Quantcast
Channel: Hyperion Error of the Day
Viewing all 102 articles
Browse latest View live

Hyperion Auditing - In Practice vs. Theory

June 21, 2015, 7:14 pm
$
0
0
At first glance the Shared Services audit features in Hyperion seem complete. However, in practice, the user interface seems to be clunky and hard to use.

The audit features are found in Shared Services. First, auditing has to be enabled in order to capture any auditing information. This can be accomplished by entering Shared Services and selecting Administration -> configure auditing. Select "Enable Auditing". Most of the auditing for the various products are simply LCM. In other words, you will see only LCM operations being audited. However, under Shared Services there is a little more detail:

The option that is most interesting is User Provisioning. Many organizations require fine grained auditing of users as they are provisioned and deprovisioned from applications. This can aid in meeting specific SOX requirements. Let's take a closer look at this in practice.

First, let's look at the Shared Services Auditing user interface. This is found in Administration -> Audit Reports -> Security Reports.

The default report shows 30 days of history. It can be confined to a specific date range too. You can search by "performed by". However, if you are unsure who performed the action, this field may not be very useful. Finally, you can narrow down by product name. In this case the product is Shared Services for checking provisioning information.



One of the first challenges becomes sifting through the interface. It is impossible to sort or narrow
down by Task, which is the operation being audited. Consequently, the display is overwhelmed with "authenticate" requests from users using the system. Secondly, only 50 items can be displayed on the page at a time. Let's say you want to review audit information over a range of 10 days. Now the pagination ("1of x") comes into play. One has to sort though multiple pages of info, most of which is irrelevant authentication information. What about finding when a user was provisioned over the last year? Forget about it.

Assuming you do find a particular item of interest. In this case, the admin user provisioned "testuser1" to an application. Notice anything missing? What application? For this information you have to click the checkmark in the options for "Detailed View".


The detailed view shows the full detail. This now tells us that testuser1 was provisioned by admin to the PLANDEMO application as role Administrator.


This display is perfectly fine, but it is difficult to search around repeatedly for looking for specific information.

One way to get at the data is to tear off the clunky user interface and head to the database, targeting exactly the info you want. A rough, basic query can be put together quickly. From there it is possible to do much more powerful querying. Additionally, the audit information accumulates very quickly. Keeping this data around can grow to huge sums of data. Using a query over the user interface can help sift through millions of rows quickly.

select STARTTIME, USER_NAME, ARTIFACT_NAME, ATTRIBUTE_NAME, attribute_curr_value from 
  SMA_AUDIT_FACT NATURAL JOIN SMA_TASK_DIM
  NATURAL JOIN SMA_AUDIT_ATTRIBUTE_FACT 
 where artifact_name like '%testuser1%' and 
 TASK_NAME like '%Provision User%'
 ORDER BY STARTTIME, AUDIT_FACT_ID, ARTIFACT_NAME;

Results of query:

Again we find that testuser1 was provisioned by admin to the PLANDEMO application as role Administrator.
Search

Oracle Learning Library - Hidden Gems

July 16, 2015, 8:14 pm
$
0
0
The Oracle Learning Library has a myriad of tutorials on Hyperion and related technologies. They are often overlooked as the interface is filled with out of date and somewhat scrawny material. However, there are some hidden gems. Much of the material in the tutorials goes beyond the basics found in the Oracle Documentation, and they can shed light on some of the more poorly documented topics.
First, it can be a great way to explore the technology stack. For instance, getting some intro tutorials on WebLogic, Linux, and Oracle RDBMS.

Some of the Hyperion articles are in depth and cover a lot. They are rich with screenshots.

The main Oracle Learning Library site for Hyperion is:
https://apexapps.oracle.com/pls/apex/f?p=44785:2:::NO:2,RIR,CIR:P2_TAGS:Hyperion

Basic install instructions detailing how to scale to multiple nodes.
Installing and Configuring Oracle® Hyperion Financial Close Management 11.1.2.4.000 in a Multi-Node Environment 
http://www.oracle.com/webfolder/technetwork/tutorials/obe/hyp/FCM11.1.2.4-MultiNodeInstall/FCMMultiNodeInstall.html

Basic knowledge for training new recruits.
Intro to Financial Management 
http://download.oracle.com/technology/products/hfm/demos/hfm1112overview/HFM_LessonIndex.htm

One of my favorites...
Deploying and Configuring Data Relationship Management Web Service API 
http://www.oracle.com/webfolder/technetwork/tutorials/obe/hyp/DRM11.1.2-WebServicesAPI/index.htm

Oh, is that how you're supposed to do it?
Installing and Configuring EPM System 11.1.2 with SSL Enabled on All Layers 
http://www.oracle.com/technetwork/middleware/performance-management/tutorials/index-087654.html

Getting up to speed on those pesky task flows...
Automating Tasks in Oracle® Hyperion Financial Management, Fusion Edition 11.1.2 
http://www.oracle.com/webfolder/technetwork/tutorials/obe/hyp/HFM11.1.2_TskAuto/Tsk_Auto.htm

SSL Tip: Converting a JKS file into an Oracle Wallet

August 22, 2015, 12:06 pm
$
0
0

When implementing SSL with Oracle technologies such as OHS an Oracle Wallet is required. The Oracle Wallet is Oracle's proprietary keystore for holding identity and trust SSL keys. Often though, a company will provide the Java Keystore (jks) format. Here is a trick to convert the JKS into an Oracle Wallet via the command line using the orapki command from an Oracle Client installation.

# create a new wallet. If C:\wallet_temp already exists, remove it first.
orapki wallet create -wallet c:\wallet_temp -auto_login_local
orapki wallet create -wallet c:\wallet_temp\ewallet.p12 -auto_login

# Remove all the default trusts from new wallet for a truly empty wallet
orapki wallet remove -wallet c:\wallet_temp\ewallet.p12 -trusted_cert_all

# using an existing jks file, import all contents into the new wallet
orapki wallet jks_to_pkcs12 -wallet c:\wallet_temp\ewallet.p12 -keystore c:\wallet_temp\my_java_keystore.jks -jkspwd "my_java_keystore_password"

At this point the new wallet is stored in C:\wallet_temp and ready to use.

SHA2 SSL Certificates are Coming

September 20, 2015, 1:26 pm
$
0
0
A relatively low key change is being embraced quickly by the security industry and it may impact Oracle Hyperion installations. When using SSL certificates there is a specific encryption algorithm used to sign the certificates. This algorithm for a long time was SHA1. However, SHA1 is an old technology and can now be cracked easily. It is no longer secure to use SHA1. Consequently, the industry is swiftly moving to SHA2. As of Jan 1st, 2016 no SHA1 certificates can be issued, forcing the change to SHA2.

One of the better writeups I found on the issue is:
http://www.infoworld.com/article/2879073/security/all-you-need-to-know-about-the-move-to-sha-2-encryption.html

What does this mean?
Some older software has trouble with the SSL handshake using SHA2. For instance with Oracle Database, SHA2 was only supported starting with 11.2.0.3.
http://docs.oracle.com/cd/E11882_01/server.112/e41360/chapter1_11203.htm
Since then some products have been back ported to support SHA2, but likely require patches. The SHA2 change mostly impacts integrating with older systems using SSL. However, anything touching SSL can be impacted. It will be necessary to identify and test any integration points in your environment with SSL. A few examples include:

  • WebLogic
  • LDAP providers
  • Single Sign On providers
  • SSL database connections (DRM, FDM, Essbase...etc)
  • SOA / Web Services interactions
Don't panic. Most Hyperion sites do not make heavy use of SSL. Perhaps just offloading at the Load Balancer. However, sites that have integrated SSL more thoroughly in the environment may be impacted.


Browsers are already starting to call out insecure sites. For instance taking a look at Wells Fargo in Chrome, points out the connection to www.wellsfargo.com is using an obsolete cipher suite.

Taking a look at the certificate details:

However, most sites have already converted. The google.com cert shows the SHA2 certificate.


Your company will be upgrading soon, if not already. Consequently, it's time to start testing your SSL connections with SHA2 to make the transition smoothly.

Open World Update - Oracle 12c High Availability

October 28, 2015, 9:10 pm
$
0
0

Quick OOW update on the Database track...

Today I attended the interesting session at Oracle Open World 2015:
Deep-Dive into High Availability with the Next Release of Oracle Database 12c [CON8827].
By Wei Ming Hu, Vice President - High Availability Technologies, Oracle

New Database 12.2 Updates

Oracle is shifting to the concept of Elastic Sharding, referencing many times in the talk about Google's sharded infrastructure for large scaling. This is essentially multiple independent nodes acting as a single logical database. These nodes do not require any shared storage or expensive clustering infrastructure. This is almost the exact opposite of RAC which requires intensive shared storage and networking requirements.

It appears this is Oracle's solution to moving into the cloud. In the cloud expensive clusterware technologies are not appropriate.

What is the underlying technology to Elastic Sharding? Active Data Guard. Oracle is beefing up the Active Data Guard technology to run the internals.
- Changes from logical sql level to block level replication.
- Redo logs will be applied to standby nearly instantly.
- Preserve all sessions during failover - allowing for online patching...etc.
- Allows for In Memory database.
- Seamlessly detect failures and evict nodes for repair.

While I am sure there always use cases, my opinion is RAC is going to be less important going forward.



Time to Upgrade EPM?

November 30, 2015, 11:05 am
$
0
0
It might be time for an upgrade for slightly older EPM releases. Below is the timeline for backwards support for fixes on the EPM platform. To sum up the table, the 11.1.2.1 and 11.1.2.2 versions are already sunsetted for patches. Additionally, the 11.1.2.3 version will no longer be supporting new patches and fixes as of February 2016. Given that typically not much work is completed near the end of year, it may come as a surprise in February. It is also possible that Oracle releases a patch greater than .700 which may extend the window for 11.1.2.3. At the very least, the table indicates that it is necessary to move rather quickly and frequently on the patch releases to keep up to date.

Oracle's official statement is:
PLEASE NOTE: When the grace period end date has been reached, no additional fixes will be developed.  The grace period is defined as the period of time following the release of a new patch set or patch set update during which Oracle will create new fixes for both the new and previous patch set or patch set update, allowing customers time to plan for and install the new version. 
Oracle Enterprise Performance Management 11g Grace Periods for Error Correction (Doc ID 1590676.1)

Note: The info is subject to change.


Why No Recent Blog Updates?

March 6, 2016, 9:37 am
$
0
0

The past few months I have not been updating the blog because of an important new project. My twin daughters, Aidan and Evelyn were born in December and have been the center of my attention as they are getting used to their strange new world.

Stay tuned for new content soon!

My Kscope16 Sessions

March 24, 2016, 6:42 pm
$
0
0
I'll be speaking at Kscope16 in Chicago June 26-30.



A Tour of WebLogic as It Relates to EPM
When: Jun 27, 2016, Session 5, 3:15 pm - 4:15 pm
WebLogic forms the foundation of any EPM system by providing the Java container to run EPM applications. This presentation takes a tour of WebLogic, starting with fundamentals and working through interesting concepts as they relate to EPM. Topics include tuning, Enterprise Manager integration, security, monitoring, and logging. Learning WebLogic provides the framework to help you keep services running, improve performance, alert you when something is wrong, and much more.

Tips and Tricks for Managing Your EPM Infrastructure
When: Jun 29, 2016, Session 14, 10:15 am - 11:15 pm
Learn tips and tricks for managing your EPM environment like a pro. The presentation starts with keeping tabs on the environment, such as identifying a known good state to help quickly spot issues. Then it dives into debugging and troubleshooting techniques for tackling real-world problems. Finally, the presentation reveals more proactive approaches for managing the environment, such as tuning and patching strategies.
Search

Troubleshooting HFM 11.1.2.4 on Windows

April 23, 2016, 11:48 pm
$
0
0
HFM on 11.1.2.4 and higher versions has a significantly different architecture than previous versions. This difference makes troubleshooting issues much harder. The old tricks seem out of date and it is easy to feel lost in the new version. Unfortunately, getting lost and unable to solve problems can lead to downtime and project delays. I wanted to share some basic tips to help get started in 11.1.2.4. Specifically, I wanted to focus on Windows because I have covered Linux in previous posts.

First, let's take a real error while creating a brand new HFM application.





Here we get the error: EPMHFM-66054: The system was unable to find the Datasource process for application. Essentially each HFM application spawns its own process in HFM and this application crashed while trying to initialize. This could be due to any number of things...



The first thing to note is the old HFMErrorLogViewer from previous versions is gone. The HFMErrorLogViewer was a great tool because it collected all the backend log messages into one convenient place. Now it looks like things are spread out over many logs. 

First, HFM is broken down at a high level into the Weblogic/ADF components and the Java HFM Wrapper Engine. They appear as Windows services,


The Web Tier consists of the Weblogic applications & UI. These logs can be found under the WebLogic domain,

The Java Server is the more interesting of the two for debugging because most significant errors can be traced to the backend. One thing to realize is HFM is still only partially Java based. There are still significant portions of HFM representing legacy code written in C. These low level functions are wrapped into this Java framework to make it look seamless. 

Let's take a look at some of the backend logs.


One of the main logs to investigate is under 
Oracle\Middleware\user_projects\epmsystem1\diagnostics\logs\hfm
The hsx-server log will have most details regarding the HFM backend service, similiar to the messages you would see previously in the HFMErrorLogViewer.

oracle-epm-fm-hsx-server.log

startDatasourceProcess] Starting a new datasource process for the application TESTHFM999[2016-04-23T00:29:43.500-07:00] [FM] [NOTIFICATION] [] [oracle.FM.HSXDSLM.oracle.epm.fm.dslm.DatasourceProcessManager] [tid: 12] [ecid: 005CI7TJTRS8dplqwsedMG0006Vu001PXQ,0:1:4] [SRC_CLASS: oracle.epm.fm.dslm.DatasourceProcessManager] [SRC_METHOD: getDSCommandLineArguments]  Starting the application TESTHFM999 on the ports : DSManagementPort port 10001 and DSHandler Port 10002
[2016-04-23T00:29:43.532-07:00] [FM] [NOTIFICATION] [] [oracle.FM.HSXDSLM.oracle.epm.fm.dslm.DatasourceProcessManager] [tid: 12] [ecid: 005CI7TJTRS8dplqwsedMG0006Vu001PXQ,0:1:4] [SRC_CLASS: oracle.epm.fm.dslm.DatasourceProcessManager] [SRC_METHOD: isSingleInstance]  Is Single Instance ? true
[2016-04-23T00:29:43.532-07:00] [FM] [ERROR] [EPMHFM-65925] [oracle.FM.HSX.SERVER.oracle.epm.fm.common.HsxServerConfig] [tid: 12] [ecid: 005CI7TJTRS8dplqwsedMG0006Vu001PXQ,0:1:4] [SRC_CLASS: oracle.epm.fm.common.HsxServerConfig] [SRC_METHOD: getDSHangTimeoutPeriod] 
... 
[2016-04-23T00:29:44.485-07:00] [FM] [NOTIFICATION] [] [oracle.FM.HSXDSLM.oracle.epm.fm.dslm.DatasourceProcessManager] [tid: 14] [ecid: 005CI7TJTRS8dplqwsedMG0006Vu001PXQ,0:1:4:21] [SRC_CLASS: oracle.epm.fm.dslm.DatasourceProcessManager] [SRC_METHOD: onProcessFailed] Datasource process for application TESTHFM999 stopped.
[2016-04-23T00:29:44.500-07:00] [FM] [NOTIFICATION] [] [oracle.FM.HSXDATAACCESS.oracle.epm.fm.dal.manager.ApplicationManagerDALImpl] [tid: 14] [ecid: 005CI7TJTRS8dplqwsedMG0006Vu001PXQ,0:1:4:21] [SRC_CLASS: oracle.epm.fm.dal.manager.ApplicationManagerDALImpl] [SRC_METHOD: deleteCCLockRecordsForServer]  Table TESTHFM999_CC_LOCKS does not exist
[2016-04-23T00:29:44.563-07:00] [FM] [WARNING] [] [oracle.FM.HSXDSLM.oracle.epm.fm.dslm.DatasourceManagerImpl] [tid: 12] [ecid: 005CI7TJTRS8dplqwsedMG0006Vu001PXQ,0:1:4] [SRC_CLASS: oracle.epm.fm.dslm.DatasourceManagerImpl] [SRC_METHOD: pingDatasource] Unable to invoke ping on XDS management service for the application TESTHFM999 , 

From this log it is evident that each HFM application creates a new datasource. A datasource is a separate process that handles all the processing for a particular application. The datasource process is launched after creating the application, or on the fly as the application is accessed. 

This spawned datasource process creates a new logfile for each application. For instance, a log file is created with the application name, such as xfm.odl.TESTHFM000-1.log. 

Having a look:

xfm.odl.TESTHFM000-1.log

[2016-04-23T00:29:44.453951-07:00] [XFM] [ERROR:1] [EPMHFM-07392] [XFM] [ecid: XDS.0000.0000.0000.0001] [File: XfmODBC.cpp] [Line: 203] [userId: ] [appName: TESTHFM999] [pid: 19988] [tid: 20008] [host: ] [nwaddr: ] [errorCode: 800402B5] [srcException: NotSpec] [errType: 1] [dbUpdate: 2] [11.1.2.4.200.5149] An unknown error occurred in an ODBC object. [[1 record: SQLSTATE = 08001; NATIVE ERROR = -4; MSG = [DataDirect][ODBC Oracle Wire Protocol driver][Oracle]Connection Dead. This may have occurred because the server requires Oracle Advanced Security. To enable the driver to use OAS, please use the DataIntegrityLevel and/or EncryptionLevel connect options.]] 
[2016-04-23T00:29:44.453951-07:00] [XFM] [ERROR:1] [EPMHFM-07406] [XFM] [ecid: XDS.0000.0000.0000.0001] [File: XfmODBC.cpp] [Line: 615] [userId: ] [appName: TESTHFM999] [pid: 19988] [tid: 20008] [host: ] [nwaddr: ;] [errorCode: 800402C3] [srcException: XfmExc] [errType: 1] [dbUpdate: 1] [11.1.2.4.200.5149] An error occurred in creating an ODBC connection. [[08001]] 
[2016-04-23T00:29:44.469577-07:00] [XFM] [ERROR:1] [EPMHFM-07406] [XFM] [ecid: XDS.0000.0000.0000.0001] [File: XfmODBC.cpp] [Line: 700] [userId: ] [appName: TESTHFM999] [pid: 19988] [tid: 20008] [host: ] [nwaddr: ] [errorCode: 800402C3] [srcException: XfmExc] [errType: 1] [dbUpdate: 1] [11.1.2.4.200.5149] An error occurred in creating an ODBC connection. [[Failed to create DB connection.]] 
So it looks like ODBC is involved here. Essentially, the underlying database connection in HFM is now ODBC. This was done to support HFM on Linux. The ODBC layer is how Oracle choose to make the code OS agnostic.

The ODBC connection is controlled by the Merant DataDirect 7.1 ODBC Driver. This is similar to how external Essbase database connections were created in the past. Looking at the error message, we are getting Connection Dead. This is actually a common problem with the ODBC DataDirect drivers and encrypted database connections. It is possible to reproduce this outside of HFM by testing the ODBC driver by hand:

Open Microsoft ODBC Manager, and add a connection.

HFM uses the DataDirect 7.1 Oracle Wire Protocol

Entering in the basic database connection details:

The exact error message appears, outside of HFM. 




This error message also happens to indicate where to look to solve the issue. In this case, the Oracle Database Listener connection requires an encrypted connection. Unsecured connections are rejected. So we can simply configure the ODBC connection to use the same encryption as the Oracle Listener.

sqlnet.crypto_checksum_server = REQUIRED
sqlnet.crypto_checksum_types_server = (SHA1)
sqlnet.encryption_types_server = (AES256)

Oracle Database Listener Settings


In the ODBC connection there are Advanced Security parameters which allow us to easily match the listener settings.






This is great. However, now we need to figure out where the ODBC connection is stored in HFM in order to configure these advanced properties.

HFM creates a new datasource in the Oracle client called HFMTNS. This info is entered during config tool, and automatically added to the tnsnames.ora in the HFM Database client folder
D:\Oracle\Middleware\dbclient64\network\admin. The ODBC connection leverages this HFMTNS connection information.

Taking a step back, since all of this is actually wrapped into a Java Server container, one additional place for logs is the Windows service start log:

D:\Oracle\Middleware\user_projects\epmsystem1\diagnostics\logs\services

HyS9FinancialManagementJavaServer-sysout.log


Here there is some very interesting information about how this ODBC connection is stored.

[2016-04-23T10:29:07.179806-07:00] XDS: XFMDataSource process starting...[2016-04-23T10:29:07.179806-07:00] XDS: Processing command line arguments...[2016-04-23T10:29:07.179806-07:00] XDS: Initializing XfmJHsxServerWrapper...[2016-04-23T10:29:07.179806-07:00] XDS: Getting database settings from HIT registry ...[2016-04-23T10:29:07.257929-07:00] XDS: Transforming DB connect info from JHsxServer into a DB connect string[2016-04-23T10:29:07.257929-07:00] Connection string: DRIVER={DataDirect 7.1 Oracle Wire Protocol};SRVR=HFMTNS;UID=...;PWD=**********;ENS=1;AN=HFM[2016-04-23T10:29:07.257929-07:00] XDS: Initializing static parameters...[2016-04-23T10:29:07.257929-07:00] XDS: Initializing critical errors log...[2016-04-23T10:29:07.257929-07:00] XDS: Critical errors log: D:\Oracle\Middleware\user_projects\epmsystem1\diagnostics\logs\hfm\TEST23.oracle_critical_errors.log[2016-04-23T10:29:07.257929-07:00] XDS: Initializing ODL logging...Found trace level'TRACE:32' in the logger node[2016-04-23T10:29:07.367305-07:00] XDS: Initializing DB logging...[2016-04-23T10:29:07.820454-07:00] XDS: Failed to run XFMDataSource. Unexpected error occured ...[2016-04-23T10:29:07.836077-07:00] XDS: Right before exit
From the log message it looks like the ODBC connection is created on the fly by transforming the database connection information used by the Java HFM Service, JHsxServer. This comes from the database credentials used when running the HFM config tool during configuration. I find this design unfortunate because there are going to be slight differences between how Java drivers and the DataDirect drivers work for non trivial connections. Looking at the Config Tool advanced properties, there are options for SSL database connections, but all are focused on JDBC (Java) connectivity.

In this case, we see that the DataDirect based encryption properties cannot be set. Since there does not seem to be any way to change the advanced properties, The investigation has hit a dead end and Oracle SR needs created to get this fixed.


Error in 11.1.2.4 ConfigTool: TNS-04612: Null RHS

May 18, 2016, 10:28 pm
$
0
0

I recently came across this error in the config tool while trying to reconfigure the database connections.

 [EPMCFG] [ERROR] [EPMCFG-01020] [oracle.EPMCFG] [tid: 30] [ecid: 0000LJ5CfaK8dplqwsZf6G1NFBXo00000E,0] [SRC_CLASS: com.hyperion.config.wizard.impl.RunAllTasks] Error: [[
java.io.IOException: TNS-04612: Null RHS for "my_tns"
at com.hyperion.cis.config.TNSParser.writeTnsOraFileEntry(TNSParser.java:189)
at com.hyperion.cis.config.AbstractProductDBConfigurator.updateDatabaseConnectionConfigurationFiles(AbstractProductDBConfigurator.java:854)
at com.hyperion.config.wizard.impl.RunAllTasks.executeDbConfigTask(RunAllTasks.java:681)
at com.hyperion.config.wizard.impl.RunAllTasks.execute(RunAllTasks.java:306)
at com.hyperion.config.wizard.impl.RunnAllTasksState.run(RunnAllTasksState.java:92)
at java.lang.Thread.run(Thread.java:662)

]]

What is happening is the config tool is trying to parse the tnsnames.ora under the bundled Oracle client, Oracle\Middleware\user_projects\config\dbclient and failing. I added some additional TNS entries for connecting to external databases to this tnsnames file. The config tool was trying to parse these additional entries and crashing. In order to successfully complete the config tool, I had to rename the existing tnsnames.ora to tnsnames.ora.bak and then run the config tool. This creates a brand new tnsnames.ora file. After successful configuration it was necessary to merge the changed TNS descriptors for "HFMTNS" and "BPMA_ALIAS" from the new tnsnames.ora into the .bak file. Finally, revert tnsnames.ora.bak file to its original name, tnsnames.ora.


Quickly Search Logs Using Weblogic Enterprise Manager

July 16, 2016, 9:58 pm
$
0
0
One of the most powerful ways to triage issues is the search feature in Weblogic's Enterprise Manager. The search allows one to search through the log files associated with all managed servers in the domain. Said a different way, it searches all Weblogic logs at once without even needing to login to a server. So if you have a 10 server footprint you would not have to log into 10 different servers to view the logs. 

There are many benefits to the search feature:
  • View all lines from the last hour
  • View only messages with criticality set to ERROR so you're not searching through lots of info and debug information
  • Web-based interface no need to log into individual servers
One caveat to remember is the search only covers Weblogic logs. There are many other logs in Hyperion that this will not hit. However, it takes about 2 minutes to check, and usually the front end can give you a very good idea of what the error is. It's a great place to start troubleshooting.


To get started, start up the WebLogic admin server:
Oracle/Middleware/user_projects/domains/EPMSystem/bin/startWebLogic.sh

To access Enterprise Manager use the same url you would use to get to the admin server, but replace /console with /em

for instance:  http://server:7001/em

Once logged in,
WebLogic Domain -> EPMSystem -> Logs

Here you can see the powerful search interface. In this case we are searching 46 log files within the last hour for Errors. 


A detailed view of the results here show clearly Shared Services is failing due to a locked database account.



To sum up, it took about 60 seconds to login to EM and open the log interface to find this error. This can be a pretty powerful first place to start when troubleshooting issues. 

For this to be most useful, you should run the Weblogic admin server as a service so it is always available to login and look at logs. In Unix this is just a matter of starting the process. In Windows, you might want this quick tip to install the Admin Server as a Windows service:
http://epm-errors.blogspot.com/2016/07/running-weblogic-admin-server-as.html


Running Weblogic Admin Server as a Windows Service

July 16, 2016, 10:10 pm
$
0
0
The WebLogic Admin server can be a useful tool in the EPM environment. However, it does not come installed as a Windows service and consequently is not always running. In order to tap into the powerful features in Enterprise Manager or WebLogic admin server you first need to get it up and running as a Windows Service.

The following is a quick script that can help. Create a Windows .bat file called installWLService.bat
Change USERDOMAIN_HOME and WL_HOME to reflect your environment.

SETLOCAL
set DOMAIN_NAME=EPMSystem
set USERDOMAIN_HOME=D:\Oracle\Middleware\user_projects\domains\EPMSystem
set SERVER_NAME=AdminServer
set WL_HOME=D:\Oracle\Middleware\wlserver_10.3
set PRODUCTION_MODE=true
set MEM_ARGS=-Xms512m –Xmx512m
call "%WL_HOME%\server\bin\installSvc.cmd"
ENDLOCAL

This should install a new Windows service:

beasvc EPMSystem_AdminServer

Mistakenly Forgot Admin Credentials While Enabling SSO

August 19, 2016, 10:32 pm
$
0
0
Recently I made a dumb mistake. I was trying to enable single sign on (SSO) and hastily set everything up and restarted all services. However, once SSO was enabled I realized that I had not prior to enabling set my SSO user account with admin access in Hyperion. Since SSO was enabled, the admin user was no longer available to use for login because the SSO user is now enforced. With SSO enabled, the 'admin' user becomes obsolete.

In the past versions like 11.1.2.2 this was no big deal as you could always login with your username and password using /interop to login directly to Shared Services. However, in 11.1.2.4 you have to go through Workspace to get to Shared Services, enforcing the SSO login. Without admin privileges on your user account you cannot disable SSO, or make any setting changes at all! I had essentially locked myself and everyone else out of the system.

To restore the system I remembered a setting in Workspace, "Allow Direct Login After SSO Failure". This is a good fallback setting if SSO fails, giving you a way to access Hyperion using the old username/password combo. This would have been ideal to set BEFORE I locked myself out... At this point I can't make any changes to the system due to lack of administrator privileges.


From the help pages in Workspace:


However, I recall that using epmsys_registry we can make changes to the EPM system registry without any credentials. Perhaps it's possible to change this setting. Looking in the epm registry report, it looks as if the field is available in WORKSPACE_LWA.




Using the object id, you can view and change the setting...
/export/u1/app/Oracle/Middleware/user_projects/epmsystem1/bin/epmsys_registry.sh view \#18349408fd0bc34c317d176d1562f332264S7f57

/export/u1/app/Oracle/Middleware/user_projects/epmsystem1/bin/epmsys_registry.sh updateproperty \#18349408fd0bc34c317d176d1562f332264S7f57/@AllowDirectLogonAfterSSO true

(note the object id differs between the screenshot and commands because I took the screenshot from a different system. They should be the same in practice.)

Once I restarted the system this property was in place. However, the ability to login using the username/password combo only appears if SSO fails. There was nothing inherently wrong with SSO, it was working just fine. I had to make SSO fail in order to login. This seemed pretty easy, I just accessed Workspace directly rather than going through the SSO enabled web server. Consequently, the SSO token was not passed and the login prompt appeared. Finally... I was able to login as admin and provision my user id with admin privileges to gain access!

One might argue that the option to allow direct login if SSO fails should always be set. In my opinion, it is way too easy for malicious users to trick the SSO into failing and then gain access to the direct login prompt. This seems to be a security risk. I think using the method presented above,makes it possible to turn it on and off on demand if you need to get a backdoor into the system without it being enabled all the time.





Oracle Open World Session - Live Architecture Demo

August 28, 2016, 10:38 pm
$
0
0
I am excited to speak at Open World this year. Please come check out the session. I am trying a live demo this time. Should be fun!

UGF2782: Oracle Hyperion 11.1.2.4 Architecture Live Demo   
Nicholas King

Day:     Sunday, September 18, 2016
Time:    2:15 - 3:00 pm
Room:  Moscone South Room 303
The best way to learn is to jump in. This live demo will explore infrastructure topics using a 11.1.2.4 virtual enviroment. Dive right into general EPM architecture including the new 11.1.2.4 HFM architecture, explanation of Web components and WebLogic, triaging issues in the environment, and tuning tips. This session is a great way to go beyond the slide decks and see the system first hand.

Keep Your Hyperion Platform Secure by Patching WebLogic

December 1, 2016, 10:37 pm
$
0
0
One of the Hyperion Administration tasks often overlooked is the need to patch the underlying components such as WebLogic. If you subscribe to the Oracle security vulnerabilities, you will find frequent critical patch vulnerabilities released.

For instance, the October CPU release link is:
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html

Searching for WebLogic will bring up a list of vulnerabilities addressed in this CPU cycle.

If you are curious you can search on the CVE number to get more details.

For instance,
CVE 2015-7501 is part of a bug in apache-commons library bundled inside WebLogic (and JBoss, etc).
https://access.redhat.com/security/vulnerabilities/2059393

Looking back at the CPU article under WebLogic:

Following the link to the Oracle Support Note will require an Oracle Support Login. Once logged in, you can find the suggested patch:
WebLogic Server 10.3.6.0 home PSU 10.3.6.0.161018 Patch 23743997

It is always important to read the README file and all instructions that go along with the patch. Let's take a look at a typical example. Most often the process is twofold:
   1) uninstall any old patches
   2) apply the new patch using the bsu command (in Weblogic 10.3.x)

Some useful snippets from the README:
Oracle WebLogic Server Patch Set Update 10.3.6.0.161018 README
========================================================= This README provides information about how to apply Oracle WebLogic Server
Patch Set Update 10.3.6.0.161018. It also provides information about reverting to
the original version. Released: Oct, 2016 Smart Update Details of Oracle WebLogic Server Patch Set Update 10.3.6.0.161018
-------------------------------------------------------------------------- PATCH_ID - K25M
Patch number - 23743997

Preparing to Install Oracle WebLogic Server Patch Set Update 10.3.6.0.161018
----------------------------------------------------------------------- - WebLogic Server Patch Set Update (PSU) can be applied on a per-domain basis
(or on a more fine-grained basis), Oracle recommends that PSU be applied on an installation-wide basis.
PSU applied to a WebLogic Server installation using this recommended practice
affect all domains and servers sharing that installation.
- Login as same "user" with which the component being patched is installed.
- Stop all WebLogic servers.
- Remove any previously applied WebLogic Server Patch Set Update and associated overlay patches

Installing Oracle WebLogic Server Patch Set Update 10.3.6.0.161018-------------------------------------------------------------
 - unzip p23743997_1036_Generic.zip to {MW_HOME}/utils/bsu/cache_dir or any local directory   Note: You must make sure that the target directory for unzip has required write and executable permissions          for "user" with which the component being patched is installed.
 - Navigate to the {MW_HOME}/utils/bsu directory. - Execute bsu.sh -install -patch_download_dir={MW_HOME}/utils/bsu/cache_dir -patchlist={PATCH_ID} -prod_dir={MW_HOME}/{WL_HOME}
   Where, WL_HOME is the path of the WebLogic home
   Reference: BSU Command line interface              http://docs.oracle.com/cd/E14759_01/doc.32/e14143/commands.htm


To verify the installed patch:
b) The following command is a simple way to determine the application of WebLogic Server PSU.
  $ . $WL_HOME/server/bin/setWLSEnv.sh 
  $ java weblogic.version
In the following example output, 10.3.6.0.161018 is the installed WebLogic Server PSU.
      WebLogic Server 10.3.6.0.161018 PSU Patch for BUG23743997


Translating this into actual commands:
cd Oracle\Middleware\utils\bsu\
bsu.cmd -remove -prod_dir=Oracle\Middleware\wlserver_10.3 -patchlist=UIAL
Checking for conflicts....
No conflict(s) detected
Removing Patch ID: UIAL..
Result: Success
bsu.cmd -install -prod_dir=\Oracle\Middleware\wlserver_10.3 -patch_download_dir=\Oracle\Mid
dleware\utils\bsu\cache_dir -patchlist=K25M

Checking for conflicts....
No conflict(s) detected
Installing Patch ID: K25M..
Result: Success
Testing the patch...
Oracle\Middleware\wlserver_10.3\server\bin\setWLSEnv.cmd

CLASSPATH=....
PATH=...
Your environment has been set.
 >java weblogic.version
WebLogic Server 10.3.6.0.161018 PSU Patch for BUG23743997 TUE AUG 30 18:34:42 IST 2016
WebLogic Server 10.3.6.0  Tue Nov 15 08:52:36 PST 2011 1441050
Use 'weblogic.version -verbose' to get subsystem information
Use 'weblogic.utils.Versions' to get version information for all modules
Success! The 10.3.6.0.161018 version matches that of the README.

Search

Getting Virtual Box Working on Ubuntu

December 12, 2016, 10:47 pm
$
0
0

I recently purchased a new laptop, and this time around I finally decided to ditch Windows and install Ubuntu (Linux). While trying to get Virtual Box running I ran into a small issue.

When I tried to configure the EPMVirt VM, it ran into this error:

The VirtualBox Linux kernel driver (vboxdrv) is either not loaded or there is a permission problem with /dev/vboxdrv. Please reinstall the kernel module by executing
/sbin/vboxconfig




However, when running the vboxconfig command, it fails
root@kingn-ThinkPad-X260:~# /sbin/vboxconfig
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: Starting VirtualBox services.
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.
There were problems setting up VirtualBox.  To re-start the set-up process, run
  /sbin/vboxconfig
as root.

Looking through the system logs, it appears the kernel module simply cannot be loaded:
tail -1000 /var/log/syslog
Dec 12 22:21:19 kingn-ThinkPad-X260 vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.
Dec 12 22:21:19 kingn-ThinkPad-X260 systemd[1]: Starting VirtualBox Linux kernel module...
Dec 12 22:21:19 kingn-ThinkPad-X260 vboxdrv.sh[11598]: vboxdrv.sh: Starting VirtualBox services.
Dec 12 22:21:19 kingn-ThinkPad-X260 vboxdrv.sh: Starting VirtualBox services.
Dec 12 22:21:19 kingn-ThinkPad-X260 vboxdrv.sh[11598]: vboxdrv.sh: Building VirtualBox kernel modules.
Dec 12 22:21:19 kingn-ThinkPad-X260 vboxdrv.sh: Building VirtualBox kernel modules.
Dec 12 22:21:35 kingn-ThinkPad-X260 vboxdrv.sh: VirtualBox kernel modules built.
Dec 12 22:21:35 kingn-ThinkPad-X260 vboxdrv.sh[11598]: vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.
Dec 12 22:21:35 kingn-ThinkPad-X260 vboxdrv.sh: failed: modprobe vboxdrv failed. Please use 'dmesg' to find out why.
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: vboxdrv.service: Control process exited, code=exited status=1
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: Failed to start VirtualBox Linux kernel module.
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: vboxdrv.service: Unit entered failed state.
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: vboxdrv.service: Failed with result 'exit-code'.
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: Started vboxballoonctrl-service.service.
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: Started vboxautostart-service.service.
Dec 12 22:21:35 kingn-ThinkPad-X260 systemd[1]: Started vboxweb-service.service.
Dec 12 22:21:41 kingn-ThinkPad-X260 dbus[891]: [system] 
To solve this I was able to read some online articles and find that we can disable the Secure Boot option in the BIOS settings to help fix the issue. Rebooting into the system BIOS:



Simply turning off secure boot seems to fix the problem,
root@kingn-ThinkPad-X260:~# /sbin/vboxconfig
vboxdrv.sh: Building VirtualBox kernel modules.
vboxdrv.sh: Starting VirtualBox services.
root@kingn-ThinkPad-X260:~#
kPad-X260 dbus[891]: [system] Successfully activated service 'org.freedesktop.hostname1'
Dec 12 22:21:41 kingn-ThinkPad-X260 systemd[1]: Started Hostname Service.
Now, on to installing EPMVirt...

A Look Inside EPMVirt: OS Install

December 29, 2016, 9:37 pm
$
0
0
I will be doing a multi part series of articles on the details of how EPMVirt works. This deep dive can help strengthen your automation skills and give a better understanding what is occurring under the hood.

EPMVirt:
http://epm-errors.blogspot.com/p/epmvirt-11124-oracle-hyperion-virtual.html

The basic idea behind EPMVirt is to allow anyone to create an Oracle Virtual Machine with a working test version of Hyperion. The basic steps:
  1. Download all the required software
  2. Create a virtual Oracle Linux instance using Oracle Virtual Box
  3. Copy downloaded software from step 1 to virtual instance
  4. Run custom buildEPMvirt script to build the environment 
Let's focus on step 2. The Oracle Virtual Machine provides an environment we which can be run on many different platforms and systems. In other words, adding this virtual layer allows anyone with Oracle Virtual Box installation to be able run the environment. Instructions are provided in the link above on how to setup Oracle Virtual Box.

Next comes the OS, From a licensing standpoint, I decided to avoid Microsoft since it is not freely distributed. Going with the Oracle Linux seems like the best choice for an open system. However, the choice of Linux does come with downsides. For instance, EPMA and DRM are Windows only products, and consequently must be excluded.

From a Hyperion EPM standpoint, the OS setup is an important aspect. It must include specific packages and tuning settings for Hyperion to run. Let's look further at the OS automated installation.
To get Oracle Linux installed, there is a special kickstart file that provides all the details. It is specified on the command line after booting from the Oracle Linux DVD ISO image:
vmlinuz initrd=initrd.img ks=http://interopconsulting.com/ks2


The ks2 script has the following contents:
# Kickstart file automatically generated by anaconda.

#version=DEVEL
install
text
cdrom
reboot --eject
lang en_US.UTF-8
keyboard us
network --onboot yes --device eth0 --bootproto dhcp --noipv6 --hostname EPMVirt

rootpw  --iscrypted $6
firewall --service=ssh
authconfig --enableshadow --passalgo=sha512
selinux --enforcing
timezone --utc America/New_York
bootloader --location=mbr --driveorder=sda --append="crashkernel=auto rhgb quiet"
# The following is the partition information you requested
# Note that any partitions you deleted are not expressed
# here so unless you clear all partitions first, this is
# not guaranteed to work

clearpart --all --initlabel
zerombr
part /boot --fstype=ext4 --size=500
part pv.008002 --grow --size=1


volgroup VolGroup --pesize=4096 pv.008002
logvol / --fstype=ext4 --name=lv_root --vgname=VolGroup --grow --size=1024 --maxsize=51200
logvol swap --name=lv_swap --vgname=VolGroup --grow --size=3776 --maxsize=3776



%packages --nobase
@core
zip
emacs
unzip
xauth
xdpyinfo
compat-libcap1
libstdc++-devel
sysstat
gcc
gcc-c++
ksh
libaio
libaio-devel
lsof
numactl
glibc-devel
glibc-devel.i686
libgcc
libgcc.i686
compat-libstdc++-33
compat-libstdc++-33.i686
openssh-clients


%post --log=/root/ks-post.log
curl -L http://interopconsulting.com/rpms/epmvirt-11.1.2.4.0-4.x86_64.rpm -o EPMVirt.rpm
yum install -y EPMVirt.rpm


%end

The script roughly does the following:

  1. Creates the Unix file system partitions
  2. Sets up the network interface to connect to the internet
  3. Specifies specific packages to install. Notice some of these are both x86 and i686.
  4. Finally, tries to download and install the EPMVirt rpm which provides customization for all remaining steps.
For reference, details of the install are logged to /root/ks-post.log



Provided the automated install runs successfully, you will have Oracle Linux installed with packages required for installing EPM and the Oracle Database, along with a custom EPMVirt package. The EPMVirt package is where most of the magic happens. The next installment will provide details. Stay tuned. 


A Look Inside EPMVirt: The EPMVirt RPM Package

December 30, 2016, 10:01 pm
$
0
0

The EPMVirt RPM is what deploys all the custom automation scripts and OS configurations needed to perform the EPM installation.

An RPM consists of a .spec file, which contains the configuration details for the RPM. I

The rpm can  be built with the following command:
cd ~/rpmbuild/$VERSION/ 
rpmbuild -ba --define "_topdir $PWD" --clean SPECS/epmvirt.spec
Building will generate a new RPM package such as:
epmvirt-11.1.2.4.0-4.x86_64.rpm
The spec file is split into a few basic sections. The top contains basic info on the version and prerequisites for the package. 

The %pre section setups up the oracle user and dba group for the Oracle database installation. 
The main purpose of the RPM is to lay out the automation scripts needed to build EPM. The %install section lays out the files onto the user's system. The %files section defines the files that are part of the rpm. 

Finally, the post section kicks off the first automation script, which is desribed in more detail below.

The spec file contents look like this:

[root@localhost SPECS]# cat epmvirt.spec
Summary: Virtual Environment
Name: epmvirt
Version: 11.1.2.4.0
Release: 4
License: GPL
Group: Oracle EPM
URL: epm-errors.blogspot.com
Source0: %{name}-%{version}.tar.gz
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
Requires: unixODBC, openssl098e, numactl, zip, emacs, unzip, xauth, xdpyinfo, compat-libcap1, libstdc++-devel, sysstat, gcc, gcc-c++, ksh, libaio, libaio-devel, lsof, /usr/lib/libg.a, /lib/libgcc_s.so.1, /usr/lib/libnss_compat.so, /usr/lib/libstdc++.so.5, /usr/lib/libstdc++.so.6, /usr/lib64/libnsl.so, /usr/lib64/libstdc++.so.5

%description
%prep
rm -rf $RPM_BUILD_ROOT
%setup -q 

%pre
groupadd -f dba
groupadd -f oinstall
id -u oracle &>/dev/null || useradd -G dba oracle


%build

%install 
# dirs
install -m 0755 -d $RPM_BUILD_ROOT/u0
install -m 0755 -d $RPM_BUILD_ROOT/u0/automation
install -m 0755 -d $RPM_BUILD_ROOT/u0/install
install -m 0755 -d $RPM_BUILD_ROOT/u0/install/downloads
install -m 0755 -d $RPM_BUILD_ROOT/u0/automation/root
install -m 0755 -d $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 -d $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 -d $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 -d $RPM_BUILD_ROOT/u0/automation/database



# files

install -m 0755 u0/automation/startAll.sh $RPM_BUILD_ROOT/u0/automation
install -m 0755 u0/automation/startDB.sh $RPM_BUILD_ROOT/u0/automation
install -m 0755 u0/automation/startDB.sql $RPM_BUILD_ROOT/u0/automation

install -m 0755 u0/automation/root/start.sh $RPM_BUILD_ROOT/u0/automation/root
install -m 0755 u0/automation/root/start_main.sh $RPM_BUILD_ROOT/u0/automation/root
install -m 0755 u0/automation/root/startOver.sh $RPM_BUILD_ROOT/u0/automation/root

install -m 0755 u0/automation/database/db.rsp $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/ENV.env $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/init.ora $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/installDB_1.sql $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/install_DB_create_db.sql $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/install_DB_create_objects.sql $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/listener.ora $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/sqlnet.ora $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/tnsnames.ora $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/installDB.sh $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/installDB_main.sh $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/dropAll.sql $RPM_BUILD_ROOT/u0/automation/database
install -m 0755 u0/automation/database/recreateDB.sh $RPM_BUILD_ROOT/u0/automation/database



install -m 0755 u0/automation/epm/EPMconfig_Essbase.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm//EPMconfig_Disc.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_CalcMgr.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_ReconfigWeb.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_RA.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_Profit.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_Plan.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_HFM.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_Foundation.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_FDMEE.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/EPMconfig_EssbaseStudio.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/silentInstall.xml $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/installAll.sh $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/installAll_main.sh $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/configAll.sh $RPM_BUILD_ROOT/u0/automation/epm
install -m 0755 u0/automation/epm/configAll_main.sh $RPM_BUILD_ROOT/u0/automation/epm

install -m 0755 u0/automation/epm/boost_libs/libboost_date_time.so.1.48.0 $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/libboost_filesystem.so.1.48.0 $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/libboost_locale.so.1.48.0 $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/libboost_regex.so.1.48.0 $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/libboost_system.so.1.48.0 $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/libboost_thread.so.1.48.0 $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/hfm_post_install_steps.sh $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/hfm_post_install_steps_helper.sh $RPM_BUILD_ROOT/u0/automation/epm/boost_libs
install -m 0755 u0/automation/epm/boost_libs/odbc.ini $RPM_BUILD_ROOT/u0/automation/epm/boost_libs

install -m 0755 u0/automation/apps/createApps.sh $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/insertPlanDS.sh $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/insertPlanDS.sql $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/loadPlanData.maxl $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/PLANDEMO.zip $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/RA.zip $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/pwgen.java $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/ImportHFM1.xml $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/HFM-COMMA4DIM.zip $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/HFMTuning.sh $RPM_BUILD_ROOT/u0/automation/apps
install -m 0755 u0/automation/apps/HFMTuning.sql $RPM_BUILD_ROOT/u0/automation/apps

install -m 0755 u0/automation/extractFiles.py  $RPM_BUILD_ROOT/u0/automation
install -m 0755 u0/automation/extractFiles.sh  $RPM_BUILD_ROOT/u0/automation
install -m 0755 u0/automation/buildEPMvirt.sh  $RPM_BUILD_ROOT/u0/automation
install -m 0755 u0/automation/buildEPMvirt.py  $RPM_BUILD_ROOT/u0/automation
install -m 0755 u0/automation/restartEPM.sh  $RPM_BUILD_ROOT/u0/automation


%clean



%files
%defattr(-,oracle,dba,-)
%dir /u0
%dir /u0/automation
%dir /u0/install
%dir /u0/install/downloads
%dir /u0/automation/root
%dir /u0/automation/database
%dir /u0/automation/epm
%dir /u0/automation/epm/boost_libs

/u0/automation/startAll.sh
/u0/automation/startDB.sh
/u0/automation/startDB.sql

/u0/automation/root/start.sh
/u0/automation/root/start_main.sh
/u0/automation/root/startOver.sh

/u0/automation/database/db.rsp
/u0/automation/database/ENV.env
/u0/automation/database/init.ora
/u0/automation/database/installDB_1.sql
/u0/automation/database/install_DB_create_db.sql
/u0/automation/database/install_DB_create_objects.sql
/u0/automation/database/listener.ora
/u0/automation/database/sqlnet.ora
/u0/automation/database/tnsnames.ora
/u0/automation/database/installDB.sh
/u0/automation/database/installDB_main.sh
/u0/automation/database/dropAll.sql
/u0/automation/database/recreateDB.sh

/u0/automation/epm/EPMconfig_Essbase.xml
/u0/automation/epm/EPMconfig_Disc.xml
/u0/automation/epm/EPMconfig_CalcMgr.xml
/u0/automation/epm/EPMconfig_ReconfigWeb.xml
/u0/automation/epm/EPMconfig_RA.xml
/u0/automation/epm/EPMconfig_Profit.xml
/u0/automation/epm/EPMconfig_Plan.xml
/u0/automation/epm/EPMconfig_HFM.xml
/u0/automation/epm/EPMconfig_Foundation.xml
/u0/automation/epm/EPMconfig_FDMEE.xml
/u0/automation/epm/EPMconfig_EssbaseStudio.xml
/u0/automation/epm/silentInstall.xml
/u0/automation/epm/installAll.sh
/u0/automation/epm/installAll_main.sh
/u0/automation/epm/configAll.sh
/u0/automation/epm/configAll_main.sh

/u0/automation/epm/boost_libs/libboost_date_time.so.1.48.0 
/u0/automation/epm/boost_libs/libboost_filesystem.so.1.48.0
/u0/automation/epm/boost_libs/libboost_locale.so.1.48.0
/u0/automation/epm/boost_libs/libboost_regex.so.1.48.0 
/u0/automation/epm/boost_libs/libboost_system.so.1.48.0 
/u0/automation/epm/boost_libs/libboost_thread.so.1.48.0 
/u0/automation/epm/boost_libs/hfm_post_install_steps.sh
/u0/automation/epm/boost_libs/hfm_post_install_steps_helper.sh
/u0/automation/epm/boost_libs/odbc.ini

/u0/automation/apps/createApps.sh
/u0/automation/apps/insertPlanDS.sh
/u0/automation/apps/insertPlanDS.sql
/u0/automation/apps/loadPlanData.maxl
/u0/automation/apps/PLANDEMO.zip
/u0/automation/apps/RA.zip
/u0/automation/apps/pwgen.java
/u0/automation/apps/ImportHFM1.xml
/u0/automation/apps/HFM-COMMA4DIM.zip
/u0/automation/apps/HFMTuning.sh
/u0/automation/apps/HFMTuning.sql

/u0/automation/extractFiles.py
/u0/automation/extractFiles.sh
/u0/automation/buildEPMvirt.sh
/u0/automation/buildEPMvirt.py
/u0/automation/restartEPM.sh
%doc

%post

cd /u0/automation/root
./start.sh

%changelog
* Thu Oct 23 2014 root <root@localhost.localdomain> - 
- Initial build.

# Don't try fancy stuff like debuginfo, which is useless on binary-only
# packages. Don't strip binary too
# Be sure buildpolicy set to do nothing
%define        __spec_install_post %{nil}
%define          debug_package %{nil}
%define        __os_install_post %{_dbpath}/brp-compress


Finally,
cd /u0/automation/root
./start.sh
        kicks off start_main.sh with the log going to /u0/automation/root/start.log


#!/bin/bash
echo oracle | passwd oracle --stdin

mkdir /u0
mkdir /u0/install
chown -R oracle:dba /u0

# add sudo ability for oracle root.sh scripts
chmod 700 /etc/sudoers
echo "oracle ALL=NOPASSWD: /u0/app/oracle/product/12.1.0/dbhome_1/root.sh">> /etc/sudoers
echo "oracle ALL=NOPASSWD: /u0/app/oraInventory/orainstRoot.sh">> /etc/sudoers
# allow non-tty sudo for startup of oracle services as root in rc.local
perl -p -i -e 's/Defaults\s+requiretty/\#Defaults requiretty/g' /etc/sudoers
chmod 440 /etc/sudoers



echo "oracle soft nproc 2047">> /etc/security/limits.conf
echo "oracle hard nproc 16384">> /etc/security/limits.conf
echo "oracle soft nofile 1024">> /etc/security/limits.conf
echo "oracle hard nofile 65536">> /etc/security/limits.conf



echo "session required pam_limits.so">> /etc/pam.d/login



echo "fs.aio-max-nr = 1048576">> /etc/sysctl.conf
echo "fs.file-max = 6815744">> /etc/sysctl.conf
echo "kernel.shmall = 2097152">> /etc/sysctl.conf
echo "kernel.shmmax = 2684329984">> /etc/sysctl.conf

echo "kernel.shmmni = 4096">> /etc/sysctl.conf
echo "kernel.sem = 250 32000 100 128">> /etc/sysctl.conf
echo "net.ipv4.ip_local_port_range = 9000 65500">> /etc/sysctl.conf
echo "net.core.rmem_default = 262144">> /etc/sysctl.conf
echo "net.core.rmem_max = 4194304">> /etc/sysctl.conf
echo "net.core.wmem_default = 262144">> /etc/sysctl.conf
echo "net.core.wmem_max = 1048576">> /etc/sysctl.conf

/sbin/sysctl -p

echo "oracle soft nproc 2047">> /etc/security/limits.conf
echo "oracle hard nproc 16384">> /etc/security/limits.conf
echo "oracle soft nofile 4096">> /etc/security/limits.conf
echo "oracle hard nofile 65536">> /etc/security/limits.conf
echo "oracle soft stack 10240">> /etc/security/limits.conf

echo "source /home/oracle/*.env">> /home/oracle/.bashrc
echo "ulimit -n 10000">> /home/oracle/.bashrc

echo "nohup sudo -u oracle -i /u0/automation/startAll.sh &">> /etc/rc.local

# needed for WL admin server.
echo "127.0.0.1 epmvirt">> /etc/hosts

chkconfig iptables off
service iptables stop
ln -s /u0/install/downloads/ /home/oracle/downloads

ln -s /u0/automation/buildEPMvirt.sh /bin/buildEPMvirt

What's going on? 
  1. Give oracle user the ability to do sudo for running "root.sh" during the Oracle installation
  2. Setup kernel parameters for Oracle and EPM
  3. Add startAll.sh to rc.local file to start EPM on boot

The other important thing the RPM does is setup the file system structure under /u0 and give rights to the oracle user. At this point, the root user has given all the necessary security and rights to the oracle user to perform the remaining installs. The rest of the installation is done as the oracle user.

Now that we understand how the OS was installed, and the EPMVirt RPM, the next thing to understand is the actual automation scripts. These scripts perform all of the actual installation and configuration tasks. Details will come in the next post... 

A Look Inside EPMVirt: Automation Scripts - buildEPMVirt

January 1, 2017, 9:47 pm
$
0
0
Finally, in this installment, we will look at the automation scripts. They control the actual installation and configuration of the Oracle EPM environment.

The automation scripts get deployed into /u0/automation.
There are three main automation areas:

  1. Installation and configuration of the Oracle Database (RDBMS)
  2. Installation and configuration of Hyperion/EPM
  3. Post install configuration and setup of EPM sample applications
They are denoted by the directories:
  /u0/automation/{apps, database, epm}

We will look at each of these in more detail below and expand on the areas. 

buildEPMVirt

buildEPMVirt the main script that is run when setting up EPMVirt. buildEPMVirt is a wrapper script that calls buildEPMVirt.py in /u0/automation. buildEPMVirt.py is the script that ties all these automation areas together. Let's take a look in more detail.

There is one note to bring up first... The scripts in EPMVirt are in a rather unpolished format. They are not intended to be examples of high quality python code. Rather, they are quick and dirty scripts created in my spare time to help get EPMVirt working. Please excuse the ugly code and hacks.

buildEPMVirt can be broken down simply by this script flow:
  1. extractFiles.sh - Unzips all the downloaded files
  2. database/installDB.sh - Installes the Oracle Database and configures tablespaces/schemas for EPM
  3. epm/installAll.sh - Runs the EPM installer using response files
  4. epm/configAll.sh - Runs the EPM configuration using response files
  5. apps/insertPlanDS.sh - Creates a planning datasource for the sample planning app. 
  6. start all EPM services - Runs EPM start.sh
  7. apps/createApps.sh - LCM Imports some sample apps
Lastly, the buildEPMVirt script checks each step for expected output and tries to detect any errors along the way. Ideally, if errors crop up, the script will fail and let you fix the issue. If the script completes, it is a fairly good indication that the install was successful.


The full listing of the buildEPMVirt.py script is below:
from subprocess import call
import os
import sys
import glob
import time

EXPECTED_EPM_INSTALL_PASS_COUNT=72

STEP_NUM = 0
STOP_NUM = 99999
if len(sys.argv) == 2:
  STEP_NUM = int(sys.argv[1])
elif len(sys.argv) == 3:
  STEP_NUM = int(sys.argv[1])
  STOP_NUM = int(sys.argv[2])

if STEP_NUM:
  print "Starting at %s, stopping at %s" % (STEP_NUM, STOP_NUM)

def IsInFile(str, file):
  if not os.path.exists(file):
    return False
  with open(file, 'r') as f:
    return str in f.read()

def CheckDatabase():
    if IsInFile("Connected to:", "/tmp/DBResults"):
      print "DB Connection OK!"
    else:
      print "Db connection failed. Exiting..."
      sys.exit(-1)

def CheckEPMInstall():

  fname = glob.glob("/u0/Oracle/Middleware/EPMSystem11R1/diagnostics/logs/install/installTool-summary*.log")[0]
  with open(fname, 'r') as f:
    contents = f.read()
  pass_count = contents.count("Pass")
  if pass_count == EXPECTED_EPM_INSTALL_PASS_COUNT:
    print "EPM Install Component Count OK."
  else:
    print "EPM Installer failed Pass check (%s vs %s). Exiting..." % (pass_count, EXPECTED_EPM_INSTALL_PASS_COUNT)
    sys.exit(-1)

def CheckEPMConfig():
  if IsInFile("Fail", "/u0/Oracle/Middleware/user_projects/epmsystem1/diagnostics/logs/config/configtool_summary.log"):
    print "EPM Config failed. Exiting..."
    sys.exit(-1)
  else:
    print "EPM Config OK..."


print "Starting at %s, stopping at %s" % (STEP_NUM, STOP_NUM)
my_step = 0

if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Extracting files..."
  time.sleep(10)
  call(["/u0/automation/extractFiles.sh", ])
  if not os.path.exists("/u0/install/epm/jre"):
    print "Error Exacting Files..."
    sys.exit(-1)

my_step = 1
if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Installing Database..."
  time.sleep(10)
  call(["/u0/automation/database/installDB.sh", ])
  CheckDatabase()

my_step = 2
if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Installing EPM..."
  time.sleep(10)
  call(["/u0/automation/epm/installAll.sh", ])
  CheckEPMInstall()

my_step = 3
if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Configuring EPM..."
  time.sleep(10)
  call(["/u0/automation/epm/configAll.sh", ])
  CheckEPMConfig()

my_step = 4
if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Configuring APPS (preinstall)..."
  time.sleep(10)
  call(["/u0/automation/apps/insertPlanDS.sh", ])

my_step = 5
if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Starting EPM..."
  call(["/u0/Oracle/Middleware/user_projects/epmsystem1/bin/start.sh", ])

my_step = 6
if my_step >= STEP_NUM and my_step < STOP_NUM:
  print "Running step number %s" % my_step
  print "Installing APPS..."
  time.sleep(10)
  call(["/u0/automation/apps/createApps.sh", ])
print """
Installation Complete!
"""
Essentially buildEPMVirt is just a wrapper script that ties together a few other automation scripts and does some quick error checking. To get more details we need to look at all the automation scripts listed above. Let's start with extractFiles.sh.

extractFiles.py

The extractFiles.sh script simply calls extractFiles.py while redirecting the output for logging via the "tee" command. Most of the scripts in EPMVirt use the tee command like this to capture output to a log file while displaying the output on the screen.
#!/bin/sh
python /u0/automation/extractFiles.py  2>&1 | tee /u0/automation/extractFiles.log
The basic flow of extractFiles.py is:

Loop through a list of zip files and run the unzip command. 
If a file is not found it should throw an error. This  ensures you have all the files needed to run the EPM install. Finally, there is some ugly code to extract the Oracle DB files into a separate directory than the EPM files. Specifically, EPM is extracted to /u0/install/epm while the database installer is extracted to /u0/install/oracle_db.

 Full contents of extractFiles.py
import os
from subprocess import call
import sys
import getpass 
ISTESTING = False
required = ("linuxamd64_12102_database_se2_1of2.zip",
            "linuxamd64_12102_database_se2_2of2.zip",
            "Foundation-11124-linux64-Part1.zip",
            "Foundation-11124-linux64-Part2.zip",
            "Foundation-11124-Part3.zip",
            "Foundation-11124-linux64-Part4.zip",
            "Essbase-11124-linux64.zip",
            "Apps-11124-linux64.zip",
           )
base_dir = "/u0/install/downloads"
def check_downloads():
  for file in required:
    fpath = "%s/%s" % (base_dir, file)
    if not os.path.exists(fpath):
      if not ISTESTING:
        print "Error, required file not not found, %s" % fpath
        sys.exit()
    else:
      print "Found %s" % fpath
def extract(archive, dest):
  call(["unzip", "-o", "-d", dest, archive])

if not getpass.getuser() == "oracle":
  print "Error, you must be oracle user to run this script."
  sys.exit(-1)

check_downloads()
for file in required:
  fpath = "%s/%s" % (base_dir, file)
  if not os.path.exists(fpath):
    print "Not found, skipping... %s" % fpath
    continue
  epm_path = "/u0/install/epm"
  db_path = "/u0/install/oracle_db"
  if "-111" in os.path.basename(fpath):
    extract(fpath, epm_path)
  else:
    extract(fpath, db_path)
  # get rid of the original download to save space
  if not ISTESTING:
    os.remove(fpath);

Now that we have discussed the wrapper script, buildEPMVirt, and the extractFiles.py (step 1 from above) the next two blog posts will focus on the automated database install (step 2 from above) and the automation scripts for EPM (steps 3-7 from above). 

A Look Inside EPMVirt: Automation Scripts - Oracle Database

January 4, 2017, 10:06 pm
$
0
0
Continuing on with the EPMVirt deep dive I will now discuss the automated installation and configuration of the Oracle Database for EPM.

The simple method for configuring a new Oracle database is to use the Database Creation Utility (dbca), a GUI interface to help run the proper SQL for creating a new database. For EPMVirt we will run the database creation manually using SQL scripts.

The script to perform the install is:
/u0/automation/database/installDB.sh which calls installDB_main.sh

Let's break down this script,

The first part lays out the Oracle binaries by running a silent installer via response file for the Oracle Database:
/u0/install/oracle_db/database/runInstaller -silent -waitforcompletion -showProgress -responseFile /u0/automation/database/db.rsp

Next, we the required root.sh scripts using sudo
sudo /u0/app/oracle/product/12.1.0/dbhome_1/root.sh
sudo /u0/app/oraInventory/orainstRoot.sh
 Then make some necessary directories, setup the environment file, and listener using templates that come in the EPMVirt rpm:
mkdir -p /u0/app/oracle/admin/$SID/arch
mkdir -p /u0/app/oracle/admin/$SID/flash_recovery_area
mkdir -p /u0/app/oracle/oradata/$SID/
mkdir -p /u0/app/oracle/admin/$SID/adump
mkdir -p $TNS_ADMIN
#Set up listener:
# Not supported by HFM in 11.1.2.4
#cp /u0/automation/database/sqlnet.ora $TNS_ADMIN
cp /u0/automation/database/listener.ora $TNS_ADMIN
perl -p -i -e s/__SID__/$SID/g $TNS_ADMIN/listener.ora
cp /u0/automation/database/tnsnames.ora $TNS_ADMIN
perl -p -i -e s/__SID__/$SID/g $TNS_ADMIN/tnsnames.ora
The perl -p -i -e does a regular expression global string replace within the template file.

Setup the init.ora for the initial database configuration.  Most of the configuration comes from a template file that is prepackaged in the EPMVirt RPM. This file specifies the memory/RAM allocation for the database and many other important features. This is important because we need to specify enough RAM for the database to operate properly, but not too much since it is a virtual environment running in a small footprint.
cp /u0/automation/database/init.ora $ORACLE_HOME/dbs/init$SID.ora
perl -p -i -e s/__SID__/$SID/g $ORACLE_HOME/dbs/init$SID.ora
convert the init.ora into a spfile:
sqlplus / as sysdba < /u0/automation/database/installDB_1.sql
Next we run the create database command:

# create the DB:
cp /u0/automation/database/install_DB_create_db.sql /tmp/
perl -p -i -e s/__SID__/$SID/g /tmp/install_DB_create_db.sql
sqlplus / as sysdba < /tmp/install_DB_create_db.sql

The basic database creation sql is:
 CREATE DATABASE __SID__
   USER SYS IDENTIFIED BY orcl
   USER SYSTEM IDENTIFIED BY orcl
   LOGFILE GROUP 1 ('/u0/app/oracle/oradata/__SID__/Online-Redo-Log-01a.rdo') SIZE 50M,
           GROUP 2 ('/u0/app/oracle/oradata/__SID__/Online-Redo-Log-02a.rdo') SIZE 50M,
           GROUP 3 ('/u0/app/oracle/oradata/__SID__/Online-Redo-Log-03a.rdo') SIZE 50M
   MAXLOGFILES 16
   MAXLOGMEMBERS 3
   MAXLOGHISTORY 4090
   MAXDATAFILES 100
   CHARACTER SET AL32UTF8
   NATIONAL CHARACTER SET AL16UTF16
   DATAFILE '/u0/app/oracle/oradata/__SID__/system01.dbf' SIZE 50M REUSE autoextend on
   SYSAUX DATAFILE '/u0/app/oracle/oradata/__SID__/sysaux01.dbf' SIZE 50M REUSE autoextend on
   DEFAULT TABLESPACE users
      DATAFILE '/u0/app/oracle/oradata/__SID__/users01.dbf'
      SIZE 100M REUSE
   DEFAULT TEMPORARY TABLESPACE TEMP
      TEMPFILE '/u0/app/oracle/oradata/__SID__/temp01.dbf'
      SIZE 50M REUSE autoextend on
   UNDO TABLESPACE undotbs1
      DATAFILE '/u0/app/oracle/oradata/__SID__/undotbs01.dbf'
      SIZE 50M REUSE autoextend on;

@/u0/app/oracle/product/12.1.0/dbhome_1/rdbms/admin/catalog.sql
@/u0/app/oracle/product/12.1.0/dbhome_1/rdbms/admin/catproc.sql

Note the two scripts at the end, catalog.sql and catproc.sql manually run the database scripts to setup the Oracle metadata typically found in the database such as V$ views and dba_ tables. These scripts take quite a bit of time to run and you will see a lot of SQL commands running as the internals of the database get created.

Another script to populate metadata:
 sqlplus system/orcl < /u0/app/oracle/product/12.1.0/dbhome_1/sqlplus/admin/pupbld.sql

Finally, create the EPM database objects:
# Create the objects:
cp /u0/automation/database/install_DB_create_objects.sql /tmp/
perl -p -i -e s/__SID__/$SID/g /tmp/install_DB_create_objects.sql
sqlplus / as sysdba < /tmp/install_DB_create_objects.sql


And startup the listener for use:
# start listener
lsnrctl start $SID

The contents of install_DB_create_objects.sql is:
create tablespace EPM_OBJECTS        datafile '/u0/app/oracle/oradata/__SID__/EPM_OBJECTS_01.dbf'       size 50M autoextend on,                                              '/u0/app/oracle/oradata/__SID__/EPM_OBJECTS_02.dbf'       size 50M autoextend on   

CREATE USER EPM_HSS       IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_RA        IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_CALC      IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_HPSYS     IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_HPAPP1    IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_ESTUDIO   IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_EAS       IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_PROFIT    IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_FDMEE     IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_DISC      IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;
CREATE USER EPM_HFM       IDENTIFIED BY PWD DEFAULT TABLESPACE EPM_OBJECTS temporary tablespace TEMP profile DEFAULT;

ALTER USER EPM_HSS      QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_RA       QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_CALC     QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_HPSYS    QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_HPAPP1   QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_ESTUDIO  QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_EAS      QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_PROFIT   QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_FDMEE    QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_DISC     QUOTA UNLIMITED ON EPM_OBJECTS;
ALTER USER EPM_HFM      QUOTA UNLIMITED ON EPM_OBJECTS;


create role EPM_ROLE;

grant CREATE TABLE to EPM_ROLE;
grant CREATE SEQUENCE to EPM_ROLE;
grant CREATE VIEW to EPM_ROLE;
grant CREATE SESSION to EPM_ROLE;
grant CREATE PROCEDURE to EPM_ROLE;
grant CREATE TRIGGER to EPM_ROLE;
grant CREATE TYPE to EPM_ROLE;


grant EPM_ROLE to EPM_HSS, EPM_RA, EPM_CALC, EPM_HPSYS, EPM_HPAPP1, EPM_ESTUDIO, EPM_EAS, EPM_PROFIT, EPM_FDMEE, EPM_DISC, EPM_HFM;

What happens here is we create a single tablespace for EPM, create a myriad of schema/users for each product. For each schema we grant access to the EPM_OBJECTS tablespace, then finally give the schema the EPM_ROLE so it can login and create objects.

This concludes the database setup. The system is ready for the EPM installation. Keep in mind that this is just a test instance. These steps do not represent a production database configuration. Check the /u0/automation/database folder for full listing of the scripts discussed.

Viewing all 102 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>