EBS Cloud manager - cloning error - Ingress rule restricted port is open

 EBS Cloud manager - cloning error - Ingress rule restricted port is open

Resolution:

from Oracle support - KB587437

Applies To

All Users
EBS on Oracle Cloud: Provisioning and Administration - Version 12.2.4 and later

Summary

On : 12.2.4 version, EBS Clone & Config

While trying to Create a Network Profile from EBS Cloud Manager (EBSCM), it fails at the subtask "Validate Ingress Rules".

ERROR
--------

Below errors would be logged in validateIngressRules.log.

Failed in validating below ingress rules:
SUBNET NAME:<YYYY>,SOURCE
CIDR:<Subnet_CIDR>,PROTOCOL:TCP,DESTINATION PORT:<port> - Ingress rule
restricted port is open
...
...

Network profile : <xxxxx>
[2023/03/24 16:31:27]:CMProfile::_read_network_profile: ERROR: -------------------------------
[2023/03/24 16:31:27]:CMProfile::_read_network_profile: ERROR: Task validateIngressRules for environment <xxxxx> Failed
Creating diagnostic zip...
stty: standard input: Inappropriate ioctl for device

STEPS
---------
1. Login to EBS CLoud Manager.
2. Click the Navigator icon > select Administration > and then select Network Profiles.
3. In the Network Profiles page > click Create Network Profile.
4. Enter all the details to create network profile and then click submit.
(EBS Cloud Manager guide: https://docs.oracle.com/cd/E26401_01/doc.122/f35809.pdf contains these steps)

Solution

Solution Steps:

1. Login into OCI Console and validate the security lists for the corresponding subnet in VCN (Virtual Cloud Network).
Navigate toVCN > Subnet > Security Lists > Ingress Rules.

2. Remove the unrestricted ingress rules which was open for all ports.
Select the ingress rule for <Subnet_CIDR> (mentioned in the error log) which allows "All traffic for all ports" and click Remove.
Instead we have to open only for required ports.

3. Add the ingress rules only for the required ports as listed in the Cloud Manager guide below:

https://docs.oracle.com/cd/E26401_01/doc.122/f35809/T679330T679340.htm#cmg_prepare_seclists

4. Login to EBSCM and restart the create network profile job and verify it completes successfully.

Cause

No changes. Creating Network Profile from EBSCM.

The cause of the failure of ingress rules validation:
Having an ingress rule in security list that provided access for all the ports between internal apps subnet (INTERNAL_SN) and external apps subnet (EXTERNAL_SN).

This is causing network profile creation failure.

Bug 35233856 : EBSCM - CREATE NETWORK PROFILE STUCK WITH STATUS MAIN RUN STATUS PENDING

References

MOS document id: 2943992.1

Product Versions

product: EBS on Oracle Cloud: Provisioning and Administration - min_version: 12.2.4 - max_version: none; Information in this article applies to GENERIC (All Platforms)

Create DB link in another db user

 To test / create the db link in another db user schema

following procedure can be used.

create or replace procedure tst_user.dblink

  is

begin

  execute immediate 'create database link tstdb2devdb

  connect to dev_user identified by *********

  using ''devdb_tns''';

 end;

/

OCI - Oralce linux - warning your password will expire in 6 days - use command "chage"

 

If OS user gets the warning message for password expiry in OCI Oracle linux, then change the password expiry, following are the 2 methods

System-wide settings (via /etc/login.defs) 

PASS_MAX_DAYS: Sets the number of days a password is valid. After this period, the user is forced to change their password.

• PASS_MIN_DAYS: Sets the minimum number of days that must pass before a user can change their password, preventing them from changing it back immediately.
• PASS_WARN_AGE: Specifies the number of days before a password expires that the user receives a warning.
• LOGIN_DEFS_FILE: The path to the login.defs file, which contains default values for password aging and other user-related settings. 
• Individual user settings (via chage) 
• chage -M <days> <username>: Sets the maximum number of days a password is valid for a specific user.
• chage -m <days> <username>: Sets the minimum number of days between password changes for a specific user.
• chage -W <days> <username>: Sets the number of days before expiration that the user is warned.
• chage -E <YYYY-MM-DD> <username>: Sets an absolute expiration date for the user's password.
• chage -l <username>: Displays the current password aging information for a specific user.
• 
  
• Example: 

[opc@testserver~]$ sudo change -M 365 testuser

sudo: change: command not found

make sure that command is "chage" and not chaNge!!

[opc@testserver ~]$ sudo chage -M 365 testuser

[opc@testserver ~]$

[opc@testserver ~]$ sudo chage -l testuser

Last password change                                    : Sep 18, 2025

Password expires                                        : Sep 18, 2026

Password inactive                                       : never

Account expires                                         : never

Minimum number of days between passwor

Why is ADOP Status Still Showing "ACTIVE" if the Patch Application in "adop phase=apply hotpatch=yes" Completed Successfully?

 

Ref: Oracle support - (Doc ID 1928798.1)

When the patch is applied with adop hotpatch=yes mode, there are no Online Patching cycle started yet -- all is on the RUN filesystem --
adop commands status indicates what potential next adop command could be run:
NOT STARTED: both adop finalize and cleanup can be run after a apply in hotpatch mode
NOT APPLICABLE: since there were no online patching cycle prepare was skipped over hence there is no point in referring to the prepare status; and cutover is not possible after hotpatch on run fs

Hence prepare and cutover status are not applicable in regards to the last adop hotpatch active status, while finalize and cleanup could be called. 
Note that prepare can also be called to start a new patching lifecycle;
Prepare is in NOT APPLICABLE status in relation to the last hotpatch apply that is still ACTIVE until a new adop online patching cycle is started where prepare will become ACTIVE and apply will turn to NOT STARTED at that time

Example:
When one applies in hotpatch mode the APPLY phase will remain active until such time as run a PREPARE during the next patching cycle.
The APPLY phase is active because you can potentially run another hotpatch.
Once one apples a hotpatch, there are no further actions required.

When needing to apply a new patch -- this time in Online Patching mode -- run the adop phase=prepare command.
At that time, adop config change detector will find that the RUN filesystem has had patches applied in hotpatch mode and will sync the PATCH filesystem as part of the prepare phase.

remove spaces from SQL script in notepad++

 

1. Go to Search -> Replace
2. Select "Regular expression" under Search mode.
3. Use ^\s* for "Find what" and leave "Replace with" blank.
4. Click Replace all

Oracle APPS DBA - SQL query to get the print jobs from users

 Use the following query

select distinct fcr.printer, fu.user_name, 

fu.description, count(*) jobs

from apps.fnd_concurrent_requests fcr, apps.fnd_user fu

where fcr.requested_by = fu.user_id

and (fcr.printer is not null and fcr.printer not in  ('noprint','LOCAL_PRINT','LOCAL','LOCAL_PRINTTO', 'LOCAL_PREVIEW'))

group by fcr.printer, fu.user_name, fu.description;

Oracle ERP R12.2 cloned environment by EBS cloud manager - users facing "an invalid redirect has been blocked" while opening forms

 Run the following query and check if the source values are still there, if source values are there, then update with the cloned environment values or unset ICX forms launcher profile on site level.

SELECT
    p.profile_option_name        short_name,
    n.user_profile_option_name   name,
    decode(v.level_id, 10001, 'Site',
                       10002, 'Application',
                       10003, 'Responsibility',
                       10004, 'User',
                       10005, 'Server', v.level_id) level_set,
    decode(to_char(v.level_id), '10001', '',
                                '10002', app.application_short_name,
                                '10003', rsp.responsibility_key,
                                '10005', svr.node_name,
                                '10006', org.name,
                                '10004', usr.user_name, 'UnDef') "CONTEXT",
    v.profile_option_value       value
FROM
    fnd_profile_options         p,
    fnd_profile_option_values   v,
    fnd_profile_options_tl      n,
    fnd_user                    usr,
    fnd_application             app,
    fnd_responsibility          rsp,
    fnd_nodes                   svr,
    hr_operating_units          org
WHERE
    p.profile_option_id = v.profile_option_id (+)
    AND p.profile_option_name = n.profile_option_name
    AND n.language = 'US'
    AND upper(p.profile_option_name) = ('ICX_FORMS_LAUNCHER')
    AND usr.user_id (+) = v.level_value
    AND rsp.application_id (+) = v.level_value_application_id
    AND rsp.responsibility_id (+) = v.level_value
    AND app.application_id (+) = v.level_value
    AND svr.node_id (+) = v.level_value
    AND org.organization_id (+) = v.level_value
ORDER BY
    user_profile_option_name,
    level_set;