8 Replies Latest reply on Nov 30, 2012 10:52 AM by Richard De Vries

    How to configure failover to an Access Manager member

    Uthaman Kapadan Puthanveetil
      Share This:

      I configured the Repo context.xml as following:

       

      <Environment name="com.bmc.security.databasename.URI" override="true" type="java.lang.String" value="failover://(ssl://hostname1:61616?connectionTimeout=10000&keepAlive=true,ssl://hostname2:61616?connectionTimeout=10000&keepAlive=true)?randomize=false" />

       

      Both these Access managers are configured to an external data base(databasename)

      But the CDP fails to start. I see the following error in the grid .log:

       

      Summary: Startup failed.

      Caused by:

      Summary:

      Detail: A valid Access Manager URI was not available from the Repository at http://hostname:18081/baorepo/http.

       

      A solution to this issue will be highly apreciated.

       

       

        • 1. Re: How to configure failover to an Access Manager member
          Richard De Vries

          What version is this?

           

          For 7.6.02.05, it should look as follows:

           

            <Environment name="com.bmc.security.am.URI" override="true" type="java.lang.String" value="failover://(ssl:/server1.mydomain.org:61616?connectionTimeout=10000&amp;keepAlive=true,ssl://server2.mydomain.org:61616?connectionTimeout=10000&amp;keepAlive=true)?randomize=false"/>

          • 2. Re: How to configure failover to an Access Manager member
            Uthaman Kapadan Puthanveetil

            The Version is 7 6. 02.04

            In the Envvironment name, com.bmc.security.am.URI, am should be data base name where we configure the Access manager external data base, right?

            • 3. Re: How to configure failover to an Access Manager member
              Richard De Vries

              Do you have AM/REPO in one install or in two?

               

              The database used by AM is configured in the context.xml of the Access Manager. The snippet I sent you above is what needs to be in your repository's context.xml

               

              For further illustration, this is how I have the DB configured (MS SQL) in my AM's conext.xml:

               

                <Environment name="com.bmc.security.am.HIBERNATE_DIALECT" override="true" type="java.lang.String" value="org.hibernate.dialect.SQLServerDialect"/>

                <Environment name="com.bmc.security.am.DATASOURCE_DRIVER_CLASS" override="true" type="java.lang.String" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>

                <Environment name="com.bmc.security.am.DATASOURCE_JDBC_URL" override="true" type="java.lang.String" value="jdbc:sqlserver://DBSERVER:1433;databaseName=AM-DB-Name"/>

                <Environment name="com.bmc.security.am.DATASOURCE_USERNAME" override="true" type="java.lang.String" value="secretusername"/>

                <Environment name="com.bmc.security.am.DATASOURCE_PASSWORD" override="true" type="java.lang.String" value="secretpassword"/>

              • 4. Re: How to configure failover to an Access Manager member
                Uthaman Kapadan Puthanveetil

                I have seperate AM and REPO install.

                As you said, The AM external data base configuration is in AM context.xml. And the AM fail over config is in Repo context.xml.

                I have verified the data base configuration. Its mapped correctly.

                The only issue seems to be in the repo context xml configuration. The document says: <Environment name="com.bmc.security.databsename.URI, where the database name is the AM external database.

                • 5. Re: How to configure failover to an Access Manager member
                  Richard De Vries

                  Ignore what the documentation says. Use what I provided you

                   

                  <Environment name="com.bmc.security.am.URI" override="true" type="java.lang.String" value="failover://(ssl:/server1.mydomain.org:61616?connectionTimeout=10000&amp;keepAlive=true,ssl://server2.mydomain.org:61616?connectionTimeout=10000&amp;keepAlive=true)?randomize=false"/>

                   

                  I have a clustered AM and Repo here myself and this configuration works in my HA environment. (7.6.02.05)

                   

                  If anything; make a backup of Repo's context.xml and give it a shot! I am 100% certain it will work.

                   

                       R

                  • 6. Re: How to configure failover to an Access Manager member
                    Richard De Vries

                    Btw; I am not sure what documentation you are refering to, but I just had a look at the latest online documentation, and its instructions echo the instructions I sent you. So you must be looking at an old document of sorts.

                     

                    See:

                     

                    https://docs.bmc.com/docs/display/public/baop76/Configuring+Access+Manager+for+high+availability

                     

                    To configure failover to an Access Manager member

                    1. In the repository's installationDirectory/tomcat/conf directory, locate the context.xml file, and open it in a text editor.

                    2. Edit the com.bmc.security.am.URI context item by adding a list of failover Access Manager URIs.

                      The value of the context item is an ordered list of composite URIs, each representing an Access Manager connection. Use commas to separate Access Manager URIs, and ensure that you do not insert a space with the commas. To ensure that the CDP honors the specified order of Access Manager URIs, you must set the failover randomizeproperty to false, as in the following example:

                       

                      <Environment name="com.bmc.security.am.URI" override="true"type="java.lang.String" value="failover://(ssl://172.21.126.115:61616?connectionTimeout=10000&amp;keepAlive=true,ssl://172.21.126.115:52616?connectionTimeout=10000&amp;keepAlive=true,ssl://172.21.126.115:35616?connectionTimeout=10000&amp;keepAlive=true)?randomize=false"/>

                       

                      Note
                      If the active URI in the list becomes unavailable, the CDP keeps trying to reconnect to a different URI until if finds an available Access Manager.
                    3. Start the repository and CDP.
                    • 7. Re: How to configure failover to an Access Manager member
                      Uthaman Kapadan Puthanveetil

                      I tried with what you proovided. Still the same error.Do you remember any other setings that needs to be done?

                      • 8. Re: How to configure failover to an Access Manager member
                        Richard De Vries

                        to further troubleshoot; I will need to see some of your configuration files. let's take this offline. see my private message.