Golden Gate encryption keys
Hi
Version: Oracle GoldenGate V10.4.0
I'm new in Golden Gate replication.
I've got one task that requires protection of the encryption keys that were created by keygen command (example $ ./keygen 128 4) ? The encyption keys are located in the file ENCKEYS.
Is there any procedure to protect the keys on the server?
Thanks
Mike
http://oracle-base.com/forums/viewtopic.php?f=1&t=14491#wrap
Only way I know is to chmod 600.
Similar Messages
-
Unable to start the golden gate director service
I installed the golden gate director on my PC. after the installation, each time I tried to start the service I had the following error in the log:
####<Mar 14, 2015 11:47:04 PM EDT> <Info> <Security> <Doreus-PC> <> <main> <> <> <> <1426391224856> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
####<Mar 14, 2015 11:47:05 PM EDT> <Info> <Security> <Doreus-PC> <> <main> <> <> <> <1426391225277> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
####<Mar 14, 2015 11:47:07 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <> <Thread-4> <> <> <> <1426391227149> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Server VM Version 24.51-b03 from Oracle Corporation.>
####<Mar 14, 2015 11:47:08 PM EDT> <Info> <Management> <Doreus-PC> <> <Thread-3> <> <> <> <1426391228725> <BEA-141107> <Version: WebLogic Server 12.1.3.0.0 Wed May 21 18:53:34 PDT 2014 1604337 >
####<Mar 14, 2015 11:47:24 PM EDT> <Notice> <WebLogicServer> <Doreus-PC> <> <Thread-3> <> <> <> <1426391244045> <BEA-000365> <Server state changed to STARTING.>
####<Mar 14, 2015 11:47:24 PM EDT> <Info> <WorkManager> <Doreus-PC> <> <Thread-3> <> <> <> <1426391244076> <BEA-002900> <Initializing self-tuning thread pool.>
####<Mar 14, 2015 11:47:24 PM EDT> <Info> <WorkManager> <Doreus-PC> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1426391244201> <BEA-002942> <CMM memory level becomes 0. Setting standby thread pool size to 256.>
####<Mar 14, 2015 11:47:24 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <> <Thread-3> <> <> <> <1426391244295> <BEA-000214> <WebLogic Server "localhost" version:
WebLogic Server 12.1.3.0.0 Wed May 21 18:53:34 PDT 2014 1604337 Copyright (c) 1995,2014, Oracle and/or its affiliates. All rights reserved.>
####<Mar 14, 2015 11:47:28 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391248990> <BEA-002622> <The protocol "t3" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "t3s" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "http" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "https" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "iiop" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "iiops" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "ldap" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249006> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249021> <BEA-002622> <The protocol "cluster" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249021> <BEA-002622> <The protocol "clusters" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249021> <BEA-002622> <The protocol "snmp" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249037> <BEA-002622> <The protocol "admin" is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-6> <> <> <> <1426391249037> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <RJVM> <Doreus-PC> <> <Thread-4> <> <> <> <1426391249068> <BEA-000570> <Network Configuration for Channel "localhost"
Listen Address :7001
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true ResolveDNSName Enabled false>
####<Mar 14, 2015 11:47:29 PM EDT> <Debug> <RJVM> <Doreus-PC> <> <Thread-4> <> <> <> <1426391249068> <BEA-000571> <Network Configuration Detail for Channel "localhost"
Channel Weight 50
Accept Backlog 300
Login Timeout 5000ms
Max Message Size 10000000
Message Timeout 60s
Idle Timeout 65s
Tunneling Timeout 40s
Tunneling Ping 45s>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-4> <> <> <> <1426391249162> <BEA-002609> <Channel Service initialized.>
####<Mar 14, 2015 11:47:29 PM EDT> <Notice> <Log Management> <Doreus-PC> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1426391249677> <BEA-170019> <The server log file C:\Program Files\GG_Directorgg-director\domain\servers\localhost\logs\localhost.log is opened. All server side log events will be written to this file.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Log Management> <Doreus-PC> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1426391249708> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Mar 14, 2015 11:47:29 PM EDT> <Info> <Log Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391249770> <BEA-170025> <Initialized Domain Logging. Domain log events will be written to C:\Program Files\GG_Directorgg-director\domain\servers\localhost\logs/domain.log.>
####<Mar 14, 2015 11:47:30 PM EDT> <Info> <IIOP> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391250113> <BEA-002014> <IIOP subsystem enabled.>
####<Mar 14, 2015 11:47:30 PM EDT> <Info> <Diagnostics> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391250145> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Mar 14, 2015 11:47:31 PM EDT> <Info> <Store> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391251252> <BEA-280008> <Opening the persistent file store "WLS_DIAGNOSTICS" for recovery: directory=C:\Program Files\GG_Directorgg-director\domain\servers\localhost\data\store\diagnostics requestedWritePolicy="Disabled" fileLockingEnabled=true driver="wlfileio3".>
####<Mar 14, 2015 11:47:31 PM EDT> <Info> <Store> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391251268> <BEA-280009> <The persistent file store "WLS_DIAGNOSTICS" (8822e5ed-c5e8-462b-8828-54a740159ca9) has been opened: blockSize=512 actualWritePolicy="Disabled(single-handle-non-direct)" explicitIOEnforced=false records=0.>
####<Mar 14, 2015 11:47:31 PM EDT> <Info> <Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391251673> <BEA-141278> <Java entropy configuration is: System property "java.security.egd= null"; JRE's java.security file property "securerandom.source= file:/dev/urandom"; Blocking Config= false; JDK version= 1.7.0_51; Operating System= Windows 7.>
####<Mar 14, 2015 11:47:31 PM EDT> <Info> <Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391251673> <BEA-141280> <Detected NON-BLOCKING java entropy configuration. This setting will provide the best performance on machines with few sources of entropy, but is less secure than a blocking entropy configuration.>
####<Mar 14, 2015 11:47:31 PM EDT> <Info> <Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391251673> <BEA-141187> <Java system properties are defined as follows:
awt.toolkit = sun.awt.windows.WToolkit
file.encoding = Cp1252
file.encoding.pkg = sun.io
file.separator = \
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.awt.printerjob = sun.awt.windows.WPrinterJob
java.class.path = ;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\lib\tools.jar;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\net.sf.antcontrib_1.1.0.0_1-0b3\lib\ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\modules\features\oracle.wls.common.nodemanager_2.0.0.0.jar;;;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\xqrl.jar;;C:\PROGRA~1\GG_DIR~1\domain\\config;log4j.properties;;./;
java.class.version = 51.0
java.endorsed.dirs = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\endorsed;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed
java.ext.dirs = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\ext;C:\windows\Sun\Java\lib\ext
java.home = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre
java.io.tmpdir = C:\Users\Doreus\AppData\Local\Temp\
java.library.path = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\bin;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\org.apache.ant_1.9.2\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\modules\ORGAPA~1.2\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\app\Doreus\product\112~1.0\dbhome_1\BIN;C:\app\Doreus\product\112~1.0\grid\BIN;C:\PROGRA~2\COMMON~1\NETSAR~1;C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1;C:\PROGRA~2\COMMON~1\MICROS~1\WINDOW~1;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WINDOW~1\v1.0\;C:\PROGRA~2\WIC4A1~1\Shared;C:\PROGRA~2\ATITEC~1\ATI.ACE\CORE-S~1;C:\devlop\APACHE~1.5\bin;C:\PROGRA~2\QUICKT~1\QTSystem\;C:\PROGRA~1\Java\JDK17~1.0_7\bin;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32\oci920_8;.
java.naming.factory.initial = weblogic.jndi.WLInitialContextFactory
java.naming.factory.url.pkgs = weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi.factories:weblogic.corba.j2ee.naming.url
java.runtime.name = Java(TM) SE Runtime Environment
java.runtime.version = 1.7.0_51-b13
java.security.policy = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\weblogic.policy
java.specification.name = Java Platform API Specification
java.specification.vendor = Oracle Corporation
java.specification.version = 1.7
java.vendor = Oracle Corporation
java.vendor.url = http://java.oracle.com/
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
java.version = 1.7.0_51
java.vm.info = mixed mode
java.vm.name = Java HotSpot(TM) Server VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Oracle Corporation
java.vm.specification.version = 1.7
java.vm.vendor = Oracle Corporation
java.vm.version = 24.51-b03
javax.management.builder.initial = weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder
javax.rmi.CORBA.PortableRemoteObjectClass = weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass = weblogic.iiop.UtilDelegateImpl
log4j.configuration = log4j.properties
org.omg.CORBA.ORBClass = weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass = weblogic.corba.orb.ORB
os.arch = x86
os.name = Windows 7
os.version = 6.1
path.separator = ;
platform.home = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver
sun.arch.data.model = 32
sun.boot.class.path = C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed\javax-xml-bind.jar;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed\javax-xml-ws.jar;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed\jsr250-api.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\resources.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\rt.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\sunrsasign.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\jsse.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\jce.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\charsets.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\jfr.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\classes
sun.boot.library.path = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin
sun.cpu.endian = little
sun.desktop = windows
sun.io.unicode.encoding = UnicodeLittle
sun.java.command = weblogic.Server
sun.java.launcher = SUN_STANDARD
sun.jnu.encoding = Cp1252
sun.management.compiler = HotSpot Tiered Compilers
sun.os.patch.level = Service Pack 1
user.country = US
user.dir = C:\Program Files\GG_Directorgg-director\domain
user.home = C:\Users\Doreus
user.language = en
user.name = Doreus
user.timezone = America/New_York
vde.home = C:\Program Files\GG_Directorgg-director\domain\servers\localhost\data\ldap
weblogic.Name = localhost
weblogic.home = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server
weblogic.management.discover = true
wls.home = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server
.>
####<Mar 14, 2015 11:47:32 PM EDT> <Info> <Socket> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391252322> <BEA-000436> <Allocating 3 reader threads.>
####<Mar 14, 2015 11:47:32 PM EDT> <Info> <Socket> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391252400> <BEA-000446> <Native I/O enabled.>
####<Mar 14, 2015 11:47:32 PM EDT> <Info> <XML> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391252432> <BEA-130036> <Initializing XMLRegistry>
####<Mar 14, 2015 11:47:34 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391254072> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Mar 14, 2015 11:47:34 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391254852> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_JcbGU+osORALn21oxofI6LlSjKM=>
####<Mar 14, 2015 11:47:37 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391257800> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find C:\Program Files\GG_Directorgg-director\domain\servers\localhost\data\ldap\XACMLRoleMapperggRealmInit.initialized, will load full LDIFT.>
####<Mar 14, 2015 11:47:37 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391257831> <BEA-090074> <Initializing RoleMapper provider using LDIF template file C:\Program Files\GG_Directorgg-director\domain\security\XACMLRoleMapperInit.ldift.>
####<Mar 14, 2015 11:47:38 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391258596> <BEA-090075> <The RoleMapper provider has had its LDIF information loaded from: C:\Program Files\GG_Directorgg-director\domain\security\XACMLRoleMapperInit.ldift>
####<Mar 14, 2015 11:47:39 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391259532> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find C:\Program Files\GG_Directorgg-director\domain\servers\localhost\data\ldap\XACMLAuthorizerggRealmInit.initialized, will load full LDIFT.>
####<Mar 14, 2015 11:47:39 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391259532> <BEA-090074> <Initializing Authorizer provider using LDIF template file C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\XACMLAuthorizerInit.ldift.>
####<Mar 14, 2015 11:47:39 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391259890> <BEA-090075> <The Authorizer provider has had its LDIF information loaded from: C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\XACMLAuthorizerInit.ldift>
####<Mar 14, 2015 11:47:40 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391260702> <BEA-000000> <BootStrapServiceImpl.loadLDIFTemplate - Did not find C:\Program Files\GG_Directorgg-director\domain\servers\localhost\data\ldap\DefaultCredentialMapperggRealmInit.initialized, will load full LDIFT.>
####<Mar 14, 2015 11:47:40 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391260702> <BEA-090827> <LDIF template file C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\DefaultCredentialMapperInit.ldift was empty. The WebLogic provider CredentialMapper has been bootstrapped but has not been initialized with any LDIF data.>
####<Mar 14, 2015 11:47:41 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391261029> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server localhost for security realm ggRealm.>
####<Mar 14, 2015 11:47:41 PM EDT> <Notice> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391261029> <BEA-090082> <Security initializing using security realm ggRealm.>
####<Mar 14, 2015 11:47:41 PM EDT> <Critical> <Security> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391261326> <BEA-090402> <Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
####<Mar 14, 2015 11:47:41 PM EDT> <Critical> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426391261388> <BEA-000386> <Server subsystem failed. Reason: A MultiException has 8 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.rmi.cluster.RemoteBinderFactoryService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.rmi.cluster.RemoteBinderFactoryService
7. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.cluster.ClusterServiceActivator errors were found
8. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.cluster.ClusterServiceActivator
A MultiException has 8 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.rmi.cluster.RemoteBinderFactoryService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.rmi.cluster.RemoteBinderFactoryService
7. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.cluster.ClusterServiceActivator errors were found
8. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.cluster.ClusterServiceActivator
at org.jvnet.hk2.internal.Collector.throwIfErrors(Collector.java:88)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:269)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Caused By: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1017)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.postInitialize(CommonSecurityServiceManagerDelegateImpl.java:1131)
at weblogic.security.service.SecurityServiceManager.postInitialize(SecurityServiceManager.java:943)
at weblogic.security.SecurityService.start(SecurityService.java:159)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:78)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1017)
at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:388)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:430)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.login(DBMSAtnLoginModuleImpl.java:284)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)
at com.sun.proxy.$Proxy32.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)
at com.sun.proxy.$Proxy52.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:342)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:987)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.postInitialize(CommonSecurityServiceManagerDelegateImpl.java:1131)
at weblogic.security.service.SecurityServiceManager.postInitialize(SecurityServiceManager.java:943)
at weblogic.security.SecurityService.start(SecurityService.java:159)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:78)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1017)
at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:388)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:430)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
>
####<Mar 14, 2015 11:47:41 PM EDT> <Notice> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426391261513> <BEA-000365> <Server state changed to FAILED.>
####<Mar 14, 2015 11:47:41 PM EDT> <Error> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426391261513> <BEA-000383> <A critical service failed. The server will shut itself down.>
####<Mar 14, 2015 11:47:41 PM EDT> <Notice> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426391261528> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
####<Mar 14, 2015 11:47:41 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426391261528> <BEA-000236> <Stopping execute threads.>
####<Mar 14, 2015 11:47:41 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426391261528> <BEA-000238> <Shutdown has completed.>
I followed the process indicate in the link ORACLE-BASE - Reset the AdminServer Password in WebLogic 11g and 12c unfortunately I still have the same error.
can somebody help me please.
Thank youHi,
I follow all the steps Recover WebLogic admin password - weblogicexpert to reet the password the user weblogic and edit the boot.properties I still cannot start the weblogic service.
here are the commands:
1- java weblogic.security.utils.AdminAccount weblogic password123 .
in my boot.properties I have
username=weblogic
password=welcome1
I still have:
####<Mar 17, 2015 2:06:45 PM EDT> <Info> <Security> <Doreus-PC> <> <main> <> <> <> <1426615605777> <BEA-090905> <Disabling the CryptoJ JCE Provider self-integrity check for better startup performance. To enable this check, specify -Dweblogic.security.allowCryptoJDefaultJCEVerification=true.>
####<Mar 17, 2015 2:06:46 PM EDT> <Info> <Security> <Doreus-PC> <> <main> <> <> <> <1426615606198> <BEA-090906> <Changing the default Random Number Generator in RSA CryptoJ from ECDRBG128 to FIPS186PRNG. To disable this change, specify -Dweblogic.security.allowCryptoJDefaultPRNG=true.>
####<Mar 17, 2015 2:06:48 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <> <Thread-4> <> <> <> <1426615608148> <BEA-000377> <Starting WebLogic Server with Java HotSpot(TM) Server VM Version 24.51-b03 from Oracle Corporation.>
####<Mar 17, 2015 2:06:50 PM EDT> <Info> <Management> <Doreus-PC> <> <Thread-4> <> <> <> <1426615610473> <BEA-141107> <Version: WebLogic Server 12.1.3.0.0 Wed May 21 18:53:34 PDT 2014 1604337 >
####<Mar 17, 2015 2:07:06 PM EDT> <Notice> <WebLogicServer> <Doreus-PC> <> <Thread-5> <> <> <> <1426615626447> <BEA-000365> <Server state changed to STARTING.>
####<Mar 17, 2015 2:07:06 PM EDT> <Info> <WorkManager> <Doreus-PC> <> <Thread-5> <> <> <> <1426615626494> <BEA-002900> <Initializing self-tuning thread pool.>
####<Mar 17, 2015 2:07:06 PM EDT> <Info> <WorkManager> <Doreus-PC> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1426615626666> <BEA-002942> <CMM memory level becomes 0. Setting standby thread pool size to 256.>
####<Mar 17, 2015 2:07:06 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <> <Thread-5> <> <> <> <1426615626744> <BEA-000214> <WebLogic Server "localhost" version:
WebLogic Server 12.1.3.0.0 Wed May 21 18:53:34 PDT 2014 1604337 Copyright (c) 1995,2014, Oracle and/or its affiliates. All rights reserved.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "t3" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "t3s" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "http" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "https" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "iiop" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "iiops" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "ldap" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631300> <BEA-002622> <The protocol "ldaps" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631315> <BEA-002622> <The protocol "cluster" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631315> <BEA-002622> <The protocol "clusters" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631331> <BEA-002622> <The protocol "snmp" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631331> <BEA-002622> <The protocol "admin" is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-5> <> <> <> <1426615631331> <BEA-002624> <The administration protocol is "t3s" and is now configured.>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <RJVM> <Doreus-PC> <> <Thread-7> <> <> <> <1426615631362> <BEA-000570> <Network Configuration for Channel "localhost"
Listen Address :7004
Public Address N/A
Http Enabled true
Tunneling Enabled false
Outbound Enabled false
Admin Traffic Enabled true ResolveDNSName Enabled false>
####<Mar 17, 2015 2:07:11 PM EDT> <Debug> <RJVM> <Doreus-PC> <> <Thread-7> <> <> <> <1426615631362> <BEA-000571> <Network Configuration Detail for Channel "localhost"
Channel Weight 50
Accept Backlog 300
Login Timeout 5000ms
Max Message Size 10000000
Message Timeout 60s
Idle Timeout 65s
Tunneling Timeout 40s
Tunneling Ping 45s>
####<Mar 17, 2015 2:07:11 PM EDT> <Info> <Server> <Doreus-PC> <> <Thread-7> <> <> <> <1426615631471> <BEA-002609> <Channel Service initialized.>
####<Mar 17, 2015 2:07:12 PM EDT> <Notice> <Log Management> <Doreus-PC> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1426615632002> <BEA-170019> <The server log file C:\Oracle\Middleware\Oracle_Home\user_projects\GG_Directorgg-director\domain\servers\localhost\logs\localhost.log is opened. All server side log events will be written to this file.>
####<Mar 17, 2015 2:07:12 PM EDT> <Info> <Log Management> <Doreus-PC> <> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <> <> <> <1426615632049> <BEA-170023> <The Server Logging is initialized with Java Logging API implementation.>
####<Mar 17, 2015 2:07:12 PM EDT> <Info> <Log Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615632220> <BEA-170025> <Initialized Domain Logging. Domain log events will be written to C:\Oracle\Middleware\Oracle_Home\user_projects\GG_Directorgg-director\domain\servers\localhost\logs/domain.log.>
####<Mar 17, 2015 2:07:12 PM EDT> <Info> <Diagnostics> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615632548> <BEA-320001> <The ServerDebug service initialized successfully.>
####<Mar 17, 2015 2:07:12 PM EDT> <Info> <IIOP> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615632704> <BEA-002014> <IIOP subsystem enabled.>
####<Mar 17, 2015 2:07:13 PM EDT> <Info> <Store> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615633702> <BEA-280008> <Opening the persistent file store "WLS_DIAGNOSTICS" for recovery: directory=C:\Oracle\Middleware\Oracle_Home\user_projects\GG_Directorgg-director\domain\servers\localhost\data\store\diagnostics requestedWritePolicy="Disabled" fileLockingEnabled=true driver="wlfileio3".>
####<Mar 17, 2015 2:07:13 PM EDT> <Info> <Store> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '1' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615633733> <BEA-280009> <The persistent file store "WLS_DIAGNOSTICS" (569e8065-ecbe-4388-8e3d-65fbc8d3bc75) has been opened: blockSize=512 actualWritePolicy="Disabled(single-handle-non-direct)" explicitIOEnforced=false records=0.>
####<Mar 17, 2015 2:07:14 PM EDT> <Info> <Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615634123> <BEA-141278> <Java entropy configuration is: System property "java.security.egd= null"; JRE's java.security file property "securerandom.source= file:/dev/urandom"; Blocking Config= false; JDK version= 1.7.0_51; Operating System= Windows 7.>
####<Mar 17, 2015 2:07:14 PM EDT> <Info> <Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615634123> <BEA-141280> <Detected NON-BLOCKING java entropy configuration. This setting will provide the best performance on machines with few sources of entropy, but is less secure than a blocking entropy configuration.>
####<Mar 17, 2015 2:07:14 PM EDT> <Info> <Management> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615634139> <BEA-141187> <Java system properties are defined as follows:
awt.toolkit = sun.awt.windows.WToolkit
file.encoding = Cp1252
file.encoding.pkg = sun.io
file.separator = \
java.awt.graphicsenv = sun.awt.Win32GraphicsEnvironment
java.awt.printerjob = sun.awt.windows.WPrinterJob
java.class.path = ;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\lib\tools.jar;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\weblogic_sp.jar;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\weblogic.jar;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\net.sf.antcontrib_1.1.0.0_1-0b3\lib\ant-contrib.jar;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\modules\features\oracle.wls.common.nodemanager_2.0.0.0.jar;;;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\xqrl.jar;;C:\Oracle\MIDDLE~1\ORACLE~1\USER_P~1\GG_DIR~1\domain\\config;log4j.properties;;./;
java.class.version = 51.0
java.endorsed.dirs = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\endorsed;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed
java.ext.dirs = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\ext;C:\windows\Sun\Java\lib\ext
java.home = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre
java.io.tmpdir = C:\Users\Doreus\AppData\Local\Temp\
java.library.path = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\windows\Sun\Java\bin;C:\windows\system32;C:\windows;;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\bin;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\org.apache.ant_1.9.2\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\modules\ORGAPA~1.2\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\modules\ORGAPA~1.2\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\bin;C:\PROGRA~3\Oracle\Java\javapath;C:\app\Doreus\product\112~1.0\dbhome_1\BIN;C:\app\Doreus\product\112~1.0\grid\BIN;C:\PROGRA~2\COMMON~1\NETSAR~1;C:\PROGRA~1\COMMON~1\MICROS~1\WINDOW~1;C:\PROGRA~2\COMMON~1\MICROS~1\WINDOW~1;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\WINDOW~1\v1.0\;C:\PROGRA~2\WIC4A1~1\Shared;C:\PROGRA~2\ATITEC~1\ATI.ACE\CORE-S~1;C:\devlop\APACHE~1.5\bin;C:\PROGRA~2\QUICKT~1\QTSystem\;C:\PROGRA~1\Java\JDK17~1.0_7\bin;C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\native\win\32\oci920_8;.
java.naming.factory.initial = weblogic.jndi.WLInitialContextFactory
java.naming.factory.url.pkgs = weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi.factories:weblogic.corba.j2ee.naming.url
java.runtime.name = Java(TM) SE Runtime Environment
java.runtime.version = 1.7.0_51-b13
java.security.policy = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server\lib\weblogic.policy
java.specification.name = Java Platform API Specification
java.specification.vendor = Oracle Corporation
java.specification.version = 1.7
java.vendor = Oracle Corporation
java.vendor.url = http://java.oracle.com/
java.vendor.url.bug = http://bugreport.sun.com/bugreport/
java.version = 1.7.0_51
java.vm.info = mixed mode
java.vm.name = Java HotSpot(TM) Server VM
java.vm.specification.name = Java Virtual Machine Specification
java.vm.specification.vendor = Oracle Corporation
java.vm.specification.version = 1.7
java.vm.vendor = Oracle Corporation
java.vm.version = 24.51-b03
javax.management.builder.initial = weblogic.management.jmx.mbeanserver.WLSMBeanServerBuilder
javax.rmi.CORBA.PortableRemoteObjectClass = weblogic.iiop.PortableRemoteObjectDelegateImpl
javax.rmi.CORBA.UtilClass = weblogic.iiop.UtilDelegateImpl
log4j.configuration = log4j.properties
org.omg.CORBA.ORBClass = weblogic.corba.orb.ORB
org.omg.CORBA.ORBSingletonClass = weblogic.corba.orb.ORB
os.arch = x86
os.name = Windows 7
os.version = 6.1
path.separator = ;
platform.home = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver
sun.arch.data.model = 32
sun.boot.class.path = C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed\javax-xml-bind.jar;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed\javax-xml-ws.jar;C:\Oracle\MIDDLE~1\ORACLE~1\oracle_common\modules\endorsed\jsr250-api.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\resources.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\rt.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\sunrsasign.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\jsse.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\jce.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\charsets.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\lib\jfr.jar;C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\classes
sun.boot.library.path = C:\Oracle\MIDDLE~1\ORACLE~1\ORACLE~1\jdk\jre\bin
sun.cpu.endian = little
sun.desktop = windows
sun.io.unicode.encoding = UnicodeLittle
sun.java.command = weblogic.Server
sun.java.launcher = SUN_STANDARD
sun.jnu.encoding = Cp1252
sun.management.compiler = HotSpot Tiered Compilers
sun.os.patch.level = Service Pack 1
user.country = US
user.dir = C:\Oracle\Middleware\Oracle_Home\user_projects\GG_Directorgg-director\domain
user.home = C:\Users\Doreus
user.language = en
user.name = Doreus
user.timezone = America/New_York
vde.home = C:\Oracle\Middleware\Oracle_Home\user_projects\GG_Directorgg-director\domain\servers\localhost\data\ldap
weblogic.Name = localhost
weblogic.home = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server
weblogic.management.discover = true
wls.home = C:\Oracle\MIDDLE~1\ORACLE~1\wlserver\server
.>
####<Mar 17, 2015 2:07:14 PM EDT> <Info> <XML> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615634689> <BEA-130036> <Initializing XMLRegistry>
####<Mar 17, 2015 2:07:14 PM EDT> <Info> <Socket> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615634752> <BEA-000436> <Allocating 3 reader threads.>
####<Mar 17, 2015 2:07:14 PM EDT> <Info> <Socket> <Doreus-PC> <localhost> <[STANDBY] ExecuteThread: '3' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615634799> <BEA-000446> <Native I/O enabled.>
####<Mar 17, 2015 2:07:16 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615636702> <BEA-000000> <Starting OpenJPA 1.1.1-SNAPSHOT>
####<Mar 17, 2015 2:07:17 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615637529> <BEA-000000> <StoreServiceImpl.initJDO - StoreService is initialized with Id = ldap_1iNOTK213rH9DG7MIClGFUdTrEA=>
####<Mar 17, 2015 2:07:21 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615641070> <BEA-090516> <The RoleMapper provider has preexisting LDAP data.>
####<Mar 17, 2015 2:07:22 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615642521> <BEA-090516> <The Authorizer provider has preexisting LDAP data.>
####<Mar 17, 2015 2:07:22 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615642786> <BEA-090516> <The CredentialMapper provider has preexisting LDAP data.>
####<Mar 17, 2015 2:07:23 PM EDT> <Info> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615643098> <BEA-090093> <No pre-WLS 8.1 Keystore providers are configured for server localhost for security realm ggRealm.>
####<Mar 17, 2015 2:07:23 PM EDT> <Notice> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615643098> <BEA-090082> <Security initializing using security realm ggRealm.>
####<Mar 17, 2015 2:07:23 PM EDT> <Critical> <Security> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615643363> <BEA-090402> <Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.>
####<Mar 17, 2015 2:07:23 PM EDT> <Critical> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426615643410> <BEA-000386> <Server subsystem failed. Reason: A MultiException has 6 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.cluster.migration.MigrationService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.cluster.migration.MigrationService
A MultiException has 6 exceptions. They are:
1. weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
2. java.lang.IllegalStateException: Unable to perform operation: post construct on weblogic.security.SecurityService
3. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.jndi.internal.RemoteNamingService errors were found
4. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.jndi.internal.RemoteNamingService
5. java.lang.IllegalArgumentException: While attempting to resolve the dependencies of weblogic.cluster.migration.MigrationService errors were found
6. java.lang.IllegalStateException: Unable to perform operation: resolve on weblogic.cluster.migration.MigrationService
at org.jvnet.hk2.internal.Collector.throwIfErrors(Collector.java:88)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:269)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$UpOneLevel.run(CurrentTaskFuture.java:753)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Caused By: weblogic.security.SecurityInitializationException: Authentication denied: Boot identity not valid. The user name or password or both from the boot identity file (boot.properties) is not valid. The boot identity may have been changed since the boot identity file was created. Please edit and update the boot identity file with the proper values of username and password. The first time the updated boot identity file is used to start the server, these new values are encrypted.
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:1017)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.postInitialize(CommonSecurityServiceManagerDelegateImpl.java:1131)
at weblogic.security.service.SecurityServiceManager.postInitialize(SecurityServiceManager.java:943)
at weblogic.security.SecurityService.start(SecurityService.java:159)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:78)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1017)
at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:388)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:430)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$UpOneLevel.run(CurrentTaskFuture.java:753)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
Caused By: javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User weblogic denied
at weblogic.security.providers.authentication.shared.DBMSAtnLoginModuleImpl.login(DBMSAtnLoginModuleImpl.java:284)
at com.bea.common.security.internal.service.LoginModuleWrapper$1.run(LoginModuleWrapper.java:110)
at java.security.AccessController.doPrivileged(Native Method)
at com.bea.common.security.internal.service.LoginModuleWrapper.login(LoginModuleWrapper.java:106)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at com.bea.common.security.internal.service.JAASLoginServiceImpl.login(JAASLoginServiceImpl.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)
at com.sun.proxy.$Proxy32.login(Unknown Source)
at weblogic.security.service.internal.WLSJAASLoginServiceImpl$ServiceImpl.login(WLSJAASLoginServiceImpl.java:89)
at com.bea.common.security.internal.service.JAASAuthenticationServiceImpl.authenticate(JAASAuthenticationServiceImpl.java:82)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.bea.common.security.internal.utils.Delegator$ProxyInvocationHandler.invoke(Delegator.java:64)
at com.sun.proxy.$Proxy52.authenticate(Unknown Source)
at weblogic.security.service.WLSJAASAuthenticationServiceWrapper.authenticate(WLSJAASAuthenticationServiceWrapper.java:40)
at weblogic.security.service.PrincipalAuthenticator.authenticate(PrincipalAuthenticator.java:342)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.doBootAuthorization(CommonSecurityServiceManagerDelegateImpl.java:987)
at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.postInitialize(CommonSecurityServiceManagerDelegateImpl.java:1131)
at weblogic.security.service.SecurityServiceManager.postInitialize(SecurityServiceManager.java:943)
at weblogic.security.SecurityService.start(SecurityService.java:159)
at weblogic.server.AbstractServerService.postConstruct(AbstractServerService.java:78)
at sun.reflect.GeneratedMethodAccessor6.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.glassfish.hk2.utilities.reflection.ReflectionHelper.invoke(ReflectionHelper.java:1017)
at org.jvnet.hk2.internal.ClazzCreator.postConstructMe(ClazzCreator.java:388)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:430)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceLocatorImpl.getService(ServiceLocatorImpl.java:606)
at org.jvnet.hk2.internal.ThreeThirtyResolver.resolve(ThreeThirtyResolver.java:77)
at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:231)
at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:254)
at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:413)
at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:456)
at org.glassfish.hk2.runlevel.internal.AsyncRunLevelContext.findOrCreate(AsyncRunLevelContext.java:225)
at org.glassfish.hk2.runlevel.RunLevelContext.findOrCreate(RunLevelContext.java:82)
at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2488)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:98)
at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:87)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.oneJob(CurrentTaskFuture.java:1162)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$QueueRunner.run(CurrentTaskFuture.java:1147)
at org.glassfish.hk2.runlevel.internal.CurrentTaskFuture$UpOneLevel.run(CurrentTaskFuture.java:753)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
>
####<Mar 17, 2015 2:07:23 PM EDT> <Notice> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426615643519> <BEA-000365> <Server state changed to FAILED.>
####<Mar 17, 2015 2:07:23 PM EDT> <Error> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426615643550> <BEA-000383> <A critical service failed. The server will shut itself down.>
####<Mar 17, 2015 2:07:23 PM EDT> <Notice> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426615643550> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN.>
####<Mar 17, 2015 2:07:23 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <localhost> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1426615643550> <BEA-000236> <Stopping execute threads.>
####<Mar 17, 2015 2:07:23 PM EDT> <Info> <WebLogicServer> <Doreus-PC> <localhost> <main> <<WLS Kernel>> <> <> <1426615643566> <BEA-000238> <Shutdown has completed.> -
Golden Gate for mysql5.5 extract is Abended,and not error in the file
Dear All,
golden gate for mysql5.5 to oracle 11g,extract is Abended ,but there didn't have error in the log , And sometimes the successful extraction some records;
extract :
EXTRACT EXT_M1
TRANLOGOPTIONS AltLogDest /mydata/mysqllog/binlog/binlog.index
SOURCEDB [email protected]:16052, USERID mama,PASSWORD mama
sqlexec "set names gbk;"
EXTTRAIL dirdat/m1
Dynamicresolution
TABLE mama.merchants_member_card_customer;
datapump:
EXTRACT DPRD_M1
SOURCEDB [email protected]:16052, USERID mama,PASSWORD mama
RMTHOST 192.168.2.57, MGRPORT 7089, compress --COMPRESSUPDATESETWHERE
RMTTRAIL /home/oracle/goldengate/dirdat/m1
NOPASSTHRU
TABLE mama.merchants_member_card_customer;
GGSCI>>info all
Program Status Group Lag at Chkpt Time Since Chkpt
MANAGER RUNNING
EXTRACT RUNNING DPRD_M1 00:00:00 00:00:01
EXTRACT ABENDED EXT_M1 00:11:49 00:01:56
REPORT:
GGSCI>>view report ext_m1
Oracle GoldenGate Capture for MySQL
Version 11.2.1.0.1 OGGCORE_11.2.1.0.1_PLATFORMS_120423.0230
Linux, x64, 64bit (optimized), MySQL Enterprise on Apr 23 2012 05:23:34
Copyright (C) 1995, 2012, Oracle and/or its affiliates. All rights reserved.
Starting at 2013-09-29 18:38:08
Operating System Version:
Linux
Version #1 SMP Wed Jun 13 18:24:36 EDT 2012, Release 2.6.32-279.el6.x86_64
Node: M46
Machine: x86_64
soft limit hard limit
Address Space Size : unlimited unlimited
Heap Size : unlimited unlimited
File Size : unlimited unlimited
CPU Time : unlimited unlimited
Process id: 6322
Description:
** Running with the following parameters **
2013-09-29 18:38:08 INFO OGG-03035 Operating system character set identified as UTF-8. Locale: zh_CN, LC_ALL:.
EXTRACT EXT_M1
TRANLOGOPTIONS AltLogDest /mydata/mysqllog/binlog/binlog.index
SOURCEDB [email protected]:16052, USERID mama100,PASSWORD ****************
sqlexec "set names gbk;"
Executing SQL statement...
2013-09-29 18:38:08 INFO OGG-00893 SQL statement executed successfully.
EXTTRAIL dirdat/m1
Dynamicresolution
TABLE mama100.merchants_member_card_customer;
2013-09-29 18:38:08 INFO OGG-01815 Virtual Memory Facilities for: COM
anon alloc: mmap(MAP_ANON) anon free: munmap
file alloc: mmap(MAP_SHARED) file free: munmap
target directories:
/home/goldengate/dirtmp.
CACHEMGR virtual memory values (may have been adjusted)
CACHESIZE: 64G
CACHEPAGEOUTSIZE (normal): 8M
PROCESS VM AVAIL FROM OS (min): 128G
CACHESIZEMAX (strict force to disk): 96G
Database Version:
MySQL
Server Version: 5.5.24-patch-1.0-log
Client Version: 6.0.0
Host Connection: 192.168.2.46 via TCP/IP
Protocol Version: 10
2013-09-29 18:38:08 INFO OGG-01056 Recovery initialization completed for target file dirdat/m1000000, at RBA 1295, CSN 000086|000000065228677.
2013-09-29 18:38:08 INFO OGG-01478 Output file dirdat/m1 is using format RELEASE 11.2.
2013-09-29 18:38:08 INFO OGG-01026 Rolling over remote file dirdat/m1000000.
2013-09-29 18:38:08 INFO OGG-00182 VAM API running in single-threaded mode.
2013-09-29 18:38:08 INFO OGG-01515 Positioning to begin time 2013-9-29 06:26:18.
** Run Time Messages **
2013-09-29 18:38:08 INFO OGG-01516 Positioned to Log Number: 86
Record Offset: 65223906, 2013-9-29 06:26:18.
2013-09-29 18:38:08 INFO OGG-01517 Position of first record processed Log Number: 86
Record Offset: 65223906, 2013-9-29 06:26:18.
TABLE resolved (entry mama100.merchants_member_card_customer):
TABLE mama100."merchants_member_card_customer";
Using the following key columns for source table mama100.merchants_member_card_customer: id.
2013-09-29 18:38:08 INFO OGG-01054 Recovery completed for target file dirdat/m1000001, at RBA 1316, CSN 000086|000000065228677.
2013-09-29 18:38:08 INFO OGG-01057 Recovery completed for all targets.
ggsevt:
2013-09-29 18:38:08 INFO OGG-00963 Oracle GoldenGate Manager for MySQL, mgr.prm: Command received from GGSCI on host localhost (START EXTRACT EXT_M1 ).
2013-09-29 18:38:08 INFO OGG-00975 Oracle GoldenGate Manager for MySQL, mgr.prm: EXTRACT EXT_M1 starting.
2013-09-29 18:38:08 INFO OGG-00992 Oracle GoldenGate Capture for MySQL, ext_m1.prm: EXTRACT EXT_M1 starting.
2013-09-29 18:38:08 INFO OGG-03035 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Operating system character set identified as UTF-8. Locale: zh_CN, LC_ALL:.
2013-09-29 18:38:08 INFO OGG-00893 Oracle GoldenGate Capture for MySQL, ext_m1.prm: SQL statement executed successfully.
2013-09-29 18:38:08 INFO OGG-01815 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Virtual Memory Facilities for: COM
anon alloc: mmap(MAP_ANON) anon free: munmap
file alloc: mmap(MAP_SHARED) file free: munmap
target directories:
/home/goldengate/dirtmp.
2013-09-29 18:38:08 INFO OGG-00993 Oracle GoldenGate Capture for MySQL, ext_m1.prm: EXTRACT EXT_M1 started.
2013-09-29 18:38:08 INFO OGG-01056 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Recovery initialization completed for target file dirdat/m1000000, at RBA 1295, CSN 000086|000000065228677.
2013-09-29 18:38:08 INFO OGG-01478 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Output file dirdat/m1 is using format RELEASE 11.2.
2013-09-29 18:38:08 INFO OGG-01026 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Rolling over remote file dirdat/m1000000.
2013-09-29 18:38:08 INFO OGG-00182 Oracle GoldenGate Capture for MySQL, ext_m1.prm: VAM API running in single-threaded mode.
2013-09-29 18:38:08 INFO OGG-01515 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Positioning to begin time 2013-9-29 06:26:18.
2013-09-29 18:38:08 INFO OGG-01516 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Positioned to Log Number: 86
Record Offset: 65223906, 2013-9-29 06:26:18.
2013-09-29 18:38:08 INFO OGG-01517 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Position of first record processed Log Number: 86
Record Offset: 65223906, 2013-9-29 06:26:18.
2013-09-29 18:38:08 INFO OGG-01054 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Recovery completed for target file dirdat/m1000001, at RBA 1316, CSN 000086|000000065228677.
2013-09-29 18:38:08 INFO OGG-01057 Oracle GoldenGate Capture for MySQL, ext_m1.prm: Recovery completed for all targets.
2013-09-29 18:38:09 INFO OGG-01054 Oracle GoldenGate Capture for MySQL, dprd_m1.prm: Recovery completed for target file /home/oracle/goldengate/dirdat/m1000002, at RBA 1435, CSN 000086|000000055512672.
2013-09-29 18:38:09 INFO OGG-01057 Oracle GoldenGate Capture for MySQL, dprd_m1.prm: Recovery completed for all targets.GGSCI>>info ext_m1 showch
EXTRACT EXT_M1 Last Started 2013-09-29 18:38 Status ABENDED
Checkpoint Lag 00:11:49 (updated 00:12:05 ago)
VAM Read Checkpoint 2013-09-29 18:26:18.665841
Current Checkpoint Detail:
Read Checkpoint #1
VAM External Interface
Startup Checkpoint (starting position in the data source):
Timestamp: 2013-09-29 18:26:18.665841
Recovery Checkpoint (position of oldest unprocessed transaction in the data source):
Timestamp: 2013-09-29 18:26:18.665841
Current Checkpoint (position of last record read in the data source):
Timestamp: 2013-09-29 18:26:18.665841
Write Checkpoint #1
GGS Log Trail
Current Checkpoint (current write position):
Sequence #: 0
RBA: 917
Timestamp: 2013-09-29 18:30:55.655570
Extract Trail: dirdat/m1
CSN state information:
CRC: 20-82-1D-34
CSN: Not available
Header:
Version = 2
Record Source = A
Type = 8
# Input Checkpoints = 1
# Output Checkpoints = 1
File Information:
Block Size = 2048
Max Blocks = 100
Record Length = 20480
Current Offset = 0
Configuration:
Data Source = 5
Transaction Integrity = 1
Task Type = 0
Status:
Start Time = 2013-09-29 18:38:08
Last Update Time = 2013-09-29 18:38:08
Stop Status = A
Last Result = 0 -
Need Help on Joining multiple tables in Golden Gate
Hi,
Can you please help me with some examples on joining multiple tables in Golden Gate. i.e, my requirement is to Join Table 1 & Table 2 in Source and Load it in Target with 10 fields from Table 1 & 5 fields from Table 2 based on the join condition between Table 1.key = Table2.key
I have been trying to do that using SQLEXEC command in Golden Gate. But, is there a way I can do this in the Extract parameter file?
Thanks for your time
Regards
SureshHi,
Thanks a lot for the prompt reply. I am able to do that for the below scenario
Source.T1.Field1
Source.T1.Field2
Source.T2.Field1
Source.T2.Field2
Target Table
T1.Field1, T1.Field2, T2.Field1, T2.Field2.
But, if I already have T2.Field1 in T1 table, then T1.Field1 takes the precendence and getting loaded. i.e., I wanted to join the table 1 & Table 2 and based on the matching condition, I will need to populate the data either from T1 or T2.
Hope you got my requirement.
Below the Data Dump file & Replicat File.
EXTRACT dpump
USERID ********, PASSWORD ********
RMTHOST *******, MGRPORT 7809
RMTTRAIL /oracle/gg/dirdat/rt
--PASSTHRU
TABLE TABLE1,
SQLEXEC (ID LOOKUP,
QUERY "SELECT FIELD1 FROM SOURCE.TABLE2 WHERE FIELD1 = :v_field1",
PARAMS ( v_field1 = field1 )),
TOKENS (tk_field_1 = @GETVAL (lookup.field1));
Replicat file
REPLICAT repjoin
ASSUMETARGETDEFS
HANDLECOLLISIONS
USERID *******, PASSWORD ********
MAP SOURCE.T1, TARGET TARGET.GG_TABLE_T1,
COLMAP ( USEDEFAULTS ,
field1 = @token ("tk_party_id"));
I eventually wanted to join like below.
select t1.field1, t1.field2, t2.field1 from t1, t2
where t1.field1 = t2.field1;
Thanks for your time again
Regards
Suresh -
Golden Gate Sequence Value replication?
Hi all,
I have searched the web, and read the Golden Gate documentation but I've found mixed answers.
I'm just trying to ascertain for certain whether it's possible to automatically replicate sequence values in a bi-directional configuration. Both databases will be identical and both will be 11gR2 with the latest version of GG.
If it is not possible to automatically increment sequences in a bi-directional configuration, what are the best practices for maintaing them?
One option is the alternate sequences on each database, one with even values (for example) and one with odd values, but this requires deployment of new sequences on both databases, something we were hoping would be taken care of by the replication. (yes the sequence creation can be taken care of but the value is not incremented on the target database).
another way that we thought of off the top of our heads is to have an on insert trigger (we only use sequences to generate surrogate keys) which will select nextval from the target database via a db link, but this seems somewhat cumbersome.
What is best practice?Use sequence parameter... here is from Golden gate document:
SEQUENCE
Valid for Extract
Use the SEQUENCE parameter to extract sequence values from the transaction log forpropagation to a GoldenGate trail and delivery to another database. Currently, GoldenGate supports sequences for the Oracle database.
NOTE DDL support for sequences (CREATE, ALTER, DROP, RENAME) is compatible with, but not required for, replicating sequence values. To replicate just sequence values, you do not need to install the GoldenGate DDL support environment. You can just use the SEQUENCE parameter.
GoldenGate ensures that the values of a target sequence are:
● higher than the source values if the increment interval is positive
● lower than the source values if the increment interval is negative
Depending on the increment direction, Replicat applies one of the following formulas as a test when it performs an insert:
source_highwater_value + (source_cache_size * source_increment_size * source_RAC_nodes) <= target_highwater_value
Or...
source_highwater_value + (source_cache_size * source_increment_size * source_RAC_nodes) >= target_highwater_value
If the formula evaluates to FALSE, the target sequence is updated to be higher than the source value (if sequences are incremented) or lower than the source value (if sequences are decremented). The target must always be ahead of, or equal to, the expression in the parentheses in the formula. For example, if the source highwater value is 40, and CACHE is 20, and the source INCREMENTBY value is 1, and there are two source RAC nodes, the target highwater value should be at least 80:
40 + (20*1*2) <80
If the target highwater value is less than 80, GoldenGate updates the sequence to increase the highwater value, so that the target remains ahead of the source. To get the current highwater value, perform this query:
SELECT last_number FROM all_sequences WHERE sequence_owner=upper('SEQUENCEOWNER') AND sequence_name=upper('SEQUENCENAME'); -
Golden Gate functionality during new deployments
Hi can anybody tell me what can be done during deployment activity is performed for Active-Active(bi-directional) Golden Gate configuration?
In our case during new deployments we fail-over complete traffic from once Data centre to another active data centre.
After traffic fail-over we perform deployment work on Database. Which might insert/add columns etc.....
Adding columns and inserting data on once database makes Golden Gate to replicate them to target database which is not desired for a running database.
Anybody suggest what can be done in such scenario?
Also if we try to ignore those tables, we have seen a situation where Golden Gate will fail saying parent keys not found.
Any suggestion on handling such situation will help me a lot.
Thanks in advance.Hello,
Maybe a late reply, but have you thought of creating an extract process specif to the deployment (active data center)?
You could use the extracted trails and pump them over to the other data center and run the trails/changes as a batch job.
I recently had a similar scenario, and create a specific extract(active center) and batch replicat(passive center). The parameter nodbcheckpoint tell Oracle GG that you are running a batch job.
Here is an example:
GGSCI> ADD REPLICAT LOADDRP, EXTTRAIL ./dirdat/tx nodbcheckpoint
GGSCI> EDIT PARAMS LOADDRP
REPLICAT LOADDRP
SETENV (NLS_LANG = "AMERICAN_AMERICA.WE8MSWIN1252")
EXTTRAIL ./dirdat/tx
HANDLECOLLISIONS
--END RUNTIME
USERID GGATE@MYDB01, PASSWORD *******
ASSUMETARGETDEFS
DISCARDFILE ./dirrpt/loadtemppassive.dsc, purge
STATOPTIONS RESETREPORTSTATS
DDL INCLUDE ALL
DDLERROR DEFAULT IGNORE RETRYOP MAXRETRIES 5
REPORT AT 00:01
REPORTROLLOVER AT 00:01
REPORTCOUNT EVERY 60 SECONDS, RATE
DDLOPTIONS REPORT
MAP I_S_L_2.*, TARGET I_S_L_2.*;
ETC......Hope this gets you on the right track.
Sincerely
Jan S. -
Golden Gate Hetergenous restrictions
if I have SQL server replicate to Oracle, is it true SQL backup must be native, non-encrypted and non compressed? if so, are the restrictions only APPLIED on the initial load or ongoing? basically if golden gate capture the data via transaction logs so why it care about the backup as an ongoing process, it doesn't click in my mind.
The latest OGG build documentation is here, and each build for the different DBMS that is supported has it's own installation guide, which lists the security requirements. An Extract's security needs are different from a Replicat's, and they are also different per DBMS.
http://docs.oracle.com/cd/E35209_01/index.htm
In summary, the extract.exe for SQL Server runs at the OS level with the Windows account that is running the Manager service (this is Local System account by default, but can be changed to a specific user) and this is the OS account that reads the physical transaction log and log backups, and that account must be a member of the Windows server Administrator's group.
You also have a System ODBC DSN to setup for Extract to pull meta-data, run some commands, and other info from the SQL Server database, and if you use Windows authentication in that DSN, then it will use the Windows account running the Manager to log into SQL Server, or if you use SQL Server authentication in the DSN, then you would create a SQL Server login. Either way, the Windows account or a SQL Server account needs to be a member of the SQL Server instance's syadmin role. This is for the Extract, no exceptions.
Oracle database permissions are different and listed as well in the OGG for Oracle install guide. -
Golden Gate, DBFS and SUN ODM
Gents,
DBFS - way of storing files as LOBS - cool feature, no bullet proof POCs yet. POC that I worked on got .78TB/hour to load data using external table, Oracle advertised 5TB/hour.
There has been recommendation flowing around on using DBFS for storing "Golden Gate Trail/Checkpoint files"
1. As we know, golden gate files are "Transient" and needs to be deleted once redo changes are applied.
2. Assuming DBFS is setup within Exadata (storage servers, lets say 14-FULL RACK).
3. ASM will do its own job of managing (striping and mirroring)
??Questions??
A. What is the advantage of using DBFS on Exadata shared servers than storing shared NFS, to me, Golden gate files are transient and it will be waste of shared storage and performance impact due to ASM overhead of managing transient files on Exadata boxes?
B. If we decide to store Golden Gate files on exadata, can we just store them on shared exadata server as regular files ?
C. ASM specific, can we just conditionally bypass stripping and mirroring for "Golden Gate Transient Files"?
D. ACFS Vs DBFS, why DBFS is better than ACFS ? (requirement specific question assuming I just want to store transient files for a period of time)
Thanks
-Dhavalmunno wrote:
ASM Clustered File System is supported on SUN ODM unless somebody comments on how ACFS is different than what Oracle says below.
http://www.oracle.com/technology/products/bi/db/exadata/pdf/exadata-technical-whitepaper.pdf
Please look into this pdf, page number 11.
Here is the text from page 11
Oracle Automatic Storage Management (ASM) is used as the file system and volume manager for
Exadata. ASM virtualizes the storage resources and provides the advanced volume management
and file system capabilities of Exadata. Striping database files evenly across the available Exadata
cells and disks results in uniform I/O load across all the storage hardware. The ability of ASM to
perform non-intrusive resource allocation, and reallocation, is a key enabler of the shared grid
storage capabilities of Exadata environments.
"Automatic Storage Management (ASM) != ASM Cluster File System (ACFS)
That's the difference. Exadata uses ASM, but it does not support ACFS, only DBFS.
Regards,
Greg Rahn
http://structureddata.org -
Sequence Error During Golden Gate Replication! Need Hints
Dear All,
I am replicating 2 databases one way, from production to standby using golden gate.
Both databases are 11gR2 and on Linux.
Replication runs smooth for couple of days and then ends up with this error:
ERROR OGG-01296 Error mapping from ETISLBILLING.PAR_TBLPARNODEIDENTI to ETISLBILLING.PAR_TBLPARNODEIDENTI.
Parent Ket Not Found ETISLBILLING.FK_PARTNERNODE_IDENT
Trigger : ETISLBILLING.TRG_PAR_TBLPARTNERNODE Sequence : SEQ_PAR_TblPartnerIdenti
ORA-20000: Sequence value cannot be changed.
Main error is that value of sequence that is executed during the after insert trigger, does not change and trigger raise error hence the replication process is stopped.
I am just worried that the same triggers and sequences are executed successfully on production database and standby database has is exactly the same as production.
Is there some special treatment for sequences?
Kindly share your experience and give tips to handle this situation
Regards, ImranHi,
Hope this helps
Jan S.
FROM MOS: OGG Replicat Encounters OGG-01396 OGG-00869 ORA-01400 on Primary Key Column [ID 1308824.1]
Cause
==================
from the replicat report, first this error occurs:
WARNING OGG-01396 A complete after image is not available
in <schema.table> at rba 123456 in file ./dirdat/yyy, while inserting
a row into <schema.table> due to missing target row for a key update operation.
NOCOMPRESSUPDATES or FETCHOPTIONS FETCHPKUPDATECOLS may be specified in the
EXTRACT parameter file to include a complete image for key update operations.
The offending record is a primary key update, ... probably the key
<to be found at the mentioned rba 123456 in file ./dirdat/yyy> is not available on target
if the PK is not available at target side, then this error is expected, because HANDLECOLLISIONS turns the PK update into an insert as result of no target record to update.
The problem is that the source PK update record doesn't contain all the after image columns. That is also expected because the update record is intended to only update the affected columns.
As a workaround use FETCHOPTIONS FETCHPKUPDATECOLS on the capture/extract side to get all the after images of the record so that when a HANDLECOLLISIONS logic kicks in, it will be
able to successfully convert the original PK update into insert with all the after image present.
Solution
==================
First check the affected trail file yyy at RBA 123456 with logdump to verify, if the PK update does not have the complete key information as described.
If that is the case and the target table does not have the corresponding PK entry, this issue is hit. Otherwise it is something different.
As a workaround use
==================
FETCHOPTIONS FETCHPKUPDATECOLS on the capture/extract side to get all the after images of
the record so that when a HANDLECOLLISIONS logic kicks in, it will be
able to successfully convert the original PK update into insert with all the after image present. -
Hi,
Is it possible to transform one row from source database into multiple rows in target database using Golden Gate?
Thanks,
DeepakAnother way is using SQLEXEC:
Suppose we have:
at source db -
create table test.wide (id number primary key, COL1 VARCHAR2(25), COL2 VARCHAR2(25), COL3 VARCHAR2(25));at target db -
create table test.thin (id number primary key, col_name VARCHAR2(10), col_value VARCHAR2(25));then in replicat params -
--Replicat group --
REPLICAT REP2
--source and target definitions
--ASSUMETARGETDEFS
SOURCEDEFS /u01/app/oracle/product/11.1.1.1.2ogg411g/dirdef/sourcedef
--target database login --
USERID ogg, PASSWORD ogg
--file for dicarded transaction --
DISCARDFILE /u01/app/oracle/product/11.1.1.1.2ogg411g/discard/rep1_discard.txt, APPEND, MEGABYTES 10
--ddl support
DDL
--Specify table mapping ---
MAP test.t1, TARGET test.t11g, COLMAP (USEDEFAULTS, VCH=@STRNUM(NM));
MAP test.CITIES, TARGET test.CITIES;
MAP test.COUNTRIES, TARGET test.COUNTRIES;
MAP test.LOBEXP, TARGET test.LOBEXP;
MAP test.wide, TARGET test.thin, COLMAP (USEDEFAULTS, COL_NAME="COL1", COL_VALUE=COL1), &
SQLEXEC (ID COL2PROC, QUERY "insert into test.thin values (:id_params+1,'COL2',:value_param)", PARAMS (id_params = id, value_param = COL2)), &
SQLEXEC (ID COL3PROC, QUERY "insert into test.thin values (:id_params+2,'COL3',:value_param)", PARAMS (id_params = id, value_param = COL3)), &
SQLEXEC (ID COL_DELE, ON DELETE, QUERY "delete from test.thin where id in (:id_params+1,:id_params+2)", PARAMS (id_params = id)), &
SQLEXEC (ID COL2UPDA, ON UPDATE, QUERY "update test.thin set col_value=:value_params where 1=:is_updated and id=:id_params+1", PARAMS (is_updated = @IF(@COLTEST(COL2,MISSING,
INVALID),0,1), value_params = COL2, id_params = id)), &
SQLEXEC (ID COL3UPDA, ON UPDATE, QUERY "update test.thin set col_value=:value_params where 1=:is_updated and id=:id_params+2", PARAMS (is_updated = @IF(@COLTEST(COL3,MISSING,
INVALID),0,1), value_params = COL3, id_params = id));
--MAP test.account, TARGET test.thin, COLMAP(USEDEFAULTS, COL_NAME='COL1', COL_VALUE=COL1);
DDLERROR 24344 DISCARD;An extractor params would be -
--extract group--
EXTRACT ext1
--connection to database--
USERID ogg, PASSWORD xxx
EXTTRAIL /u01/app/oracle/product/11.1.1.12ogg/dirdat/ss
SEQUENCE test.*
--DDL support
DDL INCLUDE MAPPED OBJNAME test.*
--DML
TABLE test.*;Works fine - just tested.
Edited by: Artem Khisamiev on 15.10.2012 4:09
Add DELETE and UPDATE DML improvements to replicat params. -
WLS70 SSL encrypted keys and Certificate Request Generator
Hi,
we are trying to certificate our WLS 7.0. We use the Certificate Request Generator
webapp for generating the request. The generator forces the user to give in a
private key password. But in the server's SSL config tab the field "Use encrypted
Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Is this a bug
in WLS7.0?Hi Alain,
thanks for your workaround. We will check it out ... although I've been instructed
on the BEA admin trainee to never change config.xml manually :)
"Alain Hsiung" <[email protected]> wrote:
Hi Joern
consider it a bug or not, you can go to the file config.xml and edit
the
XML attribute "KeyEncrypted" of the XML element "SSL" to "true".
Hope this helps.
Regards
Alain Hsiung, Ideartis Inc.
"Joern Wohlrab" <[email protected]> wrote in message
news:[email protected]..
Hi,
we are trying to certificate our WLS 7.0. We use the Certificate RequestGenerator
webapp for generating the request. The generator forces the user togive
in a
private key password. But in the server's SSL config tab the field"Use
encrypted
Keys" is fixed to "false" (in WLS 6.1 this field is a checkbox). Isthis a
bug
in WLS7.0? -
Managing Server Encryption Keys in IDM 8.1
I am trying to import the server encryption key from my local machine to the development environment. However, I get the error "java.lang.IllegalStateException: Error attempting to decrypt: Given final block not properly padded".
I am attempting to import the keys with the lh import command like I would with the other custom configuration objects. I have checked the JDK on my machine vs the development machine and they are both running JDK's from Sun.
Any ideas?Hi,
Some more information would be helpful. What versions of IDM, what vendor and version of JDK, what server encryption type is configured for each IDM server, how was the key exported, have you tried importing a key from any other IDM instance, etc. The more info, the better.
Thanks,
Mike -
Install oracle golden gate 11.1.1.0 for oracle9i on RedHat AS3 U6 issue
Hi expert,
I need install Oracle golden gate base on below combination:
GG version: 11.1.1.0 (x64)
OS version: Redhat AS3 UL6 (x64)
Oracle version: 9.2.0.8 (x64)
I set the .bash_profile for oracle as below:
export ORACLE_BASE=/u01/app/oracle
export ORACLE_HOME=$ORACLE_BASE/product/9.2.0
export GGATE=/software/ogg
export PATH=$PATH:$ORACLE_HOME/bin:$GGATE
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$GGATE
However, after installation, when I run ggsci, it show below error message:
ggsci: error while loading shared libraries: libstdc++.so.6: cannot open shared object file: No such file or directory
I searched the libstdc++.so.6 in the server and found one in /lib64/ssa/libstdc++.so.6, I changed the LD_LIBRARY_PATH as:
export LD_LIBRARY_PATH=$ORACLE_HOME/lib:$GGATE:/lib64/ssa/
then this time it has below error:
ggsci: /lib64/ssa/libstdc++.so.6: version `GLIBCXX_3.4' not found (required by ggsci)
ggsci: /lib64/ssa/libstdc++.so.6: version `GLIBCXX_3.4' not found (required by /software/ogg/libxerces-c.so.28)
my question:
1. Is GG 11.1.1.0 supported on RHEL AS3 U6? From oracle official website, it seems only the EL 4 UL7+ or EL 5 UL3+ are supported.
2. If it's supported, how to resolve above error?
Many thanks for your help.Hi,
I think GG version: 11.1.1.0 (x64) supports only oracle 10g and 11g databases.
Try GG version: 10.4.0.19 (x64) for oracle 9.2.0.8
Thanks. -
System encryption using LUKS and GPG encrypted keys for arch linux
Update: As of 2012-03-28, arch changed from gnupg 1.4 to 2.x which uses pinentry for the password dialog. The "etwo" hook described here doesn't work with gnupg 2. Either use the openssl hook below or use a statically compiled version of gnupg 1.4.
Update: As of 2012-12-19, the mkinitcpio is not called during boot, unless the "install" file for the hook contains "add_runscript". This resulted in an unbootable system for me. Also, the method name was changed from install () to build ().
Update: 2013-01-13: Updated the hook files using the corrections by Deth.
Note: This guide is a bit dated now, in particular the arch installation might be different now. But essentially, the approach stays the same. Please also take a look at the posts further down, specifically the alternative hooks that use openssl.
I always wanted to set up a fully encrypted arch linux server that uses gpg encrypted keyfiles on an external usb stick and luks for root filesystem encryption. I already did it once in gentoo using this guide. For arch, I had to play alot with initcpio hooks and after one day of experimentation, I finally got it working. I wrote a little guide for myself which I'm going to share here for anyone that might be interested. There might be better or easier ways, like I said this is just how I did it. I hope it might help someone else. Constructive feedback is always welcome
Intro
Using arch linux mkinitcpio's encrypt hook, one can easily use encrypted root partitions with LUKS. It's also possible to use key files stored on an external drive, like an usb stick. However, if someone steals your usb stick, he can just copy the key and potentially access the system. I wanted to have a little extra security by additionally encrypting the key file with gpg using a symmetric cipher and a passphrase.
Since the encrypt hook doesn't support this scenario, I created a modifed hook called “etwo” (silly name I know, it was the first thing that came to my mind). It will simply look if the key file has the extension .gpg and, if yes, use gpg to decrypt it, then pipe the result into cryptsetup.
Conventions
In this short guide, I use the following disk/partition names:
/dev/sda: is the hard disk that will contain an encrypted swap (/dev/sda1), /var (/dev/sda2) and root (/dev/sda3) partition.
/dev/sdb is the usb stick that will contain the gpg encrypted luks keys, the kernel and grub. It will have one partition /dev/sdb1 formatted with ext2.
/dev/mapper/root, /dev/mapper/swap and /dev/mapper/var will be the encrypted devices.
Credits
Thanks to the authors of SECURITY_System_Encryption_DM-Crypt_with_LUKS (gentoo wiki), System Encryption with LUKS (arch wiki), mkinitcpio (arch wiki) and Early Userspace in Arch Linux (/dev/brain0 blog)!
Guide
1. Boot the arch live cd
I had to use a newer testing version, because the 2010.05 cd came with a broken gpg. You can download one here: http://releng.archlinux.org/isos/. I chose the “core“ version. Go ahead and boot the live cd, but don't start the setup yet.
2. Set keymap
Use km to set your keymap. This is important for non-qwerty keyboards to avoid suprises with passphrases...
3. Wipe your discs
ATTENTION: this will DELETE everything on /dev/sda and /dev/sdb forever! Do not blame me for any lost data!
Before encrypting the hard disc, it has to be completely wiped and overwritten with random data. I used shred for this. Others use badblocks or dd with /dev/urandom. Either way, this will take a long time, depending on the size of your disc. I also wiped my usb stick just to be sure.
shred -v /dev/sda
shred -v /dev/sdb
4. Partitioning
Fire up fdisk and create the following partitions:
/dev/sda1, type linux swap.
/dev/sda2: type linux
/dev/sda3: type linux
/dev/sdb1, type linux
Of course you can choose a different layout, this is just how I did it. Keep in mind that only the root filesystem will be decrypted by the initcpio. The rest will be decypted during normal init boot using /etc/crypttab, the keys being somewhere on the root filesystem.
5. Format and mount the usb stick
Create an ext2 filesystem on /dev/sdb1:
mkfs.ext2 /dev/sdb1
mkdir /root/usb
mount /dev/sdb1 /root/usb
cd /root/usb # this will be our working directory for now.
Do not mount anything to /mnt, because the arch installer will use that directory later to mount the encrypted root filesystem.
6. Configure the network (if not already done automatically)
ifconfig eth0 192.168.0.2 netmask 255.255.255.0
route add default gw 192.168.0.1
echo "nameserver 192.168.0.1" >> /etc/resolv.conf
(this is just an example, your mileage may vary)
7. Install gnupg
pacman -Sy
pacman -S gnupg
Verify that gnupg works by launching gpg.
8. Create the keys
Just to be sure, make sure swap is off:
cat /proc/swaps
should return no entries.
Create gpg encrypted keys (remember, we're still in our working dir /root/usb):
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > root.gpg
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > var.gpg
Choose a strong password!!
Don't do this in two steps, e.g don't do dd to a file and then gpg on that file. The key should never be stored in plain text on an unencrypted device, except if that device is wiped on system restart (ramfs)!
Note that the default cipher for gpg is cast5, I just chose to use a different one.
9. Create the encrypted devices with cryptsetup
Create encrypted swap:
cryptsetup -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -d /dev/urandom create swap /dev/sda1
You should see /dev/mapper/swap now. Don't format nor turn it on for now. This will be done by the arch installer.
Important: From the Cryptsetup 1.1.2 Release notes:
Cryptsetup can accept passphrase on stdin (standard input). Handling of new line (\n) character is defined by input specification:
if keyfile is specified as "-" (using --key-file=- or by positional argument in luksFormat and luksAddKey, like cat file | cryptsetup --key-file=- <action> ), input is processed
as normal binary file and no new line is interpreted.
if there is no key file specification (with default input from stdin pipe like echo passphrase | cryptsetup <action> ) input is processed as input from terminal, reading will
stop after new line is detected.
If I understand this correctly, since the randomly generated key can contain a newline early on, piping the key into cryptsetup without specifying --key-file=- could result in a big part of the key to be ignored by cryptsetup. Example: if the random key was "foo\nandsomemorebaratheendofthekey", piping it directly into cryptsetup without --key-file=- would result in cryptsetup using only "foo" as key which would have big security implications. We should therefor ALWAYS pipe the key into cryptsetup using --key-file=- which ignores newlines.
gpg -q -d root.gpg 2>/dev/null | cryptsetup -v -–key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool luksFormat /dev/sda3
gpg -q -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- -c aes-cbc-essiv:sha256 -s 256 -h whirlpool -v luksFormat /dev/sda2
Check for any errors.
10. Open the luks devices
gpg -d root.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda3 root
gpg -d var.gpg 2>/dev/null | cryptsetup -v –-key-file=- luksOpen /dev/sda2 var
If you see /dev/mapper/root and /dev/mapper/var now, everything is ok.
11. Start the installer /arch/setup
Follow steps 1 to 3.
At step 4 (Prepare hard drive(s), select “3 – Manually Configure block devices, filesystems and mountpoints. Choose /dev/sdb1 (the usb stick) as /boot, /dev/mapper/swap for swap, /dev/mapper/root for / and /dev/mapper/var for /var.
Format all drives (choose “yes” when asked “do you want to have this filesystem (re)created”) EXCEPT for /dev/sdb1, choose “no”. Choose the correct filesystem for /dev/sdb1, ext2 in my case. Use swap for /dev/mapper/swap. For the rest, I chose ext4.
Select DONE to start formatting.
At step 5 (Select packages), select grub as boot loader. Select the base group. Add mkinitcpio.
Start step 6 (Install packages).
Go to step 7 (Configure System).
By sure to set the correct KEYMAP, LOCALE and TIMEZONE in /etc/rc.conf.
Edit /etc/fstab:
/dev/mapper/root / ext4 defaults 0 1
/dev/mapper/swap swap swap defaults 0 0
/dev/mapper/var /var ext4 defaults 0 1
# /dev/sdb1 /boot ext2 defaults 0 1
Configure the rest normally. When you're done, setup will launch mkinitcpio. We'll manually launch this again later.
Go to step 8 (install boot loader).
Be sure to change the kernel line in menu.lst:
kernel /vmlinuz26 root=/dev/mapper/root cryptdevice=/dev/sda3:root cryptkey=/dev/sdb1:ext2:/root.gpg
Don't forget the :root suffix in cryptdevice!
Also, my root line was set to (hd1,0). Had to change that to
root (hd0,0)
Install grub to /dev/sdb (the usb stick).
Now, we can exit the installer.
12. Install mkinitcpio with the etwo hook.
Create /mnt/lib/initcpio/hooks/etwo:
#!/usr/bin/ash
run_hook() {
/sbin/modprobe -a -q dm-crypt >/dev/null 2>&1
if [ -e "/sys/class/misc/device-mapper" ]; then
if [ ! -e "/dev/mapper/control" ]; then
/bin/mknod "/dev/mapper/control" c $(cat /sys/class/misc/device-mapper/dev | sed 's|:| |')
fi
[ "${quiet}" = "y" ] && CSQUIET=">/dev/null"
# Get keyfile if specified
ckeyfile="/crypto_keyfile"
usegpg="n"
if [ "x${cryptkey}" != "x" ]; then
ckdev="$(echo "${cryptkey}" | cut -d: -f1)"
ckarg1="$(echo "${cryptkey}" | cut -d: -f2)"
ckarg2="$(echo "${cryptkey}" | cut -d: -f3)"
if poll_device "${ckdev}" ${rootdelay}; then
case ${ckarg1} in
*[!0-9]*)
# Use a file on the device
# ckarg1 is not numeric: ckarg1=filesystem, ckarg2=path
if [ "${ckarg2#*.}" = "gpg" ]; then
ckeyfile="${ckeyfile}.gpg"
usegpg="y"
fi
mkdir /ckey
mount -r -t ${ckarg1} ${ckdev} /ckey
dd if=/ckey/${ckarg2} of=${ckeyfile} >/dev/null 2>&1
umount /ckey
# Read raw data from the block device
# ckarg1 is numeric: ckarg1=offset, ckarg2=length
dd if=${ckdev} of=${ckeyfile} bs=1 skip=${ckarg1} count=${ckarg2} >/dev/null 2>&1
esac
fi
[ ! -f ${ckeyfile} ] && echo "Keyfile could not be opened. Reverting to passphrase."
fi
if [ -n "${cryptdevice}" ]; then
DEPRECATED_CRYPT=0
cryptdev="$(echo "${cryptdevice}" | cut -d: -f1)"
cryptname="$(echo "${cryptdevice}" | cut -d: -f2)"
else
DEPRECATED_CRYPT=1
cryptdev="${root}"
cryptname="root"
fi
warn_deprecated() {
echo "The syntax 'root=${root}' where '${root}' is an encrypted volume is deprecated"
echo "Use 'cryptdevice=${root}:root root=/dev/mapper/root' instead."
if poll_device "${cryptdev}" ${rootdelay}; then
if /sbin/cryptsetup isLuks ${cryptdev} >/dev/null 2>&1; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
dopassphrase=1
# If keyfile exists, try to use that
if [ -f ${ckeyfile} ]; then
if [ "${usegpg}" = "y" ]; then
# gpg tty fixup
if [ -e /dev/tty ]; then mv /dev/tty /dev/tty.backup; fi
cp -a /dev/console /dev/tty
while [ ! -e /dev/mapper/${cryptname} ];
do
sleep 2
/usr/bin/gpg -d "${ckeyfile}" 2>/dev/null | cryptsetup --key-file=- luksOpen ${cryptdev} ${cryptname} ${CSQUIET}
dopassphrase=0
done
rm /dev/tty
if [ -e /dev/tty.backup ]; then mv /dev/tty.backup /dev/tty; fi
else
if eval /sbin/cryptsetup --key-file ${ckeyfile} luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; then
dopassphrase=0
else
echo "Invalid keyfile. Reverting to passphrase."
fi
fi
fi
# Ask for a passphrase
if [ ${dopassphrase} -gt 0 ]; then
echo ""
echo "A password is required to access the ${cryptname} volume:"
#loop until we get a real password
while ! eval /sbin/cryptsetup luksOpen ${cryptdev} ${cryptname} ${CSQUIET}; do
sleep 2;
done
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
elif [ -n "${crypto}" ]; then
[ ${DEPRECATED_CRYPT} -eq 1 ] && warn_deprecated
msg "Non-LUKS encrypted device found..."
if [ $# -ne 5 ]; then
err "Verify parameter format: crypto=hash:cipher:keysize:offset:skip"
err "Non-LUKS decryption not attempted..."
return 1
fi
exe="/sbin/cryptsetup create ${cryptname} ${cryptdev}"
tmp=$(echo "${crypto}" | cut -d: -f1)
[ -n "${tmp}" ] && exe="${exe} --hash \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f2)
[ -n "${tmp}" ] && exe="${exe} --cipher \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f3)
[ -n "${tmp}" ] && exe="${exe} --key-size \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f4)
[ -n "${tmp}" ] && exe="${exe} --offset \"${tmp}\""
tmp=$(echo "${crypto}" | cut -d: -f5)
[ -n "${tmp}" ] && exe="${exe} --skip \"${tmp}\""
if [ -f ${ckeyfile} ]; then
exe="${exe} --key-file ${ckeyfile}"
else
exe="${exe} --verify-passphrase"
echo ""
echo "A password is required to access the ${cryptname} volume:"
fi
eval "${exe} ${CSQUIET}"
if [ $? -ne 0 ]; then
err "Non-LUKS device decryption failed. verify format: "
err " crypto=hash:cipher:keysize:offset:skip"
exit 1
fi
if [ -e "/dev/mapper/${cryptname}" ]; then
if [ ${DEPRECATED_CRYPT} -eq 1 ]; then
export root="/dev/mapper/root"
fi
else
err "Password succeeded, but ${cryptname} creation failed, aborting..."
exit 1
fi
else
err "Failed to open encryption mapping: The device ${cryptdev} is not a LUKS volume and the crypto= paramater was not specified."
fi
fi
rm -f ${ckeyfile}
fi
Create /mnt/lib/initcpio/install/etwo:
#!/bin/bash
build() {
local mod
add_module dm-crypt
if [[ $CRYPTO_MODULES ]]; then
for mod in $CRYPTO_MODULES; do
add_module "$mod"
done
else
add_all_modules '/crypto/'
fi
add_dir "/dev/mapper"
add_binary "cryptsetup"
add_binary "dmsetup"
add_binary "/usr/bin/gpg"
add_file "/usr/lib/udev/rules.d/10-dm.rules"
add_file "/usr/lib/udev/rules.d/13-dm-disk.rules"
add_file "/usr/lib/udev/rules.d/95-dm-notify.rules"
add_file "/usr/lib/initcpio/udev/11-dm-initramfs.rules" "/usr/lib/udev/rules.d/11-dm-initramfs.rules"
add_runscript
help ()
cat<<HELPEOF
This hook allows for an encrypted root device with support for gpg encrypted key files.
To use gpg, the key file must have the extension .gpg and you have to install gpg and add /usr/bin/gpg
to your BINARIES var in /etc/mkinitcpio.conf.
HELPEOF
Edit /mnt/etc/mkinitcpio.conf (only relevant sections displayed):
MODULES=”ext2 ext4” # not sure if this is really nessecary.
BINARIES=”/usr/bin/gpg” # this could probably be done in install/etwo...
HOOKS=”base udev usbinput keymap autodetect pata scsi sata usb etwo filesystems” # (usbinput is only needed if you have an usb keyboard)
Copy the initcpio stuff over to the live cd:
cp /mnt/lib/initcpio/hooks/etwo /lib/initcpio/hooks/
cp /mnt/lib/initcpio/install/etwo /lib/initcpio/install/
cp /mnt/etc/mkinitcpio.conf /etc/
Verify your LOCALE, KEYMAP and TIMEZONE in /etc/rc.conf!
Now reinstall the initcpio:
mkinitcpio -g /mnt/boot/kernel26.img
Make sure there were no errors and that all hooks were included.
13. Decrypt the "var" key to the encrypted root
mkdir /mnt/keys
chmod 500 /mnt/keys
gpg –output /mnt/keys/var -d /mnt/boot/var.gpg
chmod 400 /mnt/keys/var
14. Setup crypttab
Edit /mnt/etc/crypttab:
swap /dev/sda1 SWAP -c aes-cbc-essiv:sha256 -s 256 -h whirlpool
var /dev/sda2 /keys/var
15. Reboot
We're done, you may reboot. Make sure you select the usb stick as the boot device in your bios and hope for the best. . If it didn't work, play with grub's settings or boot from the live cd, mount your encrypted devices and check all settings. You might also have less trouble by using uuid's instead of device names. I chose device names to keep things as simple as possible, even though it's not the optimal way to do it.
Make backups of your data and your usb stick and do not forget your password(s)! Or you can say goodbye to your data forever...
Last edited by fabriceb (2013-01-15 22:36:23)I'm trying to run my install script that is based on https://bbs.archlinux.org/viewtopic.php?id=129885
Decrypting the gpg key after grub works, but then "Devce root already exists." appears every second.
any idea ?
#!/bin/bash
# This script is designed to be run in conjunction with a UEFI boot using Archboot intall media.
# prereqs:
# EFI "BIOS" set to boot *only* from EFI
# successful EFI boot of Archboot USB
# mount /dev/sdb1 /src
set -o nounset
#set -o errexit
# Host specific configuration
# this whole script needs to be customized, particularly disk partitions
# and configuration, but this section contains global variables that
# are used during the system configuration phase for convenience
HOSTNAME=daniel
USERNAME=user
# Globals
# We don't need to set these here but they are used repeatedly throughout
# so it makes sense to reuse them and allow an easy, one-time change if we
# need to alter values such as the install target mount point.
INSTALL_TARGET="/install"
HR="--------------------------------------------------------------------------------"
PACMAN="pacman --noconfirm --config /tmp/pacman.conf"
TARGET_PACMAN="pacman --noconfirm --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
CHROOT_PACMAN="pacman --noconfirm --cachedir /var/cache/pacman/pkg --config /tmp/pacman.conf -r ${INSTALL_TARGET}"
FILE_URL="file:///packages/core-$(uname -m)/pkg"
FTP_URL='ftp://mirrors.kernel.org/archlinux/$repo/os/$arch'
HTTP_URL='http://mirrors.kernel.org/archlinux/$repo/os/$arch'
# Functions
# I've avoided using functions in this script as they aren't required and
# I think it's more of a learning tool if you see the step-by-step
# procedures even with minor duplciations along the way, but I feel that
# these functions clarify the particular steps of setting values in config
# files.
SetValue () {
# EXAMPLE: SetValue VARIABLENAME '\"Quoted Value\"' /file/path
VALUENAME="$1" NEWVALUE="$2" FILEPATH="$3"
sed -i "s+^#\?\(${VALUENAME}\)=.*$+\1=${NEWVALUE}+" "${FILEPATH}"
CommentOutValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^\(${VALUENAME}.*\)$/#\1/" "${FILEPATH}"
UncommentValue () {
VALUENAME="$1" FILEPATH="$2"
sed -i "s/^#\(${VALUENAME}.*\)$/\1/" "${FILEPATH}"
# Initialize
# Warn the user about impending doom, set up the network on eth0, mount
# the squashfs images (Archboot does this normally, we're just filling in
# the gaps resulting from the fact that we're doing a simple scripted
# install). We also create a temporary pacman.conf that looks for packages
# locally first before sourcing them from the network. It would be better
# to do either *all* local or *all* network but we can't for two reasons.
# 1. The Archboot installation image might have an out of date kernel
# (currently the case) which results in problems when chrooting
# into the install mount point to modprobe efivars. So we use the
# package snapshot on the Archboot media to ensure our kernel is
# the same as the one we booted with.
# 2. Ideally we'd source all local then, but some critical items,
# notably grub2-efi variants, aren't yet on the Archboot media.
# Warn
timer=9
echo -e "\n\nMAC WARNING: This script is not designed for APPLE MAC installs and will potentially misconfigure boot to your existing OS X installation. STOP NOW IF YOU ARE ON A MAC.\n\n"
echo -n "GENERAL WARNING: This procedure will completely format /dev/sda. Please cancel with ctrl-c to cancel within $timer seconds..."
while [[ $timer -gt 0 ]]
do
sleep 1
let timer-=1
echo -en "$timer seconds..."
done
echo "STARTING"
# Get Network
echo -n "Waiting for network address.."
#dhclient eth0
dhcpcd -p eth0
echo -n "Network address acquired."
# Mount packages squashfs images
umount "/packages/core-$(uname -m)"
umount "/packages/core-any"
rm -rf "/packages/core-$(uname -m)"
rm -rf "/packages/core-any"
mkdir -p "/packages/core-$(uname -m)"
mkdir -p "/packages/core-any"
modprobe -q loop
modprobe -q squashfs
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_$(uname -m).squashfs" "/packages/core-$(uname -m)"
mount -o ro,loop -t squashfs "/src/packages/archboot_packages_any.squashfs" "/packages/core-any"
# Create temporary pacman.conf file
cat << PACMANEOF > /tmp/pacman.conf
[options]
Architecture = auto
CacheDir = ${INSTALL_TARGET}/var/cache/pacman/pkg
CacheDir = /packages/core-$(uname -m)/pkg
CacheDir = /packages/core-any/pkg
[core]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
[extra]
Server = ${FILE_URL}
Server = ${FTP_URL}
Server = ${HTTP_URL}
#Uncomment to enable pacman -Sy yaourt
[archlinuxfr]
Server = http://repo.archlinux.fr/\$arch
PACMANEOF
# Prepare pacman
[[ ! -d "${INSTALL_TARGET}/var/cache/pacman/pkg" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/cache/pacman/pkg"
[[ ! -d "${INSTALL_TARGET}/var/lib/pacman" ]] && mkdir -m 755 -p "${INSTALL_TARGET}/var/lib/pacman"
${PACMAN} -Sy
${TARGET_PACMAN} -Sy
# Install prereqs from network (not on archboot media)
echo -e "\nInstalling prereqs...\n$HR"
#sed -i "s/^#S/S/" /etc/pacman.d/mirrorlist # Uncomment all Server lines
UncommentValue S /etc/pacman.d/mirrorlist # Uncomment all Server lines
${PACMAN} --noconfirm -Sy gptfdisk btrfs-progs-unstable libusb-compat gnupg
# Configure Host
# Here we create three partitions:
# 1. efi and /boot (one partition does double duty)
# 2. swap
# 3. our encrypted root
# Note that all of these are on a GUID partition table scheme. This proves
# to be quite clean and simple since we're not doing anything with MBR
# boot partitions and the like.
echo -e "format\n"
# shred -v /dev/sda
# disk prep
sgdisk -Z /dev/sda # zap all on disk
#sgdisk -Z /dev/mmcb1k0 # zap all on sdcard
sgdisk -a 2048 -o /dev/sda # new gpt disk 2048 alignment
#sgdisk -a 2048 -o /dev/mmcb1k0
# create partitions
sgdisk -n 1:0:+200M /dev/sda # partition 1 (UEFI BOOT), default start block, 200MB
sgdisk -n 2:0:+4G /dev/sda # partition 2 (SWAP), default start block, 200MB
sgdisk -n 3:0:0 /dev/sda # partition 3, (LUKS), default start, remaining space
#sgdisk -n 1:0:1800M /dev/mmcb1k0 # root.gpg
# set partition types
sgdisk -t 1:ef00 /dev/sda
sgdisk -t 2:8200 /dev/sda
sgdisk -t 3:8300 /dev/sda
#sgdisk -t 1:0700 /dev/mmcb1k0
# label partitions
sgdisk -c 1:"UEFI Boot" /dev/sda
sgdisk -c 2:"Swap" /dev/sda
sgdisk -c 3:"LUKS" /dev/sda
#sgdisk -c 1:"Key" /dev/mmcb1k0
echo -e "create gpg file\n"
# create gpg file
dd if=/dev/urandom bs=512 count=4 | gpg -v --cipher-algo aes256 --digest-algo sha512 -c -a > /root/root.gpg
echo -e "format LUKS on root\n"
# format LUKS on root
gpg -q -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- -c aes-xts-plain -s 512 --hash sha512 luksFormat /dev/sda3
echo -e "open LUKS on root\n"
gpg -d /root/root.gpg 2>/dev/null | cryptsetup -v --key-file=- luksOpen /dev/sda3 root
# NOTE: make sure to add dm_crypt and aes_i586 to MODULES in rc.conf
# NOTE2: actually this isn't required since we're mounting an encrypted root and grub2/initramfs handles this before we even get to rc.conf
# make filesystems
# following swap related commands not used now that we're encrypting our swap partition
#mkswap /dev/sda2
#swapon /dev/sda2
#mkfs.ext4 /dev/sda3 # this is where we'd create an unencrypted root partition, but we're using luks instead
echo -e "\nCreating Filesystems...\n$HR"
# make filesystems
mkfs.ext4 /dev/mapper/root
mkfs.vfat -F32 /dev/sda1
#mkfs.vfat -F32 /dev/mmcb1k0p1
echo -e "mount targets\n"
# mount target
#mount /dev/sda3 ${INSTALL_TARGET} # this is where we'd mount the unencrypted root partition
mount /dev/mapper/root ${INSTALL_TARGET}
# mount target
mkdir ${INSTALL_TARGET}
# mkdir ${INSTALL_TARGET}/key
# mount -t vfat /dev/mmcb1k0p1 ${INSTALL_TARGET}/key
mkdir ${INSTALL_TARGET}/boot
mount -t vfat /dev/sda1 ${INSTALL_TARGET}/boot
# Install base, necessary utilities
mkdir -p ${INSTALL_TARGET}/var/lib/pacman
${TARGET_PACMAN} -Sy
${TARGET_PACMAN} -Su base
# curl could be installed later but we want it ready for rankmirrors
${TARGET_PACMAN} -S curl
${TARGET_PACMAN} -S libusb-compat gnupg
${TARGET_PACMAN} -R grub
rm -rf ${INSTALL_TARGET}/boot/grub
${TARGET_PACMAN} -S grub2-efi-x86_64
# Configure new system
SetValue HOSTNAME ${HOSTNAME} ${INSTALL_TARGET}/etc/rc.conf
sed -i "s/^\(127\.0\.0\.1.*\)$/\1 ${HOSTNAME}/" ${INSTALL_TARGET}/etc/hosts
SetValue CONSOLEFONT Lat2-Terminus16 ${INSTALL_TARGET}/etc/rc.conf
#following replaced due to netcfg
#SetValue interface eth0 ${INSTALL_TARGET}/etc/rc.conf
# write fstab
# You can use UUID's or whatever you want here, of course. This is just
# the simplest approach and as long as your drives aren't changing values
# randomly it should work fine.
cat > ${INSTALL_TARGET}/etc/fstab <<FSTAB_EOF
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
/dev/sda1 /boot vfat defaults 0 0
/dev/mapper/cryptswap none swap defaults 0 0
/dev/mapper/root / ext4 defaults,noatime 0 1
FSTAB_EOF
# write etwo
mkdir -p /lib/initcpio/hooks/
mkdir -p /lib/initcpio/install/
cp /src/etwo_hooks /lib/initcpio/hooks/etwo
cp /src/etwo_install /lib/initcpio/install/etwo
mkdir -p ${INSTALL_TARGET}/lib/initcpio/hooks/
mkdir -p ${INSTALL_TARGET}/lib/initcpio/install/
cp /src/etwo_hooks ${INSTALL_TARGET}/lib/initcpio/hooks/etwo
cp /src/etwo_install ${INSTALL_TARGET}/lib/initcpio/install/etwo
# write crypttab
# encrypted swap (random passphrase on boot)
echo cryptswap /dev/sda2 SWAP "-c aes-xts-plain -h whirlpool -s 512" >> ${INSTALL_TARGET}/etc/crypttab
# copy configs we want to carry over to target from install environment
mv ${INSTALL_TARGET}/etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf.orig
cp /etc/resolv.conf ${INSTALL_TARGET}/etc/resolv.conf
mkdir -p ${INSTALL_TARGET}/tmp
cp /tmp/pacman.conf ${INSTALL_TARGET}/tmp/pacman.conf
# mount proc, sys, dev in install root
mount -t proc proc ${INSTALL_TARGET}/proc
mount -t sysfs sys ${INSTALL_TARGET}/sys
mount -o bind /dev ${INSTALL_TARGET}/dev
echo -e "umount boot\n"
# we have to remount /boot from inside the chroot
umount ${INSTALL_TARGET}/boot
# Create install_efi script (to be run *after* chroot /install)
touch ${INSTALL_TARGET}/install_efi
chmod a+x ${INSTALL_TARGET}/install_efi
cat > ${INSTALL_TARGET}/install_efi <<EFI_EOF
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
echo -e "mount boot\n"
# remount here or grub et al gets confused
mount -t vfat /dev/sda1 /boot
# mkinitcpio
# NOTE: intel_agp drm and i915 for intel graphics
SetValue MODULES '\\"dm_mod dm_crypt aes_x86_64 ext2 ext4 vfat intel_agp drm i915\\"' /etc/mkinitcpio.conf
SetValue HOOKS '\\"base udev pata scsi sata usb usbinput keymap consolefont etwo encrypt filesystems\\"' /etc/mkinitcpio.conf
SetValue BINARIES '\\"/usr/bin/gpg\\"' /etc/mkinitcpio.conf
mkinitcpio -p linux
# kernel modules for EFI install
modprobe efivars
modprobe dm-mod
# locale-gen
UncommentValue de_AT /etc/locale.gen
locale-gen
# install and configure grub2
# did this above
#${CHROOT_PACMAN} -Sy
#${CHROOT_PACMAN} -R grub
#rm -rf /boot/grub
#${CHROOT_PACMAN} -S grub2-efi-x86_64
# you can be surprisingly sloppy with the root value you give grub2 as a kernel option and
# even omit the cryptdevice altogether, though it will wag a finger at you for using
# a deprecated syntax, so we're using the correct form here
# NOTE: take out i915.modeset=1 unless you are on intel graphics
SetValue GRUB_CMDLINE_LINUX '\\"cryptdevice=/dev/sda3:root cryptkey=/dev/sda1:vfat:/root.gpg add_efi_memmap i915.i915_enable_rc6=1 i915.i915_enable_fbc=1 i915.lvds_downclock=1 pcie_aspm=force quiet\\"' /etc/default/grub
# set output to graphical
SetValue GRUB_TERMINAL_OUTPUT gfxterm /etc/default/grub
SetValue GRUB_GFXMODE 960x600x32,auto /etc/default/grub
SetValue GRUB_GFXPAYLOAD_LINUX keep /etc/default/grub # comment out this value if text only mode
# install the actual grub2. Note that despite our --boot-directory option we will still need to move
# the grub directory to /boot/grub during grub-mkconfig operations until grub2 gets patched (see below)
grub_efi_x86_64-install --bootloader-id=grub --no-floppy --recheck
# create our EFI boot entry
# bug in the HP bios firmware (F.08)
efibootmgr --create --gpt --disk /dev/sda --part 1 --write-signature --label "ARCH LINUX" --loader "\\\\grub\\\\grub.efi"
# copy font for grub2
cp /usr/share/grub/unicode.pf2 /boot/grub
# generate config file
grub-mkconfig -o /boot/grub/grub.cfg
exit
EFI_EOF
# Install EFI using script inside chroot
chroot ${INSTALL_TARGET} /install_efi
rm ${INSTALL_TARGET}/install_efi
# Post install steps
# anything you want to do post install. run the script automatically or
# manually
touch ${INSTALL_TARGET}/post_install
chmod a+x ${INSTALL_TARGET}/post_install
cat > ${INSTALL_TARGET}/post_install <<POST_EOF
set -o errexit
set -o nounset
# functions (these could be a library, but why overcomplicate things
SetValue () { VALUENAME="\$1" NEWVALUE="\$2" FILEPATH="\$3"; sed -i "s+^#\?\(\${VALUENAME}\)=.*\$+\1=\${NEWVALUE}+" "\${FILEPATH}"; }
CommentOutValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^\(\${VALUENAME}.*\)\$/#\1/" "\${FILEPATH}"; }
UncommentValue () { VALUENAME="\$1" FILEPATH="\$2"; sed -i "s/^#\(\${VALUENAME}.*\)\$/\1/" "\${FILEPATH}"; }
# root password
echo -e "${HR}\\nNew root user password\\n${HR}"
passwd
# add user
echo -e "${HR}\\nNew non-root user password (username:${USERNAME})\\n${HR}"
groupadd sudo
useradd -m -g users -G audio,lp,optical,storage,video,games,power,scanner,network,sudo,wheel -s /bin/bash ${USERNAME}
passwd ${USERNAME}
# mirror ranking
echo -e "${HR}\\nRanking Mirrors (this will take a while)\\n${HR}"
cp /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.orig
mv /etc/pacman.d/mirrorlist /etc/pacman.d/mirrorlist.all
sed -i "s/#S/S/" /etc/pacman.d/mirrorlist.all
rankmirrors -n 5 /etc/pacman.d/mirrorlist.all > /etc/pacman.d/mirrorlist
# temporary fix for locale.sh update conflict
mv /etc/profile.d/locale.sh /etc/profile.d/locale.sh.preupdate || true
# yaourt repo (add to target pacman, not tmp pacman.conf, for ongoing use)
echo -e "\\n[archlinuxfr]\\nServer = http://repo.archlinux.fr/\\\$arch" >> /etc/pacman.conf
echo -e "\\n[haskell]\\nServer = http://www.kiwilight.com/\\\$repo/\\\$arch" >> /etc/pacman.conf
# additional groups and utilities
pacman --noconfirm -Syu
pacman --noconfirm -S base-devel
pacman --noconfirm -S yaourt
# sudo
pacman --noconfirm -S sudo
cp /etc/sudoers /tmp/sudoers.edit
sed -i "s/#\s*\(%wheel\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
sed -i "s/#\s*\(%sudo\s*ALL=(ALL)\s*ALL.*$\)/\1/" /tmp/sudoers.edit
visudo -qcsf /tmp/sudoers.edit && cat /tmp/sudoers.edit > /etc/sudoers
# power
pacman --noconfirm -S acpi acpid acpitool cpufrequtils
yaourt --noconfirm -S powertop2
sed -i "/^DAEMONS/ s/)/ @acpid)/" /etc/rc.conf
sed -i "/^MODULES/ s/)/ acpi-cpufreq cpufreq_ondemand cpufreq_powersave coretemp)/" /etc/rc.conf
# following requires my acpi handler script
echo "/etc/acpi/handler.sh boot" > /etc/rc.local
# time
pacman --noconfirm -S ntp
sed -i "/^DAEMONS/ s/hwclock /!hwclock @ntpd /" /etc/rc.conf
# wireless (wpa supplicant should already be installed)
pacman --noconfirm -S iw wpa_supplicant rfkill
pacman --noconfirm -S netcfg wpa_actiond ifplugd
mv /etc/wpa_supplicant.conf /etc/wpa_supplicant.conf.orig
echo -e "ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=network\nupdate_config=1" > /etc/wpa_supplicant.conf
# make sure to copy /etc/network.d/examples/wireless-wpa-config to /etc/network.d/home and edit
sed -i "/^DAEMONS/ s/)/ @net-auto-wireless @net-auto-wired)/" /etc/rc.conf
sed -i "/^DAEMONS/ s/ network / /" /etc/rc.conf
echo -e "\nWIRELESS_INTERFACE=wlan0" >> /etc/rc.conf
echo -e "WIRED_INTERFACE=eth0" >> /etc/rc.conf
echo "options iwlagn led_mode=2" > /etc/modprobe.d/iwlagn.conf
# sound
pacman --noconfirm -S alsa-utils alsa-plugins
sed -i "/^DAEMONS/ s/)/ @alsa)/" /etc/rc.conf
mv /etc/asound.conf /etc/asound.conf.orig || true
#if alsamixer isn't working, try alsamixer -Dhw and speaker-test -Dhw -c 2
# video
pacman --noconfirm -S base-devel mesa mesa-demos
# x
#pacman --noconfirm -S xorg xorg-xinit xorg-utils xorg-server-utils xdotool xorg-xlsfonts
#yaourt --noconfirm -S xf86-input-wacom-git # NOT NEEDED? input-wacom-git
#TODO: cut down the install size
#pacman --noconfirm -S xorg-server xorg-xinit xorg-utils xorg-server-utils
# TODO: wacom
# environment/wm/etc.
#pacman --noconfirm -S xfce4 compiz ccsm
#pacman --noconfirm -S xcompmgr
#yaourt --noconfirm -S physlock unclutter
#pacman --noconfirm -S rxvt-unicode urxvt-url-select hsetroot
#pacman --noconfirm -S gtk2 #gtk3 # for taffybar?
#pacman --noconfirm -S ghc
# note: try installing alex and happy from cabal instead
#pacman --noconfirm -S haskell-platform haskell-hscolour
#yaourt --noconfirm -S xmonad-darcs xmonad-contrib-darcs xcompmgr
#yaourt --noconfirm -S xmobar-git
# TODO: edit xfce to use compiz
# TODO: xmonad, but deal with video tearing
# TODO: xmonad-darcs fails to install from AUR. haskell dependency hell.
# switching to cabal
# fonts
pacman --noconfirm -S terminus-font
yaourt --noconfirm -S webcore-fonts
yaourt --noconfirm -S fontforge libspiro
yaourt --noconfirm -S freetype2-git-infinality
# TODO: sed infinality and change to OSX or OSX2 mode
# and create the sym link from /etc/fonts/conf.avail to conf.d
# misc apps
#pacman --noconfirm -S htop openssh keychain bash-completion git vim
#pacman --noconfirm -S chromium flashplugin
#pacman --noconfirm -S scrot mypaint bc
#yaourt --noconfirm -S task-git stellarium googlecl
# TODO: argyll
POST_EOF
# Post install in chroot
#echo "chroot and run /post_install"
chroot /install /post_install
rm /install/post_install
# copy grub.efi file to the default HP EFI boot manager path
mkdir -p ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/
mkdir -p ${INSTALL_TARGET}/boot/EFI/BOOT/
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/Microsoft/BOOT/bootmgfw.efi
cp ${INSTALL_TARGET}/boot/grub/grub.efi ${INSTALL_TARGET}/boot/EFI/BOOT/BOOTX64.EFI
cp /root/root.gpg ${INSTALL_TARGET}/boot/
# NOTES/TODO -
WRT54G v6 -- PCs' not able to enter encryption key?
Just bought a WRT54G, replacing an older Linksys wireless router (BEF.... something)...
I set up the new router with an encryption key (128-bit key using WEP).
My work PC, which for security reasons has the encryption key already built in, finds the network and works fine.
My home PCs (new HP notebook running XP pro) which do not already have that key set up, detect the network, says it's secured, but when I click on connect, it never prompts me for a network key to enter, just gives an error message saying it can't connect. Nowhere can I find anywhere to manually bring up properties, etc.
Same problem on a 2-year old Toshiba laptop with XP pro, and an Apple iBook with Mac OS X.
I've connected many times to other wireless networks with encryption keys, this is the first time I've experienced this.
Any help would be appreciated -- is there some router setting I'm missing that will enable this to work?
Thank you.sharkbyte, even if you do not delete the entry of your preferred wireless network, it should prompt with a network key...
what you can do is to do this
click START
go to RUN
type in services.msc
under the service local window, look for wireless zero configuration, right click on it then click on restart.
then try to connect wirelessly again.. It should prompt you with a network key already
"a helping hand in a community makes the world a universe"
Maybe you are looking for
-
Convert music from USB-drive to iTunes on a new iMac
Hi, I just got a new iMac, and I used Windows before. I have a lot of Music on a USB-drive and I want to know how to convert it to iTunes. Should I just drag and drop it to iTunes? or should I create a folder on the mac, move the files to the folder
-
Illogical Dropped Frames driving me MAD!!
Hi everyone I would REALLY appreciate help with this as I'm ready to pull every single hair of my head out! I get dropped frames when I try and play my sequence. So far my sequence is 1 minute long... Haven't been able to get much editing done cause
-
i just bought this brand new imac but i am unable to use or download almost anything because it asks for a password. When we bought this computer there was already this password. We did not install it. Also just today we went to a shop to ask for the
-
How Can I Put FCE HD On My G3 iMac 600?
Last week I read some instructions for installing FCP 4.5 HD (and by inference) FCE on G3 iMacs - and other "unsuitable" computers. Basically on inserting the CD/DVD you have to navigate to the "Packages" and delete the "Installation Check" File. I g
-
Hi, We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured. This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but w