Updating the Oracle database for Version 5.2.5

If IBM® Security Identity Governance and Intelligence is connected to an Oracle database, you must update the database by configuring it for the new version of Identity Governance and Intelligence.

Before you begin

Make sure that the following prerequisites are in place:
  • The Oracle Server version 12c must be installed. It is the minimum version level that is required for updating to IBM Security Identity Governance and Intelligence Version 5.2.5.
  • The migration script can be launched directly on the server that hosts the Oracle DBMS or on another computer where the Oracle Client is installed.
  • You must know the common database parameters such as the IP address, server port, and SID.

About this task

The following tags customize the IBM Security Identity Governance and Intelligence Oracle database installation.
Table 1. Tags to customize the IBM Security Identity Governance and Intelligence Oracle database installation
Tags Description
IgiSID Oracle database instance name (SID)
DBServer Oracle Server IP address or DNS name
DBPort Oracle listener port
ServiceName Oracle Service Name
The scripts for the upgrade of the database can be found in one of these locations:
  • In Passport Advantage amongst the IBM Security Identity Governance and Intelligence V5.2.5 (5.2.5.1) eAssemblies. Follow these steps to find the scripts:
    1. Find in the product package the zip file that corresponds to the IBM Security Identity Governance component_name v5.2.5 (5.2.5.1) Database Installation Scripts and Tools eAssembly. Copy the file to your database server and unpack it.

      The DB_Tools directory is unpacked.

    2. In the DB_Tools directory, find and unpack file SEC_IDNTY_GVN_INTL_xxx_V5.2.5_DT_IN_.zip (where xxx can be CMP, ANL, LFC, or IEE, depending on the license under which you are using the product).

      Amongst the unzipped files, you find the oracle directory.

    3. Change path to the oracle directory and unpack file oracle_installation.zip.

      Amongst the unzipped files, you find the oracle_installation directory.

    4. Change path to the oracle_installation directory and unfold the migration directory.

      Amongst the other files and folders, the migration directory includes the files that you are looking for.

  • In file DBupdate.zip in the 5.2.5.0-ISS-SIGI-VA-FP0000 (5.2.5.0-ISS-SIGI-VA-FP0001) package that is available in IBM Fix Central. Follow these steps to find the scripts:
    1. Unpack DBupdate.zip.
    2. Change path to the oracle directory and unfold the migration directory.

      Amongst the other files and folders, the migration directory includes the files that you are looking for.

In the migration folder, the scripts (.sh or .bat) for upgrading the Oracle database to Identity Governance and Intelligence Version 5.2.5 are the following (you must select only one):
oracle_update_from521
Upgrades your database from Version 5.2.1 to Version 5.2.5.
oracle_update_from522
Upgrades your database from Version 5.2.2 to Version 5.2.5.
oracle_update_from523
Upgrades your database from Version 5.2.3 to Version 5.2.5.
oracle_update
Upgrades your database from Version 5.2.4 to Version 5.2.5.

Depending on the version from which you are upgrading Identity Governance and Intelligence , copy one of these files to a directory of your choice; for example, <your_path>/<UPDSCRIPTDIR>. Then, edit and run the script in the procedure that follows to update your Oracle database to Version 5.2.5.

Attention: If you find that the size for the product table space that was allocated when Identity Governance and Intelligence was first installed (see Installing the IBM Security Identity Governance and Intelligence database on the Oracle server) is not sufficient, increase the size manually in the Oracle database. Do not run another fresh installation of the Identity Governance and Intelligence database.

Procedure

  1. Stop the Security Identity Governance and Intelligence server from the virtual appliance dashboard.
  2. Configure the tnsnames.ora file.
    1. Browse to the tnsnames.ora file.
      For example,
      oracle_home/db/network/admin
    2. Edit the file in a text editor such as vi or Notepad.
    3. If the network instance is not configured correctly, add the following section. 
      <IgiSID> =  
  (DESCRIPTION =    
   (ADDRESS_LIST =      
     (ADDRESS = (PROTOCOL = TCP)(HOST = <DBserver>)(PORT = 
<DBport>))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = < ServiceName>)
    )
      )
      Example 1
      XE =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = 127.0.0.0)(PORT = <1521>))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = <XE>)
    )
  )
      Example 2
      MYDB =
  (DESCRIPTION =
    (ADDRESS_LIST =
      (ADDRESS = (PROTOCOL = TCP)(HOST = <oracle_server_ip>)(PORT = <1521>))
    )
    (CONNECT_DATA =
      (SERVICE_NAME = <MyDB_service_name>)
    )
  )
  3. On UNIX and Linux systems, change the file permissions in the installation directory.
    1. Use the following command to change directory to <UPDSCRIPTDIR>: 
      cd <your_path>/<UPDSCRIPTDIR>
    2. Use the following command to ensure that the database user has write permission to access the log file output: 
      chmod -R 777 *
  4. Set the ORACLE_HOME variable in accordance with your specific Oracle client or server installation. All the next steps in the procedure assume that the sqlplus executable is located in the <ORACLE_HOME>/bin directory.
    Enter the following command to connect to the database and to check that the configuration works:
    • On UNIX/Linux:
      $ORACLE_HOME/bin/sqlplus system/<password>@<IgiSID>
    • On Windows:
      %ORACLE_HOME%\bin\sqlplus system/<password>@<IgiSID>
    If the connection test ended successfully, you can exit from the sqlplus with the following command:
    exit
  5. Configure the oracle_update_xxx.sh or oracle_update_xxx.bat file.
    1. Locate the folder that contains the oracle_update_xxx file. 
      cd <your_path>/<UPDSCRIPTDIR>/oracle/migration
    2. With a text editor, open the oracle_update_xxx file that matches your upgrade path as explained in section About this task.
    3. Modify the ORACLE_BASE and ORACLE_HOME variables according to your installation.

      These variables are necessary for sqlplus to work.

    4. Modify the ORACLE_SERVER variable with the value of IgiSID previously configured in the tnsnames.ora file.
    5. If you changed the default product password from ideas, update it in the SCHEMA_PWD variable.
  6. Connect as the Oracle instance owner (for example, oracle), run the update script that you just edited, and record the results in the log file.
    For example, on UNIX and Linux systems:
    find . -name \*.sh -exec dos2unix {} \;
./oracle_update_from522.sh > upgrade.log
    On Windows systems:
    oracle_update_from522.bat > upgrade.log
    During the migration procedure, for some particular conditions, these diagnostic messages can be present in the log file.
    "NO FLOW <something> FOUND".
    and 
    ERROR near line 10:
SQL0438N  Application raised error or warning with diagnostic text: "DEFAULT PRIORITY UNDEFINED".
    These messages do not identify an error of the procedure and can be ignored.
  7. If you upgrade to Fix Pack 1, among the directories that were unpacked from DBupdate.zip, find the ..\schemas\script\oracle\upgrade_fixpack\cumulative_patch.sql script and run it with the sqlplus command.
  8. Start the Security Identity Governance and Intelligence server from the virtual appliance dashboard.

What to do next

Upgrade the virtual appliance.