Skip to main content
Question

IFS Cloud with RAC - iam issue


Forum|alt.badge.img+4
  • Do Gooder (Partner)
  • 15 replies

Hi

During the installation of IFS Cloud 24R2, we faced a problem with Oracle RAC.
The IAM container is not able to start—it fails when attempting to use Oracle Notification Services on port 6200.


iam log:

[   151.599418s]  WARN ThreadId(01) outbound:proxy{addr=192.168.2.66:6200}:rescue{client.addr=10.14.28.21:52924}: linkerd_app_outbound::http::server: Unexpected error error=logical service 192.168.2.66:6200: route default.endpoint: backend default.unknown: endpoint 192.168.2.66:6200: invalid HTTP version parsed error.sources=[route default.endpoint: backend default.unknown: endpoint 192.168.2.66:6200: invalid HTTP version parsed, backend default.unknown: endpoint 192.168.2.66:6200: invalid HTTP version parsed, endpoint 192.168.2.66:6200: invalid HTTP version parsed, invalid HTTP version parsed]

 

Maybe somebody already handled such problem?

11 replies

Forum|alt.badge.img+11
  • Hero (Employee)
  • 185 replies
  • February 4, 2025

Interesting, we tested ExaData (is RAC) a while back with no issues. Have you set any of these flags  (ENLIST=false; HA EVENTS=false; LOAD BALANCING=false; ) in your connection jdbcurl?
What type of connection to the RAC do you use?
...can you send your jdbcurl as defined in your ifscloud-values.yaml? 

The log you have sent is from the Linkerd container in the ifsapp-iam pod - seems it’s just a warning.
Can you send the error from the ifsapp-iam container as well?


After you sent the log of the error in the iam container (i’m interested to see what happens there) try this:

ifscore:
  networkpolicy:
    enabled: true
    dbEgress: |
      - to:
        - ipBlock:
            cidr: 10.1.96.76/24
        ports:
        - port: 1521
        - port: 6200

Where the cidr matches your ip range of your RAC nodes.
 


Forum|alt.badge.img+4
  • Author
  • Do Gooder (Partner)
  • 15 replies
  • February 4, 2025

Hi ​@hhanse 

I tried to use ENLIST=false; HA EVENTS=false; LOAD BALANCING=false; 

Did not help.

In case of using RAC and SCAN service we had to disable networkpolicy to be able to connect via hostname.


last conn string 

data: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=pdb))(ENLIST=FALSE)(HA_EVENTS=FALSE)(LOAD_BALANCING=FALSE))

 

also I attached logs. 

 

I changed hostnames in conn string and logs. 


Forum|alt.badge.img+11
  • Hero (Employee)
  • 185 replies
  • February 4, 2025

Hi,

The iam logs are so verbose i can’t see any errors in it. - can you?
Can you disable debug level, and do a “mtctl stop -n <namespace>”
when pods are down start them again “mtctl start -n <namespace>”
When the pods are as stable that will get (IAM not up then?) do a 
“mtctl dump  -n <namespace>” 

Send the dump to me (mailed my mail address to you earlier)
 


Forum|alt.badge.img+4
  • Author
  • Do Gooder (Partner)
  • 15 replies
  • February 4, 2025

@hhanse 

Hi, I disable debug for iam pod. 

Here is the last part from log before container restarts:

Updating service account users of the clients with service account enabled...
Service account found - service-account-ifs_aurena_native_services
Service account found - service-account-ifs_boomi
Service account found - service-account-ifs_ce_sso
Service account found - service-account-ifs_connect
Service account found - service-account-ifs_docman_esign
Service account found - service-account-ifs_dss
Service account found - service-account-ifs_filestorage
Service account found - service-account-ifs_reporting
Service account found - service-account-ifs_scim
ERROR: Unable to setup realm

Failed to import using keycloak-config-cli Restarting ifsapp-iam container
./start_script.sh: line 7:    41 Killed                  $script
************* Diagnostic traces ***************
dmesg: klogctl: Operation not permitted


Forum|alt.badge.img+11
  • Hero (Employee)
  • 185 replies
  • February 4, 2025

Not sure that this is RAC related at all… 
Do you have and users or idp’s configured in you env yet?
If not - I think you should try to empty the ifsiamsys db schema first and restart IAM pod after that.



 


Forum|alt.badge.img+4
  • Author
  • Do Gooder (Partner)
  • 15 replies
  • February 18, 2025

Hi ​@hhanse 


I tried to empty the IFSIAMSYS schema, but it had no effect.
This is a new customer and a fresh installation from Build Home.
As I see it, the problem is that IFSIAM could not import the realm using keycloak-config-cli


I have attached the full log from the container without debug mode.


Forum|alt.badge.img+11
  • Hero (Employee)
  • 185 replies
  • February 18, 2025

From you log:
{"timestamp":"2025-02-11T13:09:12.932865347Z","sequence":207,"loggerClassName":"org.jboss.logmanager.Logger","loggerName":"oracle.simplefan.FanManager","level":"SEVERE","message":"attempt to configure ONS in FanManager failed with oracle.ons.NoServersAvailable: Server time out","threadName":"agroal-21","threadId":36,"mdc":{},"ndc":"","hostName":"ifsapp-iam-b79d6c8fc-7sp84","processName":"quarkus-run.jar","processId":79}


Can you remove the ONS (Oracle Notification Service) and FAN (Fast Application Notification) from the RAC cluster?


Forum|alt.badge.img+2
  • Do Gooder (Employee)
  • 1 reply
  • March 10, 2025

ONS (Oracle Notification Service) and FAN (Fast Application Notification) from the RAC cluster?

 

What would be commands we can use to remove ONS and FAN?

Thanks


Dharmendra
Hero (Employee)
  • Hero (Employee)
  • 49 replies
  • March 11, 2025
IFS Cloud integrated with Oracle RAC or ODA has not yet been tested by our R&D. Consequently, it is too early to ascertain its functionality. This matter has already been reported to R&D, and we are awaiting their response. Thanks for your patience. We will share an update soon. 

Dharmendra
Hero (Employee)
  • Hero (Employee)
  • 49 replies
  • March 26, 2025

We have a workaround for this as per R&D for this issue. 

1: Adding ONS and FAN disabling parameters to the jdbc connection string:
                                 "oracle.jdbc.fanEnabled=false&oracle.ons.disable=true"
2: Stop all pods “mtctl stop -n <namesapce>
3: Install the new jdbc config “installer --set action=mtinstaller”
4: Make sure iam pod starts
5: Remove fan/ons params from jdbc connection string and reinstall again.
6: IAM pod and all other pods should go up now.


Forum|alt.badge.img+11
  • Hero (Employee)
  • 185 replies
  • March 26, 2025

Not sure how official this workaround was :)
A workaround should come from the team owning the IAM pod… not from me.

Anyway - There is a “?” missing in the instruction above - here is an example:

      data: jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=TCP)(HOST=bazipl-qfcyt-scan.ocioracleexapr.ocioracleexa1v.oraclevcn.com)(PORT=1521)))(CONNECT_DATA=(SERVICE_NAME=DB0319_PDB1.paas.oracle.com)))?oracle.jdbc.fanEnabled=false&oracle.ons.disable=true

When using this jdbcurl other pods might fail to start, that is why it need to be removed after IAM has been configured. As far as i understand the IAM will work with ONS enables after it has created the REALM and it’s users.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings