Uncategorized

Setup Terraform for OCI

SreekarLeave a comment

How to setup Terraform in your local VM for provider OCI.

    1. Download terraform from hashiCorp site,  based on your OS requirements https://www.terraform.io/downloads.html
    2. Unzip the downloaded file , zip will contain only 1 file.
    3. If you are using mac , move the terraform file to your /usr/local/bin path, so its convenient for you to invoke terraform program from anywhere.
            • which terraform
              /usr/local/bin/terraform
            • terraform --version
              Terraform v0.12.21
              + provider.oci v3.63.0
    4. You need to generate public PEM file with a password, and this public PEM will be added in OCI console under your profile settings. You can either create this file in your .ssh folder or as needed. This is needed for authenticating against your tenancy.
        • Generate Private PEM key

          openssl genrsa -out ~api_access_to_oci_key.pem -aes128 2048
          Enter pass phrase for {pathtokeyfilename}:Verifying – Enter pass phrase for {pathtokeyfilename}:

        • Generate Public PEM Key

          openssl rsa -pubout -in ~api_access_to_oci_key.pem -out ~api_access_to_oci_pub.pem
          Enter pass phrase for {pathtokeyfilename}:writing RSA key

        • Cat the public key file that you generated above
        • Login to OCI console , with your username.
        • Click on your profile and go to API Keys.
        • Add your public key to API Keys, fingerprint will be generated. keep a note of it
    5. Create terraform variables, in your bash profile.

        • #Terraformexport TF_VAR_tenancy_ocid=ocid1.tenancy.oc1..aaaaaaaafoosexport TF_VAR_compartment_ocid=ocid1.compartment.oc1..aaaaaaaaexport TF_VAR_user_ocid=ocid1.user.oc1..aaaaaaaanlexport TF_VAR_region=us-ashburn-1export TF_VAR_fingerprint=e7:xx:ef:01:06:f9:xx:yy:dtt01:ww:xx:19:ww:qqexport TF_VAR_private_key_path=~api_access_to_oci_key.pemexport TF_VAR_private_key_password=passwordofprivatekeyfile

        • Source your new/updated profile file. Example – source ~/.bash_profile

           

    6. Create terraform directory and now lets define the oci provider configuration by testing a small code.In terraform directory,   create a file called provider.tf with below content.

        • cat provider.tf
          variable “tenancy_ocid” {}
          variable “user_ocid” {}
          variable “fingerprint” {}
          variable “region” {}
          variable “private_key_path” {}
          variable “private_key_password” {}

          provider “oci” {
          tenancy_ocid = “${var.tenancy_ocid}”
          user_ocid = “${var.user_ocid}”
          fingerprint = “${var.fingerprint}”
          region = “${var.region}”
          private_key_path = “${var.private_key_path}”
          private_key_password = “${var.private_key_password}”
          }

    7.  Initialize your terraform with command terraform init.
    8. terraform apply

 

 

 

Uncategorized

STDOUT Rotation Weblogic

SreekarLeave a comment

As you might know weblogic doesnt provide log rotation for *.out file.  Thats because stdout belongs to JVM not weblogic. Weblogic provides logrotation for .log,access.log and diagnostic logs.

Following are the 3 different ways to rotate your stdout log files in Weblogic.

1) We can use logrotate which comes with default OS to implement stdout rotation.Below is the snippet code that you need to put in your /etc/logrotate.conf file.

 {
rotate 36500
notifempty
size 100k
copytruncate
}

2) We can send all stdout to stdlog file by passing the JVM argument -Dweblogic.log.RedirectStdoutToServerLogEnabled=true. With this we have less maintenance and single log file to look and also we have control of serverlog file in weblogic console.

3) We can create a custom script or wlst scipt  to copy the existing file and do the cat /dev/null , as we usually do when the log files are full.

Uncategorized

Oracle Webcenter/IPM Remote Address Permission denied Error

SreekarLeave a comment

When we migrated our IPM to new Exalogic hardware we found an issue where we were not able to configure IDC connections.Attached the error screen shot below.

  • Go to ipm.com/imaging/ ( Login in with admin access )
  • On the left side click on Manage connections , select the connection name ( content server repository )
  • Before make sure your IDC is running on 4444( default ) with command netstat -na |grep portno.
  • Modify the content server pool to new servers names and when you click on next we where seeing below error.IPM_Error
  • To resolve the above error, make sure you modify the security filters with the new server IPs ( in case if you are using security filters ).
  • Go to your UCM directory foler , and modify the config.cfg files parameter SocketHostAddressSecurityFilter=127.0.0.1|yourIPs|yourIPs. More about SocketHostAddressSecurityFilter
  • After adding the IPs , restart the JVMs and now you should be able to configure IDC connections from the imaging URL.
Uncategorized

WebVerifier Stopped working After Jan 1st 2015.

SreekarLeave a comment

The first working day of year 2015, our users reported that their invoices are not processing and can’t see the list of vendor IDs in Webcenter Forms Recognition. We looked at everything and couldnt find any issue with the product, windows machine, DB all other stuff. Finally we raised an SR and came to know that Oracle has a patch for this.

WebVerifier Version – 11.1.1.8.0

Bug  20134250, Vendor search fails.

Below is the solution:

Refer to Doc ID  1950714.1 on Oracle Support Site and apply the patch 20134250.

Applied the patches in DEV/QA and and PROD successfully with no issues.

Uncategorized

SSLv3 Vulnerability -Poodle Attack

SreekarLeave a comment

If you are using https for your apps , make sure you are working on disabling the SSLv3 protocol ASAP.
More info on the SSLv3 Poodle Attack.
https://www.us-cert.gov/ncas/alerts/TA14-290A
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

To do SSL test use the below URL and enter your domain name , it will perform a scan of your site on HTTPS
https://www.ssllabs.com/ssltest/index.html

For Apache servers you can disable with below parameters.
SSLProtocl all -SSLv2 -SSLv3 or SSLProtocol TLSv1.

Before making changes make sure you have certificate passphrase, as its gonna prompt for the password once you make the changes.

Uncategorized

Microstrategy Mobile App -Doesn’t work in IOS8

SreekarLeave a comment

Microstrategy App doesn’t work after upgrading to Apple IOS8.All our mobile users use https to connect to our application in the App. After upgrading the IOS devices https connections were failing. To isolate the issue we enabled internally http on the apache servers, Interestingly HTTP works with no issues.

We contacted the vendor and currently they came to conclusion that its bug on IOS8 devices.As part of the http protocol the http(s) server sends periodic keep-alive packets to the client (i.e., the device). This is a performance feature of http(s) so that the connection does not have to be re-established every time. Under iOS 8 the keep-alive packet is not being handled correctly. As a result iOS 8 incorrectly aborts the connection when the keep-alive packet is received by the client. This does not happen under iOS 7.

The above problem has already been reported to Apple to be addressed.Will share once we have the updates from Apple.

Note: If you are microstrategy mobile user , Please do not upgrade to IOS8.

Update
For interim we disabled keepalive by using below command on apache ssl conf.
BrowserMatch “URI/IPhone” nokeepalive

Once we added this , we were able to connect using https.But still working through network issues.