ERP on DB

Tuesday, May 6, 2025

Script for applying EBS technology patches

A key step in applying EBS CPU patches is to decide which technology patches are required by both ETCC checker and quarterly CPU Release document for WebLogic and Oracle Homes of Fusion Middleware. After the list of required patches for each component is decided, I write a shell script to run the patching process and make it more consistent and much quicker cross nodes and different instances (Dev, QA, Prod).

Pre-steps: place technology patch files to a location shared by many servers. For January 2025 CPU patches (Doc ID 3061170.1), 3 patches are needed and copied to each sub-folder WLS and FMW_Comm under location /path/to/Jan2025_CPU:

- FMW_Comm

Holds 3 Fusion Middleware patch files and opatch response file ocm.rsp. Each .zip file is unzipped to its own sub-folder here.

$ cd /path/to/Jan2025_CPU/FMW_Comm

$ ls *.*

ocm.rsp

p33974106_111190_Generic.zip

p33960746_111190_Generic.zip

p34714760_111190_Generic.zip

Do unzip and chmod just one time.

$ unzip p33974106_111190_Generic.zip

$ unzip p33960746_111190_Generic.zip

$ unzip p34714760_111190_Generic.zip

Open READ permission for other OS accounts to run the script to patch instances on other servers: (Or, remove the sub-folder and then unzip the .zip file again before each opatch run.)

$ chmod -R +r 33974106

$ chmod -R +r 33960746

$ chmod -R +r 34714760

$ ls -l | egrep "^drw" |awk '{print $9}'

33974106

33960746

34714760

- WLS

Holds 3 WLS patch zip files, and each file is saved in its own sub-folder:

13845626/p13845626_10360231017_Generic.zip

35476084/p35476084_1036_Linux-x86-64.zip

35586779/p35586779_1036_Generic.zip

============= script apply_EBStechPatches.sh ============

# apply tech patches for January 2025 EBS CPU technology patches.

# it can be modified for any other R12.2 EBS CPU releases.

# 1. Make sure same patches are required cross different nodes and instances!

# 2. Assume all patch files are saved in sub-folders of a shared location: FMW_Comm and WLS

# Specify the path to the shared location where patch files are saved:

patchFileLoc=/path/to/Jan2025_CPU

# Run/call the script, for example: ./apply_EBStechPatches.sh 'appsPWD$%^&_!'

appsPWD=$1

if [ -z "$appsPWD" ]; then

echo "ETCC needs password to run the script. Exit ..."

exit;

else

echo "Run ETCC checker:"

cd $patchFileLoc/ETCC

echo $appsPWD | checkMTpatch.sh

echo "Apply WLS patches:"

# Because it may required to remove WLS patch before installing a new WLS patch,

# to edit this section is needed for each CPU release. Can not make it truly automatic!

echo $FMW_HOME

cd $FMW_HOME/utils/bsu/cache_dir

echo $PWD

cp -f $patchFileLoc/WLS/13845626/p13845626_10360231017_Generic.zip .

cp -f $patchFileLoc/WLS/35476084/p35476084_1036_Linux-x86-64.zip .

cp -f $patchFileLoc/WLS/35586779/p35586779_1036_Generic.zip .

ls -altr

unzip -o p35586779_1036_Generic.zip

unzip -o p35476084_1036_Linux-x86-64.zip

unzip -o p13845626_10360231017_Generic.zip

cd ..

echo $PWD

./bsu.sh -remove -patchlist=AMGE -prod_dir=$FMW_HOME/wlserver_10.3

./bsu.sh -remove -patchlist=P8S7 -prod_dir=$FMW_HOME/wlserver_10.3

./bsu.sh -install -patch_download_dir=$FMW_HOME/utils/bsu/cache_dir -patchlist=E7HI -prod_dir=$FMW_HOME/wlserver_10.3

./bsu.sh -install -patch_download_dir=$FMW_HOME/utils/bsu/cache_dir -patchlist=WY44 -prod_dir=$FMW_HOME/wlserver_10.3

./bsu.sh -remove -patchlist=CW7X -prod_dir=$FMW_HOME/wlserver_10.3

./bsu.sh -install -patch_download_dir=$FMW_HOME/utils/bsu/cache_dir -patchlist=KMHV -prod_dir=$FMW_HOME/wlserver_10.3

echo "confirm 3 patches are installed"

./bsu.sh -prod_dir=$FMW_HOME/wlserver_10.3 -status=applied -verbose -view | egrep -i 'KMHV|WY44|E7HI'

echo "Apply patches to ORACLE_COMMON: Truly automatic."

export ORACLE_HOME=$FMW_HOME/oracle_common

export PATH=$ORACLE_HOME/OPatch:$PATH

echo "Oracle Home: $ORACLE_HOME"

which opatch

ps -ef | grep $LOGNAME

cd $patchFileLoc/FMW_Comm

for x in `ls -l | egrep "^drw" |awk '{print $9}'`

echo "apply patch $x"

cd $x

opatch apply -silent -ocmrf $patchFileLoc/FMW_Comm/ocm.rsp # silent!

echo "confirm patch $x is applied:"

opatch lsinventory | egrep -i "$x"

cd ..

echo "Done with applying $x"

done

# Add easily a section here if patches are required for Oracle Home of Forms and Reports

echo "ETCC to confirm no more patches are needed:"

cd $patchFileLoc/ETCC

echo $appsPWD | checkMTpatch.sh

exit

============== End ================

Friday, May 2, 2025

Run opatch in silent mode in EBS R12.2

Sometimes, you want to apply patches to Oracle Home in a shell script. To do that, you do not want to run opatch interactively. Here is how to apply patches to an Oracle Home of Fusion Middleware in silent mode.

$ export ORACLE_HOME=$FMW_HOME/oracle_common

$ export PATH=$ORACLE_HOME/OPatch:$PATH

$ which opatch <= make sure opatch is from oracle_common/OPatch

$ echo $ORACLE_HOME

$RUN_BASE/FMW_Home/oracle_common

First, run emocmrsp to create a response file ocm.rsp:

$ cd $ORACLE_HOME/OPatch/ocm/bin

$ ./emocmrsp

The ORACLE_HOME does not contain java.

The ORACLE_HOME does not contain a valid JDK/JRE.

Redefine JAVA_HOME to refer to a JDK/JRE 1.2.2 or greater.

$ export JAVA_HOME=$FMW_HOME/webtier/jdk <= I chose this 64-bit JDK

$ echo $JAVA_HOME

$RUN_BASE/FMW_Home/webtier/jdk

$ ./emocmrsp

OCM Installation Response Generator 10.3.7.0.0 - Production

Provide your email address to be informed of security issues, install and

initiate Oracle Configuration Manager. Easier for you if you use your My

Oracle Support Email address/User Name.

Visit http://www.oracle.com/support/policies.html for details.

Email address/User Name:

You have not provided an email address for notification of security issues.

Do you wish to remain uninformed of security issues ([Y]es, [N]o) [N]: Y

The OCM configuration response file (ocm.rsp) was successfully created.

$ ls -al

-rwxr-x---. 1 userID Group 9063 Jul 21 2022 emocmrsp

-rw-rw-r--. 1 userID Group oaa 622 May 1 13:08 ocm.rsp

File ocm.rsp is created in $ORACLE_HOME/OPatch/ocm/bin by emocmrsp. It is a binary file, and can be copied to a shared location /path/to/sharedLocation for patching in other nodes or instances.

Now, apply a patch to Oracle Common home without answering any opatch questions. For example, apply patch 33974106.

$ ps -ef | grep $LOGNAME <= make sure EBS services are shutdown

$ cd /path/to/33974106

$ opatch apply -silent -ocmrf /path/to/sharedLocation/ocm.rsp

Oracle Interim Patch Installer version 11.1.0.12.9

Oracle Home : $RUN_BASE/FMW_Home/oracle_common

Central Inventory : /u03/app/oraInventoryDEVEBS

from : $RUN_BASE/FMW_Home/oracle_common/oraInst.loc

OPatch version : 11.1.0.12.9

OUI version : 11.1.0.11.0

Log file location : $RUN_BASE/FMW_Home/oracle_common/cfgtoollogs/opatch/33974106_May_1_2025_13_02_04/apply2025-05-1_13-02-04PM_1.log

OPatch detects the Middleware Home as "$RUN_BASE/FMW_Home"

Applying interim patch '33974106' to OH '$RUN_BASE/FMW_Home/oracle_common'

Verifying environment and performing prerequisite checks...

All checks passed.

Please shutdown Oracle instances running out of this ORACLE_HOME on the local system.

(Oracle Home = '$RUN_BASE/FMW_Home/oracle_common')

Is the local system ready for patching? [y|n]

Y (auto-answered by -silent)

User Responded with: Y

Backing up files...

Patching component oracle.jrf.thirdparty.jee, 11.1.1.9.0...

Verifying the update...

Patch 33974106 successfully applied

Log file location: $RUN_BASE/FMW_Home/oracle_common/cfgtoollogs/opatch/33974106_May_1_2025_13_02_04/apply2025-05-1_13-02-04PM_1.log

OPatch succeeded.

Wednesday, April 30, 2025

Script for upgrading JDK in EBS R12.2

EBS R12.2 uses different Java Homes. Upgrade JDK 7 in EBS R12.2 has details on manually upgrading JDK used in R12.2. I wrote below shell script to upgrade JDK in 4 JDK locations used by EBS R12.2. It can complete the upgrading in minutes after correct JDK files are downloaded and saved.

This script is mainly used as part of quarterly CPU patching (such as January 2025 CPU and October 2024 CPU). It is important to download the right files for JDK upgrade. Since Java 1.7 is out of Oracle support, we have to follow Oracle quarterly CPU release to find the right version that can be used by current EBS R12.2. For example, for January 2025 CPU patching, document 3066051.1 (Oracle Critical Patch Update (CPU) Jan 2025 for Oracle Java SE) provides link (on the low end) for downloading JDK 7 Update 451 Restricted: Patch 37308812 for JDK 1.7.0_451.

The script assumes EBS apps services are shutdown and two JDK 1.7.0_451 files are saved to shared location /path/to/Jan2025_CPU/JDK:

jdk-7u451-linux-x64.tar.gz

jdk-7u451-linux-i586.tar.gz

========== script JDK_upgrade1_7_xxx.sh ==========

# Upgrade JDKs in R12.2 by steps from Doc ID 1530033.1

# (Using the Latest Java Update with Oracle E-Business Suite Release 12.2).

# currently Oracle quarterly CPU document gives a link (in Table 3?) for downloading the right JDK .gz files

# Specify 3 values:

# the location and file names for JDK 1.7.0_451 (downloaded from patch 37308812)

JDKfolder=/path/to/Jan2025_CPU/JDK

JDK_gz_file_64=jdk-7u451-linux-x64.tar.gz

JDK_gz_file_32=jdk-7u451-linux-i586.tar.gz

# Similarly, specify below values if upgrading JDK to JDK 7 Update 441

# (downloaded from patch 37063192) as part of October 2024 CPU:

# JDKfolder=/path/to/Oct2024_CPU/JDK

# JDK_gz_file_64=jdk-7u441-linux-x64.tar.gz

# JDK_gz_file_32=jdk-7u441-linux-i586.tar.gz

DT=date +"%h_%Y"

curr=pwd

echo $curr

cd $JDKfolder

ls -al

echo ""

echo "Current JDK version:"

$ADJVAPRG -version

$AFJVAPRG -version

#--

echo "Backup two jdk folders at $COMMON_TOP/util"

cd $COMMON_TOP/util

tar -czf jdk64_BK_$DT.tar.gz jdk64 # without -v (to turn off output)

tar -czf jdk32_BK_$DT.tar.gz jdk32

rm -fr jdk64

rm -fr jdk32

cp -p $JDKfolder/*.tar.gz .

tar -xzf $JDK_gz_file_32 # Assume un-tar creates a new folder jdk1.7.0_XXX

mv jdk1.7* jdk32 # if not, modify this line.

tar -xzf $JDK_gz_file_64 # Assume un-tar creates a new folder jdk1.7.0_XXX

mv jdk1.7* jdk64

ls -al jdk*

pwd

sleep 2

#--

echo "Backup the jdk64 folder at $FMW_HOME/webtier."

cd $FMW_HOME/webtier

tar -czf jdk64_BK_$DT.tar.gz jdk

rm -fr jdk

cp -p $JDKfolder/$JDK_gz_file_64 .

tar -xzf $JDK_gz_file_64

mv jdk1.7* jdk

ls -al jdk*

pwd

sleep 2

#--

echo "Backup the jdk32 folder at $ORACLE_HOME"

cd $ORACLE_HOME

tar -czf jdk32_BK_$DT.tar.gz jdk

rm -fr jdk

cp -p $JDKfolder/$JDK_gz_file_32 .

tar -xzf $JDK_gz_file_32

mv jdk1.7* jdk

ls -al jdk*

pwd

sleep 2

echo "New JDK version:"

$ADJVAPRG -version

$AFJVAPRG -version

echo "Compiling EBS Forms and Reports:"

cd $ORACLE_HOME/forms/lib

make -f ins_forms.mk sharedlib install

cd $ORACLE_HOME/reports/lib

make -f ins_reports.mk install

cd $curr

echo "Done"

============== End =================

After the script finished, run ejcpuc.sh from patch p37172035 to confirm the upgrades are successful. $RUN_BASE = /u01/app/EBSDEV/fs2, e.g.

# ./ejcpuc.sh

#############################################################

Checking Apptier Java 7 for CPU 2025.01 on Platform Linux_x64 - need 1.7.0_451

2025-0X-XX 11:43:27 EDT on server_name.domain.com

#############################################################

2025.01 action Your Version bitness Java Location

------------ ------- --------------- -------- -----------------

1.7.0_451 OK 1.7.0_451 32-bit $RUN_BASE/EBSapps/10.1.2/jdk/bin/java

1.7.0_451 OK 1.7.0_451 32-bit $RUN_BASE/EBSapps/comn/util/jdk32/bin/java

1.7.0_451 OK 1.7.0_451 64-bit $RUN_BASE/EBSapps/comn/util/jdk64/bin/java

1.7.0_451 OK 1.7.0_451 64-bit $RUN_BASE/FMW_Home/webtier/jdk/bin/java

Thursday, January 30, 2025

JVM & JDK version in Oracle database and EBS R12.2

A new utility, Oracle E-Business Suite Java Critical Patch Update Checker (EJCPUC, Patch 37171025), was released with the Oct 2024 CPU (Doc ID 3037725.1) to find the Java version of different components in Oracle products. It is a great tool to clean confusion. Patch 37171025 gets updated with the new release of quarterly CPU patches. EJCPUC Output on database server:

$ bash ejcpuc.sh

#######################################################

## Checking DB tier Java for CPU 2024.10 on Platform IBM_AIX

#######################################################

## Check Database Version

#######################################################

Your database version is 19.25.0.0.0

ORACLE_HOME $ORACLE_HOME

ORACLE_SID EBSDEV

ORACLE_UNQNAME

## Check Java Version of OJVM, Database JDK and EBS's appsutil JRE

######################################################

Latest Version action Your Version bitness Java Location

-------------- -------- ------------ ------- ---------------

1.8.0_431 o) _.__.101034000 64-bit OJVM In database

1.8.0_411 1.8.0_421 64-bit $ORACLE_HOME/jdk/bin/java

1.8.0_411 u) 1.8.0_271 64-bit $ORACLE_HOME/appsutil/jre/bin/java

o) Apply the Database Release Update (DBRU) recommended by ETCC which will update the DB OJVM version to the latest

u) When the DB JDK version is updated to the latest - then follow section 3 of 1530033.1 to update this JRE

A SQL statement can verify the JDK version:

SQL> select dbms_java.get_jdk_version from dual.

GET_JDK_VERSION

----------------------------

1.8.0_411

OJVM, or Oracle Java Virtual Machine (JVM), is a component within the Oracle Database that allows user to run Java stored procedures and other Java modules directly within the database environment and without the need for external Java processes.

ejcpuc.sh can be executed on EBS application mid-tier to find the Java components version of EBS apps:

$ sh ejcpuc.sh

#########################################################

## Checking Apptier Java 7 for CPU 2024.10 on Platform Linux_x64 - need 1.7.0_441

#########################################################

2024.10 action Your Version bitness Java Location

------------ ------ ------------ ------- ---------------

1.7.0_441 UPDATE 1.7.0_391 32-bit $ORACLE_HOME/jdk/bin/java

1.7.0_441 UPDATE 1.7.0_391 32-bit $COMMON_TOP/util/jdk32/bin/java

1.7.0_441 UPDATE 1.7.0_391 64-bit $COMMON_TOP/util/jdk64/bin/java

1.7.0_441 UPDATE 1.7.0_391 64-bit $FMW_HOME/webtier/jdk/bin/java

Follow 1530033.1 to update the JDK(s). Your application tier JDK 7 is lower than the 1.7.0_441 update released in CPU 2024.10.

Thursday, December 12, 2024

umask and default file permission in Linux

You can find the umask value after you login to your Linux account by typing "umask" on the command line:

$ umask

0077

The value on umask in a Linux server level is defined in file /etc/login.defs (or maybe in /etc/profile, /etc/bashrc or /etc/cshrc. Check with Linux Admin for a sure answer). Note contents of those files (and so umask value) may be changed in RHEL8 when OS got upgraded from RHEL7. Below is one on our REHL8 server:

$ more /etc/login.defs

MAIL_DIR /var/spool/mail

PASS_MAX_DAYS 90

PASS_MIN_DAYS 7

PASS_WARN_AGE 7

PASS_MIN_LEN 8

UID_MIN 1000

UID_MAX 60000

GID_MIN 1000

GID_MAX 60000

CREATE_HOME yes

UMASK 077

USERGROUPS_ENAB yes

ENCRYPT_METHOD sha512

Under 0077, any file you created will have "-rw-------" permission, which means only yourself can read and write it.

$ touch test1.del

$ ls -al test1.del

-rw-------. 1 userID Group 0 Feb 02 13:25 test1.del

But you can set up your own umask in .profile for your account. Sometimes, it is necessary for other users to read or modify a file created by a service account or you want others to read your files. To change the default from server level, add one line to the account's .profile:

$ vi $HOME/.profile

umask u=rwx,g=rwx,o=rx

umask 0002

After re-login, umask will change to 0002 in the account. Then, any file created by that account will get "-rw-rw-r--" permission.

$ umask

0002

$ touch test2.del

$ ls -al test2.del

-rw-rw-r--. 1 userID Group 0 Feb 02 13:55 test2.del

Now, other users can read it.

If you put "umask u=rwx,g=rwx,o=rwx" or "umask 0000" in .profile, any new file will get "-rw-rw-rw-" permission (666).

$ vi $HOME/.profile

umask u=rwx,g=rwx,o=rwx

$ umask

0000

$ touch test3.del

$ ls -al test3.del

-rw-rw-rw-. 1 userID Group 0 Feb 02 15:55 test3.del

If you have "umask 0022" in the profile, new file will get permission "-rw-r--r--".

Note that "x" in the .profile only applies to new folder creation. Linux allows only manually to grant executable to a file.