KV's Archive: 2019

EBS Workflow Configuration & SSL Setup

SQL> select target_node from fnd_concurrent_queues where concurrent_queue_name like 'WFMLRSVC%';

SQL> SELECT b.component_name,
       c.parameter_name,
       a.parameter_value
FROM fnd_svc_comp_param_vals a, fnd_svc_components b, fnd_svc_comp_params_b c
WHERE b.component_id = a.component_id
     AND b.component_type = c.component_type
     AND c.parameter_id = a.parameter_id
     AND c.encrypted_flag = 'N'
     AND b.component_name like '%Mailer%'
     AND c.parameter_name in ('OUTBOUND_SERVER', 'REPLYTO')
ORDER BY c.parameter_name;

SMTP Telnet Test:
telnet [outbound server] 25
EHLO [mailer node]
MAIL FROM: [reply_to address]
RCPT TO: [my_test_email_address]
DATA
Subject: Test message

Test message body
.
quit

Verify SMTP server:
$AFJVAPRG -classpath $AF_CLASSPATH -Dprotocol=smtp -Dserver=test.domain.com -Dport=25 -Daccount=<user_account> -Dconnect_timeout=120 oracle.apps.fnd.wf.mailer.Mailer

Verify IMAP server:
$AFJVAPRG -classpath $AF_CLASSPATH -Dprotocol=imap -Dserver=test.domain.com -Dport=143 -Daccount=<user_account> -Dpassword=<password> -Dconnect_timeout=120 -Dfolder=INBOX oracle.apps.fnd.wf.mailer.Mailer

Workflow SSL Configuration in R12.2:

Issue Description:

We enabled TLS in Oracle EBS R12.2 and configured the Workflow Mailer (SMTP), the services started but the email was not sending. Workflow Mailer log file recorded SSL certificate not valid error.

Solution:

Step 1: Take a backup of cacerts file
$ cd $OA_JRE_TOP/lib/security/
$ cp cacerts cacerts_bkp

Step 2: Import the ca.crt
$ keytool -import -alias email_cert -file ca.crt -trustcacerts -v -
keystore cacerts

Enter keystore password: [default password changeit]

Trust this certificate? [no]: Yes
Certificate was added to keystore
[Storing cacerts]

Step 3: Verify the certificate listed in cacerts (OPTIONAL STEP)
keytool -list -v -keystore $OA_JRE_TOP/lib/security/cacerts -storepass changeit > cacertslist01.txt

Step 4: Update MAILER_SSL_TRUSTSTORE using the below script
sqlplus apps @$FND_TOP/sql/afsvcpup.sql
>> 10010
>> 10223
>> $OA_JRE_TOP/lib/security/cacerts

Configure SSL in Weblogic - EBS R12.2

1. Login to weblogic admin console, change the keystores configuration rule to "Custom Identity and Custom Trust"

2. Specify the keystores path and passphrase:

Custom Identity Keystore: /u03/applmgr/fs_ne/inst/<CONTEXT_NAME>/wlsSSLArtifacts/ewallet.jks

Custom Identity Keystore Type: JKS (this must be in uppercase)

Custom Identity Keystore Passphrase: keypass19

Confirm Custom Identity Keystore Passphrase: keypass19

Custom Trust Keystore: /u03/applmgr/fs_ne/inst/<CONTEXT_NAME>/wlsSSLArtifacts/cacerts

Custom Trust Keystore Type: JKS

Custom Trust Keystore Passphrase: changeit

Confirm Custom Trust Keystore Passphrase: changeit

3. Specify the values for SSL configuration.

Private Key Alias name: cn=*.domain.com

Private Key pass: keypass19

Hostname Verification: Custom Hostname Verifier

Custom Hostname Verifier: weblogic.security.utils.SSLWLSWildcardHostnameVerifier

4. Enable the ssl port.

5.Click the Save button & Activate Changes button.

6. start the services in application run file system - adstrtal.sh

7. perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE

Script to configure SSL in EBS R12.2

Note:

Modify the script as per the environment and test specific to the environment. After SSL configuration, in desired path keep a copy of (s_web_ssl_directory)/Apache directory used in the environment and use the same path for CERT_SSL_DIR_PATH in the script.

##----------------------- Script Starts Here ----------------------
### Script to Configure SSL after Clone in R12.2
### Modify port, hostname as per environment in the script
### Modify the certs path in CERT_SSL_DIR_PATH as per environment

read -s -p "Enter the APPS Username: " APPS_USR
echo $'\n'
read -s -p "Enter the APPS Password: " APPS_PWD
echo $'\n'
read -s -p "Enter the Weblogic Password: " WLS_PWD
echo $'\n'

echo "............................................................"
echo ">>> if script not modified as per environment,stop the script ctrl+c and Change and re-run the script <<<"
echo "............................................................"
sleep 10

#cd $HOME/post_apclone_script/ssl_file/etcc
#sh checkMTpatch.sh

NOW=$(date +"%d_%b_%Y")
CERT_SSL_DIR_PATH=$HOME/post_apclone_script/ssl_file
mkdir $NE_BASE/cert_ap_bkp_ssl

cd $CERT_SSL_DIR_PATH
ls
sleep 10

cp -r $CERT_SSL_DIR_PATH/Apache $NE_BASE/inst/$CONTEXT_NAME/certs

echo ">>>>>>>>>>>>>>> certs file copied <<<<<<<<<<<<<"
echo "..............................................."

cp -r $ORACLE_HOME/sysman/config/b64InternetCertificate.txt $NE_BASE/cert_ap_bkp_ssl/b64InternetCertificate_$NOW.txt
cd $NE_BASE/inst/$CONTEXT_NAME/certs/Apache
cat ca.crt >> $ORACLE_HOME/sysman/config/b64InternetCertificate.txt

echo ">>>>>>>> certs imported to home config <<<<<<<<<"
echo "................................................"

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web/keystores/default
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OHS1_$NOW.sso
cp -r $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/cwallet.sso .

echo ">>>>>>>>>>>> cwallet copied to OHS <<<<<<<<<<<<<"
echo "................................................"

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OPMN/opmn/wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OPMN1_$NOW.sso
cp -r $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/cwallet.sso .

echo ">>>>>>>>>>>>>> cwallet copied to OPMN <<<<<<<<<"
echo "..............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OPMN/opmn
cp -r opmn.xml $NE_BASE/cert_ap_bkp_ssl/opmn_bkp_$NOW.xml
sed -i 's/TLSv1.0/TLSv1.0,TLSv1.1,TLSv1.2/g' opmn.xml
sed -i 's/SSL_RSA_WITH_3DES_EDE_CBC_SHA/SSL_RSA_WITH_AES_256_CBC_SHA/g' opmn.xml

echo ">>>>>>>>>>>>> OPMN xml file modified <<<<<<<<<"
echo ".............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web
cp -r admin.conf $NE_BASE/cert_ap_bkp_ssl/admin_BKP_$NOW.conf
sed -i 's/SSL_RSA_WITH_3DES_EDE_CBC_SHA/SSL_RSA_WITH_AES_256_CBC_SHA/g' admin.conf
sed -i 's/nzos_Version_1_0/nzos_Version_1_0 nzos_Version_1_1 nzos_Version_1_2/g' admin.conf

echo ">>>>>>>>> admin conf file modified <<<<<<<<<<"
echo "............................................."

cd $EBS_DOMAIN_HOME/opmn/EBS_web_OHS1/EBS_web/wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OHS2_$NOW.sso
$FMW_HOME/oracle_common/bin/orapki wallet create -wallet ./ -auto_login_only
$FMW_HOME/oracle_common/bin/orapki wallet add -wallet ./ -trusted_cert -cert $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/ca.crt -auto_login_only

echo ">>>>>>> wallet created to EBS Domain <<<<<<<<<"
echo ".............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web/proxy-wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OHS3_$NOW.sso
cp -r $EBS_DOMAIN_HOME/opmn/EBS_web_OHS1/EBS_web/wallet/cwallet.sso .

echo ">>>>>>> wallet copied to EBS Domain OHS <<<<<<"
echo ".............................................."

cd $EBS_DOMAIN_HOME/opmn/EBS_web_OHS1/wallet
cp -r cwallet.sso $NE_BASE/cert_ap_bkp_ssl/cwallet_BKP_OPMN2_$NOW.sso
cp -r $NE_BASE/inst/$CONTEXT_NAME/certs/Apache/cwallet.sso .

echo ">>>>>> wallet copied to EBS Domain OPMN <<<<<<"
echo ".............................................."

cd $IAS_ORACLE_HOME/instances/EBS_web_OHS1/config/OHS/EBS_web
cp -r ssl.conf $NE_BASE/cert_ap_bkp_ssl/ssl_bkp_$NOW.conf
sed -i 's/SSLProtocol all -SSLv2 -SSLv3/SSLProtocol TLSv1 TLSv1.1 TLSv1.2/g' ssl.conf
sed -i 's/SSLCipherSuite HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM/SSLCipherSuite HIGH:MEDIUM:!aNULL:!RC4:!3DES:!SEED:!IDEA:!CAMELLIA:+HIGH:+MEDIUM/g' ssl.conf

echo ">>>>>>>>>>> ssl conf file modified <<<<<<<<<<"
echo "............................................."

### Modify the credentials of apps and weblogic
perl $AD_TOP/bin/adSyncContext.pl contextfile=$CONTEXT_FILE <<EOF
apps
weblogic123
EOF

echo ">>>>>> adsynccontext script completed <<<<<<<"
echo "............................................."
echo "............................................."

cp -r $CONTEXT_FILE $NE_BASE/cert_ap_bkp_ssl
cp -r $CONTEXT_FILE $NE_BASE
#sed -i 's/http<\/url_protocol>/https<\/url_protocol>/g' $CONTEXT_FILE
#sed -i 's/http<\/local_url_protocol>/https<\/local_url_protocol>/g' $CONTEXT_FILE
#sed -i 's/http<\/webentryurlprotocol>/https<\/webentryurlprotocol>/g' $CONTEXT_FILE
sed -i 's/8003<\/activewebport>/4446<\/activewebport>/g' $CONTEXT_FILE
sed -i 's/https:\/\/test.example.com:8003\/OA_HTML\/AppsLogin<\/login_page>/https:\/\/test.example.com:4446\/OA_HTML\/AppsLogin<\/login_page>/g' $CONTEXT_FILE
sed -i 's/https:\/\/test.example.com:8003<\/externURL>/https:\/\/test.example.com:4446<\/externURL>/g' $CONTEXT_FILE
#sed -i 's/http:\/\/test.example.com:8003\/OA_HTML\/AppsLogin<\/login_page>/https:\/\/test.example.com:4446\/OA_HTML\/AppsLogin<\/login_page>/g' $CONTEXT_FILE
#sed -i 's/http:\/\/test.example.com:8003<\/externURL>/https:\/\/test.example.com:4446<\/externURL>/g' $CONTEXT_FILE
echo ">>>>>>>>>>>>> contextfile updated for SSL <<<<<<<<<<<<<<<<<<<"
echo "............................................................."

echo ">>>> Contextfile difference for reference Starts Here <<<<<<<"
echo "............................................................."

diff $CONTEXT_FILE $NE_BASE/$CONTEXT_NAME.xml
echo "............................................................."
echo ">>>>>> contextfile difference for reference Ends Here <<<<<<<"
echo "............................................................."

### Modify the credentials of apps
sh $ADMIN_SCRIPTS_HOME/adautocfg.sh <<EOF
$APPS_PWD
EOF

sleep 10
echo ">>>>>>>>>>>>> autoconfig script completed <<<<<<<<<<<<<<<<<<<"
echo "............................................................."

### Modify the credentials of apps
sh $ADMIN_SCRIPTS_HOME/adstrtal.sh <<EOF
$APPS_USR
$APPS_PWD
$WLS_PWD
EOF

sleep 10
echo ">>>>>>>>>>>>>> adstrtal script completed <<<<<<<<<<<<<<<<<<<"
echo "............................................................"

cd $APPL_TOP_NE/ad/custom
cp -r adop_sync.drv $NE_BASE/cert_ap_bkp_ssl/adop_sync_bkp_$NOW.drv
ex -s -c '63i|
#TLS SECTION - START
# Required for TLS setup migration from RUN to PATCH file-system.
# Please alter the commands in the event that rsync is not available or the platform does not support the example syntax.

#10.1.2 b64InternetCertificate.txt
rsync -zr %s_current_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.txt %s_other_base%/EBSapps/10.1.2/sysman/config/b64InternetCertificate.txt

#Oracle HTTP Server Wallet - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/keystores/default/cwallet.sso

#OPMN Wallet - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OPMN/opmn/wallet/cwallet.sso

#Fusion Middleware Control Wallets - cwallet.sso
rsync -zr %s_current_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/%s_ohs_component%/wallet/cwallet.sso %s_other_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/%s_ohs_component%/wallet/cwallet.sso

rsync -zr %s_current_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/wallet/cwallet.sso %s_other_base%/FMW_Home/user_projects/domains/%s_wls_domain_name%/opmn/%s_ohs_instance%/wallet/cwallet.sso

rsync -zr %s_current_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso %s_other_base%/FMW_Home/webtier/instances/%s_ohs_instance%/config/OHS/%s_ohs_component%/proxy-wallet/cwallet.sso

#JDK keystore
rsync -zr --include=jdk* --include=jdk*/jre --include=jdk*/jre/lib --include=jdk*/jre/lib/security --include=cacerts --exclude=* %s_current_base%/EBSapps/comn/util/ %s_other_base%/EBSapps/comn/util/
#TLS SECTION – END' -c x adop_sync.drv

#echo "#######################################################"
#echo "##### SSL Configuration for Application completed #####"
#echo "#######################################################"
##----------------------- Script Ends Here ----------------------

OCFS2 Installation & Configuration

OCFS2 Configuration High Level Steps:
- Download and install the module and tools rpms
- Create cluster.conf and propagate to all nodes
- Configure and start the O2CB cluster service
- Format the volume
- Mount the volume

Configuration Steps:

RPMs:
# rpm -qa ocfs*
ocfs2-tools-1.8.6-11.el7.x86_64

# uname -r
4.14.35-1818.3.3.el7uek.x86_64

Create cluster.conf:
# o2cb add-cluster adr12ap
# o2cb add-node adr12ap hebsap01 --ip 10.1.11.162
# o2cb add-node adr12ap hebsap02 --ip 10.1.11.163
# o2cb heartbeat-mode adr12ap global
# o2cb add-heartbeat adr12ap /dev/sdd

NOTE: IT WILL CREATE /etc/ocfs2/cluster.conf FILE in NODE1, COPY THE FILE TO REMAINING NODES IN CLUSTER. ENTRIES IN THE FILE SHOULD HAVE PROPER SPACING.

Configure O2CB:
# /sbin/o2cb.init configure
Configuring the O2CB driver.This will configure the on-boot properties of the O2CB driver. The following questions will determine whether the driver is loaded on
boot. The current values will be shown in brackets ('[]'). Hitting <ENTER> without typing an answer will keep that current value. Ctrl-C will abort.

Load O2CB driver on boot (y/n) [y]:
Cluster stack backing O2CB [o2cb]:
Cluster to start on boot (Enter "none" to clear) [adr12ap]:
Specify heartbeat dead threshold (>=7) [31]:
Specify network idle timeout in ms (>=5000) [30000]:
Specify network keepalive delay in ms (>=1000) [2000]:
Specify network reconnect delay in ms (>=2000) [2000]:
Writing O2CB configuration: OK
checking debugfs...
Setting cluster stack "o2cb": OK
Registering O2CB cluster "adr12ap": OK
Setting O2CB cluster timeouts : OK
NOTE: REPEAT THIS STEP IN ALL NODES IN CLUSTER

# /sbin/o2cb.init status
Driver for "configfs": Loaded
Filesystem "configfs": Mounted
Stack glue driver: Loaded
Stack plugin "o2cb": Loaded
Driver for "ocfs2_dlmfs": Loaded
Filesystem "ocfs2_dlmfs": Mounted
Checking O2CB cluster "adnicr12ap": Online
Heartbeat dead threshold: 61
Network idle timeout: 30000
Network keepalive delay: 2000
Network reconnect delay: 2000
Heartbeat mode: Local
Checking O2CB heartbeat: Not active
Debug file system at /sys/kernel/debug: mounted

# systemctl enable o2cb
Created symlink from /etc/systemd/system/multi-user.target.wants/o2cb.service to /usr/lib/systemd/system/o2cb.service.
# systemctl enable ocfs2
Created symlink from /etc/systemd/system/multi-user.target.wants/ocfs2.service to /usr/lib/systemd/system/ocfs2.service.
NOTE: REPEAT THIS STEP IN ALL NODES IN CLUSTER

Format the volume:
# fdisk -l |grep Disk
Disk /dev/sdd: 268.4 GB, 268435456000 bytes, 524288000 sectors
NOTE: VERIFY THE DISK LABEL NAME SAME ACCROSS NODES

# fdisk /dev/sdd
Welcome to fdisk (util-linux 2.23.2).

Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.

Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0xdd71e5fa.

The device presents a logical sector size that is smaller than
the physical sector size. Aligning to a physical sector (or optimal
I/O) size boundary is recommended, or performance may be impacted.

Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 1
First sector (2048-524287999, default 2048):
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-524287999, default 524287999):
Using default value 524287999
Partition 1 of type Linux and of size 250 GiB is set

Command (m for help): p

Disk /dev/sdd: 268.4 GB, 268435456000 bytes, 524288000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 65536 bytes
Disk label type: dos
Disk identifier: 0xdd71e5fa

   Device Boot      Start         End      Blocks   Id System
/dev/sdd1            2048   524287999   262142976   83 Linux

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Node 2: # fdisk -l |grep sdd
Disk /dev/sdd: 268.4 GB, 268435456000 bytes, 524288000 sectors
/dev/sdd1            2048   524287999   262142976   83 Linux

# mkfs.ocfs2 -L vol01 --cluster-name=adr12ap --cluster-stack=o2cb --global-heartbeat /dev/sdd1
NOTE: USE FORCE OPTION (--force) IF FILESYSTEM ALREADY CREATED

# cat /etc/sysconfig/o2cb
NOTE: CHECK THE ENTRIES ARE SAME ACROSS ALL NODES.
# /sbin/o2cb.init load
# /sbin/o2cb.init offline
# /sbin/o2cb.init online

# /sbin/o2cb.init status
Driver for "configfs": Loaded
Filesystem "configfs": Mounted
Stack glue driver: Loaded
Stack plugin "o2cb": Loaded
Driver for "ocfs2_dlmfs": Loaded
Filesystem "ocfs2_dlmfs": Mounted
Checking O2CB cluster "adr12ap": Online
Heartbeat dead threshold: 61
Network idle timeout: 30000
Network keepalive delay: 2000
Network reconnect delay: 2000
Heartbeat mode: Global
Checking O2CB heartbeat: Active
01BC2D8CFC674F02B423FDC1B291A588 /dev/sdd1
Nodes in O2CB cluster: 0 1
Debug file system at /sys/kernel/debug: mounted

Mount the volume:
fstab entry:
/dev/sdd1     /u04    ocfs2   _netdev,defaults     0 0

# mount -a
# mount -L vol01 /u04
# umount /u04

Reference:
# cat /etc/ocfs2/cluster.conf
cluster:
        heartbeat_mode = global
        node_count = 2
        name = adr12ap

node:
        number = 0
        cluster = adr12ap
        ip_port = 7777
        ip_address = 10.1.11.162
        name = hebsap01

node:
        number = 1
        cluster = adr12ap
        ip_port = 7777
        ip_address = 10.1.11.163
        name = hebsap02

heartbeat:
        cluster = adr12ap
        region = 01BC2D8CFC674F02B423FDC1B291A588



# cat /etc/sysconfig/o2cb
#
# This is a configuration file for automatic startup of the O2CB
# driver. It is generated by running /etc/init.d/o2cb configure.
# On Debian based systems the preferred method is running
# 'dpkg-reconfigure ocfs2-tools'.

# O2CB_ENABLED: 'true' means to load the driver on boot.
O2CB_ENABLED=true

# O2CB_STACK: The name of the cluster stack backing O2CB.
O2CB_STACK=o2cb

# O2CB_BOOTCLUSTER: If not empty, the name of a cluster to start.
O2CB_BOOTCLUSTER=adr12ap

# O2CB_HEARTBEAT_THRESHOLD: Iterations before a node is considered dead.
O2CB_HEARTBEAT_THRESHOLD=61

# O2CB_IDLE_TIMEOUT_MS: Time in ms before a network connection is considered dead.
O2CB_IDLE_TIMEOUT_MS=30000

# O2CB_KEEPALIVE_DELAY_MS: Max time in ms before a keepalive packet is sent
O2CB_KEEPALIVE_DELAY_MS=2000

# O2CB_RECONNECT_DELAY_MS: Min time in ms between connection attempts
O2CB_RECONNECT_DELAY_MS=2000

Sharing The Application Tier File System in Oracle EBS R12.0 & R12.1

Note:

Use a local file system for the Instance Home for optimal performance.
All application tier nodes must be running the same operating system.
User ID and group ID should be consistent across all nodes.
Retain the same absolute path for the mount points of the shared file system on each node.
Value for the context variable "s_atName" must be same across all the application tier nodes.

The following R12 File System are shared on across the application tier node:

COMMON_TOP
APPL_TOP
OracleAS 10.1.2
OracleAS 10.1.3
OraInventory

Adding a Node to a Shared Application Tier File System:
1. Prepare existing node
$ cd $INST_TOP/admin/scripts/
$ perl adpreclone.pl appsTier

2. Make the Applications files accessible
Mount the shared file system disk to the Application node that you want to add so file system is visible from both the application nodes.

3. Configure the node to be added
$ cd $COMMON_TOP/clone/bin$ perl adclonectx.pl addnode contextfile=<source_contextFile_from_primary>
--- This will create a new context file for the node in multi-node system.

$ perl $AD_TOP/bin/adconfig.pl contextfile=<specify_new_contextfile>
--- Run the AutoConfig utility on all the other nodes so that the required configuration files on those are updated with the new node information.

To Manage Personalization in Oracle R12

Note: Validate the steps in TEST before doing in PROD. The personalization level will impact the dependency document path

To Disable Personalization if system not allowing to login:

DECLARE

stat boolean;

BEGIN

dbms_output.disable;

dbms_output.enable(100000);

stat := FND_PROFILE.SAVE('FND_DISABLE_OA_CUSTOMIZATIONS', 'Y', 'SITE');

IF stat THEN

dbms_output.put_line( 'Stat = TRUE - profile updated' );

ELSE

dbms_output.put_line( 'Stat = FALSE - profile NOT updated' );

END IF;

commit;

END;

To find personalization from backend:

SELECT

jp.path_docid,

jdr_mds_internal.getdocumentname(jp.path_docid) personalization_path,

jp.path_name,

jp.path_owner_docid,

jp.path_seq,

jp.path_type,

jp.path_xml_encoding,

jp.path_xml_version,

jp.created_by,

jp.creation_date,

jp.last_updated_by,

jp.last_update_date

FROM

apps.jdr_paths jp

WHERE

jp.path_docid IN (

SELECT DISTINCT

comp_docid

FROM

jdr_components

WHERE

comp_seq = 0

AND comp_element = 'customization'

AND comp_id IS NULL)

--AND upper(jdr_mds_internal.getdocumentname(jp.path_docid) ) LIKE upper('%HOMEPG%')

AND jp.creation_date > SYSDATE - 7;

List the Personalization:

set serveroutput on;

SQL> exec jdr_utils.listcustomizations('/oracle/apps/fnd/framework/navigate/webui/HomePG');

Output:

/oracle/apps/fnd/framework/navigate/webui/customizations/function/OAHOMEPAGE/HomePG

/oracle/apps/fnd/framework/navigate/webui/customizations/site/0/HomePG

Export The Personalization:

adjava -mx128m -nojit oracle.jrad.tools.xml.exporter.XMLExporter \

/oracle/apps/fnd/framework/navigate/webui/customizations/site/0/HomePG \

-username apps \

-password apps \

-dbconnection "(description=(address_list=(ADDRESS=(PROTOCOL=TCP)(HOST=test.orcl1.com)(PORT=1526)))(CONNECT_DATA=(SID=TEST)))" \

-rootdir /usr/tmp

Note: Output file will be saved in xml format in rootdir location

Example: /usr/tmp/oracle/apps/fnd/framework/navigate/webui/customizations/site/0/HomePG.xml

Delete the personalization document:

SQL> exec jdr_utils.deletedocument('/oracle/apps/fnd/framework/navigate/webui/customizations/site/0/HomePG);

SQL> commit;

Bounce Apache web server & Clear the Cache

Import The Personalization:

adjava -mx128m -nojit oracle.jrad.tools.xml.importer.XMLImporter \

/usr/tmp/oracle/apps/fnd/framework/navigate/webui/customizations/site/0/HomePG.xml \

-username apps \

-password apps \

-dbconnection "(description=(address_list=(ADDRESS=(PROTOCOL=TCP)(HOST=test.orcl1.com)(PORT=1526)))(CONNECT_DATA=(SID=TEST)))" \

-rootdir /usr/tmp

Apache Tomcat Setup and SSL Configuration

OS: RHEL 6
Tomcat Version: 8.5

1. Set the environment

export JAVA_HOME=/u01/tmctv8/jdk/1.8.0_202

export CATALINA_HOME=/u01/tmctv8/tomcat8

export CATALINA_BASE=$CATALINA_HOME

export PATH=$JAVA_HOME/bin:$CATALINA_HOME/bin:$PATH

2. Edit the admin and roles credentials in tomcat-users.xml

$ vi /u01/tmctv8/tomcat8/conf/tomcat-users.xml

3. Comment out the highlighted entries that is restricting access only localhost:

$ vi $CATALINA_HOME/webapps/host-manager/META-INF/context.xml

$ vi $CATALINA_HOME/webapps/manager/META-INF/context.xml

<Valve className="org.apache.catalina.valves.RemoteAddrValve"
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />

4. Edit SSL configuration in server.xml
Note: Request the ssl certificate in PKCS12 format and keystore password from the Certificate Authority (CA)
$ vi /u01/tmctv8/tomcat8/conf/server.xml
<Connector port="8445" protocol="HTTP/1.1" maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
keystoreFile="/u01/tmctv8/tomcat8/tomct_ssl/apache_ssl.pfx" keystorePass="" clientAuth="false" sslProtocol="TLS" keystoreType="PKCS12">

5. Restart the Apache Services:

$ ./shutdown.sh
$ ./startup.sh

6. Verify the Apache WebPage:

https://test.domain.com:8445

Personalize Login Page In R12.2

Custom login Page Background:

1. Create a file "custom-login.css" in $OA_HTML and add the below entry

body {

height: 100%;

overflow: hidden;

margin: 0;

background-repeat: no-repeat;

background-attachment: fixed;

background-position: center;

background-image: url("/OA_HTML/media/bg.png");

background-size: cover;

font-size: 14px;

font-family: serif;

}

2. Place the background image file (bg.png) in OA_MEDIA

3. Clear the browser cache the changes will be reflected.

Custom Logo in Oracle E-Business Suite:

1. Copy the custom logo to $OA_MEDIA

2. Change Profile -- Corporate Branding Image for Oracle Applications with Custom logo name with Extension

To Hide Sections (like Language, Register Here) in login Page:

Use Profile -- Local Login Hide Items

Example:

FND_LOGIN_HIDE=#ForgotPasswordURL, #RegisterHereURL, #AccessibilityBox, #LanguagePickerBox, #CopyrightBox

Maintenance Scripts 01

### Note: Kindly Verify the scripts in TEST environment before using in PROD Instance
### Script to extract files changed last 1 Day
############ Script STARTS Here ##############
echo " "
echo " system_time $HOSTNAME "
echo "++++++++++++++++++++++++++++++"
date
echo "-----------------------------------------------------------"
echo " users currently logged in terminal "
echo "++++++++++++++++++++++++++++++++++++"
who
echo "-----------------------------------------------------------"
echo " File from OA_HTML "
echo "+++++++++++++++++++"
cd $OA_HTML
find . -type f -mtime -1 -ls
echo "-----------------------------------------------------------"
echo " file from common_top "
echo "++++++++++++++++++++++"
cd $COMMON_TOP
find . -type f -mtime -1 -ls
echo "-----------------------------------------------------------"
echo " files from appl_top "
echo "+++++++++++++++++++++"
cd $APPL_TOP
find . -type f -mtime -1 -ls
echo "+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++"
############ Script ENDS Here ##############

### List File modified on Particular Date
find . -type f -newermt 2019-03-12 ! -newermt 2019-03-13 -ls

### List File modified from Specified Date
find . -type f -newermt 2019-03-12 -ls

### Script to compile invalid objects based on count
### It will spool the output for every run time
### Crontab Entry
### */30 5-17 * * 0-4 $HOME/compile_object.sh > /dev/null 2>&1

############ Script STARTS Here ##############
. /u01/test/db_home/12.1.0/TEST_testdb.env

sqlplus -s / as sysdba <<EOF
set serveroutput on;
spool compile_object.log
DECLARE
invd_count NUMBER;
BEGIN
SELECT COUNT(*) INTO invd_count FROM dba_objects WHERE status='INVALID';
IF invd_count > 0 THEN
dbms_output.put_line ('Invalid Object Count is :'||invd_count );
dbms_output.put_line ('LOOP Started' );
execute immediate 'ALTER MATERIALIZED VIEW apps.XX_OBJECT_mv COMPILE';
utl_recomp.recomp_parallel(2);
dbms_output.put_line ('LOOP Ended' );
END IF;
SELECT COUNT(*) INTO invd_count FROM dba_objects WHERE status='INVALID';
dbms_output.put_line ('Invalid Object Count is :'||invd_count );
END;
/
spool off;
EOF
############ Script ENDS Here ##############

### Generate tar script for run filesystem

select 'tar -cvzf /u02/EBS_BKP/R122_PROD_'|| SUBSTR(SUBSTR(PATH,0,INSTR(PATH,'/inst',1)),-4,3)
|| TO_CHAR(SYSDATE, '_DD_MON_YYYY')
||'.tar.gz '||
SUBSTR(PATH,0,INSTR(PATH,'/inst',1))||'EBSapps' tar_cmd from fnd_oam_context_files
where
NAME NOT IN ('TEMPLATE','METADATA')
and CTX_TYPE='A'
and status='S'
and text like '%<file_edition_type oa_var="s_file_edition_type">run</file_edition_type>%';

### Update the password for EBS user from backend
declare
cursor c1 is
Select * from fnd_user where user_id=8774;
begin
for cr1 in c1 loop
BEGIN
FND_USER_PKG.UPDATEUSER(x_user_name             => cr1.user_name
                         ,x_owner                 => NULL
                         ,x_unencrypted_password => 'welcome'
                         ,x_password_date         => SYSDATE
                         );
END;
end loop;
end;
/
commit;

Script to Change Apps & Weblogic Password in R12.2

### Note: Kindly Verify the scripts in TEST environment before using in PROD Instance

### Script to change the APPS and Weblogic Password
########### Script STARTS Here ###############

read -s -p "Enter the SYSTEM password: " SYSTEM_PWD
echo $'\n'
read -s -p "Enter the Source APPS Password: " APPS_OLD_PWD
echo $'\n'
read -s -p "Provide NEW APPS Password: " APPS_NEW_PWD
echo $'\n'
read -s -p "Enter Source Weblogic Password: " WLS_PWD
echo $'\n'
read -s -p "Provide New Weblogic Password: " WLS_NEW_PWD

cd $ADMIN_SCRIPTS_HOME
sh adadminsrvctl.sh start <<EOF
$WLS_PWD
$APPS_OLD_PWD
EOF

FNDCPASS apps/$APPS_OLD_PWD 0 Y system/$SYSTEM_PWD SYSTEM APPLSYS $APPS_NEW_PWD

cd $FND_TOP/patch/115/bin
perl txkManageDBConnectionPool.pl -options=updateDSPassword -contextfile=$CONTEXT_FILE <<EOF
$WLS_PWD
$APPS_NEW_PWD
EOF

cd $ADMIN_SCRIPTS_HOME
sh adautocfg.sh <<EOF
$APPS_NEW_PWD
EOF

### Change the Weblogic Password
cd $FND_TOP/patch/115/bin
perl txkUpdateEBSDomain.pl -action=updateAdminPassword -contextfile=$CONTEXT_FILE <<EOF
Yes
$WLS_PWD
$WLS_NEW_PWD
$APPS_NEW_PWD
EOF

echo "---------------------------------------------"
echo "Apps & Weblogic Password Changed Successfully"
echo "---------------------------------------------"

########### Script ENDS Here ###############

Workflow Mailer not working after configuring SSL in Oracle EBS R12.2

Issue Description:

We enabled TLS in Oracle EBS R12.2 and configured the Workflow Mailer (SMTP), the services started but the email was not sending. Workflow Mailer log file recorded SSL certificate not valid error.

Maintenance Scripts - Oracle Database

### Check the current Edition

select ad_zd.get_edition_type from dual;

### Changing the current Edition
exec ad_zd.set_edition('PATCH');

### Edition Details
select
aed.edition_name "Edition Name"
, ad_zd.get_edition_type(aed.edition_name) "Type"
, decode(use.privilege, 'USE', 'ACTIVE', 'RETIRED') "Status"
, decode(aed.edition_name, sys_context('userenv', 'current_edition_name'),
'CURRENT', '') "Current?"
from
all_editions aed
, database_properties prop
, dba_tab_privs use
where prop.property_name = 'DEFAULT_EDITION'
and use.privilege(+) = 'USE'
and use.owner(+) = 'SYS'
and use.grantee(+) = 'PUBLIC'
and use.table_name(+) = aed.edition_name
order by 1
/

### Display Edition level used objects & sessions
select
obj.object_name EDITION_NAME
, ses.STATUS STATUS
, ses.USERNAME USERNAME
, substr(ses.CLIENT_IDENTIFIER, 1, 10) CLIENT_ID
, ses.OSUSER OSUSER
, ses.SID||','||ses.serial# "SID,SERIAL#"
, ses.MACHINE
, substr(ses.PROGRAM, 1, 10) PROGRAM
, ses.TYPE
, substr(ses.MODULE, 1, 30) MODULE
, ses.ACTION
, ses.CLIENT_INFO
, ses.LOGON_TIME
, ses.SERVICE_NAME
from
v$session ses
, dba_objects obj
where obj.object_id = ses.SESSION_EDITION_ID
order by EDITION_NAME, STATUS, SQL_EXEC_START
/

### Dependencies of the Object
select
dep.OWNER OWNER
, dep.NAME OBJECT_NAME
, dep.TYPE OBJECT_TYPE
, dep.REFERENCED_OWNER
, dep.REFERENCED_NAME
, dep.REFERENCED_TYPE
from DBA_DEPENDENCIES dep
where dep.NAME = upper('&OBJECT_NAME')
and dep.referenced_type <> 'NON-EXISTENT'
and (dep.referenced_owner, dep.referenced_name) not in
(('SYS', 'STANDARD'))
order by 1, 2, 3, 4, 5
/

### Check the Edition view of the Object
select
evc.view_column_name view_column
, decode(evc.view_column_name, evc.table_column_name, '=', '===>') "->"
, evc.table_column_name table_column
from
user_synonyms syn
, dba_editioning_views ev
, dba_editioning_view_cols evc
where syn.synonym_name = upper('&OBJECT_NAME')
and ev.owner = syn.table_owner
and ev.view_name = syn.table_name
and evc.owner = ev.owner
and evc.view_name = ev.view_name
order by evc.owner, evc.view_name, evc.view_column_id
/

### To List all editioning views of custom table

select * from dba_editioning_views where table_name like 'XX%';

### To Create editioning views
exec ad_zd_table.upgrade('OWNER', 'TABLE_NAME')
Note: Above command creates an APPS synonym as well

### RMAN
select ctime "Date", decode(backup_type, 'L', 'Archive Log', 'D', 'Full', 'Incremental') backup_type, bsize "Size MB"
from (select trunc(bp.completion_time) ctime, backup_type, round(sum(bp.bytes/1024/1024),2) bsize
from v$backup_set bs, v$backup_piece bp
where bs.set_stamp = bp.set_stamp and bs.set_count = bp.set_count and bp.status = 'A'
group by trunc(bp.completion_time), backup_type) order by 1, 2;

select TAG, STATUS, START_TIME, round(ELAPSED_SECONDS,2)in_Min, DELETED, BYTES/1024/1024 Size_MB from v$backup_piece;

### SQL Tuning Advisor using SQL ID
DECLARE
l_sql_tune_task_id VARCHAR2(1000);
BEGIN
l_sql_tune_task_id := DBMS_SQLTUNE.create_tuning_task (
sql_id => '9zy3b5xvj1y2t',
scope => DBMS_SQLTUNE.scope_comprehensive,
time_limit => 120,
task_name => '9zy3b5xvj1y2t',
description => '9zy3b5xvj1y2t');
DBMS_OUTPUT.put_line('l_sql_tune_task_id: ' || l_sql_tune_task_id);
END;
/

begin
DBMS_SQLTUNE.execute_tuning_task(task_name => '9zy3b5xvj1y2t');
end;
/

SELECT DBMS_SQLTUNE.report_tuning_task('9zy3b5xvj1y2t') AS recommendations FROM dual;

### Generate trace for running session
SQL> exec dbms_monitor.session_trace_enable(session_id=>684, serial_num=>36892, waits=>TRUE, binds=>TRUE);
SQL> exec dbms_monitor.session_trace_disable(session_id=>684, serial_num=>36892);

SQL> oradebug setorapid 121 (v$process.PID)[OR]
SQL> oradebug setospid 17179 (v$process.SPID)
Oracle pid: 62, Unix process pid: 17179, image: oracle@test.example.com
SQL> oradebug unlimit
Statement processed.

SQL> oradebug event 10046 trace name context forever,level 12;
SQL> oradebug Event 10046 trace name context forever,level 8; -- Recommended for Performance

SQL> oradebug TRACEFILE_NAME; -- to show trace file name
SQL> oradebug event 10046 trace name context off
Statement processed.

tkprof DEV_ora_113386.trc DEV_ora_113386_tkp.txt explain=apps/apps sort=prsela,exeela,fchela

tkprof <file.trc> <file.prf> explain=apps/<password> sys=no sort='(prsela,exeela,fchela)'