Showing posts with label FYI. Show all posts
Showing posts with label FYI. Show all posts

Saturday, December 8, 2018

Create a shared folder with an Oracle Linux VirtualBox + Windows 10

With the release of the OBIEE 12c virtual appliance  there's plenty of opportunity conduct demo days, proof of concepts and daily-in-the-life scenarios for your customers and stakeholders. A recurring challenge we continue to hear is the ability to upload custom data sets or BAR files within the VM.

Friendly reminder that the VM is an encapsulated 'machine-in-a-box' that has no network connectivity to your local machine (the host). To enable file sharing between your Virtual Machine and your host, remember to create a shared folder. There's some confusion on how to do this, so we'll explain as follows.

Keep in mind, the 'host' is your local machine, the 'guest' is the virtual machine, and the 'mount' is the shared folder between the host and guest. In this example, the host is a windows 10 machine provisioned by a client, and the guest is the OBIEE 12c v607 Virtual Appliance VM (Oracle Linux) installed on the host accessed via VirtualBox.

 Step 1. Identify a folder to share on your host machine.

 In this case we'll create a folder in our C:\ drive called shared_vm
Step 2. Add the shared folder to the VirtualBox share

Within your Oracle VirtualBox VM setting navigate to shared folders and mount C:\shared_vm. This tells the VM that C:\shared_vm is the shared folder on the host.

Step 3. Insert the Guest Additions CD Image within the VirtualBox

This is where alot of people fail. I've seen numerous blogs and youtube videos where people attempt to run the guest addition CD image on the host. Guest Addition = guest machine. Do not run the image on the host (windows), run it within Virtual Machine (in this case Oracle Linux). 

By running Devices -> Insert Guest Images CD, you'll be prompted with a selection to 'Open Autorun Prompt'. Not you'll be required required to enter the root password for this image which is 'Admin123'. This isn't a secret, all user/passwords within the appliance are accessible via the default link within firefox.

You'll be prompted with a notification that modprobe vboxsf has failed. modprobe is a function to add or remove module's from the linux OS kernel. 

Execute
sudo usermod -aG vboxsf $(whoami)
to add the logged in user to the vbox group, then restart the server. 
Step 4. Create a shared folder within the guest machine and mount to the virtualbox shared folder

In this example we created a folder called 'shared' in /home/oracle. 


Mount the virtualbox shared folder (called "shared_vm" which was created step 2) to /home/oracle/shared by executing

sudo mount -t vboxsf -o uid=1000,gid=1000 shared_vm /home/oracle/shared
To verify, we created a file  in our host location c:\shared_vm which is also visible in the guest folder /home/oracle/shared





Happy demoing!

at 2 comments:
Labels: ,

Monday, August 12, 2013

FYI: GoURL Primer with OBIEE 11g

The Oracle BI Presentation Services Go URL command is for use in incorporating specific Oracle Business Intelligence results into external portals or applications. The Go URL is used when you add a result to your favorites, or add a link to a request to your dashboard or an external Web site. It has a number of forms and optional arguments that can be used to control its behavior.

 Oracle has provided limited documentation on goURL parameters and with use cases that require end users to navigate to specific dashboards or request dashboards be embedded into pre-existing web pages, i've decided to create a Primer on commonly used GoURL functionality:

 Common goURL Parameters:
ParametersSyntaxDefinition
NQUser&NQUser=xUser ID
NQPassword&NQPassword=xPassword
Path&Path=xPath of the answer to execute. You can find it in the properties page (Answers/Manage Catalog/ and click on the properties icon (a little hand) of the object that you want. See picture above
Link Options&Options=xThe x can be one or more of the following letters:
* m : Modify Request
* f : Printer Friendly
* d : Download to Excel
* r : Refresh Results
Printer Friendly&Action=printResults are in a printer-friendly format, without the paging controls, hot links, and so on.
Passing Filters&Action=NavigateTo apply filters to the answer (see section below on Passing Filters)
Application Friendly&Action=Extract
&Action=Scroll		Results are displayed in an application-friendly format, such as for Microsoft Excel, without the paging control, hot links, and so on. The Extract action also acts as a Navigate action (read Passing Filters to the Oracle BI Presentation Services Go URL Through a URL (Navigation)) so you can filter the results that are returned by the call.
Specific View&ViewName=xThis shows an individual result view rather than the default compound view
Specific View&ViewID=go~xThis shows an individual result view rather than the default compound view where x is the name of the view
Specific Style&Style=xThis shows the results using a specified style. If the style does not exist, the default is used.
Result Format&Format=xThis controls the format of the results. This is the format, where x can be xml, html, txt (tab separator), csv (comma separator)
File Extension&Extension=.csvThis controls the file extension of the download file
Language&Lang=frThis controls the language of the report. The value permitted are the values of weblanguage
done&done=portalPagesparameter allows you to create a return link equal to a path that you have specified
Passing Filters

You can use the &Action=Navigate in conjuction with the with the parameters below to pass filters directly to a report via goURL. Use &P0=n where n equals the number of parameters you wish to filter and P1...to P6 with the one or more of the operators below:

OperatorMeaning
eqEqual to or in.
neqNot equal to or not in.
ltLess than.
gtGreater than.
geGreater than or equal to.
leLess than or equal to.
bwithBegins with.
ewithEnds with.
canyContains any (of the values in &P3).
callContains all (of the values in &P3).
likeYou need to type %25 in place of the usual % wildcard. See the examples that follow.
top&P3 contains 1+n, where n is the number of top items to display.
bottom&P3 contains 1+n, where n is the number of bottom items to display.
betBetween (&P3 must have two values).
nullIs null (&P3 must be 0 or omitted).
nnulIs not null (&P3 must be 0 or omitted).
&P2=ttt.cccIn this parameter, ttt is the table name and ccc is the column name.
If the table or column contains spaces, it must be quoted with double-quotes.
 Spaces should be escaped as %20, for example, Measures."Dollar%20Sales".
&P3=n+xxx+yyy+...+zzzIn this parameter, n is the number of values, and xxx, yyy, and zzz are the actual values.
 Note: If the value of P3 begins with a numeric character,
the entire value must be enclosed in quotes.
example: saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=top
&P2=Customers.Region&P3="7


Passing Filters Examples:

his returns records for the East and Central regions:
Saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=eq&P2=Customers.Region&P3=2+Central+East
This returns records for like Regions E....t:
saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=like&P2=Customers.Region&P3=1+E%25t
This returns the top two regions by dollars sold:
saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=top&P2="Sales%20Facts".Dollars&P3=1+2
This is an example where the number of arguments is not included in the syntax:
saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=top&P2=Customers.Region&P3=Central
This returns records with between 2,000,000 and 2,500,000 in sales:
saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=1&P1=top&P2="Sales%20Facts".Dollars&P3=2+2000000+2500000
This returns records for Regions beginning with the letter E:
saw.dll?Go&Path=vate&P0=1&P1=bwith&P2=Customers.Region&P3=1+E
This returns records for Regions containing the letter E and having more than 20 million in sales:
saw.dll?Go&Path=/Shared/Test/SB2&Action=Navigate&P0=2&P1=cany&P2=Customers.Region&P3=1+e&P4=gt&P5="Sales%20Facts".Dollars&P6=1+20000000
Generating SQL Statements using goURL:

The Go URL command can be used to issue Oracle Business Intelligence SQL. These forms of the Go URL return tabular results. The basic options from &Style= and &Options= can be used here as well.
To issue Oracle Business Intelligence's simplified SQL, include the escaped SQL as a parameter to the Go URL. For example:
saw.dll?Go&SQL=select+Region,Dollars+from+SupplierSales
where the FROM clause is the name of the Subject Area to query.

Alternatively, the command IssueRawSQL can be used to bypass the Web processing and issue SQL directly against the BI Server.
 
keywords: OBIEE 11g, goURL, answers, ad-hoc, analysis, analytics
at 6 comments:
Labels: , ,

Monday, July 1, 2013

FYI: Troubleshooting Security with the Oracle BI Security Diagnostics Helper

The hundreds of BI Security notes on Oracle Support, the countless blogs dedicated to OBIEE 11g security configuration, the myriad of configuration scenarios, test conditions, and troubleshooting steps documented in Oracle's Fusion Middleware Guide for Oracle Business Intelligence - what does all of this mean? The configuration of security within the OBIEE 11g platform is easier said than done.

With the release of OBIEE 11g, Oracle has made efforts to mitigate (or at least rule out) the potential risks associated with security configuration in their new weblogic-centric model. This is achieved through a little known helper utility called the 'Oracle BI Security Diagnostics' tool. This tool gives developers the ability to:
  • Diagnose security configuration issues within OBIEE
  • Test BISystemUser configuration settings
  • Test authentication of users
This tool is included with OBIEE 11.1.1.6.4 and higher but the ear file still needs to be deployed to AdminServer.

Step 1: Install the Oracle BI Security Diagnostics helper via WLST

In your unix terminal, execute the following command:

MW_HOME/ORACLE_HOME/common/bin/wlst.sh addDiagnosticsCodeGrant.py t3://<WebLogic_host_name>:<WebLogic_port_number>
e.g.
mw_home/Oracle_BI1/common/bin/wlst.sh addDiagnosticsCodeGrant.py t3://localhost:7001
You're going to be taken through a series of terminal interactions starting with the initalization of WLST:
Followed by log-in credentials to connect to WLST:
 
And finally a success message "Added code grants to bidiagnostics" which really just means the EAR file is ready for deployment in AdminServer.

Step 2: Deploy bidiagnostics.ear to AdminServer

In Admin Console (default 7001/console), navigate to Deployments -> Control tab and look for a deployment called 'bidiagnostics (11.1.1)' . Check the corresponding box and click 'Install':


The deployment is a straight forward process, and after the installation is complete just make sure you set the bidiagnostic application to 'Active'.

Step 3: Access the BI Diagnostic Helper

 Once the installation is complete, you can navigate to the application by accessing the following url:
http://mycomputer:7001/bidiagnostics/security/diagnostics.jsp
You'll be taken to a very simple UI that will give you the opportunity to perform basic security diagnostics and (hopefully) resolve any OBIEE 11g security issues you may encounter!


at 3 comments:
Labels: , , , , , ,

Sunday, January 13, 2013

FYI: User able to log-in even with Invalid (or no) password in OBIEE 11g

With the release of Oracle Business Intelligence (OBIEE) 11g, the 'old' (read: OBIEE 10g) way of authenticating users has been deprecated, mainly - authenticating a user's credentials via the repository which i've outlined in this post . At its core, 10g authentication was accomplished using init blocks that populated the :USERS and :GROUPS session variables in the repository.

OBIEE 11g, on the other hand, authenticates via authenticators in weblogic such as Oracle Internet Directory. This guide actually covers OID authentication in OBIEE 11g .

The OBIEE 10g method for authentication still exists in 11g, and unfortunately it is still possible to configure 11g init blocks so that the query does not check the password of the user.
For example:


SELECT USER_ID FROM USERS WHERE USER_ID = ':USER'

would just check the user id and not the password was correct but not check the password. In a scenario where such an INIT block exists and is set to act as an authentication block, this can lead to users being able to log in with any (or no) password. It can also lead to some apparently odd/inconsistent behaviour. Consider the scenario where Users A and B both exist in OID which is set as the primary identity store. But User B also exists in a database which is referenced by an INIT block as described above. Both try to login using the wrong password. User A will simply fail. However, while User B will fail Authentication against OID, because the BI Server knows there is an Authentication INIT block set, it will then attempt to run that for each of them and in the case of User B, because their username is in the USER_ID column of the USERS table, they will be allowed in as the INIT block query apparently succeeds, even though it does not in fact correctly check the user’s password.

There is no 'fix' for this other than to force username validation for init blocks that use the :USER block or completely avoid using the :USER session variable.

Oracle has acknowledged this in security document 1359798.1



keywords: OBIEE 11g security, data level security, initialization blocks,  USER session variables, weblogic authenticators, 
at 1 comment:
Labels: , , ,

FYI: Overview on Object Level Security, Application Roles, and Inheritance in OBIEE 11g

In Oracle Business Intelligence (OBIEE) 11g, Oracle has fundamentally changed how we map users to various security privileges.In OBIEE 10g, Object Level Security was enforced using the USER session variable, which mapped to a GROUP session variable. This created a list of possible 'groups', which a developer would then apply security restrictions to, in either Answers (Managed Privileges) and/or Security Managed in the repository.

A high level flow is outlined below:
































In OBIEE 11g, security authentication is enforced in the Weblogic Admin Server, and a user's security privileges are tied to their corresponding Application Roles in Fusion Middleware as shown in the diagram below:

The key take away is that object level security is applied to application roles and not groups.  Why application roles? In Weblogic and Fusion Middleware, we can actually assign certain privileges to an application roles - we call these 'Application Policies'. For example,  we can grant a certain application role the ability to 'edit the repository', or 'act as another user'. This feature, not possible in OBIEE 10g, now allows us to not only control what objects are being viewed, but also gives us the capability to control who can execute certain actions within the BI environment. This topic will be discussed in much greater detail in another guide.

Now let's go over the basic rules of Object Level Security for Application Roles in OBIEE 11g:

  • If a user is a direct member of an application role, they will have access to the reports allowed by that application role.
  • If a user is not a member of an application role, they will not have access to the reports allowed by that application role.
  • If a user is a direct member of two or more application roles with different security privileges for the same reports, the less restrictive security privilege is applied.
    • unless the user is explicitly denied. Explicit denial supersedes all security privileges.
  • If a user is a member of Application Role X, and Application Role X is a member of Application Role Y, the privileges in Application Role X supersede the privileges of Application Role Y

Let's cover each scenario in detail:

  • If a user is a direct member of an application role, they will have access to the reports allowed by that application role.
 
In this example, I granted Application Role 'Test Role 1' full control to folder 'Folder 1'. I then logged in as 'testuser1' who is a member of Application Role 'Test Role 1'. And as expected, testuser1 can read/write/edit/delete the folder.


  • If a user is not a member of an application role, they will not have access to the reports allowed by that application role.
In this example, I created 'Folder 2', only accessible by members of the 'BIAdministrator Application Role'. I then log in as a 'testuser1', which is not a member of the 'BIAdministrator Application Role'

As BIAdministrator:

As testuser1:


Note that in the above scenario, 'denying' the application role access accomplishes the same thing as taking no action onto the application role role (i.e. ignoring it completely)

  • If a user is a direct member of two or more application roles with different security privileges for the same reports, the less restrictive security privilege is applied.



























In this example, I created Folder 3, which grants 'read' access to Test Role 1 and 'modify' access to 'Test Role 2'. 'Testuser1' is a member of both 'Test Role 1' and 'Test Role 2'.

 
 

As expected, Testuser1 has modify rights to Folder 3 (noted by 'X', ability to delete), despite being a member of Test Role 1 which only grants the user read access








  • If a user is a direct member of two or more application roles with different security privileges for the same reports, the less restrictive security privilege is applied.
    • unless the role is explicitly denied


In this example, TestUser1 is a member of Test Role 1 and Test Role 2 and Test Role 3. Test Role 1 grants testuser1 open rights, Test Role 2 grants testuser1 modify rights and Test Role 3 is explicitly denied.
















As expected, testuser1 does not have access to Folder 4 because of Test Role 3

  • If a user is a member of Application Role X, and Application Role X is a member of Application Role Y, the privileges in Application Role X supersede the privileges of Application Role Y




























 
In this example, testuser1 is a member of application role 'Test Role 4'. Application role 'Test Role 5' is a member of application Role 'Test Role 4'. Test Role 4 grants 'open' privileges to Folder 5 and Test Role 5 grants 'full control' to Folder 5.

 
As expected, testuser1 only has read/open access to Folder 5 even though Application Role 'Test Role 5' grants full control. This is because direct inheritance overrides indirect inheritance








Even if the inherited role explicitly denies access to folder 5, the user will still be able to access folder 5 because the direct role grants read/open access:

Note how testuser1 has modify access to Folder 5 (noted by the 'X') , despite inheriting a role that is denied access to the same folder.




These basic rules can be applied to any hierarchy, no matter how complex. Think you've mastered these 4 basic rules? Identify the final privileges for User 1 in the scenario below:

* example courtesy of Oracle - found in Oracle Business Intelligence Fusion Middleware Security Guide


Result:

  • User is a direct member of Role 1 and 2 and indirect member of Role 3, Role 4 and Role 5
  • User has no access to Dashboard A
  • User has open access to Dashboard B
  • User has full control of Dashboard C
  • User has no access to Dashboard E
  • User has open access to Dashboard D

keywords : object level security, obiee security, obiee application roles, obiee 11g security, weblogic application roles, obiee inheritance
at 24 comments:
Labels: , , , ,

Saturday, January 12, 2013

FYI: Maximizing Your Oracle Support and Oracle Documentation for OBIEE 11g

When most OBIEE Architects and Developers encounter a problem or road block, their first solution (assuming they don't know how to resolve the issue) is to use google to search for error codes, potential solutions, or at least other developers to commiserate with!

An exceptional resource for OBIEE 10g/11g issues that I often see underused or completely ignored is Oracle's Support web site - http://support.oracle.com  . Yes, we all use Oracle Support to create trouble tickets but the Support site offers much more than just the ability to raise defects.

Here are key documents that all Oracle Business Intelligence Architects should follow if they want to stay current with the latest patches,  news, quarterly updates, and official Oracle announcements (like Oracle officially dropping Premier support of OBIEE 10g 10.1.3.4!)
  • Information Center: Business Analytics Index (EPM/BI) [ID 1378677.2]
    • Why: This is the central 'home page' for all of Oracle's Analytics products. You'll have access to the Quarterly BI News Letter, Oracle OBIEE Community, and more.
( Make sure you are book marking all of these using the star icon !)













  • Oracle Business Intelligence Enterprise Edition (OBIEE) Product Information Center (PIC) [ID 1267009.1]
    • Why: This is the starting point for all official Oracle Business Intelligence guides including : Troubleshooting, patching, and white papers
  • Information Center: Oracle Business Intelligence Enterprise Edition (OBIEE) Release 10g and Later [ID 1349983.2]
    • Why:  This  document aggregates posts from Oracle's OBIEE community, new features and processes,  and highlights new articles
  • The Official Oracle Business Intelligence Enterprise Edition Community - https://communities.oracle.com/portal/server.pt/community/obiee/475
    • Why: This is similar to Oracle's freebie forum http://forums.oracle.com with the exception that there are dedicated Oracle OBIEE Architects who reply to your posts - definitely worth the bookmark!

I also recommend subscribing to Oracle's Hot Topics email for OBIEE as it's another way for you to stay current with OBIEE news if you don't have the time to review the above web sites. You can subscribe as follows:

Navigate to My Oracle Support -> Settings -> Hot Topics E-mail




















Then specify the products of your interest. I recommend: Business Intelligence Interactive Dashboard,  Business Intelligence Server Administrator, Oracle Business Intelligence Applications Foundation, Oracle Business Intelligence Server Enterprise Edition, Oracle Business Intelligence Suite Enterprise Edition











Of course, the Official Oracle Documentation is another must have:
at No comments:
Labels: , ,

Friday, November 30, 2012

FYI: Log could not be retrieved - nQSError: 43113, nQSError: 10058

I've noticed something a little surprising with the OBIEE 11g upgrade assistant & opatch tool. After you apply a patch set (e.g. 11.1.1.6.4), core BIServer components become 'locked' or a default file privilege gets applied that is too restrictive.

In fact, in my last post I covered a similar issue with Oracle Process Manager and Notification Server (OPMN) failing to start after applying a bundle patch, you can read it here .

This post follows a similar issue, in that logging in OBIEE 11g is non-functional after applying a patch set:

Log Could Not Be Retrieved
  Odbc driver returned an error (SQLExecDirectW).
  Error Details
Error Codes: OPR4ONWY:U9IM8TAC
State: HY000. Code: 10058. [NQODBC] [SQL_STATE: HY000] [nQSError: 10058] A general error has occurred. [nQSError: 43113] Message returned from OBIS. [nQSError: 43100] Log Viewer process reported error 2:No such file or directory. (HY000)
Oracle Technical Network has, unfortunately, no documentation on this issue of BIServer components file privileges becoming too restrictive. If an OBIEE Administrator wants to enable logging in their Answers environment, it is usually achieved by setting the LOGLEVEL to a value greater than 0 or less than 6:



This will not work IF your Answers environment is unable to identify or access the log file or directory. So the question is:

Why is access to the log file & directory disabled in my Answers environment and how do I enable access?

First: Understand that Presentation Logging in OBIEE 10g and OBIEE 11g is captured in your nqquery.log file located at: $ORACLE_INSTANCE_HOME\diagnostics\OracleBIServerComponent\..\..\nqquery.log

Second: The mechanism Answers uses for reading a log file is the nqlogviewer executable which is located in your $ORACLE_HOME\bifoundation\server\bin folder

So the error nQSError:43113 leads me to believe that insufficient privleges has been set for the nqlogviewer executable.  I assume this is true because similiarly in my previous post core BI components nqserver, nqscheduler, etc, were all inaccessible.

So to resolve this, apply the following command to your nqlogviewer : chmod 777 nqlogviwer (777 enables access to ALL USERs, so make sure to replace it with the parameter that allows read/write access to your obiee account):



Now go back to the same report, and viola, the session log is visible - no restart required!



Keywords: nqserror, obiee 11g installation, obiee 11.1.1.6 upgrade, obiee upgrade assistant, obiee 11g, opatch, opmn start failed


at No comments:
Labels: , ,

Monday, November 12, 2012

FYI: Error while running Upgrade Assistant OBIEE 11g - UPGAST-00055

When migrating our legacy OBIEE 10g webcat and RPD to Oracle's new 11g platform, we often don't have the privilege of using a GUI based operating system for assembly & system test as most production systems are Solaris or Red Hat.

We can all agree that a unix distribution is more powerful & flexible, yet leaves much to be desired when attempting to resolve configuration issue in a 'friendly UI environment'. This is certainly no exception when attempting to use Oracle's Upgrade Assistant Command Line Interface .

Many users have encountered error " UPGAST-00055: error reading the Universal Installer Inventory. The inventory pointer oraInst.loc is either not readable or doest not exist". A quick search of Oracle's Fusion Middleware Error Message Reference Guide makes me believe that Oracle's writers are playing a cruel joke in their attempt to 'help':








Action: "see the secondary error message?" You've got to be kidding me!!

Oracle's 'help' aside, the upgrade assistant is looking for an oraInst.loc file which contains 2 things:
  1. The location of your installation directory
  2. The install group of your user
But the upgrade assistant cant find your oraInst.loc file, why?
UA, by default, searches for the oraInst.loc file in your /var/opt/oracle folder. But many times, the file won't be located there - for a number of reasons , including:
  • custom installation directories
  • co-installation of multiple oracle products
  • de-installation and subsequent re-installation attempts
But you're not out of luck. Most likely, your oraInst.loc file will be in your $MW_HOME/oracle_common folder:















You can then use the UA CLI paramater -invPtrLoc to specify your custom oraInst.loc path.:




./ua MT -BIEEE -webcatdir /export/obiee/11g/Oracle_BI1/bin/webcatalog -invPtrLoc /export/obiee/11g/oracle_common/oraInst.loc -webCatDeliversDir /delivers -wlsPort 7001 -wlsUser weblogic
will generate the following:








followed by a series of postupgrade tasks that you can view at 'tail -f $ORACLE_HOME/upgrade/logs/postupgrade.txt'
and ultimately a 'completed successfully' message:






































But what if you can't find your oraInst.loc file? Don't worry! Oracle has a template you can use located at:
  • /$ORACLE_HOME//bifoundation/provision/scripts/bidomain/inst
  1. Rename it to oraInst.loc
  2. Copy it to your $ORACLE_HOME folder
  3. Populate the inventory_loc line with the path to your oraInventory folder
  4. Populate the inst_group with the group name of the account you're using to install & upgrade OBIEE
  5. Run the upgrade assistant as specified above

Problem solved!

keywords : obiee 11g upgrade, upgrade assistant,  obiee administration, obiee 11g administration, weblogic obiee
at No comments:
Labels: , ,

Wednesday, November 7, 2012

FYI: OPMNCTL Failed to Start Managed Process After Maximum Retry Limit on Solaris 10, OBIEE 11g

If you've happened to glance at Oracle Technical Network, it appears that alot of practitioners are encountering an issue when upgrading their 11g platform to the newest 11.1.1.6.4 version if they're using a Solaris or Linux distribution.

After upgrading to 11.1.1.6.4 as outlined in my previous blog post some users encounter the following error(s) when trying to start their BI services using opmnctl (Oracle Process Manager and Notification Server) with the 'opmnctl startall' command:

================================================================================
Response: 1 of 5 processes started.

ias-instance id=instance1
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ias-component/process-type/process-set:
coreapplication_obis1/OracleBIServerComponent/coreapplication_obis1/

Error
--> Process (index=1,uid=1445883997,pid=18522)
failed to start a managed process after the maximum retry limit
Log:
/u01/app/oracle/obiee11g/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1/console~coreapplication_obis1~1.log

ias-component/process-type/process-set:
coreapplication_obips1/OracleBIPresentationServicesComponent/coreapplication_obips1/

Error
--> Process (index=1,uid=1445883998,pid=0)
Executable file does not have execute permission
/u01/app/oracle/obiee11g/Oracle_BI1/bifoundation/web/bin/sawserver
failed to start a managed process after the maximum retry limit
Executable file does not have execute permission
/u01/app/oracle/obiee11g/Oracle_BI1/bifoundation/web/bin/sawserver
Log:
none

ias-component/process-type/process-set:
coreapplication_obisch1/OracleBISchedulerComponent/coreapplication_obisch1/

Error
--> Process (index=1,uid=1445884000,pid=18523)
failed to start a managed process after the maximum retry limit
Log:
/u01/app/oracle/obiee11g/instances/instance1/diagnostics/logs/OracleBISchedulerComponent/coreapplication_obisch1/console~coreapplication_obisch1~1.log

ias-component/process-type/process-set:
coreapplication_obiccs1/OracleBIClusterControllerComponent/BIClusterController/

Error
--> Process (index=1,uid=1445884001,pid=0)
Executable file does not have execute permission
/u01/app/oracle/obiee11g/Oracle_BI1/bifoundation/server/bin/nqsclustercontroller
failed to start a managed process after the maximum retry limit

 The important things to note are:
  • You may encounter all, some, or just 1 of your bi_services which fail to start. In the above example, the following services failed to start:
    • BI Server
    • BI Publisher
    • BI Cluster Controller
    • BI Scheduler
  • There are actually two issues:
    • Managed Processes failed to start after the maximum retry limit
    • Certain executable files do not have the execute permission enabled
Issue 1: Fix Maximum Retry Limit

This can be easily resolved by setting the ulimit at the user level to : ulimit -d unlimited , as outlined in Oracle's note ID: 1292887.1 . Anyone who has worked in OBIEE 10g should be familiar with this as it is required in 10g's installation process as well.

Issue 2: Enable read access on executable files

If you tried re-running opmnctl startall after resolving issue 1, you'll notice that the BI services still fail to run despite increasing the maximum retry limit. Upon examining the log files as outlined in the above error:

  • u01/app/oracle/obiee11g/instances/instance1/diagnostics/logs/OracleBIServerComponent/coreapplication_obis1/console~coreapplication_obis1~1.log
  • u01/app/oracle/obiee11g/instances/instance1/diagnostics/logs/OracleBISchedulerComponent/coreapplication_obisch1/console~coreapplication_obisch1~1.log
You'll notice that OPMNCTL still fails because it can't execute: nqsserver, nqscheduler and nqsclustercontroller. Below is the log from the above bullet point #1 :

/export/obiee/11g/Oracle_BI1/bifoundation/server/bin/biserver.sh: nqsserver: cannot execute--------
12/11/06 15:48:06 Start process
--------
/export/obiee/11g/Oracle_BI1/bifoundation/server/bin/biserver.sh: nqsserver: cannot execute

 During the 11.1.1.6.4 upgrade on your Solaris or Linux box, these files became read only!

How to resolve this read only issue:

Navigate to your $ORACLE_HOME/bifoundation/server/bin folder and make the the following files executable by using the chmod +x command:  nqscheduler, nqsclustercontroller, nqsserver. These files should have read/write privileges as outlined in the image below:



















Now when you run opmnctl startall, all  services should execute successfully:

Important:

After the upgrade, it is critical that you follow Oracle's recommended start up & shutdown sequence for weblogic & OBIEE 11g

Start up:
  • $DOMAIN_HOME/bin/startWebLogic.sh (Weblogic)
  • $WL_HOME/server/bin/startNodeManager.sh (Node Manager)
  • $DOMAIN_HOME/bin/startManagedWebLogic.sh bi_server1 http://server.domain:7001 (Managed Server)
  • $ORACLE_INSTANCE/bin/opmnctl startall (OPMN)
Shutdown:
  • $ORACLE_INSTANCE/bin/opmnctl stopall (OPMN)
  • $DOMAIN_HOME/bin/stopManagedWebLogic.sh bi_server1 t3://host.domain:7001 username password (Managed Server)
  • $DOMAIN_HOME/bin/stopWebLogic.sh username password t3://host.domain:7001 (Admin Server)

In my upcoming blog post i'll discuss how to automate this entire process.



keywords: opmn , opmn start failed, obiee 11g, opmn obiee weblogic, bi_server

at 7 comments:
Labels: ,
Subscribe to: Posts (Atom)