DWP Catalog - User Group sync script doesn't work with SSL

Version 14
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    MyIT Service Broker


    APPLIES TO:

    Any SBE/DWP Catalog version with SSL enabled



    PROBLEM:

    We have enabled native SSL for Service Broker but when we run the user_group sync we see the following errors:

    Exception in thread "main" java.lang.StackOverflowError
    at sun.misc.URLClassPath.getLoader(URLClassPath.java:503)
    at sun.misc.URLClassPath.getNextLoader(URLClassPath.java:484)
    at sun.misc.URLClassPath.access$100(URLClassPath.java:65)
    at sun.misc.URLClassPath$1.next(URLClassPath.java:266)
    at sun.misc.URLClassPath$1.hasMoreElements(URLClassPath.java:277)
    at java.net.URLClassLoader$3$1.run(URLClassLoader.java:601)
    at java.net.URLClassLoader$3$1.run(URLClassLoader.java:599)
     at java.security.AccessController.doPrivileged(Native Method)
    at java.net.URLClassLoader$3.next(URLClassLoader.java:598)
    at java.net.URLClassLoader$3.hasMoreElements(URLClassLoader.java:623)
    at sun.misc.CompoundEnumeration.next(CompoundEnumeration.java:45)
     at com.bmc.myservice.tools.util.WebClient.loginWhenNecessary(WebClient.java:80)
    at com.bmc.myservice.tools.util.WebClient.loginWhenNecessary(WebClient.java:80


    CAUSE:

    Script does not have the SSL parameters that are required for this task. You need to add them.


    SOLUTION:

    FROM DWP 20.02 and beyond
     

     

      

    If DWP Catalog is configured to run on http, you will need to add these parameters in the shell script:

      

    -sb_proto https
    -ts_path <keystore location>
    -ts_password <keystore password>

    Example

    -sb_proto https
    -ts_path=
    /opt/certs/catalog.jks
    -ts_password=keystore pass

    ./user_group_sync.sh -itsm_s clm-aus-tv1iak.bmc.com -itsm_u Demo -itsm_p bmcAdm1n -itsm_a 0 -sb_s dwpcatalog-americas.bmc.com -sb_u hannah_admin@bmc.com -sb_p password -sb_a 9988 -sb_aw 8443 -sb_proto https -ts_path=/opt/certs/catalog.jks -ts_password=keystore pass -date_file /src/data.time -lock_file /src/sb.lock -sb_group_creation none -skip_disabled true >> /var/log/sb_user_sync.log




     

      

     

      
    BEFORE DWP 20.02

    In order for the script to run on an SSL SB Server, you must use the attached updated   user_group_synch script & JAR file 
       
      NOTE: You don't nee the jar file on 3.5 and beyond.  File is located at:  
      /opt/bmc/digitalworkplace/artools/com.bmc.myservice.tools-1.0.00-SNAPSHOT.jar
      
    1. Please backup the current files then extract both of them into the "  /opt/bmc/ARSystem/artools" directory (replacing the old files) 
    2. Edit the   user_group_sync script to include the extract below with your own JRE path   -if needed- in addition to the   keystore path &   password as highlighted below: 

     /opt/jdk1.8.0_121/bin/java -cp dependency/*:com.bmc.myservice.tools-1.0.00-SNAPSHOT.jar -Dsb_base_url="https://$sb_server:$sb_web_port/" -Dtenant_admin_user="$sb_user" -Dtenant_admin_password=$sb_password -Dgroup_format="$group_format" -Dinput_file=People.arx -Djavax.net.ssl.trustStore=/opt/bmc/ARSystem/jetty/etc/keystore -Djavax.net.ssl.trustStorePassword=changeit -Duser_input_file=User.arx com.bmc.myservice.tools.etl.Main

    i.e.
    - Breaking original  user_group_synch into lines   
        
      
      /usr/java/jre1.8.0_181-amd64/bin/java  
    -cp dependency/*:com.bmc.myservice.tools-1.0.00-SNAPSHOT.jar  
    -Dsb_base_url="$sb_web_proto://$sb_server:$sb_web_port/"  
    -Dtenant_admin_user="$sb_user"  
    -Dtenant_admin_password=$sb_password  
    -Dgroup_format="$group_format"  
    -Dinput_file=People.arxt  
    -Duser_input_file=User.arx -Dskip_disabled="$skip_disabled" com.bmc.myservice.tools.etl.Main 
      
       
       You only need to add and edit the things in red, mentioned in the KA, which are these two lines:

    -Djavax.net.ssl.trustStore=/opt/bmc/ARSystem/jetty/etc/keystore
    -Djavax.net.ssl.trustStorePassword=changeit


    So, it looks like this.
      
      /usr/java/jre1.8.0_181-amd64/bin/java
    -cp dependency/*:com.bmc.myservice.tools-1.0.00-SNAPSHOT.jar
    -Dsb_base_url="$sb_web_proto://$sb_server:$sb_web_port/"
    -Dtenant_admin_user="$sb_user"
    -Dtenant_admin_password=$sb_password
    -Dgroup_format="$group_format"
    -Dinput_file=People.arx
    -Djavax.net.ssl.trustStore=/opt/bmc/ARSystem/jetty/etc/keystore
    -Djavax.net.ssl.trustStorePassword=changeit

    -Duser_input_file=User.arx -Dskip_disabled="$skip_disabled" com.bmc.myservice.tools.etl.Main
        
    -Put all of this on a single line

    -Do these edits, save and close.
    -Try again.


    NOTE: To know what the actual java version being used is (if no symbolic links are in place). The one having + will be the one that is being used. 

    Run:
       
      alternatives --config java

    Selection    Command
    -----------------------------------------------
       1           java-1.7.0-openjdk.x86_64 (/usr/lib/jvm/java-1.7.0-openjdk-1.7.0.201-2.6.16.1.el7_6.x86_64/jre/bin/java)
    *  2           java-1.8.0-openjdk.x86_64 (/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.201.b09-0.el7_6.x86_64/jre/bin/java)
     + 3           /usr/java/jre1.8.0_181-amd64/bin/java   ---THIS ONE
     
     
      
      
      3. Once this has been don   e run the script as per the following instructions: 
      
        
         
     
      NOTE: Depending on the volume of records the script may take a long period of time to complete.  
    Security has changed with Service Broker 3.3 patch 1 so you must also log in as Demo and tick "Cross Reference Blank Password"  
     
      User-added image

     


    Article Number:

    000133376


    Article Type:

    Solutions to a Product Problem



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles