Oracle by Example brandingPerforming Post-Provisioning and Post-Cloning Tasks for Oracle E-Business Suite on Oracle Cloud Infrastructure

section 0Before You Begin

This tutorial shows you how to perform required tasks for environments you have provisioned or cloned using Oracle E-Business Suite Cloud Manager on Oracle Cloud Infrastructure.

Background

After you provision or clone an environment, you must perform some tasks to configure access and secure the environment. You may also need to perform other tasks depending on your Oracle E-Business Suite release, Oracle Database release, and the cloud service on which the database tier resides. These tasks apply for new environments created through either One-Click Provisioning or Advanced Provisioning, for environments created from a backup through Advanced Provisioning, and for environments created through cloning in Oracle E-Business Suite Cloud Manager.

What Do You Need?

section 1Access Your Oracle E-Business Suite Environment

This section describes how users can access the login page for an Oracle E-Business Suite environment that was created using Oracle E-Business Suite Cloud Manager and how administrators can access the application tier and database tier nodes that make up the Oracle E-Business Suite environment.

User access: Before users can log in to Oracle E-Business Suite from a client computer, they must configure a DNS entry for the Oracle E-Business Suite host name in the local hosts file on that computer. This entry lets the DNS server resolve the host name for the web entry point to the IP address.

  • If the Oracle E-Business Suite environment uses a load balancer, then the host name should be mapped to the IP address for the load balancer. To find this IP address for an environment that uses Load Balancer as a Service (LBaaS), check the Oracle E-Business Suite Cloud Manager environment details page.
  • If the Oracle E-Business Suite environment does not use a load balancer, then the host name should be mapped to the IP address for the primary application tier node (app01). Check the Oracle E-Business Suite Cloud Manager environment details page for your environment to find the public IP address for this application tier node.

Provide users the host name of the web entry point for the environment, including the domain name, and the IP address to which the host name should be mapped in the DNS entry. For example, if the host for the web entry point is myhost and the domain is example.com, then the host name in the DNS entry should be: myhost.example.com

Each user must then perform the following steps.

  1. Update the /etc/hosts file on your client computer by adding a DNS entry in the following format:
    <external_IP_address> <host_name>
  2. You can now navigate to the Oracle E-Business Suite login page at the following URL:
    [http|https]://<host_name>:<port>/OA_HTML/AppsLogin

    For example:

    http://myhost.example.com:8000/OA_HTML/AppsLogin

    The Oracle E-Business Suite Cloud Manager environment details page includes a link to the Oracle E-Business Suite login page URL.

Administrator access: After you create an Oracle E-Business Suite environment, as a database administrator (DBA) for the environment you will need to perform tasks such as starting and stopping services, applying patches, modifying files, and so on. For an Oracle E-Business Suite environment created using Oracle E-Business Suite Cloud Manager, the recommended method to access the nodes that make up the environment is to connect through the Oracle E-Business Suite Cloud Manager Compute instance, which serves as a bastion server. This method is recommended for both application tier nodes and database tier nodes.

  1. First, connect to your Oracle E-Business Suite Cloud Manager Compute instance that was created according to Section 4, "Create Oracle E-Business Suite Cloud Manager Compute Instance," in My Oracle Support Knowledge Document 2434500.1, Deploying Oracle E-Business Suite Cloud Manager on Oracle Cloud Infrastructure. To connect, follow the instructions in Connecting to an Instance.
  2. After you have logged on to the Cloud Manager Compute instance, change to the oracle user.
    $ sudo su - oracle
  3. You can now connect directly from the Cloud Manager Compute instance to the node you want in your Oracle E-Business Suite environment using the node's private IP address. Check the Oracle E-Business Suite Cloud Manager environment details page for your environment to find the private IP address for each application tier node and database tier node in the environment.
    $ ssh <private_IP>

section 2Review Database Admin Password

When you provision an environment through Advanced Provisioning, you must specify a database admin password as part of the database tier details. You can use this password to log in to the database as the SYS user and perform database administration tasks.

Additionally, if Transparent Data Encryption (TDE) is enabled for an environment created through Advanced Provisioning, then you can also use the same database admin password to access the TDE wallet for the new environment. TDE is enabled for the following types of environments provisioned using Advanced Provisioning:

  • All environments with a database tier on 1-Node VM DB System, 2-Node VM DB System, or Exadata DB System, including both new environments and environments created from a backup. Note that even if the source environment for a backup was not TDE-enabled, TDE is still enabled for environments that are created from that backup on 1-Node VM DB System, 2-Node VM DB System, or Exadata DB System.
  • All environments with a database tier on Compute that are created from a backup of a TDE-enabled source environment
  • Environments with a database tier on Compute that are created from a backup of a non-TDE source environment, if you select the Enable TDE option during provisioning.
  • New environments created with Advanced Provisioning with a database tier on Compute, if you select the Enable TDE option during provisioning.

Note that TDE is not enabled for environments created with One-Click Provisioning. Also, TDE is not enabled if you do not select the Enable TDE option when it appears during Advanced Provisioning for environments on Compute.


section 3Implement Workaround for Oracle Databases on Exadata DB Systems (Conditionally Required)

This workaround resolves a known issue that impacts SQL*Net configuration files on secondary nodes. The steps in this section are required only for a provisioned environment with the database on an Exadata DB System with Oracle Database Release 12.1.0.2.

  1. Identify the private IP address of each secondary Exadata DB System node from the Exadata DB Systems console.
  2. Perform steps 3-8 for all secondary Exadata DB System nodes.
  3. While logged in to the Oracle E-Business Suite Cloud Manager VM as the oracle user, use ssh to connect to the secondary Exadata DB Systems node.
  4. Obtain the ORACLE_HOME details from the oratab file:
    $ cat /etc/oratab 
  5. Source the environment file:
    $ cd <ORACLE_HOME>
    $ source <SID>_<HOSTNAME>.env
  6. Navigate to the $ORACLE_HOME/network/admin directory:
    $ cd $ORACLE_HOME/network/admin
  7. Using a text editor such as vi, edit the sqlnet.ora file. First, delete all existing lines from the sqlnet.ora file. Then add the following line:
    IFILE=<ORACLE_HOME>/network/admin/<SID>_<HOSTNAME>/sqlnet.ora
  8. Create a listener.ora file with a text editor such as vi, and add the following line:
    IFILE=<ORACLE_HOME>/network/admin/<SID>_<HOSTNAME>/listener.ora

section 4 Update Web Entry Host and Domain Name (Conditionally Required)

When you provision an Oracle E-Business Suite environment with One-Click Provisioning, the environment is automatically configured to use Load Balancer as a Service (LBaaS), with Transport Layer Security (TLS) enabled for inbound HTTP traffic. The login URL is automatically generated in the format <instance name>.example.com, and the listener for the load balancer is associated by default with a self-signed TLS certificate generated by Oracle E-Business Suite Cloud Manager.

With the simplified preset topology used in One-Click Provisioning, you cannot specify a different host and domain for the web entry point during provisioning. However, you can use the steps in this section to update the host and domain for the web entry point after provisioning is complete.

Note that if you plan to replace the self-signed certificate generated by Oracle E-Business Suite Cloud Manager with a certificate issued by a certificate authority (CA), then you must follow the steps in this section to change the domain name before you request the certificate, because you cannot obtain a certificate from a CA for the demonstration example.com domain.

If you provisioned an environment with Advanced Provisioning, you can also optionally use the steps in this section to update the host and domain for the web entry point if you need to change these values from those you initially specified during provisioning.

To update the host and domain, perform the following steps.

  1. Using a text editor such as vi, update the following variables in the context file on all application tier nodes.
    • s_webentryhost - Set the value for this variable to the new web entry host you want to use.
    • s_webentrydomain - Set the value for this variable to the new web entry domain you want to use.
    • s_external_url - Update the value for this variable to use the new web entry host and domain that you specified in the s_webentryhost and s_webentrydomain variables. Do not change any other parts of the URL value. The full new value should be in the following form:
       [http|https]://<web_entry_host>.<web_entry_domain>:<load_balancer_listener_port>
    • s_login_page - Update the value for this variable to use the new web entry host and domain that you specified in the s_webentryhost and s_webentrydomain variables. Do not change any other parts of the URL value. The full new value should be in the following form:
       [http|https]://<web_entry_host>.<web_entry_domain>:<load_balancer_listener_port>/OA_HTML/AppsLogin
  2. If you are finished updating the context file, then you should now run AutoConfig on all application tier nodes. See Using AutoConfig Tools for System Configuration, Oracle E-Business Suite Setup Guide.

    Note that if you plan to make additional changes in the context file in order to configure TLS, according to the instructions in section 5, 6, or 7 of this tutorial, then you can defer running AutoConfig until you are instructed to do so in those sections. In this case, you can skip this step and the following step. Instead, proceed to section 5 if you are using Load Balancer as a Service (LBaaS), section 6 if you are using an on-premises load balancer, or section 7 if you are not using a load balancer.

  3. After running AutoConfig, on all application tier nodes, stop and restart all services by running the adstpall.sh script and the adstrtal.sh script.

section 5Configure TLS When Using Load Balancer as a Service (LBaaS) (Conditionally Required)

The steps in this section are applicable if you used Oracle E-Business Suite Cloud Manager to deploy an environment that uses Load Balancer as a Service (LBaaS), whether through One-Click Provisioning or Advanced Provisioning. Some of the steps vary depending on whether Transport Layer Security (TLS) was enabled for the load balancer during provisioning.

If TLS is enabled: If you created your environment using One-Click Provisioning which deploys LBaaS automatically, or if you created your environment using Advanced Provisioning and you chose to deploy LBaaS with the https protocol, then Oracle E-Business Suite Cloud Manager configures your environment to encrypt inbound HTTP traffic with TLS. The initial configuration uses a self-signed certificate generated by Oracle E-Business Suite Cloud Manager. It is mandatory that you replace this certificate with a TLS certificate issued by a certificate authority (CA) or generate your own self-signed certificate using the web entry host for your Oracle E-Business Suite instance. To do so, you must perform the relevant steps in this section to replace the certificate, You can also optionally update the port for the load balancer listener.

If TLS is not enabled: If you created your environment using Advanced Provisioning and you chose to deploy LBaaS with the http protocol, then TLS is not enabled. In this case, we highly recommend that you configure your environment to encrypt inbound HTTP traffic with TLS. Perform the relevant steps in this section to offload the encryption to the LBaaS and configure Oracle E-Business Suite to use HTTPS (HTTP over TLS).

Note that the configuration described here terminates TLS at the load balancer; that is, TLS is used only for communication between the client and the load balancer. Communication between the load balancer and the Oracle E-Business Suite instance does not use TLS. See "Terminating SSL at the Load Balancer" in the section Configuring SSL Handling in the Oracle Cloud Infrastructure Services documentation.

To configure an environment that uses LBaaS, perform the following steps:

  1. Obtain a TLS certificate valid for the name of the web entry host for your Oracle E-Business Suite instance, or generate a self-signed certificate. The web entry host name is formed by combining the values of the application tier context variables s_webentryhost and s_webentrydomain.

    Oracle Cloud Infrastructure provides a public IP address but does not provide a public host name, so you should ensure that appropriate DNS entries are present to resolve the web entry host name to the public IP address.

    If you changed the web entry host and domain for your environment in the previous section, ensure that you use the new host, domain, and URL when you request or generate a certificate. Note that if you deployed your environment with One-Click Provisioning and you plan to request a certificate from a CA, you must ensure that you have changed the domain name from the default example.com domain before you request the certificate, because you cannot obtain a certificate from a CA for the demonstration example.com domain.

  2. If you are using a self-signed certificate, whether it is the certificate generated by Oracle E-Business Suite Cloud Manager or a certificate you generated yourself, ensure that you import the certificates to the JDK trust stores.
  3. Log in to the Oracle Cloud Infrastructure console. From the navigation menu, select Networking > Load Balancers, and then select the load balancer you want to configure.
  4. Add your certificate bundle to the load balancer. See To upload an SSL certificate bundle to your load balancing system in the Oracle Cloud Infrastructure Services documentation.

    If you have multiple certificates that form a single certification chain, such as one or more intermediate certificates together with a root certificate, then you must include all relevant certificates in one file before you upload them to the system. See "Uploading Certificate Chains" in the section Working with SSL Certificates in the Oracle Cloud Infrastructure Services documentation.

  5. If you used One-Click Provisioning or if you chose the https protocol for LBaaS during Advanced Provisioning, and the load balancer listener is using the self-signed certificate generated by Oracle E-Business Suite Cloud Manager, then you should now update the certificate. To do so, on the Load Balancer page, click the Listeners link in the Resources menu. Click the Actions icon (three dots) for your listener, and select Edit from the context menu. In the Edit Listener pop-up, select the certificate bundle that you added in step 4 in the Certificate Name field. Then click Save Changes, and wait for the listener to be updated.
  6. If you chose the http protocol for LBaaS during Advanced Provisioning, then you should now edit the load balancer listener to enable TLS. Enter the port to use for secure communication, such as 443. Then check the Use SSL option and specify the certificate name. See To edit a listener in the Oracle Cloud Infrastructure Services documentation.
  7. Using a text editor such as vi, verify or update the following variables in the context file on all application tier nodes for your environment.
    • s_webentryurlprotocol - Set the value for this variable to https.
    • s_url_protocol - Set the value for this variable to https.
    • s_enable_sslterminator - Remove any value set for this variable; that is, the value should be left blank.
    • s_active_webport - Set the value for this variable to the port you specified for the load balancer listener, such as 443.
    • s_external_url - Update the value for this variable to use the https protocol and the port you specified for the load balancer listener. The full new value should be in the following form:
       https://<web_entry_host>.<web_entry_domain>:<new_load_balancer_listener_port>
      If you are using the default HTTPS port 443, then you should omit the colon separator and the port from this URL. That is, if you are using port 443, then the value should be in the following form:
       https://<web_entry_host>.<web_entry_domain>
    • s_login_page - Update the value for this variable to use the https protocol and the port you specified for the load balancer listener. The full new value should be in the following form:
       https://<web_entry_host>.<web_entry_domain>:<new_load_balancer_listener_port>/OA_HTML/AppsLogin
      If you are using the default HTTPS port 443, then you should omit the colon separator and the port from this URL. That is, if you are using port 443, then the value should be in the following form:
       https://<web_entry_host>.<web_entry_domain>/OA_HTML/AppsLogin

    For more information, see Using Load-Balancers with Oracle E-Business Suite Release 12.2, My Oracle Support Knowledge Document 1375686.1 or Using Load-Balancers with Oracle E-Business Suite Release 12.0 and 12.1, My Oracle Support Knowledge Document 380489.1.

    If you are running Oracle HTTP Server on a privileged port - that is, a port number below 1024 - then you must perform additional configuration steps. See Running Oracle HTTP Server on a Privileged Port in Managing Configuration of Oracle HTTP Server and Web Application Services in Oracle E-Business Suite Release 12.2, My Oracle Support Knowledge Document 1905593.1. For more information, see Enabling Oracle HTTP Server to Run as Root for Ports Set to Less Than 1024 (UNIX Only), Oracle Fusion Middleware Administrator's Guide and Starting Oracle HTTP Server on a Privileged Port, Oracle Fusion Middleware Administrator's Guide for Oracle HTTP Server.

  8. Run AutoConfig on all application tier nodes. See Using AutoConfig Tools for System Configuration, Oracle E-Business Suite Setup Guide.
  9. On all application tier nodes, stop and restart all services by running the adstpall.sh script and the adstrtal.sh script.
  10. If necessary, update the security lists for the load balancer subnets by adding a security rule that allows inbound communication on the port you specified for the load balancer listener, from the clients from which you will access the Oracle E-Business Suite URL. See Working with Security Lists. This step is required only if you updated the port for the load balancer listener; that is, if you chose the http protocol for the load balancer during Advanced Provisioning, or if you chose the https protocol for the load balancer during Advanced Provisioning or you used One-Click Provisioning, but changed the port from the port specified during provisioning.

    In the Oracle Cloud Infrastructure console, open the security list for the load balancer and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR block for your on-premises network that includes the relevant clients
    • Protocol - TCP
    • Destination Port Range - The port you specified for the load balancer secure communication, such as 443

    Repeat these steps for each load balancer subnet.


section 6Configure TLS When Using an On-Premises Load Balancer (Conditionally Required)

If you have deployed your Oracle E-Business Suite environment using an on-premises load balancer, we highly recommend that you perform the steps in this section to perform the necessary encryption. First, encrypt the traffic between the client and the load balancer. Next, encrypt the traffic between the load balancer and the Oracle HTTP Server. After the encryption setup is complete, configure the Oracle E-Business Suite web entry point.

  1. Encrypt the traffic from the client to the load balancer by performing the configuration for an alternate TLS termination point for your Oracle E-Business Suite release.
  2. Encrypt the traffic between the load balancer and the Oracle HTTP Server.
    • If you have VPN set up between your on-premises network and Oracle Cloud, then you can optionally set up TLS end-to-end, or you can skip this setup and go to step 3.
    • If you do not have VPN set up between your on-premises network and Oracle Cloud, then we highly recommend that you set up TLS end-to-end.

    To set up TLS end-to-end, perform the appropriate configuration for your Oracle E-Business Suite release.

  3. You can now configure access to the Oracle E-Business Suite web entry point. First, on all application tier nodes, create firewall rules that allow inbound communication to the web entry port from the clients from which you will access the Oracle E-Business Suite URL. To do so, log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment, using SSH. See Connecting to an Instance.

    Then switch to the root user:

    $ sudo su -

    Execute the following commands to create the required firewall rules:

    # firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=<source_CIDR_range> port port=<web_entry_port> protocol=tcp accept' --permanent
    # firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=<source_CIDR_range> port port=<web_entry_port> protocol=tcp accept'
    

    In these commands, replace <source_CIDR_range> with the set of IP addresses from which you will access the Oracle E-Business Suite URL. Replace <web_entry_port> with the appropriate port, for example 4443.

  4. Next, update the security list for the subnet that contains the application tier nodes by adding a security rule that allows inbound communication on the web entry port from the clients from which you will access the Oracle E-Business Suite URL. See Working with Security Lists.

    In the Oracle Cloud Infrastructure console, open the security list for the application tier subnet and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR block for your on-premises network that includes the relevant clients, as specified in your firewall rules
    • Protocol - TCP
    • Destination Port Range - The web entry port, for example 4443

section 7Configure TLS When Not Using a Load Balancer (Conditionally Required)

If you have deployed your Oracle E-Business Suite environment without using a load balancer, we highly recommend that you perform the steps in this section to encrypt the traffic between the client and the Oracle HTTP Server. After the encryption setup is complete, you must configure the Oracle E-Business Suite web entry point.

  1. Prepare the environment by applying the prerequisites for your Oracle E-Business Suite release.
  2. Encrypt the traffic from the client to the Oracle HTP Server by performing the configuration for inbound connections for your Oracle E-Business Suite release.
  3. You can now configure access to the Oracle E-Business Suite web entry point. First, on all application tier nodes, create firewall rules that allow inbound communication to the web entry port from the clients from which you will access the Oracle E-Business Suite URL. To do so, log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment, using SSH. See Connecting to an Instance.

    Then switch to the root user:

    $ sudo su -

    Execute the following commands to create the required firewall rules:

    # firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=<source_CIDR_range> port port=<web_entry_port> protocol=tcp accept' --permanent
    # firewall-cmd --zone=public --add-rich-rule='rule family=ipv4 source address=<source_CIDR_range> port port=<web_entry_port> protocol=tcp accept'
    

    In these commands, replace <source_CIDR_range> with the set of IP addresses from which you will access the Oracle E-Business Suite URL. Replace <web_entry_port> with the appropriate port, for example 4443.

  4. Next, update the security list for the subnet that contains the application tier nodes by adding a security rule that allows inbound communication on the web entry port from the clients from which you will access the Oracle E-Business Suite URL. See Working with Security Lists.

    In the Oracle Cloud Infrastructure console, open the security list for the application tier subnet and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR block for your on-premises network that includes the relevant clients, as specified in your firewall rules
    • Protocol - TCP
    • Destination Port Range - The web entry port, for example 4443

section 8Implement Workaround for Oracle Databases on 2-Node VM DB System (Conditionally Required)

This workaround resolves a known issue on 2-Node VM DB System. The steps in this section are required only for a provisioned environment with the database on a 2-Node VM DB System with Oracle Database Release 11.2.0.4.

Perform the following steps on the primary node of the VM DB System, except where noted.

  1. Get the database unique name using the following command. Run this command as root.
    $  dbcli list-databases --json|grep databaseUniqueName

    Copy the output from this command. This value will be referred to in subsequent steps as <DB_UNIQUE_NAME>.

  2. Remove the database from srvctl using the following command. Run this command as the oracle user.
    $  srvctl stop database -d <dbname>
    $ srvctl remove database -d <dbname>
  3. On both VM DB System nodes, change the db_unique_name value in the database using the following commands.
    $ sqlplus "/ as sysdba"
    $ startup nomount
    $ alter system set db_unique_name='<DB_UNIQUE_NAME>' sid='*' scope=spfile;
  4. On both VM DB System nodes, shut down the database using the following command.
    $ shutdown immediate 
  5. Add the new database unique name to CRS using the following commands.
    $ srvctl add database -d <DB_UNIQUE_NAME> -o /u01/app/oracle/product/11.2.0.4/dbhome_1
    $ srvctl add instance -d <DB_UNIQUE_NAME> -i <SID of instance1> -n <Node 1 HOST_NAME>
    $ srvctl add instance -d <DB_UNIQUE_NAME> -i <SID of instance2> -n <Node 2 HOST_NAME>
  6. On both VM DB System nodes, modify /etc/oratab as follows.
     <DB_UNIQUE_NAME>:/u01/app/oracle/product/11.2.0.4/dbhome_1:N              # line added by Agent 
  7. Start the database using the following command.
    $ srvctl start database -d <DB_UNIQUE_NAME> 

section 9Configure Security and Firewall Rules for Secure Access to the Fusion Middleware Control and WebLogic Server Administration Console (Conditionally Required)

The steps in this section are required only for Oracle E-Business Suite Release 12.2.

Administration of the Oracle Fusion Middleware 11g components delivered with Oracle E-Business Suite Release 12.2, including Oracle HTTP Server and Oracle WebLogic Server, requires secure access to the WebLogic Server administration ports running on the Oracle E-Business Suite primary application tier node. Ports 7001 and 7002 are the default WebLogic Server administration ports for the dual file system with Oracle E-Business Suite Release 12.2. The examples in this section use these default ports. If you have configured different port numbers, change the port numbers in the instructions to match the port numbers for your environment.

When you create an Oracle E-Business Suite Release 12.2 environment on Oracle Cloud Infrastructure, you should create a security rule and firewall rules that allow inbound communication on the WebLogic Server administration ports on the primary application tier node from the Oracle E-Business Suite Cloud Manager VM. These rules are required as a prerequisite so that a system administrator can securely access the administration ports and the Fusion Middleware Control and WebLogic Server Administration Console. See Accessing the Fusion Middleware Control and WebLogic Server Administration Console with SSH Port Forwarding for Oracle E-Business Suite on Oracle Cloud Infrastructure.

Perform the following steps to configure the required security rule and firewall rules:

  1. Update the security list for the primary application tier node by adding a security rule that allows inbound communication on ports 7001 and 7002 from the Oracle E-Business Suite Cloud Manager VM. See Working with Security Lists.

    In the Oracle Cloud Infrastructure console, open the security list for the Oracle E-Business Suite application tier subnet and add a new entry under Allow rules for ingress with the following properties:

    • Source CIDR - The CIDR for the Oracle E-Business Suite Cloud Manager VM
    • Protocol - TCP
    • Destination Port Range - 7001-7002
  2. Create firewall rules on the primary application tier node that allow inbound communication on ports 7001 and 7002 from the subnet that contains the Oracle E-Business Suite Cloud Manager VM. First, log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment, using SSH. See Connecting to an Instance.

    Then switch to the root user:

    $ sudo su -

    Execute the following commands to create the required firewall rules:

    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR> port port=7001 protocol=tcp accept' --permanent ;
    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR> port port=7002 protocol=tcp accept' --permanent ;
    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR> port port=7001 protocol=tcp accept';
    # firewall-cmd --zone=public --add-rich-rule 'rule family=ipv4 source address=<EBS_Cloud_Admin_Tool_VM_CIDR> port port=7002 protocol=tcp accept';

section 10Enable and Set Oracle E-Business Account Passwords (Conditionally Required)

The steps in this section are required only for a new environment or for a cloned environment if the steps were not previously performed on the source environment. To ensure your environment is adequately protected, you must change your Oracle E-Business Suite account passwords.

If you created your environment from a backup, you can skip this section.

  1. Log on to the Oracle Cloud Infrastructure instance that hosts your Oracle E-Business Suite environment.
  2. Switch user from the opc user to the oracle user using the following command:
    $ sudo su - oracle
  3. Set the environment using the appropriate command for your Oracle E-Business Suite release:

    Release 12.2

    $ . /u01/install/APPS/EBSapps.env run

    Release 12.1.3

    $ . /u01/install/APPS/apps_st/appl/APPS_<CONTEXT_NAME>.env run
  4. Download Patch 24831241 to obtain scripts to enable the SYSADMIN user and to enable demo users in a VISION demo environment.

    Download Patch 24831241 to the $PATCH_TOP directory and unzip the patch using the following commands:

    $ cd $PATCH_TOP
    $ unzip p24831241_R12_GENERIC.zip –d /u01/install/APPS/scripts/
  5. To log in through the web interface, you must initially set a password of your choice for the SYSADMIN user. After the SYSADMIN user is active with the new password, you can create new users or activate existing locked users. To enable the SYSADMIN user, run the following commands:
    $ mkdir -p ~/logs
    $ cd  ~/logs
    $ sh /u01/install/APPS/scripts/enableSYSADMIN.sh

    When prompted, enter a new password for the SYSADMIN user.

    The SYSADMIN user can now connect to Oracle E-Business Suite through the web interface and create new users or activate existing locked users.

  6. For a VISION demo environment, you can run another script to unlock a set of 36 application users that are typically used when demonstrating Oracle E-Business using the VISION database. Run this script with the same environment as when running the enableSYSADMIN.sh script. To enable the demo users, run the following commands
    $ cd  ~/logs
    $ sh /u01/install/APPS/scripts/enableDEMOusers.sh

    When prompted, enter a new password.

    Do not run this script on a fresh or production environment.

For details about the default passwords set during installation, see:

  • Oracle E-Business Suite Release 12.2: Standard Installation, Oracle E-Business Suite Installation Guide: Using Rapid Install Release 12.2 (12.2.0)
  • Oracle E-Business Suite Release 12.1: Change Default Passwords, Oracle E-Business Suite Installation Guide: Using Rapid Install Release 12.1 (12.1.1)


section 11Apply Oracle E-Business Suite and Database Patches (Conditionally Required)

If you provisioned your environment from a backup of an existing on-premises environment, then you must now apply any additional patches required for your release level and database tier. For a cloned environment or an environment provisioned from a backup of a Cloud environment, these steps are required only if you did not already apply these patches on the source environment.

  1. Apply the Oracle E-Business Suite patches required for your release.
  2. This step is required only if your new database tier is on 1-Node VM DB System, 2-Node VM DB System, or Exadata DB System. Apply one-off database patches per the following:
    • For Oracle E-Business Suite Release 12.2, ETCC recommended database patches have been applied as part of the automated provisioning process. If you applied any additional one-off database patches beyond those recommended by ETCC to the source on-premises database, then you must now reapply those additional one-off patches to your new 1-Node VM DB System, 2-Node VM DB System, or Exadata DB System database.
    • For Oracle E-Business Suite Release 12.1, if you applied any one-off database patches to the source on-premises database, then you must now reapply those one-off patches to your new 1-Node VM DB System, 2-Node VM DB System, or Exadata DB System database.

    If your database tier is on an Oracle Cloud Infrastructure Compute VM, then you do not need to reapply any one-off database patches.


more informationWant to Learn More?