Recently I worked on a script to clean-up old application server back-ups. As you probably know, Oracle Application Server offers a script to perform a back-up of your configuration and to back-up a database if necessary. For the database back-up the script uses rman and with rman you can set a retention period. The script doesn’t offer the ability to set a retention period for your configuration back-ups of AS. Oracle wants you to remove it by hand. When you remove those file the catalog will not be cleaned. Well that is not that big of an issue, Oracle only displays the back-up files when they are available. But you want it to be tidy, no unnecessary data in the catalog files. With this in mind I wrote the following bash script.
The script ~/${oracle_env} only sets the oracle_home and oracle_sid and resets path, so all the oracle apps can be executed (like opmnctl, etc)
#!/bin/sh
#
# Cleanup script for old Oracle AS back-ups
#Help!
function help {
echo "usage `basename $0` -e "oracle_env" -r "retension PERIOD""
echo ""
echo " -e Oracle environment which needs to be cleaned."
echo " -r Retention period, in days.Default is 30 days."
exit 1
}
#Clean up after your self
function cleanup {
test -f $TEMP_CAT && rm $TEMP_CAT
test -f $TEMP_ONLINE && rm $TEMP_ONLINE
test -f $LOG_FILE && rm $LOG_FILE
}
trap cleanup 0 1 2 3 6
#Remove file
function remove_file {
FILE_DATE=`echo $1 | awk -F "_" '{print $3"_"$4}' | awk -F "." '{print $1}'`
if [ `check_backup_type $FILE_DATE online` == 0 ]; then
echo -e "n$1 removed" >> $LOG_FILE
rm $BCK_DIR/$1
fi
}
#Recreate online catalog
function recreate_online_catalog {
FDATE=`echo $1 | awk -F "_" '{print $3"_"$4}' | awk -F "." '{print $1}'`
if [ `check_backup_type $FDATE online` == 0 ]; then
echo "$FDATE||backup_instance_online|" >> $TEMP_ONLINE
fi
}
#Recreate catalog
function recreate_catalog {
cat $CAT_FILE | grep -v "online" > $TEMP_CAT
cat $TEMP_ONLINE | sort | uniq >> $TEMP_CAT
}
#Check back-up type
function check_backup_type {
cat $CAT_FILE | grep -E "$1.+$2" > /dev/null 2>&1 ; echo $?
}
#Mail the log file
function mail_logfile {
mail -s "Clean backup files `hostname -a` - Environment: $oracle_env - `date "+%d-%m-%y"`" $MAILADRES < $LOG_FILE
}
#MAIN SCRIPT
while getopts "e:r:h" options; do
case $options in
e) oracle_env=$OPTARG;;
r) retension=$OPTARG;;
h) help;;
*) help;;
esac
done
if [ -z ${oracle_env} ]; then
help
fi
if [ -z ${retension} ]; then
retension=30
fi
#Set Oracle Environment
. ~/${oracle_env} > /dev/null 2>&1
HOST=`hostname`
BCK_DIR=/path_to_backup/$oracle_env
BCK_CAT_DIR=$ORACLE_HOME/backup_restore/data
CAT_FILE=$BCK_CAT_DIR/catalog.txt
BR_CAT_DIR=$BCK_DIR/br_catalog
BR_CAT_FILE=$BR_CAT_DIR/`ls $BR_CAT_DIR`
MAILADRES=email
LOG_FILE=/tmp/clean_log_$$.txt
TEMP_CAT=/tmp/temp_cat_$$.txt
TEMP_ONLINE=/tmp/temp_online_$$.txt
echo -e "Cleanup old back-ups `hostname -a` $oracle_envn" >> $LOG_FILE
#Check if there more then x online back-ups
BCK_COUNT=`cat $CAT_FILE | grep "online" | wc -l`
if [ $BCK_COUNT -lt $retension ]; then
echo -e "There are/is only $BCK_COUNT online back-up(s) leftn" >> $LOG_FILE
echo -e "!!!AANDACHT VEREIST!!!n" >> $LOG_FILE
elif [ $BCK_COUNT == $retension ]; then
echo "Geen back-ups te verwijderen" >> $LOG_FILE
else
find $BCK_DIR -name "*.jar" -mtime +${retension} -maxdepth 1 | awk -F "$BCK_DIR/" '{print $2}' | while read fname; do
remove_file $fname
done
ls $BCK_DIR | grep jar | while read file; do
recreate_online_catalog $file
done
recreate_catalog
cp $TEMP_CAT $BR_CAT_FILE
cp $TEMP_CAT $CAT_FILE
fi
echo -e "nCatalog filen" >> $LOG_FILE
cat $CAT_FILE >> $LOG_FILE
echo -e "nCurrent back-up files.n" >> $LOG_FILE
ls -ltr $BCK_DIR >> $LOG_FILE
mail_logfile
xxx
Posted January 7th, 2009 by Rudi Heinen | No Comments »
Enterprise Manager Grid Control offers the support for monitoring a Microsoft Internet Information Server 6.0 after installing the extension plug-in which can be found here.
In addition to the earlier post on why use the Exchange Server Plugin, this is a welcome add-on to monitoring for example your Outlook Web Access clients.
With the Microsoft IIS 6.0 plugin you are able to monitor your current connections together with any problem that might have occurred with the OWA service.
Here is an impression on what to expect
Posted January 6th, 2009 by John Paul van Helvoort | No Comments »
Last Monday (8 September) Oracle released a new version of Oracle VM with version number 2.1.2. With this new version Oracle introduced some new features, namely High Availability and P2V (Physical to Virtual). Since we were looking to upgrade our virtual environment, I thought this was a good opportunity to test this new version, currently we use VM-ware Server.
I’ve set up an Oracle VM Manager and an Oracle VM server, the simple two server setup. I’ve downloaded some templates, Oracle Enterprise Linux, from the Oracle website and we where up and running in no time. For our company it is important that we can easily migrate the VM-Ware environment to Oracle VM, so we tested the function to import a VM-ware image. We imported two VM-wares, one Windows and one Linux machine through FTP from the VM-Ware server. The Linux machine was easy to bring up. I’ve altered the ‘menu.lst’ and the ‘fstab’, rebooted the machine and it was running like a charm. The Windows machine was a pain in the ass. After some searching on the web I found out that I needed to mount the image, change some drivers (HAL.DLL), boot it again and hoping it will start. I haven’t got into that yet.
As mentioned above, Oracle provided P2V, this is a welcome new feature. We decided to test this on our back-up web server, which is running on SLES 10. I booted the machine with the Oracle VM Server CD, gave the boot option: linux=p2v and followed the menu. In short, you will setup an web service from where the Oracle VM Server can connect to. After I set this up, I started the import in the Oracle VM Manager. On the VM Server an image is created, with the same size as the disk you selected. After a while the import was done, I had to change the root disk in the grub menu and that was it. This all works very easy. In my opinion Oracle have done a good job, making this featured available. This makes it very easy to virtualize your environment.
I Haven’t tested the high availability option yet, this is because I setup a single Oracle VM Server. After reading the documentation, it looks like it works the same as RAC, minimizing the down time when a server crashes. For example, when a VM Server crashes the guest systems are moved to an other available VM Server and the guest systems are restarted. When a VM Server is stopped or rebooted from the VM Manager, the guest machines are moved to a VM Server, without having to reboot (Live Migration). Only requirement is that the HA option is selected on the server and the server pool in the Oracle VM Manager. All these actions are managed by the pool master.
Overall impression of Oracle VM is good, it is easy to manage, easy to implement and above all easy to migrate your Linux machines from either physical or VM-Ware to Oracle VM. One thing I’m missing is the ability to shrink the image file. Further, one thing that concerns me is that it seems that the pool master in a Server Pool is the single point of failure, or that you can’t move the master function from one server to an other. But beside this I think that VM-Ware has finely some competition. Oracle VM places it self next to VM-Ware Infrastructure with almost the same functions at a much lower cost. Hopefully Oracle will keep up the good work.
Posted September 12th, 2008 by Rudi Heinen | 2 Comments »
Kees Jan Koster has started a forum about Java Administration and Tomcat Administration. Head over if you have any questions or tips on monitoring java applications, or if you need some help on performance tuning your web application.
There’s already a useful thread on using jconsole with different application servers. This thread also mentions tools like jManage, Zapcat and VisualVM. Which tool do you prefer?
Posted July 23rd, 2008 by Andrej Koelewijn | No Comments »
At some point we were discussing if it would be possible to synchronize user account based on group membership using the default procedures of Oracle Identity Management.
The idea is to sync as little user accounts as possible to our Oracle Internet Directory where the user accounts are spread over a width range of Active Directory containers were different policies apply to. Not all users in these containers need to have access to the Oracle applications which are integrated with the Oracle Identity Management.
So by granting a user a special group priviledge (soa) in Active Directory it should be synced to Oracle Internet Directory. Other users should not be synced as they are not part of this special “soa” group. When this grant would be revoked, the user account should also be deleted from our Oracle Internet Directory.
Case1 :We are synchronizing all users from Active Directory to Oracle Internet Directory.
When we use a basic searchfilter like :
searchfilter=(&(objectclass=user)
We get all users added and deleted in AD to be processed in OID. This works.
Case2: We are synchronizing based on Group membership.
We use this searchfilter :
searchfilter=(&(objectclass=user)(MemberOf=CN=soa,OU=groups,OU=nieuwegein,DC=iteye,DC=nl))
Users are added to our OID when they straight away are added to the group “soa”, before the sync ( odi ) checks the changes.
In the scenario when the user is added, the sync runs , the user is granted to the “soa” group. The sync will not add the user anymore.
Deletions are not preformed anymore.
Case3: We are synchronizing based on Attributes, we use the displayname attribute as a trigger to sync or not sync our user.
We want to perform this test to see if we could use an attribute ( for example : displayname ) which would indicate this “group membership” by setting a value 1 in it.
We use this searchfilter :
searchfilter=(&(objectclass=user)(displayname=1))
We get only users added which have the displayname changed to 1. No matter if the User was created and adjusted the displayname within a synchronizing period. So in the scenario when the user is added, the sync runs , the users displayname is changed to 1. The sync will still add the user.
Deletions are not preformed anymore. We are not able to delete ( in case 2 and 3 ) or backfill a user based on groupmembership ( case 2 ) After some research we can see in MSDN the description for the memberOf attribute for an AD user:
—————-
memberOf
The memberOf attribute is a multi-valued attribute that contains groups of which the user is a direct member, depending on the domain controller (DC) from which this attribute is retrieved:
At a DC for the domain that contains the user, memberOf for the user is complete with respect to membership for groups in that domain; however, memberOf does not contain the user’s membership in domain local and global groups in other domains. At a GC server, memberOf for the user is complete with respect to all universal group memberships. If both conditions are true for the DC, both sets of data are contained in memberOf.
Be aware that this attribute lists the groups that contain the user in their member attribute—it does not contain the recursive list of nested predecessors. For example, if user O is a member of group C and group B and group B were nested in group A, the memberOf attribute of user O would list group C and group B, but not group A.
This attribute is not stored—it is a computed back-link attribute.
————–
http://msdn2.microsoft.com/en-us/library/ms677943.aspx
Now, this means that when you add a user to a group in AD, AD is just modifying the group not also the user itself. Going forward with this, that means that uSNChanged is updated only once.
The ODI server is reading the uSNChanged value and runs a search against the AD to retrieve the last changes. Here it will find only the group has been changed. The filter for the change will be formed:
(&(uSNChanged interval)(our_custom_filter))
So, for both cases 2 and 3, we will need to take some actions on the user when the group is changed which is not possible with ODI. ODI works on an entity level (that means the mapping files are applied , and actions are performed only on the entity detected as changed).
For case 3 you will not be able to delete a user when an attibute is changed as deletes are searched from a special DeletedObjects AD container. A user is not added in this DeletedObjects AD container when you change in our case the displayname attribute.
However, we could , as a partial solution create a OID plug-in that will fire in a post-update LDAP operation on the specific groups. So, if a user is removed from a group, after the synchronization runs, it will trigger the plug-in. In the plug-in code we should be able to identify the user that was removed and delete it from OID.
But this means we need to extend the possibilities of the default procedures available in Oracle Identity Management.
Our conclusion at this point is that it’s not possible to sync based on group membership with deleting and / or backfilling users working using the default procedures of Oracle Identity Management. However there are possibilities to write your own plug-in for Oracle Identity Manager to do a post-update operation on your user store ( OID ) to keep it clean and up to date.
Posted July 17th, 2008 by John Paul van Helvoort | 1 Comment »
Oracle recently released Oracle Application Testing Suite version 8.30 which provides us with a tool to load test our web applications and web services. As Oracle describes it , it could be used to preform the following tests.
- Load Testing for Web Applications for scalability, performance and load testing.
- Functional Testing for Web Applications for automated functional and regression testing.
- Test Manager for Web Application for test process management, including test requirements management, test management, test execution and defect tracking.
As of now there is only a Windows 32 Bits version available.
I hope to see this kind of capabilities to be integrated within the next Enterprise Manager Grid Control. So that we can centralize products to serve our needs to monitor and improve our applications using just one tool. Some of these tests are now already available in our Enterprise Grid Control by using Plugins like the SOA management pack.
More information on this product can be found here.
Posted July 17th, 2008 by John Paul van Helvoort | No Comments »
When using one central grid monitoring tool you might also wonder what it would be like to monitor 3rd party systems with it. This is what made me try-out the MS Exchange Server plug-in for Enterprise Grid Control server. On top of the workload as a DBA or IAS specialist some are challenged with monitoring an Exchange Mail Server or another server in there park aswell.
Basic Monitoring can be preformed on the host just by installing a Management Agent on the Host. But what if you want to see more then only the Host Preformance and Health ? Well Oracle offers a width range of Plug-ins to monitor all different kinds of components.
Here i took a peak at the posibilities to monitor our Exchange Server with one of these plugins. It was fairly easy to install and configure this plugin. At first i got serveral errors while opening the different graphs displayed on the page. The error i recieved was something like :
Error code = 0x80041010 em_error=An error has occured while fetching WMI data.
After some research i found that this was due to a WMI repository which is not up-to-date. The following command on the Exchange Server solved this problem for me ( preformed this 2 or 3 times )
wmiadap /f
wmiadap /resyncperf
net stop "Windows Management Instrumentation"
net start "Windows Management Instrumentation"
As a result i got nice reports on Load and Throughput of messages inbound and outbound. Also it would show me nice graphics on Information Store Connections, Number of Clients logged-in and Global Message Traffic. Its not possible to control your Exchange server from there , but then again, i would rather want to use the Microsoft Management tools to do this.
For those of you interested in how this would look like , here is a small impression on what to expect of this Plug-in.
Here you can find more information on the Plugin which is included as of version 10.2.0.4 of Oracle Enterprise Manager Grid Control: Oracle’s Microsoft Exchange Plug-in
Posted July 15th, 2008 by John Paul van Helvoort | 1 Comment »
Recently i experienced some problem while changing the cn=orcladmin account in a Oracle configuration setup where Soasuite is integrated with an Oracle Internet Directory. Following serveral Oracle notes on how to change passwords for ‘cn=orcladmin’ left out an important details on what to do when you have a configuration setup as descriped above.
When changing the password of superaccount ‘cn=orcladmin’ i was supprissed that after a successful password change we were not able to get the tasklist in bpel console anymore. Reason for this is a configuration file called ‘is_config.xml’ that was left out. The location of this file is $ORACLE_HOME_SOA/bpel/system/services/config/is_config.xml and should basicly look like this when you have integrated it with an OID.
Example 1:
< ?xml version = '1.0' encoding = 'UTF-8'?>
<isconfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<configurations>
<configuration realmName="ITEYE" displayName="ITEYE Realm">
<provider providerType="JAZN" name="OID" service="Identity">
<connection url="ldap://sso.it-eye.nl:389" binddn="cn=orcladmin" password="KyYv7aj6Rus2nPK5XC8H3g==" encrypted="true"/>
</provider>
</configuration>
</configurations>
</isconfiguration>
Now we need to change the OLD password HASH with the new password. To do this we have to set the correct password in plaintext and set the encrypted value to “false”.
Example 2:
< ?xml version = '1.0' encoding = 'UTF-8'?>
<isconfiguration xmlns="http://www.oracle.com/pcbpel/identityservice/isconfig">
<configurations>
<configuration realmName="ITEYE" displayName="ITEYE Realm">
<provider providerType="JAZN" name="OID" service="Identity">
<connection url="ldap://sso.it-eye.nl:389" binddn="cn=orcladmin" password="plainpassword" encrypted="false"/>
</provider>
</configuration>
</configurations>
</isconfiguration>
After you restart de BPEL server the password is changed into a HASH encrypted password again and the encrypted value will be changed back to “true” automatically aswell.
Your Tasklist should appear again after a successful login into the bpel console.
Posted July 3rd, 2008 by John Paul van Helvoort | No Comments »
For a while i am working with Oracle Identity Management as a central user store for all my Oracle products.To monitor this environment Oracle Enterprise Manager Grid Control offers a rich information interface to help you do so. However i am missing information on the Directory Integration Platforms which is used to connect to 3rd party Ldap Directories such as OpenLdap , Edirectory and Active Directory. This important information should be available in the Grid Control Montoring tool as it could happen that the synchronization runs into a problem without us noticing.
To take the monitoring capabilities to a higher level and provide such information , Oracle provides the “Identity Management Grid Control Plug-in”. This Plug-in must be installed into your Monitoring Grid and on every Agent which monitors and Oracle Identity Management.
After doing so you will have a new group next to your host , databases , etc called “Identity Management” which provides us with a complete overview of our Identity Management. It also collects administrative pages and offers you a direct link from within EM Grid to User Management, Group Management , Manage Services , Scope Settings and Session Setting.
I would recommend using this plug-in on top of a basic installation of Enterprise Manager Grid Control.
Here is a quick impression of how these pages would look like :
Posted July 3rd, 2008 by John Paul van Helvoort | 5 Comments »
As more people like the idea of going platform independent with their applications and their implementations, this seems like a fare question to ask. Can i use my Firefox browser to log me into my applications which are configured for Windows Native Authentication using an Oracle Identity Management server.
The oracle documentation on Oracle Identity Management explicitly mention the use of non-IE browser in a WNA configured environment. (See Oracle Docs, Implementing Fallback Authentication)
Would you choose to use Firefox against a WNA SSO server you must expect a Fallback-Authentication method. Would you use your IE browser which is enabled for WNA. You would login automatically into any registered SSO partner application on that SSO server. When we dig a little deeper we can see that the auth mechanism SPNEGO is used.
This protocol is supported for IE and also some non-IE browsers like Firefox. Visit Achim Grolms webpage to see how you could achieve this.
This information has been bought to Oracle’s attention and they now are looking into the possibilities of using Firefox in a WNA environment. The limitation is not residing on the client side (Firefox) but lies in the capabilities of the Single Sign On server at this point. The Single Sign On server queries the browser information and selects based on the Browser type if it would use WNA of not. Oracle expects to support Firefox in future releases but does not yet give a specific release number. At this moment oracle confirms that 10.1.4.2 and previous releases has not yet been enhanced for using non-IE browsers in combination with WNA. Instead an Oracle INTERNAL BUG is reported which calls for this feature. This bug is registered under :
BUG:6803891 ORACLE SSO WNA COULE BE ENHANCED TO SUPPORT FIREFOX BROWSER
I hope Oracle can come up with a quick solution on this matter as it seems to be a showstopper for migrating many clients desktops to open Source desktops !
Posted July 2nd, 2008 by John Paul van Helvoort | 6 Comments »
