Showing posts with label oracle http server. Show all posts
Showing posts with label oracle http server. Show all posts

Monday, 10 November 2014

[OHS]: Configure Webgate to include Execution context ID (ECID)

Enabling Webgate ECID Logs:


1) Go to Webgate Instance Directory:

bash$> $OHS_HOME/instances/instance1/config/OHS/ohs1/

2) Change Directory to webgate config folder:

bash$> cd webgate/config

3) Open oblog_config_wg.xml file to edit it:

bash$> vi oblog_config_wg.xml

4) By default LOGLEVEL_ECID will be off. Thus it is required to 'On' the logging.

<!--  LOGLEVEL_ECID logs will be logged in a seperate file by default 
  --> 
- <!--  By default LOGLEVEL_ECID will be off.                           
  --> 
- <!--  To make it on change "LOG_STATUS" parameter to "On"             
  --> 
- <ValNameList xmlns="http://www.oblix.com" ListName="LogEcid2File">
  <NameValPair ParamName="LOG_LEVEL" Value="LOGLEVEL_ECID" /> 
  <NameValPair ParamName="LOG_WRITER" Value="MPFileLogWriter" /> 
  <NameValPair ParamName="FILE_NAME" Value="webgate.ecid.log" /> 
- <!--  Buffer up to 64 KB (expressed in bytes) of log entries before flushing to the file. 
  --> 
  <NameValPair ParamName="BUFFER_SIZE" Value="512" /> 
- <!--  Rotate the log file once it exceeds 50 MB (expressed in bytes). 
  --> 
  <NameValPair ParamName="MAX_ROTATION_SIZE" Value="52428800" /> 
- <!--  Rotate the log file after 24 hours (expressed in seconds). 
  --> 
  <NameValPair ParamName="MAX_ROTATION_TIME" Value="86400" /> 
  <NameValPair ParamName="LOG_STATUS" Value="Off" /> 
  </ValNameList>

5) Here we need to change the LOG_STATUS Value to "On"

<!-- <NameValPair ParamName="LOG_STATUS" Value="Off" /> -->

<NameValPair ParamName="LOG_STATUS" Value="On" />

6) If we want to get the logs write quickly, no buffer storage. We can reduce the BUFFER_SIZE to "1".

7) Save the changes. And we are good to go...!!!!
8) Restart the OHS Web Server.

9) You will see a log file created in the diagnoistics folder named "webgate.ecid.log"

bash$> cd $OHS_HOME/instances/<instance_name>/diagnostics/logs/OHS/ohs1/
bash$> ls *ecid*
webgate.ecid.log


Enjoy :-)

Monday, 27 October 2014

Exception: "Oracle AccessGate API is not initialized"

Problem Statement:


Following exception is seen while starting the OHS Server (which has webgate.so included):

"Exception thrown during WebGate initialization"
"Oracle AccessGate API is not initialized"


Issue:


This is surely a configuration related issue. Remember always first doubt the configuration and than the component. That's the thumb rule.


Solution:


1) Usually when we use security mode other than Open i.e. either Simple or Cert mode. We get this type of exception.

Now the question arises why?

Basically there are some steps that we follow to change the security mode.

Like for Simple Mode: http://oracleoam.blogspot.com/2014/08/configure-simple-mode-communication-for.html


  • Here say if we don't provide the Global Passphrase Password. And we just apply the rest of the changes. So when we try to start OHS Server or any server using the webgate component. It will throw these exception.
Note: 
  1. Here if you don't provide any password for global passphrase, you still see the field as non-empty but that value is junk. And it needs to be provided a valid password, which could be any. But you have to provide it.
  2. Basically while doing the SSL handshake with the OAM Server this password is passed with other values. That's why it is important to provide one.


Enjoy :-)

Wednesday, 8 October 2014

[Webgate]: Configure ProxyPassMatch Directive -> Required for Apache/OHS Internal Redirect Calls

Potential Problem :

When webgate identifies an error/exception (may be reported by OAM) , in this
case webgate fires an internal redirect request for "/oberr.cgi" & this
invokes an error handler.
This error handler is defined in the webgate.conf file.
<Location "/oberr.cgi">
SetHandler obwebgateerr
</Location>

But when the resource webgate is the proxy. In this case if webgate
identifies error/exception, it fires an internal redirect request. But the
error handler "obwebgateerr" is not invoked.


Potential Reason: 

When apache sends the internal redirect request in that case it sets "proxy-server" handler by itself.
Due to which the handler defined for "/oberr.cgi" is not set as already an
handler is set. This causes the request to be proxied to the backend server &
causes problem.


Solution:

It is required to set a "ProxyPassMatch" directive before the "ProxyPass"
directive in the conf file.
By setting this directive, it will not proxy for the "/oberr.cgi" request to
the backend server rather it will be served by the webgate itself.


Configuration to do:

1) Add the following directive in the conf file. Restart the Web Server:

ProxyPassMatch ^/oberr.cgi !

Syntax:
ProxyPassMatch [regex] !

The ! directive is useful in situations where you don't want to reverse-proxy.

Eg:

ProxyPassMatch ^/oberr.cgi !
ProxyPass / http://something.com/AuthenticationService/
ProxyPassReverse / http://something.com/AuthenticationService/


Enjoy :-)

Thursday, 2 October 2014

Creating an Oracle HTTP Server Instance

Let's Start the process.....


1) Go to the OHS Installed Directory.....

    bash$> cd $OHS_HOME


2) Move to opmn -> bin folder

    bash$> pwd
     bash$> /scratch/ckukreja/OHS/Oracle_WT1/
     bash$> cd opmn/bin


3) Now we will first create instance using the opmnctl executable.

bash$> ./opmnctl createinstance -oracleInstance /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst    -adminRegistration OFF

 Creating Oracle Instance directories...Done
 Recording OPMN ports reservations...Done
 Bootstrapping OPMN configuration files...Done
 Instantiating opmnctl for direct usage...Done
 Skipping instance registration
 Command succeeded.

Note: Here we have created a new instance name 'newInstance'. Also we have 'OFF' the 
         adminRegistration.

bash$> ls  /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst
auditlogs  bin  config  diagnostics  tmp


4) We have successfully created the instance, now it's time to create OHS Component.

 bash$> ./opmnctl createcomponent -componentType OHS -componentName myohs -oracleInstance 
                /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst

 Creating empty component directories...Done
 Provisioning OHS files for myohs
 Copying OHS files from ORACLE_HOME to ORACLE_INSTANCE locations
 Customizing httpd.conf
 Adding component's process control to OPMN...Done
 Skipping myohs component registration.
 Command succeeded.

Note: We have created 'myohs' OHS component with our instance 'my_inst'.

bash$> ls  /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst
auditlogs  bin  config  diagnostics  OHS  tmp


5) Now its time to start the OHS.

bash$> cd /scratch/ckukreja/OHS/Oracle_WT1/instances/my_inst/bin
bash$> ./opmnctl startall

bash$> ./opmnctl status
Processes in Instance: my_inst
 ---------------------------------+--------------------+---------+---------
 ias-component                    | process-type       |     pid | status
 ---------------------------------+--------------------+---------+---------
 myohs                           | OHS                |    7777 | Alive


We are done with the OHS Instance creation process...........!!!!!!!!!!!!!!!!


Enjoy :-)

Monday, 7 July 2014

Stop OPMN to ping OHS Worker Threads.......


Making Debugging Possible with OHS Server:

When we hook our component with an OHS (Oracle HTTP Sever) web server which is an apache based web server, we might get into a situation where we want to debug our hooked code.



Thus in such scenario's we will notice that the OPMN automatically restarts the OHS Web Server.

It will bring out the httpd.worker processes out of the debug mode after a while. And thus we won't be able to debug properly.


Basically it is due to the OPMN service running into the background. It is the one who is tightly looking into the httpd.worker process, that whether it is running properly or not. If not than restart it. It keeps on pinging the workers to get the know how of it.

How OPMN comes to know which managed process it needs to ping?
All this is mentioned in the opmn.xml file, which is located at 
<MiddlewareHome>/Oracle_WT1/instances/<instance_name>/config/OPMN/opmn/opmn.xml
The 
opmn.xml file shows you which system components OPMN is managing on your system.

You will find following similar kind of configuration in opmn.xml file:
<ias-instance id="instance1" name="instance1">
        <environment>
           <variable id="TEMP" value="/tmp"/>
           <variable id="TMP" value="/tmp"/>
        </environment>
      <ias-component id="ohs1">
  <process-type id="OHS" module-id="OHS2">
    <module-data>
      <category id="start-parameters">
        <data id="start-mode" value="ssl-enabled"/>
      </category>
    </module-data>    
    <process-set id="OHS" numprocs="1"/>
  </process-type>

Comment the <process-set> directive & add below mentioned 2 lines in its place:

   <!-- <process-set id="OHS" numprocs="1"/> -->
   <ping interval="0" />
   <process-set id="OHS" numprocs="1" restart-on-death="false" />

Note:
  • restart-on-death=false To disable automatic restarting of terminated managed processes set the attribute to false.
  • process-set=1 Specifies the number of processes for OPMN to start for the process-set.


By doing this configuration we ensures that the OHS won't get restarted in debug mode anymore.


Enjoy :-)