Tag Archives: Obiee
TimesTen and OBIEE port conflicts on Exalytics
Introduction
Whilst helping a customer set up their Exalytics server the other day I hit an interesting problem. Not interesting as in hey-this-will-cure-cancer, or oooh-big-data-buzzword interesting, or even interesting as in someone-has-had-a-baby, but nonetheless, interesting if you like learning about the internals of the Exalytics stack.
The installation we were doing was multiple non-production environments on bare metal, a design that we developed on our own Rittman Mead Exalytics box early on last year, and one that Oracle describe in their Exalytics white paper which was published recently. Part of a multiple environment install is careful planning of the port allocations. OBIEE binds to many ports per instance, and there is also TimesTen to consider. I’d been through this meticuluously, specifying ports through the staticports.ini
file when building the OBIEE domain, as well as in the bim-setup.properties
for TimesTen.
So, having given such careful thought to ports, imagine my surprise at seeing this error when we started up one of the OBIEE instances:
[OracleBIServerComponent] [ERROR:1] [] [] [ecid: ] [tid: e1dbd700] [nQSError: 12002]
Socket communication error at call=bind: (Number=98) Address already in use
which caused a corresponding OPMN error:
ias-component/process-type/process-set:
coreapplication_obis1/OracleBIServerComponent/coreapplication_obis1/
Error
--> Process (index=1,uid=328348864,pid=17875)
time out while waiting for a managed process to start
Address already in use? But…all my ports were hand-picked so that they explicitly woulnd’t clash …
Dynamic ports
So it turns out that TimesTen, as well as using the two ports that are explicitly configured (deamon and server, usually 53396 and 53397 respectively), the TimesTen server processs also binds to a port chosen at random by the OS each time for the purpose of internal communication. The OS chooses this port based on the configured dynamic port range, and of that range, which ports are available. This is similar to what the Oracle Database listener does, and as my colleague Pete Scott pointed out it’s been known for port clashes to occur between ODI and the Oracle Database listener. What TimesTen is doing is nothing specific to TimesTen as such, and it is conforming to standard good practice in its use of the OS API calls for port allocations.
To see this in action, use the netstat command, with the flags tlnp:
t
: tcp onlyl
: LISTEN status onlyn
: numeric addresses/ports onlyp
: show associated processes
We pipe the output of the netstat command to grep to filter for just the process we’re looking for, giving us:
[oracle@obieesample info]$ netstat -tlnp|grep ttcserver
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:58476 0.0.0.0:* LISTEN 4811/ttcserver
tcp 0 0 0.0.0.0:53397 0.0.0.0:* LISTEN 4811/ttcserver
Here we can see on the last line the TimesTen server process (ttcserver
) listening on the explicitly configured port 53397 for traffic on any address. We also see it listening on port 58476 for traffic only on the local loopback address 127.0.0.1
.
What happens if we restart the TimesTen server and look at the ports again?
[oracle@obieesample info]$ ttdaemonadmin -restartserver
TimesTen Server stopped.
TimesTen Server started.
[oracle@obieesample info]$ netstat -tlnp|grep ttcserver
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:17073 0.0.0.0:* LISTEN 6878/ttcserver
tcp 0 0 0.0.0.0:53397 0.0.0.0:* LISTEN 6878/ttcserver
We can see the same listen port 53397 as before, listening for any client connections either locally or remotely, but now the port bound to the local loopback address 127.0.0.1
has changed – 17073.
Russian Roulette
So each time TimesTen starts it requests a port from the OS which will allocate one from the ports available in the dynamic port range. Unfortunately, this may or may not be one of the ones that OBIEE is configured to use. If OBIEE is started first, then the problem does not arise because OBIEE has already taken the ports it needs, leaving the OS to choose from the remaining unused ports for TimesTen to use.
If there are multiple instances of TimesTen and multiple instances of OBIEE then the chances of a port collision increase. What I wanted to know was how to isolate TimesTen from the ports I’d chosen for OBIEE. Constraining the application startup order (so that OBIEE gets all its ports first, and then TimesTen can use whatever is left) is a lame solution since it artificially couples two components that don’t need to be, adding to the complexity and support overhead.
TimesTen itself cannot be configured in its behaviour with these ports – Doc ID 1295539.1 states:
[...] All other TCP/IP port assignments to TimesTen processes are completely random and based on the availability of ports at the time when the process is spawned.
To understand the port range that TimesTen was using (so that I could then configure OBIEE to avoid it) I knocked up this little script. It restarts the TimesTen server, and then appends to a file the random port that it has bound to:
$ cat ./tt_port_scrape.sh ttdaemonadmin -restartserver netstat -tlnp|grep ttcserver|grep 127.0.0.1|awk -F ":" '{print $2}'|cut -d " " -f 1 1>>tt_ports.txt
Using my new favourite linux command, watch
, I can run the above repeatedly (by default, every two seconds) until I get bored^H^H^H^H^H^H^H^H^H
have collected sufficient data points
watch ./tt_port_scrape.sh
Finally, parse the output from the script to look at the port ranges:
echo "Lowest port: " $(sort -n tt_ports.txt | head -n1) echo "Highest port: " $(sort -n tt_ports.txt | tail -n1) echo "Number of tests: " $(wc -l tt_ports.txt )
Using this, I observed that TimesTen server would bind to ports ranging from as low as around 9000, up to 65000 or so.
Solution
Raising this issue with the good folks at Oracle Support yielded a nice easy solution. In the kernel settings, there is a configuration option net.ipv4.ip_local_port_range
which specifies the local port range available for use by applications. By default this is 9000 to 65500, which matches the range that I observed in my testing above:
[root@rnm-exa-01 ~]# sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 9000 65500
I changed this range with sysctl -w
:
[root@rnm-exa-01 ~]# sysctl -w net.ipv4.ip_local_port_range="11000
65000"
[root@rnm-exa-01 ~]# sysctl net.ipv4.ip_local_port_range
net.ipv4.ip_local_port_range = 11000 65000
and then reran my testing above, which sure enough showed that TimesTen was now keeping its hands to itself and away from my configured OBIEE port ranges:
Lowest port: 11002
Highest port: 64990
If I ran the test for longer, I’m sure I’d hit the literal extremes of the range. One important point here is that the range should not be set too small, because really nasty things will happen if the OS runs out of dynamic ports, and these ports are used in many places in the OS and applications running on it, not just the obvious TimesTen and associated Exalytics applications.
To make the changes permanent, I added the entry to /etc/sysctl.conf
:
net.ipv4.ip_local_port_range = 11000 65535
The final point to note here is that if you are installing multiple TimesTen environments on the same Exalytics server then you may actually find one TimesTen instance conflicting with another, if the first instance to start gets allocated a port by the OS which happens to be one of the two static ones that another TimesTen instance on the server is configured to use. Thus, if you are planning on mapping your OBIEE ports outside of the (possible reconfigured) net.ipv4.ip_local_port_range
you may be advised to do the same for the static TimesTen ports too.
Lessons learned
- Diagnosing application interactions and dependencies is fun ;-)
watch
is a really useful little command on linux- When choosing OBIEE port ranges in multi-environment Exalytics installations, bear in mind that you want to partition off a port range for TimesTen, so keep the port ranges allocated to OBIEE ‘lean’.
OBIEE 11.1.1.7 in-place upgrade errors
1.) Application Policies:
All custom-created application policies were dropped during the upgrade, leaving only the vanilla ones. Affected file: system-jazn-data.xml.
2.) Application Roles (this one is a bit queerer):
Affected file: system-jazn-data.xml.
Unmodified vanilla roles come through the upgrade unharmed and retain all their vanilla members (users, groups and app roles alike).
Custom roles equally come through the upgrade unharmed and retain all their vanilla as well as custom members of all kinds.
The problem is with vanilla application roles which have received new/additional members when compared to a plain install:
The role itself still exists, but it loses all vanilla members and only retains custom members.
Example application role "BIAdministrator":
Pre-upgrade members: vanilla group "BIAdministrators" (WLS-native LDAP group); group "CustomAdministrators" (custom LDAP derived group); user "cberg" (custom LDAP derived user) and several others.
Post-upgrade members: group "CustomAdministrators" (custom LDAP derived group); user "cberg" (custom LDAP derived user) - the WLS-native LDAP group has been dropped.
This wasn't immediately visible due to the new way the members of an application role are displayed (call me old-fashioned, but I prefered the old style - the new doesn't allocate enough screen real-estate) doesn't really show it at quick glance and I was wondering why I got weird "Logon Failed" errors when wanting to check the RPD online while all the logs proudly proclaimed "No no, you're definitely authenticated nicely". WLS and EM logons oviously work since the app role concept doens't kick in.
Hope this helps other people from wasting time.
@Borkur seems to have another nice one related to security hanging around. I'll make sure to ask him to post his one into the comments.
Cheers!
The Rittman Mead scripts github repository
Here at RittmanMead we’re big fans of working smarter, not harder. One of the ways we do this is not re-inventing the wheel. There’s only so many ways that products such as OBI and ODI can be implemented, and we’ve probably seen most of them. The corollary of this is that we have a large number of useful and reusable scripts that we use on a regular basis .
Another part of working smarter is the use of a good VCS (Version Control System). Stewart has already been preaching the good word over at his git and OBIEE series, and needless to say we use git for looking after our scripts too.
Today we’re opening up our scripts git repository, making several of our scripts available to the OBIEE and ODI community. You can find it on github here, or clone it directly using the URL in your git client, or from the commandline:
git clone git@github.com:RittmanMead/scripts.git
Obviously, we’re holding a few gems back, after all, we’ve all got to eat right? But we’d like to see community participation in the repository, so go ahead and use it, fork it and make improvements, add your own scripts, and submit a pull request to merge them back in to share with the community again. To keep track of what’s going on and when new scripts are added, you can watch it on github.
Boring disclaimer
Hopefully it goes without saying, all the content in the repository is provided without warranty, etc etc, don’t blame us if your OBIEE server spontaneously combusts or starts dancing on one leg. The scripts will have been tested and known to work (usually on Oracle Linux), but may need amending to work on your particular OS. If you can fix scripts to run on your OS, please go ahead and submit a pull request!
Also – the material is available to all, that’s why we’re making it public – but it would be good form if you go on to use the scripts to keep reference back to their origin and not rip them off as your own. Not that anyone would do that.
So what’s in the goodie bag?
A gold-plated OBIEE init.d script
It’s not quite gold-plated, but it certainly has had some polish compared to the usual scripts that I’ve found for this purpose to date.
The script will automagically run OBIEE at startup, shut it down when the server is shutdown, and gives you access to a status
command that probes the status of it to determine whether it’s up or not. It supports multiple installations of OBIEE on a server, and requires minimal configuration.
The difference between this script and others is that instead of just looking for a running service, or polling a log file for a particular string, it looks at the processes, the network ports, each of the opmn-managed processes, and even whether /analytics
is accessible.
The script also handles timeouts for the components, which is important when using it as part of a server shutdown routine. If a process takes too long (quite how long is customisable) shutting down, it will be killed so that the server shutdown doesn’t hang.
The configuration required is minimal; just the FMW_HOME
(where OBIEE is installed), and optionally where you want log files written and under which user to run OBIEE. If you haven’t already, you’ll want to configure boot.properties so that you’re not prompted for credentials each time you start/stop WebLogic.
You’ll find the script in obi/init.d/obiee with full details on how to set it up and use it in the associated README.md
pull_the_trigger.sh – An OBIEE sysadmin testing script
Put your OBIEE sysadmin skills to the test with this nifty little script. Set it up with your FMW_HOME
details (no peeking at the rest of the script!) and then run it. It will take a random action that breaks something on your OBIEE system, and it’s your job to figure out what.
Hopefully it’s not necessary to say, don’t run this on your Production OBIEE server!
Bonus Tip: Use service obiee status
enabled by the script above to make your life easier in diagnosing OBIEE problems!
Various WLST scripts
A hotchpotch of WLST scripts to make the OBIEE sysadmin’s life easier, including:
- Enable/disable BI Server caching
- Add users to the WLS LDAP directory
- Enable Usage Tracking
- Deploy an RPD
- Check the state of Application Deployments
Response files
Response files to use with silent installs and upgrades of OBIEE.
manage_rpd.pl
Last but no means least in this list is a script by Stewart Bryson. Find out more by following the forthcoming posts in his Git and OBIEE blog series, but I will say this, it looks very useful if you’re doing anything with MDS XML….
Learn OBIEE 11.1.1.7 from the experts!
Here at RittmanMead we write and deliver our own courses on Oracle’s products including OBIEE, ODI, OWB and EPM. Our trainers also consult and deliver projects, meaning that our training is based on real-world usage of the products. We offer public courses in UK, US, India and Australia, as well as private courses for clients the world over. Private courses can be customised to meet a client’s precise requirements.
We are proud to announce the latest version of our OBIEE training, which has been updated for the latest version of OBIEE, 11.1.1.7. The first public delivery of this course will be in our Brighton offices on July 22nd. RittmanMead co-founder and Oracle ACE Director Mark Rittman will be delivering part of it, as well as Principal Trainer Robin Moffatt.
Sign up online now to book your place, and benefit from a 10% discount using code 3202JUL13:
- July 22-26 : TRN202 OBIEE 11g Bootcamp (5 days) : Course Details / Book Now!
You can also join us for two shorter sections of the course:
- July 24-25: TRN205 : Oracle BI EE 11g Create Reports, Dashboards, Alerts and Scorecards (2 days) : Course Details / Book Now!
- July 22-23: TRN206 : OBIEE 11g Repository (RPD) Modelling (2 days) Prices: Course Details / Book Now!
For more information about our public courses, see the schedule listing here, or to enquire about private courses or any other training enquiry, email us at training@rittmanmead.com
Patch OBIEE the quicker way – with OPatch napply
Since 2012, Oracle’s patching strategy for OBIEE has been Bundle Patches released approximately once a month. These bundle patches are usually cumulative ones, applied on top of the .0 version of the product. Patching is done through Oracle’s standard OPatch
tool, which manages the application of patches along with an inventory of them and rollback if necessary.
I’ve previously written about the overall patching process here. OPatch is part and parcel of an OBIEE sysadmin’s life, so I wanted to share this short article to show the quicker way to apply the PSUs. It uses a more direct way than the patch documentation describes, taking advantage of the napply
option of OPatch (documented here). By using this option OPatch
will apply all listed patches in one go, rather than one at a time. As well as this, we can use the silent
flag to stop OPatch
from prompting to apply each patch in turn.
- Download the necessary patches – for 11.1.1.7.1 this is 16569379 and 16556157. In a server environment you can use wget to download the patches as detailed here.
- Validate the checksums for the downloaded files, to make sure they didn’t get corrupted during download. Use the Digest link when downloading to view the checksums. For example, the Linux x86-64 checksums are :
p16556157_111170_Linux-x86-64.zip 2673750617 bytes MD5 D3DDDEC4CB189A53B2681BA6522A0035 p16569379_111170_Linux-x86-64.zip 93617 bytes MD5 2BC0E8B903A10311C5CBE6F0D4871E31
- Unzip the patches. Within the main patch (16556157) there are a series of further zip archives – unzip these too
- Put all the patch folders in a single folder, so it looks something like this:
- Take backups, as described in the patch documentation.
- Set your environment variables, setting
PATCH_FOLDER
to the folder you unzipped the patches to in step 4 above, andORACLE_HOME
to yourFMW_HOME/Oracle_BI1
folder- Windows:
set PATCH_FOLDER=Y:\installers\OBI\11.1.1.7\win-x86-64_11.1.1.7.1 set ORACLE_HOME=c:\oracle\middleware\Oracle_BI1 set JAVA_HOME=%ORACLE_HOME%\jdk set PATH=%ORACLE_HOME%\OPatch;%JAVA_HOME%\bin;%ORACLE_HOME\bin%;%PATH%
- Linux:
export PATCH_FOLDER=/mnt/hgfs/installers/OBI/11.1.1.7/linux-x86-64_11.1.1.7.1 export ORACLE_HOME=/home/oracle/obiee/Oracle_BI1 export JAVA_HOME=$ORACLE_HOME/jdk export PATH=$ORACLE_HOME/OPatch:$JAVA_HOME/bin:$ORACLE_HOME/bin:$PATH
- Windows:
- Shut down OPMN, the Managed Server and the Admin Server
- Apply all the patches in one go, with no prompting:
- Windows:
opatch napply -silent %PATCH_FOLDER% -id 16453010,16842070,16849017,16850553,16869578,16916026,16569379
- Linux:
opatch napply -silent $PATCH_FOLDER -id 16453010,16842070,16849017,16850553,16869578,16916026,16569379
- Windows:
- Validate that they’ve been applied – the following should list all seven patches plus the bugs they fix:
opatch lsinventory
- Per the instructions in the README.html for patch
16453010
for post-patch actions:- Windows:
del
%ORACLE_HOME%\bifoundation\web\catalogmanager\configuration\org.eclipse.osgi
copy %ORACLE_HOME%\clients\bipublisher\repository\Tools\BIPublisherDesktop*.exe %ORACLE_HOME%\..\user_projects\domains\bifoundation_domain\config\bipublisher\repository\Tools copy %ORACLE_HOME%\clients\bipublisher\repository\Admin\DataSource\msmdacc64.dll %ORACLE_HOME%\..\user_projects\domains\bifoundation_domain\config\bipublisher\repository\Admin\DataSource for /d /r %ORACLE_HOME%\..\user_projects\domains\bifoundation_domain\servers\bi_server1\tmp\_WL_user\bipublisher_11.1.1 %d in (jsp_servlet) do @if exist "%d" rd /s/q "%d"del
%ORACLE_HOME%\
bifoundation\web\catalogmanager\configuration\org.eclipse.equinox.app - Linux:
rm -rv $ORACLE_HOME/bifoundation/web/catalogmanager/configuration/org.eclipse.osgi rm -rv
$ORACLE_HOME/
bifoundation/web/catalogmanager/configuration/org.eclipse.equinox.app cp $ORACLE_HOME/clients/bipublisher/repository/Tools/BIPublisherDesktop*.exe $ORACLE_HOME/../user_projects/domains/bifoundation_domain/config/bipublisher/repository/Tools/ cp $ORACLE_HOME/clients/bipublisher/repository/Admin/DataSource/msmdacc64.dll $ORACLE_HOME/../user_projects/domains/bifoundation_domain/config/bipublisher/repository/Admin/DataSource rm -rfv $ORACLE_HOME/../user_projects/domains/bifoundation_domain/servers/bi_server1/tmp/_WL_user/bipublisher_11.1.1/*/jsp_servlet
(NB the
msmdacc64.dll
didn’t exist on either of my installations that I’ve tried this on) - Windows:
- Start up Admin Server, Managed Server, and OPMN. Login to OBIEE and check the new version:
- Don’t forget to check the README.html for patch 16453010 for full instructions on updating the client, customised skins, mapviewer config, etc.