Sunday, November 21, 2010

Peoplesoft OVM CRM9.1

Earlier in September the Peoplesoft OVM CRM9.1 template has been released, announced here.
It’s now time to test, see how it is working after the
HCM9.1 and PS9.1 templates.

It is available on
http://edelivery.oracle.com/linux – check for the templates 64bits, : Peoplesoft VM Templates for CRM 9.1 Release Media Pack v1 for x86 (64 bit).
There are two templates, one for the database, one for the app/batch/PIA.

I’ll skip all the steps regarding Oracle VM Manager, Oracle VM Server configuration, uncompress and import of the template since this is the same exercise I did last year for HCM9.1, please if you want to know more, have a look to the tutorial on the top-right of the main blog page. I’ll start the description below from the starting of the new VM.

1. The database server

Select the VM and click on “Power On”
PSOVM_CRM91_023 
Then on console (be fast otherwise it will be configured as DHCP that you certainly don’t want). 
PSOVM_CRM91_024
PSOVM_CRM91_025
PSOVM_CRM91_026
Give all what it needs, IP address and so on :
PSOVM_CRM91_027PSOVM_CRM91_029PSOVM_CRM91_030
Here below, (as usual on Peoplesoft template, I do not know if that’s the same for all Oracle template containing database software), we got the CSS error (this step takes quite a while). Whether it fails that is not an issue for the next steps : 
PSOVM_CRM91_032  
It continues, give the database name, it will create new controlfiles.
PSOVM_CRM91_033PSOVM_CRM91_034 
And it is done.
PSOVM_CRM91_035

Few notes
1.1 I choose the database to start on server boot, but it won’t (same for previous HCM and PS templates).
[oracle@psovmcrmdb ~]$ more /etc/oratab
orcl:/u01/app/oracle/product/11.1.0/db_1:N

1.2 Note, the service is your_db_name.us.oracle.com :
[oracle@psovmcrmdb ~]$ lsnrctl status

LSNRCTL for Linux: Version 11.1.0.7.0 - Production on 21-NOV-2010 02:26:30

Copyright (c) 1991, 2008, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=psovmcrmdb)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.1.0.7.0 - Production
Start Date                21-NOV-2010 02:18:00
Uptime                    0 days 0 hr. 8 min. 30 sec
Trace Level               off
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /u01/app/oracle/product/11.1.0/db_1/network/admin/listener.ora
Listener Log File         /u01/app/oracle/product/11.1.0/db_1/log/diag/tnslsnr/psovmcrmdb/listener/alert/log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=psovmcrmdb)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Services Summary...
Service "C91TMPLT.us.oracle.com" has 1 instance(s).
  Instance "C91TMPLT", status READY, has 1 handler(s) for this service...
Service "C91TMPLT_XPT.us.oracle.com" has 1 instance(s).
  Instance "C91TMPLT", status READY, has 1 handler(s) for this service...
Service "XDB.us.oracle.com" has 1 instance(s).
  Instance "C91TMPLT", status READY, has 1 handler(s) for this service...
The command completed successfully

1.3 SYSADM’s password is in upper case :
[oracle@psovmcrmdb ~]$ export ORACLE_SID=C91TMPLT
[oracle@psovmcrmdb ~]$ sqlplus sysadm/sysadm

SQL*Plus: Release 11.1.0.7.0 - Production on Sun Nov 21 02:27:44 2010

Copyright (c) 1982, 2008, Oracle.  All rights reserved.

ERROR:
ORA-01017: invalid username/password; logon denied

Enter user-name:
[oracle@psovmcrmdb ~]$ sqlplus sysadm/SYSADM

SQL*Plus: Release 11.1.0.7.0 - Production on Sun Nov 21 02:27:53 2010

Copyright (c) 1982, 2008, Oracle.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

SQL>

1.4 Language installed is only English :
SQL> select language_cd from pslanguages where installed=1;

LANGUAGE_CD
------------
ENG

SQL>

1.5 The default profile of SYSADM and PEOPLE users expires password the 12-FEB-2011 :
SQL> select username,account_status,expiry_date,profile
  2  from   dba_users
  3* where username in ('PEOPLE','SYSADM')
SQL> /

USERNAME                       ACCOUNT_STATUS                   EXPIRY_DATE        PROFILE
------------------------------ -------------------------------- ------------------ ------------------------------
PEOPLE                         OPEN                             12-FEB-11          DEFAULT
SYSADM                         OPEN                             12-FEB-11          DEFAULT
You should change it to avoid future issues :
SQL> alter profile default limit
failed_login_attempts unlimited
password_life_time unlimited
password_lock_time unlimited
password_grace_time unlimited;

Profile altered.

SQL> select username,account_status,expiry_date,profile
from   dba_users
where username in ('PEOPLE','SYSADM');  

USERNAME                       ACCOUNT_STATUS                   EXPIRY_DATE        PROFILE
------------------------------ -------------------------------- ------------------ -----------PEOPLE                         OPEN                                                DEFAULT
SYSADM                         OPEN                                                DEFAULT

2. The App/Batch/PIA server
Select the VM and click on “Power On”
PSOVM_CRM91_036
Then on console (be fast otherwise it will be configured as DHCP that you certainly don’t want). 
PSOVM_CRM91_037
PSOVM_CRM91_038
PSOVM_CRM91_039
Give all what it needs, IP address and so on :
PSOVM_CRM91_043
If you select “y” to condifure App/Batch here above, everything will start automatically right now (not on future server boot, you’ll have to start it manually).
PSOVM_CRM91_045
Here, we can see an audit message with access denied. Despite that message, everything will be done successfully.
PSOVM_CRM91_046
And now configuration of the PIA.
PSOVM_CRM91_049
You can choose to setup report node during the VM creation as suggested :
PSOVM_CRM91_050
And at the end :
PSOVM_CRM91_051PSOVM_CRM91_052
Done, we get the login page as expected and successful connection : 
PSOVM_CRM91_054PSOVM_CRM91_055

If not done earlier, create a new report node :
PSOVM_CRM91_058
And add the report node to the server OVMDEMO :
PSOVM_CRM91_065
Everything should work and resports posted as well :
PSOVM_CRM91_067     

Now you have a full working CRM9.1 DEMO environment.

NOTE :
I was keeping the console opened on the VM during all the steps till the end, and notice the following messages :
PSOVM_CRM91_063
It was already there on the previous App/Batch templates (HCM9.1 and PS9.1), but it is not a show stopper.
The first line was coming when testing a sqlplus connection from the AppServer, the second when starting the domain…
And it is reproductible each time the server is rebooted.
From /var/log/messages we can see the lines :
Nov 21 08:47:09 psovmcrm kernel: audit(1290347229.280:3): avc:  denied  { execmod } for  pid=1466 comm="sqlplus" path="/opt/oracle/psft/pt/oracle-client/11.1.0.7-64bit/lib/libnnz11.so" dev=xvdb1 ino=2486 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
Nov 21 08:59:15 psovmcrm kernel: audit(1290347955.365:4): avc:  denied  { execmod } for  pid=1629 comm="PSAPPSRV" path="/opt/oracle/psft/pt/oracle-client/11.1.0.7-64bit/lib/libnnz11.so" dev=xvdb1 ino=2486 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:lib_t:s0 tclass=file
Nov 21 09:00:48 psovmcrm kernel: audit(1290348048.663:5): avc:  denied  { execmod } for  pid=1645 comm="PSANALYTICSRV" path="/opt/oracle/psft/pt/tools/bin/libcplex110.so" dev=xvdb1 ino=838585 scontext=root:system_r:unconfined_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
It is coming from SELinux security which is not turned off (note that it is already disable on the database server VM).

Again, everything works fine, but if you want to get rid off those messages, 2 solutions (choose one) :
1. If you are allowed to
turn off the SELinux.
[root@psovmcrm log]# more /etc/selinux/config|grep SELINUX=
# SELINUX= can take one of these three values:
SELINUX=permissive
Change it to :
[root@psovmcrm log]# more /etc/selinux/config|grep SELINUX=
# SELINUX= can take one of these three values:
#SELINUX=permissive
SELINUX=disabled
Reboot your server, and retry a sqlplus connection, restart the domain won’t harm anymore. And those error messages are just gone from the log file.
2. If you don’t want to disable SELinux.
a. As root (in /var/log) :
tail –f messages|tee oracle.log
b. Meanwhile, in an other session as psadm2, try a sqlplus connection onto the database and start the domain.
c. As root, stop the tail, and run :
audit2allow -M oracle < oracle.log
semodule -i oracle.pp
=> From now, no more the messages.

Nicolas.