Friday, January 09, 2015

Je suis Charlie

Je suis Charlie

Bien sûr, moi aussi, je suis Charlie, moi.

Friday, November 21, 2014

Dumb... no module named dom during startWeblogic.sh

ImportError: no module named dom

This error suddenly appeared in two OAM 11.1.2.2.2 environments, during startup of the stack, more specifically, weblogic startup (startWeblogic.sh).
The complete stack is:
$DOMAIN_HOME/startWebLogic.sh CLASSPATH=/oracle/middleware/patch_wls1036/profiles/default/sys_manifest_classpath/weblogic_patch.jar:/oracle/middleware/jdk1.7.0_45/lib/tools.jar:/oracle/middleware/wlserver_10.3/server/lib/weblogic_sp.jar:/oracle/middleware/wlserver_10.3/server/lib/weblogic.jar:/oracle/middleware/modules/features/weblogic.server.modules_10.3.6.0.jar:/oracle/middleware/wlserver_10.3/server/lib/webservices.jar:/oracle/middleware/modules/org.apache.ant_1.7.1/lib/ant-all.jar:/oracle/middleware/modules/net.sf.antcontrib_1.1.0.0_1-0b2/lib/ant-contrib.jar::/oracle/middleware/oracle_common/modules/oracle.jrf_11.1.1/jrf-wlstman.jar:/oracle/middleware/oracle_common/common/wlst/lib/adfscripting.jar:/oracle/middleware/oracle_common/common/wlst/lib/adf-share-mbeans-wlst.jar:/oracle/middleware/oracle_common/common/wlst/lib/mdswlst.jar:/oracle/middleware/oracle_common/common/wlst/resources/auditwlst.jar:/oracle/middleware/oracle_common/common/wlst/resources/igfwlsthelp.jar:/oracle/middleware/oracle_common/common/wlst/resources/jps-wlst.jar:/oracle/middleware/oracle_common/common/wlst/resources/jps-wls-trustprovider.jar:/oracle/middleware/oracle_common/common/wlst/resources/jrf-wlst.jar:/oracle/middleware/oracle_common/common/wlst/resources/oamap_help.jar:/oracle/middleware/oracle_common/common/wlst/resources/oamAuthnProvider.jar:/oracle/middleware/oracle_common/common/wlst/resources/ossoiap_help.jar:/oracle/middleware/oracle_common/common/wlst/resources/ossoiap.jar:/oracle/middleware/oracle_common/common/wlst/resources/ovdwlsthelp.jar:/oracle/middleware/oracle_common/common/wlst/resources/sslconfigwlst.jar:/oracle/middleware/oracle_common/common/wlst/resources/wsm-wlst.jar:/oracle/middleware/utils/config/10.3/config-launch.jar::/oracle/middleware/wlserver_10.3/common/derby/lib/derbynet.jar:/oracle/middleware/wlserver_10.3/common/derby/lib/derbyclient.jar:/oracle/middleware/wlserver_10.3/common/derby/lib/derbytools.jar:: Initializing WebLogic Scripting Tool (WLST) ... Welcome to WebLogic Server Administration Scripting Shell Type help() for help on available commands Problem invoking WLST - Traceback (innermost last): File "/oracle/middleware/Oracle_IDM1/common/tools/configureSecurityStore.py", line 10, in ? ImportError: no module named dom Need to do the security configuration first!

The fix

Not sure what causes it; my first impression was that too many files, or a certain type of file upset jython, as the script finished without a glitch when called in another directory.
Also, tarring, and subsequent cleaning of the directory where the script is executed (that is: started from) seemed to help. So, if you're in this situation, and switching directories cures the problem, clean out the directory you use when calling the script.

XML?

Later, a collegue of mine narrowed it down to the existance of an XML subdirectory. Renaming that cured the problem, too.

Hope this helps someone.
Oh - and "dom" means dumb in Dutch - hence the title. And the cause for this error, of course...

Friday, September 26, 2014

Latest OAM certified against EBS

OAM 11.1.2.2 certified EBS

This blog entry shows OAM 11G Rel 2 PS2 (a.k.a. 11.1.2.2.0) is certified against the Oracle e-Business suite 11 and 12 as of February 2014. Just in case you missed it, like me.

Oracle e-business and SSO using OAM

The blog entry also references a series of articles on how to do e-Business Suite SSO using OAM.

Wednesday, September 24, 2014

Private Storage

Just a little project

I just happened to be upgrading my workstation, and was left with some spare parts. I had some memory modules, an old P5 motherboard, and several AT-style enclosures.
Also, I noticed my trusty Synology Diskstation began needing some larger disks. Or maybe it was time to replace it all together? Keeping up indexing my music and photos seems to become quite a daunting task, judging by the CPU load.

Xpenology!

It was while considering alternatives for my Synology, that I stumbled across xpenology. And, as I had the above mentioned spares, I decided to give it a try.
Log story short: I succeeded in creating an so-called "Synology XS3612xs" on a P5B, 4GB Ram, and an old 300GB Harddisk. Performance was awesome!
Unfortunalety, my P5B gave up on the battery; it kept forgetting it's BIOS settings. Replacing it did not help, so something else must have been broken. Besides, based on the blogs BYON, DIY-NAS and BBG Zuinige Server (Energy Efficient Server), I already kind of decided for a build which should be energy efficient. After all, the NAS is powered on almost 24/7.

My hardware selection

Motherboard: It should have many SATA connectors, silent, and have a Mini ATX format.
Based on Build Your Own NAS, I choose the Asus E2KM1I-DeLuxe; a complete, fanless mobo with an AMD-E2-2000 CPU, and 6 SATA6 interfaces. It can hold up to 16GB of memory in 2 slots; I used 2 of the 4 sticks I had left, totaling 8GB.
The real Synology DS3612xs gets delivered with 2GB, with an optional 4GB extra, so 8GB should be plenty. That set me back €129 - and I reused some left-overs
Case: A Fractal Design Node 304, a stylish black case with room to spare. One large, slow rotating fan. No Power Supply. Style comes with a price tag: €68
Power Supply: I opted for a Pico picoPSU-80, also because another space was a brick style PSU like used for laptops. These are quite efficient (at least the have better efficiency than an average ATX-style case with built-in PSU). Power set me back another €38
DisksI opted for 2 WB Red 3TB drives, to start with. The 304 allows 6 drives to be mounted, and that would -with current storage technology- give me a total gross storage of 30TB. Five drives (no more SATA interfaces) of 6TB each.
Using the Hybrid RAID technology, that would add up to 24TB net storage!
The drives set me back another €210.

Install

After installing the lot, the system would not boot up. I found out I needed a Pico P4 converter cable, which was clearly stated in the mobo manual - you need to power the 4 pin molex connector, or else the system will not start. Oh well, who reads manuals?

After that, it was time to get DSM installed. Boring. Just follow the instructions (create a boot USB, dowmload and install Synology Assistant and DSM image off the Synology site), and create a volume.

Performance

Here are some results, I used CrystalDiskMark under Windows (V7, Professional, 64 bit), as it seems an accepted tool for disk benchmarks.
Here is a test using a mapped drive (Z:)
I only have a 1Gbps connection between my workstation and the storage cabinet, with a 1Gbps router in the middle, so obviously I cannot transfer more than 1Gbps, or 100MB/sec, which seems pretty much the case, here.
The network seems to be the bottleneck, not the NAS!

For comparison, same test run against a locally attached 300GB SATA2 disk running 1,5Gbps:
It seems this disk is mis aligned. Not the point; the point is that this DIY NAS outperforms locally attached store, in my case. One more test, with large files (1GB, in stead of 100MB):

Conclusion

Starting off with scrap basically, you can build a performance NAS that will allow you to store your photos, videos and music, as well as act a iSCSI target for your Oracle experiments.
I decided to take it one step further, and spend a whopping €238 (yes, the molex adapter cable came at another €3-something) for a machine that goes for €2200. Storage is up to you, in my configuration (Hybrid RAID, 2 disks of 3TB each, net capacity 2.7TB) it added another €210.
The mentioned price for the DS3612xs is without storage, too. Of course it has other features, like dual ports, links aggregation, etc.

Monday, April 07, 2014

HTTP-404 on /oamconsole

WeblogicHost versus WeblogicCluster

Despite the fact, the oamconsole can not be clustered, it has to be "clustered". If you ever find yourself in a scenario, where your configure a webgate in front of your OAM Console, make sure you configure it like
############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM Console <Location /oamconsole> SetHandler weblogic-handler WebLogicCluster oamhost1.home.local:7001, oamhost2.home.local:7001 </Location>
This looks wrong, as -when you actually are running the OAM console on oamhost1- you simply cannot navigate to oamhost2.home.local:7001/oamconsole. You *can* navigate to oamhost1.home.local:7001/oamconsole.
As you manually have to reconfigure the adminserver in case of disaster, you may consider putting this in your configuration:
############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM Console <Location /oamconsole> SetHandler weblogic-handler WebLogicCluster oamhost1.home.local:7001 </Location>

This does NOT work

BTDT:
############################################## ## Entries Required by Oracle Access Manager ############################################## # OAM Console <Location /oamconsole> SetHandler weblogic-handler WebLogicHost oamhost1.home.local WebLogicPort 7001 </Location>
This is what the Enterprise Deployment Guide suggests.
My config uses WLS 10.3.6.0.7, OAM 11.1.2.2.0, RedHat Enterprise Linux Server release 6.5 (Santiago), Kernel version 2.6.32-431.el6.x86_64

Symptoms

Your call to /oamconsole is initially redirected, and produces a login screen. You seem to authenticate OKAY, as other screens can be accessed without being re-authenticated.
However, /oamconsole is not displayed, and results in a 404 (Not Found).
Hope this helps!

Sunday, April 06, 2014

OAMSSA-06252 after patching

Once upon a time..

you had a working environment with WebLogic, Access and Identity Management (or Discoverer, or ...) and all of a sudden things start failing.

Symptoms

You notice the dreaded OAMSSA-06252 (Policy Store not Available) while starting up, and start fearing the worst. Also, it seems as-if you cannot login to OAM management console anymore; your credentials are accepted, but you get an "Access Prohibited" error from OAM. Just resending the url (server:port/oamconsole) will get the console.

WLS security Patch 10.3.6.0.7 (WLS patch ID FCX7)

Then, you remember you rolled out Security patch 10.3.6.0.7 (Doc Id 1613601.1) a.k.a. WLS patch ID FCX7 last February. It turn out you need to reread the installation guide for OFM 11.1.2.2.0, in particular the Issues chapter!
Unfortunately, just applying the workaround mentioned in paragraph 2.1.7 is not enough.You must also apply paragraph 2.1.8, but change the "grant codebase" mentioned to:
// Due to patched WLS... FvB 4-apr-2014 grant codeBase "file:/oracle/middleware/patch_wls1036/patch_jars/-" { permission java.security.AllPermission; // original: permission java.lang.RuntimePermission "oracle.*","read"; };
Hope this helps.

Update October 2014 Patch

This issue, now described in another version of the manual, still exists for FSR2. Links altered to workong versions.

Monday, March 31, 2014

Customized pages with Distributed Credential Collector (DCC)

One of the worst documented areas in OAM; customizing pages with DCC.
One revelation: you must use login.pl when you want logout.pl to work, as login.pl seems to build the "Callback URL" list, that logout.pl uses to destroy the session cookies. Update sept 2014This blog entry of the ATeam looks promising: part two is on how to customize DCC login pages.