Saturday, December 08, 2007

Solution for OAM WebPass and WebGate in different directories

When installing the Oracle Access Manager WebGate and WebPass in different directories on Windows you will encounter some problems when it comes to forms-based authentication. The reason for this lies in the configuration of the IIS (oh - how I like Apache :-) .

The redirection to the forms based HTML login and its redirection can easily fail as the IIS is not aware of the different location of the other directory.

I solved this by changing the Virtual Directory settings in the IIS.

Here is a picture that will give you an idea where and how to do this:

Tuesday, November 27, 2007

Either I'm stupid, getting too old or the 40C fever has taken the better of me :-(

Today during a workshop where we had to setup the Oracle Access Manager we had a very detailed cookbook.

Then I reached the following page:


I hit next and always received a strange error - stating that the inetOrgPerson could not be found in the LDAP.

Well - I have to say for my defense that I suffered from fever, cold, and headache.

Just restarting the servers OUTSIDE the browser did the trick!

Going to bed and get rid of my fever.

cu
Andreas

Sunday, October 21, 2007

Problems when syncing AD with OID

Lately I've been doing some AD-OID synchronization.

Should be not that difficult, but as so often the devil is in the detail.

The AD admin created a user that is capable of reading the complete AD - as it is described in the documentation.

Then I tried to login. And tried, and tried. Password was reset, different password was used, etc.

No luck.

I tried a very easy ldapsearch and received the follwoing error:

80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 531, v893
HEX: 0x531 - not permitted to logon from this workstation
DEC: 1329 - ERROR_INVALID_WORKSTATION (Logon failure: user not allowed to log on to this computer.)
LDAP[userWorkstations: ]
NOTE: Returns only when presented with valid username and password/credential.

Aha, that gave me a clue. So the username and password seemed to be correct. Some googeling established the problem.

The user was created but the AD admin did not allow the user to login to the machine where the AD was running.

Saturday, September 22, 2007

Pain in my hands

Sometimes I wish that there was just one language and therefore just one keyboard.


I'm working in Belgium right now and at this customer there is no possibility to use my laptop on the network. Instead they have a thin client concept based on Citrix. That is ok but working with a Belgian keyboard just makes my hands hurt.

I have switched the locale to English. But now I have to convince my eyes that there are different keys.

Also after locking the PC I mistyped my password too often (the Citrix environment was still on FR) so the helpdesk had to unlock my account.

I have not yet done Oracle related work on this machine but I cannot imagine what will happen when doing some interessting stuff with the DB or the Application Server and entering $#@%^& instead of some numbers or terminating each command with an m (that's where they've put the semicolon).

Tuesday, September 18, 2007

Differences between the standalone OHS and the AS OHS

In my previous post http://achatzia.blogspot.com/2007/09/stand-alone-oracle-http-server-vs-as.html I said that there are two separate code trees for the OHS.

Now I found at least one difference. If you have a look at the mod_oc4j.conf file you will see that the standalone version includes

LoadModule oc4j_module modules/mod_oc4j.so

while the AS version does include

LoadModule oc4j_module modules/ApacheModuleOc4j.dll


This of course is the Windows version. If somebody wants to check if such a difference exists with a Unix version I would like to hear that as well.

Friday, September 07, 2007

Stand alone Oracle HTTP Server vs AS 10.1.x OHS

I just learned the following, which I wanted to share with you.

One reason for using the 10.1.3.3 HTTP Server rather than the companion cd - Apache 2.0 - version is that no generic patchsets are ever issued for the Apache 2.0 version. It means that the MOD_OC4J component which comes with the 2.0 version always stays the same and neve
r receives any bug fixes. You can also more easily configure the base 10.1.3 HTTP Server as part of an OracleAS 10.1.3 cluster topology.

I had the idea that a stand alone OHS in the web tier (e.g. in the DMZ) would be a better setup as there are less points to attack, especially as there is a direct exposion to the Internet.
I'll try to switch to the AS 10.1.3.x version instead of the stand alone OHS to see if this solves my problem.

However I do not understand why Oracle keep different patch regimes with their software when they should share the same code base?

Thursday, September 06, 2007

11g on Oracle Enterprise Linux

I thought that using the Oracle Enterprise Linux for the 11g would be a pretty cool idea.


Actually the installation experience is not different from a normal RH ES version. I would have thought that a couple of necessary packages were already included (unixODBC, libaio, etc) but I guess that this is the age-old problem of having the OS out there for some time when the software (DB) is still in development.

It would be awesome if Oracle would come up with a intermediate release of the OEL when they bring out a new version of the DB or the AS (yes I like to daydream :-)

When installing the software no issues were detected. However when I build the Database (dbca) it seemed to hang at 45%. I retried three times (sample schemas on/off). Then I left it running while I was having lunch. And guess what: it just takes a little bit longer. So when installing 11g just bring a little bit of patience with you.

Flashback Recovery Area full

Ok, I promise I will take more time to read things like manuals and other documents when it comes to new features in the database.

Take the Flashback Recovery Area (FRA). Oracle does store archive logs in there, which is cool as it speeds up the recovery. The bad thing is that the Oracle Database behaves like a small child. When you do not look it will do strange things.

So I was busy setting up the online backup of an infrastructure database. This one is still in 10.1.x while all the others in this environment are on 10.2.x .
For the RMAN I have a catalog (also 10.2.x) so I had some problems with the versions as the 10.1.x database refused to get into the 10.2.x RMAN catalog. I thought that I have plenty of space for the archivelogs in the ASM (everything was RAC of course).

I turned my attention to some other issues (aka not watching your kid for a moment). Then during an important demo for the client a developer told me that he cannot use the OID.

Of course I checked, but the OID was running, and the database was running as well (ps -ef | grep smon) . Ok, a quick look at the alert.log showed that the database was struggeling with ORA-19815. Apparently the archive log destination was full.
I checked with the ASM which I had cleaned up a day before. Still 30% free?!?!

Metalink revealed that the FRA was full. Now Oracle has done everything to shield the FRA from direct access. This means that I had to get rid of the archivelogs in the FRA with RMAN.
However I still wanted to use the available catalog. Finally I decided to have one backup with RMAN (10.1.x) without the catalog. As the database was already in limbo I went to some drastic measures:

- shutdown abort
- startup
- shutdown immediate
- startup mount
- alter database flashback off;
- alter database open;

Then I tried to set the db_recovery_files_dest_size to a lower value in order to trigger the cleanup process.

- alter system set db_recovery_files_dest_size=1G scope=both;

I also changed the db_flashback_retention_target from 1440 minutes t 120 minutes.

- alter system set db_flashback_retention_target=120 scope=both;


Obviously this did not help because the v$recovery_file_dest still showed that I had 0 bytes of reclaimable_space and 267 files in the FRA.

So now I took the non-catalog RMAN with a deletion of the archive logs. When doing this the FRA is cleaned up as well.

So everything was working again and nobody in the demo was aware of this (the infra is just used for some specific logins that were not used).

Conclusion: Databases behave like little kids, always be aware what they are doing. Fortunately there are manuals for the Database ;-)

Wednesday, August 15, 2007

Oracle Certified Professional AS 10g

I participated in the OCP beta exam for the AS 10g.

About two years ago the beta exam for AS 10g (based on 9.0.4) was held. I did this exam without any serious preparation and succeeded. Yesterday however the exam was different.

As promised (and required by Oracle) I'm not going to give you details of the exam! Don't even try to ask :-)

The beta exam has more questions (and more time) than a normal exam. Oracle will rate you only on the questions that will make it into the real exam.

I have to admit that this time I had a lot of effort put into the preparation. I've read a lot of manuals and checked out a lot of things.

I was puzzled when I found out that the distribution of the question was somewhat skewed. Imagine that there are 16 topics in the exam, but three topics make up to 40 % of the questions.

And you feel this one coming up: these topics were not my strong point.
I'll have to wait until the autumn to find out if I have passed this one.

I'll let you know.

Friday, July 13, 2007

Authorisation failure with CRS

A while back I had the problem that my CRS information was lost.

Now I had found that when I did a crs_start of the component I received the following error:

CRS-0254 authorization failure

Some investigation showed that the problem was related to the fact that the component was not owned by the oracle user.

Using crs_getperm ora.ORCL.db showed the problem.

oracle@myhost:/opt/oracle/crs/bin>./crs_getperm ora.ORCL.db
Name: ora.ORCL.db
owner:root:rwx,pgrp:system:r-x,other::r--,

This can be solved by doing the following:

crs_setperm ora.ORCL.db -o oracle
crs_setperm ora.ORCL.db -g dba

Now it works again.

cu
Andreas

Tuesday, July 10, 2007

OC4J clusters keep old hosts information

Recently I was busy with the mod_oc4j clustering of two standalone OHS machines. As Oracle has integrated ONS into OC4J in 10.1.3.x you have to provide your own ons.conf file (just copy one from a 10.1.2.0.2 environment).

But what happend to me was strange. I added a new node (machine_C.mydomain.local) while I removed another one (machine_A.mydomain.local).

However getting the

opmnctl status @farm

still showed the machine_A in the list.

Some investigation delivered the following:


In the directory $ORACLE_HOME\opmn\logs\states two entries do exist:
.opmndat
p12345678

When you shutdown the OPMN the p* file will disappear. However the .opmndat file will remain there.

Remove it, it will be rebuild with the next opmnctl startall.

Now my machine_A.mydomain.local was gone and the machine_C showed up.

cu
Andreas

Monday, July 02, 2007

Controlfile backups

Almost everbody knows how to create backups of the controlfile.

Usually a

alter database backup controlfile to trace;

is used.

And now for the 64000$ question:

Which information is not backed up by this command?

The answer is:

THE BACKUP RECORDS!

In order to prevent the loss of this information you can better use the following command:

alter database backup controlfile to '/a_real/location/inyour/system';


Friday, June 29, 2007

Get the routing id for the OPMN

In order to get the routing ID that is used within OPMN issue the following command:

opmnctl status -app -l

Applications in Instance: as1013

application type: OC4J
-----+------------+---------+---------+----------+-------------+--------
pid | name | state | rtid | routable | appctx | parent
-----+------------+---------+---------+----------+-------------+--------
3184 | system | started | g_rt_id | true | |
3184 | default | started | g_rt_id | true |/.rmiTunnel| system
3184 | DaonEngine | started | g_rt_id | true | | default
3184 | ascontrol | stopped | g_rt_id | true | |
2852 | system | started | g_rt_id | true | |
2852 | default | started | g_rt_id | true | /.rmiTunnel | system
2852 | bc4j | started | g_rt_id | true | |
2852 | ascontrol | started | g_rt_id | true | | system

The rtid is the routing id. In the above example the routing id is the same for the complete environment.

WebCenter Wiki with 3rd party LDAP

Using a WebCenter Wiki with a 3rd party LDAP is possible but you have to make sure that the following two groups are present and populated in the LDAP:

  • users
  • oc4j-administrators
Also the group search definition must be on Nested.

The next picture shows the basic values for the 3rd party LDAP:

Thursday, June 28, 2007

Metalink statuses

Status Description
10 Description Phase
11 Code Bug (Response/Resolution)
12 To External (User Group) Review
13 Doc Bug (Response/Resolution)
14 Bug Assigned to Solution Partner
15 To Internal (Oracle) Review
16 Support bug screening
19 Approved for User Group Voting
20 To Requestor, Need More Info
21 Cost Required, To Development
22 Approved for Future Release
23 Scheduled for Future Release
30 Additional Information Requested
31 Could Not Reproduce. To Filer
32 Not a Bug. To Filer
33 Suspended, Req'd Info not Avail
35 To Filer for Review
36 Duplicate Bug. To Filer
37 To Filer for Review/Merge Required
39 Approved, waiting for codeline to open
40 Waiting for the base bug fix
43 Product/Platform Obsolete, to Filer
44 Not Feasible to fix, to Filer
45 Vendor OS Problem, to Filer
51 Support approved backport - to Dev
52 Pending approval by PL
53 Backport/Patchset Req Rejected
60 CM: Awaiting Promote
66 CM: Awaiting Deployment
70 Closed, data fix, cause - user error
71 Closed, data fix, cause - data import
72 Closed, data fix, cause - code error
73 Closed, data fix, cause - unknown
74 Closed, Verified by QA
75 Closed, code fix, not verified
80 Development to Q/A
81 Q/A to Dev/Patch or Workaround Avble
82 Q/A to Enhancement Evaluation
83 Closed, Product/Platform Obsolete
84 Closed, not feasible to fix
87 Fix verified/Merge Required
89 Tech Writer to Q/A
90 Closed, Verified by Filer
91 Closed, Could Not Reproduce
92 Closed, Not a Bug
93 Closed, Not Verified by Filer
94 Closed, Duplicate Enhancement
95 Closed, Vendor OS Problem
96 Closed, Duplicate Bug
97 Suggestion Rejected
98 Suggestion Implemented
99 Closed, Documentation Bug Fixed

OPMN log and debug configuration

Another gem I found when dealing with a problem. The following piece of code shows the configuration to modify the opmn debug level:

< xmlns="http://www.oracle.com/ias-instance">

< path="$ORACLE_HOME\opmn\logs\opmn.log" comp="internal;ons;pm" size="1500000">

< path="$ORACLE_HOME\opmn\logs\opmn.dbg" comp="internal;ons;pm" size="1500000">

...

< /opmn >


Now I need to find out which components exist besides internal, ons and pm.

Monday, June 25, 2007

I had run the chgiphost.bat on a Windows AS 10.1.3.0.0. The reason for this was the fact that the Windows machine was created from a Ghost image.
But after the script has been run successfully I saw that the hostname was still the same in the Application Server Control.

So I created a SR with Support. And today I received a very good answer. Normally Support gives you a statement that it does not work and that's that. But see for yourself what this friendly analyst did say:

The dcmctl setInstanceName is available from 9.0.4 onwards. This will change the instance name in the DCM Repository.
After this you may have to change the targets.xml file with the new instance name. Please note that the above command is not supported as this is not documented."


Ok, very good!
I will make sure that this guy gets an excellent review.

However there is now cmctl in 10.1.3.0.0 and also no targets.xml :-(

But actually the idea was clear to me.

I went to have a look at the opmn.xml file.

When I changed
< id="as1013.OLDHOSTNAME.mymachine.local" name="as1013.OLDHOSTNAME.mymachine.local">

to

< id="as1013.NEWHOSTNAME.mymachine.local" name="as1013.NEWHOSTNAME.mymachine.local">

everything worked as I expected it to do.


Scripts for RAC backup

Just want to store them here for myself, but if others use them - well feel free (and drop me a note).

The script for the Cluster Registry

#!/bin/ksh

# Author: Andreas Chatziantoniou, Accenture Technology Solutions
# Date : 25-JUN-2007
#
# Purpose:
# Create a backup of the Oracle Cluster Registry regularly
#
# Usage:
# ./backup_oracle_crs.sh
#
# This script should be used from the cron in regular intervals
#
# Results:
# The backupfile of the Oracle Cluster Registry will be created in the /tmp
# directory. The filename will contain the hostname and the time that
# the backup was created.

OCRBCK=/tmp/ocrbackup.`hostname`.`date +"%Y%m%d%H%M"`
/opt/oracle/crs/bin/ocrconfig -export $OCRBCK

And here is the script for the Voting Disk
#!/bin/ksh

# Author: Andreas Chatziantoniou, Accenture Technology Solutions
# Date : 25-JUN-2007
#
# Purpose:
# Create a backup of the Oracle Voting Disk regularly
#
# Usage:
# ./backup_oracle_voting_disk.sh
#
# This script should be used from the cron in regular intervals
#
# Results:
# The backupfile of the Oracle Voting Disk will be created in the /tmp
# directory. The filename will contain the hostname and the time that the
# backup was created.
#
# TODO:
# If you have more than one voting disk make sure that each is copied.

OVDBCK=/tmp/ovdbackup.`hostname`.`date +"%Y%m%d%H%M"`
dd if=/dev/rhdiskpower2 of=$OVDBCK

Tuesday, June 19, 2007

CRS information was lost

Due to a crash a part of the CRS information was lost. Until now I have not found out how this could happen in the first place.
The effects were strange. The instances would not start and there was no indication of an error in the alert_log.

Doing some research in the CRS revealed that the ora.ORCL.db was gone while the ora.ORACL.oracl1.inst was still there.

Creating a new file in the CRS profiles and using crs_register did do the trick.

Such a file should look like this:

NAME=ora.ORCL.db
TYPE=application
ACTION_SCRIPT=/opt/oracle/crs/bin/racgwrap
PLACEMENT=balanced
CHECK_INTERVAL=600
RESTART_ATTEMPTS=1
FAILOVER_DELAY=0
FAILURE_INTERVAL=60
FAILURE_THRESHOLD=1
AUTO_START=1
SCRIPT_TIMEOUT=600
ACTIVE_PLACEMENT=0
OPTIONAL_RESOURCES=
REQUIRED_RESOURCES=
RESTART_ATTEMPTS=1
STOP_TIMEOUT=0
UPTIME_THRESHOLD=7d
HOSTING_MEMBERS=
USR_ORA_ALERT_NAME=
USR_ORA_CHECK_TIMEOUT=0
USR_ORA_CONNECT_STR=/ as sysdba
USR_ORA_DEBUG=0
USR_ORA_DISCONNECT=false
USR_ORA_FLAGS=
USR_ORA_IF=
USR_ORA_INST_NOT_SHUTDOWN=
USR_ORA_LANG=
USR_ORA_NETMASK=
USR_ORA_OPEN_MODE=
USR_ORA_OPI=false
USR_ORA_PFILE=
USR_ORA_PRECONNECT=none
USR_ORA_SRV=
USR_ORA_START_TIMEOUT=0
USR_ORA_STOP_MODE=immediate
USR_ORA_STOP_TIMEOUT=0
USR_ORA_VIP=

Thursday, June 14, 2007

Adding users to the system-jazn-data.xml

In another posting I described how to edit the system-jazn-data.xml in order to create a user.

To my astonishment there seems to be a possibility to create these users using the Application Server Control.

Here are the steps:

In the ASC cluster topology click on the OC4J that contains the javasso.

Click on Applications

Select javasso

Click on the module javasso-web

Click on Security provider

Select Realms

In the realm jazn.com click on the number in the users column.

In this screen you can create users!

Adding the license for the Oracle Webcenter Discussions

It is obvious again that new products that Oracle offers are not always that integrated.

Take for example the Oracle Webcenter Discussions. Although it is from Jives it seems to be fully licensed with the Webcenter.

However the license needs to be provided before the setup can be completed.

Luckily the license is stored in the file jive.license - so just copy and paste it into the webpage.

Thursday, June 07, 2007

Add a user to the JavaSSO

In AS 10.1.3.x Oracle came up with the JavaSSO. Seems to be (from a high level perspective) a poor man's version of the SSO from the AS 10.1.2.x.

Having said this it strikes me how little documentation is available for this feature.

But we're explorers, aren't we?

JavaSSO is based on a file based security provider. The two main files are:
- jazn.xml
- system-jazn-data.xml

Both exist in the $OH/j2ee/ directory. This means that if you have more than one OC4J instance you need to edit both.

The most basic task is to add a user. You can - of course try to do this by editing the xml files, but luckily Oracle provides the jazn.jar tool.

Make sure that you use the correct java executable and start it:

java -jar jazn.jar -adduser jazn.com andreas welcome1

You will be asked for the AbstractLoginModule username (oc4jadmin) and its password.

Now we have a user but usually this has to be added to a role before it can do something useful:

java -jar jazn.jar -grantrole users jazn.com andreas

Now the user is added and we will prevent the ugly errors - such as:



Wednesday, June 06, 2007

Application Server Control just gets better

Deployment of an ear file with the Application Server Control usually required to have the ear file on your local host.
Very often this is not the case as your Application Server machine will be humming in the Data Center while you sit comfortable behind your PC or laptop.

But I just found out that the ASC offers a new functionality: specify the location on the host where the ASC is running.

The following screen shot shows this - while I was deploying the Wiki of the Oracle WebCenter:



It even gets better - during the deployment instead of the small clock the messages are displayed:

Thursday, May 31, 2007

Repair (remove) the OID security provider from the AS 10.1.3.1

Trying to fix the problems I encountered earlier I found out that the removal of the OID security provider is performed by the following steps.

During the setup where OID is created as a security provider the ssoreg.sh is run on the OID layer. Remove this with the web-based ORASSO (http://host:port/pls/orasso).

But the second step involved the usage of the new osso_newsite.conf file. This is done with the $ORACLE_AS10131_HOME/Apache/Apache/bin/osso1013 . Just comment out the entries in the httpd.conf and the mod_osso.conf, create a new empty_osso.conf in $OH/Apache/Apache/conf/osso/ and rerun the osso1013.

This did the trick for me.

cu
Andreas

Setting security providers

This seems to be a very difficult task.

Here is my setup on a VMWare instance (RH 4.3):

AS 10.1.2.0.2 Infrastructure with OID
AS 10.1.3.1 SOA Suite
AS 10.1.3.2 Webcenter

Now I want to use the OID as the security provider for the SOA Suite.

First I register the SOA Suite as a "remote_midtier" in the SSO.
Then I go to the AS Control of the SOA Suite and configure the Identity Management for the two OC4J's - home and oc4j_soa.

This does only work for the OC4J called home. The OC4J oc4j_soa does not get changed.

Then after some restarts the whole system decides to just stop with using any of the two security providers (file-based JAZN and OID). Therefore I cannot login to the AS Control.

After several attempts to fix this I parked this problem. This will probably be a reinstall :-(

Any ideas are welcome.

cu
Andreas

Friday, May 25, 2007

How VIP's are used

Thanks to my friend Robert I now grasped the concept of the VIP in RAC environments.

VIP's were created in order to speed up the process of letting the client know that the server died. Imagine that the server crashed without any possibility to inform the client. The client will then initiate a request and has to wait for the TCP timeout. That can easily be 120 seconds.
The client should therefore use the VIP in the tnsnames.ora. Performing a request now will immediately give a response.

The client can then initiate its TAF faster.

Thursday, May 24, 2007

Location of ssh and scp

During the last post I mentioned that we needed rsh in order to fallback as the ssh apparently didn't work.

Now when the database should be build with the dbca an error was thrown, stating that the user oracle had no user equivalence on its own node.

Searching Metalink revealed that the dbca was looking for ssh in /usr/local/bin/ssh .
However, ssh on AIX is located at /usr/bin/ssh .

Created a softlink solved this problem.

This could also be the explanation for the problems I had earlier. When setting up the user equivalance with ssh you use the commandline. As /usr/bin is in the path before /usr/local/bin from the commandline the ssh works just fine. When this is hardcoded in the Universal Insstaller or the dbca you could get these problems.

BTW: it seems that this is solved in 10.2.x

cu
Andreas

Wednesday, May 23, 2007

RAC installation - nodename unreachable

Installing RAC does always have some nice surprises.

For example the following:



Although CRS and cluvrfy did not pose big problems (from what I've heard - didn't do it myself) the node could not be found.

SSH works - of course.

After some trying the decision was made to open RSH on both nodes.

Voila. It works.

This was on an AIX 5.3 . So this might be of some help for you out there.

cu
Andreas

OC4J logging

A little gem I found in the Oracle Metalink Notes:

Steps to enable OC4J logging:

a- Each OC4J instance has a separate logging configuration file:
$ORACLE_HOME/10.1.3/j2ee/< appname >/config/j2ee-logging.xml

b- By default the log level is set to something like:
< logger name='oracle' level='NOTIFICATION:1‘ ... >

c- You can set level to the desired value as using following syntax:
< message type="" >:< message level="" >
Message type: INTERNAL_ERROR, ERROR, WARNING, NOTIFICATION & TRACE
Message level: 1-32 (1 most severe, 32 least)

d- Each OC4J instance has file:
$ORACLE_HOME/10.1.3/j2ee/< appname >/application-deployments/< appname >/orion-application.xml

Which contains tag like: < log > < file path="..." > < /file > to specify the log file name.

e- Each OC4J has its own log file in the following path:

- Plain Text Log:
$LOG_HOME/ora/10.1.3/j2ee/< appname >/< appname >_< default_group_1 >/application.log

- ODL Log:
$LOG_HOME/ora/10.1.3/j2ee/< appname >/< appname >_< default_group_1 >/log.xml

Wednesday, May 16, 2007

Ever wondered why rman does not return with a prompt?

Oracle's RMAN should come back with a prompt or at least the welcome banner when it is started. So I was pretty amazed when I found out that all attempts to start rman on a Suse system did result in - - - nothing at all :-(

Of course the first thing I tried was a different login, different database, etc.

Then I thought - as I had similar problems on this machine that there might be a problem with a path. However I was 110 % sure that the oraenv did its job.

which rman revealed:

/usr/X11R6/bin/rman

which seems to be RosettaMan, a system to reformat man pages. I didn't know that RMAN was capable of doing this, too ;-)

Tuesday, May 15, 2007

Using OID with the SOA Suite

This is an error I made and I thought sharing this will prevent other from searching in the wrong direction (as I did).

When installing the SOA Suite you might want to integrate this with the OID. However there is a small problem when during the setup of the SOA Suite two OC4J's are created.
You will have oc4j_home and oc4j_soa for example.
When you integrate the OID into the SOA Suite you will need to manipulate the jazn.jar file in the oc4j configuration directory.
As you have two oc4j's you need to copy the jazn.xml to the respective directories - otherwise you will get to the SSO page but will never be able to log in.

jazn.jar does not work with the non-Oracle Java

I recently tried to set some security setting for a group in the OID with the famous jazn.jar .
To my surprise everytime - even after reading the documentation ;-) it failed.
This problem was solved by using the Java version that Oracle supplies.
So just set $ORACLE_HOME/jdk/bin/java early in your path and you could use jazn.jar!

Virtual really means virtual

After a while I bumped into RAC again. And as this has bugged me before I again made the mistake to believe that during the setup I have to create some networks for the virtual IP.

Well - don't. Virtual just means virtual. They do not exist. Still need to find out how they are used then.

Wednesday, February 21, 2007

How sweet it is..

Prejudice, one of the worst things in real life, and of course the same applies to the IT world.

So after a lot of years in which I almost exclusively worked with RedHat I'm back at SuSe, SLES9 to be specific.

Ok, installing Oracle is something I do every day but when I found out that there is no such thing as /etc/sysctl.conf in SuSe I thought "Yes, this is the reason for not using this flavour." .

But then I found the orarun.rpm (http://ftp.novell.com/partners/oracle/sles-9/); installed it, ran it - and voila: everything was set.

So today's lesson will be: Just the facts - prejudice will trouble your mind.

Tuesday, February 20, 2007

Setting up SLES 9 in VMWare

I had encountered this problem earlier and as so often didn't took notes. Serves me right when the same problem showed up again. Now I try to use this blog as a kind of virtual notebook. Wonder how many of you do this as well?

When you want to setup SLES in a VMWare environment you might end up with a four-way split screen of the installation process. As you can imagine this does not offer a very readable output.

In order to get rid of this just set the following setting during the installation.

When prompted for the installation or boot method select "Manual" and type

x11i=fbdev

in the boot options text area at the lower end of the screen.
Problem solved - and on to new adventures with SLES :-)

Friday, February 02, 2007

When basic operations fail

I wonder how often this happens to other people?

You use a certain command every other day, then forget it for a while and then - when using it again those commands play dirty tricks on you. Kind of a revenge for a lack of TLC?

Happened to me today. I was playing with my VMWare machines and was tired of starting all Oracle components by hand. Of course the only viable solution is a script.

So writing one was done in about a minute.

Here it is:

export ORAENV_ASK=no
export ORACLE_SID=soadb
. oraenv
lsnrctl start
sqlplus <<>
connect / as sysdba
startup
EOF
emctl start dbconsole
export ORACLE_SID=soasuite
. oraenv
opmnctl startall


Starting my script and turning away to read some other blogs I returned after five minutes hoping that everything was up and running.
No. My script waited with

ORACLE_SID = [soadb] ?


Took me another five minutes to find the solution.
Apparently ORAENV_ASK will work perfectly with a capital NO but not with a lowercase no.

So I invite you all to tell me how stupid I was and how often these little annoying things happen to you.

Tuesday, January 30, 2007

Problems when installing SOASuite 10.1.3.1.0

I bumped into a problem with the installation of the SOASuite 10.1.3.1.0 today.

The problems arise when the initial run of the Universal Installer choked on the OPMN config assistant. Actually this assistant just stops, reloads and starts the opmn. Big deal - unless your system is slow. The opmnctl will hit a timeout.

So far - so good. Just quit the installer, cleaned up a little bit and tried to rerun the configToolsCommands. The opmn ran without a glitch.

Now the problems started.

There is just one assistant left - the Oracle WebServices Inspection Language CA.
But this crashed immediately with the following errors:



Exception in thread "main" java.lang.NoClassDefFoundError: org.apache.tools.ant.launch.Launcher
at gnu.gcj.runtime.FirstThread.run() (/usr/lib/libgcj.so.5.0.0)
at _Jv_ThreadRun(java.lang.Thread) (/usr/lib/libgcj.so.5.0.0)
at _Jv_RunMain(java.lang.Class, byte const, int, byte const, boolean) (/usr/lib/libgcj.so.5.0.0)
at __gcj_personality_v0 (/home/oracle/product/soasuite1013/cfgtoollogs/java.version=1.4.2)
at __libc_start_main (/lib/tls/libc-2.3.4.so)
at _Jv_RegisterClasses (/home/oracle/product/soasuite1013/cfgtoollogs/java.version=1.4.2)

I thought of the problem I experienced earlier: if there is a /etc/ant.conf on your system ant will fail. Checked - but no ant.conf so the problem must be something else.

After some googling I found out that this problem is usually caused by a JAVA_HOME that is set incorrectly.

Changing the JAVA_HOME to the $ORACLE_HOME/jdk/ the rerun succeeded.
Seems that the Universal Installer sets the JAVA_HOME to the correct location, but the configToolsCommands will not inherit these settings.

I will log an SR with support - let's see what they think about this.

Keep track of your virtual machines

I use VMWare a lot. So I end up with a lot of virtual machines on my 500GB external hard disk (the old one with 250 GB was full).

Normally I gave the VM instances self-descripting names like rh3_as10infra which is fine for me as I know what's on them.

However I'm just preparing an VM instance that will be distributed to other people that need to have an Oracle playground without the hassle of installing it themselves.

So I found out (with some help from a colleague) that in the notes section of the VMWare Server you can just add some valuable information. Have a look at this example:



















This will enable those people to get their machines up and running without asking me a lot of questions.