Saturday, April 16, 2016

My Slides from Collaborate 2016

Share this Post
Geeks,

Following are my slides from Collaborate 2016 in Las Vegas.

My first session 'Architecting for the Cloud' was full house and it was great to see audience response as many of them asked me about the slides after the session. Unfortunately the OES session got low attendance as it was scheduled to be last session on Wednesday and many people left for the party.

Here are my slides from the it. See you sometime in future.

Architecting for the Cloud: Best Practices







Build Fine-Grained Authorization for WebCenter Using Oracle Entitlements Server (OES)




Wednesday, April 6, 2016

My Sessions at Collaborate 2016 in Las Vegas

Share this Post
Hello Geeks,

I will be presenting 2 topics at IOUG Collaborate 2016 in Las Vegas. I will be talking about Architecting for the Cloud and Oracle Entitlement Server Integration with WebCenter.

The special thing about these 2 sessions that these sessions are selected for IOUGenius Certificate...what it is ? I will copy some exerts from IOUG website for more details visit http://collaborate.ioug.org/certificates

So make sure you mark you calendars to attend my session Learn and Earn.. see my session details below.

  1. 1380 - Architecting For the Cloud: Best Practices
  2. 1351 - Build Fine-Grained Authorization for WebCenter Using Oracle Entitlements Server


#IOUGenius Certificates
Looking for an easy way to demonstrate the skills you'll gain by attending COLLABORATE 16? Earn an #IOUGenius Certificate!
Each set of certificate sessions has been selected by the IOUG Conference Committee to provide a comprehensive overview of skills, techniques and insights that will be critical for Oracle database and technology professionals.

How to Earn Your Certificate
  • Choose a certificate that benefits you and your company the most.
  • Find eligible sessions on your mobile app device by using the hashtags below.
  • “Check-in” to 4+ sessions on your mobile app.
  • Email us at speakers@ioug.org to receive your #IOUGenius e-certificate(s).
  • Display your certificate(s) and make sure your co-workers and supervisors know you are an #IOUGenius! 

My sessions at Collaborate 2016 in Las Vegas



Happy Learning,
Zeeshan Baig

Tuesday, March 8, 2016

Quick Tip: Linux How to Enable X11 Forwarding in a SSH sudo Session

Share this Post
Hi,

Recently I had to install some Oracle products for a customer. I provided my list of pre-requisites to them as per Oracle docs. We usually create a user called 'oracle' as Linux software owner but due to security reasons we didn't had access to 'oracle' user directly. Instead everyone have their own ID (For example zbaig) and then you run the sudo command to switch user.

Tools:


  • You need X server running on your desktop. I use Xming because it is lightweight. 
  • Make sure you have X11 Forwarding enabled in SSH utility like PuTTY or Secure Shell
  • Make sure X11 is enabled on the Linux server by root 


Problem:


The X11 was working when you log in directly in SSH (like with zbaig) but it wasn't working when I issue sudo command as follows

[zbaig@server1] sudo -i -u oracle

[sudo] password for zbaig:
[zbaig@server1] xclock

Error: Can't open display:

Solution:


You need to enable X11 for the other user as well, run the following commands

[zbaig@server1] /home/home01/zbaig $ xauth list
server2/unix:10  MIT-MAGIC-COOKIE-1  d3ce0c405b6ed8991916e47f8d532aef
server1/unix:10  MIT-MAGIC-COOKIE-1  a7c707e46943228264045845244d5c3c

[zbaig@server1] /home/home01/zbaig $ sudo -i -u oracle
[sudo] password for zbaig:


In the following "xauth add" command paste the output of above command of 'server1' (you might see other COOKIE list as well, but use the server you are working on)

[oracle@server1] /usr/home/oracle $ xauth add server1/unix:10  MIT-MAGIC-COOKIE-1  a7c707e46943228264045845244d5c3c
xauth:  creating new authority file /usr/appl/nes/home/oracleuser/.Xauthority

[oracle@server1] /usr/home/oracle $ xclock


All should be good.

Hope you find this useful,

@IamZeeshanBaig

Friday, February 26, 2016

Resolving : BEA-090892 - The loading of OPSS java security policy provider failed due to exception

Share this Post
Hi,

A quick tip here this error could occur for many reasons I am documenting only one of the cases here. Sometimes when you create WebLogic cluster and after pack and unpack your domain files some Java security policies does not get updated on second node.

Problem:


When you try to start a Managed server you might see the following error in the logs and it will fail to start a server. In my case I was installing Oracle Entitlement Server (OES) in a cluster environment. (I have seen this exception on other occasions as well so its good to get it documented).

(For Solution scroll down after error log)   

<Feb 22, 2016 3:30:35 PM CST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")>
<Feb 22, 2016 3:30:35 PM CST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1402)
        at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1022)
        at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:888)
        at weblogic.security.SecurityService.start(SecurityService.java:141)
        at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
        Truncated. see log file for complete stacktrace
Caused By: java.lang.RuntimeException: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
        at oracle.security.jps.az.internal.runtime.encryption.CipherServiceFactory.getService(CipherServiceFactory.java:86)
        at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.initCipherService(UpdatePolicySet.java:261)
        at oracle.security.jps.az.internal.runtime.pd.receiver.UpdatePolicySet.<init>(UpdatePolicySet.java:189)
        at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initializeControlledPD(PDPServiceImpl.java:590)
        at oracle.security.jps.az.internal.runtime.service.PDPServiceImpl.initial(PDPServiceImpl.java:682)
        Truncated. see log file for complete stacktrace
Caused By: java.security.AccessControlException: access denied ("oracle.security.jps.service.credstore.CredentialAccessPermission" "context=SYSTEM,mapName=OES_SYMMETRIC_KEY_MAP,keyName=OES_SYMMETRIC_KEY_alias" "read")
        at java.security.AccessControlContext.checkPermission(AccessControlContext.java:395)
        at java.security.AccessController.checkPermission(AccessController.java:559)
        at oracle.security.jps.util.JpsAuth$AuthorizationMechanism$3.checkPermission(JpsAuth.java:478)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:538)
        at oracle.security.jps.util.JpsAuth.checkPermission(JpsAuth.java:564)
        Truncated. see log file for complete stacktrace
>
<Feb 22, 2016 3:30:35 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
<Feb 22, 2016 3:30:35 PM CST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
<Feb 22, 2016 3:30:35 PM CST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>


Solution:


Solution is grant permissions to Java Security on WebLogic resources, In my case it was Oracle entitlement server (OES) so I had to add following to weblogic.policy file where all the security policies are defined for WLS resources.

1. Add the following to weblogic.policy file located at $MIDDLEWARE_HOME/wlserver_10.3/server/lib 

grant codeBase "file:${oes.client.home}/-" {
        permission java.security.AllPermission;
};
 2. Start the Managed server again 

Hope it helps

Cheers,
Zeeshan Baig

Thursday, February 18, 2016

Presentation Slide: Cloud Explorations - Patterns and Practices

Share this Post
Hi,

Last week I presented a topic on Architecture for the Cloud Platform at RMOUG. The session went well I had around 20-25 people at 8:30 AM so no complains.

Here are the slides from the session.


Friday, November 13, 2015

Running Oracle Database on Amazon RDS

Share this Post
Greetings,

Amazon RDS is a database service that makes it easy to setup database in the Amazon AWS cloud. Using RDS you don't need to worry about managing databases, backups, replication (in Multi-AZ mode), upgrades and other common DBA operations. Amazon will do it for you. The only drawback is that you don't have direct access to OS / File system but that is the whole idea.

In this post I will show you how to setup an Oracle database in Amazon AWS using RDS service and connect it using SQL Developer on my local machine.

Pre-requisites:




Things to Remember


Amazon RDS provides you 2 choices for Oracle licences

  • License Included - This option Amazon will arrange a license for you but the hourly charge is slightly higher
  • BYOL - Bring Your Own License - This option you have to bring your own license, hourly rate is cheaper than option 1.



Note: In order to run Oracle in Amazon RDS with Free Tier you must have BYOL license for Oracle database.

Let's get started 

Creating Database in the Amazon RDS 


1. Log in to Amazon AWS Console https://console.aws.amazon.com

2. Click on the RDS under Database section in the console, 

3. First step is to add at-least 2 subnets in the DB subnet group. Click on the "Subnet Groups" on the left panel and click "add all the subnet". (Note: we are doing quick and dirty here)




4.  Click on the "Instances" in the left panel and click "Launch DB Instance"




5. Select Oracle and select 'Oracle SE One' (you can select anyone)


6. Select "No" from the choices and click Next, we are not going to use Multi-AZ deployment but in Production it is recommended


7. Enter basic details about the database such as Size of Instance, Instance name and SYSDBA account click Next Step
Note: With RDS you don't have direct access to SYSDBA and SYS users but the user you define will have the same privileges 



8. Leave the default settings for Network & Security (that is separate and huge topic, I will cover some other time) choose additional database options and Backup frequency, click Launch DB instance



9. You will get the following message if the action is successful. click View Your DB Instances.


10. It usually takes 5-10 minutes for a DB instance to ready, Click and expand to see more details about the instance and copy the END POINT address








Accessing the Database from SQL Developer


1. Open SQL Developer, Create a new connection, enter the hostname the END POINT we copied from the AWS console, enter the user name and password you mentioned during configuration.


2. Now you are all set and ready to play with Oracle DB in Amazon AWS using RDS




Have a good day,
Zeeshan Baig