OEM 12c SSL Certificate Swapping (HowTo)

“This Connection is Untrusted” error message

Oracle Enterprise Manager out of the box, comes with demonstration SSL certificates that are generally okay for getting the basic system up and running, but should not be left as your long-term solution for SSL/HTTPS connections to your Oracle Management Server (OMS).

Similar to how e-Business Suite installations delivered a DEMO Certificate Authority certificate with the bundled Internet Application Server (iAS) installation, OEM packages do the same thing.  But eventually, forced by browser and client workstation OS upgrades, you will eventually need to install “real” certificates by a true trusted Root Certification Authority (RCA) so that your client browsers don’t begin rejecting encrypted connections to your OMS.

If you search for SSL Certificate authorities, there are many well-known public RCA’s  such as, DigiCert, Verisign, Thawte, GeoTrust, and others, or even those available from your domain registrar.  Larger organizations probably have their own Certificate Authority signing server on-premise that allow generation of trusted certificates, as well. The only really important thing is that the CA is actually available in your browser and OS as a Trusted Root Authority, and that the signing chain is verifiable to prevent issues with SSL/HTTPS handshaking.  For each middle-tier OMS host, or virtual host if you are set up for high-availability with multiple WebLogic servers, a certificate request is generated, signed and then imported back into the keychains related to the OMS Weblogic hosts, and the OMS Servicing Agents (the OEM Agents installedo on the OMS middle-tier hosts.)

Once a new certificate is installed to the OMS itself (in WebLogic), you will also need to install the related RCA to the OMS-side OEM Agent servicing all of the connections to the other OEM Agents, so that they too, will be SSL enabled.

# OEM SSL Certificate swapping
#    EM 12c Cloud Control: How to Create a Wallet With Third Party Trusted Certificate that Can Be Imported into the OMS Console application ? (Doc ID 1937457.1)
#     EM 12c: Steps to Create and Import Third Party / Self-Signed SSL Certificates for WebLogic Server in an Enterprise Manager 12c Cloud Control Installation (Doc ID 1527874.1)
STAGE_DIR=/mnt/nfs/FMW/certs
EM_INSTANCE_HOME=/oemgc/Oracle/gc_inst2/em/EMGC_OMS1      #WebTierIH2 OHS/ohs2 on (alternate hostname

oemmgr@(primary hostname) $> cd $STAGE_DIR

oemmgr@(primary hostname) $> cat import.sh
export JAVA_JREBIN=$JAVA_HOME/jre/bin
export CERTS=/mnt/nfs/FMW/certs
$JAVA_JREBIN/keytool -import -file $CERTS/ORGPOLICYCA.cer -trustcacerts -alias ORGROOTCA -storepass changeit -noprompt  -keystore $JAVA_HOME/jre/lib/security/cacerts
$JAVA_JREBIN/keytool -import -file $CERTS/ORGROOTCA.cer -trustcacerts -alias ORGRootPolicyCA -storepass changeit -noprompt   -keystore $JAVA_HOME/jre/lib/security/cacerts
$JAVA_JREBIN/keytool -import -file $CERTS/ORGHOSTISSUECA1.cer -trustcacerts -alias ORGHOSTissueca1 -storepass changeit -noprompt  -keystore  $JAVA_HOME/jre/lib/security/cacerts

oemmgr@(primary hostname) $> . ./import.sh
Certificate was added to keystore
Certificate was added to keystore
Certificate was added to keystore

# Determine keystore directory (found by locating your Oracle Home Service (OHS) installation filesystem)
oemmgr@(primary hostname) $> ps -ef | grep ohs
oemmgr     873  9334  0 Jan13 ?        00:47:48 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/httpd.worker -DSSL
oemmgr    9334  9305  0 Jan13 ?        00:00:06 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/httpd.worker -DSSL
oemmgr    9342  9334  0 Jan13 ?        00:00:11 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/odl_rotatelogs -l /oemgc/Oracle/gc_inst2/WebTierIH1/diagnostics/logs/OHS/ohs1/ohs1-%Y%m%d%H%M%S.log 10M 70M
oemmgr    9344  9334  0 Jan13 ?        00:00:11 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/odl_rotatelogs /oemgc/Oracle/gc_inst2/WebTierIH1/diagnostics/logs/OHS/ohs1/access_log 10M 100M
oemmgr    9345  9334  0 Jan13 ?        00:00:01 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/odl_rotatelogs /oemgc/Oracle/gc_inst2/WebTierIH1/diagnostics/logs/OHS/ohs1/em_upload_http_access_log 10M 100M
oemmgr    9346  9334  0 Jan13 ?        00:02:13 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/odl_rotatelogs /oemgc/Oracle/gc_inst2/WebTierIH1/diagnostics/logs/OHS/ohs1/em_upload_https_access_log 10M 100M
oemmgr    9349  9334  0 Jan13 ?        00:00:07 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/odl_rotatelogs /oemgc/Oracle/gc_inst2/WebTierIH1/diagnostics/logs/OHS/ohs1/mod_wl_ohs.log 10M 100M
oemmgr    9350  9334  0 Jan13 ?        00:00:00 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/odl_rotatelogs -l -h:/oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/component_events.xml_ohs1 /oemgc/Oracle/gc_inst2/WebTierIH1/auditlogs/OHS/ohs1/audit-pid9334-%Y%m%d%H%M%S.log 1M 4M
oemmgr    9351  9334  0 Jan13 ?        00:00:28 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/httpd.worker -DSSL
oemmgr    9352  9334  0 Jan13 ?        00:47:55 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/httpd.worker -DSSL
oemmgr    9353  9334  0 Jan13 ?        00:47:52 /oemgc/Oracle/MW3/Oracle_WT/ohs/bin/httpd.worker -DSSL

# Confirm settings
oemmgr@(primary hostname) $> grep keystore /oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/ssl.conf
SSLWallet file:/oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/keystores/console

# Stage copy of revised CA wallet                                  #WebTierIH2/config/OHS/ohs2 on (secondary hostname)
oemmgr@(primary hostname) $> cp -r /mnt/nfs/FMW/certs/oemgc.domain /oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/keystores
cp -r /mnt/nfs/FMW/certs/oemgc.domain /oemgc/Oracle/gc_inst2/WebTierIH2/config/OHS/ohs2/keystores

# Check permissions 770 on wallet dir, 600 on wallets
oemmgr@(secondary hostname) $> ls -la /oemgc/Oracle/gc_inst2/WebTierIH2/config/OHS/ohs2/keystores/oemgc.domain
ls -la /oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/keystores/oemgc.domain
total 32
drwxrwx— 2 oemmgr oinstall  4096 Mar  9 12:50 .
drwx—— 7 oemmgr oinstall  4096 Mar  9 12:50 ..
-rw——- 1 oemmgr oinstall 11653 Mar  9 12:50 cwallet.sso
-rw——- 1 oemmgr oinstall 11576 Mar  9 12:50 ewallet.p12

# Primary wallet for the OMS console
oemmgr@(primary hostname) $> cd /oemgc/Oracle/MW3/oracle_common/bin
oemmgr@(primary hostname) $> ./orapki wallet display -wallet /oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/keystores/console
Oracle PKI Tool : Version 11.1.1.7.0
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Subject:        CN=oemgc.domain
Trusted Certificates:
Subject:        CN=(primary hostname).domain,C=US,ST=CA,L=EnterpriseManager on (primary hostname).domain,OU=EnterpriseManager on (primary hostname).domain,O=EnterpriseManager on (primary hostname).domain

# Confirm new wallet contents
oemmgr@(primary hostname) $> ./orapki wallet display -wallet /oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/keystores/oemgc.domain
Oracle PKI Tool : Version 11.1.1.7.0
Copyright (c) 2004, 2013, Oracle and/or its affiliates. All rights reserved.

Requested Certificates:
User Certificates:
Subject:        CN=*.domain,OU=Information Technology,O=ORG My Org,L=My City,ST=California,C=US
Trusted Certificates:
Subject:        OU=Class 2 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        CN=ORG POLICY CA
Subject:        CN=GTE CyberTrust Global Root,OU=GTE CyberTrust Solutions\, Inc.,O=GTE Corporation,C=US
Subject:        CN=ORG ROOT CA
Subject:        CN=HOSTISSUECA1,DC=fss,DC=ORG,DC=com
Subject:        OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
Subject:        OU=Class 1 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

#Add certificates to monitoring agent for the OMS:
cd $AGENT_HOME/bin
./emctl stop agent
# Default jks keyring password – welcome
./emctl secure add_trust_cert_to_jks -trust_certs_loc /mnt/nfs/FMW/certs/ORGROOTCA.cer -alias ORGROOTCA
./emctl secure add_trust_cert_to_jks -trust_certs_loc /mnt/nfs/FMW/certs/ORGPOLICYCA.cer -alias ORGPOLICYCA
./emctl secure add_trust_cert_to_jks -trust_certs_loc /mnt/nfs/FMW/certs/ORGHOSTISSUECA1.cer -alias HOSTISSUECA1
./emctl start agent

# Support virtual host ignore hostname verification
export EM_COMMON_JAVA_OPTIONS=”-Dweblogic.security.SSL.ignoreHostnameVerification=true -Djava.security.egd=file:///dev/./urandom -Dweblogic.log.FileName=/oemgc/Oracle/gc_inst2/em/EMGC_OMS1/sysman/log/wls.log”

# Backup the EM_INSTANCE_BASE/em/EMGC_OMS1/emgc.properites file
cd /oemgc/Oracle/gc_inst2/em/EMGC_OMS1                               #OMS2 on (secondary hostname)
cp emgc.properties emgc.properties_selfsign

# Requires SYSMAN password
# (secondary hostname)
$OMS_TOP/bin/emctl secure console -wallet /oemgc/Oracle/gc_inst2/WebTierIH2/config/OHS/ohs2/keystores/oemgc.domain

# Example output
# Oracle Enterprise Manager Cloud Control 12c Release 5
# Copyright (c) 1996, 2015 Oracle Corporation.  All rights reserved.
# Securing Console… Started.
# Enter Enterprise Manager Root (SYSMAN) Password :
# Securing Console… Successful
# Restart OMS

# (primary hostname)
$OMS_TOP/bin/emctl secure console -wallet /oemgc/Oracle/gc_inst2/WebTierIH1/config/OHS/ohs1/keystores/oemgc.domain
$OMS_TOP/bin/emctl stop oms
$OMS_TOP/bin/emctl start oms

# 10-JUN-2016 Addendum – enable emcli login by establishing trust for the new certificate

oemmgr@(primary hostname)$> ./emcli setup -url=https://oemgc.auca.corp:7799/em -username=”SYSMAN” -password=$SYSMAN_PW

Oracle Enterprise Manager 12c Release 5.
Copyright (c) 1996, 2015 Oracle Corporation and/or its affiliates. All rights reserved.

The configuration directory “/home/oemmgr” may not be local. See the “dir” option in the help for the setup command.
Do you want to continue using this directory? [yes/no] yes

Warning: This certificate has not been identified as trusted in the local trust store
————————————–
[<blah – lots of cryptic information about the new certificate>
]
————————————–
Do you trust the certificate chain? [yes/no] yes
Emcli setup successful

# Test emcli connectivity

oemmgr@(primary hostname)$> ./emcli login -username=”SYSMAN” -password=$SYSMAN_PW

Login successful

#Section 4: Rolling back to the Demonstration WLS Certificate
#If you need to switch back the WLS components in the OMS installation to use the default WebLogic Server demonstration certificates, execute the following steps on each OMS.

1.Stop the OMS:

cd <OMS_HOME>/bin
emctl stop oms

2.Run the following command:

cd <OMS_HOME>/bin>
emctl secure wls -use_demo_cert
emctl secure console -self_signed

3.Stop the OMS:

cd <OMS_Home>/bin
emctl stop oms -all

4.Start the OMS:

cd <OMS_Home>/bin
emctl start oms

Advertisement

DataGuard and OEM 12c OMS DB Failover Configuration

# When Oracle DataGuard high-availability for the OMS database is configured using the OEM DataGuard Administration Wizard, and fast-start failover is configured, fail-overs automatically rename the standby as primary, and vice-versa and establish the change-over in roles.  While this accomplishes the database staying online and available on the secondary host (or all other databases in the DG group), the Enterprise Manager OMS must be told how to connect to it – preferably transparently.

# DataGuard OMS Registration
# Enterprise Manager Grid Control 11g: How to Configure the OMS Connect String when Repository is in a Dataguard setup (Doc ID 1328768.1)
# OEMPR11 is our primary DB SID/Service Name
# OEMPR11_DGMGRL is our alias for the fail-over service (pointing to all DG instances)

SQLPLUS as SYS:
SQL> exec DBMS_SERVICE.CREATE_SERVICE (service_name => ‘OEMPR11_DGMGRL’,network_name => ‘OEMPR11_DGMGRL’,aq_ha_notifications => true,failover_method => ‘BASIC’,failover_type => ‘SELECT’,failover_retries => 180,failover_delay => 1);

SQL> exec dbms_service.start_service(‘OEMPR11_DGMGRL’);

# Verify operation:

$> lsnrctl services     # Should see the new OEMPR11_DGMGRL service listed

# Create a Database Trigger so that the service can be stopped when the Database role becomes standby and started only when the Database role is Primary:

SQL> CREATE OR REPLACE TRIGGER manage_OCIservice after startup on database
DECLARE
role VARCHAR(30);
BEGIN
SELECT DATABASE_ROLE INTO role FROM V$DATABASE;
IF role = ‘PRIMARY’ THEN
DBMS_SERVICE.START_SERVICE(‘OEMPR11_DGMGRL’);
ELSE
DBMS_SERVICE.STOP_SERVICE(‘OEMPR11_DGMGRL’);
END IF;
END;

# Re-configure the OMS (All MT hosts) to have the connection string as:
$>  cd <OMS_HOME>/bin
# Following is a single-line command (basically an entire JDBC style connect string)
$> ./emctl config oms -store_repos_details -repos_conndesc ‘(DESCRIPTION=(FAILOVER=ON)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=<primaryDBHostnameFQDN>)(PORT=1522))(ADDRESS=(PROTOCOL=TCP)(HOST=<secondaryDBHostnameFQDN>)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=OEMPR11_DGMGRL))(FAILOVER_MODE=(TYPE=select)(METHOD=basic)))’ -repos_user sysman

# Example output
$> ./emctl config oms <…> TYPE=select)(METHOD=basic)))’ -repos_user sysman               <
Oracle Enterprise Manager Cloud Control 12c Release 5
Copyright (c) 1996, 2015 Oracle Corporation.  All rights reserved.
Enter Repository User’s Password :
Successfully updated datasources and stored repository details in Credential Store.
If there are multiple OMSs in this environment, run this store_repos_details command on all of them.
And finally, restart all the OMSs using ’emctl stop oms -all’ and ’emctl start oms’.
It is also necessary to restart the BI Publisher Managed Server.

# Add the tnsnames.ora entry (all DB hosts at minimum)
OEMPR11_DGMGRL=
(DESCRIPTION=
(ADDRESS_LIST=
(ADDRESS=(PROTOCOL=TCP)(HOST=<primaryDBHostnameFQDN>)(PORT=1522))
(ADDRESS=(PROTOCOL=TCP)(HOST=<secondaryDBHostnameFQDN>)(PORT=1521))
)
(CONNECT_DATA=(SERVICE_NAME=OEMPR11_DGMGRL))
(FAILOVER_MODE=(TYPE=select)(METHOD=basic))
)

# Testing connectivity:

$> sqlplus sysman/$SYSMAN_PW@'(DESCRIPTION=(FAILOVER=ON)(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=<primaryDBHostnameFQDN>)(PORT=1522))(ADDRESS=(PROTOCOL=TCP)(HOST=<secondaryDBHostnameFQDN>)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=OEMPR11_DGMGRL))(FAILOVER_MODE=(TYPE=select)(METHOD=basic)))’

# Test the Failover Service:

# Connect to the Database from sqlplus using SYSMAN user via the new service created above:

$> sqlplus sysman/$SYSMAN_PW@OEMPR11_DGMGRL

# Execute these queries to verify the Database name and service names:

SQL> select db_unique_name from v$database;

DB_UNIQUE_NAME
——————-
OEMPR11

SQL> show parameter service_names

NAME            TYPE     VALUE
————-   ——-  ————————————
service_names   string   OEMPR11, OEMPR11_DGMGRL

# Re-start the OMS once so that the connection string change is saved:

cd <OMS_HOME>/bin
./emctl stop oms -all    #on AdminServer MT
./emctl stop oms         #other MTs
./emctl start oms

What’s New Features in Oracle Enterprise Manager (OEM) Cloud Control 12c Release 5 (12.1.0.5)

I kept getting asked what’s new in Release 5 – so here’s the summary of what’s changed since 12.1.0.4.0 (the prior release for the past 12 months):

http://www.oracle.com/technetwork/oem/grid-control/downloads/index.html

http://docs.oracle.com/cd/E24628_01/doc.121/e25353

What’s New in Enterprise Manager Cloud Control 12c Release 5 (12.1.0.5)

•     Oracle Cloud Management (Hybrid Cloud)
•     Database Plug-in 12.1.0.8 Features
•     Fusion Middleware Plug-in 12.1.0.8 Features
•     Cloud Management Plug-in 12.1.0.10 Features
•     Chargeback and Consolidation Planner Plug-in 12.1.0.7 Features
•     Virtual Infrastructure Plug-in 12.1.0.2

Oracle Cloud Management (Hybrid Cloud) – This enhancement is new in Enterprise Manager Cloud Control Release 5 (12.1.0.5).
Enterprise Manager Cloud Control now provides you with a single pane of glass for monitoring and managing both your on-premise and Oracle Cloud deployments, all from the same management console. By deploying Management Agents onto the Oracle Cloud virtual hosts serving your Oracle Cloud services, you are able to manage Oracle Cloud targets just as you would any other targets. The communication between Management Agents and your on-premise Oracle management service instances is secure from external interference. Support is provided for managing Oracle Database and Fusion Middleware PaaS targets, as well as JVMD support for monitoring JVMs on your Oracle Cloud virtual hosts.

Oracle Cloud Management includes the following key features:

•     Automated agent deployment and configuration
•     Database and Java PaaS instances monitoring
•     Incident management including notifications and ticketing integration
•     Configuration management including Search and Inventory, comparison between on-premise and cloud instances, configuration history, and compliance
•     Cloning between on-premise and Oracle Cloud
•     One-off patching of Oracle Cloud database instances

Database Plug-in 12.1.0.8 Features

• Snap Clone Leveraging Sparse Clones on Exadata
  You can now create a Test Master pluggable database (PDB) to use as the snapshot source for thin cloning on Exadata ACFS.
  For functional testing scenarios, for example on development or testing systems, business IT users now have on-demand access to production data copies without incurring the penalty of multi-terrabyte storage.
• Data Cloning to Oracle Cloud
  With this release you have the following data cloning to Oracle Cloud options:
  • Like-to-like cloning: on premise to-from Oracle Private Cloud:
    Enterprise Manager12c PDB to 12c PDB, assuming the containers exist on both sides
    Regular non-container dedicated database to dedicated database
  • Like-to-unlike data migration:
    Regular to PDB migration where the source is an on-premise non-PDB database and the data is migrated to a cloud based PDB
    PDB to normal database migration where the source is a PDB on an Oracle PaaS cloud and data and schema are migrated to a non-container CDB on premise

Fusion Middleware Plug-in 12.1.0.8 Features

• Generic JVM Provisioning for Private Cloud
  This feature enables self-service users to provision non-Oracle middleware components as cloud services. It also uses Enterprise Manager’s chargeback and quota management capabilities to enable administrators to limit service usage based on organizational policies.
• JVMD Support for PaaS
  Enterprise Manager Cloud Control now enables you to deploy JVMD agents on your Oracle Cloud virtual hosts. These deployed JVMD agents can report to a JVMD engine deployed in your private network. This feature enables you to monitor the JVMs deployed on the virtual hosts running your Oracle Cloud services as well as the JVMs deployed on the hosts in your private network using a single console, for example Enterprise Manager Cloud Control deployed in your private network.
• Middleware Self Service Portal Support for Virtual Java as a Service with Exalogic Systems
  WebLogic services that have been provisioned on Exalogic systems using Service Manager can now be viewed in the Cloud Self Service Portal as part of the Exalogic Private Cloud service family.
• MWaaS on Solaris SPARC
  This project integrates MWaaS with the Oracle Enterprise Manager Ops Center. It provides the ability to dynamically add or remove the virtual hardware in a MWaaS cloud.

Cloud Management Plug-in 12.1.0.10 Features

• Dynamic Scaling of PaaS Zone Through Integration with the Sun Solaris SPARC Ops Center 12c Adapter
  Enterprise Manager 12c is integrated with the Ops Center through the Sun Solaris SPARC adapter. An instance of this registered adapter is used by the associated PaaS Infrastructure zone to provision or delete VMs on demand. The communication with the Ops Center server is achieved through the use of a client kit.
  This integration enables customers to provide layered services capability in a private cloud, for example DBaaS using a Solaris VM based IaaS. Any spike in compute demand can now be handled instantly by cloud administrators.
• DBaaS PaaS Provider Pools Integration with Ops Center
  Administrators can now increase the capacity of a DBaaS pool by clicking a single button. Doing this transparently provisions a virtual machine or cluster through the associated Ops Center adapter attached to the PaaS zone. It also deploys the requisite software components, for example Enterprise Manager Agent, Grid Infrastructure, Oracle Database and so on, through the gold image provisioning or by cloning from an existing reference member of the pool.
  Compute resource scarcity at PaaS provider level results in the failure of self service provisioning requests. This integration helps SSA administrators to respond to such failures promptly.
• Clone to Oracle Cloud
  Administrators now have the ability to create a full clone of an Enterprise Manager 12c pluggable database amongst existing container databases within the on-premise IT infrastructure or to an Oracle Cloud. Administrators can also clone a service from on-premise to Oracle PaaS and vice-versa. The cloning is supported in two broad categories:
  •     Peer-peer clone: Clones directly from an on-premise target to Oracle Cloud.
  •     Clone through the Software Library: Administrators can archive a gold image into the Software Library in one step and then deploy it in a separate step.

Chargeback and Consolidation Planner Plug-in 12.1.0.7 Features

• Host Consolidation Support for Oracle Cloud Shapes
  Oracle Enterprise Manager now provides host consolidation support for Oracle Cloud shapes. When creating scenarios for physical server to physical server (P2P) consolidations that target new or phantom destinations, you can choose physical machines configured in the Oracle cloud by selecting the cloud computing configuration, or shape, to use as the destination. Oracle provides a wide range of shapes to help you select a combination of processing power and memory for your instances that best suits your business requirements.

Virtual Infrastructure Plug-in 12.1.0.2

• Dynamic Resource Provisioning Support
  Through integration with Oracle Enterprise Manager Ops Center, dynamic on-demand resource provisioning enables Oracle Cloud and self service administrators to dynamically increase or decrease resources in their private cloud setup based on usage requirements. Resources can either be infrastructure resources such as hosts (based on virtual machines) or platform resources such as middleware and database Oracle homes. Resources can be dynamically added when additional service instances need to be provisioned due to high usage or decreased if existing resources are not being used.

That’s it, in a nutshell.

Run #em12c on #db12c? – Discussion from Oracle Open World (MOS Note: 1920632.1)

We also discussed this during the EM4APPS SIG Meeting
https://jhlui1.wordpress.com/2014/08/26/oow14-oracle-enterprise-management-for-applications-sig-mtg-928-mw3003-330p-415p/

Ok Folks, I’ve been here are Oracle Open World for a few days now.  In that time, I’ve had numerous conversations about running Oracle Enterprise Manager 12c on Oracle Database 12c.  I will be honest and say that I’ve enjoyed these conversations; however, after about the fourth time I decided I need to write a quick post on the explanation discussed in these conversations.  

Early this year (August) I wrote a post about the what came out of the OEM CAB in May 2014 and how to get OEM 12c to work on DB12c.  The concept of running OEM 12c on DB12c, pluggable or not, have many people excited and looking forward to configuring OEM to do that very configuration.  Heck, I’ve even installed it for a few customers in that configuration (non-PDB).  So I’m a bit sad in having to say this:  ORACLE DATABASE 12c SUPPORT FOR…

View original post 211 more words

Existing OEM 12c Agent Fails Startup and Resecure on Hostname Change

Had an issue where the hostname (on Oracle Enterprise Linux 5.9 – OEL 64-bit) happened to have an incorrect hostname and alias when I had already installed the OEM 12c (12.1.0.3) Agent. Thus the OMS repository targets were all named incorrectly, even though the Agent was secured and registered. (This was a new database host).

In the $AGENT_HOME/sysman/log/emagent.nohup log was the following:

— EMState agent
—– Sat Mar 1 10:42:22 2014::10437::Auto tuning the agent at time Sat Mar 1
10:42:22 2014 —–
—– Sat Mar 1 10:42:23 2014::10437::Finished auto tuning the agent at time Sat Mar 1 10:42:23 2014 —–
—– Sat Mar 1 10:42:23 2014::10437::Launching the JVM with following options: -Xmx128M -server -Djava.security.egd=file:///dev/./urandom -Dsun.lang.ClassLoader.allowArraySyntax=true -XX:+UseLinuxPosixThreadCPUClocks -XX:+UseConcMarkSweepGC -XX:+CMSClassUnloadingEnabled -XX:+UseCompressedOops —–
—– Sat Mar 1 10:42:23 2014::10491::Time elapsed between Launch of Watchdog process and execing EMAgent is 2 secs —–
—– Sat Mar 1 10:42:23 2014::10437::Agent Launched with PID 10491 at time Sat Mar 1 10:42:23 2014 —–
2014-03-01 10:42:23,962 [1:main] WARN – Missing filename for log handler ‘wsm’
2014-03-01 10:42:23,971 [1:main] WARN – Missing filename for log handler ‘opss’
2014-03-01 10:42:23,972 [1:main] WARN – Missing filename for log handler ‘opsscfg’
OMS decided to shutdown the agent because of the following reason sent from OMS: EM_PLUGIN_MISMATCH_AND_AGENT_NOT_YET_MANAGED
—– Sat Mar 1 10:42:37 2014::10437::Checking status of EMAgent : 10491 —–
—– Sat Mar 1 10:42:37 2014::10437::EMAgent exited at Sat Mar 1 10:42:37 2014 with return value 0. —–
—– Sat Mar 1 10:42:37 2014::10437::EMAgent was shutdown normally. —–

./emctl secure agent

./emctl start agent

Resulted in the same repeating failures.

Removed the Target Host and Agent from OEM 12c OMS

(Target -> Hosts -> (select host) -> [Remove], and then,

Setup -> Manage Cloud Control -> Agents -> (click on Agent:(port)

Agent Menu (upper-left dropdown) -> Target Setup -> Remove Target)

Re-deployed using the faster method of silent Agent deployment (Bobby Curtis has this covered on http://dbasolved.com/2013/04/10/install-oem-agents-silently-in-any-environment )

Everything ready to proceed again.