tag:blogger.com,1999:blog-88743782024-03-13T08:44:46.853+02:00Harri's Technology BlogBlog related to Oracle technology, mainly interest areas are Java, Integration, Weblogic, OracleVM, XML, etc.Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.comBlogger80125tag:blogger.com,1999:blog-8874378.post-37114803172312934422019-12-18T21:30:00.000+02:002019-12-18T21:30:46.704+02:00OracleVM Serial Console Not Working - serial_console (serial_console) main process ended, respawning - Part 2Back in 2015 I wrote an article that explained the workaround to the serial console problem (continuous errors in /var/log/messages) and serial console not working.<br />
<br />
<a href="http://kaukovuo.blogspot.com/2015/12/oraclevm-serial-console-not-working.html" title="http://kaukovuo.blogspot.com/2015/12/oraclevm-serial-console-not-working.html">http://kaukovuo.blogspot.com/2015/12/oraclevm-serial-console-not-working.html</a><br />
<br />
The issue resurfaced at some point and I continued having Linux servers that printed continuous error messages like this:<br />
<br />
<pre>Dec 18 20:33:49 lb01 init: serial_console (serial_console) main process (30384) terminated with status 1
Dec 18 20:33:49 lb01 init: serial_console (serial_console) main process ended, respawning
Dec 18 20:33:59 lb01 init: serial_console (serial_console) main process (30399) terminated with status 1
Dec 18 20:33:59 lb01 init: serial_console (serial_console) main process ended, respawning
Dec 18 20:34:09 lb01 init: serial_console (serial_console) main process (30411) terminated with status 1
Dec 18 20:34:09 lb01 init: serial_console (serial_console) main process ended, respawning</pre>
<pre><span style="font-family: "arial";"> </span></pre>
<pre><span style="font-family: "arial";">The fix for this modifying the /etc/udev/rules.d/50-udev.rules</span></pre>
<pre><span style="font-family: "arial";"> </span></pre>
<pre><span style="font-family: "arial";">Change hvc0 to ttyS0, like this:</span></pre>
<pre>KERNEL=="hvc0", SYMLINK+="serial_console"</pre>
<pre>to</pre>
<pre>KERNEL=="ttyS0", SYMLINK+="serial_console"</pre>
<pre><span style="font-family: "arial";"> </span></pre>
<pre><span style="font-family: "arial";">Save the file and reboot the server.</span></pre>
Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-48177820445223727602017-11-10T10:39:00.001+02:002017-11-10T10:42:27.706+02:00OracleVM 3.3.4 and Data Corruption When Cloning VM from Template<p>We faced quite serious issues once trying to create a virtual server from a template that resided in NFS mount, target repository was on iSCSI storage.</p><p>The problem was that for some reason OracleVM 3.3.4 kernel 3.8.13 started corrupting the image while cloning the virtual server from template. Symptoms were that after the clone operation everything looks good from OracleVM Manager point ot view but when trying to startup the server, it fails with error stating there is no bootable operating system.</p><p>During the cloning operations there were huge amount of following errors in the /var/log/messages. The errors were the same despite I changed the utilility server to be different, so this is not hardware issue:</p><pre>Nov 9 18:35:17 vs9 kernel: sd 5:0:0:0: [sdd] CDB:
Nov 9 18:35:17 vs9 kernel: Write(10): 2a 00 26 bf f0 00 00 0a 00 00
Nov 9 18:35:17 vs9 kernel: sd 5:0:0:0: [sdd] Invalid command failure
Nov 9 18:35:17 vs9 kernel: sd 5:0:0:0: [sdd]
Nov 9 18:35:17 vs9 kernel: Result: hostbyte=DID_OK driverbyte=DRIVER_SENSE
Nov 9 18:35:17 vs9 kernel: sd 5:0:0:0: [sdd]
Nov 9 18:35:17 vs9 kernel: Sense Key : Illegal Request [current]
Nov 9 18:35:17 vs9 kernel: sd 5:0:0:0: [sdd]
Nov 9 18:35:17 vs9 kernel: Add. Sense: Invalid field in cdb
Nov 9 18:35:17 vs9 kernel: sd 5:0:0:0: [sdd] CDB:
Nov 9 18:35:17 vs9 kernel: Write(10): 2a 00 26 bf fa 00 00 0a 00 00
Nov 9 18:35:17 vs9 kernel: JBD2: Detected IO errors while flushing file data on dm-3-617</pre><font face="Arial">When searching for the explanation, looks like this is an issue with using iSCSI and jumbo frames with certain 3.9 kernel versions. Could be that this is an issue with OVM 3.8 kernel as well.</font><font face="Arial">What makes this particularly nasty is that we’ve made several copies of virtual servers for backup purposes and there is no guarantee that those copies are valid and functional any more.</font><h2>Possible Solution</h2><p>To troubleshoot the fix I decided to upgrade the whole OracleVM park to the latest OVM 3.4.4 that uses Kernel 4.1.</p><p>After upgrading the all the pools and OVM Manager to 3.4.4 looks like we got rid of this nasty behaviour.</p><p>Tried exactly the same way ot cloning, using the same servers, no errors and the cloned virtual server works just fine.</p><h2>Recommendation</h2><p><strong><em>I strongly recommend to upgrade to OracleVM 3.4.x as soon as possible if you are using 3.3.x, iSCSI and jumbo frames AND you are seeing these errors.</em></strong></p><p><strong><em>Check your OracleVM servers, if you see any of these errors in /var/log/messages, you might have data corruption issues in the images.</em></strong></p>Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-24352540917970299612017-07-06T13:32:00.001+03:002017-07-06T13:32:07.143+03:00RedHat 6.9 Update Breaks Oracle Reports<p>For those that have Oracle Reports running, be aware. Updating the latest RedHat 6 or 7 updates will break the Oracle Reports execution.</p><p>For example upgrading to the latest RedHat 6.9 caused all the reports to be failing with signal 11 or signal 6.</p><p>This is a known issue (referring to Oracle technical note 2280616.1).</p><p><br></p><p>For fixing edit the reports.sh file</p><p><strong>Reports 11.1.2.x:</strong></p><p><font face="Courier New">File: INSTANCE_HOME/config/reports/bin/reports.sh</font></p><p><font face="Courier New">Add in the last line:<br>REPORTS_JVM_OPTIONS="-Xss2M"; export REPORTS_JVM_OPTIONS</font></p><p><strong>Reports 12.2.1.x:</strong></p><p><font face="Courier New">File: DOMAIN_HOME/reports/bin/reports.sh</font></p><font face="Courier New">Add in the last line:<br></font><font face="Courier New">REPORTS_JVM_OPTIONS="-Xss2M"; export REPORTS_JVM_OPTIONS</font><p>After modifying, restart the Reports server.</p>Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-1264318715564433922017-07-03T13:30:00.001+03:002017-07-03T13:30:54.485+03:00OVM Guest Linux LVM2 Disk Mounting<p>There might be need some time to mount OVM guest server disk images directly from OVM Server and modify some settings e.g. that prevent the server from booting or change passwords.</p><p>Typically doing this is quite straight forward by setting up a loop device and mounting the wanted partition. If the target partition is LVM2 partition, this becomes a bit more complex in OracleVM environment.</p><p>The problem is that by default OracleVM server /etc/lvm/lvm.conf has filtering enabled to prevent discovering loop device LVM2 devices.</p><p>This article describes the steps to perform to get a LVM2 volume mounted and data there changed off-line.</p><p><em><strong>If you are unsure what you are doing, please make a backup of the virtual disk and lvm.conf you are going to change, before you proceed with following actions.</strong></em></p><p><em><strong>Instructions below expect that an experience Linux/OVM administrator knows what she/he is doing. I’m not going into details what a root will do after issuing the chroot command. ANY CHANGES ARE AT YOUR OWN RISK. TAKE GOOD BACKUPS ANYWAYS.</strong></em></p><h2>Preparation: modify /etc/lvm/lvm.conf</h2><p>In order for OVM server to able to scan the loop devices /etc/lvm.conf needs to be modified.</p><pre><font size="2"># 30.6.2017 Harri Kaukovuo, modify the preferred_names
#preferred_names = [ "^/dev/mpath/", "^/dev/mapper/mpath", "^/dev/[hs]d" ]
preferred_names = [ ]
# 30.6.2017 Harri Kaukovuo, uncomment
filter = [ "a|.*/|" ]
# 30.6.2017 Harri Kaukovuo, comment out this line
#global_filter = [ "r|.*/|" ]</font>
</pre><h2>Mount the Virtual LVM2 Disk</h2><p>Find the next free loop device:</p><p><font face="Courier New" size="2">losetup –f</font></p><p>By default OVM Server has max 10 loop devices. You might be running out of loop devices, which you can work around by either shutting down all the guest VM servers or increasing the loop devices by adding following line in /etc/rc.local and rebooting the OVM server:</p><p><font face="Courier New" size="2"># 28.6.2017 Harri Kaukovuo<br>
/sbin/MAKEDEV -m 32 /dev/loop</font><br>
</p><p><em><strong>Please note that above step is only needed if you ran out of loop devices.</strong></em></p><p>Anyways, when you have a free loop device, in my example I have <font face="Courier New">/dev/loop9</font> as the loop device, you can proceed with following step which is setting up the loop device to point to the virtual disk. In the example below I have retrieved the disk image file name from OVM Manager console:</p><p><font face="Courier New" size="2">losetup /dev/loop9 /OVS/Repositories/0004fb000003000088c2307002d1b442/VirtualDisks/0004fb0000120000ba5aa22cb02675b7.img</font></p><p>Read partition tables from the loop device and create device maps with kpartx:</p><p><font face="Courier New" size="2">kpartx -av /dev/loop9</font></p><p><font face="Courier New" size="2">The output is something like:</font></p><p><font face="Courier New">[root@myovm01 etc]# kpartx -av /dev/loop9<br>
add map loop9p1 (249:1): 0 401562 linear /dev/loop9 63<br>
add map loop9p2 (249:2): 0 142898175 linear /dev/loop9 401625<br>
</font></p><p><br></p><p>Perform volume group scan: by issuing command:</p><p><font face="Courier New" size="2">vgscan</font></p><p><font face="Courier New" size="2">Output is like:</font></p><p><font face="Courier New" size="2">[root@myovm01 etc]# vgscan<br> Reading all physical volumes. This may take a while...<br> Found volume group "VolGroup00" using metadata type lvm2</font></p><p>Activate volume groups by issuing command:</p><p><font face="Courier New" size="2">vgchange –ay</font></p><p><font face="Courier New" size="2">Output is like:<br>
</font></p><p><font face="Courier New" size="2">[root@myovm01 etc]# vgchange -ay<br> 4 logical volume(s) in volume group "VolGroup00" now active<br>
</font></p><p><br></p><p>Show logical volumes:</p><p><font face="Courier New" size="1">[root@myovm01 etc]# lvscan<br> ACTIVE '/dev/VolGroup00/LogVol03' [42.03 GiB] inherit<br> ACTIVE '/dev/VolGroup00/LogVol02' [6.06 GiB] inherit<br> ACTIVE '/dev/VolGroup00/LogVol00' [4.00 GiB] inherit<br> ACTIVE '/dev/VolGroup00/LogVol01' [16.00 GiB] inherit<br>
</font></p><p><br></p><p>Mount the wanted logical volume. In this example case I know already that LogVol03 is the root partition and I want to change something there.</p><p><br></p><p><font face="Courier New" size="2">[root@myovm01 etc]# <strong>mount /dev/VolGroup00/LogVol03 /mnt/virtualdisk</strong><br>
[root@myovm01 etc]# df -H<br>
Filesystem Size Used Avail Use% Mounted on<br>
/dev/sda2 53G 2.8G 48G 6% /<br>
tmpfs 3.2G 0 3.2G 0% /dev/shm<br>
/dev/sda1 500M 145M 325M 31% /boot<br>
none 3.2G 213k 3.2G 1% /var/lib/xenstored<br>
/dev/mapper/361866da0905943002027220113a0a9c8<br> 8.4T 3.0T 5.5T 36% /OVS/Repositories/0004fb000003000088c2307002d1b442<br>
/dev/mapper/VolGroup00-LogVol03<br> 45G 33G 9.4G 78% /mnt/virtualdisk</font></p><p><br>
</p><p>Use chroot to change the root directory, if you need to change something there:</p><p><font face="Courier New" size="2">chroot /mnt/virtualdisk</font></p><p><font face="Courier New" size="2"><em><strong>(do your stuff here)</strong></em></font></p><p><strong><em><font face="Courier New" size="2">Get out of chroot by issuing “exit”</font></em></strong></p><p><font size="2">Unmount the disk after use:</font></p><p><font face="Courier New" size="2">umount /mnt/virtualdisk</font></p><p>Deactivate the volume group:</p><p><font face="Courier New" size="2">[root@myovm01 ~]# vgchange --activate n VolGroup00<br> 0 logical volume(s) in volume group "VolGroup00" now active</font></p><p>Delete the partition device mappings:</p><p><font face="Courier New">kpartx -dv /dev/loop9</font></p><p><font face="Courier New">Output is something like:</font></p><p>[<font face="Courier New">root@myovm01 etc]# kpartx -dv /dev/loop9<br>
del devmap : loop9p2<br>
del devmap : loop9p1<br>
</font></p><p><font face="Courier New"><br></font></p><p>Delete the loop device mapping:</p><p><font face="Courier New">losetup -d /dev/loop9</font></p><p>Now there should not be any LVM2 mappings found, also the loop device should be free:</p><p><font face="Courier New" size="2">[root@myovm01 ~]# pvscan<br> No matching physical volumes found<br>
[root@myovm01 ~]# vgscan<br> Reading all physical volumes. This may take a while...<br>
[root@myovm01 ~]# losetup -f<br>
/dev/loop9<br></font></p>
<p>After unmounting the disk, startup the guest linux and enjoy the changes.</p>Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-88465478314410105232017-06-13T16:41:00.000+03:002017-06-13T16:42:19.376+03:00OracleVM Server Update Disabled<p>One of the tasks to setup the OracleVM platform is to setup the YUM repository for updating the OracleVM servers from OracleVM Manager console.</p><p>If your OVM server sits behind the firewall and cannot connect the Oracle public YUM server without proxy setup you might have a situation where your OracleVM server context menu shows up like:</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhiZ5W1A-6ZIDlZ0eA4zwF5Hhjmf21VAOhaIi62qhtI5rTpwX8W7AHs_zOZLRxqk36yLQEu_vGLpdR3yUfg3RNLskBudvzK5XwvDZwHKTymMc8ejwUFK7mMw3oe9beVaHGMagEySA/s1600-h/image%255B2%255D"><img width="139" height="244" title="image" style="margin: 0px; display: inline; background-image: none;" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgEhOsxJ_8XYgkEMSqTY2vnCleX2Udb-JfB8A80vPpnqlsiIiCf4aQCt8vNlRQTB8CfIIANJ3hEWRhhACduRNxzbjAC55LtVEng2pnhUleus0_KdanjGQQoTZrWUByYmwO0WDn9kQ/?imgmax=800" border="0"></a></p><p>Update menu option is disabled even after you’ve setup the YUM server and enabled it.</p><p>Problem might be that your OVM Server needs to connect the public YUM server using company proxy server.</p><p>To fix this:</p><p>1. Login to OracleVM server as root</p><p>2. Edit /etc/yum.conf, configure to setup your company http proxy. Add following lines:</p><p>enableProxy=1<br>
httpProxy=<a href="http://proxy.acme.com:8080">http://proxy.acme.com:8080</a><br>
proxy=<a href="http://proxy.acme.com:8080">http://proxy.acme.com:8080</a></p><p>3. Disable and Enable the YUM repository setup in OracleVM Manager.</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhzDDGoMIZT5uskYbm5vt_sllPIujOtHRIKrhSqXXrEfSB80MK-NmZFNclck7125O8Dt4NxEhPkFRTZSewgHY-zPlCPYa7K3H1sILgymgakX8n5NKMflXY_ipbZF2AO_Ip1Vyiohg/s1600-h/image%255B5%255D"><img width="232" height="244" title="image" style="margin: 0px; display: inline; background-image: none;" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgTE5xMo8ayNbZ0KWkkBkvpgDBu8m0U1vfCiunf58v6FG1PpkBb25PQ0dc-sTOKLGUTBMUVleliwb0rEZtPaZj91mn8Uk7lcBrZetFlisGXD4BxIQ_AKBa2ILybIrPKe1ZOBcEM6A/?imgmax=800" border="0"></a></p><p><br></p><p>After this you should have the “Update” menu item enabled:</p><p><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhR7TKj3QlCgjwz1yU63Ev5BpKcvemms8FjH8WtYt0ftuHEJ1eKb6BJd1rh2PkAeysF-TiaLQo8tuCgSWcj8SLeFBe27fsFphq9ddAsdnt2s4jr2idSD4pjTqKbgNAi05HUoMoHEw/s1600-h/image%255B8%255D"><img width="135" height="244" title="image" style="margin: 0px; display: inline; background-image: none;" alt="image" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRB872ytVrJ8Qih8y5hrFh4dm6YcfsHZiGGfJ6aVG2eBz7SxEJuyogOECngcULWJGLqvQfKLyiVakK8n3R-e3uDyy2T7vdi09sok1eAMMxDI9M9lcFgKAhKH7PO4PE_z1yIcl3gg/?imgmax=800" border="0"></a></p>Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-26989525874670158242016-02-04T20:04:00.000+02:002016-02-04T20:05:22.253+02:00OracleVM Manager Console Failing with ERR_SSL_VERSION_OR_CIPHER_MISMATCHGoogle Chrome version 48 dropped out the support for RC4 algorithm. This
causes problems with OracleVM Manager 3.3 that uses RC4 as one of the default
cipher suites.<br />
<br />
The error is occuring once you try to access OVM Manager console. You will
get<br />
<blockquote class="tr_bq">
“ERR_SSL_VERSION_OR_CIPHER_MISMATCH”</blockquote>
<br />
To fix this, you need to add a new cipher suite to the OVM Manager weblogic
configuration file.<br />
<br />
Steps:<br />
1. Login as oracle –user<br />
2. cd /u01/app/oracle/ovm-manager-3/domains/ovm_domain/config<br />
3. Back up the config.xml (e.g. copy it to config.xml.2016-02-04 or
something)<br />
4. Edit config.xml, add
“<ciphersuite>TLS_RSA_WITH_AES_128_CBC_SHA</ciphersuite>” to the end
of the AdminServer ciphersuite listing.<br />
<br />
Should look something like this:<br />
<div class="separator" style="clear: both; text-align: center;">
<br /></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip6zePsCaTeSVRiFosN2_cShOfqL9BjhVhDArQwVbjWnof1nUAUulaGZBShliIqh2nnGtayIlkkTHzn_08XSzn-urVqm2suiZlw3jACldkcJmWaB5tiJWUxIj3TdjXmzu2QLiDwQ/s1600/4-2-2016+19-42-03.png" imageanchor="1" style="clear: left; float: left; margin-bottom: 1em; margin-right: 1em;"><img border="0" height="96" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEip6zePsCaTeSVRiFosN2_cShOfqL9BjhVhDArQwVbjWnof1nUAUulaGZBShliIqh2nnGtayIlkkTHzn_08XSzn-urVqm2suiZlw3jACldkcJmWaB5tiJWUxIj3TdjXmzu2QLiDwQ/s320/4-2-2016+19-42-03.png" width="320" /></a></div>
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<br />
5. Restart the OVM Manager server as root:<br />
service ovmm restart<br />
<br />
After this you should be able to connect to OVM Manager console.<br />
<br />
If you tried to use AES256 ciphersuite instead of AES128 you will get:<br />
<br />
<blockquote class="tr_bq">
"java.lang.IllegalArgumentException: Cannot support
TLS_RSA_WITH_AES_256_CBC_SHA with currently installed providers"</blockquote>
This is due to export restrictions, so you should use AES128 if you haven't updated the needed jars to support AES256.Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com5tag:blogger.com,1999:blog-8874378.post-92210327895087441222015-12-04T06:58:00.001+02:002015-12-04T06:58:31.542+02:00OracleVM Serial Console Not Working - serial_console (serial_console) main process ended, respawning<p> </p> <p>After upgrading to the latest OracleVM 3.3.3 and updating all Oracle Linux 6 guests to the latest versions I started to see problems with OL6 serial console interface. First of all, the serial console didn’t seem to work at all, I could not connect to the console via OracleVM Manager serial console. Secondly there started to be continuous error messages in the OL6 /var/log/messages file:</p> <p><font face="Courier New">Dec 4 06:30:34 atlassian init: serial_console (serial_console) main process (4704) terminated with status 1<br>Dec 4 06:30:34 atlassian init: serial_console (serial_console) main process ended, respawning<br></font></p> <p>At the same time all Oracle Linux 5 servers worked fine and also few OL6 servers as well, but most of the OL6 servers suffered from this.</p> <p>Those OL6 servers that worked fine had symbolic link in /dev/ where “serial_console” pointed to hvc0 device. Those OL6 servers that had problems this symbolic link points to ttyS0.</p> <p>Don’t know exactly what is the root cause of this problem, but looks like there are two symlink definitions in kernel device udev rules and in some servers they point to hvc0 and some servers to ttyS0.</p> <p>My fix to this problem was to edit the udev rules</p> <p>vi /etc/udev/rules.d/50-udev.rules</p> <p>Original content:</p> <p><font face="Courier New">KERNEL=="ttyS0", SYMLINK+="serial_console"<br>KERNEL=="hvc0", SYMLINK+="serial_console"<br></font></p> <p>Remove the ttyS0 line so that the content looks like:</p> <p><font face="Courier New">KERNEL=="hvc0", SYMLINK+="serial_console"<br></font></p> <p>Save the file and reboot the server. After this serial console should work ok and no extra error messages should be appearing in the messages log file.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com1tag:blogger.com,1999:blog-8874378.post-28845691713680341972015-10-27T21:16:00.000+02:002015-10-28T07:19:51.399+02:00Changing OracleVM Manager 3.3.3 Server Certificate<p> </p> <p>OracleVM 3.x Manager server uses self signed certificates by default. OracleVM Manager certificate can be changed to use custom server certificates but unfortunately every time OVM Manager is upgraded, the server certificates are reset back to self signed certificates.</p> <p>The latest OVM Manager versions use certificates to connect between OVM client and the server. This means that in order to get OVM Manager working properly also the ovmclient certificate keystore needs to be updated to include the needed root CAs. The problem with updating the ovmclient keystore is that the password for the keystore is generated and stored in the JPS keystore.</p> <p>Use abbreviations in this blog:</p> <ul> <li>CA = Certificate Authority</li> <li>CSR = Certificate signing request</li></ul> <p>In this article I’ve used imagenary company ACME (A company that makes everything).</p> <p>Working directory for the certificates is:</p> <p><font face="Courier New">/u01/app/oracle/ovm-manager-3/domains/ovm_domain/security</font></p> <p>Please execute all these steps as “oracle” user, with the exception of restarting the OVM Manager.</p> <h2>Step 0: Backup</h2> <p>Before your start doing anything, you should back up all needed files. Start with backing up the domain security directory and it’s contents:</p> <p><font face="Courier New">/u01/app/oracle/ovm-manager-3/domains/ovm_domain/security</font></p> <p>Secondly back up domain config directory and it’s contents:</p> <p><font face="Courier New">/u01/app/oracle/ovm-manager-3/domains/ovm_domain/config</font></p> <h2>Step 1: Create new OVM Manager identity keystore</h2> <p>For example:</p><pre>/u01/app/oracle/java/bin/keytool -keystore vmm3.jks -genkey -alias vmm3 -dname "EMAILADDRESS=admin@acme.com, CN=vmm3.acme.com, OU=ACME Ltd, O=IT, L=Espoo, ST=Uusimaa, C=FI" -keyalg rsa -keysize 2048</pre><pre><font face="Arial">You don’t need to change the trust keystore.</font></pre><br /><h2>Step2: Create certificate request</h2><pre>/u01/app/oracle/java/bin/keytool -keystore vmm3.jks -certreq -alias vmm3 -keyalg rsa -keysize 2048 -file vmm3.csr</pre><br /><h2>Step 3: Use your chosen CA to sign the CSR</h2><br /><p>Send the contents of vmm3.csr to your CA and generate the service certificate.</p><br /><h2>Step 4: Import your CA</h2><br /><p>If you are using custom CA or public CA you need to import the CA public certificate into your keystore. In my example cacert.crt file is the public certificate for ACME CA.</p><pre>/u01/app/oracle/java/bin/keytool -import -keystore vmm3.jks -file cacert.crt -alias ACMECA</pre><br /><h2>Step 5: Import OVM CA</h2><br /><p>In my installation I also imported the OVM CA that was generated by default for the installation. This step might not be needed since the OVM CA is already included in the trust jks. But anyways, importing this CA would not make any harm either.</p><pre>/u01/app/oracle/java/bin/keytool -keystore vmm3.jks -import -file ovmca.pem -trustcacerts -alias ovmca</pre><br /><h2>Step 6: Import your server certificate</h2><br /><p>After your CA has generated the server certificate, save it to e.g. vmm3.crt file and import it to the new keystore:</p><br /><p><font face="Courier New">/u01/app/oracle/java/bin/keytool -import -keystore vmm3.jks -file vmm3.crt -alias vmm3</font></p><br /><h2>Step 7: Update WebLogic managed server keystore and SSL</h2><br /><p>At this point change the default ovmssl.jks to vmm3.jks and change the password to reflect the pwd you used when creating the vmm3.jks keystore.</p><br /><p>When you restart the OVM Manager server you can see that https should now be working but you are still not able to connect to OVM Manager application. Instead you might see following error messages in the AdminServer.log file:</p><pre>Caused By: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target<br /> at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:385)<br /> at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)<br /> at sun.security.validator.Validator.validate(Validator.java:260)<br /> at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:326)<br /> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:231)<br /> at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:126)<br /> at com.oracle.ovm.appfw.ws.client.SSLContextFactory$X509ExtendedTrustManagerWrapper.checkServerTrusted(SSLContextFactory.java:307)<br /> at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1428)</pre><br /><h2>Step8: Update ovmclient.jks to include the used CA</h2><br /><p>ovmclient.jks is self generated keystore that also needs to have the CA certificate that OVM Manager server is using. In my example case the ACME CE certificate needs to be imported into this JKS keystore. The problem is that we need to dig out the keystore password first. This can be done using little piece of Jython code.</p><br /><p>Create file e.g. called getpwd.py:</p><pre>import sys<br />from oracle.security.jps.mas.mgmt.jmx.credstore import PortableCredential<br />connect('weblogic','password,'t3://localhost:7001')<br />domainRuntime()<br /><br />on = ObjectName("com.oracle.jps:type=JpsCredentialStore")<br />sign = ["java.lang.String","java.lang.String"]<br />params = ["ovm_console","client.keystore"]<br />pwd = mbs.invoke(on, "getPortableCredential", params, sign)<br />credObject = PortableCredential.from(pwd)<br />print "PASSWORD:" + String.valueOf(credObject.getPassword())</pre><pre><font face="Arial">Execute the script using wlst.sh</font></pre><pre>cd /u01/app/oracle/Middleware/oracle_common/common/bin</pre><pre>./wlst.sh getpwd.py</pre><pre><font face="Arial">You should now have the password for the ovmclient.jks and ready for the final step.</font></pre><br /><h2>Step 9: Import your CA into ovmclient.jks</h2><pre>/u01/app/oracle/java/bin/keytool -keystore ovmclient.jks -import -trustcacerts -file cacert.crt -alias ACMECA</pre><br /><h2>Step 10: Restart the OVM server</h2><br /><p>As root:</p><br /><p><font face="Courier New">service ovmm stop</font></p><br /><p><font face="Courier New">service ovmm start</font></p><br /><p>After these steps you should have your OVM Manager up and running using your chosen server certificate and your chosen CA.</p><pre> </pre> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com1tag:blogger.com,1999:blog-8874378.post-9389751756691397182015-06-25T21:59:00.001+03:002015-06-25T21:59:47.813+03:00OSB 12c Deployment Issues with BPM Enabled Domain<p> </p> <p>Another gray hair on my head today. It took a long time to find out the problem on my OSB 12.1.3 deployment problem. Created relatively simple OSB project with XSLT transformation. Started getting weird problems stating that I had problems with my WSDLs related to the XSLT. Removed the XSLT, still getting deployment errors “java.net.MalformedURLException”:</p> <p>[05:28:43 PM] ---- Deployment incomplete ----.<br>[05:28:43 PM] Conflicts found during publish.<br>The WSDL is not semantically valid: Failed to read wsdl file from url due to -- java.net.MalformedURLException: Unknown protocol: servicebus.<br>[OSB-398016]Error loading the WSDL from the repository: Failed to read wsdl file from url due to -- java.net.MalformedURLException: Unknown protocol: servicebus<br>[05:28:43 PM] Conflicts found during publish.</p> <p>This is bug 18856204 that occurs when OSB is installed on the same domain as BPM.</p> <p>The fix is to add:<br>felix.service.urlhandlers=false </p> <p>in "bac-svnserver-osgi-framework" Init Properties –setup and then restart admin server.</p> <p>Fix was originally found in this article:</p> <p><a href="https://middlewarebylink.wordpress.com/2014/07/17/soa-12c-end-to-end-e2e-tutorial-error-deploying-validatepayment/">https://middlewarebylink.wordpress.com/2014/07/17/soa-12c-end-to-end-e2e-tutorial-error-deploying-validatepayment/</a></p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-9004207173076997262015-06-25T21:51:00.001+03:002015-06-25T21:51:32.378+03:00OSB 12c Test Console Not Working<p> </p> <p>You might face an issue with 12.1.3 OSB web based test console not working when you press the “Play” button from OSB console. You might see following error:</p> <p>Error Accessing Test Configuration<br>"Test Console" service is not running. Contact administrator to start this service. <p>Manual instructs you to set the Admin Server listen address to something else than empty (which means admin server listens for all IP addresses). An example of “localhost” could be valid if you are running your installation e.g. on your own workstation. <p>In my case I had to also set the listen addres for the osb server as well in order to get the test console working properly. After setting the listen address you need to bounce the servers. Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com5tag:blogger.com,1999:blog-8874378.post-36964988848698067362015-04-28T20:53:00.001+03:002015-04-28T20:53:41.279+03:00Changing Environment Warning Color on WLS Console<p> </p> <p>One of the rare mistakes in system configuring is when you actually thought you were in development or testing environment, but the browser actually pointed to production. You might even have the same credentials between the environment (e.g. linked to AD or LDAP directory), making it difficult to recognize the fatal error until it’s too late.</p> <p>When the consoles look alike there is nothing to differentiate from the other environments but you just have to be sharp to acknowledge were you are.</p> <p>One of the easiest changes to prevent these errors happening could be to change the production (or some other) environment WLS console coloring so that it differs from other environments to alarm that this is <strong>not</strong> for testing or development.</p> <p>How about if the WLS console looked like this:</p> <p><a href="http://lh3.googleusercontent.com/-8UZybcrWVng/VT_JHzJK91I/AAAAAAAAA_A/6o-VoxtcITg/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.googleusercontent.com/-HsXNv1rsxzQ/VT_JInxbxwI/AAAAAAAAA_E/U_qIpevYim4/image_thumb.png?imgmax=800" width="244" height="145"></a></p> <p>This is easily done.</p> <h2>WebLogic 12c</h2> <p>cd $WLHOME/wlserver/server/lib/consoleapp/webapp/css</p> <h2>WebLogic 11g</h2> <p>cd $WLHOME/wlserver_10.3/server/lib/consoleapp/webapp/css</p> <p> </p> <p>Make backup of the content.css.</p> <p>Edit the toolbar background color:<br></p> <p>/*<br> Toolbar Area<br>*/<br>.toolbar {<br> <strong>background-color: #D2E5F9;<br></strong> overflow: hidden;<br> width: 100%;<br> padding: 1px;<br>}</p> <p> </p> <p>change it to something else, like orange/red:</p> <p>/*<br> Toolbar Area<br>*/<br>.toolbar {<br><strong> background-color: #FF6666;<br></strong> overflow: hidden;<br> width: 100%;<br> padding: 1px;<br>}<br></p> <p>After this change the WLS console immediately shows “warning color” in the toolbar as a marker for a production environment.</p> <p>You might need to make sure the change is redone after system upgrades if the default content.css is for some reason overridden.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-1546561958872027062015-03-19T00:08:00.001+02:002015-03-19T00:08:29.111+02:00The trustAnchors parameter must be non-empty -error<p>If you ever configured AD or some other LDAP authentication provider for you WebCenter, SOA or BPM Suite and decided to follow the best practice on securing the LDAP traffice with SSL you will most propably end up with problems connecting to LDAPS at some point. </p> <p>You might see these errors in your log file:</p> <p><strong>Caused By: java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty</strong></p> <p>The problem is that even if you imported your LDAP or AD server root and intermediate CAs into either JKS (11G) or KSS (12c) you need to perform one additional step on creating keystore for libOVD and is used with identity provider virtualization (once you set up “virtualize=true” in the domain security provider setup.</p> <p>To get the problem solved you need to perform two steps:</p> <p>1. Run libovdconfig.sh that creates the adapters.jks for libOVD</p> <p>2. Import the needed CA certificates into this adapters.jks</p> <p> </p> <p>Detailed steps are described below.</p> <p><strong>For the step 1 (12c installation being here as a sample, the same applies with 11g but a bit different subdirectory names for Oracle Home and WL Home)</strong>:</p> <p><font face="Courier New">cd /u01/app/oracle/product/fmw12c/oracle_common/bin/</font></p> <p><font face="Courier New">export ORACLE_HOME=/u01/app/oracle/product/fmw12c/soa<br>export WL_HOME=/u01/app/oracle/product/fmw12c/wlserver<br>export JAVA_HOME=/usr/java/latest</font> <p><font face="Courier New">./libovdconfig.sh -host myhost.com -port 7001-userName weblogic -domainPath /u01/app/oracle/admin/BPMDEV_Domain/mserver/BPMDEV_Domain -createKeystore</font> <p><strong>Once the keystore is created, proceed to step 2:</strong></p><pre>cd /u01/app/oracle/admin/BPMDEV_Domain/mserver/BPMDEV_Domain/config/fmwconfig/ovd/default/keystores</pre><pre>/usr/java/latest/bin/keytool -import -file mycacertificate.der -keystore adapters.jks -trustcacerts -alias ldap.myhost.com</pre><pre><br />Enter keystore password: ********<br />Certificate already exists in system-wide CA keystore under alias <ldap.myhost.com><br />Do you still want to add it to your own keystore? [no]: yes<br />Certificate was added to keystore</pre><br /><p>After these steps restart the managed servers and you are good to go.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-13722467798392963862015-02-28T15:58:00.001+02:002015-03-01T08:11:14.404+02:00Best Practice on Pointing to Latest JDK in FMW Installation<p> </p> <p>One of the best practices in Oracle Middleware installations is to point to logical “latest” JDK directory in the configuration files. When you install e.g. WebLogic server 11g on Linux you need to have the JDK installed before starting up the WebLogic installation.</p> <p>You might have installed e.g. JDK 1.7. rpm which installs the JDK into /usr/java and by default has the best practice directories “default” that points to “latest” and “latest” symbolic link that points to the latest/wanted JDK installation.</p> <p>/usr/java might look like this:</p> <p>drwxr-xr-x. 8 root root 4096 Feb 28 08:09 jdk1.7.0_75<br>lrwxrwxrwx. 1 root root 21 Feb 28 08:09 latest -> /usr/java/jdk1.7.0_75<br>lrwxrwxrwx. 1 root root 16 Feb 28 08:09 default -> /usr/java/latest</p> <p>If you didn’t have the “latest” symbolic link there, you might be running older versions like JRockit or JDK6.<br></p> <p>Despite of having the /usr/java/latest symbolic link, you will get the full real path suggested in the installer:</p> <p><a href="http://lh6.ggpht.com/-D67_Hsr4voc/VPHJbAew2pI/AAAAAAAAA9I/G3cg9LCdm2Q/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="http://lh3.ggpht.com/-cndi4s0Qv3s/VPHJb0g-pjI/AAAAAAAAA9Q/0eBEpT9JYGs/image_thumb.png?imgmax=800" width="244" height="178"></a></p> <p>Despite of pressing “Browse…” and choosing the /usr/java/latest, the JDK path will not change in the installer. You will get “Please select appropriate JDK” error.</p> <p><a href="http://lh4.ggpht.com/-5CBi1tgop-g/VPKteU8ApKI/AAAAAAAAA9k/ON73JWcg150/s1600-h/image%25255B3%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh3.ggpht.com/-KnaXfg8J4VA/VPKtex3BSkI/AAAAAAAAA9o/X4W07RJUwds/image_thumb%25255B1%25255D.png?imgmax=800" width="244" height="85"></a></p> <p>There are two options to go:</p> <p>1. Install the software pointing to the real path and then later change all shell scripts etc. pointing to the real path, to point to /usr/java/latest</p> <p>or</p> <p>2. Exit the installer and change the real JDK directory name temporarily to /usr/java/latest, restart the installer and the installer will find the JDK in the path /usr/java/latest, configure the environment variables. After the installer has finished, change the real JDK path back to what it was and point the /usr/java/latest to point to the wanted JKD version.</p> <p>Here are the steps for the option 2)</p> <p>cd /usr/java</p> <p>mv latest latest.old</p> <p>mv jdk1.7.0_75 latest</p> <p>Install the Oracle FMW software. When installing e.g. Weblogic server you should point the JDK to /usr/java/latest.</p> <p><a href="http://lh3.ggpht.com/-k0GeyI0Wg0k/VPKtfq_iBII/AAAAAAAAA90/FIzB6YA2czY/s1600-h/image%25255B6%25255D.png"><img title="image" style="border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; border-left: 0px; display: inline; padding-right: 0px" border="0" alt="image" src="http://lh4.ggpht.com/-t0lajWAkbpI/VPKtgEMJZxI/AAAAAAAAA94/1wAkUvIDyEE/image_thumb%25255B2%25255D.png?imgmax=800" width="244" height="176"></a></p> <p>After the installation has finished, reverse the changes:</p> <p>mv latest jdk1.7.0_75</p> <p>mv latest.old latest.</p> <p> </p> <p>You can veriry that the shell scripts point to this logical directory by looking at:</p> <p>$MW_HOME/wlserver_10.3/common/bin/commEnv.sh.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-25137943141111616712014-11-22T22:28:00.001+02:002014-11-22T22:28:21.250+02:00OracleVM 3.3.1 and External Authentication<p>Some of the customers (including my company Ratioware) has defined OracleVM Manager to use external authentication (like LDAP or Active Directory) to be used to authenticate the users when logging into OracleVM Manager console.</p> <p>This used to work well with OracleVM 3.2.x.</p> <p>When we upgraded OracleVM 3.2.8 to OracleVM 3.3.1 we noticed that all those custom authentication settings were lost. Well, that is “kind” of acceptable assuming Oracle perhaps doesn’t like us to tweak the underlying WebLogic.</p> <p>After changing the authentication provider back to utilize our external authentication provider I noticed that I wasn’t any more able to login to OracleVM console. I <u>was</u> able to login to WebLogic Console but <u>not</u> into OracleVM Manager console. I got “Unexpected error during login”.</p> <p>Error messages in the weblogic log files stated:</p> <p><font face="Courier New"><2014-11-11T20:19:25.066+0200> <Error> <com.oracle.ovm.appfw.coreinterface.ConnectionManager> <BEA-000000> <AppFw session 1: Failed to connect to Web Service API.<br>com.oracle.ovm.mgr.ws.model.WsException: AUTH_000002:Connection to manager failed: AUTH_000002:Connection to manager failed: Certificate authentication failed: certificate unrecognized (CN=admin, OU=Oracle VM Manager, O=Oracle Corporation, C=US).<br>Tue Nov 11 20:19:25 EET 2014 (AUTH_000002)</font> <p>Changing the order of authentication providers or the requried –attributes didn’t help in the issue. <p>There is Oracle Doc ID 1942473.1 related to this with solution suggestion: <p>Steps to fix this: <ol> <li>cd /u01/app/oracle/ovm-manager-3/bin/</li> <li>./configure_client_cert_login.sh</li></ol> <p>The configure_client_cert_login.sh will ask you the username and the password for the OVM manager. In my case I did have “admin” user but for some reason the password was not upgraded correctly and I needed to reset the “admin” user password in OVM WLS console before I could execute this script correctly.</p> <p>You could potentially also use “weblogic” user to run the script.</p> <p>After running this client certification script the OracleVM Manager login started working correctly and we were able to use our external authenticator with our OracleVM Manager console.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com4tag:blogger.com,1999:blog-8874378.post-66841523885770934292014-11-09T19:48:00.001+02:002014-11-09T19:48:12.299+02:00Connection to VirtualBox BPM 12c Project Access Manager (PAM) from Local JDeveloper<p>I attended Oracle BPM Suite 12c partner training in Finland and the labs had Oracle Virtual Box image that we used in the training.</p> <p>Virtual Box had JDeveloper embedded but I wanted to use my local copy of BPM Quick Start JDeveloper running on my bare metal laptop.</p> <p>When trying to set up Project Access Manager (PAM) and connect to the repository I would get errors like: Could not connect to repository endpoint: localhost:7323<br></p> <p>The reason for this was that when the internal SVN server starts up it looks up the hostname (soabpm-vm in this case) and queries the IP address for this. In pre-built virtual box the /etc/hosts file looks like:</p> <p>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4<br>soabpm-vm soabpm-vm.site</p> <p>When BPM Suite 12c is starting up all other components start listening for 0.0.0.0 address (all IP addresses) but SVN server starts listening for 127.0.0.1 address. This means we cannot access this SVN address outside the Virtual Box, even when using port forwarding.</p> <p>I tried to find a way to configure the SVN server to listed for 0.0.0.0 addresses but I could not find that. That was somewhere deep inside the code that wasn’t easily discovered.</p> <p>To workaround this issue it requires reconfiguring the network interfaces:</p> <h2>Step 1</h2> <p>Add second network interface to virtual machine that is attached to “Host-Only Adapter”. </p> <p><a href="http://lh4.ggpht.com/-d4c9hjMwXJ0/VF-ozTkLC0I/AAAAAAAAA7w/bYCUz3mko3Q/s1600-h/image%25255B2%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="http://lh6.ggpht.com/-Oc-niNCKh50/VF-o0BN-eqI/AAAAAAAAA74/dlQE9vTH8MA/image_thumb.png?imgmax=800" width="244" height="117"></a></p> <p>This enables the connectivity to 192.168.56.0 network.</p> <p>In my setup Host Only network details looks like this in the main Virtual Box preferences window:</p> <p><a href="http://lh5.ggpht.com/-XPQyoCPlrxs/VF-o0l-_kUI/AAAAAAAAA8A/tKgPSc8wV04/s1600-h/SNAGHTML7043576%25255B3%25255D.png"><img title="SNAGHTML7043576" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="SNAGHTML7043576" src="http://lh3.ggpht.com/-J7cPAz-q9IQ/VF-o1YQCIuI/AAAAAAAAA8I/LoW9vIOpJMc/SNAGHTML7043576_thumb.png?imgmax=800" width="244" height="145"></a></p> <p>As we can see the built-in DHCP server starts delivering the DHCP addresses starting from 192.168.56.101. It is safe to assign fixed addresses below 192.168.56.100, in this case I decided to assign my Virtual Box BPM 12c installation a fixed IP address of 192.168.56.50.</p> <p>I still wanted to keep the NAT network interface in the virtual box because that enables me to use network resources outside the virtual box (like external YUM repositories etc).</p> <h2>Step 2</h2> <p>Configure the ethernet interface (either eth1 or eth2 depending on how you defined your virtual networks in VM settings):</p> <p>cd /etc/sysconfig/network-scripts</p> <p>ifcfg-eth2 or (ifcfg-eth1 if you changed the NAT’ed to Host-Only Adapter)<br># Please read /usr/share/doc/initscripts-*/sysconfig.txt<br># for the documentation of these parameters.<br>DEVICE=eth1<br>BOOTPROTO=static<br>TYPE=Ethernet<br>HWADDR=08:00:27:41:19:1a<br>NM_CONTROLLED=no<br>PEERDNS=yes<br>IPADDR=192.168.56.50<br>SUBNET=255.255.25.0<br></p> <p>Remember to change the HWADDR to point to your virtual NIC Hardware address.</p> <p>After changing the network adapter settings you can reset the network settings my issuing command “service network restart” as root.</p> <h2>Step 3</h2> <p>Changed the IP address in the /etc/hosts file like this:</p> <p>127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4<br>::1 localhost localhost.localdomain localhost6 localhost6.localdomain6<br>192.168.56.50 soabpm-vm soabpm-vm.site</p> <h2>Step 4</h2> <p>After network settings has been changed restart the BPM Suite 12c installation. If running pre-build BPM 12c image, just bounce the AdminServer.</p> <h2>Step 5</h2> <p>Edit your workstartion hosts file to point to the fixed IP address. As Windows Administrator edit the file</p> <p>C:\Windows\System32\drivers\etc\hosts</p> <p>Add line:</p> <p>192.168.56.50 soabpm-vm.site soabpm-vm</p> <h2>Step 6</h2> <p>Configure your BPM Studio PAM connection and test that it works:</p> <p><a href="http://lh3.ggpht.com/-dmKiLITlrts/VF-o2Ho33lI/AAAAAAAAA8Q/qbCprRKE5Gs/s1600-h/image%25255B5%25255D.png"><img title="image" style="border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px" border="0" alt="image" src="http://lh5.ggpht.com/-WvbzxyCsVOo/VF-o2nMr-aI/AAAAAAAAA8Y/T-vha1R5yhc/image_thumb%25255B1%25255D.png?imgmax=800" width="182" height="244"></a></p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-72841374873664323332014-04-22T10:50:00.001+03:002014-04-22T10:50:06.291+03:00OpenSSL Heartbleed Oracle Fixes<p>Some of the Oracle software is also affected by the Heartbleed vulnerability. Specifically if you are using Oracle Linux 6, you should update your operating system using ULN or Oracle Public YUM repository.</p> <p>For more information please see:</p> <p>http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-40903579245377741992014-04-03T20:06:00.001+03:002014-04-03T20:06:10.915+03:00OracleVM 3.2.8 Downloadable<p>OracleVM 3.2.8 just got published in Oracle Support and Public Yum repository.</p> <p>Use Patch 16410417 to download the OracleVM Manager 3.2.8 zipped ISO image. You can use Oracle yum repository to upgrade your OracleVM Servers.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-36700372973455624912014-02-07T07:36:00.001+02:002014-02-07T07:36:57.554+02:00Oracle BPM Suite 11.1.1.7.2 WebForms entryId is null<p>Ran into Oracle BPM Suite 11.1.1.7 Web Form issue after upgrading from 11.1.1.6 to 11.1.1.7. When trying to create web form in Oracle BPM composer, I get “entryId is null” error.</p> <p>When looking at the log files I can see</p> <p>[2014-02-06T13:54:03.233-08:00] [AdminServer] [ERROR] [] [com.frevvo.forms.web.ConfigurationResource] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 11d1def534ea1be0:-4d925ede:14409288963:-8000-00000000000002a3,0] [APP: frevvo] Configuration error: Users database schema - ORA-00942: table or view does not exist[[]]</p> <p>…  <br />[2014-02-06T13:54:03.245-08:00] [AdminServer] [WARNING] [] [com.frevvo.billing.database.UserDBUtil] [tid: [ACTIVE].ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: weblogic] [ecid: 11d1def534ea1be0:-4d925ede:14409288963:-8000-00000000000002a3,0] [APP: frevvo] Could not get user ids for tenant d[[ <br />java.sql.SQLSyntaxErrorException: ORA-00942: table or view does not exist       </p> <h3>Solution</h3> <p>Even though I had executed psa against the SOA infrastructure, looks like still some tables were not upgraded properly. Might have been because I extended the domain with Frevvo extensions later on.</p> <p>Solution is to execute psa (once more) for soainfra. This will upgrade soa-infra to 11.1.1.7. so that those Frevvo tables are created properly and you can design your Web forms.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-70018477081322349472013-11-11T07:16:00.001+02:002013-11-11T07:16:15.470+02:00Extending OracleVM Guest Disk<p>These instructions has been working at least with OracleVM 2.2 disk images.</p> <p>Every now and then you might end up with situation where you run out of disk space on your guest VM.</p> <p>1. Shut down your guest VM.</p> <p>In order for the guest VM to recognize the extended disk size you need to have the system restarted.</p> <p>2. Navigate to the guest VM directory in your OracleVM Server.</p> <p>cd /OVS/running_pool/myhost</p> <p>In this example the guest VM has ran out of disk space on yumrepo.img.</p> <p>We want to extend this disk from 100GB –> 200 GB.</p> <p>3. Create an additional 100GB empty temporary file:</p> <p>dd if=/dev/zero of=tempfile bs=1024 count=10000000</p> <p>or:</p> <p>dd if=/dev/zero of=tempfile bs=100G count=1</p> <p>This might take some time depending on your storage connection.</p> <p>4. Make a backup out of extendable disk image file</p> <p>cp yumrepo.img yourepo-old.img</p> <p>5. Concatenate the empty disk image to the end of the existing disk image.</p> <p>cat tempfile >> yumrepo.img &</p> <p>Depending on your storage system, this step could also be taking some time. If you experience network timeouts on your ssh terminal session, it’s good practice to submit your concatenation to background using “&”.</p> <p>6. Start the guest VM again and login as root.</p> <p>After restart the guest VM should internally recognize the extended device, althought you cannot see that bigger size before you have resized the disk.</p> <p>7. Unmount the disk if that has been in use.</p> <p>8. You have to repartition the disk image with fdisk. </p> <p>fdisk /dev/xvdb</p> <p>Print out the partition layout with “p” option to see how the disk has been formatted. If you see that image is constructed out of one primary partition, please go ahead with these instructions. If you see that disk is constructed such way that e.g. the swap space is the latest and the partition you wanted to extend cannot be extended without deleting the swap partition, please do <u>not</u> go ahead with these instructions. This latter example is e.g. when you try to extend a system disk.</p> <p>Remove the partition with “d” option and create again (n –> primary –> 1). When recreating the partition again you will see larger sector end number. </p> <p>9. Check the filesystem:</p> <p>fsck -f /dev/xvdb1</p> <p>10. Resize the filesystem:</p> <p>resize2fs /dev/xvdb1</p> <p>11. Mount the file system and it’s ready to use.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-2088777141697035252012-09-30T22:31:00.001+03:002012-09-30T22:31:32.021+03:00SOA Suite 10g–> 11g migration and Issue with composite.xml Attributes<p>Here is a heads up for those that might still be working on 10g –> 11g migrations. There is one unfortunate bug (8980875) in the migration process that seems innocent in the beginning but has critical effects in the end.</p> <p>I logged a service request for continuous XML parse errors in the managed server log files:</p> <p>org.xml.sax.SAXParseException: <Line 5, Column 92>: XML-20129: (Error) Namespace prefix 'ui' used but not declared.</p> <p>This occurs at deployment time. In most cases the deployed composite worked just fine.</p> <p>Error comes from the composite.xml content where the migrated 10g SOA projects have all the XML root element “composite” attributes in a single line. The deployment parser seems to be some sort of home grown XML parser that assumes that all the attributes are physically separated in their own lines, like this:</p> <p><font size="1"><composite name="Archive" <br />           revision="1.0" <br />           label="2012-08-16_09-51-28_557" <br />           mode="active" <br />           state="on" <br />           xmlns="</font><a href="http://xmlns.oracle.com/sca/1.0""><font size="1">http://xmlns.oracle.com/sca/1.0"</font></a> <br /><font size="1">           xmlns:xs="</font><a href="http://www.w3.org/2001/XMLSchema""><font size="1">http://www.w3.org/2001/XMLSchema"</font></a> <br /><font size="1">           xmlns:wsp="</font><a href="http://schemas.xmlsoap.org/ws/2004/09/policy""><font size="1">http://schemas.xmlsoap.org/ws/2004/09/policy"</font></a> <br /><font size="1">           xmlns:orawsp="</font><a href="http://schemas.oracle.com/ws/2006/01/policy""><font size="1">http://schemas.oracle.com/ws/2006/01/policy"</font></a> <br /><font size="1">           xmlns:ui="</font><a href="http://xmlns.oracle.com/soa/designer/""><font size="1">http://xmlns.oracle.com/soa/designer/"</font></a><font size="1">> <br /></composite></font></p> <p>and when the migrated projects have something like this:</p> <p><composite name="HelloWorld" revision="1.0" mode="active" state="on" <a title="xmlns:ui="http://xmlns.oracle.com/soa/designer/" href="xmlns:ui="http://xmlns.oracle.com/soa/designer/">xmlns:ui="http://xmlns.oracle.com/soa/designer/</a></p> <p>in a single line, the deployment will give errors in this part. You might have some references in composite.xml pointing to external servers using “ui.wsdlLocation” like this:</p> <p><reference ui:wsdlLocation=<a href="http://mydevhost1.mydomain.com:8001/soa-infra/services/CommonExceptionHandling/CommonExceptionHandling.wsdl">http://mydevhost1.mydomain.com:8001/soa-infra/services/CommonExceptionHandling/CommonExceptionHandling.wsdl</a> name="CommonException...</p> <p>By default these should not affect the runtime environment since this is used at development time. Unfortunately combined with this bug 8980875, the pointer seems to stay in the runtime environment causing gray hairs when e.g. all of the sudden production environment has pointers to development environment. Changing this ui.wsdlLocation seems very hard if not possible using the built-in deployment scripts and default search/replace element descriptors.</p> <p>In the end, the advice from me is to change all the migrated 10g –> 11g SOA projects manually to correct the composite.xml “composite” element attributes to their own lines. This will help greatly in the dev->tst->prd deployments avoiding those unwanted cross environment pointers.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com3tag:blogger.com,1999:blog-8874378.post-4433866877600247372012-09-17T21:51:00.001+03:002012-09-17T21:51:58.095+03:00One possible reason for not being able to login to OracleVM Manager<p>Today I faced the a weird situation when trying to login to OracleVM Manager 3.0.1 console. OVMM console did show up and provided me login screen. After entering username and password I got a weird internal error claiming login failed. Username and password were the right ones.</p> <p>After a while of of debugging I noticed that all the passwords had expired from the OracleDB that holds the OracleVM repository.</p> <p>I logged in as sys user and changed the default profile:</p> <p>alter profile default limit password_life_time unlimited;</p> <p>Then altered the passwords for the most important accounts: SYSTEM, OVS.</p> <p>SYS user seemed to be in ok condition.</p> <p>Then I restarted the OVMM process (root):</p> <p>service ovmm stop <br />service ovmm start</p> <p>After this login worked fine.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-16268792213976722902011-11-20T16:24:00.001+02:002011-11-20T16:24:56.048+02:00BPM Editor and Python Extension Not Playing in Nicely in the Same Sandbox<p>I was playing with the latest FMW 11.1.1.5 BPM Feature Pack when I noticed immediate NPE when launching any BPM process editor in my JDeveloper.</p> <p>The stack trace was:</p> <blockquote> <p><font size="1">java.lang.NullPointerException</font></p> <p><font size="1">        at oracle.bpm.ui.action.BaseAction$ActionFuegoAction.putValue(BaseAction</font><font size="1">.java:496)</font></p> <p><font size="1">        at oracle.bpm.ui.action.BaseAction.setMsg(BaseAction.java:312)</font></p> <p><font size="1">        at oracle.bpm.ui.action.BaseAction$ActionFuegoAction.<init>(BaseAction.j</font><font size="1">ava:476)</font></p> <p><font size="1">        at oracle.bpm.ui.action.BaseAction.valueOf(BaseAction.java:100)</font></p> <p><font size="1">        at oracle.bpm.designer.catalogdoc.DocumentationEditorPanel.createActions </font><font size="1">(DocumentationEditorPanel.java:521)</font></p> <p><font size="1">        at oracle.bpm.designer.catalogdoc.DocumentationEditorPanel.createEditorP</font><font size="1">anel(DocumentationEditorPanel.java:504)</font></p> <p><font size="1">        at oracle.bpm.designer.catalogdoc.DocumentationEditorPanel.init(Document</font><font size="1">ationEditorPanel.java:472)</font></p> </blockquote> <p>After debugging long enough I found out that this was a compatibility problem with JDeveloper Python Extension and BPM Editor.</p> <p>Python Extension is something I ported from JDev 10.1.2 to 10.1.3 and latest rewrote some portions to get it working on JDeveloper 11g. Aparently there is something causing side effects in BPM Editor so the recommendation from me is to disable this Python Extension to get BPM Editor working without these NPE issues.</p> <p>To disable any extension you can follow these menu options:</p> <p>Tools –> Preferences –> Extensions (from the left hand panel) –> Uncheck the Checkbox from Python Extension</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-38574635513900394582011-11-08T16:35:00.001+02:002011-11-08T16:35:47.450+02:00Word of Warning for OracleVM 2.2 Upgraders<p>Decided to start upgrading my OracleVM 2.2 servers to the new OracleVM 3.0.2.</p> <p>First obstacle was that the installation application didn’t recognize the CD drive it was originally started from. Weird. Got an error stating that I should have drivers to read the CD.</p> <p>Went to buy an external USB DVD drive. Started the installation from there. Got a bit further but at the time I was supposed to choose my hard disk for partitioining, OracleVM 3.0.2 did’n find the hard drives at all.</p> <p>Looks like OracleVM 3.0.2 is very picky on the supported hardware systems you can run it on.</p> <p>Finally managed to install OracleVM 3.0.2 on <u><strong>USB Stick</strong></u> acting as hard drive. Well, obviously this isn’t a perfect solution to run my virtualization servers, so I reverted back to OracleVM 2.2.</p> <p>So a word of warning to all those thinking of upgrading. You can either test the installation media just to see if it recognizes your hard drivers and then make decision whether to go forward or not.</p> <p>I’m waiting for a new version of OracleVM to be released and hoping it has the kernel modules for my AMD/VIA based motherboard.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com2tag:blogger.com,1999:blog-8874378.post-90466098813875477022011-08-25T23:48:00.001+03:002011-08-25T23:48:38.218+03:00OracleVM 3.0 Finally Out<p>The wait is over for those that have been waiting for OracleVM 3.0:</p> <p><a href="http://www.oracle.com/us/corporate/press/459406">http://www.oracle.com/us/corporate/press/459406</a></p> <p>When starting my own business (<a href="http://www.ratioware.com">http://www.ratioware.com</a>), I decided to set up all my servers as OracleVM 2.2 virtual servers. I’ve been more than happy running my stuff virtualized, so I’m very interested in getting hold on OracleVM 3.0.</p> <p>There are number of enhancements worth mentioning:</p> <ul> <li>Policy based resource management</li> <li>Centralized network and storage configuration and management</li> <li>Performance, scalability and security enhancements</li> <li>New management console</li> </ul> <p>Not so happy surprise was that upgrading from OracleVM 2.2 was non-existent. All servers must be reinstalled with OracleVM 3.0.1 software, but you could utilize the 2.2 templates and virtual images.</p> <p>I’m currently downloading the OVM 3.0 Server and Management Console installation packages and start planning for 2.2 –> 3.0 upgrade on my own server pool.</p> <p>Maybe this would be a good time to get rid of my iSCSI SAN setup and replace it with NFS for easier management (backups, image copying etc).</p> <p>Stay tuned for experiences on OVM 3.0 once I get it up and running.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com0tag:blogger.com,1999:blog-8874378.post-22075883598153499142010-12-15T16:07:00.001+02:002010-12-15T16:07:49.298+02:00Microsoft Powerpoint notes removal addin on Office 2007 and Windows 7<p>Here’s an update on my <a href="http://kaukovuo.blogspot.com/2005/06/powerpoint-notes-removal-add-in.html" target="_blank">previous</a> (dated back in 2005) blog posting on Microsoft Powerpoint 2007 notes removal add-in.</p> <p>The actual add-in file is still valid and working on Office 2007. You can find it here: <br /><a title="http://www.pcuf.fi/~hkaukovu/blog/HJK_Remove_Notes.ppa" href="http://www.pcuf.fi/~hkaukovu/blog/HJK_Remove_Notes.ppa">http://www.pcuf.fi/~hkaukovu/blog/HJK_Remove_Notes.ppa</a></p> <p>Update is related to where you should copy the *.ppa file on Windows 7 and how to add the add-in on Powerpoint 2007. First of all, download and copy the *.ppa file to your Windows user roaming directory:</p> <p>C:\Users\<windowsusername>\AppData\Roaming\Microsoft\AddIns</p> <p>e.g on my machine the path where to copy this is:</p> <p>C:\Users\hkaukovu\AppData\Roaming\Microsoft\AddIns</p> <p>Here are the steps to enable the add-in:</p> <p>1. Go to powerpoint options</p> <p><a href="http://lh6.ggpht.com/_G3ZVZsr8vwg/TQjLc55-K_I/AAAAAAAAAjU/lUzqg5IP1ro/s1600-h/image%5B2%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh5.ggpht.com/_G3ZVZsr8vwg/TQjLeSaXu-I/AAAAAAAAAjY/6LtjtZv1VnE/image_thumb.png?imgmax=800" width="221" height="244" /></a></p> <p>2. Choose Add-Ins</p> <p><a href="http://lh4.ggpht.com/_G3ZVZsr8vwg/TQjLfR7W6RI/AAAAAAAAAjc/TvWvw4L7nb8/s1600-h/image%5B5%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/_G3ZVZsr8vwg/TQjLgYH5eVI/AAAAAAAAAjg/gNlOXKFJ7AY/image_thumb%5B1%5D.png?imgmax=800" width="145" height="244" /></a></p> <p>3. From lower part of window choose “Manage: Powerpoint Add-Ins” and press “Go…”</p> <p><a href="http://lh4.ggpht.com/_G3ZVZsr8vwg/TQjLhJmXojI/AAAAAAAAAjk/4Me1ydPNWro/s1600-h/image%5B8%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh6.ggpht.com/_G3ZVZsr8vwg/TQjLiHxlxiI/AAAAAAAAAjo/eGtXMLiaHRk/image_thumb%5B2%5D.png?imgmax=800" width="244" height="47" /></a></p> <p>4. Press “Add New…”</p> <p><a href="http://lh4.ggpht.com/_G3ZVZsr8vwg/TQjLje5e91I/AAAAAAAAAjs/TykSraYaLTc/s1600-h/image%5B11%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/_G3ZVZsr8vwg/TQjLkWPWI7I/AAAAAAAAAjw/z6o-7FxZ93I/image_thumb%5B3%5D.png?imgmax=800" width="244" height="216" /></a></p> <p>5. Select the *.ppa file</p> <p><a href="http://lh3.ggpht.com/_G3ZVZsr8vwg/TQjLlaQRynI/AAAAAAAAAj0/HyE37YbzmPI/s1600-h/image%5B14%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/_G3ZVZsr8vwg/TQjLmQPtvLI/AAAAAAAAAj4/7XLLCmvOXmY/image_thumb%5B4%5D.png?imgmax=800" width="244" height="164" /></a></p> <p>6. Press Enable Macros</p> <p><a href="http://lh3.ggpht.com/_G3ZVZsr8vwg/TQjLnnIwJrI/AAAAAAAAAj8/MH3kbbF4c2w/s1600-h/image%5B17%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh4.ggpht.com/_G3ZVZsr8vwg/TQjLpigFFsI/AAAAAAAAAkA/U18DnGiePGw/image_thumb%5B5%5D.png?imgmax=800" width="244" height="148" /></a></p> <p>7. You have now the notes removal add-in enabled.</p> <p>'<a href="http://lh5.ggpht.com/_G3ZVZsr8vwg/TQjLqcL3egI/AAAAAAAAAkE/-5fByzRAfz0/s1600-h/image%5B20%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh5.ggpht.com/_G3ZVZsr8vwg/TQjLrPv8w-I/AAAAAAAAAkI/RbrNtMEEY-0/image_thumb%5B6%5D.png?imgmax=800" width="244" height="216" /></a></p> <p>8. You can execute the notes removal add-in from “Add-Ins” tab.</p> <p><a href="http://lh3.ggpht.com/_G3ZVZsr8vwg/TQjLsDrKlXI/AAAAAAAAAkM/yjzAPVPIycA/s1600-h/image%5B23%5D.png"><img style="background-image: none; border-bottom: 0px; border-left: 0px; margin: 0px; padding-left: 0px; padding-right: 0px; display: inline; border-top: 0px; border-right: 0px; padding-top: 0px" title="image" border="0" alt="image" src="http://lh3.ggpht.com/_G3ZVZsr8vwg/TQjLs_vXkMI/AAAAAAAAAkQ/7EuXMM44kog/image_thumb%5B7%5D.png?imgmax=800" width="244" height="45" /></a></p> <p>The add-in activation is permanent, so next time you startup Powerpoint, this notes removal add-in should be active.</p> Harri Kaukovuohttp://www.blogger.com/profile/16748583654886421957noreply@blogger.com1