Undeploying SOA Composite when Soa-Infra is Down

Undeploying SOA Composite when Soa-Infra is Down

Goal

Mainly this task is required when starting soa server, soa-infra application won't come up due to corrupt composite which stops the soa-infra to be in active state.  The solution also applies in the case where the server itself is failing to come up / stay up due to a bad deployment.

Solution

Check the soa logs and determine which composite is causing the problem and then follow the below process to Undeploy SOA composite by editing deployed-composites.xml

1. Download and copy the ShareSoaInfraPartition.ear file to $MIDDLEWARE_HOME/oracle_common/common/bin

2. cd to $MIDDLEWARE_HOME/oracle_common/common/bin

and

run wlst.sh

3. connect()

provide username, password and server URL

4. run the below command to deploy ShareSoaInfraPartition.ear

deploy('ShareSoaInfraPartition','ShareSoaInfraPartition.ear',upload='true')

5. Now run the below command by changing the "toLocation" ('/fmw11g/fmw1115/Middleware' is some location path on SOA machine)

exportMetadata(application='ShareSoaInfraPartition',server='AdminServer',toLocation='/fmw11g/fmw1115/Middleware',docs='/deployed-composites/deployed-composites.xml')

6. A deployed-composites folder will be created at "toLocation" path with deployed-composites.xml in it

7. Delete the composite which is causing the problem and save the file

For example i am MediatorTest composite like below

<composite-series name="default/MediatorTest" default="default/MediatorTest!1.0">
<composite-revision dn="default/MediatorTest!1.0" state="on" mode="active" location="dc/soa_58b98be8-9ec8-41af-bb83-590f6004d1aa">
<composite dn="default/MediatorTest!1.0*soa_58b98be8-9ec8-41af-bb83-590f6004d1aa" deployedTime="2011-11-17T09:01:54.750+05:30"/>

8. Now run the below command by changing the "fromLocation" (this should be the same location as previous)

importMetadata(application='ShareSoaInfraPartition',server='AdminServer',fromLocation='/fmw11g/fmw1115/Middleware',docs='/deployed-composites/deployed-composites.xml')

9. Now bounce your server and the composite will not be deployed by SOA when it comes up and hence that should bring your soa-infra up.

Test Notification Configuration in Weblogic

 Test Notification Configuration in Weblogic

Here is the setting for sending all the notifications to test email address.
(http://docs.oracle.com/cd/E28280_01/admin.1111/e10226/hwf_config.htm#CEGDGCEC)
21.2 Configuring the Notification Service to Send Notifications to a Test Address
You can configure the Oracle Human Workflow Notification Service to send all notifications to a test address instead of to a production address. To do this, you use the System MBean Browser in Oracle Enterprise Manager.
To configure the Notification Service to send notifications to a test address:
1.    Navigate to the System MBean Browser in Oracle Enterprise Manager. To do this:
From the SOA Infrastructure Menu...    From the SOA Folder in the Navigator...
        1.    Select Administration > System MBean Browser. 
        2.    Right-click soa-infra.
        3.    Select Administration > System MBean Browser.

2.    Search for the HWFMailerConfig Mbean. To do this click the Find icon in the System MBean Browser navigator pane. From the Find list, select MBean Name, and, in the text box to the right of the list, enter HWFMailerConfig. Click the Find arrow.
The corresponding information appears in the right pane.
3.    Select the Operations page.
To set a test address:
1.    In the Operations page, select addTestNotificationAddress. The Operation: addTestNotificationAddress page appears in the right pane.
2.    In the Parameters table, in the Channel row, in the Value column, specify the channel through which to send notifications, for example, Email, SMS, FAX, IM, Voice, Pager.
3.    In the Parameters table, in the testNotificationAddress row, in the Value column, enter the address of the test recipient, for example, testAddress@yourDomain.com.
4.    Click Invoke.
To remove a test address:
5.    In the Operations page, select removeTestNotificationAddress. The Operation: removeTestNotificationAddress page appears in the right pane.
6.    In the Parameters table, in the Channel row, in the Value column, specify the channel you want to remove for the notification, for example, Email, SMS, FAX, IM, Voice, Pager.
7.    Click Invoke.

Signing JAR Files

Signing JAR Files

We generally digitally sign files in order to make sure that it is trusted. Once you (or your browser) have verified that an applet is from a trusted source, you can have the platform relax security restrictions to let the applet perform operations that would ordinarily be forbidden.
Prerequisites
If you want to Sign any JAR file with Code Signing certificate, please follow the below steps.
1.    Get the Code Signing Certificate with below details.
•    Alias
•    Key Password
•    Storetype
Importing the Keystore

1.    Now you need to import the Code Signing details into your Keystore, to do so please run the below command.
keytool -importkeystore -srckeystore /tmp/signimaging/abc.pfx -srcstoretype pkcs12 -trustcacerts –q destkeystore /$ORACLE_HOME/certstore/your_keystore.jks.
abc.pfx -> Is the Code Signing certificate.
your_keystore.jks - > Is your local keystore.
 -trustcacerts - additional certificates are considered for the chain of trust, namely the certificates in a file named "cacerts".
 -importkeystore - Reads the certificate or certificate chain (where the latter is supplied in a PKCS#7 formatted reply or a sequence of X.509 certificates) from the file cert_file, and stores it in the keystore entry identified by alias.
                  -srcstoretype- This qualifier specifies the type of keystore to be instantiated.

                 -srckeystore- provide the .pfx file here

       -destkeystore- provide the location of your local keystore
After running this command it will display message “Successfully Imported”.
2.    You need to verify whether the Code Signing Certificate entry is made or not in your Keystore. Run below command to check the entry.

keytool -list -v -keystore /u07/oracle/certstore/bisipm_keystore.jks

-keystore- your local keystore
-list –v - The -list command by default prints the MD5 fingerprint of a certificate. If the -v option is specified, the certificate is printed in human-readable format.




JAR Signing

1.    You use the JAR Signing and Verification Tool to sign JAR files and time stamp the signature. You invoke the JAR Signing and Verification Tool by using the “jarsigner” command
2.    Now go to the directory where Jarsigner is present, in our example it is “/$ORACLE_HOME/jrockit-jdk1.6.0_91/bin/” and run the below command.
./jarsigner -keystore /$ORACLE_HOME/certstore/bisipm_keystore.jks /tmp/signimaging/abc.jar my_alias
Here, my_alias is the alias.
/tmp/signimaging/abc.jar- location of your JAR file.
-keystore- your keystore location
It will ask you for keystore password and key password.

3.    Your JAR file is signed now, you need to verify it using below command.

./jarsigner  -verify -verbose /u07/oracle/middleware/Oracle_ECM1/ipm/lib/imaging-client.jar > test.txt



In the test.txt file find the below entry, if this entry is present then you JAR file is signed successfully.

Running RDA 8.0 against SOA Products

1.      Change directory to RDA_HOME i.e “cd /u07/oracle/rda”

2.      To Make sure the RDA command (rda.sh) is executable, run the following command

$chmod +x rda.sh

3.      To Verify the RDA installation, run “./rda.sh -cv”. On successful installation “No issues found” message is displayed at the end of the command output.

4.      To collect the following information, run rda utility with min profile such as  “FM11g_SoaMin”  

·         Server Logs

·         Configuration

·         Start Scripts

·         Latest Incidents from the ADR Repository

·         Patch Inventory

·         Report for SOA Health Checks

·         Thread Dumps (online)

·         SOA MDS Configuration (online)

·         Composite and WSDL Diagnostic Dumps (online)

$./rda.sh -SCRP -p FM11g_SoaMin

Note: If the environment variables are set appropriately we can hit 'enter' at every prompt and the collection will run automatically. Otherwise the following three steps(5,6,7) get executed (In our case, these steps are bypassed because setDomainEnv.sh has been configured)

5.      Accept the default value of the first prompt asking about the network domain

Enter the network domain name for this server Hit "Return" to accept the default (domain.com)

> 

6.      Enter ORACLE_HOME as the Middleware Home location

Enter the Oracle Middleware home to be used for data analysis
>

7.      Confirm or enter a new location for the domain. By default it is <ORACLE_HOME>/user_projects/domains'

Enter the location of the directory where the domains to analyze are located (For example in UNIX, <BEA Home>/user_projects/domains or <Middleware Home>/user_projects/domains) Hit "Return" to accept the default (/oracle_ps6/middleware/user_projects/domains)
>

At this step, two modes of data collection can be selected. Offline mode is preferred unless it is explicitly asked in SR.

8.      To select offline mode, press enter(Return)

9.      To select target server i.e “soa_server1”, select option 5 and press enter

“RDA Data collection ended” message is displayed on successful execution of the rda utility.

Note :

If it is asked to select “OCM(Oracle Configuration Manager)” after Data collection ended, the default value is “Y” for SOA and “N” can be selected.

Note :

1.      RDA_HOME/output i.e “/u07/oracle/rda/output” contains collected reports on configuration and health information.

2.      To review the collection, copy output folder to machine with browser installed and open 'RDA_start.htm’

References:

·          Remote Diagnostic Agent (RDA) - Getting Started (Doc ID 314422.1)

·         How to Run Remote Diagnostic Agent ( RDA ) Against SOA Products (Doc ID 1571554.2)

Steps for Deleting Logs Older than 60 Days

Steps for Deleting Logs Older than 60 Days

1.    Create a shell script which contains commands to delete log files of all the servers. For example if the filename is “delete_logs_2mnths_older.sh” run the below command.
sudo vi delete_logs_2mnths_older.sh

And enter the commands as mentioned below.
<SNIP>
find /u07/oracle/middleware/user_projects/domains/wci_domain/servers/bam_server1/logs -mtime +60 -type f -delete
find /u07/oracle/middleware/user_projects/domains/wci_domain/servers/UCM_server1/logs -mtime +60 -type f -delete
find /u07/oracle/middleware/user_projects/domains/wci_domain/servers/soa_server1/logs -mtime +60 -type f -delete
find /u07/oracle/middleware/user_projects/domains/wci_domain/servers/AdminServer/logs -mtime +60 -type f -delete
find /u07/oracle/middleware/user_projects/domains/wci_domain/servers/IPM_server1/logs -mtime +60 -type f -delete
</SNIP>
2.    After writing the script file then you need to give permissions for the file to execute. Run the below command.

sudo chmod 777 delete_logs_2mnths_older.sh



3.    Now we have to make an entry in Crontab for “delete_logs_2mnths_older.sh” file to execute periodically.

Run the below command.

sudo crontab –e



Below is the entry we make in Crontab which says that “delete_logs_2mnths_older.sh” should be executed every day at 9pm PST (SDSU timing).

0 21 * * * /tmp/Delete_Older_logs/delete_logs_2mnths_older.sh

The Cron job works in below fashion.


4.    We need to restart the Cron job. Execute the below commands.

Goto : cd /etc/init.d and run below command

sudo ./crond restart

You will get below message.

IPM BPEL Composite Deployment Sequence

IPM BPEL Composite Deployment Sequence

1. Sena Update Document
2. Red Id Conversion
3. Supplier Documents
4. Supplier Maintenance
5. Rescan
6. Request for Invoice Information
7. PSFT Expense
8. Invoice Synchronization
9. Post Invoice Import
10. Manage Holds
11. Invoice Validate and Import
12. Invoice Processing
13. Invoice Import
14. Invoice Approval
15. Invoice Completion
16. Expense Receipt Processing
17. Assign User
18. Account Distribution
19. Document Routing

   Modules impacting change of Weblogic password

This document covers the locations where the change of Weblogic password is impacted in the IPM environment. This is assumed that we have used this user for integration among servers.

1.1      CSF Key

To modify the value of the existing value, follow these steps.

1.       Login to enterprise manager http://{host}:7001/em/

2.       Use administrator credentials, e.g. Weblogic

3.       From left panel, expand “Weblogic Domain”

4.       Right click on ipm domain e.g. wci_domain

5.       Traverse {ipm domain} -> “Security” -> “Credentials”

6.       This page will show available csf maps. keys

6.1.     From the list select “basic.credential” key and click on “Edit”. Fill in the proper values in the popup.

6.2.     Click on OK buttons

1.2      ODC commit profile

1.       Start ODC

2.       Go to Admin – File Cabinets

3.       Locate File Cabinet named “AttachSuppliemental” and click on “Configure”

4.       In the configuration details page for Commit Driver enter below values.

User Id: Weblogic / {PASSWORD}

Security Policy: Token Security

URL: https://test.com:16001/imaging/ws

4.1.     Click on Ok

5.       Locate File Cabinet named “SupplierDocuments” and repeat steps 3 and 4 for the same.

6.       The steps 3 & 4 has to be repeated in case there are imaging direct commit profiles.

1.3      EBS Adaptor Configuration

1.       Connect to APPS schema.

2.       Here we need to execute below commands.

3.       The SOAP store password is in the database vault. It can be changed by executing the following command as APPS schema:

execute fnd_vault.put('AXF', 'weblogic', '{PASSWORD}');

Commit;