We have a customer with DCO installed on Red Hat Linux.
I have an issue with ETL database creation. When I tried to create new database, I got "Internal error during add,see logs" message.
In the server.log file I see lines (some info truncated):
INFO Scheduling action 'UPDATE ACCESS FILES' with info: ''
ERROR Could not build session factory: org.postgresql.util.PSQLException: FATAL: pg_hba.conf rejects connection for host
WARN Did not get valid session in first try. Trying again: java.lang.IllegalStateException: Cannot open session on null session factory for: com.apc.etl.model
ERROR EJB Invocating failed on component ETLSessionHelper for method public abstract org.hibernate.Session com.apc.etl.model.ISessionHelper.openSession(com.apc.etl.model.ETLConfig): javax.ejb.EJBTransactionRolledbackException: Cannot open session on null session factory for
INFO An exception occured while checking and creating the necessary database. Please make sure database and etl-configuration is setup correctly
WARN SQL Error : 0, SQLState: null
ERROR IJ031070: transaction cannot proceeded: STATUS_MARKED_ROLLBACK
ERROR WFLYEJB0034: EJB Invocation failed on component userPersistenceHandlerImpl for method abstract com.apc.product.services.users.ModifiableUser com.apc.product.services.users.UserPersistenceHandler.getUserByName(java.lang.String,boolean): javax.ejb.EJBTransactionRolledbackException: could not prepare statement.
I suppose this is happens because of strict security requirements and dco platform user have no enough permissions to make changes on the system.
Could you advice what permissions are needed for users used by DCO in operation system and what we need to do to get fully operational system?
Thank you in advance!
Are you able to share the etl.log and server.log files from the DCO server?
Which version of DCO are they running?
DCO is running correctly (i.e. the customer is not having difficulty saving changes and so on)?
Are they able to complete a task like create a DCO backup?
If DCO is installed correctly it normally has the permissions it needs to complete tasks like this. They might break for example of the /etc/sudoers file was not properly set to allow the DCO services proper root access when needed.
When creating an ETL database, the database itself is created along with the user credentials allowed to access it.
This is the same customer which have desktop client performance issues I wrote about.
They use DCO 8.3.2. I'm not sure if DCO running totally right because application status is Down. In fact application is running but with some issues like that or sensor placement described in my another post.
Backup tasks performs correctly. I will try to get log files and attach it.
Do we have info what permissions should be granted?
At least we need to check sudoers file and add DCOjboss and DCOplat users? Any additional permissions?
There are strong security requirements and everything that is not allowed is prohibited. I need to inform customer's administrators what we need.
Yes, if the application status is down then some investigation is needed as something is wrong somewhere.
This is the requirements page for RH 7.x
Pay particular attention to this section as the "sudoers" part it critical.
Note: If special configuration has been done, ensure the sudoers file
/etc/sudoers includes the following lines before installing or upgrading:
## Allow root to run any commands anywhere root ALL=(ALL) ALL ## Read drop-in files from /etc/sudoers.d (the # here does not mean a comment) #includedir /etc/sudoers.d
If, for security reasons, you do not want to enable one or both of the above lines, contact Technical Support for a list of changes needed for the installation to proceed. For optimum support, supply your sudoers configuration in your support request.
The following system changes are applied during installation of the IT Advisor software.
Here is logs attached.
I tried to change hb_pga.conf manually and set "allow all" string:
host all all 0.0.0.0/0 md5
After that I was able to add new ETL database.
Could you advice if changing sudoers file should be enough or this is just a first step to investigation?
What other steps could be performed?
There are lots of errors in the server.log file which is consistent with the problems you logged regarding the inability to create the ETL database as it appears at some point there were problems connecting to the postgres database.
Is there a chance we can get a full set of log files from this server so we can view the postgres logs as well as the original cause of the problem may be there.
It does appear something occurred which caused DCO/ITA to have problems communicating with the database which appears to have contributed to the problem you noticed when trying to create the ETL database.
The postgres-debug.log you send was real recent, is there a debug log on the customers server which has log entries from the August 17th to 19th timeframe?
Discuss challenges and get support in energy and automation with 30,000+ experts and peers.
Over 10,000+ support articles are available to help you find answers to your product and business challenges.
Find peer based solutions to your questions. Provide answers for fellow community members!