000036689 - Initialization has failed after applying RSA Identity Governance & Lifecycle 7.1.0 P02

Document created by RSA Customer Support Employee on Sep 12, 2018
Version 1Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000036689
Applies ToRSA Product Set: RSA Identity Governance & Lifecycle
RSA Version/Condition: 7.1.0
 
IssueAfter applying RSA Identity Governance & Lifecycle 7.1.0 P02, the initialization fails and the system is down.
 
Initialization Failure


The error found in aveksaServer.log is as follows:

08/22/2018 01:13:38.645 ERROR (ServerService Thread Pool -- 83) [SystemErr] log4j:ERROR Attempted to append to closed appender named [null].
08/22/2018 01:13:38.654 FATAL (ServerService Thread Pool -- 83) [com.aveksa.server.runtime.AveksaSystem] 

****************************************

Initialization has failed!

ORA-06502: PL/SQL: numeric or value error: raw variable length too long
ORA-06512: at line 1
ORA-06512: at line 8


The error found in patch.log will be:

------- 
SQL/line#: /home/oracle/wildfly-10.1.0.Final/standalone/tmp/vfs/deployment/deploymentd0b59d4df687a3b8/aveksa.war-85a2bac88d7eef71/WEB-INF/database/updates/7.0/ACM-88297.sql(1):
Start time [Wed Aug 22 01:13:38 CST 2018]
DECLARE
v_key varchar2(100);
v_index number := 0;
v_value varchar2(100);
v_cnt number := 0;
BEGIN
  --Read the BLOB from T_AV_FILES and convert to CLOB to split the .properties file content into lines. Restrict the loop only for VIEW_PASSWORD_EXTERNAL_URL to avoid unnecessary iterations.
  FOR rec IN (select * from (WITH clob_table(clb) as (select (select to_clob(UTL_RAW.CAST_TO_VARCHAR2(DBMS_LOB.SUBSTR(data,32767,1)))from T_AV_FILES WHERE PATH LIKE '%/custom/strings/customerstrings.properties%') clb from dual)
    SELECT regexp_substr(clb, '.+', 1, level) text,level line
      FROM clob_table
        CONNECT BY LEVEL <= regexp_count(clb, '.+')) where text like 'VIEW_PASSWORD_EXTERNAL_URL%') LOOP

          v_index := instr(rec.text,'=');
          v_key := substr(rec.text,0,v_index-1);
          v_value := substr(rec.text,v_index + 1);
          if (v_key='VIEW_PASSWORD_EXTERNAL_URL') then
            SELECT COUNT(1) INTO v_cnt FROM T_SYSTEM_SETTINGS WHERE PARAMETER='ViewPasswordUrl';
            if(v_cnt = 0) then
              insert into T_SYSTEM_SETTINGS values ('ViewPasswordUrl',v_value);
            else
              update T_SYSTEM_SETTINGS set value = v_value where parameter = 'ViewPasswordUrl';
            end if;
          end if;
  END LOOP;
  commit;
END;
java.sql.SQLException: ORA-06502: PL/SQL: numeric or value error: raw variable length too long
ORA-06512: at line 1
ORA-06512: at line 8

 at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:450)
 at oracle.jdbc.driver.T4CTTIoer.processError(T4CTTIoer.java:399)
 at oracle.jdbc.driver.T4C8Oall.processError(T4C8Oall.java:1059)
 at oracle.jdbc.driver.T4CTTIfun.receive(T4CTTIfun.java:522)
 at oracle.jdbc.driver.T4CTTIfun.doRPC(T4CTTIfun.java:257)
 at oracle.jdbc.driver.T4C8Oall.doOALL(T4C8Oall.java:587)
 at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:210)
 at oracle.jdbc.driver.T4CStatement.doOall8(T4CStatement.java:30)
 at oracle.jdbc.driver.T4CStatement.executeForRows(T4CStatement.java:931)
 at oracle.jdbc.driver.OracleStatement.doExecuteWithTimeout(OracleStatement.java:1150)
 at oracle.jdbc.driver.OracleStatement.executeUpdateInternal(OracleStatement.java:1707)
 at oracle.jdbc.driver.OracleStatement.executeUpdate(OracleStatement.java:1670)
 at oracle.jdbc.driver.OracleStatementWrapper.executeUpdate(OracleStatementWrapper.java:310)
 at org.jboss.jca.adapters.jdbc.WrappedStatement.executeUpdate(WrappedStatement.java:430)
 at com.aveksa.migration.jdbctool.SQLFileExecutor.execute(SQLFileExecutor.java:221)
 at com.aveksa.migration.jdbctool.SQLFileExecutor.execute(SQLFileExecutor.java:107)
 at com.aveksa.migration.jdbctool.SQLFileExecutor.execute(SQLFileExecutor.java:98)
 at com.aveksa.migration.jdbctool.IncrementalUpdate.update(IncrementalUpdate.java:481)
 at com.aveksa.migration.jdbctool.MigrateSchema.execute(MigrateSchema.java:159)
 at com.aveksa.migration.jdbctool.CheckDatabase.migrateSchema(CheckDatabase.java:1403)
 at com.aveksa.migration.jdbctool.CheckDatabase.check(CheckDatabase.java:577)
 at com.aveksa.server.runtime.AveksaSystem.initialize(AveksaSystem.java:309)
 at com.aveksa.init.Startup.init(Startup.java:52)
 at com.aveksa.gui.core.ACMFramework.init(ACMFramework.java:94)
 at com.aveksa.gui.core.ACMFramework.initInstance(ACMFramework.java:83)
 at com.aveksa.init.InitServlet.init(InitServlet.java:42)
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
 at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.handle(RunAsLifecycleInterceptor.java:65)
 at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:76)
 at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
 at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:250)
 at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:133)
 at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:546)
 at io.undertow.servlet.core.DeploymentManagerImpl$2.call(DeploymentManagerImpl.java:517)
 at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:42)
 at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
 at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:559)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
 at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
 at java.util.concurrent.FutureTask.run(FutureTask.java:266)
 at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
 at java.lang.Thread.run(Thread.java:748)
 at org.jboss.threads.JBossThread.run(JBossThread.java:320)
[0:00:00] File Completion Time: /home/oracle/wild
ResolutionThis is a known multi-customer issue logged as engineering tickets ACM-90220, ACM-90260, ACM-90607 and Engineering is currently working on the fix/resolution.
WorkaroundAs a workaround, unpack the deployed package with the customizeACM.sh and modify the package by deleting ACM-88297.sql (./aveksa.war/WEB-INF/database/updates/7.0/ACM-88297.sql). Then, re-deploy the modified package and restart ACM.

The ACM-88297.sql script only looks for the VIEW_PASSWORD_EXTERNAL_URL parameter while applying the 7.1.0 P02 patch and updates the T_SYSTEM_SETTINGS table if any value is set.

If your customerstrings.properties file does not have any value set for VIEW_PASSWORD_EXTERNAL_URL, nothing will be missed by deleting ACM-88297.sql.

If your customerstrings.properties has a value set for VIEW_PASSWORD_EXTERNAL_URL, then you will need to redefine it after deleting ACM-88297.sql to complete the patch successfully and once the application is up, update the VIEW_PASSWORD_EXTERNAL_URL parameter in the UI via Request > Password Management > Settings > Edit and set the value for View Password URL. The setting update is a one time activity and once it is saved, it is kept there persistently. 

The steps to customize the deployed package and redeploy modified package are as follows:
  1. Log on to the machine as the admin user.
  2. Verify that RSA Identity Governance and Lifecycle is running:


sudo service aveksa_server status


  • If RSA Identity Governance and Lifecycle is running, the following message displays:

Aveksa Compliance Manager Server is running


  • If the message indicates that the server is not running, enter



sudo service aveksa_server start



  1. Change to the oracle user.
  2. Navigate to /home/oracle/deploy.
  3. Run the customizeACM.sh script to extract the .ear file:


customizeACM.sh -c <path to the ear file>


The contents of the .ear are extracted to /tmp/customizeACM/.


If you do not specify the path to the .ear file, the script prompts you to use the currently deployed .ear file.  If you want to use the currently deployed .ear, enter yes.  If you do not want to use the currently deployed .ear, enter no.



  1. Go to /tmp/customizeACM/aveksa.war/WEB-INF/database/updates/7.0/ and delete the ACM-88297.sql file.
  2. When you finish modifying the files, run the customizeACM.sh script again to rebuild the .ear file. From /home/oracle/deploy, enter:



customizeACM.sh -d



The script performs the following tasks:



  • Archives the new .ear file to /home/oracle/archive, appending a time and date stamp to the name.


  • Deploys the new customized .ear file.


  1. Restart RSA Identity Governance & Lifecycle



sudo service aveksa_server stop
sudo service aveksa_server start



 


 

Attachments

    Outcomes