Oracle EBS did not support in-place OS upgrade until April 30, 2024 when they updated Oracle document 1330701.1 (Oracle E-Business Suite Installation and Upgrade Notes Release 12 (12.2) for Linux x86-64):
An in-place OS upgrade from Oracle Linux 7 to 8 using the Leapp utility is certified for Oracle E-Business Suite Release 12.2. While you were previously required to install Oracle Linux 8 on a separate target environment before cloning or re-mounting file systems to it, you can now choose to preserve your current Oracle Linux 7 environment and perform an in-place upgrade to Oracle Linux 8 using Leapp. You should review the Operating System upgrades using Leapp section below.
If server team allows the server name unchanged as we did in RHEL 5, 6, and 7 upgrades, it is an easy task for EBS Apps Admin to bring EBS up on the new RHEL 8 server. But, if server team has to change the server name (e.g. migrate the host to a cloud), we have to clone EBS apps to the new server and to make other areas (such as in network, F5, security/firewall, FTP/email, custom codes and PPM) also work with cloned EBS instances.
RHEL 8 in-place upgrade steps for R12.2.10 (after I verified with Linux Admin team that Leapp can be used on our servers):
1. Check current RHEL version
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.9 (Maipo)
2. Apply two patches to EBS:
- WebLogic patch 32931976 (which contains WebLogic patch file for 31090393). Without this patch, users get a blank page when viewing a concurrent requests output or log.
Unzip file p31090393_1036_Linux-x86-64.zip and then use bsu.sh to apply EG54.
export ORACLE_HOME=$RUN_BASE/FMW_Home/wlserver_10.3;
export FMW_HOME=$RUN_BASE/FMW_Home
cd $FMW_HOME/utils/bsu/
cd $FMW_HOME/utils/bsu/
./bsu.sh -prod_dir=$FMW_HOME/wlserver_10.3 -status=applied -verbose -view | egrep -i 'EG54'
- Patch 33471111: Follow special steps in Doc ID 13307011.1 to apply it by using folder prereq from p33471111_111190_Generic.zip to replace both $FMW_HOME/webtier/inventory/Scripts/prereq and $PATCH_BASE/FMW_Home/webtier/inventory/Scripts/prereq
3. Verify apps (login page & forms) works and back up all file systems.
4. Shutdown all EBS services.
5. Linux Admin upgrades RHEL to RHEL 8 by using Leapp.
6. Verify it is RHEL8 now
$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.10 (Ootpa)
- Kernel Settings: /etc/sysctl.conf
Restore the sysctl.conf from the backup that was taken prior to the upgrade.
- Make sure you include the options parameter in the resolve.conf.
$ cat /etc/resolv.conf | grep -i options
options timeout:1 attempts:5 rotate
- If the /etc/sysconfig/networking/profiles/default/network file exists, remove it.
- Values in /etc/security/limits.conf
Restore the /etc/security/limits.conf from the backup
7. Verify all rpm packages required by Oracle doc 1330701.1 exist on the server. Use YUM to install them, such as
$ yum install libXp-devel-1.0.3-3.el8.i686
Some important packages:
$ rpm -qa | grep libXp
libXp-devel-1.0.3-3.el8.i686
libXp-1.0.3-3.el8.x86_64
libXp-1.0.3-3.el8.i686
libXp-devel-1.0.3-3.el8.x86_64
libXpm-3.5.12-11.el8.x86_64
$ rpm -qa | grep motif
motif-devel-2.3.4-20.el8.x86_64
motif-2.3.4-20.el8.x86_64
motif-devel-2.3.4-20.el8.i686
motif-2.3.4-20.el8.i686
Notes: opemmotif21 is not installed
$ rpm -qa | grep redhat-lsb
redhat-lsb-desktop-4.1-47.el8.x86_64
redhat-lsb-printing-4.1-47.el8.x86_64
redhat-lsb-submod-security-4.1-47.el8.x86_64
redhat-lsb-cxx-4.1-47.el8.x86_64
redhat-lsb-submod-multimedia-4.1-47.el8.x86_64
redhat-lsb-languages-4.1-47.el8.x86_64
redhat-lsb-core-4.1-47.el8.x86_64
redhat-lsb-4.1-47.el8.x86_64
$ rpm -qa | grep xorg-x11-
xorg-x11-fonts-misc-7.5-19.el8.noarch
xorg-x11-xbitmaps-1.1.1-13.el8.noarch
xorg-x11-server-utils-7.7-27.el8.x86_64
xorg-x11-apps-7.7-21.el8.x86_64
xorg-x11-utils-7.5-28.el8.x86_64
xorg-x11-proto-devel-2020.1-3.el8.noarch
xorg-x11-xauth-1.0.9-12.el8.x86_64
xorg-x11-font-utils-7.5-41.el8.x86_64
xorg-x11-xinit-1.3.4-18.el8.x86_64
$ rpm -qa | grep libXrender
libXrender-devel-0.9.10-7.el8.x86_64
libXrender-0.9.10-7.el8.x86_64
libXrender-0.9.10-7.el8.i686
8. Run AutoConfig
9. Start all EBS services
10. After RHEL8 upgrade, some ports may not be opened on the server. If Apache services start without error, but EBS login webpage does not load up on browsers, the port number may become not open for TCP or may be blocked by a firewall after OS upgrade. In a case, "wget https://sitename.domain.com:4470" returned "connected" on the Linux server itself but got "failed: No route to host." from any remote server. After I asked Linux Admin to fix the issue on port 4470, the login page https://sitename.domain.com:4470 works on browsers.
https://runcloud.io/blog/check-tcp-port-linux
How to check if a port is open on a server:
11. Listener issue in opening concurrent job log.
It was also due to port problem. When trying to open concurrent request log, get message an error occurred while attempting to establish an Applications File Server connection with the node FNDFS_nodeName. There may be a network configuration problem, or the TNS listener on node FNDFS_nodeName may not be running. Please contact your system administrator.
"tnsping FNDFS_nodeName" should work and tell the listener port on the server where FNDFS_nodeName is an entry of tnsnames.ora file. Most likely, the port is blocked on the server.
12. selinux may be enabled in RHEL8. Check file /etc/selinux/config. That may make ssh Passwordless login fails. "-Z" option in "ls -alZ" command is available only when selinux is enabled.
13. Make sure applMgr account has the right umask value in $HOME/.profile. This is very important if other OS users need to view the output file of concurrent jobs or to submit concurrent jobs from a shell script.
$ umask 0022
14. Kill switches
Minimum Security Baseline (MSB), also known as a Minimum Baseline Security Standard (MBSS), is a set of foundational security guidelines and requirements that organizations must meet to protect their information systems and data, ensuring a basic level of security.
MSB says home directories should be 700 permissions (drwx------.). If an EBS is installed under /u01/app directory, it may requires 755 (drwxr-xr-x.). In that case, server Admin has to add a kill switch so that Chef will not remove those permissions. A Kill Switch is one line (such as cis_rhel8_01_02_03=false) added to a company custom file (usually, it is /etc/xxxxx.info) to prevent something is uninstalled or is removed by Chef.
15. X11 is removed on RHEL8 unless an Exception (such as Archer exception. See https://www.archerirm.com) is filed, and a kill switch is added.
In RHEL8, folder lib under /usr/X11R6 may still exist, but /usr/X11R6/lib can be empty or does not have any .so files. openmofit21 is replaced by another package in RHEL8. Without it, EBS Forms still works. If Forms Server failed to start with error FRM-92101, see Doc ID 3052209.1. Also check logs in $EBS_DOMAIN_HOME/servers/forms_server1/log/*.out
16. X-Windows is disabled in RHEL8 by default per Security Requirements as it does not meet the MSB as set in the CIS standards.
17. Usually, server tools are installed under /opt. Each of below is a folder.
$ ls -d
BESClient
Tivoli
tivoli
Symantec
appdynamics
chef
Tanium
splunkforwarder
CrowdStrike
Each of them is a folder. Use "ps -ef | grep chef" (e.g.) to check if the tool is running on the server.
