Fixes for the Oak repository are delivered via Oak Cumulative Fix Packs (OCFP) which are fully supported, similarly to standard Cumulative Fix Packs. An Oak Cumulative Fix Pack is self-dependant (no dependencies). You need not worry about finding/resolving dependencies.
Install the latest cumulative fix pack for your AEM version to keep your deployment up-to-date.
If necessary, a diagnostic build on top of the latest OCFP can be made available for validation purpose before the official availability of the next OCFP. The precondition is that you have the latest OCFP running. A diagnostic build only provide the same level quality assurance as a hot fix, therefore it doesn't provide the same level of quality assurance as a cumulative fix pack, service pack, or product release. All official Oak fixes will be released as OCFP which come the with full support.
For more information on CFP and other types of releases, see Maintenance Release Vehicle.
The Oak Cumulative Fix Pack 1.4.8 (and beyond) contains index definitions. Before deploying the Oak 1.4.8+ CFP, we recommend to follow the below pre-deployment procedure for preparing the corresponding index during a maintenance window, as indexing can be resource intensive. This is a one-off procedure (no need to apply it again if you've already done it when applying a previous Oak CFP having a version >= 1.4.8).
Important: for building indices, Oak setting -Dupdate.limit should be set to a higher value, e.g. 200000. This will also require enough heap.
- Install the index definition package NPR-14064, which contains index definitions with async re-index (it should not build new index right away)
- For Mongo: stop all AEM instances except for 1
- Visit this url:
- Invoke startPropertyIndexAsyncReindex() to start indexing
- Monitor the log files for this log message:
22.02.2017 11:34:32.602 *INFO* [aysnc-index-update-async-reindex] org.apache.jackrabbit.oak.plugins.index.AsyncIndexUpdate [async-reindex] Reindexing completed for indexes: [/oak:index/externalId*(0), /oak:index/externalPrincipalNames*(0), /oak:index/repMembers*(51)] in 1.085 s
- Verify that indices have been built successfully by checking following properties updated
- async="async-reindex" would be deleted (with this the index would switch back to synchronous indexing)
- This should be checked for these 3 indices (can also check that following query has no results: //element(*, oak:QueryIndexDefinition)[@async = "async-reindex"]
- Note: index build can be stopped. Go to this url:
During the process of async reindexing, a repository checkpoint is created. Once the indexing task has completed, it must be released as described below, to ensure smooth Revision Garbage Collection later on :
- First, open the CheckpointManager MBean:
- Invoke the listCheckpoints() operation,
- Find the checkpoint row with the "name=async-reindex" property,
- Copy its id value to the clipboard
On MongoMK it will look similar to this: r1234567aaaa-0-1
On TarMK it will look similar to this: 6eac07d0-fe27-4d16-82f8-6d5da4cefd67
- Then open the releaseCheckpoint() operation,
- Paste the copied id as p1 and click "Invoke",
- This step will release the checkpoint.
0. Make sure you have a backup of the data
If you are using LDAP integration then see the Known Issues section below.
Uninstalling an OCFP is not supported.
Oak 1.4.7 introduces a change in synchronization behavior of external group memberships (e.g. from LDAP):
Mapping an external group to an existing local group is no longer possible. The local group needs to be created by the IDP sync process and also cannotbe shared with other external IDPs anymore.
This is required to ensure boundaries between locally establishedgroup memberships and external ones, as well as to ensure boundariesbetween multiple IDPs.
The tie to an IDP is done via the now fully protected "rep:externalId" property on groups and users. For details and migration solutions see: https://issues.apache.org/jira/browse/OAK-4397
- For versions prior to Oak 1.4.5, due to a known issue (OAK-4538, addressed in Oak 1.4.5), it may happen that AEM cannot be gracefully stopped and in this case the termination of the jvm process needs to be forced.
- If you are using Oak LDAP integration, then after applying the latest Oak hotfix, LDAP user sync will not longer work. To fix this, go to /system/console/configMgr and update your "LDAP Identity Provider" configuration's "Custom Attributes" property. Update the property with all LDAP attributes used in the Sync configuration. For example, these properties might be: cn, sn, givenName, mail