

IMAGE:
The image is a template of a virtual hard drive that defines the operating system and other software for an instance.
You can also save an image from an instance that you have already configured to use as a template to launch more instances with the same software and customizations.

SHAPE:
In Compute, the shape specifies the number of CPUs and amount of memory allocated to the instance.

KEY PAIR:
A key pair is an authentication mechanism used by Oracle Cloud Infrastructure.
A key pair consists of a private key file and a public key file. You upload your public key to Oracle Cloud Infrastructure. You keep the private key securely on your computer. The private key is private to you, like a password.

Oracle Cloud Infrastructure uses two types of key pairs for specific purposes:
Instance SSH Key pair: This key pair is used to establish secure shell (SSH) connection to an instance. When you provision an instance, you provide the public key, which is saved to the instance's authorized key file. To log on to the instance, you provide your private key, which is verified with the public key.

API signing key pair: This key pair is in PEM format and is used to authenticate you when submitting API requests. Only users who will be accessing Oracle Cloud Infrastructure via the API need this key pair.

BLOCK VOLUME:
A block volume is a virtual disk that provides persistent block storage space for Oracle Cloud Infrastructure instances.
Use a block volume just as you would a physical hard drive on your computer, for example, to store data and applications. You can detach a volume from one instance and attach it to another instance without loss of data.

OBJECT STORAGE:
Object Storage is a storage architecture that allow you to store and manage data as objects. Data files can be of any type and up to 50 GB in size. Once you upload data to Object Storage it can be accessed from anywhere.
Some typical use cases for Object Storage include data backup, file sharing, and storing unstructured data like logs and sensor-generated data.

BUCKET:
A bucket is a logical container used by Object Storage for storing your data and files. A bucket can contain an unlimited number of objects.

ORACLE CLOUD IDENTIFIER (OCID):
Every Oracle Cloud Infrastructure resource has an Oracle-assigned unique ID called an Oracle Cloud Identifier (OCID). This ID is included as part of the resource's information in both the Console and API.

Off-box Network vertualization:
As name implies we put all the virtualization out into the n/w using custom silicon card. so this includes all the storage and n/w I/O virtualization. so this gives us nearly zero performance overhead. Generally this enable next layer up. so we can take any physical form factor and plug that into our virtual n/w.

To create VCN using the Console:

1.Open the Console.Open the navigation menu. Under Core Infrastructure, go to Networking and click Virtual Cloud Networks.

2.Choose a compartment you have permission to work in (on the left side of the page).If you're not sure which compartment to use, contact an administrator.

3.Click Create Virtual Cloud Network.

4.Enter the following:

(a)Name: A friendly name for the VCN. It doesn't have to be unique, and it cannot be changed later in the Console (but you can change it with the API).

(b)Create in Compartment: Leave as is.

(c)Create Virtual Cloud Network Only: Make sure this radio button is selected (the default).

(d)CIDR Block: A single, contiguous CIDR block for the VCN. For example: 172.16.0.0/16. You cannot change this value later.

(e)Use DNS Hostnames in this VCN: If you want the instances in the VCN to have DNS hostnames (which can be used with the built-in DNS capability in the VCN), select the Use DNS Hostnames in this VCN check box. Then you can specify a DNS label for the VCN, or the Console will generate one for you. The dialog box automatically displays the corresponding DNS Domain Name for the VCN (<VCN DNS label>.oraclevcn.com).

(f)Tags: Optionally, you can apply tags. If you have permissions to create a resource, you also have permissions to apply free-form tags to that resource. To apply a defined tag, you must have permissions to use the tag namespace.If you are not sure if you should apply tags, skip this option (you can apply tags later) or ask your administrator.

5.Click Create Virtual Cloud Network.

The VCN is then created and displayed on the Virtual Cloud Networks page in the compartment you chose.