Andreas' Adventures

I participated in the OCP beta exam for the AS 10g. About two years ago the beta exam for AS 10g (based on 9.0.4) was held. I did this exam without any serious preparation and succeeded. Yesterday however the exam was different. As promised (and required by Oracle) I'm not going to give you details of the exam! Don't even try to ask :-) The beta exam has more questions (and more time) than a normal exam. Oracle will rate you only on the questions that will make it into the real exam. I have to admit that this time I had a lot of effort put into the preparation. I've read a lot of manuals and checked out a lot of things. I was puzzled when I found out that the distribution of the question was somewhat skewed. Imagine that there are 16 topics in the exam, but three topics make up to 40 % of the questions. And you feel this one coming up: these topics were not my strong point. I'll have to wait until the autumn to find out if I have passed this one. I'll let you know.

A while back I had the problem that my CRS information was lost . Now I had found that when I did a crs_start of the component I received the following error: CRS-0254 authorization failure Some investigation showed that the problem was related to the fact that the component was not owned by the oracle user. Using crs_getperm ora.ORCL.db showed the problem. oracle@myhost:/opt/oracle/crs/bin>./crs_getperm ora.ORCL.db Name: ora.ORCL.db owner:root:rwx,pgrp:system:r-x,other::r--, This can be solved by doing the following: crs_setperm ora.ORCL.db -o oracle crs_setperm ora.ORCL.db -g dba Now it works again. cu Andreas

Recently I was busy with the mod_oc4j clustering of two standalone OHS machines. As Oracle has integrated ONS into OC4J in 10.1.3.x you have to provide your own ons.conf file (just copy one from a 10.1.2.0.2 environment). But what happend to me was strange. I added a new node (machine_C.mydomain.local) while I removed another one (machine_A.mydomain.local). However getting the opmnctl status @farm still showed the machine_A in the list. Some investigation delivered the following: In the directory $ORACLE_HOME\opmn\logs\states two entries do exist: .opmndat p12345678 When you shutdown the OPMN the p* file will disappear. However the .opmndat file will remain there. Remove it, it will be rebuild with the next opmnctl startall. Now my machine_A.mydomain.local was gone and the machine_C showed up. cu Andreas

Almost everbody knows how to create backups of the controlfile. Usually a alter database backup controlfile to trace; is used . And now for the 64000$ question: Which information is not backed up by this command? The answer is: THE BACKUP RECORDS! In order to prevent the loss of this information you can better use the following command: alter database backup controlfile to '/a_real/location/inyour/system';

In order to get the routing ID that is used within OPMN issue the following command: opmnctl status -app -l Applications in Instance: as1013 application type: OC4J -----+------------+---------+---------+----------+-------------+-------- pid | name | state | rtid | routable | appctx | parent -----+------------+---------+---------+----------+-------------+-------- 3184 | system | started | g_rt_id | true | | 3184 | default | started | g_rt_id | true |/.rmiTunnel| system 3184 | DaonEngine | started | g_rt_id | true | | default 3184 | ascontrol | stopped | g_rt_id | true | | 2852 | system | started | g_rt_id | true | | 2852 | default | started | g_rt_id | true | /.rmiTunnel | system 2852 | bc4j | started | g_rt_id | true | ...

Using a WebCenter Wiki with a 3rd party LDAP is possible but you have to make sure that the following two groups are present and populated in the LDAP: users oc4j-administrators Also the group search definition must be on Nested. The next picture shows the basic values for the 3rd party LDAP:

Status Description 10 Description Phase 11 Code Bug (Response/Resolution) 12 To External (User Group) Review 13 Doc Bug (Response/Resolution) 14 Bug Assigned to Solution Partner 15 To Internal (Oracle) Review 16 Support bug screening 19 Approved for User Group Voting 20 To Requestor, Need More Info 21 Cost Required, To Development 22 Approved for Future Release 23 Scheduled for Future Release 30 Additional Information Requested 31 Could Not Reproduce. To Filer 32 Not a Bug. To Filer 33 Suspended, Req'd Info not Avail 35 To Filer for Review 36 Duplicate Bug. To Filer 37 To Filer for Review/Merge Required 39 Approved, waiting for codeline to open 40 Waiting for the base bug fix 43 Product/Platform Obsolete, to Filer ...

Another gem I found when dealing with a problem. The following piece of code shows the configuration to modify the opmn debug level: ... Now I need to find out which components exist besides internal, ons and pm.

I had run the chgiphost.bat on a Windows AS 10.1.3.0.0. The reason for this was the fact that the Windows machine was created from a Ghost image. But after the script has been run successfully I saw that the hostname was still the same in the Application Server Control. So I created a SR with Support. And today I received a very good answer. Normally Support gives you a statement that it does not work and that's that. But see for yourself what this friendly analyst did say: The dcmctl setInstanceName is available from 9.0.4 onwards. This will change the instance name in the DCM Repository. After this you may have to change the targets.xml file with the new instance name. Please note that the above command is not supported as this is not documented." Ok, very good! I will make sure that this guy gets an excellent review. However there is now cmctl in 10.1.3.0.0 and also no targets.xml :-( But actually the idea was clear to me. I went to have a look at the opmn.xml file. When I...

Just want to store them here for myself, but if others use them - well feel free (and drop me a note). The script for the Cluster Registry #!/bin/ksh # Author: Andreas Chatziantoniou, Accenture Technology Solutions # Date : 25-JUN-2007 # # Purpose: # Create a backup of the Oracle Cluster Registry regularly # # Usage: # ./backup_oracle_crs.sh # # This script should be used from the cron in regular intervals # # Results: # The backupfile of the Oracle Cluster Registry will be created in the /tmp # directory. The filename will contain the hostname and the time that # the backup was created. OCRBCK=/tmp/ocrbackup.`hostname`.`date +"%Y%m%d%H%M"` /opt/oracle/crs/bin/ocrconfig -export $OCRBCK And here is the script for the Voting Disk #!/bin/ksh # Author: Andreas Chatziantoniou, Accenture Technology Solutions # Date : 25-JUN-2007 # # Purpose: # Create a backup of the Oracle Voting Disk regularly # # Usage: # ./backup_oracle_voting_disk.sh # # This script should be used from the cr...

Due to a crash a part of the CRS information was lost. Until now I have not found out how this could happen in the first place. The effects were strange. The instances would not start and there was no indication of an error in the alert_log. Doing some research in the CRS revealed that the ora.ORCL.db was gone while the ora.ORACL.oracl1.inst was still there. Creating a new file in the CRS profiles and using crs_register did do the trick. Such a file should look like this: NAME=ora.ORCL.db TYPE=application ACTION_SCRIPT=/opt/oracle/crs/bin/racgwrap PLACEMENT=balanced CHECK_INTERVAL=600 RESTART_ATTEMPTS=1 FAILOVER_DELAY=0 FAILURE_INTERVAL=60 FAILURE_THRESHOLD=1 AUTO_START=1 SCRIPT_TIMEOUT=600 ACTIVE_PLACEMENT=0 OPTIONAL_RESOURCES= REQUIRED_RESOURCES= RESTART_ATTEMPTS=1 STOP_TIMEOUT=0 UPTIME_THRESHOLD=7d HOSTING_MEMBERS= USR_ORA_ALERT_NAME= USR_ORA_CHECK_TIMEOUT=0 USR_ORA_CONNECT_STR=/ as sysdba USR_ORA_DEBUG=0 USR_ORA_DISCONNECT=false USR_ORA_FLAGS= USR_ORA_IF= USR_ORA_INST_NOT_SHUTDOWN=...

In another posting I described how to edit the system-jazn-data.xml in order to create a user. To my astonishment there seems to be a possibility to create these users using the Application Server Control. Here are the steps: In the ASC cluster topology click on the OC4J that contains the javasso. Click on Applications Select javasso Click on the module javasso-web Click on Security provider Select Realms In the realm jazn.com click on the number in the users column. In this screen you can create users!

It is obvious again that new products that Oracle offers are not always that integrated. Take for example the Oracle Webcenter Discussions. Although it is from Jives it seems to be fully licensed with the Webcenter. However the license needs to be provided before the setup can be completed. Luckily the license is stored in the file jive.license - so just copy and paste it into the webpage.

In AS 10.1.3.x Oracle came up with the JavaSSO. Seems to be (from a high level perspective) a poor man's version of the SSO from the AS 10.1.2.x. Having said this it strikes me how little documentation is available for this feature. But we're explorers, aren't we? JavaSSO is based on a file based security provider. The two main files are: - jazn.xml - system-jazn-data.xml Both exist in the $OH/j2ee/ directory. This means that if you have more than one OC4J instance you need to edit both. The most basic task is to add a user. You can - of course try to do this by editing the xml files, but luckily Oracle provides the jazn.jar tool. Make sure that you use the correct java executable and start it: java -jar jazn.jar -adduser jazn.com andreas welcome1 You will be asked for the AbstractLoginModule username (oc4jadmin) and its password. Now we have a user but usually this has to be added to a role before it can do something useful: java -jar jazn.jar -grantrole users jazn.com an...

Deployment of an ear file with the Application Server Control usually required to have the ear file on your local host. Very often this is not the case as your Application Server machine will be humming in the Data Center while you sit comfortable behind your PC or laptop. But I just found out that the ASC offers a new functionality: specify the location on the host where the ASC is running. The following screen shot shows this - while I was deploying the Wiki of the Oracle WebCenter: It even gets better - during the deployment instead of the small clock the messages are displayed:

Trying to fix the problems I encountered earlier I found out that the removal of the OID security provider is performed by the following steps. During the setup where OID is created as a security provider the ssoreg.sh is run on the OID layer. Remove this with the web-based ORASSO (http://host:port/pls/orasso). But the second step involved the usage of the new osso_newsite.conf file. This is done with the $ORACLE_AS10131_HOME/Apache/Apache/bin/osso1013 . Just comment out the entries in the httpd.conf and the mod_osso.conf, create a new empty_osso.conf in $OH/Apache/Apache/conf/osso/ and rerun the osso1013. This did the trick for me. cu Andreas

This seems to be a very difficult task. Here is my setup on a VMWare instance (RH 4.3): AS 10.1.2.0.2 Infrastructure with OID AS 10.1.3.1 SOA Suite AS 10.1.3.2 Webcenter Now I want to use the OID as the security provider for the SOA Suite. First I register the SOA Suite as a "remote_midtier" in the SSO. Then I go to the AS Control of the SOA Suite and configure the Identity Management for the two OC4J's - home and oc4j_soa. This does only work for the OC4J called home. The OC4J oc4j_soa does not get changed. Then after some restarts the whole system decides to just stop with using any of the two security providers (file-based JAZN and OID). Therefore I cannot login to the AS Control. After several attempts to fix this I parked this problem. This will probably be a reinstall :-( Any ideas are welcome. cu Andreas

Thanks to my friend Robert I now grasped the concept of the VIP in RAC environments. VIP's were created in order to speed up the process of letting the client know that the server died. Imagine that the server crashed without any possibility to inform the client. The client will then initiate a request and has to wait for the TCP timeout. That can easily be 120 seconds. The client should therefore use the VIP in the tnsnames.ora. Performing a request now will immediately give a response. The client can then initiate its TAF faster.

During the last post I mentioned that we needed rsh in order to fallback as the ssh apparently didn't work. Now when the database should be build with the dbca an error was thrown, stating that the user oracle had no user equivalence on its own node. Searching Metalink revealed that the dbca was looking for ssh in /usr/local/bin/ssh . However, ssh on AIX is located at /usr/bin/ssh . Created a softlink solved this problem. This could also be the explanation for the problems I had earlier. When setting up the user equivalance with ssh you use the commandline. As /usr/bin is in the path before /usr/local/bin from the commandline the ssh works just fine. When this is hardcoded in the Universal Insstaller or the dbca you could get these problems. BTW: it seems that this is solved in 10.2.x cu Andreas

Installing RAC does always have some nice surprises. For example the following: Although CRS and cluvrfy did not pose big problems (from what I've heard - didn't do it myself) the node could not be found. SSH works - of course. After some trying the decision was made to open RSH on both nodes. Voila. It works. This was on an AIX 5.3 . So this might be of some help for you out there. cu Andreas