My Experiences With SOA

Friday, May 13, 2011

Controlling the Size and Number of OPMN Debug logs generated

Incase you want to control the number and size of the files generated under SOA_HOME/opmn/logs directory, you can do that by adding few start up parameters in opmn.xml. Usually if these are not added, the debug files will grow over a period of time and will run out of space. (use du -csh * under logs directory to see space occupied by each sub-directory).

Usually the directory OC4J_SOA_xxxx which holds the *.out and *.err files consumes the most space. So to control that you can add below startup parameters for automatic recycling of these files.

<ias-component id="SOA" status="enabled">

<process-type id="OC4J_SOA" module-id="OC4J" status="enabled">

<module-data>

</category>

These 2 highlighted parameters control the size of each file as 10MB and number to 10. Older files are overwritten. Restart the server for changes to take affect.

Tuesday, May 10, 2011

Weblogic Admin Server Unable to Start after ip change of host.

After changing the ip address of the App Server host (say from xx.xx.xx.xx to yy.yy.yy.yy), the weblogic admin server is unable to start. Following error message is seen in log file.

<Error> <Server> <AdminServer> <DynamicListenThread[Default]> <<WLS Kernel>> <> <> <1305039521705> <BEA-002606> <Unable to create a server socket for listening on channel "Default". The address xx.xx.xx.xx might be incorrect or another process is using port 7001: java.net.BindException: Cannot assign requested address.>

After ip change make sure you have changed references to the ip address in below places:

If you have used the IP address, instead of the hostname, as the listen address of the WebLogic Server Administration Server. Make sure you change it in config.xml under $MW_HOME/user_projects/domains/domain_name/config directory.
Also ensure that the /etc/hosts or C:\Windows\system32\drivers\etc\hosts file is modified to point to the new ip address.

Restart the Admin Server and it should start up successfully now.

Tuesday, April 26, 2011

Using SFTP with Oracle SOA

A common requirement in integration projects is to transfer files in/out of a system in a secured manner. FTP is the usual protocol for transferring files and if additional security is required then SFTP (Secured FTP) is the way to go. In this post I would cover some of the ways FTP adapter can be configured in SOA 10g and 11g to make use of SFTP.

For additional details on FTP adapter configuration you can refer to the Oracle link
http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b28994/adptr_file.htm

SFTP supports couple of authentication mechanisms to ensure additional security on top of the FTP protocol.

Password authentication
Public Key authentication

In password authentication, the external site/vendor which hosts the FTP server shares a username/password combination which has to be configured on the SOA server. At runtime when a SFTP connection is attempted, the username/password is made use of for establishing the connection.

Similarly in Public key authentication, a private-public key pair is generated. The public key is shared with the external site/vendor which hosts the FTP server. At runtime when a SFTP connection is attempted, Fusion process will try to match the private key stored locally on SOA server with the public key on Remote FTP Server and do the authorization first before sending/posting the files.

The configuration information in either case is stored in SOA_HOME/j2ee/OC4J_SOA/application-deployments/default/FtpAdapter/oc4j-ra.xml (SOA 10g) or MW_HOME/Oracle_SOA1/soa/connectors/FtpAdapter.rar/weblogic-ra.xml (SOA 11g).

For Password authentication below are the properties which you need to set (oc4j-ra.xml sample shown below)

<config-property name="host" value="XXXXX"/>
<config-property name="port" value="22"/>
<config-property name="username" value="xxxxx"/>
<config-property name="password" value="xxxxx"/>
<config-property name="useSftp" value="true"/>
<config-property name="authenticationType" value="password"/>

For Public Key authentication below are the properties which you need to set (weblogic-ra.xml sample shown below)

<wls:property>
<wls:name>host</wls:name>
<wls:value>XXXX</wls:value>
</wls:property>

<wls:property>
<wls:name>port</wls:name>
<wls:value>22</wls:value>
</wls:property>

<wls:property>
<wls:name>useSftp</wls:name>
<wls:value>true</wls:value>
</wls:property>

<wls:property>
<wls:name>authenticationType</wls:name>
<wls:value>publickey</wls:value>
</wls:property>

<wls:property>
<wls:name>privateKeyFile</wls:name>
<wls:value>path of private key file</wls:value>
</wls:property>

Apart from above configuration steps incase of Public Key authentication we can follow below additional steps to generate the private-public key pair and do corresponding setup for that.

1. On Remote FTP Server ensure that /etc/ssh/sshd_config has below parameters set
   RSA Authentication Yes
   PubKey Authentication Yes
2. On SOA server, generate the Public/Private Key pair using below command
   ssh -keygen –t rsa
3. Once the public and private key are generated make a note of file path, file name etc.
4. Then copy the public key content to the Remote FTP Server . Login as the account with which the FTP has to be performed and put the public key content into file ~/.ssh/authorized_keys.
5. For modifying the weblogic-ra.xml in SOA 11g, extract the file from the FtpAdapter.rar file and after making changes repackage it using command (jar cvf FtpAdapter.rar .)

Incase you run into errors like below work with your network administrator to unblock the port 22 at firewall.
sftp xxxxx
Connecting to xxxxx...
ssh: connect to host xxxx port 22: Connection refused
Couldn't read packet: Connection reset by peer

Thats it ! Now you should be able to securely transfer files..

Monday, April 18, 2011

Configuring FTP Adapter in SOA 10g Cluster for High Availability

If you have a 2 Node cluster environment for SOA 10g, it is essential that the FTP adapter is configured in an Active/Passive manner. Otherwise you may run into situations where both nodes are trying to read the same file from the remote FTP server and this will lead to duplicate files entering the system.

The reason for duplicates is because FTP adapter on each node will maintain its own control file(locally) where it stores the last read time of the file. So if a file has already been read by Node1, there are chances that after server restart the same file may be picked by Node2 as well because the time maintained in control files is out-of-sync on both nodes.

There are couple of good articles published by Oracle for this specific configuration. The base idea of the solution is to have the control file on a shared folder which is accessible by both nodes.

Step1:
=====
Make sure the FTP adapters are configured in Singleton mode i.e BPEL clusterName value specified in $ORACLE_HOME/bpel/system/config/collaxa-config.xml should be different from the Adapters clusterGroupId property set inside bpel.xml of the BPEL project.

Also the Multicast host and port in jgroups-properties.xml file should be same on both nodes.

Step2:
=====
Once step1 has been ensured, you should create a folder on a shared file system. Either use an external share storage or you can create a shared directory on one node and use NFS share to mount it on the other node. Either ways make sure the folder has write permissions from both nodes. This folder will store the control files.

Next backup and edit the $ORACLE_HOME/bpel/system/service/config/pc.properties file on each node and set the below property oracle.tip.adapter.file.controldirpath to the shared folder name

Restart the servers for the change to take effect and test the scenario.

Tuesday, April 5, 2011

ORABPEL-05215 Error while deploying BPEL processes

Was working on some SOA 10g deployments recently and came across this error.

ORABPEL-05215

Error while loading process. The process domain encountered the following errors while loading the process "XXXXXX" (revision "1.0"): null.

If you have installed a patch to the server, please check that the bpelcClasspath domain property includes the patch classes.

Tried looking into the opmn logs and nothing additional was mentioned there. This was a simple BPEL process and didn't have any embedded java code. So definitely wasn't an issue with classpath settings.

On further checking found that the ORACLE_HOME and PATH used by my build scripts were pointing to Jdev 10.1.3.5 directory. However the SOA Suite version was 10.1.3.4.

Downloading 10.1.3.4 Jdev and pointing ORACLE_HOME and PATH to this directory worked ! So when you encounter this error ensure that SOA Suite version matches your JDeveloper version.

Friday, March 25, 2011

java.sql.SQLSyntaxErrorException: ORA-02089: COMMIT is not allowed in a subordinate session

While trying to call a stored procedure from Oracle SOA 11g BPEL it throws below error
"java.sql.SQLSyntaxErrorException: ORA-02089: COMMIT is not allowed in a subordinate session".

If you are using Global Transactions(XA) in your DB Adapter then the commit will happen only after the BPEL process completes. To avoid the above error :

1. Make sure you don't have explicit commits within the stored procedure as BPEL tries to manage the transaction commit and there is a conflict if the stored proc. has an explicit commit inside it.

2. Also you can use local transactions(non-XA) in your DB Adapter if you don't want to wait till the process is over for the commit to happen.

Monday, February 14, 2011

flowN for parallel processing in BPEL

Recently I came across a requirement where I had to implement parallel processing in my BPEL. Basically had to post some data to SAP system and was asked to work with multiple connections to increase the throughput. FlowN activity is ideal for this scenario as I had to perform similar processing on different messages/payload. Also this gave me the flexibility to increase the number of parallel flows incase a higher throughput was desired later without making any change to code (set the number of flows desired as a BPEL preference and assign the same to the FlowN variable).

However I did one mistake, which was not creating a Scope inside FlowN and have the variables defined locally inside that scope. When FlowN gets executed this scope should be processed parallely but with different message/payload based on the IndexVariable. Since I had declared the variables globally so at runtime it wasn't executing the parallel flows correctly and always used the payload/message of 1st flow.

<assign name="Set_Counter">
  <copy>
     <from expression="ora:getPreference('NumberOfFlows')"/>
        <to variable="NumOfFlowsToBeProcessed"/>
    </copy>
</assign>

<bpelx:flowN name="Parallel_Flow"
  N="bpws:getVariableData('NumOfFlowsToBeProcessed')"
  indexVariable="Parallel_Flow_Variable">
   <scope name="FlowN_Scope">
       <variables>
           <variable name="Invoke_WS_InputVariable"/>
              ...
       </variables>       
  <sequence name="Sequence_1">
           <assign name="Assign_Input">
               <copy>
                 <from variable="Fetch_Variable"
                   part="part1"
                   query="/ns1:ListOfData/ns1:Data[$Parallel_Flow_Variable]/ns1:name"/>
                  <to variable="Invoke_WS_InputVariable"
                   part="payload"
                   query="/ns2:DataList/ns2:Data/ns2:name"/>
                </copy>

Correct usage is as shown in above code snippet. Using local variables inside the FlowN scope should allow the parallel flows to execute correctly.

A nice read about True Parallelism in BPEL FlowN activity.
true-parallellism-of-the-oracle-bpel-pm-flow-activity