How to retrieve WebLogic password in R12.2

WebLogic is used as part of Oracle EBS R12.2. "weblogic" account is used to start EBS services and is used to log onto WebLogic Admin console (at hostname.domain.com:s_wls_adminport). Its password is encrypted and saved on the file system. Here are two steps I ran in my R12.2 environments to decrypt it.

1. Identify WebLogic Domain path and boot.properties file

$ echo $EBS_DOMAIN_HOME

$RUN_BASE/FMW_Home/user_projects/domains/EBS_domain

$ cd $EBS_DOMAIN_HOME/servers/AdminServer/security

$ ls 

boot.properties

$ more boot.properties

username={AES}mE0mATL4+Lv/gLcIuuuuuuuuu=

password={AES}2kGMi4fcZ7FwYXWIxxxxxxxxx=

2. Run wlst.sh to decrypt the password

$ cd $FMW_HOME/wlserver_10.3/common/bin

$ ls

commEnv.sh       config.sh  security    startDerby.sh   stopDerby.sh  upgrade.sh     wlsifconfig.sh

config_builder.sh  pack.sh    setPatchEnv.sh  startManagedWebLogic.sh  unpack.sh     wlscontrol.sh  wlst.sh

$ sh wlst.sh

CLASSPATH=/u01/app/... ......

Initializing WebLogic Scripting Tool (WLST) ...

Welcome to WebLogic Server Administration Scripting Shell

Type help() for help on available commands

wls:/offline> domain = '$EBS_DOMAIN_HOME'   # <= replace the env variable with the real path

wls:/offline> service = weblogic.security.internal.SerializedSystemIni.getEncryptionService(domain)

wls:/offline> encryption = weblogic.security.internal.encryption.ClearOrEncryptedService(service)

wls:/offline> print "Weblogic server password is: %s" %encryption.decrypt("{AES}2kGMi4fcZ7FwYXWIxxxxxxxxx=")

Weblogic server password is: webLogicPWD

wls:/offline> ^C

If you get Java error, most likely you entered a wrong path or a wrong encrypted password/string.

My WebLogic version is 10.3.6.0.210119. It can be found by two lines:

$ . $FMW_HOME/wlserver_10.3/server/bin/setWLSEnv.sh

... ...

Your environment has been set.

$  java weblogic.version

... ...

WebLogic Server 10.3.6.0.210119 PSU Patch for ...

... ...

If you want to change weblogic password, please read How to change weblogic password

RHEL7 to RHEL8 upgrade on EBS server

Oracle EBS did not support in-place OS upgrade until April 30, 2024 when they updated Oracle document 1330701.1 (Oracle E-Business Suite Installation and Upgrade Notes Release 12 (12.2) for Linux x86-64):

An in-place OS upgrade from Oracle Linux 7 to 8 using the Leapp utility is certified for Oracle E-Business Suite Release 12.2. While you were previously required to install Oracle Linux 8 on a separate target environment before cloning or re-mounting file systems to it, you can now choose to preserve your current Oracle Linux 7 environment and perform an in-place upgrade to Oracle Linux 8 using Leapp. You should review the Operating System upgrades using Leapp section below.

If server team allows the server name unchanged as we did in RHEL 5, 6, and 7 upgrades, it is an easy task for EBS Apps Admin to bring EBS up on the new RHEL 8 server. But, if server team has to change the server name (e.g. migrate the host to a cloud), we have to clone EBS apps to the new server and to make other areas (such as in network, F5, security/firewall, FTP/email, custom codes and PPM) also work with cloned EBS instances.

RHEL 8 in-place upgrade steps on our R12.2.10 servers:

1. Check current RHEL version

$ cat /etc/redhat-release

Red Hat Enterprise Linux Server release 7.9 (Maipo)

2. Apply two patches to EBS: 

- WebLogic patch 32931976. Download the .zip file to get patch file p31090393_1036_Linux-x86-64.zip, which has nothing to do with patch 31090393. Without this patch, users get a blank page when viewing a concurrent requests output or log. Download the .zip file to get/unzip file p31090393_1036_Linux-x86-64.zip (which has no relation with patch 31090393) and then use bsu.sh to apply EG54. 

$ cd $FMW_HOME/utils/bsu/

$ ./bsu.sh -prod_dir=$FMW_HOME/wlserver_10.3 -status=applied -verbose -view | egrep -i 'EG54'

- Patch 33471111. Follow special steps in Doc ID 13307011.1 to apply it by using folder prereq from p33471111_111190_Generic.zip to replace both $FMW_HOME/webtier/inventory/Scripts/prereq and $PATCH_BASE/FMW_Home/webtier/inventory/Scripts/prereq

3. Verify apps (login page & forms) works and back up all file systems.

4. Shutdown all EBS services.

5. Linux Admin upgrades RHEL to RHEL 8 by using Leapp.

6. Verify it is RHEL8 now

$ cat /etc/redhat-release

Red Hat Enterprise Linux release 8.10 (Ootpa)

- Kernel Settings: /etc/sysctl.conf

Restore the sysctl.conf from the backup that was taken prior to the upgrade.

- Make sure you include the options parameter in the resolve.conf.

$ cat /etc/resolv.conf | grep -i options

options timeout:1 attempts:5 rotate

- If the /etc/sysconfig/networking/profiles/default/network file exists, remove it.

- Values in /etc/security/limits.conf

Restore the /etc/security/limits.conf from the backup

7. Verify all rpm packages required by Oracle doc 1330701.1 exist on the server. Use YUM to install them, such as

$ yum install libXp-devel-1.0.3-3.el8.i686

Some important packages installed on my servers:

$ rpm -qa | grep libXp

libXp-devel-1.0.3-3.el8.i686

libXp-1.0.3-3.el8.x86_64

libXp-1.0.3-3.el8.i686

libXp-devel-1.0.3-3.el8.x86_64

libXpm-3.5.12-11.el8.x86_64

$ rpm -qa | grep motif

motif-devel-2.3.4-20.el8.x86_64

motif-2.3.4-20.el8.x86_64

motif-devel-2.3.4-20.el8.i686

motif-2.3.4-20.el8.i686

Notes: opemmotif21 is not installed

$ rpm -qa | grep redhat-lsb

redhat-lsb-desktop-4.1-47.el8.x86_64

redhat-lsb-printing-4.1-47.el8.x86_64

redhat-lsb-submod-security-4.1-47.el8.x86_64

redhat-lsb-cxx-4.1-47.el8.x86_64

redhat-lsb-submod-multimedia-4.1-47.el8.x86_64

redhat-lsb-languages-4.1-47.el8.x86_64

redhat-lsb-core-4.1-47.el8.x86_64

redhat-lsb-4.1-47.el8.x86_64

$ rpm -qa | grep xorg-x11-

xorg-x11-fonts-misc-7.5-19.el8.noarch

xorg-x11-xbitmaps-1.1.1-13.el8.noarch

xorg-x11-server-utils-7.7-27.el8.x86_64

xorg-x11-apps-7.7-21.el8.x86_64

xorg-x11-utils-7.5-28.el8.x86_64

xorg-x11-proto-devel-2020.1-3.el8.noarch

xorg-x11-xauth-1.0.9-12.el8.x86_64

xorg-x11-font-utils-7.5-41.el8.x86_64

xorg-x11-xinit-1.3.4-18.el8.x86_64

$ rpm -qa | grep libXrender

libXrender-devel-0.9.10-7.el8.x86_64

libXrender-0.9.10-7.el8.x86_64

libXrender-0.9.10-7.el8.i686

8. Run AutoConfig 

9. Start all EBS  services

10. After RHEL8 upgrade, some ports may not be opened on the server. If Apache services start without error, but EBS login webpage does not load up on browsers, the port number may become not open for TCP or may be blocked by a firewall after OS upgrade. In a case, "wget https://sitename.domain.com:4470" returned "connected" on the Linux server itself but got "failed: No route to host." from any remote server. After I asked Linux Admin to fix the issue on port 4470, the login page https://sitename.domain.com:4470 works on browsers.

Please check my post on port or https://runcloud.io/blog/check-tcp-port-linux,

11. Listener issue in opening concurrent job log. 

It was also due to port problem. When trying to open concurrent request log, get message an error occurred while attempting to establish an Applications File Server connection with the node FNDFS_nodeName. There may be a network configuration problem, or the TNS listener on node FNDFS_nodeName may not be running. Please contact your system administrator.

"tnsping FNDFS_nodeName" should work and tell the listener port on the server where FNDFS_nodeName is an entry of tnsnames.ora file. Most likely, the listener port is blocked on the server.

12. SELinux may be enabled in RHEL8. Check file /etc/selinux/config. That may make ssh passwordless login fails. "-Z" option in "ls -alZ" command is available only when selinux is enabled.

13. Make sure applMgr account has the right umask umask valuevalue in $HOME/.profile. This is very important if other OS users need to view output file (in $APPLCSF) of concurrent jobs or to submit concurrent jobs from a shell script.

$ umask 0022

14. Kill switches

Minimum Security Baseline (MSB), also known as a Minimum Baseline Security Standard (MBSS), is a set of foundational security guidelines and requirements that organizations must meet to protect their information systems and data, ensuring a basic level of security. 

MSB says home directories should be 700 permissions (drwx------.). If an EBS is installed under /u01/app directory, it may requires 755 (drwxr-xr-x.). In that case, server Admin has to add a kill switch so that Chef will not remove those permissions. A Kill Switch is one line (such as cis_rhel8_01_02_03=false) added to a company custom file (usually, it is /etc/xxxxx.info) to prevent something is uninstalled or is removed by Chef.

15. X11 is removed on RHEL8 unless an Exception (such as Archer exception. See https://www.archerirm.com) is filed, and a kill switch is added.

In RHEL8, folder lib under /usr/X11R6 may still exist, but /usr/X11R6/lib can be empty or does not have any .so files. openmofit21 is replaced by another package in RHEL8. Without it, EBS Forms still works. If Forms Server failed to start with error FRM-92101, see Doc ID 3052209.1. Also check logs in $EBS_DOMAIN_HOME/servers/forms_server1/log/*.out

16. X-Windows is disabled in RHEL8 by default per Security Requirements as it does not meet the MSB as set in the CIS standards. An exception is needed to make X-Window (such xclock) work.

17. Server tools in our RHEL8 servers are installed under /opt.

$ ls -d */

BESClient

Tivoli

tivoli

Symantec

appdynamics

chef

Tanium

splunkforwarder

CrowdStrike

Each of them is a folder. Use "ps -ef | grep chef" (e.g.) to check if the tool is running on the server.

How to check a port is open on the firewall

If the port used by a website is not open in the firewall of the web server, the webpage will not be accessible. "nc" can be used to verify if a network port is open and available on a server. Below result indicates port 7042 is open on server serverName.

$ nc -zv serverName 7042

Ncat: Version 7.92 ( https://nmap.org/ncat )

Ncat: Connected to 167.xx.xx.50:7042.

Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

If nothing is listening on port 7042, "nc" gives a different result and does not tell if port is the problem. 

$ netstat -tuanp | grep 7042

(Not all processes could be identified, non-owned process info

will not be shown, you would have to be root to see it all.)

$ nc -zv serverName 7042      <= run it on another server

Ncat: Version 7.92 ( https://nmap.org/ncat )

Ncat: Connection refused.

So make sure the Apps service is working correctly and running before using "nc" to check port's status. When the port is used on the server,  "nc" message No route to host tells us that the port is blocked by firewall of the server. 

$ netstat -tuanp | grep 7043

(Not all processes could be identified, non-owned process info

will not be shown, you would have to be root to see it all.)

tcp6       0      0 167.xx.xx.50:7043       :::*                 LISTEN      2915615/java

tcp6       0      0 167.xx.xx.50:52210      167.xx.xx.50:7043       ESTABLISHED 2922169/java

$ nc -zv serverName 7043        <= run it on another server

Ncat: Version 7.92 ( https://nmap.org/ncat )

Ncat: No route to host.

wget may give similar failure message if WLS webservice is listening on port 7043:

$ wget serverName.domain.com:7043/console

... ...

Connection ... ... failed: No route to host

root is able to check and see the list of open ports on the firewall of the server:

$ echo $USER

applmgr

$ sudo su -       

[sudo] password for applmgr:        

Hostname:  serverName.domain.com   <= ONLY if sudo root is granted to applmgr

OS:  Red Hat Enterprise Linux release 8.10 (Ootpa)

Arch:  x86_64

[root@serverName ~]# cd /etc/firewalld

[root@serverName ~]# which firewall-cmd

/usr/bin/firewall-cmd

[root@serverName firewalld]# firewall-cmd --list-all

internal (active)

target: default

icmp-block-inversion: no

interfaces: ens192

sources:

services: cockpit dhcpv6-client mdns samba-client ssh

ports: ... 443/tcp 7042/tcp 7051/tcp 7052/tcp 8004/tcp 4484/tcp ... 757/udp 17430/udp ...

protocols:

forward: no

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

[root@serverName firewalld]#

Troubleshooting case. In a multi-node EBS instance, ADOP fs_clone failed on 2nd node with message "The admin server for the patch file system is not running". I started WebLogic services in patch filesystem of Primary node serverName successfully:

$ sh adadminsrvctl.sh start forcepatchfs

... ...

adadminsrvctl.sh: exiting with status 0

... ...

$ grep s_wls_adminport $CONTEXT_FILE

<wls_adminport oa_var="s_wls_adminport" oa_type="PORT" base="7001" step="1" range="-1" label="WLS Admin Server Port">7043</wls_adminport>

But, the problem was console webpage serverName.domain.com:7043/console did not work and showed generic errors on browser. Too many Java errors and messages in WebLogic logfiles under folder $FMW_HOME/user_projects/domains/EBS_domain/servers/AdminServer/logs

made logs not useful as well. Finally, I found the root cause is port 7043 was not open on the server. After it was added to the firewall by Linux Admin, the WebLogic website became accessible from browsers and then fs_clone worked.

Apply EBS January 2025 CPU patches

The first and important step in applying EBS CPU patches is to identify which patches are required for each EBS components. After step 1 below, the patching steps are the same for recent CPU releases. I used my shell scripts to perform two key steps for January 2025 CPU, which make the patching process much quicker and more consistent across nodes and instances. Posts for previous CPU patchings, such as October 2024 CPU Patches, have more details.

1. Download patch files.

Oracle E-Business Suite Release 12.2 Critical Patch Update Availability Document (January 2025) (Doc ID 3061170.1) is the document for applying January 2025 CPU patches. Run checkers and read the CPU document to decide which patches are required. Then, download and save them to a shared location /path/to/Jan2025_CPU that will be used for all nodes and different instances (Dev, QA and Prod, etc). This folder is organized to 10 sub-folders for different components:

$ cd /path/to/Jan2025_CPU

$ ls -d *

EBS ECPUC EJCPUC ETCC FMW_Comm FMW_Ora JDK JRE WLS

- EBS  hold patches required by ECPUC.sql.  Warning: ECPUC.sql only lists patches that are required or recommended by a EBS CPU patch but does NOT list prerequisites for each patch.

We decided to apply only 3 patches because other modules are not used in our EBS instances.

$ cd EBS

$ ls -trd * | egrep -i '36560216|37078855|37237361'

p37237361_12.2.0_R12_LINUX.zip

p37078855_R12.ATG_PF.C_R12_GENERIC.zip

p36560216_R12.PO.D_R12_GENERIC.zip

36560216

37237361

37078855

Grant permission once for ADOP to create multiple sub-folders under backup folder:

$ chmod 666 36560216/backup

$ chmod 666 37237361/backup

$ chmod 666 37078855/backup

- ECPUC  hold ECPUC.sql (from patch p35583866) for checking which EBS patches are required.

$ grep '$Header' *.sql

REM $Header: ECPUC.sql 120.0.12020000.10 2025/03/06 10:04:57 spullach noship $

- EJCPUC  hold ejcpuc.sh from patch p37171025 

$ grep '$Header' ejcpuc.sh

rcs="$Header: ejcpuc.sh,v 1.3 2025/01/21 04:30:00 egravers Exp egravers $"

Run ejcpuc.sh to confirm JDK upgrade is needed:

$ ./ejcpuc.sh

###############################################################

Checking Apptier Java 7 for CPU 2025.01 on Platform Linux_x64 - need 1.7.0_451

2025-05-xx 11:41:30 EDT on node_name.domain.com

###############################################################

2025.01    action    Your Version   bitness   Java Location

----------  -------- ---------------- -------- ------------------

1.7.0_451 UPDATE 1.7.0_391 32-bit $RUN_BASE/EBSapps/10.1.2/jdk/bin/java

1.7.0_451 UPDATE 1.7.0_391 32-bit $RUN_BASE/EBSapps/comn/util/jdk32/bin/java

1.7.0_451 UPDATE 1.7.0_391 64-bit $RUN_BASE/EBSapps/comn/util/jdk64/bin/java1

1.7.0_451 UPDATE 1.7.0_391 64-bit $RUN_BASE/FMW_Home/webtier/jdk/bin/java

Follow 1530033.1 to update the JDK(s). Your application tier JDK 7 is lower than the 1.7.0_451 update released in CPU 2025.01.

- ETCC  hold ETCC scripts from patch p17537119

Make sure both EBS apps and database use the scripts from the same p17537119 release/download.

$ grep '$Header' *.sh

checkDBpatch.sh:# $Header: checkDBpatch.sh 120.133 2025/01/30 17:56:04 chrhill noship $

checkMTpatch.sh:# $Header: checkMTpatch.sh 120.0.12020000.70 2025/01/30 18:28:36 chrhill noship $

- FMW_Ora  holds patch files for Oracle Home of forms and report (if required).

No required patches by January 2025 CPU release for my instances.

Custom file ocm.rep (see run Opatch in silent) was copied here for patching script.

$ ls *.*

ocm.rsp

- FMW_Comm  holds patch files for Oracle Common. 3 patch files that required by ETCC

$ ls *.*

p33974106_111190_Generic.zip

p33960746_111190_Generic.zip

p34714760_111190_Generic.zip

33974106

33960746

34714760

apply_EBStechPatches.sh

In addition, one custom file was copied here: apply_EBStechPatches.sh (see script for applying technology patches)

- FMW_Web  holds patch files for IAS_ORACLE_HOME (or, $FMW_HOME/webtier).

No patch is required by January 2025 CPU release for my instances.

- JDK  holds files needed for JDK upgrades.

Since Java 7 is officially out of Oracle support, we have to follow Oracle EBS CPU documents (such as Doc ID 3061170.1) & go to Table 3: Security Patches for Technology Stack Components With a New Patch in This CPU. Then, get a link to Oracle Java SE:

Doc ID 3066051.1 (Oracle Critical Patch Update (CPU) Jan 2025 for Oracle Java SE) has a link (on the low end) to download JDK 7 Update 451 Restricted: Patch 37308812 for JDK 1.7.0_451.

p37308812_170_451_Linux-x86-64.zip

p37308812_170_451_LINUX.zip 

Then unzip them to get two JDK files:

jdk-7u451-linux-i586.tar.gz 

jdk-7u451-linux-x64.tar.gz

Also copy/modify the custom script here.

JDK_upgrade1_7_xxx.sh  (see script for updating JDK)

- JRE  holds files for JRE upgrade on the server.

Document ID 3066051.1 (Oracle Critical Patch Update (CPU) Jan 2025 for Oracle Java SE) also has a link for JRE 8 Update 441: Patch 37308802. Download  p37308802_180441_WINNT.zip (for Microsoft Windows 32-bit), and unzip to see two files:

jre-8u441-windows-i586.zip

jre-8u441-windows-i586.exe

- WLS  holds 3 WLS patch files required by ETCC and CPU Doc ID 3061170.1

13845626/p13845626_10360231017_Generic.zip

35476084/p35476084_1036_Linux-x86-64.zip

35586779/p35586779_1036_Generic.zip

2. Apply database patches

Run ETCC checker to find the required patches, and then apply them. Run ejcpuc.sh to make sure Java versions in database are up to date.

3. Backups

Back up apps filesystems. Optional: hold scheduled concurrent jobs if necessary & create a GRP in database.

4. Apply EBS patches (in downtime mode on my instances)

$ adop - status      <= It's better to make sure fs_clone worked successfully before.

$ vi /etc/oraInst.loc

$ stop app services   

Also, check passwordless ssh works in multi-nodes instance for ADOP working on allnodes mode.

$ cd /path/to/Jan2025_CPU/ECPUC

$ sqlplus apps/

SQL> @ECPUC.sql

$ adop phase=apply apply_mode=downtime patches=37237361 patchtop=/path/to/Jan2025_CPU/EBS

$ adop phase=apply apply_mode=downtime patches=37078855,36560216 patchtop=/path/to/Jan2025_CPU/EBS

After their successful completion, confirm January 2025 CPU was applied:

SQL> col CPU format a9

SQL> select max(CODELEVEL) "CPU" 

             from ad_trackable_entities where abbreviation in ('ebscpu');

CPU

----------

2025.01

$ perl $AD_TOP/bin/admkappsutil.pl

Starting the generation of appsutil.zip

Log file located at $INST_TOP/admin/log/MakeAppsUtil_11260913.log

output located at $INST_TOP/admin/out/appsutil.zip

MakeAppsUtil completed successfully.

$ cp -p $INST_TOP/admin/out/appsutil.zip $APPLPTMP

$ chmod 666 $APPLPTMP/appsutil.zip

DBA runs the below steps on database server.

$ cp /path/to/shared/utl_dir/appsutil.zip $ORACLE_HOME/

$ cd $ORACLE_HOME 

$ unzip -o appsutil.zip

Set env and then run autoconfig on the database server.

5. Apply technology patches (on each node)

Run the script to apply them

$ cd /path/to/Jan2025_CPU/FMW_Comm  # if the shell script resides there

$ ./apply_EBStechPatches.sh 'appsPWD'

6. Upgrade JDK (on each node)

A shell script makes it easy

$ cd /path/to/Jan2025_CPU/JDK   # if the shell script resides there

$ ./JDK_upgrade1_7_xxx.sh

Verify the result:

$ cd ../EJCPUC

$ ./ejcpuc.sh

7. Upgrade JRE

$ cd /path/to/Jan2025_CPU/JRE

$ cp jre-8u441-windows-i586.exe $COMMON_TOP/webapps/oacore/util/javaplugin/j2se18441.exe

$ cd $COMMON_TOP/webapps/oacore/util/javaplugin

$ $FND_TOP/bin/txkSetPlugin.sh 18441

Verify the result:

$ grep sun_plugin_ver $CONTEXT_FILE

$ grep s_forms_launch_method $CONTEXT_FILE

8. Run adadmin to sign JAR files (optional) and run antoconfig on each node.

Optional: verify the digital signature of a Jar file (and new timestamp):

$ jarsigner -verify -verbose -certs $AD_TOP/java/jar/adxlib.jar

$ ls -altr $JAVA_TOP/oracle/apps/fnd/jar

9. Start apps services.

10. Test EBS website.

 

11. adop phase=fs_clone

Script for applying EBS technology patches

A key step in applying EBS CPU patches is to decide which technology patches are required by both ETCC checker and quarterly CPU Release document for WebLogic and Oracle Homes of Fusion Middleware. After the list of required patches for each component is decided, I write a shell script to run the patching process and make it more consistent and much quicker cross nodes and different instances (Dev, QA, & Prod).

Pre-steps: place technology patch files to a location shared by many servers. For January 2025 CPU patches (Doc ID 3061170.1), 3 patches are needed and copied to each dedicated sub-folder WLS and FMW_Comm under location /path/to/Jan2025_CPU:

 

- FMW_Comm

Holds 3 Fusion Middleware patch files. Each .zip file is unzipped to its own sub-folder here.

$ cd /path/to/Jan2025_CPU/FMW_Comm

$ ls *.*

ocm.rsp

p33974106_111190_Generic.zip

p33960746_111190_Generic.zip

p34714760_111190_Generic.zip

Do unzip and chmod just one time.

$ unzip p33974106_111190_Generic.zip

$ unzip p33960746_111190_Generic.zip

$ unzip p34714760_111190_Generic.zip

Open READ permission for other OS accounts to run the script to patch instances on other servers: (Or, remove the sub-folder and then unzip the .zip file again before each opatch run.)

$ chmod -R +r 33974106

$ chmod -R +r 33960746

$ chmod -R +r 34714760

$ ls -l | egrep "^drw" |awk '{print $9}'

33974106

33960746

34714760

- WLS 

Holds 3 WLS patch zip files, and each file is saved in its own sub-folder:

13845626/p13845626_10360231017_Generic.zip

35476084/p35476084_1036_Linux-x86-64.zip

35586779/p35586779_1036_Generic.zip

- FMW_Ora

Only holds opatch response file ocm.rsp. No Forms & Reports patch is required by January 2025 CPU patches.

-FMW_Web

Empty. No IAS_ORACLE_HOME patch is required by January 2025 CPU patches.

============= script apply_EBStechPatches.sh ============

# apply tech patches for January 2025 EBS CPU technology patches. 

# it can be easily modified for other R12.2 EBS CPU releases.

# 1. Make sure same patches are required cross different nodes and instances!

# 2. Assume all patch files are saved in 4 sub-folders of a shared location: 

# FMW_Ora, FMW_Comm, FMW_Web, WLS

# 3. Assume ocm.rsp for for running opatch silently exists in folder $patchFileLoc/FMW_Ora

#

# Call the script, for example: ./apply_EBStechPatches.sh 'appsPWD$%^&_!'

#

###  Specify the path to the shared location where patch files are saved:

patchFileLoc=/path/to/Jan2025_CPU

# 

appsPWD=$1

if [ -z "$appsPWD" ]; then

 echo "ETCC needs password to run the script. Exit ..."

 exit 1

fi

runcount=`ps -ef | grep ${LOGNAME:0:7} | grep tnslsnr | wc -l`

if [ $runcount -gt 1 ]

then

 echo "EBS services may still running. Please stop them first. (count: $runcount)"

 exit 1

fi

## Optional

# echo "Run ETCC script:" 

# cd $patchFileLoc/ETCC

# echo $appsPWD | checkMTpatch.sh

echo "Apply WLS patches:"

if [ -f p*.zip ]; then   # if no .zip files in this folder, move to patch next ORACLE_HOME

 zipcount=`ls -al $patchFileLoc/WLS/*.zip | wc -l`

 echo "Apply $zipcount patch(es) to WebLogic..."

 echo $FMW_HOME

 cd $FMW_HOME/utils/bsu/cache_dir

 echo $PWD

 # assume all patch .zip files were copied to folder $patchFileLoc/WLS.

 #

 ### Because removal of conflict WLS patches may required, it is difficult to automate this part.

 ### Editing is needed for each CPU release! ###

 ### Below lines are for January 2025 CPU patching.

 cp -f $patchFileLoc/WLS/13845626/p13845626_10360231017_Generic.zip .

 cp -f $patchFileLoc/WLS/35476084/p35476084_1036_Linux-x86-64.zip .

 cp -f $patchFileLoc/WLS/35586779/p35586779_1036_Generic.zip .

 ls -altr

 unzip -o p35586779_1036_Generic.zip

 unzip -o p35476084_1036_Linux-x86-64.zip

 unzip -o p13845626_10360231017_Generic.zip

 cd ..

 echo $PWD

 ./bsu.sh -remove -patchlist=AMGE -prod_dir=$FMW_HOME/wlserver_10.3

 ./bsu.sh -remove -patchlist=P8S7 -prod_dir=$FMW_HOME/wlserver_10.3

 ./bsu.sh -install -patch_download_dir=$FMW_HOME/utils/bsu/cache_dir -patchlist=E7HI -prod_dir=$FMW_HOME/wlserver_10.3

 ./bsu.sh -install -patch_download_dir=$FMW_HOME/utils/bsu/cache_dir -patchlist=WY44 -prod_dir=$FMW_HOME/wlserver_10.3

 ./bsu.sh -remove -patchlist=CW7X -prod_dir=$FMW_HOME/wlserver_10.3

 ./bsu.sh -install -patch_download_dir=$FMW_HOME/utils/bsu/cache_dir -patchlist=KMHV -prod_dir=$FMW_HOME/wlserver_10.3

 ./bsu.sh -prod_dir=$FMW_HOME/wlserver_10.3 -status=applied -verbose -view | egrep -i 'KMHV|WY44|E7HI'

 ### stop editing ###

else

 echo "No zip files in this folder. No WLS patching is needed for this release."

fi

# Apply patches to 3 Oracle_HOMEs

# Assume ocm.rsp for opatch exists in folder $patchFileLoc/FMW_Ora

echo "Apply patches to Forms & Reports"

cd $patchFileLoc/FMW_Ora       # assume all ORACLE_HOME .zip files were unzipped in this folder.

foldercount=`find * -prune -type d | wc -l`

if [ $foldercount -gt 0 ]; then

 export ORACLE_HOME=$RUN_BASE/EBSapps/10.1.2

 export PATH=$ORACLE_HOME/OPatch:$PATH

 echo "apply $foldercount patch(es) to Oracle Home: $ORACLE_HOME"

 which opatch

 for x in `ls -l | egrep "^drw" |awk '{print $9}'`

 do

  echo "apply patch $x"

  cd $x

  opatch apply -silent -ocmrf $patchFileLoc/FMW_Ora/ocm.rsp

  cd ..

  opatch lsinventory | egrep -i "$x"

  echo

 done

else

 echo "No patch is needed"

fi

echo "Apply patches to ORACLE_WEBTIER:"

cd $patchFileLoc/FMW_Web      # assume all IAS_ORACLE_HOME .zip files were unzipped in this folder.

foldercount=`find * -prune -type d | wc -l`

if [ $foldercount -gt 0 ]; then

 export ORACLE_HOME=$IAS_ORACLE_HOME   # Or, $FMW_HOME/webtier

 export PATH=$ORACLE_HOME/OPatch:$PATH

 echo "apply $foldercount patch(es) to Oracle Home: $ORACLE_HOME"

 which opatch

 for x in `ls -l | egrep "^drw" |awk '{print $9}'`

 do

  echo "apply patch $x"

  cd $x

  opatch apply -silent -ocmrf $patchFileLoc/FMW_Ora/ocm.rsp

  cd ..

  opatch lsinventory | egrep -i "$x"

  echo

 done

else

 echo "No patch is needed"

fi

echo "Apply patches to ORACLE_COMMON:"

cd $patchFileLoc/FMW_Comm      # assume all ORACLE_COMMON .zip files were unzipped in this folder.

foldercount=`find * -prune -type d | wc -l`

if [ $foldercount -gt 0 ]; then

 export ORACLE_HOME=$FMW_HOME/oracle_common

 export PATH=$ORACLE_HOME/OPatch:$PATH

 echo "apply $foldercount patch(es) to Oracle Home: $ORACLE_HOME"

 which opatch

 for x in `ls -l | egrep "^drw" |awk '{print $9}'`

 do

  echo "apply patch $x"

  cd $x

  opatch apply -silent -ocmrf $patchFileLoc/FMW_Ora/ocm.rsp

  cd ..

  opatch lsinventory | egrep -i "$x"

 echo

 done

else

 echo "No patch is needed"

fi

echo "ETCC to confirm no more patches are needed:"

cd $patchFileLoc/ETCC

echo $appsPWD | checkMTpatch.sh

exit 0

============== End ================