Edit the Domain Model and Copy It to the Target Instance

Oracle WebLogic Deploy Tool (WDT) exports a domain as a YAML file, which is referred to as the metadata model. Modify the YAML file so that it matches the configuration of your target Oracle Java Cloud Service instance.

For security purposes, WDT excludes the values of all password configuration attributes in the model file.

The domain model syntax allows you to externalize variables in a separate properties file. Oracle recommends that you use a separate file to configure the passwords that are required in your domain configuration, including data source and keystore passwords. To refer to a variable in the model file, use the @@PROP:<property_name>@@ format .

Using a Secure Copy (SCP) client, download the model file and archive file from the Administration Server node in your source instance to your local computer.
```
scp -i <privatekey> opc@<source_admin_IP>:/tmp/<source_domain>.* .
```

Create a backup copy of the model file.

cp <source_domain>.yaml <source_domain>.yaml.bak

Open the <source_domain>.yaml model file in a text editor.

If necessary, find the names of all servers, clusters and machines in the model file, and replace them with the corresponding server, cluster and machine names of your target instance.

Note:

If the first eight characters of the source instance name are the same as the first eight characters in the target instance name, then this step is not required.

Example:

...
Cluster:
    MyTarget_cluster:
        ...
Server:
    MyTarget_adminserver:
        ...
        Machine: MyTarget_machine_1
    MyTarget_server_1:
        ...
        Machine: MyTarget_machine_1
        Cluster: MyTarget_cluster
        ServerTemplate: MyTarget_cluster_Template
        JTAMigratableTarget:
            Cluster: MyTarget_cluster
            UserPreferredServer: MyTarget_server_1
    ...
MigratableTarget:
    MyTarget_server_1 (migratable):
        Cluster: MyTarget_cluster
        UserPreferredServer: MyTarget_server_1
    ...
ServerTemplate:
    MyTarget_cluster_Template:
        Cluster: MyTarget_cluster
        JTAMigratableTarget:
            Cluster: MyTarget_cluster
    ...
UnixMachine:
    MyTarget_machine_1:
    ...
JDBCSystemResource:
    'MyDataSource':
        Target: MyTarget_cluster
    ...
CoherenceClusterSystemResource:
    DataGridConfig:
        Target: MyTarget_cluster
    ...
Application:
    MyApp:
        Target: MyTarget_cluster

Find and remove the following applications from the model file, if they exist:

OraJaaSmon
sample-app
__auth-mgmt-app

In the following example, remove the highlighted lines.

Application:
    OraJaaSmon:
        SourcePath: wlsdeploy/applications/OraJaaSmon.war
        ModuleType: war
        StagingMode: nostage
        Target: MyTarget_adminserver
    'sample-app':
        SourcePath: 'wlsdeploy/applications/sample-app.war'
        ModuleType: war
        StagingMode: stage
        Target: MyTarget_cluster
    '__auth-mgmt-app':
        SourcePath: 'wlsdeploy/applications/__auth-mgmt-app.war'
        ModuleType: war
        StagingMode: stage
        Target: MyTarget_adminserver

Find and remove all occurrences of the following attributes from the model file:
- ListenAddress
- NodeManagerPasswordEncrypted
- CredentialEncrypted
- FrontendHost
Note:
If you want to reuse the source instance (Oracle Java Cloud Service) ports, then you need to consider Load Balancer configuration and security rules in target instance (Oracle WebLogic Server for OCI).
Find and remove the NMProperties node from the model file.
For each server in the model file, find and remove the PublicAddress attribute from the following default NetworkAccessPoint nodes:
- channel-dep
- SecuredExternAdmin
- ExternAdmin
- SecuredExternContent
- ExternContent
In the following example, the highlighted line should be removed.
```
Server:
    MyInstan_adminserver:
        ...
        NetworkAccessPoint:
            'channel-dep':
                ...
                PublicAddress: 203.0.113.10
```
Find the PublicAddress attribute of any custom NetworkAccessPoint nodes in the model file (not in the previous list, in step 7), and replace the current value with the corresponding public IP address that is assigned to your target instance.
Example:
```
Server:
    MyInstan_adminserver:
        ...
        NetworkAccessPoint:
            MyChannel:
                ...
                PublicAddress: <target_IP>
```
Find and remove all occurrences of the following attributes, under domaininfo:
- AdminUserName
- AdminPassword
Within the SecurityConfiguration node in your model file, remove the Realm node and any child nodes, if they exist.
In the following example, remove the highlighted lines.
```
SecurityConfiguration:
    ...
    Realm:
        myrealm:
            ...
```
Within the SecurityConfiguration node in your model file, remove the NodeManagerPasswordEncrypted attribute.
In the following example, remove the highlighted lines.
```
SecurityConfiguration:
    ...
    NodeManagerPasswordEncrypted:
            ...
```
For each server in the model file, find the Arguments attribute within the ServerStart node:
- If you configured any custom startup arguments for a server in your source instance, then replace the current value of Arguments with the custom arguments only.
- If you did not configure any custom startup arguments for a server, then remove the entire Arguments line and the ServerStart node.
In the following example, the server has custom startup arguments:
```
MyInstan_server_1:
    ...
    ServerStart:
        Arguments: '-Dmy.custom.arg=true'
```
Create a file named wdt.properties.
If the servers in your source instance are configured to use custom identity and trust keystore files, then update the model file with the keystore passwords.
If you are enabling SSL on Oracle WebLogic Server for OCI, then complete the instructions at Configure SSL for a Domain.
1. Enter the required passwords for your keystores and private keys as properties in the wdt.properties file.
  Example:
```
keystore1.password=<your_password>
trustkeystore1.password=<your_password>
privatekey1.password=<your_password>
```
2. For each server in your model file, find the following attributes, and replace the current placeholder values with references to the corresponding properties:
  - CustomIdentityKeyStorePassPhraseEncrypted
  - CustomTrustKeyStorePassPhraseEncrypted
  Example:
```
Server:
    MyInstan_server_1:
        ...
        CustomIdentityKeyStorePassPhraseEncrypted: '@@PROP:keystore1.password@@'
        CustomTrustKeyStorePassPhraseEncrypted: '@@PROP:trustkeystore1.password@@'
```
3. For each server in your model file, find the ServerPrivateKeyPassPhraseEncrypted attribute in the SSL node, and then replace the current placeholder values with a reference to the corresponding property.
  Example:
```
Server:
    MyInstan_server_1:
        ...
        SSL:
            ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'
```
4. For each server in your model file, if the CustomIdentityKeyStoreType or CustomTrustKeyStoreType attribute is set to the value KSS, then set the location of your KSS keystores.
  Add the following attributes to the server, if not already present:
  - CustomIdentityKeyStoreFileName: <keystore_url>
  - CustomTrustKeyStoreFileName: <trust_keystore_url>
  Example:
```
Server:
    MyInstan_server_1:
        ...
        CustomIdentityKeyStoreType: KSS
        CustomTrustKeyStoreType: KSS
        CustomIdentityKeyStoreFileName: 'kss://system/mykeystore'
        CustomTrustKeyStoreFileName: 'kss://system/trust'
```
5. Add the following attributes to the SSL node for your administration server, if they are not already present:
  - Enabled: true
  - ListenPort: 9072
  Example:
```
Server:
    MyInstan_adminserver:
        ...
        SSL:
            Enabled: true
            ListenPort: 9072
            ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'
```
6. For each managed server in your model file, add the following attributes to the SSL node, if they are not already present:
  - Enabled: true
  - ListenPort: 9074
  Example:
```
Server:
    MyInstan_server_1:
        ...
        SSL:
            Enabled: true
            ListenPort: 9074
            ServerPrivateKeyPassPhraseEncrypted: '@@PROP:privatekey1.password@@'
```
  Note:
  If the application database is an Oracle Cloud Infrastructure database and it is in a different VCN than the target instance, then to enable communication between WebLogic servers and the database, you might have to complete the VNC pairing process. See .

If your source instance includes custom Java Database Connectivity (JDBC) data sources, then provide the location and password of the application databases in Oracle Cloud Infrastructure.

Identify the OCI DB data sources found within the JDBCSystemResource node in your model file.
Enter the required passwords for your data sources as properties in the wdt.properties file.
Example:
```
datasource1.password=<your_password>
datasource2.password=<your_password>
```

For each data source in your model file, find the PasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.

Example:

JDBCSystemResource:
    MyDataSource1:
        ...
        JdbcResource:
            ...
            JDBCDriverParams:
                URL: ...
                PasswordEncrypted: '@@PROP:datasource1.password@@'

For each data source in your model file, find the URL attribute and replace the current value with the URL to the corresponding Oracle Cloud Infrastructure Database.

The following table shows the URL format to use, depending on the Oracle Database version, and whether you created a Virtual Machine (VM) or Bare Metal database type.

Database Version	Database Type	URL Format
12c	VM	`jdbc:oracle:thin:@//<db_hostname>-scan.<db_domain>:<db_port>/<pdb_name>.<db_domain>`
12c	Bare Metal	`jdbc:oracle:thin:@//<db_hostname>.<db_domain>:<db_port>/<pdb_name>.<db_domain>`
11g	VM	`jdbc:oracle:thin:@//<db_hostname>-scan.<db_domain>:<db_port>/<db_unique_name>.<db_domain>`
11g	Bare Metal	`jdbc:oracle:thin:@//<db_hostname>.<db_domain>:<db_port>/<db_unique_name>.<db_domain>`

If you did not specify a PDB name when you created an Oracle Cloud Infrastructure Database that is running Oracle Database 12c, the default name is <db_name>_pdb1.

The following example shows a Virtual Machine database named myappdb, that is running Oracle Database 12c, and contains a PDB named pdb1:

JDBCDriverParams:
    URL: jdbc:oracle:thin:@//myappdb-scan.mydbsubnet.myvcn.oraclevcn.com:1521/pdb1.mydbsubnet.myvcn.oraclevcn.com

If your source instance includes custom Java Database Connectivity (JDBC) data sources for Autonomous databases, then provide the password of the new or existing autonomous databases in Oracle Cloud Infrastructure.
1. Identify the Autonomous database data sources found within the JDBCSystemResource node in your model file.
2. Enter the required passwords for your data sources as properties in the wdt.properties file.
  Example:
```
atpdatasource1.password=<your_password>
atpdatasource2.password=<your_password>
```
3. For each data source in your model file, find the PasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.
  Example:
```
JDBCSystemResource:
    MyDataSource1:
        ...
        JdbcResource:
            ...
            JDBCDriverParams:
                URL: ...
                PasswordEncrypted: '@@PROP:atpdatasource1.password@@'
```
4. Ensure the following properties match with your target instance directory hierarchy.
  - oracle.net.tns_admin: Full path to the location of the unzipped autonomous db wallet on target instance.
  - javax.net.ssl.trustStore: Full path to the location of the truststore.jks on target instance.
  - javax.net.ssl.keyStore: Full path to the location of the keystore.jks on target instance.
  Example:
```
JDBCSystemResource:
    MyDataSource1:
        ...
        JdbcResource:
            ...
            JDBCDriverParams:
                ...
                Properties:
                    oracle.net.tns_admin:
                         Value: /u01/data/domains/MyTarget_domain/config/MyAutonomousDBWallet
                    javax.net.ssl.trustStore:
                         Value: /u01/data/domains/MyTarget_domain/config/MyAutonomousDBWallet/truststore.jks
                    javax.net.ssl.keyStore:
                         Value: /u01/data/domains/MyTarget_domain/config/MyAutonomousDBWallet/keystore.jks
```
  Note:
  In this example, the folder /u01/data/domains/MyTarget_domain/config/ must already exist in the target instance. However, MyAutonomousDBWallet is a new directory where the wallet was unzipped.
If your source instance includes any Foreign JNDI Providers, Foreign JMS Servers, JMS Bridge Destinations, or Store-and-Forward (SAF) Contexts, then provide the locations and passwords for these external resources.
1. Identify the ForeignJNDIProvider nodes in your model file.
2. Enter the required passwords for your Foreign JNDI Providers as properties in the wdt.properties file.
  Example:
```
foreignjndi1.password=<your_password>
```
3. For each ForeignJNDIProvider node in your model file, find the PasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.
  Also update the ProviderUrl attribute if the location of this JNDI server is different than the JNDI server in the source environment.
  Example:
```
ForeignJNDIProvider:
    MyJNDIProvider1:
        PasswordEncrypted: '@@PROP:foreignjndi1.password@@'
        ProviderUrl: 't3://myjndiserver.example.com:9073'
```
4. Identify the ForeignServer nodes in your model file.
5. Enter the required passwords for your Foreign JMS Servers as properties in the wdt.properties file.
  Example:
```
foreignjms1.password=<your_password>
```
6. For each ForeignServer node in your model file, find the PasswordEncrypted and JNDIPropertiesCredentialEncrypted attributes, and replace the current placeholder value with a reference to the corresponding properties.
  Also update the ConnectionURL attribute if the location of this JMS server is different than the JMS server in the source environment.
  Example:
```
ForeignServer:
    MyForeignJMS1:
        ConnectionURL: 't3://myjms.example.com:9073'
        JNDIPropertiesCredentialEncrypted: '@@PROP:foreignjms1.password@@'
        ForeignConnectionFactory:
            MyForeignJMS1Factory:
                PasswordEncrypted: '@@PROP:foreignjms1.password@@'
```
7. Identify the JMSBridgeDestination nodes in your model file.
8. Enter the required passwords for your JMS Bridge Destinations as properties in the wdt.properties file.
  Example:
```
jmsbridge1.password=<your_password>
```
9. For each JMSBridgeDestination node in your model file, find the UserPasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.
  Also update the ConnectionURL attribute if the location of this bridge destination is different than the bridge destination in the source environment.
  Example:
```
JMSBridgeDestination:
    MyBridgeDest1:
        ConnectionURL: 't3://myjms.example.com:9073'
        UserPasswordEncrypted: '@@PROP:jmsbridge1.password@@'
```
10. Identify the SAFLoginContext nodes in your model file.
11. Enter the required passwords for your Store-and-Forward Contexts as properties in the wdt.properties file.
  Example:
```
saf1.password=<your_password>
```
12. For each SAFLoginContext node in your model file, find the PasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.
  Also update the LoginURL attribute if the Store-and-Forward destination server is different than the server in the source environment.
  Example:
```
SAFLoginContext:
    MySAF1:
        PasswordEncrypted: '@@PROP:saf1.password@@'
        LoginURL: 't3://myjms.example.com:9073'
```
If your source instance includes any JavaMail sessions, then provide the passwords for these mail sessions.
1. Identify the MailSession nodes in your model file.
2. Enter the required passwords for your mail sessions as properties in the wdt.properties file.
  Example:
```
mailsession1.password=<your_password>
```
3. For each MailSession node in your model file, find the SessionPasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.
  Example:
```
MailSession:
    MyMailSession1:
        SessionPasswordEncrypted: '@@PROP:mailsession1.password@@'
```
4. For each MailSession node in your model file, find the Properties attribute and replace any password placeholder values with references to the corresponding properties.
  Example:
```
MailSession:
    MyMailSession1:
        Properties:
        ...
        mail.smtp.password: '@@PROP:mailsession1.password@@'
        mail.imap.password: '@@PROP:mailsession1.password@@'
```
If your source instance includes any custom WebLogic Diagnostic Framework (WLDF) REST notification endpoints, then provide the locations and passwords for these endpoints.
1. Identify the RestNotification nodes in your model file.
2. Enter the required passwords for your notification endpoints as properties in the wdt.properties file.
  For example:
```
restnotification1.password=<your_password>
```
3. For each RestNotification node in your model file, find the HttpAuthenticationPasswordEncrypted attribute and replace the current placeholder value with a reference to the corresponding property.
  Also update the EndpointUrl attribute if the destination server is different than the server in the source environment.
  Example:
```
RestNotification:
    MyNotification1:
        HttpAuthenticationPasswordEncrypted: '@@PROP:restnotification1.password@@'
        EndpointUrl: 'http://myserver.example.com:9073/notify'
```

Use a Secure Copy (SCP) client to upload files to the Administration Server node in your target instance.

scp -i <privatekey> <source_files> opc@<target_admin_IP>:/<destination>
scp -i <privatekey> wdt.properties opc@<target_admin_IP>:/<destination>

If you are using a private subnet, use the following command to upload the files to the Administration Server node in your target instance:

scp -i <path_to_privatekey> -o ProxyCommand="ssh -W %h:%p -i <path_to_privatekey> opc@<Public_IP>" <source_files> opc@<target_admin_IP>:/<destination>