Move REDOLOG files from Non-ASM to ASM

In this post we will see how we can Drop redologs from Non-ASM file system and recreate them on ASM file system.Database has been migrated from NON ASM to ASM and now in this post we will drop and recreate the redologs on ASM

First we will check the current path of redologs from view v$logfile and v$log

SELECT * FROM V$LOGFILE;

GROUP# STATUS TYPE MEMBER CON_ID ---------- ------- ------- ---------------------------------------------------------- 1 ONLINE /oracle/DMZ/origlogA/log_g11m1.dbf 0 1 ONLINE /oracle/DMZ/mirrlogA/log_g11m2.dbf 0 2 ONLINE /oracle/DMZ/origlogB/log_g12m1.dbf 0 2 ONLINE /oracle/DMZ/mirrlogB/log_g12m2.dbf 0 3 ONLINE /oracle/DMZ/origlogA/log_g13m1.dbf 0 3 ONLINE /oracle/DMZ/mirrlogA/log_g13m2.dbf 0 4 ONLINE /oracle/DMZ/origlogB/log_g14m1.dbf 0 4 ONLINE /oracle/DMZ/mirrlogB/log_g14m2.dbf 0 8 rows selected. SQL> select * from v$log; GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS ---------- ---------- ---------- ---------- ---------- ---------- --- ---------- 1 1 1 209715200 512 2 YES INACTIVE 2 1 2 209715200 512 2 YES INACTIVE 3 1 3 209715200 512 2 NO CURRENT 4 1 0 209715200 512 2 YES UNUSED

Drop the inactive member of redo logs and add the same using the ASM path as below,

SQL> alter database drop logfile group 2; Database altered. SQL> alter database drop logfile group 1; Database altered. SQL> alter database add logfile group 1 ('+DATA','+RECO') size 200M; Database altered. SQL> alter database add logfile group 2 ('+DATA','+RECO') size 200M; Database altered. SQL> alter database drop logfile group 4; Database altered. SQL> alter database add logfile group 4 ('+DATA','+RECO') size 200M; Database altered.

As the redolog member 3 is been used as current , Make a log switch and checkpoint to change the status .

SQL> alter system switch logfile; System altered. SQL> / System altered. SQL> alter system checkpoint; System altered.

Check the status as the log 3 is now inactive can be deleted. Add standby logs only if standby is being used or you will create a standby

SQL> select * from v$log; GROUP# THREAD# SEQUENCE# BYTES BLOCKSIZE MEMBERS ARC STATUS FIRST_CHANGE# FIRST_TIM NEXT_CHANGE# NEXT_TIME CON_ID ---------- ---------- ---------- ---------- ---------- ---------- --- ---------------- ------------- --------- ------------ --------- ---------- 1 1 4 209715200 512 2 YES INACTIVE 1.0697E+13 30-JUN-23 1.0697E+13 30-JUN-23 0 2 1 5 209715200 512 2 NO CURRENT 1.0697E+13 30-JUN-23 9.2954E+18 0 3 1 3 209715200 512 2 YES INACTIVE 1.0697E+13 30-JUN-23 1.0697E+13 30-JUN-23 0 4 1 0 209715200 512 2 YES UNUSED 0 0 0 SQL> alter database drop logfile group 3; Database altered. SQL> alter database add logfile group 3 ('+DATA','+RECO') size 200M; Database altered.

Check the status of redo logs now it should be on asm as shown below .

SQL> select * from v$logfile; GROUP# STATUS TYPE MEMBER IS_ CON_ID ---------- ------- ------- ------------------------------------------------------- --- ---------- 1 ONLINE +DATA/DMZ/ONLINELOG/group_1.824.1140859727 NO 0 1 ONLINE +RECO/DMZ/ONLINELOG/group_1.2542.1140859727 NO 0 2 ONLINE +DATA/DMZ/ONLINELOG/group_2.826.1140859735 NO 0 2 ONLINE +RECO/DMZ/ONLINELOG/group_2.4274.1140859735 NO 0 3 ONLINE +DATA/DMZ/ONLINELOG/group_3.839.1140859809 NO 0 3 ONLINE +RECO/DMZ/ONLINELOG/group_3.1995.1140859809 NO 0 4 ONLINE +DATA/DMZ/ONLINELOG/group_4.823.1140859753 NO 0 4 ONLINE +RECO/DMZ/ONLINELOG/group_4.5305.1140859753 NO 0 8 rows selected.

Add SWAP space on Linux

 

Follow the below steps to add SWAP Space on Linux

When applying Oracle EBS patches using ADOP utility you may encounter an error that there is not enough SWAP memory on the server. Follow below steps to add SWAP file on the server. To check the swap size you can run 'free' command. 

1. Login as root user:

   % su
   Password: root-password

2. Create a file in a selected directory to add swap space by typing:

   dd if=/dev/zero of=/dir/myswapfile bs=1024 count=number_blocks_needed

   where dir is a directory in which you have permission to add swap space. The myswapfile is the name of the swap file you are creating. The number_blocks_needed is an amount of 1024-byte blocks you want to create. See the dd(1) man page for more information.

3. Verify that the file was created by typing:

   ls -l /dir/myswapfile

   The new file appears in the directory.

4. Initialize the new swap area by typing:

   mkswap /dir/myswapfile

   
   

5. Run the swapon command to enable the new swap space for paging and swapping by typing the following:

   swapon -a /dir/myswapfile

6. Verify that the extra swap space was added by typing:

   swapon -s

   The output shows the allocated swap space.

EBS SSO integration with IDCS

 Introduction

The post introduces Oracle Identity Cloud Service (IDCS) integration with the existing Oracle e-Business Suite (EBS) environments.

IDCS is an Oracle cloud-based Identity platform, which enables SSO services to access EBS applications. It does not require any installations. Oracle Cloud maintains everything, including backup, recovery, patching, upgrade, and scaling.

You need only one component called EBS Asserter, which IDCS provides to implement SSO for Oracle e-Business Suite and other applications.

Features of EBS Asserter

Asserter has the following key features:

• You don't need to make configuration changes to EBS.
• You should deploy in WebLogic 12C with SSL configuration.
• It supports single login for EBS applications, IDCS, and EBS Asserter.
• It has multiple access modes for SSO with EBS.

In IDCS, you can also integrate with the existing active directory (AD). To integrate IDCS with an existing AD, you need to download the Oracle IDCS AD agent from IDCS and install it on the AD server by providing client ID and client secret details. After the installation completes, the system updates the AD server details in the IDCS directory integrations.
 

To synchronize AD users, you need to configure the bridge and perform synchronization.

Following is an illustration of the new approach of EBS integration with IDCS:

EBS Integration with IDCS for SSO

Oracle supports all EBS modules having browser-based logins to work with EBS Asserter and also supports Excel-based logins for Web ADI. Mobile Apps for EBS don't use browser-based authentication, so Mobile apps are not supported.

Installation prerequisites
To install EBS Asserter, make sure you have the following elements in place:

• Oracle JRE/JDK version 8 or later
• Java Cryptography Extension file for Java 8
• Access to the IDCS console to download the EBS Asserter and permission to register confidential applications.
• Access to EBS applications.
• A separate Oracle WebLogic server 12C and a new managed server, EBSAsserter_server, where you can deploy the EBS Asserter Java application. This WebLogic server and EBS servers must be in the same domain.

1. Download and extract the EBS Asserter zip file.
2. Access the Identity Cloud Service console, expand the NavigationDrawer, click Settings, and click Downloads. Click Download to download IDCS EBS Asserter, and then save the zip file.
3. Extract the contents of the EBS Asserter zip file.
4. Copy the ebs.war and idcs-wallet-<version>.jar files to a working folder into the EBS Asserter's WebLogic Server machine.

• Make sure the EBS Asserter URL has access over the SSL.

  If you have multiple EBS instances, you can configure and deploy EBS Asserter for each EBS instance. You can use the same WebLogic server for all EBS Asserter-managed servers.

  Configuration steps

  Perform the following configuration steps:

  1. Create an application user on EBS

  To create a user for EBS Asserter to communicate with EBS applications, perform the following steps from the Oracle Asserter documentation:

  1. Log in to EBS as the sysadmin user.
  2. Go to User Management Responsibility and click Users.
  3. Select User Account from the Register drop-down menu and click Go.
  4. On the Create User Account page, enter the following details to create a new user,
     and click Submit:

       - Username: EBSASSERTER
       - Password: The user password.
       - Description: EBS Asserter Service User
       - Password Expire: None

  5. After user creation, click Assign roles, and then click Assign roles on the
     Update User page.
  6. Use Search and Select: Assign Roles by code UMX|APPS_SCHEMA_CONNECT.
  7. Select Apps Schema Connect Role and click Select. 
  8. Justify EBS asserter service user and click Save.

2. Create EBS system administrator in IDCS

Perform the following steps from Oracle Asserter documentation to create a user in IDCS that communicates to the system administrator in EBS applications.

1. Log in to IDCS to access the console.
2. In the IDCS console, expand the navigation, click Users, and click Add on the
   Users page.
3. In the Add User window, provide the following values and click Finish:

     - First Name: EBS
     - Last Name: Sysadmin
     - Uncheck Use the email address as the username.
     - Username: sysadmin
     - Email: Provide the email address set to the SYSADMIN account in your Oracle E-Business Suite.

4. After you create the user in IDCS, log in to EBS applications and update the sysadmin
user email address to match the IDCS sysadmin address.

########

Perform the following steps from Oracle Asserter documentation to register the EBS Asserter with EBS:

1. Log in to the EBS application server as `applmgr` and identify the directories for
   $JAVA_HOME and $WLS_HOME.
2. Run the following commands to create a working directory:

        cd /u01/app/SID
        mkdir ebssdk
        cd ebssdk

3. Extract fndext.jar from ebs.war, which you downloaded from IDCS. Copy it both to the working directory and the EBS asserter WebLogic server $DOMAIN\_HOME/lib folder.
4. Source the EBS environment file and run the following commands to register EBS asserter with EBS applications:

        cd /u01/app/SID/ebssdk
        java oracle.apps.fnd.security.AdminDesktop apps/<apps_pwd> CREATE NODE_NAME=ebsasserter.example.com DBC=$FND_SECURE/EBSDB.dbc

5. Copy the generated EBSDB_ebsasserter.example.com.dbc file to the EBS Asserter server and make a note of the APPL_SERVER_ID.

4. Register EBS Asserter in IDCS

Perform the following steps from Oracle Asserter documentation to create a confidential application to represent EBS asserter:
 

1. Log in to the IDCS console and expand the navigation and then click applications.
2. Click on Add and select Confidential applications in the dialog box

3. Enter the following information and click next:

     - Name: EBS Asserter
     - Description: EBS Asserter Application
     - Application URL: https://ebsasserter.example.com:7002/ebs
     - Display in My Apps: Select this check box.

4. In the Client pane, select Configure this application as a client now and enter
   the following information:
   
     - Allowed Grant Types: Select Client Credentials and Authorization Code.
     - Redirect URL: https://ebsasserter.example.com:7002/ebs/response
     - Logout URL: https://ebsasserter.example.com:7002/ebs/logout
     - Post Logout Redirect URL: https://ebsasserter.example.com:7002/ebs

5. Beneath Grant the client access to Identity Cloud Service Admin APIs, click Add.
6. In the Add App Role dialog window, select Authenticator Client and Me in the list and click Add.
7. Click Next in the Client pane and the following panes. Click Finish.
8. In the Application Added dialog box, make a note of the Client ID and Client Secret values and click Close.
9. Click Activate to activate the application. 

5. Create a WebLogic wallet 

According to Oracle Asserter documentation, for security purposes, you need to register client ID, client secret, and IDCS URL in the wallet used by the EBS Asserter.  Perform the following steps described in the Oracle documentation:

1. Log in to the EBS Asserter server and go to the directory where the idcs-wallet-<version>.jar file exists.

2. Run the following command to generate the cwallet.sso file and fill in the details
   as prompted:

        java -jar idcs-wallet-<version>.jar  

     - Enter Wallet Path: Enter the path to the store wallet file.
     - Enter Client ID: Enter the Client ID

     - Enter Client Secret: Enter the Client Secret for the client ID.
     - Enter IDCS base URL: Enter the IDCS base URL.

6. Update the configuration file

Update EBS Asserter configuration file, bridge.properties with EBS instance and IDCS details.

 7. Deploy EBS Asserter

Perform the following steps from Oracle Asserter documentation to create a new data source and deploy the EBS Asserter application.

Define the data source

1. Log in to the EBS Asserter WebLogic console and select Data Sources.
2. Click **New** and select Generic Data Source.
3. Enter the following database details and click Next.

     - Name: EBSDB (The name should be same as the ebs.ds.name in file.)
     - JNDI Name: EBSDB
     - Database Type: Oracle
     - Database Driver: \*Oracle's Driver (Thin) for Instance connections; Versions:Any.

4. Enter the following database connection details:

     - Database Name: EBSDB
     - Host Name: ebs.example.com
     - Port: 1521
     - Database Username: EBSASSERTER
     - Password: Enter the username password.

5. Select driver class name" oracle.apps.fnd.ext.jdbc.datasource.AppsDataSource.
6. Update the following details in Properties:

        user=IDETITYADMIN
        dbcFile=/u01/app/SID/ebssdk/EBSDB_ebsasserter.example.com.dbc

7. Click Test Configuration

Deploy EBS Asserter on the WebLogic server

1. Log in to the EBS Asserter WebLogic console and click Lock & Edit.
2. Click Deployments and Install. 
3. Select the ebs.war file and click Next. 
4. Select Install this deployment as an application and click Next.
5. Select the target server, EBSAsserter\_server. Click Next.
6. Accept the default values and click Finish.
7. Click Activate Changes.

8. Update EBS profiles

Update the following EBS profiles:

- Application Authenticate Agent: https://ebsasserter.example.com:7002/ebs
- Oracle Applications Session Cookie Domain (ICX_SESSION_COOKIE_DOMAIN)**: DOMAIN
- **Applications SSO Type**: `SSWA_SSO`
- **FND_SEC_ALLOW_UNRESTRICTED_REDIRECT: Yes

9. Restart and test

Restart the EBS services and test your SSO logins.

Conclusion

The preceding steps help implement SSO functionality for EBS by using Oracle IDCS and facilitate integration between active AD, EBS, and IDCS.

Troubleshoot Oracle RAC Node Eviction

 The RAC Node Eviction Troubleshooting tool will provide recommendations to resolve RAC Node Evictions by analyzing uploaded files. When a known solution is available, the tool will display the symptoms and causes which can lead to the issue and one or more suggestions for resolving the issue.

Benefits of using the RAC Node Eviction Troubleshooting tool:

• Analyzes uploaded files to provide recommendations when a known solution is available

• Troubleshooting report can be saved for later use

• Diagnostic Guide is available

• Create SR option available which will automatically populate many of the SR fields In order to troubleshoot a RAC Node Eviction issue using this tool, it will be necessary to provide the following information:

Evicted node name 2 methods for determine the name of the evicted node are:

• Login to the node which was evicted and type: 

#uname -n

• Check the messages in the clusterware alert.log for a list of node names in the cluster. Look for " Reconfiguration Complete" in the log file. The list of nodes will be included in the message. Example CRS-1601: CSSD Reconfiguration complete. Active nodes are node21 node22 . Exact date and time of eviction

• In case of actual reboot of a node, you can use the following command to get exact date and time of reboot 

#last reboot

reboot system boot 2.6.18-274.0.0.0 Wed Dec 27 15:26 (10+00:58) 

reboot system boot 2.6.18-274.0.0.0 Thu Dec 28 13:10 (18+03:15)

•In case of reboot less eviction, please check clusterware alert.log for exact date and time when clusterware was restarted.

Example in alert log file,

2023-12-28 09:49:45.219 [cssd(2254)]CRS-1601:CSSD Reconfiguration complete. Active nodes are rac3 rac4. 

The above log indicates that clusterware restarted at 2023-12-28 09:49:45.219

Linux/UNIX 11gR2/12.1.0.1/19c

Execute the following as root user: 

# script /tmp/diag.log 

# id 

# env 

# cd <temp-directory-with-plenty-free-space> 

# $GRID_HOME/bin/diagcollection.sh 

# exit 

The following .gz files will be generated in the current directory and need to be uploaded along with /tmp/diag.log: 

crsData_<hostname>.tar.gz, 

ocrData_<hostname>.tar.gz, 

oraData_<hostname>.tar.gz,

coreData_<hostname>.tar.gz (only --core option specified) 

os_<hostname>.tar.gz 

Please ensure all above information are provided from all the nodes.