Interesting, we tested ExaData (is RAC) a while back with no issues. Have you set any of these flags  (ENLIST=false; HA EVENTS=false; LOAD BALANCING=false; ) in your connection jdbcurl?
What type of connection to the RAC do you use?
...can you send your jdbcurl as defined in your ifscloud-values.yaml? 

The log you have sent is from the Linkerd container in the ifsapp-iam pod - seems it’s just a warning.
Can you send the error from the ifsapp-iam container as well?


After you sent the log of the error in the iam container (i’m interested to see what happens there) try this:

ifscore:
  networkpolicy:
    enabled: true
    dbEgress: |
      - to:
        - ipBlock:
            cidr: 10.1.96.76/24
        ports:
        - port: 1521
        - port: 6200

Where the cidr matches your ip range of your RAC nodes.
 

Hi ​@hhanse 

I tried to use ENLIST=false; HA EVENTS=false; LOAD BALANCING=false; 

Did not help.

In case of using RAC and SCAN service we had to disable networkpolicy to be able to connect via hostname.

last conn string 

data: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=pdb))(ENLIST=FALSE)(HA_EVENTS=FALSE)(LOAD_BALANCING=FALSE))

also I attached logs. 

I changed hostnames in conn string and logs. 

Hi,

The iam logs are so verbose i can’t see any errors in it. - can you?
Can you disable debug level, and do a “mtctl stop -n <namespace>”
when pods are down start them again “mtctl start -n <namespace>”
When the pods are as stable that will get (IAM not up then?) do a 
“mtctl dump  -n <namespace>” 

Send the dump to me (mailed my mail address to you earlier)
 

​@hhanse 

Hi, I disable debug for iam pod. 

Here is the last part from log before container restarts:

Updating service account users of the clients with service account enabled...
Service account found - service-account-ifs_aurena_native_services
Service account found - service-account-ifs_boomi
Service account found - service-account-ifs_ce_sso
Service account found - service-account-ifs_connect
Service account found - service-account-ifs_docman_esign
Service account found - service-account-ifs_dss
Service account found - service-account-ifs_filestorage
Service account found - service-account-ifs_reporting
Service account found - service-account-ifs_scim
ERROR: Unable to setup realm

Failed to import using keycloak-config-cli Restarting ifsapp-iam container
./start_script.sh: line 7:    41 Killed                  $script
************* Diagnostic traces ***************
dmesg: klogctl: Operation not permitted

Not sure that this is RAC related at all… 
Do you have and users or idp’s configured in you env yet?
If not - I think you should try to empty the ifsiamsys db schema first and restart IAM pod after that.



 

Hi ​@hhanse 

I tried to empty the IFSIAMSYS schema, but it had no effect.
This is a new customer and a fresh installation from Build Home.
As I see it, the problem is that IFSIAM could not import the realm using keycloak-config-cli…

I have attached the full log from the container without debug mode.

From you log:
{"timestamp":"2025-02-11T13:09:12.932865347Z","sequence":207,"loggerClassName":"org.jboss.logmanager.Logger","loggerName":"oracle.simplefan.FanManager","level":"SEVERE","message":"attempt to configure ONS in FanManager failed with oracle.ons.NoServersAvailable: Server time out","threadName":"agroal-21","threadId":36,"mdc":{},"ndc":"","hostName":"ifsapp-iam-b79d6c8fc-7sp84","processName":"quarkus-run.jar","processId":79}


Can you remove the ONS (Oracle Notification Service) and FAN (Fast Application Notification) from the RAC cluster?

ONS (Oracle Notification Service) and FAN (Fast Application Notification) from the RAC cluster?

What would be commands we can use to remove ONS and FAN?

Thanks

IFS Cloud integrated with Oracle RAC or ODA has not yet been tested by our R&D. Consequently, it is too early to ascertain its functionality. This matter has already been reported to R&D, and we are awaiting their response. Thanks for your patience. We will share an update soon. 

We have a workaround for this as per R&D for this issue. 

1: Adding ONS and FAN disabling parameters to the jdbc connection string:
                                 "oracle.jdbc.fanEnabled=false&oracle.ons.disable=true"
2: Stop all pods “mtctl stop -n <namesapce>
3: Install the new jdbc config “installer --set action=mtinstaller”
4: Make sure iam pod starts
5: Remove fan/ons params from jdbc connection string and reinstall again.
6: IAM pod and all other pods should go up now.

Not sure how official this workaround was :)
A workaround should come from the team owning the IAM pod… not from me.

Anyway - There is a “?” missing in the instruction above - here is an example:

      data: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=bazipl-qfcyt-scan.ocioracleexapr.ocioracleexa1v.oraclevcn.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=DB0319_PDB1.paas.oracle.com)))?oracle.jdbc.fanEnabled=false&oracle.ons.disable=true

When using this jdbcurl other pods might fail to start, that is why it need to be removed after IAM has been configured. As far as i understand the IAM will work with ONS enables after it has created the REALM and it’s users.

Hi,

We have upgraded a customer environment from APP10 to 24R2, and we get the same error log from the ifsapp-iam pod, which was attached by ​@aNm. Herewith, I have attached the log.

But in our case, DB is a containerized single instance, not RAC. 

I have tried changing the connection URL as mentioned by ​@hhanse, and we got the following error

Do you have any idea about this?

Best Regards,
Hashan​

We were not able to fix the issue by adding ONS and FAN disabling parameters "oracle.jdbc.fanEnabled=false&oracle.ons.disable=true" to the JDBC connection string. It failed mtinstaller with another error.

I was able to fix it by editing the ifsapp-iam deployment.

I did it from the middle-tier server

microk8s kubectl edit deployment ifsapp-iam -n <namespace>

And add the below environment variable as shown in the screenshot below

- name: JAVA_TOOL_OPTIONS
  value: -Doracle.jdbc.fanEnabled=false -Doracle.ons.disable=true

IFS has resolved the issue related to ONS (Oracle Notification Service) and FAN (Fast Application Notification). The necessary changes have been implemented, and corresponding Service Updates (SUs) are now available. These updates disable ONS/FAN in the affected services until full support is introduced in future releases.

23.2.19 - 23R2 SU19
24.1.13 - 24R1 SU13
24.2.8 - 24R2 SU8
25.1.0 - 25R1 GA
25.2E.0 - 25R2 EA
 

Additionally, please note that full support for ONS/FAN is tentatively planned to be addressed in the 26R1 EA release. However, this timeline is subject to change based on ongoing development and prioritization. Thank you.