Check ssl/tls security settings for your Oracle Weblogic, forms, reports
jdk 1.7.0_80 - sslv3 is disabled by default
To verify this, we can look for java.security file, which is under path <java_home>/jre/lib/security directory.
jdk.tls.disabledAlgorithms=SSLv3
Oracle Reports – Logs
for any runtime issues with reports, when running from form (like - from the qms report launch form ), you can try to increase the log level from em console (log32) and then look at this path - $DOMAIN_HOME/servers/WLS_REPORTS/logs/reports/rwEng-0_diagnostic.log
more steps can be followed-
- Stop WLS_REPORTS
- Delete all the files from $DOMAIN_HOME/servers/WLS_REPORTS/logs/reports
- Start WLS_REPORTS and the reports server(inprocess).
- Run the problematic report (only that one) and reproduce the issue.
- Make an archive of $DOMAIN_HOME/servers/WLS_REPORTS/logs/reports and upload it to the SR.
- check showjobs page to see the failed report appears there in the Failed Jobs page. Click on the red xt for failed report.
check the jar signing
cd $ORACLE_HOME/forms/java
$JAVA_HOME/bin/jarsigner -verify -verbose frmall.jar
When we apply jar signing patch, following jar files are affected:
frmgeneric_laf.jar,frmmain.jar, frmoracle_laf.jar, frmresources.jar, frmwebutil.jar
P Details: 19933795, 25645534(13nov17)
———————–silent installation steps—————————–
—————————————————————————–
weblogic 12C silent installation
1. silent install – installing weblogic Infrastructure
create a ora inventory file under path /u01/techs/apps/oraInst.loc” ( please use directory structure as per your server setup) with the following contents.
inventory_loc=/u01/techs/apps/oraInventory
inst_group=oinstall
create a response file name wl_infra.rsp
[ENGINE]
#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0
[GENERIC]
#The oracle home location. This can be an existing Oracle Home or a new Oracle Home
ORACLE_HOME=/u01/techs/apps/MiddlewareSI12C
#Set this variable value to the Installation Type selected. e.g. Fusion Middleware Infrastructure, Fusion Middleware Infrastructure With Examples.
INSTALL_TYPE=Fusion Middleware Infrastructure
#Provide the My Oracle Support Username. If you wish to ignore Oracle Configuration Manager configuration provide empty string for user name.
MYORACLESUPPORT_USERNAME=
#Provide the My Oracle Support Password
MYORACLESUPPORT_PASSWORD=
#Set this to true if you wish to decline the security updates. Setting this to true and providing empty string for My Oracle Support username will ignore the Oracle Configuration Manager configuration
DECLINE_SECURITY_UPDATES=true
#Set this to true if My Oracle Support Password is specified
SECURITY_UPDATES_VIA_MYORACLESUPPORT=false
#Provide the Proxy Host
PROXY_HOST=
#Provide the Proxy Port
PROXY_PORT=
#Provide the Proxy Username
PROXY_USER=
#Provide the Proxy Password
PROXY_PWD=
#Type String (URL format) Indicates the OCM Repeater URL which should be of the format [scheme[Http/Https]]://[repeater host]:[repeater port]
COLLECTOR_SUPPORTHUB_URL=
Now cd into the directory where you have placed the weblogic infrastructure software and run the following commands –
silent installation with custom temp path
-Djava.io.tmpdir=/var/ctmp/
techs_wlusr: [/u01/techs/apps/products/upload12c]> $JAVA_HOME/bin/java -jar fmw_12.2.1.0.0_infrastructure.jar -silent -responseFile /u01/techs/apps/products/upload/inst_proc/infra.rsp -invPtrLoc /u01/techs/apps/oraInventory/oraInst.loc
Launcher log file is /tmp/OraInstall2018-01-03_10-38-51AM/launcher2018-01-03_10-38-51AM.log.
Extracting files...............
Starting Oracle Universal Installer
Checking if CPU speed is above 300 MHz. Actual 2600.000 MHz Passed
Checking swap space: must be greater than 512 MB. Actual 1023 MB Passed
Checking if this platform requires a 64-bit JVM. Actual 64 Passed (64-bit not required)
Checking temp space: must be greater than 300 MB. Actual 387 MB Passed
Preparing to launch the Oracle Universal Installer from /tmp/OraInstall2018-01-03_10-38-51AM
Log: /tmp/OraInstall2018-01-03_10-38-51AM/install2018-01-03_10-38-51AM.log
Copyright (c) 1996, 2015, Oracle and/or its affiliates. All rights reserved.
Reading response file..
Skipping Software Updates
Starting check : CertifiedVersions
Expected result: One of oracle-6,oracle-7,redhat-7,redhat-6,SuSE-11
Actual Result: redhat-6
Check complete. The overall result of this check is: Passed
CertifiedVersions Check: Success.
Starting check : CheckJDKVersion
Problem: This JDK version was not certified at the time it was made generally available. It may have been certified following general availability.
Recommendation: Check the Supported System Configurations Guide (http://www.oracle.com/technetwork/middleware/ias/downloads/fusion-certification-100350.html) for further details. Press "Next" if you wish to continue.
Expected result: 1.8.0_51
Actual result: 1.8.0_151
Warning: Check:CheckJDKVersion completed with warnings.
Validations are enabled for this session.
Verifying data
Copying Files
Percent Complete : 10
Percent Complete : 20
Percent Complete : 30
Percent Complete : 40
Percent Complete : 50
Percent Complete : 60
Percent Complete : 70
Percent Complete : 80
Percent Complete : 90
Visit http://www.oracle.com/support/policies.html for Oracle Technical Support policies.
Percent Complete : 100
The installation of Oracle Fusion Middleware 12c Infrastructure 12.2.1.0.0 completed successfully.
Logs successfully copied to /u01/techs/apps/oraInventory/logs.
2. once Infrastructure is installed, now install forms and reports, create a response file as forms.rsp
[ENGINE]
#DO NOT CHANGE THIS.
Response File Version=1.0.0.0.0
[GENERIC]
#Set this to true if you wish to skip software updates
DECLINE_AUTO_UPDATES=true
#
MOS_USERNAME=
#
MOS_PASSWORD=
#If the Software updates are already downloaded and available on your local system, then specify the path to the directory where these patches are available and set SPECIFY_DOWNLOAD_LOCATION to true
AUTO_UPDATES_LOCATION=
#
SOFTWARE_UPDATES_PROXY_SERVER=
#
SOFTWARE_UPDATES_PROXY_PORT=
#
SOFTWARE_UPDATES_PROXY_USER=
#
SOFTWARE_UPDATES_PROXY_PASSWORD=
#The oracle home location. This can be an existing Oracle Home or a new Oracle Home
ORACLE_HOME=/u01/techs/apps/Middleware
#Set this variable value to the Installation Type selected as either Standalone HTTP Server (Managed independently of WebLogic server) OR Colocated HTTP Server (Managed through WebLogic server)
INSTALL_TYPE=Forms and Reports Deployment
Now run the installer with rsp file for forms and reports
cd $SOFT_INSTALL
./fmw_12.2.1.3.0_fr_linux64.bin -J-Djava.io.tmpdir=/var/tmp -silent -responseFile /u01/techssoft/techsfr12c/forms.rsp -invPtrLoc /u01/techssoft/oraInventory/oraInst.loc
techs_wlusr: [/u01/techs/apps/products/upload12c]>./fmw_12.2.1.0.0_fr_linux64.bin -silent -response /u01/techs/apps/products/upload/inst_proc/forms.rsp -invPtrLoc /u01/techs/apps/oraInventory/oraInst.loc
0%...................................................................................................100%
Launcher log file is /tmp/OraInstall2018-01-03_11-14-17AM/launcher2018-01-03_11-14-17AM.log.
Option "-response" is deprecated; use "-responseFile" instead.
Starting Oracle Universal Installer
Checking if CPU speed is above 300 MHz. Actual 2600.000 MHz Passed
Checking swap space: must be greater than 512 MB. Actual 1023 MB Passed
Checking if this platform requires a 64-bit JVM. Actual 64 Passed (64-bit not required)
Checking temp space: must be greater than 300 MB. Actual 577 MB Passed
Preparing to launch the Oracle Universal Installer from /tmp/OraInstall2018-01-03_11-14-17AM
Log: /tmp/OraInstall2018-01-03_11-14-17AM/install2018-01-03_11-14-17AM.log
Copyright (c) 1999, 2015, Oracle and/or its affiliates. All rights reserved.
Reading response file..
-nocheckForUpdates / SKIP_SOFTWARE_UPDATES flag is passed and hence skipping software update
Skipping Software Updates
Starting check : CertifiedVersions
Expected result: One of oracle-7,redhat-7,redhat-6,oracle-6,SuSE-11
Actual Result: redhat-6
Check complete. The overall result of this check is: Passed
CertifiedVersions Check: Success.
Starting check : Packages
Checking for binutils-2.20.51.0.2; found binutils-2.20.51.0.2-5.47.el6_9.1-x86_64. Passed
Checking for compat-libcap1-1.10; found compat-libcap1-1.10-1-x86_64. Passed
Checking for compat-libstdc++-33-3.2.3-x86_64; found compat-libstdc++-33-3.2.3-69.el6-x86_64. Passed
Checking for libgcc-4.4.4-x86_64; found libgcc-4.4.7-18.el6-x86_64. Passed
Checking for libstdc++-4.4.4-x86_64; found libstdc++-4.4.7-18.el6-x86_64. Passed
Checking for libstdc++-devel-4.4.4-x86_64; found libstdc++-devel-4.4.7-18.el6-x86_64. Passed
Checking for sysstat-9.0.4; found sysstat-9.0.4-33.el6-x86_64. Passed
Checking for gcc-4.4.4; found gcc-4.4.7-18.el6-x86_64. Passed
Checking for gcc-c++-4.4.4; found gcc-c++-4.4.7-18.el6-x86_64. Passed
Checking for make-3.81; found make-1:3.81-23.el6-x86_64. Passed
Checking for glibc-2.12-x86_64; found glibc-2.12-1.209.el6_9.2-x86_64. Passed
Checking for glibc-devel-2.12-x86_64; found glibc-devel-2.12-1.209.el6_9.2-x86_64. Passed
Checking for libaio-0.3.107-x86_64; found libaio-0.3.107-10.el6-x86_64. Passed
Checking for libaio-devel-0.3.107-x86_64; found libaio-devel-0.3.107-10.el6-x86_64. Passed
Checking for openmotif-2.3.3; found openmotif-2.3.3-9.el6-x86_64. Passed
Checking for openmotif22-2.2.3; found openmotif22-2.2.3-19.el6-x86_64. Passed
Check complete. The overall result of this check is: Passed
Packages Check: Success.
Starting check : Kernel
Checking for VERSION=2.6.32; found VERSION=2.6.32-696.13.2.el6.x86_64. Passed
Checking for hardnofiles=4096; found hardnofiles=65536. Passed
Checking for softnofiles=4096; found softnofiles=65536. Passed
Check complete. The overall result of this check is: Passed
Kernel Check: Success.
Starting check : TotalMemory
Expected result: 1024MB
Actual Result: 7996MB
Check complete. The overall result of this check is: Passed
TotalMemory Check: Success.
Starting check : CheckJDKVersion
Expected result: 1.8.0_51
Actual Result: 1.8.0_51
Check complete. The overall result of this check is: Passed
CheckJDKVersion Check: Success.
Validations are enabled for this session.
Verifying data
Copying Files
Percent Complete : 10
Percent Complete : 20
Percent Complete : 30
Percent Complete : 40
Percent Complete : 50
Percent Complete : 60
Percent Complete : 70
Percent Complete : 80
Percent Complete : 90
Percent Complete : 100
The installation of Oracle Forms and Reports 12.2.1.0.0 completed successfully.
Logs successfully copied to /u01/techs/apps/oraInventory/logs.
Moving 12c Fusion middleware repository (rcu) to other database
backup the rcu database and restore to the new datanase
now we need to update the Middleware side configuration files.
change the environment, like tnsnames.ora
check for firewall connectivity between fussion middleware and new db server is in place
check for OPSS schema password and if its expired, reset it
Resetting the database password for OPSS Schema
export ORACLE_HOME= path to db home
export ORACLE_SID=service name
$ORACLE_HOME/bin/sqlplus / as sysdba
SQL> alter user _OPSS identified by ;
Test the connection ==> conn _OPSS
Encrypt the new schema password for security reasons
$DOMAIN_HOME/bin/setDomainEnv.sh
java weblogic.security.Encrypt
take a back up of the data source directory
$DOMAIN_HOME/config/jdbc and change the password-encrypted, new DB address.
(i) LocalSvcTblDataSource-jdbc.xml
(ii) opss-audit-jdbc.xml
(iii) opss-auditview-jdbc.xml
(iv) opss-datasource-jdbc.xml
Example below change the password-encrypted line
opss-data-source
jdbc:oracle:thin:@//localhost:1521/DB.IN.ORACLE.COM
oracle.jdbc.OracleDriver
user
DEV2_OPSS
{AES}CC6zddCDAKKnntoJHupf8TuCkmbPkDoRf2PfwCynaq8=
SQL ISVALID
Now take backup of the following directory
$DOMAIN_HOME/config/fmwconfig/jps-config.xml
now change the file to refer to the new db server
Now Modufy the boot strap of the password using WLST:-
cd $FMW_HOME/oracle_common/common/bin
wlst.sh
modifyBootStrapCredential(jpsConfigFile=’/refresh/home/Oracle/Middleware/Oracle_Home/user_projects/domains/base_domain/config/fmwconfig/jps-config-jse.xml’,username=’DEV_OPSS’,password=’welcome1′)
start the Admin Server
Note: Above steps are not valid for the MDS schema, as per 12c documentation, MDS schema db cannot be changed
LINUX number of open files and processes to be increase
/etc/security/limits.conf
Possible values
-------------------------------------------------------
* soft nofile 4096
* hard nofile 65536
* soft nproc 2047
* hard nproc 16384
* soft core 0
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#@student - maxlogins 4
appuser soft nproc 4096
appuser hard nproc 4096