000011564 - Join cluster to a group operation hangs in groupDbValueSync.sh if join operation is run a second time

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011564
Applies ToRSA Key Manager Appliance 2.5.0.3
IssueJoin cluster to a group operation hangs in groupDbValueSync.sh if join operation is run a second time
The join operation hangs and there is no output on the browser page.  The log file /opt/tomcat/logs/rkmawa.log shows that the following script was the last one to run and there are no further logs after that line:

/opt/rsa/setup/sh/groupDbValueSync.sh
CauseThe operation to join a cluster to a group hangs during running the script /opt/rsa/setup/sh/groupDbValueSync.sh, IF the join operation was carried out a second time where the first time join cluster operation did not go through (for example, due to firewall blocking port 1521).

The problem is in the script /opt/rsa/setup/sh/copyDbValue.sh while UPDATING SERVER_SIGN_PUBLICKEY or SERVER_SIGN_PRIVATEKEY.... only when a value for SERVER_SIGN_PUBLICKEY or SERVER_SIGN_PRIVATEKEY already exists. The first time a join operation is carried out, the script /opt/rsa/setup/sh/copyDbValue.sh INSERTS the records. The difference in the two code flows in /opt/rsa/setup/sh/copyDbValue.sh results in failure ONLY WHEN the records already exist in the local db for SERVER_SIGN_PUBLICKEY or SERVER_SIGN_PRIVATEKEY. If debug is enabled for the script, an error like the following can be onserved where sqlplus hangs:

string beginning "-AES..." is too long, maximum size is 239 character
ResolutionUninstall the new cluster and then reinitialize/reinstall the appliance (so that the db is refreshed with no records for SERVER_SIGN_PUBLICKEY or SERVER_SIGN_PRIVATEKEY in SYSTEM_DATA table).  Carry out the join operation again, the join operation should be successful.
NotesNote that the values for SERVER_SIGN_PUBLICKEY or SERVER_SIGN_PRIVATEKEY are added to SYSTEM_DATA table when the first time an RKM Client 2.5 registers on a new RKM Server/Appliance.
KMA-2354
Legacy Article IDa55939

Attachments

    Outcomes