Wednesday, July 10, 2013

Starting a WebLogic admin on a backup node in a OSB cluster

I have stopped the admin on machine1, made sure the virtualIP is removed from the NIC, and started on the second node.

I get immediately this error in the logs when logging to the sbconsole:

com.bea.alsb.console.common.base.SBConsoleAccessException: The current login role is not authorized to use the console action: "/SBConsoleEntry"

Googling around, it seems that the issue could be the wrong DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift files, in DOMAIN_HOME/security/

On node1, in DOMAIN_HOME/security/ I have:
DefaultAuthenticatorInit.ldift DefaultRoleMapperInit.ldift XACMLAuthorizerInit.ldift DefaultAuthorizerInit.ldift SerializedSystemIni.dat XACMLRoleMapperInit.ldift

On node2 I have :
DefaultAuthenticatorInit.ldift DefaultRoleMapperInit.ldift SerializedSystemIni.dat XACMLRoleMapperInit.ldift

so effectively the 2 files DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift are missing.

The other files are also different. Should I replace them?

Then I discover that:

Service Bus 10g: Problem with Pack / Unpack of Domain [ID 981068.1]
OSB domain created with pack/unpack command doesn't work correctly.
This is a known issue. The jar file generated by the "pack" command has to be manually changed. Please follow the instructions below:
After creating the template, and before you create any new domains from this template, you must do the following: 

1) Add the missing files, DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift, from the DOMAIN-ROOT/security folder of your original domain to the security folder inside the template JAR (jar file generated by the pack command).

2) Manually update the top-level security.xml file in the template JAR with the contents of the DOMAIN-ROOT/init-info/security.xml file of your original domain.

So, the message is: don't use pack/unpack for OSB.

No comments: